* [MPTCP] [PATCH RFC 03/10] mptcp: token: rename token_join_response
@ 2019-08-25 18:59 Florian Westphal
0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2019-08-25 18:59 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 3946 bytes --]
This function validates the truncated hmac and computes a hmac for use
in the ack packet. Rename it and place it where its used.
Signed-off-by: Florian Westphal <fw(a)strlen.de>
---
net/mptcp/protocol.h | 1 -
net/mptcp/subflow.c | 28 +++++++++++++++++++++++++++-
net/mptcp/token.c | 31 -------------------------------
3 files changed, 27 insertions(+), 33 deletions(-)
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index 1655283dbd6a..89bd68f85856 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -227,7 +227,6 @@ void mptcp_finish_join(struct sock *sk);
void token_new_request(struct request_sock *req, const struct sk_buff *skb);
int token_join_request(struct request_sock *req, const struct sk_buff *skb);
-int token_join_response(struct sock *sk);
int token_join_valid(struct request_sock *req,
struct tcp_options_received *rx_opt);
void token_destroy_request(u32 token);
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index fc507e091cf5..72ad9a324677 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -96,6 +96,32 @@ static void subflow_v4_init_req(struct request_sock *req,
}
}
+/* validate received truncated hmac and create hmac for third ACK */
+static bool subflow_hmac_ok(struct subflow_context *subflow)
+{
+ u8 hmac[MPTCPOPT_HMAC_LEN];
+ u64 thmac;
+
+ pr_debug("subflow=%p, token=%u", subflow, subflow->token);
+
+ crypto_hmac_sha1(subflow->remote_key, subflow->local_key,
+ subflow->remote_nonce, subflow->local_nonce,
+ (u32 *)hmac);
+
+ thmac = get_unaligned_be64(hmac);
+ pr_debug("thmac=%llu", thmac);
+
+ if (thmac != subflow->thmac) {
+ pr_info("HMAC FAILURE: %llx vs %llx\n", thmac, subflow->thmac);
+ return false;
+ }
+
+ crypto_hmac_sha1(subflow->local_key, subflow->remote_key,
+ subflow->local_nonce, subflow->remote_nonce,
+ (u32 *)subflow->hmac);
+ return true;
+}
+
static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
{
struct subflow_context *subflow = subflow_ctx(sk);
@@ -119,7 +145,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u",
subflow_ctx(sk), subflow->thmac,
subflow->remote_nonce);
- if (token_join_response(sk)) {
+ if (!subflow_hmac_ok(subflow)) {
subflow->mp_join = 0;
// @@ need to trigger RST
} else {
diff --git a/net/mptcp/token.c b/net/mptcp/token.c
index 329ea407adf2..fc0cbd76d7a1 100644
--- a/net/mptcp/token.c
+++ b/net/mptcp/token.c
@@ -91,28 +91,6 @@ static void new_req_join(struct request_sock *req, struct sock *sk,
subflow_req->thmac);
}
-static int new_rsp_join(struct sock *sk)
-{
- struct subflow_context *subflow = subflow_ctx(sk);
- u8 hmac[MPTCPOPT_HMAC_LEN];
- u64 thmac;
-
- crypto_hmac_sha1(subflow->remote_key, subflow->local_key,
- subflow->remote_nonce, subflow->local_nonce,
- (u32 *)hmac);
-
- thmac = get_unaligned_be64(hmac);
- pr_debug("thmac=%llu", thmac);
- if (thmac != subflow->thmac)
- return -1;
-
- crypto_hmac_sha1(subflow->local_key, subflow->remote_key,
- subflow->local_nonce, subflow->remote_nonce,
- (u32 *)subflow->hmac);
-
- return 0;
-}
-
static int new_join_valid(struct request_sock *req, struct sock *sk,
struct tcp_options_received *rx_opt)
{
@@ -237,15 +215,6 @@ int token_join_request(struct request_sock *req, const struct sk_buff *skb)
return 0;
}
-/* validate received truncated hmac and create hmac for third ACK */
-int token_join_response(struct sock *sk)
-{
- struct subflow_context *subflow = subflow_ctx(sk);
-
- pr_debug("subflow=%p, token=%u", subflow, subflow->token);
- return new_rsp_join(sk);
-}
-
/* validate hmac received in third ACK */
int token_join_valid(struct request_sock *req,
struct tcp_options_received *rx_opt)
--
2.21.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [MPTCP] [PATCH RFC 03/10] mptcp: token: rename token_join_response
@ 2019-08-28 0:14 Peter Krystad
0 siblings, 0 replies; 2+ messages in thread
From: Peter Krystad @ 2019-08-28 0:14 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 4581 bytes --]
On Sun, 2019-08-25 at 20:59 +0200, Florian Westphal wrote:
> This function validates the truncated hmac and computes a hmac for use
> in the ack packet. Rename it and place it where its used.
