407 lines
12 KiB
C
407 lines
12 KiB
C
/****************************************************************************
|
|
|
|
Copyright(c) 2019 by Aerospace C.Power (Chongqing) Microelectronics. ALL RIGHTS RESERVED.
|
|
|
|
This Information is proprietary to Aerospace C.Power (Chongqing) Microelectronics and MAY NOT
|
|
be copied by any method or incorporated into another program without
|
|
the express written consent of Aerospace C.Power. This Information or any portion
|
|
thereof remains the property of Aerospace C.Power. The Information contained herein
|
|
is believed to be accurate and Aerospace C.Power assumes no responsibility or
|
|
liability for its use in any way and conveys no license or title under
|
|
any patent or copyright and makes no representation or warranty that this
|
|
Information is free from patent or copyright infringement.
|
|
|
|
****************************************************************************/
|
|
|
|
#ifndef CVG_SECURITY_H
|
|
#define CVG_SECURITY_H
|
|
|
|
/* os shim includes */
|
|
#include "os_types.h"
|
|
|
|
/* public api includes */
|
|
#include "cvg_api.h"
|
|
#include "plc_fr.h"
|
|
#include "iot_plc_msg_api.h"
|
|
|
|
/* cvg module internal includes */
|
|
#include "cvg.h"
|
|
#include "cvg_sec_auth_ca.h"
|
|
#include "cvg_sec_auth_dak.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/* define auth forward default tx retry count for each msdu */
|
|
#define CVG_SEC_AUTH_FWD_TX_RETRY_CNT 3
|
|
|
|
/*
|
|
* cvg_sec_init() - global init of security module
|
|
* @glb: pointer of cvg global data
|
|
* @cfg: pointer of cvg configuration
|
|
*
|
|
* return:
|
|
* 0 -- for success case
|
|
* othersie -- error code
|
|
*/
|
|
uint32_t cvg_sec_init(cvg_global_t *glb, cvg_cfg_t *cfg);
|
|
|
|
/*
|
|
* cvg_sec_init_vdev() - vdev init of security module
|
|
* @vdev: pointer of vdev to be init
|
|
* @cfg: pointer of vdev configuration
|
|
*
|
|
* return:
|
|
* 0 -- for success case
|
|
* othersie -- error code
|
|
*/
|
|
uint32_t cvg_sec_init_vdev(cvg_vdev_t *vdev, cvg_vdev_cfg_t *cfg);
|
|
|
|
/*
|
|
* cvg_sec_deinit_vdev() - vdev deinit of security module
|
|
* @vdev: pointer of vdev to be deinit
|
|
*/
|
|
void cvg_sec_deinit_vdev(cvg_vdev_t *vdev);
|
|
|
|
/*
|
|
* cvg_sec_reset_vdev() - vdev reset of security module
|
|
* @vdev: pointer of vdev to be reset
|
|
* @cfg: pointer of vdev configuration
|
|
*/
|
|
void cvg_sec_reset_vdev(cvg_vdev_t *vdev, cvg_vdev_cfg_t *cfg);
|
|
|
|
/* cvg_sec_add_addr_into_wl - add mac address into while list table
|
|
* @vdev pointer to cvg vdev
|
|
* @cnt number of mac address to be added
|
|
* @addr mac address array
|
|
* @phase power line phase of sta device working
|
|
*
|
|
* return:
|
|
* 0 -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint32_t cvg_sec_add_addr_into_wl(cvg_vdev_t *vdev, uint32_t cnt,
|
|
uint8_t addr[][IOT_MAC_ADDR_LEN], uint8_t phase);
|
|
|
|
/* cvg_sec_add_addr_into_bl - add mac address into black list table
|
|
* @vdev pointer to cvg vdev
|
|
* @cnt number of mac address to be added
|
|
* @addr mac address array
|
|
*
|
|
* return:
|
|
* 0 -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint32_t cvg_sec_add_addr_into_bl(cvg_vdev_t *vdev, uint32_t cnt,
|
|
uint8_t addr[][IOT_MAC_ADDR_LEN]);
|
|
|
|
/* cvg_sec_rm_addr_from_wl - remove mac address from while list table
|
|
* @vdev pointer to cvg vdev
|
|
* @cnt number of mac address to be removed
|
|
* @addr mac address array
|
|
*/
|
|
void cvg_sec_rm_addr_from_wl(cvg_vdev_t *vdev, uint32_t cnt,
|
|
uint8_t addr[][IOT_MAC_ADDR_LEN]);
|
|
|
|
/* cvg_sec_rm_all_addr_from_wl - remove all mac address from while list table
|
|
* @vdev pointer to cvg vdev
|
|
*/
|
|
void cvg_sec_rm_all_addr_from_wl(cvg_vdev_t *vdev);
|
|
|
|
/* cvg_sec_rm_addr_from_bl - remove mac address from black list table
|
|
* @vdev pointer to cvg vdev
|
|
* @cnt number of mac address to be removed
|
|
* @addr mac address array
|
|
*/
|
|
void cvg_sec_rm_addr_from_bl(cvg_vdev_t *vdev, uint32_t cnt,
|
|
uint8_t addr[][IOT_MAC_ADDR_LEN]);
|
|
|
|
/* cvg_sec_rm_all_addr_from_bl - remove all mac address from black list table
|
|
* @vdev pointer to cvg vdev
|
|
*/
|
|
void cvg_sec_rm_all_addr_from_bl(cvg_vdev_t *vdev);
|
|
|
|
/* cvg_sec_query_addr_from_wl - query mac address from while list table
|
|
* @vdev pointer to cvg vdev
|
|
* @start start index of this query
|
|
* @cnt number of mac address to be queried.
|
|
* this will be set to number of queried mac addres for return.
|
|
* @addr queried mac address array for return
|
|
*
|
|
* return:
|
|
* 0 -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint32_t cvg_sec_query_addr_from_wl(cvg_vdev_t *vdev, uint32_t start,
|
|
uint32_t *cnt, uint8_t addr[][IOT_MAC_ADDR_LEN]);
|
|
|
|
/* cvg_sec_query_wl_ext - query whitelist extend information
|
|
* @vdev pointer to cvg vdev
|
|
* @start start index of this query
|
|
* @cnt number of whitelist to be queried.
|
|
* this will be set to number of queried whitelist for return.
|
|
* @wl queried whitelist array for return
|
|
*
|
|
* return:
|
|
* 0 -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint32_t cvg_sec_query_wl_ext(cvg_vdev_t *vdev, uint32_t start,
|
|
uint32_t *cnt, iot_plc_wl_ext_t wl[]);
|
|
|
|
/* cvg_sec_query_addr_from_bl - query mac address from black list table
|
|
* @vdev pointer to cvg vdev
|
|
* @start start index of this query
|
|
* @cnt number of mac address to be queried.
|
|
* this will be set to number of queried mac addres for return.
|
|
* @addr queried mac address array for return
|
|
*
|
|
* return:
|
|
* 0 -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint32_t cvg_sec_query_addr_from_bl(cvg_vdev_t *vdev, uint32_t start,
|
|
uint32_t *cnt, uint8_t addr[][IOT_MAC_ADDR_LEN]);
|
|
|
|
|
|
/* cvg_sec_get_wl_entry_count - get entry count in whitelist
|
|
* @vdev pointer to cvg vdev
|
|
*
|
|
* return:
|
|
* entry count of the whitelist
|
|
*/
|
|
uint16_t cvg_sec_get_wl_entry_count(cvg_vdev_t *vdev);
|
|
|
|
/* cvg_sec_get_bl_entry_count - get entry count in blacklist
|
|
* @vdev pointer to cvg vdev
|
|
*
|
|
* return:
|
|
* entry count of the blacklist
|
|
*/
|
|
uint16_t cvg_sec_get_bl_entry_count(cvg_vdev_t *vdev);
|
|
|
|
/* cvg_sec_set_wl_state - set white list state, enable or disable the whitelist
|
|
* @enable: 0 to disable the whitelist. non-zero to enable whitelist
|
|
*/
|
|
void cvg_sec_set_wl_state(cvg_vdev_t *vdev, uint8_t enable);
|
|
|
|
/*
|
|
* @brief cvg_sec_get_wl_state() - get white list state
|
|
* @param vdev: pointer to cvg vdev
|
|
*
|
|
* @retval: 0 is white list disable. non-zero is white list enable
|
|
*/
|
|
uint8_t cvg_sec_get_wl_state(cvg_vdev_t *vdev);
|
|
|
|
/* cvg_sec_set_bl_state - set black list state, enable or disable the blacklist
|
|
* @enable: 0 to disable the blacklist. non-zero to enable blacklist
|
|
*/
|
|
void cvg_sec_set_bl_state(cvg_vdev_t *vdev, uint8_t enable);
|
|
|
|
/*
|
|
* @brief cvg_sec_get_bl_state() - get black list state
|
|
* @param vdev: pointer to cvg vdev
|
|
*
|
|
* @retval: 0 is black list disable. non-zero is black list enable
|
|
*/
|
|
uint8_t cvg_sec_get_bl_state(cvg_vdev_t *vdev);
|
|
|
|
/* cvg_sec_check_peer - check if peer passed security check and allowed to join
|
|
* the network.
