ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
mbed-os/features/nanostack/sal-stack-nanostack/source/Security/protocols/sec_prot_keys.h

394 lines
10 KiB
C
Raw Blame History

/*
* Copyright (c) 2016-2019, Arm Limited and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef SEC_PROT_KEYS_H_
#define SEC_PROT_KEYS_H_
/*
* Security protocols EAPOL key storage module. This is used by EAPOL protocols to store
* and update key information. This can be used either as supplicant key storage or as
* an authenticator key storage for a specific supplicant. Storage can be also used to
* access global security data (Group Transient Keys and certificate information).
*
*/
#define PMK_LEN 32
#define PTK_LEN 48
#define GTK_LEN 16
#define GTK_NUM 4
#define KCK_LEN 16
#define KEK_LEN 16
#define KCK_INDEX 0
#define KEK_INDEX 16
#define PMKID_LEN 16
#define PTKID_LEN 16
#define GTK_DEFAULT_LIFETIME 60 * 60 * 24 * 30 // 30 days
typedef struct {
uint8_t key[GTK_LEN]; /**< Group Transient Key (128 bits) */
uint32_t lifetime; /**< Lifetime is seconds */
bool set: 1; /**< Group Transient Key set (valid value) */
bool live: 1; /**< Group Transient Key live (as indicated by authenticator) */
bool hash: 1; /**< Group Transient Key matches to hash */
} gtk_key_t;
typedef struct {
gtk_key_t gtk[GTK_NUM]; /**< 4 Group Transient Keys */
int8_t gtk_set_index; /**< Group Transient Key to insert */
bool updated; /**< Group Transient Keys has been updated */
} sec_prot_gtk_keys_t;
// Security key data
typedef struct {
uint64_t pmk_key_replay_cnt; /**< Pairwise Master Key replay counter */
uint8_t pmk[PMK_LEN]; /**< Pairwise Master Key (256 bits) */
uint8_t ptk[PTK_LEN]; /**< Pairwise Transient Key (384 bits) */
uint8_t *ptk_eui_64; /**< Pointer to remote EUI-64 used to derive PTK or NULL */
sec_prot_gtk_keys_t *gtks; /**< Group Transient Keys */
const sec_prot_certs_t *certs; /**< Certificates */
bool pmk_set: 1; /**< Pairwise Master Key set */
bool ptk_set: 1; /**< Pairwise Transient Key set */
bool updated: 1; /**< Keys has been updated */
bool ptk_eui_64_set: 1; /**< Remote EUI-64 used to derive PTK is set */
} sec_prot_keys_t;
/**
* sec_prot_keys_create allocates memory for security keys
*
* \param gtks GTK keys
* \param cert_chain certificates
*
* \return security keys or NULL
*/
sec_prot_keys_t *sec_prot_keys_create(sec_prot_gtk_keys_t *gtks, const sec_prot_certs_t *certs);
/**
* sec_prot_keys_init initialises security keys
*
* \param sec_keys security keys
* \param gtks GTK keys
* \param cert_chain certificates
*
*/
void sec_prot_keys_init(sec_prot_keys_t *sec_keys, sec_prot_gtk_keys_t *gtks, const sec_prot_certs_t *certs);
/**
* sec_prot_keys_delete frees security keys memory
*
* \param sec_keys security keys
*
*/
void sec_prot_keys_delete(sec_prot_keys_t *sec_keys);
/**
* sec_prot_keys_gtks_create allocates memory for GTK keys
*
* \return GTK keys or NULL
*
*/
sec_prot_gtk_keys_t *sec_prot_keys_gtks_create(void);
/**
* sec_prot_keys_gtks_init initialises GTK keys
*
* \param gtks GTK keys
