60 static aes_key keys[] = {
64 #define N_KEYS (sizeof(keys) / sizeof(aes_key)) 68 tsch_security_init_nonce(uint8_t *nonce,
69 const linkaddr_t *sender,
struct tsch_asn_t *asn)
71 memcpy(nonce, sender, 8);
73 nonce[9] = (asn->ls4b >> 24) & 0xff;
74 nonce[10] = (asn->ls4b >> 16) & 0xff;
75 nonce[11] = (asn->ls4b >> 8) & 0xff;
76 nonce[12] = (asn->ls4b) & 0xff;
82 uint8_t required_security_level;
83 uint8_t required_key_index;
93 return !(tsch_is_associated == 1 && tsch_is_pan_secured == 1);
97 if(tsch_is_associated == 1 && tsch_is_pan_secured == 0) {
103 case FRAME802154_BEACONFRAME:
104 required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_EB;
105 required_key_index = TSCH_SECURITY_KEY_INDEX_EB;
107 case FRAME802154_ACKFRAME:
108 required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_ACK;
109 required_key_index = TSCH_SECURITY_KEY_INDEX_ACK;
112 required_security_level = TSCH_SECURITY_KEY_SEC_LEVEL_OTHER;
113 required_key_index = TSCH_SECURITY_KEY_INDEX_OTHER;
117 required_security_level) &&
133 int hdrlen,
int datalen,
struct tsch_asn_t *asn)
136 uint8_t key_index = 0;
137 uint8_t security_level = 0;
138 uint8_t with_encryption;
141 struct ieee802154_ies ies;
146 if(hdr == NULL || outbuf == NULL || hdrlen < 0 || datalen < 0) {
155 memset(&ies, 0,
sizeof(ies));
156 if(frame802154e_parse_information_elements(hdr + hdrlen, datalen, &ies) > 0) {
158 hdrlen += ies.ie_payload_ie_offset;
159 datalen -= ies.ie_payload_ie_offset;
170 with_encryption = (security_level & 0x4) ? 1 : 0;
173 if(key_index == 0 || key_index > N_KEYS) {
179 if(with_encryption) {
183 a_len = hdrlen + datalen;
189 memcpy(outbuf, hdr, a_len + m_len);
192 CCM_STAR.set_key(keys[key_index - 1]);
195 outbuf + a_len, m_len,
197 outbuf + hdrlen + datalen, mic_len, 1);
207 uint8_t generated_mic[16];
208 uint8_t key_index = 0;
209 uint8_t security_level = 0;
210 uint8_t with_encryption;
215 struct ieee802154_ies ies;
217 if(frame == NULL || hdr == NULL || hdrlen < 0 || datalen < 0) {
221 if(!tsch_security_check_level(frame)) {
233 with_encryption = (security_level & 0x4) ? 1 : 0;
237 if(key_index == 0 || key_index > N_KEYS) {
241 memset(&ies, 0,
sizeof(ies));
242 (void)frame802154e_parse_information_elements(hdr + hdrlen, datalen, &ies);
244 hdrlen += ies.ie_payload_ie_offset;
245 datalen -= ies.ie_payload_ie_offset;
247 tsch_security_init_nonce(nonce, sender, asn);
249 if(with_encryption) {
253 a_len = hdrlen + datalen;
257 CCM_STAR.set_key(keys[key_index - 1]);
260 (uint8_t *)hdr + a_len, m_len,
261 (uint8_t *)hdr, a_len,
262 generated_mic, mic_len, 0);
264 if(mic_len > 0 && memcmp(generated_mic, hdr + hdrlen + datalen, mic_len) != 0) {
frame802154_scf_t security_control
Security control bitfield.
frame802154_fcf_t fcf
Frame control field.
uint8_t security_level
3 bit.
uint8_t security_enabled
1 bit.
int frame802154_parse(uint8_t *data, int len, frame802154_t *pf)
Parses an input frame.
unsigned int tsch_security_parse_frame(const uint8_t *hdr, int hdrlen, int datalen, const frame802154_t *frame, const linkaddr_t *sender, struct tsch_asn_t *asn)
Parse and check a frame protected with encryption and/or MIC.
A MAC framer for IEEE 802.15.4
uint8_t key_index
Key Index subfield.
linkaddr_t linkaddr_node_addr
The link-layer address of the node.
unsigned int tsch_security_mic_len(const frame802154_t *frame)
Return MIC length.
Main API declarations for TSCH.
802.15.4 frame creation and parsing functions
Parameters used by the frame802154_create() function.
Header file for the Packet buffer (packetbuf) management
Include file for the Contiki low-layer network stack (NETSTACK)
unsigned int tsch_security_secure_frame(uint8_t *hdr, uint8_t *outbuf, int hdrlen, int datalen, struct tsch_asn_t *asn)
Protect a frame with encryption and/or MIC.
The ASN is an absolute slot number over 5 bytes.
frame802154_aux_hdr_t aux_hdr
Aux security header.