Contiki-NG
tsch-security.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2014, SICS Swedish ICT.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  * 3. Neither the name of the Institute nor the names of its contributors
14  * may be used to endorse or promote products derived from this software
15  * without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * This file is part of the Contiki operating system.
30  *
31  */
32 
33 /**
34  * \file
35  * TSCH security
36  * \author
37  * Simon Duquennoy <simonduq@sics.se>
38  */
39 
40 /**
41  * \addtogroup tsch
42  * @{
43 */
44 
45 #include "contiki.h"
46 #include "net/mac/tsch/tsch.h"
47 #include "net/mac/framer/frame802154.h"
48 #include "net/mac/framer/framer-802154.h"
49 #include "net/netstack.h"
50 #include "net/packetbuf.h"
51 #include "lib/ccm-star.h"
52 #include "lib/aes-128.h"
53 #include <stdio.h>
54 #include <string.h>
55 
56 #if LLSEC802154_ENABLED && !LLSEC802154_USES_EXPLICIT_KEYS
57 #error LLSEC802154_ENABLED set but LLSEC802154_USES_EXPLICIT_KEYS unset
58 #endif /* LLSEC802154_ENABLED */
59 
60 /* The two keys K1 and K2 from 6TiSCH minimal configuration
61  * K1: well-known, used for EBs
62  * K2: secret, used for data and ACK
63  * */
64 static aes_key keys[] = {
65  TSCH_SECURITY_K1,
66  TSCH_SECURITY_K2
67 };
68 #define N_KEYS (sizeof(keys) / sizeof(aes_key))
69 
70 /*---------------------------------------------------------------------------*/
71 static void
72 tsch_security_init_nonce(uint8_t *nonce,
73  const linkaddr_t *sender, struct tsch_asn_t *asn)
74 {
75  memcpy(nonce, sender, 8);
76  nonce[8] = asn->ms1b;
77  nonce[9] = (asn->ls4b >> 24) & 0xff;
78  nonce[10] = (asn->ls4b >> 16) & 0xff;
79  nonce[11] = (asn->ls4b >> 8) & 0xff;
80  nonce[12] = (asn->ls4b) & 0xff;
81 }
82 /*---------------------------------------------------------------------------*/
83 static int
84 tsch_security_check_level(const frame802154_t *frame)
85 {
86  uint8_t required_security_level;
87  uint8_t required_key_index;
88 
89  /* Sanity check */
90  if(frame == NULL) {
91  return 0;
92  }
93 
94  /* Non-secured frame, ok iff we are not in a secured PAN
95  * (i.e. scanning or associated to a non-secured PAN) */
96  if(frame->fcf.security_enabled == 0) {
97  return !(tsch_is_associated == 1 && tsch_is_pan_secured == 1);
98  }
99 
100  /* The frame is secured, that we are not in an unsecured PAN */
101  if(tsch_is_associated == 1 && tsch_is_pan_secured == 0) {
102  return 0;
103  }
104 
105  /* The frame is secured, check its security level */
106  switch(frame->fcf.frame_type) {
107  case FRAME802154_BEACONFRAME:
108  required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_EB;
109  required_key_index = TSCH_SECURITY_KEY_INDEX_EB;
110  break;
111  case FRAME802154_ACKFRAME:
112  required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_ACK;
113  required_key_index = TSCH_SECURITY_KEY_INDEX_ACK;
114  break;
115  default:
116  required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_OTHER;
117  required_key_index = TSCH_SECURITY_KEY_INDEX_OTHER;
118  break;
119  }
120  return ((frame->aux_hdr.security_control.security_level ==
121  required_security_level) &&
122  frame->aux_hdr.key_index == required_key_index);
123 }
124 /*---------------------------------------------------------------------------*/
125 unsigned int
126 tsch_security_mic_len(const frame802154_t *frame)
127 {
128  if(frame != NULL && frame->fcf.security_enabled) {
129  return 2 << (frame->aux_hdr.security_control.security_level & 0x03);
130  } else {
131  return 0;
132  }
133 }
134 /*---------------------------------------------------------------------------*/
135 unsigned int
136 tsch_security_secure_frame(uint8_t *hdr, uint8_t *outbuf,
137  int hdrlen, int datalen, struct tsch_asn_t *asn)
138 {
139  frame802154_t frame;
140  uint8_t key_index = 0;
141  uint8_t security_level = 0;
142  uint8_t with_encryption;
143  uint8_t mic_len;
144  uint8_t nonce[16];
145  struct ieee802154_ies ies;
146 
147  uint8_t a_len;
148  uint8_t m_len;
149 
150  if(hdr == NULL || outbuf == NULL || hdrlen < 0 || datalen < 0) {
151  return 0;
152  }
153 
154  /* Parse the frame header to extract security settings */
155  if(frame802154_parse(hdr, hdrlen + datalen, &frame) < 3) {
156  return 0;
157  }
158 
159  memset(&ies, 0, sizeof(ies));
160  if(frame802154e_parse_information_elements(hdr + hdrlen, datalen, &ies) > 0) {
161  /* put Header IEs into the header part which is not encrypted */
162  hdrlen += ies.ie_payload_ie_offset;
163  datalen -= ies.ie_payload_ie_offset;
164  }
165 
166  if(!frame.fcf.security_enabled) {
167  /* Security is not enabled for this frame, we're done */
168  return 0;
169  }
170 
171  /* Read security key index */
172  key_index = frame.aux_hdr.key_index;
173  security_level = frame.aux_hdr.security_control.security_level;
