From d161ffcb643576d695e8cc2d64763b6000ca86a4 Mon Sep 17 00:00:00 2001
From: kkrentz <konrad.krentz@googlemail.com>
Date: Mon, 21 Apr 2014 03:33:34 -0700
Subject: [PATCH] llsec: Allow for sharing CCM*

---
 core/net/llsec/ccm.c | 190 +++++++++++++++++++++++++++++++++++++++++++
 core/net/llsec/ccm.h |  85 +++++++++++++++++++
 2 files changed, 275 insertions(+)
 create mode 100644 core/net/llsec/ccm.c
 create mode 100644 core/net/llsec/ccm.h

diff --git a/core/net/llsec/ccm.c b/core/net/llsec/ccm.c
new file mode 100644
index 000000000..afae5ed25
--- /dev/null
+++ b/core/net/llsec/ccm.c
@@ -0,0 +1,190 @@
+/**
+ * \addtogroup llsec802154
+ * @{
+ */
+
+/*
+ * Copyright (c) 2013, Hasso-Plattner-Institut.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * This file is part of the Contiki operating system.
+ *
+ */
+
+/**
+ * \file
+ *         AES_128-based CCM* implementation.
+ * \author
+ *         Konrad Krentz <konrad.krentz@gmail.com>
+ */
+
+#include "net/llsec/ccm.h"
+#include "net/llsec/llsec802154.h"
+#include "net/packetbuf.h"
+#include "lib/aes-128.h"
+#include <string.h>
+
+/*---------------------------------------------------------------------------*/
+static void
+set_nonce(uint8_t *nonce,
+    uint8_t flags,
+    const uint8_t *extended_source_address,
+    uint8_t counter)
+{
+  /* 1 byte||          8 bytes        ||    4 bytes    || 1 byte  || 2 bytes */
+  /* flags || extended_source_address || frame_counter || sec_lvl || counter */
+  
+  nonce[0] = flags;
+  memcpy(nonce + 1, extended_source_address, 8);
+  nonce[9] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) >> 8;
+  nonce[10] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_2_3) & 0xff;
+  nonce[11] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) >> 8;
+  nonce[12] = packetbuf_attr(PACKETBUF_ATTR_FRAME_COUNTER_BYTES_0_1) & 0xff;
+  nonce[13] = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL);
+  nonce[14] = 0;
+  nonce[15] = counter;
+}
+/*---------------------------------------------------------------------------*/
+/* XORs the block m[pos] ... m[pos + 15] with K_{counter} */
+static void
+ctr_step(const uint8_t *extended_source_address,
+    uint8_t pos,
+    uint8_t *m_and_result,
+    uint8_t m_len,
+    uint8_t counter)
+{
+  uint8_t a[AES_128_BLOCK_SIZE];
+  uint8_t i;
+  
+  set_nonce(a, CCM_ENCRYPTION_FLAGS, extended_source_address, counter);
+  AES_128.encrypt(a);
+  
+  for(i = 0; (pos + i < m_len) && (i < AES_128_BLOCK_SIZE); i++) {
+    m_and_result[pos + i] ^= a[i];
+  }
+}
+/*---------------------------------------------------------------------------*/
+static void
+mic(const uint8_t *extended_source_address,
+    uint8_t *result,
+    uint8_t mic_len)
+{
+  uint8_t x[AES_128_BLOCK_SIZE];
+  uint8_t pos;
+  uint8_t i;
+  uint8_t a_len;
+  uint8_t *a;
+#if LLSEC802154_USES_ENCRYPTION
+  uint8_t shall_encrypt;
+  uint8_t m_len;
+  uint8_t *m;
+  
+  shall_encrypt = packetbuf_attr(PACKETBUF_ATTR_SECURITY_LEVEL) & (1 << 2);
+  if(shall_encrypt) {
+    a_len = packetbuf_hdrlen();
+    m_len = packetbuf_datalen();
+  } else {
+    a_len = packetbuf_totlen();
+    m_len = 0;
+  }
+  set_nonce(x,
+      CCM_AUTH_FLAGS(a_len, mic_len),
+      extended_source_address,
+      m_len);
