[][Add macsec HW offload backport from kernel 5.18]
[Description]
Add macsec HW offload backport from kernel 5.18.
[Release-log]
N/A
Change-Id: I5b143fe620ec4bcae4075d1d85db5e41c8d48717
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/5981730
diff --git a/target/linux/mediatek/patches-5.4/999-1762-v5.18-net-macsec-Support-XPN-frame-handling-IEEE-802.1AEbw.patch b/target/linux/mediatek/patches-5.4/999-1762-v5.18-net-macsec-Support-XPN-frame-handling-IEEE-802.1AEbw.patch
new file mode 100644
index 0000000..357977e
--- /dev/null
+++ b/target/linux/mediatek/patches-5.4/999-1762-v5.18-net-macsec-Support-XPN-frame-handling-IEEE-802.1AEbw.patch
@@ -0,0 +1,479 @@
+From a21ecf0e033807b976967286e6c392f48ee2049f Mon Sep 17 00:00:00 2001
+From: Era Mayflower <mayflowerera@gmail.com>
+Date: Mon, 9 Mar 2020 19:47:01 +0000
+Subject: macsec: Support XPN frame handling - IEEE 802.1AEbw
+
+Support extended packet number cipher suites (802.1AEbw) frames handling.
+This does not include the needed netlink patches.
+
+ * Added xpn boolean field to `struct macsec_secy`.
+ * Added ssci field to `struct_macsec_tx_sa` (802.1AE figure 10-5).
+ * Added ssci field to `struct_macsec_rx_sa` (802.1AE figure 10-5).
+ * Added salt field to `struct macsec_key` (802.1AE 10.7 NOTE 1).
+ * Created pn_t type for easy access to lower and upper halves.
+ * Created salt_t type for easy access to the "ssci" and "pn" parts.
+ * Created `macsec_fill_iv_xpn` function to create IV in XPN mode.
+ * Support in PN recovery and preliminary replay check in XPN mode.
+
+In addition, according to IEEE 802.1AEbw figure 10-5, the PN of incoming
+frame can be 0 when XPN cipher suite is used, so fixed the function
+`macsec_validate_skb` to fail on PN=0 only if XPN is off.
+
+Signed-off-by: Era Mayflower <mayflowerera@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ drivers/net/macsec.c | 130 +++++++++++++++++++++++++++++++++++++--------------
+ include/net/macsec.h | 45 ++++++++++++++++--
+ 2 files changed, 136 insertions(+), 39 deletions(-)
+
+diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
+index 6ec6fc191a6e4..6c71e250cccb0 100644
+--- a/drivers/net/macsec.c
++++ b/drivers/net/macsec.c
+@@ -19,6 +19,7 @@
+ #include <net/gro_cells.h>
+ #include <net/macsec.h>
+ #include <linux/phy.h>
++#include <linux/byteorder/generic.h>
+
+ #include <uapi/linux/if_macsec.h>
+
+@@ -68,6 +69,16 @@ struct macsec_eth_header {
+ sc; \
+ sc = rtnl_dereference(sc->next))
+
++#define pn_same_half(pn1, pn2) (!(((pn1) >> 31) ^ ((pn2) >> 31)))
++
++struct gcm_iv_xpn {
++ union {
++ u8 short_secure_channel_id[4];
++ ssci_t ssci;
++ };
++ __be64 pn;
++} __packed;
++
+ struct gcm_iv {
+ union {
+ u8 secure_channel_id[8];
+@@ -372,8 +383,8 @@ static const struct macsec_ops *macsec_get_ops(struct macsec_dev *macsec,
+ return __macsec_get_ops(macsec->offload, macsec, ctx);
+ }
+
+-/* validate MACsec packet according to IEEE 802.1AE-2006 9.12 */
+-static bool macsec_validate_skb(struct sk_buff *skb, u16 icv_len)
++/* validate MACsec packet according to IEEE 802.1AE-2018 9.12 */
++static bool macsec_validate_skb(struct sk_buff *skb, u16 icv_len, bool xpn)
+ {
