From patchwork Mon Mar 16 18:39:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Krystad X-Patchwork-Id: 1255759 X-Patchwork-Delegate: matthieu.baerts@tessares.net Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.01.org (client-ip=198.145.21.10; helo=ml01.01.org; envelope-from=mptcp-bounces@lists.01.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.intel.com Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48h4py19jKz9sR4 for ; Tue, 17 Mar 2020 05:39:54 +1100 (AEDT) Received: from ml01.vlan13.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id E363D10FC35BB; Mon, 16 Mar 2020 11:40:42 -0700 (PDT) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=peter.krystad@linux.intel.com; receiver= Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7AC9E10097DF6 for ; Mon, 16 Mar 2020 11:40:19 -0700 (PDT) IronPort-SDR: HBFUDYuCLZFxpG37dkqXLHXAkknynB9A151clT2LY0hqLzPHKtw1Stu6zUpYiLNSlepEsJtV+1 lu2DD9JNmaBA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2020 11:39:28 -0700 IronPort-SDR: RbglVGCKakp8ky4ROkTBi9aro1DojgkXgXf3vJ8xUiZI4J5O9fnzGp7k3vw83t5qlYNwHerbuj azOwb9ufbOeA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,561,1574150400"; d="scan'208";a="279126329" Received: from pkrystad-mobl4.sea.intel.com (HELO localhost.localdomain) ([10.252.139.117]) by fmsmga002.fm.intel.com with ESMTP; 16 Mar 2020 11:39:28 -0700 From: Peter Krystad To: mptcp@lists.01.org Date: Mon, 16 Mar 2020 11:39:07 -0700 Message-Id: <20200316183911.4347-2-peter.krystad@linux.intel.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20200316183911.4347-1-peter.krystad@linux.intel.com> References: <20200316183911.4347-1-peter.krystad@linux.intel.com> Message-ID-Hash: N5K6PBDTS4EAKH6JRAG45KDJ4LRAW53I X-Message-ID-Hash: N5K6PBDTS4EAKH6JRAG45KDJ4LRAW53I X-MailFrom: peter.krystad@linux.intel.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.1.1 Precedence: list Subject: [MPTCP] [PATCH v5 1/5] mptcp: Re-factor mptcp_crypto_hmac_sha() List-Id: Discussions regarding MPTCP upstreaming Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Allow it to take variable-length messages so that v1 ADD_ADDR option processing may also use it. squashto: Add ADD_ADDR handling Signed-off-by: Peter Krystad --- net/mptcp/crypto.c | 17 +++++++++++------ net/mptcp/protocol.h | 3 +-- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/net/mptcp/crypto.c b/net/mptcp/crypto.c index 40d1bb18fd60..c151628bd416 100644 --- a/net/mptcp/crypto.c +++ b/net/mptcp/crypto.c @@ -44,8 +44,7 @@ void mptcp_crypto_key_sha(u64 key, u32 *token, u64 *idsn) *idsn = be64_to_cpu(*((__be64 *)&mptcp_hashed_key[6])); } -void mptcp_crypto_hmac_sha(u64 key1, u64 key2, u32 nonce1, u32 nonce2, - void *hmac) +void mptcp_crypto_hmac_sha(u64 key1, u64 key2, u8 *msg, int len, void *hmac) { u8 input[SHA256_BLOCK_SIZE + SHA256_DIGEST_SIZE]; __be32 mptcp_hashed_key[SHA256_DIGEST_WORDS]; @@ -55,6 +54,9 @@ void mptcp_crypto_hmac_sha(u64 key1, u64 key2, u32 nonce1, u32 nonce2, u8 key2be[8]; int i; + if (WARN_ON_ONCE(len > SHA256_DIGEST_SIZE)) + len = SHA256_DIGEST_SIZE; + put_unaligned_be64(key1, key1be); put_unaligned_be64(key2, key2be); @@ -65,11 +67,10 @@ void mptcp_crypto_hmac_sha(u64 key1, u64 key2, u32 nonce1, u32 nonce2, for (i = 0; i < 8; i++) input[i + 