From patchwork Tue Sep 21 16:14:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508209 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 258BDC433F5 for ; Tue, 21 Sep 2021 16:16:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0C78260F70 for ; Tue, 21 Sep 2021 16:16:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234371AbhIUQSE (ORCPT ); Tue, 21 Sep 2021 12:18:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234417AbhIUQSB (ORCPT ); Tue, 21 Sep 2021 12:18:01 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2EE14C061766; Tue, 21 Sep 2021 09:16:31 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id ee50so2722314edb.13; Tue, 21 Sep 2021 09:16:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=n/Xa05kRuG74glxteHqIbQ8b5Hw5j8bG6ggHeI5rzFI=; b=mQHvijUdlJPH00GTCY5jaxpJzlFXojI+fhJ7Y1MJck3SK394FrXCFLTJHwxXc+mJAd 17CphejyZnT5zuwqLaEILQJLY/GbzuYCnd95QZyLPFN4AgW8SVfKClXGauzHZMdwTFLD czHU43iwG1kQsAsDo/Rg+IrVJfrwI+BRtxFKeJsl5yAoF+Vbf7N+2QGa8kJAAkIjKgj9 +de9TXTc2u4PrNg7+3xvrgomc5XeTKoYVMGd5DRg3qG8VZD0mcl2SihrpyZlsWK5tOoe Xvuxv0BzULAM0ZF837ornauMeXxp8EijjTy2W+yxQQQaDyAW3H7FgbBgst4uKqEZkTiX GDyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=n/Xa05kRuG74glxteHqIbQ8b5Hw5j8bG6ggHeI5rzFI=; b=ubEn1Q/LK984/FpL1KJ+0N5ybBn0rT9gs5SgLtcidG1ty+EQ8yyKGjPl66LQYkcKS6 w4r9IJU/tRTrCr//cL1lyMmKG1ZSASLGLFl1iL1sDjtBKFo+kGj/Wd63xV4U39+jLNAY IENdasvkFlYDbNNkXRWgVylUG7Y+SMIZtUFEaR2uDt4oxXWiVqxEacoAWymZpEv8jqKW P+EFC+I9DTgu4RpujCDddq3sh9lQxnCarbu0uVIjof7B4xaSVveQFBRWu+GVaEELFmGi +q2rUW48mf4945XYxs2NzWhSfTv/s5uh5iTMWuPPx88QF5FkAekBe3JclQhfxgDhr+Oa KHyw== X-Gm-Message-State: AOAM533DFDq/yul+fYu9ylnBT/vy3UDdAn13MRFTckUqyMShztXPmUZO 4uKOUf4Prd7+c8LRe96n8mc= X-Google-Smtp-Source: ABdhPJzv+PyrnK7gKDdmmP+vJpn9Y9/8WZlS8k4dWW1nuZjJ8uTiGMswV1ef5AfgQreaChLJxtVObA== X-Received: by 2002:a17:906:6a0f:: with SMTP id qw15mr36020735ejc.406.1632240916912; Tue, 21 Sep 2021 09:15:16 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:16 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 01/19] tcp: authopt: Initial support and key management Date: Tue, 21 Sep 2021 19:14:44 +0300 Message-Id: <0c4fd7ec7a3a1d25078cb8acb64400a67fd57836.1632240523.git.cdleonard@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This commit adds support to add and remove keys but does not use them further. Similar to tcp md5 a single pointer to a struct tcp_authopt_info* struct is added to struct tcp_sock, this avoids increasing memory usage. The data structures related to tcp_authopt are initialized on setsockopt and only freed on socket close. Signed-off-by: Leonard Crestez --- include/linux/tcp.h | 9 ++ include/net/tcp.h | 1 + include/net/tcp_authopt.h | 63 +++++++++ include/uapi/linux/tcp.h | 79 ++++++++++++ net/ipv4/Kconfig | 14 ++ net/ipv4/Makefile | 1 + net/ipv4/tcp.c | 30 +++++ net/ipv4/tcp_authopt.c | 260 ++++++++++++++++++++++++++++++++++++++ net/ipv4/tcp_ipv4.c | 2 + 9 files changed, 459 insertions(+) create mode 100644 include/net/tcp_authopt.h create mode 100644 net/ipv4/tcp_authopt.c diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 48d8a363319e..50038f35ba51 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -140,10 +140,12 @@ struct tcp_request_sock { static inline struct tcp_request_sock *tcp_rsk(const struct request_sock *req) { return (struct tcp_request_sock *)req; } +struct tcp_authopt_info; + struct tcp_sock { /* inet_connection_sock has to be the first member of tcp_sock */ struct inet_connection_sock inet_conn; u16 tcp_header_len; /* Bytes of tcp header to send */ u16 gso_segs; /* Max number of segs per GSO packet */ @@ -403,10 +405,14 @@ struct tcp_sock { /* TCP MD5 Signature Option information */ struct tcp_md5sig_info __rcu *md5sig_info; #endif +#ifdef CONFIG_TCP_AUTHOPT + struct tcp_authopt_info __rcu *authopt_info; +#endif + /* TCP fastopen related information */ struct tcp_fastopen_request *fastopen_req; /* fastopen_rsk points to request_sock that resulted in this big * socket. Used to retransmit SYNACKs etc. */ @@ -453,10 +459,13 @@ struct tcp_timewait_sock { int tw_ts_recent_stamp; u32 tw_tx_delay; #ifdef CONFIG_TCP_MD5SIG struct tcp_md5sig_key *tw_md5_key; #endif +#ifdef CONFIG_TCP_AUTHOPT + struct tcp_authopt_info *tw_authopt_info; +#endif }; static inline struct tcp_timewait_sock *tcp_twsk(const struct sock *sk) { return (struct tcp_timewait_sock *)sk; diff --git a/include/net/tcp.h b/include/net/tcp.h index 3166dc15d7d6..bb76554e8fe5 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -182,10 +182,11 @@ void tcp_time_wait(struct sock *sk, int state, int timeo); #define TCPOPT_WINDOW 3 /* Window scaling */ #define TCPOPT_SACK_PERM 4 /* SACK Permitted */ #define TCPOPT_SACK 5 /* SACK Block */ #define TCPOPT_TIMESTAMP 8 /* Better RTT estimations/PAWS */ #define TCPOPT_MD5SIG 19 /* MD5 Signature (RFC2385) */ +#define TCPOPT_AUTHOPT 29 /* Auth Option (RFC5925) */ #define TCPOPT_MPTCP 30 /* Multipath TCP (RFC6824) */ #define TCPOPT_FASTOPEN 34 /* Fast open (RFC7413) */ #define TCPOPT_EXP 254 /* Experimental */ /* Magic number to be after the option value for sharing TCP * experimental options. See draft-ietf-tcpm-experimental-options-00.txt diff --git a/include/net/tcp_authopt.h b/include/net/tcp_authopt.h new file mode 100644 index 000000000000..19d304de18f8 --- /dev/null +++ b/include/net/tcp_authopt.h @@ -0,0 +1,63 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +#ifndef _LINUX_TCP_AUTHOPT_H +#define _LINUX_TCP_AUTHOPT_H + +#include + +/** + * struct tcp_authopt_key_info - Representation of a Master Key Tuple as per RFC5925 + * + * Key structure lifetime is only protected by RCU so readers needs to hold a + * single rcu_read_lock until they're done with the key. + */ +struct tcp_authopt_key_info { + struct hlist_node node; + struct rcu_head rcu; + u32 flags; + /* Wire identifiers */ + u8 send_id, recv_id; + u8 alg_id; + u8 keylen; + u8 key[TCP_AUTHOPT_MAXKEYLEN]; + struct sockaddr_storage addr; +}; + +/** + * struct tcp_authopt_info - Per-socket information regarding tcp_authopt + * + * This is lazy-initialized in order to avoid increasing memory usage for + * regular TCP sockets. Once created