summaryrefslogtreecommitdiff
path: root/src/libnm-client-impl/nm-device-macsec.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libnm-client-impl/nm-device-macsec.c')
-rw-r--r--src/libnm-client-impl/nm-device-macsec.c631
1 files changed, 631 insertions, 0 deletions
diff --git a/src/libnm-client-impl/nm-device-macsec.c b/src/libnm-client-impl/nm-device-macsec.c
new file mode 100644
index 0000000000..faa5be7e74
--- /dev/null
+++ b/src/libnm-client-impl/nm-device-macsec.c
@@ -0,0 +1,631 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/*
+ * Copyright (C) 2017 Red Hat, Inc.
+ */
+
+#include "libnm-client-impl/nm-default-libnm.h"
+
+#include "nm-device-macsec.h"
+
+#include "nm-device-private.h"
+#include "nm-object-private.h"
+#include "nm-utils.h"
+
+/*****************************************************************************/
+
+NM_GOBJECT_PROPERTIES_DEFINE_BASE(PROP_PARENT,
+ PROP_SCI,
+ PROP_CIPHER_SUITE,
+ PROP_ICV_LENGTH,
+ PROP_WINDOW,
+ PROP_ENCODING_SA,
+ PROP_ENCRYPT,
+ PROP_PROTECT,
+ PROP_INCLUDE_SCI,
+ PROP_ES,
+ PROP_SCB,
+ PROP_REPLAY_PROTECT,
+ PROP_VALIDATION, );
+
+typedef struct {
+ NMLDBusPropertyO parent;
+ char * validation;
+ guint64 sci;
+ guint64 cipher_suite;
+ guint32 window;
+ guint8 icv_length;
+ guint8 encoding_sa;
+ bool encrypt;
+ bool protect;
+ bool include_sci;
+ bool es;
+ bool scb;
+ bool replay_protect;
+} NMDeviceMacsecPrivate;
+
+struct _NMDeviceMacsec {
+ NMDevice parent;
+ NMDeviceMacsecPrivate _priv;
+};
+
+struct _NMDeviceMacsecClass {
+ NMDeviceClass parent;
+};
+
+G_DEFINE_TYPE(NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE)
+
+#define NM_DEVICE_MACSEC_GET_PRIVATE(self) \
+ _NM_GET_PRIVATE(self, NMDeviceMacsec, NM_IS_DEVICE_MACSEC, NMObject, NMDevice)
+
+/*****************************************************************************/
+
+/**
+ * nm_device_macsec_get_parent:
+ * @device: a #NMDeviceMacsec
+ *
+ * Returns: (transfer none): the device's parent device
+ *
+ * Since: 1.6
+ **/
+NMDevice *
+nm_device_macsec_get_parent(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL);
+
+ return nml_dbus_property_o_get_obj(&NM_DEVICE_MACSEC_GET_PRIVATE(device)->parent);
+}
+
+/**
+ * nm_device_macsec_get_hw_address: (skip)
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the hardware (MAC) address of the #NMDeviceMacsec
+ *
+ * Returns: the hardware address. This is the internal string used by the
+ * device, and must not be modified.
+ *
+ * Since: 1.6
+ *
+ * Deprecated: 1.24: Use nm_device_get_hw_address() instead.
