RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-17 10:52:44 +01:00
Code Releases Activity

sys/net/link_layer/ieee802154: stricter names for security types

Browse Source 
stricter prefixing of security related types and constants with
"ieee802154_sec_"
This commit is contained in:
Fabian Hüßler 2021-02-27 23:23:01 +01:00
parent 9390b3072b
commit 346f92f663
4 changed files with 96 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/netdev/ieee802154.c
View File

@ -178,7 +178,7 @@ int netdev_ieee802154_get(netdev_ieee802154_t *dev, netopt_t opt, void *value,
*((uint16_t *)value) = (_get_ieee802154_pdu(dev) *((uint16_t *)value) = (_get_ieee802154_pdu(dev)
- IEEE802154_MAX_HDR_LEN) - IEEE802154_MAX_HDR_LEN)
#if IS_USED(MODULE_IEEE802154_SECURITY) #if IS_USED(MODULE_IEEE802154_SECURITY)
-IEEE802154_MAX_AUX_HDR_LEN -IEEE802154_SEC_MAX_AUX_HDR_LEN
#endif /* IS_USED(MODULE_IEEE802154_SECURITY) */ #endif /* IS_USED(MODULE_IEEE802154_SECURITY) */
- IEEE802154_FCS_LEN; - IEEE802154_FCS_LEN;
res = sizeof(uint16_t); res = sizeof(uint16_t);

82
sys/include/net/ieee802154_security.h
View File

@ -101,14 +101,14 @@ struct ieee802154_sec_dev {
void *ctx; void *ctx;
}; };
#if !defined(IEEE802154_DEFAULT_KEY) || defined(DOXYGEN) #if !defined(IEEE802154_SEC_DEFAULT_KEY) || defined(DOXYGEN)
/** /**
* @brief AES key that is used in the test vectors from the specification * @brief AES key that is used in the test vectors from the specification
* *
* @note Predefine it yourself, * @note Predefine it yourself,
* if you want another key to be set up on initialization * if you want another key to be set up on initialization
*/ */
#define IEEE802154_DEFAULT_KEY { 0xc0, 0xc1, 0xc2, 0xc3, \ #define IEEE802154_SEC_DEFAULT_KEY { 0xc0, 0xc1, 0xc2, 0xc3, \
0xc4, 0xc5, 0xc6, 0xc7, \ 0xc4, 0xc5, 0xc6, 0xc7, \
0xc8, 0xc9, 0xca, 0xcb, \ 0xc8, 0xc9, 0xca, 0xcb, \
0xcc, 0xcd, 0xce, 0xcf } 0xcc, 0xcd, 0xce, 0xcf }
@ -127,68 +127,68 @@ struct ieee802154_sec_dev {
/** /**
* @brief Maximum length of the security auxiliary header in bytes * @brief Maximum length of the security auxiliary header in bytes
*/ */
#define IEEE802154_MAX_AUX_HDR_LEN (14U) #define IEEE802154_SEC_MAX_AUX_HDR_LEN (14U)
/** /**
* @brief Maximum Size of IEEE 802.15.4 MAC * @brief Maximum Size of IEEE 802.15.4 MAC
*/ */
#define IEEE802154_MAC_SIZE (16U) #define IEEE802154_SEC_MAX_MAC_SIZE (16U)
/** /**
* @brief Mask to get security level bits * @brief Mask to get security level bits
*/ */
#define IEEE802154_SCF_SECLEVEL_MASK (0x07) #define IEEE802154_SEC_SCF_SECLEVEL_MASK (0x07)
/** /**
* @brief Number of shifts to set/get security level bits * @brief Number of shifts to set/get security level bits
*/ */
#define IEEE802154_SCF_SECLEVEL_SHIFT (0) #define IEEE802154_SEC_SCF_SECLEVEL_SHIFT (0)
/** /**
* @brief Mask to get key mode bits * @brief Mask to get key mode bits
*/ */
#define IEEE802154_SCF_KEYMODE_MASK (0x18) #define IEEE802154_SEC_SCF_KEYMODE_MASK (0x18)
/** /**
* @brief Number of shifts to set/get key mode bits * @brief Number of shifts to set/get key mode bits
*/ */
#define IEEE802154_SCF_KEYMODE_SHIFT (3) #define IEEE802154_SEC_SCF_KEYMODE_SHIFT (3)
/** /**
* @brief Security levels * @brief Security levels
* *
* <em>IEEE802154_SCF_SECLEVEL_MIC*</em>: * <em>IEEE802154_SEC_SCF_SECLEVEL_MIC*</em>:
* A message integrity code (MIC), also known as MAC, * A message integrity code (MIC), also known as MAC,
* is used to prove authentication. The MIC covers the whole frame * is used to prove authentication. The MIC covers the whole frame
* i.e. header, auxiliary header, and frame payload. * i.e. header, auxiliary header, and frame payload.
