diff options
| author | Peter Krystad <peter.krystad@linux.intel.com> | 2020-01-21 16:56:20 -0800 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2020-01-24 13:44:07 +0100 |
| commit | 79c0949e9a09f6a14a6dd18dc8396029423f9b68 (patch) | |
| tree | 98e6d16ac4d28c25a6c171706cb2ce90cec1bbdc /net/mptcp/protocol.h | |
| parent | cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be (diff) | |
mptcp: Add key generation and token tree
Generate the local keys, IDSN, and token when creating a new socket.
Introduce the token tree to track all tokens in use using a radix tree
with the MPTCP token itself as the index.
Override the rebuild_header callback in inet_connection_sock_af_ops for
creating the local key on a new outgoing connection.
Override the init_req callback of tcp_request_sock_ops for creating the
local key on a new incoming connection.
Will be used to obtain the MPTCP parent socket to handle incoming joins.
Co-developed-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Co-developed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
Co-developed-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Peter Krystad <peter.krystad@linux.intel.com>
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/mptcp/protocol.h')
| -rw-r--r-- | net/mptcp/protocol.h | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index bd66e7415515..5f43fa0275c0 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -7,6 +7,10 @@ #ifndef __MPTCP_PROTOCOL_H #define __MPTCP_PROTOCOL_H +#include <linux/random.h> +#include <net/tcp.h> +#include <net/inet_connection_sock.h> + #define MPTCP_SUPPORTED_VERSION 0 /* MPTCP option bits */ @@ -42,6 +46,7 @@ struct mptcp_sock { struct inet_connection_sock sk; u64 local_key; u64 remote_key; + u32 token; struct list_head conn_list; struct socket *subflow; /* outgoing connect/listener/!mp_capable */ }; @@ -61,6 +66,8 @@ struct mptcp_subflow_request_sock { backup : 1; u64 local_key; u64 remote_key; + u64 idsn; + u32 token; }; static inline struct mptcp_subflow_request_sock * @@ -74,6 +81,8 @@ struct mptcp_subflow_context { struct list_head node;/* conn_list of subflows */ u64 local_key; u64 remote_key; + u64 idsn; + u32 token; u32 request_mptcp : 1, /* send MP_CAPABLE */ mp_capable : 1, /* remote is MPTCP capable */ fourth_ack : 1, /* send initial DSS */ @@ -112,4 +121,27 @@ void mptcp_get_options(const struct sk_buff *skb, void mptcp_finish_connect(struct sock *sk); +int mptcp_token_new_request(struct request_sock *req); +void mptcp_token_destroy_request(u32 token); +int mptcp_token_new_connect(struct sock *sk); +int mptcp_token_new_accept(u32 token); +void mptcp_token_update_accept(struct sock *sk, struct sock *conn); +void mptcp_token_destroy(u32 token); + +void mptcp_crypto_key_sha(u64 key, u32 *token, u64 *idsn); +static inline void mptcp_crypto_key_gen_sha(u64 *key, u32 *token, u64 *idsn) +{ + /* we might consider a faster version that computes the key as a + * hash of some information available in the MPTCP socket. Use + * random data at the moment, as it's probably the safest option + * in case multiple sockets are opened in different namespaces at + * the same time. + */ + get_random_bytes(key, sizeof(u64)); + mptcp_crypto_key_sha(*key, token, idsn); +} + +void mptcp_crypto_hmac_sha(u64 key1, u64 key2, u32 nonce1, u32 nonce2, + u32 *hash_out); + #endif /* __MPTCP_PROTOCOL_H */ |