Lines Matching refs:kay
248 ieee802_1x_kay_get_participant(struct ieee802_1x_kay *kay, const u8 *ckn)
252 dl_list_for_each(participant, &kay->participant_list,
259 wpa_printf(MSG_DEBUG, "KaY: participant is not found");
269 ieee802_1x_kay_get_principal_participant(struct ieee802_1x_kay *kay)
273 dl_list_for_each(participant, &kay->participant_list,
279 wpa_printf(MSG_DEBUG, "KaY: principal participant is not found");
457 "KaY: Create receive SA(AN: %hhu lowest_pn: %u of SC",
474 "KaY: Delete receive SA(an: %hhu) of SC",
504 wpa_printf(MSG_DEBUG, "KaY: Create receive SC");
511 static void ieee802_1x_delete_receive_sa(struct ieee802_1x_kay *kay,
514 secy_disable_receive_sa(kay, sa);
515 secy_delete_receive_sa(kay, sa);
529 wpa_printf(MSG_DEBUG, "KaY: Delete receive SC");
532 ieee802_1x_delete_receive_sa(participant->kay, psa);
555 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
593 secy_create_receive_sc(participant->kay, rxsc);
595 wpa_printf(MSG_DEBUG, "KaY: Live peer created");
617 wpa_printf(MSG_DEBUG, "KaY: potential peer created");
645 wpa_printf(MSG_DEBUG, "KaY: move potential peer to live peer");
652 secy_create_receive_sc(participant->kay, rxsc);
693 struct ieee802_1x_kay *kay = participant->kay;
698 body->version = kay->mka_version;
699 body->priority = kay->actor_priority;
705 body->macsec_desired = kay->macsec_desired;
706 body->macsec_capability = kay->macsec_capable;
709 os_memcpy(body->actor_sci.addr, kay->actor_sci.addr,
710 sizeof(kay->actor_sci.addr));
711 body->actor_sci.port = kay->actor_sci.port;
716 os_memcpy(body->algo_agility, kay->algo_agility,
742 ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
753 "KaY: peer's version(%d) greater than mka current version(%d)",
756 if (kay->is_obliged_key_server && body->key_server) {
761 participant = ieee802_1x_kay_get_participant(kay, body->ckn);
790 "KaY: duplicated SCI detected, Maybe active attacker");
813 wpa_printf(MSG_WARNING, "KaY: The peer MN have received");
973 "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
981 "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
1023 "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
1041 wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
1078 "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
1096 wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
1125 if (participant->kay->macsec_desired && participant->advised_desired)
1147 secy_get_receive_lowest_pn(principal->kay,
1173 struct ieee802_1x_kay *kay = participant->kay;
1194 body->delay_protect = kay->macsec_replay_protect;
1196 if (pn > kay->pn_exhaustion) {
1197 wpa_printf(MSG_WARNING, "KaY: My LPN exhaustion");
1207 body->ptx = !kay->macsec_protect;
1208 body->prx = kay->macsec_validate != Strict;
1233 kay->tx_enable = TRUE;
1234 kay->port_enable = TRUE;
1237 kay->rx_enable = TRUE;
1262 struct ieee802_1x_kay *kay = participant->kay;
1265 wpa_printf(MSG_WARNING, "KaY: Participant is not principal");
1271 wpa_printf(MSG_WARNING, "KaY: the peer is not my live peer");
1282 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 0, 40, or more octets",
1289 wpa_printf(MSG_WARNING, "KaY: Peer does not support MACsec");
1297 wpa_printf(MSG_WARNING, "KaY: peer's plain rx are TRUE");
1300 wpa_printf(MSG_WARNING, "KaY: peer's plain tx are TRUE");
1315 KaY: Latest key is invalid");
1325 ieee802_1x_cp_set_servertransmitting(kay->cp, TRUE);
1326 ieee802_1x_cp_sm_step(kay->cp);
