xref: /linux/net/ipv4/tcp_ao.c (revision 87320be9f0d24fce67631b7eef919f0b79c3e45c)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * INET		An implementation of the TCP Authentication Option (TCP-AO).
4  *		See RFC5925.
5  *
6  * Authors:	Dmitry Safonov <dima@arista.com>
7  *		Francesco Ruggeri <fruggeri@arista.com>
8  *		Salam Noureddine <noureddine@arista.com>
9  */
10 #define pr_fmt(fmt) "TCP: " fmt
11 
12 #include <crypto/aes-cbc-macs.h>
13 #include <crypto/sha1.h>
14 #include <crypto/sha2.h>
15 #include <crypto/utils.h>
16 #include <linux/inetdevice.h>
17 #include <linux/tcp.h>
18 
19 #include <net/tcp.h>
20 #include <net/ipv6.h>
21 #include <net/icmp.h>
22 #include <trace/events/tcp.h>
23 
24 DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);
25 
26 static const struct tcp_ao_algo {
27 	const char *name;
28 	unsigned int digest_size;
29 } tcp_ao_algos[] = {
30 	[TCP_AO_ALGO_HMAC_SHA1] = {
31 		.name = "hmac(sha1)",
32 		.digest_size = SHA1_DIGEST_SIZE,
33 	},
34 	[TCP_AO_ALGO_HMAC_SHA256] = {
35 		.name = "hmac(sha256)",
36 		.digest_size = SHA256_DIGEST_SIZE,
37 	},
38 	[TCP_AO_ALGO_AES_128_CMAC] = {
39 		.name = "cmac(aes128)",
40 		.digest_size = AES_BLOCK_SIZE, /* same as AES_KEYSIZE_128 */
41 	},
42 };
43 
44 struct tcp_ao_mac_ctx {
45 	enum tcp_ao_algo_id algo;
46 	union {
47 		struct hmac_sha1_ctx hmac_sha1;
48 		struct hmac_sha256_ctx hmac_sha256;
49 		struct {
50 			struct aes_cmac_key key;
51 			struct aes_cmac_ctx ctx;
52 		} aes_cmac;
53 	};
54 };
55 
tcp_ao_find_algo(const char * name)56 static const struct tcp_ao_algo *tcp_ao_find_algo(const char *name)
57 {
58 	for (size_t i = 0; i < ARRAY_SIZE(tcp_ao_algos); i++) {
59 		const struct tcp_ao_algo *algo = &tcp_ao_algos[i];
60 
61 		if (!algo->name)
62 			continue;
63 		if (WARN_ON_ONCE(algo->digest_size > TCP_AO_MAX_MAC_LEN ||
64 				 algo->digest_size >
65 					 TCP_AO_MAX_TRAFFIC_KEY_LEN))
66 			continue;
67 		if (strcmp(name, algo->name) == 0)
68 			return algo;
69 	}
70 	return NULL;
71 }
72 
tcp_ao_mac_init(struct tcp_ao_mac_ctx * mac_ctx,enum tcp_ao_algo_id algo,const u8 * traffic_key)73 static void tcp_ao_mac_init(struct tcp_ao_mac_ctx *mac_ctx,
74 			    enum tcp_ao_algo_id algo, const u8 *traffic_key)
75 {
76 	mac_ctx->algo = algo;
77 	switch (mac_ctx->algo) {
78 	case TCP_AO_ALGO_HMAC_SHA1:
79 		hmac_sha1_init_usingrawkey(&mac_ctx->hmac_sha1, traffic_key,
80 					   SHA1_DIGEST_SIZE);
81 		return;
82 	case TCP_AO_ALGO_HMAC_SHA256:
83 		hmac_sha256_init_usingrawkey(&mac_ctx->hmac_sha256, traffic_key,
84 					     SHA256_DIGEST_SIZE);
85 		return;
86 	case TCP_AO_ALGO_AES_128_CMAC:
87 		aes_cmac_preparekey(&mac_ctx->aes_cmac.key, traffic_key,
88 				    AES_KEYSIZE_128);
89 		aes_cmac_init(&mac_ctx->aes_cmac.ctx, &mac_ctx->aes_cmac.key);
90 		return;
91 	default:
92 		WARN_ON_ONCE(1); /* algo was validated earlier. */
93 	}
94 }
95 
tcp_ao_mac_update(struct tcp_ao_mac_ctx * mac_ctx,const void * data,size_t data_len)96 void tcp_ao_mac_update(struct tcp_ao_mac_ctx *mac_ctx, const void *data,
97 		       size_t data_len)
98 {
99 	switch (mac_ctx->algo) {
100 	case TCP_AO_ALGO_HMAC_SHA1:
101 		hmac_sha1_update(&mac_ctx->hmac_sha1, data, data_len);
102 		return;
103 	case TCP_AO_ALGO_HMAC_SHA256:
104 		hmac_sha256_update(&mac_ctx->hmac_sha256, data, data_len);
105 		return;
106 	case TCP_AO_ALGO_AES_128_CMAC:
107 		aes_cmac_update(&mac_ctx->aes_cmac.ctx, data, data_len);
108 		return;
109 	default:
110 		WARN_ON_ONCE(1); /* algo was validated earlier. */
111 	}
112 }
113 
tcp_ao_mac_final(struct tcp_ao_mac_ctx * mac_ctx,u8 * out)114 static void tcp_ao_mac_final(struct tcp_ao_mac_ctx *mac_ctx, u8 *out)
115 {
116 	switch (mac_ctx->algo) {
117 	case TCP_AO_ALGO_HMAC_SHA1:
118 		hmac_sha1_final(&mac_ctx->hmac_sha1, out);
119 		return;
120 	case TCP_AO_ALGO_HMAC_SHA256:
121 		hmac_sha256_final(&mac_ctx->hmac_sha256, out);
122 		return;
123 	case TCP_AO_ALGO_AES_128_CMAC:
124 		aes_cmac_final(&mac_ctx->aes_cmac.ctx, out);
125 		return;
126 	default:
127 		WARN_ON_ONCE(1); /* algo was validated earlier. */
128 	}
129 }
130 
tcp_ao_calc_traffic_key(const struct tcp_ao_key * mkt,u8 * traffic_key,const void * input,unsigned int input_len)131 void tcp_ao_calc_traffic_key(const struct tcp_ao_key *mkt, u8 *traffic_key,
132 			     const void *input, unsigned int input_len)
133 {
134 	switch (mkt->algo) {
135 	case TCP_AO_ALGO_HMAC_SHA1:
136 		hmac_sha1_usingrawkey(mkt->key, mkt->keylen, input, input_len,
137 				      traffic_key);
138 		return;
139 	case TCP_AO_ALGO_HMAC_SHA256:
140 		hmac_sha256_usingrawkey(mkt->key, mkt->keylen, input, input_len,
141 					traffic_key);
142 		return;
143 	case TCP_AO_ALGO_AES_128_CMAC: {
144 		struct aes_cmac_key k;
145 
146 		aes_cmac_preparekey(&k, mkt->key, AES_KEYSIZE_128);
147 		aes_cmac(&k, input, input_len, traffic_key);
148 		return;
149 	}
150 	default:
151 		WARN_ON_ONCE(1); /* algo was validated earlier. */
152 	}
153 }
154 
tcp_ao_ignore_icmp(const struct sock * sk,int family,int type,int code)155 bool tcp_ao_ignore_icmp(const struct sock *sk, int family, int type, int code)
156 {
157 	bool ignore_icmp = false;
158 	struct tcp_ao_info *ao;
159 
160 	if (!static_branch_unlikely(&tcp_ao_needed.key))
161 		return false;
162 
163 	/* RFC5925, 7.8:
164 	 * >> A TCP-AO implementation MUST default to ignore incoming ICMPv4
165 	 * messages of Type 3 (destination unreachable), Codes 2-4 (protocol
166 	 * unreachable, port unreachable, and fragmentation needed -- ’hard
167 	 * errors’), and ICMPv6 Type 1 (destination unreachable), Code 1
168 	 * (administratively prohibited) and Code 4 (port unreachable) intended
169 	 * for connections in synchronized states (ESTABLISHED, FIN-WAIT-1, FIN-
170 	 * WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT) that match MKTs.
171 	 */
172 	if (family == AF_INET) {
173 		if (type != ICMP_DEST_UNREACH)
174 			return false;
175 		if (code < ICMP_PROT_UNREACH || code > ICMP_FRAG_NEEDED)
176 			return false;
177 	} else {
178 		if (type != ICMPV6_DEST_UNREACH)
179 			return false;
180 		if (code != ICMPV6_ADM_PROHIBITED && code != ICMPV6_PORT_UNREACH)
181 			return false;
182 	}
183 
184 	rcu_read_lock();
185 	switch (sk->sk_state) {
186 	case TCP_TIME_WAIT:
187 		ao = rcu_dereference(tcp_twsk(sk)->ao_info);
188 		break;
189 	case TCP_SYN_SENT:
190 	case TCP_SYN_RECV:
191 	case TCP_LISTEN:
192 	case TCP_NEW_SYN_RECV:
193 		/* RFC5925 specifies to ignore ICMPs *only* on connections
194 		 * in synchronized states.
195 		 */
196 		rcu_read_unlock();
197 		return false;
198 	default:
199 		ao = rcu_dereference(tcp_sk(sk)->ao_info);
200 	}
201 
202 	if (ao && !ao->accept_icmps) {
203 		ignore_icmp = true;
204 		__NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAODROPPEDICMPS);
205 		atomic64_inc(&ao->counters.dropped_icmp);
206 	}
207 	rcu_read_unlock();
208 
209 	return ignore_icmp;
210 }
211 
212 /* Optimized version of tcp_ao_do_lookup(): only for sockets for which
213  * it's known that the keys in ao_info are matching peer's
214  * family/address/VRF/etc.
215  */
tcp_ao_established_key(const struct sock * sk,struct tcp_ao_info * ao,int sndid,int rcvid)216 struct tcp_ao_key *tcp_ao_established_key(const struct sock *sk,
217 					  struct tcp_ao_info *ao,
218 					  int sndid, int rcvid)
219 {
220 	struct tcp_ao_key *key;
221 
222 	hlist_for_each_entry_rcu(key, &ao->head, node,
223 				 sk_fullsock(sk) && lockdep_sock_is_held(sk)) {
224 		if ((sndid >= 0 && key->sndid != sndid) ||
225 		    (rcvid >= 0 && key->rcvid != rcvid))
226 			continue;
227 		return key;
228 	}
229 
230 	return NULL;
231 }
232 
ipv4_prefix_cmp(const struct in_addr * addr1,const struct in_addr * addr2,unsigned int prefixlen)233 static int ipv4_prefix_cmp(const struct in_addr *addr1,
234 			   const struct in_addr *addr2,
235 			   unsigned int prefixlen)
236 {
237 	__be32 mask = inet_make_mask(prefixlen);
238 	__be32 a1 = addr1->s_addr & mask;
239 	__be32 a2 = addr2->s_addr & mask;
240 
241 	if (a1 == a2)
242 		return 0;
243 	return memcmp(&a1, &a2, sizeof(a1));
244 }
245 
__tcp_ao_key_cmp(const struct tcp_ao_key * key,int l3index,const union tcp_ao_addr * addr,u8 prefixlen,int family,int sndid,int rcvid)246 static int __tcp_ao_key_cmp(const struct tcp_ao_key *key, int l3index,
247 			    const union tcp_ao_addr *addr, u8 prefixlen,
248 			    int family, int sndid, int rcvid)
249 {
250 	if (sndid >= 0 && key->sndid != sndid)
251 		return (key->sndid > sndid) ? 1 : -1;
252 	if (rcvid >= 0 && key->rcvid != rcvid)
253 		return (key->rcvid > rcvid) ? 1 : -1;
254 	if (l3index >= 0 && (key->keyflags & TCP_AO_KEYF_IFINDEX)) {
255 		if (key->l3index != l3index)
256 			return (key->l3index > l3index) ? 1 : -1;
257 	}
258 
259 	if (family == AF_UNSPEC)
260 		return 0;
261 	if (key->family != family)
262 		return (key->family > family) ? 1 : -1;
263 
264 	if (family == AF_INET) {
265 		if (ntohl(key->addr.a4.s_addr) == INADDR_ANY)
266 			return 0;
267 		if (ntohl(addr->a4.s_addr) == INADDR_ANY)
268 			return 0;
269 		return ipv4_prefix_cmp(&key->addr.a4, &addr->a4, prefixlen);
270 #if IS_ENABLED(CONFIG_IPV6)
271 	} else {
272 		if (ipv6_addr_any(&key->addr.a6) || ipv6_addr_any(&addr->a6))
273 			return 0;
274 		if (ipv6_prefix_equal(&key->addr.a6, &addr->a6, prefixlen))
275 			return 0;
276 		return memcmp(&key->addr.a6, &addr->a6, sizeof(addr->a6));
277 #endif
278 	}
279 	return -1;
280 }
281 
tcp_ao_key_cmp(const struct tcp_ao_key * key,int l3index,const union tcp_ao_addr * addr,u8 prefixlen,int family,int sndid,int rcvid)282 static int tcp_ao_key_cmp(const struct tcp_ao_key *key, int l3index,
283 			  const union tcp_ao_addr *addr, u8 prefixlen,
284 			  int family, int sndid, int rcvid)
285 {
286 #if IS_ENABLED(CONFIG_IPV6)
287 	if (family == AF_INET6 && ipv6_addr_v4mapped(&addr->a6)) {
288 		__be32 addr4 = addr->a6.s6_addr32[3];
289 
290 		return __tcp_ao_key_cmp(key, l3index,
291 					(union tcp_ao_addr *)&addr4,
292 					prefixlen, AF_INET, sndid, rcvid);
293 	}
294 #endif
295 	return __tcp_ao_key_cmp(key, l3index, addr,
296 				prefixlen, family, sndid, rcvid);
297 }
298 
__tcp_ao_do_lookup(const struct sock * sk,int l3index,const union tcp_ao_addr * addr,int family,u8 prefix,int sndid,int rcvid)299 static struct tcp_ao_key *__tcp_ao_do_lookup(const struct sock *sk, int l3index,
300 		const union tcp_ao_addr *addr, int family, u8 prefix,
301 		int sndid, int rcvid)
302 {
303 	struct tcp_ao_key *key;
304 	struct tcp_ao_info *ao;
305 
306 	if (!static_branch_unlikely(&tcp_ao_needed.key))
307 		return NULL;
308 
309 	ao = rcu_dereference_check(tcp_sk(sk)->ao_info,
310 				   lockdep_sock_is_held(sk));
311 	if (!ao)
312 		return NULL;
313 
314 	hlist_for_each_entry_rcu(key, &ao->head, node, lockdep_sock_is_held(sk)) {
315 		u8 prefixlen = min(prefix, key->prefixlen);
316 
317 		if (!tcp_ao_key_cmp(key, l3index, addr, prefixlen,
318 				    family, sndid, rcvid))
319 			return key;
320 	}
321 	return NULL;
322 }
323 
tcp_ao_do_lookup(const struct sock * sk,int l3index,const union tcp_ao_addr * addr,int family,int sndid,int rcvid)324 struct tcp_ao_key *tcp_ao_do_lookup(const struct sock *sk, int l3index,
325 				    const union tcp_ao_addr *addr,
326 				    int family, int sndid, int rcvid)
327 {
328 	return __tcp_ao_do_lookup(sk, l3index, addr, family, U8_MAX, sndid, rcvid);
329 }
330 
tcp_ao_alloc_info(gfp_t flags)331 static struct tcp_ao_info *tcp_ao_alloc_info(gfp_t flags)
332 {
333 	struct tcp_ao_info *ao;
334 
335 	ao = kzalloc_obj(*ao, flags);
336 	if (!ao)
337 		return NULL;
338 	INIT_HLIST_HEAD(&ao->head);
339 	refcount_set(&ao->refcnt, 1);
340 
341 	return ao;
342 }
343 
tcp_ao_link_mkt(struct tcp_ao_info * ao,struct tcp_ao_key * mkt)344 static void tcp_ao_link_mkt(struct tcp_ao_info *ao, struct tcp_ao_key *mkt)
345 {
346 	hlist_add_head_rcu(&mkt->node, &ao->head);
347 }
348 
tcp_ao_copy_key(struct sock * sk,struct tcp_ao_key * key)349 static struct tcp_ao_key *tcp_ao_copy_key(struct sock *sk,
350 					  struct tcp_ao_key *key)
351 {
352 	struct tcp_ao_key *new_key;
353 
354 	new_key = sock_kmalloc(sk, tcp_ao_sizeof_key(key),
355 			       GFP_ATOMIC);
356 	if (!new_key)
357 		return NULL;
358 
359 	*new_key = *key;
360 	INIT_HLIST_NODE(&new_key->node);
361 	atomic64_set(&new_key->pkt_good, 0);
362 	atomic64_set(&new_key->pkt_bad, 0);
363 
364 	return new_key;
365 }
366 
tcp_ao_key_free_rcu(struct rcu_head * head)367 static void tcp_ao_key_free_rcu(struct rcu_head *head)
368 {
369 	struct tcp_ao_key *key = container_of(head, struct tcp_ao_key, rcu);
370 
371 	kfree_sensitive(key);
372 }
373 
tcp_ao_info_free_rcu(struct rcu_head * head)374 static void tcp_ao_info_free_rcu(struct rcu_head *head)
375 {
376 	struct tcp_ao_info *ao = container_of(head, struct tcp_ao_info, rcu);
377 	struct tcp_ao_key *key;
378 	struct hlist_node *n;
379 
380 	hlist_for_each_entry_safe(key, n, &ao->head, node) {
381 		hlist_del(&key->node);
382 		kfree_sensitive(key);
383 	}
384 	kfree(ao);
385 	static_branch_slow_dec_deferred(&tcp_ao_needed);
386 }
387 
tcp_ao_sk_omem_free(struct sock * sk,struct tcp_ao_info * ao)388 static void tcp_ao_sk_omem_free(struct sock *sk, struct tcp_ao_info *ao)
389 {
390 	size_t total_ao_sk_mem = 0;
391 	struct tcp_ao_key *key;
392 
393 	hlist_for_each_entry(key,  &ao->head, node)
394 		total_ao_sk_mem += tcp_ao_sizeof_key(key);
395 	atomic_sub(total_ao_sk_mem, &sk->sk_omem_alloc);
396 }
397 
tcp_ao_destroy_sock(struct sock * sk,bool twsk)398 void tcp_ao_destroy_sock(struct sock *sk, bool twsk)
399 {
400 	struct tcp_ao_info *ao;
401 
402 	if (twsk) {
403 		ao = rcu_dereference_protected(tcp_twsk(sk)->ao_info, 1);
404 		rcu_assign_pointer(tcp_twsk(sk)->ao_info, NULL);
405 	} else {
406 		ao = rcu_dereference_protected(tcp_sk(sk)->ao_info, 1);
407 		rcu_assign_pointer(tcp_sk(sk)->ao_info, NULL);
408 	}
409 
410 	if (!ao || !refcount_dec_and_test(&ao->refcnt))
411 		return;
412 
413 	if (!twsk)
414 		tcp_ao_sk_omem_free(sk, ao);
415 	call_rcu(&ao->rcu, tcp_ao_info_free_rcu);
416 }
417 
tcp_ao_time_wait(struct tcp_timewait_sock * tcptw,struct tcp_sock * tp)418 void tcp_ao_time_wait(struct tcp_timewait_sock *tcptw, struct tcp_sock *tp)
419 {
420 	struct tcp_ao_info *ao_info = rcu_dereference_protected(tp->ao_info, 1);
421 
422 	if (ao_info) {
423 		struct tcp_ao_key *key;
424 		struct hlist_node *n;
425 		int omem = 0;
426 
427 		hlist_for_each_entry_safe(key, n, &ao_info->head, node) {
428 			omem += tcp_ao_sizeof_key(key);
429 		}
430 
431 		refcount_inc(&ao_info->refcnt);
432 		atomic_sub(omem, &(((struct sock *)tp)->sk_omem_alloc));
433 		rcu_assign_pointer(tcptw->ao_info, ao_info);
434 	} else {
435 		tcptw->ao_info = NULL;
436 	}
437 }
438 
439 /* 4 tuple and ISNs are expected in NBO */
tcp_v4_ao_calc_key(struct tcp_ao_key * mkt,u8 * key,__be32 saddr,__be32 daddr,__be16 sport,__be16 dport,__be32 sisn,__be32 disn)440 static void tcp_v4_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
441 			       __be32 saddr, __be32 daddr,
442 			       __be16 sport, __be16 dport,
443 			       __be32 sisn, __be32 disn)
444 {
445 	/* See RFC5926 3.1.1 */
446 	struct kdf_input_block {
447 		u8                      counter;
448 		u8                      label[6];
449 		struct tcp4_ao_context	ctx;
450 		__be16                  outlen;
451 	} __packed input = {
452 		.counter = 1,
453 		.label = "TCP-AO",
454 		.ctx = {
455 			.saddr = saddr,
456 			.daddr = daddr,
457 			.sport = sport,
458 			.dport = dport,
459 			.sisn = sisn,
460 			.disn = disn,
461 		},
462 		.outlen = htons(tcp_ao_digest_size(mkt) * 8), /* in bits */
463 	};
464 
465 	tcp_ao_calc_traffic_key(mkt, key, &input, sizeof(input));
466 }
467 
tcp_v4_ao_calc_key_sk(struct tcp_ao_key * mkt,u8 * key,const struct sock * sk,__be32 sisn,__be32 disn,bool send)468 void tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
469 			   const struct sock *sk,
470 			   __be32 sisn, __be32 disn, bool send)
471 {
472 	if (send)
473 		tcp_v4_ao_calc_key(mkt, key, sk->sk_rcv_saddr, sk->sk_daddr,
474 				   htons(sk->sk_num), sk->sk_dport, sisn, disn);
475 	else
476 		tcp_v4_ao_calc_key(mkt, key, sk->sk_daddr, sk->sk_rcv_saddr,
477 				   sk->sk_dport, htons(sk->sk_num), disn, sisn);
478 }
479 
tcp_ao_calc_key_sk(struct tcp_ao_key * mkt,u8 * key,const struct sock * sk,__be32 sisn,__be32 disn,bool send)480 static int tcp_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
481 			      const struct sock *sk,
482 			      __be32 sisn, __be32 disn, bool send)
483 {
484 	if (mkt->family == AF_INET) {
485 		tcp_v4_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
486 		return 0;
487 	}
488 #if IS_ENABLED(CONFIG_IPV6)
489 	if (mkt->family == AF_INET6) {
490 		tcp_v6_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
491 		return 0;
492 	}
493 #endif
494 	return -EOPNOTSUPP;
495 }
496 
tcp_v4_ao_calc_key_rsk(struct tcp_ao_key * mkt,u8 * key,struct request_sock * req)497 void tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
498 			    struct request_sock *req)
499 {
500 	struct inet_request_sock *ireq = inet_rsk(req);
501 
502 	tcp_v4_ao_calc_key(mkt, key, ireq->ir_loc_addr, ireq->ir_rmt_addr,
503 			   htons(ireq->ir_num), ireq->ir_rmt_port,
504 			   htonl(tcp_rsk(req)->snt_isn),
505 			   htonl(tcp_rsk(req)->rcv_isn));
506 }
507 
tcp_v4_ao_calc_key_skb(struct tcp_ao_key * mkt,u8 * key,const struct sk_buff * skb,__be32 sisn,__be32 disn)508 static void tcp_v4_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
509 				   const struct sk_buff *skb,
510 				   __be32 sisn, __be32 disn)
511 {
512 	const struct iphdr *iph = ip_hdr(skb);
513 	const struct tcphdr *th = tcp_hdr(skb);
514 
515 	tcp_v4_ao_calc_key(mkt, key, iph->saddr, iph->daddr, th->source,
516 			   th->dest, sisn, disn);
517 }
518 
tcp_ao_calc_key_skb(struct tcp_ao_key * mkt,u8 * key,const struct sk_buff * skb,__be32 sisn,__be32 disn,int family)519 static int tcp_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
520 			       const struct sk_buff *skb,
521 			       __be32 sisn, __be32 disn, int family)
522 {
523 	if (family == AF_INET) {
524 		tcp_v4_ao_calc_key_skb(mkt, key, skb, sisn, disn);
525 		return 0;
526 	}
527 #if IS_ENABLED(CONFIG_IPV6)
528 	if (family == AF_INET6) {
529 		tcp_v6_ao_calc_key_skb(mkt, key, skb, sisn, disn);
530 		return 0;
531 	}
532 #endif
533 	return -EAFNOSUPPORT;
534 }
535 
tcp_v4_ao_hash_pseudoheader(struct tcp_ao_mac_ctx * mac_ctx,__be32 daddr,__be32 saddr,int nbytes)536 static void tcp_v4_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
537 					__be32 daddr, __be32 saddr, int nbytes)
538 {
539 	struct tcp4_pseudohdr phdr = {
540 		.saddr = saddr,
541 		.daddr = daddr,
542 		.pad = 0,
543 		.protocol = IPPROTO_TCP,
544 		.len = cpu_to_be16(nbytes),
545 	};
546 
547 	tcp_ao_mac_update(mac_ctx, &phdr, sizeof(phdr));
548 }
549 
tcp_ao_hash_pseudoheader(unsigned short int family,const struct sock * sk,const struct sk_buff * skb,struct tcp_ao_mac_ctx * mac_ctx,int nbytes)550 static int tcp_ao_hash_pseudoheader(unsigned short int family,
551 				    const struct sock *sk,
552 				    const struct sk_buff *skb,
553 				    struct tcp_ao_mac_ctx *mac_ctx, int nbytes)
554 {
555 	const struct tcphdr *th = tcp_hdr(skb);
556 
557 	/* TODO: Can we rely on checksum being zero to mean outbound pkt? */
558 	if (!th->check) {
559 		if (family == AF_INET) {
560 			tcp_v4_ao_hash_pseudoheader(mac_ctx, sk->sk_daddr,
561 						    sk->sk_rcv_saddr, skb->len);
562 			return 0;
563 		}
564 #if IS_ENABLED(CONFIG_IPV6)
565 		if (family == AF_INET6) {
566 			tcp_v6_ao_hash_pseudoheader(mac_ctx, &sk->sk_v6_daddr,
567 						    &sk->sk_v6_rcv_saddr,
568 						    skb->len);
569 			return 0;
570 		}
571 #endif
572 		return -EAFNOSUPPORT;
573 	}
574 
575 	if (family == AF_INET) {
576 		const struct iphdr *iph = ip_hdr(skb);
577 
578 		tcp_v4_ao_hash_pseudoheader(mac_ctx, iph->daddr, iph->saddr,
579 					    skb->len);
580 		return 0;
581 	}
582 #if IS_ENABLED(CONFIG_IPV6)
583 	if (family == AF_INET6) {
584 		const struct ipv6hdr *iph = ipv6_hdr(skb);
585 
586 		tcp_v6_ao_hash_pseudoheader(mac_ctx, &iph->daddr, &iph->saddr,
587 					    skb->len);
588 		return 0;
589 	}
590 #endif
591 	return -EAFNOSUPPORT;
592 }
593 
tcp_ao_compute_sne(u32 next_sne,u32 next_seq,u32 seq)594 u32 tcp_ao_compute_sne(u32 next_sne, u32 next_seq, u32 seq)
595 {
596 	u32 sne = next_sne;
597 
598 	if (before(seq, next_seq)) {
599 		if (seq > next_seq)
600 			sne--;
601 	} else {
602 		if (seq < next_seq)
603 			sne++;
604 	}
605 
606 	return sne;
607 }
608 
tcp_ao_hash_sne(struct tcp_ao_mac_ctx * mac_ctx,u32 sne)609 static void tcp_ao_hash_sne(struct tcp_ao_mac_ctx *mac_ctx, u32 sne)
610 {
611 	__be32 sne_be32 = htonl(sne);
612 
613 	tcp_ao_mac_update(mac_ctx, &sne_be32, sizeof(sne_be32));
614 }
615 
tcp_ao_hash_header(struct tcp_ao_mac_ctx * mac_ctx,const struct tcphdr * th,bool exclude_options,u8 * hash,int hash_offset,int hash_len)616 static void tcp_ao_hash_header(struct tcp_ao_mac_ctx *mac_ctx,
617 			       const struct tcphdr *th, bool exclude_options,
618 			       u8 *hash, int hash_offset, int hash_len)
619 {
620 	/* Full TCP header (th->doff << 2) should fit into scratch area. */
621 	u8 hdr[60];
622 	int len;
623 
624 	/* We are not allowed to change tcphdr, make a local copy */
625 	if (exclude_options) {
626 		len = sizeof(*th) + sizeof(struct tcp_ao_hdr) + hash_len;
627 		memcpy(hdr, th, sizeof(*th));
628 		memcpy(hdr + sizeof(*th),
629 		       (u8 *)th + hash_offset - sizeof(struct tcp_ao_hdr),
630 		       sizeof(struct tcp_ao_hdr));
631 		memset(hdr + sizeof(*th) + sizeof(struct tcp_ao_hdr),
632 		       0, hash_len);
633 		((struct tcphdr *)hdr)->check = 0;
634 	} else {
635 		len = th->doff << 2;
636 		memcpy(hdr, th, len);
637 		/* zero out tcp-ao hash */
638 		((struct tcphdr *)hdr)->check = 0;
639 		memset(hdr + hash_offset, 0, hash_len);
640 	}
641 
642 	tcp_ao_mac_update(mac_ctx, hdr, len);
643 }
644 
tcp_ao_hash_hdr(unsigned short int family,char * ao_hash,struct tcp_ao_key * key,const u8 * tkey,const union tcp_ao_addr * daddr,const union tcp_ao_addr * saddr,const struct tcphdr * th,u32 sne)645 int tcp_ao_hash_hdr(unsigned short int family, char *ao_hash,
646 		    struct tcp_ao_key *key, const u8 *tkey,
647 		    const union tcp_ao_addr *daddr,
648 		    const union tcp_ao_addr *saddr,
649 		    const struct tcphdr *th, u32 sne)
650 {
651 	int hash_offset = ao_hash - (char *)th;
652 	struct tcp_ao_mac_ctx mac_ctx;
653 	u8 hash_buf[TCP_AO_MAX_MAC_LEN];
654 
655 	tcp_ao_mac_init(&mac_ctx, key->algo, tkey);
656 	tcp_ao_hash_sne(&mac_ctx, sne);
657 	if (family == AF_INET) {
658 		tcp_v4_ao_hash_pseudoheader(&mac_ctx, daddr->a4.s_addr,
659 					    saddr->a4.s_addr, th->doff * 4);
660 #if IS_ENABLED(CONFIG_IPV6)
661 	} else if (family == AF_INET6) {
662 		tcp_v6_ao_hash_pseudoheader(&mac_ctx, &daddr->a6,
663 					    &saddr->a6, th->doff * 4);
664 #endif
665 	} else {
666 		WARN_ON_ONCE(1);
667 		goto clear_hash;
668 	}
669 	tcp_ao_hash_header(&mac_ctx, th,
670 			   !!(key->keyflags & TCP_AO_KEYF_EXCLUDE_OPT),
671 			   ao_hash, hash_offset, tcp_ao_maclen(key));
672 	tcp_ao_mac_final(&mac_ctx, hash_buf);
673 
674 	memcpy(ao_hash, hash_buf, tcp_ao_maclen(key));
675 	return 0;
676 
677 clear_hash:
678 	memset(ao_hash, 0, tcp_ao_maclen(key));
679 	return 1;
680 }
681 
tcp_ao_hash_skb_data(struct tcp_ao_mac_ctx * mac_ctx,const struct sk_buff * skb,unsigned int header_len)682 static void tcp_ao_hash_skb_data(struct tcp_ao_mac_ctx *mac_ctx,
683 				 const struct sk_buff *skb,
684 				 unsigned int header_len)
685 {
686 	const unsigned int head_data_len = skb_headlen(skb) > header_len ?
687 					   skb_headlen(skb) - header_len : 0;
688 	const struct skb_shared_info *shi = skb_shinfo(skb);
689 	struct sk_buff *frag_iter;
690 	unsigned int i;
691 
692 	tcp_ao_mac_update(mac_ctx, (const u8 *)tcp_hdr(skb) + header_len,
693 			  head_data_len);
694 
695 	for (i = 0; i < shi->nr_frags; ++i) {
696 		const skb_frag_t *f = &shi->frags[i];
697 		u32 p_off, p_len, copied;
698 		const void *vaddr;
699 		struct page *p;
700 
701 		skb_frag_foreach_page(f, skb_frag_off(f), skb_frag_size(f),
702 				      p, p_off, p_len, copied) {
703 			vaddr = kmap_local_page(p);
704 			tcp_ao_mac_update(mac_ctx, vaddr + p_off, p_len);
705 			kunmap_local(vaddr);
706 		}
707 	}
708 
709 	skb_walk_frags(skb, frag_iter)
710 		tcp_ao_hash_skb_data(mac_ctx, frag_iter, 0);
711 }
712 
tcp_ao_hash_skb(unsigned short int family,char * ao_hash,struct tcp_ao_key * key,const struct sock * sk,const struct sk_buff * skb,const u8 * tkey,int hash_offset,u32 sne)713 int tcp_ao_hash_skb(unsigned short int family,
714 		    char *ao_hash, struct tcp_ao_key *key,
715 		    const struct sock *sk, const struct sk_buff *skb,
716 		    const u8 *tkey, int hash_offset, u32 sne)
717 {
718 	const struct tcphdr *th = tcp_hdr(skb);
719 	struct tcp_ao_mac_ctx mac_ctx;
720 	u8 hash_buf[TCP_AO_MAX_MAC_LEN];
721 
722 	tcp_ao_mac_init(&mac_ctx, key->algo, tkey);
723 	tcp_ao_hash_sne(&mac_ctx, sne);
724 	if (tcp_ao_hash_pseudoheader(family, sk, skb, &mac_ctx, skb->len))
725 		goto clear_hash;
726 	tcp_ao_hash_header(&mac_ctx, th,
727 			   !!(key->keyflags & TCP_AO_KEYF_EXCLUDE_OPT),
728 			   ao_hash, hash_offset, tcp_ao_maclen(key));
729 	tcp_ao_hash_skb_data(&mac_ctx, skb, th->doff << 2);
730 	tcp_ao_mac_final(&mac_ctx, hash_buf);
731 
732 	memcpy(ao_hash, hash_buf, tcp_ao_maclen(key));
733 	return 0;
734 
735 clear_hash:
736 	memset(ao_hash, 0, tcp_ao_maclen(key));
737 	return 1;
738 }
739 
tcp_v4_ao_hash_skb(char * ao_hash,struct tcp_ao_key * key,const struct sock * sk,const struct sk_buff * skb,const u8 * tkey,int hash_offset,u32 sne)740 int tcp_v4_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key,
741 		       const struct sock *sk, const struct sk_buff *skb,
742 		       const u8 *tkey, int hash_offset, u32 sne)
743 {
744 	return tcp_ao_hash_skb(AF_INET, ao_hash, key, sk, skb,
745 			       tkey, hash_offset, sne);
746 }
747 
tcp_v4_ao_synack_hash(char * ao_hash,struct tcp_ao_key * ao_key,struct request_sock * req,const struct sk_buff * skb,int hash_offset,u32 sne)748 int tcp_v4_ao_synack_hash(char *ao_hash, struct tcp_ao_key *ao_key,
749 			  struct request_sock *req, const struct sk_buff *skb,
750 			  int hash_offset, u32 sne)
751 {
752 	u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN];
753 
754 	tcp_v4_ao_calc_key_rsk(ao_key, tkey_buf, req);
755 
756 	return tcp_ao_hash_skb(AF_INET, ao_hash, ao_key, req_to_sk(req), skb,
757 			       tkey_buf, hash_offset, sne);
758 }
759 
tcp_v4_ao_lookup_rsk(const struct sock * sk,struct request_sock * req,int sndid,int rcvid)760 struct tcp_ao_key *tcp_v4_ao_lookup_rsk(const struct sock *sk,
761 					struct request_sock *req,
762 					int sndid, int rcvid)
763 {
764 	struct inet_request_sock *ireq = inet_rsk(req);
765 	union tcp_ao_addr *addr = (union tcp_ao_addr *)&ireq->ir_rmt_addr;
766 	int l3index;
767 
768 	l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
769 	return tcp_ao_do_lookup(sk, l3index, addr, AF_INET, sndid, rcvid);
770 }
771 
tcp_v4_ao_lookup(const struct sock * sk,struct sock * addr_sk,int sndid,int rcvid)772 struct tcp_ao_key *tcp_v4_ao_lookup(const struct sock *sk, struct sock *addr_sk,
773 				    int sndid, int rcvid)
774 {
775 	int l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
776 						     addr_sk->sk_bound_dev_if);
777 	union tcp_ao_addr *addr = (union tcp_ao_addr *)&addr_sk->sk_daddr;
778 
779 	return tcp_ao_do_lookup(sk, l3index, addr, AF_INET, sndid, rcvid);
780 }
781 
tcp_ao_prepare_reset(const struct sock * sk,struct sk_buff * skb,const struct tcp_ao_hdr * aoh,int l3index,u32 seq,struct tcp_ao_key ** key,char ** traffic_key,bool * allocated_traffic_key,u8 * keyid,u32 * sne)782 int tcp_ao_prepare_reset(const struct sock *sk, struct sk_buff *skb,
783 			 const struct tcp_ao_hdr *aoh, int l3index, u32 seq,
784 			 struct tcp_ao_key **key, char **traffic_key,
785 			 bool *allocated_traffic_key, u8 *keyid, u32 *sne)
786 {
787 	const struct tcphdr *th = tcp_hdr(skb);
788 	struct tcp_ao_info *ao_info;
789 
790 	*allocated_traffic_key = false;
791 	/* If there's no socket - than initial sisn/disn are unknown.
792 	 * Drop the segment. RFC5925 (7.7) advises to require graceful
793 	 * restart [RFC4724]. Alternatively, the RFC5925 advises to
794 	 * save/restore traffic keys before/after reboot.
795 	 * Linux TCP-AO support provides TCP_AO_ADD_KEY and TCP_AO_REPAIR
796 	 * options to restore a socket post-reboot.
797 	 */
798 	if (!sk)
799 		return -ENOTCONN;
800 
801 	if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_NEW_SYN_RECV)) {
802 		unsigned int family = READ_ONCE(sk->sk_family);
803 		union tcp_ao_addr *addr;
804 		__be32 disn, sisn;
805 
806 		if (sk->sk_state == TCP_NEW_SYN_RECV) {
807 			struct request_sock *req = inet_reqsk(sk);
808 
809 			sisn = htonl(tcp_rsk(req)->rcv_isn);
810 			disn = htonl(tcp_rsk(req)->snt_isn);
811 			*sne = tcp_ao_compute_sne(0, tcp_rsk(req)->snt_isn, seq);
812 		} else {
813 			sisn = th->seq;
814 			disn = 0;
815 		}
816 		if (IS_ENABLED(CONFIG_IPV6) && family == AF_INET6)
817 			addr = (union tcp_md5_addr *)&ipv6_hdr(skb)->saddr;
818 		else
819 			addr = (union tcp_md5_addr *)&ip_hdr(skb)->saddr;
820 #if IS_ENABLED(CONFIG_IPV6)
821 		if (family == AF_INET6 && ipv6_addr_v4mapped(&sk->sk_v6_daddr))
822 			family = AF_INET;
823 #endif
824 
825 		sk = sk_const_to_full_sk(sk);
826 		ao_info = rcu_dereference(tcp_sk(sk)->ao_info);
827 		if (!ao_info)
828 			return -ENOENT;
829 		*key = tcp_ao_do_lookup(sk, l3index, addr, family,
830 					-1, aoh->rnext_keyid);
831 		if (!*key)
832 			return -ENOENT;
833 		*traffic_key = kmalloc(tcp_ao_digest_size(*key), GFP_ATOMIC);
834 		if (!*traffic_key)
835 			return -ENOMEM;
836 		*allocated_traffic_key = true;
837 		if (tcp_ao_calc_key_skb(*key, *traffic_key, skb,
838 					sisn, disn, family))
839 			return -1;
840 		*keyid = (*key)->rcvid;
841 	} else {
842 		struct tcp_ao_key *rnext_key;
843 		u32 snd_basis;
844 
845 		if (sk->sk_state == TCP_TIME_WAIT) {
846 			ao_info = rcu_dereference(tcp_twsk(sk)->ao_info);
847 			snd_basis = tcp_twsk(sk)->tw_snd_nxt;
848 		} else {
849 			ao_info = rcu_dereference(tcp_sk(sk)->ao_info);
850 			snd_basis = tcp_sk(sk)->snd_una;
851 		}
852 		if (!ao_info)
853 			return -ENOENT;
854 
855 		*key = tcp_ao_established_key(sk, ao_info, aoh->rnext_keyid, -1);
856 		if (!*key)
857 			return -ENOENT;
858 		*traffic_key = snd_other_key(*key);
859 		rnext_key = READ_ONCE(ao_info->rnext_key);
860 		*keyid = rnext_key->rcvid;
861 		*sne = tcp_ao_compute_sne(READ_ONCE(ao_info->snd_sne),
862 					  snd_basis, seq);
863 	}
864 	return 0;
865 }
866 
tcp_ao_transmit_skb(struct sock * sk,struct sk_buff * skb,struct tcp_ao_key * key,struct tcphdr * th,__u8 * hash_location)867 void tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
868 			 struct tcp_ao_key *key, struct tcphdr *th,
869 			 __u8 *hash_location)
870 {
871 	struct tcp_skb_cb *tcb = TCP_SKB_CB(skb);
872 	u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN];
873 	struct tcp_sock *tp = tcp_sk(sk);
874 	struct tcp_ao_info *ao;
875 	u8 *traffic_key;
876 	u32 sne;
877 
878 	ao = rcu_dereference_protected(tcp_sk(sk)->ao_info,
879 				       lockdep_sock_is_held(sk));
880 	traffic_key = snd_other_key(key);
881 	if (unlikely(tcb->tcp_flags & TCPHDR_SYN)) {
882 		__be32 disn;
883 
884 		if (!(tcb->tcp_flags & TCPHDR_ACK)) {
885 			disn = 0;
886 			traffic_key = tkey_buf;
887 		} else {
888 			disn = ao->risn;
889 		}
890 		tp->af_specific->ao_calc_key_sk(key, traffic_key,
891 						sk, ao->lisn, disn, true);
892 	}
893 	sne = tcp_ao_compute_sne(READ_ONCE(ao->snd_sne), READ_ONCE(tp->snd_una),
894 				 ntohl(th->seq));
895 	tp->af_specific->calc_ao_hash(hash_location, key, sk, skb, traffic_key,
896 				      hash_location - (u8 *)th, sne);
897 }
898 
tcp_ao_inbound_lookup(unsigned short int family,const struct sock * sk,const struct sk_buff * skb,int sndid,int rcvid,int l3index)899 static struct tcp_ao_key *tcp_ao_inbound_lookup(unsigned short int family,
900 		const struct sock *sk, const struct sk_buff *skb,
901 		int sndid, int rcvid, int l3index)
902 {
903 	if (family == AF_INET) {
904 		const struct iphdr *iph = ip_hdr(skb);
905 
906 		return tcp_ao_do_lookup(sk, l3index,
907 					(union tcp_ao_addr *)&iph->saddr,
908 					AF_INET, sndid, rcvid);
909 	} else {
910 		const struct ipv6hdr *iph = ipv6_hdr(skb);
911 
912 		return tcp_ao_do_lookup(sk, l3index,
913 					(union tcp_ao_addr *)&iph->saddr,
914 					AF_INET6, sndid, rcvid);
915 	}
916 }
917 
tcp_ao_syncookie(struct sock * sk,const struct sk_buff * skb,struct request_sock * req,unsigned short int family)918 void tcp_ao_syncookie(struct sock *sk, const struct sk_buff *skb,
919 		      struct request_sock *req, unsigned short int family)
920 {
921 	struct tcp_request_sock *treq = tcp_rsk(req);
922 	const struct tcphdr *th = tcp_hdr(skb);
923 	const struct tcp_ao_hdr *aoh;
924 	struct tcp_ao_key *key;
925 	int l3index;
926 
927 	/* treq->af_specific is used to perform TCP_AO lookup
928 	 * in tcp_create_openreq_child().
