summaryrefslogtreecommitdiff
path: root/cp2/sta/action/key.h
blob: d55fc824b5a579862bfafd72a0fb97c4265844dd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
#ifndef cp_sta_action_key_h
#define cp_sta_action_key_h
/* Cesar project {{{
 *
 * Copyright (C) 2008 Spidcom
 *
 * <<<Licence>>>
 *
 * }}} */
/**
 * \file    cp/sta/action/key.h
 * \brief   STA action, key exchange messages.
 * \ingroup cp_sta
 *
 * Key exchanges
 * =============
 *
 * This part handle key exchange messages.  As theses messages are used for
 * many unrelated protocol, theses functions will only handle generic
 * verifications and will then forward the message to the right recipient.
 */

BEGIN_DECLS

/**
 * Process a CM_SET_KEY.REQ, 11.5.4.
 * \param  ctx  control plane context
 * \param  mme  received MME handle
 * \param  key_type  key type being set
 * \param  my_nounce  to be used in next message
 * \param  your_nounce  used in previous message
 * \param  pid  protocol identifier
 * \param  prn  protocol run number
 * \param  pmn  protocol message number
 * \param  cco_cap  CCo capabilities of the sending STA
 * \param  nid  NID of the sender network, associated with the NMK
 * \param  new_eks  EKS of the key being set
 * \param  new_key  new key, or NULL if none.
 *
 * This message is used in several protocols.  First check that this message
 * is legitimate, then depending of the protocol, call the corresponding
 * function.
 *
 * Used to:
 *  - from STA to STA:
 *    - NMK provisioning using DAK (PID=2):
 *      - set TEK, DAK encrypted (not handled): used to start the protocol
 *      - set NMK, DAK encrypted (not handled)
 *    - NMK provisioning using UKE (PID=3):
 *      - set NMK, TEK encrypted (not handled)
 *  - from CCo to STA:
 *    - set NEK (PID=1), done periodically by the CCo
 *  - from HLE to STA:
 *    - set NMK (not handled)
 */
void
cp_sta_action_process_cm_set_key_req (cp_t *ctx, cp_mme_t *mme,
                                      cp_key_type_t key_type,
                                      u32 my_nounce, u32 your_nounce,
                                      cp_pid_t pid,
                                      u16 prn, u8 pmn,
                                      cp_cco_cap_t cco_cap,
                                      cp_nid_t nid,
                                      u8 new_eks,
                                      cp_key_t *new_key);

/**
 * Process a CM_SET_KEY.CNF, 11.5.5.
 * \param  ctx  control plane context
 * \param  mme  received MME handle
 * \param  result  transaction result
 * \param  my_nounce  to be used in next message
 * \param  your_nounce  used in previous message
 * \param  pid  protocol identifier
 * \param  prn  protocol run number
 * \param  pmn  protocol message number
 * \param  cco_cap  CCo capabilities of the sending STA
 *
 * Response from a preceding CM_SET_KEY.REQ.  First check that this message is
 * legitimate and that it correspond to a sent request, then call the
 * corresponding function.
 *
 * This message can be forwarded to the CCo module.
 */
void
cp_sta_action_process_cm_set_key_cnf (cp_t *ctx, cp_mme_t *mme,
                                      cp_msg_cm_set_key_cnf_result_t result,
                                      u32 my_nounce, u32 your_nounce,
                                      cp_pid_t pid,
                                      u16 prn, u8 pmn,
                                      cp_cco_cap_t cco_cap);

/**
 * Process a CM_GET_KEY.REQ, 11.5.6.
 * \param  ctx  control plane context
 * \param  mme  received MME handle
 * \param  req_type  request type (relayed or not)
 * \param  key_type  requested key type
 * \param  nid  NID of the network of the sender, or the sender want to join
 * \param  my_nounce  to be used in next message
 * \param  pid  protocol identifier
 * \param  prn  protocol run number
 * \param  pmn  protocol message number
 * \param  hash  HASH key, used to generate a TEK, or NULL if not present
 *
 * This message is used in several protocols.  First check that this message
 * is legitimate, then depending of the protocol, call the corresponding
 * function.
 *
 * This message can be forwarded to the CCo module.
 *
 * Used to:
 *  - from STA to STA:
 *    - NMK provisioning using UKE (PID=3):
 *      - get HASH KEY, unencrypted unicast (not handled): used to derive the
 *        TEK
 *  - from STA to CCo:
 *    - get NEK, NMK encrypted (PID=0)
 *  - from HLE to STA:
 *    - get NMK (not handled)
 */
void
cp_sta_action_process_cm_get_key_req (cp_t *ctx, cp_mme_t *mme,
                                      cp_msg_cm_get_key_req_type_t req_type,
                                      cp_key_type_t key_type,
                                      cp_nid_t nid,
                                      u32 my_nounce,
                                      cp_pid_t pid,
                                      u16 prn, u8 pmn,
                                      u8 *hash);

/**
 * Process a CM_GET_KEY.CNF, 11.5.7.
 * \param  ctx  control plane context
 * \param  mme  received MME handle
 * \param  result  transaction result
 * \param  key_type  requested key type
 * \param  my_nounce  to be used in next message
 * \param  your_nounce  used in previous message
 * \param  nid  NID of the sender network
 * \param  eks  EKS of the received key
 * \param  pid  protocol identifier
 * \param  prn  protocol run number
 * \param  pmn  protocol message number
 * \param  hash  HASH key, used to generate a TEK, or NULL if not present
 * \param  key  received key, or NULL if not present
 *
 * Response from a preceding CM_GET_KEY.REQ.  First check that this message is
 * legitimate and that it correspond to a sent request, then call the
 * corresponding function.
 */
void
cp_sta_action_process_cm_get_key_cnf (cp_t *ctx, cp_mme_t *mme,
                                      cp_msg_cm_get_key_cnd_result_t result,
                                      cp_key_type_t key_type,
                                      u32 my_nounce, u32 your_nounce,
                                      cp_nid_t nid,
                                      u8 eks,
                                      cp_pid_t pid,
                                      u16 prn, u8 pmn,
                                      u8 *hash, cp_key_t *key);

END_DECLS

#endif /* cp_sta_action_key_h */