| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200615154114.13184-1-mayflowerera@gmail.com>
Date: Tue, 16 Jun 2020 00:41:14 +0900
From: Era Mayflower <mayflowerera@...il.com>
To: davem@...emloft.net, kuba@...nel.org
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Era Mayflower <mayflowerera@...il.com>
Subject: [PATCH] macsec: Support 32bit PN netlink attribute for XPN links
Allow using 32bit netlink attribute for packet number when creating or
updating SA in an XPN link.
Now utilities like iproute2's `ip` do not have to know the link type
(XPN or not) when setting the packet number field of an SA.
Signed-off-by: Era Mayflower <mayflowerera@...il.com>
---
drivers/net/macsec.c | 95 ++++++++++++++++++++++++++++++++------------
1 file changed, 69 insertions(+), 26 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index e56547bfdac9..7d3c3a38ea81 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1691,8 +1691,7 @@ static bool validate_add_rxsa(struct nlattr **attrs)
if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN)
return false;
- if (attrs[MACSEC_SA_ATTR_PN] &&
- *(u64 *)nla_data(attrs[MACSEC_SA_ATTR_PN]) == 0)
+ if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
return false;
if (attrs[MACSEC_SA_ATTR_ACTIVE]) {
@@ -1714,7 +1713,6 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
struct macsec_rx_sc *rx_sc;
struct macsec_rx_sa *rx_sa;
unsigned char assoc_num;
- int pn_len;
struct nlattr *tb_rxsc[MACSEC_RXSC_ATTR_MAX + 1];
struct nlattr *tb_sa[MACSEC_SA_ATTR_MAX + 1];
int err;
@@ -1747,12 +1745,26 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
return -EINVAL;
}
- pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
- if (nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len) {
- pr_notice("macsec: nl: add_rxsa: bad pn length: %d != %d\n",
- nla_len(tb_sa[MACSEC_SA_ATTR_PN]), pn_len);
- rtnl_unlock();
- return -EINVAL;
+ if (tb_sa[MACSEC_SA_ATTR_PN]) {
+ switch (nla_len(tb_sa[MACSEC_SA_ATTR_PN])) {
+ case MACSEC_DEFAULT_PN_LEN:
+ break;
+
+ case MACSEC_XPN_PN_LEN:
+ if (secy->xpn)
+ break;
+
+ pr_notice("macsec: nl: add_rxsa: pn length on non-xpn links must be %d\n",
+ MACSEC_DEFAULT_PN_LEN);
+ rtnl_unlock();
+ return -EINVAL;
+
+ default:
+ pr_notice("macsec: nl: add_rxsa: pn length must be %d or %d\n",
+ MACSEC_DEFAULT_PN_LEN, MACSEC_XPN_PN_LEN);
+ rtnl_unlock();
+ return -EINVAL;
+ }
}
if (secy->xpn) {
@@ -1934,7 +1946,7 @@ static bool validate_add_txsa(struct nlattr **attrs)
if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN)
return false;
- if (nla_get_u32(attrs[MACSEC_SA_ATTR_PN]) == 0)
+ if (nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
return false;
if (attrs[MACSEC_SA_ATTR_ACTIVE]) {
@@ -1956,7 +1968,6 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
struct macsec_tx_sc *tx_sc;
struct macsec_tx_sa *tx_sa;
unsigned char assoc_num;
- int pn_len;
struct nlattr *tb_sa[MACSEC_SA_ATTR_MAX + 1];
bool was_operational;
int err;
@@ -1989,10 +2000,22 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
return -EINVAL;
}
- pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
- if (nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len) {
- pr_notice("macsec: nl: add_txsa: bad pn length: %d != %d\n",
- nla_len(tb_sa[MACSEC_SA_ATTR_PN]), pn_len);
+ switch (nla_len(tb_sa[MACSEC_SA_ATTR_PN])) {
+ case MACSEC_DEFAULT_PN_LEN:
+ break;
+
+ case MACSEC_XPN_PN_LEN:
+ if (secy->xpn)
+ break;
+
+ pr_notice("macsec: nl: add_txsa: pn length on non-xpn links must be %d\n",
+ MACSEC_DEFAULT_PN_LEN);
+ rtnl_unlock();
+ return -EINVAL;
+
+ default:
+ pr_notice("macsec: nl: add_txsa: pn length must be %d or %d\n",
+ MACSEC_DEFAULT_PN_LEN, MACSEC_XPN_PN_LEN);
rtnl_unlock();
return -EINVAL;
}
@@ -2288,7 +2311,7 @@ static bool validate_upd_sa(struct nlattr **attrs)
if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN)
return false;
- if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u32(attrs[MACSEC_SA_ATTR_PN]) == 0)
+ if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
return false;
if (attrs[MACSEC_SA_ATTR_ACTIVE]) {
@@ -2332,12 +2355,22 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info)
}
if (tb_sa[MACSEC_SA_ATTR_PN]) {
- int pn_len;
+ switch (nla_len(tb_sa[MACSEC_SA_ATTR_PN])) {
+ case MACSEC_DEFAULT_PN_LEN:
+ break;
+
+ case MACSEC_XPN_PN_LEN:
+ if (secy->xpn)
+ break;
+
+ pr_notice("macsec: nl: upd_txsa: pn length on non-xpn links must be %d\n",
+ MACSEC_DEFAULT_PN_LEN);
+ rtnl_unlock();
+ return -EINVAL;
- pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
- if (nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len) {
- pr_notice("macsec: nl: upd_txsa: bad pn length: %d != %d\n",
- nla_len(tb_sa[MACSEC_SA_ATTR_PN]), pn_len);
+ default:
+ pr_notice("macsec: nl: upd_txsa: pn length must be %d or %d\n",
+ MACSEC_DEFAULT_PN_LEN, MACSEC_XPN_PN_LEN);
rtnl_unlock();
return -EINVAL;
}
@@ -2429,12 +2462,22 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info)
}
if (tb_sa[MACSEC_SA_ATTR_PN]) {
- int pn_len;
+ switch (nla_len(tb_sa[MACSEC_SA_ATTR_PN])) {
+ case MACSEC_DEFAULT_PN_LEN:
+ break;
+
+ case MACSEC_XPN_PN_LEN:
+ if (secy->xpn)
+ break;
- pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
- if (nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len) {
- pr_notice("macsec: nl: upd_rxsa: bad pn length: %d != %d\n",
- nla_len(tb_sa[MACSEC_SA_ATTR_PN]), pn_len);
+ pr_notice("macsec: nl: upd_rxsa: pn length on non-xpn links must be %d\n",
+ MACSEC_DEFAULT_PN_LEN);
+ rtnl_unlock();
+ return -EINVAL;
+
+ default:
+ pr_notice("macsec: nl: upd_rxsa: pn length must be %d or %d\n",
+ MACSEC_DEFAULT_PN_LEN, MACSEC_XPN_PN_LEN);
rtnl_unlock();
return -EINVAL;
}
base-commit: bc7d17d55762421b98089f5f7496e48cab89de50
--
2.20.1
Powered by blists - more mailing lists