284 lines
8.7 KiB
C
284 lines
8.7 KiB
C
/****************************************************************************
|
|
|
|
Copyright(c) 2019 by Aerospace C.Power (Chongqing) Microelectronics. ALL RIGHTS RESERVED.
|
|
|
|
This Information is proprietary to Aerospace C.Power (Chongqing) Microelectronics and MAY NOT
|
|
be copied by any method or incorporated into another program without
|
|
the express written consent of Aerospace C.Power. This Information or any portion
|
|
thereof remains the property of Aerospace C.Power. The Information contained herein
|
|
is believed to be accurate and Aerospace C.Power assumes no responsibility or
|
|
liability for its use in any way and conveys no license or title under
|
|
any patent or copyright and makes no representation or warranty that this
|
|
Information is free from patent or copyright infringement.
|
|
|
|
****************************************************************************/
|
|
|
|
#ifndef CVG_SEC_SIGN_CACHE_H
|
|
#define CVG_SEC_SIGN_CACHE_H
|
|
|
|
/* os shim includes */
|
|
#include "os_types.h"
|
|
#include "os_lock.h"
|
|
|
|
/* cvg module internal includes */
|
|
#include "cvg.h"
|
|
|
|
/* public api includes */
|
|
#include "plc_utils.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#if PLC_SUPPORT_CCO_ROLE
|
|
|
|
#if RUN_IN_PSRAM
|
|
|
|
/* max signature list entry count */
|
|
#define CVG_SEC_SIGN_CACHE_ENT_MAX (2048)
|
|
|
|
/* signature list table size */
|
|
#define CVG_SEC_SIGN_CACHE_TAB_SIZE (512)
|
|
|
|
#else /* RUN_IN_PSRAM */
|
|
|
|
/* max signature list entry count */
|
|
#define CVG_SEC_SIGN_CACHE_ENT_MAX (PLC_NETWORK_SCALE)
|
|
|
|
/* signature list table size */
|
|
#define CVG_SEC_SIGN_CACHE_TAB_SIZE (32)
|
|
|
|
#endif /* RUN_IN_PSRAM */
|
|
|
|
#else /* PLC_SUPPORT_CCO_ROLE */
|
|
|
|
/* max signature list entry count */
|
|
#define CVG_SEC_SIGN_CACHE_ENT_MAX (16)
|
|
|
|
/* signature list table size */
|
|
#define CVG_SEC_SIGN_CACHE_TAB_SIZE (32)
|
|
|
|
#endif /* PLC_SUPPORT_CCO_ROLE */
|
|
|
|
/* length of certificate */
|
|
#define CVG_SEC_SIGN_CA_LEN (153)
|
|
|
|
/* length of share key */
|
|
#define CVG_SEC_SIGN_KEY_LEN (16)
|
|
|
|
/* length of random number */
|
|
#define CVG_SEC_SIGN_RAND_LEN (64)
|
|
|
|
/* signature information entry */
|
|
typedef struct _cvg_sec_sign_cache_ent {
|
|
/* point to the next certificate sign entry */
|
|
struct _cvg_sec_sign_cache_ent *next_ca;
|
|
/* point to the next address sign entry */
|
|
struct _cvg_sec_sign_cache_ent *next_addr;
|
|
/* certificate identity, see cvg_sec_auth_ca_sm2_pub_t or
|
|
* cvg_sec_auth_ca_ecc_pub_t
|
|
*/
|
|
uint8_t ca_id[CVG_SEC_SIGN_CA_LEN];
|
|
/* mac address of the local device */
|
|
uint8_t addr[IOT_MAC_ADDR_LEN];
|
|
/* flag to mark if this device is verified */
|
|
uint8_t is_verified :1,
|
|
/* reserved for future */
|
|
rsvd1 :7;
|
|
/* this share key is used to encrypt the CMK */
|
|
uint8_t share_key[CVG_SEC_SIGN_KEY_LEN];
|
|
/* random numbers used by sta to verify the cco identity */
|
|
uint8_t rand_num[CVG_SEC_SIGN_RAND_LEN];
|
|
/* signature for random numbers */
|
|
uint8_t rand_sign[CVG_SEC_SIGN_RAND_LEN];
|
|
/* time stamp of last signature update. unit is 1s */
|
|
uint32_t sign_ts;
|
|
/* async crypto series number */
|
|
uint32_t crypto_sn;
|
|
} cvg_sec_sign_cache_ent_t;
|
|
|
|
/* signature information table */
|
|
typedef struct _cvg_sec_sign_cache_tab {
|
|
/* signature count */
|
|
uint32_t sign_cnt;
|
|
/* next free slot */
|
|
uint32_t sign_next_slot;
|
|
/* entry point for each certificate hash index */
|
|
cvg_sec_sign_cache_ent_t *hash_ca[CVG_SEC_SIGN_CACHE_TAB_SIZE];
|
|
/* entry point for each address hash index */
|
|
cvg_sec_sign_cache_ent_t *hash_addr[CVG_SEC_SIGN_CACHE_TAB_SIZE];
|
|
/* signature information entry allocation */
|
|
cvg_sec_sign_cache_ent_t sign_entry[CVG_SEC_SIGN_CACHE_ENT_MAX];
|
|
} cvg_sec_sign_cache_tab_t;
|
|
|
|
#if (PLC_SUPPORT_SIGN_CACHE)
|
|
|
|
/* cvg_sec_sign_cache_init - init signature list table
|
|
* @table pointer of pointer to signature list table
|
|
*
|
|
* return:
|
|
* ERR_OK -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint32_t cvg_sec_sign_cache_init(cvg_sec_sign_cache_tab_t **table);
|
|
|
|
/* cvg_sec_sign_cache_deinit - deinit signature list table
|
|
* @table - pointer to signature list table
|
|
*/
|
|
void cvg_sec_sign_cache_deinit(cvg_sec_sign_cache_tab_t *table);
|
|
|
|
/* cvg_sec_sign_cache_add - add signature information to signature list table,
|
|
* if the ent parameter is null, stand for adding cache, otherwise update cache.
|
|
* @table pointer to signature list table
|
|
* @ent signature entry to be added
|
|
* @ca_id certificate to be added
|
|
* @addr device mac address to be added
|
|
* @crypto_sn async crypto sn to be added
|
|
* @share_key share key to be added
|
|
* @rand_num random number to be added
|
|
* @rand_sign random number signature to be added
|
|
*
|
|
* return:
|
|
* ERR_OK -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint32_t cvg_sec_sign_cache_add(cvg_sec_sign_cache_tab_t *table,
|
|
cvg_sec_sign_cache_ent_t *ent, uint8_t *ca_id, uint8_t *addr,
|
|
uint32_t *crypto_sn, uint8_t *share_key, uint8_t *rand_num,
|
|
uint8_t *rand_sign);
|
|
|
|
/* cvg_sec_sign_cache_remove - remove signature information from signature
|
|
* list table
|
|
* @table pointer to signature list table
|
|
* @ent signature entry to be removed
|
|
*/
|
|
void cvg_sec_sign_cache_remove(cvg_sec_sign_cache_tab_t *table,
|
|
cvg_sec_sign_cache_ent_t *ent);
|
|
|
|
/* cvg_sec_sign_cache_remove_addr - remove mac address information from
|
|
* signature entry
|
|
* @table pointer to signature list table
|
|
* @ent signature entry to be removed
|
|
*/
|
|
void cvg_sec_sign_cache_remove_addr(cvg_sec_sign_cache_tab_t *table,
|
|
cvg_sec_sign_cache_ent_t *ent);
|
|
|
|
/* cvg_sec_sign_cache_find - find signature entry according to certificate id
|
|
* @table pointer to signature list table
|
|
* @ca_id certificate id to be found
|
|
* @ca_len certificate length
|
|
*
|
|
* return:
|
|
* sign entry -- for success case
|
|
* NULL -- for failure case
|
|
*/
|
|
cvg_sec_sign_cache_ent_t *cvg_sec_sign_cache_find_by_ca(
|
|
cvg_sec_sign_cache_tab_t *table, uint8_t *ca_id, uint32_t ca_len);
|
|
|
|
/* cvg_sec_sign_cache_find_by_addr - find signature entry according to mac addr
|
|
* @table pointer to signature list table
|
|
* @addr mac address to be found
|
|
*
|
|
* return:
|
|
* sign entry -- for success case
|
|
* NULL -- for failure case
|
|
*/
|
|
cvg_sec_sign_cache_ent_t *cvg_sec_sign_cache_find_by_addr(
|
|
cvg_sec_sign_cache_tab_t *table, uint8_t *addr);
|
|
|
|
/* cvg_sec_sign_cache_set_verified - set signature authentication state
|
|
* @table pointer to signature list table
|
|
* @ent pointer to signature entry
|
|
* @state signature authentication state, 1 - verified, 0 - unverified
|
|
*/
|
|
void cvg_sec_sign_cache_set_verified(cvg_sec_sign_cache_tab_t *table,
|
|
cvg_sec_sign_cache_ent_t *ent, uint8_t state);
|
|
|
|
/* cvg_sec_sign_cache_is_verified - check if this sign cache is verified
|
|
* @table pointer to signature list table
|
|
* @ent pointer to signature entry
|
|
*
|
|
* return:
|
|
* 1 -- current device is verified
|
|
* 0 -- unverified
|
|
*/
|
|
uint32_t cvg_sec_sign_cache_is_verified(cvg_sec_sign_cache_tab_t *table,
|
|
cvg_sec_sign_cache_ent_t *ent);
|
|
|
|
#else /* PLC_SUPPORT_SIGN_CACHE */
|
|
|
|
#define cvg_sec_sign_cache_deinit(table)
|
|
|
|
#define cvg_sec_sign_cache_set_verified(table, ent, state)
|
|
|
|
static inline uint32_t cvg_sec_sign_cache_init(cvg_sec_sign_cache_tab_t **table)
|
|
{
|
|
(void)table;
|
|
|
|
return ERR_NOSUPP;
|
|
}
|
|
|
|
static inline uint32_t cvg_sec_sign_cache_add(cvg_sec_sign_cache_tab_t *table,
|
|
cvg_sec_sign_cache_ent_t *ent, uint8_t *ca_id, uint8_t *addr,
|
|
uint32_t *crypto_sn, uint8_t *share_key, uint8_t *rand_num,
|
|
uint8_t *rand_sign)
|
|
{
|
|
(void)table;
|
|
(void)ent;
|
|
(void)ca_id;
|
|
(void)addr;
|
|
(void)crypto_sn;
|
|
(void)share_key;
|
|
(void)rand_num;
|
|
(void)rand_sign;
|
|
|
|
return ERR_NOSUPP;
|
|
}
|
|
|
|
static inline void cvg_sec_sign_cache_remove(cvg_sec_sign_cache_tab_t *table,
|
|
cvg_sec_sign_cache_ent_t *ent)
|
|
{
|
|
(void)table;
|
|
(void)ent;
|
|
}
|
|
|
|
static inline void cvg_sec_sign_cache_remove_addr(
|
|
cvg_sec_sign_cache_tab_t *table, cvg_sec_sign_cache_ent_t *ent)
|
|
{
|
|
(void)table;
|
|
(void)ent;
|
|
}
|
|
|
|
static inline cvg_sec_sign_cache_ent_t *cvg_sec_sign_cache_find_by_ca(
|
|
cvg_sec_sign_cache_tab_t *table, uint8_t *ca_id, uint32_t ca_len)
|
|
{
|
|
(void)table;
|
|
(void)ca_id;
|
|
(void)ca_len;
|
|
return NULL;
|
|
}
|
|
|
|
static inline cvg_sec_sign_cache_ent_t *cvg_sec_sign_cache_find_by_addr(
|
|
cvg_sec_sign_cache_tab_t *table, uint8_t *addr)
|
|
{
|
|
(void)table;
|
|
(void)addr;
|
|
return NULL;
|
|
}
|
|
|
|
static inline uint32_t cvg_sec_sign_cache_is_verified(
|
|
cvg_sec_sign_cache_tab_t *table, cvg_sec_sign_cache_ent_t *ent)
|
|
{
|
|
(void)table;
|
|
(void)ent;
|
|
return 0;
|
|
}
|
|
|
|
#endif /* PLC_SUPPORT_SIGN_CACHE */
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* CVG_SEC_SIGN_CACHE_H */
|