Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1475591rwb; Fri, 23 Sep 2022 13:15:53 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7zYksUJJ+UX5dvIvjqHCUK8Rijz84JVOqlPMQmsqhpIzoDWagUQZ+x2BMy0iIQU6DlB/+G X-Received: by 2002:a17:906:db0a:b0:781:f24:a782 with SMTP id xj10-20020a170906db0a00b007810f24a782mr8578811ejb.399.1663964152759; Fri, 23 Sep 2022 13:15:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663964152; cv=none; d=google.com; s=arc-20160816; b=NNb/QxRjfttaEblTMJtvMZ9KxOBnUwGa6p8UKGoeapCUkpCJ6FC7G0B/FP/C1a31Vb 7CymNUpU+ez0GpVZEWEioBlHLKVtfDkHIk2kXY/VNTvAqB+iRvUTcRrMYiCxrClKdmLK z9ADpYB5F5PjjTpsxem1d3tXcf+t76eCo//U8D2uGrpGi4Pnwv3gE5sGG9D/Md1ZP6By /1l4XPsuhGhBIuXRc16L8lbnt5+jXytKUNBOY+8uq7lCCQ081fnjkrI6/hYOShEBSDD+ rZoz+U2/xys5rE/WnUTc9+IDHzJtiEyMtmzNTEEhUUysoTTxere7fxzfidVIxQIlgQGF qX7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/k4g1FhHi3OusP5oSj3EPRB1Z5BMxSvoekk9TRX2sQI=; b=Fi5H8QcKEgjy8ihQzseSaTxt+niyg18rc/zjfkC49AQuuuF6DLCYySq1mDm17DsbV1 fPc/mVu6XGipFnO7L+/RxyRsOV+FTvHGYkCcZxWYy3Nbp4XlpbkKfUpFQZfeDZyznfqI daaOHJhIkpjHXehL2PnUb3uYf5OolhsHd2pxz7V/aTgTYAIJhUQAsY+4TKADyw6pNZTc Qh1XFCjI6moQegRLwBg6AHmobHo6IklX3znb3yDyb5IV+qwjQc+hKyfSIivLLJbtn2Jf HYUFndSUhl2j7qD2tJoOLpo5r9EQjzqT1gXybXb3qz3n8oY08mveDbbFLGFZwSKiI5go eJTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=b6nJ6xWL; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qa34-20020a17090786a200b007803449809esi9017888ejc.355.2022.09.23.13.15.28; Fri, 23 Sep 2022 13:15:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=b6nJ6xWL; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232901AbiIWUOx (ORCPT + 99 others); Fri, 23 Sep 2022 16:14:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232748AbiIWUOX (ORCPT ); Fri, 23 Sep 2022 16:14:23 -0400 Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BC6C1323ED for ; Fri, 23 Sep 2022 13:13:52 -0700 (PDT) Received: by mail-wr1-x42a.google.com with SMTP id t7so1531685wrm.10 for ; Fri, 23 Sep 2022 13:13:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date; bh=/k4g1FhHi3OusP5oSj3EPRB1Z5BMxSvoekk9TRX2sQI=; b=b6nJ6xWLruj45iEHq6+B+tAg1ekTyajSynsBePm4GpBRUQQTxwWDzy80VF7xJpjbUn +gZvu+dWzsVKlH/cx+oLZ4oLLyWsgStxiTal/YeVONHAgqbU0xHMm8lrLC5FRbl6zTnJ NoqZi/5mNxkulxLA47spDBro1YqlFezaCUQRNWBr7Nj73/fogbBiXcFbY4iExI/DzjJk JLqSvZfYpjIq9KLCUM0OrEO9eUOFaa8D9sxacofw/tGJoVYUSoQYmlxsH47wEVBMpFvx yaQg8YbvnJiyBXu0g/9jUh41MBOStTY0DO+TE85rzv1VYQ5AMBtYtMuhv6DFSNvX/+tG qvWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date; bh=/k4g1FhHi3OusP5oSj3EPRB1Z5BMxSvoekk9TRX2sQI=; b=g6l1gR3b4hOxPKbMcWsfnXq/gkRK1xkKyGEHDWVeSEwR4MaoCpucSDXrZro44I+zqS JkRie8VKAsglk4sW/b80NBY+YOQ6Rxyj2N67H2Y6N3WNy2+BxyBmpqRZ7Xf+MVoLhfUR TQ2zvfaBnyvmSGR57OAbBRT6s+uJryszrwUajQOjJnZ+Vle+MZ2BEOnXumJdFG87gi6B 2T3K/5+ycp6WFe/+npCJ1fJasjvbr9Ys1EY/Rt7XCQnLxm8j5Wy+u7Pk8QgqrGbNZVQt j6+HTgR3m8fTN5b03Z7/fs0TbPd+oTCfsOWe/Q8yBHAnVqwiYv2Y+X4EClU93878ETUs u/Sw== X-Gm-Message-State: ACrzQf3d1SHg7brUycEezPXHuPxaccKqiDXbJHrXgFpAk34S1fcvhmXZ A8nMjydFQoxb/jDo+8pLJxtNqw== X-Received: by 2002:a5d:55c1:0:b0:228:6b57:c60b with SMTP id i1-20020a5d55c1000000b002286b57c60bmr6093559wrw.68.1663964031759; Fri, 23 Sep 2022 13:13:51 -0700 (PDT) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id k11-20020a05600c0b4b00b003b492753826sm3281056wmr.43.2022.09.23.13.13.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Sep 2022 13:13:51 -0700 (PDT) From: Dmitry Safonov To: linux-kernel@vger.kernel.org, David Ahern , Eric Dumazet Cc: Dmitry Safonov , Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , Dan Carpenter , "David S. Miller" , Dmitry Safonov <0x7f454c46@gmail.com>, Eric Biggers , "Eric W. Biederman" , Francesco Ruggeri , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Jakub Kicinski , Leonard Crestez , Paolo Abeni , Salam Noureddine , Shuah Khan , netdev@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH v2 16/35] net/tcp: Sign SYN-ACK segments with TCP-AO Date: Fri, 23 Sep 2022 21:13:00 +0100 Message-Id: <20220923201319.493208-17-dima@arista.