bcm68620_release/release/host_reference/user_appl/dpoe_sec/bcmolt_user_appl_dpoe_sec.c - voltha-bal - Gitiles

 /*
   <:copyright-BRCM:2016:DUAL/GPL:standard

   Broadcom Proprietary and Confidential.(c) 2016 Broadcom
   All Rights Reserved

   Unless you and Broadcom execute a separate written software license
   agreement governing use of this software, this software is licensed
   to you under the terms of the GNU General Public License version 2
   (the "GPL"), available at http://www.broadcom.com/licenses/GPLv2.php,
   with the following added to such license:

   As a special exception, the copyright holders of this software give
   you permission to link this software with independent modules, and
   to copy and distribute the resulting executable under terms of your
   choice, provided that you also meet, for each linked independent
   module, the terms and conditions of the license of that module.
   An independent module is a module which is not derived from this
   software.  The special exception does not apply to any modifications
   of the software.

   Not withstanding the above, under no circumstances may you combine
   this software in any way with any other Broadcom software provided
   under a license other than the GPL, without Broadcom's express prior
   written consent.

   :>
 */

 #include "bcmos_system.h"
 #include "bcmolt_model_types.h"
 #include "bcmolt_epon_oam_types.h"
 #include "bcmolt_user_appl_dpoe_sec.h"
 #include "dpoe_sec_fsm.h"

 static bcmos_bool is_running = BCMOS_FALSE;

 static bcmos_bool cert_authority_trust_placeholder(dpoe_sec_link_rec* link_rec)
 {
     BCM_LOG(INFO, dpoe_sec_log_id[link_rec->device], "This function should validate the certificate information stored in the link record and decide whether to accept this authentication.\n");
     return BCMOS_TRUE;
 }

 static void fsm_complete_placeholder(bcmolt_devid device, bcmolt_epon_link_key link_key, bcmos_errno status)
 {
     if (status == BCM_ERR_OK)
     {
         BCM_LOG(INFO, dpoe_sec_log_id[device], "The DPoE Security FSM completed successfully. This link can now be configured for service.\n");
     }
     else
     {
         BCM_LOG(INFO, dpoe_sec_log_id[device], "The DPoE Security FSM failed due to %s (%d). Appropriate action should be taken to correct this error.\n", bcmos_strerror(status), status);
     }
 }

 #ifdef ENABLE_CLI
 static bcmos_errno dpoe_sec_cli_auth(bcmcli_session *session, const bcmcli_cmd_parm parm[], uint16_t n_parms)
 {
     bcmolt_epon_link_key link_key;
     dpoe_sec_fsm_start_data cfg;

     link_key.epon_ni = (bcmolt_epon_ni)bcmcli_find_named_parm(session, "pon")->value.unumber;
     link_key.mac_address = bcmcli_find_named_parm(session, "onu")->value.mac;
     cfg.enc_mode = (bcmolt_epon_oam_dpoe_encryption_mode)bcmcli_find_named_parm(session, "mode")->value.enum_val;
     cfg.auth = BCMOS_TRUE;

     return dpoe_sec_fsm_link_start(current_device, link_key, &cfg);
 }
 #endif

 void bcmolt_user_appl_dpoe_sec_cli_init(bcmcli_entry *top_dir)
 {
 #ifdef ENABLE_CLI
     static const char *dir_name = "dpoe_sec";

     if (bcmcli_dir_find(top_dir, dir_name))
     {
         return;
     }

     bcmcli_entry *dpoe_sec_dir = bcmcli_dir_add(top_dir, dir_name, "DPoE Security", BCMCLI_ACCESS_ADMIN, NULL);
     BUG_ON(NULL == dpoe_sec_dir);

     static bcmcli_enum_val enc_mode_table[] =
     {
         {"none", (long)BCMOLT_EPON_OAM_DPOE_ENCRYPTION_MODE_NONE},
         {"1down", (long)BCMOLT_EPON_OAM_DPOE_ENCRYPTION_MODE_ONE_DOWN},
         {"10down", (long)BCMOLT_EPON_OAM_DPOE_ENCRYPTION_MODE_TEN_DOWN},
         {"10bi", (long)BCMOLT_EPON_OAM_DPOE_ENCRYPTION_MODE_TEN_BI},
         BCMCLI_ENUM_LAST
     };

