Lines Matching defs:secy
53 #define for_each_rxsc(secy, sc) \
54 for (sc = rcu_dereference_bh(secy->rx_sc); \
57 #define for_each_rxsc_rtnl(secy, sc) \
58 for (sc = rtnl_dereference(secy->rx_sc); \
89 * @secy: SecY config
98 struct macsec_secy secy;
289 const struct macsec_secy *secy, u32 pn,
292 const struct macsec_tx_sc *tx_sc = &secy->tx_sc;
299 memcpy(&h->secure_channel_id, &secy->sci,
313 else if (secy->icv_len != MACSEC_DEFAULT_ICV_LEN)
445 static void __macsec_pn_wrapped(struct macsec_secy *secy,
450 if (secy->protect_frames)
451 secy->operational = false;
454 void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa)
457 __macsec_pn_wrapped(secy, tx_sa);
463 struct macsec_secy *secy)
470 if (secy->xpn)
476 __macsec_pn_wrapped(secy, tx_sa);
494 struct macsec_secy *secy = &macsec->secy;
497 return skb->len - macsec_hdr_len(sci_present) - secy->icv_len;
536 macsec_count_tx(skb, &macsec->secy.tx_sc, macsec_skb_cb(skb)->tx_sa);
589 struct macsec_secy *secy;
596 secy = &macsec->secy;
597 tx_sc = &secy->tx_sc;
602 secy->operational = false;
631 sci_present = macsec_send_sci(secy);
635 pn = tx_sa_update_pn(tx_sa, secy);
641 macsec_fill_sectag(hh, secy, pn.lower, sci_present);
644 skb_put(skb, secy->icv_len);
672 if (secy->xpn)
675 macsec_fill_iv(iv, secy->sci, pn.lower);
688 secy->icv_len;
693 aead_request_set_ad(req, skb->len - secy->icv_len);
720 static bool macsec_post_decrypt(struct sk_buff *skb, struct macsec_secy *secy, u32 pn)
728 if (rx_sa->next_pn_halves.lower >= secy->replay_window)
729 lowest_pn = rx_sa->next_pn_halves.lower - secy->replay_window;
734 if (secy->replay_protect && pn < lowest_pn &&
735 (!secy->xpn || pn_same_half(pn, lowest_pn))) {
740 DEV_STATS_INC(secy->netdev, rx_dropped);
744 if (secy->validate_frames != MACSEC_VALIDATE_DISABLED) {
759 secy->validate_frames == MACSEC_VALIDATE_STRICT) {
764 DEV_STATS_INC(secy->netdev, rx_errors);
769 if (secy->validate_frames == MACSEC_VALIDATE_CHECK) {
791 } else if (secy->xpn &&
844 if (!macsec_post_decrypt(skb, &macsec->secy, pn)) {
850 macsec_finalize_skb(skb, macsec->secy.icv_len,
853 macsec_reset_skb(skb, macsec->secy.netdev);
870 struct macsec_secy *secy)
879 u16 icv_len = secy->icv_len;
900 if (secy->xpn) {
967 static struct macsec_rx_sc *find_rx_sc(struct macsec_secy *secy, sci_t sci)
971 for_each_rxsc(secy, rx_sc) {
979 static struct macsec_rx_sc *find_rx_sc_rtnl(struct macsec_secy *secy, sci_t sci)
983 for_each_rxsc_rtnl(secy, rx_sc) {
1007 struct net_device *ndev = macsec->secy.netdev;
1016 rx_sc = find_rx_sc(&macsec->secy, md_dst->u.macsec_info.sci);
1057 if (macsec->secy.validate_frames == MACSEC_VALIDATE_STRICT) {
1061 DEV_STATS_INC(macsec->secy.netdev, rx_dropped);
1089 struct macsec_secy *secy = NULL;
1148 struct macsec_rx_sc *sc = find_rx_sc(&macsec->secy, sci);
1153 secy = &macsec->secy;
1159 if (!secy)
1162 dev = secy->netdev;
1167 if (!macsec_validate_skb(skb, secy->icv_len, secy->xpn)) {
1171 DEV_STATS_INC(secy->netdev, rx_errors);
1184 secy->validate_frames == MACSEC_VALIDATE_STRICT) {
1188 DEV_STATS_INC(secy->netdev, rx_errors);