929 	 */
930 #if IS_ENABLED(CONFIG_IPV6)
931 	if (family == AF_INET6)
932 		treq->af_specific = &tcp_request_sock_ipv6_ops;
933 	else
934 #endif
935 		treq->af_specific = &tcp_request_sock_ipv4_ops;
936 
937 	treq->used_tcp_ao = false;
938 
939 	if (tcp_parse_auth_options(th, NULL, &aoh) || !aoh)
940 		return;
941 
942 	l3index = l3mdev_master_ifindex_by_index(sock_net(sk), inet_rsk(req)->ir_iif);
943 	key = tcp_ao_inbound_lookup(family, sk, skb, -1, aoh->keyid, l3index);
944 	if (!key)
945 		/* Key not found, continue without TCP-AO */
946 		return;
947 
948 	treq->ao_rcv_next = aoh->keyid;
949 	treq->ao_keyid = aoh->rnext_keyid;
950 	treq->used_tcp_ao = true;
951 }
952 
953 static enum skb_drop_reason
tcp_ao_verify_hash(const struct sock * sk,const struct sk_buff * skb,unsigned short int family,struct tcp_ao_info * info,const struct tcp_ao_hdr * aoh,struct tcp_ao_key * key,u8 * traffic_key,u8 * phash,u32 sne,int l3index)954 tcp_ao_verify_hash(const struct sock *sk, const struct sk_buff *skb,
955 		   unsigned short int family, struct tcp_ao_info *info,
956 		   const struct tcp_ao_hdr *aoh, struct tcp_ao_key *key,
957 		   u8 *traffic_key, u8 *phash, u32 sne, int l3index)
958 {
959 	const struct tcphdr *th = tcp_hdr(skb);
960 	u8 maclen = tcp_ao_hdr_maclen(aoh);
961 	u8 hash_buf[TCP_AO_MAX_MAC_LEN];
962 
963 	if (maclen != tcp_ao_maclen(key)) {
964 		NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOBAD);
965 		atomic64_inc(&info->counters.pkt_bad);
966 		atomic64_inc(&key->pkt_bad);
967 		trace_tcp_ao_wrong_maclen(sk, skb, aoh->keyid,
968 					  aoh->rnext_keyid, maclen);
969 		return SKB_DROP_REASON_TCP_AOFAILURE;
970 	}
971 
972 	/* XXX: make it per-AF callback? */
973 	tcp_ao_hash_skb(family, hash_buf, key, sk, skb, traffic_key,
974 			(phash - (u8 *)th), sne);
975 	if (crypto_memneq(phash, hash_buf, maclen)) {
976 		NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOBAD);
977 		atomic64_inc(&info->counters.pkt_bad);
978 		atomic64_inc(&key->pkt_bad);
979 		trace_tcp_ao_mismatch(sk, skb, aoh->keyid,
980 				      aoh->rnext_keyid, maclen);
981 		return SKB_DROP_REASON_TCP_AOFAILURE;
982 	}
983 	NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOGOOD);
984 	atomic64_inc(&info->counters.pkt_good);
985 	atomic64_inc(&key->pkt_good);
986 	return SKB_NOT_DROPPED_YET;
987 }
988 
989 enum skb_drop_reason
tcp_inbound_ao_hash(struct sock * sk,const struct sk_buff * skb,unsigned short int family,const struct request_sock * req,int l3index,const struct tcp_ao_hdr * aoh)990 tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb,
991 		    unsigned short int family, const struct request_sock *req,
992 		    int l3index, const struct tcp_ao_hdr *aoh)
993 {
994 	u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN];
995 	const struct tcphdr *th = tcp_hdr(skb);
996 	u8 maclen = tcp_ao_hdr_maclen(aoh);
997 	u8 *phash = (u8 *)(aoh + 1); /* hash goes just after the header */
998 	struct tcp_ao_info *info;
999 	struct tcp_ao_key *key;
1000 	__be32 sisn, disn;
1001 	u8 *traffic_key;
1002 	int state;
1003 	u32 sne = 0;
1004 
1005 	info = rcu_dereference(tcp_sk(sk)->ao_info);
1006 	if (!info) {
1007 		NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOKEYNOTFOUND);
1008 		trace_tcp_ao_key_not_found(sk, skb, aoh->keyid,
1009 					   aoh->rnext_keyid, maclen);
1010 		return SKB_DROP_REASON_TCP_AOUNEXPECTED;
1011 	}
1012 
1013 	if (unlikely(th->syn)) {
1014 		sisn = th->seq;
1015 		disn = 0;
1016 	}
1017 
1018 	state = READ_ONCE(sk->sk_state);
1019 	/* Fast-path */
1020 	if (likely((1 << state) & TCP_AO_ESTABLISHED)) {
1021 		enum skb_drop_reason err;
1022 		struct tcp_ao_key *current_key;
1023 
1024 		/* Check if this socket's rnext_key matches the keyid in the
1025 		 * packet. If not we lookup the key based on the keyid
1026 		 * matching the rcvid in the mkt.
1027 		 */
1028 		key = READ_ONCE(info->rnext_key);
1029 		if (key->rcvid != aoh->keyid) {
1030 			key = tcp_ao_established_key(sk, info, -1, aoh->keyid);
1031 			if (!key)
1032 				goto key_not_found;
1033 		}
1034 
1035 		/* Delayed retransmitted SYN */
1036 		if (unlikely(th->syn && !th->ack))
1037 			goto verify_hash;
1038 
1039 		sne = tcp_ao_compute_sne(info->rcv_sne, tcp_sk(sk)->rcv_nxt,
1040 					 ntohl(th->seq));
1041 		/* Established socket, traffic key are cached */
1042 		traffic_key = rcv_other_key(key);
1043 		err = tcp_ao_verify_hash(sk, skb, family, info, aoh, key,
1044 					 traffic_key, phash, sne, l3index);
1045 		if (err)
1046 			return err;
1047 		current_key = READ_ONCE(info->current_key);
1048 		/* Key rotation: the peer asks us to use new key (RNext) */
1049 		if (unlikely(aoh->rnext_keyid != current_key->sndid)) {
1050 			trace_tcp_ao_rnext_request(sk, skb, current_key->sndid,
1051 						   aoh->rnext_keyid,
1052 						   tcp_ao_hdr_maclen(aoh));
1053 			/* If the key is not found we do nothing. */
1054 			key = tcp_ao_established_key(sk, info, aoh->rnext_keyid, -1);
1055 			if (key)
1056 				/* pairs with tcp_ao_del_cmd */
1057 				WRITE_ONCE(info->current_key, key);
1058 		}
1059 		return SKB_NOT_DROPPED_YET;
1060 	}
1061 
1062 	if (unlikely(state == TCP_CLOSE))
1063 		return SKB_DROP_REASON_TCP_CLOSE;
1064 
1065 	/* Lookup key based on peer address and keyid.
1066 	 * current_key and rnext_key must not be used on tcp listen
1067 	 * sockets as otherwise:
1068 	 * - request sockets would race on those key pointers
1069 	 * - tcp_ao_del_cmd() allows async key removal
1070 	 */
1071 	key = tcp_ao_inbound_lookup(family, sk, skb, -1, aoh->keyid, l3index);
1072 	if (!key)
1073 		goto key_not_found;
1074 
1075 	if (th->syn && !th->ack)
1076 		goto verify_hash;
1077 
1078 	if ((1 << state) & (TCPF_LISTEN | TCPF_NEW_SYN_RECV)) {
1079 		/* Make the initial syn the likely case here */
1080 		if (unlikely(req)) {
1081 			sne = tcp_ao_compute_sne(0, tcp_rsk(req)->rcv_isn,
1082 						 ntohl(th->seq));
1083 			sisn = htonl(tcp_rsk(req)->rcv_isn);
1084 			disn = htonl(tcp_rsk(req)->snt_isn);
1085 		} else if (unlikely(th->ack && !th->syn)) {
1086 			/* Possible syncookie packet */
1087 			sisn = htonl(ntohl(th->seq) - 1);
1088 			disn = htonl(ntohl(th->ack_seq) - 1);
1089 			sne = tcp_ao_compute_sne(0, ntohl(sisn),
1090 						 ntohl(th->seq));
1091 		} else if (unlikely(!th->syn)) {
1092 			/* no way to figure out initial sisn/disn - drop */
1093 			return SKB_DROP_REASON_TCP_FLAGS;
1094 		}
1095 	} else if ((1 << state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {
1096 		disn = info->lisn;
1097 		if (th->syn || th->rst)
1098 			sisn = th->seq;
1099 		else
1100 			sisn = info->risn;
1101 	} else {
1102 		WARN_ONCE(1, "TCP-AO: Unexpected sk_state %d", state);
1103 		return SKB_DROP_REASON_TCP_AOFAILURE;
1104 	}
1105 verify_hash:
1106 	tcp_ao_calc_key_skb(key, tkey_buf, skb, sisn, disn, family);
1107 	return tcp_ao_verify_hash(sk, skb, family, info, aoh, key,
1108 				  tkey_buf, phash, sne, l3index);
1109 
1110 key_not_found:
1111 	NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOKEYNOTFOUND);
1112 	atomic64_inc(&info->counters.key_not_found);
1113 	trace_tcp_ao_key_not_found(sk, skb, aoh->keyid,
1114 				   aoh->rnext_keyid, maclen);
1115 	return SKB_DROP_REASON_TCP_AOKEYNOTFOUND;
1116 }
1117 
tcp_ao_cache_traffic_keys(const struct sock * sk,struct tcp_ao_info * ao,struct tcp_ao_key * ao_key)1118 static int tcp_ao_cache_traffic_keys(const struct sock *sk,
1119 				     struct tcp_ao_info *ao,
1120 				     struct tcp_ao_key *ao_key)
1121 {
1122 	u8 *traffic_key = snd_other_key(ao_key);
1123 	int ret;
1124 
1125 	ret = tcp_ao_calc_key_sk(ao_key, traffic_key, sk,
1126 				 ao->lisn, ao->risn, true);
1127 	if (ret)
1128 		return ret;
1129 
1130 	traffic_key = rcv_other_key(ao_key);
1131 	ret = tcp_ao_calc_key_sk(ao_key, traffic_key, sk,
1132 				 ao->lisn, ao->risn, false);
1133 	return ret;
1134 }
1135 
tcp_ao_connect_init(struct sock * sk)1136 void tcp_ao_connect_init(struct sock *sk)
1137 {
1138 	struct tcp_sock *tp = tcp_sk(sk);
1139 	struct tcp_ao_info *ao_info;
1140 	struct hlist_node *next;
1141 	union tcp_ao_addr *addr;
1142 	struct tcp_ao_key *key;
1143 	int family, l3index;
1144 
1145 	ao_info = rcu_dereference_protected(tp->ao_info,
1146 					    lockdep_sock_is_held(sk));
1147 	if (!ao_info)
1148 		return;
1149 
1150 	/* Remove all keys that don't match the peer */
1151 	family = sk->sk_family;
1152 	if (family == AF_INET)
1153 		addr = (union tcp_ao_addr *)&sk->sk_daddr;
1154 #if IS_ENABLED(CONFIG_IPV6)
1155 	else if (family == AF_INET6)
1156 		addr = (union tcp_ao_addr *)&sk->sk_v6_daddr;
1157 #endif
1158 	else
1159 		return;
1160 	l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
1161 						 sk->sk_bound_dev_if);
1162 
1163 	hlist_for_each_entry_safe(key, next, &ao_info->head, node) {
1164 		if (!tcp_ao_key_cmp(key, l3index, addr, key->prefixlen, family, -1, -1))
1165 			continue;
1166 
1167 		if (key == ao_info->current_key)
1168 			ao_info->current_key = NULL;
1169 		if (key == ao_info->rnext_key)
1170 			ao_info->rnext_key = NULL;
1171 		hlist_del_rcu(&key->node);
1172 		atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc);
1173 		call_rcu(&key->rcu, tcp_ao_key_free_rcu);
1174 	}
1175 
1176 	key = tp->af_specific->ao_lookup(sk, sk, -1, -1);
1177 	if (key) {
1178 		/* if current_key or rnext_key were not provided,
1179 		 * use the first key matching the peer
1180 		 */
1181 		if (!ao_info->current_key)
1182 			ao_info->current_key = key;
1183 		if (!ao_info->rnext_key)
1184 			ao_info->rnext_key = key;
1185 		tp->tcp_header_len += tcp_ao_len_aligned(key);
1186 
1187 		ao_info->lisn = htonl(tp->write_seq);
1188 		ao_info->snd_sne = 0;
1189 	} else {
1190 		/* Can't happen: tcp_connect() verifies that there's
1191 		 * at least one tcp-ao key that matches the remote peer.
