llsec: Let llsec_drivers define their own framer
This commit is contained in:
parent
6b29e4b30d
commit
2059b6559e
@ -1443,7 +1443,7 @@ output(const uip_lladdr_t *localdest)
|
|||||||
#else /* USE_FRAMER_HDRLEN */
|
#else /* USE_FRAMER_HDRLEN */
|
||||||
framer_hdrlen = 21;
|
framer_hdrlen = 21;
|
||||||
#endif /* USE_FRAMER_HDRLEN */
|
#endif /* USE_FRAMER_HDRLEN */
|
||||||
max_payload = MAC_MAX_PAYLOAD - framer_hdrlen - NETSTACK_LLSEC.get_overhead();
|
max_payload = MAC_MAX_PAYLOAD - framer_hdrlen;
|
||||||
|
|
||||||
if((int)uip_len - (int)uncomp_hdr_len > max_payload - (int)packetbuf_hdr_len) {
|
if((int)uip_len - (int)uncomp_hdr_len > max_payload - (int)packetbuf_hdr_len) {
|
||||||
#if SICSLOWPAN_CONF_FRAG
|
#if SICSLOWPAN_CONF_FRAG
|
||||||
|
@ -74,21 +74,11 @@ struct llsec_driver {
|
|||||||
/** Secures outgoing frames before passing them to NETSTACK_MAC. */
|
/** Secures outgoing frames before passing them to NETSTACK_MAC. */
|
||||||
void (* send)(mac_callback_t sent_callback, void *ptr);
|
void (* send)(mac_callback_t sent_callback, void *ptr);
|
||||||
|
|
||||||
/**
|
|
||||||
* Once the NETSTACK_FRAMER wrote the headers, the LLSEC driver
|
|
||||||
* can generate a MIC over the entire frame.
|
|
||||||
* \return Returns != 0 <-> success
|
|
||||||
*/
|
|
||||||
int (* on_frame_created)(void);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Decrypts incoming frames;
|
* Decrypts incoming frames;
|
||||||
* filters out injected or replayed frames.
|
* filters out injected or replayed frames.
|
||||||
*/
|
*/
|
||||||
void (* input)(void);
|
void (* input)(void);
|
||||||
|
|
||||||
/** Returns the security-related overhead per frame in bytes */
|
|
||||||
uint8_t (* get_overhead)(void);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif /* LLSEC_H_ */
|
#endif /* LLSEC_H_ */
|
||||||
|
@ -47,6 +47,7 @@
|
|||||||
#include "net/llsec/llsec802154.h"
|
#include "net/llsec/llsec802154.h"
|
||||||
#include "net/llsec/ccm-star-packetbuf.h"
|
#include "net/llsec/ccm-star-packetbuf.h"
|
||||||
#include "net/mac/frame802154.h"
|
#include "net/mac/frame802154.h"
|
||||||
|
#include "net/mac/framer-802154.h"
|
||||||
#include "net/netstack.h"
|
#include "net/netstack.h"
|
||||||
#include "net/packetbuf.h"
|
#include "net/packetbuf.h"
|
||||||
#include "net/nbr-table.h"
|
#include "net/nbr-table.h"
|
||||||
@ -108,18 +109,33 @@ send(mac_callback_t sent, void *ptr)
|
|||||||
}
|
}
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
static int
|
static int
|
||||||
on_frame_created(void)
|
create(void)
|
||||||
{
|
{
|
||||||
uint8_t *dataptr = packetbuf_dataptr();
|
int result;
|
||||||
uint8_t data_len = packetbuf_datalen();
|
uint8_t *dataptr;
|
||||||
|
uint8_t data_len;
|
||||||
|
|
||||||
|
result = framer_802154.create();
|
||||||
|
if(result == FRAMER_FAILED) {
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
dataptr = packetbuf_dataptr();
|
||||||
|
data_len = packetbuf_datalen();
|
||||||
|
|
||||||
ccm_star_mic_packetbuf(get_extended_address(&linkaddr_node_addr), dataptr + data_len, LLSEC802154_MIC_LENGTH);
|