1207 if (secy->replay_protect) {
1211 late = rx_sa->next_pn_halves.lower >= secy->replay_window &&
1212 hdr_pn < (rx_sa->next_pn_halves.lower - secy->replay_window);
1214 if (secy->xpn)
1222 DEV_STATS_INC(macsec->secy.netdev, rx_dropped);
1231 secy->validate_frames != MACSEC_VALIDATE_DISABLED)
1232 skb = macsec_decrypt(skb, dev, rx_sa, sci, secy);
1245 if (!macsec_post_decrypt(skb, secy, hdr_pn))
1249 macsec_finalize_skb(skb, secy->icv_len,
1252 macsec_reset_skb(skb, secy->netdev);
1263 DEV_STATS_INC(macsec->secy.netdev, rx_dropped);
1296 macsec->secy.validate_frames == MACSEC_VALIDATE_STRICT) {
1300 DEV_STATS_INC(macsec->secy.netdev, rx_errors);
1311 macsec_reset_skb(nskb, macsec->secy.netdev);
1319 DEV_STATS_INC(macsec->secy.netdev, rx_dropped);
1396 static struct macsec_rx_sc *del_rx_sc(struct macsec_secy *secy, sci_t sci)
1400 for (rx_scp = &secy->rx_sc, rx_sc = rtnl_dereference(*rx_scp);
1405 secy->n_rx_sc--;
1421 struct macsec_secy *secy;
1424 if (find_rx_sc_rtnl(&macsec->secy, sci))
1442 secy = &macsec_priv(dev)->secy;
1443 rcu_assign_pointer(rx_sc->next, secy->rx_sc);
1444 rcu_assign_pointer(secy->rx_sc, rx_sc);
1447 secy->n_rx_sc++;
1533 struct macsec_secy *secy;
1549 secy = &macsec_priv(dev)->secy;
1550 tx_sc = &secy->tx_sc;
1558 *secyp = secy;
1569 struct macsec_secy *secy;
1577 secy = &macsec_priv(dev)->secy;
1583 rx_sc = find_rx_sc_rtnl(secy, sci);
1587 *secyp = secy;
1724 struct macsec_secy *secy;
1746 rx_sc = get_rxsc_from_nl(genl_info_net(info), attrs, tb_rxsc, &dev, &secy);
1754 if (nla_len(tb_sa[MACSEC_SA_ATTR_KEY]) != secy->key_len) {
1756 nla_len(tb_sa[MACSEC_SA_ATTR_KEY]), secy->key_len);
1761 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
1770 if (secy->xpn) {
1798 secy->key_len, secy->icv_len);
1816 if (secy->xpn) {
1835 ctx.secy = secy;
1837 secy->key_len);
1840 memzero_explicit(ctx.sa.key, secy->key_len);
1878 struct macsec_secy *secy;
1898 secy = &macsec_priv(dev)->secy;
1921 ctx.secy = secy;
1933 del_rx_sc(secy, sci);
1968 struct macsec_secy *secy;
1993 secy = &macsec_priv(dev)->secy;
1994 tx_sc = &secy->tx_sc;
1998 if (nla_len(tb_sa[MACSEC_SA_ATTR_KEY]) != secy->key_len) {
2000 nla_len(tb_sa[MACSEC_SA_ATTR_KEY]), secy->key_len);
2005 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
2013 if (secy->xpn) {
2041 secy->key_len, secy->icv_len);
2055 was_operational = secy->operational;
2057 secy->operational = true;
2059 if (secy->xpn) {
2078 ctx.secy = secy;
2080 secy->key_len);
2083 memzero_explicit(ctx.sa.key, secy->key_len);
2096 secy->operational = was_operational;
2106 struct macsec_secy *secy;
2125 &dev, &secy, &rx_sc, &assoc_num);
2149 ctx.secy = secy;
2172 struct macsec_secy *secy;
2194 secy = &macsec_priv(dev)->secy;
2197 rx_sc = del_rx_sc(secy, sci);
2215 ctx.secy = secy;
2235 struct macsec_secy *secy;
2250 &dev, &secy, &tx_sc, &assoc_num);
2274 ctx.secy = secy;
2320 struct macsec_secy *secy;
2342 &dev, &secy, &tx_sc, &assoc_num);
2351 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
2369 was_operational = secy->operational;
2371 secy->operational = tx_sa->active;
