mirror of
https://github.com/oliverschmidt/contiki.git
synced 2024-12-22 10:30:13 +00:00
commit
86f41f8c7b
@ -48,14 +48,11 @@
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
set_nonce(uint8_t *iv,
|
||||
set_iv(uint8_t *iv,
|
||||
uint8_t flags,
|
||||
const uint8_t *nonce,
|
||||
uint8_t counter)
|
||||
{
|
||||
/* 1 byte|| 8 bytes || 4 bytes || 1 byte || 2 bytes */
|
||||
/* flags || extended_source_address || frame_counter || sec_lvl || counter */
|
||||
|
||||
iv[0] = flags;
|
||||
memcpy(iv + 1, nonce, CCM_STAR_NONCE_LENGTH);
|
||||
iv[14] = 0;
|
||||
@ -73,7 +70,7 @@ ctr_step(const uint8_t *nonce,
|
||||
uint8_t a[AES_128_BLOCK_SIZE];
|
||||
uint8_t i;
|
||||
|
||||
set_nonce(a, CCM_STAR_ENCRYPTION_FLAGS, nonce, counter);
|
||||
set_iv(a, CCM_STAR_ENCRYPTION_FLAGS, nonce, counter);
|
||||
AES_128.encrypt(a);
|
||||
|
||||
for(i = 0; (pos + i < m_len) && (i < AES_128_BLOCK_SIZE); i++) {
|
||||
@ -82,9 +79,9 @@ ctr_step(const uint8_t *nonce,
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
mic(const uint8_t *m, uint8_t m_len,
|
||||
const uint8_t *nonce,
|
||||
const uint8_t *a, uint8_t a_len,
|
||||
mic(const uint8_t *nonce,
|
||||
const uint8_t *m, uint8_t m_len,
|
||||
const uint8_t *a, uint8_t a_len,
|
||||
uint8_t *result,
|
||||
uint8_t mic_len)
|
||||
{
|
||||
@ -92,10 +89,10 @@ mic(const uint8_t *m, uint8_t m_len,
|
||||
uint8_t pos;
|
||||
uint8_t i;
|
||||
|
||||
set_nonce(x, CCM_STAR_AUTH_FLAGS(a_len, mic_len), nonce, m_len);
|
||||
set_iv(x, CCM_STAR_AUTH_FLAGS(a_len, mic_len), nonce, m_len);
|
||||
AES_128.encrypt(x);
|
||||
|
||||
if(a_len > 0) {
|
||||
if(a_len) {
|
||||
x[1] = x[1] ^ a_len;
|
||||
for(i = 2; (i - 2 < a_len) && (i < AES_128_BLOCK_SIZE); i++) {
|
||||
x[i] ^= a[i - 2];
|
||||
@ -113,7 +110,7 @@ mic(const uint8_t *m, uint8_t m_len,
|
||||
}
|
||||
}
|
||||
|
||||
if(m_len > 0) {
|
||||
if(m_len) {
|
||||
pos = 0;
|
||||
while(pos < m_len) {
|
||||
for(i = 0; (pos + i < m_len) && (i < AES_128_BLOCK_SIZE); i++) {
|
||||
@ -130,7 +127,7 @@ mic(const uint8_t *m, uint8_t m_len,
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
ctr(uint8_t *m, uint8_t m_len, const uint8_t* nonce)
|
||||
ctr(const uint8_t *nonce, uint8_t *m, uint8_t m_len)
|
||||
{
|
||||
uint8_t pos;
|
||||
uint8_t counter;
|
||||
@ -143,13 +140,38 @@ ctr(uint8_t *m, uint8_t m_len, const uint8_t* nonce)
|
||||
}
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void set_key(const uint8_t *key) {
|
||||
AES_128.set_key((uint8_t*)key);
|
||||
static void
|
||||
set_key(const uint8_t *key)
|
||||
{
|
||||
AES_128.set_key(key);
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
aead(const uint8_t* nonce,
|
||||
uint8_t* m, uint8_t m_len,
|
||||
const uint8_t* a, uint8_t a_len,
|
||||
uint8_t *result, uint8_t mic_len,
|
||||
int forward)
|
||||
{
|
||||
if(!forward) {
|
||||
/* decrypt */
|
||||
ctr(nonce, m, m_len);
|
||||
}
|
||||
|
||||
mic(nonce,
|
||||
m, m_len,
|
||||
a, a_len,
|
||||
result,
|
||||
mic_len);
|
||||
|
||||
if(forward) {
|
||||
/* encrypt */
|
||||
ctr(nonce, m, m_len);
|
||||
}
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
const struct ccm_star_driver ccm_star_driver = {
|
||||
mic,
|
||||
ctr,
|
||||
set_key
|
||||
set_key,
|
||||
aead
|
||||
};
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
@ -55,34 +55,26 @@
|
||||
*/
|
||||
struct ccm_star_driver {
|
||||
|
||||
/**
|
||||
* \brief Generates a MIC over the data supplied.
|
||||
* \param data The data buffer to read.
|
||||
* \param data_length The data buffer length.
|
||||
* \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long.
|
||||
* \param result The generated MIC will be put here
|
||||
* \param mic_len The size of the MIC to be generated. <= 16.
|
||||
*/
|
||||
void (* mic)(const uint8_t* data, uint8_t data_length,
|
||||
const uint8_t* nonce,
|
||||
const uint8_t* add, uint8_t add_len,
|
||||
uint8_t *result,
|
||||
uint8_t mic_len);
|
||||
|
||||
/**
|
||||
* \brief XORs the frame in the packetbuf with the key stream.
|
||||
* \param data The data buffer to read.
|
||||
* \param data_length The data buffer length.
|
||||
* \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long.
|
||||
*/
|
||||
void (* ctr)( uint8_t* data, uint8_t data_length,
|
||||
const uint8_t* nonce);
|
||||
|
||||
/**
|
||||
* \brief Sets the key in use. Default implementation calls AES_128.set_key()
|
||||
* \param key The key to use.
|
||||
* \brief Sets the key in use. Default implementation calls AES_128.set_key().
|
||||
* \param key The key to use.
|
||||
*/
|
||||
void (* set_key)(const uint8_t* key);
|
||||
|
||||
/**
|
||||
* \brief Combines authentication and encryption.
