Commit 483642e5 authored by Christoph Paasch's avatar Christoph Paasch Committed by David S. Miller
Browse files

tcp: introduce __tcp_fastopen_cookie_gen_cipher() 



Restructure __tcp_fastopen_cookie_gen() to take a 'struct crypto_cipher'
argument and rename it as __tcp_fastopen_cookie_gen_cipher(). Subsequent
patches will provide different ciphers based on which key is being used for
the cookie generation.

Signed-off-by: default avatarChristoph Paasch <cpaasch@apple.com>
Signed-off-by: default avatarJason Baron <jbaron@akamai.com>
Acked-by: default avatarYuchung Cheng <ycheng@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 5b5d331a

net/ipv4/tcp_fastopen.c

+37 −36
Original line number Diff line number Diff line
@@ -111,25 +111,38 @@ error: kfree(ctx); 
	return err;

}



static bool __tcp_fastopen_cookie_gen(struct sock *sk, const void *path,

static bool __tcp_fastopen_cookie_gen_cipher(struct request_sock *req,

					     struct sk_buff *syn,

					     struct crypto_cipher *tfm,

					     struct tcp_fastopen_cookie *foc)

{

	struct tcp_fastopen_context *ctx;

	bool ok = false;

	if (req->rsk_ops->family == AF_INET) {

		const struct iphdr *iph = ip_hdr(syn);

		__be32 path[4] = { iph->saddr, iph->daddr, 0, 0 };



	rcu_read_lock();

		crypto_cipher_encrypt_one(tfm, foc->val, (void *)path);

		foc->len = TCP_FASTOPEN_COOKIE_SIZE;

		return true;

	}



	ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx);

	if (!ctx)

		ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx);

#if IS_ENABLED(CONFIG_IPV6)

	if (req->rsk_ops->family == AF_INET6) {

		const struct ipv6hdr *ip6h = ipv6_hdr(syn);

		struct tcp_fastopen_cookie tmp;

		struct in6_addr *buf;

		int i;



	if (ctx) {

		crypto_cipher_encrypt_one(ctx->tfm, foc->val, path);

		crypto_cipher_encrypt_one(tfm, tmp.val,

					  (void *)&ip6h->saddr);

		buf = &tmp.addr;

		for (i = 0; i < 4; i++)

			buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i];

		crypto_cipher_encrypt_one(tfm, foc->val, (void *)buf);

		foc->len = TCP_FASTOPEN_COOKIE_SIZE;

		ok = true;

		return true;

	}

	rcu_read_unlock();

	return ok;

#endif

	return false;

}



/* Generate the fastopen cookie by doing aes128 encryption on both
@@ -143,29 +156,17 @@ static bool tcp_fastopen_cookie_gen(struct sock *sk, 
				    struct sk_buff *syn,

				    struct tcp_fastopen_cookie *foc)

{

	if (req->rsk_ops->family == AF_INET) {

		const struct iphdr *iph = ip_hdr(syn);



		__be32 path[4] = { iph->saddr, iph->daddr, 0, 0 };

		return __tcp_fastopen_cookie_gen(sk, path, foc);

	}



#if IS_ENABLED(CONFIG_IPV6)

	if (req->rsk_ops->family == AF_INET6) {

		const struct ipv6hdr *ip6h = ipv6_hdr(syn);

		struct tcp_fastopen_cookie tmp;



		if (__tcp_fastopen_cookie_gen(sk, &ip6h->saddr, &tmp)) {

			struct in6_addr *buf = &tmp.addr;

			int i;

	struct tcp_fastopen_context *ctx;

	bool ok = false;



			for (i = 0; i < 4; i++)

				buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i];

			return __tcp_fastopen_cookie_gen(sk, buf, foc);

		}

	}

#endif

	return false;

	rcu_read_lock();

	ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx);

	if (!ctx)

		ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx);

	if (ctx)

		ok = __tcp_fastopen_cookie_gen_cipher(req, syn, ctx->tfm, foc);

	rcu_read_unlock();

	return ok;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE