Re: [PATCH v1 1/2] mac802154: Fix MAC header and payload encrypted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello.

On 09/05/2017 02:18 PM, Diogenes Pereira wrote:
> According to  802.15.4-2003/2006/2015 specifications the MAC frame is
> composed of MHR, MAC payload and MFR and just the outgoing MAC payload
> must be encrypted.
> 
> If communication is secure,sender build Auxiliary Security Header(ASH),
> insert it next to the standard MHR header with security enabled bit ON,
> and secure frames before transmitting them. According to the information
> carried within the ASH, recipient retrieves the right cryptographic key
> and correctly un-secure MAC frames.
> 
> The error scenario occurs on Linux using IEEE802154_SCF_SECLEVEL_ENC(4)
> security level when llsec_do_encrypt_unauth() function builds theses MAC
> frames incorrectly. On recipients these MAC frames are discarded,logging
> "got invalid frame" messages.
> 
> Acked-by: Stefan Schmidt <stefan@xxxxxxxxxxxxxxx>
> Signed-off-by: Diogenes Pereira <dvnp@xxxxxxxxxxxx>
> ---
>  net/mac802154/llsec.c | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
> index 1e1c9b2..d9e7105 100644
> --- a/net/mac802154/llsec.c
> +++ b/net/mac802154/llsec.c
> @@ -623,13 +623,18 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec,
>  	u8 iv[16];
>  	struct scatterlist src;
>  	SKCIPHER_REQUEST_ON_STACK(req, key->tfm0);
> -	int err;
> +	int err, datalen;
> +	unsigned char *data;
>  
>  	llsec_geniv(iv, sec->params.hwaddr, &hdr->sec);
> -	sg_init_one(&src, skb->data, skb->len);
> +	/* Compute data payload offset and data length */
> +	data = skb_mac_header(skb) + skb->mac_len;
> +	datalen = skb_tail_pointer(skb) - data;
> +	sg_init_one(&src, data, datalen);
> +
>  	skcipher_request_set_tfm(req, key->tfm0);
>  	skcipher_request_set_callback(req, 0, NULL, NULL);
> -	skcipher_request_set_crypt(req, &src, &src, skb->len, iv);
> +	skcipher_request_set_crypt(req, &src, &src, datalen, iv);
>  	err = crypto_skcipher_encrypt(req);
>  	skcipher_request_zero(req);
>  	return err;
> 

Thanks! This patch has been applied to the wpan-next tree and will be part of the next pull request.

regards
Stefan Schmidt
--
To unsubscribe from this list: send the line "unsubscribe linux-wpan" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux