/**************************************************************************** Copyright(c) 2019 by Aerospace C.Power (Chongqing) Microelectronics. ALL RIGHTS RESERVED. This Information is proprietary to Aerospace C.Power (Chongqing) Microelectronics and MAY NOT be copied by any method or incorporated into another program without the express written consent of Aerospace C.Power. This Information or any portion thereof remains the property of Aerospace C.Power. The Information contained herein is believed to be accurate and Aerospace C.Power assumes no responsibility or liability for its use in any way and conveys no license or title under any patent or copyright and makes no representation or warranty that this Information is free from patent or copyright infringement. ****************************************************************************/ #ifndef PLC_AUTH_H #define PLC_AUTH_H /* os shim includes */ #include "os_types.h" /* public api includes */ #include "iot_utils_api.h" #ifdef __cplusplus extern "C" { #endif /* pack for the structures in the whole file */ #pragma pack(push) /* save the pack status */ #pragma pack(1) /* 1 byte align */ /* length of authorize id info */ #define AUTH_ID_CHIP_ID_LEN 24 #define AUTH_ID_SM2_CURVE_LEN 1 #define AUTH_ID_ECC_CURVE_LEN 1 #define AUTH_ID_SM2_KEY_PUB_LEN 64 #define AUTH_ID_ECC_KEY_PUB_LEN 64 #define AUTH_ID_SM2_SIGN_LEN 64 #define AUTH_ID_ECC_SIGN_LEN 64 #define AUTH_ID_ECC_KEY_PRI_LEN 32 #define AUTH_ID_SM2_KEY_PRI_LEN 32 /* authorize request result codes */ #define AUTH_REQ_SUCC 0 #define AUTH_REQ_FAIL 1 /* authorize request message */ #define AUTH_MSG_REQ 0 /* authorize confirm message */ #define AUTH_MSG_CNF 1 /* authorize failure as white list */ #define AUTH_REQ_FAIL_AS_WL 0 /* authorize failure as identity information */ #define AUTH_REQ_FAIL_AS_IDENT 1 /* length of identity information */ #define AUTH_IDENTITY_INFO_LEN 153 /* length of random numbers signature */ #define AUTH_RANDOM_SIGN_LEN 64 /* length of encrypted cmk */ #define AUTH_ENCRYPT_CMK_LEN 16 /* define priority of each AUTH frames */ #define AUTH_REQ_PRIO 3 #define AUTH_CNF_PRIO 3 /* certificate authorization sm2 public id info */ typedef struct _auth_id_sm2_pub { /* chip id */ uint8_t chip_id[AUTH_ID_CHIP_ID_LEN]; /* sm2 curve type. always 0 */ uint8_t sm2_curve_type; /* sm2 public key */ uint8_t sm2_key_pub[AUTH_ID_SM2_KEY_PUB_LEN]; /* sm2 signature */ uint8_t sm2_sign[AUTH_ID_SM2_SIGN_LEN]; } auth_id_sm2_pub_t; /* certificate authorization ecc public id info */ typedef struct _auth_id_ecc_pub { /* chip id */ uint8_t chip_id[AUTH_ID_CHIP_ID_LEN]; /* ecc elliptic curve type. 1 - brainpoolP256r1, others - reserved */ uint8_t ecc_curve_type; /* ecc public key */ uint8_t ecc_key_pub[AUTH_ID_ECC_KEY_PUB_LEN]; /* ecc signature */ uint8_t ecc_sign[AUTH_ID_ECC_SIGN_LEN]; } auth_id_ecc_pub_t; /* authorize header */ typedef struct _auth_header { /* station mac address */ uint8_t mac[IOT_MAC_ADDR_LEN]; /* authorize message type, see AUTH_MSG_XXX */ uint8_t auth_type :3, /* reserved for future */ rsvd :5; } auth_header_t; /* authorize request message */ typedef struct _auth_req { /* station mac address */ uint8_t mac[IOT_MAC_ADDR_LEN]; /* authorize message type, it's always AUTH_MSG_REQ */ uint16_t auth_type :3, /* temp proxy for authorize request */ tmp_proxy :12, /* temp link for authorize request, see PLC_LINK_TYPE_XXX */ tmp_link :1; /* device type, see PLC_DEV_TYPE_XXXX */ uint8_t device_type; /* mac address_type, see PLC_MAC_ADDR_TYPE_XXXX */ uint8_t mac_addr_type; /* identity information */ uint8_t identity_info[AUTH_IDENTITY_INFO_LEN]; /* random numbers signature for authorization */ uint8_t random_sign[AUTH_RANDOM_SIGN_LEN]; } auth_req_t; /* authorize confirm message */ typedef struct _auth_cnf { /* station mac address */ uint8_t mac[IOT_MAC_ADDR_LEN]; union { struct { /* authorize message type, it's always AUTH_MSG_CNF */ uint8_t auth_type :3, /* temp link for authorize request, see PLC_LINK_TYPE_XXX */ tmp_link :1, /* authorize result, see AUTH_REQ_XXX */ auth_ret :1, /* selected key suit include international or national encryption, * see ECDHE_ECDSA_WITH_XXX */ selected_key_suit :1, /* selected curve, it is valid only when select international * encryption algorithm. 0 stand for brainpoolP256r1, and other * value is reserved */ selected_curve :2; }; struct { /* this reserved field is the same as the first three fields * defined above */ uint8_t used_rsvd :5, /* authorize failure reason, see AUTH_REQ_FAIL_AS_XXX */ fail_reason :1, /* reserved for future */ rsvd :2; }; }; /* following auth_encrypt_key_t if authorize result is successful */ } auth_cnf_t; /* encryption key structure comes from authorize confirm */ typedef struct _auth_encrypt_key { /* identity information, come from state grid measurement center */ uint8_t identity_info[AUTH_IDENTITY_INFO_LEN]; /* random numbers signature for authorization */ uint8_t random_sign[AUTH_RANDOM_SIGN_LEN]; /* cmk encrypted with STA public key */ uint8_t encrypt_cmk[AUTH_ENCRYPT_CMK_LEN]; } auth_encrypt_key_t; #pragma pack(pop) /* restore the pack status */ #ifdef __cplusplus } #endif #endif /* PLC_AUTH_H */