bcm68620_release/release/host_reference/user_appl/dpoe_sec/dpoe_eap_tls.h

/*
<:copyright-BRCM:2016:DUAL/GPL:standard

   Broadcom Proprietary and Confidential.(c) 2016 Broadcom
   All Rights Reserved

Unless you and Broadcom execute a separate written software license
agreement governing use of this software, this software is licensed
to you under the terms of the GNU General Public License version 2
(the "GPL"), available at http://www.broadcom.com/licenses/GPLv2.php,
with the following added to such license:

   As a special exception, the copyright holders of this software give
   you permission to link this software with independent modules, and
   to copy and distribute the resulting executable under terms of your
   choice, provided that you also meet, for each linked independent
   module, the terms and conditions of the license of that module.
   An independent module is a module which is not derived from this
   software.  The special exception does not apply to any modifications
   of the software.

Not withstanding the above, under no circumstances may you combine
this software in any way with any other Broadcom software provided
under a license other than the GPL, without Broadcom's express prior
written consent.

:>
 */

#if !defined(_DPOE_EAP_TLS_H_)
#define _DPOE_EAP_TLS_H_

#include "bcmos_system.h"
#include "dpoe_sec_util.h"

#define COUNT_OF_RANDOM_BYTES 32
#define SIZE_OF_MASTER_SECRET 48
#define SIZE_OF_MASTER_SESSION_KEY 64
#define SIZE_OF_KEY_MATERIAL 128
#define SIZE_OF_RSA_ENCRYPTED_BLOCK 256
#define SIZE_OF_EAP_SESSION_ID 65
#define SIZE_OF_TLS_SESSION_ID 32

/* Total length of the PreMasterSecret */
#define SIZE_OF_PRE_MASTER_SECRET 48

typedef enum
{
    DPOE_ONU_AUTH_STATE_UNAUTHENTICATED,
    DPOE_ONU_AUTH_STATE_EAP_START,
    DPOE_ONU_AUTH_STATE_CERT_REQUEST,
    DPOE_ONU_AUTH_STATE_CLIENT_KEY_RECEIVED,
    DPOE_ONU_AUTH_STATE_CERT_RECEIVED,
    DPOE_ONU_AUTH_STATE_CERT_VALIDATED,
    DPOE_ONU_AUTH_STATE_AUTHENTICATED,
    DPOE_ONU_AUTH_STATE_FAILED
} dpoe_onu_auth_state;

typedef struct
{
    uint8_t major;
    uint8_t minor;
} tls_protocol_version;

#define PROTOCOL_VERSION_SIZE 2

/* DPoE Authentication transient data */
typedef struct
{
    uint8_t client_random[COUNT_OF_RANDOM_BYTES];
    uint8_t server_random[COUNT_OF_RANDOM_BYTES];
    uint8_t session_id[SIZE_OF_EAP_SESSION_ID];
    uint8_t master_secret[SIZE_OF_MASTER_SECRET];
    uint8_t key_material[SIZE_OF_KEY_MATERIAL];
    uint8_t pre_master_secret[SIZE_OF_PRE_MASTER_SECRET];
    dpoe_sec_sha1_hash sha1_hash;
    dpoe_sec_sha1_digest sha1_digest;
    dpoe_sec_md5_hash md5_hash;
    dpoe_sec_md5_digest md5_digest;
    /*  Allow the key to double in size before we break. */
    uint8_t encrypted_cak[2 * SIZE_OF_RSA_ENCRYPTED_BLOCK];
    uint8_t master_session_key[SIZE_OF_MASTER_SESSION_KEY];
    dpoe_sec_rsa_key *rsa;
} auth_trans_data;

typedef struct onu_auth_control
{
    dpoe_onu_auth_state onu_auth_state;
    tls_protocol_version version;
    uint32_t current_packet_id;
    uint8_t *certificate;
    uint16_t certLen;
    uint8_t *onu_cert;
    uint16_t onu_cert_len;
    uint32_t onu_cert_key_size;
    uint8_t *mfg_cert;
    uint16_t mfg_cert_len;
    uint8_t *tls_frag_buffer;
    uint32_t tls_frag_length;
    uint32_t tls_total_length;
    auth_trans_data trans_data;
} onu_auth_control;

struct dpoe_sec_link_rec;

/* callbacks */

typedef void (*f_dpoe_sec_auth_cb)(struct dpoe_sec_link_rec*, bcmos_errno status);

typedef bcmos_bool (*f_dpoe_sec_cert_trust_cb)(struct dpoe_sec_link_rec*);

/* functions */

bcmos_errno dpoe_eap_tls_send_start(struct dpoe_sec_link_rec *link);

bcmos_errno dpoe_eap_tls_process_eapol_pkt(struct dpoe_sec_link_rec *link, uint8_t *msg, uint32_t msg_len);

void dpoe_eap_tls_cleanup(struct dpoe_sec_link_rec *link);

bcmos_errno dpoe_eap_tls_init(f_dpoe_sec_auth_cb auth_cb, f_dpoe_sec_cert_trust_cb cert_trust_cb);

#endif /* _DPOE_EAP_TLS_H_ */