diff --git a/src/drivers/driver_macsec_qca.c b/src/drivers/driver_macsec_qca.c new file mode 100644 index 000000000..cf2479927 --- /dev/null +++ b/src/drivers/driver_macsec_qca.c @@ -0,0 +1,887 @@ +/* + * Wired Ethernet driver interface for QCA MACsec driver + * Copyright (c) 2005-2009, Jouni Malinen + * Copyright (c) 2004, Gunter Burchardt + * Copyright (c) 2013-2014, Qualcomm Atheros, Inc. + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "includes.h" +#include +#include +#ifdef __linux__ +#include +#include +#include +#endif /* __linux__ */ +#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__) +#include +#include +#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__) */ +#ifdef __sun__ +#include +#endif /* __sun__ */ + +#include "utils/common.h" +#include "utils/eloop.h" +#include "common/defs.h" +#include "common/ieee802_1x_defs.h" +#include "driver.h" + +#include "nss_macsec_secy.h" +#include "nss_macsec_secy_rx.h" +#include "nss_macsec_secy_tx.h" + +#define MAXSC 16 + +/* TCI field definition */ +#define TCI_ES 0x40 +#define TCI_SC 0x20 +#define TCI_SCB 0x10 +#define TCI_E 0x08 +#define TCI_C 0x04 + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + +static const u8 pae_group_addr[ETH_ALEN] = +{ 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03 }; + +struct macsec_qca_data { + char ifname[IFNAMSIZ + 1]; + u32 secy_id; + void *ctx; + + int sock; /* raw packet socket for driver access */ + int pf_sock; + int membership, multi, iff_allmulti, iff_up; + + /* shadow */ + Boolean always_include_sci; + Boolean use_es; + Boolean use_scb; + Boolean protect_frames; + Boolean replay_protect; + u32 replay_window; +}; + + +static int macsec_qca_multicast_membership(int sock, int ifindex, + const u8 *addr, int add) +{ +#ifdef __linux__ + struct packet_mreq mreq; + + if (sock < 0) + return -1; + + os_memset(&mreq, 0, sizeof(mreq)); + mreq.mr_ifindex = ifindex; + mreq.mr_type = PACKET_MR_MULTICAST; + mreq.mr_alen = ETH_ALEN; + os_memcpy(mreq.mr_address, addr, ETH_ALEN); + + if (setsockopt(sock, SOL_PACKET, + add ? PACKET_ADD_MEMBERSHIP : PACKET_DROP_MEMBERSHIP, + &mreq, sizeof(mreq)) < 0) { + perror("setsockopt"); + return -1; + } + return 0; +#else /* __linux__ */ + return -1; +#endif /* __linux__ */ +} + + +static int macsec_qca_get_ssid(void *priv, u8 *ssid) +{ + ssid[0] = 0; + return 0; +} + + +static int macsec_qca_get_bssid(void *priv, u8 *bssid) +{ + /* Report PAE group address as the "BSSID" for macsec connection. */ + os_memcpy(bssid, pae_group_addr, ETH_ALEN); + return 0; +} + + +static int macsec_qca_get_capa(void *priv, struct wpa_driver_capa *capa) +{ + os_memset(capa, 0, sizeof(*capa)); + capa->flags = WPA_DRIVER_FLAGS_WIRED; + return 0; +} + + +static int macsec_qca_get_ifflags(const char *ifname, int *flags) +{ + struct ifreq ifr; + int s; + + s = socket(PF_INET, SOCK_DGRAM, 0); + if (s < 0) { + perror("socket"); + return -1; + } + + os_memset(&ifr, 0, sizeof(ifr)); + os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ); + if (ioctl(s, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) { + perror("ioctl[SIOCGIFFLAGS]"); + close(s); + return -1; + } + close(s); + *flags = ifr.ifr_flags & 0xffff; + return 0; +} + + +static int macsec_qca_set_ifflags(const char *ifname, int flags) +{ + struct ifreq ifr; + int s; + + s = socket(PF_INET, SOCK_DGRAM, 0); + if (s < 0) { + perror("socket"); + return -1; + } + + os_memset(&ifr, 0, sizeof(ifr)); + os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ); + ifr.ifr_flags = flags & 0xffff; + if (ioctl(s, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) { + perror("ioctl[SIOCSIFFLAGS]"); + close(s); + return -1; + } + close(s); + return 0; +} + + +#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__) +static int macsec_qca_get_ifstatus(const char *ifname, int *status) +{ + struct ifmediareq ifmr; + int s; + + s = socket(PF_INET, SOCK_DGRAM, 0); + if (s < 0) { + perror("socket"); + return -1; + } + + os_memset(&ifmr, 0, sizeof(ifmr)); + os_strlcpy(ifmr.ifm_name, ifname, IFNAMSIZ); + if (ioctl(s, SIOCGIFMEDIA, (caddr_t) &ifmr) < 0) { + perror("ioctl[SIOCGIFMEDIA]"); + close(s); + return -1; + } + close(s); + *status = (ifmr.ifm_status & (IFM_ACTIVE | IFM_AVALID)) == + (IFM_ACTIVE | IFM_AVALID); + + return 0; +} +#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(FreeBSD_kernel__) */ + + +static int macsec_qca_multi(const char *ifname, const u8 *addr, int add) +{ + struct ifreq ifr; + int s; + +#ifdef __sun__ + return -1; +#endif /* __sun__ */ + + s = socket(PF_INET, SOCK_DGRAM, 0); + if (s < 0) { + perror("socket"); + return -1; + } + + os_memset(&ifr, 0, sizeof(ifr)); + os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ); +#ifdef __linux__ + ifr.ifr_hwaddr.sa_family = AF_UNSPEC; + os_memcpy(ifr.ifr_hwaddr.sa_data, addr, ETH_ALEN); +#endif /* __linux__ */ +#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__) + { + struct sockaddr_dl *dlp; + dlp = (struct sockaddr_dl *) &ifr.ifr_addr; + dlp->sdl_len = sizeof(struct sockaddr_dl); + dlp->sdl_family = AF_LINK; + dlp->sdl_index = 0; + dlp->sdl_nlen = 0; + dlp->sdl_alen = ETH_ALEN; + dlp->sdl_slen = 0; + os_memcpy(LLADDR(dlp), addr, ETH_ALEN); + } +#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(FreeBSD_kernel__) */ +#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__) + { + struct sockaddr *sap; + sap = (struct sockaddr *) &ifr.ifr_addr; + sap->sa_len = sizeof(struct sockaddr); + sap->sa_family = AF_UNSPEC; + os_memcpy(sap->sa_data, addr, ETH_ALEN); + } +#endif /* defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__) */ + + if (ioctl(s, add ? SIOCADDMULTI : SIOCDELMULTI, (caddr_t) &ifr) < 0) { + perror("ioctl[SIOC{ADD/DEL}MULTI]"); + close(s); + return -1; + } + close(s); + return 0; +} + + +static void __macsec_drv_init(struct macsec_qca_data *drv) +{ + int ret = 0; + fal_rx_ctl_filt_t rx_ctl_filt; + fal_tx_ctl_filt_t tx_ctl_filt; + + wpa_printf(MSG_INFO, "%s: secy_id=%d", __func__, drv->secy_id); + + /* Enable Secy and Let EAPoL bypass */ + ret = nss_macsec_secy_en_set(drv->secy_id, TRUE); + if (ret) + wpa_printf(MSG_ERROR, "nss_macsec_secy_en_set: FAIL"); + + ret = nss_macsec_secy_sc_sa_mapping_mode_set(drv->secy_id, + FAL_SC_SA_MAP_1_4); + if (ret) + wpa_printf(MSG_ERROR, + "nss_macsec_secy_sc_sa_mapping_mode_set: FAIL"); + + os_memset(&rx_ctl_filt, 0, sizeof(rx_ctl_filt)); + rx_ctl_filt.bypass = 1; + rx_ctl_filt.match_type = IG_CTL_COMPARE_ETHER_TYPE; + rx_ctl_filt.match_mask = 0xffff; + rx_ctl_filt.ether_type_da_range = 0x888e; + ret = nss_macsec_secy_rx_ctl_filt_set(drv->secy_id, 0, &rx_ctl_filt); + if (ret) + wpa_printf(MSG_ERROR, "nss_macsec_secy_rx_ctl_filt_set: FAIL"); + + os_memset(&tx_ctl_filt, 