macsec: limit replay window size with XPN (b07a0e20) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux · GitLab

Commit b07a0e20 authored Jul 22, 2022 by

Sabrina Dubroca Committed by David S. Miller Jul 25, 2022

macsec: limit replay window size with XPN

IEEE 802.1AEbw-2013 (section 10.7.8) specifies that the maximum value
of the replay window is 2^30-1, to help with recovery of the upper
bits of the PN.

To avoid leaving the existing macsec device in an inconsistent state
if this test fails during changelink, reuse the cleanup mechanism
introduced for HW offload. This wasn't needed until now because
macsec_changelink_common could not fail during changelink, as
modifying the cipher suite was not allowed.

Finally, this must happen after handling IFLA_MACSEC_CIPHER_SUITE so
that secy->xpn is set.

Fixes: 48ef50fa

 ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 3240eac4

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 2daf0a12
· Aug 04, 2022

mentioned in commit 2daf0a12

mentioned in commit 2daf0a1261c7b43416200e59bd35ccea66951797

Toggle commit list
mirror @mirror
mentioned in commit a706a40d
· Aug 04, 2022

mentioned in commit a706a40d

mentioned in commit a706a40d42f482ae3f03998a63dfdc8a8f3640c4

Toggle commit list
mirror @mirror
mentioned in commit 92b3b1f0
· Aug 04, 2022

mentioned in commit 92b3b1f0

mentioned in commit 92b3b1f055f4c90fe223b54168528c27714defd1

Toggle commit list

Please register or to comment