llsec: Let llsec_drivers define their own framer

This commit is contained in:
Konrad Krentz 2015-06-27 09:21:08 -07:00 committed by kkrentz
parent 6b29e4b30d
commit 2059b6559e
13 changed files with 51 additions and 130 deletions

View File

@ -1443,7 +1443,7 @@ output(const uip_lladdr_t *localdest)
#else /* USE_FRAMER_HDRLEN */ #else /* USE_FRAMER_HDRLEN */
framer_hdrlen = 21; framer_hdrlen = 21;
#endif /* USE_FRAMER_HDRLEN */ #endif /* USE_FRAMER_HDRLEN */
max_payload = MAC_MAX_PAYLOAD - framer_hdrlen - NETSTACK_LLSEC.get_overhead(); max_payload = MAC_MAX_PAYLOAD - framer_hdrlen;
if((int)uip_len - (int)uncomp_hdr_len > max_payload - (int)packetbuf_hdr_len) { if((int)uip_len - (int)uncomp_hdr_len > max_payload - (int)packetbuf_hdr_len) {
#if SICSLOWPAN_CONF_FRAG #if SICSLOWPAN_CONF_FRAG

View File

@ -74,21 +74,11 @@ struct llsec_driver {
/** Secures outgoing frames before passing them to NETSTACK_MAC. */ /** Secures outgoing frames before passing them to NETSTACK_MAC. */
void (* send)(mac_callback_t sent_callback, void *ptr); void (* send)(mac_callback_t sent_callback, void *ptr);
/**
* Once the NETSTACK_FRAMER wrote the headers, the LLSEC driver
* can generate a MIC over the entire frame.
* \return Returns != 0 <-> success
*/
int (* on_frame_created)(void);
/** /**
* Decrypts incoming frames; * Decrypts incoming frames;
* filters out injected or replayed frames. * filters out injected or replayed frames.
*/ */
void (* input)(void); void (* input)(void);
/** Returns the security-related overhead per frame in bytes */
uint8_t (* get_overhead)(void);
}; };
#endif /* LLSEC_H_ */ #endif /* LLSEC_H_ */

View File

@ -47,6 +47,7 @@
#include "net/llsec/llsec802154.h" #include "net/llsec/llsec802154.h"
#include "net/llsec/ccm-star-packetbuf.h" #include "net/llsec/ccm-star-packetbuf.h"
#include "net/mac/frame802154.h" #include "net/mac/frame802154.h"
#include "net/mac/framer-802154.h"
#include "net/netstack.h" #include "net/netstack.h"
#include "net/packetbuf.h" #include "net/packetbuf.h"
#include "net/nbr-table.h" #include "net/nbr-table.h"
@ -108,18 +109,33 @@ send(mac_callback_t sent, void *ptr)
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
static int static int
on_frame_created(void) create(void)
{ {
uint8_t *dataptr = packetbuf_dataptr(); int result;
uint8_t data_len = packetbuf_datalen(); uint8_t *dataptr;
uint8_t data_len;
result = framer_802154.create();
if(result == FRAMER_FAILED) {
return result;
}
dataptr = packetbuf_dataptr();
data_len = packetbuf_datalen();
ccm_star_mic_packetbuf(get_extended_address(&linkaddr_node_addr), dataptr + data_len, LLSEC802154_MIC_LENGTH); ccm_star_mic_packetbuf(get_extended_address(&linkaddr_node_addr), dataptr + data_len, LLSEC802154_MIC_LENGTH);
#if WITH_ENCRYPTION #if WITH_ENCRYPTION
ccm_star_ctr_packetbuf(get_extended_address(&linkaddr_node_addr)); ccm_star_ctr_packetbuf(get_extended_address(&linkaddr_node_addr));
#endif /* WITH_ENCRYPTION */ #endif /* WITH_ENCRYPTION */
packetbuf_set_datalen(data_len + LLSEC802154_MIC_LENGTH); packetbuf_set_datalen(data_len + LLSEC802154_MIC_LENGTH);
return 1; return result;
}
/*---------------------------------------------------------------------------*/
static int
parse(void)
{
return framer_802154.parse();
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
static void static void
@ -129,8 +145,6 @@ input(void)
uint8_t *received_mic; uint8_t *received_mic;
const linkaddr_t *sender; const linkaddr_t *sender;
struct anti_replay_info* info; struct anti_replay_info* info;
uint8_t *dataptr = packetbuf_dataptr();
uint8_t data_len = packetbuf_datalen();
if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) != LLSEC802154_SECURITY_LEVEL) { if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) != LLSEC802154_SECURITY_LEVEL) {
PRINTF("noncoresec: received frame with wrong security level\n"); PRINTF("noncoresec: received frame with wrong security level\n");
@ -142,15 +156,14 @@ input(void)
return; return;
} }
data_len -= LLSEC802154_MIC_LENGTH; packetbuf_set_datalen(packetbuf_datalen() - LLSEC802154_MIC_LENGTH);
packetbuf_set_datalen(data_len);
#if WITH_ENCRYPTION #if WITH_ENCRYPTION
ccm_star_ctr_packetbuf(get_extended_address(sender)); ccm_star_ctr_packetbuf(get_extended_address(sender));
#endif /* WITH_ENCRYPTION */ #endif /* WITH_ENCRYPTION */
ccm_star_mic_packetbuf(get_extended_address(sender), generated_mic, LLSEC802154_MIC_LENGTH); ccm_star_mic_packetbuf(get_extended_address(sender), generated_mic, LLSEC802154_MIC_LENGTH);
received_mic = dataptr + data_len; received_mic = ((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen();
if(memcmp(generated_mic, received_mic, LLSEC802154_MIC_LENGTH) != 0) { if(memcmp(generated_mic, received_mic, LLSEC802154_MIC_LENGTH) != 0) {
PRINTF("noncoresec: received nonauthentic frame %"PRIu32"\n", PRINTF("noncoresec: received nonauthentic frame %"PRIu32"\n",
anti_replay_get_counter()); anti_replay_get_counter());
@ -194,10 +207,10 @@ input(void)
NETSTACK_NETWORK.input(); NETSTACK_NETWORK.input();
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
static uint8_t static int
get_overhead(void) length(void)
{ {
return SECURITY_HEADER_LENGTH + LLSEC802154_MIC_LENGTH; return framer_802154.length() + SECURITY_HEADER_LENGTH + LLSEC802154_MIC_LENGTH;
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
static void static void
@ -205,16 +218,22 @@ bootstrap(llsec_on_bootstrapped_t on_bootstrapped)
{ {
CCM_STAR.set_key(key); CCM_STAR.set_key(key);
nbr_table_register(anti_replay_table, NULL); nbr_table_register(anti_replay_table, NULL);
on_bootstrapped(); if(on_bootstrapped) {
on_bootstrapped();
}
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
const struct llsec_driver noncoresec_driver = { const struct llsec_driver noncoresec_driver = {
"noncoresec", "noncoresec",
bootstrap, bootstrap,
send, send,
on_frame_created, input
input, };
get_overhead /*---------------------------------------------------------------------------*/
const struct framer noncoresec_framer = {
length,
create,
parse
}; };
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/