1192 		 */
1193 		WARN_ON_ONCE(1);
1194 		rcu_assign_pointer(tp->ao_info, NULL);
1195 		kfree(ao_info);
1196 	}
1197 }
1198 
tcp_ao_established(struct sock * sk)1199 void tcp_ao_established(struct sock *sk)
1200 {
1201 	struct tcp_ao_info *ao;
1202 	struct tcp_ao_key *key;
1203 
1204 	ao = rcu_dereference_protected(tcp_sk(sk)->ao_info,
1205 				       lockdep_sock_is_held(sk));
1206 	if (!ao)
1207 		return;
1208 
1209 	hlist_for_each_entry_rcu(key, &ao->head, node, lockdep_sock_is_held(sk))
1210 		tcp_ao_cache_traffic_keys(sk, ao, key);
1211 }
1212 
tcp_ao_finish_connect(struct sock * sk,struct sk_buff * skb)1213 void tcp_ao_finish_connect(struct sock *sk, struct sk_buff *skb)
1214 {
1215 	struct tcp_ao_info *ao;
1216 	struct tcp_ao_key *key;
1217 
1218 	ao = rcu_dereference_protected(tcp_sk(sk)->ao_info,
1219 				       lockdep_sock_is_held(sk));
1220 	if (!ao)
1221 		return;
1222 
1223 	/* sk with TCP_REPAIR_ON does not have skb in tcp_finish_connect */
1224 	if (skb)
1225 		WRITE_ONCE(ao->risn, tcp_hdr(skb)->seq);
1226 	ao->rcv_sne = 0;
1227 
1228 	hlist_for_each_entry_rcu(key, &ao->head, node, lockdep_sock_is_held(sk))
1229 		tcp_ao_cache_traffic_keys(sk, ao, key);
1230 }
1231 
tcp_ao_copy_all_matching(const struct sock * sk,struct sock * newsk,struct request_sock * req,struct sk_buff * skb,int family)1232 int tcp_ao_copy_all_matching(const struct sock *sk, struct sock *newsk,
1233 			     struct request_sock *req, struct sk_buff *skb,
1234 			     int family)
1235 {
1236 	struct tcp_ao_key *key, *new_key, *first_key;
1237 	struct tcp_ao_info *new_ao, *ao;
1238 	struct hlist_node *key_head;
1239 	int l3index, ret = -ENOMEM;
1240 	union tcp_ao_addr *addr;
1241 	bool match = false;
1242 
1243 	ao = rcu_dereference(tcp_sk(sk)->ao_info);
1244 	if (!ao)
1245 		return 0;
1246 
1247 	/* New socket without TCP-AO on it */
1248 	if (!tcp_rsk_used_ao(req))
1249 		return 0;
1250 
1251 	new_ao = tcp_ao_alloc_info(GFP_ATOMIC);
1252 	if (!new_ao)
1253 		return -ENOMEM;
1254 	new_ao->lisn = htonl(tcp_rsk(req)->snt_isn);
1255 	new_ao->risn = htonl(tcp_rsk(req)->rcv_isn);
1256 	new_ao->ao_required = ao->ao_required;
1257 	new_ao->accept_icmps = ao->accept_icmps;
1258 
1259 	if (family == AF_INET) {
1260 		addr = (union tcp_ao_addr *)&newsk->sk_daddr;
1261 #if IS_ENABLED(CONFIG_IPV6)
1262 	} else if (family == AF_INET6) {
1263 		addr = (union tcp_ao_addr *)&newsk->sk_v6_daddr;
1264 #endif
1265 	} else {
1266 		ret = -EAFNOSUPPORT;
1267 		goto free_ao;
1268 	}
1269 	l3index = l3mdev_master_ifindex_by_index(sock_net(newsk),
1270 						 newsk->sk_bound_dev_if);
1271 
1272 	hlist_for_each_entry_rcu(key, &ao->head, node) {
1273 		if (tcp_ao_key_cmp(key, l3index, addr, key->prefixlen, family, -1, -1))
1274 			continue;
1275 
1276 		new_key = tcp_ao_copy_key(newsk, key);
1277 		if (!new_key)
1278 			goto free_and_exit;
1279 
1280 		tcp_ao_cache_traffic_keys(newsk, new_ao, new_key);
1281 		tcp_ao_link_mkt(new_ao, new_key);
1282 		match = true;
1283 	}
1284 
1285 	if (!match) {
1286 		/* RFC5925 (7.4.1) specifies that the TCP-AO status
1287 		 * of a connection is determined on the initial SYN.
1288 		 * At this point the connection was TCP-AO enabled, so
1289 		 * it can't switch to being unsigned if peer's key
1290 		 * disappears on the listening socket.
1291 		 */
1292 		ret = -EKEYREJECTED;
1293 		goto free_and_exit;
1294 	}
1295 
1296 	if (!static_key_fast_inc_not_disabled(&tcp_ao_needed.key.key)) {
1297 		ret = -EUSERS;
1298 		goto free_and_exit;
1299 	}
1300 
1301 	key_head = rcu_dereference(hlist_first_rcu(&new_ao->head));
1302 	first_key = hlist_entry_safe(key_head, struct tcp_ao_key, node);
1303 
1304 	key = tcp_ao_established_key(req_to_sk(req), new_ao, tcp_rsk(req)->ao_keyid, -1);
1305 	if (key)
1306 		new_ao->current_key = key;
1307 	else
1308 		new_ao->current_key = first_key;
1309 
1310 	/* set rnext_key */
1311 	key = tcp_ao_established_key(req_to_sk(req), new_ao, -1, tcp_rsk(req)->ao_rcv_next);
1312 	if (key)
1313 		new_ao->rnext_key = key;
1314 	else
1315 		new_ao->rnext_key = first_key;
1316 
1317 	sk_gso_disable(newsk);
1318 	rcu_assign_pointer(tcp_sk(newsk)->ao_info, new_ao);
1319 
1320 	return 0;
1321 
1322 free_and_exit:
1323 	hlist_for_each_entry_safe(key, key_head, &new_ao->head, node) {
1324 		hlist_del(&key->node);
1325 		atomic_sub(tcp_ao_sizeof_key(key), &newsk->sk_omem_alloc);
1326 		kfree_sensitive(key);
1327 	}
1328 free_ao:
1329 	kfree(new_ao);
1330 	return ret;
1331 }
1332 
tcp_ao_can_set_current_rnext(struct sock * sk)1333 static bool tcp_ao_can_set_current_rnext(struct sock *sk)
1334 {
1335 	/* There aren't current/rnext keys on TCP_LISTEN sockets */
1336 	if (sk->sk_state == TCP_LISTEN)
1337 		return false;
1338 	return true;
1339 }
1340 
tcp_ao_verify_ipv4(struct sock * sk,struct tcp_ao_add * cmd,union tcp_ao_addr ** addr)1341 static int tcp_ao_verify_ipv4(struct sock *sk, struct tcp_ao_add *cmd,
1342 			      union tcp_ao_addr **addr)
1343 {
1344 	struct sockaddr_in *sin = (struct sockaddr_in *)&cmd->addr;
1345 	struct inet_sock *inet = inet_sk(sk);
1346 
1347 	if (sin->sin_family != AF_INET)
1348 		return -EINVAL;
1349 
1350 	/* Currently matching is not performed on port (or port ranges) */
1351 	if (sin->sin_port != 0)
1352 		return -EINVAL;
1353 
1354 	/* Check prefix and trailing 0's in addr */
1355 	if (cmd->prefix != 0) {
1356 		__be32 mask;
1357 
1358 		if (ntohl(sin->sin_addr.s_addr) == INADDR_ANY)
1359 			return -EINVAL;
1360 		if (cmd->prefix > 32)
1361 			return -EINVAL;
1362 
1363 		mask = inet_make_mask(cmd->prefix);
1364 		if (sin->sin_addr.s_addr & ~mask)
1365 			return -EINVAL;
1366 
1367 		/* Check that MKT address is consistent with socket */
1368 		if (ntohl(inet->inet_daddr) != INADDR_ANY &&
1369 		    (inet->inet_daddr & mask) != sin->sin_addr.s_addr)
1370 			return -EINVAL;
1371 	} else {
1372 		if (ntohl(sin->sin_addr.s_addr) != INADDR_ANY)
1373 			return -EINVAL;
1374 	}
1375 
1376 	*addr = (union tcp_ao_addr *)&sin->sin_addr;
1377 	return 0;
1378 }
1379 
tcp_ao_parse_crypto(const struct tcp_ao_add * cmd,struct tcp_ao_key * key)1380 static int tcp_ao_parse_crypto(const struct tcp_ao_add *cmd,
1381 			       struct tcp_ao_key *key)
1382 {
1383 	unsigned int syn_tcp_option_space;
1384 
1385 	key->maclen = cmd->maclen ?: 12; /* 12 is the default in RFC5925 */
1386 
1387 	/* Check: maclen + tcp-ao header <= (MAX_TCP_OPTION_SPACE - mss
1388 	 *					- tstamp (including sackperm)
1389 	 *					- wscale),
1390 	 * see tcp_syn_options(), tcp_synack_options(), commit 33ad798c924b.
1391 	 *
1392 	 * In order to allow D-SACK with TCP-AO, the header size should be:
1393 	 * (MAX_TCP_OPTION_SPACE - TCPOLEN_TSTAMP_ALIGNED
1394 	 *			- TCPOLEN_SACK_BASE_ALIGNED
1395 	 *			- 2 * TCPOLEN_SACK_PERBLOCK) = 8 (maclen = 4),
1396 	 * see tcp_established_options().
1397 	 *
1398 	 * RFC5925, 2.2:
1399 	 * Typical MACs are 96-128 bits (12-16 bytes), but any length
1400 	 * that fits in the header of the segment being authenticated
1401 	 * is allowed.
1402 	 *
1403 	 * RFC5925, 7.6:
1404 	 * TCP-AO continues to consume 16 bytes in non-SYN segments,
1405 	 * leaving a total of 24 bytes for other options, of which
1406 	 * the timestamp consumes 10.  This leaves 14 bytes, of which 10
1407 	 * are used for a single SACK block. When two SACK blocks are used,
1408 	 * such as to handle D-SACK, a smaller TCP-AO MAC would be required
1409 	 * to make room for the additional SACK block (i.e., to leave 18
1410 	 * bytes for the D-SACK variant of the SACK option) [RFC2883].
1411 	 * Note that D-SACK is not supportable in TCP MD5 in the presence
1412 	 * of timestamps, because TCP MD5’s MAC length is fixed and too
1413 	 * large to leave sufficient option space.