|
||||
* \param nonce The nonce to use. CCM_STAR_NONCE_LENGTH bytes long.
|
||||
* \param m message to encrypt or decrypt
|
||||
* \param a Additional authenticated data
|
||||
* \param result The generated MIC will be put here
|
||||
* \param mic_len The size of the MIC to be generated. <= 16.
|
||||
* \param forward != 0 if used in forward direction.
|
||||
*/
|
||||
void (* aead)(const uint8_t* nonce,
|
||||
uint8_t* m, uint8_t m_len,
|
||||
const uint8_t* a, uint8_t a_len,
|
||||
uint8_t *result, uint8_t mic_len,
|
||||
int forward);
|
||||
};
|
||||
|
||||
extern const struct ccm_star_driver CCM_STAR;
|
||||
|
@ -1443,7 +1443,7 @@ output(const uip_lladdr_t *localdest)
|
||||
#else /* USE_FRAMER_HDRLEN */
|
||||
framer_hdrlen = 21;
|
||||
#endif /* USE_FRAMER_HDRLEN */
|
||||
max_payload = MAC_MAX_PAYLOAD - framer_hdrlen - NETSTACK_LLSEC.get_overhead();
|
||||
max_payload = MAC_MAX_PAYLOAD - framer_hdrlen;
|
||||
|
||||
if((int)uip_len - (int)uncomp_hdr_len > max_payload - (int)packetbuf_hdr_len) {
|
||||
#if SICSLOWPAN_CONF_FRAG
|
||||
|
@ -1,52 +1,78 @@
|
||||
/*
|
||||
* Copyright (c) 2013, Hasso-Plattner-Institut.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* This file is part of the Contiki operating system.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file
|
||||
* CCM* convenience functions for LLSEC use
|
||||
* \author
|
||||
* Justin King-Lacroix <justin.kinglacroix@gmail.com>
|
||||
* Konrad Krentz <konrad.krentz@gmail.com>
|
||||
*/
|
||||
|
||||
#include "lib/ccm-star.h"
|
||||
#include "llsec/ccm-star-packetbuf.h"
|
||||
#include "net/linkaddr.h"
|
||||
#include "net/packetbuf.h"
|
||||
#include <string.h>
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
void ccm_star_mic_packetbuf(const uint8_t *extended_source_address,
|
||||
uint8_t *result,
|
||||
uint8_t mic_len)
|
||||
static const uint8_t *
|
||||
get_extended_address(const linkaddr_t *addr)
|
||||
#if LINKADDR_SIZE == 2
|
||||
{
|
||||
uint8_t *dataptr = packetbuf_dataptr();
|
||||
uint8_t data_len = packetbuf_datalen();
|
||||
uint8_t *headerptr = packetbuf_hdrptr();
|
||||
uint8_t header_len = packetbuf_hdrlen();
|
||||
uint8_t nonce[CCM_STAR_NONCE_LENGTH];
|
||||
/* workaround for short addresses: derive EUI64 as in RFC 6282 */
|
||||
static linkaddr_extended_t template = { { 0x00 , 0x00 , 0x00 ,
|
||||
0xFF , 0xFE , 0x00 , 0x00 , 0x00 } };
|
||||
|
||||
memcpy(nonce, extended_source_address, 8);
|
||||
template.u16[3] = LLSEC802154_HTONS(addr->u16);
|
||||
|
||||
return template.u8;
|
||||
}
|
||||
#else /* LINKADDR_SIZE == 2 */
|
||||
{
|
||||
return addr->u8;
|
||||
}
|
||||
#endif /* LINKADDR_SIZE == 2 */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
void
|
||||
ccm_star_packetbuf_set_nonce(uint8_t *nonce, int forward)
|
||||
{
|
||||
const linkaddr_t *source_addr;
|
||||
|
||||
source_addr = forward ? &linkaddr_node_addr : packetbuf_addr(PACKETBUF_ADDR_SENDER);
|
||||
memcpy(nonce, get_extended_address(source_addr), 8);
|
||||
nonce[8] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) >> 8;
|
||||
nonce[9] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) & 0xff;
|
||||
nonce[10] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) >> 8;
|
||||
nonce[11] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) & 0xff;
|
||||
nonce[12] = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL);
|
||||
|
||||
if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & (1 << 2)) {
|
||||
CCM_STAR.mic(dataptr, data_len, nonce, headerptr, header_len, result, mic_len);
|
||||
} else {
|
||||
CCM_STAR.mic(dataptr, 0, nonce, headerptr, packetbuf_totlen(), result, mic_len);
|
||||
}
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
void ccm_star_ctr_packetbuf(const uint8_t *extended_source_address)
|
||||
{
|
||||
uint8_t *dataptr = packetbuf_dataptr();
|
||||
uint8_t data_len = packetbuf_datalen();
|
||||
uint8_t nonce[CCM_STAR_NONCE_LENGTH];
|
||||
|
||||
memcpy(nonce, extended_source_address, 8);
|
||||
nonce[8] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) >> 8;
|
||||
nonce[9] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) & 0xff;
|
||||
nonce[10] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) >> 8;
|
||||
nonce[11] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) & 0xff;
|
||||
nonce[12] = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL);
|
||||
|
||||
CCM_STAR.ctr(dataptr, data_len, nonce);
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
@ -1,24 +1,48 @@
|
||||
/*
|
||||
* Copyright (c) 2013, Hasso-Plattner-Institut.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* This file is part of the Contiki operating system.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file
|
||||
* CCM* convenience functions for MAC security
|
||||
* \author
|
||||
* Justin King-Lacroix <justin.kinglacroix@gmail.com>
|
||||
* Konrad Krentz <konrad.krentz@gmail.com>
|
||||
*/
|
||||
|
||||
#ifndef CCM_STAR_PACKETBUF_H_
|
||||
#define CCM_STAR_PACKETBUF_H_
|
||||
|
||||
/**
|
||||
* \brief Calls CCM_STAR.mic with parameters appropriate for LLSEC.
|
||||
*/
|
||||
void ccm_star_mic_packetbuf(const uint8_t *extended_source_address,
|
||||
uint8_t *result,
|
||||
uint8_t mic_len);
|
||||
#include "lib/ccm-star.h"
|
||||
|
||||
/**
|
||||
* \brief Calls CCM_STAR.ctr with parameters appropriate for LLSEC.