     BCMCLI_MAKE_CMD(dpoe_sec_dir, "auth", "Authenticate ONU", dpoe_sec_cli_auth,
         BCMCLI_MAKE_PARM("pon", "PON NI", BCMCLI_PARM_UDECIMAL, BCMCLI_PARM_FLAG_NONE),
         BCMCLI_MAKE_PARM("onu", "ONU MAC", BCMCLI_PARM_MAC, BCMCLI_PARM_FLAG_NONE),
         BCMCLI_MAKE_PARM_ENUM("mode", "Encryption mode", enc_mode_table, BCMCLI_PARM_FLAG_NONE));
 #endif
 }

 void bcmolt_user_appl_dpoe_sec_process_proxy_rx(bcmolt_devid device_id, bcmolt_proxy_rx *proxy_rx)
 {
     const bcmolt_epon_link_frame_captured *cap = (bcmolt_epon_link_frame_captured*)proxy_rx;

     if ((BCMOLT_OBJ_ID_EPON_LINK == proxy_rx->hdr.obj_type) &&
         (BCMOLT_EPON_LINK_PROXY_RX_ID_FRAME_CAPTURED == proxy_rx->hdr.subgroup))
     {
         if ((cap->data.frame.val[12] == 0x88) &&
             (cap->data.frame.val[13] == 0x09) &&
             (cap->data.frame.val[14] == 0x03))
         {
             uint8_t *frame_copy;

             frame_copy = bcmos_alloc(cap->data.frame.len);
             memcpy(frame_copy, cap->data.frame.val, cap->data.frame.len);

             dpoe_sec_fsm_link_rx_oam(device_id, cap->key, frame_copy, cap->data.frame.len);
         }
     }
     else
     {
         return; /* not a frame captured on a link - ignore */
     }
 }

 void bcmolt_user_appl_dpoe_sec_init(void)
 {
     if (is_running)
     {
         return;
     }

     dpoe_sec_fsm_init(cert_authority_trust_placeholder, fsm_complete_placeholder);

     is_running = BCMOS_TRUE;
 }
	/*
	<:copyright-BRCM:2016:DUAL/GPL:standard

	Broadcom Proprietary and Confidential.(c) 2016 Broadcom
	All Rights Reserved

	Unless you and Broadcom execute a separate written software license
	agreement governing use of this software, this software is licensed
	to you under the terms of the GNU General Public License version 2
	(the "GPL"), available at http://www.broadcom.com/licenses/GPLv2.php,
	with the following added to such license:

	As a special exception, the copyright holders of this software give
	you permission to link this software with independent modules, and
	to copy and distribute the resulting executable under terms of your
	choice, provided that you also meet, for each linked independent
	module, the terms and conditions of the license of that module.
	An independent module is a module which is not derived from this
	software. The special exception does not apply to any modifications
	of the software.

	Not withstanding the above, under no circumstances may you combine
	this software in any way with any other Broadcom software provided
	under a license other than the GPL, without Broadcom's express prior
	written consent.

	:>
	*/

	#include "bcmos_system.h"
	#include "bcmolt_model_types.h"
	#include "bcmolt_epon_oam_types.h"
	#include "bcmolt_user_appl_dpoe_sec.h"
	#include "dpoe_sec_fsm.h"

	static bcmos_bool is_running = BCMOS_FALSE;

	static bcmos_bool cert_authority_trust_placeholder(dpoe_sec_link_rec* link_rec)
	{
	BCM_LOG(INFO, dpoe_sec_log_id[link_rec->device], "This function should validate the certificate information stored in the link record and decide whether to accept this authentication.\n");
	return BCMOS_TRUE;
	}

	static void fsm_complete_placeholder(bcmolt_devid device, bcmolt_epon_link_key link_key, bcmos_errno status)
	{
	if (status == BCM_ERR_OK)
	{
	BCM_LOG(INFO, dpoe_sec_log_id[device], "The DPoE Security FSM completed successfully. This link can now be configured for service.\n");
	}
	else
	{
	BCM_LOG(INFO, dpoe_sec_log_id[device], "The DPoE Security FSM failed due to %s (%d). Appropriate action should be taken to correct this error.\n", bcmos_strerror(status), status);
	}
	}

