added uipbuf attributes for llsec level and key and added payloadlen in mac

2018-10-20 22:25:55 +02:00 · 2018-10-20 22:25:55 +02:00 · c42fae82da
commit c42fae82da
parent df130952c7
14 changed files with 200 additions and 34 deletions
--- a/arch/cpu/nrf52832/ble/ble-mac.c
+++ b/arch/cpu/nrf52832/ble/ble-mac.c
@ -347,6 +347,12 @@ off(void)
  return 1;
 }
 /*---------------------------------------------------------------------------*/
+static int
+max_payload(void)
+{
+  return PACKETBUF_SIZE;
+}
+/*---------------------------------------------------------------------------*/
 static void
 init(void)
 {
@ -371,7 +377,8 @@ const struct mac_driver ble_ipsp_mac_driver = {
  send_packet,
  NULL,
  on,
-  off
+  off,
+  max_payload
 };
 /*---------------------------------------------------------------------------*/
 /**
--- a/os/net/ipv6/sicslowpan.c
+++ b/os/net/ipv6/sicslowpan.c
@ -74,10 +74,6 @@
 #include "net/packetbuf.h"
 #include "net/queuebuf.h"

-#if MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED
-#include "net/mac/csma/csma-security.h"
-#endif /* MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED */
-
 #include "net/routing/routing.h"

 /* Log configuration */
@ -1618,23 +1614,26 @@ output(const linkaddr_t *localdest)
    return 0;
  }
 #endif /* SICSLOWPAN_COMPRESSION >= SICSLOWPAN_COMPRESSION_IPHC */
-
-#if MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED
-    packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL,
-                       FRAME802154_SECURITY_LEVEL_NONE != CSMA_LLSEC_SECURITY_LEVEL);
-#endif /* MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED */
-
+#if LLSEC802154_USES_AUX_HEADER
+  /* copy LLSEC level */
+  packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL,
+    uipbuf_get_attr(UIPBUF_ATTR_LLSEC_LEVEL));
+#if LLSEC802154_USES_EXPLICIT_KEYS
+  packetbuf_set_attr(PACKETBUF_ATTR_KEY_INDEX,
+    uipbuf_get_attr(UIPBUF_ATTR_LLSEC_KEY_ID));
+#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
+#endif /*  LLSEC802154_USES_AUX_HEADER */
  /* Calculate NETSTACK_FRAMER's header length, that will be added in the NETSTACK_MAC.
   * We calculate it here only to make a better decision of whether the outgoing packet
   * needs to be fragmented or not. */
  packetbuf_set_addr(PACKETBUF_ADDR_RECEIVER, &dest);
-  framer_hdrlen = NETSTACK_FRAMER.length();
-  if(framer_hdrlen < 0) {
-    /* Framing failed, we assume the maximum header length */
-    framer_hdrlen = MAC_MAX_HEADER;
+  max_payload = NETSTACK_MAC.max_payload();
+  if(max_payload <= 0) {
+  /* Framing failed, drop packet */
+    LOG_WARN("output: failed to calculate payload size - dropping packet\n");
+    return 0;
  }

-  max_payload = MAC_MAX_PAYLOAD - framer_hdrlen;
  frag_needed = (int)uip_len - (int)uncomp_hdr_len + (int)packetbuf_hdr_len > max_payload;
  LOG_INFO("output: header len %d -> %d, total len %d -> %d, MAC max payload %d, frag_needed %d\n",
            uncomp_hdr_len, packetbuf_hdr_len,
--- a/os/net/ipv6/uip6.c
+++ b/os/net/ipv6/uip6.c
@ -409,6 +409,7 @@ uip_init(void)
 {
  int c;

+  uipbuf_init();
  uip_ds6_init();
  uip_icmp6_init();
  uip_nd6_init();
--- a/os/net/ipv6/uipbuf.c
+++ b/os/net/ipv6/uipbuf.c
@ -37,6 +37,7 @@
 /*---------------------------------------------------------------------------*/

 static uint16_t uipbuf_attrs[UIPBUF_ATTR_MAX];
+static uint16_t uipbuf_default_attrs[UIPBUF_ATTR_MAX];

