deac
/
osd-contiki
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #1146 from kkrentz/llsec-as-framer 

LLSEC as FRAMER
ico
Simon Duquennoy 2015-10-18 20:25:30 +02:00
parent 0c9f11b568 c865982df5
commit 86f41f8c7b
22 changed files with 341 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
core/lib/ccm-star.c
View File

@ -48,14 +48,11 @@
/*---------------------------------------------------------------------------*/
static void
set_nonce(uint8_t *iv,
set_iv(uint8_t *iv,
uint8_t flags,
const uint8_t *nonce,
uint8_t counter)
{
/* 1 byte|| 8 bytes || 4 bytes || 1 byte || 2 bytes */
/* flags || extended_source_address || frame_counter || sec_lvl || counter */
iv[0] = flags;
memcpy(iv + 1, nonce, CCM_STAR_NONCE_LENGTH);
iv[14] = 0;
@ -73,7 +70,7 @@ ctr_step(const uint8_t *nonce,
uint8_t a[AES_128_BLOCK_SIZE];
uint8_t i;
set_nonce(a, CCM_STAR_ENCRYPTION_FLAGS, nonce, counter);
set_iv(a, CCM_STAR_ENCRYPTION_FLAGS, nonce, counter);
AES_128.encrypt(a);
for(i = 0; (pos + i < m_len) && (i < AES_128_BLOCK_SIZE); i++) {
@ -82,9 +79,9 @@ ctr_step(const uint8_t *nonce,
}
/*---------------------------------------------------------------------------*/
static void
mic(const uint8_t *m, uint8_t m_len,
const uint8_t *nonce,
const uint8_t *a, uint8_t a_len,
mic(const uint8_t *nonce,
const uint8_t *m, uint8_t m_len,
const uint8_t *a, uint8_t a_len,
uint8_t *result,
uint8_t mic_len)
{
@ -92,10 +89,10 @@ mic(const uint8_t *m, uint8_t m_len,
uint8_t pos;
uint8_t i;
set_nonce(x, CCM_STAR_AUTH_FLAGS(a_len, mic_len), nonce, m_len);
set_iv(x, CCM_STAR_AUTH_FLAGS(a_len, mic_len), nonce, m_len);
AES_128.encrypt(x);
if(a_len > 0) {
if(a_len) {
x[1] = x[1] ^ a_len;
for(i = 2; (i - 2 < a_len) && (i < AES_128_BLOCK_SIZE); i++) {
x[i] ^= a[i - 2];
@ -113,7 +110,7 @@ mic(const uint8_t *m, uint8_t m_len,
}
}
if(m_len > 0) {
if(m_len) {
pos = 0;
while(pos < m_len) {
for(i = 0; (pos + i < m_len) && (i < AES_128_BLOCK_SIZE); i++) {
@ -130,7 +127,7 @@ mic(const uint8_t *m, uint8_t m_len,
}
/*---------------------------------------------------------------------------*/
static void
ctr(uint8_t *m, uint8_t m_len, const uint8_t* nonce)
ctr(const uint8_t *nonce, uint8_t *m, uint8_t m_len)
{
uint8_t pos;
uint8_t counter;
@ -143,13 +140,38 @@ ctr(uint8_t *m, uint8_t m_len, const uint8_t* nonce)
}
}
/*---------------------------------------------------------------------------*/
static void set_key(const uint8_t *key) {
AES_128.set_key((uint8_t*)key);
static void
set_key(const uint8_t *key)
{
AES_128.set_key(key);
}
/*---------------------------------------------------------------------------*/
static void
aead(const uint8_t* nonce,
uint8_t* m, uint8_t m_len,
const uint8_t* a, uint8_t a_len,
uint8_t *result, uint8_t mic_len,
int forward)
{
if(!forward) {
/* decrypt */
ctr(nonce, m, m_len);
}
mic(nonce,
m, m_len,
a, a_len,
result,
mic_len);
if(forward) {
/* encrypt */
ctr(nonce, m, m_len);
}
}
/*---------------------------------------------------------------------------*/
const struct ccm_star_driver ccm_star_driver = {
mic,
ctr,
set_key
set_key,
aead
};
/*---------------------------------------------------------------------------*/

42
core/lib/ccm-star.h
View File

@ -55,34 +55,26 @@
*/
struct ccm_star_driver {
/**
* \brief Generates a MIC over the data supplied.
* \param data The data buffer to read.
* \param data_length The data buffer length.
* \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long.
* \param result The generated MIC will be put here
* \param mic_len The size of the MIC to be generated. <= 16.
*/
void (* mic)(const uint8_t* data, uint8_t data_length,
const uint8_t* nonce,
const uint8_t* add, uint8_t add_len,
uint8_t *result,
uint8_t mic_len);
/**
* \brief XORs the frame in the packetbuf with the key stream.
* \param data The data buffer to read.
* \param data_length The data buffer length.
* \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long.
*/
void (* ctr)( uint8_t* data, uint8_t data_length,
const uint8_t* nonce);
/**
* \brief Sets the key in use. Default implementation calls AES_128.set_key()
* \param key The key to use.
* \brief Sets the key in use. Default implementation calls AES_128.set_key().
* \param key The key to use.
*/
void (* set_key)(const uint8_t* key);
/**
* \brief Combines authentication and encryption.
* \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long.
* \param m message to encrypt or decrypt
* \param a Additional authenticated data
* \param result The generated MIC will be put here
* \param mic_len The size of the MIC to be generated. <= 16.
* \param forward != 0 if used in forward direction.
*/
void (* aead)(const uint8_t* nonce,
uint8_t* m, uint8_t m_len,
const uint8_t* a, uint8_t a_len,
uint8_t *result, uint8_t mic_len,
int forward);
};
extern const struct ccm_star_driver CCM_STAR;

2
core/net/ipv6/sicslowpan.c
View File

@ -1443,7 +1443,7 @@ output(const uip_lladdr_t *localdest)
#else /* USE_FRAMER_HDRLEN */
framer_hdrlen = 21;
#endif /* USE_FRAMER_HDRLEN */
max_payload = MAC_MAX_PAYLOAD - framer_hdrlen - NETSTACK_LLSEC.get_overhead();
max_payload = MAC_MAX_PAYLOAD - framer_hdrlen;
if((int)uip_len - (int)uncomp_hdr_len > max_payload - (int)packetbuf_hdr_len) {
#if SICSLOWPAN_CONF_FRAG

90
core/net/llsec/ccm-star-packetbuf.c
View File

@ -1,52 +1,78 @@
/*
* Copyright (c) 2013, Hasso-Plattner-Institut.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file is part of the Contiki operating system.
*
*/
/**
* \file
* CCM* convenience functions for LLSEC use
* \author
* Justin King-Lacroix <justin.kinglacroix@gmail.com>
* Konrad Krentz <konrad.krentz@gmail.com>
*/
#include "lib/ccm-star.h"
#include "llsec/ccm-star-packetbuf.h"
#include "net/linkaddr.h"
#include "net/packetbuf.h"
#include <string.h>
/*---------------------------------------------------------------------------*/
void ccm_star_mic_packetbuf(const uint8_t *extended_source_address,
uint8_t *result,
uint8_t mic_len)
static const uint8_t *
get_extended_address(const linkaddr_t *addr)
#if LINKADDR_SIZE == 2
{
uint8_t *dataptr = packetbuf_dataptr();
uint8_t data_len = packetbuf_datalen();
uint8_t *headerptr = packetbuf_hdrptr();
uint8_t header_len = packetbuf_hdrlen();
uint8_t nonce[CCM_STAR_NONCE_LENGTH];
/* workaround for short addresses: derive EUI64 as in RFC 6282 */
static linkaddr_extended_t template = { { 0x00 , 0x00 , 0x00 ,
0xFF , 0xFE , 0x00 , 0x00 , 0x00 } };
memcpy(nonce, extended_source_address, 8);
template.u16[3] = LLSEC802154_HTONS(addr->u16);
return template.u8;
}
#else /* LINKADDR_SIZE == 2 */
{
return addr->u8;
}
#endif /* LINKADDR_SIZE == 2 */
/*---------------------------------------------------------------------------*/
void
ccm_star_packetbuf_set_nonce(uint8_t *nonce, int forward)
{
const linkaddr_t *source_addr;
source_addr = forward ? &linkaddr_node_addr : packetbuf_addr(PACKETBUF_ADDR_SENDER);
memcpy(nonce, get_extended_address(source_addr), 8);
nonce[8] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) >> 8;
nonce[9] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) & 0xff;
nonce[10] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) >> 8;
nonce[11] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) & 0xff;
nonce[12] = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL);
if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & (1 << 2)) {
CCM_STAR.mic(dataptr, data_len, nonce, headerptr, header_len, result, mic_len);
} else {
CCM_STAR.mic(dataptr, 0, nonce, headerptr, packetbuf_totlen(), result, mic_len);
}
}
/*---------------------------------------------------------------------------*/
void ccm_star_ctr_packetbuf(const uint8_t *extended_source_address)
{
uint8_t *dataptr = packetbuf_dataptr();
uint8_t data_len = packetbuf_datalen();
uint8_t nonce[CCM_STAR_NONCE_LENGTH];
memcpy(nonce, extended_source_address, 8);
nonce[8] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) >> 8;
nonce[9] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) & 0xff;
nonce[10] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) >> 8;
nonce[11] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) & 0xff;
nonce[12] = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL);
CCM_STAR.ctr(dataptr, data_len, nonce);
}
/*---------------------------------------------------------------------------*/

46
core/net/llsec/ccm-star-packetbuf.h
View File

@ -1,24 +1,48 @@
/*
* Copyright (c) 2013, Hasso-Plattner-Institut.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file is part of the Contiki operating system.
*
*/
/**
* \file
* CCM* convenience functions for MAC security
* \author
* Justin King-Lacroix <justin.kinglacroix@gmail.com>
* Konrad Krentz <konrad.krentz@gmail.com>
*/
#ifndef CCM_STAR_PACKETBUF_H_
#define CCM_STAR_PACKETBUF_H_
/**
* \brief Calls CCM_STAR.mic with parameters appropriate for LLSEC.
*/
void ccm_star_mic_packetbuf(const uint8_t *extended_source_address,
uint8_t *result,
uint8_t mic_len);
#include "lib/ccm-star.h"
/**
* \brief Calls CCM_STAR.ctr with parameters appropriate for LLSEC.
*/
void ccm_star_ctr_packetbuf(const uint8_t *extended_source_address);
void ccm_star_packetbuf_set_nonce(uint8_t *nonce, int forward);
#endif /* CCM_STAR_PACKETBUF_H_ */

20
core/net/llsec/llsec.h
View File

@ -48,10 +48,6 @@
* for incoming packets. Likewise, all NETSTACK_NETWORK protocols
* invoke NETSTACK_LLSEC.send(...) for outgoing packets.
*
* The bootstrap function of llsec_drivers can be used to defer the start
* of upper layers so as to bootstrap pairwise keys. Only contiki-sky-main.c
* supports this at the moment.
*
* @{
*/
@ -60,35 +56,23 @@
#include "net/mac/mac.h"
typedef void (* llsec_on_bootstrapped_t)(void);
/**
* The structure of a link layer security driver.
*/
struct llsec_driver {
char *name;
/** Bootstraps link layer security and thereafter starts upper layers. */
void (* bootstrap)(llsec_on_bootstrapped_t on_bootstrapped);
/** Inits link layer security. */
void (* init)(void);
/** Secures outgoing frames before passing them to NETSTACK_MAC. */
void (* send)(mac_callback_t sent_callback, void *ptr);
/**
* Once the NETSTACK_FRAMER wrote the headers, the LLSEC driver
* can generate a MIC over the entire frame.
* \return Returns != 0 <-> success
*/
int (* on_frame_created)(void);
/**
* Decrypts incoming frames;
* filters out injected or replayed frames.
*/
void (* input)(void);
/** Returns the security-related overhead per frame in bytes */
uint8_t (* get_overhead)(void);
};
#endif /* LLSEC_H_ */

157
core/net/llsec/noncoresec/noncoresec.c
View File

@ -47,6 +47,7 @@
#include "net/llsec/llsec802154.h"
#include "net/llsec/ccm-star-packetbuf.h"
#include "net/mac/frame802154.h"
#include "net/mac/framer-802154.h"
#include "net/netstack.h"
#include "net/packetbuf.h"
#include "net/nbr-table.h"
@ -80,81 +81,109 @@ static uint8_t key[16] = NONCORESEC_KEY;
NBR_TABLE(struct anti_replay_info, anti_replay_table);
/*---------------------------------------------------------------------------*/
static const uint8_t *
get_extended_address(const linkaddr_t *addr)
#if LINKADDR_SIZE == 2
static int
aead(uint8_t hdrlen, int forward)
{
/* workaround for short addresses: derive EUI64 as in RFC 6282 */
static linkaddr_extended_t template = { { 0x00 , 0x00 , 0x00 ,
0xFF , 0xFE , 0x00 , 0x00 , 0x00 } };
uint8_t totlen;
uint8_t nonce[CCM_STAR_NONCE_LENGTH];
uint8_t *m;
uint8_t m_len;
uint8_t *a;
uint8_t a_len;
uint8_t *result;
uint8_t generated_mic[LLSEC802154_MIC_LENGTH];
uint8_t *mic;
template.u16[3] = LLSEC802154_HTONS(addr->u16);
ccm_star_packetbuf_set_nonce(nonce, forward);
totlen = packetbuf_totlen();
a = packetbuf_hdrptr();
#if WITH_ENCRYPTION
a_len = hdrlen;
m = a + a_len;
m_len = totlen - hdrlen;
#else /* WITH_ENCRYPTION */
a_len = totlen;
m = NULL;
m_len = 0;
#endif /* WITH_ENCRYPTION */
return template.u8;
mic = a + totlen;
result = forward ? mic : generated_mic;
CCM_STAR.aead(nonce,
m, m_len,
a, a_len,
result, LLSEC802154_MIC_LENGTH,
forward);
if(forward) {
packetbuf_set_datalen(packetbuf_datalen() + LLSEC802154_MIC_LENGTH);
return 1;
} else {
return (memcmp(generated_mic, mic, LLSEC802154_MIC_LENGTH) == 0);
}
}
#else /* LINKADDR_SIZE == 2 */
/*---------------------------------------------------------------------------*/
static void
add_security_header(void)
{
return addr->u8;
if(!packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL)) {
packetbuf_set_attr(PACKETBUF_ATTR_FRAME_TYPE, FRAME802154_DATAFRAME);
packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, LLSEC802154_SECURITY_LEVEL);
anti_replay_set_counter();
}
}
#endif /* LINKADDR_SIZE == 2 */
/*---------------------------------------------------------------------------*/
static void
send(mac_callback_t sent, void *ptr)
{
packetbuf_set_attr(PACKETBUF_ATTR_FRAME_TYPE, FRAME802154_DATAFRAME);
packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, LLSEC802154_SECURITY_LEVEL);
anti_replay_set_counter();
NETSTACK_MAC.send(sent, ptr);
}
/*---------------------------------------------------------------------------*/
static int
on_frame_created(void)
create(void)
{
uint8_t *dataptr = packetbuf_dataptr();
uint8_t data_len = packetbuf_datalen();
ccm_star_mic_packetbuf(get_extended_address(&linkaddr_node_addr), dataptr + data_len, LLSEC802154_MIC_LENGTH);
#if WITH_ENCRYPTION
ccm_star_ctr_packetbuf(get_extended_address(&linkaddr_node_addr));
#endif /* WITH_ENCRYPTION */
packetbuf_set_datalen(data_len + LLSEC802154_MIC_LENGTH);
int result;
return 1;
add_security_header();
result = framer_802154.create();
if(result == FRAMER_FAILED) {
return result;
}
aead(result, 1);
return result;
}
/*---------------------------------------------------------------------------*/
static void
input(void)
static int
parse(void)
{
uint8_t generated_mic[LLSEC802154_MIC_LENGTH];
uint8_t *received_mic;
int result;
const linkaddr_t *sender;
struct anti_replay_info* info;
uint8_t *dataptr = packetbuf_dataptr();
uint8_t data_len = packetbuf_datalen();
result = framer_802154.parse();
if(result == FRAMER_FAILED) {
return result;
}
if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) != LLSEC802154_SECURITY_LEVEL) {
PRINTF("noncoresec: received frame with wrong security level\n");
return;
return FRAMER_FAILED;
}
sender = packetbuf_addr(PACKETBUF_ADDR_SENDER);
if(linkaddr_cmp(sender, &linkaddr_node_addr)) {
PRINTF("noncoresec: frame from ourselves\n");
return;
return FRAMER_FAILED;
}
data_len -= LLSEC802154_MIC_LENGTH;
packetbuf_set_datalen(data_len);
packetbuf_set_datalen(packetbuf_datalen() - LLSEC802154_MIC_LENGTH);
#if WITH_ENCRYPTION
ccm_star_ctr_packetbuf(get_extended_address(sender));
#endif /* WITH_ENCRYPTION */
ccm_star_mic_packetbuf(get_extended_address(sender), generated_mic, LLSEC802154_MIC_LENGTH);
received_mic = dataptr + data_len;
if(memcmp(generated_mic, received_mic, LLSEC802154_MIC_LENGTH) != 0) {
PRINTF("noncoresec: received nonauthentic frame %"PRIu32"\n",
if(!aead(result, 0)) {
PRINTF("noncoresec: received unauthentic frame %"PRIu32"\n",
anti_replay_get_counter());
return;
return FRAMER_FAILED;
}
info = nbr_table_get_from_lladdr(anti_replay_table, sender);
@ -162,7 +191,7 @@ input(void)
info = nbr_table_add_lladdr(anti_replay_table, sender);
if(!info) {
PRINTF("noncoresec: could not get nbr_table_item\n");
return;
return FRAMER_FAILED;
}
/*
@ -179,7 +208,7 @@ input(void)
if(!nbr_table_lock(anti_replay_table, info)) {
nbr_table_remove(anti_replay_table, info);
PRINTF("noncoresec: could not lock\n");
return;
return FRAMER_FAILED;
}
anti_replay_init_info(info);
@ -187,34 +216,44 @@ input(void)
if(anti_replay_was_replayed(info)) {
PRINTF("noncoresec: received replayed frame %"PRIu32"\n",
anti_replay_get_counter());
return;
return FRAMER_FAILED;
}
}
NETSTACK_NETWORK.input();
}
/*---------------------------------------------------------------------------*/
static uint8_t
get_overhead(void)
{
return SECURITY_HEADER_LENGTH + LLSEC802154_MIC_LENGTH;
return result;
}
/*---------------------------------------------------------------------------*/
static void
bootstrap(llsec_on_bootstrapped_t on_bootstrapped)
input(void)
{
NETSTACK_NETWORK.input();
}
/*---------------------------------------------------------------------------*/
static int
length(void)
{
add_security_header();
return framer_802154.length() + LLSEC802154_MIC_LENGTH;
}
/*---------------------------------------------------------------------------*/
static void
init(void)
{
CCM_STAR.set_key(key);
nbr_table_register(anti_replay_table, NULL);
on_bootstrapped();
}
/*---------------------------------------------------------------------------*/
const struct llsec_driver noncoresec_driver = {
"noncoresec",
bootstrap,
init,
send,
on_frame_created,
input,
get_overhead
input
};
/*---------------------------------------------------------------------------*/
const struct framer noncoresec_framer = {
length,
create,
parse
};
/*---------------------------------------------------------------------------*/

1
core/net/llsec/noncoresec/noncoresec.h
View File

@ -56,6 +56,7 @@
#include "net/llsec/llsec.h"
extern const struct llsec_driver noncoresec_driver;
extern const struct framer noncoresec_framer;
#endif /* NONCORESEC_H_ */

22
core/net/llsec/nullsec.c
View File

@ -49,9 +49,9 @@
/*---------------------------------------------------------------------------*/
static void
bootstrap(llsec_on_bootstrapped_t on_bootstrapped)
init(void)
{
on_bootstrapped();
}
/*---------------------------------------------------------------------------*/
static void
@ -61,31 +61,17 @@ send(mac_callback_t sent, void *ptr)
NETSTACK_MAC.send(sent, ptr);
}
/*---------------------------------------------------------------------------*/
static int
on_frame_created(void)
{
return 1;
}
/*---------------------------------------------------------------------------*/
static void
input(void)
{
NETSTACK_NETWORK.input();
}
/*---------------------------------------------------------------------------*/
static uint8_t
get_overhead(void)
{
return 0;
}
/*---------------------------------------------------------------------------*/
const struct llsec_driver nullsec_driver = {
"nullsec",
bootstrap,
init,
send,
on_frame_created,
input,
get_overhead
input
};
/*---------------------------------------------------------------------------*/

35
core/net/mac/contikimac/contikimac-framer.c
View File

@ -73,6 +73,8 @@ extern const struct framer DECORATED_FRAMER;
#define PRINTF(...)
#endif
static void pad(void);
/* 2-byte header for recovering padded packets.
Wireshark will not understand such packets at present. */
struct hdr {
@ -99,7 +101,8 @@ create(void)
}
chdr = packetbuf_hdrptr();
chdr->id = CONTIKIMAC_ID;
chdr->len = 0;
chdr->len = packetbuf_datalen();
pad();
hdr_len = DECORATED_FRAMER.create();
if(hdr_len < 0) {
@ -107,6 +110,8 @@ create(void)
return FRAMER_FAILED;
}
packetbuf_compact();
return hdr_len + sizeof(struct hdr);
}
/*---------------------------------------------------------------------------*/
@ -117,7 +122,7 @@ pad(void)
uint8_t *ptr;
uint8_t zeroes_count;
transmit_len = packetbuf_totlen();
transmit_len = packetbuf_totlen() + hdr_length();
if(transmit_len < SHORTEST_PACKET_SIZE) {
/* Padding required */
zeroes_count = SHORTEST_PACKET_SIZE - transmit_len;
@ -128,30 +133,6 @@ pad(void)
}
/*---------------------------------------------------------------------------*/
static int
create_and_secure(void)
{
struct hdr *chdr;
int hdr_len;
hdr_len = create();
if(hdr_len < 0) {
return FRAMER_FAILED;
}
packetbuf_compact();
if(!NETSTACK_LLSEC.on_frame_created()) {
PRINTF("contikimac-framer: securing failed\n");
return FRAMER_FAILED;
}
chdr = (struct hdr *)(((uint8_t *) packetbuf_dataptr()) - sizeof(struct hdr));
chdr->len = packetbuf_datalen();
pad();
return hdr_len;
}
/*---------------------------------------------------------------------------*/
static int
parse(void)
{
int hdr_len;
@ -174,7 +155,6 @@ parse(void)
}
packetbuf_set_datalen(chdr->len);
chdr->len = 0;
return hdr_len + sizeof(struct hdr);
}
@ -182,7 +162,6 @@ parse(void)
const struct framer contikimac_framer = {
hdr_length,
create,
create_and_secure,
parse
};
/*---------------------------------------------------------------------------*/

6
core/net/mac/contikimac/contikimac.c
View File

@ -560,7 +560,7 @@ send_packet(mac_callback_t mac_callback, void *mac_callback_ptr,
if(!packetbuf_attr(PACKETBUF_ATTR_IS_CREATED_AND_SECURED)) {
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
if(NETSTACK_FRAMER.create_and_secure() < 0) {
if(NETSTACK_FRAMER.create() < 0) {
PRINTF("contikimac: framer failed\n");
return MAC_TX_ERR_FATAL;
}
@ -829,7 +829,7 @@ qsend_list(mac_callback_t sent, void *ptr, struct rdc_buf_list *buf_list)
packetbuf_set_attr(PACKETBUF_ATTR_PENDING, 1);
}
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
if(NETSTACK_FRAMER.create_and_secure() < 0) {
if(NETSTACK_FRAMER.create() < 0) {
PRINTF("contikimac: framer failed\n");
mac_call_sent_callback(sent, ptr, MAC_TX_ERR_FATAL, 1);
return;
@ -915,8 +915,6 @@ input_packet(void)
broadcast address. */
/* If FRAME_PENDING is set, we are receiving a packets in a burst */
/* TODO To prevent denial-of-sleep attacks, the transceiver should
be disabled upon receipt of an unauthentic frame. */
we_are_receiving_burst = packetbuf_attr(PACKETBUF_ATTR_PENDING);
if(we_are_receiving_burst) {
on();

1
core/net/mac/framer-802154.c
View File

@ -273,7 +273,6 @@ parse(void)
const struct framer framer_802154 = {
hdr_length,
create,
framer_canonical_create_and_secure,
parse
};
/*---------------------------------------------------------------------------*/

1
core/net/mac/framer-nullmac.c
View File

@ -99,6 +99,5 @@ parse(void)
const struct framer framer_nullmac = {
hdr_length,
create,
framer_canonical_create_and_secure,
parse
};

50
core/net/mac/framer.c
View File

@ -1,50 +0,0 @@
/*
* Copyright (c) 2014, Fraunhofer Heinrich-Hertz-Institut.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
#include "net/mac/framer.h"
#include "net/packetbuf.h"
#include "net/netstack.h"
/*---------------------------------------------------------------------------*/
int
framer_canonical_create_and_secure(void)
{
int hdr_len;
hdr_len = NETSTACK_FRAMER.create();
if(hdr_len >= 0) {
packetbuf_compact();
if(!NETSTACK_LLSEC.on_frame_created()) {
return FRAMER_FAILED;
}
}
return hdr_len;
}
/*---------------------------------------------------------------------------*/

