RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-17 10:12:45 +01:00
Code Releases Activity

Merge pull request #15909 from leandrolanzieri/pr/ieee802154_security_radio_hal

Browse Source 
net/ieee802154_security: remove radio hal dependency and cleanup
This commit is contained in:
Martine Lenders 2021-02-05 17:08:52 +01:00 committed by GitHub
commit 492000f232
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 72 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
sys/include/net/ieee802154/radio.h
View File

@ -732,64 +732,6 @@ struct ieee802154_radio_ops {
int (*set_rx_mode)(ieee802154_dev_t *dev, ieee802154_rx_mode_t mode); int (*set_rx_mode)(ieee802154_dev_t *dev, ieee802154_rx_mode_t mode);
}; };
/**
* @brief Forward declaration of the radio cipher ops structure
*/
typedef struct ieee802154_radio_cipher_ops ieee802154_radio_cipher_ops_t;
/**
* @brief Forward declaration of the IEEE802.15.4 security device descriptor
*/
typedef struct ieee802154_sec_dev ieee802154_sec_dev_t;
/**
* @brief IEEE802.15.4 security device descriptor
*/
struct ieee802154_sec_dev {
/**
* @brief Pointer to the operations of the device
*/
const struct ieee802154_radio_cipher_ops *cipher_ops;
/**
* @brief pointer to the context of the device
*/
void *ctx;
};
struct ieee802154_radio_cipher_ops {
/**
* @brief Function to set the encryption key for the
* next cipher operation
*
* @param[in] dev Security device descriptor
* @param[in] key Key to be used for the next cipher operation
* @param[in] key_size key size in bytes
*/
void (*set_key)(ieee802154_sec_dev_t *dev,
const uint8_t *key, uint8_t key_size);
/**
* @brief Function to perform ECB encryption
*
* @param[in] dev Security device descriptor
* @param[out] cipher Output cipher blocks
* @param[in] plain Input plain blocks
* @param[in] nblocks Number of blocks
*/
void (*ecb)(const ieee802154_sec_dev_t *dev, uint8_t *cipher,
const uint8_t *plain, uint8_t nblocks);
/**
* @brief Function to compute CBC-MAC
*
* @param[in] dev Security device descriptor
* @param[in] cipher Output cipher blocks
* @param[in, out] iv in: IV; out: computed MIC
* @param[in] plain Input plain blocks
* @param[in] nblocks Number of blocks
*/
void (*cbc)(const ieee802154_sec_dev_t *dev, uint8_t *cipher,
uint8_t *iv, const uint8_t *plain, uint8_t nblocks);
};
/** /**
* @brief Shortcut to @ref ieee802154_radio_ops::write * @brief Shortcut to @ref ieee802154_radio_ops::write
* *
@ -1229,48 +1171,6 @@ static inline int ieee802154_radio_set_rx_mode(ieee802154_dev_t *dev,
return dev->driver->set_rx_mode(dev, mode); return dev->driver->set_rx_mode(dev, mode);
} }
/**
* @brief Shortcut to ieee802154_sec_dev_t::ieee802154_radio_cipher_ops_t::set_key
*
* @param[in] dev IEEE802.15.4 security device descriptor
* @param[in] key Encryption key
* @param[in] key_size Size of the key in bytes
*/
static inline void ieee802154_radio_cipher_set_key(ieee802154_sec_dev_t *dev,
const uint8_t *key, uint8_t key_size)
{
dev->cipher_ops->set_key(dev->ctx, key, key_size);
}
/**
* @brief Shortcut to ieee802154_sec_dev_t::ieee802154_radio_cipher_ops_t::ecb
*
* @param[in] dev IEEE802.15.4 security device descriptor
* @param[out] cipher Output cipher blocks
* @param[in] plain Input plain blocks
* @param[in] nblocks Number of blocks
*/
static inline void ieee802154_radio_cipher_ecb(const ieee802154_sec_dev_t *dev, uint8_t *cipher,
const uint8_t *plain, uint8_t nblocks)
{
dev->cipher_ops->ecb(dev->ctx, cipher, plain, nblocks);
}
/**
* @brief Shortcut to ieee802154_sec_dev_t::ieee802154_radio_cipher_ops_t::cbc
*
* @param[in] dev IEEE802.15.4 security device descriptor
* @param[out] cipher Output cipher blocks
* @param[in] iv Initial vector to be XOR´ed to the first plain block
* @param[in] plain Input plain blocks
* @param[in] nblocks Number of blocks
*/
static inline void ieee802154_radio_cipher_cbc(const ieee802154_sec_dev_t *dev, uint8_t *cipher,
uint8_t *iv, const uint8_t *plain, uint8_t nblocks)
{
dev->cipher_ops->cbc(dev->ctx, cipher, iv, plain, nblocks);
}
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