 /*---------------------------------------------------------------------------*/
 /* Get the next header given the buffer - start indicates that this is
@ -101,15 +102,21 @@ uipbuf_set_attr(uint8_t type, uint16_t value)
  return 0;
 }
 /*---------------------------------------------------------------------------*/
+int
+uipbuf_set_default_attr(uint8_t type, uint16_t value)
+{
+  if(type < UIPBUF_ATTR_MAX) {
+    uipbuf_default_attrs[type] = value;
+    return 1;
+  }
+  return 0;
+}
+/*---------------------------------------------------------------------------*/
 void
 uipbuf_clear_attr(void)
 {
-  /* set everything to "zero" */
-  memset(uipbuf_attrs, 0, sizeof(uipbuf_attrs));
-
-  /* And initialize anything that should be initialized */
-  uipbuf_set_attr(UIPBUF_ATTR_MAX_MAC_TRANSMISSIONS,
-                  UIP_MAX_MAC_TRANSMISSIONS_UNDEFINED);
+  /* set everything to "defaults" */
+  memcpy(uipbuf_attrs, uipbuf_default_attrs, sizeof(uipbuf_attrs));
 }
 /*---------------------------------------------------------------------------*/
 void
@ -131,3 +138,15 @@ uipbuf_is_attr_flag(uint16_t flag)
  return (uipbuf_attrs[UIPBUF_ATTR_FLAGS] & flag) == flag;
 }
 /*---------------------------------------------------------------------------*/
+void
+uipbuf_init(void)
+{
+  /* And initialize anything that should be initialized */
+  uipbuf_set_attr(UIPBUF_ATTR_MAX_MAC_TRANSMISSIONS,
+                  UIP_MAX_MAC_TRANSMISSIONS_UNDEFINED);
+  /* set the not-set default value - this will cause the MAC layer to
+     configure its default */
+  uipbuf_set_attr(UIPBUF_ATTR_LLSEC_LEVEL, UIPBUF_ATTR_LLSEC_LEVEL_MAC_DEFAULT);
+}
+
+/*---------------------------------------------------------------------------*/
--- a/os/net/ipv6/uipbuf.h
+++ b/os/net/ipv6/uipbuf.h
@ -81,6 +81,17 @@ uint16_t uipbuf_get_attr(uint8_t type);
 */
 int uipbuf_set_attr(uint8_t type, uint16_t value);

+/**
+ * \brief          Set the default value of the attribute
+ * \param type     The attribute to set the default value of
+ * \param value    The value to set
+ * \retval         0 - indicates failure of setting the value
+ * \retval         1 - indicates success of setting the value
+ *
+ *                 This function sets the default value of a uipbuf attribute.
+ */
+int uipbuf_set_default_attr(uint8_t type, uint16_t value);
+
 /**
 * \brief          Set bits in the uipbuf attribute flags.
 * \param flag_bits The bits to set in the flag.
@ -115,6 +126,14 @@ uint16_t uipbuf_is_attr_flag(uint16_t flag_bits);
 */
 void uipbuf_clear_attr(void);

+/**
+ * \brief          Initialize uipbuf attributes.
+ *
+ *                 This function initialize all attributes in the uipbuf
+ *                 attributes including all flags.
+ */
+void uipbuf_init(void);
+
 /**
 * \brief The bits defined for uipbuf attributes flag.
 *
@ -124,6 +143,9 @@ void uipbuf_clear_attr(void);
 /* Avoid using prefix compression on the packet (6LoWPAN) */
 #define UIPBUF_ATTR_FLAGS_6LOWPAN_NO_PREFIX_COMPRESSION   0x02

+/* MAC will set the default for this packet */
+#define UIPBUF_ATTR_LLSEC_LEVEL_MAC_DEFAULT               0xffff
+
 /**
 * \brief The attributes defined for uipbuf attributes function.
 *
--- a/os/net/mac/ble/ble-l2cap.c
+++ b/os/net/mac/ble/ble-l2cap.c
@ -505,6 +505,12 @@ off(void)
  return 0;
 }
 /*---------------------------------------------------------------------------*/
+static int
+max_payload(void)
+{
+  return BLE_L2CAP_NODE_MTU;
+}
+/*---------------------------------------------------------------------------*/
 const struct mac_driver ble_l2cap_driver = {
  "ble-l2cap",
  init,
@ -512,6 +518,7 @@ const struct mac_driver ble_l2cap_driver = {
  input,
  on,
  off,
+  max_payload,
 };
 /*---------------------------------------------------------------------------*/
 PROCESS_THREAD(ble_l2cap_tx_process, ev, data)
--- a/os/net/mac/csma/csma-security.c
+++ b/os/net/mac/csma/csma-security.c
@ -61,9 +61,11 @@
 #define LOG_MODULE "CSMA"
 #define LOG_LEVEL LOG_LEVEL_MAC

+static const char * HEX = "0123456789ABCDEF";
+
 #if LLSEC802154_USES_AUX_HEADER && LLSEC802154_USES_FRAME_COUNTER

-#define MIC_LEN LLSEC802154_MIC_LEN(CSMA_LLSEC_SECURITY_LEVEL)
+#define MIC_LEN(level) LLSEC802154_MIC_LEN(level)

 #if LLSEC802154_USES_EXPLICIT_KEYS
 #define LLSEC_KEY_INDEX (FRAME802154_IMPLICIT_KEY == packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE) \
@ -104,7 +106,8 @@ aead(uint8_t hdrlen, int forward)
  uint8_t *a;
  uint8_t a_len;
  uint8_t *result;
-  uint8_t generated_mic[MIC_LEN];
+  /* Allocate for MAX level */
+  uint8_t generated_mic[MIC_LEN(7)];
  uint8_t *mic;
  uint8_t key_index;
  aes_key_t *key;
@ -142,14 +145,14 @@ aead(uint8_t hdrlen, int forward)
  CCM_STAR.aead(nonce,
      m, m_len,
      a, a_len,
-      result, MIC_LEN,
+      result, MIC_LEN(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & 0x07),
      forward);

  if(forward) {
-    packetbuf_set_datalen(packetbuf_datalen() + MIC_LEN);
+    packetbuf_set_datalen(packetbuf_datalen() + MIC_LEN(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & 0x07));
    return 1;
  } else {
-    return (memcmp(generated_mic, mic, MIC_LEN) == 0);
+    return (memcmp(generated_mic, mic, MIC_LEN(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & 0x07)) == 0);
  }
 }

@ -171,6 +174,15 @@ csma_security_create_frame(void)
  }

  if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) > 0) {
+    int i = 0;
+    uint8_t *p;
+    LOG_DBG("  Payload before (%d):", packetbuf_totlen());
+    p = packetbuf_hdrptr();
+    for(i = 0; i < packetbuf_totlen(); i++) {
+      LOG_DBG_("%c%c", HEX[(p[i] >> 4) & 0x0f], HEX[p[i] & 0x0f]);
+    }
+    LOG_DBG("\n");
+
    if(!aead(hdr_len, 1)) {
      LOG_ERR("failed to encrypt packet to ");
      LOG_ERR_LLADDR(packetbuf_addr(PACKETBUF_ADDR_RECEIVER));
@ -183,6 +195,14 @@ csma_security_create_frame(void)
    LOG_INFO_LLADDR(packetbuf_addr(PACKETBUF_ADDR_RECEIVER));
    LOG_INFO_(" %u (%u) KEY:0x%02x\n", packetbuf_datalen(), packetbuf_totlen(),
              LLSEC_KEY_INDEX);
+
+    LOG_DBG("  Payload after: (%d)", packetbuf_totlen());
+    p = packetbuf_hdrptr();
+    for(i = 0; i < packetbuf_totlen(); i++) {
+      LOG_DBG_("%c%c", HEX[(p[i] >> 4) & 0x0f], HEX[p[i] & 0x0f]);
+    }
+    LOG_DBG_("\n");
+
  }
  return hdr_len;
 }
@ -193,7 +213,8 @@ csma_security_frame_len(void)
 {
  if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) > 0 &&
     LLSEC_KEY_INDEX != 0xffff) {
-    return NETSTACK_FRAMER.length() + MIC_LEN;
+    return NETSTACK_FRAMER.length() +
+      MIC_LEN(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & 0x07);
  }
  return NETSTACK_FRAMER.length();
 }
@ -242,12 +263,12 @@ csma_security_parse_frame(void)
    return FRAMER_FAILED;
  }

