Shad Ansari | 2f7f9be | 2017-06-07 13:34:53 -0700 | [diff] [blame] | 1 | /* |
| 2 | <:copyright-BRCM:2016:DUAL/GPL:standard |
| 3 | |
| 4 | Broadcom Proprietary and Confidential.(c) 2016 Broadcom |
| 5 | All Rights Reserved |
| 6 | |
| 7 | Unless you and Broadcom execute a separate written software license |
| 8 | agreement governing use of this software, this software is licensed |
| 9 | to you under the terms of the GNU General Public License version 2 |
| 10 | (the "GPL"), available at http://www.broadcom.com/licenses/GPLv2.php, |
| 11 | with the following added to such license: |
| 12 | |
| 13 | As a special exception, the copyright holders of this software give |
| 14 | you permission to link this software with independent modules, and |
| 15 | to copy and distribute the resulting executable under terms of your |
| 16 | choice, provided that you also meet, for each linked independent |
| 17 | module, the terms and conditions of the license of that module. |
| 18 | An independent module is a module which is not derived from this |
| 19 | software. The special exception does not apply to any modifications |
| 20 | of the software. |
| 21 | |
| 22 | Not withstanding the above, under no circumstances may you combine |
| 23 | this software in any way with any other Broadcom software provided |
| 24 | under a license other than the GPL, without Broadcom's express prior |
| 25 | written consent. |
| 26 | |
| 27 | :> |
| 28 | */ |
| 29 | |
| 30 | #if !defined(_DPOE_EAP_TLS_H_) |
| 31 | #define _DPOE_EAP_TLS_H_ |
| 32 | |
| 33 | #include "bcmos_system.h" |
| 34 | #include "dpoe_sec_util.h" |
| 35 | |
| 36 | #define COUNT_OF_RANDOM_BYTES 32 |
| 37 | #define SIZE_OF_MASTER_SECRET 48 |
| 38 | #define SIZE_OF_MASTER_SESSION_KEY 64 |
| 39 | #define SIZE_OF_KEY_MATERIAL 128 |
| 40 | #define SIZE_OF_RSA_ENCRYPTED_BLOCK 256 |
| 41 | #define SIZE_OF_EAP_SESSION_ID 65 |
| 42 | #define SIZE_OF_TLS_SESSION_ID 32 |
| 43 | |
| 44 | /* Total length of the PreMasterSecret */ |
| 45 | #define SIZE_OF_PRE_MASTER_SECRET 48 |
| 46 | |
| 47 | typedef enum |
| 48 | { |
| 49 | DPOE_ONU_AUTH_STATE_UNAUTHENTICATED, |
| 50 | DPOE_ONU_AUTH_STATE_EAP_START, |
| 51 | DPOE_ONU_AUTH_STATE_CERT_REQUEST, |
| 52 | DPOE_ONU_AUTH_STATE_CLIENT_KEY_RECEIVED, |
| 53 | DPOE_ONU_AUTH_STATE_CERT_RECEIVED, |
| 54 | DPOE_ONU_AUTH_STATE_CERT_VALIDATED, |
| 55 | DPOE_ONU_AUTH_STATE_AUTHENTICATED, |
| 56 | DPOE_ONU_AUTH_STATE_FAILED |
| 57 | } dpoe_onu_auth_state; |
| 58 | |
| 59 | typedef struct |
| 60 | { |
| 61 | uint8_t major; |
| 62 | uint8_t minor; |
| 63 | } tls_protocol_version; |
| 64 | |
| 65 | #define PROTOCOL_VERSION_SIZE 2 |
| 66 | |
| 67 | /* DPoE Authentication transient data */ |
| 68 | typedef struct |
| 69 | { |
| 70 | uint8_t client_random[COUNT_OF_RANDOM_BYTES]; |
| 71 | uint8_t server_random[COUNT_OF_RANDOM_BYTES]; |
| 72 | uint8_t session_id[SIZE_OF_EAP_SESSION_ID]; |
| 73 | uint8_t master_secret[SIZE_OF_MASTER_SECRET]; |
| 74 | uint8_t key_material[SIZE_OF_KEY_MATERIAL]; |
| 75 | uint8_t pre_master_secret[SIZE_OF_PRE_MASTER_SECRET]; |
| 76 | dpoe_sec_sha1_hash sha1_hash; |
| 77 | dpoe_sec_sha1_digest sha1_digest; |
| 78 | dpoe_sec_md5_hash md5_hash; |
| 79 | dpoe_sec_md5_digest md5_digest; |
| 80 | /* Allow the key to double in size before we break. */ |
| 81 | uint8_t encrypted_cak[2 * SIZE_OF_RSA_ENCRYPTED_BLOCK]; |
| 82 | uint8_t master_session_key[SIZE_OF_MASTER_SESSION_KEY]; |
| 83 | dpoe_sec_rsa_key *rsa; |
| 84 | } auth_trans_data; |
| 85 | |
| 86 | typedef struct onu_auth_control |
| 87 | { |
| 88 | dpoe_onu_auth_state onu_auth_state; |
| 89 | tls_protocol_version version; |
| 90 | uint32_t current_packet_id; |
| 91 | uint8_t *certificate; |
| 92 | uint16_t certLen; |
| 93 | uint8_t *onu_cert; |
| 94 | uint16_t onu_cert_len; |
| 95 | uint32_t onu_cert_key_size; |
| 96 | uint8_t *mfg_cert; |
| 97 | uint16_t mfg_cert_len; |
| 98 | uint8_t *tls_frag_buffer; |
| 99 | uint32_t tls_frag_length; |
| 100 | uint32_t tls_total_length; |
| 101 | auth_trans_data trans_data; |
| 102 | } onu_auth_control; |
| 103 | |
| 104 | struct dpoe_sec_link_rec; |
| 105 | |
| 106 | /* callbacks */ |
| 107 | |
| 108 | typedef void (*f_dpoe_sec_auth_cb)(struct dpoe_sec_link_rec*, bcmos_errno status); |
| 109 | |
| 110 | typedef bcmos_bool (*f_dpoe_sec_cert_trust_cb)(struct dpoe_sec_link_rec*); |
| 111 | |
| 112 | /* functions */ |
| 113 | |
| 114 | bcmos_errno dpoe_eap_tls_send_start(struct dpoe_sec_link_rec *link); |
| 115 | |
| 116 | bcmos_errno dpoe_eap_tls_process_eapol_pkt(struct dpoe_sec_link_rec *link, uint8_t *msg, uint32_t msg_len); |
| 117 | |
| 118 | void dpoe_eap_tls_cleanup(struct dpoe_sec_link_rec *link); |
| 119 | |
| 120 | bcmos_errno dpoe_eap_tls_init(f_dpoe_sec_auth_cb auth_cb, f_dpoe_sec_cert_trust_cb cert_trust_cb); |
| 121 | |
| 122 | #endif /* _DPOE_EAP_TLS_H_ */ |