From 2059b6559ec0dc61a8e51aa2450b30326d3268de Mon Sep 17 00:00:00 2001 From: Konrad Krentz Date: Sat, 27 Jun 2015 09:21:08 -0700 Subject: [PATCH 1/8] llsec: Let llsec_drivers define their own framer --- core/net/ipv6/sicslowpan.c | 2 +- core/net/llsec/llsec.h | 10 ---- core/net/llsec/noncoresec/noncoresec.c | 53 ++++++++++++++------- core/net/llsec/noncoresec/noncoresec.h | 1 + core/net/llsec/nullsec.c | 20 ++------ core/net/mac/contikimac/contikimac-framer.c | 31 +++--------- core/net/mac/contikimac/contikimac.c | 4 +- core/net/mac/framer-802154.c | 1 - core/net/mac/framer-nullmac.c | 1 - core/net/mac/framer.c | 50 ------------------- core/net/mac/framer.h | 5 -- core/net/mac/nullrdc.c | 2 +- examples/ipv6/slip-radio/no-framer.c | 1 - 13 files changed, 51 insertions(+), 130 deletions(-) delete mode 100644 core/net/mac/framer.c diff --git a/core/net/ipv6/sicslowpan.c b/core/net/ipv6/sicslowpan.c index a19f758fc..3e64c4155 100644 --- a/core/net/ipv6/sicslowpan.c +++ b/core/net/ipv6/sicslowpan.c @@ -1443,7 +1443,7 @@ output(const uip_lladdr_t *localdest) #else /* USE_FRAMER_HDRLEN */ framer_hdrlen = 21; #endif /* USE_FRAMER_HDRLEN */ - max_payload = MAC_MAX_PAYLOAD - framer_hdrlen - NETSTACK_LLSEC.get_overhead(); + max_payload = MAC_MAX_PAYLOAD - framer_hdrlen; if((int)uip_len - (int)uncomp_hdr_len > max_payload - (int)packetbuf_hdr_len) { #if SICSLOWPAN_CONF_FRAG diff --git a/core/net/llsec/llsec.h b/core/net/llsec/llsec.h index 7b3c8a1b2..e5f6a3a2b 100644 --- a/core/net/llsec/llsec.h +++ b/core/net/llsec/llsec.h @@ -74,21 +74,11 @@ struct llsec_driver { /** Secures outgoing frames before passing them to NETSTACK_MAC. */ void (* send)(mac_callback_t sent_callback, void *ptr); - /** - * Once the NETSTACK_FRAMER wrote the headers, the LLSEC driver - * can generate a MIC over the entire frame. - * \return Returns != 0 <-> success - */ - int (* on_frame_created)(void); - /** * Decrypts incoming frames; * filters out injected or replayed frames. */ void (* input)(void); - - /** Returns the security-related overhead per frame in bytes */ - uint8_t (* get_overhead)(void); }; #endif /* LLSEC_H_ */ diff --git a/core/net/llsec/noncoresec/noncoresec.c b/core/net/llsec/noncoresec/noncoresec.c index e62ad2725..bfa70aba6 100644 --- a/core/net/llsec/noncoresec/noncoresec.c +++ b/core/net/llsec/noncoresec/noncoresec.c @@ -47,6 +47,7 @@ #include "net/llsec/llsec802154.h" #include "net/llsec/ccm-star-packetbuf.h" #include "net/mac/frame802154.h" +#include "net/mac/framer-802154.h" #include "net/netstack.h" #include "net/packetbuf.h" #include "net/nbr-table.h" @@ -108,18 +109,33 @@ send(mac_callback_t sent, void *ptr) } /*---------------------------------------------------------------------------*/ static int -on_frame_created(void) +create(void) { - uint8_t *dataptr = packetbuf_dataptr(); - uint8_t data_len = packetbuf_datalen(); - + int result; + uint8_t *dataptr; + uint8_t data_len; + + result = framer_802154.create(); + if(result == FRAMER_FAILED) { + return result; + } + + dataptr = packetbuf_dataptr(); + data_len = packetbuf_datalen(); + ccm_star_mic_packetbuf(get_extended_address(&linkaddr_node_addr), dataptr + data_len, LLSEC802154_MIC_LENGTH); #if WITH_ENCRYPTION ccm_star_ctr_packetbuf(get_extended_address(&linkaddr_node_addr)); #endif /* WITH_ENCRYPTION */ packetbuf_set_datalen(data_len + LLSEC802154_MIC_LENGTH); - return 1; + return result; +} +/*---------------------------------------------------------------------------*/ +static int +parse(void) +{ + return framer_802154.parse(); } /*---------------------------------------------------------------------------*/ static void @@ -129,8 +145,6 @@ input(void) uint8_t *received_mic; const linkaddr_t *sender; struct anti_replay_info* info; - uint8_t *dataptr = packetbuf_dataptr(); - uint8_t data_len = packetbuf_datalen(); if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) != LLSEC802154_SECURITY_LEVEL) { PRINTF("noncoresec: received frame with wrong security level\n"); @@ -142,15 +156,14 @@ input(void) return; } - data_len -= LLSEC802154_MIC_LENGTH; - packetbuf_set_datalen(data_len); + packetbuf_set_datalen(packetbuf_datalen() - LLSEC802154_MIC_LENGTH); #if WITH_ENCRYPTION ccm_star_ctr_packetbuf(get_extended_address(sender)); #endif /* WITH_ENCRYPTION */ ccm_star_mic_packetbuf(get_extended_address(sender), generated_mic, LLSEC802154_MIC_LENGTH); - received_mic = dataptr + data_len; + received_mic = ((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen(); if(memcmp(generated_mic, received_mic, LLSEC802154_MIC_LENGTH) != 0) { PRINTF("noncoresec: received nonauthentic frame %"PRIu32"\n", anti_replay_get_counter()); @@ -194,10 +207,10 @@ input(void) NETSTACK_NETWORK.input(); } /*---------------------------------------------------------------------------*/ -static uint8_t -get_overhead(void) +static int +length(void) { - return SECURITY_HEADER_LENGTH + LLSEC802154_MIC_LENGTH; + return framer_802154.length() + SECURITY_HEADER_LENGTH + LLSEC802154_MIC_LENGTH; } /*---------------------------------------------------------------------------*/ static void @@ -205,16 +218,22 @@ bootstrap(llsec_on_bootstrapped_t on_bootstrapped) { CCM_STAR.set_key(key); nbr_table_register(anti_replay_table, NULL); - on_bootstrapped(); + if(on_bootstrapped) { + on_bootstrapped(); + } } /*---------------------------------------------------------------------------*/ const struct llsec_driver noncoresec_driver = { "noncoresec", bootstrap, send, - on_frame_created, - input, - get_overhead + input +}; +/*---------------------------------------------------------------------------*/ +const struct framer noncoresec_framer = { + length, + create, + parse }; /*---------------------------------------------------------------------------*/ diff --git a/core/net/llsec/noncoresec/noncoresec.h b/core/net/llsec/noncoresec/noncoresec.h index 1e2172590..c5fe3d43f 100644 --- a/core/net/llsec/noncoresec/noncoresec.h +++ b/core/net/llsec/noncoresec/noncoresec.h @@ -56,6 +56,7 @@ #include "net/llsec/llsec.h" extern const struct llsec_driver noncoresec_driver; +extern const struct framer noncoresec_framer; #endif /* NONCORESEC_H_ */ diff --git a/core/net/llsec/nullsec.c b/core/net/llsec/nullsec.c index f419cd7f7..b28ea72f4 100644 --- a/core/net/llsec/nullsec.c +++ b/core/net/llsec/nullsec.c @@ -51,7 +51,9 @@ static void bootstrap(llsec_on_bootstrapped_t on_bootstrapped) { - on_bootstrapped(); + if(on_bootstrapped) { + on_bootstrapped(); + } } /*---------------------------------------------------------------------------*/ static void @@ -61,31 +63,17 @@ send(mac_callback_t sent, void *ptr) NETSTACK_MAC.send(sent, ptr); } /*---------------------------------------------------------------------------*/ -static int -on_frame_created(void) -{ - return 1; -} -/*---------------------------------------------------------------------------*/ static void input(void) { NETSTACK_NETWORK.input(); } /*---------------------------------------------------------------------------*/ -static uint8_t -get_overhead(void) -{ - return 0; -} -/*---------------------------------------------------------------------------*/ const struct llsec_driver nullsec_driver = { "nullsec", bootstrap, send, - on_frame_created, - input, - get_overhead + input }; /*---------------------------------------------------------------------------*/ diff --git a/core/net/mac/contikimac/contikimac-framer.c b/core/net/mac/contikimac/contikimac-framer.c index 0a47866f9..809465b3e 100644 --- a/core/net/mac/contikimac/contikimac-framer.c +++ b/core/net/mac/contikimac/contikimac-framer.c @@ -73,6 +73,8 @@ extern const struct framer DECORATED_FRAMER; #define PRINTF(...) #endif +static void pad(void); + /* 2-byte header for recovering padded packets. Wireshark will not understand such packets at present. */ struct hdr { @@ -107,6 +109,10 @@ create(void) return FRAMER_FAILED; } + packetbuf_compact(); + chdr->len = packetbuf_datalen(); + pad(); + return hdr_len + sizeof(struct hdr); } /*---------------------------------------------------------------------------*/ @@ -128,30 +134,6 @@ pad(void) } /*---------------------------------------------------------------------------*/ static int -create_and_secure(void) -{ - struct hdr *chdr; - int hdr_len; - - hdr_len = create(); - if(hdr_len < 0) { - return FRAMER_FAILED; - } - - packetbuf_compact(); - if(!NETSTACK_LLSEC.on_frame_created()) { - PRINTF("contikimac-framer: securing failed\n"); - return FRAMER_FAILED; - } - - chdr = (struct hdr *)(((uint8_t *) packetbuf_dataptr()) - sizeof(struct hdr)); - chdr->len = packetbuf_datalen(); - pad(); - - return hdr_len; -} -/*---------------------------------------------------------------------------*/ -static int parse(void) { int hdr_len; @@ -182,7 +164,6 @@ parse(void) const struct framer contikimac_framer = { hdr_length, create, - create_and_secure, parse }; /*---------------------------------------------------------------------------*/ diff --git a/core/net/mac/contikimac/contikimac.c b/core/net/mac/contikimac/contikimac.c index 74da6ef40..b66023694 100644 --- a/core/net/mac/contikimac/contikimac.c +++ b/core/net/mac/contikimac/contikimac.c @@ -560,7 +560,7 @@ send_packet(mac_callback_t mac_callback, void *mac_callback_ptr, if(!packetbuf_attr(PACKETBUF_ATTR_IS_CREATED_AND_SECURED)) { packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1); - if(NETSTACK_FRAMER.create_and_secure() < 0) { + if(NETSTACK_FRAMER.create() < 0) { PRINTF("contikimac: framer failed\n"); return MAC_TX_ERR_FATAL; } @@ -829,7 +829,7 @@ qsend_list(mac_callback_t sent, void *ptr, struct rdc_buf_list *buf_list) packetbuf_set_attr(PACKETBUF_ATTR_PENDING, 1); } packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1); - if(NETSTACK_FRAMER.create_and_secure() < 0) { + if(NETSTACK_FRAMER.create() < 0) { PRINTF("contikimac: framer failed\n"); mac_call_sent_callback(sent, ptr, MAC_TX_ERR_FATAL, 1); return; diff --git a/core/net/mac/framer-802154.c b/core/net/mac/framer-802154.c index 987d142ba..ce96f6239 100644 --- a/core/net/mac/framer-802154.c +++ b/core/net/mac/framer-802154.c @@ -273,7 +273,6 @@ parse(void) const struct framer framer_802154 = { hdr_length, create, - framer_canonical_create_and_secure, parse }; /*---------------------------------------------------------------------------*/ diff --git a/core/net/mac/framer-nullmac.c b/core/net/mac/framer-nullmac.c index 6d53e3f8d..cc79051f1 100644 --- a/core/net/mac/framer-nullmac.c +++ b/core/net/mac/framer-nullmac.c @@ -99,6 +99,5 @@ parse(void) const struct framer framer_nullmac = { hdr_length, create, - framer_canonical_create_and_secure, parse }; diff --git a/core/net/mac/framer.c b/core/net/mac/framer.c deleted file mode 100644 index fa7e9b4c1..000000000 --- a/core/net/mac/framer.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2014, Fraunhofer Heinrich-Hertz-Institut. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ - -#include "net/mac/framer.h" -#include "net/packetbuf.h" -#include "net/netstack.h" - -/*---------------------------------------------------------------------------*/ -int -framer_canonical_create_and_secure(void) -{ - int hdr_len; - - hdr_len = NETSTACK_FRAMER.create(); - if(hdr_len >= 0) { - packetbuf_compact(); - if(!NETSTACK_LLSEC.on_frame_created()) { - return FRAMER_FAILED; - } - } - return hdr_len; -} -/*---------------------------------------------------------------------------*/ \ No newline at end of file diff --git a/core/net/mac/framer.h b/core/net/mac/framer.h index ce99aad1f..5ed419292 100644 --- a/core/net/mac/framer.h +++ b/core/net/mac/framer.h @@ -47,13 +47,8 @@ struct framer { int (* length)(void); int (* create)(void); - - /** Creates the frame and calls LLSEC.on_frame_created() */ - int (* create_and_secure)(void); int (* parse)(void); }; -int framer_canonical_create_and_secure(void); - #endif /* FRAMER_H_ */ diff --git a/core/net/mac/nullrdc.c b/core/net/mac/nullrdc.c index 111211a2b..b52853b90 100644 --- a/core/net/mac/nullrdc.c +++ b/core/net/mac/nullrdc.c @@ -120,7 +120,7 @@ send_one_packet(mac_callback_t sent, void *ptr) packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1); #endif /* NULLRDC_802154_AUTOACK || NULLRDC_802154_AUTOACK_HW */ - if(NETSTACK_FRAMER.create_and_secure() < 0) { + if(NETSTACK_FRAMER.create() < 0) { /* Failed to allocate space for headers */ PRINTF("nullrdc: send failed, too large header\n"); ret = MAC_TX_ERR_FATAL; diff --git a/examples/ipv6/slip-radio/no-framer.c b/examples/ipv6/slip-radio/no-framer.c index 7f3447e97..69f4b7e98 100644 --- a/examples/ipv6/slip-radio/no-framer.c +++ b/examples/ipv6/slip-radio/no-framer.c @@ -124,6 +124,5 @@ parse(void) const struct framer no_framer = { hdr_length, create, - framer_canonical_create_and_secure, parse }; From b522c042ec0ea4da546a2eb0d71e5ce0c92a50d2 Mon Sep 17 00:00:00 2001 From: Konrad Krentz Date: Sat, 27 Jun 2015 12:22:53 -0700 Subject: [PATCH 2/8] llsec: Replaced bootstrap function with a simple init function --- core/net/llsec/llsec.h | 10 +-- core/net/llsec/noncoresec/noncoresec.c | 7 +- core/net/llsec/nullsec.c | 8 +-- platform/sky/contiki-sky-main.c | 99 ++++++++++---------------- 4 files changed, 45 insertions(+), 79 deletions(-) diff --git a/core/net/llsec/llsec.h b/core/net/llsec/llsec.h index e5f6a3a2b..b0d983cc3 100644 --- a/core/net/llsec/llsec.h +++ b/core/net/llsec/llsec.h @@ -48,10 +48,6 @@ * for incoming packets. Likewise, all NETSTACK_NETWORK protocols * invoke NETSTACK_LLSEC.send(...) for outgoing packets. * - * The bootstrap function of llsec_drivers can be used to defer the start - * of upper layers so as to bootstrap pairwise keys. Only contiki-sky-main.c - * supports this at the moment. - * * @{ */ @@ -60,16 +56,14 @@ #include "net/mac/mac.h" -typedef void (* llsec_on_bootstrapped_t)(void); - /** * The structure of a link layer security driver. */ struct llsec_driver { char *name; - /** Bootstraps link layer security and thereafter starts upper layers. */ - void (* bootstrap)(llsec_on_bootstrapped_t on_bootstrapped); + /** Inits link layer security. */ + void (* init)(void); /** Secures outgoing frames before passing them to NETSTACK_MAC. */ void (* send)(mac_callback_t sent_callback, void *ptr); diff --git a/core/net/llsec/noncoresec/noncoresec.c b/core/net/llsec/noncoresec/noncoresec.c index bfa70aba6..ec66c172f 100644 --- a/core/net/llsec/noncoresec/noncoresec.c +++ b/core/net/llsec/noncoresec/noncoresec.c @@ -214,18 +214,15 @@ length(void) } /*---------------------------------------------------------------------------*/ static void -bootstrap(llsec_on_bootstrapped_t on_bootstrapped) +init(void) { CCM_STAR.set_key(key); nbr_table_register(anti_replay_table, NULL); - if(on_bootstrapped) { - on_bootstrapped(); - } } /*---------------------------------------------------------------------------*/ const struct llsec_driver noncoresec_driver = { "noncoresec", - bootstrap, + init, send, input }; diff --git a/core/net/llsec/nullsec.c b/core/net/llsec/nullsec.c index b28ea72f4..e4bd4ca2d 100644 --- a/core/net/llsec/nullsec.c +++ b/core/net/llsec/nullsec.c @@ -49,11 +49,9 @@ /*---------------------------------------------------------------------------*/ static void -bootstrap(llsec_on_bootstrapped_t on_bootstrapped) +init(void) { - if(on_bootstrapped) { - on_bootstrapped(); - } + } /*---------------------------------------------------------------------------*/ static void @@ -71,7 +69,7 @@ input(void) /*---------------------------------------------------------------------------*/ const struct llsec_driver nullsec_driver = { "nullsec", - bootstrap, + init, send, input }; diff --git a/platform/sky/contiki-sky-main.c b/platform/sky/contiki-sky-main.c index a099778c6..ea3afd93a 100644 --- a/platform/sky/contiki-sky-main.c +++ b/platform/sky/contiki-sky-main.c @@ -189,65 +189,6 @@ set_gateway(void) } #endif /* NETSTACK_CONF_WITH_IPV4 */ /*---------------------------------------------------------------------------*/ -static void -start_autostart_processes() -{ -#if !PROCESS_CONF_NO_PROCESS_NAMES - print_processes(autostart_processes); -#endif /* !PROCESS_CONF_NO_PROCESS_NAMES */ - autostart_start(autostart_processes); -} -/*---------------------------------------------------------------------------*/ -#if NETSTACK_CONF_WITH_IPV6 -static void -start_uip6() -{ - NETSTACK_NETWORK.init(); - - process_start(&tcpip_process, NULL); - -#if DEBUG - PRINTF("Tentative link-local IPv6 address "); - { - uip_ds6_addr_t *lladdr; - int i; - lladdr = uip_ds6_get_link_local(-1); - for(i = 0; i < 7; ++i) { - PRINTF("%02x%02x:", lladdr->ipaddr.u8[i * 2], - lladdr->ipaddr.u8[i * 2 + 1]); - } - PRINTF("%02x%02x\n", lladdr->ipaddr.u8[14], lladdr->ipaddr.u8[15]); - } -#endif /* DEBUG */ - - if(!UIP_CONF_IPV6_RPL) { - uip_ipaddr_t ipaddr; - int i; - uip_ip6addr(&ipaddr, 0xaaaa, 0, 0, 0, 0, 0, 0, 0); - uip_ds6_set_addr_iid(&ipaddr, &uip_lladdr); - uip_ds6_addr_add(&ipaddr, 0, ADDR_TENTATIVE); - PRINTF("Tentative global IPv6 address "); - for(i = 0; i < 7; ++i) { - PRINTF("%02x%02x:", - ipaddr.u8[i * 2], ipaddr.u8[i * 2 + 1]); - } - PRINTF("%02x%02x\n", - ipaddr.u8[7 * 2], ipaddr.u8[7 * 2 + 1]); - } -} -#endif /* NETSTACK_CONF_WITH_IPV6 */ -/*---------------------------------------------------------------------------*/ -static void -start_network_layer() -{ -#if NETSTACK_CONF_WITH_IPV6 - start_uip6(); -#endif /* NETSTACK_CONF_WITH_IPV6 */ - start_autostart_processes(); - /* To support link layer security in combination with NETSTACK_CONF_WITH_IPV4 and - * TIMESYNCH_CONF_ENABLED further things may need to be moved here */ -} -/*---------------------------------------------------------------------------*/ #if WITH_TINYOS_AUTO_IDS uint16_t TOS_NODE_ID = 0x1234; /* non-zero */ uint16_t TOS_LOCAL_ADDRESS = 0x1234; /* non-zero */ @@ -360,6 +301,8 @@ main(int argc, char **argv) queuebuf_init(); NETSTACK_RDC.init(); NETSTACK_MAC.init(); + NETSTACK_LLSEC.init(); + NETSTACK_NETWORK.init(); PRINTF("%s %s %s, channel check rate %lu Hz, radio channel %u, CCA threshold %i\n", NETSTACK_LLSEC.name, NETSTACK_MAC.name, NETSTACK_RDC.name, @@ -367,11 +310,42 @@ main(int argc, char **argv) NETSTACK_RDC.channel_check_interval()), CC2420_CONF_CHANNEL, CC2420_CONF_CCA_THRESH); + + process_start(&tcpip_process, NULL); +#if DEBUG + PRINTF("Tentative link-local IPv6 address "); + { + uip_ds6_addr_t *lladdr; + int i; + lladdr = uip_ds6_get_link_local(-1); + for(i = 0; i < 7; ++i) { + PRINTF("%02x%02x:", lladdr->ipaddr.u8[i * 2], + lladdr->ipaddr.u8[i * 2 + 1]); + } + PRINTF("%02x%02x\n", lladdr->ipaddr.u8[14], lladdr->ipaddr.u8[15]); + } +#endif /* DEBUG */ + + if(!UIP_CONF_IPV6_RPL) { + uip_ipaddr_t ipaddr; + int i; + uip_ip6addr(&ipaddr, 0xaaaa, 0, 0, 0, 0, 0, 0, 0); + uip_ds6_set_addr_iid(&ipaddr, &uip_lladdr); + uip_ds6_addr_add(&ipaddr, 0, ADDR_TENTATIVE); + PRINTF("Tentative global IPv6 address "); + for(i = 0; i < 7; ++i) { + PRINTF("%02x%02x:", + ipaddr.u8[i * 2], ipaddr.u8[i * 2 + 1]); + } + PRINTF("%02x%02x\n", + ipaddr.u8[7 * 2], ipaddr.u8[7 * 2 + 1]); + } #else /* NETSTACK_CONF_WITH_IPV6 */ NETSTACK_RDC.init(); NETSTACK_MAC.init(); + NETSTACK_LLSEC.init(); NETSTACK_NETWORK.init(); PRINTF("%s %s %s, channel check rate %lu Hz, radio channel %u\n", @@ -421,10 +395,13 @@ main(int argc, char **argv) uip_ipaddr_to_quad(&hostaddr)); } #endif /* NETSTACK_CONF_WITH_IPV4 */ - + watchdog_start(); - NETSTACK_LLSEC.bootstrap(start_network_layer); +#if !PROCESS_CONF_NO_PROCESS_NAMES + print_processes(autostart_processes); +#endif /* !PROCESS_CONF_NO_PROCESS_NAMES */ + autostart_start(autostart_processes); /* * This is the scheduler loop. From c656a4d1c5d267406c50c2d15c56aee3dee9a150 Mon Sep 17 00:00:00 2001 From: Konrad Krentz Date: Wed, 1 Jul 2015 07:00:14 -0700 Subject: [PATCH 3/8] llsec: Fixed style issues in CCM* --- core/lib/ccm-star.c | 27 ++--- core/lib/ccm-star.h | 39 +++--- core/net/llsec/ccm-star-packetbuf.c | 114 ++++++++++++++---- core/net/llsec/ccm-star-packetbuf.h | 40 +++++- core/net/llsec/noncoresec/noncoresec.c | 34 ++---- .../llsec/ccm-star-tests/encryption/tests.c | 10 +- .../llsec/ccm-star-tests/verification/tests.c | 6 +- 7 files changed, 174 insertions(+), 96 deletions(-) diff --git a/core/lib/ccm-star.c b/core/lib/ccm-star.c index 537d341e1..f916c4633 100644 --- a/core/lib/ccm-star.c +++ b/core/lib/ccm-star.c @@ -48,14 +48,11 @@ /*---------------------------------------------------------------------------*/ static void -set_nonce(uint8_t *iv, +set_iv(uint8_t *iv, uint8_t flags, const uint8_t *nonce, uint8_t counter) { - /* 1 byte|| 8 bytes || 4 bytes || 1 byte || 2 bytes */ - /* flags || extended_source_address || frame_counter || sec_lvl || counter */ - iv[0] = flags; memcpy(iv + 1, nonce, CCM_STAR_NONCE_LENGTH); iv[14] = 0; @@ -73,7 +70,7 @@ ctr_step(const uint8_t *nonce, uint8_t a[AES_128_BLOCK_SIZE]; uint8_t i; - set_nonce(a, CCM_STAR_ENCRYPTION_FLAGS, nonce, counter); + set_iv(a, CCM_STAR_ENCRYPTION_FLAGS, nonce, counter); AES_128.encrypt(a); for(i = 0; (pos + i < m_len) && (i < AES_128_BLOCK_SIZE); i++) { @@ -82,9 +79,9 @@ ctr_step(const uint8_t *nonce, } /*---------------------------------------------------------------------------*/ static void -mic(const uint8_t *m, uint8_t m_len, - const uint8_t *nonce, - const uint8_t *a, uint8_t a_len, +mic(const uint8_t *nonce, + const uint8_t *m, uint8_t m_len, + const uint8_t *a, uint8_t a_len, uint8_t *result, uint8_t mic_len) { @@ -92,10 +89,10 @@ mic(const uint8_t *m, uint8_t m_len, uint8_t pos; uint8_t