Hello.
On 08/07/2017 07:22 PM, Diogenes Pereira wrote:
According to 802.15.4-2015 specification (section 9.2.1 Outgoing frame
security procedure) just the outgoing payload is encrypted. The header
carries security parameters to destination address, so is not encrypted.
Did you check by any chance if that was different in the 2006 or 2003
versions of the spec? A lot of our code is based on them and we are only
very slowly catching up on -2015 :)
Signed-off-by: Diogenes Pereira <dvnp@xxxxxxxxxxxx>
---
net/mac802154/llsec.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index 1e1c9b2..3c8ae3f 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -623,13 +623,18 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec,
u8 iv[16];
struct scatterlist src;
SKCIPHER_REQUEST_ON_STACK(req, key->tfm0);
- int err;
+ int err, datalen;
+ unsigned char *data;
llsec_geniv(iv, sec->params.hwaddr, &hdr->sec);
- sg_init_one(&src, skb->data, skb->len);
+
+ data = skb_mac_header(skb) + skb->mac_len;
+ datalen = skb_tail_pointer(skb) - data;
+
+ sg_init_one(&src, data, datalen);
skcipher_request_set_tfm(req, key->tfm0);
skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, &src, &src, skb->len, iv);
+ skcipher_request_set_crypt(req, &src, &src, datalen, iv);
err = crypto_skcipher_encrypt(req);
skcipher_request_zero(req);
return err;
What systems did you test this against? Do you have a specific error
scenario which this patch fixes?
What I try to understand here is if we are going to break llsec
communication with other systems already out there.
regards
Stefan Schmidt
--
To unsubscribe from this list: send the line "unsubscribe linux-wpan" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
