giomba
/
nes-proj
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Ensure correct setup LLSEC for CSMA 

* Add `LLSEC_KEY_INDEX` for switching between implicit/explicit keys
 * Add missing `LLSEC_CONF_*
 * Conditionally include required CSMA setup for IPv6 (enable security
   when calculating frame length)
 * Setup default key
 * Always export `csma_security_set_key/2`
This commit is contained in:
Olav Frengstad 2018-08-27 22:42:46 +02:00 committed by Joakim Eriksson
parent c5d59843c4
commit df130952c7
5 changed files with 42 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
os/net/ipv6/sicslowpan.c
View File

@ -74,6 +74,10 @@
#include "net/packetbuf.h"
#include "net/queuebuf.h"
#if MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED
#include "net/mac/csma/csma-security.h"
#endif /* MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED */
#include "net/routing/routing.h"
/* Log configuration */
@ -1615,6 +1619,11 @@ output(const linkaddr_t *localdest)
}
#endif /* SICSLOWPAN_COMPRESSION >= SICSLOWPAN_COMPRESSION_IPHC */
#if MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED
packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL,
FRAME802154_SECURITY_LEVEL_NONE != CSMA_LLSEC_SECURITY_LEVEL);
#endif /* MAC_CONF_WITH_CSMA && LLSEC802154_CONF_ENABLED */
/* Calculate NETSTACK_FRAMER's header length, that will be added in the NETSTACK_MAC.
* We calculate it here only to make a better decision of whether the outgoing packet
* needs to be fragmented or not. */

4
os/net/mac/csma/csma-output.c
View File

@ -173,13 +173,15 @@ send_one_packet(void *ptr)
#if LLSEC802154_ENABLED
/* These should possibly be taken from upper layers in the future */
packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, CSMA_LLSEC_SECURITY_LEVEL);
#if LLSEC802154_USES_EXPLICIT_KEYS
packetbuf_set_attr(PACKETBUF_ATTR_KEY_ID_MODE, CSMA_LLSEC_KEY_ID_MODE);
packetbuf_set_attr(PACKETBUF_ATTR_KEY_INDEX, CSMA_LLSEC_KEY_INDEX);
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
#endif /* LLSEC802154_ENABLED */
if(csma_security_create_frame() < 0) {
/* Failed to allocate space for headers */
LOG_ERR("failed to create packet\n");
LOG_ERR("failed to create packet, seqno: %d\n", packetbuf_attr(PACKETBUF_ATTR_MAC_SEQNO));
ret = MAC_TX_ERR_FATAL;
} else {
int is_broadcast;

