From 8659c97fb0907981bb4e5cf7b7daeece701a6208 Mon Sep 17 00:00:00 2001 From: kkrentz Date: Sun, 23 Jun 2013 23:49:11 -0700 Subject: [PATCH] framer-802154: Support for explicit keys --- core/net/llsec/llsec802154.h | 6 +++ core/net/mac/frame802154.c | 83 ++++++++++++++++++++++++------------ core/net/mac/frame802154.h | 17 ++++++-- core/net/mac/framer-802154.c | 19 +++++++-- core/net/packetbuf.h | 14 ++++++ 5 files changed, 105 insertions(+), 34 deletions(-) diff --git a/core/net/llsec/llsec802154.h b/core/net/llsec/llsec802154.h index dadfce608..d716c9327 100644 --- a/core/net/llsec/llsec802154.h +++ b/core/net/llsec/llsec802154.h @@ -69,6 +69,12 @@ #define LLSEC802154_USES_ENCRYPTION (LLSEC802154_SECURITY_LEVEL & (1 << 2)) #endif /* LLSEC802154_CONF_USES_ENCRYPTION */ +#ifdef LLSEC802154_CONF_USES_EXPLICIT_KEYS +#define LLSEC802154_USES_EXPLICIT_KEYS LLSEC802154_CONF_USES_EXPLICIT_KEYS +#else /* LLSEC802154_CONF_USES_EXPLICIT_KEYS */ +#define LLSEC802154_USES_EXPLICIT_KEYS 0 +#endif /* LLSEC802154_CONF_USES_EXPLICIT_KEYS */ + #endif /* LLSEC802154_H_ */ /** @} */ diff --git a/core/net/mac/frame802154.c b/core/net/mac/frame802154.c index 2e228ece4..d98be6269 100644 --- a/core/net/mac/frame802154.c +++ b/core/net/mac/frame802154.c @@ -92,6 +92,23 @@ addr_len(uint8_t mode) } } /*----------------------------------------------------------------------------*/ +#if LLSEC802154_USES_EXPLICIT_KEYS +static uint8_t +get_key_id_len(uint8_t key_id_mode) +{ + switch(key_id_mode) { + case FRAME802154_1_BYTE_KEY_ID_MODE: + return 1; + case FRAME802154_5_BYTE_KEY_ID_MODE: + return 5; + case FRAME802154_9_BYTE_KEY_ID_MODE: + return 9; + default: + return 0; + } +} +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ +/*----------------------------------------------------------------------------*/ static void field_len(frame802154_t *p, field_length_t *flen) { @@ -124,26 +141,11 @@ field_len(frame802154_t *p, field_length_t *flen) #if LLSEC802154_SECURITY_LEVEL /* Aux security header */ if(p->fcf.security_enabled & 1) { - flen->aux_sec_len = 5; - /* TODO Support key identifier mode !=0 */ -#if 0 - switch(p->aux_hdr.security_control.key_id_mode) { - case 0: - flen->aux_sec_len = 5; /* minimum value */ - break; - case 1: - flen->aux_sec_len = 6; - break; - case 2: - flen->aux_sec_len = 10; - break; - case 3: - flen->aux_sec_len = 14; - break; - default: - break; - } -#endif + flen->aux_sec_len = 5 +#if LLSEC802154_USES_EXPLICIT_KEYS + + get_key_id_len(p->aux_hdr.security_control.key_id_mode); +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ + ; } #endif /* LLSEC802154_SECURITY_LEVEL */ } @@ -183,6 +185,9 @@ frame802154_create(frame802154_t *p, uint8_t *buf) int c; field_length_t flen; uint8_t pos; +#if LLSEC802154_USES_EXPLICIT_KEYS + uint8_t key_id_mode; +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ field_len(p, &flen); @@ -226,10 +231,23 @@ frame802154_create(frame802154_t *p, uint8_t *buf) #if LLSEC802154_SECURITY_LEVEL /* Aux header */ if(flen.aux_sec_len) { - /* TODO Support key identifier mode !=0 */ - buf[pos++] = p->aux_hdr.security_control.security_level; + buf[pos++] = p->aux_hdr.security_control.security_level +#if LLSEC802154_USES_EXPLICIT_KEYS + | (p->aux_hdr.security_control.key_id_mode << 3) +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ + ; memcpy(buf + pos, p->aux_hdr.frame_counter.u8, 4); pos += 4; + +#if LLSEC802154_USES_EXPLICIT_KEYS + key_id_mode = p->aux_hdr.security_control.key_id_mode; + if(key_id_mode) { + c = (key_id_mode - 1) * 4; + memcpy(buf + pos, p->aux_hdr.key_source.u8, c); + pos += c; + buf[pos++] = p->aux_hdr.key_index; + } +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ } #endif /* LLSEC802154_SECURITY_LEVEL */ @@ -251,6 +269,9 @@ frame802154_parse(uint8_t *data, int len, frame802154_t *pf) uint8_t *p; frame802154_fcf_t fcf; int c; +#if LLSEC802154_USES_EXPLICIT_KEYS + uint8_t key_id_mode; +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ if(len < 3) { return 0; @@ -333,20 +354,28 @@ frame802154_parse(uint8_t *data, int len, frame802154_t *pf) linkaddr_copy((linkaddr_t *)&(pf->src_addr), &linkaddr_null); pf->src_pid = 0; } - + #if LLSEC802154_SECURITY_LEVEL if(fcf.security_enabled) { pf->aux_hdr.security_control.security_level = p[0] & 7; +#if LLSEC802154_USES_EXPLICIT_KEYS pf->aux_hdr.security_control.key_id_mode = (p[0] >> 3) & 3; +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ p += 1; memcpy(pf->aux_hdr.frame_counter.u8, p, 4); p += 4; - - if(pf->aux_hdr.security_control.key_id_mode) { - /* TODO Support key identifier mode !=0 */ - return 0; + +#if LLSEC802154_USES_EXPLICIT_KEYS + key_id_mode = pf->aux_hdr.security_control.key_id_mode; + if(key_id_mode) { + c = (key_id_mode - 1) * 4; + memcpy(pf->aux_hdr.key_source.u8, p, c); + p += c; + pf->aux_hdr.key_index = p[0]; + p += 1; } +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ } #endif /* LLSEC802154_SECURITY_LEVEL */ diff --git a/core/net/mac/frame802154.h b/core/net/mac/frame802154.h index 925c2bfdc..1e97a41df 100644 --- a/core/net/mac/frame802154.h +++ b/core/net/mac/frame802154.h @@ -105,6 +105,11 @@ #define FRAME802154_SECURITY_LEVEL_ENC_MIC_64 (6) #define FRAME802154_SECURITY_LEVEL_ENC_MIC_128 (7) +#define FRAME802154_IMPLICIT_KEY (0) +#define FRAME802154_1_BYTE_KEY_ID_MODE (1) +#define FRAME802154_5_BYTE_KEY_ID_MODE (2) +#define FRAME802154_9_BYTE_KEY_ID_MODE (3) + /** * @brief The IEEE 802.15.4 frame has a number of constant/fixed fields that * can be counted to make frame construction and max payload @@ -146,11 +151,17 @@ typedef union { uint8_t u8[4]; } frame802154_frame_counter_t; +typedef union { + uint16_t u16[4]; + uint8_t u8[8]; +} frame802154_key_source_t; + /** \brief 802.15.4 Aux security header */ typedef struct { - frame802154_scf_t security_control; /**< Security control bitfield */ - frame802154_frame_counter_t frame_counter; /**< Frame counter, used for security */ - uint8_t key[9]; /**< The key itself, or an index to the key */ + frame802154_scf_t security_control; /**< Security control bitfield */ + frame802154_frame_counter_t frame_counter; /**< Frame counter, used for security */ + frame802154_key_source_t key_source; /**< Key Source subfield */ + uint8_t key_index; /**< Key Index subfield */ } frame802154_aux_hdr_t; /** \brief Parameters used by the frame802154_create() function. These diff --git a/core/net/mac/framer-802154.c b/core/net/mac/framer-802154.c index 49d69f0ae..87bfc602a 100644 --- a/core/net/mac/framer-802154.c +++ b/core/net/mac/framer-802154.c @@ -122,6 +122,11 @@ create_frame(int type, int do_create) params.aux_hdr.security_control.security_level = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL); params.aux_hdr.frame_counter.u16[0] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1); params.aux_hdr.frame_counter.u16[1] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3); +#if LLSEC802154_USES_EXPLICIT_KEYS + params.aux_hdr.security_control.key_id_mode = packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE); + params.aux_hdr.key_index = packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX); + params.aux_hdr.key_source.u16[0] = packetbuf_attr(PACKETBUF_ATTR_KEY_SOURCE_BYTES_0_1); +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ #endif /* LLSEC802154_SECURITY_LEVEL */ /* Increment and set the data sequence number. */ @@ -245,10 +250,16 @@ parse(void) packetbuf_set_attr(PACKETBUF_ATTR_PACKET_ID, frame.seq); #if LLSEC802154_SECURITY_LEVEL - /* Setting security-related attributes */ - packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, frame.aux_hdr.security_control.security_level); - packetbuf_set_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1, frame.aux_hdr.frame_counter.u16[0]); - packetbuf_set_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3, frame.aux_hdr.frame_counter.u16[1]); + if(frame.fcf.security_enabled) { + packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, frame.aux_hdr.security_control.security_level); + packetbuf_set_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1, frame.aux_hdr.frame_counter.u16[0]); + packetbuf_set_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3, frame.aux_hdr.frame_counter.u16[1]); +#if LLSEC802154_USES_EXPLICIT_KEYS + packetbuf_set_attr(PACKETBUF_ATTR_KEY_ID_MODE, frame.aux_hdr.security_control.key_id_mode); + packetbuf_set_attr(PACKETBUF_ATTR_KEY_INDEX, frame.aux_hdr.key_index); + packetbuf_set_attr(PACKETBUF_ATTR_KEY_SOURCE_BYTES_0_1, frame.aux_hdr.key_source.u16[0]); +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ + } #endif /* LLSEC802154_SECURITY_LEVEL */ PRINTF("15.4-IN: %2X", frame.fcf.frame_type); diff --git a/core/net/packetbuf.h b/core/net/packetbuf.h index 930aa2bc6..00d9fdefd 100644 --- a/core/net/packetbuf.h +++ b/core/net/packetbuf.h @@ -362,6 +362,11 @@ enum { PACKETBUF_ATTR_SECURITY_LEVEL, PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1, PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3, +#if LLSEC802154_USES_EXPLICIT_KEYS + PACKETBUF_ATTR_KEY_ID_MODE, + PACKETBUF_ATTR_KEY_INDEX, + PACKETBUF_ATTR_KEY_SOURCE_BYTES_0_1, +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ #endif /* LLSEC802154_SECURITY_LEVEL */ /* Scope 2 attributes: used between end-to-end nodes. */ @@ -389,6 +394,15 @@ enum { }; #endif /* LLSEC802154_SECURITY_LEVEL */ +/* Define surrogates when not using explicit keys */ +#if !LLSEC802154_USES_EXPLICIT_KEYS +enum { + PACKETBUF_ATTR_KEY_ID_MODE, + PACKETBUF_ATTR_KEY_INDEX, + PACKETBUF_ATTR_KEY_SOURCE_BYTES_0_1 +}; +#endif /* LLSEC802154_USES_EXPLICIT_KEYS */ + #define PACKETBUF_NUM_ADDRS 4 #define PACKETBUF_NUM_ATTRS (PACKETBUF_ATTR_MAX - PACKETBUF_NUM_ADDRS) #define PACKETBUF_ADDR_FIRST PACKETBUF_ADDR_SENDER