1414 	 */
1415 	syn_tcp_option_space = MAX_TCP_OPTION_SPACE;
1416 	syn_tcp_option_space -= TCPOLEN_MSS_ALIGNED;
1417 	syn_tcp_option_space -= TCPOLEN_TSTAMP_ALIGNED;
1418 	syn_tcp_option_space -= TCPOLEN_WSCALE_ALIGNED;
1419 	if (tcp_ao_len_aligned(key) > syn_tcp_option_space)
1420 		return -EMSGSIZE;
1421 
1422 	if (key->algo == TCP_AO_ALGO_AES_128_CMAC &&
1423 	    cmd->keylen != AES_KEYSIZE_128) {
1424 		/* RFC5926, 3.1.1.2. KDF_AES_128_CMAC */
1425 		static const u8 zeroes[AES_KEYSIZE_128];
1426 		struct aes_cmac_key extractor;
1427 
1428 		aes_cmac_preparekey(&extractor, zeroes, AES_KEYSIZE_128);
1429 		aes_cmac(&extractor, cmd->key, cmd->keylen, key->key);
1430 		key->keylen = AES_KEYSIZE_128;
1431 	} else {
1432 		memcpy(key->key, cmd->key, cmd->keylen);
1433 		key->keylen = cmd->keylen;
1434 	}
1435 
1436 	if (tcp_ao_maclen(key) > key->digest_size)
1437 		return -EINVAL;
1438 
1439 	return 0;
1440 }
1441 
1442 #if IS_ENABLED(CONFIG_IPV6)
tcp_ao_verify_ipv6(struct sock * sk,struct tcp_ao_add * cmd,union tcp_ao_addr ** paddr,unsigned short int * family)1443 static int tcp_ao_verify_ipv6(struct sock *sk, struct tcp_ao_add *cmd,
1444 			      union tcp_ao_addr **paddr,
1445 			      unsigned short int *family)
1446 {
1447 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd->addr;
1448 	struct in6_addr *addr = &sin6->sin6_addr;
1449 	u8 prefix = cmd->prefix;
1450 
1451 	if (sin6->sin6_family != AF_INET6)
1452 		return -EINVAL;
1453 
1454 	/* Currently matching is not performed on port (or port ranges) */
1455 	if (sin6->sin6_port != 0)
1456 		return -EINVAL;
1457 
1458 	/* Check prefix and trailing 0's in addr */
1459 	if (cmd->prefix != 0 && ipv6_addr_v4mapped(addr)) {
1460 		__be32 addr4 = addr->s6_addr32[3];
1461 		__be32 mask;
1462 
1463 		if (prefix > 32 || ntohl(addr4) == INADDR_ANY)
1464 			return -EINVAL;
1465 
1466 		mask = inet_make_mask(prefix);
1467 		if (addr4 & ~mask)
1468 			return -EINVAL;
1469 
1470 		/* Check that MKT address is consistent with socket */
1471 		if (!ipv6_addr_any(&sk->sk_v6_daddr)) {
1472 			__be32 daddr4 = sk->sk_v6_daddr.s6_addr32[3];
1473 
1474 			if (!ipv6_addr_v4mapped(&sk->sk_v6_daddr))
1475 				return -EINVAL;
1476 			if ((daddr4 & mask) != addr4)
1477 				return -EINVAL;
1478 		}
1479 
1480 		*paddr = (union tcp_ao_addr *)&addr->s6_addr32[3];
1481 		*family = AF_INET;
1482 		return 0;
1483 	} else if (cmd->prefix != 0) {
1484 		struct in6_addr pfx;
1485 
1486 		if (ipv6_addr_any(addr) || prefix > 128)
1487 			return -EINVAL;
1488 
1489 		ipv6_addr_prefix(&pfx, addr, prefix);
1490 		if (ipv6_addr_cmp(&pfx, addr))
1491 			return -EINVAL;
1492 
1493 		/* Check that MKT address is consistent with socket */
1494 		if (!ipv6_addr_any(&sk->sk_v6_daddr) &&
1495 		    !ipv6_prefix_equal(&sk->sk_v6_daddr, addr, prefix))
1496 
1497 			return -EINVAL;
1498 	} else {
1499 		if (!ipv6_addr_any(addr))
1500 			return -EINVAL;
1501 	}
1502 
1503 	*paddr = (union tcp_ao_addr *)addr;
1504 	return 0;
1505 }
1506 #else
tcp_ao_verify_ipv6(struct sock * sk,struct tcp_ao_add * cmd,union tcp_ao_addr ** paddr,unsigned short int * family)1507 static int tcp_ao_verify_ipv6(struct sock *sk, struct tcp_ao_add *cmd,
1508 			      union tcp_ao_addr **paddr,
1509 			      unsigned short int *family)
1510 {
1511 	return -EOPNOTSUPP;
1512 }
1513 #endif
1514 
setsockopt_ao_info(struct sock * sk)1515 static struct tcp_ao_info *setsockopt_ao_info(struct sock *sk)
1516 {
1517 	if (sk_fullsock(sk)) {
1518 		return rcu_dereference_protected(tcp_sk(sk)->ao_info,
1519 						 lockdep_sock_is_held(sk));
1520 	} else if (sk->sk_state == TCP_TIME_WAIT) {
1521 		return rcu_dereference_protected(tcp_twsk(sk)->ao_info,
1522 						 lockdep_sock_is_held(sk));
1523 	}
1524 	return ERR_PTR(-ESOCKTNOSUPPORT);
1525 }
1526 
getsockopt_ao_info(struct sock * sk)1527 static struct tcp_ao_info *getsockopt_ao_info(struct sock *sk)
1528 {
1529 	if (sk_fullsock(sk))
1530 		return rcu_dereference(tcp_sk(sk)->ao_info);
1531 	else if (sk->sk_state == TCP_TIME_WAIT)
1532 		return rcu_dereference(tcp_twsk(sk)->ao_info);
1533 
1534 	return ERR_PTR(-ESOCKTNOSUPPORT);
1535 }
1536 
1537 #define TCP_AO_KEYF_ALL (TCP_AO_KEYF_IFINDEX | TCP_AO_KEYF_EXCLUDE_OPT)
1538 #define TCP_AO_GET_KEYF_VALID	(TCP_AO_KEYF_IFINDEX)
1539 
tcp_ao_key_alloc(struct sock * sk,struct tcp_ao_add * cmd)1540 static struct tcp_ao_key *tcp_ao_key_alloc(struct sock *sk,
1541 					   struct tcp_ao_add *cmd)
1542 {
1543 	const struct tcp_ao_algo *algo;
1544 	struct tcp_ao_key *key;
1545 	size_t size;
1546 
1547 	/* Force null-termination of alg_name */
1548 	cmd->alg_name[ARRAY_SIZE(cmd->alg_name) - 1] = '\0';
1549 
1550 	/*
1551 	 * For backwards compatibility, accept "cmac(aes)" as an alias for
1552 	 * "cmac(aes128)", provided that the key length is exactly 128 bits.
1553 	 */
1554 	if (strcmp(cmd->alg_name, "cmac(aes)") == 0 &&
1555 	    cmd->keylen == AES_KEYSIZE_128)
1556 		strscpy(cmd->alg_name, "cmac(aes128)");
1557 
1558 	algo = tcp_ao_find_algo(cmd->alg_name);
1559 	if (!algo)
1560 		return ERR_PTR(-ENOENT);
1561 
1562 	size = sizeof(struct tcp_ao_key) + (algo->digest_size << 1);
1563 	key = sock_kmalloc(sk, size, GFP_KERNEL);
1564 	if (!key)
1565 		return ERR_PTR(-ENOMEM);
1566 
1567 	key->algo = algo - tcp_ao_algos;
1568 	key->digest_size = algo->digest_size;
1569 	return key;
1570 }
1571 
tcp_ao_add_cmd(struct sock * sk,unsigned short int family,sockptr_t optval,int optlen)1572 static int tcp_ao_add_cmd(struct sock *sk, unsigned short int family,
1573 			  sockptr_t optval, int optlen)
1574 {
1575 	struct tcp_ao_info *ao_info;
1576 	union tcp_ao_addr *addr;
1577 	struct tcp_ao_key *key;
1578 	struct tcp_ao_add cmd;
1579 	int ret, l3index = 0;
1580 	bool first = false;
1581 
1582 	if (optlen < sizeof(cmd))
1583 		return -EINVAL;
1584 
1585 	ret = copy_struct_from_sockptr(&cmd, sizeof(cmd), optval, optlen);
1586 	if (ret)
1587 		return ret;
1588 
1589 	if (cmd.keylen > TCP_AO_MAXKEYLEN)
1590 		return -EINVAL;
1591 
1592 	if (cmd.reserved != 0 || cmd.reserved2 != 0)
1593 		return -EINVAL;
1594 
1595 	if (family == AF_INET)
1596 		ret = tcp_ao_verify_ipv4(sk, &cmd, &addr);
1597 	else
1598 		ret = tcp_ao_verify_ipv6(sk, &cmd, &addr, &family);
1599 	if (ret)
1600 		return ret;
1601 
1602 	if (cmd.keyflags & ~TCP_AO_KEYF_ALL)
1603 		return -EINVAL;
1604 
1605 	if (cmd.set_current || cmd.set_rnext) {
1606 		if (!tcp_ao_can_set_current_rnext(sk))
1607 			return -EINVAL;
1608 	}
1609 
1610 	if (cmd.ifindex && !(cmd.keyflags & TCP_AO_KEYF_IFINDEX))
1611 		return -EINVAL;
1612 
1613 	/* For cmd.tcp_ifindex = 0 the key will apply to the default VRF */
1614 	if (cmd.keyflags & TCP_AO_KEYF_IFINDEX && cmd.ifindex) {
1615 		int bound_dev_if = READ_ONCE(sk->sk_bound_dev_if);
1616 		struct net_device *dev;
1617 
1618 		rcu_read_lock();
1619 		dev = dev_get_by_index_rcu(sock_net(sk), cmd.ifindex);
1620 		if (dev && netif_is_l3_master(dev))
1621 			l3index = dev->ifindex;
1622 		rcu_read_unlock();
1623 
1624 		if (!dev || !l3index)
1625 			return -EINVAL;
1626 
1627 		if (!bound_dev_if || bound_dev_if != cmd.ifindex) {
1628 			/* tcp_ao_established_key() doesn't expect having
1629 			 * non peer-matching key on an established TCP-AO
1630 			 * connection.
1631 			 */
1632 			if (!((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)))
1633 				return -EINVAL;
1634 		}
1635 
1636 		/* It's still possible to bind after adding keys or even
1637 		 * re-bind to a different dev (with CAP_NET_RAW).
1638 		 * So, no reason to return error here, rather try to be
1639 		 * nice and warn the user.
1640 		 */
1641 		if (bound_dev_if && bound_dev_if != cmd.ifindex)
1642 			net_warn_ratelimited("AO key ifindex %d != sk bound ifindex %d\n",
1643 					     cmd.ifindex, bound_dev_if);
1644 	}
1645 
1646 	/* Don't allow keys for peers that have a matching TCP-MD5 key */
1647 	if (cmd.keyflags & TCP_AO_KEYF_IFINDEX) {
1648 		/* Non-_exact version of tcp_md5_do_lookup() will
1649 		 * as well match keys that aren't bound to a specific VRF
1650 		 * (that will make them match AO key with
1651 		 * sysctl_tcp_l3dev_accept = 1
1652 		 */
1653 		if (tcp_md5_do_lookup(sk, l3index, addr, family))
1654 			return -EKEYREJECTED;
1655 	} else {
1656 		if (tcp_md5_do_lookup_any_l3index(sk, addr, family))
1657 			return -EKEYREJECTED;
1658 	}
1659 
1660 	ao_info = setsockopt_ao_info(sk);
1661 	if (IS_ERR(ao_info))
1662 		return PTR_ERR(ao_info);
1663 
1664 	if (!ao_info) {
1665 		ao_info = tcp_ao_alloc_info(GFP_KERNEL);
1666 		if (!ao_info)
1667 			return -ENOMEM;
1668 		first = true;
1669 	} else {
1670 		/* Check that neither RecvID nor SendID match any
1671 		 * existing key for the peer, RFC5925 3.1:
1672 		 * > The IDs of MKTs MUST NOT overlap where their
1673 		 * > TCP connection identifiers overlap.
1674 		 */
1675 		if (__tcp_ao_do_lookup(sk, l3index, addr, family, cmd.prefix, -1, cmd.rcvid))
1676 			return -EEXIST;
1677 		if (__tcp_ao_do_lookup(sk, l3index, addr, family,
1678 				       cmd.prefix, cmd.sndid, -1))
1679 			return -EEXIST;
1680 	}
1681 
1682 	key = tcp_ao_key_alloc(sk, &cmd);
1683 	if (IS_ERR(key)) {
1684 		ret = PTR_ERR(key);
1685 		goto err_free_ao;
1686 	}
1687 
1688 	INIT_HLIST_NODE(&key->node);
1689 	memcpy(&key->addr, addr, (family == AF_INET) ? sizeof(struct in_addr) :
1690 						       sizeof(struct in6_addr));
1691 	key->prefixlen	= cmd.prefix;
1692 	key->family	= family;
1693 	key->keyflags	= cmd.keyflags;
1694 	key->sndid	= cmd.sndid;
1695 	key->rcvid	= cmd.rcvid;
1696 	key->l3index	= l3index;
1697 	atomic64_set(&key->pkt_good, 0);
1698 	atomic64_set(&key->pkt_bad, 0);
1699 
1700 	ret = tcp_ao_parse_crypto(&cmd, key);
1701 	if (ret < 0)
1702 		goto err_free_sock;
1703 
1704 	if (!((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))) {
1705 		tcp_ao_cache_traffic_keys(sk, ao_info, key);
1706 		if (first) {
1707 			ao_info->current_key = key;
1708 			ao_info->rnext_key = key;
1709 		}
1710 	}
1711 
1712 	tcp_ao_link_mkt(ao_info, key);
1713 	if (first) {
1714 		if (!static_branch_inc(&tcp_ao_needed.key)) {
1715 			ret = -EUSERS;
1716 			goto err_free_sock;
1717 		}
1718 		sk_gso_disable(sk);
1719 		rcu_assign_pointer(tcp_sk(sk)->ao_info, ao_info);
1720 	}
1721 
1722 	if (cmd.set_current)
1723 		WRITE_ONCE(ao_info->current_key, key);
1724 	if (cmd.set_rnext)
1725 		WRITE_ONCE(ao_info->rnext_key, key);
1726 	return 0;
1727 
1728 err_free_sock:
1729 	atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc);
1730 	kfree_sensitive(key);
1731 err_free_ao:
1732 	if (first)
1733 		kfree(ao_info);
1734 	return ret;
1735 }
1736 
tcp_ao_delete_key(struct sock * sk,struct tcp_ao_info * ao_info,bool del_async,struct tcp_ao_key * key,struct tcp_ao_key * new_current,struct tcp_ao_key * new_rnext)1737 static int tcp_ao_delete_key(struct sock *sk, struct tcp_ao_info *ao_info,
1738 			     bool del_async, struct tcp_ao_key *key,
1739 			     struct tcp_ao_key *new_current,
1740 			     struct tcp_ao_key *new_rnext)
1741 {
1742 	int err;
1743 
1744 	hlist_del_rcu(&key->node);
1745 
1746 	/* Support for async delete on listening sockets: as they don't
1747 	 * need current_key/rnext_key maintaining, we don't need to check
1748 	 * them and we can just free all resources in RCU fashion.
1749 	 */
1750 	if (del_async) {
1751 		if (ao_info->current_key == key)
1752 			WRITE_ONCE(ao_info->current_key, NULL);
1753 		if (ao_info->rnext_key == key)
1754 			WRITE_ONCE(ao_info->rnext_key, NULL);
1755 		atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc);
1756 		call_rcu(&key->rcu, tcp_ao_key_free_rcu);
1757 		return 0;
1758 	}
1759 
1760 	/* At this moment another CPU could have looked this key up
1761 	 * while it was unlinked from the list. Wait for RCU grace period,
1762 	 * after which the key is off-list and can't be looked up again;
1763 	 * the rx path [just before RCU came] might have used it and set it
1764 	 * as current_key (very unlikely).
1765 	 * Free the key with next RCU grace period (in case it was
1766 	 * current_key before tcp_ao_current_rnext() might have
1767 	 * changed it in forced-delete).
1768 	 */
1769 	synchronize_rcu();
1770 	if (new_current)
1771 		WRITE_ONCE(ao_info->current_key, new_current);
1772 	if (new_rnext)
1773 		WRITE_ONCE(ao_info->rnext_key, new_rnext);
1774 
1775 	if (unlikely(READ_ONCE(ao_info->current_key) == key ||
1776 		     READ_ONCE(ao_info->rnext_key) == key)) {
1777 		err = -EBUSY;
1778 		goto add_key;
1779 	}
1780 
1781 	atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc);
1782 	call_rcu(&key->rcu, tcp_ao_key_free_rcu);
1783 
1784 	return 0;
1785 add_key:
1786 	hlist_add_head_rcu(&key->node, &ao_info->head);
1787 	return err;
1788 }
1789 
1790 #define TCP_AO_DEL_KEYF_ALL (TCP_AO_KEYF_IFINDEX)
tcp_ao_del_cmd(struct sock * sk,unsigned short int family,sockptr_t optval,int optlen)1791 static int tcp_ao_del_cmd(struct sock *sk, unsigned short int family,
1792 			  sockptr_t optval, int optlen)
1793 {
1794 	struct tcp_ao_key *key, *new_current = NULL, *new_rnext = NULL;
1795 	int err, addr_len, l3index = 0;
1796 	struct tcp_ao_info *ao_info;
1797 	union tcp_ao_addr *addr;
1798 	struct tcp_ao_del cmd;
1799 	__u8 prefix;
1800 	u16 port;
1801 
1802 	if (optlen < sizeof(cmd))
1803 		return -EINVAL;
1804 
1805 	err = copy_struct_from_sockptr(&cmd, sizeof(cmd), optval, optlen);
1806 	if (err)
1807 		return err;
1808 
1809 	if (cmd.reserved != 0 || cmd.reserved2 != 0)
1810 		return -EINVAL;
1811 
1812 	if (cmd.set_current || cmd.set_rnext) {
1813 		if (!tcp_ao_can_set_current_rnext(sk))
1814 			return -EINVAL;
1815 	}
1816 
1817 	if (cmd.keyflags & ~TCP_AO_DEL_KEYF_ALL)
1818 		return -EINVAL;
1819 
1820 	/* No sanity check for TCP_AO_KEYF_IFINDEX as if a VRF
1821 	 * was destroyed, there still should be a way to delete keys,
1822 	 * that were bound to that l3intf. So, fail late at lookup stage
1823 	 * if there is no key for that ifindex.
1824 	 */
1825 	if (cmd.ifindex && !(cmd.keyflags & TCP_AO_KEYF_IFINDEX))
1826 		return -EINVAL;
1827 
1828 	ao_info = setsockopt_ao_info(sk);
1829 	if (IS_ERR(ao_info))
1830 		return PTR_ERR(ao_info);
1831 	if (!ao_info)
1832 		return -ENOENT;
1833 
1834 	/* For sockets in TCP_CLOSED it's possible set keys that aren't
1835 	 * matching the future peer (address/VRF/etc),
1836 	 * tcp_ao_connect_init() will choose a correct matching MKT
1837 	 * if there's any.
1838 	 */
1839 	if (cmd.set_current) {
1840 		new_current = tcp_ao_established_key(sk, ao_info, cmd.current_key, -1);
1841 		if (!new_current)
1842 			return -ENOENT;
1843 	}
1844 	if (cmd.set_rnext) {
1845 		new_rnext = tcp_ao_established_key(sk, ao_info, -1, cmd.rnext);
1846 		if (!new_rnext)
1847 			return -ENOENT;
1848 	}
1849 	if (cmd.del_async && sk->sk_state != TCP_LISTEN)
1850 		return -EINVAL;
1851 
1852 	if (family == AF_INET) {
1853 		struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.addr;
1854 
1855 		addr = (union tcp_ao_addr *)&sin->sin_addr;
1856 		addr_len = sizeof(struct in_addr);
1857 		port = ntohs(sin->sin_port);
1858 	} else {
1859 		struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.addr;
1860 		struct in6_addr *addr6 = &sin6->sin6_addr;
1861 
1862 		if (ipv6_addr_v4mapped(addr6)) {
1863 			addr = (union tcp_ao_addr *)&addr6->s6_addr32[3];
1864 			addr_len = sizeof(struct in_addr);
1865 			family = AF_INET;
1866 		} else {
1867 			addr = (union tcp_ao_addr *)addr6;
1868 			addr_len = sizeof(struct in6_addr);
1869 		}
1870 		port = ntohs(sin6->sin6_port);
1871 	}
1872 	prefix = cmd.prefix;
1873 
1874 	/* Currently matching is not performed on port (or port ranges) */
1875 	if (port != 0)
1876 		return -EINVAL;
1877 
1878 	/* We could choose random present key here for current/rnext
1879 	 * but that's less predictable. Let's be strict and don't
1880 	 * allow removing a key that's in use. RFC5925 doesn't
1881 	 * specify how-to coordinate key removal, but says:
1882 	 * "It is presumed that an MKT affecting a particular
1883 	 * connection cannot be destroyed during an active connection"
1884 	 */
1885 	hlist_for_each_entry_rcu(key, &ao_info->head, node,
1886 				 lockdep_sock_is_held(sk)) {
1887 		if (cmd.sndid != key->sndid ||
1888 		    cmd.rcvid != key->rcvid)
1889 			continue;
1890 
1891 		if (family != key->family ||
1892 		    prefix != key->prefixlen ||
1893 		    memcmp(addr, &key->addr, addr_len))
1894 			continue;
1895 
1896 		if ((cmd.keyflags & TCP_AO_KEYF_IFINDEX) !=
1897 		    (key->keyflags & TCP_AO_KEYF_IFINDEX))
1898 			continue;
1899 
1900 		if (key->l3index != l3index)
1901 			continue;
1902 
1903 		if (key == new_current || key == new_rnext)
1904 			continue;
1905 
1906 		return tcp_ao_delete_key(sk, ao_info, cmd.del_async, key,
1907 					 new_current, new_rnext);
1908 	}
1909 	return -ENOENT;
1910 }
1911 
1912 /* cmd.ao_required makes a socket TCP-AO only.
1913  * Don't allow any md5 keys for any l3intf on the socket together with it.
1914  * Restricting it early in setsockopt() removes a check for
1915  * ao_info->ao_required on inbound tcp segment fast-path.
1916  */
tcp_ao_required_verify(struct sock * sk)1917 static int tcp_ao_required_verify(struct sock *sk)
1918 {
1919 #ifdef CONFIG_TCP_MD5SIG
1920 	const struct tcp_md5sig_info *md5sig;
1921 
1922 	if (!static_branch_unlikely(&tcp_md5_needed.key))
1923 		return 0;
1924 
1925 	md5sig = rcu_dereference_check(tcp_sk(sk)->md5sig_info,
1926 				       lockdep_sock_is_held(sk));
1927 	if (!md5sig)
1928 		return 0;
1929 
1930 	if (rcu_dereference_check(hlist_first_rcu(&md5sig->head),
1931 				  lockdep_sock_is_held(sk)))
1932 		return 1;
1933 #endif
1934 	return 0;
1935 }
1936 
tcp_ao_info_cmd(struct sock * sk,unsigned short int family,sockptr_t optval,int optlen)1937 static int tcp_ao_info_cmd(struct sock *sk, unsigned short int family,
1938 			   sockptr_t optval, int optlen)
1939 {
1940 	struct tcp_ao_key *new_current = NULL, *new_rnext = NULL;
1941 	struct tcp_ao_info *ao_info;
1942 	struct tcp_ao_info_opt cmd;
1943 	bool first = false;
1944 	int err;
1945 
1946 	if (optlen < sizeof(cmd))
1947 		return -EINVAL;
1948 
1949 	err = copy_struct_from_sockptr(&cmd, sizeof(cmd), optval, optlen);
1950 	if (err)
1951 		return err;
1952 
1953 	if (cmd.set_current || cmd.set_rnext) {
1954 		if (!tcp_ao_can_set_current_rnext(sk))
1955 			return -EINVAL;
1956 	}
1957 
1958 	if (cmd.reserved != 0 || cmd.reserved2 != 0)
1959 		return -EINVAL;
1960 
1961 	ao_info = setsockopt_ao_info(sk);
1962 	if (IS_ERR(ao_info))
1963 		return PTR_ERR(ao_info);
1964 	if (!ao_info) {
1965 		if (!((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)))
1966 			return -EINVAL;
1967 		ao_info = tcp_ao_alloc_info(GFP_KERNEL);
1968 		if (!ao_info)
1969 			return -ENOMEM;
1970 		first = true;
1971 	}
1972 
1973 	if (cmd.ao_required && tcp_ao_required_verify(sk)) {
1974 		err = -EKEYREJECTED;
1975 		goto out;
1976 	}
1977 
1978 	/* For sockets in TCP_CLOSED it's possible set keys that aren't
1979 	 * matching the future peer (address/port/VRF/etc),
1980 	 * tcp_ao_connect_init() will choose a correct matching MKT
1981 	 * if there's any.
1982 	 */
1983 	if (cmd.set_current) {
1984 		new_current = tcp_ao_established_key(sk, ao_info, cmd.current_key, -1);
1985 		if (!new_current) {
1986 			err = -ENOENT;
1987 			goto out;
1988 		}
1989 	}
1990 	if (cmd.set_rnext) {
1991 		new_rnext = tcp_ao_established_key(sk, ao_info, -1, cmd.rnext);
1992 		if (!new_rnext) {
1993 			err = -ENOENT;
1994 			goto out;
1995 		}
1996 	}
1997 	if (cmd.set_counters) {
1998 		atomic64_set(&ao_info->counters.pkt_good, cmd.pkt_good);
1999 		atomic64_set(&ao_info->counters.pkt_bad, cmd.pkt_bad);
2000 		atomic64_set(&ao_info->counters.key_not_found, cmd.pkt_key_not_found);
2001 		atomic64_set(&ao_info->counters.ao_required, cmd.pkt_ao_required);
2002 		atomic64_set(&ao_info->counters.dropped_icmp, cmd.pkt_dropped_icmp);
2003 	}
2004 
2005 	ao_info->ao_required = cmd.ao_required;
2006 	ao_info->accept_icmps = cmd.accept_icmps;
2007 	if (new_current)
2008 		WRITE_ONCE(ao_info->current_key, new_current);
2009 	if (new_rnext)
2010 		WRITE_ONCE(ao_info->rnext_key, new_rnext);
2011 	if (first) {
2012 		if (!static_branch_inc(&tcp_ao_needed.key)) {
2013 			err = -EUSERS;
2014 			goto out;
2015 		}
2016 		sk_gso_disable(sk);
2017 		rcu_assign_pointer(tcp_sk(sk)->ao_info, ao_info);
2018 	}
2019 	return 0;
2020 out:
2021 	if (first)
2022 		kfree(ao_info);
2023 	return err;
2024 }
2025 
tcp_parse_ao(struct sock * sk,int cmd,unsigned short int family,sockptr_t optval,int optlen)2026 int tcp_parse_ao(struct sock *sk, int cmd, unsigned short int family,
2027 		 sockptr_t optval, int optlen)
2028 {
2029 	if (WARN_ON_ONCE(family != AF_INET && family != AF_INET6))
2030 		return -EAFNOSUPPORT;
2031 
2032 	switch (cmd) {
2033 	case TCP_AO_ADD_KEY:
2034 		return tcp_ao_add_cmd(sk, family, optval, optlen);
2035 	case TCP_AO_DEL_KEY:
2036 		return tcp_ao_del_cmd(sk, family, optval, optlen);
2037 	case TCP_AO_INFO:
2038 		return tcp_ao_info_cmd(sk, family, optval, optlen);
2039 	default:
2040 		WARN_ON_ONCE(1);
2041 		return -EINVAL;
2042 	}
2043 }
2044 
tcp_v4_parse_ao(struct sock * sk,int cmd,sockptr_t optval,int optlen)2045 int tcp_v4_parse_ao(struct sock *sk, int cmd, sockptr_t optval, int optlen)
2046 {
2047 	return tcp_parse_ao(sk, cmd, AF_INET, optval, optlen);
2048 }
2049 
2050 /* tcp_ao_copy_mkts_to_user(ao_info, optval, optlen)
2051  *
2052  * @ao_info:	struct tcp_ao_info on the socket that
2053  *		socket getsockopt(TCP_AO_GET_KEYS) is executed on
2054  * @optval:	pointer to array of tcp_ao_getsockopt structures in user space.
2055  *		Must be != NULL.
2056  * @optlen:	pointer to size of tcp_ao_getsockopt structure.
2057  *		Must be != NULL.
2058  *
2059  * Return value: 0 on success, a negative error number otherwise.
2060  *
2061  * optval points to an array of tcp_ao_getsockopt structures in user space.
2062  * optval[0] is used as both input and output to getsockopt. It determines
2063  * which keys are returned by the kernel.
2064  * optval[0].nkeys is the size of the array in user space. On return it contains
2065  * the number of keys matching the search criteria.
2066  * If tcp_ao_getsockopt::get_all is set, then all keys in the socket are
2067  * returned, otherwise only keys matching <addr, prefix, sndid, rcvid>
2068  * in optval[0] are returned.
2069  * optlen is also used as both input and output. The user provides the size
2070  * of struct tcp_ao_getsockopt in user space, and the kernel returns the size
2071  * of the structure in kernel space.
2072  * The size of struct tcp_ao_getsockopt may differ between user and kernel.
2073  * There are three cases to consider:
2074  *  * If usize == ksize, then keys are copied verbatim.
2075  *  * If usize < ksize, then the userspace has passed an old struct to a
2076  *    newer kernel. The rest of the trailing bytes in optval[0]
2077  *    (ksize - usize) are interpreted as 0 by the kernel.
2078  *  * If usize > ksize, then the userspace has passed a new struct to an
2079  *    older kernel. The trailing bytes unknown to the kernel (usize - ksize)
2080  *    are checked to ensure they are zeroed, otherwise -E2BIG is returned.
2081  * On return the kernel fills in min(usize, ksize) in each entry of the array.
2082  * The layout of the fields in the user and kernel structures is expected to
2083  * be the same (including in the 32bit vs 64bit case).
