framer-802154: Support for explicit keys
This commit is contained in:
parent
124dde25f3
commit
8659c97fb0
5 changed files with 105 additions and 34 deletions
|
@ -69,6 +69,12 @@
|
|||
#define LLSEC802154_USES_ENCRYPTION (LLSEC802154_SECURITY_LEVEL & (1 << 2))
|
||||
#endif /* LLSEC802154_CONF_USES_ENCRYPTION */
|
||||
|
||||
#ifdef LLSEC802154_CONF_USES_EXPLICIT_KEYS
|
||||
#define LLSEC802154_USES_EXPLICIT_KEYS LLSEC802154_CONF_USES_EXPLICIT_KEYS
|
||||
#else /* LLSEC802154_CONF_USES_EXPLICIT_KEYS */
|
||||
#define LLSEC802154_USES_EXPLICIT_KEYS 0
|
||||
#endif /* LLSEC802154_CONF_USES_EXPLICIT_KEYS */
|
||||
|
||||
#endif /* LLSEC802154_H_ */
|
||||
|
||||
/** @} */
|
||||
|
|
|
@ -92,6 +92,23 @@ addr_len(uint8_t mode)
|
|||
}
|
||||
}
|
||||
/*----------------------------------------------------------------------------*/
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
static uint8_t
|
||||
get_key_id_len(uint8_t key_id_mode)
|
||||
{
|
||||
switch(key_id_mode) {
|
||||
case FRAME802154_1_BYTE_KEY_ID_MODE:
|
||||
return 1;
|
||||
case FRAME802154_5_BYTE_KEY_ID_MODE:
|
||||
return 5;
|
||||
case FRAME802154_9_BYTE_KEY_ID_MODE:
|
||||
return 9;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
/*----------------------------------------------------------------------------*/
|
||||
static void
|
||||
field_len(frame802154_t *p, field_length_t *flen)
|
||||
{
|
||||
|
@ -124,26 +141,11 @@ field_len(frame802154_t *p, field_length_t *flen)
|
|||
#if LLSEC802154_SECURITY_LEVEL
|
||||
/* Aux security header */
|
||||
if(p->fcf.security_enabled & 1) {
|
||||
flen->aux_sec_len = 5;
|
||||
/* TODO Support key identifier mode !=0 */
|
||||
#if 0
|
||||
switch(p->aux_hdr.security_control.key_id_mode) {
|
||||
case 0:
|
||||
flen->aux_sec_len = 5; /* minimum value */
|
||||
break;
|
||||
case 1:
|
||||
flen->aux_sec_len = 6;
|
||||
break;
|
||||
case 2:
|
||||
flen->aux_sec_len = 10;
|
||||
break;
|
||||
case 3:
|
||||
flen->aux_sec_len = 14;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
flen->aux_sec_len = 5
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
+ get_key_id_len(p->aux_hdr.security_control.key_id_mode);
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
;
|
||||
}
|
||||
#endif /* LLSEC802154_SECURITY_LEVEL */
|
||||
}
|
||||
|
@ -183,6 +185,9 @@ frame802154_create(frame802154_t *p, uint8_t *buf)
|
|||
int c;
|
||||
field_length_t flen;
|
||||
uint8_t pos;
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
uint8_t key_id_mode;
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
|
||||
field_len(p, &flen);
|
||||
|
||||
|
@ -226,10 +231,23 @@ frame802154_create(frame802154_t *p, uint8_t *buf)
|
|||
#if LLSEC802154_SECURITY_LEVEL
|
||||
/* Aux header */
|
||||
if(flen.aux_sec_len) {
|
||||
/* TODO Support key identifier mode !=0 */
|
||||
buf[pos++] = p->aux_hdr.security_control.security_level;
|
||||
buf[pos++] = p->aux_hdr.security_control.security_level
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
| (p->aux_hdr.security_control.key_id_mode << 3)
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
;
|
||||
memcpy(buf + pos, p->aux_hdr.frame_counter.u8, 4);
|
||||
pos += 4;
|
||||
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
key_id_mode = p->aux_hdr.security_control.key_id_mode;