64
sys/include/net/ieee802154_security.h
View File

@ -33,9 +33,6 @@
extern "C" { extern "C" {
#endif #endif
#if IS_USED(MODULE_IEEE802154_RADIO_HAL)
#include "net/ieee802154/radio.h"
#else
/** /**
* @brief Forward declaration of an IEEE802.15.4 abstract security device * @brief Forward declaration of an IEEE802.15.4 abstract security device
*/ */
@ -43,6 +40,12 @@ typedef struct ieee802154_sec_dev ieee802154_sec_dev_t;
/** /**
* @brief Struct of security operations * @brief Struct of security operations
*
* @note A device can indicate that the fallback implementations should be
* used by setting the corresponding member to `NULL`, or pointing to
* @ref ieee802154_radio_cipher_ops, which does the same. Note that
* @ref ieee802154_radio_cipher_ops is the default security operations
* driver assigned when @ref ieee802154_sec_init is called.
*/ */
typedef struct ieee802154_radio_cipher_ops { typedef struct ieee802154_radio_cipher_ops {
/** /**
@ -97,7 +100,6 @@ struct ieee802154_sec_dev {
*/ */
void *ctx; void *ctx;
}; };
#endif
#if !defined(IEEE802154_DEFAULT_KEY) || defined(DOXYGEN) #if !defined(IEEE802154_DEFAULT_KEY) || defined(DOXYGEN)
/** /**
@ -406,7 +408,7 @@ int ieee802154_sec_encrypt_frame(ieee802154_sec_context_t *ctx,
* *
* @param[in] ctx IEEE 802.15.4 security context * @param[in] ctx IEEE 802.15.4 security context
* @param[in] frame_size Size of received frame * @param[in] frame_size Size of received frame
* @param[in] header Poinzter to header, which is also the frame * @param[in] header Pointer to header, which is also the frame
* @param[in, out] header_size in: Header size; out: Size of header and auxiliary header * @param[in, out] header_size in: Header size; out: Size of header and auxiliary header
* @param[out] payload Will point to the beginning of the payload * @param[out] payload Will point to the beginning of the payload
* @param[out] payload_size Pointer to store the payload size * @param[out] payload_size Pointer to store the payload size
@ -427,57 +429,7 @@ int ieee802154_sec_decrypt_frame(ieee802154_sec_context_t *ctx,
const uint8_t *src_address); const uint8_t *src_address);
/** /**
* @brief Set the encryption key to be used for the next cipher operation * @brief Default descriptor that will fallback to default implementations
*
* This function should be the default callback operation to set the encryption key,
* if a radio does not provide special hardware security features.
*
* @param[in] dev Security device
* @param[in] key Key to be use for the next cipher operation
* @param[in] key_size Key size
*/
void ieee802154_sec_set_key(ieee802154_sec_dev_t *dev,
const uint8_t *key, uint8_t key_size);
/**
* @brief Perform ECB block cipher for IEEE802154 security layer
*
* This function should be the default callback operation to perform ECB,
* if a radio does not provide special hardware security features.
*
* @param[in] dev Security device
* @param[out] cipher Output cipher blocks
* @param[in] plain Input plain blocks
* @param[in] nblocks Number of blocks
*/
void ieee802154_sec_ecb(const ieee802154_sec_dev_t *dev,
uint8_t *cipher,
const uint8_t *plain,
uint8_t nblocks);
/**
* @brief Perform CBC block cipher for IEEE802154 security layer
* MIC computation
*
* This function should be the default callback operation to perform CBC,
* if a radio does not provide special hardware security features.
*
* @param[in] dev Security device
* @param[out] cipher Output cipher blocks
* @param[in] iv Initial vector
* @param[in] plain Input plain blocks
* @param[in] nblocks Number of blocks
*/
void ieee802154_sec_cbc(const ieee802154_sec_dev_t *dev,
uint8_t *cipher,
uint8_t *iv,
const uint8_t *plain,
uint8_t nblocks);
/**
* @brief Implements @ref ieee802154_sec_set_key,
* @ref ieee802154_sec_ecb,
* @ref ieee802154_sec_cbc
*/ */
extern const ieee802154_radio_cipher_ops_t ieee802154_radio_cipher_ops; extern const ieee802154_radio_cipher_ops_t ieee802154_radio_cipher_ops;