-  if(packetbuf_datalen() <= MIC_LEN) {
+  if(packetbuf_datalen() <= MIC_LEN(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & 0x07)) {
    LOG_ERR("MIC error - too little data in frame!\n");
    return FRAMER_FAILED;
  }

-  packetbuf_set_datalen(packetbuf_datalen() - MIC_LEN);
+  packetbuf_set_datalen(packetbuf_datalen() - MIC_LEN(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & 0x07));
  if(!aead(hdr_len, 0)) {
    LOG_INFO("received unauthentic frame %u from ",
             (unsigned int) anti_replay_get_counter());
--- a/os/net/mac/csma/csma.c
+++ b/os/net/mac/csma/csma.c
@ -49,10 +49,25 @@
 #define LOG_MODULE "CSMA"
 #define LOG_LEVEL LOG_LEVEL_MAC

+
+static void
+init_sec(void)
+{
+#if LLSEC802154_USES_AUX_HEADER
+  if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) ==
+     PACKETBUF_ATTR_SECURITY_LEVEL_DEFAULT) {
+    packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL,
+                       CSMA_LLSEC_SECURITY_LEVEL);
+  }
+#endif
+}
 /*---------------------------------------------------------------------------*/
 static void
 send_packet(mac_callback_t sent, void *ptr)
 {
+
+  init_sec();
+
  csma_output_packet(sent, ptr);
 }
 /*---------------------------------------------------------------------------*/
@ -141,12 +156,30 @@ init(void)
  on();
 }
 /*---------------------------------------------------------------------------*/
+static int
+max_payload(void)
+{
+  int framer_hdrlen;
+
+  init_sec();
+
+  framer_hdrlen = NETSTACK_FRAMER.length();
+
+  if(framer_hdrlen < 0) {
+    /* Framing failed, we assume the maximum header length */
+    framer_hdrlen = CSMA_MAC_MAX_HEADER;
+  }
+
+  return CSMA_MAC_LEN - framer_hdrlen;
+}
+/*---------------------------------------------------------------------------*/
 const struct mac_driver csma_driver = {
  "CSMA",
  init,
  send_packet,
  input_packet,
  on,
-  off
+  off,
+  max_payload,
 };
 /*---------------------------------------------------------------------------*/
--- a/os/net/mac/csma/csma.h
+++ b/os/net/mac/csma/csma.h
@ -65,6 +65,17 @@

 #define CSMA_ACK_LEN 3

+/* Default MAC len for 802.15.4 classic */
+#ifdef  CSMA_MAC_CONF_LEN
+#define CSMA_MAC_LEN CSMA_MAC_CONF_LEN
+#else
+#define CSMA_MAC_LEN 127
+#endif
+
+/* just a default - with LLSEC, etc */
+#define CSMA_MAC_MAX_HEADER 21
+
+
 extern const struct mac_driver csma_driver;

 /* CSMA security framer functions */
--- a/os/net/mac/mac.h
+++ b/os/net/mac/mac.h
@ -76,6 +76,9 @@ struct mac_driver {

  /** Turn the MAC layer off. */
  int (* off)(void);
+
+  /** Read out estimated max payload size based on payload in packetbuf */
+  int (* max_payload)(void);
 };

