/* SPDX-License-Identifier: LGPL-2.1+ */ /* * Copyright (C) 2017 Red Hat, Inc. */ #include "nm-default.h" #include "nm-device-macsec.h" #include "nm-device-private.h" #include "nm-object-private.h" #include "nm-utils.h" /*****************************************************************************/ NM_GOBJECT_PROPERTIES_DEFINE_BASE(PROP_PARENT, PROP_SCI, PROP_CIPHER_SUITE, PROP_ICV_LENGTH, PROP_WINDOW, PROP_ENCODING_SA, PROP_ENCRYPT, PROP_PROTECT, PROP_INCLUDE_SCI, PROP_ES, PROP_SCB, PROP_REPLAY_PROTECT, PROP_VALIDATION, ); typedef struct { NMLDBusPropertyO parent; char * validation; guint64 sci; guint64 cipher_suite; guint32 window; guint8 icv_length; guint8 encoding_sa; bool encrypt; bool protect; bool include_sci; bool es; bool scb; bool replay_protect; } NMDeviceMacsecPrivate; struct _NMDeviceMacsec { NMDevice parent; NMDeviceMacsecPrivate _priv; }; struct _NMDeviceMacsecClass { NMDeviceClass parent; }; G_DEFINE_TYPE(NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE) #define NM_DEVICE_MACSEC_GET_PRIVATE(self) \ _NM_GET_PRIVATE(self, NMDeviceMacsec, NM_IS_DEVICE_MACSEC, NMObject, NMDevice) /*****************************************************************************/ /** * nm_device_macsec_get_parent: * @device: a #NMDeviceMacsec * * Returns: (transfer none): the device's parent device * * Since: 1.6 **/ NMDevice * nm_device_macsec_get_parent(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL); return nml_dbus_property_o_get_obj(&NM_DEVICE_MACSEC_GET_PRIVATE(device)->parent); } /** * nm_device_macsec_get_hw_address: (skip) * @device: a #NMDeviceMacsec * * Gets the hardware (MAC) address of the #NMDeviceMacsec * * Returns: the hardware address. This is the internal string used by the * device, and must not be modified. * * Since: 1.6 * * Deprecated: 1.24: Use nm_device_get_hw_address() instead. **/ const char * nm_device_macsec_get_hw_address(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL); return nm_device_get_hw_address(NM_DEVICE(device)); } /** * nm_device_macsec_get_sci: * @device: a #NMDeviceMacsec * * Gets the Secure Channel Identifier in use * * Returns: the SCI * * Since: 1.6 **/ guint64 nm_device_macsec_get_sci(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->sci; } /** * nm_device_macsec_get_icv_length: * @device: a #NMDeviceMacsec * * Gets the length of ICV (Integrity Check Value) * * Returns: the length of ICV * * Since: 1.6 **/ guint8 nm_device_macsec_get_icv_length(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->icv_length; } /** * nm_device_macsec_get_cipher_suite: * @device: a #NMDeviceMacsec * * Gets the set of cryptographic algorithms in use * * Returns: the set of cryptographic algorithms in use * * Since: 1.6 **/ guint64 nm_device_macsec_get_cipher_suite(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->cipher_suite; } /** * nm_device_macsec_get_window: * @device: a #NMDeviceMacsec * * Gets the size of the replay window * * Returns: size of the replay window * * Since: 1.6 **/ guint nm_device_macsec_get_window(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->window; } /** * nm_device_macsec_get_encoding_sa: * @device: a #NMDeviceMacsec * * Gets the value of the Association Number (0..3) for the Security * Association in use. * * Returns: the current Security Association * * Since: 1.6 **/ guint8 nm_device_macsec_get_encoding_sa(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->encoding_sa; } /** * nm_device_macsec_get_validation: * @device: a #NMDeviceMacsec * * Gets the validation mode for incoming packets (strict, check, * disabled) * * Returns: the validation mode * * Since: 1.6 **/ const char * nm_device_macsec_get_validation(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->validation; } /** * nm_device_macsec_get_encrypt: * @device: a #NMDeviceMacsec * * Gets whether encryption of transmitted frames is enabled * * Returns: whether encryption is enabled * * Since: 1.6 **/ gboolean nm_device_macsec_get_encrypt(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->encrypt; } /** * nm_device_macsec_get_protect: * @device: a #NMDeviceMacsec * * Gets whether protection of transmitted frames is enabled * * Returns: whether protection is enabled * * Since: 1.6 **/ gboolean nm_device_macsec_get_protect(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->protect; } /** * nm_device_macsec_get_include_sci: * @device: a #NMDeviceMacsec * * Gets whether the SCI is always included in SecTAG for transmitted * frames * * Returns: whether the SCI is always included * * Since: 1.6 **/ gboolean nm_device_macsec_get_include_sci(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->include_sci; } /** * nm_device_macsec_get_es: * @device: a #NMDeviceMacsec * * Gets whether the ES (End station) bit is enabled in SecTAG for * transmitted frames * * Returns: whether the ES (End station) bit is enabled * * Since: 1.6 **/ gboolean nm_device_macsec_get_es(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->es; } /** * nm_device_macsec_get_scb: * @device: a #NMDeviceMacsec * * Gets whether the SCB (Single Copy Broadcast) bit is enabled in * SecTAG for transmitted frames * * Returns: whether the SCB (Single Copy Broadcast) bit is enabled * * Since: 1.6 **/ gboolean nm_device_macsec_get_scb(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->scb; } /** * nm_device_macsec_get_replay_protect: * @device: a #NMDeviceMacsec * * Gets whether replay protection is enabled * * Returns: whether replay protection is enabled * * Since: 1.6 **/ gboolean nm_device_macsec_get_replay_protect(NMDeviceMacsec *device) { g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE); return NM_DEVICE_MACSEC_GET_PRIVATE(device)->replay_protect; } /***********************************************************/ static void nm_device_macsec_init(NMDeviceMacsec *device) {} static void finalize(GObject *object) { NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE(object); g_free(priv->validation); G_OBJECT_CLASS(nm_device_macsec_parent_class)->finalize(object); } static void get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec) { NMDeviceMacsec *device = NM_DEVICE_MACSEC(object); switch (prop_id) { case PROP_PARENT: g_value_set_object(value, nm_device_macsec_get_parent(device)); break; case PROP_SCI: g_value_set_uint64(value, nm_device_macsec_get_sci(device)); break; case PROP_ICV_LENGTH: g_value_set_uchar(value, nm_device_macsec_get_icv_length(device)); break; case PROP_CIPHER_SUITE: g_value_set_uint64(value, nm_device_macsec_get_cipher_suite(device)); break; case PROP_WINDOW: g_value_set_uint(value, nm_device_macsec_get_window(device)); break; case PROP_ENCODING_SA: g_value_set_uchar(value, nm_device_macsec_get_encoding_sa(device)); break; case PROP_VALIDATION: g_value_set_string(value, nm_device_macsec_get_validation(device)); break; case PROP_ENCRYPT: g_value_set_boolean(value, nm_device_macsec_get_encrypt(device)); break; case PROP_PROTECT: g_value_set_boolean(value, nm_device_macsec_get_protect(device)); break; case PROP_INCLUDE_SCI: g_value_set_boolean(value, nm_device_macsec_get_include_sci(device)); break; case PROP_ES: g_value_set_boolean(value, nm_device_macsec_get_es(device)); break; case PROP_SCB: g_value_set_boolean(value, nm_device_macsec_get_scb(device)); break; case PROP_REPLAY_PROTECT: g_value_set_boolean(value, nm_device_macsec_get_replay_protect(device)); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec); break; } } const NMLDBusMetaIface _nml_dbus_meta_iface_nm_device_macsec = NML_DBUS_META_IFACE_INIT_PROP( NM_DBUS_INTERFACE_DEVICE_MACSEC, nm_device_macsec_get_type, NML_DBUS_META_INTERFACE_PRIO_INSTANTIATE_HIGH, NML_DBUS_META_IFACE_DBUS_PROPERTIES( NML_DBUS_META_PROPERTY_INIT_T("CipherSuite", PROP_CIPHER_SUITE, NMDeviceMacsec, _priv.cipher_suite), NML_DBUS_META_PROPERTY_INIT_Y("EncodingSa", PROP_ENCODING_SA, NMDeviceMacsec, _priv.encoding_sa), NML_DBUS_META_PROPERTY_INIT_B("Encrypt", PROP_ENCRYPT, NMDeviceMacsec, _priv.encrypt), NML_DBUS_META_PROPERTY_INIT_B("Es", PROP_ES, NMDeviceMacsec, _priv.es), NML_DBUS_META_PROPERTY_INIT_Y("IcvLength", PROP_ICV_LENGTH, NMDeviceMacsec, _priv.icv_length), NML_DBUS_META_PROPERTY_INIT_B("IncludeSci", PROP_INCLUDE_SCI, NMDeviceMacsec, _priv.include_sci), NML_DBUS_META_PROPERTY_INIT_O_PROP("Parent", PROP_PARENT, NMDeviceMacsec, _priv.parent, nm_device_get_type), NML_DBUS_META_PROPERTY_INIT_B("Protect", PROP_PROTECT, NMDeviceMacsec, _priv.protect), NML_DBUS_META_PROPERTY_INIT_B("ReplayProtect", PROP_REPLAY_PROTECT, NMDeviceMacsec, _priv.replay_protect), NML_DBUS_META_PROPERTY_INIT_B("Scb", PROP_SCB, NMDeviceMacsec, _priv.scb), NML_DBUS_META_PROPERTY_INIT_T("Sci", PROP_SCI, NMDeviceMacsec, _priv.sci), NML_DBUS_META_PROPERTY_INIT_S("Validation", PROP_VALIDATION, NMDeviceMacsec, _priv.validation), NML_DBUS_META_PROPERTY_INIT_U("Window", PROP_WINDOW, NMDeviceMacsec, _priv.window), ), ); static