On Thu, 18 Jun 2015 12:42:16 +0100 Simon Vincent <simon.vincent@xxxxxxxxxx> wrote: > Hi Phoebe, > > I have added the key to wireshark so it should be able to do > decryption and MIC checks. > Edit -> Preferences -> Protocols -> IEEE 802.15.4 -> Decryption key. > I assume this works... > > What devices were you running on? Just wondering if it is an endian > issue. Only our own Contiki devices, with a crypto layer that predates crypto as it is implemented in Contiki right now and grew out of horrible code and a lot of misunderstandings. May well be that the code is still wrong, even though I tried to fix it, and the kernel code is now broken to match. > I will have a dig into the kernel and see if I can work out what is > going wrong, I think a lot has changed since 3.15. > > Simon > > On 18/06/15 12:13, Phoebe Buckheister wrote: > > Hi Simon, > > > > the last kernel I used this with was 3.15-rc8, so actually quite a > > while ago. Unfortunately, I don't have the means to test things > > with a current kernel right now, because I don't remember things > > failing that hard when I last worked on that code. I usually used > > seclevel 5, which worked fine with our devices. > > > > @wireshark: by default, without further configuration, wireshark > > can't check the MIC, because it doesn't have the necessary keys. > > There was a way to give wireshark those keys, but I don't remember > > off hand how that worked. > > > > On Thu, 18 Jun 2015 11:12:19 +0100 > > Simon Vincent <simon.vincent@xxxxxxxxxx> wrote: > > > >> Hi Phoebe, > >> > >> I am having some problems with the 802.15.4 security. > >> > >> What kernel version/gitref did you last test the 802.15.4 security > >> on? What level of security are you using? (1-7) > >> > >> I can then have a look what has changed since and try and debug the > >> problems I am seeing. > >> > >> I find if I set the security level to 1,2,3 I get a kernel panic > >> whenever a packet is sent. > >> If I set the security level to 4 the packets sent are corrupt. > >> If I set the security level to 5-7 wireshark decodes the packets as > >> MIC check failed. > >> > >> Regards > >> > >> Simon > >> > >> On 28/05/15 10:00, Phoebe Buckheister wrote: > >>> Hi Simon, > >>> > >>> sorry for taking so long to reply. Unfortunately, there's > >>> currently no actual documentation for the crypto layer (and I > >>> probably won't come around to write any sometime soon), but I > >>> have built an application that works with llsec [1]. > >>> > >>> The process to set up a crypto config for a network is rougly > >>> outlined in [2] and [3]. There are more options to the crypto > >>> layer than are used there, but the process is pretty much the > >>> same: you add a number of devices you want to securely > >>> communicate with, add the keys those devices will use to > >>> communicate, and then set the general parameters for llsec (like > >>> default llsec, enabling the crypto layer and such). > >>> > >>> Hope that helps a little, > >>> Phoebe > >>> > >>> > >>> [1] > >>> https://github.com/mysmartgrid/hexabus/blob/pb-crypto/hostsoftware/hxbnm > >>> [2] > >>> https://github.com/mysmartgrid/hexabus/blob/pb-crypto/hostsoftware/hxbnm/src/hxbnm.cpp#L160 > >>> [3] > >>> https://github.com/mysmartgrid/hexabus/blob/pb-crypto/hostsoftware/hxbnm/src/hxbnm.cpp#L90 > >>> > >>> On Thu, 21 May 2015 14:23:10 +0100 > >>> Simon Vincent <simon.vincent@xxxxxxxxxx> wrote: > >>> > >>>> What is the status of the crypto-layer? I can see a lot of crypto > >>>> functionality in the mac layer but I can't work out how to setup > >>>> the keys and enable encryption/authentication. Will this be part > >>>> of the wpan-tools? > >>>> > >>>> - Simon > >>>> -- > >>>> To unsubscribe from this list: send the line "unsubscribe > >>>> linux-wpan" in the body of a message to majordomo@xxxxxxxxxxxxxxx > >>>> More majordomo info at > >>>> http://vger.kernel.org/majordomo-info.html > >>> -- > >>> To unsubscribe from this list: send the line "unsubscribe > >>> linux-wpan" in the body of a message to majordomo@xxxxxxxxxxxxxxx > >>> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > To unsubscribe from this list: send the line "unsubscribe linux-wpan" > in the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-wpan" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
