22 int tcp_ao_calc_traffic_key(struct tcp_ao_key *mkt, u8 *key, void *ctx,
29 				mkt->key, mkt->keylen))
37 	ahash_request_set_crypt(hp->req, &sg, key, len);
46 	memset(key, 0, tcp_ao_digest_size(mkt));
55 	if (!static_branch_unlikely(&tcp_ao_needed.key))
114 	struct tcp_ao_key *key;
116 	hlist_for_each_entry_rcu(key, &ao->head, node) {
117 		if ((sndid >= 0 && key->sndid != sndid) ||
118 		    (rcvid >= 0 && key->rcvid != rcvid))
120 		return key;
139 static int __tcp_ao_key_cmp(const struct tcp_ao_key *key, int l3index,
143 	if (sndid >= 0 && key->sndid != sndid)
144 		return (key->sndid > sndid) ? 1 : -1;
145 	if (rcvid >= 0 && key->rcvid != rcvid)
146 		return (key->rcvid > rcvid) ? 1 : -1;
147 	if (l3index >= 0 && (key->keyflags & TCP_AO_KEYF_IFINDEX)) {
148 		if (key->l3index != l3index)
149 			return (key->l3index > l3index) ? 1 : -1;
154 	if (key->family != family)
155 		return (key->family > family) ? 1 : -1;
158 		if (ntohl(key->addr.a4.s_addr) == INADDR_ANY)
162 		return ipv4_prefix_cmp(&key->addr.a4, &addr->a4, prefixlen);
165 		if (ipv6_addr_any(&key->addr.a6) || ipv6_addr_any(&addr->a6))
167 		if (ipv6_prefix_equal(&key->addr.a6, &addr->a6, prefixlen))
169 		return memcmp(&key->addr.a6, &addr->a6, sizeof(addr->a6));
175 static int tcp_ao_key_cmp(const struct tcp_ao_key *key, int l3index,
183 		return __tcp_ao_key_cmp(key, l3index,
188 	return __tcp_ao_key_cmp(key, l3index, addr,
196 	struct tcp_ao_key *key;
199 	if (!static_branch_unlikely(&tcp_ao_needed.key))
207 	hlist_for_each_entry_rcu(key, &ao->head, node) {
208 		u8 prefixlen = min(prefix, key->prefixlen);
210 		if (!tcp_ao_key_cmp(key, l3index, addr, prefixlen,
212 			return key;
243 					  struct tcp_ao_key *key)
247 	new_key = sock_kmalloc(sk, tcp_ao_sizeof_key(key),
252 	*new_key = *key;
263 	struct tcp_ao_key *key = container_of(head, struct tcp_ao_key, rcu);
265 	tcp_sigpool_release(key->tcp_sigpool_id);
266 	kfree_sensitive(key);
272 	struct tcp_ao_key *key;
286 	hlist_for_each_entry_safe(key, n, &ao->head, node) {
287 		hlist_del_rcu(&key->node);
289 			atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc);
290 		call_rcu(&key->rcu, tcp_ao_key_free_rcu);
302 		struct tcp_ao_key *key;
306 		hlist_for_each_entry_safe(key, n, &ao_info->head, node) {
307 			omem += tcp_ao_sizeof_key(key);
319 static int tcp_v4_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
349 	err = tcp_ao_calc_traffic_key(mkt, key, tmp, sizeof(*tmp), &hp);
355 int tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
360 		return tcp_v4_ao_calc_key(mkt, key, sk->sk_rcv_saddr,
364 		return tcp_v4_ao_calc_key(mkt, key, sk->sk_daddr,
369 static int tcp_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
374 		return tcp_v4_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
377 		return tcp_v6_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
383 int tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
388 	return tcp_v4_ao_calc_key(mkt, key,
395 static int tcp_v4_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
402 	return tcp_v4_ao_calc_key(mkt, key, iph->saddr, iph->daddr,
406 static int tcp_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
411 		return tcp_v4_ao_calc_key_skb(mkt, key, skb, sisn, disn);
414 		return tcp_v6_ao_calc_key_skb(mkt, key, skb, sisn, disn);
542 		    struct tcp_ao_key *key, const u8 *tkey,
547 	int tkey_len = tcp_ao_digest_size(key);
556 	if (tcp_sigpool_start(key->tcp_sigpool_id, &hp))
582 			       !!(key->keyflags & TCP_AO_KEYF_EXCLUDE_OPT),
583 			       ao_hash, hash_offset, tcp_ao_maclen(key)))
589 	memcpy(ao_hash, hash_buf, tcp_ao_maclen(key));
