96 static int changed_cipher(struct ieee802_1x_cp_sm *sm)  in changed_cipher()  argument
98 	return sm->confidentiality_offset != sm->cipher_offset ||  in changed_cipher()
99 		sm->current_cipher_suite != sm->cipher_suite;  in changed_cipher()
103 static int changed_connect(struct ieee802_1x_cp_sm *sm)  in changed_connect()  argument
105 	return sm->connect != SECURE || sm->chgd_server || changed_cipher(sm);  in changed_connect()
113 	sm->controlled_port_enabled = false;  in SM_STATE()
114 	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);  in SM_STATE()
116 	sm->port_valid = false;  in SM_STATE()
118 	os_free(sm->lki);  in SM_STATE()
119 	sm->lki = NULL;  in SM_STATE()
120 	sm->ltx = false;  in SM_STATE()
121 	sm->lrx = false;  in SM_STATE()
123 	os_free(sm->oki);  in SM_STATE()
124 	sm->oki = NULL;  in SM_STATE()
125 	sm->otx = false;  in SM_STATE()
126 	sm->orx = false;  in SM_STATE()
128 	sm->port_enabled = true;  in SM_STATE()
129 	sm->chgd_server = false;  in SM_STATE()
137 	sm->port_valid = false;  in SM_STATE()
138 	sm->controlled_port_enabled = false;  in SM_STATE()
139 	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);  in SM_STATE()
141 	if (sm->lki)  in SM_STATE()
142 		ieee802_1x_kay_delete_sas(sm->kay, sm->lki);  in SM_STATE()
143 	if (sm->oki)  in SM_STATE()
144 		ieee802_1x_kay_delete_sas(sm->kay, sm->oki);  in SM_STATE()
149 	os_free(sm->oki);  in SM_STATE()
150 	sm->oki = NULL;  in SM_STATE()
151 	sm->otx = false;  in SM_STATE()
152 	sm->orx = false;  in SM_STATE()
153 	sm->oan = 0;  in SM_STATE()
154 	ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,  in SM_STATE()
155 				       sm->otx, sm->orx);  in SM_STATE()
156 	os_free(sm->lki);  in SM_STATE()
157 	sm->lki = NULL;  in SM_STATE()
158 	sm->lrx = false;  in SM_STATE()
159 	sm->ltx = false;  in SM_STATE()
160 	sm->lan = 0;  in SM_STATE()
161 	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,  in SM_STATE()
162 					  sm->ltx, sm->lrx);  in SM_STATE()
170 	sm->protect_frames = false;  in SM_STATE()
171 	sm->replay_protect = false;  in SM_STATE()
172 	sm->validate_frames = Checked;  in SM_STATE()
174 	sm->port_valid = false;  in SM_STATE()
175 	sm->controlled_port_enabled = true;  in SM_STATE()
177 	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);  in SM_STATE()
178 	secy_cp_control_protect_frames(sm->kay, sm->protect_frames);  in SM_STATE()
179 	secy_cp_control_encrypt(sm->kay, sm->kay->macsec_encrypt);  in SM_STATE()
180 	secy_cp_control_validate_frames(sm->kay, sm->validate_frames);  in SM_STATE()
181 	secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);  in SM_STATE()
189 	sm->protect_frames = false;  in SM_STATE()
190 	sm->replay_protect = false;  in SM_STATE()
191 	sm->validate_frames = Checked;  in SM_STATE()
192 	sm->offload = sm->kay->macsec_offload;  in SM_STATE()
194 	sm->port_valid = false;  in SM_STATE()
195 	sm->controlled_port_enabled = true;  in SM_STATE()
197 	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);  in SM_STATE()
198 	secy_cp_control_protect_frames(sm->kay, sm->protect_frames);  in SM_STATE()
199 	secy_cp_control_encrypt(sm->kay, sm->kay->macsec_encrypt);  in SM_STATE()
