NetworkManager/src/libnm-client-impl/nm-device-macsec.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */
/*
 * Copyright (C) 2017 Red Hat, Inc.
 */

#include "libnm-client-impl/nm-default-libnm.h"

#include "nm-device-macsec.h"

#include "nm-device-private.h"
#include "nm-object-private.h"
#include "nm-utils.h"

/*****************************************************************************/

NM_GOBJECT_PROPERTIES_DEFINE_BASE(PROP_PARENT,
                                  PROP_SCI,
                                  PROP_CIPHER_SUITE,
                                  PROP_ICV_LENGTH,
                                  PROP_WINDOW,
                                  PROP_ENCODING_SA,
                                  PROP_ENCRYPT,
                                  PROP_PROTECT,
                                  PROP_INCLUDE_SCI,
                                  PROP_ES,
                                  PROP_SCB,
                                  PROP_REPLAY_PROTECT,
                                  PROP_VALIDATION, );

typedef struct {
    NMLDBusPropertyO parent;
    char            *validation;
    guint64          sci;
    guint64          cipher_suite;
    guint32          window;
    guint8           icv_length;
    guint8           encoding_sa;
    bool             encrypt;
    bool             protect;
    bool             include_sci;
    bool             es;
    bool             scb;
    bool             replay_protect;
} NMDeviceMacsecPrivate;

struct _NMDeviceMacsec {
    NMDevice              parent;
    NMDeviceMacsecPrivate _priv;
};

struct _NMDeviceMacsecClass {
    NMDeviceClass parent;
};

G_DEFINE_TYPE(NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE)

#define NM_DEVICE_MACSEC_GET_PRIVATE(self) \
    _NM_GET_PRIVATE(self, NMDeviceMacsec, NM_IS_DEVICE_MACSEC, NMObject, NMDevice)

/*****************************************************************************/

/**
 * nm_device_macsec_get_parent:
 * @device: a #NMDeviceMacsec
 *
 * Returns: (transfer none): the device's parent device
 *
 * Since: 1.6
 **/
NMDevice *
nm_device_macsec_get_parent(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL);

    return nml_dbus_property_o_get_obj(&NM_DEVICE_MACSEC_GET_PRIVATE(device)->parent);
}

/**
 * nm_device_macsec_get_hw_address: (skip)
 * @device: a #NMDeviceMacsec
 *
 * Gets the hardware (MAC) address of the #NMDeviceMacsec
 *
 * Returns: the hardware address. This is the internal string used by the
 * device, and must not be modified.
 *
 * Since: 1.6
 *
 * Deprecated: 1.24: Use nm_device_get_hw_address() instead.
 **/
const char *
nm_device_macsec_get_hw_address(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL);

    return nm_device_get_hw_address(NM_DEVICE(device));
}

/**
 * nm_device_macsec_get_sci:
 * @device: a #NMDeviceMacsec
 *
 * Gets the Secure Channel Identifier in use
 *
 * Returns: the SCI
 *
 * Since: 1.6
 **/
guint64
nm_device_macsec_get_sci(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->sci;
}

/**
 * nm_device_macsec_get_icv_length:
 * @device: a #NMDeviceMacsec
 *
 * Gets the length of ICV (Integrity Check Value)
 *
 * Returns: the length of ICV
 *
 * Since: 1.6
 **/
guint8
nm_device_macsec_get_icv_length(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->icv_length;
}

/**
 * nm_device_macsec_get_cipher_suite:
 * @device: a #NMDeviceMacsec
 *
 * Gets the set of cryptographic algorithms in use
 *
 * Returns: the set of cryptographic algorithms in use
 *
 * Since: 1.6
 **/
guint64
nm_device_macsec_get_cipher_suite(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->cipher_suite;
}

/**
 * nm_device_macsec_get_window:
 * @device: a #NMDeviceMacsec
 *
 * Gets the size of the replay window
 *
 * Returns: size of the replay window
 *
 * Since: 1.6
 **/
guint
nm_device_macsec_get_window(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->window;
}