597 	memset(ao_hash, 0, tcp_ao_maclen(key));
603 		    char *ao_hash, struct tcp_ao_key *key,
608 	int tkey_len = tcp_ao_digest_size(key);
616 	if (tcp_sigpool_start(key->tcp_sigpool_id, &hp))
631 			       !!(key->keyflags & TCP_AO_KEYF_EXCLUDE_OPT),
632 			       ao_hash, hash_offset, tcp_ao_maclen(key)))
640 	memcpy(ao_hash, hash_buf, tcp_ao_maclen(key));
648 	memset(ao_hash, 0, tcp_ao_maclen(key));
653 int tcp_v4_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key,
657 	return tcp_ao_hash_skb(AF_INET, ao_hash, key, sk, skb,
707 			 struct tcp_ao_key **key, char **traffic_key,
752 		*key = tcp_ao_do_lookup(sk, l3index, addr, family,
754 		if (!*key)
756 		*traffic_key = kmalloc(tcp_ao_digest_size(*key), GFP_ATOMIC);
760 		if (tcp_ao_calc_key_skb(*key, *traffic_key, skb,
763 		*keyid = (*key)->rcvid;
778 		*key = tcp_ao_established_key(ao_info, aoh->rnext_keyid, -1);
779 		if (!*key)
781 		*traffic_key = snd_other_key(*key);
791 			struct tcp_ao_key *key, struct tcphdr *th,
803 	traffic_key = snd_other_key(key);
809 			tkey_buf = kmalloc(tcp_ao_digest_size(key), GFP_ATOMIC);
816 		tp->af_specific->ao_calc_key_sk(key, traffic_key,
821 	tp->af_specific->calc_ao_hash(hash_location, key, sk, skb, traffic_key,
852 	struct tcp_ao_key *key;
871 	key = tcp_ao_inbound_lookup(family, sk, skb, -1, aoh->keyid, l3index);
872 	if (!key)
884 		   const struct tcp_ao_hdr *aoh, struct tcp_ao_key *key,
891 	if (maclen != tcp_ao_maclen(key)) {
894 		atomic64_inc(&key->pkt_bad);
897 			      tcp_ao_maclen(key), l3index);
901 	hash_buf = kmalloc(tcp_ao_digest_size(key), GFP_ATOMIC);
906 	tcp_ao_hash_skb(family, hash_buf, key, sk, skb, traffic_key,
911 		atomic64_inc(&key->pkt_bad);
919 	atomic64_inc(&key->pkt_good);
933 	struct tcp_ao_key *key;
941 		tcp_hash_fail("AO key not found", family, skb,
957 		 * packet. If not we lookup the key based on the keyid
960 		key = READ_ONCE(info->rnext_key);
961 		if (key->rcvid != aoh->keyid) {
962 			key = tcp_ao_established_key(info, -1, aoh->keyid);
963 			if (!key)
973 		/* Established socket, traffic key are cached */
974 		traffic_key = rcv_other_key(key);
975 		err = tcp_ao_verify_hash(sk, skb, family, info, aoh, key,
980 		/* Key rotation: the peer asks us to use new key (RNext) */
982 			/* If the key is not found we do nothing. */
983 			key = tcp_ao_established_key(info, aoh->rnext_keyid, -1);
984 			if (key)
986 				WRITE_ONCE(info->current_key, key);
991 	/* Lookup key based on peer address and keyid.
994 	 * - request sockets would race on those key pointers
995 	 * - tcp_ao_del_cmd() allows async key removal
997 	key = tcp_ao_inbound_lookup(family, sk, skb, -1, aoh->keyid, l3index);
998 	if (!key)
1032 	traffic_key = kmalloc(tcp_ao_digest_size(key), GFP_ATOMIC);
1035 	tcp_ao_calc_key_skb(key, traffic_key, skb, sisn, disn, family);
1036 	ret = tcp_ao_verify_hash(sk, skb, family, info, aoh, key,
1044 	tcp_hash_fail("Requested by the peer AO key id not found",
1073 	struct tcp_ao_key *key;
1094 	hlist_for_each_entry_safe(key, next, &ao_info->head, node) {
1095 		if (!tcp_ao_key_cmp(key, l3index, addr, key->prefixlen, family, -1, -1))
1098 		if (key == ao_info->current_key)
1100 		if (key == ao_info->rnext_key)
1102 		hlist_del_rcu(&key->node);
1103 		atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc);
1104 		call_rcu(&key->rcu, tcp_ao_key_free_rcu);
1107 	key = tp->af_specific->ao_lookup(sk, sk, -1, -1);
1108 	if (key) {
1110 		 * use the first key matching the peer
1113 			ao_info->current_key = key;
1115 			ao_info->rnext_key = key;
1116 		tp->tcp_header_len += tcp_ao_len_aligned(key);
1122 		 * at least one tcp-ao key that matches the remote peer.
