Gitiles
Code Review Sign In
gerrit.opencord.org / voltha-bal / refs/heads/master / . / bcm68620_release / release / host_reference / user_appl / dpoe_sec / mka.h
blob: b1958646a4dcf7444e99b7534d4f1edacc22f6d9 [file] [log] [blame]
/*
<:copyright-BRCM:2016:DUAL/GPL:standard
Broadcom Proprietary and Confidential.(c) 2016 Broadcom
All Rights Reserved
Unless you and Broadcom execute a separate written software license
agreement governing use of this software, this software is licensed
to you under the terms of the GNU General Public License version 2
(the "GPL"), available at http://www.broadcom.com/licenses/GPLv2.php,
with the following added to such license:
As a special exception, the copyright holders of this software give
you permission to link this software with independent modules, and
to copy and distribute the resulting executable under terms of your
choice, provided that you also meet, for each linked independent
module, the terms and conditions of the license of that module.
An independent module is a module which is not derived from this
software. The special exception does not apply to any modifications
of the software.
Not withstanding the above, under no circumstances may you combine
this software in any way with any other Broadcom software provided
under a license other than the GPL, without Broadcom's express prior
written consent.
:>
*/
#if !defined(MKA_H)
#define MKA_H
#include "bcmos_system.h"
#include "bcmolt_model_types.h"
#define MKA_LIFE_TIME 6000 /* Ms, 6 seconds */
#define MKA_SCI_LEN 8 /* common SCI size */
#define MKA_MI_LEN 12 /* Member Identifier */
/* KEK */
#define MKA_KEK_LEN 128 /* bit length. 16 bytes */
/* SAK */
#define MKA_SAK_LEN 16
/* ICK */
#define MKA_ICK_LEN 128 /* bit length. 16 bytes */
/* CKN */
#define MKA_CKN_LEN 128 /* bit length. 16 bytes */
/* CAK */
#define MKA_CAK_LEN 128 /* bit length. 16 bytes */
/* for MACSec Key Agreement */
typedef enum
{
MKA_STATE_INITIAL = 0,
MKA_STATE_WAITING_INITIAL_PEER_RESP = 1,
MKA_STATE_SAK_SENT = 2,
MKA_STATE_MKA_DONE = 3,
MKA_STATE__COUNT
} mka_state;
typedef enum
{
MKA_PEER_STATE_NONE = 0,
MKA_PEER_STATE_LIVE = 1,
MKA_PEER_STATE_POTENTIAL = 2,
} mka_peer_state;
typedef struct
{
uint8_t onu_sci[MKA_SCI_LEN]; /**< ONU's SCI */
uint8_t olt_member_id[MKA_MI_LEN]; /**< OLT MI */
uint32_t curr_msg_num; /**< Current OLT MN */
uint8_t link_memeber_id[MKA_MI_LEN]; /**< Link MI */
uint32_t link_msg_num; /**< Current Link MN */
uint8_t cak[MKA_CAK_LEN/8]; /**< Derived CAK */
uint8_t ckn[MKA_CKN_LEN/8]; /**< Derived CKN */
uint8_t sak[MKA_SAK_LEN]; /**< Derived SAK (a.k.a TEK) */
uint8_t new_sak[MKA_SAK_LEN]; /**< New derived SAK for key refresh */
uint8_t kek[MKA_KEK_LEN/8]; /**< Derived KEK */
uint8_t ick[MKA_ICK_LEN/8]; /**< Derived ICK */
uint32_t key_number; /**< Current KN */
uint8_t association_number; /**< AN */
bcmos_mac_address lesser_mac; /**< Lowest MAC address of MKA peers */
bcmos_mac_address greater_mac; /**< Greatest MAC address of MKA peers */
mka_state state; /**< State of MKA proper SM */
mka_peer_state peer_state; /**< State of MKA peer */
uint8_t retry_cnt; /**< MKA message retry count */
uint8_t refresh_cnt; /**< Important for building SAK Use Param set */
bcmos_bool sak_refresh_needed; /**< SAK refresh needed flag */
} mka_link_info;
/* The type of MKA operation to process. */
typedef enum mka_op_type
{
MKA_OP__INVALID = -1,
/* Packet operations. */
MKA_OP_START_RSP,
MKA_OP_SAK_RSP,
MKA_OP_KEEP_ALIVE,
/* Timeout operations. */
MKA_OP_START_TIMEOUT,
MKA_OP_SAK_TIMEOUT,
MKA_OP_SEND_KEEP_ALIVE,
MKA_OP__COUNT
} mka_op_type;
struct dpoe_sec_link_rec;
bcmos_errno mka_start(struct dpoe_sec_link_rec *link);
void mka_generate_sak(struct dpoe_sec_link_rec *link, bcmos_bool initial);
bcmos_errno mka_send_sak(struct dpoe_sec_link_rec *link, uint8_t *sak);
bcmos_errno mka_send_sak_confirm(struct dpoe_sec_link_rec *link);
bcmos_errno mka_process_packet(struct dpoe_sec_link_rec *link, bcmolt_u8_list_u16 rx_frame, mka_op_type op_type);
bcmos_errno mka_process_timeout(struct dpoe_sec_link_rec *link, mka_op_type op_type);
#endif /* MKA_H */