|
||||
*/
|
||||
void ccm_star_ctr_packetbuf(const uint8_t *extended_source_address);
|
||||
void ccm_star_packetbuf_set_nonce(uint8_t *nonce, int forward);
|
||||
|
||||
#endif /* CCM_STAR_PACKETBUF_H_ */
|
||||
|
||||
|
@ -48,10 +48,6 @@
|
||||
* for incoming packets. Likewise, all NETSTACK_NETWORK protocols
|
||||
* invoke NETSTACK_LLSEC.send(...) for outgoing packets.
|
||||
*
|
||||
* The bootstrap function of llsec_drivers can be used to defer the start
|
||||
* of upper layers so as to bootstrap pairwise keys. Only contiki-sky-main.c
|
||||
* supports this at the moment.
|
||||
*
|
||||
* @{
|
||||
*/
|
||||
|
||||
@ -60,35 +56,23 @@
|
||||
|
||||
#include "net/mac/mac.h"
|
||||
|
||||
typedef void (* llsec_on_bootstrapped_t)(void);
|
||||
|
||||
/**
|
||||
* The structure of a link layer security driver.
|
||||
*/
|
||||
struct llsec_driver {
|
||||
char *name;
|
||||
|
||||
/** Bootstraps link layer security and thereafter starts upper layers. */
|
||||
void (* bootstrap)(llsec_on_bootstrapped_t on_bootstrapped);
|
||||
/** Inits link layer security. */
|
||||
void (* init)(void);
|
||||
|
||||
/** Secures outgoing frames before passing them to NETSTACK_MAC. */
|
||||
void (* send)(mac_callback_t sent_callback, void *ptr);
|
||||
|
||||
/**
|
||||
* Once the NETSTACK_FRAMER wrote the headers, the LLSEC driver
|
||||
* can generate a MIC over the entire frame.
|
||||
* \return Returns != 0 <-> success
|
||||
*/
|
||||
int (* on_frame_created)(void);
|
||||
|
||||
/**
|
||||
* Decrypts incoming frames;
|
||||
* filters out injected or replayed frames.
|
||||
*/
|
||||
void (* input)(void);
|
||||
|
||||
/** Returns the security-related overhead per frame in bytes */
|
||||
uint8_t (* get_overhead)(void);
|
||||
};
|
||||
|
||||
#endif /* LLSEC_H_ */
|
||||
|
@ -47,6 +47,7 @@
|
||||
#include "net/llsec/llsec802154.h"
|
||||
#include "net/llsec/ccm-star-packetbuf.h"
|
||||
#include "net/mac/frame802154.h"
|
||||
#include "net/mac/framer-802154.h"
|
||||
#include "net/netstack.h"
|
||||
#include "net/packetbuf.h"
|
||||
#include "net/nbr-table.h"
|
||||
@ -80,81 +81,109 @@ static uint8_t key[16] = NONCORESEC_KEY;
|
||||
NBR_TABLE(struct anti_replay_info, anti_replay_table);
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static const uint8_t *
|
||||
get_extended_address(const linkaddr_t *addr)
|
||||
#if LINKADDR_SIZE == 2
|
||||
static int
|
||||
aead(uint8_t hdrlen, int forward)
|
||||
{
|
||||
/* workaround for short addresses: derive EUI64 as in RFC 6282 */
|
||||
static linkaddr_extended_t template = { { 0x00 , 0x00 , 0x00 ,
|
||||
0xFF , 0xFE , 0x00 , 0x00 , 0x00 } };
|
||||
uint8_t totlen;
|
||||
uint8_t nonce[CCM_STAR_NONCE_LENGTH];
|
||||
uint8_t *m;
|
||||
uint8_t m_len;
|
||||
uint8_t *a;
|
||||
uint8_t a_len;
|
||||
uint8_t *result;
|
||||
uint8_t generated_mic[LLSEC802154_MIC_LENGTH];
|
||||
uint8_t *mic;
|
||||
|
||||
template.u16[3] = LLSEC802154_HTONS(addr->u16);
|
||||
ccm_star_packetbuf_set_nonce(nonce, forward);
|
||||
totlen = packetbuf_totlen();
|
||||
a = packetbuf_hdrptr();
|
||||
#if WITH_ENCRYPTION
|
||||
a_len = hdrlen;
|
||||
m = a + a_len;
|
||||
m_len = totlen - hdrlen;
|
||||
#else /* WITH_ENCRYPTION */
|
||||
a_len = totlen;
|
||||
m = NULL;
|
||||
m_len = 0;
|
||||
#endif /* WITH_ENCRYPTION */
|
||||
|
||||
return template.u8;
|
||||
mic = a + totlen;
|
||||
result = forward ? mic : generated_mic;
|
||||
|
||||
CCM_STAR.aead(nonce,
|
||||
m, m_len,
|
||||
a, a_len,
|
||||
result, LLSEC802154_MIC_LENGTH,
|
||||
forward);
|
||||
|
||||
if(forward) {
|
||||
packetbuf_set_datalen(packetbuf_datalen() + LLSEC802154_MIC_LENGTH);
|
||||
return 1;
|
||||
} else {
|
||||
return (memcmp(generated_mic, mic, LLSEC802154_MIC_LENGTH) == 0);
|
||||
}
|
||||
}
|
||||
#else /* LINKADDR_SIZE == 2 */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
add_security_header(void)
|
||||
{
|
||||
return addr->u8;
|
||||
if(!packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL)) {
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_FRAME_TYPE, FRAME802154_DATAFRAME);
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, LLSEC802154_SECURITY_LEVEL);
|
||||
anti_replay_set_counter();
|
||||
}
|
||||
}
|
||||
#endif /* LINKADDR_SIZE == 2 */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
send(mac_callback_t sent, void *ptr)
|
||||
{
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_FRAME_TYPE, FRAME802154_DATAFRAME);
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, LLSEC802154_SECURITY_LEVEL);
|
||||
anti_replay_set_counter();
|
||||
NETSTACK_MAC.send(sent, ptr);
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static int
|
||||
on_frame_created(void)
|
||||
create(void)
|
||||
{
|
||||
uint8_t *dataptr = packetbuf_dataptr();
|
||||
uint8_t data_len = packetbuf_datalen();
|
||||
|
||||
ccm_star_mic_packetbuf(get_extended_address(&linkaddr_node_addr), dataptr + data_len, LLSEC802154_MIC_LENGTH);
|
||||
#if WITH_ENCRYPTION
|
||||
ccm_star_ctr_packetbuf(get_extended_address(&linkaddr_node_addr));
|
||||
#endif /* WITH_ENCRYPTION */
|
||||
packetbuf_set_datalen(data_len + LLSEC802154_MIC_LENGTH);
|
||||
int result;
|
||||
|
||||
return 1;
|
||||
add_security_header();
|
||||
result = framer_802154.create();