96
sys/net/link_layer/ieee802154/security.c
View File

@ -24,9 +24,9 @@
#include "net/ieee802154_security.h" #include "net/ieee802154_security.h"
const ieee802154_radio_cipher_ops_t ieee802154_radio_cipher_ops = { const ieee802154_radio_cipher_ops_t ieee802154_radio_cipher_ops = {
.set_key = ieee802154_sec_set_key, .set_key = NULL,
.ecb = ieee802154_sec_ecb, .ecb = NULL,
.cbc = ieee802154_sec_cbc .cbc = NULL
}; };
static inline uint16_t _min(uint16_t a, uint16_t b) static inline uint16_t _min(uint16_t a, uint16_t b)
@ -34,6 +34,41 @@ static inline uint16_t _min(uint16_t a, uint16_t b)
return a < b ? a : b; return a < b ? a : b;
} }
/**
* @brief Perform an ECB block cipher for IEEE 802.15.4 security layer.
*
* This is the fallback implementation for the case where the security device
* does not provide an specific implementation.
*
* @param[in] dev Security device
* @param[out] cipher Output cipher blocks
* @param[in] plain Input plain blocks
* @param[in] nblocks Number of blocks
*/
static void _sec_ecb(const ieee802154_sec_dev_t *dev,
uint8_t *cipher,
const uint8_t *plain,
uint8_t nblocks);
/**
* @brief Perform a CBC block cipher for IEEE 802.15.4 security layer MIC
* computation.
*
* This is the fallback implementation for the case where the security device
* does not provide an specific implementation.
*
* @param[in] dev Security device
* @param[out] cipher Output cipher blocks
* @param[in] iv Initial vector
* @param[in] plain Input plain blocks
* @param[in] nblocks Number of blocks
*/
static void _sec_cbc(const ieee802154_sec_dev_t *dev,
uint8_t *cipher,
uint8_t *iv,
const uint8_t *plain,
uint8_t nblocks);
/** /**
* @brief Flag field of CCM input block * @brief Flag field of CCM input block
* *
@ -254,7 +289,12 @@ static uint8_t _ecb(ieee802154_sec_context_t *ctx,
const uint8_t *Ai, uint16_t size) const uint8_t *Ai, uint16_t size)
{ {
uint16_t s = _min(IEEE802154_SEC_BLOCK_SIZE, size); uint16_t s = _min(IEEE802154_SEC_BLOCK_SIZE, size);
ctx->dev.cipher_ops->ecb(&ctx->dev, tmp2, Ai, 1); if (ctx->dev.cipher_ops->ecb) {
ctx->dev.cipher_ops->ecb(&ctx->dev, tmp2, Ai, 1);
}
else {
_sec_ecb(&ctx->dev, tmp2, Ai, 1);
}
memcpy(tmp1, data, s); memcpy(tmp1, data, s);
memset(tmp1 + s, 0, IEEE802154_SEC_BLOCK_SIZE - s); memset(tmp1 + s, 0, IEEE802154_SEC_BLOCK_SIZE - s);
_memxor(tmp1, tmp2, IEEE802154_SEC_BLOCK_SIZE); _memxor(tmp1, tmp2, IEEE802154_SEC_BLOCK_SIZE);
@ -272,13 +312,20 @@ static uint8_t _cbc_next(ieee802154_sec_context_t *ctx,
