net: l2: ieee802154: enc-only security level removed from spec

The encryption-only security level has been removed from the
spec, see IEEE 802.15.4-2020, 9.4.2.2 Security Level field.

The standard provides the following explanation (ibid):

"This security level is deprecated and shall not be used in
implementation compliant with this standard. Devices that
receive frames with security level 4 shall discard them, as
described in 9.2.4. The counter mode encryption and cipher
block chaining message authentication code (CCM) used allows
trivial changes to the underlaying encrypted data unless
data authenticity is provided, thus using data confidentiality
only is not useful. In the case of TSCH mode, security level 4
allows higher security level frames to be downgraded to
security level 4 frames."

Signed-off-by: Florian Grandel <fgrandel@code-for-humans.de>

subsys/net/l2/ieee802154/ieee802154_frame.h

@@ -134,12 +134,15 @@ enum ieee802154_security_level {
 	IEEE802154_SECURITY_LEVEL_MIC_32 = 0x1,
 	IEEE802154_SECURITY_LEVEL_MIC_64 = 0x2,
 	IEEE802154_SECURITY_LEVEL_MIC_128 = 0x3,
-	IEEE802154_SECURITY_LEVEL_ENC = 0x4,
+	IEEE802154_SECURITY_LEVEL_RESERVED = 0x4,
 	IEEE802154_SECURITY_LEVEL_ENC_MIC_32 = 0x5,
 	IEEE802154_SECURITY_LEVEL_ENC_MIC_64 = 0x6,
 	IEEE802154_SECURITY_LEVEL_ENC_MIC_128 = 0x7,
 };
 
+/* Levels above this level will be encrypted. */
+#define IEEE802154_SECURITY_LEVEL_ENC IEEE802154_SECURITY_LEVEL_RESERVED
+
 /* This will match above *_MIC_<32/64/128> */
 #define IEEE8021254_AUTH_TAG_LENGTH_32	4
 #define IEEE8021254_AUTH_TAG_LENGTH_64	8

subsys/net/l2/ieee802154/ieee802154_security.c

@@ -46,10 +46,14 @@ int ieee802154_security_setup_session(struct ieee802154_security_ctx *sec_ctx, u
 		return 0;
 	}
 
-	if (level >= IEEE802154_SECURITY_LEVEL_ENC) {
+
+	if (level > IEEE802154_SECURITY_LEVEL_ENC) {
 		authtag_len = level_2_authtag_len[level - 4];
-	} else {
+	} else if (level < IEEE802154_SECURITY_LEVEL_ENC) {
 		authtag_len = level_2_authtag_len[level];
+	} else {
+		/* Encryption-only security is no longer supported since IEEE 802.15.4-2020. */
+		return -EINVAL;
 	}
 	sec_ctx->enc.mode_params.ccm_info.tag_len = authtag_len;
 	sec_ctx->dec.mode_params.ccm_info.tag_len = authtag_len;
@@ -99,9 +103,13 @@ static void prepare_cipher_aead_pkt(uint8_t *frame, uint8_t level, uint8_t hdr_l
 				    uint8_t payload_len, uint8_t authtag_len,
 				    struct cipher_aead_pkt *apkt, struct cipher_pkt *pkt)
 {
-	bool is_encrypted = level >= IEEE802154_SECURITY_LEVEL_ENC;
-	bool is_authenticated = level != IEEE802154_SECURITY_LEVEL_NONE &&
-				level != IEEE802154_SECURITY_LEVEL_ENC;
+	bool is_authenticated;
+	bool is_encrypted;
+
+	__ASSERT_NO_MSG(level != IEEE802154_SECURITY_LEVEL_ENC);
+
+	is_encrypted = level > IEEE802154_SECURITY_LEVEL_ENC;
+	is_authenticated = level != IEEE802154_SECURITY_LEVEL_NONE;
 
 	/* See section 9.3.5.3 */
 	pkt->in_buf = is_encrypted && payload_len ? frame + hdr_len : NULL;
@@ -136,12 +144,6 @@ bool ieee802154_decrypt_auth(struct ieee802154_security_ctx *sec_ctx, uint8_t *f
 
 	level = sec_ctx->level;
 
-	if (level == IEEE802154_SECURITY_LEVEL_ENC) {
-		/* See comment in ieee802154_encrypt_auth(). */
-		NET_ERR("Encrypt-only operation is not supported.");
-		return false;
-	}
-
 	/* See section 9.3.3.1 */
 	memcpy(nonce, src_ext_addr, IEEE802154_EXT_ADDR_LENGTH);
 	sys_put_be32(frame_counter, &nonce[8]);
@@ -175,13 +177,8 @@ bool ieee802154_encrypt_auth(struct ieee802154_security_ctx *sec_ctx, uint8_t *f
 
 	level = sec_ctx->level;
 
-	if (level == IEEE802154_SECURITY_LEVEL_ENC) {
-		/* TODO: We currently use CCM rather than CCM* as crypto.h does
-		 *       not provide access to CCM* as of now.
-		 *       The spec requires CCM* to support encryption-only CCM
-		 *       operation, see annex B.1
-		 */
-		NET_ERR("Encrypt-only operation is not supported.");
+	if (level == IEEE802154_SECURITY_LEVEL_RESERVED) {
+		NET_DBG("Encryption-only security is deprecated since IEEE 802.15.4-2015.");
 		return false;
 	}