VOL-4337: Code upgrade for 3/2020 G.988 support and remaining Extended Message Set support
Change-Id: I6c5e1a167216ad9b51e9da89460e9909465ae1bc
diff --git a/generated/enhancedsecuritycontrol.go b/generated/enhancedsecuritycontrol.go
index af3fa3c..7c2948a 100644
--- a/generated/enhancedsecuritycontrol.go
+++ b/generated/enhancedsecuritycontrol.go
@@ -27,11 +27,11 @@
// EnhancedSecurityControlClassID is the 16-bit ID for the OMCI
// Managed entity Enhanced security control
-const EnhancedSecurityControlClassID ClassID = ClassID(332)
+const EnhancedSecurityControlClassID = ClassID(332) // 0x014c
var enhancedsecuritycontrolBME *ManagedEntityDefinition
-// EnhancedSecurityControl (class ID #332)
+// EnhancedSecurityControl (Class ID: #332 / 0x014c)
// This ME contains the capabilities, parameters and controls of enhanced GPON security features
// when they are negotiated via the OMCI (Note). The attributes in this ME are intended to be used
// to implement a symmetric-key-based three step authentication process as described in the
@@ -45,33 +45,79 @@
//
// Attributes
// Managed Entity Id
-// Managed entity ID: This attribute uniquely identifies each instance of this ME. There is only
-// one instance, number 0. (R) (mandatory) (2 bytes)
+// This attribute uniquely identifies each instance of this ME. There is only one instance, number
+// 0. (R) (mandatory) (2 bytes)
//
// Olt Crypto Capabilities
+// This attribute specifies the cryptographic mechanisms available at the OLT. It is written by the
+// OLT during authentication step 1. It is formatted as a bit map, where a 1 bit indicates that the
+// particular algorithm is supported, and a 0 bit indicates it is not supported.
+//
+// Bit position Algorithm
+//
+// 1 (LSB) AES-CMAC-128 (support is mandatory)
+//
+// 2 HMAC-SHA-256
+//
+// 3 HMAC-SHA-512
+//
+// 4-128 Reserved
+//
// (W) (mandatory) (16 bytes)
//
// Olt Random Challenge Table
+// This attribute specifies the random challenge OLT_challenge issued by the OLT during
+// authentication step 1. It is structured as a table, with each entry being 17 bytes. The first
+// byte is the table row number, starting at 1, and the remaining 16 bytes are the contents of the
+// entry. OLT_challenge is the concatenation of all 16-byte content fields. In normal use, the OLT
+// will write all the entries in the table, and then trigger the ONU's processing of the entire
+// table using the OLT challenge status attribute. The table size is known by the maximum index set
+// by the OLT. The OLT can clear the table with a set operation to row 0. (R, W) (mandatory) (17 *
+// N-bytes)
+//
// NOTE - It is assumed that the length of OLT_challenge is always an integer multiple of 16-bytes.
//
// Olt Challenge Status
+// This Boolean attribute controls the completion of authentication step 1. This attribute behaves
+// as follows.
+//
+// When the OLT performs the first of possibly several set operations to the OLT crypto
+// capabilities or the OLT random challenge table attributes, a side effect of the set operation is
+// that the ONU sets the OLT challenge status attribute to false.
+//
+// When the OLT completes the set operation(s) to the OLT crypto capabilities and the OLT random
+// challenge table attributes, then it sets the OLT challenge status attribute to true. This
+// triggers the ONU to process the OLT random challenge table, using its choice of the OLT's
+// candidate cryptographic hash algorithms.
+//
// The ONU initializes this attribute to the value false. (R, W) (mandatory) (1-byte)
//
// Onu Selected Crypto Capabilities
-// ONU selected crypto capabilities: This attribute specifies the cryptographic capability selected
-// by the ONU in authentication step 2. Its value specifies one of the bit positions that has the
-// value 1 in the OLT crypto capabilities attribute. (R) (mandatory) (1 byte)
+// This attribute specifies the cryptographic capability selected by the ONU in authentication step
+// 2. Its value specifies one of the bit positions that has the value 1 in the OLT crypto
+// capabilities attribute. (R) (mandatory) (1 byte)
//
// Onu Random Challenge Table
-// ONU random challenge table: This attribute specifies the random challenge ONU_challenge issued
-// by the ONU during authentication step 2. It is structured as a table, with each entry being
-// 16-bytes of content. ONU_challenge is the concatenation of all 16-byte content fields in the
-// table. Once the OLT triggers a response to be generated using the OLT challenge status
-// attribute, the ONU generates the response and writes the table (in a single operation). The AVC
-// generated by this attribute signals to the OLT that the challenge is ready, so that the OLT can
-// commence a get/get-next sequence to obtain the table's contents. (R) (mandatory) (16 * P-bytes)
+// This attribute specifies the random challenge ONU_challenge issued by the ONU during
+// authentication step 2. It is structured as a table, with each entry being 16-bytes of content.
+// ONU_challenge is the concatenation of all 16-byte content fields in the table. Once the OLT
+// triggers a response to be generated using the OLT challenge status attribute, the ONU generates
+// the response and writes the table (in a single operation). The AVC generated by this attribute
+// signals to the OLT that the challenge is ready, so that the OLT can commence a get/get-next
+// sequence to obtain the table's contents. (R) (mandatory) (16 * P-bytes)
//
// Onu Authentication Result Table
+// (authentication step 2). This attribute contains the result of the authentication computation
+// from the ONU (ONU_result), according to the ONU's selected crypto capabilities attribute.
+//
+// ONU_result-= SelectedHashFunction (PSK, (ONU_selected_crypto capabilities | OLT_challenge |
+// ONU_challenge | 0x0000 0000 0000 0000)),
+//
+// where "|" denotes concatenation.
+//
+// This attribute is structured as a table, with each entry being 16 bytes of content. The number
+// of rows Q is implicit in the choice of hash algorithm.
+//
// Once the OLT triggers a response to be generated using the OLT challenge status attribute, the
// ONU generates ONU_result and writes the table (in a single operation). The AVC generated by this
// attribute signals to the OLT that the response is ready, so that the OLT can commence a get/get-
@@ -85,23 +131,107 @@
// rows R is implicit in the choice of hash algorithm. The OLT can clear the table with a set
// operation to row 0. (W) (mandatory) (17 * R-bytes)
//
+// This attribute is used in authentication step 3. It contains OLT_result, the result of the
+// authentication computation from the OLT.
+//
+// OLT_result-= SelectedHashFunction (PSK, (ONU_selected_crypto capabilities | ONU_challenge |
+// OLT_challenge | ONU_serial_number)).
+//
+// The ONU_serial_number is the serial number attribute of the ONU-G ME, 8 bytes.
+//
// Olt Result Status
+// (authentication step 3). This Boolean attribute controls and reports the status of the OLT
+// authentication result table attribute. This attribute behaves as follows.
+//
+// When the OLT performs the first of possibly several set operations to the OLT authentication
+// result table attribute, a side effect of the set operation is that the ONU sets the OLT result
+// status attribute to false.
+//
+// When the OLT completes the set operation(s) to the OLT authentication result table, then it sets
+// the OLT result status attribute to true. This triggers the ONU to process the OLT authentication
+// result table.
+//
// (R, W) (mandatory) (1 byte)
//
// Onu Authentication Status
+// This attribute indicates the status of the authentication relationship from the perspective of
+// the ONU. It has the following values.
+//
+// 0 Indeterminate. This initial value indicates that the OMCI authentication process has not yet
+// completed, and may not even have been started.
+//
+// 1 Reserved.
+//
+// 2 Reserved.
+//
+// 3 Authentication success: the procedure has completed at least once since the latest ONU
+// activation and in its most recent execution, the ONU has authenticated the OLT.
+//
+// 4 Authentication failure: the procedure has completed at least once since the latest ONU
+// activation, and either its most recent execution resulted in an error or the ONU has failed to
+// authenticate the OLT.
+//
+// 5 Reserved.
+//
+// Upon ONU activation, the ONU sets the attribute to the initial value. When the ONU
+// authentication status has the value 3, encryption keys exchanged in the TC layer will be
+// encrypted using the master session key (ITUT G.984 systems) or the key encryption key (KEK,
+// ITU-T G.987 systems). The OLT should check the value of this attribute before initiating a key
+// switch.
+//
// (R) (mandatory) (1 byte)
//
// Master Session Key Name
+// Following successful authentication, this register contains the "name," or the hash signature,
+// of the current master session key. The master session key is defined as:
+//
+// MSK-= SelectedHashFunction (PSK, (OLT_challenge | ONU_challenge)).
+//
+// The master session key name is defined as:
+//
+// MSKname-= SelectedHashFunction (PSK, (ONU_challenge | OLT_challenge | 0x 3141 5926 5358 9793
+// 3141 5926 5358 9793)).
+//
+// If the selected hash function generates more than 128 bits, the result is truncated to the
+// leftmost (most significant) 128 bits.
+//
// Upon the invalidation of a master session key (e.g., due to an ONU reset or deactivation, or due
// to an ONU-local decision that the master session key has expired), the ONU sets the master
// session key name to all zeros. (R) (mandatory) (16 bytes)
//
// Broadcast Key Table
+// 10 Clear the entire table.
+//
+// 11 Reserved.
+//
+// The four MSBs specify the length of the fragment, which is left-justified in the key fragment
+// field. The value 0 indicates 16-bytes of key fragment.
+//
+// The other two bits are reserved.
+//
+// Row identifier (1 byte): The two MSBs of this field are the key index, which appears in the
+// header of encrypted multicast GEM frames. Key index 0 always indicates cleartext, and should
+// therefore not appear in the identifier. The four LSBs identify the key fragment number, starting
+// with 0. The other two bits are reserved.
+//
+// Key fragment (16 bytes): This field contains the specified fragment of the key (encrypted with
+// AES-ECB using the KEK).
+//
// (R, W) (optional) (18N bytes)
//
+// This attribute is defined only in ITU-T G.987 systems. It contains the broadcast key generated
+// by the OLT. It is a table, each of whose rows is structured as follows.
+//
+// Row control (1 byte): The two LSBs of this byte determine the attribute's behaviour under the
+// set action. They always read back as 0 under the get next action.
+//
+// 00 Set the specified row.
+//
+// 01 Clear the specified row.
+//
// Effective Key Length
-// Effective key length: This attribute specifies the maximum effective length, in bits, of keys
-// generated by the ONU. (R) (optional) (2 bytes)
+// This attribute specifies the maximum effective length, in bits, of keys generated by the ONU.
+// (R) (optional) (2 bytes)
//
type EnhancedSecurityControl struct {
ManagedEntityDefinition