|
|
* @vdev pointer to cvg vdev
|
|
* @addr mac address of the peer to be checked
|
|
*
|
|
* return:
|
|
* 0 -- for check passed case
|
|
* otherwise -- error code
|
|
*/
|
|
uint32_t cvg_sec_check_peer(cvg_vdev_t *vdev, uint8_t *addr);
|
|
|
|
/* @brief check if address is in current white list. no matter if white list
|
|
* is enabled or not.
|
|
* @param vdev: pointer to cvg vdev
|
|
* @param addr: mac address to be checked
|
|
*
|
|
* @retval:
|
|
* 0 -- address is not in white list
|
|
* otherwise -- address is in white list
|
|
*/
|
|
uint32_t cvg_sec_is_addr_in_wl(cvg_vdev_t *vdev, uint8_t *addr);
|
|
|
|
/* cvg_sec_get_wl_phase - get sta phase in while list table
|
|
* @param vdev: pointer to cvg vdev
|
|
* @param addr: mac address to be checked
|
|
*
|
|
* return:
|
|
* phase info, see PLC_PHASE_XXX.
|
|
*/
|
|
uint8_t cvg_sec_get_wl_phase(cvg_vdev_t *vdev, uint8_t *addr);
|
|
|
|
/* cvg_sec_set_wl_support_band2 - set the flag supporting band2 into while list
|
|
* table
|
|
* @param vdev: pointer to cvg vdev
|
|
* @addr: mac address
|
|
* @band2_flag: flag to mark if support freq band id 2
|
|
*
|
|
* return:
|
|
* ERR_OK -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint8_t cvg_sec_set_wl_support_band2(cvg_vdev_t *vdev, uint8_t *addr,
|
|
uint8_t band2_flag);
|
|
|
|
/* cvg_sec_get_wl_support_band2 - get the flag supporting band2 from while list
|
|
* table
|
|
* @param vdev: pointer to cvg vdev
|
|
* @addr: mac address
|
|
* @band2_flag: flag to mark if support freq band id 2
|
|
*
|
|
* return:
|
|
* ERR_OK -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint8_t cvg_sec_get_wl_support_band2(cvg_vdev_t *vdev, uint8_t *addr,
|
|
uint8_t *band2_flag);
|
|
|
|
/* cvg_sec_get_wl_support_band2_count - get total count of supporting band2 in
|
|
* while list table
|
|
* @param vdev: pointer to cvg vdev
|
|
*
|
|
* return:
|
|
* entry count of supporting band2 in while list table
|
|
*/
|
|
uint16_t cvg_sec_get_wl_support_band2_count(cvg_vdev_t *vdev);
|
|
|
|
/* cvg_sec_set_wl_support_rf - set the flag supporting rf device into
|
|
* while list table
|
|
* @param vdev: pointer to cvg vdev
|
|
* @addr: mac address
|
|
* @support_rf: flag to mark if support rf device
|
|
*
|
|
* return:
|
|
* ERR_OK -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint8_t cvg_sec_set_wl_support_rf(cvg_vdev_t *vdev, uint8_t *addr,
|
|
uint8_t support_rf);
|
|
|
|
|
|
/* cvg_sec_get_wl_support_rf - get the flag supporting rf device from
|
|
* while list table
|
|
* @param vdev: pointer to cvg vdev
|
|
* @addr: mac address
|
|
* @support_rf: flag to mark if support rf device
|
|
*
|
|
* return:
|
|
* ERR_OK -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint8_t cvg_sec_get_wl_support_support_rf(cvg_vdev_t *vdev, uint8_t *addr,
|
|
uint8_t *support_rf);
|
|
|
|
/* cvg_sec_get_wl_support_rf_count - get total count of supporting
|
|
* rf device in while list table
|
|
* @param vdev: pointer to cvg vdev
|
|
*
|
|
* return:
|
|
* entry count of supporting rf device in while list table
|
|
*/
|
|
uint16_t cvg_sec_get_wl_support_rf_count(cvg_vdev_t *vdev);
|
|
|
|
#if PLC_SUPPORT_AUTH_TYPE
|
|
|
|
/*
|
|
* @brief cvg_sec_auth_set_state() - set authorized state
|
|
* @param vdev: the vdev to be set
|
|
* @param enable: non-zero to enable dak. 0 to disable dak.
