Lines Matching refs:secy
63 #define for_each_rxsc(secy, sc) \ argument
64 for (sc = rcu_dereference_bh(secy->rx_sc); \
67 #define for_each_rxsc_rtnl(secy, sc) \ argument
68 for (sc = rtnl_dereference(secy->rx_sc); \
265 struct macsec_secy secy; member
399 static bool send_sci(const struct macsec_secy *secy) in send_sci() argument
401 const struct macsec_tx_sc *tx_sc = &secy->tx_sc; in send_sci()
404 (secy->n_rx_sc > 1 && !tx_sc->end_station && !tx_sc->scb); in send_sci()
447 const struct macsec_secy *secy, u32 pn, in macsec_fill_sectag() argument
450 const struct macsec_tx_sc *tx_sc = &secy->tx_sc; in macsec_fill_sectag()
457 memcpy(&h->secure_channel_id, &secy->sci, in macsec_fill_sectag()
471 else if (secy->icv_len != DEFAULT_ICV_LEN) in macsec_fill_sectag()
535 static u32 tx_sa_update_pn(struct macsec_tx_sa *tx_sa, struct macsec_secy *secy) in tx_sa_update_pn() argument
546 if (secy->protect_frames) in tx_sa_update_pn()
547 secy->operational = false; in tx_sa_update_pn()
605 macsec_count_tx(skb, &macsec->secy.tx_sc, macsec_skb_cb(skb)->tx_sa); in macsec_encrypt_done()
656 struct macsec_secy *secy; in macsec_encrypt() local
663 secy = &macsec->secy; in macsec_encrypt()
664 tx_sc = &secy->tx_sc; in macsec_encrypt()
669 secy->operational = false; in macsec_encrypt()
698 sci_present = send_sci(secy); in macsec_encrypt()
702 pn = tx_sa_update_pn(tx_sa, secy); in macsec_encrypt()
708 macsec_fill_sectag(hh, secy, pn, sci_present); in macsec_encrypt()
711 skb_put(skb, secy->icv_len); in macsec_encrypt()
739 macsec_fill_iv(iv, secy->sci, pn); in macsec_encrypt()
752 secy->icv_len; in macsec_encrypt()
757 aead_request_set_ad(req, skb->len - secy->icv_len); in macsec_encrypt()
783 static bool macsec_post_decrypt(struct sk_buff *skb, struct macsec_secy *secy, u32 pn) in macsec_post_decrypt() argument
791 if (rx_sa->next_pn >= secy->replay_window) in macsec_post_decrypt()
792 lowest_pn = rx_sa->next_pn - secy->replay_window; in macsec_post_decrypt()
797 if (secy->replay_protect && pn < lowest_pn) { in macsec_post_decrypt()
805 if (secy->validate_frames != MACSEC_VALIDATE_DISABLED) { in macsec_post_decrypt()
819 secy->validate_frames == MACSEC_VALIDATE_STRICT) { in macsec_post_decrypt()
827 if (secy->validate_frames == MACSEC_VALIDATE_CHECK) { in macsec_post_decrypt()
900 if (!macsec_post_decrypt(skb, &macsec->secy, pn)) { in macsec_decrypt_done()
906 macsec_finalize_skb(skb, macsec->secy.icv_len, in macsec_decrypt_done()
908 macsec_reset_skb(skb, macsec->secy.netdev); in macsec_decrypt_done()
926 struct macsec_secy *secy) in macsec_decrypt() argument
934 u16 icv_len = secy->icv_len; in macsec_decrypt()
1008 static struct macsec_rx_sc *find_rx_sc(struct macsec_secy *secy, sci_t sci) in find_rx_sc() argument
1012 for_each_rxsc(secy, rx_sc) { in find_rx_sc()
1020 static struct macsec_rx_sc *find_rx_sc_rtnl(struct macsec_secy *secy, sci_t sci) in find_rx_sc_rtnl() argument
1024 for_each_rxsc_rtnl(secy, rx_sc) { in find_rx_sc_rtnl()
1048 if (macsec->secy.validate_frames == MACSEC_VALIDATE_STRICT) { in handle_not_macsec()
