| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Jun 2023 12:13:55 +0200 From: carlos.fernandez@...hnica-engineering.de To: carlos.fernandez@...hnica-engineering.de, sd@...asysnail.net, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3] net: macsec SCI assignment for ES = 0 Regarding ES, it is only set if the first 6 octets of the SCI are equal to the MAC, in which case SC=0 as well (IEEE802.1AE 9.5 TAG Control information). However, if ES=0, it is incorrect to use source MAC as SCI (current implementation) Regarding SC, as said in IEEE 802.1AE 9.9: "An explicitly encoded SCI field in the SecTAG is not required on point-to-point links, which are identified by (...), if the transmitting SecY uses only one transmit SC. In that case, the secure association created by the SecY for the peer SecYs, together with the direction of transmission of the secured MPDU, can be used to identify the transmitting SecY." Therefore the case SC=0 is reserved for cases where both conditions apply: point-to-point links, and only one transmit SC. This requirement makes the size of the reception lookup 1. In conclusion, if we're in a NON end station MPDU scenario (ES = 0) and SCI it's not in the SegTAG (SC = 0), we need to find the correct SCI. This can be done by searching it at the current (only) active RX_SC. Thanks -- Carlos
Powered by blists - more mailing lists