13c260e60Schristos /* 23c260e60Schristos * IEEE Std 802.1X-2010 definitions 33c260e60Schristos * Copyright (c) 2013-2014, Qualcomm Atheros, Inc. 43c260e60Schristos * 53c260e60Schristos * This software may be distributed under the terms of the BSD license. 63c260e60Schristos * See README for more details. 73c260e60Schristos */ 83c260e60Schristos 93c260e60Schristos #ifndef IEEE802_1X_DEFS_H 103c260e60Schristos #define IEEE802_1X_DEFS_H 113c260e60Schristos 123c260e60Schristos #define CS_ID_LEN 8 1336ebd06eSchristos #define CS_ID_GCM_AES_128 0x0080020001000001ULL 143c260e60Schristos #define CS_NAME_GCM_AES_128 "GCM-AES-128" 15*0a73ee0aSchristos #define CS_ID_GCM_AES_256 0x0080c20001000002ULL 16*0a73ee0aSchristos #define CS_NAME_GCM_AES_256 "GCM-AES-256" 173c260e60Schristos 183c260e60Schristos enum macsec_policy { 193c260e60Schristos /** 203c260e60Schristos * Should secure sessions. 213c260e60Schristos * This accepts key server's advice to determine whether to secure the 223c260e60Schristos * session or not. 233c260e60Schristos */ 243c260e60Schristos SHOULD_SECURE, 253c260e60Schristos 263c260e60Schristos /** 273c260e60Schristos * Disabled MACsec - do not secure sessions. 283c260e60Schristos */ 293c260e60Schristos DO_NOT_SECURE, 30*0a73ee0aSchristos 31*0a73ee0aSchristos /** 32*0a73ee0aSchristos * Should secure sessions, and try to use encryption. 33*0a73ee0aSchristos * Like @SHOULD_SECURE, this follows the key server's decision. 34*0a73ee0aSchristos */ 35*0a73ee0aSchristos SHOULD_ENCRYPT, 363c260e60Schristos }; 373c260e60Schristos 383c260e60Schristos 393c260e60Schristos /* IEEE Std 802.1X-2010 - Table 11-6 - MACsec Capability */ 403c260e60Schristos enum macsec_cap { 413c260e60Schristos /** 423c260e60Schristos * MACsec is not implemented 433c260e60Schristos */ 443c260e60Schristos MACSEC_CAP_NOT_IMPLEMENTED, 453c260e60Schristos 463c260e60Schristos /** 473c260e60Schristos * 'Integrity without confidentiality' 483c260e60Schristos */ 493c260e60Schristos MACSEC_CAP_INTEGRITY, 503c260e60Schristos 513c260e60Schristos /** 523c260e60Schristos * 'Integrity without confidentiality' and 533c260e60Schristos * 'Integrity and confidentiality' with a confidentiality offset of 0 543c260e60Schristos */ 553c260e60Schristos MACSEC_CAP_INTEG_AND_CONF, 563c260e60Schristos 573c260e60Schristos /** 583c260e60Schristos * 'Integrity without confidentiality' and 593c260e60Schristos * 'Integrity and confidentiality' with a confidentiality offset of 0, 603c260e60Schristos * 30, 50 613c260e60Schristos */ 623c260e60Schristos MACSEC_CAP_INTEG_AND_CONF_0_30_50, 633c260e60Schristos }; 643c260e60Schristos 653c260e60Schristos enum validate_frames { 663c260e60Schristos Disabled, 673c260e60Schristos Checked, 683c260e60Schristos Strict, 693c260e60Schristos }; 703c260e60Schristos 713c260e60Schristos /* IEEE Std 802.1X-2010 - Table 11-6 - Confidentiality Offset */ 723c260e60Schristos enum confidentiality_offset { 733c260e60Schristos CONFIDENTIALITY_NONE = 0, 743c260e60Schristos CONFIDENTIALITY_OFFSET_0 = 1, 753c260e60Schristos CONFIDENTIALITY_OFFSET_30 = 2, 763c260e60Schristos CONFIDENTIALITY_OFFSET_50 = 3, 773c260e60Schristos }; 783c260e60Schristos 793c260e60Schristos /* IEEE Std 802.1X-2010 - Table 9-2 */ 803c260e60Schristos #define DEFAULT_PRIO_INFRA_PORT 0x10 813c260e60Schristos #define DEFAULT_PRIO_PRIMRAY_AP 0x30 823c260e60Schristos #define DEFAULT_PRIO_SECONDARY_AP 0x50 833c260e60Schristos #define DEFAULT_PRIO_GROUP_CA_MEMBER 0x70 843c260e60Schristos #define DEFAULT_PRIO_NOT_KEY_SERVER 0xFF 853c260e60Schristos 863c260e60Schristos #endif /* IEEE802_1X_DEFS_H */ 87