Lines Matching defs:secy
64 #define for_each_rxsc(secy, sc) \
65 for (sc = rcu_dereference_bh(secy->rx_sc); \
68 #define for_each_rxsc_rtnl(secy, sc) \
69 for (sc = rtnl_dereference(secy->rx_sc); \
100 * @secy: SecY config
107 struct macsec_secy secy;
258 static bool send_sci(const struct macsec_secy *secy)
260 const struct macsec_tx_sc *tx_sc = &secy->tx_sc;
263 (secy->n_rx_sc > 1 && !tx_sc->end_station && !tx_sc->scb);
306 const struct macsec_secy *secy, u32 pn,
309 const struct macsec_tx_sc *tx_sc = &secy->tx_sc;
316 memcpy(&h->secure_channel_id, &secy->sci,
330 else if (secy->icv_len != DEFAULT_ICV_LEN)
467 static void __macsec_pn_wrapped(struct macsec_secy *secy,
472 if (secy->protect_frames)
473 secy->operational = false;
476 void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa)
479 __macsec_pn_wrapped(secy, tx_sa);
485 struct macsec_secy *secy)
492 if (secy->xpn)
498 __macsec_pn_wrapped(secy, tx_sa);
516 struct macsec_secy *secy = &macsec->secy;
519 return skb->len - macsec_hdr_len(sci_present) - secy->icv_len;
564 macsec_count_tx(skb, &macsec->secy.tx_sc, macsec_skb_cb(skb)->tx_sa);
617 struct macsec_secy *secy;
624 secy = &macsec->secy;
625 tx_sc = &secy->tx_sc;
630 secy->operational = false;
659 sci_present = send_sci(secy);
663 pn = tx_sa_update_pn(tx_sa, secy);
669 macsec_fill_sectag(hh, secy, pn.lower, sci_present);
672 skb_put(skb, secy->icv_len);
700 if (secy->xpn)
703 macsec_fill_iv(iv, secy->sci, pn.lower);
716 secy->icv_len;
721 aead_request_set_ad(req, skb->len - secy->icv_len);
748 static bool macsec_post_decrypt(struct sk_buff *skb, struct macsec_secy *secy, u32 pn)
756 if (rx_sa->next_pn_halves.lower >= secy->replay_window)
757 lowest_pn = rx_sa->next_pn_halves.lower - secy->replay_window;
762 if (secy->replay_protect && pn < lowest_pn &&
763 (!secy->xpn || pn_same_half(pn, lowest_pn))) {
768 DEV_STATS_INC(secy->netdev, rx_dropped);
772 if (secy->validate_frames != MACSEC_VALIDATE_DISABLED) {
787 secy->validate_frames == MACSEC_VALIDATE_STRICT) {
792 DEV_STATS_INC(secy->netdev, rx_errors);
797 if (secy->validate_frames == MACSEC_VALIDATE_CHECK) {
819 } else if (secy->xpn &&
877 if (!macsec_post_decrypt(skb, &macsec->secy, pn)) {
883 macsec_finalize_skb(skb, macsec->secy.icv_len,
886 macsec_reset_skb(skb, macsec->secy.netdev);
903 struct macsec_secy *secy)
912 u16 icv_len = secy->icv_len;
933 if (secy->xpn) {
1000 static struct macsec_rx_sc *find_rx_sc(struct macsec_secy *secy, sci_t sci)
1004 for_each_rxsc(secy, rx_sc) {
1012 static struct macsec_rx_sc *find_rx_sc_rtnl(struct macsec_secy *secy, sci_t sci)
1016 for_each_rxsc_rtnl(secy, rx_sc) {
1038 struct net_device *ndev = macsec->secy.netdev;
1074 if (macsec->secy.validate_frames == MACSEC_VALIDATE_STRICT) {
1078 DEV_STATS_INC(macsec->secy.netdev, rx_dropped);
1106 struct macsec_secy *secy = NULL;
1165 struct macsec_rx_sc *sc = find_rx_sc(&macsec->secy, sci);
1170 secy = &macsec->secy;
1176 if (!secy)
1179 dev = secy->netdev;
1184 if (!macsec_validate_skb(skb, secy->icv_len, secy->xpn)) {