/**
 * nm_device_macsec_get_encoding_sa:
 * @device: a #NMDeviceMacsec
 *
 * Gets the value of the Association Number (0..3) for the Security
 * Association in use.
 *
 * Returns: the current Security Association
 *
 * Since: 1.6
 **/
guint8
nm_device_macsec_get_encoding_sa(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), 0);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->encoding_sa;
}

/**
 * nm_device_macsec_get_validation:
 * @device: a #NMDeviceMacsec
 *
 * Gets the validation mode for incoming packets (strict, check,
 * disabled)
 *
 * Returns: the validation mode
 *
 * Since: 1.6
 **/
const char *
nm_device_macsec_get_validation(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), NULL);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->validation;
}

/**
 * nm_device_macsec_get_encrypt:
 * @device: a #NMDeviceMacsec
 *
 * Gets whether encryption of transmitted frames is enabled
 *
 * Returns: whether encryption is enabled
 *
 * Since: 1.6
 **/
gboolean
nm_device_macsec_get_encrypt(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->encrypt;
}

/**
 * nm_device_macsec_get_protect:
 * @device: a #NMDeviceMacsec
 *
 * Gets whether protection of transmitted frames is enabled
 *
 * Returns: whether protection is enabled
 *
 * Since: 1.6
 **/
gboolean
nm_device_macsec_get_protect(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->protect;
}

/**
 * nm_device_macsec_get_include_sci:
 * @device: a #NMDeviceMacsec
 *
 * Gets whether the SCI is always included in SecTAG for transmitted
 * frames
 *
 * Returns: whether the SCI is always included
 *
 * Since: 1.6
 **/
gboolean
nm_device_macsec_get_include_sci(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->include_sci;
}

/**
 * nm_device_macsec_get_es:
 * @device: a #NMDeviceMacsec
 *
 * Gets whether the ES (End station) bit is enabled in SecTAG for
 * transmitted frames
 *
 * Returns: whether the ES (End station) bit is enabled
 *
 * Since: 1.6
 **/
gboolean
nm_device_macsec_get_es(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->es;
}

/**
 * nm_device_macsec_get_scb:
 * @device: a #NMDeviceMacsec
 *
 * Gets whether the SCB (Single Copy Broadcast) bit is enabled in
 * SecTAG for transmitted frames
 *
 * Returns: whether the SCB (Single Copy Broadcast) bit is enabled
 *
 * Since: 1.6
 **/
gboolean
nm_device_macsec_get_scb(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->scb;
}

/**
 * nm_device_macsec_get_replay_protect:
 * @device: a #NMDeviceMacsec
 *
 * Gets whether replay protection is enabled
 *
 * Returns: whether replay protection is enabled
 *
 * Since: 1.6
 **/
gboolean
nm_device_macsec_get_replay_protect(NMDeviceMacsec *device)
{
    g_return_val_if_fail(NM_IS_DEVICE_MACSEC(device), FALSE);

    return NM_DEVICE_MACSEC_GET_PRIVATE(device)->replay_protect;
}

/***********************************************************/

static void
nm_device_macsec_init(NMDeviceMacsec *device)
{}

static void
finalize(GObject *object)
{
    NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE(object);

    g_free(priv->validation);

    G_OBJECT_CLASS(nm_device_macsec_parent_class)->finalize(object);
}

static void
get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
{
    NMDeviceMacsec *device = NM_DEVICE_MACSEC(object);