 /* Generic MAC return values. */
--- a/os/net/mac/nullmac/nullmac.c
+++ b/os/net/mac/nullmac/nullmac.c
@ -67,6 +67,12 @@ off(void)
  return 0;
 }
 /*---------------------------------------------------------------------------*/
+static int
+max_payload(void)
+{
+  return 0;
+}
+/*---------------------------------------------------------------------------*/
 static void
 init(void)
 {
@ -78,6 +84,7 @@ const struct mac_driver nullmac_driver = {
  send_packet,
  packet_input,
  on,
-  off
+  off,
+  max_payload,
 };
 /*---------------------------------------------------------------------------*/
--- a/os/net/mac/tsch/tsch.c
+++ b/os/net/mac/tsch/tsch.c
@ -62,6 +62,9 @@
 #include "net/mac/tsch/sixtop/sixtop.h"
 #endif

+/* Needed to estimate the MAC lenght */
+#define TSCH_MAC_MAX_LEN 127
+
 #if FRAME802154_VERSION < FRAME802154_IEEE802154_2015
 #error TSCH: FRAME802154_VERSION must be at least FRAME802154_IEEE802154_2015
 #endif
@ -1128,13 +1131,21 @@ turn_off(void)
  return 1;
 }
 /*---------------------------------------------------------------------------*/
+static int
+max_payload(void)
+{
+  /* Setup security... before. */
+  return TSCH_MAC_MAX_LEN -  NETSTACK_FRAMER.length();
+}
+/*---------------------------------------------------------------------------*/
 const struct mac_driver tschmac_driver = {
  "TSCH",
  tsch_init,
  send_packet,
  packet_input,
  turn_on,
-  turn_off
+  turn_off,
+  max_payload,
 };
 /*---------------------------------------------------------------------------*/
 /** @} */
--- a/os/net/packetbuf.h
+++ b/os/net/packetbuf.h
@ -55,6 +55,7 @@
 #include "contiki.h"
 #include "net/linkaddr.h"
 #include "net/mac/llsec802154.h"
+#include "net/mac/csma/csma-security.h"
 #include "net/mac/tsch/tsch-conf.h"

 /**
@ -282,6 +283,8 @@ void              packetbuf_attr_copyfrom(struct packetbuf_attr *attrs,
 #define PACKETBUF_ATTR_BYTE 8
 #define PACKETBUF_ADDRSIZE (LINKADDR_SIZE * PACKETBUF_ATTR_BYTE)

+#define PACKETBUF_ATTR_SECURITY_LEVEL_DEFAULT 0xffff
+
 struct packetbuf_attrlist {
  uint8_t type;
  uint8_t len;
--- a/os/services/rpl-border-router/native/border-router-mac.c
+++ b/os/services/rpl-border-router/native/border-router-mac.c
@ -42,6 +42,7 @@
 #include "net/netstack.h"
 #include "packetutils.h"
 #include "border-router.h"
+#include "net/mac/csma-security.h"
 #include <string.h>

 /*---------------------------------------------------------------------------*/
@ -64,6 +65,19 @@ struct tx_callback {
 /*---------------------------------------------------------------------------*/
 static struct tx_callback callbacks[MAX_CALLBACKS];
 /*---------------------------------------------------------------------------*/
+init_sec(void)
+{
+  /* use the CSMA LLSEC config parameter */
+#if LLSEC802154_USES_AUX_HEADER
+  if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) ==
+     PACKETBUF_ATTR_SECURITY_LEVEL_DEFAULT) {
+    packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL,
+                       CSMA_LLSEC_SECURITY_LEVEL);
+  }
+#endif
+}
+/*---------------------------------------------------------------------------*/
+
 void
 packet_sent(uint8_t sessionid, uint8_t status, uint8_t tx)
 {
@ -164,6 +178,13 @@ off()
  return 1;
 }
 /*---------------------------------------------------------------------------*/
+static int
+max_payload()
+{
+  init_sec();
+  return 127 - NETSTACK_FRAMER.length();
+}
+/*---------------------------------------------------------------------------*/
 static void
 init(void)
 {
@ -176,6 +197,7 @@ const struct mac_driver border_router_mac_driver = {
  send_packet,
  packet_input,
  on,
-  off
+  off,
+  max_payload,
 };
 /*---------------------------------------------------------------------------*/