From: Stefan Schmidt <stefan@osg.samsung.com>
To: Diogenes Pereira <dvnp@cesar.org.br>, linux-wpan@vger.kernel.org
Cc: alex.aring@gmail.com, ckt@cesar.org.br
Subject: Re: [PATCH v1 1/2] mac802154: Fix MAC header and payload encrypted
Date: Wed, 20 Sep 2017 14:31:49 +0200 [thread overview]
Message-ID: <f7fcb110-93ed-43ef-dd61-6041ae21b75e@osg.samsung.com> (raw)
In-Reply-To: <1504613884-20870-1-git-send-email-dvnp@cesar.org.br>
Hello.
On 09/05/2017 02:18 PM, Diogenes Pereira wrote:
> According to 802.15.4-2003/2006/2015 specifications the MAC frame is
> composed of MHR, MAC payload and MFR and just the outgoing MAC payload
> must be encrypted.
>
> If communication is secure,sender build Auxiliary Security Header(ASH),
> insert it next to the standard MHR header with security enabled bit ON,
> and secure frames before transmitting them. According to the information
> carried within the ASH, recipient retrieves the right cryptographic key
> and correctly un-secure MAC frames.
>
> The error scenario occurs on Linux using IEEE802154_SCF_SECLEVEL_ENC(4)
> security level when llsec_do_encrypt_unauth() function builds theses MAC
> frames incorrectly. On recipients these MAC frames are discarded,logging
> "got invalid frame" messages.
>
> Acked-by: Stefan Schmidt <stefan@osg.samsung.com>
> Signed-off-by: Diogenes Pereira <dvnp@cesar.org.br>
> ---
> net/mac802154/llsec.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
> index 1e1c9b2..d9e7105 100644
> --- a/net/mac802154/llsec.c
> +++ b/net/mac802154/llsec.c
> @@ -623,13 +623,18 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec,
> u8 iv[16];
> struct scatterlist src;
> SKCIPHER_REQUEST_ON_STACK(req, key->tfm0);
> - int err;
> + int err, datalen;
> + unsigned char *data;
>
> llsec_geniv(iv, sec->params.hwaddr, &hdr->sec);
> - sg_init_one(&src, skb->data, skb->len);
> + /* Compute data payload offset and data length */
> + data = skb_mac_header(skb) + skb->mac_len;
> + datalen = skb_tail_pointer(skb) - data;
> + sg_init_one(&src, data, datalen);
> +
> skcipher_request_set_tfm(req, key->tfm0);
> skcipher_request_set_callback(req, 0, NULL, NULL);
> - skcipher_request_set_crypt(req, &src, &src, skb->len, iv);
> + skcipher_request_set_crypt(req, &src, &src, datalen, iv);
> err = crypto_skcipher_encrypt(req);
> skcipher_request_zero(req);
> return err;
>
Thanks! This patch has been applied to the wpan-next tree and will be part of the next pull request.
regards
Stefan Schmidt
prev parent reply other threads:[~2017-09-20 12:31 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-07 17:22 [PATCH v0 1/2] mac802154: fix header and payload encrypted Diogenes Pereira
2017-08-07 17:22 ` [PATCH v0 2/2] mac802154: replace hardcoded value with macro Diogenes Pereira
2017-08-09 10:47 ` Stefan Schmidt
[not found] ` <CAC9NHkm=SknMqkY8MuaOuJsnnBWauFAzU_cjYttMxRh6N0MQuA@mail.gmail.com>
2017-08-09 11:17 ` Stefan Schmidt
2017-08-09 16:19 ` [PATCH v1] " Diogenes Pereira
2017-08-21 14:46 ` Stefan Schmidt
2017-09-20 12:31 ` Stefan Schmidt
2017-08-09 10:52 ` [PATCH v0 1/2] mac802154: fix header and payload encrypted Stefan Schmidt
[not found] ` <CAC9NHkkHZJLk7_shZ37jFqp06Gu9Qg1Eu=sGi_259GjhkpSftg@mail.gmail.com>
2017-08-09 13:26 ` Stefan Schmidt
2017-09-05 12:18 ` [PATCH v1 1/2] mac802154: Fix MAC " Diogenes Pereira
2017-09-11 11:21 ` Stefan Schmidt
[not found] ` <CAC9NHknYZ7=FqwkXSHpXKQKBD74b7ddaDA=q=O5j-wkXhpMSJw@mail.gmail.com>
2017-09-14 13:35 ` Stefan Schmidt
2017-09-14 13:39 ` Stefan Schmidt
2017-09-20 12:31 ` Stefan Schmidt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f7fcb110-93ed-43ef-dd61-6041ae21b75e@osg.samsung.com \
--to=stefan@osg.samsung.com \
--cc=alex.aring@gmail.com \
--cc=ckt@cesar.org.br \
--cc=dvnp@cesar.org.br \
--cc=linux-wpan@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.