i; - set_nonce(x, CCM_STAR_AUTH_FLAGS(a_len, mic_len), nonce, m_len); + set_iv(x, CCM_STAR_AUTH_FLAGS(a_len, mic_len), nonce, m_len); AES_128.encrypt(x); - if(a_len > 0) { + if(a_len) { x[1] = x[1] ^ a_len; for(i = 2; (i - 2 < a_len) && (i < AES_128_BLOCK_SIZE); i++) { x[i] ^= a[i - 2]; @@ -113,7 +110,7 @@ mic(const uint8_t *m, uint8_t m_len, } } - if(m_len > 0) { + if(m_len) { pos = 0; while(pos < m_len) { for(i = 0; (pos + i < m_len) && (i < AES_128_BLOCK_SIZE); i++) { @@ -130,7 +127,7 @@ mic(const uint8_t *m, uint8_t m_len, } /*---------------------------------------------------------------------------*/ static void -ctr(uint8_t *m, uint8_t m_len, const uint8_t* nonce) +ctr(const uint8_t *nonce, uint8_t *m, uint8_t m_len) { uint8_t pos; uint8_t counter; @@ -143,8 +140,10 @@ ctr(uint8_t *m, uint8_t m_len, const uint8_t* nonce) } } /*---------------------------------------------------------------------------*/ -static void set_key(const uint8_t *key) { - AES_128.set_key((uint8_t*)key); +static void +set_key(const uint8_t *key) +{ + AES_128.set_key(key); } /*---------------------------------------------------------------------------*/ const struct ccm_star_driver ccm_star_driver = { diff --git a/core/lib/ccm-star.h b/core/lib/ccm-star.h index f0394e4ae..ad4e49798 100644 --- a/core/lib/ccm-star.h +++ b/core/lib/ccm-star.h @@ -54,33 +54,32 @@ * Structure of CCM* drivers. */ struct ccm_star_driver { - - /** - * \brief Generates a MIC over the data supplied. - * \param data The data buffer to read. - * \param data_length The data buffer length. - * \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long. - * \param result The generated MIC will be put here - * \param mic_len The size of the MIC to be generated. <= 16. - */ - void (* mic)(const uint8_t* data, uint8_t data_length, - const uint8_t* nonce, - const uint8_t* add, uint8_t add_len, + + /** + * \brief Generates a MIC over the data supplied. + * \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long. + * \param m Message to authenticate and encrypt + * \param a Additional authenticated data + * \param result The generated MIC will be put here + * \param mic_len The size of the MIC to be generated. <= 16. + */ + void (* mic)(const uint8_t* nonce, + const uint8_t* m, uint8_t m_len, + const uint8_t* a, uint8_t a_len, uint8_t *result, uint8_t mic_len); /** - * \brief XORs the frame in the packetbuf with the key stream. - * \param data The data buffer to read. - * \param data_length The data buffer length. - * \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long. + * \brief XORs m with the key stream. + * \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long. + * \param m Message to authenticate and encrypt */ - void (* ctr)( uint8_t* data, uint8_t data_length, - const uint8_t* nonce); + void (* ctr)(const uint8_t* nonce, + uint8_t* m, uint8_t m_len); /** - * \brief Sets the key in use. Default implementation calls AES_128.set_key() - * \param key The key to use. + * \brief Sets the key in use. Default implementation calls AES_128.set_key(). + * \param key The key to use. */ void (* set_key)(const uint8_t* key); }; diff --git a/core/net/llsec/ccm-star-packetbuf.c b/core/net/llsec/ccm-star-packetbuf.c index 08087398e..91740f547 100644 --- a/core/net/llsec/ccm-star-packetbuf.c +++ b/core/net/llsec/ccm-star-packetbuf.c @@ -1,52 +1,116 @@ +/* + * Copyright (c) 2013, Hasso-Plattner-Institut. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file is part of the Contiki operating system. + * + */ + /** * \file * CCM* convenience functions for LLSEC use * \author * Justin King-Lacroix + * Konrad Krentz */ +#include "llsec/ccm-star-packetbuf.h" #include "lib/ccm-star.h" #include "net/packetbuf.h" #include /*---------------------------------------------------------------------------*/ -void ccm_star_mic_packetbuf(const uint8_t *extended_source_address, +static const uint8_t * +get_extended_address(const linkaddr_t *addr) +#if LINKADDR_SIZE == 2 +{ + /* workaround for short addresses: derive EUI64 as in RFC 6282 */ + static linkaddr_extended_t template = { { 0x00 , 0x00 , 0x00 , + 0xFF , 0xFE , 0x00 , 0x00 , 0x00 } }; + + template.u16[3] = LLSEC802154_HTONS(addr->u16); + + return template.u8; +} +#else /* LINKADDR_SIZE == 2 */ +{ + return addr->u8; +} +#endif /* LINKADDR_SIZE == 2 */ +/*---------------------------------------------------------------------------*/ +/* Inits the 13-byte CCM* nonce as of 802.15.4-2011. */ +static void +set_nonce(uint8_t *nonce, const linkaddr_t *source_addr) +{ + memcpy(nonce, get_extended_address(source_addr), 8); + nonce[8] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) >> 8; + nonce[9] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) & 0xff; + nonce[10] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) >> 8; + nonce[11] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) & 0xff; + nonce[12] = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL); +} +/*---------------------------------------------------------------------------*/ +void +ccm_star_packetbuf_mic(const linkaddr_t *source_addr, uint8_t *result, uint8_t mic_len) { - uint8_t *dataptr = packetbuf_dataptr(); - uint8_t data_len = packetbuf_datalen(); - uint8_t *headerptr = packetbuf_hdrptr(); - uint8_t header_len = packetbuf_hdrlen(); uint8_t nonce[CCM_STAR_NONCE_LENGTH]; - - memcpy(nonce, extended_source_address, 8); - nonce[8] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) >> 8; - nonce[9] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) & 0xff; - nonce[10] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) >> 8; - nonce[11] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) & 0xff; - nonce[12] = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL); + uint8_t *m; + uint8_t m_len; + uint8_t *a; + uint8_t a_len; + set_nonce(nonce, source_addr); + + a = packetbuf_hdrptr(); if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & (1 << 2)) { - CCM_STAR.mic(dataptr, data_len, nonce, headerptr, header_len, result, mic_len); + m = packetbuf_dataptr(); + m_len = packetbuf_datalen(); + a_len = packetbuf_hdrlen(); } else { - CCM_STAR.mic(dataptr, 0, nonce, headerptr, packetbuf_totlen(), result, mic_len); + m = NULL; + m_len = 0; + a_len = packetbuf_totlen(); } + + CCM_STAR.mic(nonce, + m, m_len, + a, a_len, + result, + mic_len); } /*---------------------------------------------------------------------------*/ -void ccm_star_ctr_packetbuf(const uint8_t *extended_source_address) +void +ccm_star_packetbuf_ctr(const linkaddr_t *source_addr) { - uint8_t *dataptr = packetbuf_dataptr(); - uint8_t data_len = packetbuf_datalen(); uint8_t nonce[CCM_STAR_NONCE_LENGTH]; - memcpy(nonce, extended_source_address, 8); - nonce[8] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) >> 8; - nonce[9] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) & 0xff; - nonce[10] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) >> 8; - nonce[11] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) & 0xff; - nonce[12] = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL); - - CCM_STAR.ctr(dataptr, data_len, nonce); + set_nonce(nonce, source_addr); + CCM_STAR.ctr(nonce, packetbuf_dataptr(), packetbuf_datalen()); } /*---------------------------------------------------------------------------*/ diff --git a/core/net/llsec/ccm-star-packetbuf.h b/core/net/llsec/ccm-star-packetbuf.h index 3b6c43472..d93ff1160 100644 --- a/core/net/llsec/ccm-star-packetbuf.h +++ b/core/net/llsec/ccm-star-packetbuf.h @@ -1,24 +1,58 @@ +/* + * Copyright (c) 2013, Hasso-Plattner-Institut. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file is part of the Contiki operating system. + * + */ + /** * \file * CCM* convenience functions for MAC security * \author * Justin King-Lacroix + * Konrad Krentz */ #ifndef CCM_STAR_PACKETBUF_H_ #define CCM_STAR_PACKETBUF_H_ +#include "net/linkaddr.h" + /** * \brief Calls CCM_STAR.mic with parameters appropriate for LLSEC. */ -void ccm_star_mic_packetbuf(const uint8_t *extended_source_address, +void ccm_star_packetbuf_mic(const linkaddr_t *source_addr, uint8_t *result, uint8_t mic_len); /** * \brief Calls CCM_STAR.ctr with parameters appropriate for LLSEC. */ -void ccm_star_ctr_packetbuf(const uint8_t *extended_source_address); +void ccm_star_packetbuf_ctr(const linkaddr_t *source_addr); #endif /* CCM_STAR_PACKETBUF_H_ */ - diff --git a/core/net/llsec/noncoresec/noncoresec.c b/core/net/llsec/noncoresec/noncoresec.c index ec66c172f..ca6e5f3ee 100644 --- a/core/net/llsec/noncoresec/noncoresec.c +++ b/core/net/llsec/noncoresec/noncoresec.c @@ -80,24 +80,6 @@ static uint8_t key[16] = NONCORESEC_KEY; NBR_TABLE(struct anti_replay_info, anti_replay_table); -/*---------------------------------------------------------------------------*/ -static const uint8_t * -get_extended_address(const linkaddr_t *addr) -#if LINKADDR_SIZE == 2 -{ - /* workaround for short addresses: derive EUI64 as in RFC 6282 */ - static linkaddr_extended_t template = { { 0x00 , 0x00 , 0x00 , - 0xFF , 0xFE , 0x00 , 0x00 , 0x00 } }; - - template.u16[3] = LLSEC802154_HTONS(addr->u16); - - return template.u8; -} -#else /* LINKADDR_SIZE == 2 */ -{ - return addr->u8; -} -#endif /* LINKADDR_SIZE == 2 */ /*---------------------------------------------------------------------------*/ static void send(mac_callback_t sent, void *ptr) @@ -113,7 +95,7 @@ create(void) { int result; uint8_t *dataptr; - uint8_t data_len; + uint8_t datalen; result = framer_802154.create(); if(result == FRAMER_FAILED) { @@ -121,13 +103,13 @@ create(void) } dataptr = packetbuf_dataptr(); - data_len = packetbuf_datalen(); - - ccm_star_mic_packetbuf(get_extended_address(&linkaddr_node_addr), dataptr + data_len, LLSEC802154_MIC_LENGTH); + datalen = packetbuf_datalen(); + + ccm_star_packetbuf_mic(&linkaddr_node_addr, dataptr + datalen, LLSEC802154_MIC_LENGTH); #if WITH_ENCRYPTION - ccm_star_ctr_packetbuf(get_extended_address(&linkaddr_node_addr)); + ccm_star_packetbuf_ctr(&linkaddr_node_addr); #endif /* WITH_ENCRYPTION */ - packetbuf_set_datalen(data_len + LLSEC802154_MIC_LENGTH); + packetbuf_set_datalen(datalen + LLSEC802154_MIC_LENGTH); return result; } @@ -159,9 +141,9 @@ input(void) packetbuf_set_datalen(packetbuf_datalen() - LLSEC802154_MIC_LENGTH); #if WITH_ENCRYPTION - ccm_star_ctr_packetbuf(get_extended_address(sender)); + ccm_star_packetbuf_ctr(sender); #endif /* WITH_ENCRYPTION */ - ccm_star_mic_packetbuf(get_extended_address(sender), generated_mic, LLSEC802154_MIC_LENGTH); + ccm_star_packetbuf_mic(sender, generated_mic, LLSEC802154_MIC_LENGTH); received_mic = ((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen(); if(memcmp(generated_mic, received_mic, LLSEC802154_MIC_LENGTH) != 0) { diff --git a/examples/llsec/ccm-star-tests/encryption/tests.c b/examples/llsec/ccm-star-tests/encryption/tests.c index b9cc58782..0c454157c 100644 --- a/examples/llsec/ccm-star-tests/encryption/tests.c +++ b/examples/llsec/ccm-star-tests/encryption/tests.c @@ -56,8 +56,8 @@ test_sec_lvl_6() 0xC4 , 0xC5 , 0xC6 , 0xC7 , 0xC8 , 0xC9 , 0xCA , 0xCB , 0xCC , 0xCD , 0xCE , 0xCF }; - uint8_t extended_source_address[8] = { 0xAC , 0xDE , 0x48 , 0x00 , - 0x00 , 0x00 , 0x00 , 0x01 }; + linkaddr_t source_address = {{ 0xAC , 0xDE , 0x48 , 0x00 , + 0x00 , 0x00 , 0x00 , 0x01 }}; uint8_t data[30] = { 0x2B , 0xDC , 0x84 , 0x21 , 0x43 , /* Destination Address */ 0x02 , 0x00 , 0x00 , 0x00 , 0x00 , 0x48 , 0xDE , 0xAC , @@ -87,7 +87,7 @@ test_sec_lvl_6() packetbuf_hdrreduce(29); CCM_STAR.set_key(key); - ccm_star_mic_packetbuf(extended_source_address, mic, LLSEC802154_MIC_LENGTH); + ccm_star_packetbuf_mic(&source_address, mic, LLSEC802154_MIC_LENGTH); if(memcmp(mic, oracle, LLSEC802154_MIC_LENGTH) == 0) { printf("Success\n"); @@ -97,7 +97,7 @@ test_sec_lvl_6() printf("Testing encryption ... "); - ccm_star_ctr_packetbuf(extended_source_address); + ccm_star_packetbuf_ctr(&source_address); if(((uint8_t *) packetbuf_hdrptr())[29] == 0xD8) { printf("Success\n"); } else { @@ -105,7 +105,7 @@ test_sec_lvl_6() } printf("Testing decryption ... "); - ccm_star_ctr_packetbuf(extended_source_address); + ccm_star_packetbuf_ctr(&source_address); if(((uint8_t *) packetbuf_hdrptr())[29] == 0xCE) { printf("Success\n"); } else { diff --git a/examples/llsec/ccm-star-tests/verification/tests.c b/examples/llsec/ccm-star-tests/verification/tests.c index d768ddeb6..61490a0c5 100644 --- a/examples/llsec/ccm-star-tests/verification/tests.c +++ b/examples/llsec/ccm-star-tests/verification/tests.c @@ -86,8 +86,8 @@ test_sec_lvl_2() 0xC4 , 0xC5 , 0xC6 , 0xC7 , 0xC8 , 0xC9 , 0xCA , 0xCB , 0xCC , 0xCD , 0xCE , 0xCF }; - uint8_t extended_source_address[8] = { 0xAC , 0xDE , 0x48 , 0x00 , - 0x00 , 0x00 , 0x00 , 0x01 }; + linkaddr_t source_address = {{ 0xAC , 0xDE , 0x48 , 0x00 , + 0x00 , 0x00 , 0x00 , 0x01 }}; uint8_t data[26] = { 0x08 , 0xD0 , 0x84 , 0x21 , 0x43 , /* Source Address */ 0x01 , 0x00 , 0x00 , 0x00 , 0x00 , 0x48 , 0xDE , 0xAC , @@ -114,7 +114,7 @@ test_sec_lvl_2() packetbuf_hdrreduce(18); CCM_STAR.set_key(key); - ccm_star_mic_packetbuf(extended_source_address,mic, LLSEC802154_MIC_LENGTH); + ccm_star_packetbuf_mic(&source_address, mic, LLSEC802154_MIC_LENGTH); if(memcmp(mic, oracle, LLSEC802154_MIC_LENGTH) == 0) { printf("Success\n"); From 0a6b1cb6469248bd28c0e355d61d896ac505f14f Mon Sep 17 00:00:00 2001 From: Konrad Krentz Date: Wed, 15 Jul 2015 06:11:42 -0700 Subject: [PATCH 4/8] llsec: Added AEAD mode to CCM* --- core/lib/ccm-star.c | 29 ++++++++- core/lib/ccm-star.h | 37 +++++------ core/net/llsec/ccm-star-packetbuf.c | 50 ++------------- core/net/llsec/ccm-star-packetbuf.h | 14 +---- core/net/llsec/noncoresec/noncoresec.c | 62 +++++++++++++------ .../llsec/ccm-star-tests/encryption/tests.c | 21 +++++-- .../llsec/ccm-star-tests/verification/tests.c | 11 +++- 7 files changed, 116 insertions(+), 108 deletions(-) diff --git a/core/lib/ccm-star.c b/core/lib/ccm-star.c index f916c4633..fdbbd5363 100644 --- a/core/lib/ccm-star.c +++ b/core/lib/ccm-star.c @@ -146,9 +146,32 @@ set_key(const uint8_t *key) AES_128.set_key(key); } /*---------------------------------------------------------------------------*/ +void +aead(const uint8_t* nonce, + uint8_t* m, uint8_t m_len, + const uint8_t* a, uint8_t a_len, + uint8_t *result, uint8_t mic_len, + int forward) +{ + if(!forward) { + /* decrypt */ + ctr(nonce, m, m_len); + } + + mic(nonce, + m, m_len, + a, a_len, + result, + mic_len); + + if(forward) { + /* encrypt */ + ctr(nonce, m, m_len); + } +} +/*---------------------------------------------------------------------------*/ const struct ccm_star_driver ccm_star_driver = { - mic, - ctr, - set_key + set_key, + aead }; /*---------------------------------------------------------------------------*/ diff --git a/core/lib/ccm-star.h b/core/lib/ccm-star.h index ad4e49798..06296fb44 100644 --- a/core/lib/ccm-star.h +++ b/core/lib/ccm-star.h @@ -54,34 +54,27 @@ * Structure of CCM* drivers. */ struct ccm_star_driver { - - /** - * \brief Generates a MIC over the data supplied. - * \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long. - * \param m Message to authenticate and encrypt - * \param a Additional authenticated data - * \param result The generated MIC will be put here - * \param mic_len The size of the MIC to be generated. <= 16. - */ - void (* mic)(const uint8_t* nonce, - const uint8_t* m, uint8_t m_len, - const uint8_t* a, uint8_t a_len, - uint8_t *result, - uint8_t mic_len); - - /** - * \brief XORs m with the key stream. - * \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long. - * \param m Message to authenticate and encrypt - */ - void (* ctr)(const uint8_t* nonce, - uint8_t* m, uint8_t m_len); /** * \brief Sets the key in use. Default implementation calls AES_128.set_key(). * \param key The key to use. */ void (* set_key)(const uint8_t* key); + + /** + * \brief Combines authentication and encryption. + * \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long. + * \param m message to encrypt or decrypt + * \param a Additional authenticated data + * \param result The generated MIC will be put here + * \param mic_len The size of the MIC to be generated. <= 16. + * \param forward != 0 if used in forward direction. + */ + void (* aead)(const uint8_t* nonce, + uint8_t* m, uint8_t m_len, + const uint8_t* a, uint8_t a_len, + uint8_t *result, uint8_t mic_len, + int forward); }; extern const struct ccm_star_driver CCM_STAR; diff --git a/core/net/llsec/ccm-star-packetbuf.c b/core/net/llsec/ccm-star-packetbuf.c index 91740f547..61e681b1c 100644 --- a/core/net/llsec/ccm-star-packetbuf.c +++ b/core/net/llsec/ccm-star-packetbuf.c @@ -39,7 +39,7 @@ */ #include "llsec/ccm-star-packetbuf.h" -#include "lib/ccm-star.h" +#include "net/linkaddr.h" #include "net/packetbuf.h" #include @@ -62,10 +62,12 @@ get_extended_address(const linkaddr_t *addr) } #endif /* LINKADDR_SIZE == 2 */ /*---------------------------------------------------------------------------*/ -/* Inits the 13-byte CCM* nonce as of 802.15.4-2011. */ -static void -set_nonce(uint8_t *nonce, const linkaddr_t *source_addr) +void +ccm_star_packetbuf_set_nonce(uint8_t *nonce, int forward) { + const linkaddr_t *source_addr; + + source_addr = forward ? &linkaddr_node_addr : packetbuf_addr(PACKETBUF_ADDR_SENDER); memcpy(nonce, get_extended_address(source_addr), 8); nonce[8] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) >> 8; nonce[9] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) & 0xff; @@ -74,43 +76,3 @@ set_nonce(uint8_t *nonce, const linkaddr_t *source_addr) nonce[12] = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL); } /*---------------------------------------------------------------------------*/ -void -ccm_star_packetbuf_mic(const linkaddr_t *source_addr, - uint8_t *result, - uint8_t mic_len) -{ - uint8_t nonce[CCM_STAR_NONCE_LENGTH]; - uint8_t *m; - uint8_t m_len; - uint8_t *a; - uint8_t a_len; - - set_nonce(nonce, source_addr); - - a = packetbuf_hdrptr(); - if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & (1 << 2)) { - m = packetbuf_dataptr(); - m_len = packetbuf_datalen(); - a_len = packetbuf_hdrlen(); - } else { - m = NULL; - m_len = 0; - a_len = packetbuf_totlen(); - } - - CCM_STAR.mic(nonce, - m, m_len, - a, a_len, - result, - mic_len); -} -/*---------------------------------------------------------------------------*/ -void -ccm_star_packetbuf_ctr(const linkaddr_t *source_addr) -{ - uint8_t nonce[CCM_STAR_NONCE_LENGTH]; - - set_nonce(nonce, source_addr); - CCM_STAR.ctr(nonce, packetbuf_dataptr(), packetbuf_datalen()); -} -/*---------------------------------------------------------------------------*/ diff --git a/core/net/llsec/ccm-star-packetbuf.h b/core/net/llsec/ccm-star-packetbuf.h index d93ff1160..dcbe6c4db 100644 --- a/core/net/llsec/ccm-star-packetbuf.h +++ b/core/net/llsec/ccm-star-packetbuf.h @@ -41,18 +41,8 @@ #ifndef CCM_STAR_PACKETBUF_H_ #define CCM_STAR_PACKETBUF_H_ -#include "net/linkaddr.h" +#include "lib/ccm-star.h" -/** - * \brief Calls CCM_STAR.mic with parameters appropriate for LLSEC. - */ -void ccm_star_packetbuf_mic(const linkaddr_t *source_addr, - uint8_t *result, - uint8_t mic_len); - -/** - * \brief Calls CCM_STAR.ctr with parameters appropriate for LLSEC. - */ -void ccm_star_packetbuf_ctr(const linkaddr_t *source_addr); +void ccm_star_packetbuf_set_nonce(uint8_t *nonce, int forward); #endif /* CCM_STAR_PACKETBUF_H_ */ diff --git a/core/net/llsec/noncoresec/noncoresec.c b/core/net/llsec/noncoresec/noncoresec.c index ca6e5f3ee..ee26a5ba0 100644 --- a/core/net/llsec/noncoresec/noncoresec.c +++ b/core/net/llsec/noncoresec/noncoresec.c @@ -80,6 +80,45 @@ static uint8_t key[16] = NONCORESEC_KEY; NBR_TABLE(struct anti_replay_info, anti_replay_table); +/*---------------------------------------------------------------------------*/ +static int +aead(int forward) +{ + uint8_t nonce[CCM_STAR_NONCE_LENGTH]; + uint8_t *m; + uint8_t m_len; + uint8_t *a; + uint8_t a_len; + uint8_t *result; + uint8_t generated_mic[LLSEC802154_MIC_LENGTH]; + uint8_t *mic; + + ccm_star_packetbuf_set_nonce(nonce, forward); + a = packetbuf_hdrptr(); + m = packetbuf_dataptr(); +#if WITH_ENCRYPTION + a_len = packetbuf_hdrlen(); + m_len = packetbuf_datalen(); +#else /* WITH_ENCRYPTION */ + a_len = packetbuf_totlen(); + m_len = 0; +#endif /* WITH_ENCRYPTION */ + mic = a + a_len + m_len; + result = forward ? mic : generated_mic; + + CCM_STAR.aead(nonce, + m, m_len, + a, a_len, + result, LLSEC802154_MIC_LENGTH, + forward); + + if(forward) { + packetbuf_set_datalen(packetbuf_datalen() + LLSEC802154_MIC_LENGTH); + return 1; + } else { + return (memcmp(generated_mic, mic, LLSEC802154_MIC_LENGTH) == 0); + } +} /*---------------------------------------------------------------------------*/ static void send(mac_callback_t sent, void *ptr) @@ -94,22 +133,13 @@ static int create(void) { int result; - uint8_t *dataptr; - uint8_t datalen; result = framer_802154.create(); if(result == FRAMER_FAILED) { return result; } - - dataptr = packetbuf_dataptr(); - datalen = packetbuf_datalen(); - ccm_star_packetbuf_mic(&linkaddr_node_addr, dataptr + datalen, LLSEC802154_MIC_LENGTH); -#if WITH_ENCRYPTION - ccm_star_packetbuf_ctr(&linkaddr_node_addr); -#endif /* WITH_ENCRYPTION */ - packetbuf_set_datalen(datalen + LLSEC802154_MIC_LENGTH); + aead(1); return result; } @@ -123,8 +153,6 @@ parse(void) static void input(void) { - uint8_t generated_mic[LLSEC802154_MIC_LENGTH]; - uint8_t *received_mic; const linkaddr_t *sender; struct anti_replay_info* info; @@ -140,14 +168,8 @@ input(void) packetbuf_set_datalen(packetbuf_datalen() - LLSEC802154_MIC_LENGTH); -#if