8] ^= key2be[i]; - put_unaligned_be32(nonce1, &input[SHA256_BLOCK_SIZE]); - put_unaligned_be32(nonce2, &input[SHA256_BLOCK_SIZE + 4]); + memcpy(&input[SHA256_BLOCK_SIZE], msg, len); sha256_init(&state); - sha256_update(&state, input, SHA256_BLOCK_SIZE + 8); + sha256_update(&state, input, SHA256_BLOCK_SIZE + len); /* emit sha256(K1 || msg) on the second input block, so we can * reuse 'input' for the last hashing @@ -125,6 +126,7 @@ static int __init test_mptcp_crypto(void) char hmac[20], hmac_hex[41]; u32 nonce1, nonce2; u64 key1, key2; + u8 msg[8]; int i, j; for (i = 0; i < ARRAY_SIZE(tests); ++i) { @@ -134,7 +136,10 @@ static int __init test_mptcp_crypto(void) nonce1 = be32_to_cpu(*((__be32 *)&tests[i].msg[0])); nonce2 = be32_to_cpu(*((__be32 *)&tests[i].msg[4])); - mptcp_crypto_hmac_sha(key1, key2, nonce1, nonce2, hmac); + put_unaligned_be32(nonce1, &msg[0]); + put_unaligned_be32(nonce2, &msg[4]); + + mptcp_crypto_hmac_sha(key1, key2, msg, 8, hmac); for (j = 0; j < 20; ++j) sprintf(&hmac_hex[j << 1], "%02x", hmac[j] & 0xff); hmac_hex[40] = 0; diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 2c36f9c7d2d7..d04fee8d1959 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -236,8 +236,7 @@ static inline void mptcp_crypto_key_gen_sha(u64 *key, u32 *token, u64 *idsn) mptcp_crypto_key_sha(*key, token, idsn); } -void mptcp_crypto_hmac_sha(u64 key1, u64 key2, u32 nonce1, u32 nonce2, - void *hash_out); +void mptcp_crypto_hmac_sha(u64 key1, u64 key2, u8 *msg, int len, void *hmac); static inline struct mptcp_ext *mptcp_get_ext(struct sk_buff *skb) { From patchwork Mon Mar 16 18:39:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Krystad X-Patchwork-Id: 1255761 X-Patchwork-Delegate: matthieu.baerts@tessares.net Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.01.org (client-ip=2001:19d0:306:5::1; helo=ml01.01.org; envelope-from=mptcp-bounces@lists.01.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.intel.com Received: from ml01.01.org (ml01.01.org [IPv6:2001:19d0:306:5::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48h4pz1JJdz9sRR for ; Tue, 17 Mar 2020 05:39:55 +1100 (AEDT) Received: from ml01.vlan13.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id ED75810FC35BF; Mon, 16 Mar 2020 11:40:43 -0700 (PDT) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=peter.krystad@linux.intel.com; receiver= Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 950A710097DF6 for ; Mon, 16 Mar 2020 11:40:19 -0700 (PDT) IronPort-SDR: D/cJsfABANMgToVk2MRcy5ugtndolyyTTrMjlZmH4/CP+e/B97MD1CDnjGyTOTuAP49re3iRKH IVpT/ogAzLLw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2020 11:39:28 -0700 IronPort-SDR: qW9A3HY1tHnbDqWfYK22Au6VIQ50xDE63kmRSCW6gRAJd4GydzwvPSWN26v6ecWJZlXd3ZsKxd dY0K6oRFFAyQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,561,1574150400"; d="scan'208";a="279126331" Received: from pkrystad-mobl4.sea.intel.com (HELO localhost.localdomain) ([10.252.139.117]) by fmsmga002.fm.intel.com with ESMTP; 16 Mar 2020 11:39:28 -0700 From: Peter Krystad To: mptcp@lists.01.org Date: Mon, 16 Mar 2020 11:39:08 -0700 Message-Id: <20200316183911.4347-3-peter.krystad@linux.intel.