On Thu, Jun 18, 2015 at 04:02:19PM +0100, Simon Vincent wrote: > I have managed to get security working now in all modes. > > I will submit a patch to fix the scatterlist bug. > > The other problem I had was the IV was being generated incorrectly. This was > because I had used the iwpan tools to set the mac address. This does not set > the ieee802154_llsec_params.hwaddr[1] which is used for creating the IV.[2] > Yea, I actually also know that using both netlink interfaces and only the old one for security is broken, see [0]: --- ... I know currently there is some function "mac802154_wpan_update_llsec" which makes the security layer to work, because it's not called when setting short/panid anywhere else. --- What I meant there was that if using nl802154 and updating address it will not call mac802154_wpan_update_llsec. If you like you can set patches for that. > I am not sure the best way to fix this issue. Do we need to keep to keep a > copy of the pan_id, hwaddr, coord_hwaddr, coord_shortaddr in the > llsec_params? It seems like it could easily get missed and not updated if > one of these parameters change. > Well, I think there exists now better ways of course. But I would not trust the implementation and we _maybe_ overlooked more than just the missing calling of "mac802154_wpan_update_llsec". We should go the way to support the crypto layer inside nl802154 and then removing the old interface stuff. - Alex [0] http://www.spinics.net/lists/linux-wpan/msg02098.html -- To unsubscribe from this list: send the line "unsubscribe linux-wpan" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