1336 wpa_printf(MSG_WARNING, "KaY: Old key is invalid");
1345 "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
1360 ieee802_1x_cp_set_allreceiving(kay->cp, TRUE);
1361 ieee802_1x_cp_sm_step(kay->cp);
1366 if (lpn > kay->pn_exhaustion) {
1369 wpa_printf(MSG_WARNING, "KaY: Peer LPN exhaustion");
1382 wpa_printf(MSG_WARNING, "KaY: Can't find txsa");
1389 secy_get_transmit_next_pn(kay, txsa);
1391 secy_set_transmit_next_pn(kay, txsa);
1392 wpa_printf(MSG_INFO, "KaY: update lpn =0x%x", lpn);
1418 unsigned int cs_index = participant->kay->macsec_csindex;
1460 cs_index = participant->kay->macsec_csindex;
1474 wpa_printf(MSG_ERROR, "KaY: AES wrap failed");
1514 struct ieee802_1x_kay *kay = participant->kay;
1520 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 0, 28, 36, or more octets",
1527 "KaY: I can't accept the distributed SAK as I am not principal");
1532 "KaY: I can't accept the distributed SAK as myself is key server ");
1535 if (!kay->macsec_desired ||
1536 kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
1538 "KaY: I am not MACsec-desired or without MACsec capable");
1546 "KaY: The key server is not in my live peers list");
1549 if (!sci_equal(&kay->key_server_sci, &peer->sci)) {
1550 wpa_printf(MSG_ERROR, "KaY: The key server is not elected");
1555 kay->authenticated = TRUE;
1556 kay->secured = FALSE;
1557 kay->failed = FALSE;
1559 ieee802_1x_cp_connect_authenticated(kay->cp);
1560 ieee802_1x_cp_sm_step(kay->cp);
1561 wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
1567 kay->authenticated = FALSE;
1568 kay->secured = TRUE;
1569 kay->failed = FALSE;
1570 ieee802_1x_cp_connect_secure(kay->cp);
1571 ieee802_1x_cp_sm_step(kay->cp);
1580 wpa_printf(MSG_WARNING, "KaY:The Key has installed");
1588 kay->macsec_csindex = DEFAULT_CS_INDEX;
1589 cs = &cipher_suite_tbl[kay->macsec_csindex];
1594 "KaY: I can't support the Cipher Suite advised by key server");
1599 kay->macsec_csindex = cs->index;
1604 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1609 wpa_printf(MSG_ERROR, "KaY: AES unwrap failed");
1635 ieee802_1x_cp_set_ciphersuite(kay->cp, cs->id);
1636 ieee802_1x_cp_sm_step(kay->cp);
1637 ieee802_1x_cp_set_offset(kay->cp, body->confid_offset);
1638 ieee802_1x_cp_sm_step(kay->cp);
1639 ieee802_1x_cp_set_distributedki(kay->cp, &sa_key->key_identifier);
1640 ieee802_1x_cp_set_distributedan(kay->cp, body->dan);
1641 ieee802_1x_cp_signal_newsak(kay->cp);
1642 ieee802_1x_cp_sm_step(kay->cp);
1644 kay->rcvd_keys++;
1670 length += mka_alg_tbl[participant->kay->mka_algindex].icv_len;
1694 if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
1696 wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed");
1739 < mka_alg_tbl[participant->kay->mka_algindex].icv_len) {
1765 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 28 or more octets",
1789 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 5 or more octets",
1929 struct ieee802_1x_kay *kay = participant->kay;
1943 "KaY: Live peers list must not empty when generating fresh SAK");
1955 if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
1957 "KaY: Life time have not elapsed since prior SAK distributed");
1961 cs = &cipher_suite_tbl[kay->macsec_csindex];
1965 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1969 ctx_len = key_len + sizeof(kay->dist_kn);
1992 os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
2001 wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