    switch (prop_id) {
    case PROP_PARENT:
        g_value_set_object(value, nm_device_macsec_get_parent(device));
        break;
    case PROP_SCI:
        g_value_set_uint64(value, nm_device_macsec_get_sci(device));
        break;
    case PROP_ICV_LENGTH:
        g_value_set_uchar(value, nm_device_macsec_get_icv_length(device));
        break;
    case PROP_CIPHER_SUITE:
        g_value_set_uint64(value, nm_device_macsec_get_cipher_suite(device));
        break;
    case PROP_WINDOW:
        g_value_set_uint(value, nm_device_macsec_get_window(device));
        break;
    case PROP_ENCODING_SA:
        g_value_set_uchar(value, nm_device_macsec_get_encoding_sa(device));
        break;
    case PROP_VALIDATION:
        g_value_set_string(value, nm_device_macsec_get_validation(device));
        break;
    case PROP_ENCRYPT:
        g_value_set_boolean(value, nm_device_macsec_get_encrypt(device));
        break;
    case PROP_PROTECT:
        g_value_set_boolean(value, nm_device_macsec_get_protect(device));
        break;
    case PROP_INCLUDE_SCI:
        g_value_set_boolean(value, nm_device_macsec_get_include_sci(device));
        break;
    case PROP_ES:
        g_value_set_boolean(value, nm_device_macsec_get_es(device));
        break;
    case PROP_SCB:
        g_value_set_boolean(value, nm_device_macsec_get_scb(device));
        break;
    case PROP_REPLAY_PROTECT:
        g_value_set_boolean(value, nm_device_macsec_get_replay_protect(device));
        break;
    default:
        G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
        break;
    }
}

const NMLDBusMetaIface _nml_dbus_meta_iface_nm_device_macsec = NML_DBUS_META_IFACE_INIT_PROP(
    NM_DBUS_INTERFACE_DEVICE_MACSEC,
    nm_device_macsec_get_type,
    NML_DBUS_META_INTERFACE_PRIO_INSTANTIATE_30,
    NML_DBUS_META_IFACE_DBUS_PROPERTIES(
        NML_DBUS_META_PROPERTY_INIT_T("CipherSuite",
                                      PROP_CIPHER_SUITE,
                                      NMDeviceMacsec,
                                      _priv.cipher_suite),
        NML_DBUS_META_PROPERTY_INIT_Y("EncodingSa",
                                      PROP_ENCODING_SA,
                                      NMDeviceMacsec,
                                      _priv.encoding_sa),
        NML_DBUS_META_PROPERTY_INIT_B("Encrypt", PROP_ENCRYPT, NMDeviceMacsec, _priv.encrypt),
        NML_DBUS_META_PROPERTY_INIT_B("Es", PROP_ES, NMDeviceMacsec, _priv.es),
        NML_DBUS_META_PROPERTY_INIT_Y("IcvLength",
                                      PROP_ICV_LENGTH,
                                      NMDeviceMacsec,
                                      _priv.icv_length),
        NML_DBUS_META_PROPERTY_INIT_B("IncludeSci",
                                      PROP_INCLUDE_SCI,
                                      NMDeviceMacsec,
                                      _priv.include_sci),
        NML_DBUS_META_PROPERTY_INIT_O_PROP("Parent",
                                           PROP_PARENT,
                                           NMDeviceMacsec,
                                           _priv.parent,
                                           nm_device_get_type),
        NML_DBUS_META_PROPERTY_INIT_B("Protect", PROP_PROTECT, NMDeviceMacsec, _priv.protect),
        NML_DBUS_META_PROPERTY_INIT_B("ReplayProtect",
                                      PROP_REPLAY_PROTECT,
                                      NMDeviceMacsec,
                                      _priv.replay_protect),
        NML_DBUS_META_PROPERTY_INIT_B("Scb", PROP_SCB, NMDeviceMacsec, _priv.scb),
        NML_DBUS_META_PROPERTY_INIT_T("Sci", PROP_SCI, NMDeviceMacsec, _priv.sci),
        NML_DBUS_META_PROPERTY_INIT_S("Validation",
                                      PROP_VALIDATION,
                                      NMDeviceMacsec,
                                      _priv.validation),
        NML_DBUS_META_PROPERTY_INIT_U("Window", PROP_WINDOW, NMDeviceMacsec, _priv.window), ), );

static void
nm_device_macsec_class_init(NMDeviceMacsecClass *klass)
{
    GObjectClass  *object_class    = G_OBJECT_CLASS(klass);
    NMObjectClass *nm_object_class = NM_OBJECT_CLASS(klass);

    object_class->get_property = get_property;
    object_class->finalize     = finalize;

    _NM_OBJECT_CLASS_INIT_PRIV_PTR_DIRECT(nm_object_class, NMDeviceMacsec);

    _NM_OBJECT_CLASS_INIT_PROPERTY_O_FIELDS_1(nm_object_class, NMDeviceMacsecPrivate, parent);