1060 nskb->dev = macsec->secy.netdev; in handle_not_macsec()
1077 struct macsec_secy *secy = NULL; in macsec_handle_frame() local
1139 struct macsec_rx_sc *sc = find_rx_sc(&macsec->secy, sci); in macsec_handle_frame()
1144 secy = &macsec->secy; in macsec_handle_frame()
1150 if (!secy) in macsec_handle_frame()
1153 dev = secy->netdev; in macsec_handle_frame()
1158 if (!macsec_validate_skb(skb, secy->icv_len)) { in macsec_handle_frame()
1173 secy->validate_frames == MACSEC_VALIDATE_STRICT) { in macsec_handle_frame()
1191 if (secy->replay_protect) { in macsec_handle_frame()
1195 late = rx_sa->next_pn >= secy->replay_window && in macsec_handle_frame()
1196 pn < (rx_sa->next_pn - secy->replay_window); in macsec_handle_frame()
1211 secy->validate_frames != MACSEC_VALIDATE_DISABLED) in macsec_handle_frame()
1212 skb = macsec_decrypt(skb, dev, rx_sa, sci, secy); in macsec_handle_frame()
1225 if (!macsec_post_decrypt(skb, secy, pn)) in macsec_handle_frame()
1229 macsec_finalize_skb(skb, secy->icv_len, in macsec_handle_frame()
1231 macsec_reset_skb(skb, secy->netdev); in macsec_handle_frame()
1242 macsec->secy.netdev->stats.rx_dropped++; in macsec_handle_frame()
1275 macsec->secy.validate_frames == MACSEC_VALIDATE_STRICT) { in macsec_handle_frame()
1289 macsec_reset_skb(nskb, macsec->secy.netdev); in macsec_handle_frame()
1297 macsec->secy.netdev->stats.rx_dropped++; in macsec_handle_frame()
1373 static struct macsec_rx_sc *del_rx_sc(struct macsec_secy *secy, sci_t sci) in del_rx_sc() argument
1377 for (rx_scp = &secy->rx_sc, rx_sc = rtnl_dereference(*rx_scp); in del_rx_sc()
1382 secy->n_rx_sc--; in del_rx_sc()
1397 struct macsec_secy *secy; in create_rx_sc() local
1400 if (find_rx_sc_rtnl(&macsec->secy, sci)) in create_rx_sc()
1418 secy = &macsec_priv(dev)->secy; in create_rx_sc()
1419 rcu_assign_pointer(rx_sc->next, secy->rx_sc); in create_rx_sc()
1420 rcu_assign_pointer(secy->rx_sc, rx_sc); in create_rx_sc()
1423 secy->n_rx_sc++; in create_rx_sc()
1493 struct macsec_secy *secy; in get_txsa_from_nl() local
1509 secy = &macsec_priv(dev)->secy; in get_txsa_from_nl()
1510 tx_sc = &secy->tx_sc; in get_txsa_from_nl()
1518 *secyp = secy; in get_txsa_from_nl()
1529 struct macsec_secy *secy; in get_rxsc_from_nl() local
1537 secy = &macsec_priv(dev)->secy; in get_rxsc_from_nl()
1543 rx_sc = find_rx_sc_rtnl(secy, sci); in get_rxsc_from_nl()
1547 *secyp = secy; in get_rxsc_from_nl()
1655 struct macsec_secy *secy; in macsec_add_rxsa() local
1676 rx_sc = get_rxsc_from_nl(genl_info_net(info), attrs, tb_rxsc, &dev, &secy); in macsec_add_rxsa()
1684 if (nla_len(tb_sa[MACSEC_SA_ATTR_KEY]) != secy->key_len) { in macsec_add_rxsa()
1686 nla_len(tb_sa[MACSEC_SA_ATTR_KEY]), secy->key_len); in macsec_add_rxsa()
1704 secy->key_len, secy->icv_len); in macsec_add_rxsa()
1811 struct macsec_secy *secy; in macsec_add_txsa() local
1834 secy = &macsec_priv(dev)->secy; in macsec_add_txsa()
1835 tx_sc = &secy->tx_sc; in macsec_add_txsa()
1839 if (nla_len(tb_sa[MACSEC_SA_ATTR_KEY]) != secy->key_len) { in macsec_add_txsa()
1841 nla_len(tb_sa[MACSEC_SA_ATTR_KEY]), secy->key_len); in macsec_add_txsa()