174  with_encryption = (security_level & 0x4) ? 1 : 0;
175  mic_len = tsch_security_mic_len(&frame);
176 
177  if(key_index == 0 || key_index > N_KEYS) {
178  return 0;
179  }
180 
181  tsch_security_init_nonce(nonce, &linkaddr_node_addr, asn);
182 
183  if(with_encryption) {
184  a_len = hdrlen;
185  m_len = datalen;
186  } else {
187  a_len = hdrlen + datalen;
188  m_len = 0;
189  }
190 
191  /* Copy source data to output */
192  if(hdr != outbuf) {
193  memcpy(outbuf, hdr, a_len + m_len);
194  }
195 
196  CCM_STAR.set_key(keys[key_index - 1]);
197 
198  CCM_STAR.aead(nonce,
199  outbuf + a_len, m_len,
200  outbuf, a_len,
201  outbuf + hdrlen + datalen, mic_len, 1);
202 
203  return mic_len;
204 }
205 /*---------------------------------------------------------------------------*/
206 unsigned int
207 tsch_security_parse_frame(const uint8_t *hdr, int hdrlen, int datalen,
208  const frame802154_t *frame, const linkaddr_t *sender,
209  struct tsch_asn_t *asn)
210 {
211  uint8_t generated_mic[16];
212  uint8_t key_index = 0;
213  uint8_t security_level = 0;
214  uint8_t with_encryption;
215  uint8_t mic_len;
216  uint8_t nonce[16];
217  uint8_t a_len;
218  uint8_t m_len;
219  struct ieee802154_ies ies;
220 
221  if(frame == NULL || hdr == NULL || hdrlen < 0 || datalen < 0) {
222  return 0;
223  }
224 
225  if(!tsch_security_check_level(frame)) {
226  /* Wrong security level */
227  return 0;
228  }
229 
230  /* No security: nothing more to check */
231  if(!frame->fcf.security_enabled) {
232  return 1;
233  }
234 
235  key_index = frame->aux_hdr.key_index;
236  security_level = frame->aux_hdr.security_control.security_level;
237  with_encryption = (security_level & 0x4) ? 1 : 0;
238  mic_len = tsch_security_mic_len(frame);
239 
240  /* Check if key_index is in supported range */
241  if(key_index == 0 || key_index > N_KEYS) {
242  return 0;
243  }
244 
245  memset(&ies, 0, sizeof(ies));
246  (void)frame802154e_parse_information_elements(hdr + hdrlen, datalen, &ies);
247  /* put Header IEs into the header part which is not encrypted */
248  hdrlen += ies.ie_payload_ie_offset;
249  datalen -= ies.ie_payload_ie_offset;
250 
251  tsch_security_init_nonce(nonce, sender, asn);
252 
253  if(with_encryption) {
254  a_len = hdrlen;
255  m_len = datalen;
256  } else {
257  a_len = hdrlen + datalen;
258  m_len = 0;
259  }
260 
261  CCM_STAR.set_key(keys[key_index - 1]);
262 
263  CCM_STAR.aead(nonce,
264  (uint8_t *)hdr + a_len, m_len,
265  (uint8_t *)hdr, a_len,
266  generated_mic, mic_len, 0);
267 
268  if(mic_len > 0 && memcmp(generated_mic, hdr + hdrlen + datalen, mic_len) != 0) {
269  return 0;
270  } else {
271  return 1;
272  }
273 }
274 /** @} */
frame802154_aux_hdr_t::security_control
frame802154_scf_t security_control
Security control bitfield.
Definition: frame802154.h:188
frame802154_t::fcf
frame802154_fcf_t fcf
Frame control field.
Definition: frame802154.h:204
frame802154_scf_t::security_level
uint8_t security_level
3 bit.
Definition: frame802154.h:168
frame802154_fcf_t::security_enabled
uint8_t security_enabled
1 bit.
Definition: frame802154.h:154
frame802154_parse
int frame802154_parse(uint8_t *data, int len, frame802154_t *pf)
Parses an input frame.
Definition: frame802154.c:500
tsch_security_parse_frame
unsigned int tsch_security_parse_frame(const uint8_t *hdr, int hdrlen, int datalen, const frame802154_t *frame, const linkaddr_t *sender, struct tsch_asn_t *asn)
Parse and check a frame protected with encryption and/or MIC.
Definition: tsch-security.c:207
framer-802154.h
A MAC framer for IEEE 802.15.4
frame802154_aux_hdr_t::key_index
uint8_t key_index
Key Index subfield.
Definition: frame802154.h:191
linkaddr_node_addr
linkaddr_t linkaddr_node_addr
The link-layer address of the node.
Definition: linkaddr.c:48
tsch_security_mic_len
unsigned int tsch_security_mic_len(const frame802154_t *frame)
Return MIC length.
Definition: tsch-security.c:126
ccm-star.h
CCM* header file.
tsch.h
Main API declarations for TSCH.
frame802154.h
802.15.4 frame creation and parsing functions
frame802154_fcf_t::frame_type
uint8_t frame_type
3 bit.
Definition: frame802154.h:153
frame802154_t
Parameters used by the frame802154_create() function.
Definition: frame802154.h:198
packetbuf.h
Header file for the Packet buffer (packetbuf) management
netstack.h
Include file for the Contiki low-layer network stack (NETSTACK)
tsch_security_secure_frame
unsigned int tsch_security_secure_frame(uint8_t *hdr, uint8_t *outbuf, int hdrlen, int datalen, struct tsch_asn_t *asn)
Protect a frame with encryption and/or MIC.
Definition: tsch-security.c:136
aes-128.h
AES-128.
tsch_asn_t
The ASN is an absolute slot number over 5 bytes.
Definition: tsch-asn.h:48
frame802154_t::aux_hdr
frame802154_aux_hdr_t aux_hdr
Aux security header.
Definition: frame802154.h:208
Generated on Sat May 30 2020 18:06:34 for Contiki-NG by   doxygen 1.8.13