Netdev Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH iproute2] Add support for configuring MACsec gcm-aes-256 cipher type.
@ 2019-06-14 17:24 Pete Morici
  2019-06-18 16:56 ` Stephen Hemminger
  0 siblings, 1 reply; 2+ messages in thread
From: Pete Morici @ 2019-06-14 17:24 UTC (permalink / raw)
  To: netdev; +Cc: Pete Morici

Signed-off-by: Pete Morici <pmorici@dev295.com>
---
 ip/ipmacsec.c        | 28 +++++++++++++++++++---------
 man/man8/ip-macsec.8 |  2 +-
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c
index 54cd2b8..ad6ad7d 100644
--- a/ip/ipmacsec.c
+++ b/ip/ipmacsec.c
@@ -95,7 +95,7 @@ static void ipmacsec_usage(void)
 		"       ip macsec show DEV\n"
 		"where  OPTS := [ pn <u32> ] [ on | off ]\n"
 		"       ID   := 128-bit hex string\n"
-		"       KEY  := 128-bit hex string\n"
+		"       KEY  := 128-bit or 256-bit hex string\n"
 		"       SCI  := { sci <u64> | port { 1..2^16-1 } address <lladdr> }\n");
 
 	exit(-1);
@@ -586,14 +586,20 @@ static void print_key(struct rtattr *key)
 				   keyid, sizeof(keyid)));
 }
 
-#define DEFAULT_CIPHER_NAME "GCM-AES-128"
+#define CIPHER_NAME_GCM_AES_128 "GCM-AES-128"
+#define CIPHER_NAME_GCM_AES_256 "GCM-AES-256"
+#define DEFAULT_CIPHER_NAME CIPHER_NAME_GCM_AES_128
 
 static const char *cs_id_to_name(__u64 cid)
 {
 	switch (cid) {
 	case MACSEC_DEFAULT_CIPHER_ID:
-	case MACSEC_DEFAULT_CIPHER_ALT:
 		return DEFAULT_CIPHER_NAME;
+	case MACSEC_CIPHER_ID_GCM_AES_128:
+	     /* MACSEC_DEFAULT_CIPHER_ALT: */
+		return CIPHER_NAME_GCM_AES_128;
+	case MACSEC_CIPHER_ID_GCM_AES_256:
+		return CIPHER_NAME_GCM_AES_256;
 	default:
 		return "(unknown)";
 	}
@@ -1172,7 +1178,7 @@ static void usage(FILE *f)
 {
 	fprintf(f,
 		"Usage: ... macsec [ [ address <lladdr> ] port { 1..2^16-1 } | sci <u64> ]\n"
-		"                  [ cipher { default | gcm-aes-128 } ]\n"
+		"                  [ cipher { default | gcm-aes-128 | gcm-aes-256 } ]\n"
 		"                  [ icvlen { 8..16 } ]\n"
 		"                  [ encrypt { on | off } ]\n"
 		"                  [ send_sci { on | off } ]\n"
@@ -1217,13 +1223,17 @@ static int macsec_parse_opt(struct link_util *lu, int argc, char **argv,
 			NEXT_ARG();
 			if (cipher.id)
 				duparg("cipher", *argv);
-			if (strcmp(*argv, "default") == 0 ||
-			    strcmp(*argv, "gcm-aes-128") == 0 ||
-			    strcmp(*argv, "GCM-AES-128") == 0)
+			if (strcmp(*argv, "default") == 0)
 				cipher.id = MACSEC_DEFAULT_CIPHER_ID;
+			else if (strcmp(*argv, "gcm-aes-128") == 0 ||
+			         strcmp(*argv, "GCM-AES-128") == 0)
+				cipher.id = MACSEC_CIPHER_ID_GCM_AES_128;
+			else if (strcmp(*argv, "gcm-aes-256") == 0 ||
+			         strcmp(*argv, "GCM-AES-256") == 0)
+				cipher.id = MACSEC_CIPHER_ID_GCM_AES_256;
 			else
-				invarg("expected: default or gcm-aes-128",
-				       *argv);
+				invarg("expected: default, gcm-aes-128 or"
+				       " gcm-aes-256", *argv);
 		} else if (strcmp(*argv, "icvlen") == 0) {
 			NEXT_ARG();
 			if (cipher.icv_len)
diff --git a/man/man8/ip-macsec.8 b/man/man8/ip-macsec.8
index 1aca3bd..4fd8a5b 100644
--- a/man/man8/ip-macsec.8
+++ b/man/man8/ip-macsec.8
@@ -10,7 +10,7 @@ ip-macsec \- MACsec device configuration
 |
 .BI sci " <u64>"
 ] [
-.BR cipher " { " default " | " gcm-aes-128 " } ] ["
+.BR cipher " { " default " | " gcm-aes-128 " | "gcm-aes-256" } ] ["
 .BI icvlen " ICVLEN"
 ] [
 .BR encrypt " { " on " | " off " } ] ["
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH iproute2] Add support for configuring MACsec gcm-aes-256 cipher type.
  2019-06-14 17:24 [PATCH iproute2] Add support for configuring MACsec gcm-aes-256 cipher type Pete Morici
@ 2019-06-18 16:56 ` Stephen Hemminger
  0 siblings, 0 replies; 2+ messages in thread
From: Stephen Hemminger @ 2019-06-18 16:56 UTC (permalink / raw)
  To: Pete Morici; +Cc: netdev

On Fri, 14 Jun 2019 13:24:59 -0400
Pete Morici <pmorici@dev295.com> wrote:

> Signed-off-by: Pete Morici <pmorici@dev295.com>

Looks fine, applied

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-14 17:24 [PATCH iproute2] Add support for configuring MACsec gcm-aes-256 cipher type Pete Morici
2019-06-18 16:56 ` Stephen Hemminger

Netdev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netdev/0 netdev/git/0.git
	git clone --mirror https://lore.kernel.org/netdev/1 netdev/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netdev netdev/ https://lore.kernel.org/netdev \
		netdev@vger.kernel.org netdev@archiver.kernel.org
	public-inbox-index netdev


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netdev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox