llsec: Added a layer in between NETSTACK_MAC and NETSTACK_NETWORK for implementing link layer security

This commit is contained in:
kkrentz 2013-05-24 00:21:53 -07:00
parent 4493783ce9
commit c396a85364
28 changed files with 286 additions and 20 deletions

View file

@ -62,7 +62,7 @@ MODULES += core/sys core/dev core/lib
CONTIKI_SOURCEFILES += $(CONTIKIFILES)
CONTIKIDIRS += ${addprefix $(CONTIKI)/core/,dev lib net net/mac net/rime \
CONTIKIDIRS += ${addprefix $(CONTIKI)/core/,dev lib net net/llsec net/mac net/rime \
net/rpl sys cfs ctk lib/ctk loader . }
oname = ${patsubst %.c,%.o,${patsubst %.S,%.o,$(1)}}

View file

@ -73,6 +73,11 @@
/* #define NETSTACK_CONF_MAC csma_driver */
#endif /* NETSTACK_CONF_MAC */
/* NETSTACK_CONF_LLSEC specifies the link layer security driver. */
#ifndef NETSTACK_CONF_LLSEC
#define NETSTACK_CONF_LLSEC nullsec_driver
#endif /* NETSTACK_CONF_LLSEC */
/* NETSTACK_CONF_NETWORK specifies the network layer and can be either
sicslowpan_driver, for IPv6 networking, or rime_driver, for the
custom Rime network stack. */

View file

@ -1341,7 +1341,7 @@ send_packet(linkaddr_t *dest)
/* Provide a callback function to receive the result of
a packet transmission. */
NETSTACK_MAC.send(&packet_sent, NULL);
NETSTACK_LLSEC.send(&packet_sent, NULL);
/* If we are sending multiple packets in a row, we need to let the
watchdog know that we are still alive. */

92
core/net/llsec/llsec.h Normal file
View file

@ -0,0 +1,92 @@
/**
* \defgroup llsec Link Layer Security
*
* Layer for implementing link layer security.
*
* NETSTACK_LLSEC sits in between NETSTACK_MAC and NETSTACK_NETWORK
* protocols. All NETSTACK_MAC protocols invoke NETSTACK_LLSEC.input()
* for incoming packets. Likewise, all NETSTACK_NETWORK protocols
* invoke NETSTACK_LLSEC.send(...) for outgoing packets.
*
* The bootstrap function of llsec_drivers can be used to defer the start
* of upper layers so as to bootstrap pairwise keys. Only contiki-sky-main.c
* supports this at the moment.
*
* @{
*/
/*
* Copyright (c) 2013, Hasso-Plattner-Institut.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file is part of the Contiki operating system.
*
*/
/**
* \file
* Link layer security header file.
* \author
* Konrad Krentz <konrad.krentz@gmail.com>
*/
#ifndef LLSEC_H_
#define LLSEC_H_
#include "net/mac/mac.h"
typedef void (* llsec_on_bootstrapped_t)(void);
/**
* The structure of a link layer security driver.
*/
struct llsec_driver {
char *name;
/** Bootstraps link layer security and thereafter starts upper layers. */
void (* bootstrap)(llsec_on_bootstrapped_t on_bootstrapped);
/** Secures outgoing frames before passing them to NETSTACK_MAC. */
void (* send)(mac_callback_t sent_callback, void *ptr);
/**
* Once the NETSTACK_FRAMER wrote the headers, the LLSEC driver
* can generate a MIC over the entire frame.
* \return Returns != 0 <-> success
*/
int (* on_frame_created)(void);
/**
* Decrypts incoming frames;
* filters out injected or replayed frames.
*/
void (* input)(void);
};
#endif /* LLSEC_H_ */
/** @} */