0, sizeof(tx_ctl_filt)); + tx_ctl_filt.bypass = 1; + tx_ctl_filt.match_type = EG_CTL_COMPARE_ETHER_TYPE; + tx_ctl_filt.match_mask = 0xffff; + tx_ctl_filt.ether_type_da_range = 0x888e; + ret = nss_macsec_secy_tx_ctl_filt_set(drv->secy_id, 0, &tx_ctl_filt); + if (ret) + wpa_printf(MSG_ERROR, "nss_macsec_secy_tx_ctl_filt_set: FAIL"); +} + + +static void __macsec_drv_deinit(struct macsec_qca_data *drv) +{ + nss_macsec_secy_en_set(drv->secy_id, FALSE); + nss_macsec_secy_rx_sc_del_all(drv->secy_id); + nss_macsec_secy_tx_sc_del_all(drv->secy_id); +} + + +static void * macsec_qca_init(void *ctx, const char *ifname) +{ + struct macsec_qca_data *drv; + int flags; + + drv = os_zalloc(sizeof(*drv)); + if (drv == NULL) + return NULL; + os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname)); + drv->ctx = ctx; + + /* Board specific settings */ + if (os_memcmp("eth2", drv->ifname, 4) == 0) + drv->secy_id = 1; + else if (os_memcmp("eth3", drv->ifname, 4) == 0) + drv->secy_id = 2; + else + drv->secy_id = -1; + +#ifdef __linux__ + drv->pf_sock = socket(PF_PACKET, SOCK_DGRAM, 0); + if (drv->pf_sock < 0) + perror("socket(PF_PACKET)"); +#else /* __linux__ */ + drv->pf_sock = -1; +#endif /* __linux__ */ + + if (macsec_qca_get_ifflags(ifname, &flags) == 0 && + !(flags & IFF_UP) && + macsec_qca_set_ifflags(ifname, flags | IFF_UP) == 0) { + drv->iff_up = 1; + } + + if (macsec_qca_multicast_membership(drv->pf_sock, + if_nametoindex(drv->ifname), + pae_group_addr, 1) == 0) { + wpa_printf(MSG_DEBUG, + "%s: Added multicast membership with packet socket", + __func__); + drv->membership = 1; + } else if (macsec_qca_multi(ifname, pae_group_addr, 1) == 0) { + wpa_printf(MSG_DEBUG, + "%s: Added multicast membership with SIOCADDMULTI", + __func__); + drv->multi = 1; + } else if (macsec_qca_get_ifflags(ifname, &flags) < 0) { + wpa_printf(MSG_INFO, "%s: Could not get interface flags", + __func__); + os_free(drv); + return NULL; + } else if (flags & IFF_ALLMULTI) { + wpa_printf(MSG_DEBUG, + "%s: Interface is already configured for multicast", + __func__); + } else if (macsec_qca_set_ifflags(ifname, flags | IFF_ALLMULTI) < 0) { + wpa_printf(MSG_INFO, "%s: Failed to enable allmulti", + __func__); + os_free(drv); + return NULL; + } else { + wpa_printf(MSG_DEBUG, "%s: Enabled allmulti mode", __func__); + drv->iff_allmulti = 1; + } +#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__) + { + int status; + wpa_printf(MSG_DEBUG, "%s: waiting for link to become active", + __func__); + while (macsec_qca_get_ifstatus(ifname, &status) == 0 && + status == 0) + sleep(1); + } +#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(FreeBSD_kernel__) */ + + return drv; +} + + +static void macsec_qca_deinit(void *priv) +{ + struct macsec_qca_data *drv = priv; + int flags; + + if (drv->membership && + macsec_qca_multicast_membership(drv->pf_sock, + if_nametoindex(drv->ifname), + pae_group_addr, 0) < 0) { + wpa_printf(MSG_DEBUG, + "%s: Failed to remove PAE multicast group (PACKET)", + __func__); + } + + if (drv->multi && + macsec_qca_multi(drv->ifname, pae_group_addr, 0) < 0) { + wpa_printf(MSG_DEBUG, + "%s: Failed to remove PAE multicast group (SIOCDELMULTI)", + __func__); + } + + if (drv->iff_allmulti && + (macsec_qca_get_ifflags(drv->ifname, &flags) < 0 || + macsec_qca_set_ifflags(drv->ifname, flags & ~IFF_ALLMULTI) < 0)) { + wpa_printf(MSG_DEBUG, "%s: Failed to disable allmulti mode", + __func__); + } + + if (drv->iff_up && + macsec_qca_get_ifflags(drv->ifname, &flags) == 0 && + (flags & IFF_UP) && + macsec_qca_set_ifflags(drv->ifname, flags & ~IFF_UP) < 0) { + wpa_printf(MSG_DEBUG, "%s: Failed to set the interface down", + __func__); + } + + if (drv->pf_sock != -1) + close(drv->pf_sock); + + os_free(drv); +} + + +static int macsec_qca_macsec_init(void *priv, struct macsec_init_params *params) +{ + struct macsec_qca_data *drv = priv; + + drv->always_include_sci = params->always_include_sci; + drv->use_es = params->use_es; + drv->use_scb = params->use_scb; + + wpa_printf(MSG_DEBUG, "%s: es=%d, scb=%d, sci=%d", + __func__, drv->use_es, drv->use_scb, + drv->always_include_sci); + + __macsec_drv_init(drv); + + return 0; +} + + +static int macsec_qca_macsec_deinit(void *priv) +{ + struct macsec_qca_data *drv = priv; + + wpa_printf(MSG_DEBUG, "%s", __func__); + + __macsec_drv_deinit(drv); + + return 0; +} + + +static int macsec_qca_enable_protect_frames(void *priv, Boolean enabled) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + + wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled); + + drv->protect_frames = enabled; + + return ret; +} + + +static int macsec_qca_set_replay_protect(void *priv, Boolean enabled, + unsigned int window) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + + wpa_printf(MSG_DEBUG, "%s: enabled=%d, win=%u", + __func__, enabled, window); + + drv->replay_protect = enabled; + drv->replay_window = window; + + return ret; +} + + +static int macsec_qca_set_current_cipher_suite(void *priv, const u8 *cs, + size_t cs_len) +{ + u8 default_cs_id[] = CS_ID_GCM_AES_128; + + if (cs_len != CS_ID_LEN || + os_memcmp(cs, default_cs_id, cs_len) != 0) { + wpa_hexdump(MSG_ERROR, "macsec: NOT supported CipherSuite", + cs, cs_len); + return -1; + } + + /* Support default Cipher Suite 0080020001000001 (GCM-AES-128) */ + wpa_printf(MSG_DEBUG, "%s: default support aes-gcm-128", __func__); + + return 0; +} + + +static int macsec_qca_enable_controlled_port(void *priv, Boolean enabled) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + + wpa_printf(MSG_DEBUG, "%s: enable=%d", __func__, enabled); + + ret += nss_macsec_secy_controlled_port_en_set(drv->secy_id, enabled); + + return ret; +} + + +static int macsec_qca_get_receive_lowest_pn(void *priv, u32 channel, u8 an, + u32 *lowest_pn) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + u32 next_pn = 0; + bool enabled = FALSE; + u32 win; + + ret += nss_macsec_secy_rx_sa_next_pn_get(drv->secy_id, channel, an, + &next_pn); + ret += nss_macsec_secy_rx_sc_replay_protect_get(drv->secy_id, channel, + &enabled); + ret += nss_macsec_secy_rx_sc_anti_replay_window_get(drv->secy_id, + channel, &win); + + if (enabled) + *lowest_pn = (next_pn > win) ? (next_pn - win) : 1; + else + *lowest_pn = next_pn; + + wpa_printf(MSG_DEBUG, "%s: lpn=0x%x", __func__, *lowest_pn); + + return ret; +} + + +static int macsec_qca_get_transmit_next_pn(void *priv, u32 channel, u8 an, + u32 *next_pn) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + + ret += nss_macsec_secy_tx_sa_next_pn_get(drv->secy_id, channel, an, + next_pn); + + wpa_printf(MSG_DEBUG, "%s: npn=0x%x", __func__, *next_pn); + + return ret; +} + + +int macsec_qca_set_transmit_next_pn(void *priv, u32 channel, u8 an, u32 