All of lore.kernel.org
 help / color / mirror / Atom feed
* [MPTCP] [PATCH RFC 03/10] mptcp: token: rename token_join_response
@ 2019-08-25 18:59 Florian Westphal
  0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2019-08-25 18:59 UTC (permalink / raw)
  To: mptcp

[-- Attachment #1: Type: text/plain, Size: 3946 bytes --]

This function validates the truncated hmac and computes a hmac for use
in the ack packet.  Rename it and place it where its used.

Signed-off-by: Florian Westphal <fw(a)strlen.de>
---
 net/mptcp/protocol.h |  1 -
 net/mptcp/subflow.c  | 28 +++++++++++++++++++++++++++-
 net/mptcp/token.c    | 31 -------------------------------
 3 files changed, 27 insertions(+), 33 deletions(-)

diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index 1655283dbd6a..89bd68f85856 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -227,7 +227,6 @@ void mptcp_finish_join(struct sock *sk);
 
 void token_new_request(struct request_sock *req, const struct sk_buff *skb);
 int token_join_request(struct request_sock *req, const struct sk_buff *skb);
-int token_join_response(struct sock *sk);
 int token_join_valid(struct request_sock *req,
 		     struct tcp_options_received *rx_opt);
 void token_destroy_request(u32 token);
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index fc507e091cf5..72ad9a324677 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -96,6 +96,32 @@ static void subflow_v4_init_req(struct request_sock *req,
 	}
 }
 
+/* validate received truncated hmac and create hmac for third ACK */
+static bool subflow_hmac_ok(struct subflow_context *subflow)
+{
+	u8 hmac[MPTCPOPT_HMAC_LEN];
+	u64 thmac;
+
+	pr_debug("subflow=%p, token=%u", subflow, subflow->token);
+
+	crypto_hmac_sha1(subflow->remote_key, subflow->local_key,
+			 subflow->remote_nonce, subflow->local_nonce,
+			 (u32 *)hmac);
+
+	thmac = get_unaligned_be64(hmac);
+	pr_debug("thmac=%llu", thmac);
+
+	if (thmac != subflow->thmac) {
+		pr_info("HMAC FAILURE: %llx vs %llx\n", thmac, subflow->thmac);
+		return false;
+	}
+
+	crypto_hmac_sha1(subflow->local_key, subflow->remote_key,
+			 subflow->local_nonce, subflow->remote_nonce,
+			 (u32 *)subflow->hmac);
+	return true;
+}
+
 static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
 {
 	struct subflow_context *subflow = subflow_ctx(sk);
@@ -119,7 +145,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
 		pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u",
 			 subflow_ctx(sk), subflow->thmac,
 			 subflow->remote_nonce);
-		if (token_join_response(sk)) {
+		if (!subflow_hmac_ok(subflow)) {
 			subflow->mp_join = 0;
 			// @@ need to trigger RST
 		} else {
diff --git a/net/mptcp/token.c b/net/mptcp/token.c
index 329ea407adf2..fc0cbd76d7a1 100644
--- a/net/mptcp/token.c
+++ b/net/mptcp/token.c
@@ -91,28 +91,6 @@ static void new_req_join(struct request_sock *req, struct sock *sk,
 		 subflow_req->thmac);
 }
 
-static int new_rsp_join(struct sock *sk)
-{
-	struct subflow_context *subflow = subflow_ctx(sk);
-	u8 hmac[MPTCPOPT_HMAC_LEN];
-	u64 thmac;
-
-	crypto_hmac_sha1(subflow->remote_key, subflow->local_key,
-			 subflow->remote_nonce, subflow->local_nonce,
-			 (u32 *)hmac);
-
-	thmac = get_unaligned_be64(hmac);
-	pr_debug("thmac=%llu", thmac);
-	if (thmac != subflow->thmac)
-		return -1;
-
-	crypto_hmac_sha1(subflow->local_key, subflow->remote_key,
-			 subflow->local_nonce, subflow->remote_nonce,
-			 (u32 *)subflow->hmac);
-
-	return 0;
-}
-
 static int new_join_valid(struct request_sock *req, struct sock *sk,
 			  struct tcp_options_received *rx_opt)
 {
@@ -237,15 +215,6 @@ int token_join_request(struct request_sock *req, const struct sk_buff *skb)
 	return 0;
 }
 
-/* validate received truncated hmac and create hmac for third ACK */
-int token_join_response(struct sock *sk)
-{
-	struct subflow_context *subflow = subflow_ctx(sk);
-
-	pr_debug("subflow=%p, token=%u", subflow, subflow->token);
-	return new_rsp_join(sk);
-}
-
 /* validate hmac received in third ACK */
 int token_join_valid(struct request_sock *req,
 		     struct tcp_options_received *rx_opt)
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [MPTCP] [PATCH RFC 03/10] mptcp: token: rename token_join_response
@ 2019-08-28  0:14 Peter Krystad
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Krystad @ 2019-08-28  0:14 UTC (permalink / raw)
  To: mptcp

[-- Attachment #1: Type: text/plain, Size: 4581 bytes --]