* The MIC is always encrypted, thus it must be decrypted by the receiver, * The MIC is always encrypted, thus it must be decrypted by the receiver,
* to be checked. * to be checked.
* *
* <em>IEEE802154_SCF_SECLEVEL_ENC*</em>: * <em>IEEE802154_SEC_SCF_SECLEVEL_ENC*</em>:
* AES-128 in ECB mode is used to encrypt the payload of a frame to provide * AES-128 in ECB mode is used to encrypt the payload of a frame to provide
* confidentiality. * confidentiality.
* *
* <em>IEEE802154_SCF_SECLEVEL_ENC_MIC*</em>: * <em>IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC*</em>:
* A combination of the two modes above is used to ensure * A combination of the two modes above is used to ensure
* authentication and confidentiality. * authentication and confidentiality.
*/ */
typedef enum { typedef enum {
IEEE802154_SCF_SECLEVEL_NONE = 0x00, /**< no security */ IEEE802154_SEC_SCF_SECLEVEL_NONE = 0x00, /**< no security */
IEEE802154_SCF_SECLEVEL_MIC32 = 0x01, /**< 32 bit MIC */ IEEE802154_SEC_SCF_SECLEVEL_MIC32 = 0x01, /**< 32 bit MIC */
IEEE802154_SCF_SECLEVEL_MIC64 = 0x02, /**< 64 bit MIC */ IEEE802154_SEC_SCF_SECLEVEL_MIC64 = 0x02, /**< 64 bit MIC */
IEEE802154_SCF_SECLEVEL_MIC128 = 0x03, /**< 128 bit MIC */ IEEE802154_SEC_SCF_SECLEVEL_MIC128 = 0x03, /**< 128 bit MIC */
IEEE802154_SCF_SECLEVEL_ENC = 0x04, /**< encryption */ IEEE802154_SEC_SCF_SECLEVEL_ENC = 0x04, /**< encryption */
IEEE802154_SCF_SECLEVEL_ENC_MIC32 = 0x05, /**< enc. + 32 bit MIC */ IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC32 = 0x05, /**< enc. + 32 bit MIC */
IEEE802154_SCF_SECLEVEL_ENC_MIC64 = 0x06, /**< enc. + 64 bit MIC (mandatory) */ IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC64 = 0x06, /**< enc. + 64 bit MIC (mandatory) */
IEEE802154_SCF_SECLEVEL_ENC_MIC128 = 0x07 /**< enc. + 128 bit MIC */ IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC128 = 0x07 /**< enc. + 128 bit MIC */
} ieee802154_scf_seclevel_t; } ieee802154_sec_scf_seclevel_t;
/** /**
* @brief Key identifier modes * @brief Key identifier modes
* *
* The key identifier field in the auxiliary header * The key identifier field in the auxiliary header
* consists of the key source and the key index fields and is only present * consists of the key source and the key index fields and is only present
* if the key identifier mode is not IEEE802154_SCF_KEYMODE_IMPLICIT. * if the key identifier mode is not IEEE802154_SEC_SCF_KEYMODE_IMPLICIT.
* (see 9.4.3 in the spec.) * (see 9.4.3 in the spec.)