void nm_device_macsec_class_init(NMDeviceMacsecClass *klass) { GObjectClass * object_class = G_OBJECT_CLASS(klass); NMObjectClass *nm_object_class = NM_OBJECT_CLASS(klass); object_class->get_property = get_property; object_class->finalize = finalize; _NM_OBJECT_CLASS_INIT_PRIV_PTR_DIRECT(nm_object_class, NMDeviceMacsec); _NM_OBJECT_CLASS_INIT_PROPERTY_O_FIELDS_1(nm_object_class, NMDeviceMacsecPrivate, parent); /** * NMDeviceMacsec:parent: * * The devices's parent device. * * Since: 1.6 **/ obj_properties[PROP_PARENT] = g_param_spec_object(NM_DEVICE_MACSEC_PARENT, "", "", NM_TYPE_DEVICE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:sci: * * The Secure Channel Identifier in use. * * Since: 1.6 **/ obj_properties[PROP_SCI] = g_param_spec_uint64(NM_DEVICE_MACSEC_SCI, "", "", 0, G_MAXUINT64, 0, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:icv-length: * * The length of ICV (Integrity Check Value). * * Since: 1.6 **/ obj_properties[PROP_ICV_LENGTH] = g_param_spec_uchar(NM_DEVICE_MACSEC_ICV_LENGTH, "", "", 0, G_MAXUINT8, 0, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:cipher-suite: * * The set of cryptographic algorithms in use. * * Since: 1.6 **/ obj_properties[PROP_CIPHER_SUITE] = g_param_spec_uint64(NM_DEVICE_MACSEC_CIPHER_SUITE, "", "", 0, G_MAXUINT64, 0, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:window: * * The size of the replay window. * * Since: 1.6 **/ obj_properties[PROP_WINDOW] = g_param_spec_uint(NM_DEVICE_MACSEC_WINDOW, "", "", 0, G_MAXUINT32, 0, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:encoding-sa: * * The value of the Association Number (0..3) for the Security * Association in use. * * Since: 1.6 **/ obj_properties[PROP_ENCODING_SA] = g_param_spec_uchar(NM_DEVICE_MACSEC_ENCODING_SA, "", "", 0, G_MAXUINT8, 0, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:validation: * * The validation mode for incoming packets (strict, check, * disabled). * * Since: 1.6 **/ obj_properties[PROP_VALIDATION] = g_param_spec_string(NM_DEVICE_MACSEC_VALIDATION, "", "", NULL, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:encrypt: * * Whether encryption of transmitted frames is enabled. * * Since: 1.6 **/ obj_properties[PROP_ENCRYPT] = g_param_spec_boolean(NM_DEVICE_MACSEC_ENCRYPT, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:protect: * * Whether protection of transmitted frames is enabled. * * Since: 1.6 **/ obj_properties[PROP_PROTECT] = g_param_spec_boolean(NM_DEVICE_MACSEC_PROTECT, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:include-sci: * * Whether the SCI is always included in SecTAG for transmitted * frames. * * Since: 1.6 **/ obj_properties[PROP_INCLUDE_SCI] = g_param_spec_boolean(NM_DEVICE_MACSEC_INCLUDE_SCI, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:es: * * Whether the ES (End station) bit is enabled in SecTAG for * transmitted frames. * * Since: 1.6 **/ obj_properties[PROP_ES] = g_param_spec_boolean(NM_DEVICE_MACSEC_ES, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:scb: * * Whether the SCB (Single Copy Broadcast) bit is enabled in * SecTAG for transmitted frames. * * Since: 1.6 **/ obj_properties[PROP_SCB] = g_param_spec_boolean(NM_DEVICE_MACSEC_SCB, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); /** * NMDeviceMacsec:replay-protect: * * Whether replay protection is enabled. * * Since: 1.6 **/ obj_properties[PROP_REPLAY_PROTECT] = g_param_spec_boolean(NM_DEVICE_MACSEC_REPLAY_PROTECT, "", "", FALSE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS); _nml_dbus_meta_class_init_with_properties(object_class, &_nml_dbus_meta_iface_nm_device_macsec); }