it is only destroyed on socket close. + */ +struct tcp_authopt_info { + /** @head: List of tcp_authopt_key_info */ + struct hlist_head head; + struct rcu_head rcu; + u32 flags; + u32 src_isn; + u32 dst_isn; +}; + +#ifdef CONFIG_TCP_AUTHOPT +void tcp_authopt_clear(struct sock *sk); +int tcp_set_authopt(struct sock *sk, sockptr_t optval, unsigned int optlen); +int tcp_get_authopt_val(struct sock *sk, struct tcp_authopt *key); +int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen); +#else +static inline int tcp_set_authopt(struct sock *sk, sockptr_t optval, unsigned int optlen) +{ + return -ENOPROTOOPT; +} +static inline int tcp_get_authopt_val(struct sock *sk, struct tcp_authopt *key) +{ + return -ENOPROTOOPT; +} +static inline void tcp_authopt_clear(struct sock *sk) +{ +} +static inline int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen) +{ + return -ENOPROTOOPT; +} +#endif + +#endif /* _LINUX_TCP_AUTHOPT_H */ diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h index 8fc09e8638b3..c68ecd617774 100644 --- a/include/uapi/linux/tcp.h +++ b/include/uapi/linux/tcp.h @@ -126,10 +126,12 @@ enum { #define TCP_INQ 36 /* Notify bytes available to read as a cmsg on read */ #define TCP_CM_INQ TCP_INQ #define TCP_TX_DELAY 37 /* delay outgoing packets by XX usec */ +#define TCP_AUTHOPT 38 /* TCP Authentication Option (RFC5925) */ +#define TCP_AUTHOPT_KEY 39 /* TCP Authentication Option Key (RFC5925) */ #define TCP_REPAIR_ON 1 #define TCP_REPAIR_OFF 0 #define TCP_REPAIR_OFF_NO_WP -1 /* Turn off without window probes */ @@ -340,10 +342,87 @@ struct tcp_diag_md5sig { __u16 tcpm_keylen; __be32 tcpm_addr[4]; __u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN]; }; +/** + * enum tcp_authopt_flag - flags for `tcp_authopt.flags` + */ +enum tcp_authopt_flag { + /** + * @TCP_AUTHOPT_FLAG_REJECT_UNEXPECTED: + * Configure behavior of segments with TCP-AO coming from hosts for which no + * key is configured. The default recommended by RFC is to silently accept + * such connections. + */ + TCP_AUTHOPT_FLAG_REJECT_UNEXPECTED = (1 << 2), +}; + +/** + * struct tcp_authopt - Per-socket options related to TCP Authentication Option + */ +struct tcp_authopt { + /** @flags: Combination of &enum tcp_authopt_flag */ + __u32 flags; +}; + +/** + * enum tcp_authopt_key_flag - flags for `tcp_authopt.flags` + * + * @TCP_AUTHOPT_KEY_DEL: Delete the key and ignore non-id fields + * @TCP_AUTHOPT_KEY_EXCLUDE_OPTS: Exclude TCP options from signature + * @TCP_AUTHOPT_KEY_ADDR_BIND: Key only valid for `tcp_authopt.addr` + */ +enum tcp_authopt_key_flag { + TCP_AUTHOPT_KEY_DEL = (1 << 0), + TCP_AUTHOPT_KEY_EXCLUDE_OPTS = (1 << 1), + TCP_AUTHOPT_KEY_ADDR_BIND = (1 << 2), +}; + +/** + * enum tcp_authopt_alg - Algorithms for TCP Authentication Option + */ +enum tcp_authopt_alg { + TCP_AUTHOPT_ALG_HMAC_SHA_1_96 = 1, + TCP_AUTHOPT_ALG_AES_128_CMAC_96 = 2, +}; + +/* for TCP_AUTHOPT_KEY socket option */ +#define TCP_AUTHOPT_MAXKEYLEN 80 + +/** + * struct tcp_authopt_key - TCP Authentication KEY + * + * Key are identified by the combination