+ struct macsec_eth_header *h = (struct macsec_eth_header *)skb->data;
+ int len = skb->len - 2 * ETH_ALEN;
+@@ -398,8 +409,8 @@ static bool macsec_validate_skb(struct sk_buff *skb, u16 icv_len)
+ if (h->unused)
+ return false;
+
+- /* rx.pn != 0 (figure 10-5) */
+- if (!h->packet_number)
++ /* rx.pn != 0 if not XPN (figure 10-5 with 802.11AEbw-2013 amendment) */
++ if (!h->packet_number && !xpn)
+ return false;
+
+ /* length check, f) g) h) i) */
+@@ -411,6 +422,15 @@ static bool macsec_validate_skb(struct sk_buff *skb, u16 icv_len)
+ #define MACSEC_NEEDED_HEADROOM (macsec_extra_len(true))
+ #define MACSEC_NEEDED_TAILROOM MACSEC_STD_ICV_LEN
+
++static void macsec_fill_iv_xpn(unsigned char *iv, ssci_t ssci, u64 pn,
++ salt_t salt)
++{
++ struct gcm_iv_xpn *gcm_iv = (struct gcm_iv_xpn *)iv;
++
++ gcm_iv->ssci = ssci ^ salt.ssci;
++ gcm_iv->pn = cpu_to_be64(pn) ^ salt.pn;
++}
++
+ static void macsec_fill_iv(unsigned char *iv, sci_t sci, u32 pn)
+ {
+ struct gcm_iv *gcm_iv = (struct gcm_iv *)iv;
+@@ -446,14 +466,19 @@ void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa)
+ }
+ EXPORT_SYMBOL_GPL(macsec_pn_wrapped);
+
+-static u32 tx_sa_update_pn(struct macsec_tx_sa *tx_sa, struct macsec_secy *secy)
++static pn_t tx_sa_update_pn(struct macsec_tx_sa *tx_sa,
++ struct macsec_secy *secy)
+ {
+- u32 pn;
++ pn_t pn;
+
+ spin_lock_bh(&tx_sa->lock);
+- pn = tx_sa->next_pn;
+
+- tx_sa->next_pn++;
++ pn = tx_sa->next_pn_halves;
++ if (secy->xpn)
++ tx_sa->next_pn++;
++ else
++ tx_sa->next_pn_halves.lower++;
++
+ if (tx_sa->next_pn == 0)
+ __macsec_pn_wrapped(secy, tx_sa);
+ spin_unlock_bh(&tx_sa->lock);
+@@ -568,7 +593,7 @@ static struct sk_buff *macsec_encrypt(struct sk_buff *skb,
+ struct macsec_tx_sa *tx_sa;
+ struct macsec_dev *macsec = macsec_priv(dev);
+ bool sci_present;
+- u32 pn;
++ pn_t pn;
+
+ secy = &macsec->secy;
+ tx_sc = &secy->tx_sc;
+@@ -610,12 +635,12 @@ static struct sk_buff *macsec_encrypt(struct sk_buff *skb,
+ memmove(hh, eth, 2 * ETH_ALEN);
+
+ pn = tx_sa_update_pn(tx_sa, secy);
+- if (pn == 0) {
++ if (pn.full64 == 0) {
+ macsec_txsa_put(tx_sa);
+ kfree_skb(skb);
+ return ERR_PTR(-ENOLINK);
+ }
+- macsec_fill_sectag(hh, secy, pn, sci_present);
++ macsec_fill_sectag(hh, secy, pn.lower, sci_present);
+ macsec_set_shortlen(hh, unprotected_len - 2 * ETH_ALEN);
+
+ skb_put(skb, secy->icv_len);
+@@ -646,7 +671,10 @@ static struct sk_buff *macsec_encrypt(struct sk_buff *skb,
+ return ERR_PTR(-ENOMEM);
+ }
+
+- macsec_fill_iv(iv, secy->sci, pn);
++ if (secy->xpn)
++ macsec_fill_iv_xpn(iv, tx_sa->ssci, pn.full64, tx_sa->key.salt);
++ else
++ macsec_fill_iv(iv, secy->sci, pn.lower);
+
+ sg_init_table(sg, ret);
+ ret = skb_to_sgvec(skb, sg, 0, skb->len);
+@@ -698,13 +726,14 @@ static bool macsec_post_decrypt(struct sk_buff *skb, struct macsec_secy *secy, u
+ u32 lowest_pn = 0;
+
+ spin_lock(&rx_sa->lock);
+- if (rx_sa->next_pn >= secy->replay_window)
+- lowest_pn = rx_sa->next_pn - secy->replay_window;
++ if (rx_sa->next_pn_halves.lower >= secy->replay_window)
++ lowest_pn = rx_sa->next_pn_halves.lower - secy->replay_window;
+
+ /* Now perform replay protection check again
+ * (see IEEE 802.1AE-2006 figure 10-5)
