diff options
Diffstat (limited to 'src/libnm-client-impl/nm-device-macsec.c')
-rw-r--r-- | src/libnm-client-impl/nm-device-macsec.c | 631 |
1 files changed, 631 insertions, 0 deletions
diff --git a/src/libnm-client-impl/nm-device-macsec.c b/src/libnm-client-impl/nm-device-macsec.c new file mode 100644 index 0000000000..faa5be7e74 --- /dev/null +++ b/src/libnm-client-impl/nm-device-macsec.c @@ -0,0 +1,631 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +/* + * Copyright (C) 2017 Red Hat, Inc. + */ + +#include "libnm-client-impl/nm-default-libnm.h" + +#include "nm-device-macsec.h" + +#include "nm-device-private.h" +#include "nm-object-private.h" +#include "nm-utils.h" + +/*****************************************************************************/ + +NM_GOBJECT_PROPERTIES_DEFINE_BASE(PROP_PARENT, + PROP_SCI, + PROP_CIPHER_SUITE, + PROP_ICV_LENGTH, + PROP_WINDOW, + PROP_ENCODING_SA, + PROP_ENCRYPT, + PROP_PROTECT, + PROP_INCLUDE_SCI, + PROP_ES, + PROP_SCB, + PROP_REPLAY_PROTECT, + PROP_VALIDATION, ); + +typedef struct { + NMLDBusPropertyO parent; + char * validation; + guint64 sci; + guint64 cipher_suite; + guint32 window; + guint8 icv_length; + guint8 encoding_sa; + bool encrypt; + bool protect; + bool include_sci; + bool es; + bool scb; + bool replay_protect; +} NMDeviceMacsecPrivate; + +struct _NMDeviceMacsec { + NMDevice parent; + NMDeviceMacsecPrivate _priv; +}; + +struct _NMDeviceMacsecClass { + NMDeviceClass parent; +}; + +G_DEFINE_TYPE(NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE) + +#define NM_DEVICE_MACSEC_GET_PRIVATE(self) \ + _NM_GET_PRIVATE(self, NMDeviceMacsec, NM_IS_DEVICE_MACSEC, NMObject, NMDevice) + +/*****************************************************************************/ + +/** + * nm_device_macsec_get_parent: + * @device: a #NMDeviceMacsec + * + * Returns: (transfer none): the device's parent device + * + * Since: 1.6 + **/ +NMDevice * +nm_device_macsec_get_parent(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL); + + return nml_dbus_property_o_get_obj(&NM_DEVICE_MACSEC_GET_PRIVATE(device)->parent); +} + +/** + * nm_device_macsec_get_hw_address: (skip) + * @device: a #NMDeviceMacsec + * + * Gets the hardware (MAC) address of the #NMDeviceMacsec + * + * Returns: the hardware address. This is the internal string used by the + * device, and must not be modified. + * + * Since: 1.6 + * + * Deprecated: 1.24: Use nm_device_get_hw_address() instead. + **/ +const char * +nm_device_macsec_get_hw_address(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL); + + return nm_device_get_hw_address(NM_DEVICE(device)); +} + +/** + * nm_device_macsec_get_sci: + * @device: a #NMDeviceMacsec + * + * Gets the Secure Channel Identifier in use + * + * Returns: the SCI + * + * Since: 1.6 + **/ +guint64 +nm_device_macsec_get_sci(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->sci; +} + +/** + * nm_device_macsec_get_icv_length: + * @device: a #NMDeviceMacsec + * + * Gets the length of ICV (Integrity Check Value) + * + * Returns: the length of ICV + * + * Since: 1.6 + **/ +guint8 +nm_device_macsec_get_icv_length(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->icv_length; +} + +/** + * nm_device_macsec_get_cipher_suite: + * @device: a #NMDeviceMacsec + * + * Gets the set of cryptographic algorithms in use + * + * Returns: the set of cryptographic algorithms in use + * + * Since: 1.6 + **/ +guint64 +nm_device_macsec_get_cipher_suite(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->cipher_suite; +} + +/** + * nm_device_macsec_get_window: + * @device: a #NMDeviceMacsec + * + * Gets the size of the replay window + * + * Returns: size of the replay window + * + * Since: 1.6 + **/ +guint +nm_device_macsec_get_window(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->window; +} + +/** + * nm_device_macsec_get_encoding_sa: + * @device: a #NMDeviceMacsec + * + * Gets the value of the Association Number (0..3) for the Security + * Association in use. + * + * Returns: the current Security Association + * + * Since: 1.6 + **/ +guint8 +nm_device_macsec_get_encoding_sa(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->encoding_sa; +} + +/** + * nm_device_macsec_get_validation: + * @device: a #NMDeviceMacsec + * + * Gets the validation mode for incoming packets (strict, check, + * disabled) + * + * Returns: the validation mode + * + * Since: 1.6 + **/ +const char * +nm_device_macsec_get_validation(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->validation; +} + +/** + * nm_device_macsec_get_encrypt: + * @device: a #NMDeviceMacsec + * + * Gets whether encryption of transmitted frames is enabled + * + * Returns: whether encryption is enabled + * + * Since: 1.6 + **/ +gboolean +nm_device_macsec_get_encrypt(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->encrypt; +} + +/** + * nm_device_macsec_get_protect: + * @device: a #NMDeviceMacsec + * + * Gets whether protection of transmitted frames is enabled + * + * Returns: whether protection is enabled + * + * Since: 1.6 + **/ +gboolean +nm_device_macsec_get_protect(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->protect; +} + +/** + * nm_device_macsec_get_include_sci: + * @device: a #NMDeviceMacsec + * + * Gets whether the SCI is always included in SecTAG for transmitted + * frames + * + * Returns: whether the SCI is always included + * + * Since: 1.6 + **/ +gboolean +nm_device_macsec_get_include_sci(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->include_sci; +} + +/** + * nm_device_macsec_get_es: + * @device: a #NMDeviceMacsec + * + * Gets whether the ES (End station) bit is enabled in SecTAG for + * transmitted frames + * + * Returns: whether the ES (End station) bit is enabled + * + * Since: 1.6 + **/ +gboolean +nm_device_macsec_get_es(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->es; +} + +/** + * nm_device_macsec_get_scb: + * @device: a #NMDeviceMacsec + * + * Gets whether the SCB (Single Copy Broadcast) bit is enabled in + * SecTAG for transmitted frames + * + * Returns: whether the SCB (Single Copy Broadcast) bit is enabled + * + * Since: 1.6 + **/ +gboolean +nm_device_macsec_get_scb(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->scb; +} + +/** + * nm_device_macsec_get_replay_protect: + * @device: a #NMDeviceMacsec + * + * Gets whether replay protection is enabled + * + * Returns: whether replay protection is enabled + * + * Since: 1.6 + **/ +gboolean +nm_device_macsec_get_replay_protect(NMDeviceMacsec *device) +{ + g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); + + return NM_DEVICE_MACSEC_GET_PRIVATE(device)->replay_protect; +} + +/***********************************************************/ + +static void +nm_device_macsec_init(NMDeviceMacsec *device) +{} + +static void +finalize(GObject *object) +{ + NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE(object); + + g_free(priv->validation); + + G_OBJECT_CLASS(nm_device_macsec_parent_class)->finalize(object); +} + +static void +get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec) +{ + NMDeviceMacsec *device = NM_DEVICE_MACSEC(object); + + switch (prop_id) { + case PROP_PARENT: + g_value_set_object(value, nm_device_macsec_get_parent(device)); + break; + case PROP_SCI: + g_value_set_uint64(value, nm_device_macsec_get_sci(device)); + break; + case PROP_ICV_LENGTH: + g_value_set_uchar(value, nm_device_macsec_get_icv_length(device)); + break; + case PROP_CIPHER_SUITE: + g_value_set_uint64(value, nm_device_macsec_get_cipher_suite(device)); + break; + case PROP_WINDOW: + g_value_set_uint(value, nm_device_macsec_get_window(device)); + break; + case PROP_ENCODING_SA: + g_value_set_uchar(value, nm_device_macsec_get_encoding_sa(device)); + break; + case PROP_VALIDATION: + g_value_set_string(value, nm_device_macsec_get_validation(device)); + break; + case PROP_ENCRYPT: + g_value_set_boolean(value, nm_device_macsec_get_encrypt(device)); + break; + case PROP_PROTECT: + g_value_set_boolean(value, nm_device_macsec_get_protect(device)); + break; + case PROP_INCLUDE_SCI: + g_value_set_boolean(value, nm_device_macsec_get_include_sci(device)); + break; + case PROP_ES: + g_value_set_boolean(value, nm_device_macsec_get_es(device)); + break; + case PROP_SCB: + g_value_set_boolean(value, nm_device_macsec_get_scb(device)); + break; + case PROP_REPLAY_PROTECT: + g_value_set_boolean(value, nm_device_macsec_get_replay_protect(device)); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec); + break; + } +} + +const NMLDBusMetaIface _nml_dbus_meta_iface_nm_device_macsec = NML_DBUS_META_IFACE_INIT_PROP( + NM_DBUS_INTERFACE_DEVICE_MACSEC, + nm_device_macsec_get_type, + NML_DBUS_META_INTERFACE_PRIO_INSTANTIATE_30, + NML_DBUS_META_IFACE_DBUS_PROPERTIES( + NML_DBUS_META_PROPERTY_INIT_T("CipherSuite", + PROP_CIPHER_SUITE, + NMDeviceMacsec, + _priv.cipher_suite), + NML_DBUS_META_PROPERTY_INIT_Y("EncodingSa", + PROP_ENCODING_SA, + NMDeviceMacsec, + _priv.encoding_sa), + NML_DBUS_META_PROPERTY_INIT_B("Encrypt", PROP_ENCRYPT, NMDeviceMacsec, _priv.encrypt), + NML_DBUS_META_PROPERTY_INIT_B("Es", PROP_ES, NMDeviceMacsec, _priv.es), + NML_DBUS_META_PROPERTY_INIT_Y("IcvLength", + PROP_ICV_LENGTH, + NMDeviceMacsec, + _priv.icv_length), + NML_DBUS_META_PROPERTY_INIT_B("IncludeSci", + PROP_INCLUDE_SCI, + NMDeviceMacsec, + _priv.include_sci), + NML_DBUS_META_PROPERTY_INIT_O_PROP("Parent", + PROP_PARENT, + NMDeviceMacsec, + _priv.parent, + nm_device_get_type), + NML_DBUS_META_PROPERTY_INIT_B("Protect", PROP_PROTECT, NMDeviceMacsec, _priv.protect), + NML_DBUS_META_PROPERTY_INIT_B("ReplayProtect", + PROP_REPLAY_PROTECT, + NMDeviceMacsec, + _priv.replay_protect), + NML_DBUS_META_PROPERTY_INIT_B("Scb", PROP_SCB, NMDeviceMacsec, _priv.scb), + NML_DBUS_META_PROPERTY_INIT_T("Sci", PROP_SCI, NMDeviceMacsec, _priv.sci), + NML_DBUS_META_PROPERTY_INIT_S("Validation", + PROP_VALIDATION, + NMDeviceMacsec, + _priv.validation), + NML_DBUS_META_PROPERTY_INIT_U("Window", PROP_WINDOW, NMDeviceMacsec, _priv.window), ), ); + +static void +nm_device_macsec_class_init(NMDeviceMacsecClass *klass) +{ + GObjectClass * object_class = G_OBJECT_CLASS(klass); + NMObjectClass *nm_object_class = NM_OBJECT_CLASS(klass); + + object_class->get_property = get_property; + object_class->finalize = finalize; + + _NM_OBJECT_CLASS_INIT_PRIV_PTR_DIRECT(nm_object_class, NMDeviceMacsec); + + _NM_OBJECT_CLASS_INIT_PROPERTY_O_FIELDS_1(nm_object_class, NMDeviceMacsecPrivate, parent); + + /** + * NMDeviceMacsec:parent: + * + * The devices's parent