From: David S. Miller Date: Fri, 16 May 2014 21:23:49 +0000 (-0400) Subject: Merge branch 'ieee802154-next' X-Git-Tag: Ubuntu-snapdragon-4.4.0-1029.32~8592^2~200 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=a47e8f5ad8981fa1b0e6be99fa0d99c1355408bc;p=mirror_ubuntu-zesty-kernel.git Merge branch 'ieee802154-next' Phoebe Buckheister says: ==================== 802154: implement link-layer security This patch series implements 802.15.4-2011 link layer security. Patches 1 and 2 prepare for llsec by adding data structures to represent the llsec PIB as specified in 802.15.4-2011. I've changed some structures from their specification to be more sensible, since 802.15.4 specifies some structures in not-exactly-useful ways. Nested lists are common, but not very accessible for netlink methods, and not very fast to traverse when searching for specific elements either. Patch 3 implements backends for these structures in mac802154. Patch 4 and 5 implement the encryption and decryption methods, split from patch 3 to ease review. The encryption and decryption methods are almost entirely compliant with the specified outgoing/incoming frame procedures. Decryption deviates from the specification slightly where the specification makes no sense, i.e. encrypted frames with security level 0 may be sent, but must be dropped an reception - but transforms for processing such frames are given a few lines in the standard. I've opted to not drop these frames instead of not implementing the transforms that wouldn't be used if they were dropped. Patch 6 links the mac802154 llsec with the SoftMAC devices. This is mainly init//fini code for llsec context, handling of security subheaders and calling the encryption/decryption methods. Patch 7 adds sockopts to 802.15.4 dgram sockets to modifiy outgoing security parameters on a per-socket basis. Ideally, this would also be available for sockets on 6lowpan devices, but I'm not sure how to do that nicely. Patch 8 adds forwarders to the llsec configuration methods for netlink, patch 10 implements these netlink accessors. This is mainly mechanical. Patch 11, implements a key tracking option for devices that previous patches haven't, because I'm not entirely sure whether this is the best approach to the problem. It performs reasonably well though, so I decided to include it as a separate patch in this series instead of sending an RFC just for this one option. ==================== Signed-off-by: David S. Miller --- a47e8f5ad8981fa1b0e6be99fa0d99c1355408bc