2004 wpa_hexdump(MSG_DEBUG, "KaY: generated new SAK", key, key_len);
2010 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
2017 sa_key->key_identifier.kn = kay->dist_kn;
2019 sa_key->confidentiality_offset = kay->macsec_confidentiality;
2020 sa_key->an = kay->dist_an;
2028 ieee802_1x_cp_set_ciphersuite(kay->cp, cs->id);
2029 ieee802_1x_cp_sm_step(kay->cp);
2030 ieee802_1x_cp_set_offset(kay->cp, kay->macsec_confidentiality);
2031 ieee802_1x_cp_sm_step(kay->cp);
2032 ieee802_1x_cp_set_distributedki(kay->cp, &sa_key->key_identifier);
2033 ieee802_1x_cp_set_distributedan(kay->cp, sa_key->an);
2034 ieee802_1x_cp_signal_newsak(kay->cp);
2035 ieee802_1x_cp_sm_step(kay->cp);
2041 kay->dist_kn++;
2042 kay->dist_an++;
2043 if (kay->dist_an > 3)
2044 kay->dist_an = 0;
2046 kay->dist_time = time(NULL);
2078 struct ieee802_1x_kay *kay = participant->kay;
2084 ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2108 tmp.key_server_priority = kay->actor_priority;
2109 os_memcpy(&tmp.sci, &kay->actor_sci, sizeof(tmp.sci));
2117 ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2118 if (!sci_equal(&kay->key_server_sci, &kay->actor_sci)) {
2119 ieee802_1x_cp_signal_chgdserver(kay->cp);
2120 ieee802_1x_cp_sm_step(kay->cp);
2126 wpa_printf(MSG_DEBUG, "KaY: I is elected as key server");
2130 os_memcpy(&kay->key_server_sci, &kay->actor_sci,
2131 sizeof(kay->key_server_sci));
2132 kay->key_server_priority = kay->actor_priority;
2134 ieee802_1x_cp_set_electedself(kay->cp, FALSE);
2135 if (!sci_equal(&kay->key_server_sci, &key_server->sci)) {
2136 ieee802_1x_cp_signal_chgdserver(kay->cp);
2137 ieee802_1x_cp_sm_step(kay->cp);
2144 os_memcpy(&kay->key_server_sci, &key_server->sci,
2145 sizeof(kay->key_server_sci));
2146 kay->key_server_priority = key_server->key_server_priority;
2167 struct ieee802_1x_kay *kay = participant->kay;
2176 if (!kay->macsec_desired) {
2180 if (kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
2184 less_capability = kay->macsec_capable;
2204 kay->authenticated = FALSE;
2205 kay->secured = TRUE;
2206 kay->failed = FALSE;
2207 ieee802_1x_cp_connect_secure(kay->cp);
2208 ieee802_1x_cp_sm_step(kay->cp);
2213 kay->authenticated = TRUE;
2214 kay->secured = FALSE;
2215 kay->failed = FALSE;
2216 kay->ltx_kn = 0;
2217 kay->ltx_an = 0;
2218 kay->lrx_kn = 0;
2219 kay->lrx_an = 0;
2220 kay->otx_kn = 0;
2221 kay->otx_an = 0;
2222 kay->orx_kn = 0;
2223 kay->orx_an = 0;
2224 ieee802_1x_cp_connect_authenticated(kay->cp);
2225 ieee802_1x_cp_sm_step(kay->cp);
2249 os_memcpy(ether_hdr->src, participant->kay->actor_sci.addr,
2277 struct ieee802_1x_kay *kay = participant->kay;
2281 wpa_printf(MSG_DEBUG, "KaY: to enpacket and send the MKPDU");
2291 wpa_printf(MSG_ERROR, "KaY: out of memory");
2296 wpa_printf(MSG_ERROR, "KaY: encode mkpdu fail!");
2300 l2_packet_send(kay->l2_mka, NULL, 0, wpabuf_head(buf), wpabuf_len(buf));
2303 kay->active = TRUE;
2312 static void ieee802_1x_delete_transmit_sa(struct ieee802_1x_kay *kay,
2315 secy_disable_transmit_sa(kay, sa);
2316 secy_delete_transmit_sa(kay, sa);
2327 struct ieee802_1x_kay *kay;
2335 kay = participant->kay;
2356 wpa_printf(MSG_DEBUG, "KaY: Live peer removed");
2366 secy_delete_receive_sc(kay, rxsc);
2387 kay->authenticated = TRUE;
2388 kay->secured = FALSE;
2389 kay->failed = FALSE;
2390 kay->ltx_kn = 0;
2391 kay->ltx_an = 0;
2392 kay->lrx_kn = 0;
2393 kay->lrx_an = 0;
2394 kay->otx_kn = 0;
2395 kay->otx_an = 0;
2396 kay->orx_kn = 0;
2397 kay->orx_an = 0;
2401 ieee802_1x_delete_transmit_sa(kay, txsa);
2404 ieee802_1x_cp_connect_authenticated(kay->cp);
2405 ieee802_1x_cp_sm_step(kay->cp);
2415 wpa_printf(MSG_DEBUG, "KaY: Potential peer removed");
2444 kay->authenticated = FALSE;
2445 kay->secured = FALSE;
2446 kay->failed = TRUE;
2447 ieee802_1x_kay_delete_mka(kay, &participant->ckn);
2486 "KaY: Create transmit SA(an: %hhu, next_PN: %u) of SC",
2501 "KaY: Delete transmit SA(an: %hhu) of SC",
2529 wpa_printf(MSG_DEBUG, "KaY: Create transmit SC");
2545 wpa_printf(MSG_DEBUG, "KaY: Delete transmit SC");
2547 ieee802_1x_delete_transmit_sa(participant->kay, psa);
2553 /****************** Interface between CP and KAY *********************/
2557 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
2563 principal = ieee802_1x_kay_get_principal_participant(kay);
2576 kay->ltx_kn = 0;
2577 kay->lrx_kn = 0;
2579 kay->ltx_kn = lki->kn;
2580 kay->lrx_kn = lki->kn;
2582 kay->ltx_an = lan;
2583 kay->lrx_an = lan;
2592 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
2598 kay);
2612 kay->otx_kn = 0;
2613 kay->orx_kn = 0;
2615 kay->otx_kn = oki->kn;
2616 kay->orx_kn = oki->kn;
2618 kay->otx_an = oan;
2619 kay->orx_an = oan;
2654 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
2663 principal = ieee802_1x_kay_get_principal_participant(kay);
2686 ieee802_1x_delete_receive_sa(kay, rxsa);
2693 secy_create_receive_sa(kay, rxsa);
2698 ieee802_1x_delete_transmit_sa(kay, txsa);
2705 secy_create_transmit_sa(kay, txsa);
2716 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
2725 wpa_printf(MSG_DEBUG, "KaY: Entry into %s", __func__);
2726 principal = ieee802_1x_kay_get_principal_participant(kay);
2734 ieee802_1x_delete_transmit_sa(kay, txsa);
2742 ieee802_1x_delete_receive_sa(kay, rxsa);
2765 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
2771 principal = ieee802_1x_kay_get_principal_participant(kay);
2779 secy_enable_transmit_sa(kay, txsa);
2781 principal->kay->cp, TRUE);
2782 ieee802_1x_cp_sm_step(principal->kay->cp);
2793 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
2800 principal = ieee802_1x_kay_get_principal_participant(kay);
2809 secy_enable_receive_sa(kay, rxsa);
2811 principal->kay->cp, TRUE);
2812 ieee802_1x_cp_sm_step(principal->kay->cp);
2824 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay)
2828 principal = ieee802_1x_kay_get_principal_participant(kay);
2845 static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
2865 "KaY: ethernet destination address is not PAE group address");
2872 wpa_printf(MSG_MSGDUMP, "KaY: MKPDU is less than 32 octets");
2878 "KaY: MKPDU is not multiple of 4 octets");
2888 "KaY: Received EAPOL-MKA Packet Body Length (%zu bytes) is less than the Basic Parameter Set Header Length (%zu bytes) + the Basic Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
2895 participant = ieee802_1x_kay_get_participant(kay, body->ckn);
2905 "KaY: peer's algorithm agility not supported for me");
2915 if (mka_alg_tbl[kay->mka_algindex].icv_hash(
2917 buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
2918 wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed");
2925 wpa_printf(MSG_ERROR, "KaY: No ICV");
2929 mka_alg_tbl[kay->mka_algindex].icv_len) != 0) {
2931 "KaY: Computed ICV is not equal to Received ICV");
2942 static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
2954 if (ieee802_1x_kay_mkpdu_sanity_check(kay, buf, len))