+ */
+- if (secy->replay_protect && pn < lowest_pn) {
++ if (secy->replay_protect && pn < lowest_pn &&
++ (!secy->xpn || pn_same_half(pn, lowest_pn))) {
+ spin_unlock(&rx_sa->lock);
+ u64_stats_update_begin(&rxsc_stats->syncp);
+ rxsc_stats->stats.InPktsLate++;
+@@ -753,8 +782,15 @@ static bool macsec_post_decrypt(struct sk_buff *skb, struct macsec_secy *secy, u
+ }
+ u64_stats_update_end(&rxsc_stats->syncp);
+
+- if (pn >= rx_sa->next_pn)
+- rx_sa->next_pn = pn + 1;
++ // Instead of "pn >=" - to support pn overflow in xpn
++ if (pn + 1 > rx_sa->next_pn_halves.lower) {
++ rx_sa->next_pn_halves.lower = pn + 1;
++ } else if (secy->xpn &&
++ !pn_same_half(pn, rx_sa->next_pn_halves.lower)) {
++ rx_sa->next_pn_halves.upper++;
++ rx_sa->next_pn_halves.lower = pn + 1;
++ }
++
+ spin_unlock(&rx_sa->lock);
+ }
+
+@@ -841,6 +877,7 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
+ unsigned char *iv;
+ struct aead_request *req;
+ struct macsec_eth_header *hdr;
++ u32 hdr_pn;
+ u16 icv_len = secy->icv_len;
+
+ macsec_skb_cb(skb)->valid = false;
+@@ -860,7 +897,21 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
+ }
+
+ hdr = (struct macsec_eth_header *)skb->data;
+- macsec_fill_iv(iv, sci, ntohl(hdr->packet_number));
++ hdr_pn = ntohl(hdr->packet_number);
++
++ if (secy->xpn) {
++ pn_t recovered_pn = rx_sa->next_pn_halves;
++
++ recovered_pn.lower = hdr_pn;
++ if (hdr_pn < rx_sa->next_pn_halves.lower &&
++ !pn_same_half(hdr_pn, rx_sa->next_pn_halves.lower))
++ recovered_pn.upper++;
++
++ macsec_fill_iv_xpn(iv, rx_sa->ssci, recovered_pn.full64,
++ rx_sa->key.salt);
++ } else {
++ macsec_fill_iv(iv, sci, hdr_pn);
++ }
+
+ sg_init_table(sg, ret);
+ ret = skb_to_sgvec(skb, sg, 0, skb->len);
+@@ -1001,7 +1052,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
+ struct macsec_rxh_data *rxd;
+ struct macsec_dev *macsec;
+ sci_t sci;
+- u32 pn;
++ u32 hdr_pn;
+ bool cbit;
+ struct pcpu_rx_sc_stats *rxsc_stats;
+ struct pcpu_secy_stats *secy_stats;
+@@ -1072,7 +1123,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
+ secy_stats = this_cpu_ptr(macsec->stats);
+ rxsc_stats = this_cpu_ptr(rx_sc->stats);
+
+- if (!macsec_validate_skb(skb, secy->icv_len)) {
++ if (!macsec_validate_skb(skb, secy->icv_len, secy->xpn)) {
+ u64_stats_update_begin(&secy_stats->syncp);
+ secy_stats->stats.InPktsBadTag++;
+ u64_stats_update_end(&secy_stats->syncp);
+@@ -1104,13 +1155,16 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
+ }
+
+ /* First, PN check to avoid decrypting obviously wrong packets */
+- pn = ntohl(hdr->packet_number);
++ hdr_pn = ntohl(hdr->packet_number);
+ if (secy->replay_protect) {
+ bool late;
+
+ spin_lock(&rx_sa->lock);
+- late = rx_sa->next_pn >= secy->replay_window &&
+- pn < (rx_sa->next_pn - secy->replay_window);
++ late = rx_sa->next_pn_halves.lower >= secy->replay_window &&
++ hdr_pn < (rx_sa->next_pn_halves.lower - secy->replay_window);
++
++ if (secy->xpn)
++ late = late && pn_same_half(rx_sa->next_pn_halves.lower, hdr_pn);
+ spin_unlock(&rx_sa->lock);
+
+ if (late) {
+@@ -1139,7 +1193,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
+ return RX_HANDLER_CONSUMED;
+ }
+