|
||||
if(result == FRAMER_FAILED) {
|
||||
return result;
|
||||
}
|
||||
|
||||
aead(result, 1);
|
||||
|
||||
return result;
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
input(void)
|
||||
static int
|
||||
parse(void)
|
||||
{
|
||||
uint8_t generated_mic[LLSEC802154_MIC_LENGTH];
|
||||
uint8_t *received_mic;
|
||||
int result;
|
||||
const linkaddr_t *sender;
|
||||
struct anti_replay_info* info;
|
||||
uint8_t *dataptr = packetbuf_dataptr();
|
||||
uint8_t data_len = packetbuf_datalen();
|
||||
|
||||
result = framer_802154.parse();
|
||||
if(result == FRAMER_FAILED) {
|
||||
return result;
|
||||
}
|
||||
|
||||
if(packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) != LLSEC802154_SECURITY_LEVEL) {
|
||||
PRINTF("noncoresec: received frame with wrong security level\n");
|
||||
return;
|
||||
return FRAMER_FAILED;
|
||||
}
|
||||
sender = packetbuf_addr(PACKETBUF_ADDR_SENDER);
|
||||
if(linkaddr_cmp(sender, &linkaddr_node_addr)) {
|
||||
PRINTF("noncoresec: frame from ourselves\n");
|
||||
return;
|
||||
return FRAMER_FAILED;
|
||||
}
|
||||
|
||||
data_len -= LLSEC802154_MIC_LENGTH;
|
||||
packetbuf_set_datalen(data_len);
|
||||
packetbuf_set_datalen(packetbuf_datalen() - LLSEC802154_MIC_LENGTH);
|
||||
|
||||
#if WITH_ENCRYPTION
|
||||
ccm_star_ctr_packetbuf(get_extended_address(sender));
|
||||
#endif /* WITH_ENCRYPTION */
|
||||
ccm_star_mic_packetbuf(get_extended_address(sender), generated_mic, LLSEC802154_MIC_LENGTH);
|
||||
|
||||
received_mic = dataptr + data_len;
|
||||
if(memcmp(generated_mic, received_mic, LLSEC802154_MIC_LENGTH) != 0) {
|
||||
PRINTF("noncoresec: received nonauthentic frame %"PRIu32"\n",
|
||||
if(!aead(result, 0)) {
|
||||
PRINTF("noncoresec: received unauthentic frame %"PRIu32"\n",
|
||||
anti_replay_get_counter());
|
||||
return;
|
||||
return FRAMER_FAILED;
|
||||
}
|
||||
|
||||
info = nbr_table_get_from_lladdr(anti_replay_table, sender);
|
||||
@ -162,7 +191,7 @@ input(void)
|
||||
info = nbr_table_add_lladdr(anti_replay_table, sender);
|
||||
if(!info) {
|
||||
PRINTF("noncoresec: could not get nbr_table_item\n");
|
||||
return;
|
||||
return FRAMER_FAILED;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -179,7 +208,7 @@ input(void)
|
||||
if(!nbr_table_lock(anti_replay_table, info)) {
|
||||
nbr_table_remove(anti_replay_table, info);
|
||||
PRINTF("noncoresec: could not lock\n");
|
||||
return;
|
||||
return FRAMER_FAILED;
|
||||
}
|
||||
|
||||
anti_replay_init_info(info);
|
||||
@ -187,34 +216,44 @@ input(void)
|
||||
if(anti_replay_was_replayed(info)) {
|
||||
PRINTF("noncoresec: received replayed frame %"PRIu32"\n",
|
||||
anti_replay_get_counter());
|
||||
return;
|
||||
return FRAMER_FAILED;
|
||||
}
|
||||
}
|
||||
|
||||
NETSTACK_NETWORK.input();
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static uint8_t
|
||||
get_overhead(void)
|
||||
{
|
||||
return SECURITY_HEADER_LENGTH + LLSEC802154_MIC_LENGTH;
|
||||
return result;
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
bootstrap(llsec_on_bootstrapped_t on_bootstrapped)
|
||||
input(void)
|
||||
{
|
||||
NETSTACK_NETWORK.input();
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static int
|
||||
length(void)
|
||||
{
|
||||
add_security_header();
|
||||
return framer_802154.length() + LLSEC802154_MIC_LENGTH;
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
init(void)
|
||||
{
|
||||
CCM_STAR.set_key(key);
|
||||
nbr_table_register(anti_replay_table, NULL);
|
||||
on_bootstrapped();
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
const struct llsec_driver noncoresec_driver = {
|
||||
"noncoresec",
|
||||
bootstrap,
|
||||
init,
|
||||
send,
|
||||
on_frame_created,
|
||||
input,
|
||||
get_overhead
|
||||
input
|
||||
};
|
||||
/*---------------------------------------------------------------------------*/
|
||||
const struct framer noncoresec_framer = {
|
||||
length,
|
||||
create,
|
||||
parse
|
||||
};
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
|
@ -56,6 +56,7 @@
|
||||
#include "net/llsec/llsec.h"
|
||||
|
||||
extern const struct llsec_driver noncoresec_driver;
|
||||
extern const struct framer noncoresec_framer;
|
||||
|
||||
#endif /* NONCORESEC_H_ */
|
||||
|
||||
|
@ -49,9 +49,9 @@
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
bootstrap(llsec_on_bootstrapped_t on_bootstrapped)
|
||||
init(void)
|
||||
{
|
||||
on_bootstrapped();
|
||||
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
@ -61,31 +61,17 @@ send(mac_callback_t sent, void *ptr)
|
||||
NETSTACK_MAC.send(sent, ptr);
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static int
|
||||
on_frame_created(void)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
input(void)
|
||||
{
|
||||
NETSTACK_NETWORK.input();
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static uint8_t
|
||||
get_overhead(void)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
const struct llsec_driver nullsec_driver = {
|
||||
"nullsec",
|
||||
bootstrap,
|
||||
init,
|
||||
send,
|
||||
on_frame_created,
|
||||
input,
|
||||
get_overhead
|
||||
input
|
||||
};
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
||||
|
@ -73,6 +73,8 @@ extern const struct framer DECORATED_FRAMER;
|
||||
#define PRINTF(...)
