tcp: introduce __tcp_fastopen_cookie_gen_cipher()

Restructure __tcp_fastopen_cookie_gen() to take a 'struct crypto_cipher' argument and rename it as __tcp_fastopen_cookie_gen_cipher(). Subsequent patches will provide different ciphers based on which key is being used for the cookie generation. Signed-off-by: Christoph Paasch <cpaasch@apple.com> Signed-off-by: Jason Baron <jbaron@akamai.com> Acked-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Christoph Paasch <cpaasch@apple.com> 2019-05-29 12:33:56 -0400
committer: David S. Miller <davem@davemloft.net> 2019-05-30 16:41:26 -0400
commit: 483642e5ea1dfa517cb7dba606d8b66ef2dd7791 (patch)
tree: 5cb2d79fb8e81523ce69d0af7a1e1d7177478709
parent: 5b5d331a2c933268eae8da85df43279878392772 (diff)
1 files changed, 37 insertions, 36 deletions
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index 018a48477355..3889ad28dd06 100644
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -111,25 +111,38 @@ error:		kfree(ctx);
        return err;
 }
-static bool __tcp_fastopen_cookie_gen(struct sock *sk, const void *path,
+static bool __tcp_fastopen_cookie_gen_cipher(struct request_sock *req,
-                                      struct tcp_fastopen_cookie *foc)
+                                             struct sk_buff *syn,
+                                             struct crypto_cipher *tfm,
+                                             struct tcp_fastopen_cookie *foc)
 {
-        struct tcp_fastopen_context *ctx;
+        if (req->rsk_ops->family == AF_INET) {
-        bool ok = false;
+                const struct iphdr *iph = ip_hdr(syn);
+                __be32 path[4] = { iph->saddr, iph->daddr, 0, 0 };
-        rcu_read_lock();
-        ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx);
+                crypto_cipher_encrypt_one(tfm, foc->val, (void *)path);
-        if (!ctx)
+                foc->len = TCP_FASTOPEN_COOKIE_SIZE;
-                ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx);
+                return true;
+        }
-        if (ctx) {
+#if IS_ENABLED(CONFIG_IPV6)
-                crypto_cipher_encrypt_one(ctx->tfm, foc->val, path);
+        if (req->rsk_ops->family == AF_INET6) {
+                const struct ipv6hdr *ip6h = ipv6_hdr(syn);
+                struct tcp_fastopen_cookie tmp;
+                struct in6_addr *buf;
+                int i;
+                crypto_cipher_encrypt_one(tfm, tmp.val,
+                                          (void *)&ip6h->saddr);
+                buf = &tmp.addr;
+                for (i = 0; i < 4; i++)
+                        buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i];
+                crypto_cipher_encrypt_one(tfm, foc->val, (void *)buf);
                foc->len = TCP_FASTOPEN_COOKIE_SIZE;
-                ok = true;
+                return true;
        }
-        rcu_read_unlock();
+#endif
-        return ok;
+        return false;
 }
 /* Generate the fastopen cookie by doing aes128 encryption on both
@@ -143,29 +156,17 @@ static bool tcp_fastopen_cookie_gen(struct sock *sk,
                                    struct sk_buff *syn,
                                    struct tcp_fastopen_cookie *foc)
 {
-        if (req->rsk_ops->family == AF_INET) {
+        struct tcp_fastopen_context *ctx;
-                const struct iphdr *iph = ip_hdr(syn);
+        bool ok = false;
-                __be32 path[4] = { iph->saddr, iph->daddr, 0, 0 };
-                return __tcp_fastopen_cookie_gen(sk, path, foc);
-        }
-#if IS_ENABLED(CONFIG_IPV6)
-        if (req->rsk_ops->family == AF_INET6) {
-                const struct ipv6hdr *ip6h = ipv6_hdr(syn);
-                struct tcp_fastopen_cookie tmp;
-                if (__tcp_fastopen_cookie_gen(sk, &ip6h->saddr, &tmp)) {
-                        struct in6_addr *buf = &tmp.addr;
-                        int i;
-                        for (i = 0; i < 4; i++)
+        rcu_read_lock();