* *
* +----------------+-------------+------------------+------------------------------------+ * +----------------+-------------+------------------+------------------------------------+
@ -213,11 +213,11 @@ typedef enum {
* +----------------+-------------+------------------+------------------------------------+ * +----------------+-------------+------------------+------------------------------------+
*/ */
typedef enum { typedef enum {
IEEE802154_SCF_KEYMODE_IMPLICIT = 0x00, /**< Key is determined implicitly */ IEEE802154_SEC_SCF_KEYMODE_IMPLICIT = 0x00, /**< Key is determined implicitly */
IEEE802154_SCF_KEYMODE_INDEX = 0x01, /**< Key is determined from key index */ IEEE802154_SEC_SCF_KEYMODE_INDEX = 0x01, /**< Key is determined from key index */
IEEE802154_SCF_KEYMODE_SHORT_INDEX = 0x02, /**< Key is determined from 4 byte key source and key index */ IEEE802154_SEC_SCF_KEYMODE_SHORT_INDEX = 0x02, /**< Key is determined from 4 byte key source and key index */
IEEE802154_SCF_KEYMODE_HW_INDEX = 0x03 /**< Key is determined from 8 byte key source and key index */ IEEE802154_SEC_SCF_KEYMODE_HW_INDEX = 0x03 /**< Key is determined from 8 byte key source and key index */
} ieee802154_scf_keymode_t; } ieee802154_sec_scf_keymode_t;
/** /**
* @brief IEEE 802.15.4 security error codes * @brief IEEE 802.15.4 security error codes
@ -239,11 +239,11 @@ typedef struct ieee802154_sec_context {
*/ */
cipher_t cipher; cipher_t cipher;
/** /**
* @brief Security level IEEE802154_SCF_SECLEVEL_* * @brief Security level IEEE802154_SEC_SCF_SECLEVEL_*
*/ */
uint8_t security_level; uint8_t security_level;
/** /**
* @brief Key mode IEEE802154_SCF_KEYMODE_* * @brief Key mode IEEE802154_SEC_SCF_KEYMODE_*
*/ */
uint8_t key_id_mode; uint8_t key_id_mode;
/** /**
@ -279,9 +279,9 @@ typedef struct __attribute__((packed)) {
* +--------+--------+--------+--------+--------+--------+--------+--------+ * +--------+--------+--------+--------+--------+--------+--------+--------+
* *
* security level: * security level:
* one of IEEE802154_SCF_SECLEVEL_* * one of IEEE802154_SEC_SCF_SECLEVEL_*
* key identifier mode: * key identifier mode:
* one of IEEE802154_SCF_KEY_* * one of IEEE802154_SEC_SCF_KEY_*
* frame counter suppression: * frame counter suppression:
* basically always zero because we do not support TSCH right now * basically always zero because we do not support TSCH right now
* ASN: * ASN:
@ -296,20 +296,20 @@ typedef struct __attribute__((packed)) {
* @brief key identifier (0 - 9 bytes) according to key id. mode * @brief key identifier (0 - 9 bytes) according to key id. mode
*/ */
uint8_t key_id[]; uint8_t key_id[];
} ieee802154_aux_sec_t; } ieee802154_sec_aux_t;
/** /**
* @brief Content of key_source if key mode is IEEE802154_SCF_KEYMODE_INDEX * @brief Content of key_source if key mode is IEEE802154_SEC_SCF_KEYMODE_INDEX
*/ */
typedef struct __attribute__((packed)) { typedef struct __attribute__((packed)) {
/** /**
* @brief Key index of key from originator, defined by key source * @brief Key index of key from originator, defined by key source
*/ */
uint8_t key_index; uint8_t key_index;
} ieee802154_aux_sec_key_identifier_1_t; } ieee802154_sec_aux_key_identifier_1_t;
/** /**
* @brief Content of key_source if key mode is IEEE802154_SCF_KEYMODE_SHORT_INDEX * @brief Content of key_source if key mode is IEEE802154_SEC_SCF_KEYMODE_SHORT_INDEX
*/ */
typedef struct __attribute__((packed)) { typedef struct __attribute__((packed)) {
/** /**
@ -320,10 +320,10 @@ typedef struct __attribute__((packed)) {
* @brief Key index of key from originator, defined by key source * @brief Key index of key from originator, defined by key source
*/ */
uint8_t key_index; uint8_t key_index;
} ieee802154_aux_sec_key_identifier_5_t; } ieee802154_sec_aux_key_identifier_5_t;
/** /**
* @brief Content of key_source if key mode is IEEE802154_SCF_KEYMODE_HW_INDEX * @brief Content of key_source if key mode is IEEE802154_SEC_SCF_KEYMODE_HW_INDEX
*/ */
typedef struct __attribute__((packed)) { typedef struct __attribute__((packed)) {
/** /**
@ -334,7 +334,7 @@ typedef struct __attribute__((packed)) {
* @brief Key index of key from originator, defined by key source * @brief Key index of key from originator, defined by key source
*/ */
uint8_t key_index; uint8_t key_index;
} ieee802154_aux_sec_key_identifier_9_t; } ieee802154_sec_aux_key_identifier_9_t;
/** /**
* @brief Format of 13 byte nonce * @brief Format of 13 byte nonce
@ -349,10 +349,10 @@ typedef struct __attribute__((packed)) {
*/ */
uint32_t frame_counter; uint32_t frame_counter;
/** /**
* @brief One of IEEE802154_SCF_SECLEVEL_* * @brief One of IEEE802154_SEC_SCF_SECLEVEL_*
*/ */
uint8_t security_level; uint8_t security_level;
} ieee802154_ccm_nonce_t; } ieee802154_sec_ccm_nonce_t;
/** /**
* @brief Format of 16 byte input block of CCM * @brief Format of 16 byte input block of CCM
@ -365,13 +365,13 @@ typedef struct __attribute__((packed)) {
/** /**
* @brief Nonce (Number that is only used once) * @brief Nonce (Number that is only used once)
*/ */
ieee802154_ccm_nonce_t nonce; ieee802154_sec_ccm_nonce_t nonce;
/** /**
* @brief Either the length of the actual message (for CBC-MAC) or * @brief Either the length of the actual message (for CBC-MAC) or
* a block counter (for CTR) * a block counter (for CTR)
*/ */
uint16_t counter; uint16_t counter;
} ieee802154_ccm_block_t; } ieee802154_sec_ccm_block_t;
/** /**
* @brief Initialize IEEE 802.15.4 security context with default values * @brief Initialize IEEE 802.15.4 security context with default values

4
sys/net/gnrc/netif/ieee802154/gnrc_netif_ieee802154.c
View File

@ -245,7 +245,7 @@ static int _send(gnrc_netif_t *netif, gnrc_pktsnip_t *pkt)
size_t src_len, dst_len; size_t src_len, dst_len;
uint8_t mhr_len; uint8_t mhr_len;
#if IS_USED(MODULE_IEEE802154_SECURITY) #if IS_USED(MODULE_IEEE802154_SECURITY)
uint8_t mhr[IEEE802154_MAX_HDR_LEN + IEEE802154_MAX_AUX_HDR_LEN]; uint8_t mhr[IEEE802154_MAX_HDR_LEN + IEEE802154_SEC_MAX_AUX_HDR_LEN];
#else #else
uint8_t mhr[IEEE802154_MAX_HDR_LEN]; uint8_t mhr[IEEE802154_MAX_HDR_LEN];
#endif #endif
@ -336,7 +336,7 @@ static int _send(gnrc_netif_t *netif, gnrc_pktsnip_t *pkt)
iolist_header.iol_next = (iolist_t *)pkt->next; iolist_header.iol_next = (iolist_t *)pkt->next;
uint8_t mic[IEEE802154_MAC_SIZE]; uint8_t mic[IEEE802154_SEC_MAX_MAC_SIZE];
uint8_t mic_size = 0; uint8_t mic_size = 0;
if (flags & NETDEV_IEEE802154_SECURITY_EN) { if (flags & NETDEV_IEEE802154_SECURITY_EN) {

105
sys/net/link_layer/ieee802154/security.c
View File

@ -118,27 +118,27 @@ static inline uint8_t _ccm_flag(uint8_t M, uint8_t L)
static inline uint8_t _get_sec_level(uint8_t scf) static inline uint8_t _get_sec_level(uint8_t scf)
{ {
return (scf & IEEE802154_SCF_SECLEVEL_MASK) return (scf & IEEE802154_SEC_SCF_SECLEVEL_MASK)
>> IEEE802154_SCF_SECLEVEL_SHIFT; >> IEEE802154_SEC_SCF_SECLEVEL_SHIFT;
} }
static inline uint8_t _get_key_id_mode(uint8_t scf) static inline uint8_t _get_key_id_mode(uint8_t scf)
{ {
return (scf & IEEE802154_SCF_KEYMODE_MASK) return (scf & IEEE802154_SEC_SCF_KEYMODE_MASK)