|
||||
#endif
|
||||
|
||||
static void pad(void);
|
||||
|
||||
/* 2-byte header for recovering padded packets.
|
||||
Wireshark will not understand such packets at present. */
|
||||
struct hdr {
|
||||
@ -99,7 +101,8 @@ create(void)
|
||||
}
|
||||
chdr = packetbuf_hdrptr();
|
||||
chdr->id = CONTIKIMAC_ID;
|
||||
chdr->len = 0;
|
||||
chdr->len = packetbuf_datalen();
|
||||
pad();
|
||||
|
||||
hdr_len = DECORATED_FRAMER.create();
|
||||
if(hdr_len < 0) {
|
||||
@ -107,6 +110,8 @@ create(void)
|
||||
return FRAMER_FAILED;
|
||||
}
|
||||
|
||||
packetbuf_compact();
|
||||
|
||||
return hdr_len + sizeof(struct hdr);
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
@ -117,7 +122,7 @@ pad(void)
|
||||
uint8_t *ptr;
|
||||
uint8_t zeroes_count;
|
||||
|
||||
transmit_len = packetbuf_totlen();
|
||||
transmit_len = packetbuf_totlen() + hdr_length();
|
||||
if(transmit_len < SHORTEST_PACKET_SIZE) {
|
||||
/* Padding required */
|
||||
zeroes_count = SHORTEST_PACKET_SIZE - transmit_len;
|
||||
@ -128,30 +133,6 @@ pad(void)
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static int
|
||||
create_and_secure(void)
|
||||
{
|
||||
struct hdr *chdr;
|
||||
int hdr_len;
|
||||
|
||||
hdr_len = create();
|
||||
if(hdr_len < 0) {
|
||||
return FRAMER_FAILED;
|
||||
}
|
||||
|
||||
packetbuf_compact();
|
||||
if(!NETSTACK_LLSEC.on_frame_created()) {
|
||||
PRINTF("contikimac-framer: securing failed\n");
|
||||
return FRAMER_FAILED;
|
||||
}
|
||||
|
||||
chdr = (struct hdr *)(((uint8_t *) packetbuf_dataptr()) - sizeof(struct hdr));
|
||||
chdr->len = packetbuf_datalen();
|
||||
pad();
|
||||
|
||||
return hdr_len;
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static int
|
||||
parse(void)
|
||||
{
|
||||
int hdr_len;
|
||||
@ -174,7 +155,6 @@ parse(void)
|
||||
}
|
||||
|
||||
packetbuf_set_datalen(chdr->len);
|
||||
chdr->len = 0;
|
||||
|
||||
return hdr_len + sizeof(struct hdr);
|
||||
}
|
||||
@ -182,7 +162,6 @@ parse(void)
|
||||
const struct framer contikimac_framer = {
|
||||
hdr_length,
|
||||
create,
|
||||
create_and_secure,
|
||||
parse
|
||||
};
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
@ -560,7 +560,7 @@ send_packet(mac_callback_t mac_callback, void *mac_callback_ptr,
|
||||
|
||||
if(!packetbuf_attr(PACKETBUF_ATTR_IS_CREATED_AND_SECURED)) {
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
|
||||
if(NETSTACK_FRAMER.create_and_secure() < 0) {
|
||||
if(NETSTACK_FRAMER.create() < 0) {
|
||||
PRINTF("contikimac: framer failed\n");
|
||||
return MAC_TX_ERR_FATAL;
|
||||
}
|
||||
@ -829,7 +829,7 @@ qsend_list(mac_callback_t sent, void *ptr, struct rdc_buf_list *buf_list)
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_PENDING, 1);
|
||||
}
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
|
||||
if(NETSTACK_FRAMER.create_and_secure() < 0) {
|
||||
if(NETSTACK_FRAMER.create() < 0) {
|
||||
PRINTF("contikimac: framer failed\n");
|
||||
mac_call_sent_callback(sent, ptr, MAC_TX_ERR_FATAL, 1);
|
||||
return;
|
||||
@ -915,8 +915,6 @@ input_packet(void)
|
||||
broadcast address. */
|
||||
|
||||
/* If FRAME_PENDING is set, we are receiving a packets in a burst */
|
||||
/* TODO To prevent denial-of-sleep attacks, the transceiver should
|
||||
be disabled upon receipt of an unauthentic frame. */
|
||||
we_are_receiving_burst = packetbuf_attr(PACKETBUF_ATTR_PENDING);
|
||||
if(we_are_receiving_burst) {
|
||||
on();
|
||||
|
@ -273,7 +273,6 @@ parse(void)
|
||||
const struct framer framer_802154 = {
|
||||
hdr_length,
|
||||
create,
|
||||
framer_canonical_create_and_secure,
|
||||
parse
|
||||
};
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
@ -99,6 +99,5 @@ parse(void)
|
||||
const struct framer framer_nullmac = {
|
||||
hdr_length,
|
||||
create,
|
||||
framer_canonical_create_and_secure,
|
||||
parse
|
||||
};
|
||||
|
@ -1,50 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2014, Fraunhofer Heinrich-Hertz-Institut.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "net/mac/framer.h"
|
||||
#include "net/packetbuf.h"
|
||||
#include "net/netstack.h"
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
int
|
||||
framer_canonical_create_and_secure(void)
|
||||
{
|
||||
int hdr_len;
|
||||
|
||||