On Sun, 2019-08-25 at 20:59 +0200, Florian Westphal wrote:
> This function validates the truncated hmac and computes a hmac for use
> in the ack packet.  Rename it and place it where its used.
> 
> Signed-off-by: Florian Westphal <fw(a)strlen.de>
> ---
>  net/mptcp/protocol.h |  1 -
>  net/mptcp/subflow.c  | 28 +++++++++++++++++++++++++++-
>  net/mptcp/token.c    | 31 -------------------------------
>  3 files changed, 27 insertions(+), 33 deletions(-)
> 
> diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
> index 1655283dbd6a..89bd68f85856 100644
> --- a/net/mptcp/protocol.h
> +++ b/net/mptcp/protocol.h
> @@ -227,7 +227,6 @@ void mptcp_finish_join(struct sock *sk);
>  
>  void token_new_request(struct request_sock *req, const struct sk_buff *skb);
>  int token_join_request(struct request_sock *req, const struct sk_buff *skb);
> -int token_join_response(struct sock *sk);
>  int token_join_valid(struct request_sock *req,
>  		     struct tcp_options_received *rx_opt);
>  void token_destroy_request(u32 token);
> diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
> index fc507e091cf5..72ad9a324677 100644
> --- a/net/mptcp/subflow.c
> +++ b/net/mptcp/subflow.c
> @@ -96,6 +96,32 @@ static void subflow_v4_init_req(struct request_sock *req,
>  	}
>  }
>  
> +/* validate received truncated hmac and create hmac for third ACK */
> +static bool subflow_hmac_ok(struct subflow_context *subflow)

Consider subflow_thmac_valid for this name? The routine is similiar in
function to token_join_valid so maintain 'valid' naming convention? And
'thmac' is what is being validated, hmac is a different field in subflow.
 
> +{
> +	u8 hmac[MPTCPOPT_HMAC_LEN];
> +	u64 thmac;
> +
> +	pr_debug("subflow=%p, token=%u", subflow, subflow->token);
> +
> +	crypto_hmac_sha1(subflow->remote_key, subflow->local_key,
> +			 subflow->remote_nonce, subflow->local_nonce,
> +			 (u32 *)hmac);
> +
> +	thmac = get_unaligned_be64(hmac);
> +	pr_debug("thmac=%llu", thmac);
> +
> +	if (thmac != subflow->thmac) {
> +		pr_info("HMAC FAILURE: %llx vs %llx\n", thmac, subflow->thmac);
> +		return false;
> +	}
> +
> +	crypto_hmac_sha1(subflow->local_key, subflow->remote_key,
> +			 subflow->local_nonce, subflow->remote_nonce,
> +			 (u32 *)subflow->hmac);

Consider moving this call to the successful branch of the caller so this
routine does one thing: validate thmac.

Peter.

> +	return true;
> +}
> +
>  static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
>  {
>  	struct subflow_context *subflow = subflow_ctx(sk);
> @@ -119,7 +145,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
>  		pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u",
>  			 subflow_ctx(sk), subflow->thmac,
>  			 subflow->remote_nonce);
> -		if (token_join_response(sk)) {
> +		if (!subflow_hmac_ok(subflow)) {
>  			subflow->mp_join = 0;
>  			// @@ need to trigger RST
>  		} else {
> diff --git a/net/mptcp/token.c b/net/mptcp/token.c
> index 329ea407adf2..fc0cbd76d7a1 100644
> --- a/net/mptcp/token.c
> +++ b/net/mptcp/token.c
> @@ -91,28 +91,6 @@ static void new_req_join(struct request_sock *req, struct sock *sk,
>  		 subflow_req->thmac);
>  }
>  
> -static int new_rsp_join(struct sock *sk)
> -{
> -	struct subflow_context *subflow = subflow_ctx(sk);
> -	u8 hmac[MPTCPOPT_HMAC_LEN];
> -	u64 thmac;
> -
> -	crypto_hmac_sha1(subflow->remote_key, subflow->local_key,
> -			 subflow->remote_nonce, subflow->local_nonce,
> -			 (u32 *)hmac);
> -
> -	thmac = get_unaligned_be64(hmac);
> -	pr_debug("thmac=%llu", thmac);
> -	if (thmac != subflow->thmac)
> -		return -1;
> -
> -	crypto_hmac_sha1(subflow->local_key, subflow->remote_key,
> -			 subflow->local_nonce, subflow->remote_nonce,
> -			 (u32 *)subflow->hmac);
> -
> -	return 0;
> -}
> -
>  static int new_join_valid(struct request_sock *req, struct sock *sk,
>  			  struct tcp_options_received *rx_opt)
>  {
> @@ -237,15 +215,6 @@ int token_join_request(struct request_sock *req, const struct sk_buff *skb)
>  	return 0;
>  }
>  
> -/* validate received truncated hmac and create hmac for third ACK */
> -int token_join_response(struct sock *sk)
> -{
> -	struct subflow_context *subflow = subflow_ctx(sk);
> -
> -	pr_debug("subflow=%p, token=%u", subflow, subflow->token);
> -	return new_rsp_join(sk);
> -}
> -
>  /* validate hmac received in third ACK */
>  int token_join_valid(struct request_sock *req,
>  		     struct tcp_options_received *rx_opt)


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-28  0:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-25 18:59 [MPTCP] [PATCH RFC 03/10] mptcp: token: rename token_join_response Florian Westphal
2019-08-28  0:14 Peter Krystad

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.