200 	secy_cp_control_validate_frames(sm->kay, sm->validate_frames);  in SM_STATE()
201 	secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);  in SM_STATE()
202 	secy_cp_control_offload(sm->kay, sm->offload);  in SM_STATE()
210 	sm->chgd_server = false;  in SM_STATE()
212 	sm->protect_frames = sm->kay->macsec_protect;  in SM_STATE()
213 	sm->replay_protect = sm->kay->macsec_replay_protect;  in SM_STATE()
214 	sm->offload = sm->kay->macsec_offload;  in SM_STATE()
215 	sm->validate_frames = sm->kay->macsec_validate;  in SM_STATE()
217 	sm->current_cipher_suite = sm->cipher_suite;  in SM_STATE()
218 	secy_cp_control_current_cipher_suite(sm->kay, sm->current_cipher_suite);  in SM_STATE()
220 	sm->confidentiality_offset = sm->cipher_offset;  in SM_STATE()
222 	sm->port_valid = true;  in SM_STATE()
224 	secy_cp_control_confidentiality_offset(sm->kay,  in SM_STATE()
225 					       sm->confidentiality_offset);  in SM_STATE()
226 	secy_cp_control_protect_frames(sm->kay, sm->protect_frames);  in SM_STATE()
227 	secy_cp_control_encrypt(sm->kay, sm->kay->macsec_encrypt);  in SM_STATE()
228 	secy_cp_control_validate_frames(sm->kay, sm->validate_frames);  in SM_STATE()
229 	secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);  in SM_STATE()
230 	secy_cp_control_offload(sm->kay, sm->offload);  in SM_STATE()
238 	sm->lki = os_malloc(sizeof(*sm->lki));  in SM_STATE()
239 	if (!sm->lki) {  in SM_STATE()
243 	os_memcpy(sm->lki, &sm->distributed_ki, sizeof(*sm->lki));  in SM_STATE()
244 	sm->lan = sm->distributed_an;  in SM_STATE()
245 	sm->ltx = false;  in SM_STATE()
246 	sm->lrx = false;  in SM_STATE()
247 	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,  in SM_STATE()
248 					  sm->ltx, sm->lrx);  in SM_STATE()
249 	ieee802_1x_kay_create_sas(sm->kay, sm->lki);  in SM_STATE()
250 	ieee802_1x_kay_enable_rx_sas(sm->kay, sm->lki);  in SM_STATE()
251 	sm->new_sak = false;  in SM_STATE()
252 	sm->all_receiving = false;  in SM_STATE()
260 	sm->lrx = true;  in SM_STATE()
261 	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,  in SM_STATE()
262 					  sm->ltx, sm->lrx);  in SM_STATE()
263 	sm->transmit_when = sm->transmit_delay;  in SM_STATE()
264 	eloop_cancel_timeout(ieee802_1x_cp_transmit_when_timeout, sm, NULL);  in SM_STATE()
265 	eloop_register_timeout(sm->transmit_when / 1000, 0,  in SM_STATE()
266 			       ieee802_1x_cp_transmit_when_timeout, sm, NULL);  in SM_STATE()
270 	ieee802_1x_cp_sm_step(sm);  in SM_STATE()
271 	sm->using_receive_sas = false;  in SM_STATE()
272 	sm->server_transmitting = false;  in SM_STATE()
280 	ieee802_1x_kay_enable_new_info(sm->kay);  in SM_STATE()
288 	sm->controlled_port_enabled = true;  in SM_STATE()
289 	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);  in SM_STATE()
290 	sm->ltx = true;  in SM_STATE()
291 	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,  in SM_STATE()
292 					  sm->ltx, sm->lrx);  in SM_STATE()
293 	ieee802_1x_kay_enable_tx_sas(sm->kay,  sm->lki);  in SM_STATE()
294 	sm->all_receiving = false;  in SM_STATE()
295 	sm->server_transmitting = false;  in SM_STATE()
302 	sm->retire_when = sm->orx ? sm->retire_delay : 0;  in SM_STATE()