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220923201319.493208-1-dima@arista.com> References: <20220923201319.493208-1-dima@arista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Similarly to RST segments, wire SYN-ACKs to TCP-AO. tcp_rsk_used_ao() is handy here to check if the request socket used AO and needs a signature on the outgoing segments. Co-developed-by: Francesco Ruggeri Signed-off-by: Francesco Ruggeri Co-developed-by: Salam Noureddine Signed-off-by: Salam Noureddine Signed-off-by: Dmitry Safonov --- include/net/tcp.h | 4 ++++ include/net/tcp_ao.h | 6 ++++++ net/ipv4/tcp_ao.c | 14 ++++++++++++++ net/ipv4/tcp_ipv4.c | 1 + net/ipv4/tcp_output.c | 37 +++++++++++++++++++++++++++++++------ net/ipv6/tcp_ao.c | 14 ++++++++++++++ net/ipv6/tcp_ipv6.c | 1 + 7 files changed, 71 insertions(+), 6 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index f21898bb31bd..19549be29265 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -2109,6 +2109,10 @@ struct tcp_request_sock_ops { int sndid, int rcvid); int (*ao_calc_key)(struct tcp_ao_key *mkt, u8 *key, struct request_sock *sk); + int (*ao_synack_hash)(char *ao_hash, struct tcp_ao_key *mkt, + struct request_sock *req, + const struct sk_buff *skb, + int hash_offset, u32 sne); #endif #ifdef CONFIG_SYN_COOKIES __u32 (*cookie_init_seq)(const struct sk_buff *skb, diff --git a/include/net/tcp_ao.h b/include/net/tcp_ao.h index a1d26e1a0b82..cc3f6686d5c9 100644 --- a/include/net/tcp_ao.h +++ b/include/net/tcp_ao.h @@ -142,6 +142,9 @@ int tcp_ao_hash_hdr(unsigned short family, char *ao_hash, int tcp_v4_parse_ao(struct sock *sk, int optname, sockptr_t optval, int optlen); struct tcp_ao_key *tcp_v4_ao_lookup(const struct sock *sk, struct sock *addr_sk, int sndid, int rcvid); +int tcp_v4_ao_synack_hash(char *ao_hash, struct tcp_ao_key *mkt, + struct request_sock *req, const struct sk_buff *skb, + int hash_offset, u32 sne); int tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key, const struct sock *sk, __be32 sisn, __be32 disn, bool send); @@ -176,6 +179,9 @@ int tcp_v6_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key, const u8 *tkey, int hash_offset, u32 sne); int tcp_v6_parse_ao(struct sock *sk, int cmd, sockptr_t optval, int optlen); +int tcp_v6_ao_synack_hash(char *ao_hash, struct tcp_ao_key *ao_key, + struct request_sock *req, const struct sk_buff *skb, + int hash_offset, u32 sne); void tcp_ao_finish_connect(struct sock *sk, struct sk_buff *skb); void tcp_ao_connect_init(struct sock *sk); diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c index a90b950781f9..6a601279852d 100644 --- a/net/ipv4/tcp_ao.c +++ b/net/ipv4/tcp_ao.c @@ -603,6 +603,20 @@ int tcp_v4_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key, tkey, hash_offset, sne); } +int tcp_v4_ao_synack_hash(char *ao_hash, struct tcp_ao_key *ao_key, + struct request_sock *req, const struct sk_buff *skb, + int hash_offset, u32 sne) +{ + char traffic_key[TCP_AO_MAX_HASH_SIZE] __tcp_ao_key_align; + + tcp_v4_ao_calc_key_rsk(ao_key, traffic_key, req); + + tcp_ao_hash_skb(AF_INET, ao_hash, ao_key, req_to_sk(req), skb, + traffic_key, hash_offset, sne); + + return 0; +} + struct tcp_ao_key *tcp_v4_ao_lookup_rsk(const struct sock *sk, struct request_sock *req, int sndid, int rcvid) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index cbe428957686..fedccda1dd55 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1654,6 +1654,7 @@ const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = { #ifdef CONFIG_TCP_AO .ao_lookup = tcp_v4_ao_lookup_rsk, .ao_calc_key = tcp_v4_ao_calc_key_rsk, + .ao_synack_hash = tcp_v4_ao_synack_hash, #endif #ifdef CONFIG_SYN_COOKIES .cookie_init_seq = cookie_v4_init_sequence, diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index be92fe85e82c..c08ad98721d6 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -3632,6 +3632,7 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, struct inet_request_sock *ireq = inet_rsk(req); const struct tcp_sock *tp = tcp_sk(sk); struct tcp_md5sig_key *md5 = NULL; + struct tcp_ao_key *ao_key = NULL; struct tcp_out_options opts; struct sk_buff *skb; int tcp_header_size; @@ -3682,16 +3683,32 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, tcp_rsk(req)->snt_synack = tcp_skb_timestamp_us(skb); } -#ifdef CONFIG_TCP_MD5SIG +#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) rcu_read_lock(); - md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, req_to_sk(req)); #endif + if (tcp_rsk_used_ao(req)) { +#ifdef CONFIG_TCP_AO + /* TODO: what should we do if the key is no longer available on + * the listening socket? Maybe we can try a different matching + * key (without sndid match). If that also fails what should + * we do? We currently send an unsigned synack. It's probably + * better to not send anything. + */ + ao_key = tcp_sk(sk)->af_specific->ao_lookup(sk, req_to_sk(req), + tcp_rsk(req)->ao_keyid, -1); +#endif + } else { +#ifdef CONFIG_TCP_MD5SIG + md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, + req_to_sk(req)); +#endif + } skb_set_hash(skb, tcp_rsk(req)->txhash, PKT_HASH_TYPE_L4); /* bpf program will be interested in the tcp_flags */ TCP_SKB_CB(skb)->tcp_flags = TCPHDR_SYN | TCPHDR_ACK; tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts, md5, - NULL, foc, synack_type, - syn_skb) + sizeof(*th); + ao_key, foc, synack_type, syn_skb) + + sizeof(*th); skb_push(skb, tcp_header_size); skb_reset_transport_header(skb); @@ -3711,7 +3728,7 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */ th->window = htons(min(req->rsk_rcv_wnd, 65535U)); - tcp_options_write(th, NULL, NULL, &opts, NULL); + tcp_options_write(th, NULL, tcp_rsk(req), &opts, NULL); th->doff = (tcp_header_size >> 2); __TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS); @@ -3719,7 +3736,15 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, /* Okay, we have all we need - do the md5 hash if needed */ if (md5) tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location, - md5, req_to_sk(req), skb); + md5, req_to_sk(req), skb); +#endif +#ifdef CONFIG_TCP_AO + if (ao_key) + tcp_rsk(req)->af_specific->ao_synack_hash(opts.hash_location, + ao_key, req, skb, + opts.hash_location - (u8 *)th, 0); +#endif +#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) rcu_read_unlock(); #endif diff --git a/net/ipv6/tcp_ao.c b/net/ipv6/tcp_ao.c index 31ae504af8e6..526bbe232a64 100644 --- a/net/ipv6/tcp_ao.c +++ b/net/ipv6/tcp_ao.c @@ -123,3 +123,17 @@ int tcp_v6_parse_ao(struct sock *sk, int cmd, { return tcp_parse_ao(sk, cmd, AF_INET6, optval, optlen); } + +int tcp_v6_ao_synack_hash(char *ao_hash, struct tcp_ao_key *ao_key, + struct request_sock *req, const struct sk_buff *skb, + int hash_offset, u32 sne) +{ + char traffic_key[TCP_AO_MAX_HASH_SIZE] __tcp_ao_key_align; + + tcp_v6_ao_calc_key_rsk(ao_key, traffic_key, req); + + tcp_ao_hash_skb(AF_INET6, ao_hash, ao_key, req_to_sk(req), skb, + traffic_key, hash_offset, sne); + + return 0; +} diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 7610fdf5d519..16cea7de0851 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -838,6 +838,7 @@ const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { #ifdef CONFIG_TCP_AO .ao_lookup = tcp_v6_ao_lookup_rsk, .ao_calc_key = tcp_v6_ao_calc_key_rsk, + .ao_synack_hash = tcp_v6_ao_synack_hash, #endif #ifdef CONFIG_SYN_COOKIES .cookie_init_seq = cookie_v6_init_sequence, -- 2.37.2