linux-stable/net/ipv6/tcp_ao.c

// SPDX-License-Identifier: GPL-2.0-or-later
/*
 * INET		An implementation of the TCP Authentication Option (TCP-AO).
 *		See RFC5925.
 *
 * Authors:	Dmitry Safonov <dima@arista.com>
 *		Francesco Ruggeri <fruggeri@arista.com>
 *		Salam Noureddine <noureddine@arista.com>
 */
#include <linux/tcp.h>

#include <net/tcp.h>
#include <net/ipv6.h>

static int tcp_v6_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
			      const struct in6_addr *saddr,
			      const struct in6_addr *daddr,
			      __be16 sport, __be16 dport,
			      __be32 sisn, __be32 disn)
{
	struct kdf_input_block {
		u8			counter;
		u8			label[6];
		struct tcp6_ao_context	ctx;
		__be16			outlen;
	} __packed * tmp;
	struct tcp_sigpool hp;
	int err;

	err = tcp_sigpool_start(mkt->tcp_sigpool_id, &hp);
	if (err)
		return err;

	tmp = hp.scratch;
	tmp->counter	= 1;
	memcpy(tmp->label, "TCP-AO", 6);
	tmp->ctx.saddr	= *saddr;
	tmp->ctx.daddr	= *daddr;
	tmp->ctx.sport	= sport;
	tmp->ctx.dport	= dport;
	tmp->ctx.sisn	= sisn;
	tmp->ctx.disn	= disn;
	tmp->outlen	= htons(tcp_ao_digest_size(mkt) * 8); /* in bits */

	err = tcp_ao_calc_traffic_key(mkt, key, tmp, sizeof(*tmp), &hp);
	tcp_sigpool_end(&hp);

	return err;
}

int tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
			  const struct sock *sk, __be32 sisn,
			  __be32 disn, bool send)
{
	if (send)
		return tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_rcv_saddr,
					  &sk->sk_v6_daddr, htons(sk->sk_num),
					  sk->sk_dport, sisn, disn);
	else
		return tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_daddr,
					  &sk->sk_v6_rcv_saddr, sk->sk_dport,
					  htons(sk->sk_num), disn, sisn);
}

static struct tcp_ao_key *tcp_v6_ao_do_lookup(const struct sock *sk,
					      const struct in6_addr *addr,
					      int sndid, int rcvid)
{
	return tcp_ao_do_lookup(sk, (union tcp_ao_addr *)addr, AF_INET6,
				sndid, rcvid);
}

struct tcp_ao_key *tcp_v6_ao_lookup(const struct sock *sk,
				    struct sock *addr_sk,
				    int sndid, int rcvid)
{
	struct in6_addr *addr = &addr_sk->sk_v6_daddr;

	return tcp_v6_ao_do_lookup(sk, addr, sndid, rcvid);
}

int tcp_v6_parse_ao(struct sock *sk, int cmd,
		    sockptr_t optval, int optlen)
{
	return tcp_parse_ao(sk, cmd, AF_INET6, optval, optlen);
}
net/tcp: Introduce TCP_AO setsockopt()s Add 3 setsockopt()s: 1. TCP_AO_ADD_KEY to add a new Master Key Tuple (MKT) on a socket 2. TCP_AO_DEL_KEY to delete present MKT from a socket 3. TCP_AO_INFO to change flags, Current_key/RNext_key on a TCP-AO sk Userspace has to introduce keys on every socket it wants to use TCP-AO option on, similarly to TCP_MD5SIG/TCP_MD5SIG_EXT. RFC5925 prohibits definition of MKTs that would match the same peer, so do sanity checks on the data provided by userspace. Be as conservative as possible, including refusal of defining MKT on an established connection with no AO, removing the key in-use and etc. (1) and (2) are to be used by userspace key manager to add/remove keys. (3) main purpose is to set RNext_key, which (as prescribed by RFC5925) is the KeyID that will be requested in TCP-AO header from the peer to sign their segments with. At this moment the life of ao_info ends in tcp_v4_destroy_sock(). Co-developed-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Co-developed-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Acked-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2023-10-23 19:21:55 +00:00			`// SPDX-License-Identifier: GPL-2.0-or-later`
			`/*`
			`* INET An implementation of the TCP Authentication Option (TCP-AO).`
			`* See RFC5925.`
			`*`
			`* Authors: Dmitry Safonov <dima@arista.com>`
			`* Francesco Ruggeri <fruggeri@arista.com>`
			`* Salam Noureddine <noureddine@arista.com>`
			`*/`
			`#include <linux/tcp.h>`

			`#include <net/tcp.h>`
			`#include <net/ipv6.h>`

net/tcp: Calculate TCP-AO traffic keys Add traffic key calculation the way it's described in RFC5926. Wire it up to tcp_finish_connect() and cache the new keys straight away on already established TCP connections. Co-developed-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Co-developed-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Acked-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2023-10-23 19:21:57 +00:00			`static int tcp_v6_ao_calc_key(struct tcp_ao_key mkt, u8 key,`
			`const struct in6_addr *saddr,`
			`const struct in6_addr *daddr,`
			`__be16 sport, __be16 dport,`
			`__be32 sisn, __be32 disn)`
			`{`
			`struct kdf_input_block {`
			`u8 counter;`
			`u8 label[6];`
			`struct tcp6_ao_context ctx;`
			`__be16 outlen;`
			`} __packed * tmp;`
			`struct tcp_sigpool hp;`
			`int err;`

			`err = tcp_sigpool_start(mkt->tcp_sigpool_id, &hp);`
			`if (err)`
			`return err;`

			`tmp = hp.scratch;`
			`tmp->counter = 1;`
			`memcpy(tmp->label, "TCP-AO", 6);`
			`tmp->ctx.saddr = *saddr;`
			`tmp->ctx.daddr = *daddr;`
			`tmp->ctx.sport = sport;`
			`tmp->ctx.dport = dport;`
			`tmp->ctx.sisn = sisn;`
			`tmp->ctx.disn = disn;`
			`tmp->outlen = htons(tcp_ao_digest_size(mkt) * 8); /* in bits */`

			`err = tcp_ao_calc_traffic_key(mkt, key, tmp, sizeof(*tmp), &hp);`
			`tcp_sigpool_end(&hp);`

			`return err;`
			`}`

			`int tcp_v6_ao_calc_key_sk(struct tcp_ao_key mkt, u8 key,`
			`const struct sock *sk, __be32 sisn,`
			`__be32 disn, bool send)`
			`{`
			`if (send)`
			`return tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_rcv_saddr,`
			`&sk->sk_v6_daddr, htons(sk->sk_num),`
			`sk->sk_dport, sisn, disn);`
			`else`
			`return tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_daddr,`
			`&sk->sk_v6_rcv_saddr, sk->sk_dport,`
			`htons(sk->sk_num), disn, sisn);`
			`}`

net/tcp: Prevent TCP-MD5 with TCP-AO being set Be as conservative as possible: if there is TCP-MD5 key for a given peer regardless of L3 interface - don't allow setting TCP-AO key for the same peer. According to RFC5925, TCP-AO is supposed to replace TCP-MD5 and there can't be any switch between both on any connected tuple. Later it can be relaxed, if there's a use, but in the beginning restrict any intersection. Note: it's still should be possible to set both TCP-MD5 and TCP-AO keys on a listening socket for different peers. Co-developed-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Co-developed-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Acked-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2023-10-23 19:21:56 +00:00			`static struct tcp_ao_key tcp_v6_ao_do_lookup(const struct sock sk,`
			`const struct in6_addr *addr,`
			`int sndid, int rcvid)`
			`{`
			`return tcp_ao_do_lookup(sk, (union tcp_ao_addr *)addr, AF_INET6,`
			`sndid, rcvid);`
			`}`

			`struct tcp_ao_key tcp_v6_ao_lookup(const struct sock sk,`
			`struct sock *addr_sk,`
			`int sndid, int rcvid)`
			`{`
			`struct in6_addr *addr = &addr_sk->sk_v6_daddr;`

			`return tcp_v6_ao_do_lookup(sk, addr, sndid, rcvid);`
			`}`

net/tcp: Introduce TCP_AO setsockopt()s Add 3 setsockopt()s: 1. TCP_AO_ADD_KEY to add a new Master Key Tuple (MKT) on a socket 2. TCP_AO_DEL_KEY to delete present MKT from a socket 3. TCP_AO_INFO to change flags, Current_key/RNext_key on a TCP-AO sk Userspace has to introduce keys on every socket it wants to use TCP-AO option on, similarly to TCP_MD5SIG/TCP_MD5SIG_EXT. RFC5925 prohibits definition of MKTs that would match the same peer, so do sanity checks on the data provided by userspace. Be as conservative as possible, including refusal of defining MKT on an established connection with no AO, removing the key in-use and etc. (1) and (2) are to be used by userspace key manager to add/remove keys. (3) main purpose is to set RNext_key, which (as prescribed by RFC5925) is the KeyID that will be requested in TCP-AO header from the peer to sign their segments with. At this moment the life of ao_info ends in tcp_v4_destroy_sock(). Co-developed-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Co-developed-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Acked-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2023-10-23 19:21:55 +00:00			`int tcp_v6_parse_ao(struct sock *sk, int cmd,`
			`sockptr_t optval, int optlen)`
			`{`
			`return tcp_parse_ao(sk, cmd, AF_INET6, optval, optlen);`
			`}`