5
core/net/mac/framer.h
View File

@ -47,13 +47,8 @@ struct framer {
int (* length)(void);
int (* create)(void);
/** Creates the frame and calls LLSEC.on_frame_created() */
int (* create_and_secure)(void);
int (* parse)(void);
};
int framer_canonical_create_and_secure(void);
#endif /* FRAMER_H_ */

5
core/net/mac/nullrdc.c
View File

@ -120,7 +120,7 @@ send_one_packet(mac_callback_t sent, void *ptr)
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
#endif /* NULLRDC_802154_AUTOACK || NULLRDC_802154_AUTOACK_HW */
if(NETSTACK_FRAMER.create_and_secure() < 0) {
if(NETSTACK_FRAMER.create() < 0) {
/* Failed to allocate space for headers */
PRINTF("nullrdc: send failed, too large header\n");
ret = MAC_TX_ERR_FATAL;
@ -302,8 +302,7 @@ packet_input(void)
}
#endif /* RDC_WITH_DUPLICATE_DETECTION */
#endif /* NULLRDC_802154_AUTOACK */
/* TODO We may want to acknowledge only authentic frames */
#if NULLRDC_SEND_802154_ACK
{
frame802154_t info154;

1
examples/ipv6/slip-radio/no-framer.c
View File

@ -124,6 +124,5 @@ parse(void)
const struct framer no_framer = {
hdr_length,
create,
framer_canonical_create_and_secure,
parse
};

25
examples/llsec/ccm-star-tests/encryption/tests.c
View File

@ -56,8 +56,8 @@ test_sec_lvl_6()
0xC4 , 0xC5 , 0xC6 , 0xC7 ,
0xC8 , 0xC9 , 0xCA , 0xCB ,
0xCC , 0xCD , 0xCE , 0xCF };
uint8_t extended_source_address[8] = { 0xAC , 0xDE , 0x48 , 0x00 ,
0x00 , 0x00 , 0x00 , 0x01 };
linkaddr_t source_address = {{ 0xAC , 0xDE , 0x48 , 0x00 ,
0x00 , 0x00 , 0x00 , 0x01 }};
uint8_t data[30] = { 0x2B , 0xDC , 0x84 , 0x21 , 0x43 ,
/* Destination Address */
0x02 , 0x00 , 0x00 , 0x00 , 0x00 , 0x48 , 0xDE , 0xAC ,
@ -72,11 +72,12 @@ test_sec_lvl_6()
0x01 , 0xCE };
uint8_t oracle[LLSEC802154_MIC_LENGTH] = { 0x4F , 0xDE , 0x52 , 0x90 ,
0x61 , 0xF9 , 0xC6 , 0xF1 };
uint8_t nonce[13];
frame802154_frame_counter_t counter;
uint8_t mic[LLSEC802154_MIC_LENGTH];
printf("Testing verification ... ");
linkaddr_copy(&linkaddr_node_addr, &source_address);
packetbuf_clear();
packetbuf_set_datalen(30);
memcpy(packetbuf_hdrptr(), data, 30);
@ -87,9 +88,14 @@ test_sec_lvl_6()
packetbuf_hdrreduce(29);
CCM_STAR.set_key(key);
ccm_star_mic_packetbuf(extended_source_address, mic, LLSEC802154_MIC_LENGTH);
ccm_star_packetbuf_set_nonce(nonce, 1);
CCM_STAR.aead(nonce,
packetbuf_dataptr(), packetbuf_datalen(),
packetbuf_hdrptr(), packetbuf_hdrlen(),
((uint8_t *) packetbuf_hdrptr()) + 30, LLSEC802154_MIC_LENGTH,
1);
if(memcmp(mic, oracle, LLSEC802154_MIC_LENGTH) == 0) {
if(memcmp(((uint8_t *) packetbuf_hdrptr()) + 30, oracle, LLSEC802154_MIC_LENGTH) == 0) {
printf("Success\n");
} else {
printf("Failure\n");
@ -97,7 +103,6 @@ test_sec_lvl_6()
printf("Testing encryption ... ");
ccm_star_ctr_packetbuf(extended_source_address);
if(((uint8_t *) packetbuf_hdrptr())[29] == 0xD8) {
printf("Success\n");
} else {
@ -105,7 +110,13 @@ test_sec_lvl_6()
}
printf("Testing decryption ... ");
ccm_star_ctr_packetbuf(extended_source_address);
packetbuf_set_addr(PACKETBUF_ADDR_SENDER, &source_address);
ccm_star_packetbuf_set_nonce(nonce, 0);
CCM_STAR.aead(nonce,
packetbuf_dataptr(), packetbuf_datalen(),
packetbuf_hdrptr(), packetbuf_hdrlen(),
((uint8_t *) packetbuf_hdrptr()) + 30, LLSEC802154_MIC_LENGTH,
0);
if(((uint8_t *) packetbuf_hdrptr())[29] == 0xCE) {
printf("Success\n");
} else {

