@@ -48,6 +48,17 @@ static void subflow_req_destructor(struct request_sock *req)
tcp_request_sock_ops.destructor(req);
}
+static void subflow_generate_hmac(u64 key1, u64 key2, u32 nonce1, u32 nonce2,
+ void *hmac)
+{
+ u8 msg[8];
+
+ put_unaligned_be32(nonce1, &msg[0]);
+ put_unaligned_be32(nonce2, &msg[4]);
+
+ mptcp_crypto_hmac_sha(key1, key2, msg, 8, hmac);
+}
+
/* validate received token and create truncated hmac and nonce for SYN-ACK */
static bool subflow_token_join_request(struct request_sock *req,
const struct sk_buff *skb)
@@ -73,9 +84,9 @@ static bool subflow_token_join_request(struct request_sock *req,
get_random_bytes(&subflow_req->local_nonce, sizeof(u32));
- mptcp_crypto_hmac_sha(msk->local_key, msk->remote_key,
+ subflow_generate_hmac(msk->local_key, msk->remote_key,
subflow_req->local_nonce,
- subflow_req->remote_nonce, (u32 *)hmac);
+ subflow_req->remote_nonce, hmac);
subflow_req->thmac = get_unaligned_be64(hmac);
@@ -238,9 +249,9 @@ static bool subflow_hmac_valid(const struct request_sock *req,
if (!msk)
return false;
- mptcp_crypto_hmac_sha(msk->remote_key, msk->local_key,
+ subflow_generate_hmac(msk->remote_key, msk->local_key,
subflow_req->remote_nonce,
- subflow_req->local_nonce, (u32 *)hmac);
+ subflow_req->local_nonce, hmac);
ret = true;
if (crypto_memneq(hmac, rx_opt->mptcp.hmac, sizeof(hmac)))
Add subflow_generate_hmac() to generate hmac from nonces. squash-to: Add handling of incoming MP_JOIN requests Signed-off-by: Peter Krystad <peter.krystad@linux.intel.com> --- net/mptcp/subflow.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-)