Found the bug for levels 1,2,3: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/mac802154/llsec.c#n680 Scatterlist length 0 is invalid. If I had properly built the scatterlists properly instead of setting single element lengths to 0 (because I thought that was allowed), things wouldn't die in a BUG(). Can't patch that now, though, I'm sorry :( On Thu, 18 Jun 2015 13:13:30 +0200 Phoebe Buckheister <phoebe.buckheister@xxxxxxxxxxxxxxxxxx> wrote: > Hi Simon, > > the last kernel I used this with was 3.15-rc8, so actually quite a > while ago. Unfortunately, I don't have the means to test things with a > current kernel right now, because I don't remember things failing that > hard when I last worked on that code. I usually used seclevel 5, which > worked fine with our devices. > > @wireshark: by default, without further configuration, wireshark can't > check the MIC, because it doesn't have the necessary keys. There was a > way to give wireshark those keys, but I don't remember off hand how > that worked. > > On Thu, 18 Jun 2015 11:12:19 +0100 > Simon Vincent <simon.vincent@xxxxxxxxxx> wrote: > > > Hi Phoebe, > > > > I am having some problems with the 802.15.4 security. > > > > What kernel version/gitref did you last test the 802.15.4 security > > on? What level of security are you using? (1-7) > > > > I can then have a look what has changed since and try and debug the > > problems I am seeing. > > > > I find if I set the security level to 1,2,3 I get a kernel panic > > whenever a packet is sent. > > If I set the security level to 4 the packets sent are corrupt. > > If I set the security level to 5-7 wireshark decodes the packets as > > MIC check failed. > > > > Regards > > > > Simon > > > > On 28/05/15 10:00, Phoebe Buckheister wrote: > > > Hi Simon, > > > > > > sorry for taking so long to reply. Unfortunately, there's > > > currently no actual documentation for the crypto layer (and I > > > probably won't come around to write any sometime soon), but I > > > have built an application that works with llsec [1]. > > > > > > The process to set up a crypto config for a network is rougly > > > outlined in [2] and [3]. There are more options to the crypto > > > layer than are used there, but the process is pretty much the > > > same: you add a number of devices you want to securely > > > communicate with, add the keys those devices will use to > > > communicate, and then set the general parameters for llsec (like > > > default llsec, enabling the crypto layer and such). > > > > > > Hope that helps a little, > > > Phoebe > > > > > > > > > [1] > > > https://github.com/mysmartgrid/hexabus/blob/pb-crypto/hostsoftware/hxbnm > > > [2] > > > https://github.com/mysmartgrid/hexabus/blob/pb-crypto/hostsoftware/hxbnm/src/hxbnm.cpp#L160 > > > [3] > > > https://github.com/mysmartgrid/hexabus/blob/pb-crypto/hostsoftware/hxbnm/src/hxbnm.cpp#L90 > > > > > > On Thu, 21 May 2015 14:23:10 +0100 > > > Simon Vincent <simon.vincent@xxxxxxxxxx> wrote: > > > > > >> What is the status of the crypto-layer? I can see a lot of crypto > > >> functionality in the mac layer but I can't work out how to setup > > >> the keys and enable encryption/authentication. Will this be part > > >> of the wpan-tools? > > >> > > >> - Simon > > >> -- > > >> To unsubscribe from this list: send the line "unsubscribe > > >> linux-wpan" in the body of a message to majordomo@xxxxxxxxxxxxxxx > > >> More majordomo info at > > >> http://vger.kernel.org/majordomo-info.html > > > -- > > > To unsubscribe from this list: send the line "unsubscribe > > > linux-wpan" in the body of a message to majordomo@xxxxxxxxxxxxxxx > > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-wpan" > in the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-wpan" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