+ **/
+const char *
+nm_device_macsec_get_hw_address(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL);
+
+ return nm_device_get_hw_address(NM_DEVICE(device));
+}
+
+/**
+ * nm_device_macsec_get_sci:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the Secure Channel Identifier in use
+ *
+ * Returns: the SCI
+ *
+ * Since: 1.6
+ **/
+guint64
+nm_device_macsec_get_sci(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->sci;
+}
+
+/**
+ * nm_device_macsec_get_icv_length:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the length of ICV (Integrity Check Value)
+ *
+ * Returns: the length of ICV
+ *
+ * Since: 1.6
+ **/
+guint8
+nm_device_macsec_get_icv_length(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->icv_length;
+}
+
+/**
+ * nm_device_macsec_get_cipher_suite:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the set of cryptographic algorithms in use
+ *
+ * Returns: the set of cryptographic algorithms in use
+ *
+ * Since: 1.6
+ **/
+guint64
+nm_device_macsec_get_cipher_suite(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->cipher_suite;
+}
+
+/**
+ * nm_device_macsec_get_window:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the size of the replay window
+ *
+ * Returns: size of the replay window
+ *
+ * Since: 1.6
+ **/
+guint
+nm_device_macsec_get_window(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->window;
+}
+
+/**
+ * nm_device_macsec_get_encoding_sa:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the value of the Association Number (0..3) for the Security
+ * Association in use.
+ *
+ * Returns: the current Security Association
+ *
+ * Since: 1.6
+ **/
+guint8
+nm_device_macsec_get_encoding_sa(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->encoding_sa;
+}
+
+/**
+ * nm_device_macsec_get_validation:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the validation mode for incoming packets (strict, check,
+ * disabled)
+ *
+ * Returns: the validation mode
+ *
+ * Since: 1.6
+ **/
+const char *
+nm_device_macsec_get_validation(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->validation;
+}
+
+/**
+ * nm_device_macsec_get_encrypt:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether encryption of transmitted frames is enabled
+ *
+ * Returns: whether encryption is enabled
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_encrypt(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->encrypt;
+}
+
+/**
+ * nm_device_macsec_get_protect:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether protection of transmitted frames is enabled
+ *
+ * Returns: whether protection is enabled
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_protect(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->protect;
+}
+
+/**
+ * nm_device_macsec_get_include_sci:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether the SCI is always included in SecTAG for transmitted
+ * frames
+ *
+ * Returns: whether the SCI is always included
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_include_sci(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->include_sci;
+}
+
+/**
+ * nm_device_macsec_get_es:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether the ES (End station) bit is enabled in SecTAG for
+ * transmitted frames
+ *
+ * Returns: whether the ES (End station) bit is enabled
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_es(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->es;
+}
+
+/**
+ * nm_device_macsec_get_scb:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether the SCB (Single Copy Broadcast) bit is enabled in
+ * SecTAG for transmitted frames
+ *
+ * Returns: whether the SCB (Single Copy Broadcast) bit is enabled
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_scb(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->scb;
+}
+
+/**
+ * nm_device_macsec_get_replay_protect:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether replay protection is enabled
+ *
+ * Returns: whether replay protection is enabled
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_replay_protect(NMDeviceMacsec *device)
+{
+ g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE(device)->replay_protect;
+}
+
+/***********************************************************/
+
+static void