|
||||
if(key_id_mode) {
|
||||
c = (key_id_mode - 1) * 4;
|
||||
memcpy(buf + pos, p->aux_hdr.key_source.u8, c);
|
||||
pos += c;
|
||||
buf[pos++] = p->aux_hdr.key_index;
|
||||
}
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
}
|
||||
#endif /* LLSEC802154_SECURITY_LEVEL */
|
||||
|
||||
|
@ -251,6 +269,9 @@ frame802154_parse(uint8_t *data, int len, frame802154_t *pf)
|
|||
uint8_t *p;
|
||||
frame802154_fcf_t fcf;
|
||||
int c;
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
uint8_t key_id_mode;
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
|
||||
if(len < 3) {
|
||||
return 0;
|
||||
|
@ -333,20 +354,28 @@ frame802154_parse(uint8_t *data, int len, frame802154_t *pf)
|
|||
linkaddr_copy((linkaddr_t *)&(pf->src_addr), &linkaddr_null);
|
||||
pf->src_pid = 0;
|
||||
}
|
||||
|
||||
|
||||
#if LLSEC802154_SECURITY_LEVEL
|
||||
if(fcf.security_enabled) {
|
||||
pf->aux_hdr.security_control.security_level = p[0] & 7;
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
pf->aux_hdr.security_control.key_id_mode = (p[0] >> 3) & 3;
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
p += 1;
|
||||
|
||||
memcpy(pf->aux_hdr.frame_counter.u8, p, 4);
|
||||
p += 4;
|
||||
|
||||
if(pf->aux_hdr.security_control.key_id_mode) {
|
||||
/* TODO Support key identifier mode !=0 */
|
||||
return 0;
|
||||
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
key_id_mode = pf->aux_hdr.security_control.key_id_mode;
|
||||
if(key_id_mode) {
|
||||
c = (key_id_mode - 1) * 4;
|
||||
memcpy(pf->aux_hdr.key_source.u8, p, c);
|
||||
p += c;
|
||||
pf->aux_hdr.key_index = p[0];
|
||||
p += 1;
|
||||
}
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
}
|
||||
#endif /* LLSEC802154_SECURITY_LEVEL */
|
||||
|
||||
|
|
|
@ -105,6 +105,11 @@
|
|||
#define FRAME802154_SECURITY_LEVEL_ENC_MIC_64 (6)
|
||||
#define FRAME802154_SECURITY_LEVEL_ENC_MIC_128 (7)
|
||||
|
||||
#define FRAME802154_IMPLICIT_KEY (0)
|
||||
#define FRAME802154_1_BYTE_KEY_ID_MODE (1)
|
||||
#define FRAME802154_5_BYTE_KEY_ID_MODE (2)
|
||||
#define FRAME802154_9_BYTE_KEY_ID_MODE (3)
|
||||
|
||||
/**
|
||||
* @brief The IEEE 802.15.4 frame has a number of constant/fixed fields that
|
||||
* can be counted to make frame construction and max payload
|
||||
|
@ -146,11 +151,17 @@ typedef union {
|
|||
uint8_t u8[4];
|
||||
} frame802154_frame_counter_t;
|
||||
|
||||
typedef union {
|
||||
uint16_t u16[4];
|
||||
uint8_t u8[8];
|
||||
} frame802154_key_source_t;
|
||||
|
||||
/** \brief 802.15.4 Aux security header */
|
||||
typedef struct {
|
||||
frame802154_scf_t security_control; /**< Security control bitfield */
|
||||
frame802154_frame_counter_t frame_counter; /**< Frame counter, used for security */
|
||||
uint8_t key[9]; /**< The key itself, or an index to the key */
|
||||
frame802154_scf_t security_control; /**< Security control bitfield */
|
||||
frame802154_frame_counter_t frame_counter; /**< Frame counter, used for security */
|
||||
frame802154_key_source_t key_source; /**< Key Source subfield */
|
||||
uint8_t key_index; /**< Key Index subfield */
|
||||
} frame802154_aux_hdr_t;
|
||||
|
||||
/** \brief Parameters used by the frame802154_create() function. These
|
||||
|
|
|
@ -122,6 +122,11 @@ create_frame(int type, int do_create)
