Ensure correct setup LLSEC for CSMA

* Add `LLSEC_KEY_INDEX` for switching between implicit/explicit keys
 * Add missing `LLSEC_CONF_*
 * Conditionally include required CSMA setup for IPv6 (enable security
   when calculating frame length)
 * Setup default key
 * Always export `csma_security_set_key/2`

os/net/ipv6/sicslowpan.c

@@ -74,6 +74,10 @@
 #include "net/packetbuf.h"
 #include "net/queuebuf.h"
 
+#if MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED
+#include "net/mac/csma/csma-security.h"
+#endif /* MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED */
+
 #include "net/routing/routing.h"
 
 /* Log configuration */
@@ -1615,6 +1619,11 @@ output(const linkaddr_t *localdest)
   }
 #endif /* SICSLOWPAN_COMPRESSION >= SICSLOWPAN_COMPRESSION_IPHC */
 
+#if MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED
+    packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL,
+                       FRAME802154_SECURITY_LEVEL_NONE != CSMA_LLSEC_SECURITY_LEVEL);
+#endif /* MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED */
+
   /* Calculate NETSTACK_FRAMER's header length, that will be added in the NETSTACK_MAC.
    * We calculate it here only to make a better decision of whether the outgoing packet
    * needs to be fragmented or not. */

os/net/mac/csma/csma-output.c

@@ -173,13 +173,15 @@ send_one_packet(void *ptr)
 #if LLSEC802154_ENABLED
   /* These should possibly be taken from upper layers in the future */
   packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, CSMA_LLSEC_SECURITY_LEVEL);
+#if LLSEC802154_USES_EXPLICIT_KEYS
   packetbuf_set_attr(PACKETBUF_ATTR_KEY_ID_MODE, CSMA_LLSEC_KEY_ID_MODE);
   packetbuf_set_attr(PACKETBUF_ATTR_KEY_INDEX, CSMA_LLSEC_KEY_INDEX);
+#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
 #endif /* LLSEC802154_ENABLED */
 
   if(csma_security_create_frame() < 0) {
     /* Failed to allocate space for headers */
-    LOG_ERR("failed to create packet\n");
+    LOG_ERR("failed to create packet, seqno: %d\n", packetbuf_attr(PACKETBUF_ATTR_MAC_SEQNO));
     ret = MAC_TX_ERR_FATAL;
   } else {
     int is_broadcast;

os/net/mac/csma/csma-security.c

@@ -63,6 +63,18 @@
 
 #if LLSEC802154_USES_AUX_HEADER && LLSEC802154_USES_FRAME_COUNTER
 
+#define MIC_LEN LLSEC802154_MIC_LEN(CSMA_LLSEC_SECURITY_LEVEL)
+
+#if LLSEC802154_USES_EXPLICIT_KEYS
+#define LLSEC_KEY_INDEX (FRAME802154_IMPLICIT_KEY == packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE) \
+                          ? 0 \
+                          : packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX))
+#define LLSEC_KEY_MODE (packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE))
+#else
+#define LLSEC_KEY_INDEX (0)
+#define LLSEC_KEY_MODE (FRAME802154_IMPLICIT_KEY)
+#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
+
 /**
  *  The keys for LLSEC for CSMA
  */
@@ -98,7 +110,7 @@ aead(uint8_t hdrlen, int forward)
   aes_key_t *key;
   uint8_t with_encryption;
 
-  key_index = packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX);
+  key_index = LLSEC_KEY_INDEX;
   if(key_index > CSMA_LLSEC_MAXKEYS) {
     LOG_ERR("Key not available: %u\n", key_index);
     return 0;
@@ -149,7 +161,7 @@ csma_security_create_frame(void)
 
   packetbuf_set_attr(PACKETBUF_ATTR_FRAME_TYPE, FRAME802154_DATAFRAME);
   if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) > 0 &&
-     packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX) != 0xffff) {
+     LLSEC_KEY_INDEX != 0xffff) {
     anti_replay_set_counter();
   }
 