2084  */
tcp_ao_copy_mkts_to_user(const struct sock * sk,struct tcp_ao_info * ao_info,sockptr_t optval,sockptr_t optlen)2085 static int tcp_ao_copy_mkts_to_user(const struct sock *sk,
2086 				    struct tcp_ao_info *ao_info,
2087 				    sockptr_t optval, sockptr_t optlen)
2088 {
2089 	struct tcp_ao_getsockopt opt_in, opt_out;
2090 	struct tcp_ao_key *key, *current_key;
2091 	bool do_address_matching = true;
2092 	union tcp_ao_addr *addr = NULL;
2093 	int err, l3index, user_len;
2094 	unsigned int max_keys;	/* maximum number of keys to copy to user */
2095 	size_t out_offset = 0;
2096 	size_t bytes_to_write;	/* number of bytes to write to user level */
2097 	u32 matched_keys;	/* keys from ao_info matched so far */
2098 	int optlen_out;
2099 	__be16 port = 0;
2100 
2101 	if (copy_from_sockptr(&user_len, optlen, sizeof(int)))
2102 		return -EFAULT;
2103 
2104 	if (user_len <= 0)
2105 		return -EINVAL;
2106 
2107 	memset(&opt_in, 0, sizeof(struct tcp_ao_getsockopt));
2108 	err = copy_struct_from_sockptr(&opt_in, sizeof(opt_in),
2109 				       optval, user_len);
2110 	if (err < 0)
2111 		return err;
2112 
2113 	if (opt_in.pkt_good || opt_in.pkt_bad)
2114 		return -EINVAL;
2115 	if (opt_in.keyflags & ~TCP_AO_GET_KEYF_VALID)
2116 		return -EINVAL;
2117 	if (opt_in.ifindex && !(opt_in.keyflags & TCP_AO_KEYF_IFINDEX))
2118 		return -EINVAL;
2119 
2120 	if (opt_in.reserved != 0)
2121 		return -EINVAL;
2122 
2123 	max_keys = opt_in.nkeys;
2124 	l3index = (opt_in.keyflags & TCP_AO_KEYF_IFINDEX) ? opt_in.ifindex : -1;
2125 
2126 	if (opt_in.get_all || opt_in.is_current || opt_in.is_rnext) {
2127 		if (opt_in.get_all && (opt_in.is_current || opt_in.is_rnext))
2128 			return -EINVAL;
2129 		do_address_matching = false;
2130 	}
2131 
2132 	switch (opt_in.addr.ss_family) {
2133 	case AF_INET: {
2134 		struct sockaddr_in *sin;
2135 		__be32 mask;
2136 
2137 		sin = (struct sockaddr_in *)&opt_in.addr;
2138 		port = sin->sin_port;
2139 		addr = (union tcp_ao_addr *)&sin->sin_addr;
2140 
2141 		if (opt_in.prefix > 32)
2142 			return -EINVAL;
2143 
2144 		if (ntohl(sin->sin_addr.s_addr) == INADDR_ANY &&
2145 		    opt_in.prefix != 0)
2146 			return -EINVAL;
2147 
2148 		mask = inet_make_mask(opt_in.prefix);
2149 		if (sin->sin_addr.s_addr & ~mask)
2150 			return -EINVAL;
2151 
2152 		break;
2153 	}
2154 	case AF_INET6: {
2155 		struct sockaddr_in6 *sin6;
2156 		struct in6_addr *addr6;
2157 
2158 		sin6 = (struct sockaddr_in6 *)&opt_in.addr;
2159 		addr = (union tcp_ao_addr *)&sin6->sin6_addr;
2160 		addr6 = &sin6->sin6_addr;
2161 		port = sin6->sin6_port;
2162 
2163 		/* We don't have to change family and @addr here if
2164 		 * ipv6_addr_v4mapped() like in key adding:
2165 		 * tcp_ao_key_cmp() does it. Do the sanity checks though.
2166 		 */
2167 		if (opt_in.prefix != 0) {
2168 			if (ipv6_addr_v4mapped(addr6)) {
2169 				__be32 mask, addr4 = addr6->s6_addr32[3];
2170 
2171 				if (opt_in.prefix > 32 ||
2172 				    ntohl(addr4) == INADDR_ANY)
2173 					return -EINVAL;
2174 				mask = inet_make_mask(opt_in.prefix);
2175 				if (addr4 & ~mask)
2176 					return -EINVAL;
2177 			} else {
2178 				struct in6_addr pfx;
2179 
2180 				if (ipv6_addr_any(addr6) ||
2181 				    opt_in.prefix > 128)
2182 					return -EINVAL;
2183 
2184 				ipv6_addr_prefix(&pfx, addr6, opt_in.prefix);
2185 				if (ipv6_addr_cmp(&pfx, addr6))
2186 					return -EINVAL;
2187 			}
2188 		} else if (!ipv6_addr_any(addr6)) {
2189 			return -EINVAL;
2190 		}
2191 		break;
2192 	}
2193 	case 0:
2194 		if (!do_address_matching)
2195 			break;
2196 		fallthrough;
2197 	default:
2198 		return -EAFNOSUPPORT;
2199 	}
2200 
2201 	if (!do_address_matching) {
2202 		/* We could just ignore those, but let's do stricter checks */
2203 		if (addr || port)
2204 			return -EINVAL;
2205 		if (opt_in.prefix || opt_in.sndid || opt_in.rcvid)
2206 			return -EINVAL;
2207 	}
2208 
2209 	bytes_to_write = min_t(int, user_len, sizeof(struct tcp_ao_getsockopt));
2210 	matched_keys = 0;
2211 	/* May change in RX, while we're dumping, pre-fetch it */
2212 	current_key = READ_ONCE(ao_info->current_key);
2213 
2214 	hlist_for_each_entry_rcu(key, &ao_info->head, node,
2215 				 lockdep_sock_is_held(sk)) {
2216 		if (opt_in.get_all)
2217 			goto match;
2218 
2219 		if (opt_in.is_current || opt_in.is_rnext) {
2220 			if (opt_in.is_current && key == current_key)
2221 				goto match;
2222 			if (opt_in.is_rnext && key == ao_info->rnext_key)
2223 				goto match;
2224 			continue;
2225 		}
2226 
2227 		if (tcp_ao_key_cmp(key, l3index, addr, opt_in.prefix,
2228 				   opt_in.addr.ss_family,
2229 				   opt_in.sndid, opt_in.rcvid) != 0)
2230 			continue;
2231 match:
2232 		matched_keys++;
2233 		if (matched_keys > max_keys)
2234 			continue;
2235 
2236 		memset(&opt_out, 0, sizeof(struct tcp_ao_getsockopt));
2237 
2238 		if (key->family == AF_INET) {
2239 			struct sockaddr_in *sin_out = (struct sockaddr_in *)&opt_out.addr;
2240 
2241 			sin_out->sin_family = key->family;
2242 			sin_out->sin_port = 0;
2243 			memcpy(&sin_out->sin_addr, &key->addr, sizeof(struct in_addr));
2244 		} else {
2245 			struct sockaddr_in6 *sin6_out = (struct sockaddr_in6 *)&opt_out.addr;
2246 
2247 			sin6_out->sin6_family = key->family;
2248 			sin6_out->sin6_port = 0;
2249 			memcpy(&sin6_out->sin6_addr, &key->addr, sizeof(struct in6_addr));
2250 		}
2251 		opt_out.sndid = key->sndid;
2252 		opt_out.rcvid = key->rcvid;
2253 		opt_out.prefix = key->prefixlen;
2254 		opt_out.keyflags = key->keyflags;
2255 		opt_out.is_current = (key == current_key);
2256 		opt_out.is_rnext = (key == ao_info->rnext_key);
2257 		opt_out.nkeys = 0;
2258 		opt_out.maclen = key->maclen;
2259 		opt_out.keylen = key->keylen;
2260 		opt_out.ifindex = key->l3index;
2261 		opt_out.pkt_good = atomic64_read(&key->pkt_good);
2262 		opt_out.pkt_bad = atomic64_read(&key->pkt_bad);
2263 		memcpy(&opt_out.key, key->key, key->keylen);
2264 		if (key->algo == TCP_AO_ALGO_AES_128_CMAC)
2265 			/* This is needed for backwards compatibility. */
2266 			strscpy(opt_out.alg_name, "cmac(aes)");
2267 		else
2268 			strscpy(opt_out.alg_name, tcp_ao_algos[key->algo].name);
2269 
2270 		/* Copy key to user */
2271 		if (copy_to_sockptr_offset(optval, out_offset,
2272 					   &opt_out, bytes_to_write))
2273 			return -EFAULT;
2274 		out_offset += user_len;
2275 	}
2276 
2277 	optlen_out = (int)sizeof(struct tcp_ao_getsockopt);
2278 	if (copy_to_sockptr(optlen, &optlen_out, sizeof(int)))
2279 		return -EFAULT;
2280 
2281 	out_offset = offsetof(struct tcp_ao_getsockopt, nkeys);
2282 	if (copy_to_sockptr_offset(optval, out_offset,
2283 				   &matched_keys, sizeof(u32)))
2284 		return -EFAULT;
2285 
2286 	return 0;
2287 }
2288 
tcp_ao_get_mkts(struct sock * sk,sockptr_t optval,sockptr_t optlen)2289 int tcp_ao_get_mkts(struct sock *sk, sockptr_t optval, sockptr_t optlen)
2290 {
2291 	struct tcp_ao_info *ao_info;
2292 
2293 	ao_info = setsockopt_ao_info(sk);
2294 	if (IS_ERR(ao_info))
2295 		return PTR_ERR(ao_info);
2296 	if (!ao_info)
2297 		return -ENOENT;
2298 
2299 	return tcp_ao_copy_mkts_to_user(sk, ao_info, optval, optlen);
2300 }
2301 
tcp_ao_get_sock_info(struct sock * sk,sockptr_t optval,sockptr_t optlen)2302 int tcp_ao_get_sock_info(struct sock *sk, sockptr_t optval, sockptr_t optlen)
2303 {
2304 	struct tcp_ao_info_opt out, in = {};
2305 	struct tcp_ao_key *current_key;
2306 	struct tcp_ao_info *ao;
2307 	int err, len;
2308 
2309 	if (copy_from_sockptr(&len, optlen, sizeof(int)))
2310 		return -EFAULT;
2311 
2312 	if (len <= 0)
2313 		return -EINVAL;
2314 
2315 	/* Copying this "in" only to check ::reserved, ::reserved2,
2316 	 * that may be needed to extend (struct tcp_ao_info_opt) and
2317 	 * what getsockopt() provides in future.
2318 	 */
2319 	err = copy_struct_from_sockptr(&in, sizeof(in), optval, len);
2320 	if (err)
2321 		return err;
2322 
2323 	if (in.reserved != 0 || in.reserved2 != 0)
2324 		return -EINVAL;
2325 
2326 	ao = setsockopt_ao_info(sk);
2327 	if (IS_ERR(ao))
2328 		return PTR_ERR(ao);
2329 	if (!ao)
2330 		return -ENOENT;
2331 
2332 	memset(&out, 0, sizeof(out));
2333 	out.ao_required		= ao->ao_required;
2334 	out.accept_icmps	= ao->accept_icmps;
2335 	out.pkt_good		= atomic64_read(&ao->counters.pkt_good);
2336 	out.pkt_bad		= atomic64_read(&ao->counters.pkt_bad);
2337 	out.pkt_key_not_found	= atomic64_read(&ao->counters.key_not_found);
2338 	out.pkt_ao_required	= atomic64_read(&ao->counters.ao_required);
2339 	out.pkt_dropped_icmp	= atomic64_read(&ao->counters.dropped_icmp);
2340 
2341 	current_key = READ_ONCE(ao->current_key);
2342 	if (current_key) {
2343 		out.set_current = 1;
2344 		out.current_key = current_key->sndid;
2345 	}
2346 	if (ao->rnext_key) {
2347 		out.set_rnext = 1;
2348 		out.rnext = ao->rnext_key->rcvid;
2349 	}
2350 
2351 	if (copy_to_sockptr(optval, &out, min_t(int, len, sizeof(out))))
2352 		return -EFAULT;
2353 
2354 	return 0;
2355 }
2356 
tcp_ao_set_repair(struct sock * sk,sockptr_t optval,unsigned int optlen)2357 int tcp_ao_set_repair(struct sock *sk, sockptr_t optval, unsigned int optlen)
2358 {
2359 	struct tcp_sock *tp = tcp_sk(sk);
2360 	struct tcp_ao_repair cmd;
2361 	struct tcp_ao_key *key;
2362 	struct tcp_ao_info *ao;
2363 	int err;
2364 
2365 	if (optlen < sizeof(cmd))
2366 		return -EINVAL;
2367 
2368 	err = copy_struct_from_sockptr(&cmd, sizeof(cmd), optval, optlen);
2369 	if (err)
2370 		return err;
2371 
2372 	if (!tp->repair)
2373 		return -EPERM;
2374 
2375 	ao = setsockopt_ao_info(sk);
2376 	if (IS_ERR(ao))
2377 		return PTR_ERR(ao);
2378 	if (!ao)
2379 		return -ENOENT;
2380 
2381 	WRITE_ONCE(ao->lisn, cmd.snt_isn);
2382 	WRITE_ONCE(ao->risn, cmd.rcv_isn);
2383 	WRITE_ONCE(ao->snd_sne, cmd.snd_sne);
2384 	WRITE_ONCE(ao->rcv_sne, cmd.rcv_sne);
2385 
2386 	hlist_for_each_entry_rcu(key, &ao->head, node, lockdep_sock_is_held(sk))
2387 		tcp_ao_cache_traffic_keys(sk, ao, key);
2388 
2389 	return 0;
2390 }
2391 
tcp_ao_get_repair(struct sock * sk,sockptr_t optval,sockptr_t optlen)2392 int tcp_ao_get_repair(struct sock *sk, sockptr_t optval, sockptr_t optlen)
2393 {
2394 	struct tcp_sock *tp = tcp_sk(sk);
2395 	struct tcp_ao_repair opt;
2396 	struct tcp_ao_info *ao;
2397 	int len;
2398 
2399 	if (copy_from_sockptr(&len, optlen, sizeof(int)))
2400 		return -EFAULT;
2401 
2402 	if (len <= 0)
2403 		return -EINVAL;
2404 
2405 	if (!tp->repair)
2406 		return -EPERM;
2407 
2408 	rcu_read_lock();
2409 	ao = getsockopt_ao_info(sk);
2410 	if (IS_ERR_OR_NULL(ao)) {
2411 		rcu_read_unlock();
2412 		return ao ? PTR_ERR(ao) : -ENOENT;
2413 	}
2414 
2415 	opt.snt_isn	= ao->lisn;
2416 	opt.rcv_isn	= ao->risn;
2417 	opt.snd_sne	= READ_ONCE(ao->snd_sne);
2418 	opt.rcv_sne	= READ_ONCE(ao->rcv_sne);
2419 	rcu_read_unlock();
2420 
2421 	if (copy_to_sockptr(optval, &opt, min_t(int, len, sizeof(opt))))
2422 		return -EFAULT;
2423 	return 0;
2424 }
2425