uint16_t s = _min(IEEE802154_SEC_BLOCK_SIZE, size); uint16_t s = _min(IEEE802154_SEC_BLOCK_SIZE, size);
memcpy(tmp, next, s); memcpy(tmp, next, s);
memset(tmp + s, 0, IEEE802154_SEC_BLOCK_SIZE - s); memset(tmp + s, 0, IEEE802154_SEC_BLOCK_SIZE - s);
ctx->dev.cipher_ops->cbc(&ctx->dev, last, last, tmp, 1); if (ctx->dev.cipher_ops->cbc){
ctx->dev.cipher_ops->cbc(&ctx->dev, last, last, tmp, 1);
}
else {
_sec_cbc(&ctx->dev, last, last, tmp, 1);
}
return s; return s;
} }
static void _set_key(ieee802154_sec_context_t *ctx, const uint8_t *key) static void _set_key(ieee802154_sec_context_t *ctx, const uint8_t *key)
{ {
ctx->dev.cipher_ops->set_key(&ctx->dev, key, IEEE802154_SEC_BLOCK_SIZE); if (ctx->dev.cipher_ops->set_key) {
ctx->dev.cipher_ops->set_key(&ctx->dev, key, IEEE802154_SEC_BLOCK_SIZE);
}
memcpy(ctx->cipher.context.context, key, IEEE802154_SEC_KEY_LENGTH); memcpy(ctx->cipher.context.context, key, IEEE802154_SEC_KEY_LENGTH);
} }
@ -481,39 +528,24 @@ int ieee802154_sec_decrypt_frame(ieee802154_sec_context_t *ctx,
return IEEE802154_SEC_OK; return IEEE802154_SEC_OK;
} }
void ieee802154_sec_set_key(ieee802154_sec_dev_t *ctx, static void _sec_ecb(const ieee802154_sec_dev_t *dev,
const uint8_t *key, uint8_t key_size) uint8_t *cipher,
const uint8_t *plain,
uint8_t nblocks)
{ {
/* This is a dummy implementation of the set_key callback cipher_encrypt_ecb(&((ieee802154_sec_context_t *)dev->ctx)->cipher,
in ieee802154_radio_cipher_ops_t.
The copying of the key is done in the static _set_key() function,
which wraps around the set_key callback and then copies.
For the software encryption / decryption, there is
nothing else to do, hence the NOP. For hardware support,
the key must be transferred to the transceiver. */
(void)ctx;
(void)key;
(void)key_size;
}
void ieee802154_sec_ecb(const ieee802154_sec_dev_t *ctx,
uint8_t *cipher,
const uint8_t *plain,
uint8_t nblocks)
{
cipher_encrypt_ecb(&((ieee802154_sec_context_t *)ctx->ctx)->cipher,
plain, plain,
nblocks * IEEE802154_SEC_BLOCK_SIZE, nblocks * IEEE802154_SEC_BLOCK_SIZE,
cipher); cipher);
} }
void ieee802154_sec_cbc(const ieee802154_sec_dev_t *ctx, static void _sec_cbc(const ieee802154_sec_dev_t *dev,
uint8_t *cipher, uint8_t *cipher,
uint8_t *iv, uint8_t *iv,
const uint8_t *plain, const uint8_t *plain,
uint8_t nblocks) uint8_t nblocks)
{ {
cipher_encrypt_cbc(&((ieee802154_sec_context_t *)ctx->ctx)->cipher, cipher_encrypt_cbc(&((ieee802154_sec_context_t *)dev->ctx)->cipher,
iv, iv,
plain, plain,
nblocks * IEEE802154_SEC_BLOCK_SIZE, nblocks * IEEE802154_SEC_BLOCK_SIZE,