View File

@ -56,6 +56,7 @@
#include "net/llsec/llsec.h" #include "net/llsec/llsec.h"
extern const struct llsec_driver noncoresec_driver; extern const struct llsec_driver noncoresec_driver;
extern const struct framer noncoresec_framer;
#endif /* NONCORESEC_H_ */ #endif /* NONCORESEC_H_ */

View File

@ -51,7 +51,9 @@
static void static void
bootstrap(llsec_on_bootstrapped_t on_bootstrapped) bootstrap(llsec_on_bootstrapped_t on_bootstrapped)
{ {
on_bootstrapped(); if(on_bootstrapped) {
on_bootstrapped();
}
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
static void static void
@ -61,31 +63,17 @@ send(mac_callback_t sent, void *ptr)
NETSTACK_MAC.send(sent, ptr); NETSTACK_MAC.send(sent, ptr);
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
static int
on_frame_created(void)
{
return 1;
}
/*---------------------------------------------------------------------------*/
static void static void
input(void) input(void)
{ {
NETSTACK_NETWORK.input(); NETSTACK_NETWORK.input();
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
static uint8_t
get_overhead(void)
{
return 0;
}
/*---------------------------------------------------------------------------*/
const struct llsec_driver nullsec_driver = { const struct llsec_driver nullsec_driver = {
"nullsec", "nullsec",
bootstrap, bootstrap,
send, send,
on_frame_created, input
input,
get_overhead
}; };
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/

View File

@ -73,6 +73,8 @@ extern const struct framer DECORATED_FRAMER;
#define PRINTF(...) #define PRINTF(...)
#endif #endif
static void pad(void);
/* 2-byte header for recovering padded packets. /* 2-byte header for recovering padded packets.
Wireshark will not understand such packets at present. */ Wireshark will not understand such packets at present. */
struct hdr { struct hdr {
@ -107,6 +109,10 @@ create(void)
return FRAMER_FAILED; return FRAMER_FAILED;
} }
packetbuf_compact();
chdr->len = packetbuf_datalen();
pad();
return hdr_len + sizeof(struct hdr); return hdr_len + sizeof(struct hdr);
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
@ -128,30 +134,6 @@ pad(void)
} }
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
static int static int
create_and_secure(void)
{
struct hdr *chdr;
int hdr_len;
hdr_len = create();
if(hdr_len < 0) {
return FRAMER_FAILED;
}
packetbuf_compact();
if(!NETSTACK_LLSEC.on_frame_created()) {
PRINTF("contikimac-framer: securing failed\n");
return FRAMER_FAILED;
}
chdr = (struct hdr *)(((uint8_t *) packetbuf_dataptr()) - sizeof(struct hdr));
chdr->len = packetbuf_datalen();
pad();
return hdr_len;
}
/*---------------------------------------------------------------------------*/
static int
parse(void) parse(void)
{ {
int hdr_len; int hdr_len;
@ -182,7 +164,6 @@ parse(void)
const struct framer contikimac_framer = { const struct framer contikimac_framer = {
hdr_length, hdr_length,
create, create,
create_and_secure,
parse parse
}; };
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/