1133 	struct tcp_ao_key *key;
1140 	hlist_for_each_entry_rcu(key, &ao->head, node)
1141 		tcp_ao_cache_traffic_keys(sk, ao, key);
1147 	struct tcp_ao_key *key;
1157 	hlist_for_each_entry_rcu(key, &ao->head, node)
1158 		tcp_ao_cache_traffic_keys(sk, ao, key);
1165 	struct tcp_ao_key *key, *new_key, *first_key;
1201 	hlist_for_each_entry_rcu(key, &ao->head, node) {
1202 		if (tcp_ao_key_cmp(key, l3index, addr, key->prefixlen, family, -1, -1))
1205 		new_key = tcp_ao_copy_key(newsk, key);
1218 		 * it can't switch to being unsigned if peer's key
1225 	if (!static_key_fast_inc_not_disabled(&tcp_ao_needed.key.key)) {
1233 	key = tcp_ao_established_key(new_ao, tcp_rsk(req)->ao_keyid, -1);
1234 	if (key)
1235 		new_ao->current_key = key;
1240 	key = tcp_ao_established_key(new_ao, -1, tcp_rsk(req)->ao_rcv_next);
1241 	if (key)
1242 		new_ao->rnext_key = key;
1252 	hlist_for_each_entry_safe(key, key_head, &new_ao->head, node) {
1253 		hlist_del(&key->node);
1254 		tcp_sigpool_release(key->tcp_sigpool_id);
1255 		atomic_sub(tcp_ao_sizeof_key(key), &newsk->sk_omem_alloc);
1256 		kfree_sensitive(key);
1310 static int tcp_ao_parse_crypto(struct tcp_ao_add *cmd, struct tcp_ao_key *key)
1328 	key->maclen = cmd->maclen ?: 12; /* 12 is the default in RFC5925 */
1362 	if (tcp_ao_len_aligned(key) > syn_tcp_option_space) {
1367 	key->keylen = cmd->keylen;
1368 	memcpy(key->key, cmd->key, cmd->keylen);
1370 	err = tcp_sigpool_start(key->tcp_sigpool_id, &hp);
1379 		memcpy(tmp_key, cmd->key, cmd->keylen);
1382 		/* Using zero-key of 16 bytes as described in RFC5926 */
1392 		ahash_request_set_crypt(hp.req, &sg, key->key, cmd->keylen);
1400 		key->keylen = 16;
1403 	err = crypto_ahash_setkey(tfm, key->key, key->keylen);
1410 	if (tcp_ao_maclen(key) > key->digest_size)
1526 	struct tcp_ao_key *key;
1554 	key = sock_kmalloc(sk, size, GFP_KERNEL);
1555 	if (!key) {
1560 	key->tcp_sigpool_id = pool_id;
1561 	key->digest_size = digest_size;
1562 	return key;
1574 	struct tcp_ao_key *key;
1610 	/* For cmd.tcp_ifindex = 0 the key will apply to the default VRF */
1626 			 * non peer-matching key on an established TCP-AO
1639 			net_warn_ratelimited("AO key ifindex %d != sk bound ifindex %d\n",
1643 	/* Don't allow keys for peers that have a matching TCP-MD5 key */
1647 		 * (that will make them match AO key with
1668 		 * existing key for the peer, RFC5925 3.1:
1679 	key = tcp_ao_key_alloc(sk, &cmd);
1680 	if (IS_ERR(key)) {
1681 		ret = PTR_ERR(key);
1685 	INIT_HLIST_NODE(&key->node);
1686 	memcpy(&key->addr, addr, (family == AF_INET) ? sizeof(struct in_addr) :
1688 	key->prefixlen	= cmd.prefix;
1689 	key->family	= family;
1690 	key->keyflags	= cmd.keyflags;
1691 	key->sndid	= cmd.sndid;
1692 	key->rcvid	= cmd.rcvid;
1693 	key->l3index	= l3index;
1694 	atomic64_set(&key->pkt_good, 0);
1695 	atomic64_set(&key->pkt_bad, 0);
1697 	ret = tcp_ao_parse_crypto(&cmd, key);
1702 		tcp_ao_cache_traffic_keys(sk, ao_info, key);
1704 			ao_info->current_key = key;
1705 			ao_info->rnext_key = key;
1709 	tcp_ao_link_mkt(ao_info, key);
1711 		if (!static_branch_inc(&tcp_ao_needed.key)) {
1720 		WRITE_ONCE(ao_info->current_key, key);