15
examples/llsec/ccm-star-tests/verification/tests.c
View File

@ -86,8 +86,8 @@ test_sec_lvl_2()
0xC4 , 0xC5 , 0xC6 , 0xC7 ,
0xC8 , 0xC9 , 0xCA , 0xCB ,
0xCC , 0xCD , 0xCE , 0xCF };
uint8_t extended_source_address[8] = { 0xAC , 0xDE , 0x48 , 0x00 ,
0x00 , 0x00 , 0x00 , 0x01 };
linkaddr_t source_address = {{ 0xAC , 0xDE , 0x48 , 0x00 ,
0x00 , 0x00 , 0x00 , 0x01 }};
uint8_t data[26] = { 0x08 , 0xD0 , 0x84 , 0x21 , 0x43 ,
/* Source Address */
0x01 , 0x00 , 0x00 , 0x00 , 0x00 , 0x48 , 0xDE , 0xAC ,
@ -101,9 +101,11 @@ test_sec_lvl_2()
0x84 , 0x1A , 0xB5 , 0x53 };
frame802154_frame_counter_t counter;
uint8_t mic[LLSEC802154_MIC_LENGTH];
uint8_t nonce[13];
printf("Testing verification ... ");
linkaddr_copy(&linkaddr_node_addr, &source_address);
packetbuf_clear();
packetbuf_set_datalen(26);
memcpy(packetbuf_hdrptr(), data, 26);
@ -114,9 +116,14 @@ test_sec_lvl_2()
packetbuf_hdrreduce(18);
CCM_STAR.set_key(key);
ccm_star_mic_packetbuf(extended_source_address,mic, LLSEC802154_MIC_LENGTH);
ccm_star_packetbuf_set_nonce(nonce, 1);
CCM_STAR.aead(nonce,
NULL, 0,
packetbuf_hdrptr(), packetbuf_totlen(),
((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen(), LLSEC802154_MIC_LENGTH,
1);
if(memcmp(mic, oracle, LLSEC802154_MIC_LENGTH) == 0) {
if(memcmp(((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen(), oracle, LLSEC802154_MIC_LENGTH) == 0) {
printf("Success\n");
} else {
printf("Failure\n");

18
platform/jn516x/contiki-jn516x-main.c
View File

@ -228,17 +228,6 @@ start_uip6(void)
#endif /* NETSTACK_CONF_WITH_IPV6 */
/*---------------------------------------------------------------------------*/
static void
start_network_layer(void)
{
#if NETSTACK_CONF_WITH_IPV6
start_uip6();
#endif /* NETSTACK_CONF_WITH_IPV6 */
start_autostart_processes();
/* To support link layer security in combination with NETSTACK_CONF_WITH_IPV4 and
* TIMESYNCH_CONF_ENABLED further things may need to be moved here */
}
/*--------------------------------------------------------------------------*/
static void
set_linkaddr(void)
{
int i;
@ -409,7 +398,12 @@ main(void)
#endif /* NETSTACK_CONF_WITH_IPV4 */
watchdog_start();
NETSTACK_LLSEC.bootstrap(start_network_layer);
NETSTACK_LLSEC.init();
#if NETSTACK_CONF_WITH_IPV6
start_uip6();
#endif /* NETSTACK_CONF_WITH_IPV6 */
start_autostart_processes();
leds_off(LEDS_ALL);
int r;

53
platform/jn516x/dev/ccm-star.c
View File

@ -45,54 +45,6 @@
static tsReg128 current_key;
static int current_key_is_new = 1;
/*---------------------------------------------------------------------------*/
static void
mic(const uint8_t *m, uint8_t m_len,
const uint8_t *nonce,
const uint8_t *a, uint8_t a_len,
uint8_t *result,
uint8_t mic_len)
{
tsReg128 nonce_aligned;
memcpy(&nonce_aligned, nonce, sizeof(nonce_aligned));
bACI_CCMstar(
&current_key,
current_key_is_new,
XCV_REG_AES_SET_MODE_CCM,
mic_len,
a_len,
m_len,
&nonce_aligned,
(uint8_t *)a,
(uint8_t *)m,
NULL,
result,
NULL
);
current_key_is_new = 0;
}
/*---------------------------------------------------------------------------*/
static void
ctr(uint8_t *m, uint8_t m_len, const uint8_t *nonce)
{
tsReg128 nonce_aligned;
memcpy(&nonce_aligned, nonce, sizeof(nonce_aligned));
bACI_CCMstar(
&current_key,
current_key_is_new,
XCV_REG_AES_SET_MODE_CCM,
0,
0,
m_len,
&nonce_aligned,
NULL,
m,
m,
NULL,
NULL
);
current_key_is_new = 0;
}
/*---------------------------------------------------------------------------*/
static void
aead(const uint8_t *nonce,
@ -161,8 +113,7 @@ set_key(const uint8_t *key)
}
/*---------------------------------------------------------------------------*/
const struct ccm_star_driver ccm_star_driver_jn516x = {
mic,
ctr,
set_key
set_key,
aead
};
/*---------------------------------------------------------------------------*/

99
platform/sky/contiki-sky-main.c
View File

@ -189,65 +189,6 @@ set_gateway(void)
}
#endif /* NETSTACK_CONF_WITH_IPV4 */
/*---------------------------------------------------------------------------*/
static void
start_autostart_processes()
{
#if !PROCESS_CONF_NO_PROCESS_NAMES
print_processes(autostart_processes);
#endif /* !PROCESS_CONF_NO_PROCESS_NAMES */
autostart_start(autostart_processes);
}
/*---------------------------------------------------------------------------*/
#if NETSTACK_CONF_WITH_IPV6
static void
start_uip6()
{
NETSTACK_NETWORK.init();
process_start(&tcpip_process, NULL);
#if DEBUG
PRINTF("Tentative link-local IPv6 address ");
{
uip_ds6_addr_t *lladdr;
int i;
lladdr = uip_ds6_get_link_local(-1);
for(i = 0; i < 7; ++i) {
PRINTF("%02x%02x:", lladdr->ipaddr.u8[i * 2],
lladdr->ipaddr.u8[i * 2 + 1]);
}
PRINTF("%02x%02x\n", lladdr->ipaddr.u8[14], lladdr->ipaddr.u8[15]);
}
#endif /* DEBUG */
if(!UIP_CONF_IPV6_RPL) {
uip_ipaddr_t ipaddr;
int i;
uip_ip6addr(&ipaddr, 0xaaaa, 0, 0, 0, 0, 0, 0, 0);
uip_ds6_set_addr_iid(&ipaddr, &uip_lladdr);
uip_ds6_addr_add(&ipaddr, 0, ADDR_TENTATIVE);
PRINTF("Tentative global IPv6 address ");
for(i = 0; i < 7; ++i) {
PRINTF("%02x%02x:",
ipaddr.u8[i * 2], ipaddr.u8[i * 2 + 1]);
}
PRINTF("%02x%02x\n",
ipaddr.u8[7 * 2], ipaddr.u8[7 * 2 + 1]);
}
}
#endif /* NETSTACK_CONF_WITH_IPV6 */
/*---------------------------------------------------------------------------*/
static void
start_network_layer()
{
#if NETSTACK_CONF_WITH_IPV6
start_uip6();
#endif /* NETSTACK_CONF_WITH_IPV6 */
start_autostart_processes();
/* To support link layer security in combination with NETSTACK_CONF_WITH_IPV4 and
* TIMESYNCH_CONF_ENABLED further things may need to be moved here */
}
/*---------------------------------------------------------------------------*/
#if WITH_TINYOS_AUTO_IDS
uint16_t TOS_NODE_ID = 0x1234; /* non-zero */
uint16_t TOS_LOCAL_ADDRESS = 0x1234; /* non-zero */
@ -360,6 +301,8 @@ main(int argc, char **argv)
queuebuf_init();
NETSTACK_RDC.init();
NETSTACK_MAC.init();
NETSTACK_LLSEC.init();
NETSTACK_NETWORK.init();
PRINTF("%s %s %s, channel check rate %lu Hz, radio channel %u, CCA threshold %i\n",
NETSTACK_LLSEC.name, NETSTACK_MAC.name, NETSTACK_RDC.name,
@ -367,11 +310,42 @@ main(int argc, char **argv)
NETSTACK_RDC.channel_check_interval()),
CC2420_CONF_CHANNEL,
CC2420_CONF_CCA_THRESH);
process_start(&tcpip_process, NULL);
#if DEBUG
PRINTF("Tentative link-local IPv6 address ");
{
uip_ds6_addr_t *lladdr;
int i;
lladdr = uip_ds6_get_link_local(-1);
for(i = 0; i < 7; ++i) {
PRINTF("%02x%02x:", lladdr->ipaddr.u8[i * 2],
lladdr->ipaddr.u8[i * 2 + 1]);
}
PRINTF("%02x%02x\n", lladdr->ipaddr.u8[14], lladdr->ipaddr.u8[15]);
}
#endif /* DEBUG */
if(!UIP_CONF_IPV6_RPL) {
uip_ipaddr_t ipaddr;
int i;
uip_ip6addr(&ipaddr, 0xaaaa, 0, 0, 0, 0, 0, 0, 0);
uip_ds6_set_addr_iid(&ipaddr, &uip_lladdr);
uip_ds6_addr_add(&ipaddr, 0, ADDR_TENTATIVE);
PRINTF("Tentative global IPv6 address ");
for(i = 0; i < 7; ++i) {
PRINTF("%02x%02x:",
ipaddr.u8[i * 2], ipaddr.u8[i * 2 + 1]);
}
PRINTF("%02x%02x\n",
ipaddr.u8[7 * 2], ipaddr.u8[7 * 2 + 1]);
}
#else /* NETSTACK_CONF_WITH_IPV6 */
NETSTACK_RDC.init();
NETSTACK_MAC.init();
NETSTACK_LLSEC.init();
NETSTACK_NETWORK.init();
PRINTF("%s %s %s, channel check rate %lu Hz, radio channel %u\n",
@ -421,10 +395,13 @@ main(int argc, char **argv)
uip_ipaddr_to_quad(&hostaddr));
}
#endif /* NETSTACK_CONF_WITH_IPV4 */
watchdog_start();
NETSTACK_LLSEC.bootstrap(start_network_layer);
#if !PROCESS_CONF_NO_PROCESS_NAMES
print_processes(autostart_processes);
#endif /* !PROCESS_CONF_NO_PROCESS_NAMES */
autostart_start(autostart_processes);
/*
* This is the scheduler loop.