next_pn) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + + ret += nss_macsec_secy_tx_sa_next_pn_set(drv->secy_id, channel, an, + next_pn); + + wpa_printf(MSG_INFO, "%s: npn=0x%x", __func__, next_pn); + + return ret; +} + + +static int macsec_qca_get_available_receive_sc(void *priv, u32 *channel) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + u32 sc_ch = 0; + bool in_use = FALSE; + + for (sc_ch = 0; sc_ch < MAXSC; sc_ch++) { + ret = nss_macsec_secy_rx_sc_in_used_get(drv->secy_id, sc_ch, + &in_use); + if (ret) + continue; + + if (!in_use) { + *channel = sc_ch; + wpa_printf(MSG_DEBUG, "%s: channel=%d", + __func__, *channel); + return 0; + } + } + + wpa_printf(MSG_DEBUG, "%s: no available channel", __func__); + + return -1; +} + + +static int macsec_qca_create_receive_sc(void *priv, u32 channel, + const u8 *sci_addr, u16 sci_port, + unsigned int conf_offset, + int validation) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + fal_rx_prc_lut_t entry; + fal_rx_sc_validate_frame_e vf; + enum validate_frames validate_frames = validation; + + wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel); + + /* rx prc lut */ + os_memset(&entry, 0, sizeof(entry)); + + os_memcpy(entry.sci, sci_addr, ETH_ALEN); + entry.sci[6] = (sci_port >> 8) & 0xf; + entry.sci[7] = sci_port & 0xf; + entry.sci_mask = 0xf; + + entry.valid = 1; + entry.channel = channel; + entry.action = FAL_RX_PRC_ACTION_PROCESS; + entry.offset = conf_offset; + + /* rx validate frame */ + if (validate_frames == Strict) + vf = FAL_RX_SC_VALIDATE_FRAME_STRICT; + else if (validate_frames == Checked) + vf = FAL_RX_SC_VALIDATE_FRAME_CHECK; + else + vf = FAL_RX_SC_VALIDATE_FRAME_DISABLED; + + ret += nss_macsec_secy_rx_prc_lut_set(drv->secy_id, channel, &entry); + ret += nss_macsec_secy_rx_sc_create(drv->secy_id, channel); + ret += nss_macsec_secy_rx_sc_validate_frame_set(drv->secy_id, channel, + vf); + ret += nss_macsec_secy_rx_sc_replay_protect_set(drv->secy_id, channel, + drv->replay_protect); + ret += nss_macsec_secy_rx_sc_anti_replay_window_set(drv->secy_id, + channel, + drv->replay_window); + + return ret; +} + + +static int macsec_qca_delete_receive_sc(void *priv, u32 channel) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + fal_rx_prc_lut_t entry; + + wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel); + + /* rx prc lut */ + os_memset(&entry, 0, sizeof(entry)); + + ret += nss_macsec_secy_rx_sc_del(drv->secy_id, channel); + ret += nss_macsec_secy_rx_prc_lut_set(drv->secy_id, channel, &entry); + + return ret; +} + + +static int macsec_qca_create_receive_sa(void *priv, u32 channel, u8 an, + u32 lowest_pn, const u8 *sak) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + fal_rx_sak_t rx_sak; + int i = 0; + + wpa_printf(MSG_DEBUG, "%s, channel=%d, an=%d, lpn=0x%x", + __func__, channel, an, lowest_pn); + + os_memset(&rx_sak, 0, sizeof(rx_sak)); + for (i = 0; i < 16; i++) + rx_sak.sak[i] = sak[15 - i]; + + ret += nss_macsec_secy_rx_sa_create(drv->secy_id, channel, an); + ret += nss_macsec_secy_rx_sak_set(drv->secy_id, channel, an, &rx_sak); + + return ret; +} + + +static int macsec_qca_enable_receive_sa(void *priv, u32 channel, u8 an) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + + wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an); + + ret += nss_macsec_secy_rx_sa_en_set(drv->secy_id, channel, an, TRUE); + + return ret; +} + + +static int macsec_qca_disable_receive_sa(void *priv, u32 channel, u8 an) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + + wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an); + + ret += nss_macsec_secy_rx_sa_en_set(drv->secy_id, channel, an, FALSE); + + return ret; +} + + +static int macsec_qca_get_available_transmit_sc(void *priv, u32 *channel) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + u32 sc_ch = 0; + bool in_use = FALSE; + + for (sc_ch = 0; sc_ch < MAXSC; sc_ch++) { + ret = nss_macsec_secy_tx_sc_in_used_get(drv->secy_id, sc_ch, + &in_use); + if (ret) + continue; + + if (!in_use) { + *channel = sc_ch; + wpa_printf(MSG_DEBUG, "%s: channel=%d", + __func__, *channel); + return 0; + } + } + + wpa_printf(MSG_DEBUG, "%s: no avaiable channel", __func__); + + return -1; +} + + +static int macsec_qca_create_transmit_sc(void *priv, u32 channel, + const u8 *sci_addr, u16 sci_port, + unsigned int conf_offset) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + fal_tx_class_lut_t entry; + u8 psci[ETH_ALEN + 2]; + + wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel); + + /* class lut */ + os_memset(&entry, 0, sizeof(entry)); + + entry.valid = 1; + entry.action = FAL_TX_CLASS_ACTION_FORWARD; + entry.channel = channel; + + os_memcpy(psci, sci_addr, ETH_ALEN); + psci[6] = (sci_port >> 8) & 0xf; + psci[7] = sci_port & 0xf; + + ret += nss_macsec_secy_tx_class_lut_set(drv->secy_id, channel, &entry); + ret += nss_macsec_secy_tx_sc_create(drv->secy_id, channel, psci, 8); + ret += nss_macsec_secy_tx_sc_protect_set(drv->secy_id, channel, + drv->protect_frames); + ret += nss_macsec_secy_tx_sc_confidentiality_offset_set(drv->secy_id, + channel, + conf_offset); + + return ret; +} + + +static int macsec_qca_delete_transmit_sc(void *priv, u32 channel) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + fal_tx_class_lut_t entry; + + wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel); + + /* class lut */ + os_memset(&entry, 0, sizeof(entry)); + + ret += nss_macsec_secy_tx_class_lut_set(drv->secy_id, channel, &entry); + ret += nss_macsec_secy_tx_sc_del(drv->secy_id, channel); + + return ret; +} + + +static int macsec_qca_create_transmit_sa(void *priv, u32 channel, u8 an, + u32 next_pn, Boolean confidentiality, + const u8 *sak) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + u8 tci = 0; + fal_tx_sak_t tx_sak; + int i; + + wpa_printf(MSG_DEBUG, + "%s: channel=%d, an=%d, next_pn=0x%x, confidentiality=%d", + __func__, channel, an, next_pn, confidentiality); + + if (drv->always_include_sci) + tci |= TCI_SC; + else if (drv->use_es) + tci |= TCI_ES; + else if (drv->use_scb) + tci |= TCI_SCB; + + if (confidentiality) + tci |= TCI_E | TCI_C; + + os_memset(&tx_sak, 0, sizeof(tx_sak)); + for (i = 0; i < 16; i++) + tx_sak.sak[i] = sak[15 - i]; + + ret += nss_macsec_secy_tx_sa_next_pn_set(drv->secy_id, channel, an, + next_pn); + ret += nss_macsec_secy_tx_sak_set(drv->secy_id, channel, an, &tx_sak); + ret += nss_macsec_secy_tx_sc_tci_7_2_set(drv->secy_id, channel, + (tci >> 2)); + ret += nss_macsec_secy_tx_sc_an_set(drv->secy_id, channel, an); + + return ret; +} + + +static int macsec_qca_enable_transmit_sa(void *priv, u32 channel, u8 an) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + + wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an); + + ret += nss_macsec_secy_tx_sa_en_set(drv->secy_id, channel, an, TRUE); + + return ret; +} + + +static int macsec_qca_disable_transmit_sa(void *priv, u32 channel, u8 an) +{ + struct macsec_qca_data *drv = priv; + int ret = 0; + + wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an); + + ret += nss_macsec_secy_tx_sa_en_set(drv->secy_id, channel, an, FALSE); + + return ret; +} + + +const struct wpa_driver_ops wpa_driver_macsec_qca_ops = { + .name = "macsec_qca", + .desc = "QCA MACsec Ethernet driver", + .get_ssid = macsec_qca_get_ssid, + .get_bssid = macsec_qca_get_bssid, + .get_capa = macsec_qca_get_capa, + .init = macsec_qca_init, + .deinit = macsec_qca_deinit, + + .macsec_init = macsec_qca_macsec_init, + .macsec_deinit = macsec_qca_macsec_deinit, + .enable_protect_frames = macsec_qca_enable_protect_frames, + .set_replay_protect = macsec_qca_set_replay_protect, + .set_current_cipher_suite = macsec_qca_set_current_cipher_suite, + .enable_controlled_port = macsec_qca_enable_controlled_port, + .get_receive_lowest_pn = macsec_qca_get_receive_lowest_pn, + .get_transmit_next_pn = macsec_qca_get_transmit_next_pn, + .set_transmit_next_pn = macsec_qca_set_transmit_next_pn, + .get_available_receive_sc = macsec_qca_get_available_receive_sc, + .create_receive_sc = macsec_qca_create_receive_sc, + .delete_receive_sc = macsec_qca_delete_receive_sc, + .create_receive_sa = macsec_qca_create_receive_sa, + .enable_receive_sa = macsec_qca_enable_receive_sa, + .disable_receive_sa = macsec_qca_disable_receive_sa, + .get_available_transmit_sc = macsec_qca_get_available_transmit_sc, + .create_transmit_sc = macsec_qca_create_transmit_sc, + .delete_transmit_sc = macsec_qca_delete_transmit_sc, + .create_transmit_sa = macsec_qca_create_transmit_sa, + .enable_transmit_sa = macsec_qca_enable_transmit_sa, + .disable_transmit_sa = macsec_qca_disable_transmit_sa, +}; diff --git a/src/drivers/drivers.c b/src/drivers/drivers.c index 446ab6392..d0e42ecba 100644 --- a/src/drivers/drivers.c +++ b/src/drivers/drivers.c @@ -34,6 +34,10 @@ extern struct wpa_driver_ops wpa_driver_ndis_ops; /* driver_ndis.c */ #ifdef CONFIG_DRIVER_WIRED extern struct wpa_driver_ops wpa_driver_wired_ops; /* driver_wired.c */ #endif /* CONFIG_DRIVER_WIRED */ +#ifdef CONFIG_DRIVER_MACSEC_QCA + /* driver_macsec_qca.c */ +extern struct wpa_driver_ops wpa_driver_macsec_qca_ops; +#endif /* CONFIG_DRIVER_MACSEC_QCA */ #ifdef CONFIG_DRIVER_TEST extern struct wpa_driver_ops wpa_driver_test_ops; /* driver_test.c */ #endif /* CONFIG_DRIVER_TEST */ @@ -75,6 +79,9 @@ struct wpa_driver_ops *wpa_drivers[] = #ifdef CONFIG_DRIVER_WIRED &wpa_driver_wired_ops, #endif /* CONFIG_DRIVER_WIRED */ +#ifdef CONFIG_DRIVER_MACSEC_QCA + &wpa_driver_macsec_qca_ops, +#endif /* CONFIG_DRIVER_MACSEC_QCA */ #ifdef CONFIG_DRIVER_TEST &wpa_driver_test_ops, #endif /* CONFIG_DRIVER_TEST */ diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak index 68ff910b4..7e175f404 100644 --- a/src/drivers/drivers.mak +++ b/src/drivers/drivers.mak @@ -17,6 +17,11 @@ DRV_CFLAGS += -DCONFIG_DRIVER_WIRED DRV_OBJS += ../src/drivers/driver_wired.o endif +ifdef CONFIG_DRIVER_MACSEC_QCA +DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_QCA +DRV_OBJS += ../src/drivers/driver_macsec_qca.o +endif + ifdef CONFIG_DRIVER_NL80211 DRV_CFLAGS += -DCONFIG_DRIVER_NL80211 DRV_OBJS += ../src/drivers/driver_nl80211.o