From: Alexander Aring <alex.aring@gmail.com>
To: Simon Vincent <simon.vincent@xsilon.com>
Cc: Phoebe Buckheister <phoebe.buckheister@itwm.fraunhofer.de>,
"linux-wpan@vger.kernel.org" <linux-wpan@vger.kernel.org>
Subject: Re: 802.15.4 security
Date: Thu, 18 Jun 2015 17:32:02 +0200 [thread overview]
Message-ID: <20150618153158.GA11086@omega> (raw)
In-Reply-To: <5582DD7B.6090907@xsilon.com>
On Thu, Jun 18, 2015 at 04:02:19PM +0100, Simon Vincent wrote:
> I have managed to get security working now in all modes.
>
> I will submit a patch to fix the scatterlist bug.
>
> The other problem I had was the IV was being generated incorrectly. This was
> because I had used the iwpan tools to set the mac address. This does not set
> the ieee802154_llsec_params.hwaddr[1] which is used for creating the IV.[2]
>
Yea, I actually also know that using both netlink interfaces and only
the old one for security is broken, see [0]:
---
... I know currently there is some function
"mac802154_wpan_update_llsec" which makes the security layer to work,
because it's not called when setting short/panid anywhere else.
---
What I meant there was that if using nl802154 and updating address it
will not call mac802154_wpan_update_llsec. If you like you can set
patches for that.
> I am not sure the best way to fix this issue. Do we need to keep to keep a
> copy of the pan_id, hwaddr, coord_hwaddr, coord_shortaddr in the
> llsec_params? It seems like it could easily get missed and not updated if
> one of these parameters change.
>
Well, I think there exists now better ways of course. But I would not
trust the implementation and we _maybe_ overlooked more than just the
missing calling of "mac802154_wpan_update_llsec".
We should go the way to support the crypto layer inside nl802154 and
then removing the old interface stuff.
- Alex
[0] http://www.spinics.net/lists/linux-wpan/msg02098.html
next prev parent reply other threads:[~2015-06-18 15:32 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-21 13:23 802.15.4 security Simon Vincent
2015-05-28 9:00 ` Phoebe Buckheister
2015-06-18 10:12 ` Simon Vincent
2015-06-18 11:13 ` Phoebe Buckheister
2015-06-18 11:40 ` Phoebe Buckheister
2015-06-18 11:43 ` Simon Vincent
2015-06-18 15:02 ` Simon Vincent
2015-06-18 15:32 ` Alexander Aring [this message]
2015-06-18 11:42 ` Simon Vincent
2015-06-18 11:44 ` Phoebe Buckheister
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150618153158.GA11086@omega \
--to=alex.aring@gmail.com \
--cc=linux-wpan@vger.kernel.org \
--cc=phoebe.buckheister@itwm.fraunhofer.de \
--cc=simon.vincent@xsilon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox