The IEEE 802.15.4 security implementation had several severe bugs:
* A regression introduced by 6ea225e34a
(net/ieee802154: Finally removing usage of ll_reserve in L2)
introduced a buffer leak (reading/ writing beyond the end of the frame
buffer) and led the security implementation to malfunction in all but
the simplest cases (i.e. encryption/authentication: none).
* Encryption vs. authentication modes were not properly implemented i.e.
encryption was always active even if not required by the chosen
encryption level.
* Nonce endianness was not correctly handled on decryption of packets
which led to authentication failures.
* The frame counter was not checked for overflows.
* The encryption output buffer limit (out_buf_max) was not correctly set.
* Setting an invalid key mode led to a NULL pointer deref.
* We use CCM rather than CCM* as crypto.h does not provide access to
CCM*. CCM does not support encryption-only operation, though. This
condition was not checked by the code.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
856c985239