|
|
*
|
|
* return:
|
|
* 0 -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint8_t cvg_sec_auth_set_state(cvg_vdev_t *vdev, uint8_t enable);
|
|
|
|
/*
|
|
* @brief cvg_sec_auth_get_state() - get authorized state
|
|
* @param vdev: the vdev to be set
|
|
*
|
|
* return:
|
|
* 0 -- disabled dak
|
|
* otherwise -- enabled dak
|
|
*/
|
|
uint8_t cvg_sec_auth_get_state(cvg_vdev_t *vdev);
|
|
|
|
/*
|
|
* @brief cvg_sec_auth_get_encrypt_cfg() - get authorized encryption config
|
|
* @param vdev: the vdev to be set
|
|
* @param enable: encryption enable flag
|
|
* @param mode: encryption mode, see ENCRYPT_MODE_XXX
|
|
* @param algo: encryption_algorithm, ENCRYPT_ALGO_XXX
|
|
* return:
|
|
* ERR_OK -- for success case
|
|
* otherwise -- error code
|
|
*/
|
|
uint8_t cvg_sec_auth_get_encrypt_cfg(cvg_vdev_t *vdev, uint8_t *enable,
|
|
uint8_t *mode, uint8_t *algo);
|
|
|
|
/*
|
|
* @brief cvg_sec_auth_update_encrypt_cfg() - update encryption config
|
|
* @param vdev: pointer to cvg vdev
|
|
* @param enable: encryption enable flag
|
|
* @param mode: encryption mode, see ENCRYPT_MODE_XXX
|
|
* @param algo: encryption_algorithm, ENCRYPT_ALGO_XXX
|
|
*/
|
|
void cvg_sec_auth_update_encrypt_cfg(cvg_vdev_t *vdev, uint8_t enable,
|
|
uint8_t mode, uint8_t algo);
|
|
|
|
/*
|
|
* @brief cvg_sec_auth_vdev_restart() - restart authorized vdev state
|
|
* @param vdev: the vdev to be set
|
|
* @param auth_dur: authorization timer duration
|
|
* @return:
|
|
* 0 - restart not required
|
|
* otherwise - restart required
|
|
*/
|
|
uint8_t cvg_sec_auth_vdev_restart(cvg_vdev_t *vdev, uint32_t auth_dur);
|
|
|
|
/*
|
|
* @brief cvg_sec_auth_vdev_check() - check authorized vdev state
|
|
* @param vdev: the vdev to be set
|
|
* @return:
|
|
* 0 - restart not required
|
|
*/
|
|
uint8_t cvg_sec_auth_vdev_check(cvg_vdev_t *vdev);
|
|
|
|
#else /* PLC_SUPPORT_AUTH_TYPE */
|
|
|
|
inline uint8_t cvg_sec_auth_vdev_check(cvg_vdev_t *vdev)
|
|
{
|
|
(void)vdev;
|
|
return 0;
|
|
}
|
|
|
|
#define cvg_sec_auth_set_state(vdev, enable) (ERR_NOSUPP)
|
|
|
|
#define cvg_sec_auth_get_state(vdev) (0)
|
|
|
|
#define cvg_sec_auth_get_encrypt_cfg(vdev, enable, mode, algo) (ERR_NOSUPP)
|
|
|
|
#define cvg_sec_auth_update_encrypt_cfg(vdev, enable, mode, algo)
|
|
|
|
static inline uint8_t cvg_sec_auth_vdev_restart(cvg_vdev_t *vdev,
|
|
uint32_t auth_dur)
|
|
{
|
|
(void)vdev;
|
|
(void)auth_dur;
|
|
return 0;
|
|
}
|
|
|
|
#endif /* PLC_SUPPORT_AUTH_TYPE */
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* CVG_SECURITY_H */
|