@@ -170,7 +182,7 @@ csma_security_create_frame(void)
     LOG_INFO_(" ");
     LOG_INFO_LLADDR(packetbuf_addr(PACKETBUF_ADDR_RECEIVER));
     LOG_INFO_(" %u (%u) KEY:0x%02x\n", packetbuf_datalen(), packetbuf_totlen(),
-              packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX));
+              LLSEC_KEY_INDEX);
   }
   return hdr_len;
 }
@@ -180,7 +192,7 @@ int
 csma_security_frame_len(void)
 {
   if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) > 0 &&
-     packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX) != 0xffff) {
+     LLSEC_KEY_INDEX != 0xffff) {
     return NETSTACK_FRAMER.length() + MIC_LEN;
   }
   return NETSTACK_FRAMER.length();
@@ -207,8 +219,8 @@ csma_security_parse_frame(void)
   LOG_INFO_LLADDR(packetbuf_addr(PACKETBUF_ADDR_RECEIVER));
   LOG_INFO_(" %d %u (%u) LV:%d KM:%d KEY:0x%02x\n", hdr_len, packetbuf_datalen(),
             packetbuf_totlen(), packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL),
-            packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE),
-            packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX));
+            LLSEC_KEY_MODE,
+            LLSEC_KEY_INDEX);
 
   if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) != CSMA_LLSEC_SECURITY_LEVEL) {
     LOG_INFO("received frame with wrong security level (%u) from ",
@@ -218,9 +230,8 @@ csma_security_parse_frame(void)
     return FRAMER_FAILED;
   }
 
-  if(packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE) != CSMA_LLSEC_KEY_ID_MODE) {
-    LOG_INFO("received frame with wrong key id mode (%u) from ",
-           packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE));
+  if(LLSEC_KEY_MODE != CSMA_LLSEC_KEY_ID_MODE) {
+    LOG_INFO("received frame with wrong key id mode (%u) from ", LLSEC_KEY_MODE);
     LOG_INFO_LLADDR(packetbuf_addr(PACKETBUF_ADDR_SENDER));
     LOG_INFO("\n");
     return FRAMER_FAILED;
@@ -262,6 +273,7 @@ csma_security_parse_frame(void)
 {
   return NETSTACK_FRAMER.parse();
 }
+
 #endif /* LLSEC802154_USES_AUX_HEADER && LLSEC802154_USES_FRAME_COUNTER */
 
 /** @} */

os/net/mac/csma/csma-security.h

@@ -42,7 +42,7 @@
 
 
 #ifdef CSMA_CONF_LLSEC_DEFAULT_KEY0
-#define CSMA_LLSEC_DEFAULT_KEY0 CSMA_LLSEC_DEFAULT_KEY0
+#define CSMA_LLSEC_DEFAULT_KEY0 CSMA_CONF_LLSEC_DEFAULT_KEY0
 #else
 #define CSMA_LLSEC_DEFAULT_KEY0 {0x10, 0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f}
 #endif
@@ -71,4 +71,6 @@
 #define CSMA_LLSEC_MAXKEYS 1
 #endif
 
+void csma_security_set_key(uint8_t index, uint8_t *key);
+
 #endif /* CSMA_SECURITY_H_ */

os/net/mac/llsec802154.h

@@ -74,6 +74,12 @@
 #define LLSEC802154_USES_AUX_HEADER    LLSEC802154_ENABLED
 #endif /* LLSEC802154_CONF_USES_AUX_HEADER */
 
+#ifdef LLSEC802154_CONF_USES_FRAME_COUNTER
+#define LLSEC802154_USES_FRAME_COUNTER LLSEC802154_CONF_USES_FRAME_COUNTER
+#else
+#define LLSEC802154_USES_FRAME_COUNTER LLSEC802154_ENABLED
+#endif /* LLSEC802154_CONF_USES_FRAME_COUNTER */
+
 #if UIP_BYTE_ORDER == UIP_LITTLE_ENDIAN
 #define LLSEC802154_HTONS(n) (n)
 #define LLSEC802154_HTONL(n) (n)