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20200316183911.4347-1-peter.krystad@linux.intel.com> References: <20200316183911.4347-1-peter.krystad@linux.intel.com> Message-ID-Hash: 36DKNOUH632QDIUCWNGJ6NDL6NIXWDV3 X-Message-ID-Hash: 36DKNOUH632QDIUCWNGJ6NDL6NIXWDV3 X-MailFrom: peter.krystad@linux.intel.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.1.1 Precedence: list Subject: [MPTCP] [PATCH v5 2/5] mptcp: v1 ADD_ADDR changes: options and parsing List-Id: Discussions regarding MPTCP upstreaming Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Remove family field and add hmac and echo fields to struct mptcp_options_received. Parse incoming hmac on ADD_ADDR option, and send hmac with outgoing option. squashto: Add ADD_ADDR handling Signed-off-by: Peter Krystad --- include/linux/tcp.h | 19 ++++--- include/net/mptcp.h | 2 + net/mptcp/options.c | 132 +++++++++++++++++++++++++++++++++---------- net/mptcp/protocol.h | 16 ++++-- 4 files changed, 128 insertions(+), 41 deletions(-) diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 1e733f9fb4ab..41e5a0e3622f 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -86,9 +86,13 @@ struct mptcp_options_received { u64 data_seq; u32 subflow_seq; u16 data_len; - u8 mp_capable : 1, + u16 mp_capable : 1, mp_join : 1, - dss : 1; + dss : 1, + add_addr : 1, + rm_addr : 1, + family : 4, + echo : 1; u8 use_map:1, dsn64:1, data_fin:1, @@ -96,16 +100,15 @@ struct mptcp_options_received { ack64:1, mpc_map:1, __unused:2; - u8 add_addr : 1, - rm_addr : 1, - family : 4; u8 addr_id; + u8 rm_id; union { - struct in_addr addr; -#if IS_ENABLED(CONFIG_IPV6) - struct in6_addr addr6; + struct in_addr addr; +#if IS_ENABLED(CONFIG_MPTCP_IPV6) + struct in6_addr addr6; #endif }; + u64 ahmac; }; #endif diff --git a/include/net/mptcp.h b/include/net/mptcp.h index 2d7e478f0380..0d5ea71dd3d0 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -40,6 +40,8 @@ struct mptcp_out_options { #endif }; u8 addr_id; + u64 ahmac; + u8 rm_id; struct mptcp_ext ext_copy; #endif }; diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 5e4ed3607983..6db834a5d5b5 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -179,45 +179,56 @@ void mptcp_parse_option(const struct sk_buff *skb, const unsigned char *ptr, break; case MPTCPOPT_ADD_ADDR: - if (opsize != TCPOLEN_MPTCP_ADD_ADDR && - opsize != TCPOLEN_MPTCP_ADD_ADDR6) - break; - mp_opt->family = *ptr++ & MPTCP_ADDR_FAMILY_MASK; - if (mp_opt->family != MPTCP_ADDR_IPVERSION_4 && - mp_opt->family != MPTCP_ADDR_IPVERSION_6) - break; - - if (mp_opt->family == MPTCP_ADDR_IPVERSION_4 && - opsize != TCPOLEN_MPTCP_ADD_ADDR) - break; + mp_opt->echo = (*ptr++) & MPTCP_ADDR_ECHO; + if (!mp_opt->echo) { + if (opsize == TCPOLEN_MPTCP_ADD_ADDR || + opsize == TCPOLEN_MPTCP_ADD_ADDR_PORT) + mp_opt->family = MPTCP_ADDR_IPVERSION_4; #if IS_ENABLED(CONFIG_MPTCP_IPV6) - if (mp_opt->family == MPTCP_ADDR_IPVERSION_6 && - opsize != TCPOLEN_MPTCP_ADD_ADDR6) - break; + else if (opsize == TCPOLEN_MPTCP_ADD_ADDR6 || + opsize == TCPOLEN_MPTCP_ADD_ADDR6_PORT) + mp_opt->family = MPTCP_ADDR_IPVERSION_6; +#endif + else + break; + } else { + if (opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE || + opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE_PORT) + mp_opt->family = MPTCP_ADDR_IPVERSION_4; +#if IS_ENABLED(CONFIG_MPTCP_IPV6) + else if (opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE || + opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE_PORT) + mp_opt->family = MPTCP_ADDR_IPVERSION_6; #endif + else + break; + } + mp_opt->addr_id = *ptr++; + pr_debug("ADD_ADDR: id=%d", mp_opt->addr_id); if (mp_opt->family == MPTCP_ADDR_IPVERSION_4) { - mp_opt->add_addr = 1; memcpy((u8 *)&mp_opt->addr.s_addr, (u8 *)ptr, 4); - pr_debug("ADD_ADDR: addr=%x, id=%d", - mp_opt->addr.s_addr, mp_opt->addr_id); + ptr += 4; } #if IS_ENABLED(CONFIG_MPTCP_IPV6) else { - mp_opt->add_addr = 1; memcpy(mp_opt->addr6.s6_addr, (u8 *)ptr, 16); - pr_debug("ADD_ADDR: addr6=, id=%d", mp_opt->addr_id); + ptr += 16; } #endif + if (!mp_opt->echo) { + mp_opt->ahmac = get_unaligned_be64(ptr); + ptr += 8; + } break; case MPTCPOPT_RM_ADDR: - if (opsize != TCPOLEN_MPTCP_RM_ADDR) + if (opsize != TCPOLEN_MPTCP_RM_ADDR_BASE) break; mp_opt->rm_addr = 1; - mp_opt->addr_id = *ptr++; - pr_debug("RM_ADDR: id=%d", mp_opt->addr_id); + mp_opt->rm_id = *ptr++; + pr_debug("RM_ADDR: id=%d", mp_opt->rm_id); break; default: @@ -430,6 +441,38 @@ static bool mptcp_established_options_dss(struct sock *sk, struct sk_buff *skb, return true; } +static u64 add_addr_generate_hmac(u64 key1, u64 key2, u8 addr_id, + struct in_addr *addr) +{ + u8 hmac[MPTCP_ADDR_HMAC_LEN]; + u8 msg[7]; + + msg[0] = addr_id; + memcpy(&msg[1], &addr->s_addr, 4); + msg[5] = 0; + msg[6] = 0; + + mptcp_crypto_hmac_sha(key1, key2, msg, 7, hmac); + + return get_unaligned_be64(hmac); +} + +static u64 add_addr6_generate_hmac(u64 key1, u64 key2, u8 addr_id, + struct in6_addr *addr) +{ + u8 hmac[MPTCP_ADDR_HMAC_LEN]; + u8 msg[19]; + + msg[0] = addr_id; + memcpy(&msg[1], &addr->s6_addr, 16); + msg[17] = 0; + msg[18] = 0; + + mptcp_crypto_hmac_sha(key1, key2, msg, 19, hmac); + + return get_unaligned_be64(hmac); +} + static bool mptcp_established_options_addr(struct sock *sk, unsigned int *size, unsigned int remaining, @@ -452,6 +495,10 @@ static bool mptcp_established_options_addr(struct sock *sk, opts->suboptions |= OPTION_MPTCP_ADD_ADDR; opts->addr_id = id; opts->addr = ((struct sockaddr_in *)&saddr)->sin_addr; + opts->ahmac = add_addr_generate_hmac(subflow->local_key, + subflow->remote_key, + opts->addr_id, + &opts->addr); *size = TCPOLEN_MPTCP_ADD_ADDR; } #if IS_ENABLED(CONFIG_MPTCP_IPV6) @@ -460,10 +507,15 @@ static bool mptcp_established_options_addr(struct sock *sk, return false; opts->suboptions |= OPTION_MPTCP_ADD_ADDR6; opts->addr_id = id; + opts->ahmac = add_addr6_generate_hmac(subflow->local_key, + subflow->remote_key, + opts->addr_id, + &opts->addr6); opts->addr6 = ((struct sockaddr_in6 *)&saddr)->sin6_addr; *size = TCPOLEN_MPTCP_ADD_ADDR6; } #endif + pr_debug("addr_id=%d, ahmac=%llu", opts->addr_id, opts->ahmac); return true; } @@ -635,25 +687,47 @@ void mptcp_write_options(__be32 *ptr, struct mptcp_out_options *opts) mp_capable_done: if (OPTION_MPTCP_ADD_ADDR & opts->suboptions) { - *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR, TCPOLEN_MPTCP_ADD_ADDR, - MPTCP_ADDR_IPVERSION_4, opts->addr_id); + if (opts->ahmac) + *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR, + TCPOLEN_MPTCP_ADD_ADDR, 0, + opts->addr_id); + else + *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR, + TCPOLEN_MPTCP_ADD_ADDR_BASE, + MPTCP_ADDR_ECHO, + opts->addr_id); memcpy((u8 *)ptr, (u8 *)&opts->addr.s_addr, 4); ptr += 1; + if (opts->ahmac) { + put_unaligned_be64(opts->ahmac, ptr); + ptr += 2; + } } #if IS_ENABLED(CONFIG_MPTCP_IPV6) if (OPTION_MPTCP_ADD_ADDR6 & opts->suboptions) { - *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR, - TCPOLEN_MPTCP_ADD_ADDR6, - MPTCP_ADDR_IPVERSION_6, opts->addr_id); + if (opts->ahmac) + *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR, + TCPOLEN_MPTCP_ADD_ADDR6, 0, + opts->addr_id); + else + *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR, + TCPOLEN_MPTCP_ADD_ADDR6_BASE, + MPTCP_ADDR_ECHO, + opts->addr_id); memcpy((u8 *)ptr, opts->addr6.s6_addr, 16); ptr += 4; + if (opts->ahmac) { + put_unaligned_be64(opts->ahmac, ptr); + ptr += 2; + } } #endif if (OPTION_MPTCP_RM_ADDR & opts->suboptions) { - *ptr++ = mptcp_option(MPTCPOPT_RM_ADDR, TCPOLEN_MPTCP_RM_ADDR, - 0, opts->addr_id); + *ptr++ = mptcp_option(MPTCPOPT_RM_ADDR, + TCPOLEN_MPTCP_RM_ADDR_BASE, + 0, opts->rm_id); } if (opts->ext_copy.use_ack || opts->ext_copy.use_map) { diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index d04fee8d1959..471e013d1c32 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -42,9 +42,16 @@ #define TCPOLEN_MPTCP_DSS_MAP32 10 #define TCPOLEN_MPTCP_DSS_MAP64 14 #define TCPOLEN_MPTCP_DSS_CHECKSUM 2 -#define TCPOLEN_MPTCP_ADD_ADDR 8 -#define TCPOLEN_MPTCP_ADD_ADDR6 20 -#define TCPOLEN_MPTCP_RM_ADDR 4 +#define TCPOLEN_MPTCP_ADD_ADDR 16 +#define TCPOLEN_MPTCP_ADD_ADDR_PORT 18 +#define TCPOLEN_MPTCP_ADD_ADDR_BASE 8 +#define TCPOLEN_MPTCP_ADD_ADDR_BASE_PORT 10 +#define TCPOLEN_MPTCP_ADD_ADDR6 28 +#define TCPOLEN_MPTCP_ADD_ADDR6_PORT 30 +#define TCPOLEN_MPTCP_ADD_ADDR6_BASE 20 +#define TCPOLEN_MPTCP_ADD_ADDR6_BASE_PORT 22 +#define TCPOLEN_MPTCP_PORT_LEN 2 +#define TCPOLEN_MPTCP_RM_ADDR_BASE 4 /* MPTCP MP_CAPABLE flags */ #define MPTCP_VERSION_MASK (0x0F) @@ -62,7 +69,8 @@ #define MPTCP_DSS_FLAG_MASK (0x1F) /* MPTCP ADD_ADDR flags */ -#define MPTCP_ADDR_FAMILY_MASK (0x0F) +#define MPTCP_ADDR_ECHO BIT(0) +#define MPTCP_ADDR_HMAC_LEN 20 #define MPTCP_ADDR_IPVERSION_4 4 #define MPTCP_ADDR_IPVERSION_6 6 From patchwork Mon Mar 16 18:39:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Krystad X-Patchwork-Id: 1255760 X-Patchwork-Delegate: matthieu.baerts@tessares.net Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.01.org (client-ip=198.145.21.10; helo=ml01.01.org; envelope-from=mptcp-bounces@lists.01.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.intel.com Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48h4py6Gzsz9sPR for ; Tue, 17 Mar 2020 05:39:54 +1100 (AEDT) Received: from ml01.vlan13.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 019DC10FC3605; Mon, 16 Mar 2020 11:40:44 -0700 (PDT) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=peter.krystad@linux.intel.com; receiver= Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 045AA10097DF6 for ; Mon, 16 Mar 2020 11:40:19 -0700 (PDT) IronPort-SDR: 1qW3DKJ3LTsTTvt0xPR5RUVC5ZkXsTb1/ELrh7Q9kOwixARGTK+UMQgDe7N5Y9dOQzRhYeEmTi br+TC8sHsV+Q== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2020 11:39:29 -0700 IronPort-SDR: ZAiMuNVWb57w3+8gmTJVRT7g2VxCyQ3z7Jm3mtBM8iVZBNETdZ7v9hEMWYSNW4+kb8Eg3O3tM6 jDp4hOK2SGiQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,561,1574150400"; d="scan'208";a="279126333" Received: from pkrystad-mobl4.sea.intel.com (HELO localhost.localdomain) ([10.252.139.117]) by fmsmga002.fm.intel.com with ESMTP; 16 Mar 2020 11:39:28 -0700 From: Peter Krystad To: mptcp@lists.01.org Date: Mon, 16 Mar 2020 11:39:09 -0700 Message-Id: <20200316183911.4347-4-peter.krystad@linux.intel.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20200316183911.4347-1-peter.krystad@linux.intel.com> References: <20200316183911.4347-1-peter.krystad@linux.intel.com> Message-ID-Hash: FXZN2WDN3MK3PNOAJC52OY2QZJYOQZ2W X-Message-ID-Hash: FXZN2WDN3MK3PNOAJC52OY2QZJYOQZ2W X-MailFrom: peter.krystad@linux.intel.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.1.1 Precedence: list Subject: [MPTCP] [PATCH v5 3/5] mptcp: v1 ADD_ADDR changes: add_addr_hmac_valid List-Id: Discussions regarding MPTCP upstreaming Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Validate incoming ADD_ADDR options squash-to: Add path manager interface Signed-off-by: Peter Krystad --- net/mptcp/options.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 80cf2f01eecc..42e2c75b4a7a 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -597,6 +597,30 @@ static bool check_fully_established(struct mptcp_subflow_context *subflow, return true; } +static bool add_addr_hmac_valid(struct mptcp_subflow_context *subflow, + struct mptcp_options_received *mp_opt) +{ + u64 hmac; + + if (mp_opt->echo) + return true; + + if (mp_opt->family == MPTCP_ADDR_IPVERSION_4) + hmac = add_addr_generate_hmac(subflow->remote_key, + subflow->local_key, + mp_opt->addr_id, &mp_opt->addr); + else + hmac = add_addr6_generate_hmac(subflow->remote_key, + subflow->local_key, + mp_opt->addr_id, &mp_opt->addr6); + + pr_debug("subflow=%p, ahmac=%llu, mp_opt->ahmac=%llu\n", + subflow, (unsigned long long)hmac, + (unsigned long long)mp_opt->ahmac); + + return hmac == mp_opt->ahmac; +} + void mptcp_incoming_options(struct sock *sk, struct sk_buff *skb, struct tcp_options_received *opt_rx) { @@ -609,7 +633,7 @@ void mptcp_incoming_options(struct sock *sk, struct sk_buff *skb, if (!check_fully_established(subflow, skb, mp_opt)) return; - if (msk && mp_opt->add_addr) { + if (msk && mp_opt->add_addr && add_addr_hmac_valid(subflow, mp_opt)) { struct mptcp_addr_info addr; addr.port = 0; @@ -624,7 +648,8 @@ void mptcp_incoming_options(struct sock *sk, struct sk_buff *skb, addr.addr6 = mp_opt->addr6; } #endif - mptcp_pm_add_addr_received(msk, &addr); + if (!mp_opt->echo) + mptcp_pm_add_addr_received(msk, &addr); mp_opt->add_addr = 0; } From patchwork Mon Mar 16 18:39:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Krystad X-Patchwork-Id: 1255762 X-Patchwork-Delegate: matthieu.baerts@tessares.net Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.01.org (client-ip=2001:19d0:306:5::1; helo=ml01.01.org; envelope-from=mptcp-bounces@lists.01.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.intel.com Received: from ml01.01.org (ml01.01.org [IPv6:2001:19d0:306:5::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48h4pz4DRHz9sRY for ; Tue, 17 Mar 2020 05:39:55 +1100 (AEDT) Received: from ml01.vlan13.