2961 participant = ieee802_1x_mka_decode_basic_body(kay, pos, left_len);
3015 "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
3036 kay->active = TRUE;
3048 struct ieee802_1x_kay *kay = ctx;
3054 wpa_printf(MSG_MSGDUMP, "KaY: EAPOL frame too short (%lu)",
3063 wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
3070 wpa_printf(MSG_MSGDUMP, "KaY: version %d does not support MKA",
3079 if (dl_list_empty(&kay->participant_list)) {
3080 wpa_printf(MSG_ERROR, "KaY: no MKA participant instance");
3084 ieee802_1x_kay_decode_mkpdu(kay, buf, len);
3095 struct ieee802_1x_kay *kay;
3097 kay = os_zalloc(sizeof(*kay));
3098 if (!kay) {
3099 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
3103 kay->ctx = ctx;
3105 kay->enable = TRUE;
3106 kay->active = FALSE;
3108 kay->authenticated = FALSE;
3109 kay->secured = FALSE;
3110 kay->failed = FALSE;
3111 kay->policy = policy;
3113 os_strlcpy(kay->if_name, ifname, IFNAMSIZ);
3114 os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN);
3115 kay->actor_sci.port = host_to_be16(port ? port : 0x0001);
3116 kay->actor_priority = priority;
3119 kay->dist_kn = 1;
3120 kay->dist_an = 0;
3121 kay->dist_time = 0;
3123 kay->pn_exhaustion = PENDING_PN_EXHAUSTION;
3124 kay->macsec_csindex = DEFAULT_CS_INDEX;
3125 kay->mka_algindex = DEFAULT_MKA_ALG_INDEX;
3126 kay->mka_version = MKA_VERSION_ID;
3128 os_memcpy(kay->algo_agility, mka_algo_agility,
3129 sizeof(kay->algo_agility));
3131 dl_list_init(&kay->participant_list);
3134 secy_get_capability(kay, &kay->macsec_capable) < 0) {
3135 os_free(kay);
3140 kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
3141 kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
3142 kay->macsec_desired = FALSE;
3143 kay->macsec_protect = FALSE;
3144 kay->macsec_validate = Disabled;
3145 kay->macsec_replay_protect = FALSE;
3146 kay->macsec_replay_window = 0;
3147 kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
3149 kay->macsec_desired = TRUE;
3150 kay->macsec_protect = TRUE;
3151 kay->macsec_encrypt = policy == SHOULD_ENCRYPT;
3152 kay->macsec_validate = Strict;
3153 kay->macsec_replay_protect = FALSE;
3154 kay->macsec_replay_window = 0;
3155 if (kay->macsec_capable >= MACSEC_CAP_INTEG_AND_CONF)
3156 kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
3158 kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
3161 wpa_printf(MSG_DEBUG, "KaY: state machine created");
3164 secy_init_macsec(kay);
3166 wpa_printf(MSG_DEBUG, "KaY: secy init macsec done");
3169 kay->cp = ieee802_1x_cp_sm_init(kay);
3170 if (kay->cp == NULL) {
3171 ieee802_1x_kay_deinit(kay);
3176 ieee802_1x_cp_connect_authenticated(kay->cp);
3177 ieee802_1x_cp_sm_step(kay->cp);
3179 kay->l2_mka = l2_packet_init(kay->if_name, NULL, ETH_P_PAE,
3180 kay_l2_receive, kay, 1);
3181 if (kay->l2_mka == NULL) {
3183 "KaY: Failed to initialize L2 packet processing for MKA packet");
3184 ieee802_1x_kay_deinit(kay);
3189 return kay;
3197 ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay)
3201 if (!kay)
3204 wpa_printf(MSG_DEBUG, "KaY: state machine removed");
3206 while (!dl_list_empty(&kay->participant_list)) {
3207 participant = dl_list_entry(kay->participant_list.next,
3210 ieee802_1x_kay_delete_mka(kay, &participant->ckn);
3213 ieee802_1x_cp_sm_deinit(kay->cp);
3214 secy_deinit_macsec(kay);
3216 if (kay->l2_mka) {
3217 l2_packet_deinit(kay->l2_mka);
3218 kay->l2_mka = NULL;
3221 os_free(kay->ctx);
3222 os_free(kay);
3230 ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
3237 if (!kay || !ckn || !cak) {
3238 wpa_printf(MSG_ERROR, "KaY: ckn or cak is null");
3242 if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) {
3243 wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema");
3247 wpa_printf(MSG_ERROR, "KaY: CKN is out of range(<=32 bytes)");
3250 if (!kay->enable) {
3251 wpa_printf(MSG_ERROR, "KaY: Now is at disable state");
3257 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
3276 os_memcpy(&kay->key_server_sci, &kay->actor_sci,
3277 sizeof(kay->key_server_sci));
3278 kay->key_server_priority = kay->actor_priority;
3310 participant->kay = kay;
3325 participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci);
3326 secy_cp_control_protect_frames(kay, kay->macsec_protect);
3327 secy_cp_control_replay(kay, kay->macsec_replay_protect,
3328 kay->macsec_replay_window);
3329 secy_create_transmit_sc(kay, participant->txsc);
3332 participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
3333 if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key,
3337 wpa_printf(MSG_ERROR, "KaY: Derived KEK failed");
3340 wpa_hexdump_key(MSG_DEBUG, "KaY: Derived KEK",
3344 participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len;
3345 if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
3349 wpa_printf(MSG_ERROR, "KaY: Derived ICK failed");
3352 wpa_hexdump_key(MSG_DEBUG, "KaY: Derived ICK",
3355 dl_list_add(&kay->participant_list, &participant->list);
3356 wpa_hexdump(MSG_DEBUG, "KaY: Participant created:",
3386 ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
3393 if (!kay || !ckn)
3396 wpa_printf(MSG_DEBUG, "KaY: participant removed");
3399 participant = ieee802_1x_kay_get_participant(kay, ckn->name);
3401 wpa_hexdump(MSG_DEBUG, "KaY: participant is not found",
3436 secy_delete_receive_sc(kay, rxsc);
3439 secy_delete_transmit_sc(kay, participant->txsc);
3451 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
3457 if (!kay || !ckn)
3460 participant = ieee802_1x_kay_get_participant(kay, ckn->name);
3472 ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay)
3476 if (!kay)
3479 participant = ieee802_1x_kay_get_principal_participant(kay);
3484 wpa_printf(MSG_DEBUG, "KaY: new SAK signal");
3494 ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay,
3500 if (!kay)
3505 "KaY: Configured cipher suite index is out of range");
3508 if (kay->macsec_csindex == cs_index)
3512 kay->macsec_desired = FALSE;
3514 kay->macsec_csindex = cs_index;
3515 kay->macsec_capable = cipher_suite_tbl[kay->macsec_csindex].capable;
3517 if (secy_get_capability(kay, &secy_cap) < 0)
3520 if (kay->macsec_capable > secy_cap)
3521 kay->macsec_capable = secy_cap;
3523 participant = ieee802_1x_kay_get_principal_participant(kay);
3525 wpa_printf(MSG_INFO, "KaY: Cipher Suite changed");
3535 * ieee802_1x_kay_get_status - Get IEEE 802.1X KaY status details
3536 * @sm: Pointer to KaY allocated with ieee802_1x_kay_init()
3542 * Query KAY status information. This function fills in a text area with current
3546 int ieee802_1x_kay_get_status(struct ieee802_1x_kay *kay, char *buf,
3551 if (!kay)
3555 "PAE KaY status=%s\n"
3564 kay->active ? "Active" : "Not-Active",
3565 kay->authenticated ? "Yes" : "No",
3566 kay->secured ? "Yes" : "No",
3567 kay->failed ? "Yes" : "No",
3568 kay->actor_priority,
3569 kay->key_server_priority,
3570 kay->is_key_server ? "Yes" : "No",
3571 kay->dist_kn - 1,
3572 kay->rcvd_keys);