*
*/
void sec_prot_keys_gtks_init(sec_prot_gtk_keys_t *gtks);
/**
* sec_prot_keys_gtks_delete frees GTK keys memory
*
* \param gtks GTK keys
*
*/
void sec_prot_keys_gtks_delete(sec_prot_gtk_keys_t *gtks);
/**
* sec_prot_keys_pmk_write writes Pairwise Master Key
*
* \param sec_keys security keys
* \param pmk Pairwise Master Key
*
*/
void sec_prot_keys_pmk_write(sec_prot_keys_t *sec_keys, uint8_t *pmk);
/**
* sec_prot_keys_pmk_get gets Pairwise Master Key
*
* \param sec_keys security keys
*
* \return PMK or NULL
*
*/
uint8_t *sec_prot_keys_pmk_get(sec_prot_keys_t *sec_keys);
/**
* sec_prot_keys_pmk_replay_cnt_get gets PMK replay counter value
*
* \param sec_keys security keys
*
* \return replay counter value
*
*/
uint64_t sec_prot_keys_pmk_replay_cnt_get(sec_prot_keys_t *sec_keys);
/**
* sec_prot_keys_pmk_replay_cnt_set sets PMK replay counter value
*
* \param sec_keys security keys
* \param counter new value for replay counter
*
*/
void sec_prot_keys_pmk_replay_cnt_set(sec_prot_keys_t *sec_keys, uint64_t counter);
/**
* sec_prot_keys_pmk_replay_cnt_increment increments PMK replay counter value by one
*
* \param sec_keys security keys
*
*/
void sec_prot_keys_pmk_replay_cnt_increment(sec_prot_keys_t *sec_keys);
/**
* sec_prot_keys_ptk_write writes Pairwise Transient Key
*
* \param sec_keys security keys
* \param ptk Pairwise Transient Key
*
*/
void sec_prot_keys_ptk_write(sec_prot_keys_t *sec_keys, uint8_t *ptk);
/**
* sec_prot_keys_ptk_get gets Pairwise Transient Key
*
* \param sec_keys security keys
*
* \return PTK or NULL
*
*/
uint8_t *sec_prot_keys_ptk_get(sec_prot_keys_t *sec_keys);
/**
* sec_prot_keys_ptk_eui_64_set sets PTK EUI-64 storage
*
* \param sec_keys security keys
* \param eui64 EUI-64 storage
*
*/
void sec_prot_keys_ptk_eui_64_set(sec_prot_keys_t *sec_keys, uint8_t *eui_64);
/**
* sec_prot_keys_ptk_eui_64_write writes PTK EUI-64
*
* \param sec_keys security keys
* \param eui64 EUI-64
*
*/
void sec_prot_keys_ptk_eui_64_write(sec_prot_keys_t *sec_keys, uint8_t *eui_64);
/**
* sec_prot_keys_ptk_eui_64_get gets PTK EUI-64
*
* \param sec_keys security keys
*
* \return EUI-64 OR NULL
*
*/
uint8_t *sec_prot_keys_ptk_eui_64_get(sec_prot_keys_t *sec_keys);
/**
* sec_prot_keys_are_updated returns security keys have been updated flag
*
* \param sec_keys security keys
*
* \return TRUE keys have been updated, FALSE keys have not been updated
*
*/
bool sec_prot_keys_are_updated(sec_prot_keys_t *sec_keys);
/**
* sec_prot_keys_updated_reset resets security keys have been updated flag
*
* \param sec_keys security keys
*
*
*/
void sec_prot_keys_updated_reset(sec_prot_keys_t *sec_keys);
/**
* sec_prot_keys_gtkl_get gets Group Transient Key liveness
*
* \param gtks GTK keys
*
* \return bit field indicating GTK liveness
*
*/
uint8_t sec_prot_keys_gtkl_get(sec_prot_gtk_keys_t *gtks);
/**
* sec_prot_keys_gtkl_set sets Group Transient Key liveness
*
* \param gtks GTK keys
* \param gtkl bit field indicating GTK liveness
*
*/
void sec_prot_keys_gtkl_set(sec_prot_gtk_keys_t *gtks, uint8_t gtkl);
