Re: 802.15.4 security - Alexander Aring

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: Alexander Aring <alex.aring@gmail.com>
To: Simon Vincent <simon.vincent@xsilon.com>
Cc: Phoebe Buckheister <phoebe.buckheister@itwm.fraunhofer.de>,
	"linux-wpan@vger.kernel.org" <linux-wpan@vger.kernel.org>
Subject: Re: 802.15.4 security
Date: Thu, 18 Jun 2015 17:32:02 +0200	[thread overview]
Message-ID: <20150618153158.GA11086@omega> (raw)
In-Reply-To: <5582DD7B.6090907@xsilon.com>

On Thu, Jun 18, 2015 at 04:02:19PM +0100, Simon Vincent wrote:
> I have managed to get security working now in all modes.
> 
> I will submit a patch to fix the scatterlist bug.
> 
> The other problem I had was the IV was being generated incorrectly. This was
> because I had used the iwpan tools to set the mac address. This does not set
> the ieee802154_llsec_params.hwaddr[1] which is used for creating the IV.[2]
> 

Yea, I actually also know that using both netlink interfaces and only
the old one for security is broken, see [0]:

---

... I know currently there is some function
"mac802154_wpan_update_llsec" which makes the security layer to work,
because it's not called when setting short/panid anywhere else.

---

What I meant there was that if using nl802154 and updating address it
will not call mac802154_wpan_update_llsec. If you like you can set
patches for that.

> I am not sure the best way to fix this issue. Do we need to keep to keep a
> copy of the pan_id, hwaddr, coord_hwaddr, coord_shortaddr in the
> llsec_params? It seems like it could easily get missed and not updated if
> one of these parameters change.
> 

Well, I think there exists now better ways of course. But I would not
trust the implementation and we _maybe_ overlooked more than just the
missing calling of "mac802154_wpan_update_llsec".

We should go the way to support the crypto layer inside nl802154 and
then removing the old interface stuff.

- Alex

[0] http://www.spinics.net/lists/linux-wpan/msg02098.html

next prev parent reply	other threads:[~2015-06-18 15:32 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-21 13:23 802.15.4 security Simon Vincent
2015-05-28  9:00 ` Phoebe Buckheister
2015-06-18 10:12   ` Simon Vincent
2015-06-18 11:13     ` Phoebe Buckheister
2015-06-18 11:40       ` Phoebe Buckheister
2015-06-18 11:43         ` Simon Vincent
2015-06-18 15:02         ` Simon Vincent
2015-06-18 15:32           ` Alexander Aring [this message]
2015-06-18 11:42       ` Simon Vincent
2015-06-18 11:44         ` Phoebe Buckheister

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150618153158.GA11086@omega \
    --to=alex.aring@gmail.com \
    --cc=linux-wpan@vger.kernel.org \
    --cc=phoebe.buckheister@itwm.fraunhofer.de \
    --cc=simon.vincent@xsilon.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.