of: + * - send_id + * - recv_id + * - addr (iff TCP_AUTHOPT_KEY_ADDR_BIND) + * + * RFC5925 requires that key ids must not overlap for the same TCP connection. + * This is not enforced by linux. + */ +struct tcp_authopt_key { + /** @flags: Combination of &enum tcp_authopt_key_flag */ + __u32 flags; + /** @send_id: keyid value for send */ + __u8 send_id; + /** @recv_id: keyid value for receive */ + __u8 recv_id; + /** @alg: One of &enum tcp_authopt_alg */ + __u8 alg; + /** @keylen: Length of the key buffer */ + __u8 keylen; + /** @key: Secret key */ + __u8 key[TCP_AUTHOPT_MAXKEYLEN]; + /** + * @addr: Key is only valid for this address + * + * Ignored unless TCP_AUTHOPT_KEY_ADDR_BIND flag is set + */ + struct __kernel_sockaddr_storage addr; +}; + /* setsockopt(fd, IPPROTO_TCP, TCP_ZEROCOPY_RECEIVE, ...) */ #define TCP_RECEIVE_ZEROCOPY_FLAG_TLB_CLEAN_HINT 0x1 struct tcp_zerocopy_receive { __u64 address; /* in: address of mapping */ diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index 87983e70f03f..6459f4ea6f1d 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig @@ -740,5 +740,19 @@ config TCP_MD5SIG RFC2385 specifies a method of giving MD5 protection to TCP sessions. Its main (only?) use is to protect BGP sessions between core routers on the Internet. If unsure, say N. + +config TCP_AUTHOPT + bool "TCP: Authentication Option support (RFC5925)" + select CRYPTO + select CRYPTO_SHA1 + select CRYPTO_HMAC + select CRYPTO_AES + select CRYPTO_CMAC + help + RFC5925 specifies a new method of giving protection to TCP sessions. + Its intended use is to protect BGP sessions between core routers + on the Internet. It obsoletes TCP MD5 (RFC2385) but is incompatible. + + If unsure, say N. diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile index bbdd9c44f14e..d336f32ce177 100644 --- a/net/ipv4/Makefile +++ b/net/ipv4/Makefile @@ -59,10 +59,11 @@ obj-$(CONFIG_TCP_CONG_NV) += tcp_nv.o obj-$(CONFIG_TCP_CONG_VENO) += tcp_veno.o obj-$(CONFIG_TCP_CONG_SCALABLE) += tcp_scalable.o obj-$(CONFIG_TCP_CONG_LP) += tcp_lp.o obj-$(CONFIG_TCP_CONG_YEAH) += tcp_yeah.o obj-$(CONFIG_TCP_CONG_ILLINOIS) += tcp_illinois.o +obj-$(CONFIG_TCP_AUTHOPT) += tcp_authopt.o obj-$(CONFIG_NET_SOCK_MSG) += tcp_bpf.o obj-$(CONFIG_BPF_SYSCALL) += udp_bpf.o obj-$(CONFIG_NETLABEL) += cipso_ipv4.o obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o \ diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index e8b48df73c85..9966acf259e2 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -271,10 +271,11 @@ #include #include #include #include +#include #include #include #include #include @@ -3574,10 +3575,16 @@ static int do_tcp_setsockopt(struct sock *sk, int level, int optname, case TCP_MD5SIG: case TCP_MD5SIG_EXT: err = tp->af_specific->md5_parse(sk, optname, optval, optlen); break; #endif + case TCP_AUTHOPT: + err = tcp_set_authopt(sk, optval, optlen); + break; + case TCP_AUTHOPT_KEY: + err = tcp_set_authopt_key(sk, optval, optlen); + break; case TCP_USER_TIMEOUT: /* Cap the max time in ms TCP will retry or probe the window * before giving up and aborting (ETIMEDOUT) a connection. */ if (val < 0) @@ -4220,10 +4227,33 @@ static int do_tcp_getsockopt(struct sock *sk, int level, if (!err && copy_to_user(optval, &zc, len)) err = -EFAULT; return err; } #endif +#ifdef CONFIG_TCP_AUTHOPT + case TCP_AUTHOPT: { + struct tcp_authopt info; + int err; + + if (get_user(len, optlen)) + return -EFAULT; + + lock_sock(sk); + err = tcp_get_authopt_val(sk, &info); + release_sock(sk); + + if (err) + return err; + len = min_t(unsigned int, len, sizeof(info)); + if (put_user(len, optlen)) + return -EFAULT; + if (copy_to_user(optval, &info, len)) + return -EFAULT; + return 0; + } +#endif + default: return -ENOPROTOOPT; } if (put_user(len, optlen)) diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c new file mode 100644 index 000000000000..a771e5754c8a --- /dev/null +++ b/net/ipv4/tcp_authopt.c @@ -0,0 +1,260 @@ +// SPDX-License-Identifier: GPL-2.0-or-later + +#include +#include +#include +#include + +/* checks that ipv4 or ipv6 addr matches. */ +static bool ipvx_addr_match(struct sockaddr_storage *a1, + struct sockaddr_storage *a2) +{ + if (a1->ss_family != a2->ss_family) + return false; + if (a1->ss_family == AF_INET && ( + ((struct sockaddr_in *)a1)->sin_addr.s_addr != + ((struct sockaddr_in *)a2)->sin_addr.s_addr)) + return false; + if (a1->ss_family == AF_INET6 && !ipv6_addr_equal( + &((struct sockaddr_in6 *)a1)->sin6_addr, + &((struct sockaddr_in6 *)a2)->sin6_addr)) + return false; + return true; +} + +static bool tcp_authopt_key_match_exact(struct tcp_authopt_key_info *info, + struct tcp_authopt_key *key) +{ + if (info->send_id != key->send_id) + return false; + if (info->recv_id != key->recv_id) + return false; + if ((info->flags & TCP_AUTHOPT_KEY_ADDR_BIND) != (key->recv_id & TCP_AUTHOPT_KEY_ADDR_BIND)) + return false; + if (info->flags & TCP_AUTHOPT_KEY_ADDR_BIND) + if (!ipvx_addr_match(&info->addr, &key->addr)) + return false; + + return true; +} + +static struct tcp_authopt_key_info *tcp_authopt_key_lookup_exact(const struct sock *sk, + struct tcp_authopt_info *info, + struct tcp_authopt_key *ukey) +{ + struct tcp_authopt_key_info *key_info; + + hlist_for_each_entry_rcu(key_info, &info->head, node, lockdep_sock_is_held(sk)) + if (tcp_authopt_key_match_exact(key_info, ukey)) + return key_info; + + return NULL; +} + +static struct tcp_authopt_info *__tcp_authopt_info_get_or_create(struct sock *sk) +{ + struct tcp_sock *tp = tcp_sk(sk); + struct tcp_authopt_info *info; + + info = rcu_dereference_check(tp->authopt_info, lockdep_sock_is_held(sk)); + if (info) + return info; + + info = kzalloc(sizeof(*info), GFP_KERNEL); + if (!info) + return ERR_PTR(-ENOMEM); + + sk_nocaps_add(sk, NETIF_F_GSO_MASK); + INIT_HLIST_HEAD(&info->head); + rcu_assign_pointer(tp->authopt_info, info); + + return info; +} + +#define TCP_AUTHOPT_KNOWN_FLAGS ( \ + TCP_AUTHOPT_FLAG_REJECT_UNEXPECTED) + +/* Like copy_from_sockopt except tolerate different optlen for compatibility reasons + * + * If the src is shorter then it's from an old userspace and the rest of dst is + * filled with zeros. + * + * If the dst is shorter then src is from a newer userspace and we only accept + * if the rest of the option is all zeros. + * + * This allows sockopts to grow as long as for new fields zeros has no effect. + */ +static int _copy_from_sockptr_tolerant( + u8* dst, unsigned int dstlen, + sockptr_t src, unsigned int srclen) +{ + int err; + + /* If userspace optlen is too short fill the rest with zeros */ + if (srclen > dstlen) { + if (sockptr_is_kernel(src)) + return -EINVAL; + err = check_zeroed_user(src.user + dstlen, srclen - dstlen); + if (err < 0) + return err; + if (err == 0) + return -EINVAL; + } + err = copy_from_sockptr(dst, src, min(srclen, dstlen)); + if (err) + return err; + if (srclen < dstlen) + memset(dst + dstlen, 0, dstlen - srclen); + + return err; +} + +int tcp_set_authopt(struct sock *sk, sockptr_t optval, unsigned int optlen) +{ + struct tcp_authopt opt; + struct tcp_authopt_info *info; + int err; + + sock_owned_by_me(sk); + + err = _copy_from_sockptr_tolerant((u8*)&opt, sizeof(opt), optval, optlen); + if (err) + return err; + + if (opt.flags & ~TCP_AUTHOPT_KNOWN_FLAGS) + return -EINVAL; + + info = __tcp_authopt_info_get_or_create(sk); + if (IS_ERR(info)) + return PTR_ERR(info); + + info->flags = opt.flags & TCP_AUTHOPT_KNOWN_FLAGS; + + return 0; +} + +int tcp_get_authopt_val(struct sock *sk, struct tcp_authopt *opt) +{ + struct tcp_sock *tp = tcp_sk(sk); + struct tcp_authopt_info *info; + + sock_owned_by_me(sk); + + memset(opt, 0, sizeof(*opt)); + info = rcu_dereference_check(tp->authopt_info, lockdep_sock_is_held(sk)); + if (!info) + return -ENOENT; + + opt->flags = info->flags & TCP_AUTHOPT_KNOWN_FLAGS; + + return 0; +} + +/* Free key nicely, for living sockets */ +static void tcp_authopt_key_del(struct sock *sk, + struct tcp_authopt_info *info, + struct tcp_authopt_key_info *key) +{ + sock_owned_by_me(sk); + hlist_del_rcu(&key->node); + atomic_sub(sizeof(*key), &sk->sk_omem_alloc); + kfree_rcu(key, rcu); +} + +/* Free info and keys. + * Don't touch tp->authopt_info, it might not even be assigned yes. + */ +void tcp_authopt_free(struct sock *sk, struct tcp_authopt_info *info) +{ + struct hlist_node *n; + struct tcp_authopt_key_info *key; + + hlist_for_each_entry_safe(key, n, &info->head, node) { + /* sk is NULL for timewait case + * struct timewait_sock doesn't track sk_omem_alloc + */ + if (sk) + atomic_sub(sizeof(*key), &sk->sk_omem_alloc); + hlist_del_rcu(&key->node); + kfree_rcu(key, rcu); + } + kfree_rcu(info, rcu); +} + +/* free everything and clear tcp_sock.authopt_info to NULL */ +void tcp_authopt_clear(struct sock *sk) +{ + struct tcp_authopt_info *info; + + info = rcu_dereference_protected(tcp_sk(sk)->authopt_info, lockdep_sock_is_held(sk)); + if (info) { + tcp_authopt_free(sk, info); + tcp_sk(sk)->authopt_info = NULL; + } +} + +#define TCP_AUTHOPT_KEY_KNOWN_FLAGS ( \ + TCP_AUTHOPT_KEY_DEL | \ + TCP_AUTHOPT_KEY_EXCLUDE_OPTS | \ + TCP_AUTHOPT_KEY_ADDR_BIND) + +int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen) +{ + struct tcp_authopt_key