82
core/net/llsec/nullsec.c Normal file
View file

@ -0,0 +1,82 @@
/**
* \addtogroup nullsec
* @{
*/
/*
* Copyright (c) 2013, Hasso-Plattner-Institut.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file is part of the Contiki operating system.
*
*/
/**
* \file
* Insecure link layer security driver.
* \author
* Konrad Krentz <konrad.krentz@gmail.com>
*/
#include "net/llsec/nullsec.h"
#include "net/netstack.h"
/*---------------------------------------------------------------------------*/
static void
bootstrap(llsec_on_bootstrapped_t on_bootstrapped)
{
on_bootstrapped();
}
/*---------------------------------------------------------------------------*/
static void
send(mac_callback_t sent, void *ptr)
{
NETSTACK_MAC.send(sent, ptr);
}
/*---------------------------------------------------------------------------*/
static int
on_frame_created(void)
{
return 1;
}
/*---------------------------------------------------------------------------*/
static void
input(void)
{
NETSTACK_NETWORK.input();
}
/*---------------------------------------------------------------------------*/
const struct llsec_driver nullsec_driver = {
"nullsec",
bootstrap,
send,
on_frame_created,
input
};
/*---------------------------------------------------------------------------*/
/** @} */

63
core/net/llsec/nullsec.h Normal file
View file

@ -0,0 +1,63 @@
/**
* \addtogroup llsec
* @{
*/
/**
* \defgroup nullsec
*
* Insecure link layer security driver.
*
* @{
*/
/*
* Copyright (c) 2013, Hasso-Plattner-Institut.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file is part of the Contiki operating system.
*
*/
/**
* \file
* Insecure link layer security driver.
* \author
* Konrad Krentz <konrad.krentz@gmail.com>
*/
#ifndef NULLSEC_H_
#define NULLSEC_H_
#include "net/llsec/llsec.h"
extern const struct llsec_driver nullsec_driver;
#endif /* NULLSEC_H_ */
/** @} */
/** @} */

View file

@ -396,7 +396,7 @@ send_packet(mac_callback_t sent, void *ptr)
static void
input_packet(void)
{
NETSTACK_NETWORK.input();
NETSTACK_LLSEC.input();
}
/*---------------------------------------------------------------------------*/
static int

View file

@ -54,7 +54,7 @@ send_packet(mac_callback_t sent, void *ptr)
static void
packet_input(void)
{
NETSTACK_NETWORK.input();
NETSTACK_LLSEC.input();
}
/*---------------------------------------------------------------------------*/
static int

View file

@ -28,6 +28,7 @@
*
* This file is part of the Contiki operating system.
*
* $Id: netstack.h,v 1.6 2010/10/03 20:37:32 adamdunkels Exp $
*/
/**
@ -50,6 +51,14 @@
#endif /* NETSTACK_CONF_NETWORK */
#endif /* NETSTACK_NETWORK */
#ifndef NETSTACK_LLSEC
#ifdef NETSTACK_CONF_LLSEC
#define NETSTACK_LLSEC NETSTACK_CONF_LLSEC
#else /* NETSTACK_CONF_LLSEC */
#define NETSTACK_LLSEC nullsec_driver
#endif /* NETSTACK_CONF_LLSEC */
#endif /* NETSTACK_LLSEC */
#ifndef NETSTACK_MAC
#ifdef NETSTACK_CONF_MAC
#define NETSTACK_MAC NETSTACK_CONF_MAC
@ -96,6 +105,7 @@
#endif /* NETSTACK_CONF_FRAMER */
#endif /* NETSTACK_FRAMER */
#include "net/llsec/llsec.h"
#include "net/mac/mac.h"
#include "net/mac/rdc.h"
#include "net/mac/framer.h"
@ -115,6 +125,7 @@ struct network_driver {
};
extern const struct network_driver NETSTACK_NETWORK;
extern const struct llsec_driver NETSTACK_LLSEC;
extern const struct rdc_driver NETSTACK_RDC;
extern const struct mac_driver NETSTACK_MAC;
extern const struct radio_driver NETSTACK_RADIO;