1188 DEV_STATS_INC(secy->netdev, rx_errors);
1201 secy->validate_frames == MACSEC_VALIDATE_STRICT) {
1205 DEV_STATS_INC(secy->netdev, rx_errors);
1224 if (secy->replay_protect) {
1228 late = rx_sa->next_pn_halves.lower >= secy->replay_window &&
1229 hdr_pn < (rx_sa->next_pn_halves.lower - secy->replay_window);
1231 if (secy->xpn)
1239 DEV_STATS_INC(macsec->secy.netdev, rx_dropped);
1248 secy->validate_frames != MACSEC_VALIDATE_DISABLED)
1249 skb = macsec_decrypt(skb, dev, rx_sa, sci, secy);
1262 if (!macsec_post_decrypt(skb, secy, hdr_pn))
1266 macsec_finalize_skb(skb, secy->icv_len,
1269 macsec_reset_skb(skb, secy->netdev);
1280 DEV_STATS_INC(macsec->secy.netdev, rx_dropped);
1313 macsec->secy.validate_frames == MACSEC_VALIDATE_STRICT) {
1317 DEV_STATS_INC(macsec->secy.netdev, rx_errors);
1328 macsec_reset_skb(nskb, macsec->secy.netdev);
1336 DEV_STATS_INC(macsec->secy.netdev, rx_dropped);
1413 static struct macsec_rx_sc *del_rx_sc(struct macsec_secy *secy, sci_t sci)
1417 for (rx_scp = &secy->rx_sc, rx_sc = rtnl_dereference(*rx_scp);
1422 secy->n_rx_sc--;
1438 struct macsec_secy *secy;
1441 if (find_rx_sc_rtnl(&macsec->secy, sci))
1459 secy = &macsec_priv(dev)->secy;
1460 rcu_assign_pointer(rx_sc->next, secy->rx_sc);
1461 rcu_assign_pointer(secy->rx_sc, rx_sc);
1464 secy->n_rx_sc++;
1550 struct macsec_secy *secy;
1566 secy = &macsec_priv(dev)->secy;
1567 tx_sc = &secy->tx_sc;
1575 *secyp = secy;
1586 struct macsec_secy *secy;
1594 secy = &macsec_priv(dev)->secy;
1600 rx_sc = find_rx_sc_rtnl(secy, sci);
1604 *secyp = secy;
1755 struct macsec_secy *secy;
1777 rx_sc = get_rxsc_from_nl(genl_info_net(info), attrs, tb_rxsc, &dev, &secy);
1785 if (nla_len(tb_sa[MACSEC_SA_ATTR_KEY]) != secy->key_len) {
1787 nla_len(tb_sa[MACSEC_SA_ATTR_KEY]), secy->key_len);
1792 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
1801 if (secy->xpn) {
1829 secy->key_len, secy->icv_len);
1860 ctx.secy = secy;
1862 secy->key_len);
1865 memzero_explicit(ctx.sa.key, secy->key_len);
1870 if (secy->xpn) {
1909 struct macsec_secy *secy;
1929 secy = &macsec_priv(dev)->secy;
1952 ctx.secy = secy;
1964 del_rx_sc(secy, sci);
1999 struct macsec_secy *secy;
2024 secy = &macsec_priv(dev)->secy;
2025 tx_sc = &secy->tx_sc;
2029 if (nla_len(tb_sa[MACSEC_SA_ATTR_KEY]) != secy->key_len) {
2031 nla_len(tb_sa[MACSEC_SA_ATTR_KEY]), secy->key_len);
2036 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
2044 if (secy->xpn) {
2072 secy->key_len, secy->icv_len);
2086 was_operational = secy->operational;
2088 secy->operational = true;
2103 ctx.secy = secy;
2105 secy->key_len);
2108 memzero_explicit(ctx.sa.key, secy->key_len);
2113 if (secy->xpn) {
2127 secy->operational = was_operational;
2137 struct macsec_secy *secy;
2156 &dev, &secy, &rx_sc, &assoc_num);
2180 ctx.secy = secy;
2203 struct macsec_secy *secy;
2225 secy = &macsec_priv(dev)->secy;
2228 rx_sc = del_rx_sc(secy, sci);
2246 ctx.secy = secy;
2266 struct macsec_secy *secy;
2281 &dev, &secy, &tx_sc, &assoc_num);
2305 ctx.secy = secy;
