| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200417090547.GA3874480@bistromath.localdomain>
Date: Fri, 17 Apr 2020 11:05:47 +0200
From: Sabrina Dubroca <sd@...asysnail.net>
To: Igor Russkikh <irusskikh@...vell.com>
Cc: netdev@...r.kernel.org,
Mark Starovoytov <mstarovoitov@...vell.com>,
Antoine Tenart <antoine.tenart@...tlin.com>,
Dmitry Bogdanov <dbogdanov@...vell.com>
Subject: Re: [PATCH net 1/2] net: macsec: update SCI upon MAC address change.
Hello,
2020-03-10, 18:22:24 +0300, Igor Russkikh wrote:
> From: Dmitry Bogdanov <dbogdanov@...vell.com>
>
> SCI should be updated, because it contains MAC in its first 6 octets.
Sorry for catching this so late. I don't think this change is correct.
Changing the SCI means wpa_supplicant (or whatever MKA you're using)
will disagree as to which SCI is in use. The peer probably doesn't
have an RXSC for the new SCI either, so the packets will be dropped
anyway.
Plus, if you're using "send_sci on", there's no real reason to change
the SCI, since it's also in the packet, and may or may not have any
relationship to the MAC address of the device.
I'm guessing the issue you're trying to solve is that in the "send_sci
off" case, macsec_encrypt() will use the SCI stored in the secy, but
the receiver will construct the SCI based on the source MAC
address. Can you confirm that? If that's the real problem, I have a
couple of ideas to solve it.
Thanks, and sorry again for the delay in looking at this,
--
Sabrina
Powered by blists - more mailing lists