device. + * + * Since: 1.6 + **/ + obj_properties[PROP_PARENT] = g_param_spec_object(NM_DEVICE_MACSEC_PARENT, + "", + "", + NM_TYPE_DEVICE, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:sci: + * + * The Secure Channel Identifier in use. + * + * Since: 1.6 + **/ + obj_properties[PROP_SCI] = g_param_spec_uint64(NM_DEVICE_MACSEC_SCI, + "", + "", + 0, + G_MAXUINT64, + 0, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:icv-length: + * + * The length of ICV (Integrity Check Value). + * + * Since: 1.6 + **/ + obj_properties[PROP_ICV_LENGTH] = g_param_spec_uchar(NM_DEVICE_MACSEC_ICV_LENGTH, + "", + "", + 0, + G_MAXUINT8, + 0, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:cipher-suite: + * + * The set of cryptographic algorithms in use. + * + * Since: 1.6 + **/ + obj_properties[PROP_CIPHER_SUITE] = + g_param_spec_uint64(NM_DEVICE_MACSEC_CIPHER_SUITE, + "", + "", + 0, + G_MAXUINT64, + 0, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:window: + * + * The size of the replay window. + * + * Since: 1.6 + **/ + obj_properties[PROP_WINDOW] = g_param_spec_uint(NM_DEVICE_MACSEC_WINDOW, + "", + "", + 0, + G_MAXUINT32, + 0, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:encoding-sa: + * + * The value of the Association Number (0..3) for the Security + * Association in use. + * + * Since: 1.6 + **/ + obj_properties[PROP_ENCODING_SA] = + g_param_spec_uchar(NM_DEVICE_MACSEC_ENCODING_SA, + "", + "", + 0, + G_MAXUINT8, + 0, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:validation: + * + * The validation mode for incoming packets (strict, check, + * disabled). + * + * Since: 1.6 + **/ + obj_properties[PROP_VALIDATION] = + g_param_spec_string(NM_DEVICE_MACSEC_VALIDATION, + "", + "", + NULL, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:encrypt: + * + * Whether encryption of transmitted frames is enabled. + * + * Since: 1.6 + **/ + obj_properties[PROP_ENCRYPT] = g_param_spec_boolean(NM_DEVICE_MACSEC_ENCRYPT, + "", + "", + FALSE, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:protect: + * + * Whether protection of transmitted frames is enabled. + * + * Since: 1.6 + **/ + obj_properties[PROP_PROTECT] = g_param_spec_boolean(NM_DEVICE_MACSEC_PROTECT, + "", + "", + FALSE, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:include-sci: + * + * Whether the SCI is always included in SecTAG for transmitted + * frames. + * + * Since: 1.6 + **/ + obj_properties[PROP_INCLUDE_SCI] = + g_param_spec_boolean(NM_DEVICE_MACSEC_INCLUDE_SCI, + "", + "", + FALSE, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:es: + * + * Whether the ES (End station) bit is enabled in SecTAG for + * transmitted frames. + * + * Since: 1.6 + **/ + obj_properties[PROP_ES] = g_param_spec_boolean(NM_DEVICE_MACSEC_ES, + "", + "", + FALSE, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:scb: + * + * Whether the SCB (Single Copy Broadcast) bit is enabled in + * SecTAG for transmitted frames. + * + * Since: 1.6 + **/ + obj_properties[PROP_SCB] = g_param_spec_boolean(NM_DEVICE_MACSEC_SCB, + "", + "", + FALSE, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + /** + * NMDeviceMacsec:replay-protect: + * + * Whether replay protection is enabled. + * + * Since: 1.6 + **/ + obj_properties[PROP_REPLAY_PROTECT] = + g_param_spec_boolean(NM_DEVICE_MACSEC_REPLAY_PROTECT, + "", + "", + FALSE, + G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); + + _nml_dbus_meta_class_init_with_properties(object_class, &_nml_dbus_meta_iface_nm_device_macsec); +} |