hdr_len = NETSTACK_FRAMER.create();
|
||||
if(hdr_len >= 0) {
|
||||
packetbuf_compact();
|
||||
if(!NETSTACK_LLSEC.on_frame_created()) {
|
||||
return FRAMER_FAILED;
|
||||
}
|
||||
}
|
||||
return hdr_len;
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
@ -47,13 +47,8 @@ struct framer {
|
||||
|
||||
int (* length)(void);
|
||||
int (* create)(void);
|
||||
|
||||
/** Creates the frame and calls LLSEC.on_frame_created() */
|
||||
int (* create_and_secure)(void);
|
||||
int (* parse)(void);
|
||||
|
||||
};
|
||||
|
||||
int framer_canonical_create_and_secure(void);
|
||||
|
||||
#endif /* FRAMER_H_ */
|
||||
|
@ -120,7 +120,7 @@ send_one_packet(mac_callback_t sent, void *ptr)
|
||||
packetbuf_set_attr(PACKETBUF_ATTR_MAC_ACK, 1);
|
||||
#endif /* NULLRDC_802154_AUTOACK || NULLRDC_802154_AUTOACK_HW */
|
||||
|
||||
if(NETSTACK_FRAMER.create_and_secure() < 0) {
|
||||
if(NETSTACK_FRAMER.create() < 0) {
|
||||
/* Failed to allocate space for headers */
|
||||
PRINTF("nullrdc: send failed, too large header\n");
|
||||
ret = MAC_TX_ERR_FATAL;
|
||||
@ -302,8 +302,7 @@ packet_input(void)
|
||||
}
|
||||
#endif /* RDC_WITH_DUPLICATE_DETECTION */
|
||||
#endif /* NULLRDC_802154_AUTOACK */
|
||||
|
||||
/* TODO We may want to acknowledge only authentic frames */
|
||||
|
||||
#if NULLRDC_SEND_802154_ACK
|
||||
{
|
||||
frame802154_t info154;
|
||||
|
@ -124,6 +124,5 @@ parse(void)
|
||||
const struct framer no_framer = {
|
||||
hdr_length,
|
||||
create,
|
||||
framer_canonical_create_and_secure,
|
||||
parse
|
||||
};
|
||||
|
@ -56,8 +56,8 @@ test_sec_lvl_6()
|
||||
0xC4 , 0xC5 , 0xC6 , 0xC7 ,
|
||||
0xC8 , 0xC9 , 0xCA , 0xCB ,
|
||||
0xCC , 0xCD , 0xCE , 0xCF };
|
||||
uint8_t extended_source_address[8] = { 0xAC , 0xDE , 0x48 , 0x00 ,
|
||||
0x00 , 0x00 , 0x00 , 0x01 };
|
||||
linkaddr_t source_address = {{ 0xAC , 0xDE , 0x48 , 0x00 ,
|
||||
0x00 , 0x00 , 0x00 , 0x01 }};
|
||||
uint8_t data[30] = { 0x2B , 0xDC , 0x84 , 0x21 , 0x43 ,
|
||||
/* Destination Address */
|
||||
0x02 , 0x00 , 0x00 , 0x00 , 0x00 , 0x48 , 0xDE , 0xAC ,
|
||||
@ -72,11 +72,12 @@ test_sec_lvl_6()
|
||||
0x01 , 0xCE };
|
||||
uint8_t oracle[LLSEC802154_MIC_LENGTH] = { 0x4F , 0xDE , 0x52 , 0x90 ,
|
||||
0x61 , 0xF9 , 0xC6 , 0xF1 };
|
||||
uint8_t nonce[13];
|
||||
frame802154_frame_counter_t counter;
|
||||
uint8_t mic[LLSEC802154_MIC_LENGTH];
|
||||
|
||||
printf("Testing verification ... ");
|
||||
|
||||
linkaddr_copy(&linkaddr_node_addr, &source_address);
|
||||
packetbuf_clear();
|
||||
packetbuf_set_datalen(30);
|
||||
memcpy(packetbuf_hdrptr(), data, 30);
|
||||
@ -87,9 +88,14 @@ test_sec_lvl_6()
|
||||
packetbuf_hdrreduce(29);
|
||||
|
||||
CCM_STAR.set_key(key);
|
||||
ccm_star_mic_packetbuf(extended_source_address, mic, LLSEC802154_MIC_LENGTH);
|
||||
ccm_star_packetbuf_set_nonce(nonce, 1);
|
||||
CCM_STAR.aead(nonce,
|
||||
packetbuf_dataptr(), packetbuf_datalen(),
|
||||
packetbuf_hdrptr(), packetbuf_hdrlen(),
|
||||
((uint8_t *) packetbuf_hdrptr()) + 30, LLSEC802154_MIC_LENGTH,
|
||||
1);
|
||||
|
||||
if(memcmp(mic, oracle, LLSEC802154_MIC_LENGTH) == 0) {
|
||||
if(memcmp(((uint8_t *) packetbuf_hdrptr()) + 30, oracle, LLSEC802154_MIC_LENGTH) == 0) {
|
||||
printf("Success\n");
|
||||
} else {
|
||||
printf("Failure\n");
|
||||
@ -97,7 +103,6 @@ test_sec_lvl_6()
|
||||
|
||||
printf("Testing encryption ... ");
|
||||
|
||||
ccm_star_ctr_packetbuf(extended_source_address);
|
||||
if(((uint8_t *) packetbuf_hdrptr())[29] == 0xD8) {
|
||||
printf("Success\n");
|
||||
} else {
|
||||
@ -105,7 +110,13 @@ test_sec_lvl_6()
|
||||
}
|
||||
|
||||
printf("Testing decryption ... ");
|
||||
ccm_star_ctr_packetbuf(extended_source_address);
|
||||
packetbuf_set_addr(PACKETBUF_ADDR_SENDER, &source_address);
|
||||
ccm_star_packetbuf_set_nonce(nonce, 0);
|
||||
CCM_STAR.aead(nonce,
|
||||
packetbuf_dataptr(), packetbuf_datalen(),
|
||||
packetbuf_hdrptr(), packetbuf_hdrlen(),
|
||||
((uint8_t *) packetbuf_hdrptr()) + 30, LLSEC802154_MIC_LENGTH,
|
||||
0);
|
||||
if(((uint8_t *) packetbuf_hdrptr())[29] == 0xCE) {
|
||||
printf("Success\n");
|
||||
} else {
|
||||
|
@ -86,8 +86,8 @@ test_sec_lvl_2()
|
||||
0xC4 , 0xC5 , 0xC6 , 0xC7 ,
|
||||
0xC8 , 0xC9 , 0xCA , 0xCB ,
|
||||
0xCC , 0xCD , 0xCE , 0xCF };
