Commit d9b6d26f authored by David S. Miller's avatar David S. Miller

Merge branch 'macsec-key-length'

Antoine Tenart says:

====================
net: macsec: fix key length when offloading

The key length used to copy the key to offloading drivers and to store
it is wrong and was working by chance as it matched the default key
length. But using a different key length fails. Fix it by using instead
the max length accepted in uAPI to store the key and the actual key
length when copying it.

This was tested on the MSCC PHY driver but not on the Atlantic MAC
(looking at the code it looks ok, but testing would be appreciated).
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents abe90454 d67fb477
...@@ -91,7 +91,7 @@ struct aq_macsec_txsc { ...@@ -91,7 +91,7 @@ struct aq_macsec_txsc {
u32 hw_sc_idx; u32 hw_sc_idx;
unsigned long tx_sa_idx_busy; unsigned long tx_sa_idx_busy;
const struct macsec_secy *sw_secy; const struct macsec_secy *sw_secy;
u8 tx_sa_key[MACSEC_NUM_AN][MACSEC_KEYID_LEN]; u8 tx_sa_key[MACSEC_NUM_AN][MACSEC_MAX_KEY_LEN];
struct aq_macsec_tx_sc_stats stats; struct aq_macsec_tx_sc_stats stats;
struct aq_macsec_tx_sa_stats tx_sa_stats[MACSEC_NUM_AN]; struct aq_macsec_tx_sa_stats tx_sa_stats[MACSEC_NUM_AN];
}; };
...@@ -101,7 +101,7 @@ struct aq_macsec_rxsc { ...@@ -101,7 +101,7 @@ struct aq_macsec_rxsc {
unsigned long rx_sa_idx_busy; unsigned long rx_sa_idx_busy;
const struct macsec_secy *sw_secy; const struct macsec_secy *sw_secy;
const struct macsec_rx_sc *sw_rxsc; const struct macsec_rx_sc *sw_rxsc;
u8 rx_sa_key[MACSEC_NUM_AN][MACSEC_KEYID_LEN]; u8 rx_sa_key[MACSEC_NUM_AN][MACSEC_MAX_KEY_LEN];
struct aq_macsec_rx_sa_stats rx_sa_stats[MACSEC_NUM_AN]; struct aq_macsec_rx_sa_stats rx_sa_stats[MACSEC_NUM_AN];
}; };
......
...@@ -1819,7 +1819,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info) ...@@ -1819,7 +1819,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
ctx.sa.rx_sa = rx_sa; ctx.sa.rx_sa = rx_sa;
ctx.secy = secy; ctx.secy = secy;
memcpy(ctx.sa.key, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]), memcpy(ctx.sa.key, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]),
MACSEC_KEYID_LEN); secy->key_len);
err = macsec_offload(ops->mdo_add_rxsa, &ctx); err = macsec_offload(ops->mdo_add_rxsa, &ctx);
if (err) if (err)
...@@ -2061,7 +2061,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info) ...@@ -2061,7 +2061,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
ctx.sa.tx_sa = tx_sa; ctx.sa.tx_sa = tx_sa;
ctx.secy = secy; ctx.secy = secy;
memcpy(ctx.sa.key, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]), memcpy(ctx.sa.key, nla_data(tb_sa[MACSEC_SA_ATTR_KEY]),
MACSEC_KEYID_LEN); secy->key_len);
err = macsec_offload(ops->mdo_add_txsa, &ctx); err = macsec_offload(ops->mdo_add_txsa, &ctx);
if (err) if (err)
......
...@@ -501,7 +501,7 @@ static u32 vsc8584_macsec_flow_context_id(struct macsec_flow *flow) ...@@ -501,7 +501,7 @@ static u32 vsc8584_macsec_flow_context_id(struct macsec_flow *flow)
} }
/* Derive the AES key to get a key for the hash autentication */ /* Derive the AES key to get a key for the hash autentication */
static int vsc8584_macsec_derive_key(const u8 key[MACSEC_KEYID_LEN], static int vsc8584_macsec_derive_key(const u8 key[MACSEC_MAX_KEY_LEN],
u16 key_len, u8 hkey[16]) u16 key_len, u8 hkey[16])
{ {
const u8 input[AES_BLOCK_SIZE] = {0}; const u8 input[AES_BLOCK_SIZE] = {0};
......
...@@ -81,7 +81,7 @@ struct macsec_flow { ...@@ -81,7 +81,7 @@ struct macsec_flow {
/* Highest takes precedence [0..15] */ /* Highest takes precedence [0..15] */
u8 priority; u8 priority;
u8 key[MACSEC_KEYID_LEN]; u8 key[MACSEC_MAX_KEY_LEN];
union { union {
struct macsec_rx_sa *rx_sa; struct macsec_rx_sa *rx_sa;
......
...@@ -241,7 +241,7 @@ struct macsec_context { ...@@ -241,7 +241,7 @@ struct macsec_context {
struct macsec_rx_sc *rx_sc; struct macsec_rx_sc *rx_sc;
struct { struct {
unsigned char assoc_num; unsigned char assoc_num;
u8 key[MACSEC_KEYID_LEN]; u8 key[MACSEC_MAX_KEY_LEN];
union { union {
struct macsec_rx_sa *rx_sa; struct macsec_rx_sa *rx_sa;
struct macsec_tx_sa *tx_sa; struct macsec_tx_sa *tx_sa;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment