Lines Matching refs:sm
97 static int changed_cipher(struct ieee802_1x_cp_sm *sm)
99 return sm->confidentiality_offset != sm->cipher_offset ||
100 sm->current_cipher_suite != sm->cipher_suite;
104 static int changed_connect(struct ieee802_1x_cp_sm *sm)
106 return sm->connect != SECURE || sm->chgd_server || changed_cipher(sm);
114 sm->controlled_port_enabled = FALSE;
115 secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
117 sm->port_valid = FALSE;
119 os_free(sm->lki);
120 sm->lki = NULL;
121 sm->ltx = FALSE;
122 sm->lrx = FALSE;
124 os_free(sm->oki);
125 sm->oki = NULL;
126 sm->otx = FALSE;
127 sm->orx = FALSE;
129 sm->port_enabled = TRUE;
130 sm->chgd_server = FALSE;
138 sm->port_valid = FALSE;
139 sm->controlled_port_enabled = FALSE;
140 secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
142 if (sm->lki)
143 ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
144 if (sm->oki)
145 ieee802_1x_kay_delete_sas(sm->kay, sm->oki);
153 sm->protect_frames = FALSE;
154 sm->replay_protect = FALSE;
155 sm->validate_frames = Checked;
157 sm->port_valid = FALSE;
158 sm->controlled_port_enabled = TRUE;
160 secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
161 secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
162 secy_cp_control_encrypt(sm->kay, sm->kay->macsec_encrypt);
163 secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
164 secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
172 sm->protect_frames = FALSE;
173 sm->replay_protect = FALSE;
174 sm->validate_frames = Checked;
176 sm->port_valid = FALSE;
177 sm->controlled_port_enabled = TRUE;
179 secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
180 secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
181 secy_cp_control_encrypt(sm->kay, sm->kay->macsec_encrypt);
182 secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
183 secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
191 sm->chgd_server = FALSE;
193 sm->protect_frames = sm->kay->macsec_protect;
194 sm->replay_protect = sm->kay->macsec_replay_protect;
195 sm->validate_frames = sm->kay->macsec_validate;
198 sm->current_cipher_suite = sm->cipher_suite;
199 secy_cp_control_current_cipher_suite(sm->kay, sm->current_cipher_suite);
201 sm->confidentiality_offset = sm->cipher_offset;
203 sm->port_valid = TRUE;
205 secy_cp_control_confidentiality_offset(sm->kay,
206 sm->confidentiality_offset);
207 secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
208 secy_cp_control_encrypt(sm->kay, sm->kay->macsec_encrypt);
209 secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
210 secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
219 sm->oki = sm->lki;
220 sm->oan = sm->lan;
221 sm->otx = sm->ltx;
222 sm->orx = sm->lrx;
223 ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
224 sm->otx, sm->orx);
226 sm->lki = os_malloc(sizeof(*sm->lki));
227 if (!sm->lki) {
231 os_memcpy(sm->lki, &sm->distributed_ki, sizeof(*sm->lki));
232 sm->lan = sm->distributed_an;
233 sm->ltx = FALSE;
234 sm->lrx = FALSE;
235 ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
236 sm->ltx, sm->lrx);
237 ieee802_1x_kay_create_sas(sm->kay, sm->lki);
238 ieee802_1x_kay_enable_rx_sas(sm->kay, sm->lki);
239 sm->new_sak = FALSE;
240 sm->all_receiving = FALSE;
248 sm->lrx = TRUE;
249 ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
250 sm->ltx, sm->lrx);
251 sm->transmit_when = sm->transmit_delay;
252 eloop_cancel_timeout(ieee802_1x_cp_transmit_when_timeout, sm, NULL);
253 eloop_register_timeout(sm->transmit_when / 1000, 0,
254 ieee802_1x_cp_transmit_when_timeout, sm, NULL);
258 ieee802_1x_cp_sm_step(sm);
259 sm->using_receive_sas = FALSE;
260 sm->server_transmitting = FALSE;
268 ieee802_1x_kay_enable_new_info(sm->kay);
276 sm->controlled_port_enabled = TRUE;
277 secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
278 sm->ltx = TRUE;
279 ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
280 sm->ltx, sm->lrx);
281 ieee802_1x_kay_enable_tx_sas(sm->kay, sm->lki);
282 sm->all_receiving = FALSE;
283 sm->server_transmitting = FALSE;
290 sm->retire_when = sm->orx ? sm->retire_delay : 0;
291 sm->otx = FALSE;
292 ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
293 sm->otx, sm->orx);
294 ieee802_1x_kay_enable_new_info(sm->kay);
295 eloop_cancel_timeout(ieee802_1x_cp_retire_when_timeout, sm, NULL);
296 eloop_register_timeout(sm->retire_when / 1000, 0,
297 ieee802_1x_cp_retire_when_timeout, sm, NULL);
298 sm->using_transmit_sa = FALSE;
305 sm->lrx = FALSE;
306 ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
307 sm->ltx, sm->lrx);
308 ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
310 os_free(sm->lki);
311 sm->lki = NULL;
312 ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
313 sm->ltx, sm->lrx);
314 sm->new_sak = FALSE;
323 os_free(sm->oki);
324 sm->oki = NULL;
325 sm->orx = FALSE;
326 sm->otx = FALSE;
327 ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
328 sm->otx, sm->orx);
337 if (!sm->port_enabled)
340 switch (sm->CP_state) {
350 if (sm->connect == UNAUTHENTICATED)
352 else if (sm->connect == AUTHENTICATED)
354 else if (sm->connect == SECURE)
359 if (sm->connect != UNAUTHENTICATED)
364 if (sm->connect != AUTHENTICATED)
369 if (changed_connect(sm))
371 else if (sm->new_sak)
376 if (sm->using_receive_sas)
381 if (sm->new_sak || changed_connect(sm))
383 if (!sm->elected_self)
385 if (sm->elected_self &&
386 (sm->all_receiving || !sm->transmit_when))
391 if (sm->using_transmit_sa)
396 if (!sm->retire_when || changed_connect(sm))
401 if (changed_connect(sm))
403 else if (sm->new_sak)
408 if (sm->new_sak || changed_connect(sm))
410 if (sm->server_transmitting)
414 if (changed_connect(sm))
416 else if (sm->new_sak)
431 struct ieee802_1x_cp_sm *sm;
433 sm = os_zalloc(sizeof(*sm));
434 if (sm == NULL) {
439 sm->kay = kay;
441 sm->port_valid = FALSE;
443 sm->chgd_server = FALSE;
445 sm->protect_frames = kay->macsec_protect;
446 sm->validate_frames = kay->macsec_validate;
447 sm->replay_protect = kay->macsec_replay_protect;
448 sm->replay_window = kay->macsec_replay_window;
450 sm->controlled_port_enabled = FALSE;
452 sm->lki = NULL;
453 sm->lrx = FALSE;
454 sm->ltx = FALSE;
455 sm->oki = NULL;
456 sm->orx = FALSE;
457 sm->otx = FALSE;
459 sm->current_cipher_suite = default_cs_id;
460 sm->cipher_suite = default_cs_id;
461 sm->cipher_offset = CONFIDENTIALITY_OFFSET_0;
462 sm->confidentiality_offset = sm->cipher_offset;
463 sm->transmit_delay = MKA_LIFE_TIME;
464 sm->retire_delay = MKA_SAK_RETIRE_TIME;
465 sm->CP_state = CP_BEGIN;
466 sm->changed = FALSE;
467 sm->authorization_data = NULL;
471 secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
472 secy_cp_control_encrypt(sm->kay, sm->kay->macsec_encrypt);
473 secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
474 secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
475 secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
476 secy_cp_control_confidentiality_offset(sm->kay,
477 sm->confidentiality_offset);
482 return sm;
486 static void ieee802_1x_cp_step_run(struct ieee802_1x_cp_sm *sm)
492 prev_state = sm->CP_state;
494 if (prev_state == sm->CP_state)
502 struct ieee802_1x_cp_sm *sm = eloop_ctx;
503 ieee802_1x_cp_step_run(sm);
510 void ieee802_1x_cp_sm_deinit(struct ieee802_1x_cp_sm *sm)
513 if (!sm)
516 eloop_cancel_timeout(ieee802_1x_cp_retire_when_timeout, sm, NULL);
517 eloop_cancel_timeout(ieee802_1x_cp_transmit_when_timeout, sm, NULL);
518 eloop_cancel_timeout(ieee802_1x_cp_step_cb, sm, NULL);
519 os_free(sm->lki);
520 os_free(sm->oki);
521 os_free(sm->authorization_data);
522 os_free(sm);
531 struct ieee802_1x_cp_sm *sm = cp_ctx;
533 sm->connect = PENDING;
542 struct ieee802_1x_cp_sm *sm = (struct ieee802_1x_cp_sm *)cp_ctx;
544 sm->connect = UNAUTHENTICATED;
553 struct ieee802_1x_cp_sm *sm = cp_ctx;
555 sm->connect = AUTHENTICATED;
564 struct ieee802_1x_cp_sm *sm = cp_ctx;
566 sm->connect = SECURE;
575 struct ieee802_1x_cp_sm *sm = cp_ctx;
577 sm->chgd_server = TRUE;
586 struct ieee802_1x_cp_sm *sm = cp_ctx;
587 sm->elected_self = status;
596 struct ieee802_1x_cp_sm *sm = cp_ctx;
597 os_free(sm->authorization_data);
598 sm->authorization_data = os_zalloc(len);
599 if (sm->authorization_data)
600 os_memcpy(sm->authorization_data, pdata, len);
609 struct ieee802_1x_cp_sm *sm = cp_ctx;
610 sm->cipher_suite = cs;
619 struct ieee802_1x_cp_sm *sm = cp_ctx;
620 sm->cipher_offset = offset;
629 struct ieee802_1x_cp_sm *sm = cp_ctx;
630 sm->new_sak = TRUE;
640 struct ieee802_1x_cp_sm *sm = cp_ctx;
641 os_memcpy(&sm->distributed_ki, dki, sizeof(struct ieee802_1x_mka_ki));
650 struct ieee802_1x_cp_sm *sm = cp_ctx;
651 sm->distributed_an = an;
660 struct ieee802_1x_cp_sm *sm = cp_ctx;
661 sm->using_receive_sas = status;
670 struct ieee802_1x_cp_sm *sm = cp_ctx;
671 sm->all_receiving = status;
680 struct ieee802_1x_cp_sm *sm = cp_ctx;
681 sm->server_transmitting = status;
690 struct ieee802_1x_cp_sm *sm = cp_ctx;
691 sm->using_transmit_sa = status;
697 * @sm: EAPOL state machine
709 struct ieee802_1x_cp_sm *sm = cp_ctx;
710 eloop_cancel_timeout(ieee802_1x_cp_step_cb, sm, NULL);
711 eloop_register_timeout(0, 0, ieee802_1x_cp_step_cb, sm, NULL);
718 struct ieee802_1x_cp_sm *sm = eloop_ctx;
719 sm->retire_when = 0;
720 ieee802_1x_cp_step_run(sm);
727 struct ieee802_1x_cp_sm *sm = eloop_ctx;
728 sm->transmit_when = 0;
729 ieee802_1x_cp_step_run(sm);