>> IEEE802154_SCF_KEYMODE_SHIFT; >> IEEE802154_SEC_SCF_KEYMODE_SHIFT;
} }
static inline uint8_t _mac_size(uint8_t sec_level) static inline uint8_t _mac_size(uint8_t sec_level)
{ {
switch (sec_level) { switch (sec_level) {
case IEEE802154_SCF_SECLEVEL_MIC32: case IEEE802154_SEC_SCF_SECLEVEL_MIC32:
case IEEE802154_SCF_SECLEVEL_ENC_MIC32: case IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC32:
return 4; return 4;
case IEEE802154_SCF_SECLEVEL_MIC64: case IEEE802154_SEC_SCF_SECLEVEL_MIC64:
case IEEE802154_SCF_SECLEVEL_ENC_MIC64: case IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC64:
return 8; return 8;
case IEEE802154_SCF_SECLEVEL_MIC128: case IEEE802154_SEC_SCF_SECLEVEL_MIC128:
case IEEE802154_SCF_SECLEVEL_ENC_MIC128: case IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC128:
return 16; return 16;
default: default:
return 0; return 0;
@ -149,12 +149,12 @@ static inline uint8_t _mac_size(uint8_t sec_level)
static inline bool _req_mac(uint8_t sec_level) static inline bool _req_mac(uint8_t sec_level)
{ {
switch (sec_level) { switch (sec_level) {
case IEEE802154_SCF_SECLEVEL_MIC32: case IEEE802154_SEC_SCF_SECLEVEL_MIC32:
case IEEE802154_SCF_SECLEVEL_MIC64: case IEEE802154_SEC_SCF_SECLEVEL_MIC64:
case IEEE802154_SCF_SECLEVEL_MIC128: case IEEE802154_SEC_SCF_SECLEVEL_MIC128:
case IEEE802154_SCF_SECLEVEL_ENC_MIC32: case IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC32:
case IEEE802154_SCF_SECLEVEL_ENC_MIC64: case IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC64:
case IEEE802154_SCF_SECLEVEL_ENC_MIC128: case IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC128:
return true; return true;
default: default:
return false; return false;
@ -165,10 +165,10 @@ static inline bool _req_mac(uint8_t sec_level)
static inline bool _req_encryption(uint8_t sec_level) static inline bool _req_encryption(uint8_t sec_level)
{ {
switch (sec_level) { switch (sec_level) {
case IEEE802154_SCF_SECLEVEL_ENC: case IEEE802154_SEC_SCF_SECLEVEL_ENC:
case IEEE802154_SCF_SECLEVEL_ENC_MIC32: case IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC32:
case IEEE802154_SCF_SECLEVEL_ENC_MIC64: case IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC64:
case IEEE802154_SCF_SECLEVEL_ENC_MIC128: case IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC128:
return true; return true;
default: default:
return false; return false;
@ -184,24 +184,24 @@ static inline void _memxor(void *dst, const void* src, size_t size)
static inline uint8_t _scf(uint8_t sec_level, uint8_t key_mode) static inline uint8_t _scf(uint8_t sec_level, uint8_t key_mode)
{ {
return (sec_level << IEEE802154_SCF_SECLEVEL_SHIFT) | return (sec_level << IEEE802154_SEC_SCF_SECLEVEL_SHIFT) |
(key_mode << IEEE802154_SCF_KEYMODE_SHIFT); (key_mode << IEEE802154_SEC_SCF_KEYMODE_SHIFT);
} }
static inline uint8_t _get_aux_hdr_size(uint8_t security_level, static inline uint8_t _get_aux_hdr_size(uint8_t security_level,
uint8_t key_mode) uint8_t key_mode)
{ {
if (security_level == IEEE802154_SCF_SECLEVEL_NONE) { if (security_level == IEEE802154_SEC_SCF_SECLEVEL_NONE) {
return 0; return 0;
} }
switch (key_mode) { switch (key_mode) {
case IEEE802154_SCF_KEYMODE_IMPLICIT: case IEEE802154_SEC_SCF_KEYMODE_IMPLICIT:
return 5; return 5;
case IEEE802154_SCF_KEYMODE_INDEX: case IEEE802154_SEC_SCF_KEYMODE_INDEX:
return 6; return 6;
case IEEE802154_SCF_KEYMODE_SHORT_INDEX: case IEEE802154_SEC_SCF_KEYMODE_SHORT_INDEX:
return 10; return 10;
case IEEE802154_SCF_KEYMODE_HW_INDEX: case IEEE802154_SEC_SCF_KEYMODE_HW_INDEX:
return 14; return 14;
default: default:
return 0; return 0;
@ -209,7 +209,7 @@ static inline uint8_t _get_aux_hdr_size(uint8_t security_level,
} }
static uint8_t _set_aux_hdr(const ieee802154_sec_context_t *ctx, static uint8_t _set_aux_hdr(const ieee802154_sec_context_t *ctx,
ieee802154_aux_sec_t *ahr) ieee802154_sec_aux_t *ahr)
{ {
ahr->scf = _scf(ctx->security_level, ctx->key_id_mode); ahr->scf = _scf(ctx->security_level, ctx->key_id_mode);
/* If you look in the specification: Annex C, /* If you look in the specification: Annex C,
@ -217,18 +217,18 @@ static uint8_t _set_aux_hdr(const ieee802154_sec_context_t *ctx,
ahr->fc = byteorder_htoll(ctx->frame_counter).u32; ahr->fc = byteorder_htoll(ctx->frame_counter).u32;
size_t len = 5; size_t len = 5;
switch (ctx->key_id_mode) { switch (ctx->key_id_mode) {
case IEEE802154_SCF_KEYMODE_IMPLICIT: case IEEE802154_SEC_SCF_KEYMODE_IMPLICIT:
break; break;
case IEEE802154_SCF_KEYMODE_INDEX: case IEEE802154_SEC_SCF_KEYMODE_INDEX:
memcpy(ahr->key_id, &ctx->key_index, 1); memcpy(ahr->key_id, &ctx->key_index, 1);
len++; len++;
break; break;
case IEEE802154_SCF_KEYMODE_SHORT_INDEX: case IEEE802154_SEC_SCF_KEYMODE_SHORT_INDEX:
memcpy(ahr->key_id, ctx->key_source, 4); memcpy(ahr->key_id, ctx->key_source, 4);
memcpy(ahr->key_id + 4, &ctx->key_index, 1); memcpy(ahr->key_id + 4, &ctx->key_index, 1);
len += 5; len += 5;
break; break;
case IEEE802154_SCF_KEYMODE_HW_INDEX: case IEEE802154_SEC_SCF_KEYMODE_HW_INDEX:
memcpy(ahr->key_id, ctx->key_source, 8); memcpy(ahr->key_id, ctx->key_source, 8);
memcpy(ahr->key_id + 8, &ctx->key_index, 1); memcpy(ahr->key_id + 8, &ctx->key_index, 1);
len += 9; len += 9;
@ -242,7 +242,7 @@ static uint8_t _set_aux_hdr(const ieee802154_sec_context_t *ctx,
/** /**
* @brief Construct the first block A0 for CTR * @brief Construct the first block A0 for CTR
*/ */
static inline void _init_ctr_A0(ieee802154_ccm_block_t *A0, static inline void _init_ctr_A0(ieee802154_sec_ccm_block_t *A0,
uint32_t frame_counter, uint32_t frame_counter,
uint8_t security_level, uint8_t security_level,
const uint8_t *src_address) const uint8_t *src_address)
@ -257,7 +257,7 @@ static inline void _init_ctr_A0(ieee802154_ccm_block_t *A0,
/** /**
* @brief In CTR, the blocks Ai differ in a successive counter * @brief In CTR, the blocks Ai differ in a successive counter
*/ */
static inline void _advance_ctr_Ai(ieee802154_ccm_block_t *Ai) static inline void _advance_ctr_Ai(ieee802154_sec_ccm_block_t *Ai)
{ {
Ai->counter = htons(ntohs(Ai->counter) + 1); Ai->counter = htons(ntohs(Ai->counter) + 1);
} }
@ -265,7 +265,7 @@ static inline void _advance_ctr_Ai(ieee802154_ccm_block_t *Ai)
/** /**
* @brief Construct the first block B0 for CBC-MAC * @brief Construct the first block B0 for CBC-MAC
*/ */
static inline void _init_cbc_B0(ieee802154_ccm_block_t *B0, static inline void _init_cbc_B0(ieee802154_sec_ccm_block_t *B0,
uint32_t frame_counter, uint32_t frame_counter,
uint8_t security_level, uint8_t security_level,
uint16_t m_len, uint16_t m_len,
@ -281,7 +281,7 @@ static inline void _init_cbc_B0(ieee802154_ccm_block_t *B0,
static const uint8_t *_get_encryption_key(const ieee802154_sec_context_t *ctx, static const uint8_t *_get_encryption_key(const ieee802154_sec_context_t *ctx,
const uint8_t *mhr, uint8_t mhr_len, const uint8_t *mhr, uint8_t mhr_len,
const ieee802154_aux_sec_t *ahr) const ieee802154_sec_aux_t *ahr)
{ {
(void)mhr; (void)mhr;
(void)mhr_len; (void)mhr_len;
@ -293,7 +293,7 @@ static const uint8_t *_get_encryption_key(const ieee802154_sec_context_t *ctx,
