Hello. On 09/05/2017 02:18 PM, Diogenes Pereira wrote: > According to 802.15.4-2003/2006/2015 specifications the MAC frame is > composed of MHR, MAC payload and MFR and just the outgoing MAC payload > must be encrypted. > > If communication is secure,sender build Auxiliary Security Header(ASH), > insert it next to the standard MHR header with security enabled bit ON, > and secure frames before transmitting them. According to the information > carried within the ASH, recipient retrieves the right cryptographic key > and correctly un-secure MAC frames. > > The error scenario occurs on Linux using IEEE802154_SCF_SECLEVEL_ENC(4) > security level when llsec_do_encrypt_unauth() function builds theses MAC > frames incorrectly. On recipients these MAC frames are discarded,logging > "got invalid frame" messages. > > Acked-by: Stefan Schmidt <stefan@xxxxxxxxxxxxxxx> > Signed-off-by: Diogenes Pereira <dvnp@xxxxxxxxxxxx> > --- > net/mac802154/llsec.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c > index 1e1c9b2..d9e7105 100644 > --- a/net/mac802154/llsec.c > +++ b/net/mac802154/llsec.c > @@ -623,13 +623,18 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec, > u8 iv[16]; > struct scatterlist src; > SKCIPHER_REQUEST_ON_STACK(req, key->tfm0); > - int err; > + int err, datalen; > + unsigned char *data; > > llsec_geniv(iv, sec->params.hwaddr, &hdr->sec); > - sg_init_one(&src, skb->data, skb->len); > + /* Compute data payload offset and data length */ > + data = skb_mac_header(skb) + skb->mac_len; > + datalen = skb_tail_pointer(skb) - data; > + sg_init_one(&src, data, datalen); > + > skcipher_request_set_tfm(req, key->tfm0); > skcipher_request_set_callback(req, 0, NULL, NULL); > - skcipher_request_set_crypt(req, &src, &src, skb->len, iv); > + skcipher_request_set_crypt(req, &src, &src, datalen, iv); > err = crypto_skcipher_encrypt(req); > skcipher_request_zero(req); > return err; > Thanks! This patch has been applied to the wpan-next tree and will be part of the next pull request. regards Stefan Schmidt -- To unsubscribe from this list: send the line "unsubscribe linux-wpan" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