30
os/net/mac/csma/csma-security.c
View File

@ -63,6 +63,18 @@
#if LLSEC802154_USES_AUX_HEADER && LLSEC802154_USES_FRAME_COUNTER
#define MIC_LEN LLSEC802154_MIC_LEN(CSMA_LLSEC_SECURITY_LEVEL)
#if LLSEC802154_USES_EXPLICIT_KEYS
#define LLSEC_KEY_INDEX (FRAME802154_IMPLICIT_KEY == packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE) \
? 0 \
: packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX))
#define LLSEC_KEY_MODE (packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE))
#else
#define LLSEC_KEY_INDEX (0)
#define LLSEC_KEY_MODE (FRAME802154_IMPLICIT_KEY)
#endif /* LLSEC802154_USES_EXPLICIT_KEYS */
/**
* The keys for LLSEC for CSMA
*/
@ -98,7 +110,7 @@ aead(uint8_t hdrlen, int forward)
aes_key_t *key;
uint8_t with_encryption;
key_index = packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX);
key_index = LLSEC_KEY_INDEX;
if(key_index > CSMA_LLSEC_MAXKEYS) {
LOG_ERR("Key not available: %u\n", key_index);
return 0;
@ -149,7 +161,7 @@ csma_security_create_frame(void)
packetbuf_set_attr(PACKETBUF_ATTR_FRAME_TYPE, FRAME802154_DATAFRAME);
if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) > 0 &&
packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX) != 0xffff) {
LLSEC_KEY_INDEX != 0xffff) {
anti_replay_set_counter();
}
@ -170,7 +182,7 @@ csma_security_create_frame(void)
LOG_INFO_(" ");
LOG_INFO_LLADDR(packetbuf_addr(PACKETBUF_ADDR_RECEIVER));
LOG_INFO_(" %u (%u) KEY:0x%02x\n", packetbuf_datalen(), packetbuf_totlen(),
packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX));
LLSEC_KEY_INDEX);
}
return hdr_len;
}
@ -180,7 +192,7 @@ int
csma_security_frame_len(void)
{
if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) > 0 &&
packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX) != 0xffff) {
LLSEC_KEY_INDEX != 0xffff) {
return NETSTACK_FRAMER.length() + MIC_LEN;
}
return NETSTACK_FRAMER.length();
@ -207,8 +219,8 @@ csma_security_parse_frame(void)
LOG_INFO_LLADDR(packetbuf_addr(PACKETBUF_ADDR_RECEIVER));
LOG_INFO_(" %d %u (%u) LV:%d KM:%d KEY:0x%02x\n", hdr_len, packetbuf_datalen(),
packetbuf_totlen(), packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL),
packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE),
packetbuf_attr(PACKETBUF_ATTR_KEY_INDEX));
LLSEC_KEY_MODE,
LLSEC_KEY_INDEX);
if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) != CSMA_LLSEC_SECURITY_LEVEL) {
LOG_INFO("received frame with wrong security level (%u) from ",
@ -218,9 +230,8 @@ csma_security_parse_frame(void)
return FRAMER_FAILED;
}
if(packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE) != CSMA_LLSEC_KEY_ID_MODE) {
LOG_INFO("received frame with wrong key id mode (%u) from ",
packetbuf_attr(PACKETBUF_ATTR_KEY_ID_MODE));
if(LLSEC_KEY_MODE != CSMA_LLSEC_KEY_ID_MODE) {
LOG_INFO("received frame with wrong key id mode (%u) from ", LLSEC_KEY_MODE);
LOG_INFO_LLADDR(packetbuf_addr(PACKETBUF_ADDR_SENDER));
LOG_INFO("\n");
return FRAMER_FAILED;
@ -262,6 +273,7 @@ csma_security_parse_frame(void)
{
return NETSTACK_FRAMER.parse();
}
#endif /* LLSEC802154_USES_AUX_HEADER && LLSEC802154_USES_FRAME_COUNTER */
/** @} */

4
os/net/mac/csma/csma-security.h
View File

@ -42,7 +42,7 @@
#ifdef CSMA_CONF_LLSEC_DEFAULT_KEY0
#define CSMA_LLSEC_DEFAULT_KEY0 CSMA_LLSEC_DEFAULT_KEY0
#define CSMA_LLSEC_DEFAULT_KEY0 CSMA_CONF_LLSEC_DEFAULT_KEY0
#else
#define CSMA_LLSEC_DEFAULT_KEY0 {0x10, 0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f}
#endif
@ -71,4 +71,6 @@
#define CSMA_LLSEC_MAXKEYS 1
#endif
void csma_security_set_key(uint8_t index, uint8_t *key);
#endif /* CSMA_SECURITY_H_ */

6
os/net/mac/llsec802154.h
View File

@ -74,6 +74,12 @@
#define LLSEC802154_USES_AUX_HEADER LLSEC802154_ENABLED
#endif /* LLSEC802154_CONF_USES_AUX_HEADER */
#ifdef LLSEC802154_CONF_USES_FRAME_COUNTER
#define LLSEC802154_USES_FRAME_COUNTER LLSEC802154_CONF_USES_FRAME_COUNTER
#else
#define LLSEC802154_USES_FRAME_COUNTER LLSEC802154_ENABLED
#endif /* LLSEC802154_CONF_USES_FRAME_COUNTER */
#if UIP_BYTE_ORDER == UIP_LITTLE_ENDIAN
#define LLSEC802154_HTONS(n) (n)
#define LLSEC802154_HTONL(n) (n)