+- if (!macsec_post_decrypt(skb, secy, pn))
++ if (!macsec_post_decrypt(skb, secy, hdr_pn))
+ goto drop;
+
+ deliver:
+@@ -1666,7 +1720,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
+
+ if (tb_sa[MACSEC_SA_ATTR_PN]) {
+ spin_lock_bh(&rx_sa->lock);
+- rx_sa->next_pn = nla_get_u32(tb_sa[MACSEC_SA_ATTR_PN]);
++ rx_sa->next_pn_halves.lower = nla_get_u32(tb_sa[MACSEC_SA_ATTR_PN]);
+ spin_unlock_bh(&rx_sa->lock);
+ }
+
+@@ -1873,7 +1927,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
+ }
+
+ spin_lock_bh(&tx_sa->lock);
+- tx_sa->next_pn = nla_get_u32(tb_sa[MACSEC_SA_ATTR_PN]);
++ tx_sa->next_pn_halves.lower = nla_get_u32(tb_sa[MACSEC_SA_ATTR_PN]);
+ spin_unlock_bh(&tx_sa->lock);
+
+ if (tb_sa[MACSEC_SA_ATTR_ACTIVE])
+@@ -2137,9 +2191,11 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info)
+ u8 assoc_num;
+ struct nlattr *tb_sa[MACSEC_SA_ATTR_MAX + 1];
+ bool was_operational, was_active;
+- u32 prev_pn = 0;
++ pn_t prev_pn;
+ int ret = 0;
+
++ prev_pn.full64 = 0;
++
+ if (!attrs[MACSEC_ATTR_IFINDEX])
+ return -EINVAL;
+
+@@ -2159,8 +2215,8 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info)
+
+ if (tb_sa[MACSEC_SA_ATTR_PN]) {
+ spin_lock_bh(&tx_sa->lock);
+- prev_pn = tx_sa->next_pn;
+- tx_sa->next_pn = nla_get_u32(tb_sa[MACSEC_SA_ATTR_PN]);
++ prev_pn = tx_sa->next_pn_halves;
++ tx_sa->next_pn_halves.lower = nla_get_u32(tb_sa[MACSEC_SA_ATTR_PN]);
+ spin_unlock_bh(&tx_sa->lock);
+ }
+
+@@ -2198,7 +2254,7 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info)
+ cleanup:
+ if (tb_sa[MACSEC_SA_ATTR_PN]) {
+ spin_lock_bh(&tx_sa->lock);
+- tx_sa->next_pn = prev_pn;
++ tx_sa->next_pn_halves = prev_pn;
+ spin_unlock_bh(&tx_sa->lock);
+ }
+ tx_sa->active = was_active;
+@@ -2218,9 +2274,11 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info)
+ struct nlattr *tb_rxsc[MACSEC_RXSC_ATTR_MAX + 1];
+ struct nlattr *tb_sa[MACSEC_SA_ATTR_MAX + 1];
+ bool was_active;
+- u32 prev_pn = 0;
++ pn_t prev_pn;
+ int ret = 0;
+
++ prev_pn.full64 = 0;
++
+ if (!attrs[MACSEC_ATTR_IFINDEX])
+ return -EINVAL;
+
+@@ -2243,8 +2301,8 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info)
+
+ if (tb_sa[MACSEC_SA_ATTR_PN]) {
+ spin_lock_bh(&rx_sa->lock);
+- prev_pn = rx_sa->next_pn;
+- rx_sa->next_pn = nla_get_u32(tb_sa[MACSEC_SA_ATTR_PN]);
++ prev_pn = rx_sa->next_pn_halves;
++ rx_sa->next_pn_halves.lower = nla_get_u32(tb_sa[MACSEC_SA_ATTR_PN]);
+ spin_unlock_bh(&rx_sa->lock);
+ }
+
+@@ -2277,7 +2335,7 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info)
+ cleanup:
+ if (tb_sa[MACSEC_SA_ATTR_PN]) {
+ spin_lock_bh(&rx_sa->lock);
+- rx_sa->next_pn = prev_pn;
++ rx_sa->next_pn_halves = prev_pn;
+ spin_unlock_bh(&rx_sa->lock);
+ }
+ rx_sa->active = was_active;
+@@ -2796,7 +2854,7 @@ dump_secy(struct macsec_secy *secy, struct net_device *dev,
+ }
+
+ if (nla_put_u8(skb, MACSEC_SA_ATTR_AN, i) ||
+- nla_put_u32(skb, MACSEC_SA_ATTR_PN, tx_sa->next_pn) ||
++ nla_put_u32(skb, MACSEC_SA_ATTR_PN, tx_sa->next_pn_halves.lower) ||
+ nla_put(skb, MACSEC_SA_ATTR_KEYID, MACSEC_KEYID_LEN, tx_sa->key.id) ||
+ nla_put_u8(skb, MACSEC_SA_ATTR_ACTIVE, tx_sa->active)) {
+ nla_nest_cancel(skb, txsa_nest);