|
|||
params.aux_hdr.security_control.security_level = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL);
|
||||
params.aux_hdr.frame_counter.u16[0] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1);
|
||||
params.aux_hdr.frame_counter.u16[1] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3);
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
params.aux_hdr.security_control.key_id_mode = packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE);
|
||||
params.aux_hdr.key_index = packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX);
|
||||
params.aux_hdr.key_source.u16[0] = packetbuf_attr(PACKETBUF_ATTR_KEY_SOURCE_BYTES_0_1);
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
#endif /* LLSEC802154_SECURITY_LEVEL */
|
||||
|
||||
/* Increment and set the data sequence number. */
|
||||
|
@ -245,10 +250,16 @@ parse(void)
|
|||
packetbuf_set_attr(PACKETBUF_ATTR_PACKET_ID, frame.seq);
|
||||
|
||||
#if LLSEC802154_SECURITY_LEVEL
|
||||
/* Setting security-related attributes */
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, frame.aux_hdr.security_control.security_level);
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1, frame.aux_hdr.frame_counter.u16[0]);
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3, frame.aux_hdr.frame_counter.u16[1]);
|
||||
if(frame.fcf.security_enabled) {
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, frame.aux_hdr.security_control.security_level);
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1, frame.aux_hdr.frame_counter.u16[0]);
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3, frame.aux_hdr.frame_counter.u16[1]);
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_KEY_ID_MODE, frame.aux_hdr.security_control.key_id_mode);
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_KEY_INDEX, frame.aux_hdr.key_index);
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_KEY_SOURCE_BYTES_0_1, frame.aux_hdr.key_source.u16[0]);
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
}
|
||||
#endif /* LLSEC802154_SECURITY_LEVEL */
|
||||
|
||||
PRINTF("15.4-IN: %2X", frame.fcf.frame_type);
|
||||
|
|
|
@ -362,6 +362,11 @@ enum {
|
|||
PACKETBUF_ATTR_SECURITY_LEVEL,
|
||||
PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1,
|
||||
PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3,
|
||||
#if LLSEC802154_USES_EXPLICIT_KEYS
|
||||
PACKETBUF_ATTR_KEY_ID_MODE,
|
||||
PACKETBUF_ATTR_KEY_INDEX,
|
||||
PACKETBUF_ATTR_KEY_SOURCE_BYTES_0_1,
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
#endif /* LLSEC802154_SECURITY_LEVEL */
|
||||
|
||||
/* Scope 2 attributes: used between end-to-end nodes. */
|
||||
|
@ -389,6 +394,15 @@ enum {
|
|||
};
|
||||
#endif /* LLSEC802154_SECURITY_LEVEL */
|
||||
|
||||
/* Define surrogates when not using explicit keys */
|
||||
#if !LLSEC802154_USES_EXPLICIT_KEYS
|
||||
enum {
|
||||
PACKETBUF_ATTR_KEY_ID_MODE,
|
||||
PACKETBUF_ATTR_KEY_INDEX,
|
||||
PACKETBUF_ATTR_KEY_SOURCE_BYTES_0_1
|
||||
};
|
||||
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
|
||||
|
||||
#define PACKETBUF_NUM_ADDRS 4
|
||||
#define PACKETBUF_NUM_ATTRS (PACKETBUF_ATTR_MAX - PACKETBUF_NUM_ADDRS)
|
||||
#define PACKETBUF_ADDR_FIRST PACKETBUF_ADDR_SENDER
|
||||
|
|
Loading…
Reference in a new issue