• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Copyright (c) 2016, The OpenThread Authors.
3  *  All rights reserved.
4  *
5  *  Redistribution and use in source and binary forms, with or without
6  *  modification, are permitted provided that the following conditions are met:
7  *  1. Redistributions of source code must retain the above copyright
8  *     notice, this list of conditions and the following disclaimer.
9  *  2. Redistributions in binary form must reproduce the above copyright
10  *     notice, this list of conditions and the following disclaimer in the
11  *     documentation and/or other materials provided with the distribution.
12  *  3. Neither the name of the copyright holder nor the
13  *     names of its contributors may be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26  *  POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /**
30  * @file
31  *   This file includes definitions for performing AES-CCM computations.
32  */
33 
34 #ifndef AES_CCM_HPP_
35 #define AES_CCM_HPP_
36 
37 #include "openthread-core-config.h"
38 
39 #include <stdint.h>
40 
41 #include <openthread/platform/crypto.h>
42 #include "common/error.hpp"
43 #include "common/message.hpp"
44 #include "common/type_traits.hpp"
45 #include "crypto/aes_ecb.hpp"
46 #include "crypto/storage.hpp"
47 #include "mac/mac_types.hpp"
48 
49 namespace ot {
50 namespace Crypto {
51 
52 /**
53  * @addtogroup core-security
54  *
55  * @{
56  */
57 
58 /**
59  * Implements AES CCM computation.
60  */
61 class AesCcm
62 {
63 public:
64     static constexpr uint8_t kMinTagLength = 4;                  ///< Minimum tag length (in bytes).
65     static constexpr uint8_t kMaxTagLength = AesEcb::kBlockSize; ///< Maximum tag length (in bytes).
66     static constexpr uint8_t kNonceSize    = 13;                 ///< Size of IEEE 802.15.4 Nonce (in bytes).
67 
68     /**
69      * Type represent the encryption vs decryption mode.
70      */
71     enum Mode : uint8_t
72     {
73         kEncrypt, // Encryption mode.
74         kDecrypt, // Decryption mode.
75     };
76 
77     /**
78      * Sets the key.
79      *
80      * @param[in]  aKey    Crypto Key used in AES operation
81      */
SetKey(const Key & aKey)82     void SetKey(const Key &aKey) { mEcb.SetKey(aKey); }
83 
84     /**
85      * Sets the key.
86      *
87      * @param[in]  aKey        A pointer to the key.
88      * @param[in]  aKeyLength  Length of the key in bytes.
89      */
90     void SetKey(const uint8_t *aKey, uint16_t aKeyLength);
91 
92     /**
93      * Sets the key.
94      *
95      * @param[in]  aMacKey        Key Material for AES operation.
96      */
97     void SetKey(const Mac::KeyMaterial &aMacKey);
98 
99     /**
100      * Initializes the AES CCM computation.
101      *
102      * @param[in]  aHeaderLength     Length of header in bytes.
103      * @param[in]  aPlainTextLength  Length of plaintext in bytes.
104      * @param[in]  aTagLength        Length of tag in bytes (must be even and in `[kMinTagLength, kMaxTagLength]`).
105      * @param[in]  aNonce            A pointer to the nonce.
106      * @param[in]  aNonceLength      Length of nonce in bytes.
107      */
108     void Init(uint32_t    aHeaderLength,
109               uint32_t    aPlainTextLength,
110               uint8_t     aTagLength,
111               const void *aNonce,
112               uint8_t     aNonceLength);
113 
114     /**
115      * Processes the header.
116      *
117      * @param[in]  aHeader        A pointer to the header.
118      * @param[in]  aHeaderLength  Length of header in bytes.
119      */
120     void Header(const void *aHeader, uint32_t aHeaderLength);
121 
122     /**
123      * Processes the header.
124      *
125      * @tparam    ObjectType   The object type.
126      *
127      * @param[in] aObject      A reference to the object to add to header.
128      */
Header(const ObjectType & aObject)129     template <typename ObjectType> void Header(const ObjectType &aObject)
130     {
131         static_assert(!TypeTraits::IsPointer<ObjectType>::kValue, "ObjectType must not be a pointer");
132 
133         Header(&aObject, sizeof(ObjectType));
134     }
135 
136     /**
137      * Processes the payload.
138      *
139      * @param[in,out]  aPlainText   A pointer to the plaintext.
140      * @param[in,out]  aCipherText  A pointer to the ciphertext.
141      * @param[in]      aLength      Payload length in bytes.
142      * @param[in]      aMode        Mode to indicate whether to encrypt (`kEncrypt`) or decrypt (`kDecrypt`).
143      */
144     void Payload(void *aPlainText, void *aCipherText, uint32_t aLength, Mode aMode);
145 
146 #if OPENTHREAD_FTD || OPENTHREAD_MTD
147     /**
148      * Processes the payload within a given message.
149      *
150      * Encrypts/decrypts the payload content in place within the @p aMessage.
151      *
152      * @param[in,out]  aMessage     The message to read from and update.
153      * @param[in]      aOffset      The offset in @p aMessage to start of payload.
154      * @param[in]      aLength      Payload length in bytes.
155      * @param[in]      aMode        Mode to indicate whether to encrypt (`kEncrypt`) or decrypt (`kDecrypt`).
156      */
157     void Payload(Message &aMessage, uint16_t aOffset, uint16_t aLength, Mode aMode);
158 #endif
159 
160     /**
161      * Returns the tag length in bytes.
162      *
163      * @returns The tag length in bytes.
164      */
GetTagLength(void) const165     uint8_t GetTagLength(void) const { return mTagLength; }
166 
167     /**
168      * Generates the tag.
169      *
170      * @param[out]  aTag        A pointer to the tag (must have `GetTagLength()` bytes).
171      */
172     void Finalize(void *aTag);
173 
174     /**
175      * Generates IEEE 802.15.4 nonce byte sequence.
176      *
177      * @param[in]  aAddress        An extended address.
178      * @param[in]  aFrameCounter   A frame counter.
179      * @param[in]  aSecurityLevel  A security level.
180      * @param[out] aNonce          A buffer (with `kNonceSize` bytes) to place the generated nonce.
181      */
182     static void GenerateNonce(const Mac::ExtAddress &aAddress,
183                               uint32_t               aFrameCounter,
184                               uint8_t                aSecurityLevel,
185                               uint8_t               *aNonce);
186 
187 private:
188     AesEcb   mEcb;
189     uint8_t  mBlock[AesEcb::kBlockSize];
190     uint8_t  mCtr[AesEcb::kBlockSize];
191     uint8_t  mCtrPad[AesEcb::kBlockSize];
192     uint32_t mHeaderLength;
193     uint32_t mHeaderCur;
194     uint32_t mPlainTextLength;
195     uint32_t mPlainTextCur;
196     uint16_t mBlockLength;
197     uint16_t mCtrLength;
198     uint8_t  mNonceLength;
199     uint8_t  mTagLength;
200 };
201 
202 /**
203  * @}
204  */
205 
206 } // namespace Crypto
207 } // namespace ot
208 
209 #endif // AES_CCM_HPP_
210