View File

@ -560,7 +560,7 @@ send_packet(mac_callback_t mac_callback, void *mac_callback_ptr,
if(!packetbuf_attr(PACKETBUF_ATTR_IS_CREATED_AND_SECURED)) { if(!packetbuf_attr(PACKETBUF_ATTR_IS_CREATED_AND_SECURED)) {
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1); packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
if(NETSTACK_FRAMER.create_and_secure() < 0) { if(NETSTACK_FRAMER.create() < 0) {
PRINTF("contikimac: framer failed\n"); PRINTF("contikimac: framer failed\n");
return MAC_TX_ERR_FATAL; return MAC_TX_ERR_FATAL;
} }
@ -829,7 +829,7 @@ qsend_list(mac_callback_t sent, void *ptr, struct rdc_buf_list *buf_list)
packetbuf_set_attr(PACKETBUF_ATTR_PENDING, 1); packetbuf_set_attr(PACKETBUF_ATTR_PENDING, 1);
} }
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1); packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
if(NETSTACK_FRAMER.create_and_secure() < 0) { if(NETSTACK_FRAMER.create() < 0) {
PRINTF("contikimac: framer failed\n"); PRINTF("contikimac: framer failed\n");
mac_call_sent_callback(sent, ptr, MAC_TX_ERR_FATAL, 1); mac_call_sent_callback(sent, ptr, MAC_TX_ERR_FATAL, 1);
return; return;

View File

@ -273,7 +273,6 @@ parse(void)
const struct framer framer_802154 = { const struct framer framer_802154 = {
hdr_length, hdr_length,
create, create,
framer_canonical_create_and_secure,
parse parse
}; };
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/

View File

@ -99,6 +99,5 @@ parse(void)
const struct framer framer_nullmac = { const struct framer framer_nullmac = {
hdr_length, hdr_length,
create, create,
framer_canonical_create_and_secure,
parse parse
}; };

View File

@ -1,50 +0,0 @@
/*
* Copyright (c) 2014, Fraunhofer Heinrich-Hertz-Institut.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
#include "net/mac/framer.h"
#include "net/packetbuf.h"
#include "net/netstack.h"
/*---------------------------------------------------------------------------*/
int
framer_canonical_create_and_secure(void)
{
int hdr_len;
hdr_len = NETSTACK_FRAMER.create();
if(hdr_len >= 0) {
packetbuf_compact();
if(!NETSTACK_LLSEC.on_frame_created()) {
return FRAMER_FAILED;
}
}
return hdr_len;
}
/*---------------------------------------------------------------------------*/

View File

@ -47,13 +47,8 @@ struct framer {
int (* length)(void); int (* length)(void);
int (* create)(void); int (* create)(void);
/** Creates the frame and calls LLSEC.on_frame_created() */
int (* create_and_secure)(void);
int (* parse)(void); int (* parse)(void);
}; };
int framer_canonical_create_and_secure(void);
#endif /* FRAMER_H_ */ #endif /* FRAMER_H_ */

View File

@ -120,7 +120,7 @@ send_one_packet(mac_callback_t sent, void *ptr)
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1); packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
#endif /* NULLRDC_802154_AUTOACK || NULLRDC_802154_AUTOACK_HW */ #endif /* NULLRDC_802154_AUTOACK || NULLRDC_802154_AUTOACK_HW */
if(NETSTACK_FRAMER.create_and_secure() < 0) { if(NETSTACK_FRAMER.create() < 0) {
/* Failed to allocate space for headers */ /* Failed to allocate space for headers */
PRINTF("nullrdc: send failed, too large header\n"); PRINTF("nullrdc: send failed, too large header\n");
ret = MAC_TX_ERR_FATAL; ret = MAC_TX_ERR_FATAL;

View File

@ -124,6 +124,5 @@ parse(void)
const struct framer no_framer = { const struct framer no_framer = {
hdr_length, hdr_length,
create, create,
framer_canonical_create_and_secure,
parse parse
}; };