56 #if LLSEC802154_ENABLED && !LLSEC802154_USES_EXPLICIT_KEYS 57 #error LLSEC802154_ENABLED set but LLSEC802154_USES_EXPLICIT_KEYS unset 64 static aes_key keys[] = {
68 #define N_KEYS (sizeof(keys) / sizeof(aes_key)) 72 tsch_security_init_nonce(uint8_t *nonce,
73 const linkaddr_t *sender,
struct tsch_asn_t *asn)
75 memcpy(nonce, sender, 8);
77 nonce[9] = (asn->ls4b >> 24) & 0xff;
78 nonce[10] = (asn->ls4b >> 16) & 0xff;
79 nonce[11] = (asn->ls4b >> 8) & 0xff;
80 nonce[12] = (asn->ls4b) & 0xff;
86 uint8_t required_security_level;
87 uint8_t required_key_index;
97 return !(tsch_is_associated == 1 && tsch_is_pan_secured == 1);
101 if(tsch_is_associated == 1 && tsch_is_pan_secured == 0) {
107 case FRAME802154_BEACONFRAME:
108 required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_EB;
109 required_key_index = TSCH_SECURITY_KEY_INDEX_EB;
111 case FRAME802154_ACKFRAME:
112 required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_ACK;
113 required_key_index = TSCH_SECURITY_KEY_INDEX_ACK;
116 required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_OTHER;
117 required_key_index = TSCH_SECURITY_KEY_INDEX_OTHER;
121 required_security_level) &&
137 int hdrlen,
int datalen,
struct tsch_asn_t *asn)
140 uint8_t key_index = 0;
141 uint8_t security_level = 0;
142 uint8_t with_encryption;
145 struct ieee802154_ies ies;
150 if(hdr == NULL || outbuf == NULL || hdrlen < 0 || datalen < 0) {
159 memset(&ies, 0,
sizeof(ies));
160 if(frame802154e_parse_information_elements(hdr + hdrlen, datalen, &ies) > 0) {
162 hdrlen += ies.ie_payload_ie_offset;
163 datalen -= ies.ie_payload_ie_offset;
174 with_encryption = (security_level & 0x4) ? 1 : 0;
177 if(key_index == 0 || key_index > N_KEYS) {
183 if(with_encryption) {
187 a_len = hdrlen + datalen;
193 memcpy(outbuf, hdr, a_len + m_len);
196 CCM_STAR.set_key(keys[key_index - 1]);
199 outbuf + a_len, m_len,
201 outbuf + hdrlen + datalen, mic_len, 1);
211 uint8_t generated_mic[16];
212 uint8_t key_index = 0;
213 uint8_t security_level = 0;
214 uint8_t with_encryption;
219 struct ieee802154_ies ies;
221 if(frame == NULL || hdr == NULL || hdrlen < 0 || datalen < 0) {
225 if(!tsch_security_check_level(frame)) {
237 with_encryption = (security_level & 0x4) ? 1 : 0;
241 if(key_index == 0 || key_index > N_KEYS) {
245 memset(&ies, 0,
sizeof(ies));
246 (void)frame802154e_parse_information_elements(hdr + hdrlen, datalen, &ies);
248 hdrlen += ies.ie_payload_ie_offset;
249 datalen -= ies.ie_payload_ie_offset;
251 tsch_security_init_nonce(nonce, sender, asn);
253 if(with_encryption) {
257 a_len = hdrlen + datalen;
261 CCM_STAR.set_key(keys[key_index - 1]);
264 (uint8_t *)hdr + a_len, m_len,
265 (uint8_t *)hdr, a_len,
266 generated_mic, mic_len, 0);
268 if(mic_len > 0 && memcmp(generated_mic, hdr + hdrlen + datalen, mic_len) != 0) {
frame802154_scf_t security_control
Security control bitfield.
frame802154_fcf_t fcf
Frame control field.
uint8_t security_level
3 bit.
uint8_t security_enabled
1 bit.
int frame802154_parse(uint8_t *data, int len, frame802154_t *pf)
Parses an input frame.
unsigned int tsch_security_parse_frame(const uint8_t *hdr, int hdrlen, int datalen, const frame802154_t *frame, const linkaddr_t *sender, struct tsch_asn_t *asn)
Parse and check a frame protected with encryption and/or MIC.
A MAC framer for IEEE 802.15.4
uint8_t key_index
Key Index subfield.
linkaddr_t linkaddr_node_addr
The link-layer address of the node.
unsigned int tsch_security_mic_len(const frame802154_t *frame)
Return MIC length.
Main API declarations for TSCH.
802.15.4 frame creation and parsing functions
Parameters used by the frame802154_create() function.
Header file for the Packet buffer (packetbuf) management
Include file for the Contiki low-layer network stack (NETSTACK)
unsigned int tsch_security_secure_frame(uint8_t *hdr, uint8_t *outbuf, int hdrlen, int datalen, struct tsch_asn_t *asn)
Protect a frame with encryption and/or MIC.
The ASN is an absolute slot number over 5 bytes.
frame802154_aux_hdr_t aux_hdr
Aux security header.