| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yx5RNSTJ4lcndzcO@hog>
Date: Sun, 11 Sep 2022 23:20:53 +0200
From: Sabrina Dubroca <sd@...asysnail.net>
To: Emeel Hakim <ehakim@...dia.com>
Cc: dsahern@...nel.org, netdev@...r.kernel.org, raeds@...dia.com,
tariqt@...dia.com
Subject: Re: [PATCH main v5 1/2] macsec: add Extended Packet Number support
2022-09-11, 12:26:55 +0300, Emeel Hakim wrote:
> This patch adds support for extended packet number (XPN).
> XPN can be configured by passing 'cipher gcm-aes-xpn-128' as part of
> the ip link add command using macsec type.
> In addition, using 'xpn' keyword instead of the 'pn', passing a 12
> bytes salt using the 'salt' keyword and passing short secure channel
> id (ssci) using the 'ssci' keyword as part of the ip macsec command
> is required (see example).
>
> e.g:
>
> create a MACsec device on link eth0 with enabled xpn
> # ip link add link eth0 macsec0 type macsec port 11
> encrypt on cipher gcm-aes-xpn-128
>
> configure a secure association on the device
> # ip macsec add macsec0 tx sa 0 xpn 1024 on ssci 5
> salt 838383838383838383838383
> key 01 81818181818181818181818181818181
>
> configure a secure association on the device with ssci = 5
> # ip macsec add macsec0 tx sa 0 xpn 1024 on ssci 5
> salt 838383838383838383838383
> key 01 82828282828282828282828282828282
>
> Signed-off-by: Emeel Hakim <ehakim@...dia.com>
Looks good now, thanks.
Reviewed-by: Sabrina Dubroca <sd@...asysnail.net>
--
Sabrina
Powered by blists - more mailing lists