ccm_star_mic_packetbuf(get_extended_address(&linkaddr_node_addr), dataptr + data_len, LLSEC802154_MIC_LENGTH);
|
||||||
#if WITH_ENCRYPTION
|
#if WITH_ENCRYPTION
|
||||||
ccm_star_ctr_packetbuf(get_extended_address(&linkaddr_node_addr));
|
ccm_star_ctr_packetbuf(get_extended_address(&linkaddr_node_addr));
|
||||||
#endif /* WITH_ENCRYPTION */
|
#endif /* WITH_ENCRYPTION */
|
||||||
packetbuf_set_datalen(data_len + LLSEC802154_MIC_LENGTH);
|
packetbuf_set_datalen(data_len + LLSEC802154_MIC_LENGTH);
|
||||||
|
|
||||||
return 1;
|
return result;
|
||||||
|
}
|
||||||
|
/*---------------------------------------------------------------------------*/
|
||||||
|
static int
|
||||||
|
parse(void)
|
||||||
|
{
|
||||||
|
return framer_802154.parse();
|
||||||
}
|
}
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
static void
|
static void
|
||||||
@ -129,8 +145,6 @@ input(void)
|
|||||||
uint8_t *received_mic;
|
uint8_t *received_mic;
|
||||||
const linkaddr_t *sender;
|
const linkaddr_t *sender;
|
||||||
struct anti_replay_info* info;
|
struct anti_replay_info* info;
|
||||||
uint8_t *dataptr = packetbuf_dataptr();
|
|
||||||
uint8_t data_len = packetbuf_datalen();
|
|
||||||
|
|
||||||
if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) != LLSEC802154_SECURITY_LEVEL) {
|
if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) != LLSEC802154_SECURITY_LEVEL) {
|
||||||
PRINTF("noncoresec: received frame with wrong security level\n");
|
PRINTF("noncoresec: received frame with wrong security level\n");
|
||||||
@ -142,15 +156,14 @@ input(void)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
data_len -= LLSEC802154_MIC_LENGTH;
|
packetbuf_set_datalen(packetbuf_datalen() - LLSEC802154_MIC_LENGTH);
|
||||||
packetbuf_set_datalen(data_len);
|
|
||||||
|
|
||||||
#if WITH_ENCRYPTION
|
#if WITH_ENCRYPTION
|
||||||
ccm_star_ctr_packetbuf(get_extended_address(sender));
|
ccm_star_ctr_packetbuf(get_extended_address(sender));
|
||||||
#endif /* WITH_ENCRYPTION */
|
#endif /* WITH_ENCRYPTION */
|
||||||
ccm_star_mic_packetbuf(get_extended_address(sender), generated_mic, LLSEC802154_MIC_LENGTH);
|
ccm_star_mic_packetbuf(get_extended_address(sender), generated_mic, LLSEC802154_MIC_LENGTH);
|
||||||
|
|
||||||
received_mic = dataptr + data_len;
|
received_mic = ((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen();
|
||||||
if(memcmp(generated_mic, received_mic, LLSEC802154_MIC_LENGTH) != 0) {
|
if(memcmp(generated_mic, received_mic, LLSEC802154_MIC_LENGTH) != 0) {
|
||||||
PRINTF("noncoresec: received nonauthentic frame %"PRIu32"\n",
|
PRINTF("noncoresec: received nonauthentic frame %"PRIu32"\n",
|
||||||
anti_replay_get_counter());
|
anti_replay_get_counter());
|
||||||
@ -194,10 +207,10 @@ input(void)
|
|||||||
NETSTACK_NETWORK.input();
|
NETSTACK_NETWORK.input();
|
||||||
}
|
}
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
static uint8_t
|
static int
|
||||||
get_overhead(void)
|
length(void)
|
||||||
{
|
{
|
||||||
return SECURITY_HEADER_LENGTH + LLSEC802154_MIC_LENGTH;
|
return framer_802154.length() + SECURITY_HEADER_LENGTH + LLSEC802154_MIC_LENGTH;
|
||||||
}
|
}
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
static void
|
static void
|
||||||
@ -205,16 +218,22 @@ bootstrap(llsec_on_bootstrapped_t on_bootstrapped)
|
|||||||
{
|
{
|
||||||
CCM_STAR.set_key(key);
|
CCM_STAR.set_key(key);
|
||||||
nbr_table_register(anti_replay_table, NULL);
|
nbr_table_register(anti_replay_table, NULL);
|
||||||
on_bootstrapped();
|
if(on_bootstrapped) {
|
||||||
|
on_bootstrapped();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
const struct llsec_driver noncoresec_driver = {
|
const struct llsec_driver noncoresec_driver = {
|
||||||
"noncoresec",
|
"noncoresec",
|
||||||
bootstrap,
|
bootstrap,
|
||||||
send,
|
send,
|
||||||
on_frame_created,
|
input
|
||||||
input,
|
};
|
||||||
get_overhead
|
/*---------------------------------------------------------------------------*/
|
||||||
|
const struct framer noncoresec_framer = {
|
||||||
|
length,
|
||||||
|
create,
|
||||||
|
parse
|
||||||
};
|
};
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
|
|
||||||
|
@ -56,6 +56,7 @@
|
|||||||
#include "net/llsec/llsec.h"
|
#include "net/llsec/llsec.h"
|
||||||
|
|
||||||
extern const struct llsec_driver noncoresec_driver;
|
extern const struct llsec_driver noncoresec_driver;
|
||||||
|
extern const struct framer noncoresec_framer;
|
||||||
|
|
||||||
#endif /* NONCORESEC_H_ */
|
#endif /* NONCORESEC_H_ */
|
||||||
|
|
||||||
|
@ -51,7 +51,9 @@
|
|||||||
static void
|
static void
|
||||||
bootstrap(llsec_on_bootstrapped_t on_bootstrapped)
|
bootstrap(llsec_on_bootstrapped_t on_bootstrapped)
|
||||||
{
|
{
|
||||||
on_bootstrapped();
|
if(on_bootstrapped) {
|
||||||
|
on_bootstrapped();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
static void
|
static void
|
||||||
@ -61,31 +63,17 @@ send(mac_callback_t sent, void *ptr)
|
|||||||
NETSTACK_MAC.send(sent, ptr);
|
NETSTACK_MAC.send(sent, ptr);
|
||||||
}
|
}
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
static int
|
|
||||||
on_frame_created(void)
|
|
||||||
{
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
/*---------------------------------------------------------------------------*/
|
|
||||||
static void
|
static void
|
||||||
input(void)
|
input(void)
|
||||||
{
|
{
|
||||||
NETSTACK_NETWORK.input();
|
NETSTACK_NETWORK.input();
|
||||||
}
|
}
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
static uint8_t
|
|
||||||
get_overhead(void)
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
/*---------------------------------------------------------------------------*/
|
|
||||||
const struct llsec_driver nullsec_driver = {
|
const struct llsec_driver nullsec_driver = {
|
||||||
"nullsec",
|
"nullsec",
|
||||||
bootstrap,
|
bootstrap,
|
||||||
send,
|
send,
|
||||||
on_frame_created,
|
input
|
||||||
input,
|
|
||||||
get_overhead
|
|
||||||
};
|
};
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
|
|
||||||
|
@ -73,6 +73,8 @@ extern const struct framer DECORATED_FRAMER;
|
|||||||
#define PRINTF(...)
|
#define PRINTF(...)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
static void pad(void);
|
||||||
|
|
||||||
/* 2-byte header for recovering padded packets.
|
/* 2-byte header for recovering padded packets.
|
||||||
Wireshark will not understand such packets at present. */
|
Wireshark will not understand such packets at present. */
|
||||||
struct hdr {
|
struct hdr {
|
||||||
@ -107,6 +109,10 @@ create(void)
|
|||||||
return FRAMER_FAILED;
|
return FRAMER_FAILED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
packetbuf_compact();
|
||||||
|
chdr->len = packetbuf_datalen();
|
||||||
|
pad();
|
||||||
|
|
||||||
return hdr_len + sizeof(struct hdr);
|
return hdr_len + sizeof(struct hdr);
|
||||||
}
|
}
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
@ -128,30 +134,6 @@ pad(void)
|
|||||||
}
|
}
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
static int
|
static int
|
||||||
create_and_secure(void)
|
|
||||||
{
|
|
||||||
struct hdr *chdr;
|
|
||||||
int hdr_len;
|
|
||||||
|
|
||||||
hdr_len = create();
|
|
||||||
if(hdr_len < 0) {
|
|
||||||
return FRAMER_FAILED;
|
|
||||||
}
|
|
||||||
|
|
||||||
packetbuf_compact();
|
|
||||||
if(!NETSTACK_LLSEC.on_frame_created()) {
|
|
||||||
PRINTF("contikimac-framer: securing failed\n");
|
|
||||||
return FRAMER_FAILED;
|
|
||||||
}
|
|
||||||
|
|
||||||
chdr = (struct hdr *)(((uint8_t *) packetbuf_dataptr()) - sizeof(struct hdr));
|
|
||||||
chdr->len = packetbuf_datalen();
|
|
||||||
pad();
|
|
||||||
|
|
||||||
return hdr_len;
|
|
||||||
}
|
|
||||||
/*---------------------------------------------------------------------------*/
|
|
||||||
static int
|
|
||||||
parse(void)
|
parse(void)
|
||||||
{
|
{
|
||||||
int hdr_len;
|
int hdr_len;
|
||||||
@ -182,7 +164,6 @@ parse(void)
|
|||||||
const struct framer contikimac_framer = {
|
const struct framer contikimac_framer = {
|
||||||
hdr_length,
|
hdr_length,
|
||||||
create,
|
create,
|
||||||
create_and_secure,
|
|
||||||
parse
|
parse
|
||||||
};
|
};
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
|
@ -560,7 +560,7 @@ send_packet(mac_callback_t mac_callback, void *mac_callback_ptr,
|
|||||||
|
|
||||||
if(!packetbuf_attr(PACKETBUF_ATTR_IS_CREATED_AND_SECURED)) {
|
if(!packetbuf_attr(PACKETBUF_ATTR_IS_CREATED_AND_SECURED)) {
|
||||||
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
|
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
|
||||||
if(NETSTACK_FRAMER.create_and_secure() < 0) {
|
if(NETSTACK_FRAMER.create() < 0) {
|
||||||
PRINTF("contikimac: framer failed\n");
|
PRINTF("contikimac: framer failed\n");
|
||||||
return MAC_TX_ERR_FATAL;
|
return MAC_TX_ERR_FATAL;
|
||||||
}
|
}
|
||||||
@ -829,7 +829,7 @@ qsend_list(mac_callback_t sent, void *ptr, struct rdc_buf_list *buf_list)
|
|||||||
packetbuf_set_attr(PACKETBUF_ATTR_PENDING, 1);
|
packetbuf_set_attr(PACKETBUF_ATTR_PENDING, 1);
|
||||||
}
|
}
|
||||||
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
|
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
|
||||||
if(NETSTACK_FRAMER.create_and_secure() < 0) {
|
if(NETSTACK_FRAMER.create() < 0) {
|
||||||
PRINTF("contikimac: framer failed\n");
|
PRINTF("contikimac: framer failed\n");
|
||||||
mac_call_sent_callback(sent, ptr, MAC_TX_ERR_FATAL, 1);
|
mac_call_sent_callback(sent, ptr, MAC_TX_ERR_FATAL, 1);
|
||||||
return;
|
return;
|
||||||
|
@ -273,7 +273,6 @@ parse(void)
|
|||||||
const struct framer framer_802154 = {
|
const struct framer framer_802154 = {
|
||||||
hdr_length,
|
hdr_length,
|
||||||
create,
|
create,
|
||||||
framer_canonical_create_and_secure,
|
|
||||||
parse
|
parse
|
||||||
};
|
};
|
||||||
/*---------------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------------*/
|
||||||
|
@ -99,6 +99,5 @@ parse(void)
|
|||||||
const struct framer framer_nullmac = {
|
const struct framer framer_nullmac = {
|
||||||
hdr_length,
|
hdr_length,
|
||||||
create,
|
create,
|
||||||
framer_canonical_create_and_secure,
|
|
||||||
parse
|
parse
|
||||||
};
|
};
|
||||||
|
@ -1,50 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2014, Fraunhofer Heinrich-Hertz-Institut.
|
|
||||||
* All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
* 1. Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in the
|
|
||||||
* documentation and/or other materials provided with the distribution.
|
|
||||||
* 3. Neither the name of the Institute nor the names of its contributors
|
|
||||||
* may be used to endorse or promote products derived from this software
|
|
||||||
* without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
||||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
||||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
||||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
||||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
||||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
||||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
||||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
||||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
||||||
* SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "net/mac/framer.h"
|
|
||||||
#include "net/packetbuf.h"
|
|
||||||
#include "net/netstack.h"
|
|
||||||
|
|
||||||
/*---------------------------------------------------------------------------*/
|
|
||||||
int
|
|
||||||
framer_canonical_create_and_secure(void)
|
|
||||||
{
|
|
||||||
int hdr_len;
|
|
||||||
|
|
||||||
hdr_len = NETSTACK_FRAMER.create();
|
|
||||||
if(hdr_len >= 0) {
|
|
||||||
packetbuf_compact();
|
|
||||||
if(!NETSTACK_LLSEC.on_frame_created()) {
|
|
||||||
return FRAMER_FAILED;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return hdr_len;
|
|
||||||
}
|
|
||||||
/*---------------------------------------------------------------------------*/
|
|
@ -47,13 +47,8 @@ struct framer {
|
|||||||
|
|
||||||
int (* length)(void);
|
int (* length)(void);
|
||||||
int (* create)(void);
|
int (* create)(void);
|
||||||
|
|
||||||
/** Creates the frame and calls LLSEC.on_frame_created() */
|
|
||||||
int (* create_and_secure)(void);
|
|
||||||
int (* parse)(void);
|
int (* parse)(void);
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
int framer_canonical_create_and_secure(void);
|
|
||||||
|
|
||||||
#endif /* FRAMER_H_ */
|
#endif /* FRAMER_H_ */
|
||||||
|
@ -120,7 +120,7 @@ send_one_packet(mac_callback_t sent, void *ptr)
|
|||||||
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
|
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
|
||||||
#endif /* NULLRDC_802154_AUTOACK || NULLRDC_802154_AUTOACK_HW */
|
#endif /* NULLRDC_802154_AUTOACK || NULLRDC_802154_AUTOACK_HW */
|
||||||
|
|
||||||
if(NETSTACK_FRAMER.create_and_secure() < 0) {
|
if(NETSTACK_FRAMER.create() < 0) {
|
||||||
/* Failed to allocate space for headers */
|
/* Failed to allocate space for headers */
|
||||||
PRINTF("nullrdc: send failed, too large header\n");
|
PRINTF("nullrdc: send failed, too large header\n");
|
||||||
ret = MAC_TX_ERR_FATAL;
|
ret = MAC_TX_ERR_FATAL;
|
||||||
|
@ -124,6 +124,5 @@ parse(void)
|
|||||||
const struct framer no_framer = {
|
const struct framer no_framer = {
|
||||||
hdr_length,
|
hdr_length,
|
||||||
create,
|
create,
|
||||||
framer_canonical_create_and_secure,
|
|
||||||
parse
|
parse
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user