>
> Signed-off-by: Florian Westphal <fw(a)strlen.de>
> ---
> net/mptcp/protocol.h | 1 -
> net/mptcp/subflow.c | 28 +++++++++++++++++++++++++++-
> net/mptcp/token.c | 31 -------------------------------
> 3 files changed, 27 insertions(+), 33 deletions(-)
>
> diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
> index 1655283dbd6a..89bd68f85856 100644
> --- a/net/mptcp/protocol.h
> +++ b/net/mptcp/protocol.h
> @@ -227,7 +227,6 @@ void mptcp_finish_join(struct sock *sk);
>
> void token_new_request(struct request_sock *req, const struct sk_buff *skb);
> int token_join_request(struct request_sock *req, const struct sk_buff *skb);
> -int token_join_response(struct sock *sk);
> int token_join_valid(struct request_sock *req,
> struct tcp_options_received *rx_opt);
> void token_destroy_request(u32 token);
> diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
> index fc507e091cf5..72ad9a324677 100644
> --- a/net/mptcp/subflow.c
> +++ b/net/mptcp/subflow.c
> @@ -96,6 +96,32 @@ static void subflow_v4_init_req(struct request_sock *req,
> }
> }
>
> +/* validate received truncated hmac and create hmac for third ACK */
> +static bool subflow_hmac_ok(struct subflow_context *subflow)
Consider subflow_thmac_valid for this name? The routine is similiar in
function to token_join_valid so maintain 'valid' naming convention? And
'thmac' is what is being validated, hmac is a different field in subflow.
> +{
> + u8 hmac[MPTCPOPT_HMAC_LEN];
> + u64 thmac;
> +
> + pr_debug("subflow=%p, token=%u", subflow, subflow->token);
> +
> + crypto_hmac_sha1(subflow->remote_key, subflow->local_key,
> + subflow->remote_nonce, subflow->local_nonce,
> + (u32 *)hmac);
> +
> + thmac = get_unaligned_be64(hmac);
> + pr_debug("thmac=%llu", thmac);
> +
> + if (thmac != subflow->thmac) {
> + pr_info("HMAC FAILURE: %llx vs %llx\n", thmac, subflow->thmac);
> + return false;
> + }
> +
> + crypto_hmac_sha1(subflow->local_key, subflow->remote_key,
> + subflow->local_nonce, subflow->remote_nonce,
> + (u32 *)subflow->hmac);
Consider moving this call to the successful branch of the caller so this
routine does one thing: validate thmac.
Peter.
> + return true;
> +}
> +
> static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
> {
> struct subflow_context *subflow = subflow_ctx(sk);
> @@ -119,7 +145,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
> pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u",
> subflow_ctx(sk), subflow->thmac,
> subflow->remote_nonce);
> - if (token_join_response(sk)) {
> + if (!subflow_hmac_ok(subflow)) {
> subflow->mp_join = 0;
> // @@ need to trigger RST
> } else {
> diff --git a/net/mptcp/token.c b/net/mptcp/token.c
> index 329ea407adf2..fc0cbd76d7a1 100644
> --- a/net/mptcp/token.c
> +++ b/net/mptcp/token.c
> @@ -91,28 +91,6 @@ static void new_req_join(struct request_sock *req, struct sock *sk,
> subflow_req->thmac);
> }
>
> -static int new_rsp_join(struct sock *sk)
> -{
> - struct subflow_context *subflow = subflow_ctx(sk);
> - u8 hmac[MPTCPOPT_HMAC_LEN];
> - u64 thmac;
> -
> - crypto_hmac_sha1(subflow->remote_key, subflow->local_key,
> - subflow->remote_nonce, subflow->local_nonce,
> - (u32 *)hmac);
> -
> - thmac = get_unaligned_be64(hmac);
> - pr_debug("thmac=%llu", thmac);
> - if (thmac != subflow->thmac)
> - return -1;
> -
> - crypto_hmac_sha1(subflow->local_key, subflow->remote_key,
> - subflow->local_nonce, subflow->remote_nonce,
> - (u32 *)subflow->hmac);
> -
> - return 0;
> -}
> -
> static int new_join_valid(struct request_sock *req, struct sock *sk,
> struct tcp_options_received *rx_opt)
> {
> @@ -237,15 +215,6 @@ int token_join_request(struct request_sock *req, const struct sk_buff *skb)
> return 0;
> }
>
> -/* validate received truncated hmac and create hmac for third ACK */
> -int token_join_response(struct sock *sk)
> -{
> - struct subflow_context *subflow = subflow_ctx(sk);
> -
> - pr_debug("subflow=%p, token=%u", subflow, subflow->token);
> - return new_rsp_join(sk);
> -}
> -
> /* validate hmac received in third ACK */
> int token_join_valid(struct request_sock *req,
> struct tcp_options_received *rx_opt)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-28 0:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-25 18:59 [MPTCP] [PATCH RFC 03/10] mptcp: token: rename token_join_response Florian Westphal
2019-08-28 0:14 Peter Krystad
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.