| Message ID | 1502126560-24462-1-git-send-email-dvnp@cesar.org.br (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
Hello. On 08/07/2017 07:22 PM, Diogenes Pereira wrote: > According to 802.15.4-2015 specification (section 9.2.1 Outgoing frame > security procedure) just the outgoing payload is encrypted. The header > carries security parameters to destination address, so is not encrypted. Did you check by any chance if that was different in the 2006 or 2003 versions of the spec? A lot of our code is based on them and we are only very slowly catching up on -2015 :) > Signed-off-by: Diogenes Pereira <dvnp@cesar.org.br> > --- > net/mac802154/llsec.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c > index 1e1c9b2..3c8ae3f 100644 > --- a/net/mac802154/llsec.c > +++ b/net/mac802154/llsec.c > @@ -623,13 +623,18 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec, > u8 iv[16]; > struct scatterlist src; > SKCIPHER_REQUEST_ON_STACK(req, key->tfm0); > - int err; > + int err, datalen; > + unsigned char *data; > > llsec_geniv(iv, sec->params.hwaddr, &hdr->sec); > - sg_init_one(&src, skb->data, skb->len); > + > + data = skb_mac_header(skb) + skb->mac_len; > + datalen = skb_tail_pointer(skb) - data; > + > + sg_init_one(&src, data, datalen); > skcipher_request_set_tfm(req, key->tfm0); > skcipher_request_set_callback(req, 0, NULL, NULL); > - skcipher_request_set_crypt(req, &src, &src, skb->len, iv); > + skcipher_request_set_crypt(req, &src, &src, datalen, iv); > err = crypto_skcipher_encrypt(req); > skcipher_request_zero(req); > return err; What systems did you test this against? Do you have a specific error scenario which this patch fixes? What I try to understand here is if we are going to break llsec communication with other systems already out there. regards Stefan Schmidt -- To unsubscribe from this list: send the line "unsubscribe linux-wpan" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hello. On 08/09/2017 02:49 PM, DiĆ³genes Vila Nova Pereira wrote: > Hi Stefan, > > So, can you give me time analyze the specifications and to tests at > other platforms no linux? Sure, take all the time you need. Better have something well understood and tested. You can submit the second patch separately so we can get it applied while you are looking into this one a bit further. regards Stefan Schmidt -- To unsubscribe from this list: send the line "unsubscribe linux-wpan" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c index 1e1c9b2..3c8ae3f 100644 --- a/net/mac802154/llsec.c +++ b/net/mac802154/llsec.c @@ -623,13 +623,18 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec, u8 iv[16]; struct scatterlist src; SKCIPHER_REQUEST_ON_STACK(req, key->tfm0); - int err; + int err, datalen; + unsigned char *data; llsec_geniv(iv, sec->params.hwaddr, &hdr->sec); - sg_init_one(&src, skb->data, skb->len); + + data = skb_mac_header(skb) + skb->mac_len; + datalen = skb_tail_pointer(skb) - data; + + sg_init_one(&src, data, datalen); skcipher_request_set_tfm(req, key->tfm0); skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, &src, &src, skb->len, iv); + skcipher_request_set_crypt(req, &src, &src, datalen, iv); err = crypto_skcipher_encrypt(req); skcipher_request_zero(req); return err;
According to 802.15.4-2015 specification (section 9.2.1 Outgoing frame security procedure) just the outgoing payload is encrypted. The header carries security parameters to destination address, so is not encrypted. Signed-off-by: Diogenes Pereira <dvnp@cesar.org.br> --- net/mac802154/llsec.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-)