2351 struct macsec_secy *secy;
2373 &dev, &secy, &tx_sc, &assoc_num);
2382 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
2400 was_operational = secy->operational;
2402 secy->operational = tx_sa->active;
2418 ctx.secy = secy;
2436 secy->operational = was_operational;
2445 struct macsec_secy *secy;
2471 &dev, &secy, &rx_sc, &assoc_num);
2480 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
2512 ctx.secy = secy;
2537 struct macsec_secy *secy;
2554 rx_sc = get_rxsc_from_nl(genl_info_net(info), attrs, tb_rxsc, &dev, &secy);
2561 prev_n_rx_sc = secy->n_rx_sc;
2566 secy->n_rx_sc += new ? 1 : -1;
2583 ctx.secy = secy;
2595 secy->n_rx_sc = prev_n_rx_sc;
2603 struct macsec_secy *secy = &macsec->secy;
2604 struct macsec_tx_sc *tx_sc = &secy->tx_sc;
2607 if (secy->rx_sc)
2694 ctx.secy = &macsec->secy;
2726 ctx.secy = &macsec_priv(dev)->secy;
2770 ctx.secy = &macsec_priv(dev)->secy;
2821 ctx.secy = &macsec_priv(dev)->secy;
2903 ctx.secy = &macsec_priv(dev)->secy;
2914 stats = per_cpu_ptr(macsec_priv(dev)->secy.tx_sc.stats, cpu);
2959 ctx.secy = &macsec_priv(dev)->secy;
3018 static int nla_put_secy(struct macsec_secy *secy, struct sk_buff *skb)
3020 struct macsec_tx_sc *tx_sc = &secy->tx_sc;
3028 switch (secy->key_len) {
3030 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_128 : MACSEC_DEFAULT_CIPHER_ID;
3033 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_256 : MACSEC_CIPHER_ID_GCM_AES_256;
3039 if (nla_put_sci(skb, MACSEC_SECY_ATTR_SCI, secy->sci,
3043 nla_put_u8(skb, MACSEC_SECY_ATTR_ICV_LEN, secy->icv_len) ||
3044 nla_put_u8(skb, MACSEC_SECY_ATTR_OPER, secy->operational) ||
3045 nla_put_u8(skb, MACSEC_SECY_ATTR_PROTECT, secy->protect_frames) ||
3046 nla_put_u8(skb, MACSEC_SECY_ATTR_REPLAY, secy->replay_protect) ||
3047 nla_put_u8(skb, MACSEC_SECY_ATTR_VALIDATE, secy->validate_frames) ||
3055 if (secy->replay_protect) {
3056 if (nla_put_u32(skb, MACSEC_SECY_ATTR_WINDOW, secy->replay_window))
3069 dump_secy(struct macsec_secy *secy, struct net_device *dev,
3078 struct macsec_tx_sc *tx_sc = &secy->tx_sc;
3102 if (nla_put_secy(secy, skb))
3160 if (secy->xpn) {
3171 (secy->xpn && nla_put_ssci(skb, MACSEC_SA_ATTR_SSCI, tx_sa->ssci)) ||
3187 for_each_rxsc_rtnl(secy, rx_sc) {
3265 if (secy->xpn) {
3276 (secy->xpn && nla_put_ssci(skb, MACSEC_SA_ATTR_SSCI, rx_sa->ssci)) ||
3317 struct macsec_secy *secy;
3325 secy = &macsec_priv(dev)->secy;
3326 if (dump_secy(secy, dev, skb, cb) < 0)
3422 struct macsec_secy *secy = &macsec->secy;
3432 if (!secy->protect_frames) {
3444 if (!secy->operational) {
3458 macsec_count_tx(skb, &macsec->secy.tx_sc, macsec_skb_cb(skb)->tx_sa);
3555 ctx.secy = &macsec->secy;
3588 ctx.secy = &macsec->secy;
3651 macsec->secy.sci = dev_to_sci(dev, MACSEC_PORT_ES);
3660 ctx.secy = &macsec->secy;
3671 unsigned int extra = macsec->secy.icv_len + macsec_extra_len(true);
3740 free_percpu(macsec->secy.tx_sc.stats);
3761 struct macsec_secy *secy;
3764 secy = &macsec_priv(dev)->secy;
3765 tx_sc = &secy->tx_sc;
3773 secy->operational = tx_sa && tx_sa->active;
3780 secy->protect_frames = !!nla_get_u8(data[IFLA_MACSEC_PROTECT]);
3792 secy->replay_protect = !!nla_get_u8(data[IFLA_MACSEC_REPLAY_PROTECT]);
3795 secy->validate_frames = nla_get_u8(data[IFLA_MACSEC_VALIDATION]);
3801 secy->key_len = MACSEC_GCM_AES_128_SAK_LEN;
3802 secy->xpn = false;
3805 secy->key_len = MACSEC_GCM_AES_256_SAK_LEN;
3806 secy->xpn = false;
3809 secy->key_len = MACSEC_GCM_AES_128_SAK_LEN;
3810 secy->xpn = true;
3813 secy->key_len = MACSEC_GCM_AES_256_SAK_LEN;
3814 secy->xpn = true;
3822 secy->replay_window = nla_get_u32(data[IFLA_MACSEC_WINDOW]);
3826 if (secy->xpn &&
3827 secy->replay_window > MACSEC_XPN_MAX_REPLAY_WINDOW)
3840 struct macsec_secy secy;
3852 /* Keep a copy of unmodified secy and tx_sc, in case the offload
3855 memcpy(&secy, &macsec->secy, sizeof(secy));
3856 memcpy(&tx_sc, &macsec->secy.tx_sc, sizeof(tx_sc));
3873 ctx.secy = &macsec->secy;
3882 memcpy(&macsec->secy.tx_sc, &tx_sc, sizeof(tx_sc));
3883 memcpy(&macsec->secy, &secy, sizeof(secy));
3892 while (macsec->secy.rx_sc) {
3893 struct macsec_rx_sc *rx_sc = rtnl_dereference(macsec->secy.rx_sc);
3895 rcu_assign_pointer(macsec->secy.rx_sc, rx_sc->next);
3900 struct macsec_tx_sa *sa = rtnl_dereference(macsec->secy.tx_sc.sa[i]);
3903 RCU_INIT_POINTER(macsec->secy.tx_sc.sa[i], NULL);
3921 ctx.secy = &macsec->secy;
3981 if (macsec->secy.sci == sci)
3991 struct macsec_secy *secy = &macsec->secy;
3997 secy->tx_sc.stats = netdev_alloc_pcpu_stats(struct pcpu_tx_sc_stats);
3998 if (!secy->tx_sc.stats) {
4006 secy->netdev = dev;
4007 secy->operational = true;
4008 secy->key_len = DEFAULT_SAK_LEN;
4009 secy->icv_len = icv_len;
4010 secy->validate_frames = MACSEC_VALIDATE_DEFAULT;
4011 secy->protect_frames = true;
4012 secy->replay_protect = false;
4013 secy->xpn = DEFAULT_XPN;
4015 secy->sci = sci;
4016 secy->tx_sc.active = true;
4017 secy->tx_sc.encoding_sa = DEFAULT_ENCODING_SA;
4018 secy->tx_sc.encrypt = DEFAULT_ENCRYPT;
4019 secy->tx_sc.send_sci = DEFAULT_SEND_SCI;
4020 secy->tx_sc.end_station = false;
4021 secy->tx_sc.scb = false;
4127 ctx.secy = &macsec->secy;
4255 struct macsec_secy *secy = &macsec_priv(dev)->secy;
4256 struct macsec_tx_sc *tx_sc = &secy->tx_sc;
4259 switch (secy->key_len) {
4261 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_128 : MACSEC_DEFAULT_CIPHER_ID;
4264 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_256 : MACSEC_CIPHER_ID_GCM_AES_256;
4270 if (nla_put_sci(skb, IFLA_MACSEC_SCI, secy->sci,
4272 nla_put_u8(skb, IFLA_MACSEC_ICV_LEN, secy->icv_len) ||
4277 nla_put_u8(skb, IFLA_MACSEC_PROTECT, secy->protect_frames) ||
4281 nla_put_u8(skb, IFLA_MACSEC_REPLAY_PROTECT, secy->replay_protect) ||
4282 nla_put_u8(skb, IFLA_MACSEC_VALIDATION, secy->validate_frames) ||
4286 if (secy->replay_protect) {
4287 if (nla_put_u32(skb, IFLA_MACSEC_WINDOW, secy->replay_window))
4335 struct net_device *dev = m->secy.netdev;
4347 macsec_common_dellink(m->secy.netdev, &head);
4362 struct net_device *dev = m->secy.netdev;
4363 unsigned int mtu = real_dev->mtu - (m->secy.icv_len +