+nm_device_macsec_init(NMDeviceMacsec *device)
+{}
+
+static void
+finalize(GObject *object)
+{
+ NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE(object);
+
+ g_free(priv->validation);
+
+ G_OBJECT_CLASS(nm_device_macsec_parent_class)->finalize(object);
+}
+
+static void
+get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
+{
+ NMDeviceMacsec *device = NM_DEVICE_MACSEC(object);
+
+ switch (prop_id) {
+ case PROP_PARENT:
+ g_value_set_object(value, nm_device_macsec_get_parent(device));
+ break;
+ case PROP_SCI:
+ g_value_set_uint64(value, nm_device_macsec_get_sci(device));
+ break;
+ case PROP_ICV_LENGTH:
+ g_value_set_uchar(value, nm_device_macsec_get_icv_length(device));
+ break;
+ case PROP_CIPHER_SUITE:
+ g_value_set_uint64(value, nm_device_macsec_get_cipher_suite(device));
+ break;
+ case PROP_WINDOW:
+ g_value_set_uint(value, nm_device_macsec_get_window(device));
+ break;
+ case PROP_ENCODING_SA:
+ g_value_set_uchar(value, nm_device_macsec_get_encoding_sa(device));
+ break;
+ case PROP_VALIDATION:
+ g_value_set_string(value, nm_device_macsec_get_validation(device));
+ break;
+ case PROP_ENCRYPT:
+ g_value_set_boolean(value, nm_device_macsec_get_encrypt(device));
+ break;
+ case PROP_PROTECT:
+ g_value_set_boolean(value, nm_device_macsec_get_protect(device));
+ break;
+ case PROP_INCLUDE_SCI:
+ g_value_set_boolean(value, nm_device_macsec_get_include_sci(device));
+ break;
+ case PROP_ES:
+ g_value_set_boolean(value, nm_device_macsec_get_es(device));
+ break;
+ case PROP_SCB:
+ g_value_set_boolean(value, nm_device_macsec_get_scb(device));
+ break;
+ case PROP_REPLAY_PROTECT:
+ g_value_set_boolean(value, nm_device_macsec_get_replay_protect(device));
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
+ break;
+ }
+}
+
+const NMLDBusMetaIface _nml_dbus_meta_iface_nm_device_macsec = NML_DBUS_META_IFACE_INIT_PROP(
+ NM_DBUS_INTERFACE_DEVICE_MACSEC,
+ nm_device_macsec_get_type,
+ NML_DBUS_META_INTERFACE_PRIO_INSTANTIATE_30,
+ NML_DBUS_META_IFACE_DBUS_PROPERTIES(
+ NML_DBUS_META_PROPERTY_INIT_T("CipherSuite",
+ PROP_CIPHER_SUITE,
+ NMDeviceMacsec,
+ _priv.cipher_suite),
+ NML_DBUS_META_PROPERTY_INIT_Y("EncodingSa",
+ PROP_ENCODING_SA,
+ NMDeviceMacsec,
+ _priv.encoding_sa),
+ NML_DBUS_META_PROPERTY_INIT_B("Encrypt", PROP_ENCRYPT, NMDeviceMacsec, _priv.encrypt),
+ NML_DBUS_META_PROPERTY_INIT_B("Es", PROP_ES, NMDeviceMacsec, _priv.es),
+ NML_DBUS_META_PROPERTY_INIT_Y("IcvLength",
+ PROP_ICV_LENGTH,
+ NMDeviceMacsec,
+ _priv.icv_length),
+ NML_DBUS_META_PROPERTY_INIT_B("IncludeSci",
+ PROP_INCLUDE_SCI,
+ NMDeviceMacsec,
+ _priv.include_sci),
+ NML_DBUS_META_PROPERTY_INIT_O_PROP("Parent",
+ PROP_PARENT,
+ NMDeviceMacsec,
+ _priv.parent,
+ nm_device_get_type),
+ NML_DBUS_META_PROPERTY_INIT_B("Protect", PROP_PROTECT, NMDeviceMacsec, _priv.protect),
+ NML_DBUS_META_PROPERTY_INIT_B("ReplayProtect",
+ PROP_REPLAY_PROTECT,
+ NMDeviceMacsec,
+ _priv.replay_protect),
+ NML_DBUS_META_PROPERTY_INIT_B("Scb", PROP_SCB, NMDeviceMacsec, _priv.scb),
+ NML_DBUS_META_PROPERTY_INIT_T("Sci", PROP_SCI, NMDeviceMacsec, _priv.sci),
+ NML_DBUS_META_PROPERTY_INIT_S("Validation",
+ PROP_VALIDATION,
+ NMDeviceMacsec,
+ _priv.validation),
+ NML_DBUS_META_PROPERTY_INIT_U("Window", PROP_WINDOW, NMDeviceMacsec, _priv.window), ), );
+
+static void
+nm_device_macsec_class_init(NMDeviceMacsecClass *klass)
+{
+ GObjectClass * object_class = G_OBJECT_CLASS(klass);
+ NMObjectClass *nm_object_class = NM_OBJECT_CLASS(klass);
+
+ object_class->get_property = get_property;
+ object_class->finalize = finalize;
+
+ _NM_OBJECT_CLASS_INIT_PRIV_PTR_DIRECT(nm_object_class, NMDeviceMacsec);
+
+ _NM_OBJECT_CLASS_INIT_PROPERTY_O_FIELDS_1(nm_object_class, NMDeviceMacsecPrivate, parent);
+
+ /**
+ * NMDeviceMacsec:parent:
+ *
+ * The devices's parent device.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_PARENT] = g_param_spec_object(NM_DEVICE_MACSEC_PARENT,
+ "",
+ "",
+ NM_TYPE_DEVICE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:sci:
+ *
+ * The Secure Channel Identifier in use.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_SCI] = g_param_spec_uint64(NM_DEVICE_MACSEC_SCI,
+ "",
+ "",
+ 0,
+ G_MAXUINT64,
+ 0,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:icv-length:
+ *
+ * The length of ICV (Integrity Check Value).
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_ICV_LENGTH] = g_param_spec_uchar(NM_DEVICE_MACSEC_ICV_LENGTH,
+ "",
+ "",
+ 0,
+ G_MAXUINT8,
+ 0,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:cipher-suite:
+ *
+ * The set of cryptographic algorithms in use.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_CIPHER_SUITE] =
+ g_param_spec_uint64(NM_DEVICE_MACSEC_CIPHER_SUITE,
+ "",
+ "",
+ 0,
+ G_MAXUINT64,
+ 0,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:window:
+ *
+ * The size of the replay window.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_WINDOW] = g_param_spec_uint(NM_DEVICE_MACSEC_WINDOW,
+ "",
+ "",
+ 0,
+ G_MAXUINT32,
+ 0,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:encoding-sa:
+ *
+ * The value of the Association Number (0..3) for the Security
+ * Association in use.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_ENCODING_SA] =
+ g_param_spec_uchar(NM_DEVICE_MACSEC_ENCODING_SA,
+ "",
+ "",
+ 0,
+ G_MAXUINT8,
+ 0,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:validation:
+ *
+ * The validation mode for incoming packets (strict, check,
+ * disabled).
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_VALIDATION] =
+ g_param_spec_string(NM_DEVICE_MACSEC_VALIDATION,
+ "",
+ "",
+ NULL,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:encrypt:
+ *
+ * Whether encryption of transmitted frames is enabled.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_ENCRYPT] = g_param_spec_boolean(NM_DEVICE_MACSEC_ENCRYPT,
+ "",
+ "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:protect:
+ *
+ * Whether protection of transmitted frames is enabled.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_PROTECT] = g_param_spec_boolean(NM_DEVICE_MACSEC_PROTECT,
+ "",
+ "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:include-sci:
+ *
+ * Whether the SCI is always included in SecTAG for transmitted
+ * frames.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_INCLUDE_SCI] =
+ g_param_spec_boolean(NM_DEVICE_MACSEC_INCLUDE_SCI,
+ "",
+ "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:es:
+ *
+ * Whether the ES (End station) bit is enabled in SecTAG for
+ * transmitted frames.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_ES] = g_param_spec_boolean(NM_DEVICE_MACSEC_ES,
+ "",
+ "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:scb:
+ *
+ * Whether the SCB (Single Copy Broadcast) bit is enabled in
+ * SecTAG for transmitted frames.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_SCB] = g_param_spec_boolean(NM_DEVICE_MACSEC_SCB,
+ "",
+ "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:replay-protect:
+ *
+ * Whether replay protection is enabled.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_REPLAY_PROTECT] =
+ g_param_spec_boolean(NM_DEVICE_MACSEC_REPLAY_PROTECT,
+ "",
+ "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ _nml_dbus_meta_class_init_with_properties(object_class, &_nml_dbus_meta_iface_nm_device_macsec);
+}
View Lorry Controller Status