	#ifdef ENABLE_CLI
	static bcmos_errno dpoe_sec_cli_auth(bcmcli_session *session, const bcmcli_cmd_parm parm[], uint16_t n_parms)
	{
	bcmolt_epon_link_key link_key;
	dpoe_sec_fsm_start_data cfg;

	link_key.epon_ni = (bcmolt_epon_ni)bcmcli_find_named_parm(session, "pon")->value.unumber;
	link_key.mac_address = bcmcli_find_named_parm(session, "onu")->value.mac;
	cfg.enc_mode = (bcmolt_epon_oam_dpoe_encryption_mode)bcmcli_find_named_parm(session, "mode")->value.enum_val;
	cfg.auth = BCMOS_TRUE;

	return dpoe_sec_fsm_link_start(current_device, link_key, &cfg);
	}
	#endif

	void bcmolt_user_appl_dpoe_sec_cli_init(bcmcli_entry *top_dir)
	{
	#ifdef ENABLE_CLI
	static const char *dir_name = "dpoe_sec";

	if (bcmcli_dir_find(top_dir, dir_name))
	{
	return;
	}

	bcmcli_entry *dpoe_sec_dir = bcmcli_dir_add(top_dir, dir_name, "DPoE Security", BCMCLI_ACCESS_ADMIN, NULL);
	BUG_ON(NULL == dpoe_sec_dir);

	static bcmcli_enum_val enc_mode_table[] =
	{
	{"none", (long)BCMOLT_EPON_OAM_DPOE_ENCRYPTION_MODE_NONE},
	{"1down", (long)BCMOLT_EPON_OAM_DPOE_ENCRYPTION_MODE_ONE_DOWN},
	{"10down", (long)BCMOLT_EPON_OAM_DPOE_ENCRYPTION_MODE_TEN_DOWN},
	{"10bi", (long)BCMOLT_EPON_OAM_DPOE_ENCRYPTION_MODE_TEN_BI},
	BCMCLI_ENUM_LAST
	};

	BCMCLI_MAKE_CMD(dpoe_sec_dir, "auth", "Authenticate ONU", dpoe_sec_cli_auth,
	BCMCLI_MAKE_PARM("pon", "PON NI", BCMCLI_PARM_UDECIMAL, BCMCLI_PARM_FLAG_NONE),
	BCMCLI_MAKE_PARM("onu", "ONU MAC", BCMCLI_PARM_MAC, BCMCLI_PARM_FLAG_NONE),
	BCMCLI_MAKE_PARM_ENUM("mode", "Encryption mode", enc_mode_table, BCMCLI_PARM_FLAG_NONE));
	#endif
	}

	void bcmolt_user_appl_dpoe_sec_process_proxy_rx(bcmolt_devid device_id, bcmolt_proxy_rx *proxy_rx)
	{
	const bcmolt_epon_link_frame_captured cap = (bcmolt_epon_link_frame_captured)proxy_rx;

	if ((BCMOLT_OBJ_ID_EPON_LINK == proxy_rx->hdr.obj_type) &&
	(BCMOLT_EPON_LINK_PROXY_RX_ID_FRAME_CAPTURED == proxy_rx->hdr.subgroup))
	{
	if ((cap->data.frame.val[12] == 0x88) &&
	(cap->data.frame.val[13] == 0x09) &&
	(cap->data.frame.val[14] == 0x03))
	{
	uint8_t *frame_copy;

	frame_copy = bcmos_alloc(cap->data.frame.len);
	memcpy(frame_copy, cap->data.frame.val, cap->data.frame.len);

	dpoe_sec_fsm_link_rx_oam(device_id, cap->key, frame_copy, cap->data.frame.len);
	}
	}
	else
	{
	return; /* not a frame captured on a link - ignore */
	}
	}

	void bcmolt_user_appl_dpoe_sec_init(void)
	{
	if (is_running)
	{
	return;
	}

	dpoe_sec_fsm_init(cert_authority_trust_placeholder, fsm_complete_placeholder);

	is_running = BCMOS_TRUE;
	}