|
||||
uint8_t extended_source_address[8] = { 0xAC , 0xDE , 0x48 , 0x00 ,
|
||||
0x00 , 0x00 , 0x00 , 0x01 };
|
||||
linkaddr_t source_address = {{ 0xAC , 0xDE , 0x48 , 0x00 ,
|
||||
0x00 , 0x00 , 0x00 , 0x01 }};
|
||||
uint8_t data[26] = { 0x08 , 0xD0 , 0x84 , 0x21 , 0x43 ,
|
||||
/* Source Address */
|
||||
0x01 , 0x00 , 0x00 , 0x00 , 0x00 , 0x48 , 0xDE , 0xAC ,
|
||||
@ -101,9 +101,11 @@ test_sec_lvl_2()
|
||||
0x84 , 0x1A , 0xB5 , 0x53 };
|
||||
frame802154_frame_counter_t counter;
|
||||
uint8_t mic[LLSEC802154_MIC_LENGTH];
|
||||
uint8_t nonce[13];
|
||||
|
||||
printf("Testing verification ... ");
|
||||
|
||||
linkaddr_copy(&linkaddr_node_addr, &source_address);
|
||||
packetbuf_clear();
|
||||
packetbuf_set_datalen(26);
|
||||
memcpy(packetbuf_hdrptr(), data, 26);
|
||||
@ -114,9 +116,14 @@ test_sec_lvl_2()
|
||||
packetbuf_hdrreduce(18);
|
||||
|
||||
CCM_STAR.set_key(key);
|
||||
ccm_star_mic_packetbuf(extended_source_address,mic, LLSEC802154_MIC_LENGTH);
|
||||
ccm_star_packetbuf_set_nonce(nonce, 1);
|
||||
CCM_STAR.aead(nonce,
|
||||
NULL, 0,
|
||||
packetbuf_hdrptr(), packetbuf_totlen(),
|
||||
((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen(), LLSEC802154_MIC_LENGTH,
|
||||
1);
|
||||
|
||||
if(memcmp(mic, oracle, LLSEC802154_MIC_LENGTH) == 0) {
|
||||
if(memcmp(((uint8_t *) packetbuf_dataptr()) + packetbuf_datalen(), oracle, LLSEC802154_MIC_LENGTH) == 0) {
|
||||
printf("Success\n");
|
||||
} else {
|
||||
printf("Failure\n");
|
||||
|
@ -228,17 +228,6 @@ start_uip6(void)
|
||||
#endif /* NETSTACK_CONF_WITH_IPV6 */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
start_network_layer(void)
|
||||
{
|
||||
#if NETSTACK_CONF_WITH_IPV6
|
||||
start_uip6();
|
||||
#endif /* NETSTACK_CONF_WITH_IPV6 */
|
||||
start_autostart_processes();
|
||||
/* To support link layer security in combination with NETSTACK_CONF_WITH_IPV4 and
|
||||
* TIMESYNCH_CONF_ENABLED further things may need to be moved here */
|
||||
}
|
||||
/*--------------------------------------------------------------------------*/
|
||||
static void
|
||||
set_linkaddr(void)
|
||||
{
|
||||
int i;
|
||||
@ -409,7 +398,12 @@ main(void)
|
||||
#endif /* NETSTACK_CONF_WITH_IPV4 */
|
||||
|
||||
watchdog_start();
|
||||
NETSTACK_LLSEC.bootstrap(start_network_layer);
|
||||
NETSTACK_LLSEC.init();
|
||||
|
||||
#if NETSTACK_CONF_WITH_IPV6
|
||||
start_uip6();
|
||||
#endif /* NETSTACK_CONF_WITH_IPV6 */
|
||||
start_autostart_processes();
|
||||
|
||||
leds_off(LEDS_ALL);
|
||||
int r;
|
||||
|
@ -45,54 +45,6 @@
|
||||
static tsReg128 current_key;
|
||||
static int current_key_is_new = 1;
|
||||
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
mic(const uint8_t *m, uint8_t m_len,
|
||||
const uint8_t *nonce,
|
||||
const uint8_t *a, uint8_t a_len,
|
||||
uint8_t *result,
|
||||
uint8_t mic_len)
|
||||
{
|
||||
tsReg128 nonce_aligned;
|
||||
memcpy(&nonce_aligned, nonce, sizeof(nonce_aligned));
|
||||
bACI_CCMstar(
|
||||
¤t_key,
|
||||
current_key_is_new,
|
||||
XCV_REG_AES_SET_MODE_CCM,
|
||||
mic_len,
|
||||
a_len,
|
||||
m_len,
|
||||
&nonce_aligned,
|
||||
(uint8_t *)a,
|
||||
(uint8_t *)m,
|
||||
NULL,
|
||||
result,
|
||||
NULL
|
||||
);
|
||||
current_key_is_new = 0;
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
ctr(uint8_t *m, uint8_t m_len, const uint8_t *nonce)
|
||||
{
|
||||
tsReg128 nonce_aligned;
|
||||
memcpy(&nonce_aligned, nonce, sizeof(nonce_aligned));
|
||||
bACI_CCMstar(
|
||||
¤t_key,
|
||||
current_key_is_new,
|
||||
XCV_REG_AES_SET_MODE_CCM,
|
||||
0,
|
||||
0,
|
||||
m_len,
|
||||
&nonce_aligned,
|
||||
NULL,
|
||||
m,
|
||||
m,
|
||||
NULL,
|
||||
NULL
|
||||
);
|
||||
current_key_is_new = 0;
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
aead(const uint8_t *nonce,
|
||||
@ -161,8 +113,7 @@ set_key(const uint8_t *key)
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
const struct ccm_star_driver ccm_star_driver_jn516x = {
|
||||
mic,
|
||||
ctr,
|
||||
set_key
|
||||
set_key,
|
||||
aead
|
||||
};
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
@ -189,65 +189,6 @@ set_gateway(void)
|
||||
}
|
||||
#endif /* NETSTACK_CONF_WITH_IPV4 */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
start_autostart_processes()
|
||||
{
|
||||
#if !PROCESS_CONF_NO_PROCESS_NAMES
|
||||
print_processes(autostart_processes);
|
||||
#endif /* !PROCESS_CONF_NO_PROCESS_NAMES */
|
||||
autostart_start(autostart_processes);
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
#if NETSTACK_CONF_WITH_IPV6
|
||||
static void
|
||||
start_uip6()
|
||||
{
|
||||
NETSTACK_NETWORK.init();
|
||||
|
||||
process_start(&tcpip_process, NULL);
|
||||
|
||||
#if DEBUG
|
||||
PRINTF("Tentative link-local IPv6 address ");
|
||||
{
|
||||
uip_ds6_addr_t *lladdr;
|
||||
int i;
|
||||
lladdr = uip_ds6_get_link_local(-1);
|
||||
for(i = 0; i < 7; ++i) {
|
||||
PRINTF("%02x%02x:", lladdr->ipaddr.u8[i * 2],
|
||||
lladdr->ipaddr.u8[i * 2 + 1]);
|
||||
}
|
||||
PRINTF("%02x%02x\n", lladdr->ipaddr.u8[14], lladdr->ipaddr.u8[15]);
|
||||
}
|
||||
#endif /* DEBUG */
|
||||
|
||||
if(!UIP_CONF_IPV6_RPL) {
|
||||
uip_ipaddr_t ipaddr;
|
||||
int i;
|
||||
uip_ip6addr(&ipaddr, 0xaaaa, 0, 0, 0, 0, 0, 0, 0);
|
||||
uip_ds6_set_addr_iid(&ipaddr, &uip_lladdr);
|
||||
uip_ds6_addr_add(&ipaddr, 0, ADDR_TENTATIVE);
|
||||
PRINTF("Tentative global IPv6 address ");
|
||||
for(i = 0; i < 7; ++i) {
|
||||
PRINTF("%02x%02x:",
|
||||
ipaddr.u8[i * 2], ipaddr.u8[i * 2 + 1]);
|
||||
}
|
||||
PRINTF("%02x%02x\n",
|
||||
ipaddr.u8[7 * 2], ipaddr.u8[7 * 2 + 1]);
|
||||
}
|
||||
}
|
||||
#endif /* NETSTACK_CONF_WITH_IPV6 */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static void
|
||||
start_network_layer()
|
||||
{
|
||||
#if NETSTACK_CONF_WITH_IPV6
|
||||
start_uip6();
|
||||
#endif /* NETSTACK_CONF_WITH_IPV6 */
|
||||
start_autostart_processes();
|
||||
/* To support link layer security in combination with NETSTACK_CONF_WITH_IPV4 and
|
||||
* TIMESYNCH_CONF_ENABLED further things may need to be moved here */
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
#if WITH_TINYOS_AUTO_IDS
|
||||
uint16_t TOS_NODE_ID = 0x1234; /* non-zero */
|
||||
uint16_t TOS_LOCAL_ADDRESS = 0x1234; /* non-zero */
|
||||
@ -360,6 +301,8 @@ main(int argc, char **argv)
|
||||
queuebuf_init();
|
||||
NETSTACK_RDC.init();
|
||||
NETSTACK_MAC.init();
|
||||
NETSTACK_LLSEC.init();
|
||||
NETSTACK_NETWORK.init();
|
||||
|
||||
PRINTF("%s %s %s, channel check rate %lu Hz, radio channel %u, CCA threshold %i\n",
|
||||
NETSTACK_LLSEC.name, NETSTACK_MAC.name, NETSTACK_RDC.name,
|
||||
@ -367,11 +310,42 @@ main(int argc, char **argv)
|
||||
NETSTACK_RDC.channel_check_interval()),
|
||||
CC2420_CONF_CHANNEL,
|
||||
CC2420_CONF_CCA_THRESH);
|
||||
|
||||
process_start(&tcpip_process, NULL);
|
||||
|
||||
#if DEBUG
|
||||
PRINTF("Tentative link-local IPv6 address ");
|
||||
{
|
||||
uip_ds6_addr_t *lladdr;
|
||||
int i;
|
||||
lladdr = uip_ds6_get_link_local(-1);
|
||||
for(i = 0; i < 7; ++i) {
|
||||
PRINTF("%02x%02x:", lladdr->ipaddr.u8[i * 2],
|
||||
lladdr->ipaddr.u8[i * 2 + 1]);
|
||||
}
|
||||
PRINTF("%02x%02x\n", lladdr->ipaddr.u8[14], lladdr->ipaddr.u8[15]);
|
||||
}
|
||||
#endif /* DEBUG */
|
||||
|
||||
if(!UIP_CONF_IPV6_RPL) {
|
||||
uip_ipaddr_t ipaddr;
|
||||
int i;
|
||||
uip_ip6addr(&ipaddr, 0xaaaa, 0, 0, 0, 0, 0, 0, 0);
|
||||
uip_ds6_set_addr_iid(&ipaddr, &uip_lladdr);
|
||||
uip_ds6_addr_add(&ipaddr, 0, ADDR_TENTATIVE);
|
||||
PRINTF("Tentative global IPv6 address ");
|
||||
for(i = 0; i < 7; ++i) {
|
||||
PRINTF("%02x%02x:",
|
||||
ipaddr.u8[i * 2], ipaddr.u8[i * 2 + 1]);
|
||||
}
|
||||
PRINTF("%02x%02x\n",
|
||||
ipaddr.u8[7 * 2], ipaddr.u8[7 * 2 + 1]);
|
||||
}
|
||||
#else /* NETSTACK_CONF_WITH_IPV6 */
|
||||
|
||||
NETSTACK_RDC.init();
|
||||
NETSTACK_MAC.init();
|
||||
NETSTACK_LLSEC.init();
|
||||
NETSTACK_NETWORK.init();
|
||||
|
||||
PRINTF("%s %s %s, channel check rate %lu Hz, radio channel %u\n",
|
||||
@ -421,10 +395,13 @@ main(int argc, char **argv)
|
||||
uip_ipaddr_to_quad(&hostaddr));
|
||||
}
|
||||
#endif /* NETSTACK_CONF_WITH_IPV4 */
|
||||
|
||||
|
||||
watchdog_start();
|
||||
|
||||
NETSTACK_LLSEC.bootstrap(start_network_layer);
|
||||
#if !PROCESS_CONF_NO_PROCESS_NAMES
|
||||
print_processes(autostart_processes);
|
||||
#endif /* !PROCESS_CONF_NO_PROCESS_NAMES */
|
||||
autostart_start(autostart_processes);
|
||||
|
||||
/*
|
||||
* This is the scheduler loop.
|
||||
|
Loading…
Reference in New Issue
Block a user