1859 secy->key_len, secy->icv_len); in macsec_add_txsa()
1876 secy->operational = true; in macsec_add_txsa()
1889 struct macsec_secy *secy; in macsec_del_rxsa() local
1907 &dev, &secy, &rx_sc, &assoc_num); in macsec_del_rxsa()
1930 struct macsec_secy *secy; in macsec_del_rxsc() local
1951 secy = &macsec_priv(dev)->secy; in macsec_del_rxsc()
1954 rx_sc = del_rx_sc(secy, sci); in macsec_del_rxsc()
1970 struct macsec_secy *secy; in macsec_del_txsa() local
1984 &dev, &secy, &tx_sc, &assoc_num); in macsec_del_txsa()
2028 struct macsec_secy *secy; in macsec_upd_txsa() local
2045 &dev, &secy, &tx_sc, &assoc_num); in macsec_upd_txsa()
2061 secy->operational = tx_sa->active; in macsec_upd_txsa()
2072 struct macsec_secy *secy; in macsec_upd_rxsa() local
2093 &dev, &secy, &rx_sc, &assoc_num); in macsec_upd_rxsa()
2116 struct macsec_secy *secy; in macsec_upd_rxsc() local
2130 rx_sc = get_rxsc_from_nl(genl_info_net(info), attrs, tb_rxsc, &dev, &secy); in macsec_upd_rxsc()
2140 secy->n_rx_sc += new ? 1 : -1; in macsec_upd_rxsc()
2357 static int nla_put_secy(struct macsec_secy *secy, struct sk_buff *skb) in nla_put_secy() argument
2359 struct macsec_tx_sc *tx_sc = &secy->tx_sc; in nla_put_secy()
2367 switch (secy->key_len) { in nla_put_secy()
2378 if (nla_put_sci(skb, MACSEC_SECY_ATTR_SCI, secy->sci, in nla_put_secy()
2382 nla_put_u8(skb, MACSEC_SECY_ATTR_ICV_LEN, secy->icv_len) || in nla_put_secy()
2383 nla_put_u8(skb, MACSEC_SECY_ATTR_OPER, secy->operational) || in nla_put_secy()
2384 nla_put_u8(skb, MACSEC_SECY_ATTR_PROTECT, secy->protect_frames) || in nla_put_secy()
2385 nla_put_u8(skb, MACSEC_SECY_ATTR_REPLAY, secy->replay_protect) || in nla_put_secy()
2386 nla_put_u8(skb, MACSEC_SECY_ATTR_VALIDATE, secy->validate_frames) || in nla_put_secy()
2394 if (secy->replay_protect) { in nla_put_secy()
2395 if (nla_put_u32(skb, MACSEC_SECY_ATTR_WINDOW, secy->replay_window)) in nla_put_secy()
2408 dump_secy(struct macsec_secy *secy, struct net_device *dev, in dump_secy() argument
2412 struct macsec_tx_sc *tx_sc = &secy->tx_sc; in dump_secy()
2428 if (nla_put_secy(secy, skb)) in dump_secy()
2497 for_each_rxsc_rtnl(secy, rx_sc) { in dump_secy()
2612 struct macsec_secy *secy; in macsec_dump_txsc() local
2620 secy = &macsec_priv(dev)->secy; in macsec_dump_txsc()
2621 if (dump_secy(secy, dev, skb, cb) < 0) in macsec_dump_txsc()
2711 struct macsec_secy *secy = &macsec->secy; in macsec_start_xmit() local
2716 if (!secy->protect_frames) { in macsec_start_xmit()
2728 if (!secy->operational) { in macsec_start_xmit()
2741 macsec_count_tx(skb, &macsec->secy.tx_sc, macsec_skb_cb(skb)->tx_sa); in macsec_start_xmit()
2912 unsigned int extra = macsec->secy.icv_len + macsec_extra_len(true); in macsec_change_mtu()
2998 free_percpu(macsec->secy.tx_sc.stats); in macsec_free_netdev()
3019 struct macsec_secy *secy; in macsec_changelink_common() local
3022 secy = &macsec_priv(dev)->secy; in macsec_changelink_common()
3023 tx_sc = &secy->tx_sc; in macsec_changelink_common()
3031 secy->operational = tx_sa && tx_sa->active; in macsec_changelink_common()