2387 ctx.secy = secy;
2405 secy->operational = was_operational;
2414 struct macsec_secy *secy;
2440 &dev, &secy, &rx_sc, &assoc_num);
2449 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
2481 ctx.secy = secy;
2506 struct macsec_secy *secy;
2523 rx_sc = get_rxsc_from_nl(genl_info_net(info), attrs, tb_rxsc, &dev, &secy);
2530 prev_n_rx_sc = secy->n_rx_sc;
2535 secy->n_rx_sc += new ? 1 : -1;
2552 ctx.secy = secy;
2564 secy->n_rx_sc = prev_n_rx_sc;
2572 struct macsec_secy *secy = &macsec->secy;
2573 struct macsec_tx_sc *tx_sc = &secy->tx_sc;
2576 if (secy->rx_sc)
2620 ctx.secy = &macsec->secy;
2689 ctx.secy = &macsec_priv(dev)->secy;
2733 ctx.secy = &macsec_priv(dev)->secy;
2784 ctx.secy = &macsec_priv(dev)->secy;
2866 ctx.secy = &macsec_priv(dev)->secy;
2877 stats = per_cpu_ptr(macsec_priv(dev)->secy.tx_sc.stats, cpu);
2922 ctx.secy = &macsec_priv(dev)->secy;
2981 static int nla_put_secy(struct macsec_secy *secy, struct sk_buff *skb)
2983 struct macsec_tx_sc *tx_sc = &secy->tx_sc;
2991 switch (secy->key_len) {
2993 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_128 : MACSEC_DEFAULT_CIPHER_ID;
2996 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_256 : MACSEC_CIPHER_ID_GCM_AES_256;
3002 if (nla_put_sci(skb, MACSEC_SECY_ATTR_SCI, secy->sci,
3006 nla_put_u8(skb, MACSEC_SECY_ATTR_ICV_LEN, secy->icv_len) ||
3007 nla_put_u8(skb, MACSEC_SECY_ATTR_OPER, secy->operational) ||
3008 nla_put_u8(skb, MACSEC_SECY_ATTR_PROTECT, secy->protect_frames) ||
3009 nla_put_u8(skb, MACSEC_SECY_ATTR_REPLAY, secy->replay_protect) ||
3010 nla_put_u8(skb, MACSEC_SECY_ATTR_VALIDATE, secy->validate_frames) ||
3018 if (secy->replay_protect) {
3019 if (nla_put_u32(skb, MACSEC_SECY_ATTR_WINDOW, secy->replay_window))
3032 dump_secy(struct macsec_secy *secy, struct net_device *dev,
3041 struct macsec_tx_sc *tx_sc = &secy->tx_sc;
3065 if (nla_put_secy(secy, skb))
3123 if (secy->xpn) {
3134 (secy->xpn && nla_put_ssci(skb, MACSEC_SA_ATTR_SSCI, tx_sa->ssci)) ||
3150 for_each_rxsc_rtnl(secy, rx_sc) {
3228 if (secy->xpn) {
3239 (secy->xpn && nla_put_ssci(skb, MACSEC_SA_ATTR_SSCI, rx_sa->ssci)) ||
3280 struct macsec_secy *secy;
3288 secy = &macsec_priv(dev)->secy;
3289 if (dump_secy(secy, dev, skb, cb) < 0)
3386 struct macsec_secy *secy = &macsec->secy;
3391 struct metadata_dst *md_dst = secy->tx_sc.md_dst;
3401 if (!secy->protect_frames) {
3413 if (!secy->operational) {
3427 macsec_count_tx(skb, &macsec->secy.tx_sc, macsec_skb_cb(skb)->tx_sa);
3527 ctx.secy = &macsec->secy;
3560 ctx.secy = &macsec->secy;
3631 ctx.secy = &macsec->secy;
3642 unsigned int extra = macsec->secy.icv_len + macsec_extra_len(true);
3710 if (macsec->secy.tx_sc.md_dst)
3711 metadata_dst_free(macsec->secy.tx_sc.md_dst);
3713 free_percpu(macsec->secy.tx_sc.stats);
3736 struct macsec_secy *secy;
3739 secy = &macsec_priv(dev)->secy;
3740 tx_sc = &secy->tx_sc;
3748 secy->operational = tx_sa && tx_sa->active;
3755 secy->protect_frames = !!nla_get_u8(data[IFLA_MACSEC_PROTECT]);
3767 secy->replay_protect = !!nla_get_u8(data[IFLA_MACSEC_REPLAY_PROTECT]);
3770 secy->validate_frames = nla_get_u8(data[IFLA_MACSEC_VALIDATION]);
3776 secy->key_len = MACSEC_GCM_AES_128_SAK_LEN;
3777 secy->xpn = false;
3780 secy->key_len = MACSEC_GCM_AES_256_SAK_LEN;
3781 secy->xpn = false;
3784 secy->key_len = MACSEC_GCM_AES_128_SAK_LEN;
3785 secy->xpn = true;
3788 secy->key_len = MACSEC_GCM_AES_256_SAK_LEN;
3789 secy->xpn = true;
3797 secy->replay_window = nla_get_u32(data[IFLA_MACSEC_WINDOW]);
3801 if (secy->xpn &&
3802 secy->replay_window > MACSEC_XPN_MAX_REPLAY_WINDOW)
3817 struct macsec_secy secy;
3829 /* Keep a copy of unmodified secy and tx_sc, in case the offload
3832 memcpy(&secy, &macsec->secy, sizeof(secy));
3833 memcpy(&tx_sc, &macsec->secy.tx_sc, sizeof(tx_sc));
3860 ctx.secy = &macsec->secy;
3869 memcpy(&macsec->secy.tx_sc, &tx_sc, sizeof(tx_sc));
3870 memcpy(&macsec->secy, &secy, sizeof(secy));
3879 while (macsec->secy.rx_sc) {
3880 struct macsec_rx_sc *rx_sc = rtnl_dereference(macsec->secy.rx_sc);
3882 rcu_assign_pointer(macsec->secy.rx_sc, rx_sc->next);
3887 struct macsec_tx_sa *sa = rtnl_dereference(macsec->secy.tx_sc.sa[i]);
3890 RCU_INIT_POINTER(macsec->secy.tx_sc.sa[i], NULL);
3908 ctx.secy = &macsec->secy;
3968 if (macsec->secy.sci == sci)
3983 struct macsec_secy *secy = &macsec->secy;
3989 secy->tx_sc.stats = netdev_alloc_pcpu_stats(struct pcpu_tx_sc_stats);
3990 if (!secy->tx_sc.stats)
3993 secy->tx_sc.md_dst = metadata_dst_alloc(0, METADATA_MACSEC, GFP_KERNEL);
3994 if (!secy->tx_sc.md_dst)
3995 /* macsec and secy percpu stats will be freed when unregistering
4003 secy->netdev = dev;
4004 secy->operational = true;
4005 secy->key_len = DEFAULT_SAK_LEN;
4006 secy->icv_len = icv_len;
4007 secy->validate_frames = MACSEC_VALIDATE_DEFAULT;
4008 secy->protect_frames = true;
4009 secy->replay_protect = false;
4010 secy->xpn = DEFAULT_XPN;
4012 secy->sci = sci;
4013 secy->tx_sc.md_dst->u.macsec_info.sci = sci;
4014 secy->tx_sc.active = true;
4015 secy->tx_sc.encoding_sa = DEFAULT_ENCODING_SA;
4016 secy->tx_sc.encrypt = DEFAULT_ENCRYPT;
4017 secy->tx_sc.send_sci = DEFAULT_SEND_SCI;
4018 secy->tx_sc.end_station = false;
4019 secy->tx_sc.scb = false;
4125 ctx.secy = &macsec->secy;
4268 struct macsec_secy *secy;
4272 secy = &macsec->secy;
4273 tx_sc = &secy->tx_sc;
4275 switch (secy->key_len) {
4277 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_128 : MACSEC_DEFAULT_CIPHER_ID;
4280 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_256 : MACSEC_CIPHER_ID_GCM_AES_256;
4286 if (nla_put_sci(skb, IFLA_MACSEC_SCI, secy->sci,
4288 nla_put_u8(skb, IFLA_MACSEC_ICV_LEN, secy->icv_len) ||
4293 nla_put_u8(skb, IFLA_MACSEC_PROTECT, secy->protect_frames) ||
4297 nla_put_u8(skb, IFLA_MACSEC_REPLAY_PROTECT, secy->replay_protect) ||
4298 nla_put_u8(skb, IFLA_MACSEC_VALIDATION, secy->validate_frames) ||
4303 if (secy->replay_protect) {
4304 if (nla_put_u32(skb, IFLA_MACSEC_WINDOW, secy->replay_window))
4352 struct net_device *dev = m->secy.netdev;
4364 macsec_common_dellink(m->secy.netdev, &head);
4379 struct net_device *dev = m->secy.netdev;
4380 unsigned int mtu = real_dev->mtu - (m->secy.icv_len +