303 	sm->otx = false;  in SM_STATE()
304 	ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,  in SM_STATE()
305 				       sm->otx, sm->orx);  in SM_STATE()
306 	ieee802_1x_kay_enable_new_info(sm->kay);  in SM_STATE()
307 	eloop_cancel_timeout(ieee802_1x_cp_retire_when_timeout, sm, NULL);  in SM_STATE()
308 	eloop_register_timeout(sm->retire_when / 1000, 0,  in SM_STATE()
309 			       ieee802_1x_cp_retire_when_timeout, sm, NULL);  in SM_STATE()
310 	sm->using_transmit_sa = false;  in SM_STATE()
317 	sm->lrx = false;  in SM_STATE()
318 	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,  in SM_STATE()
319 					  sm->ltx, sm->lrx);  in SM_STATE()
320 	ieee802_1x_kay_delete_sas(sm->kay, sm->lki);  in SM_STATE()
322 	os_free(sm->lki);  in SM_STATE()
323 	sm->lki = NULL;  in SM_STATE()
324 	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,  in SM_STATE()
325 					  sm->ltx, sm->lrx);  in SM_STATE()
332 	if (sm->oki) {  in SM_STATE()
333 		ieee802_1x_kay_delete_sas(sm->kay, sm->oki);  in SM_STATE()
334 		os_free(sm->oki);  in SM_STATE()
335 		sm->oki = NULL;  in SM_STATE()
337 	sm->oki = sm->lki;  in SM_STATE()
338 	sm->otx = sm->ltx;  in SM_STATE()
339 	sm->orx = sm->lrx;  in SM_STATE()
340 	sm->oan = sm->lan;  in SM_STATE()
341 	ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,  in SM_STATE()
342 				       sm->otx, sm->orx);  in SM_STATE()
343 	sm->lki = NULL;  in SM_STATE()
344 	sm->ltx = false;  in SM_STATE()
345 	sm->lrx = false;  in SM_STATE()
346 	sm->lan = 0;  in SM_STATE()
347 	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,  in SM_STATE()
348 					  sm->ltx, sm->lrx);  in SM_STATE()
357 	if (!sm->port_enabled)  in SM_STEP()
360 	switch (sm->CP_state) {  in SM_STEP()
370 		if (sm->connect == UNAUTHENTICATED)  in SM_STEP()
372 		else if (sm->connect == AUTHENTICATED)  in SM_STEP()
374 		else if (sm->connect == SECURE)  in SM_STEP()
379 		if (sm->connect != UNAUTHENTICATED)  in SM_STEP()
384 		if (sm->connect != AUTHENTICATED)  in SM_STEP()
389 		if (changed_connect(sm))  in SM_STEP()
391 		else if (sm->new_sak)  in SM_STEP()
396 		if (sm->using_receive_sas)  in SM_STEP()
401 		if (sm->new_sak || changed_connect(sm))  in SM_STEP()
403 		if (!sm->elected_self)  in SM_STEP()
405 		if (sm->elected_self &&  in SM_STEP()
406 		    (sm->all_receiving || !sm->controlled_port_enabled ||  in SM_STEP()
407 		     !sm->transmit_when))  in SM_STEP()
412 		if (sm->using_transmit_sa)  in SM_STEP()
417 		if (!sm->retire_when || changed_connect(sm))  in SM_STEP()
422 		if (changed_connect(sm))  in SM_STEP()
424 		else if (sm->new_sak)  in SM_STEP()
429 		if (sm->new_sak || changed_connect(sm))  in SM_STEP()
431 		if (sm->server_transmitting || !sm->controlled_port_enabled)  in SM_STEP()
435 		if (changed_connect(sm))  in SM_STEP()
437 		else if (sm->new_sak)  in SM_STEP()
452 	struct ieee802_1x_cp_sm *sm;  in ieee802_1x_cp_sm_init()  local
454 	sm = os_zalloc(sizeof(*sm));  in ieee802_1x_cp_sm_init()
455 	if (sm == NULL) {  in ieee802_1x_cp_sm_init()
460 	sm->kay = kay;  in ieee802_1x_cp_sm_init()
462 	sm->port_valid = false;  in ieee802_1x_cp_sm_init()
464 	sm->chgd_server = false;  in ieee802_1x_cp_sm_init()
466 	sm->protect_frames = kay->macsec_protect;  in ieee802_1x_cp_sm_init()
467 	sm->validate_frames = kay->macsec_validate;  in ieee802_1x_cp_sm_init()
468 	sm->replay_protect = kay->macsec_replay_protect;  in ieee802_1x_cp_sm_init()
469 	sm->replay_window = kay->macsec_replay_window;  in ieee802_1x_cp_sm_init()
470 	sm->offload = kay->macsec_offload;  in ieee802_1x_cp_sm_init()
472 	sm->controlled_port_enabled = false;  in ieee802_1x_cp_sm_init()
474 	sm->lki = NULL;  in ieee802_1x_cp_sm_init()
475 	sm->lrx = false;  in ieee802_1x_cp_sm_init()
476 	sm->ltx = false;  in ieee802_1x_cp_sm_init()
477 	sm->oki = NULL;  in ieee802_1x_cp_sm_init()
478 	sm->orx = false;  in ieee802_1x_cp_sm_init()
479 	sm->otx = false;  in ieee802_1x_cp_sm_init()
481 	sm->current_cipher_suite = cs_id[kay->macsec_csindex];  in ieee802_1x_cp_sm_init()
482 	sm->cipher_suite = cs_id[kay->macsec_csindex];  in ieee802_1x_cp_sm_init()
483 	sm->cipher_offset = CONFIDENTIALITY_OFFSET_0;  in ieee802_1x_cp_sm_init()
484 	sm->confidentiality_offset = sm->cipher_offset;  in ieee802_1x_cp_sm_init()
485 	sm->transmit_delay = MKA_LIFE_TIME;  in ieee802_1x_cp_sm_init()
486 	sm->retire_delay = MKA_SAK_RETIRE_TIME;  in ieee802_1x_cp_sm_init()
487 	sm->CP_state = CP_BEGIN;  in ieee802_1x_cp_sm_init()
488 	sm->changed = false;  in ieee802_1x_cp_sm_init()
492 	secy_cp_control_protect_frames(sm->kay, sm->protect_frames);  in ieee802_1x_cp_sm_init()
493 	secy_cp_control_encrypt(sm->kay, sm->kay->macsec_encrypt);  in ieee802_1x_cp_sm_init()
494 	secy_cp_control_validate_frames(sm->kay, sm->validate_frames);  in ieee802_1x_cp_sm_init()
495 	secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);  in ieee802_1x_cp_sm_init()
496 	secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);  in ieee802_1x_cp_sm_init()
497 	secy_cp_control_confidentiality_offset(sm->kay,  in ieee802_1x_cp_sm_init()
498 					       sm->confidentiality_offset);  in ieee802_1x_cp_sm_init()
499 	secy_cp_control_current_cipher_suite(sm->kay, sm->current_cipher_suite);  in ieee802_1x_cp_sm_init()
500 	secy_cp_control_offload(sm->kay, sm->offload);  in ieee802_1x_cp_sm_init()
504 	return sm;  in ieee802_1x_cp_sm_init()
508 static void ieee802_1x_cp_step_run(struct ieee802_1x_cp_sm *sm)  in ieee802_1x_cp_step_run()  argument
514 		prev_state = sm->CP_state;  in ieee802_1x_cp_step_run()
516 		if (prev_state == sm->CP_state)  in ieee802_1x_cp_step_run()
524 	struct ieee802_1x_cp_sm *sm = eloop_ctx;  in ieee802_1x_cp_step_cb()  local
525 	ieee802_1x_cp_step_run(sm);  in ieee802_1x_cp_step_cb()
532 void ieee802_1x_cp_sm_deinit(struct ieee802_1x_cp_sm *sm)  in ieee802_1x_cp_sm_deinit()  argument
535 	if (!sm)  in ieee802_1x_cp_sm_deinit()
538 	eloop_cancel_timeout(ieee802_1x_cp_retire_when_timeout, sm, NULL);  in ieee802_1x_cp_sm_deinit()
539 	eloop_cancel_timeout(ieee802_1x_cp_transmit_when_timeout, sm, NULL);  in ieee802_1x_cp_sm_deinit()
540 	eloop_cancel_timeout(ieee802_1x_cp_step_cb, sm, NULL);  in ieee802_1x_cp_sm_deinit()
541 	os_free(sm->lki);  in ieee802_1x_cp_sm_deinit()
542 	os_free(sm->oki);  in ieee802_1x_cp_sm_deinit()
543 	os_free(sm);  in ieee802_1x_cp_sm_deinit()
552 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_connect_pending()  local
554 	sm->connect = PENDING;  in ieee802_1x_cp_connect_pending()
563 	struct ieee802_1x_cp_sm *sm = (struct ieee802_1x_cp_sm *)cp_ctx;  in ieee802_1x_cp_connect_unauthenticated()  local
565 	sm->connect = UNAUTHENTICATED;  in ieee802_1x_cp_connect_unauthenticated()
574 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_connect_authenticated()  local
576 	sm->connect = AUTHENTICATED;  in ieee802_1x_cp_connect_authenticated()
585 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_connect_secure()  local
587 	sm->connect = SECURE;  in ieee802_1x_cp_connect_secure()
596 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_signal_chgdserver()  local
598 	sm->chgd_server = true;  in ieee802_1x_cp_signal_chgdserver()
607 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_set_electedself()  local
608 	sm->elected_self = status;  in ieee802_1x_cp_set_electedself()
617 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_set_ciphersuite()  local
618 	sm->cipher_suite = cs;  in ieee802_1x_cp_set_ciphersuite()
627 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_set_offset()  local
628 	sm->cipher_offset = offset;  in ieee802_1x_cp_set_offset()
637 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_signal_newsak()  local
638 	sm->new_sak = true;  in ieee802_1x_cp_signal_newsak()
648 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_set_distributedki()  local
649 	os_memcpy(&sm->distributed_ki, dki, sizeof(struct ieee802_1x_mka_ki));  in ieee802_1x_cp_set_distributedki()
658 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_set_distributedan()  local
659 	sm->distributed_an = an;  in ieee802_1x_cp_set_distributedan()
668 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_set_usingreceivesas()  local
669 	sm->using_receive_sas = status;  in ieee802_1x_cp_set_usingreceivesas()
678 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_set_allreceiving()  local
679 	sm->all_receiving = status;  in ieee802_1x_cp_set_allreceiving()
688 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_set_servertransmitting()  local
689 	sm->server_transmitting = status;  in ieee802_1x_cp_set_servertransmitting()
698 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_set_usingtransmitas()  local
699 	sm->using_transmit_sa = status;  in ieee802_1x_cp_set_usingtransmitas()
717 	struct ieee802_1x_cp_sm *sm = cp_ctx;  in ieee802_1x_cp_sm_step()  local
718 	eloop_cancel_timeout(ieee802_1x_cp_step_cb, sm, NULL);  in ieee802_1x_cp_sm_step()
719 	eloop_register_timeout(0, 0, ieee802_1x_cp_step_cb, sm, NULL);  in ieee802_1x_cp_sm_step()
726 	struct ieee802_1x_cp_sm *sm = eloop_ctx;  in ieee802_1x_cp_retire_when_timeout()  local
727 	sm->retire_when = 0;  in ieee802_1x_cp_retire_when_timeout()
728 	ieee802_1x_cp_step_run(sm);  in ieee802_1x_cp_retire_when_timeout()
735 	struct ieee802_1x_cp_sm *sm = eloop_ctx;  in ieee802_1x_cp_transmit_when_timeout()  local
736 	sm->transmit_when = 0;  in ieee802_1x_cp_transmit_when_timeout()
737 	ieee802_1x_cp_step_run(sm);  in ieee802_1x_cp_transmit_when_timeout()