    /**
     * NMDeviceMacsec:parent:
     *
     * The devices's parent device.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_PARENT] = g_param_spec_object(NM_DEVICE_MACSEC_PARENT,
                                                      "",
                                                      "",
                                                      NM_TYPE_DEVICE,
                                                      G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:sci:
     *
     * The Secure Channel Identifier in use.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_SCI] = g_param_spec_uint64(NM_DEVICE_MACSEC_SCI,
                                                   "",
                                                   "",
                                                   0,
                                                   G_MAXUINT64,
                                                   0,
                                                   G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:icv-length:
     *
     * The length of ICV (Integrity Check Value).
     *
     * Since: 1.6
     **/
    obj_properties[PROP_ICV_LENGTH] = g_param_spec_uchar(NM_DEVICE_MACSEC_ICV_LENGTH,
                                                         "",
                                                         "",
                                                         0,
                                                         G_MAXUINT8,
                                                         0,
                                                         G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:cipher-suite:
     *
     * The set of cryptographic algorithms in use.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_CIPHER_SUITE] =
        g_param_spec_uint64(NM_DEVICE_MACSEC_CIPHER_SUITE,
                            "",
                            "",
                            0,
                            G_MAXUINT64,
                            0,
                            G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:window:
     *
     * The size of the replay window.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_WINDOW] = g_param_spec_uint(NM_DEVICE_MACSEC_WINDOW,
                                                    "",
                                                    "",
                                                    0,
                                                    G_MAXUINT32,
                                                    0,
                                                    G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:encoding-sa:
     *
     * The value of the Association Number (0..3) for the Security
     * Association in use.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_ENCODING_SA] =
        g_param_spec_uchar(NM_DEVICE_MACSEC_ENCODING_SA,
                           "",
                           "",
                           0,
                           G_MAXUINT8,
                           0,
                           G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:validation:
     *
     * The validation mode for incoming packets (strict, check,
     * disabled).
     *
     * Since: 1.6
     **/
    obj_properties[PROP_VALIDATION] =
        g_param_spec_string(NM_DEVICE_MACSEC_VALIDATION,
                            "",
                            "",
                            NULL,
                            G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:encrypt:
     *
     * Whether encryption of transmitted frames is enabled.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_ENCRYPT] = g_param_spec_boolean(NM_DEVICE_MACSEC_ENCRYPT,
                                                        "",
                                                        "",
                                                        FALSE,
                                                        G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:protect:
     *
     * Whether protection of transmitted frames is enabled.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_PROTECT] = g_param_spec_boolean(NM_DEVICE_MACSEC_PROTECT,
                                                        "",
                                                        "",
                                                        FALSE,
                                                        G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:include-sci:
     *
     * Whether the SCI is always included in SecTAG for transmitted
     * frames.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_INCLUDE_SCI] =
        g_param_spec_boolean(NM_DEVICE_MACSEC_INCLUDE_SCI,
                             "",
                             "",
                             FALSE,
                             G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:es:
     *
     * Whether the ES (End station) bit is enabled in SecTAG for
     * transmitted frames.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_ES] = g_param_spec_boolean(NM_DEVICE_MACSEC_ES,
                                                   "",
                                                   "",
                                                   FALSE,
                                                   G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:scb:
     *
     * Whether the SCB (Single Copy Broadcast) bit is enabled in
     * SecTAG for transmitted frames.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_SCB] = g_param_spec_boolean(NM_DEVICE_MACSEC_SCB,
                                                    "",
                                                    "",
                                                    FALSE,
                                                    G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    /**
     * NMDeviceMacsec:replay-protect:
     *
     * Whether replay protection is enabled.
     *
     * Since: 1.6
     **/
    obj_properties[PROP_REPLAY_PROTECT] =
        g_param_spec_boolean(NM_DEVICE_MACSEC_REPLAY_PROTECT,
                             "",
                             "",
                             FALSE,
                             G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);

    _nml_dbus_meta_class_init_with_properties(object_class, &_nml_dbus_meta_iface_nm_device_macsec);
}