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 09D4D10FC360A; Mon, 16 Mar 2020 11:40:44 -0700 (PDT) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=peter.krystad@linux.intel.com; receiver= Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 83AAD10097DF6 for ; Mon, 16 Mar 2020 11:40:20 -0700 (PDT) IronPort-SDR: Mm6fP0XEZpWuHwhN4dfIobojgEgvZ2+U4z6fwqexFyDX9bErx0nsO8nIkjgN9LzVOCQVt1l7kO CL4/JrZFts4g== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2020 11:39:29 -0700 IronPort-SDR: BWkxb0p2RziRZiDhQ/A5WztBgZELmUz9KmT7nYdCvLqJz1oTOFDRP5hq8i5iHsqhhvFDUD/e4V dehl41xQmg6A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,561,1574150400"; d="scan'208";a="279126335" Received: from pkrystad-mobl4.sea.intel.com (HELO localhost.localdomain) ([10.252.139.117]) by fmsmga002.fm.intel.com with ESMTP; 16 Mar 2020 11:39:29 -0700 From: Peter Krystad To: mptcp@lists.01.org Date: Mon, 16 Mar 2020 11:39:10 -0700 Message-Id: <20200316183911.4347-5-peter.krystad@linux.intel.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20200316183911.4347-1-peter.krystad@linux.intel.com> References: <20200316183911.4347-1-peter.krystad@linux.intel.com> Message-ID-Hash: 56VGZEJ7KV2L3XS6VF42ICSJLPNUBIA4 X-Message-ID-Hash: 56VGZEJ7KV2L3XS6VF42ICSJLPNUBIA4 X-MailFrom: peter.krystad@linux.intel.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.1.1 Precedence: list Subject: [MPTCP] [PATCH v5 4/5] mptcp: v1 ADD_ADDR changes: add subflow_generate_hmac() List-Id: Discussions regarding MPTCP upstreaming Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add subflow_generate_hmac() to generate hmac from nonces. squash-to: Add handling of incoming MP_JOIN requests Signed-off-by: Peter Krystad --- include/linux/tcp.h | 2 +- net/mptcp/subflow.c | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 4cf39e002a19..67f314907c60 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -94,11 +94,11 @@ struct mptcp_options_received { family : 4, echo : 1, backup : 1; - u8 join_id; u32 token; u32 nonce; u64 thmac; u8 hmac[20]; + u8 join_id; u8 use_map:1, dsn64:1, data_fin:1, diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 574391d014ac..82060fb2433a 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -48,6 +48,17 @@ static void subflow_req_destructor(struct request_sock *req) tcp_request_sock_ops.destructor(req); } +static void subflow_generate_hmac(u64 key1, u64 key2, u32 nonce1, u32 nonce2, + void *hmac) +{ + u8 msg[8]; + + put_unaligned_be32(nonce1, &msg[0]); + put_unaligned_be32(nonce2, &msg[4]); + + mptcp_crypto_hmac_sha(key1, key2, msg, 8, hmac); +} + /* validate received token and create truncated hmac and nonce for SYN-ACK */ static bool subflow_token_join_request(struct request_sock *req, const struct sk_buff *skb) @@ -73,9 +84,9 @@ static bool subflow_token_join_request(struct request_sock *req, get_random_bytes(&subflow_req->local_nonce, sizeof(u32)); - mptcp_crypto_hmac_sha(msk->local_key, msk->remote_key, + subflow_generate_hmac(msk->local_key, msk->remote_key, subflow_req->local_nonce, - subflow_req->remote_nonce, (u32 *)hmac); + subflow_req->remote_nonce, hmac); subflow_req->thmac = get_unaligned_be64(hmac); @@ -238,9 +249,9 @@ static bool subflow_hmac_valid(const struct request_sock *req, if (!msk) return false; - mptcp_crypto_hmac_sha(msk->remote_key, msk->local_key, + subflow_generate_hmac(msk->remote_key, msk->local_key, subflow_req->remote_nonce, - subflow_req->local_nonce, (u32 *)hmac); + subflow_req->local_nonce, hmac); ret = true; if (crypto_memneq(hmac, rx_opt->mptcp.hmac, sizeof(hmac))) From patchwork Mon Mar 16 18:39:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Krystad X-Patchwork-Id: 1255763 X-Patchwork-Delegate: matthieu.baerts@tessares.net Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.01.org (client-ip=198.145.21.10; helo=ml01.01.org; envelope-from=mptcp-bounces@lists.01.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.intel.com Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48h4pz5khmz9sR4 for ; Tue, 17 Mar 2020 05:39:55 +1100 (AEDT) Received: from ml01.vlan13.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 1B9EF10FC360E; Mon, 16 Mar 2020 11:40:45 -0700 (PDT) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=peter.krystad@linux.intel.com; receiver= Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E319F10097DF6 for ; Mon, 16 Mar 2020 11:40:20 -0700 (PDT) IronPort-SDR: 3hoIpCqkfHTeDTbtfWMKmePwctTmE5m1z0nmKCLolAXF6YtfLiqv4Rnfe4x5Jon5fylZjqUaVS sa7qWw68GyJg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2020 11:39:30 -0700 IronPort-SDR: K1+9egNNZj31xiLJgzYdJ0NjHAbBDl8fx/p0XvSfD4/zb63KFTqnUxchZ8JRu8Dlcphu1cBNSO e2tbw056DeQw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,561,1574150400"; d="scan'208";a="279126336" Received: from pkrystad-mobl4.sea.intel.com (HELO localhost.localdomain) ([10.252.139.117]) by fmsmga002.fm.intel.com with ESMTP; 16 Mar 2020 11:39:29 -0700 From: Peter Krystad To: mptcp@lists.01.org Date: Mon, 16 Mar 2020 11:39:11 -0700 Message-Id: <20200316183911.4347-6-peter.krystad@linux.intel.com> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20200316183911.4347-1-peter.krystad@linux.intel.com> References: <20200316183911.4347-1-peter.krystad@linux.intel.com> Message-ID-Hash: ATMPNQKFUFY5NLEJXVJJDOY6IZRRA6CT X-Message-ID-Hash: ATMPNQKFUFY5NLEJXVJJDOY6IZRRA6CT X-MailFrom: peter.krystad@linux.intel.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.1.1 Precedence: list Subject: [MPTCP] [PATCH v5 5/5] mptcp: v1 ADD_ADDR changes: use subflow_generate_hmac() List-Id: Discussions regarding MPTCP upstreaming Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Use subflow_generate_hmac() to create hmac from nonces. squash-to: Add handling of outgoing MP_JOIN requests Signed-off-by: Peter Krystad --- net/mptcp/subflow.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 0da0e4605f0f..f3ea1d68e39b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -194,9 +194,9 @@ static bool subflow_thmac_valid(struct mptcp_subflow_context *subflow) u8 hmac[MPTCPOPT_HMAC_LEN]; u64 thmac; - mptcp_crypto_hmac_sha(subflow->remote_key, subflow->local_key, + subflow_generate_hmac(subflow->remote_key, subflow->local_key, subflow->remote_nonce, subflow->local_nonce, - (u32 *)hmac); + hmac); thmac = get_unaligned_be64(hmac); pr_debug("subflow=%p, token=%u, thmac=%llu, subflow->thmac=%llu\n", @@ -235,10 +235,10 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) goto do_reset; } - mptcp_crypto_hmac_sha(subflow->local_key, subflow->remote_key, + subflow_generate_hmac(subflow->local_key, subflow->remote_key, subflow->local_nonce, subflow->remote_nonce, - (u32 *)subflow->hmac); + subflow->hmac); if (skb) subflow->ssn_offset = TCP_SKB_CB(skb)->seq;