/**
* sec_prot_keys_gtk_is_live checks if Group Transient Key is live
*
* \param gtks GTK keys
* \param index GTK index
*
* \return TRUE GTK is live, FALSE GTK is not live
*
*/
bool sec_prot_keys_gtk_is_live(sec_prot_gtk_keys_t *gtks, uint8_t index);
/**
* sec_prot_keys_gtk_insert_index_set sets index of GTK to be inserted
*
* \param gtks GTK keys
* \param index GTK index
*
* \return < 0 failure
* \return >= 0 success
*
*/
int8_t sec_prot_keys_gtk_insert_index_set(sec_prot_gtk_keys_t *gtks, uint8_t index);
/**
* sec_prot_keys_gtk_insert_index_get gets index of GTK to be inserted
*
* \param gtks GTK keys
*
* \return >= 0 GTK index
* \return < 0 no GTK to be inserted
*
*/
int8_t sec_prot_keys_gtk_insert_index_get(sec_prot_gtk_keys_t *gtks);
/**
* sec_prot_keys_gtk_insert_index_clear clears the index of GTK to be inserted
*
* \param gtks GTK keys
*
*/
void sec_prot_keys_gtk_insert_index_clear(sec_prot_gtk_keys_t *gtks);
/**
* sec_prot_keys_get_gtk_to_insert gets GTK that is marked to be inserted
*
* \param gtks GTK keys
* \param index index of the returned GTK
*
* \return GTK or NULL
*
*/
uint8_t *sec_prot_keys_get_gtk_to_insert(sec_prot_gtk_keys_t *gtks, uint8_t *index);
/**
* sec_prot_keys_gtk_set sets Group Transient Key
*
* \param gtks GTK keys
* \param index index
* \param gtk gtk value
*
* \return < 0 failure
* \return >= 0 success
*
*/
int8_t sec_prot_keys_gtk_set(sec_prot_gtk_keys_t *gtks, uint8_t index, uint8_t *gtk);
/**
* sec_prot_keys_gtk_is_set checks if Group Transient Key is set
*
* \param gtks GTK keys
* \param index index
*
* \return TRUE GTK is set, FALSE GTK is not set
*
*/
bool sec_prot_keys_gtk_is_set(sec_prot_gtk_keys_t *gtks, uint8_t index);
/**
* sec_prot_keys_gtk_gets gets Group Transient Key
*
* \param gtks GTK keys
* \param index index
*
* \return GTK or NULL
*
*/
uint8_t *sec_prot_keys_gtk_get(sec_prot_gtk_keys_t *gtks, uint8_t index);
/**
* sec_prot_keys_gtk_lifetime_get gets GTK lifetime
*
* \param gtks GTK keys
* \param index index
*
* \return GTK lifetime
*
*/
uint32_t sec_prot_keys_gtk_lifetime_get(sec_prot_gtk_keys_t *gtks, uint8_t index);
/**
* sec_prot_keys_gtk_lifetime_set sets GTK lifetime
*
* \param gtks GTK keys
* \param index index
* \param lifetime GTK lifetime
*
*/
void sec_prot_keys_gtk_lifetime_set(sec_prot_gtk_keys_t *gtks, uint8_t index, uint32_t lifetime);
/**
* sec_prot_keys_gtks_are_updated returns GTKs have been updated flag
*
* \param gtks GTK keys
*
* \return TRUE GTKs have been updated, FALSE GTKs have not been updated
*
*/
bool sec_prot_keys_gtks_are_updated(sec_prot_gtk_keys_t *gtks);
/**
* sec_prot_keys_gtks_updated_set sets GTKs have been updated flag
*
* \param gtks GTK keys
*
*
*/
void sec_prot_keys_gtks_updated_set(sec_prot_gtk_keys_t *gtks);
/**
* sec_prot_keys_gtks_updated_set resets GTKs have been updated flag
*
* \param gtks GTK keys
*
*
*/
void sec_prot_keys_gtks_updated_reset(sec_prot_gtk_keys_t *gtks);
#endif /* SEC_PROT_KEYS_H_ */
Reference in New Issue View Git Blame Copy Permalink