| Shad Ansari | 2f7f9be | 2017-06-07 13:34:53 -0700 | [diff] [blame] | 1 | /* |
| 2 | <:copyright-BRCM:2016:DUAL/GPL:standard |
| 3 | |
| 4 | Broadcom Proprietary and Confidential.(c) 2016 Broadcom |
| 5 | All Rights Reserved |
| 6 | |
| 7 | Unless you and Broadcom execute a separate written software license |
| 8 | agreement governing use of this software, this software is licensed |
| 9 | to you under the terms of the GNU General Public License version 2 |
| 10 | (the "GPL"), available at http://www.broadcom.com/licenses/GPLv2.php, |
| 11 | with the following added to such license: |
| 12 | |
| 13 | As a special exception, the copyright holders of this software give |
| 14 | you permission to link this software with independent modules, and |
| 15 | to copy and distribute the resulting executable under terms of your |
| 16 | choice, provided that you also meet, for each linked independent |
| 17 | module, the terms and conditions of the license of that module. |
| 18 | An independent module is a module which is not derived from this |
| 19 | software. The special exception does not apply to any modifications |
| 20 | of the software. |
| 21 | |
| 22 | Not withstanding the above, under no circumstances may you combine |
| 23 | this software in any way with any other Broadcom software provided |
| 24 | under a license other than the GPL, without Broadcom's express prior |
| 25 | written consent. |
| 26 | |
| 27 | :> |
| 28 | */ |
| 29 | |
| 30 | #if !defined(MKA_H) |
| 31 | #define MKA_H |
| 32 | |
| 33 | #include "bcmos_system.h" |
| 34 | #include "bcmolt_model_types.h" |
| 35 | |
| 36 | #define MKA_LIFE_TIME 6000 /* Ms, 6 seconds */ |
| 37 | |
| 38 | #define MKA_SCI_LEN 8 /* common SCI size */ |
| 39 | #define MKA_MI_LEN 12 /* Member Identifier */ |
| 40 | |
| 41 | /* KEK */ |
| 42 | #define MKA_KEK_LEN 128 /* bit length. 16 bytes */ |
| 43 | |
| 44 | /* SAK */ |
| 45 | #define MKA_SAK_LEN 16 |
| 46 | |
| 47 | /* ICK */ |
| 48 | #define MKA_ICK_LEN 128 /* bit length. 16 bytes */ |
| 49 | |
| 50 | /* CKN */ |
| 51 | #define MKA_CKN_LEN 128 /* bit length. 16 bytes */ |
| 52 | |
| 53 | /* CAK */ |
| 54 | #define MKA_CAK_LEN 128 /* bit length. 16 bytes */ |
| 55 | |
| 56 | /* for MACSec Key Agreement */ |
| 57 | typedef enum |
| 58 | { |
| 59 | MKA_STATE_INITIAL = 0, |
| 60 | MKA_STATE_WAITING_INITIAL_PEER_RESP = 1, |
| 61 | MKA_STATE_SAK_SENT = 2, |
| 62 | MKA_STATE_MKA_DONE = 3, |
| 63 | |
| 64 | MKA_STATE__COUNT |
| 65 | } mka_state; |
| 66 | |
| 67 | typedef enum |
| 68 | { |
| 69 | MKA_PEER_STATE_NONE = 0, |
| 70 | MKA_PEER_STATE_LIVE = 1, |
| 71 | MKA_PEER_STATE_POTENTIAL = 2, |
| 72 | } mka_peer_state; |
| 73 | |
| 74 | typedef struct |
| 75 | { |
| 76 | uint8_t onu_sci[MKA_SCI_LEN]; /**< ONU's SCI */ |
| 77 | uint8_t olt_member_id[MKA_MI_LEN]; /**< OLT MI */ |
| 78 | uint32_t curr_msg_num; /**< Current OLT MN */ |
| 79 | uint8_t link_memeber_id[MKA_MI_LEN]; /**< Link MI */ |
| 80 | uint32_t link_msg_num; /**< Current Link MN */ |
| 81 | uint8_t cak[MKA_CAK_LEN/8]; /**< Derived CAK */ |
| 82 | uint8_t ckn[MKA_CKN_LEN/8]; /**< Derived CKN */ |
| 83 | uint8_t sak[MKA_SAK_LEN]; /**< Derived SAK (a.k.a TEK) */ |
| 84 | uint8_t new_sak[MKA_SAK_LEN]; /**< New derived SAK for key refresh */ |
| 85 | uint8_t kek[MKA_KEK_LEN/8]; /**< Derived KEK */ |
| 86 | uint8_t ick[MKA_ICK_LEN/8]; /**< Derived ICK */ |
| 87 | uint32_t key_number; /**< Current KN */ |
| 88 | uint8_t association_number; /**< AN */ |
| 89 | bcmos_mac_address lesser_mac; /**< Lowest MAC address of MKA peers */ |
| 90 | bcmos_mac_address greater_mac; /**< Greatest MAC address of MKA peers */ |
| 91 | mka_state state; /**< State of MKA proper SM */ |
| 92 | mka_peer_state peer_state; /**< State of MKA peer */ |
| 93 | uint8_t retry_cnt; /**< MKA message retry count */ |
| 94 | uint8_t refresh_cnt; /**< Important for building SAK Use Param set */ |
| 95 | bcmos_bool sak_refresh_needed; /**< SAK refresh needed flag */ |
| 96 | } mka_link_info; |
| 97 | |
| 98 | /* The type of MKA operation to process. */ |
| 99 | typedef enum mka_op_type |
| 100 | { |
| 101 | MKA_OP__INVALID = -1, |
| 102 | |
| 103 | /* Packet operations. */ |
| 104 | MKA_OP_START_RSP, |
| 105 | MKA_OP_SAK_RSP, |
| 106 | MKA_OP_KEEP_ALIVE, |
| 107 | |
| 108 | /* Timeout operations. */ |
| 109 | MKA_OP_START_TIMEOUT, |
| 110 | MKA_OP_SAK_TIMEOUT, |
| 111 | MKA_OP_SEND_KEEP_ALIVE, |
| 112 | |
| 113 | MKA_OP__COUNT |
| 114 | } mka_op_type; |
| 115 | |
| 116 | struct dpoe_sec_link_rec; |
| 117 | |
| 118 | bcmos_errno mka_start(struct dpoe_sec_link_rec *link); |
| 119 | |
| 120 | void mka_generate_sak(struct dpoe_sec_link_rec *link, bcmos_bool initial); |
| 121 | |
| 122 | bcmos_errno mka_send_sak(struct dpoe_sec_link_rec *link, uint8_t *sak); |
| 123 | |
| 124 | bcmos_errno mka_send_sak_confirm(struct dpoe_sec_link_rec *link); |
| 125 | |
| 126 | bcmos_errno mka_process_packet(struct dpoe_sec_link_rec *link, bcmolt_u8_list_u16 rx_frame, mka_op_type op_type); |
| 127 | |
| 128 | bcmos_errno mka_process_timeout(struct dpoe_sec_link_rec *link, mka_op_type op_type); |
| 129 | |
| 130 | #endif /* MKA_H */ |