Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
packet-mka.h
1/* packet-mka.h
2 * Routines for MKA packet dissection
3 *
4 * SPDX-License-Identifier: GPL-2.0-or-later
5 */
6
7#ifndef __PACKET_MKA_H__
8#define __PACKET_MKA_H__
9
10#include <epan/packet.h>
11
12#define AES128_KEY_LEN 16
13#define AES256_KEY_LEN 32
14
15#define MKA_KI_LEN 16U
16
17#define MACSEC_SCI_LEN 8U
18#define MACSEC_XPN_SALT_LEN 12U
19
20#define MACSEC_GCM_AES_128 UINT64_C(0x0080C20001000001)
21#define MACSEC_GCM_AES_256 UINT64_C(0x0080C20001000002)
22#define MACSEC_GCM_AES_XPN_128 UINT64_C(0x0080C20001000003)
23#define MACSEC_GCM_AES_XPN_256 UINT64_C(0x0080C20001000004)
24
25#define MKA_CAK_AES_GCM_128_LEN (AES128_KEY_LEN)
26#define MKA_CAK_AES_GCM_256_LEN (AES256_KEY_LEN)
27#define MKA_MAX_CAK_LEN (MKA_CAK_AES_GCM_256_LEN)
28
29#define MKA_MAX_KEK_LEN (MKA_CAK_AES_GCM_256_LEN)
30#define MKA_MAX_ICK_LEN (MKA_CAK_AES_GCM_256_LEN)
31#define MKA_MAX_SAK_LEN (MKA_CAK_AES_GCM_256_LEN)
32
33typedef struct _mka_sak_info_key {
34 /* the SAK unwrapped by the KEK */
35 unsigned char sak[MKA_MAX_SAK_LEN];
36
37 /* the Key Identifier (Server MI + Key Number) */
38 uint8_t ki[MKA_KI_LEN];
39
40 /* SCIs of active participants (those that have sent MKPDUs) for the
41 * CA using this CKN. Note there can be passive participants, see
42 * IEEE 802.1X-2020 9.4.6 */
43 wmem_map_t *sci_map;
44 wmem_array_t *mi_array;
45
46 unsigned char salt[MACSEC_XPN_SALT_LEN];
47
48 uint64_t cipher_suite;
49 unsigned sak_len;
50} mka_sak_info_key_t;
51
52typedef struct _mka_ckn_info_key {
53 /* The KEK derived from the CAK */
54 unsigned char kek[MKA_MAX_KEK_LEN];
55 unsigned kek_len;
56
57 /* The ICK derived from the CAK */
58 unsigned char ick[MKA_MAX_ICK_LEN];
59 unsigned ick_len;
60} mka_ckn_info_key_t;
61
62typedef struct _mka_ckn_info {
63 /* CKN: a byte array of 0 to 32 bytes. */
64 unsigned char *ckn;
65 unsigned ckn_len;
66
67 /* CAK: a byte array of 0 to 32 bytes. */
68 unsigned char *cak;
69 unsigned cak_len;
70
71 /* Identifier for the name of the entry. */
72 char *name;
73
74 /* KEK/ICK data for this entry */
75 mka_ckn_info_key_t key;
76} mka_ckn_info_t;
77
78/* access to the table data from macsec dissector */
79const mka_ckn_info_t * get_mka_ckn_table(void);
80unsigned get_mka_ckn_table_count(void);
81
82mka_sak_info_key_t *mka_get_sak_info(const mka_ckn_info_t *ckn_info, unsigned an, uint32_t frame_num);
83
84/* This LPN is only guaranteed to be accurate to the upper 33 bits, as that
85 * is all that is required for the recovery algorithm in 802.1AE-2018 10.6.2
86 * sci is allowed to be NULL, in which case the largest value for any
87 * SCI for this SAK is returned. */
88uint64_t mka_get_lpn(const mka_sak_info_key_t *sak_info, const uint8_t *sci, uint32_t frame_num);
89
90#endif
_mka_ckn_info_key
Definition packet-mka.h:52
_mka_ckn_info
Definition packet-mka.h:62
_mka_sak_info_key
Definition packet-mka.h:33
_wmem_array_t
Definition wmem_array.c:29
_wmem_map_t
Definition wmem_map.c:60
Generated by doxygen 1.9.8