View file

@ -180,7 +180,7 @@ rime_output(struct channel *c)
if(chameleon_create(c)) {
packetbuf_compact();
NETSTACK_MAC.send(packet_sent, c);
NETSTACK_LLSEC.send(packet_sent, c);
return 1;
}
return 0;

View file

@ -125,7 +125,7 @@ slip_radio_cmd_handler(const uint8_t *data, int len)
/* parse frame before sending to get addresses, etc. */
no_framer.parse();
NETSTACK_MAC.send(packet_sent, &packet_ids[packet_pos]);
NETSTACK_LLSEC.send(packet_sent, &packet_ids[packet_pos]);
packet_pos++;
if(packet_pos >= sizeof(packet_ids)) {

View file

@ -10,7 +10,7 @@ CFLAGS=-DUIP_CONF_IPV6=0 -DUIP_CONF_IPV6_RPL=0
CONTIKI = ../..
MODULES+=core/net/mac/sicslowmac core/net/mac
MODULES+=core/net/mac/sicslowmac core/net/mac core/net/llsec
PROJECT_SOURCEFILES += fakeuip.c

View file

@ -35,4 +35,5 @@ AVRDUDE_MCU=m1284p
include $(CONTIKIAVR)/Makefile.avr
include $(CONTIKIAVR)/radio/Makefile.radio
MODULES += core/net/ipv6 core/net/ipv4 core/net/ip core/net/mac core/net core/net/rime core/net/mac/sicslowmac
MODULES += core/net/ipv6 core/net/ipv4 core/net/ip core/net/mac core/net core/net/rime core/net/mac/sicslowmac \
core/net/llsec

View file

@ -68,7 +68,8 @@ include $(CONTIKIAVR)/radio/Makefile.radio
ifndef CONTIKI_NO_NET
MODULES+=core/net/ip core/net/ipv4 core/net core/net/ipv6 \
core/net/rime core/net/mac core/net/mac/sicslowmac
core/net/rime core/net/mac core/net/mac/sicslowmac \
core/net/llsec
else
vpath %.c $(CONTIKI)/core/net/ipv6
CONTIKI_SOURCEFILES += sicslowpan.c linkaddr.c

View file

@ -47,4 +47,5 @@ CONTIKI_CPU=$(CONTIKI)/cpu/cc253x
include $(CONTIKI_CPU)/Makefile.cc253x
# Default modules
MODULES += core/net/ip core/net/ipv6 core/net/rime core/net core/net/mac core/net/rpl
MODULES += core/net/ip core/net/ipv6 core/net/rime core/net core/net/mac core/net/rpl \
core/net/llsec

View file

@ -28,7 +28,8 @@ CONTIKI_CPU=$(CONTIKI)/cpu/cc2538
include $(CONTIKI_CPU)/Makefile.cc2538
MODULES += core/net core/net/ipv6 core/net/mac core/net/ip \
core/net/rpl core/net/rime core/net/mac/contikimac
core/net/rpl core/net/rime core/net/mac/contikimac \
core/net/llsec
BSL = $(CONTIKI)/tools/cc2538-bsl/cc2538-bsl.py

View file

@ -90,4 +90,5 @@ ifeq ($(UIP_CONF_IPV6),1)
endif # UIP_CONF_IPV6
MODULES += core/net core/net/ip core/net/ipv4 \
core/net/ipv6 core/net/mac core/net/rime core/net/rpl
core/net/ipv6 core/net/mac core/net/rime core/net/rpl \
core/net/llsec

View file

@ -51,7 +51,7 @@ uip_driver_send(void)
/* XXX we should provide a callback function that is called when the
packet is sent. For now, we just supply a NULL pointer. */
NETSTACK_MAC.send(NULL, NULL);
NETSTACK_LLSEC.send(NULL, NULL);
return 1;
}
/*--------------------------------------------------------------------*/