3035 secy->replay_window = nla_get_u32(data[IFLA_MACSEC_WINDOW]); in macsec_changelink_common()
3041 secy->protect_frames = !!nla_get_u8(data[IFLA_MACSEC_PROTECT]); in macsec_changelink_common()
3053 secy->replay_protect = !!nla_get_u8(data[IFLA_MACSEC_REPLAY_PROTECT]); in macsec_changelink_common()
3056 secy->validate_frames = nla_get_u8(data[IFLA_MACSEC_VALIDATION]); in macsec_changelink_common()
3062 secy->key_len = MACSEC_GCM_AES_128_SAK_LEN; in macsec_changelink_common()
3065 secy->key_len = MACSEC_GCM_AES_256_SAK_LEN; in macsec_changelink_common()
3095 while (macsec->secy.rx_sc) { in macsec_del_dev()
3096 struct macsec_rx_sc *rx_sc = rtnl_dereference(macsec->secy.rx_sc); in macsec_del_dev()
3098 rcu_assign_pointer(macsec->secy.rx_sc, rx_sc->next); in macsec_del_dev()
3103 struct macsec_tx_sa *sa = rtnl_dereference(macsec->secy.tx_sc.sa[i]); in macsec_del_dev()
3106 RCU_INIT_POINTER(macsec->secy.tx_sc.sa[i], NULL); in macsec_del_dev()
3172 if (macsec->secy.sci == sci) in sci_exists()
3187 struct macsec_secy *secy = &macsec->secy; in macsec_add_dev() local
3193 secy->tx_sc.stats = netdev_alloc_pcpu_stats(struct pcpu_tx_sc_stats); in macsec_add_dev()
3194 if (!secy->tx_sc.stats) { in macsec_add_dev()
3202 secy->netdev = dev; in macsec_add_dev()
3203 secy->operational = true; in macsec_add_dev()
3204 secy->key_len = DEFAULT_SAK_LEN; in macsec_add_dev()
3205 secy->icv_len = icv_len; in macsec_add_dev()
3206 secy->validate_frames = MACSEC_VALIDATE_DEFAULT; in macsec_add_dev()
3207 secy->protect_frames = true; in macsec_add_dev()
3208 secy->replay_protect = false; in macsec_add_dev()
3210 secy->sci = sci; in macsec_add_dev()
3211 secy->tx_sc.active = true; in macsec_add_dev()
3212 secy->tx_sc.encoding_sa = DEFAULT_ENCODING_SA; in macsec_add_dev()
3213 secy->tx_sc.encrypt = DEFAULT_ENCRYPT; in macsec_add_dev()
3214 secy->tx_sc.send_sci = DEFAULT_SEND_SCI; in macsec_add_dev()
3215 secy->tx_sc.end_station = false; in macsec_add_dev()
3216 secy->tx_sc.scb = false; in macsec_add_dev()
3402 struct macsec_secy *secy = &macsec_priv(dev)->secy; in macsec_fill_info() local
3403 struct macsec_tx_sc *tx_sc = &secy->tx_sc; in macsec_fill_info()
3406 switch (secy->key_len) { in macsec_fill_info()
3417 if (nla_put_sci(skb, IFLA_MACSEC_SCI, secy->sci, in macsec_fill_info()
3419 nla_put_u8(skb, IFLA_MACSEC_ICV_LEN, secy->icv_len) || in macsec_fill_info()
3424 nla_put_u8(skb, IFLA_MACSEC_PROTECT, secy->protect_frames) || in macsec_fill_info()
3428 nla_put_u8(skb, IFLA_MACSEC_REPLAY_PROTECT, secy->replay_protect) || in macsec_fill_info()
3429 nla_put_u8(skb, IFLA_MACSEC_VALIDATION, secy->validate_frames) || in macsec_fill_info()
3433 if (secy->replay_protect) { in macsec_fill_info()
3434 if (nla_put_u32(skb, IFLA_MACSEC_WINDOW, secy->replay_window)) in macsec_fill_info()
3482 struct net_device *dev = m->secy.netdev; in macsec_notify()
3494 macsec_common_dellink(m->secy.netdev, &head); in macsec_notify()
3509 struct net_device *dev = m->secy.netdev; in macsec_notify()
3510 unsigned int mtu = real_dev->mtu - (m->secy.icv_len + in macsec_notify()