Skip to content

Commit 201a1b4

Browse files
Tomasz Bursztykanashif
Tomasz Bursztyka
authored and
nashif
committed
net/ieee802154: Security session must be initialized with a valid key
Security layer was tested only against CC2520, which does not mandate to begin the session with a valid key. However, the crypto API tells it must do so. And indeed, starting a session on mtls shim crypto device will fail due to missing key. Thus moving the relevant code where it should. Reported-by: Johann Fischer <[email protected]> Signed-off-by: Tomasz Bursztyka <[email protected]>
1 parent 13e1c3c commit 201a1b4

File tree

1 file changed

+24
-21
lines changed

1 file changed

+24
-21
lines changed

subsys/net/ip/l2/ieee802154/ieee802154_security.c

Lines changed: 24 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ int ieee802154_security_setup_session(struct ieee802154_security_ctx *sec_ctx,
2222
u8_t *key, u8_t key_len)
2323
{
2424
u8_t tag_size;
25+
int ret;
2526

2627
if (level > IEEE802154_SECURITY_LEVEL_ENC_MIC_128 ||
2728
key_mode > IEEE802154_KEY_ID_MODE_SRC_8_INDEX) {
@@ -58,6 +59,27 @@ int ieee802154_security_setup_session(struct ieee802154_security_ctx *sec_ctx,
5859
sec_ctx->enc.mode_params.ccm_info.tag_len = tag_size;
5960
sec_ctx->dec.mode_params.ccm_info.tag_len = tag_size;
6061

62+
ret = cipher_begin_session(sec_ctx->enc.device, &sec_ctx->enc,
63+
CRYPTO_CIPHER_ALGO_AES,
64+
CRYPTO_CIPHER_MODE_CCM,
65+
CRYPTO_CIPHER_OP_ENCRYPT);
66+
if (ret) {
67+
NET_ERR("Could not setup encryption context");
68+
69+
return ret;
70+
}
71+
72+
ret = cipher_begin_session(sec_ctx->dec.device, &sec_ctx->dec,
73+
CRYPTO_CIPHER_ALGO_AES,
74+
CRYPTO_CIPHER_MODE_CCM,
75+
CRYPTO_CIPHER_OP_DECRYPT);
76+
if (ret) {
77+
NET_ERR("Could not setup decryption context");
78+
cipher_free_session(sec_ctx->enc.device, &sec_ctx->enc);
79+
80+
return ret;
81+
}
82+
6183
return 0;
6284
}
6385

@@ -153,7 +175,6 @@ bool ieee802154_encrypt_auth(struct ieee802154_security_ctx *sec_ctx,
153175
int ieee802154_security_init(struct ieee802154_security_ctx *sec_ctx)
154176
{
155177
struct device *dev;
156-
int ret;
157178

158179
memset(&sec_ctx->enc, 0, sizeof(struct cipher_ctx));
159180
memset(&sec_ctx->dec, 0, sizeof(struct cipher_ctx));
@@ -170,26 +191,8 @@ int ieee802154_security_init(struct ieee802154_security_ctx *sec_ctx)
170191
sec_ctx->enc.mode_params.ccm_info.nonce_len = 13;
171192
sec_ctx->dec.mode_params.ccm_info.nonce_len = 13;
172193

173-
ret = cipher_begin_session(dev, &sec_ctx->enc,
174-
CRYPTO_CIPHER_ALGO_AES,
175-
CRYPTO_CIPHER_MODE_CCM,
176-
CRYPTO_CIPHER_OP_ENCRYPT);
177-
if (ret) {
178-
NET_ERR("Could not setup encryption context");
179-
180-
return ret;
181-
}
182-
183-
ret = cipher_begin_session(dev, &sec_ctx->dec,
184-
CRYPTO_CIPHER_ALGO_AES,
185-
CRYPTO_CIPHER_MODE_CCM,
186-
CRYPTO_CIPHER_OP_DECRYPT);
187-
if (ret) {
188-
NET_ERR("Could not setup decryption context");
189-
cipher_free_session(dev, &sec_ctx->enc);
190-
191-
return ret;
192-
}
194+
sec_ctx->enc.device = dev;
195+
sec_ctx->dec.device = dev;
193196

194197
return 0;
195198
}

0 commit comments

Comments
 (0)