View file

@ -21,4 +21,5 @@ endif
include $(CONTIKIMC1322X)/Makefile.mc1322x
MODULES+=core/net/ip core/net/ipv4 core/net core/net/rpl \
core/net/ipv6 core/net/rime core/net/mac
core/net/ipv6 core/net/rime core/net/mac \
core/net/llsec

View file

@ -63,4 +63,5 @@ run: $(CONTIKI_PROJECT).$(TARGET).srec
~/adi-contiki/github/rl78flash/rl78flash -vv -i -m3 $(PROG_UART) -b500000 -a $<
MODULES+=core/net/ip core/net/ipv4 core/net core/net/rpl \
core/net/ipv6 core/net/rime core/net/mac core/net/mac/sicslowmac
core/net/ipv6 core/net/rime core/net/mac core/net/mac/sicslowmac \
core/net/llsec

View file

@ -3,7 +3,7 @@
MODULES += core/net core/net/ip core/net/ipv6 core/net/ipv4 \
core/net/mac core/net/rpl core/net/rime core/net/mac/contikimac \
dev/cc2420
core/net/llsec dev/cc2420
ifdef IAR
CFLAGS+=-e --vla -Ohz --multiplier=32 --multiplier_location=4C0 --hw_workaround=CPU40 --core=430X --data_model small --double=32 -D__MSP430F5438A__=1

View file

@ -22,4 +22,5 @@ ifeq ($(HOST_OS),Windows)
endif
MODULES+=core/net/ip core/net/ipv4 core/net core/net/ipv6 \
core/net/rpl core/net/rime core/net/mac core/net/mac/contikimac
core/net/rpl core/net/rime core/net/mac core/net/mac/contikimac \
core/net/llsec

View file

@ -46,4 +46,5 @@ ifneq ($(strip $(HAVE_PRGBOARD_FILE)), )
endif
MODULES += core/net core/net/ip core/net/ipv6 core/net/ipv4 core/net/rime \
core/net/mac core/net/rpl core/net/mac/cxmac dev/cc2420
core/net/mac core/net/rpl core/net/mac/cxmac \
core/net/llsec dev/cc2420

View file

@ -47,4 +47,4 @@ CURSES_LIBS ?= -lncurses
TARGET_LIBFILES += $(CURSES_LIBS)
MODULES+=core/net/ip core/net/ipv4 core/net core/net/ipv6 core/net/rime \
core/net/mac core/net/rpl core/ctk
core/net/mac core/net/rpl core/ctk core/net/llsec

View file

@ -88,4 +88,5 @@ include $(CONTIKI)/cpu/cc2430/Makefile.cc2430
contiki-$(TARGET).a:# $(addprefix $(OBJECTDIR)/,symbols.rel)
MODULES += core/net/ipv6 core/net/ip core/net/rime core/net core/net/mac core/net/rpl
MODULES += core/net/ipv6 core/net/ip core/net/rime core/net core/net/mac core/net/rpl \
core/net/llsec

View file

@ -13,4 +13,5 @@ include $(CONTIKI)/platform/sky/Makefile.common
MODULES += core/net/ipv6 core/net/ipv4 core/net/rime core/net/mac \
core/net core/net/ip core/net/rpl \
core/net/mac/contikimac core/net/mac/cxmac \
core/net/llsec \
dev/cc2420 dev/sht11 dev/ds2411

View file

@ -56,4 +56,5 @@ contiki-$(TARGET).a: ${addprefix $(OBJECTDIR)/,symbols.o}
MODULES += core/net core/net/ip core/net/ipv6 core/net/ipv4 core/net/mac \
core/net/rime core/net/mac/contikimac core/net/rpl \
core/net/llsec \
dev/cc2520 dev/sht11

View file

@ -11,4 +11,5 @@ endif
MODULES += core/net core/net/ip core/net/ipv6 core/net/ipv4 core/net/rpl \
core/net/rime core/net/mac core/net/mac/contikimac \
core/net/llsec \
dev/cc2420 dev/sht11