1722 		WRITE_ONCE(ao_info->rnext_key, key);
1726 	atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc);
1727 	tcp_sigpool_release(key->tcp_sigpool_id);
1728 	kfree_sensitive(key);
1736 			     bool del_async, struct tcp_ao_key *key,
1742 	hlist_del_rcu(&key->node);
1749 		atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc);
1750 		call_rcu(&key->rcu, tcp_ao_key_free_rcu);
1754 	/* At this moment another CPU could have looked this key up
1756 	 * after which the key is off-list and can't be looked up again;
1759 	 * Free the key with next RCU grace period (in case it was
1769 	if (unlikely(READ_ONCE(ao_info->current_key) == key ||
1770 		     READ_ONCE(ao_info->rnext_key) == key)) {
1775 	atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc);
1776 	call_rcu(&key->rcu, tcp_ao_key_free_rcu);
1780 	hlist_add_head_rcu(&key->node, &ao_info->head);
1788 	struct tcp_ao_key *key, *new_current = NULL, *new_rnext = NULL;
1817 	 * if there is no key for that ifindex.
1872 	/* We could choose random present key here for current/rnext
1874 	 * allow removing a key that's in use. RFC5925 doesn't
1875 	 * specify how-to coordinate key removal, but says:
1879 	hlist_for_each_entry_rcu(key, &ao_info->head, node) {
1880 		if (cmd.sndid != key->sndid ||
1881 		    cmd.rcvid != key->rcvid)
1884 		if (family != key->family ||
1885 		    prefix != key->prefixlen ||
1886 		    memcmp(addr, &key->addr, addr_len))
1890 		    (key->keyflags & TCP_AO_KEYF_IFINDEX))
1893 		if (key->l3index != l3index)
1896 		if (key == new_current || key == new_rnext)
1899 		return tcp_ao_delete_key(sk, ao_info, cmd.del_async, key,
1915 	if (!static_branch_unlikely(&tcp_md5_needed.key))
2003 		if (!static_branch_inc(&tcp_ao_needed.key)) {
2080 	struct tcp_ao_key *key, *current_key;
2154 		 * ipv6_addr_v4mapped() like in key adding:
2204 	hlist_for_each_entry_rcu(key, &ao_info->head, node) {
2209 			if (opt_in.is_current && key == current_key)
2211 			if (opt_in.is_rnext && key == ao_info->rnext_key)
2216 		if (tcp_ao_key_cmp(key, l3index, addr, opt_in.prefix,
2227 		if (key->family == AF_INET) {
2230 			sin_out->sin_family = key->family;
2232 			memcpy(&sin_out->sin_addr, &key->addr, sizeof(struct in_addr));
2236 			sin6_out->sin6_family = key->family;
2238 			memcpy(&sin6_out->sin6_addr, &key->addr, sizeof(struct in6_addr));
2240 		opt_out.sndid = key->sndid;
2241 		opt_out.rcvid = key->rcvid;
2242 		opt_out.prefix = key->prefixlen;
2243 		opt_out.keyflags = key->keyflags;
2244 		opt_out.is_current = (key == current_key);
2245 		opt_out.is_rnext = (key == ao_info->rnext_key);
2247 		opt_out.maclen = key->maclen;
2248 		opt_out.keylen = key->keylen;
2249 		opt_out.ifindex = key->l3index;
2250 		opt_out.pkt_good = atomic64_read(&key->pkt_good);
2251 		opt_out.pkt_bad = atomic64_read(&key->pkt_bad);
2252 		memcpy(&opt_out.key, key->key, key->keylen);
2253 		tcp_sigpool_algo(key->tcp_sigpool_id, opt_out.alg_name, 64);
2255 		/* Copy key to user */
2346 	struct tcp_ao_key *key;
2371 	hlist_for_each_entry_rcu(key, &ao->head, node)
2372 		tcp_ao_cache_traffic_keys(sk, ao, key);

Indexes created Sat Jun 01 22:14:01 MDT 2024