1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 #pragma once
3 
4 #include <netinet/in.h>
5 #include <linux/if_macsec.h>
6 
7 #include "ether-addr-util.h"
8 #include "in-addr-util.h"
9 #include "netdev.h"
10 #include "networkd-util.h"
11 #include "sparse-endian.h"
12 
13 /* See the definition of MACSEC_NUM_AN in kernel's drivers/net/macsec.c */
14 #define MACSEC_MAX_ASSOCIATION_NUMBER 4
15 
16 typedef struct MACsec MACsec;
17 
18 typedef union MACsecSCI {
19         uint64_t as_uint64;
20 
21         struct {
22                 struct ether_addr mac;
23                 be16_t port;
24         } _packed_;
25 } MACsecSCI;
26 
27 assert_cc(sizeof(MACsecSCI) == sizeof(uint64_t));
28 
29 typedef struct SecurityAssociation {
30         uint8_t association_number;
31         uint32_t packet_number;
32         uint8_t key_id[MACSEC_KEYID_LEN];
33         uint8_t *key;
34         uint32_t key_len;
35         char *key_file;
36         int activate;
37         int use_for_encoding;
38 } SecurityAssociation;
39 
40 typedef struct TransmitAssociation {
41         MACsec *macsec;
42         ConfigSection *section;
43 
44         SecurityAssociation sa;
45 } TransmitAssociation;
46 
47 typedef struct ReceiveAssociation {
48         MACsec *macsec;
49         ConfigSection *section;
50 
51         MACsecSCI sci;
52         SecurityAssociation sa;
53 } ReceiveAssociation;
54 
55 typedef struct ReceiveChannel {
56         MACsec *macsec;
57         ConfigSection *section;
58 
59         MACsecSCI sci;
60         ReceiveAssociation *rxsa[MACSEC_MAX_ASSOCIATION_NUMBER];
61         unsigned n_rxsa;
62 } ReceiveChannel;
63 
64 struct MACsec {
65         NetDev meta;
66 
67         uint16_t port;
68         int encrypt;
69         uint8_t encoding_an;
70 
71         OrderedHashmap *receive_channels;
72         OrderedHashmap *receive_channels_by_section;
73         OrderedHashmap *transmit_associations_by_section;
74         OrderedHashmap *receive_associations_by_section;
75 };
76 
77 DEFINE_NETDEV_CAST(MACSEC, MACsec);
78 extern const NetDevVTable macsec_vtable;
79 
80 CONFIG_PARSER_PROTOTYPE(config_parse_macsec_port);
81 CONFIG_PARSER_PROTOTYPE(config_parse_macsec_hw_address);
82 CONFIG_PARSER_PROTOTYPE(config_parse_macsec_packet_number);
83 CONFIG_PARSER_PROTOTYPE(config_parse_macsec_key_id);
84 CONFIG_PARSER_PROTOTYPE(config_parse_macsec_key);
85 CONFIG_PARSER_PROTOTYPE(config_parse_macsec_key_file);
86 CONFIG_PARSER_PROTOTYPE(config_parse_macsec_sa_activate);
87 CONFIG_PARSER_PROTOTYPE(config_parse_macsec_use_for_encoding);
88