static const uint8_t *_get_decryption_key(const ieee802154_sec_context_t *ctx, static const uint8_t *_get_decryption_key(const ieee802154_sec_context_t *ctx,
const uint8_t *mhr, uint8_t mhr_len, const uint8_t *mhr, uint8_t mhr_len,
const ieee802154_aux_sec_t *ahr) const ieee802154_sec_aux_t *ahr)
{ {
(void)mhr; (void)mhr;
(void)mhr_len; (void)mhr_len;
@ -344,14 +344,14 @@ static uint8_t _cbc_next(ieee802154_sec_context_t *ctx,
} }
static void _comp_mic(ieee802154_sec_context_t *ctx, static void _comp_mic(ieee802154_sec_context_t *ctx,
uint8_t mic[IEEE802154_MAC_SIZE], uint8_t mic[IEEE802154_SEC_MAX_MAC_SIZE],
ieee802154_ccm_block_t *B0, ieee802154_sec_ccm_block_t *B0,
const void *a, uint16_t a_len, const void *a, uint16_t a_len,
const void *m, uint16_t m_len) const void *m, uint16_t m_len)
{ {
uint8_t tmp[IEEE802154_SEC_BLOCK_SIZE] = { 0 }; uint8_t tmp[IEEE802154_SEC_BLOCK_SIZE] = { 0 };
uint16_t off; uint16_t off;
memset(mic, 0, IEEE802154_MAC_SIZE); memset(mic, 0, IEEE802154_SEC_MAX_MAC_SIZE);
_cbc_next(ctx, mic, tmp, (uint8_t *)B0, sizeof(*B0)); _cbc_next(ctx, mic, tmp, (uint8_t *)B0, sizeof(*B0));
byteorder_htobebufs(tmp, a_len); byteorder_htobebufs(tmp, a_len);
off = _min(sizeof(tmp) - sizeof(uint16_t), a_len); off = _min(sizeof(tmp) - sizeof(uint16_t), a_len);
@ -366,7 +366,7 @@ static void _comp_mic(ieee802154_sec_context_t *ctx,
} }
static void _ctr(ieee802154_sec_context_t *ctx, static void _ctr(ieee802154_sec_context_t *ctx,
ieee802154_ccm_block_t *A0, ieee802154_sec_ccm_block_t *A0,
const void *m, uint16_t m_len) const void *m, uint16_t m_len)
{ {
uint8_t tmp1[IEEE802154_SEC_BLOCK_SIZE] = { 0 }; uint8_t tmp1[IEEE802154_SEC_BLOCK_SIZE] = { 0 };
@ -380,7 +380,7 @@ static void _ctr(ieee802154_sec_context_t *ctx,
} }
static void _ctr_mic(ieee802154_sec_context_t *ctx, static void _ctr_mic(ieee802154_sec_context_t *ctx,
ieee802154_ccm_block_t *A0, ieee802154_sec_ccm_block_t *A0,
void *mic, uint8_t mic_size) void *mic, uint8_t mic_size)
{ {
uint8_t tmp1[IEEE802154_SEC_BLOCK_SIZE] = { 0 }; uint8_t tmp1[IEEE802154_SEC_BLOCK_SIZE] = { 0 };
@ -396,13 +396,12 @@ void ieee802154_sec_init(ieee802154_sec_context_t *ctx)
/* device driver can override this */ /* device driver can override this */
ctx->dev.ctx = ctx; ctx->dev.ctx = ctx;
/* MIC64 is the only mandatory security mode */ /* MIC64 is the only mandatory security mode */
ctx->security_level = IEEE802154_SCF_SECLEVEL_ENC_MIC64; ctx->security_level = IEEE802154_SEC_SCF_SECLEVEL_ENC_MIC64;
ctx->key_id_mode = IEEE802154_SCF_KEYMODE_IMPLICIT; ctx->key_id_mode = IEEE802154_SEC_SCF_KEYMODE_IMPLICIT;
memset(ctx->key_source, 0, sizeof(ctx->key_source)); memset(ctx->key_source, 0, sizeof(ctx->key_source));
ctx->key_index = 0; ctx->key_index = 0;
ctx->frame_counter = 0; ctx->frame_counter = 0;
uint8_t key[] = IEEE802154_DEFAULT_KEY; uint8_t key[] = IEEE802154_SEC_DEFAULT_KEY;
assert(CIPHER_MAX_CONTEXT_SIZE >= IEEE802154_SEC_KEY_LENGTH); assert(CIPHER_MAX_CONTEXT_SIZE >= IEEE802154_SEC_KEY_LENGTH);
cipher_init(&ctx->cipher, CIPHER_AES_128, key, IEEE802154_SEC_KEY_LENGTH); cipher_init(&ctx->cipher, CIPHER_AES_128, key, IEEE802154_SEC_KEY_LENGTH);
} }
@ -417,7 +416,7 @@ int ieee802154_sec_encrypt_frame(ieee802154_sec_context_t *ctx,
ACKs are not encrypted. */ ACKs are not encrypted. */
assert((*((uint8_t *)header)) & IEEE802154_FCF_TYPE_DATA); assert((*((uint8_t *)header)) & IEEE802154_FCF_TYPE_DATA);
if (ctx->security_level == IEEE802154_SCF_SECLEVEL_NONE) { if (ctx->security_level == IEEE802154_SEC_SCF_SECLEVEL_NONE) {
*mic_size = 0; *mic_size = 0;