-                                buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i];
+        ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx);
-                        return __tcp_fastopen_cookie_gen(sk, buf, foc);
+        if (!ctx)
-                }
+                ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx);
-        }
+        if (ctx)
-#endif
+                ok = __tcp_fastopen_cookie_gen_cipher(req, syn, ctx->tfm, foc);
-        return false;
+        rcu_read_unlock();
+        return ok;
 }
author	Christoph Paasch <cpaasch@apple.com>	2019-05-29 12:33:56 -0400
committer	David S. Miller <davem@davemloft.net>	2019-05-30 16:41:26 -0400
commit	483642e5ea1dfa517cb7dba606d8b66ef2dd7791 (patch)
tree	5cb2d79fb8e81523ce69d0af7a1e1d7177478709
parent	5b5d331a2c933268eae8da85df43279878392772 (diff)

diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c index 018a48477355..3889ad28dd06 100644 --- a/net/ipv4/tcp_fastopen.c +++ b/net/ipv4/tcp_fastopen.c
@@ -111,25 +111,38 @@ error: kfree(ctx);
111	return err;	111	return err;
112	}	112	}
113		113
114	static bool __tcp_fastopen_cookie_gen(struct sock sk, const void path,	114	static bool __tcp_fastopen_cookie_gen_cipher(struct request_sock *req,
115	struct tcp_fastopen_cookie *foc)	115	struct sk_buff *syn,
		116	struct crypto_cipher *tfm,
		117	struct tcp_fastopen_cookie *foc)
116	{	118	{
117	struct tcp_fastopen_context *ctx;	119	if (req->rsk_ops->family == AF_INET) {
118	bool ok = false;	120	const struct iphdr *iph = ip_hdr(syn);
119		121	__be32 path[4] = { iph->saddr, iph->daddr, 0, 0 };
120	rcu_read_lock();
121		122
122	ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx);	123	crypto_cipher_encrypt_one(tfm, foc->val, (void *)path);
123	if (!ctx)	124	foc->len = TCP_FASTOPEN_COOKIE_SIZE;
124	ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx);	125	return true;
		126	}
125		127
126	if (ctx) {	128	#if IS_ENABLED(CONFIG_IPV6)
127	crypto_cipher_encrypt_one(ctx->tfm, foc->val, path);	129	if (req->rsk_ops->family == AF_INET6) {
		130	const struct ipv6hdr *ip6h = ipv6_hdr(syn);
		131	struct tcp_fastopen_cookie tmp;
		132	struct in6_addr *buf;
		133	int i;
		134
		135	crypto_cipher_encrypt_one(tfm, tmp.val,
		136	(void *)&ip6h->saddr);
		137	buf = &tmp.addr;
		138	for (i = 0; i < 4; i++)
		139	buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i];
		140	crypto_cipher_encrypt_one(tfm, foc->val, (void *)buf);
128	foc->len = TCP_FASTOPEN_COOKIE_SIZE;	141	foc->len = TCP_FASTOPEN_COOKIE_SIZE;
129	ok = true;	142	return true;
130	}	143	}
131	rcu_read_unlock();	144	#endif
132	return ok;	145	return false;
133	}	146	}
134		147
135	/* Generate the fastopen cookie by doing aes128 encryption on both	148	/* Generate the fastopen cookie by doing aes128 encryption on both
@@ -143,29 +156,17 @@ static bool tcp_fastopen_cookie_gen(struct sock *sk,
143	struct sk_buff *syn,	156	struct sk_buff *syn,
144	struct tcp_fastopen_cookie *foc)	157	struct tcp_fastopen_cookie *foc)
145	{	158	{
146	if (req->rsk_ops->family == AF_INET) {	159	struct tcp_fastopen_context *ctx;
147	const struct iphdr *iph = ip_hdr(syn);	160	bool ok = false;
148
149	__be32 path[4] = { iph->saddr, iph->daddr, 0, 0 };
150	return __tcp_fastopen_cookie_gen(sk, path, foc);
151	}
152
153	#if IS_ENABLED(CONFIG_IPV6)
154	if (req->rsk_ops->family == AF_INET6) {
155	const struct ipv6hdr *ip6h = ipv6_hdr(syn);
156	struct tcp_fastopen_cookie tmp;
157
158	if (__tcp_fastopen_cookie_gen(sk, &ip6h->saddr, &tmp)) {
159	struct in6_addr *buf = &tmp.addr;
160	int i;
161		161
162	for (i = 0; i < 4; i++)	162	rcu_read_lock();
163	buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i];	163	ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx);
164	return __tcp_fastopen_cookie_gen(sk, buf, foc);	164	if (!ctx)
165	}	165	ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx);
166	}	166	if (ctx)
167	#endif	167	ok = __tcp_fastopen_cookie_gen_cipher(req, syn, ctx->tfm, foc);
168	return false;	168	rcu_read_unlock();
		169	return ok;
169	}	170	}
170		171
171		172