lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20231005180636.672791-2-radu-nicolae.pirea@oss.nxp.com> Date: Thu, 5 Oct 2023 21:06:33 +0300 From: "Radu Pirea (NXP OSS)" <radu-nicolae.pirea@....nxp.com> To: linux-kernel@...r.kernel.org, netdev@...r.kernel.org, linux-rdma@...r.kernel.org Cc: sgoutham@...vell.com, gakula@...vell.com, sbhatta@...vell.com, hkelam@...vell.com, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, borisp@...dia.com, saeedm@...dia.com, leon@...nel.org, sd@...asysnail.net, andrew@...n.ch, hkallweit1@...il.com, linux@...linux.org.uk, richardcochran@...il.com, sebastian.tobuschat@....nxp.com, phaddad@...dia.com, ehakim@...dia.com, raeds@...dia.com, atenart@...nel.org, "Radu Pirea (NXP OSS)" <radu-nicolae.pirea@....nxp.com> Subject: [PATCH net v7 1/4] net: macsec: indicate next pn update when offloading Indicate next PN update using update_pn flag in macsec_context. Offloaded MACsec implementations does not know whether or not the MACSEC_SA_ATTR_PN attribute was passed for an SA update and assume that next PN should always updated, but this is not always true. The PN can be reset to its initial value using the following command: $ ip macsec set macsec0 tx sa 0 off #octeontx2-pf case Or, the update PN command will succeed even if the driver does not support PN updates. $ ip macsec set macsec0 tx sa 0 pn 1 on #mscc phy driver case Comparing the initial PN with the new PN value is not a solution. When the user updates the PN using its initial value the command will succeed, even if the driver does not support it. Like this: $ ip macsec add macsec0 tx sa 0 pn 1 on key 00 \ ead3664f508eb06c40ac7104cdae4ce5 $ ip macsec set macsec0 tx sa 0 pn 1 on #mlx5 case Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@....nxp.com> --- Changes in v7: - removed update_pn description. I will add description as part of the following patch in v7 https://patchwork.kernel.org/project/netdevbpf/patch/20230928084430.1882670-3-radu-nicolae.pirea@oss.nxp.com/ Changes in v6: - changed update_pn description Changes in v5: - none Changes in v4: - patch added in v4 drivers/net/macsec.c | 2 ++ include/net/macsec.h | 1 + 2 files changed, 3 insertions(+) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index b7e151439c48..c5cd4551c67c 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -2383,6 +2383,7 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info) ctx.sa.assoc_num = assoc_num; ctx.sa.tx_sa = tx_sa; + ctx.sa.update_pn = !!prev_pn.full64; ctx.secy = secy; ret = macsec_offload(ops->mdo_upd_txsa, &ctx); @@ -2476,6 +2477,7 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info) ctx.sa.assoc_num = assoc_num; ctx.sa.rx_sa = rx_sa; + ctx.sa.update_pn = !!prev_pn.full64; ctx.secy = secy; ret = macsec_offload(ops->mdo_upd_rxsa, &ctx); diff --git a/include/net/macsec.h b/include/net/macsec.h index 75a6f4863c83..ebf9bc54036a 100644 --- a/include/net/macsec.h +++ b/include/net/macsec.h @@ -258,6 +258,7 @@ struct macsec_context { struct macsec_secy *secy; struct macsec_rx_sc *rx_sc; struct { + bool update_pn; unsigned char assoc_num; u8 key[MACSEC_MAX_KEY_LEN]; union { -- 2.34.1
Powered by blists - more mailing lists