return IEEE802154_SEC_OK; return IEEE802154_SEC_OK;
} }
@ -428,7 +427,7 @@ int ieee802154_sec_encrypt_frame(ieee802154_sec_context_t *ctx,
} }
/* write the auxiliary header */ /* write the auxiliary header */
ieee802154_aux_sec_t *aux = (ieee802154_aux_sec_t *)(header + *header_size); ieee802154_sec_aux_t *aux = (ieee802154_sec_aux_t *)(header + *header_size);
uint8_t aux_size = _get_aux_hdr_size(ctx->security_level, ctx->key_id_mode); uint8_t aux_size = _get_aux_hdr_size(ctx->security_level, ctx->key_id_mode);
_set_aux_hdr(ctx, aux); _set_aux_hdr(ctx, aux);
@ -444,7 +443,7 @@ int ieee802154_sec_encrypt_frame(ieee802154_sec_context_t *ctx,
uint8_t *m = payload; uint8_t *m = payload;
uint16_t a_len = *header_size + aux_size; uint16_t a_len = *header_size + aux_size;
uint16_t m_len = payload_size; uint16_t m_len = payload_size;
ieee802154_ccm_block_t ccm; /* Ai or Bi */ ieee802154_sec_ccm_block_t ccm; /* Ai or Bi */
/* compute MIC */ /* compute MIC */
if (_req_mac(ctx->security_level)) { if (_req_mac(ctx->security_level)) {
@ -477,7 +476,7 @@ int ieee802154_sec_decrypt_frame(ieee802154_sec_context_t *ctx,
assert(*header & IEEE802154_FCF_TYPE_DATA); assert(*header & IEEE802154_FCF_TYPE_DATA);
/* read the fields of the auxiliary header */ /* read the fields of the auxiliary header */
ieee802154_aux_sec_t *aux = (ieee802154_aux_sec_t *)(header + *header_size); ieee802154_sec_aux_t *aux = (ieee802154_sec_aux_t *)(header + *header_size);
uint8_t security_level = _get_sec_level(aux->scf); uint8_t security_level = _get_sec_level(aux->scf);
uint8_t key_mode = _get_key_id_mode(aux->scf); uint8_t key_mode = _get_key_id_mode(aux->scf);
uint8_t aux_size = _get_aux_hdr_size(security_level, key_mode); uint8_t aux_size = _get_aux_hdr_size(security_level, key_mode);
@ -485,7 +484,7 @@ int ieee802154_sec_decrypt_frame(ieee802154_sec_context_t *ctx,
/* remember that the frame counter was stored in little endian */ /* remember that the frame counter was stored in little endian */
uint32_t frame_counter = byteorder_ltohl((le_uint32_t){aux->fc}); uint32_t frame_counter = byteorder_ltohl((le_uint32_t){aux->fc});
if (security_level == IEEE802154_SCF_SECLEVEL_NONE) { if (security_level == IEEE802154_SEC_SCF_SECLEVEL_NONE) {
*payload = header + *header_size; *payload = header + *header_size;
*payload_size = frame_size - *header_size; *payload_size = frame_size - *header_size;
*mic = NULL; *mic = NULL;
@ -510,7 +509,7 @@ int ieee802154_sec_decrypt_frame(ieee802154_sec_context_t *ctx,
uint16_t a_len = *header_size + aux_size; uint16_t a_len = *header_size + aux_size;
uint16_t c_len = *payload_size; uint16_t c_len = *payload_size;
uint8_t *mac = *mic; uint8_t *mac = *mic;
ieee802154_ccm_block_t ccm; /* Ai or Bi */ ieee802154_sec_ccm_block_t ccm; /* Ai or Bi */
/* TODO: /* TODO:
A better implementation would check if the received frame counter is A better implementation would check if the received frame counter is
@ -531,7 +530,7 @@ int ieee802154_sec_decrypt_frame(ieee802154_sec_context_t *ctx,
} }
/* check MIC */ /* check MIC */
if (_req_mac(security_level)) { if (_req_mac(security_level)) {
uint8_t tmp_mic[IEEE802154_MAC_SIZE]; uint8_t tmp_mic[IEEE802154_SEC_MAX_MAC_SIZE];
_init_cbc_B0(&ccm, frame_counter, security_level, c_len, mac_size, src_address); _init_cbc_B0(&ccm, frame_counter, security_level, c_len, mac_size, src_address);
_comp_mic(ctx, tmp_mic, &ccm, a, a_len, c, c_len); _comp_mic(ctx, tmp_mic, &ccm, a, a_len, c, c_len);
if (memcmp(tmp_mic, *mic, mac_size)) { if (memcmp(tmp_mic, *mic, mac_size)) {