WITH_ENCRYPTION - ccm_star_packetbuf_ctr(sender); -#endif /* WITH_ENCRYPTION */ - ccm_star_packetbuf_mic(sender, generated_mic, LLSEC802154_MIC_LENGTH); - - received_mic = ((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen(); - if(memcmp(generated_mic, received_mic, LLSEC802154_MIC_LENGTH) != 0) { - PRINTF("noncoresec: received nonauthentic frame %"PRIu32"\n", + if(!aead(0)) { + PRINTF("noncoresec: received unauthentic frame %"PRIu32"\n", anti_replay_get_counter()); return; } diff --git a/examples/llsec/ccm-star-tests/encryption/tests.c b/examples/llsec/ccm-star-tests/encryption/tests.c index 0c454157c..b5c296799 100644 --- a/examples/llsec/ccm-star-tests/encryption/tests.c +++ b/examples/llsec/ccm-star-tests/encryption/tests.c @@ -72,11 +72,12 @@ test_sec_lvl_6() 0x01 , 0xCE }; uint8_t oracle[LLSEC802154_MIC_LENGTH] = { 0x4F , 0xDE , 0x52 , 0x90 , 0x61 , 0xF9 , 0xC6 , 0xF1 }; + uint8_t nonce[13]; frame802154_frame_counter_t counter; - uint8_t mic[LLSEC802154_MIC_LENGTH]; printf("Testing verification ... "); + linkaddr_copy(&linkaddr_node_addr, &source_address); packetbuf_clear(); packetbuf_set_datalen(30); memcpy(packetbuf_hdrptr(), data, 30); @@ -87,9 +88,14 @@ test_sec_lvl_6() packetbuf_hdrreduce(29); CCM_STAR.set_key(key); - ccm_star_packetbuf_mic(&source_address, mic, LLSEC802154_MIC_LENGTH); + ccm_star_packetbuf_set_nonce(nonce, 1); + CCM_STAR.aead(nonce, + packetbuf_dataptr(), packetbuf_datalen(), + packetbuf_hdrptr(), packetbuf_hdrlen(), + ((uint8_t *) packetbuf_hdrptr()) + 30, LLSEC802154_MIC_LENGTH, + 1); - if(memcmp(mic, oracle, LLSEC802154_MIC_LENGTH) == 0) { + if(memcmp(((uint8_t *) packetbuf_hdrptr()) + 30, oracle, LLSEC802154_MIC_LENGTH) == 0) { printf("Success\n"); } else { printf("Failure\n"); @@ -97,7 +103,6 @@ test_sec_lvl_6() printf("Testing encryption ... "); - ccm_star_packetbuf_ctr(&source_address); if(((uint8_t *) packetbuf_hdrptr())[29] == 0xD8) { printf("Success\n"); } else { @@ -105,7 +110,13 @@ test_sec_lvl_6() } printf("Testing decryption ... "); - ccm_star_packetbuf_ctr(&source_address); + packetbuf_set_addr(PACKETBUF_ADDR_SENDER, &source_address); + ccm_star_packetbuf_set_nonce(nonce, 0); + CCM_STAR.aead(nonce, + packetbuf_dataptr(), packetbuf_datalen(), + packetbuf_hdrptr(), packetbuf_hdrlen(), + ((uint8_t *) packetbuf_hdrptr()) + 30, LLSEC802154_MIC_LENGTH, + 0); if(((uint8_t *) packetbuf_hdrptr())[29] == 0xCE) { printf("Success\n"); } else { diff --git a/examples/llsec/ccm-star-tests/verification/tests.c b/examples/llsec/ccm-star-tests/verification/tests.c index 61490a0c5..4de463fee 100644 --- a/examples/llsec/ccm-star-tests/verification/tests.c +++ b/examples/llsec/ccm-star-tests/verification/tests.c @@ -101,9 +101,11 @@ test_sec_lvl_2() 0x84 , 0x1A , 0xB5 , 0x53 }; frame802154_frame_counter_t counter; uint8_t mic[LLSEC802154_MIC_LENGTH]; + uint8_t nonce[13]; printf("Testing verification ... "); + linkaddr_copy(&linkaddr_node_addr, &source_address); packetbuf_clear(); packetbuf_set_datalen(26); memcpy(packetbuf_hdrptr(), data, 26); @@ -114,9 +116,14 @@ test_sec_lvl_2() packetbuf_hdrreduce(18); CCM_STAR.set_key(key); - ccm_star_packetbuf_mic(&source_address, mic, LLSEC802154_MIC_LENGTH); + ccm_star_packetbuf_set_nonce(nonce, 1); + CCM_STAR.aead(nonce, + NULL, 0, + packetbuf_hdrptr(), packetbuf_totlen(), + ((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen(), LLSEC802154_MIC_LENGTH, + 1); - if(memcmp(mic, oracle, LLSEC802154_MIC_LENGTH) == 0) { + if(memcmp(((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen(), oracle, LLSEC802154_MIC_LENGTH) == 0) { printf("Success\n"); } else { printf("Failure\n"); From 1a12ef33344663c3533afd9b0536bf095f4ad09d Mon Sep 17 00:00:00 2001 From: Konrad Krentz Date: Fri, 17 Jul 2015 08:26:35 -0700 Subject: [PATCH 5/8] llsec: Unsecuring within parse --- core/net/llsec/noncoresec/noncoresec.c | 67 +++++++++++++-------- core/net/mac/contikimac/contikimac-framer.c | 8 +-- core/net/mac/contikimac/contikimac.c | 2 - core/net/mac/nullrdc.c | 3 +- 4 files changed, 47 insertions(+), 33 deletions(-) diff --git a/core/net/llsec/noncoresec/noncoresec.c b/core/net/llsec/noncoresec/noncoresec.c index ee26a5ba0..e18a7d734 100644 --- a/core/net/llsec/noncoresec/noncoresec.c +++ b/core/net/llsec/noncoresec/noncoresec.c @@ -82,8 +82,9 @@ NBR_TABLE(struct anti_replay_info, anti_replay_table); /*---------------------------------------------------------------------------*/ static int -aead(int forward) +aead(uint8_t hdrlen, int forward) { + uint8_t totlen; uint8_t nonce[CCM_STAR_NONCE_LENGTH]; uint8_t *m; uint8_t m_len; @@ -94,16 +95,19 @@ aead(int forward) uint8_t *mic; ccm_star_packetbuf_set_nonce(nonce, forward); + totlen = packetbuf_totlen(); a = packetbuf_hdrptr(); - m = packetbuf_dataptr(); #if WITH_ENCRYPTION - a_len = packetbuf_hdrlen(); - m_len = packetbuf_datalen(); + a_len = hdrlen; + m = a + a_len; + m_len = totlen - hdrlen; #else /* WITH_ENCRYPTION */ - a_len = packetbuf_totlen(); + a_len = totlen; + m = NULL; m_len = 0; #endif /* WITH_ENCRYPTION */ - mic = a + a_len + m_len; + + mic = a + totlen; result = forward ? mic : generated_mic; CCM_STAR.aead(nonce, @@ -121,11 +125,18 @@ aead(int forward) } /*---------------------------------------------------------------------------*/ static void +add_security_header(void) +{ + if(!packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL)) { + packetbuf_set_attr(PACKETBUF_ATTR_FRAME_TYPE, FRAME802154_DATAFRAME); + packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, LLSEC802154_SECURITY_LEVEL); + anti_replay_set_counter(); + } +} +/*---------------------------------------------------------------------------*/ +static void send(mac_callback_t sent, void *ptr) { - packetbuf_set_attr(PACKETBUF_ATTR_FRAME_TYPE, FRAME802154_DATAFRAME); - packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, LLSEC802154_SECURITY_LEVEL); - anti_replay_set_counter(); NETSTACK_MAC.send(sent, ptr); } /*---------------------------------------------------------------------------*/ @@ -134,12 +145,13 @@ create(void) { int result; + add_security_header(); result = framer_802154.create(); if(result == FRAMER_FAILED) { return result; } - aead(1); + aead(result, 1); return result; } @@ -147,31 +159,31 @@ create(void) static int parse(void) { - return framer_802154.parse(); -} -/*---------------------------------------------------------------------------*/ -static void -input(void) -{ + int result; const linkaddr_t *sender; struct anti_replay_info* info; + result = framer_802154.parse(); + if(result == FRAMER_FAILED) { + return result; + } + if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) != LLSEC802154_SECURITY_LEVEL) { PRINTF("noncoresec: received frame with wrong security level\n"); - return; + return FRAMER_FAILED; } sender = packetbuf_addr(PACKETBUF_ADDR_SENDER); if(linkaddr_cmp(sender, &linkaddr_node_addr)) { PRINTF("noncoresec: frame from ourselves\n"); - return; + return FRAMER_FAILED; } packetbuf_set_datalen(packetbuf_datalen() - LLSEC802154_MIC_LENGTH); - if(!aead(0)) { + if(!aead(result, 0)) { PRINTF("noncoresec: received unauthentic frame %"PRIu32"\n", anti_replay_get_counter()); - return; + return FRAMER_FAILED; } info = nbr_table_get_from_lladdr(anti_replay_table, sender); @@ -179,7 +191,7 @@ input(void) info = nbr_table_add_lladdr(anti_replay_table, sender); if(!info) { PRINTF("noncoresec: could not get nbr_table_item\n"); - return; + return FRAMER_FAILED; } /* @@ -196,7 +208,7 @@ input(void) if(!nbr_table_lock(anti_replay_table, info)) { nbr_table_remove(anti_replay_table, info); PRINTF("noncoresec: could not lock\n"); - return; + return FRAMER_FAILED; } anti_replay_init_info(info); @@ -204,17 +216,24 @@ input(void) if(anti_replay_was_replayed(info)) { PRINTF("noncoresec: received replayed frame %"PRIu32"\n", anti_replay_get_counter()); - return; + return FRAMER_FAILED; } } + return result; +} +/*---------------------------------------------------------------------------*/ +static void +input(void) +{ NETSTACK_NETWORK.input(); } /*---------------------------------------------------------------------------*/ static int length(void) { - return framer_802154.length() + SECURITY_HEADER_LENGTH + LLSEC802154_MIC_LENGTH; + add_security_header(); + return framer_802154.length() + LLSEC802154_MIC_LENGTH; } /*---------------------------------------------------------------------------*/ static void diff --git a/core/net/mac/contikimac/contikimac-framer.c b/core/net/mac/contikimac/contikimac-framer.c index 809465b3e..b25aa2e45 100644 --- a/core/net/mac/contikimac/contikimac-framer.c +++ b/core/net/mac/contikimac/contikimac-framer.c @@ -101,7 +101,8 @@ create(void) } chdr = packetbuf_hdrptr(); chdr->id = CONTIKIMAC_ID; - chdr->len = 0; + chdr->len = packetbuf_datalen(); + pad(); hdr_len = DECORATED_FRAMER.create(); if(hdr_len < 0) { @@ -110,8 +111,6 @@ create(void) } packetbuf_compact(); - chdr->len = packetbuf_datalen(); - pad(); return hdr_len + sizeof(struct hdr); } @@ -123,7 +122,7 @@ pad(void) uint8_t *ptr; uint8_t zeroes_count; - transmit_len = packetbuf_totlen(); + transmit_len = packetbuf_totlen() + hdr_length(); if(transmit_len < SHORTEST_PACKET_SIZE) { /* Padding required */ zeroes_count = SHORTEST_PACKET_SIZE - transmit_len; @@ -156,7 +155,6 @@ parse(void) } packetbuf_set_datalen(chdr->len); - chdr->len = 0; return hdr_len + sizeof(struct hdr); } diff --git a/core/net/mac/contikimac/contikimac.c b/core/net/mac/contikimac/contikimac.c index b66023694..a7dc95db6 100644 --- a/core/net/mac/contikimac/contikimac.c +++ b/core/net/mac/contikimac/contikimac.c @@ -915,8 +915,6 @@ input_packet(void) broadcast address. */ /* If FRAME_PENDING is set, we are receiving a packets in a burst */ - /* TODO To prevent denial-of-sleep attacks, the transceiver should - be disabled upon receipt of an unauthentic frame. */ we_are_receiving_burst = packetbuf_attr(PACKETBUF_ATTR_PENDING); if(we_are_receiving_burst) { on(); diff --git a/core/net/mac/nullrdc.c b/core/net/mac/nullrdc.c index b52853b90..04baa90bd 100644 --- a/core/net/mac/nullrdc.c +++ b/core/net/mac/nullrdc.c @@ -302,8 +302,7 @@ packet_input(void) } #endif /* RDC_WITH_DUPLICATE_DETECTION */ #endif /* NULLRDC_802154_AUTOACK */ - -/* TODO We may want to acknowledge only authentic frames */ + #if NULLRDC_SEND_802154_ACK { frame802154_t info154; From 9500be89160057c9abbac1ed9c80fdd884dc324b Mon Sep 17 00:00:00 2001 From: kkrentz Date: Thu, 6 Aug 2015 02:27:15 -0700 Subject: [PATCH 6/8] llsec: Declared aead static --- core/lib/ccm-star.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/lib/ccm-star.c b/core/lib/ccm-star.c index fdbbd5363..4cc8723a1 100644 --- a/core/lib/ccm-star.c +++ b/core/lib/ccm-star.c @@ -146,7 +146,7 @@ set_key(const uint8_t *key) AES_128.set_key(key); } /*---------------------------------------------------------------------------*/ -void +static void aead(const uint8_t* nonce, uint8_t* m, uint8_t m_len, const uint8_t* a, uint8_t a_len, From bfeff0488dd061df98dfc2e6bd1f9fb6b8ec10c6 Mon Sep 17 00:00:00 2001 From: Simon Duquennoy Date: Tue, 13 Oct 2015 10:05:22 +0200 Subject: [PATCH 7/8] Port JN516x ccm-star implementation to new ccm_star_driver interface --- platform/jn516x/dev/ccm-star.c | 53 ++-------------------------------- 1 file changed, 2 insertions(+), 51 deletions(-) diff --git a/platform/jn516x/dev/ccm-star.c b/platform/jn516x/dev/ccm-star.c index 76bf97caf..b846985be 100644 --- a/platform/jn516x/dev/ccm-star.c +++ b/platform/jn516x/dev/ccm-star.c @@ -45,54 +45,6 @@ static tsReg128 current_key; static int current_key_is_new = 1; -/*---------------------------------------------------------------------------*/ -static void -mic(const uint8_t *m, uint8_t m_len, - const uint8_t *nonce, - const uint8_t *a, uint8_t a_len, - uint8_t *result, - uint8_t mic_len) -{ - tsReg128 nonce_aligned; - memcpy(&nonce_aligned, nonce, sizeof(nonce_aligned)); - bACI_CCMstar( - ¤t_key, - current_key_is_new, - XCV_REG_AES_SET_MODE_CCM, - mic_len, - a_len, - m_len, - &nonce_aligned, - (uint8_t *)a, - (uint8_t *)m, - NULL, - result, - NULL - ); - current_key_is_new = 0; -} -/*---------------------------------------------------------------------------*/ -static void -ctr(uint8_t *m, uint8_t m_len, const uint8_t *nonce) -{ - tsReg128 nonce_aligned; - memcpy(&nonce_aligned, nonce, sizeof(nonce_aligned)); - bACI_CCMstar( - ¤t_key, - current_key_is_new, - XCV_REG_AES_SET_MODE_CCM, - 0, - 0, - m_len, - &nonce_aligned, - NULL, - m, - m, - NULL, - NULL - ); - current_key_is_new = 0; -} /*---------------------------------------------------------------------------*/ static void aead(const uint8_t *nonce, @@ -161,8 +113,7 @@ set_key(const uint8_t *key) } /*---------------------------------------------------------------------------*/ const struct ccm_star_driver ccm_star_driver_jn516x = { - mic, - ctr, - set_key + set_key, + aead }; /*---------------------------------------------------------------------------*/ From c865982df5c2de43a5734a8efbeaab221b0f92f1 Mon Sep 17 00:00:00 2001 From: kkrentz Date: Thu, 15 Oct 2015 00:41:12 -0700 Subject: [PATCH 8/8] JN516x: Call LLSEC.init instead of LLSEC.bootstrap --- platform/jn516x/contiki-jn516x-main.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/platform/jn516x/contiki-jn516x-main.c b/platform/jn516x/contiki-jn516x-main.c index 2bf27e64b..deda71b11 100644 --- a/platform/jn516x/contiki-jn516x-main.c +++ b/platform/jn516x/contiki-jn516x-main.c @@ -228,17 +228,6 @@ start_uip6(void) #endif /* NETSTACK_CONF_WITH_IPV6 */ /*---------------------------------------------------------------------------*/ static void -start_network_layer(void) -{ -#if NETSTACK_CONF_WITH_IPV6 - start_uip6(); -#endif /* NETSTACK_CONF_WITH_IPV6 */ - start_autostart_processes(); - /* To support link layer security in combination with NETSTACK_CONF_WITH_IPV4 and - * TIMESYNCH_CONF_ENABLED further things may need to be moved here */ -} -/*--------------------------------------------------------------------------*/ -static void set_linkaddr(void) { int i; @@ -409,7 +398,12 @@ main(void) #endif /* NETSTACK_CONF_WITH_IPV4 */ watchdog_start(); - NETSTACK_LLSEC.bootstrap(start_network_layer); + NETSTACK_LLSEC.init(); + +#if NETSTACK_CONF_WITH_IPV6 + start_uip6(); +#endif /* NETSTACK_CONF_WITH_IPV6 */ + start_autostart_processes(); leds_off(LEDS_ALL); int r;