Contiki-NG
tsch-security.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2014, SICS Swedish ICT.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the Institute nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * This file is part of the Contiki operating system.
30 *
31 */
32
33/**
34 * \file
35 * TSCH security
36 * \author
37 * Simon Duquennoy <simonduq@sics.se>
38 */
39
40/**
41 * \addtogroup tsch
42 * @{
43*/
44
45#include "contiki.h"
46#include "net/mac/tsch/tsch.h"
49#include "net/netstack.h"
50#include "net/packetbuf.h"
51#include "lib/ccm-star.h"
52#include "lib/aes-128.h"
53#include <stdio.h>
54#include <string.h>
55
56#if LLSEC802154_ENABLED && !LLSEC802154_USES_EXPLICIT_KEYS
57#error LLSEC802154_ENABLED set but LLSEC802154_USES_EXPLICIT_KEYS unset
58#endif /* LLSEC802154_ENABLED */
59
60/* The two keys K1 and K2 from 6TiSCH minimal configuration
61 * K1: well-known, used for EBs
62 * K2: secret, used for data and ACK
63 * */
64static aes_key keys[] = {
65 TSCH_SECURITY_K1,
66 TSCH_SECURITY_K2
67};
68#define N_KEYS (sizeof(keys) / sizeof(aes_key))
69
70/*---------------------------------------------------------------------------*/
71static void
72tsch_security_init_nonce(uint8_t *nonce,
73 const linkaddr_t *sender, struct tsch_asn_t *asn)
74{
75 memcpy(nonce, sender, 8);
76 nonce[8] = asn->ms1b;
77 nonce[9] = (asn->ls4b >> 24) & 0xff;
78 nonce[10] = (asn->ls4b >> 16) & 0xff;
79 nonce[11] = (asn->ls4b >> 8) & 0xff;
80 nonce[12] = (asn->ls4b) & 0xff;
81}
82/*---------------------------------------------------------------------------*/
83static int
84tsch_security_check_level(const frame802154_t *frame)
85{
86 uint8_t required_security_level;
87 uint8_t required_key_index;
88
89 /* Sanity check */
90 if(frame == NULL) {
91 return 0;
92 }
93
94 /* Non-secured frame, ok iff we are not in a secured PAN
95 * (i.e. scanning or associated to a non-secured PAN) */
96 if(frame->fcf.security_enabled == 0) {
97 return !(tsch_is_associated == 1 && tsch_is_pan_secured == 1);
98 }
99
100 /* The frame is secured, that we are not in an unsecured PAN */
101 if(tsch_is_associated == 1 && tsch_is_pan_secured == 0) {
102 return 0;
103 }
104
105 /* The frame is secured, check its security level */
106 switch(frame->fcf.frame_type) {
107 case FRAME802154_BEACONFRAME:
108 required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_EB;
109 required_key_index = TSCH_SECURITY_KEY_INDEX_EB;
110 break;
111 case FRAME802154_ACKFRAME:
112 required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_ACK;
113 required_key_index = TSCH_SECURITY_KEY_INDEX_ACK;
114 break;
115 default:
116 required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_OTHER;
117 required_key_index = TSCH_SECURITY_KEY_INDEX_OTHER;
118 break;
119 }
120 return ((frame->aux_hdr.security_control.security_level ==
121 required_security_level) &&
122 frame->aux_hdr.key_index == required_key_index);
123}
124/*---------------------------------------------------------------------------*/
125unsigned int
127{
128 if(frame != NULL && frame->fcf.security_enabled) {
129 return 2 << (frame->aux_hdr.security_control.security_level & 0x03);
130 } else {
131 return 0;
132 }
133}
134/*---------------------------------------------------------------------------*/
135unsigned int
136tsch_security_secure_frame(uint8_t *hdr, uint8_t *outbuf,
137 int hdrlen, int datalen, struct tsch_asn_t *asn)
138{
139 frame802154_t frame;
140 uint8_t key_index = 0;
141 uint8_t security_level = 0;
142 uint8_t with_encryption;
143 uint8_t mic_len;
144 uint8_t nonce[16];
145 struct ieee802154_ies ies;
146
147 uint8_t a_len;
148 uint8_t m_len;
149
150 if(hdr == NULL || outbuf == NULL || hdrlen < 0 || datalen < 0) {
151 return 0;
152 }
153
154 /* Parse the frame header to extract security settings */
155 if(frame802154_parse(hdr, hdrlen + datalen, &frame) < 3) {
156 return 0;
157 }
158
159 memset(&ies, 0, sizeof(ies));
160 if(frame802154e_parse_information_elements(hdr + hdrlen, datalen, &ies) > 0) {
161 /* put Header IEs into the header part which is not encrypted */
162 hdrlen += ies.ie_payload_ie_offset;
163 datalen -= ies.ie_payload_ie_offset;
164 }
165
166 if(!frame.fcf.security_enabled) {
167 /* Security is not enabled for this frame, we're done */
168 return 0;
169 }
170
171 /* Read security key index */
172 key_index = frame.aux_hdr.key_index;
173 security_level = frame.aux_hdr.security_control.security_level;
174 with_encryption = (security_level & 0x4) ? 1 : 0;
175 mic_len = tsch_security_mic_len(&frame);
176
177 if(key_index == 0 || key_index > N_KEYS) {
178 return 0;
179 }
180
181 tsch_security_init_nonce(nonce, &linkaddr_node_addr, asn);
182
183 if(with_encryption) {
184 a_len = hdrlen;
185 m_len = datalen;
186 } else {
187 a_len = hdrlen + datalen;
188 m_len = 0;
189 }
190
191 /* Copy source data to output */
192 if(hdr != outbuf) {
193 memcpy(outbuf, hdr, a_len + m_len);
194 }
195
196 CCM_STAR.set_key(keys[key_index - 1]);
197
198 CCM_STAR.aead(nonce,
199 outbuf + a_len, m_len,
200 outbuf, a_len,
201 outbuf + hdrlen + datalen, mic_len, 1);
202
203 return mic_len;
204}
205/*---------------------------------------------------------------------------*/
206unsigned int
207tsch_security_parse_frame(const uint8_t *hdr, int hdrlen, int datalen,
208 const frame802154_t *frame, const linkaddr_t *sender,
209 struct tsch_asn_t *asn)
210{
211 uint8_t generated_mic[16];
212 uint8_t key_index = 0;
213 uint8_t security_level = 0;
214 uint8_t with_encryption;
215 uint8_t mic_len;
216 uint8_t nonce[16];
217 uint8_t a_len;
218 uint8_t m_len;
219 struct ieee802154_ies ies;
220
221 if(frame == NULL || hdr == NULL || hdrlen < 0 || datalen < 0) {
222 return 0;
223 }
224
225 if(!tsch_security_check_level(frame)) {
226 /* Wrong security level */
227 return 0;
228 }
229
230 /* No security: nothing more to check */
231 if(!frame->fcf.security_enabled) {
232 return 1;
233 }
234
235 key_index = frame->aux_hdr.key_index;
236 security_level = frame->aux_hdr.security_control.security_level;
237 with_encryption = (security_level & 0x4) ? 1 : 0;
238 mic_len = tsch_security_mic_len(frame);
239
240 /* Check if key_index is in supported range */
241 if(key_index == 0 || key_index > N_KEYS) {
242 return 0;
243 }
244
245 memset(&ies, 0, sizeof(ies));
246 (void)frame802154e_parse_information_elements(hdr + hdrlen, datalen, &ies);
247 /* put Header IEs into the header part which is not encrypted */
248 hdrlen += ies.ie_payload_ie_offset;
249 datalen -= ies.ie_payload_ie_offset;
250
251 tsch_security_init_nonce(nonce, sender, asn);
252
253 if(with_encryption) {
254 a_len = hdrlen;
255 m_len = datalen;
256 } else {
257 a_len = hdrlen + datalen;
258 m_len = 0;
259 }
260
261 CCM_STAR.set_key(keys[key_index - 1]);
262
263 CCM_STAR.aead(nonce,
264 (uint8_t *)hdr + a_len, m_len,
265 (uint8_t *)hdr, a_len,
266 generated_mic, mic_len, 0);
267
268 if(mic_len > 0 && memcmp(generated_mic, hdr + hdrlen + datalen, mic_len) != 0) {
269 return 0;
270 } else {
271 return 1;
272 }
273}
274/*---------------------------------------------------------------------------*/
275void
277{
278#if LLSEC802154_ENABLED
279 if(tsch_is_pan_secured) {
280 /* Set security level, key id and index */
281 switch(frame_type) {
282 case FRAME802154_ACKFRAME:
283 /* For ACKs, we set attriburtes via tsch_packet_eackbuf_set_attr, as classic
284 * interrupts can not be used from interrupt context. */
285 tsch_packet_eackbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, TSCH_SECURITY_KEY_SEC_LEVEL_ACK);
286 tsch_packet_eackbuf_set_attr(PACKETBUF_ATTR_KEY_ID_MODE, FRAME802154_1_BYTE_KEY_ID_MODE);
287 tsch_packet_eackbuf_set_attr(PACKETBUF_ATTR_KEY_INDEX, TSCH_SECURITY_KEY_INDEX_ACK);
288 break;
289 case FRAME802154_BEACONFRAME:
290 packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, TSCH_SECURITY_KEY_SEC_LEVEL_EB);
291 packetbuf_set_attr(PACKETBUF_ATTR_KEY_ID_MODE, FRAME802154_1_BYTE_KEY_ID_MODE);
292 packetbuf_set_attr(PACKETBUF_ATTR_KEY_INDEX, TSCH_SECURITY_KEY_INDEX_EB);
293 break;
294 default:
295 packetbuf_set_attr(PACKETBUF_ATTR_SECURITY_LEVEL, TSCH_SECURITY_KEY_SEC_LEVEL_OTHER);
296 packetbuf_set_attr(PACKETBUF_ATTR_KEY_ID_MODE, FRAME802154_1_BYTE_KEY_ID_MODE);
297 packetbuf_set_attr(PACKETBUF_ATTR_KEY_INDEX, TSCH_SECURITY_KEY_INDEX_OTHER);
298 break;
299 }
300 }
301#endif /* LLSEC802154_ENABLED */
302}
303/** @} */
AES-128.
CCM* header file.
802.15.4 frame creation and parsing functions
A MAC framer for IEEE 802.15.4.
int frame802154_parse(uint8_t *data, int len, frame802154_t *pf)
Parses an input frame.
Definition: frame802154.c:500
linkaddr_t linkaddr_node_addr
The link-layer address of the node.
Definition: linkaddr.c:48
void tsch_security_set_packetbuf_attr(uint8_t frame_type)
Set packetbuf (or eackbuf) attributes depending on a given frame type.
unsigned int tsch_security_mic_len(const frame802154_t *frame)
Return MIC length.
unsigned int tsch_security_parse_frame(const uint8_t *hdr, int hdrlen, int datalen, const frame802154_t *frame, const linkaddr_t *sender, struct tsch_asn_t *asn)
Parse and check a frame protected with encryption and/or MIC.
unsigned int tsch_security_secure_frame(uint8_t *hdr, uint8_t *outbuf, int hdrlen, int datalen, struct tsch_asn_t *asn)
Protect a frame with encryption and/or MIC.
void tsch_packet_eackbuf_set_attr(uint8_t type, const packetbuf_attr_t val)
Set a packet attribute for the current eack.
Definition: tsch-packet.c:78
Include file for the Contiki low-layer network stack (NETSTACK)
Header file for the Packet buffer (packetbuf) management.
frame802154_scf_t security_control
Security control bitfield.
Definition: frame802154.h:189
uint8_t key_index
Key Index subfield.
Definition: frame802154.h:192
uint8_t frame_type
3 bit.
Definition: frame802154.h:154
uint8_t security_enabled
1 bit.
Definition: frame802154.h:155
uint8_t security_level
3 bit.
Definition: frame802154.h:169
Parameters used by the frame802154_create() function.
Definition: frame802154.h:199
frame802154_aux_hdr_t aux_hdr
Aux security header.
Definition: frame802154.h:209
frame802154_fcf_t fcf
Frame control field
Definition: frame802154.h:205
The ASN is an absolute slot number over 5 bytes.
Definition: tsch-asn.h:48
Main API declarations for TSCH.