From patchwork Tue Sep 5 12:18:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Diogenes Pereira X-Patchwork-Id: 9938543 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2FFFB6038C for ; Tue, 5 Sep 2017 12:23:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2240E28973 for ; Tue, 5 Sep 2017 12:23:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 16F6728977; Tue, 5 Sep 2017 12:23:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 09E9728973 for ; Tue, 5 Sep 2017 12:23:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751002AbdIEMXp (ORCPT ); Tue, 5 Sep 2017 08:23:45 -0400 Received: from mail-qk0-f180.google.com ([209.85.220.180]:33686 "EHLO mail-qk0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750891AbdIEMXp (ORCPT ); Tue, 5 Sep 2017 08:23:45 -0400 Received: by mail-qk0-f180.google.com with SMTP id o129so10970018qkd.0 for ; Tue, 05 Sep 2017 05:23:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cesar-org-br.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=5l+BArai1Vyxav7s2+y1dP/+SA5mJl8FxlSSchfjVmY=; b=vPuv4Q16+wojcwh7/GsDKiV0Czpn+xwl/koF3tRJ9OLp6kQRgleF3oC4OVz60Swd3t CNpbkWAga5iPxAbzJEQ/h+TY7SUa7ajippxgnEO4Jgkob/EgebjU96EB0zvmjJtggKd6 JUaOtbQ4migP/0Stn7YzDf40zFScvhrWT/fFgLIgEO+M5APUlu544rubB1XuNe2TXeyU WZbUSlSE7eR7IkzW0tUDFbPQR23nFHmyMHaN1dd58XZVkSY1bx/gSEcFfkX7ZhfG93MY SXZXm6jHJPe1U6Nw9UA5tB6619T7jxaG4vd3gbbeNenpC2eMgXGQxQECuLnr9kH3DRJX MC7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=5l+BArai1Vyxav7s2+y1dP/+SA5mJl8FxlSSchfjVmY=; b=jAzbjyaYsCiD3+hrMTcx6wT6YJrUXsjGy6l66ob1pwctWL/jbOKi3M1UBXMh0gF9TX anGzg4qG4r6Y0AZEBaPeuOQ/eI304spHQA5HVuYGZivk68og1vOczx5jRm8GxEqpt7pI 8v4P9/mSvxoVfu6haisC4EVdaKEOW9mf0uolnQISkhTkaApD6VtPhkP5UUhuIL8xiWwN pylVlj8ZfzYeejjeWojIGsj12PcbG3IWoNBEVAif56Gj6ZmoV8IzzdkZERVfxrJ4CL8H Ou62Pr0VhfhzBVxlkUG1/kWWB7WMmpeDnRn448U4f3pEK7nq9FRoGxHFxYsH9vLvySJn 6vsA== X-Gm-Message-State: AHPjjUgHmyzJbFy82P3bMXQX0MDod/NwWfELhrHKLtHyZQRpB1toa6Dn TighCjEQ3SNjW2P8now= X-Google-Smtp-Source: ADKCNb5X42QmPM4OdSQuVu4/O3Ab/T/2tWShQ4PeyV4JvfWbY3XluY2gxp8U4OBWLG8DArSL7j7Rcw== X-Received: by 10.55.133.6 with SMTP id h6mr4746620qkd.17.1504614223806; Tue, 05 Sep 2017 05:23:43 -0700 (PDT) Received: from dvnp-VM.cesar.intranet (mikiko.cesar.org.br. [200.199.23.104]) by smtp.gmail.com with ESMTPSA id q52sm288581qtc.12.2017.09.05.05.23.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 05 Sep 2017 05:23:42 -0700 (PDT) From: Diogenes Pereira To: linux-wpan@vger.kernel.org Cc: stefan@osg.samsung.com, alex.aring@gmail.com, ckt@cesar.org.br, dvnp@cesar.org.br Subject: [PATCH v1 1/2] mac802154: Fix MAC header and payload encrypted Date: Tue, 5 Sep 2017 09:18:04 -0300 Message-Id: <1504613884-20870-1-git-send-email-dvnp@cesar.org.br> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Sender: linux-wpan-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wpan@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP According to 802.15.4-2003/2006/2015 specifications the MAC frame is composed of MHR, MAC payload and MFR and just the outgoing MAC payload must be encrypted. If communication is secure,sender build Auxiliary Security Header(ASH), insert it next to the standard MHR header with security enabled bit ON, and secure frames before transmitting them. According to the information carried within the ASH, recipient retrieves the right cryptographic key and correctly un-secure MAC frames. The error scenario occurs on Linux using IEEE802154_SCF_SECLEVEL_ENC(4) security level when llsec_do_encrypt_unauth() function builds theses MAC frames incorrectly. On recipients these MAC frames are discarded,logging "got invalid frame" messages. Acked-by: Stefan Schmidt Signed-off-by: Diogenes Pereira Acked-by: Stefan Schmidt --- net/mac802154/llsec.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c index 1e1c9b2..d9e7105 100644 --- a/net/mac802154/llsec.c +++ b/net/mac802154/llsec.c @@ -623,13 +623,18 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec, u8 iv[16]; struct scatterlist src; SKCIPHER_REQUEST_ON_STACK(req, key->tfm0); - int err; + int err, datalen; + unsigned char *data; llsec_geniv(iv, sec->params.hwaddr, &hdr->sec); - sg_init_one(&src, skb->data, skb->len); + /* Compute data payload offset and data length */ + data = skb_mac_header(skb) + skb->mac_len; + datalen = skb_tail_pointer(skb) - data; + sg_init_one(&src, data, datalen); + skcipher_request_set_tfm(req, key->tfm0); skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, &src, &src, skb->len, iv); + skcipher_request_set_crypt(req, &src, &src, datalen, iv); err = crypto_skcipher_encrypt(req); skcipher_request_zero(req); return err;