+#else /* LLSEC802154_USES_ENCRYPTION */
+  a_len = packetbuf_totlen();
+  set_nonce(x,
+      CCM_AUTH_FLAGS(a_len, mic_len),
+      extended_source_address,
+      0);
+#endif /* LLSEC802154_USES_ENCRYPTION */
+  AES_128.encrypt(x);
+  
+  a = packetbuf_hdrptr();
+  if(a_len) {
+    x[1] = x[1] ^ a_len;
+    for(i = 2; (i - 2 < a_len) && (i < AES_128_BLOCK_SIZE); i++) {
+      x[i] ^= a[i - 2];
+    }
+    
+    AES_128.encrypt(x);
+    
+    pos = 14;
+    while(pos < a_len) {
+      for(i = 0; (pos + i < a_len) && (i < AES_128_BLOCK_SIZE); i++) {
+        x[i] ^= a[pos + i];
+      }
+      pos += AES_128_BLOCK_SIZE;
+      AES_128.encrypt(x);
+    }
+  }
+  
+#if LLSEC802154_USES_ENCRYPTION
+  if(shall_encrypt) {
+    m = a + a_len;
+    pos = 0;
+    while(pos < m_len) {
+      for(i = 0; (pos + i < m_len) && (i < AES_128_BLOCK_SIZE); i++) {
+        x[i] ^= m[pos + i];
+      }
+      pos += AES_128_BLOCK_SIZE;
+      AES_128.encrypt(x);
+    }
+  }
+#endif /* LLSEC802154_USES_ENCRYPTION */
+  
+  ctr_step(extended_source_address, 0, x, AES_128_BLOCK_SIZE, 0);
+  
+  memcpy(result, x, mic_len);
+}
+/*---------------------------------------------------------------------------*/
+static void
+ctr(const uint8_t *extended_source_address)
+{
+  uint8_t m_len;
+  uint8_t *m;
+  uint8_t pos;
+  uint8_t counter;
+  
+  m_len = packetbuf_datalen();
+  m = (uint8_t *) packetbuf_dataptr();
+  
+  pos = 0;
+  counter = 1;
+  while(pos < m_len) {
+    ctr_step(extended_source_address, pos, m, m_len, counter++);
+    pos += AES_128_BLOCK_SIZE;
+  }
+}
+/*---------------------------------------------------------------------------*/
+const struct ccm_driver ccm_driver = {
+  mic,
+  ctr
+};
+/*---------------------------------------------------------------------------*/
+
+/** @} */
diff --git a/core/net/llsec/ccm.h b/core/net/llsec/ccm.h
new file mode 100644
index 000000000..cd4eca8f1
--- /dev/null
+++ b/core/net/llsec/ccm.h
@@ -0,0 +1,85 @@
+/**
+ * \addtogroup llsec802154
+ * @{
+ */
+
+/*
+ * Copyright (c) 2013, Hasso-Plattner-Institut.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * This file is part of the Contiki operating system.
+ *
+ */
+
+/**
+ * \file
+ *         CCM* header file.
+ * \author
+ *         Konrad Krentz <konrad.krentz@gmail.com>
+ */
+
+#ifndef CCM_H_
+#define CCM_H_
+
+#include "contiki.h"
+#include "net/mac/frame802154.h"
+
+/* see RFC 3610 */
+#define CCM_AUTH_FLAGS(Adata, M) ((Adata ? (1 << 6) : 0) | (((M - 2) >> 1) << 3) | 1)
+#define CCM_ENCRYPTION_FLAGS     1
+
+#ifdef CCM_CONF
+#define CCM CCM_CONF
+#else /* CCM_CONF */
+#define CCM ccm_driver
+#endif /* CCM_CONF */
+
+/**
+ * Structure of CCM drivers.
+ */
+struct ccm_driver {
+  
+   /**
+    * \brief         Generates a MIC over the frame in the packetbuf.
+    * \param result  The generated MIC will be put here
+    * \param mic_len  <= 16; set to LLSEC802154_MIC_LENGTH to be compliant
+    */
+  void (* mic)(const uint8_t *extended_source_address,
+      uint8_t *result,
+      uint8_t mic_len);
+  
+  /**
+   * \brief XORs the frame in the packetbuf with the key stream.
+   */
+  void (* ctr)(const uint8_t *extended_source_address);
+};
+
+extern const struct ccm_driver CCM;
+
+#endif /* CCM_H_ */
+
+/** @} */