Re: [PATCH v1 1/2] mac802154: Fix MAC header and payload encrypted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello.

On 09/05/2017 02:18 PM, Diogenes Pereira wrote:

According to  802.15.4-2003/2006/2015 specifications the MAC frame is
composed of MHR, MAC payload and MFR and just the outgoing MAC payload
must be encrypted.

If communication is secure,sender build Auxiliary Security Header(ASH),
insert it next to the standard MHR header with security enabled bit ON,
and secure frames before transmitting them. According to the information
carried within the ASH, recipient retrieves the right cryptographic key
and correctly un-secure MAC frames.

The error scenario occurs on Linux using IEEE802154_SCF_SECLEVEL_ENC(4)
security level when llsec_do_encrypt_unauth() function builds theses MAC
frames incorrectly. On recipients these MAC frames are discarded,logging
"got invalid frame" messages.

Acked-by: Stefan Schmidt <stefan@xxxxxxxxxxxxxxx>
Signed-off-by: Diogenes Pereira <dvnp@xxxxxxxxxxxx>


While it shows me Acked-By it was missing so far.

To make it clear I am ok with this patch now.

Acked-by: Stefan Schmidt <stefan@xxxxxxxxxxxxxxx>

regards
Stefan Schmidt


---
  net/mac802154/llsec.c | 11 ++++++++---
  1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index 1e1c9b2..d9e7105 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -623,13 +623,18 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec,
  	u8 iv[16];
  	struct scatterlist src;
  	SKCIPHER_REQUEST_ON_STACK(req, key->tfm0);
-	int err;
+	int err, datalen;
+	unsigned char *data;
llsec_geniv(iv, sec->params.hwaddr, &hdr->sec); 
-	sg_init_one(&src, skb->data, skb->len);
+	/* Compute data payload offset and data length */
+	data = skb_mac_header(skb) + skb->mac_len;
+	datalen = skb_tail_pointer(skb) - data;
+	sg_init_one(&src, data, datalen);
+
  	skcipher_request_set_tfm(req, key->tfm0);
  	skcipher_request_set_callback(req, 0, NULL, NULL);
-	skcipher_request_set_crypt(req, &src, &src, skb->len, iv);
+	skcipher_request_set_crypt(req, &src, &src, datalen, iv);
  	err = crypto_skcipher_encrypt(req);
  	skcipher_request_zero(req);
  	return err;


--
To unsubscribe from this list: send the line "unsubscribe linux-wpan" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux