search

jhthorsen / docsis-configfile

Perl module that decodes and encodes DOCSIS config-files
https://metacpan.org/release/DOCSIS-ConfigFile
11 stars 3 forks source link

Support for TLV 81 (ManufacturerCVCChain)? #15

Closed daholzer closed 1 year ago

daholzer commented 6 years ago

Is there any plan to add support for TLV type 81, the ManufacturerCVCChain? This new TLV is used for DOCSIS 3.1 provisioning in which the CVC length can exceed 254 bytes. From Arris: "The Manufacturer CVC Chain TLV (M-CVC-C) is used to enable the 3.1-compliant CM to download the code file from the TFTP server whether or not the CM is provisioned to run with BPI+. If the length of the M-CVC-C exceeds 254 bytes, the M-CVC-C is fragmented into two or more successive Type 81 elements. Each fragment, except the last, is 254 bytes in length. The CM MUST reconstruct the M-CVC-C by concatenating the contents (Value of the TLV) of successive Type 81 elements in the order in which they appear in the config file. For example, the first byte following the length field of the second Type 81 element is treated as if it immediately follows the last byte of the first Type 81 element"

jhthorsen commented 6 years ago

I haven't used this module actively, since 2006, so I don't have any plans of anything.

When that is said, I will implement any improvement as they are requested, if it doesn't take too much effort. Any other improvement, must come from a third party in the form of a PR.

When that is said, could you provide the information below to get me started?

  1. A link to the document where this is specified.
  2. An example config file that I can use as a test case.
  3. A description of the expected outcome from that file.
daholzer commented 5 years ago

Sorry for the delayed response and thank you for your reply.

I've attached a sample configuration file which contains the ManufacturerFVCChain (TLV 81) field and the hex string value specified by Arris. The configuration file contains fairly basic provisioning information including upstream and downstream service flows and packet classifications along with enabling http WAN access and SSH access. This file does include the UpgradeServer and UpgradeFileName TLV values along with the SNMP MIB object "docsDevSwAdminStatus" in order to signal a firmware upgrade.

The file was tested on an Arris TM3402A modem with eMTA. That modem is shipping with a DOCSIS 3.1 specific firmware rather than Arris' standard North America (3.0 and older) firmware and thus it won't accept the ManufacturerCVC value which is used with their standard firmware.

Regarding definition of the TLV, I've found the information within Arris' PacketAce tool: Variable Type: hexstring TLV Type: 81 Length (bytes): variable DOCSIS version: 3.1 Description: "The Manufacturer CVC Chain TLV (M-CVC-C) is used to enable the 3.1-compliant CM to download the code file from the TFTP server whether or not the CM is provisioned to run with BPI+. If the length of the M-CVC-C exceeds 254 bytes, the M-CVC-C is fragmented into two or more successive Type 81 elements. Each fragment, except the last, is 254 bytes in length. The CM MUST reconstruct the M-CVC-C by concatenating the contents (Value of the TLV) of successive Type 81 elements in the order in which they appear in the config file. For example, the first byte following the length field of the second Type 81 element is treated as if it immediately follows the last byte of the first Type 81 element"

In the version 11.1 Firmware Guide from Arris. Page 25 contains the following regarding TLV 81 (Manufacturer CVC Chain) and TLV 82 (Co-signer CVC Chain): DOCSIS 3.1 Security Considerations TLV-81 and TLV-82 support secure software download in DOCSIS 3.1. Specifying certificates for secure download differs from DOCSIS 3.0 as follows:  DOCSIS 3.0 supports a two-level certificate hierarchy: Manufacturer CVC (specified in TLV-32), and Co-signer CVC (specified in TLV-33).  DOCSIS 3.1 supports the DOCSIS 3.0 method, but adds a three-level certificate chain: DOCSIS root CA certificate, CableLabs CVC sub-CA certificate, and the Manufacturer or Co-signer CVC. • Use TLV-81 to specify a Manufacturer CVC chain (sub-CA certificate and Manufacturer CVC). • Use TLV-82 to specify a Co-signer CVC chain (sub-CA certificate and Co-signer CVC). TLV-81 and TLV-82 require the two certificates be formatted into a degenerate PKCS7 signedData structure.

On Sat, Oct 20, 2018 at 12:22 AM Jan Henning Thorsen < notifications@github.com> wrote:

I haven't used this module actively, since 2006, so I don't have any plans of anything.

When that is said, I will implement any improvement as they are requested, if it doesn't take too much effort. Any other improvement, must come from a third party in the form of a PR.

When that is said, could you provide the information below to get me started?

  1. A link to the document where this is specified.
  2. An example config file that I can use as a test case.
  3. A description of the expected outcome from that file.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jhthorsen/docsis-configfile/issues/15#issuecomment-431553675, or mute the thread https://github.com/notifications/unsubscribe-auth/AqOd3isNwd17U0EZgbC_P09t3QfC37BNks5umsEcgaJpZM4XxAyr .

jhthorsen commented 5 years ago

Deleted a duplicate comment.

jhthorsen commented 5 years ago

I can't seem to find the attached file.

daholzer commented 5 years ago

Arris firmware guide and my sample config file. Added directly to the github thread this time.

TS11.1 Firmware Guide Std2.0.pdf tm3402a_d31_basicupgrade.zip

jhthorsen commented 1 year ago

I'm going to close this, since there haven't been any work done for a long time.