+@@ -2900,7 +2958,7 @@ dump_secy(struct macsec_secy *secy, struct net_device *dev,
+ nla_nest_end(skb, attr);
+
+ if (nla_put_u8(skb, MACSEC_SA_ATTR_AN, i) ||
+- nla_put_u32(skb, MACSEC_SA_ATTR_PN, rx_sa->next_pn) ||
++ nla_put_u32(skb, MACSEC_SA_ATTR_PN, rx_sa->next_pn_halves.lower) ||
+ nla_put(skb, MACSEC_SA_ATTR_KEYID, MACSEC_KEYID_LEN, rx_sa->key.id) ||
+ nla_put_u8(skb, MACSEC_SA_ATTR_ACTIVE, rx_sa->active)) {
+ nla_nest_cancel(skb, rxsa_nest);
+diff --git a/include/net/macsec.h b/include/net/macsec.h
+index 92e43db8b5667..43cd54e178770 100644
+--- a/include/net/macsec.h
++++ b/include/net/macsec.h
+@@ -11,18 +11,45 @@
+ #include <uapi/linux/if_link.h>
+ #include <uapi/linux/if_macsec.h>
+
++#define MACSEC_SALT_LEN 12
++#define MACSEC_NUM_AN 4 /* 2 bits for the association number */
++
+ typedef u64 __bitwise sci_t;
++typedef u32 __bitwise ssci_t;
+
+-#define MACSEC_NUM_AN 4 /* 2 bits for the association number */
++typedef union salt {
++ struct {
++ u32 ssci;
++ u64 pn;
++ } __packed;
++ u8 bytes[MACSEC_SALT_LEN];
++} __packed salt_t;
++
++typedef union pn {
++ struct {
++#if defined(__LITTLE_ENDIAN_BITFIELD)
++ u32 lower;
++ u32 upper;
++#elif defined(__BIG_ENDIAN_BITFIELD)
++ u32 upper;
++ u32 lower;
++#else
++#error "Please fix <asm/byteorder.h>"
++#endif
++ };
++ u64 full64;
++} pn_t;
+
+ /**
+ * struct macsec_key - SA key
+ * @id: user-provided key identifier
+ * @tfm: crypto struct, key storage
++ * @salt: salt used to generate IV in XPN cipher suites
+ */
+ struct macsec_key {
+ u8 id[MACSEC_KEYID_LEN];
+ struct crypto_aead *tfm;
++ salt_t salt;
+ };
+
+ struct macsec_rx_sc_stats {
+@@ -64,12 +91,17 @@ struct macsec_tx_sc_stats {
+ * @next_pn: packet number expected for the next packet
+ * @lock: protects next_pn manipulations
+ * @key: key structure
++ * @ssci: short secure channel identifier
+ * @stats: per-SA stats
+ */
+ struct macsec_rx_sa {
+ struct macsec_key key;
++ ssci_t ssci;
+ spinlock_t lock;
+- u32 next_pn;
++ union {
++ pn_t next_pn_halves;
++ u64 next_pn;
++ };
+ refcount_t refcnt;
+ bool active;
+ struct macsec_rx_sa_stats __percpu *stats;
+@@ -110,12 +142,17 @@ struct macsec_rx_sc {
+ * @next_pn: packet number to use for the next packet
+ * @lock: protects next_pn manipulations
+ * @key: key structure
++ * @ssci: short secure channel identifier
+ * @stats: per-SA stats
+ */
+ struct macsec_tx_sa {
+ struct macsec_key key;
++ ssci_t ssci;
+ spinlock_t lock;
+- u32 next_pn;
++ union {
++ pn_t next_pn_halves;
++ u64 next_pn;
++ };
+ refcount_t refcnt;
+ bool active;
+ struct macsec_tx_sa_stats __percpu *stats;
+@@ -152,6 +189,7 @@ struct macsec_tx_sc {
+ * @key_len: length of keys used by the cipher suite
+ * @icv_len: length of ICV used by the cipher suite
+ * @validate_frames: validation mode
++ * @xpn: enable XPN for this SecY
+ * @operational: MAC_Operational flag
+ * @protect_frames: enable protection for this SecY
+ * @replay_protect: enable packet number checks on receive
+@@ -166,6 +204,7 @@ struct macsec_secy {
+ u16 key_len;
+ u16 icv_len;
+ enum macsec_validation_type validate_frames;
++ bool xpn;
+ bool operational;
+ bool protect_frames;
+ bool replay_protect;
+--
+cgit 1.2.3-1.el7
+