opt; + struct tcp_authopt_info *info; + struct tcp_authopt_key_info *key_info, *old_key_info; + + sock_owned_by_me(sk); + + err = _copy_from_sockptr_tolerant((u8*)&opt, sizeof(opt), optval, optlen); + if (err) + return err; + + if (opt.flags & ~TCP_AUTHOPT_KEY_KNOWN_FLAGS) + return -EINVAL; + + if (opt.keylen > TCP_AUTHOPT_MAXKEYLEN) + return -EINVAL; + + /* Delete is a special case: */ + if (opt.flags & TCP_AUTHOPT_KEY_DEL) { + info = rcu_dereference_check(tcp_sk(sk)->authopt_info, lockdep_sock_is_held(sk)); + if (!info) + return -ENOENT; + key_info = tcp_authopt_key_lookup_exact(sk, info, &opt); + if (!key_info) + return -ENOENT; + tcp_authopt_key_del(sk, info, key_info); + return 0; + } + + /* check key family */ + if (opt.flags & TCP_AUTHOPT_KEY_ADDR_BIND) { + if (sk->sk_family != opt.addr.ss_family) + return -EINVAL; + } + + /* Initialize tcp_authopt_info if not already set */ + info = __tcp_authopt_info_get_or_create(sk); + if (IS_ERR(info)) + return PTR_ERR(info); + + key_info = sock_kmalloc(sk, sizeof(*key_info), GFP_KERNEL | __GFP_ZERO); + if (!key_info) + return -ENOMEM; + /* If an old key exists with exact ID then remove and replace. + * RCU-protected readers might observe both and pick any. + */ + if ((old_key_info = tcp_authopt_key_lookup_exact(sk, info, &opt))) + tcp_authopt_key_del(sk, info, old_key_info); + key_info->flags = opt.flags & TCP_AUTHOPT_KEY_KNOWN_FLAGS; + key_info->send_id = opt.send_id; + key_info->recv_id = opt.recv_id; + key_info->alg_id = opt.alg; + key_info->keylen = opt.keylen; + memcpy(key_info->key, opt.key, opt.keylen); + memcpy(&key_info->addr, &opt.addr, sizeof(key_info->addr)); + hlist_add_head_rcu(&key_info->node, &info->head); + + return 0; +} diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 2e62e0d6373a..1348615c7576 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -60,10 +60,11 @@ #include #include #include #include +#include #include #include #include #include #include @@ -2256,10 +2257,11 @@ void tcp_v4_destroy_sock(struct sock *sk) tcp_clear_md5_list(sk); kfree_rcu(rcu_dereference_protected(tp->md5sig_info, 1), rcu); tp->md5sig_info = NULL; } #endif + tcp_authopt_clear(sk); /* Clean up a referenced TCP bind bucket. */ if (inet_csk(sk)->icsk_bind_hash) inet_put_port(sk); From patchwork Tue Sep 21 16:14:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508293 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D997C433EF for ; Tue, 21 Sep 2021 16:19:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4AEE261100 for ; Tue, 21 Sep 2021 16:19:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234563AbhIUQVR (ORCPT ); Tue, 21 Sep 2021 12:21:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234600AbhIUQU2 (ORCPT ); Tue, 21 Sep 2021 12:20:28 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24315C0617A6; Tue, 21 Sep 2021 09:17:37 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id r5so6713311edi.10; Tue, 21 Sep 2021 09:17:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xTuLF9iVakUmuqWJrh4h5lRJip3NOmzubsD/v0KQcZA=; b=e0CCTRMaMb+VXQZXecEdK9+PhRe3VtV+vCqsNgTYclTyKxUhRRPNPBCfdTE40toYE4 MtWBgGOvzFhmzaQTXCZesW1lB0PH6umPLwMDX5pKguPrAj6LKSTTtuaTOIhd2be0cT5X O7b2oPQNqlrNioGotBCjRHi7AJlcY6lYn05696BgO/hGtmdC6Dz9QRa8pK7DG/x4rpFK qTlko9ydhAFvv6/DfC/Ksh6KxsT+TuM7t22lv/CXByYdRimlen/bIbvySy4mYFB82oe7 3ulHd3YaaPEppuCmJWOX8s1g45lJqeS+nB2K0kHQXKu59SpGVmj/Y6Vn6c3adUsX31De HxnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xTuLF9iVakUmuqWJrh4h5lRJip3NOmzubsD/v0KQcZA=; b=IkugwuK7oGhVLA5/otOGcphf5qBAhNSOIlLpzQVLtVOWW/VwRryjSgcaGt9qwrTogQ t/ZZc0BIxXyT04BmXcYES9l9YqWXaBqx6z+q8hO7e7RN+TZrvyGeeNJWefbo+/+tbroQ zPcoBAAxTw1EgIehiizZPvT8V8lEB391Yt8wssWeGjC137LNWEYUxYLslsAMdcE21hI3 TK0CekcWGvB3hTLbNodlqKiBtFmrvXbJC1jxwZk0KL5+SAhWADWqGxSD0pnu3J4YNW4M Hr4hGOHa3oDJ4Y6+8yhKZb5loxZ2w1P1Wej+dR+mCcyx8vWRBmFTCF8L1UEqKSP19a6L a0jQ== X-Gm-Message-State: AOAM531gncG6k+cmQUdGq/jJa+WCc9niAhmSNyPN8E72jP2Up7/6Wefz q05ExydJc8o5GG26rDa9OBg= X-Google-Smtp-Source: ABdhPJwJYuiadhExn43H/ihIAbnx+o9isYCWpMew1MkoLwXAA691Zx36NuCbSr00LuDerdAvoJLzKg== X-Received: by 2002:a17:906:1749:: with SMTP id d9mr34603473eje.178.1632240918719; Tue, 21 Sep 2021 09:15:18 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:18 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 02/19] docs: Add user documentation for tcp_authopt Date: Tue, 21 Sep 2021 19:14:45 +0300 Message-Id: <1362c88efa09c7710aff0f4516174e4160d3267a.1632240523.git.cdleonard@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The .rst documentation contains a brief description of the user interface and includes kernel-doc generated from uapi header. Signed-off-by: Leonard Crestez --- Documentation/networking/index.rst | 1 + Documentation/networking/tcp_authopt.rst | 44 ++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 Documentation/networking/tcp_authopt.rst diff --git a/Documentation/networking/index.rst b/Documentation/networking/index.rst index 58bc8cd367c6..f5c324a060d8 100644 --- a/Documentation/networking/index.rst +++ b/Documentation/networking/index.rst @@ -100,10 +100,11 @@ Contents: strparser switchdev sysfs-tagging tc-actions-env-rules tcp-thin + tcp_authopt team timestamping tipc tproxy tuntap diff --git a/Documentation/networking/tcp_authopt.rst b/Documentation/networking/tcp_authopt.rst new file mode 100644 index 000000000000..484f66f41ad5 --- /dev/null +++ b/Documentation/networking/tcp_authopt.rst @@ -0,0 +1,44 @@ +.. SPDX-License-Identifier: GPL-2.0 + +========================= +TCP Authentication Option +========================= + +The TCP Authentication option specified by RFC5925 replaces the TCP MD5 +Signature option. It similar in goals but not compatible in either wire formats +or ABI. + +Interface +========= + +Individual keys can be added to or removed from a TCP socket by using +TCP_AUTHOPT_KEY setsockopt and a ``struct tcp_authopt_key``. There is no +support for reading back keys and updates always replace the old key. These +structures represent "Master Key Tuples (MKTs)" as described by the RFC. + +Per-socket options can set or read using the TCP_AUTHOPT sockopt and a ``struct +tcp_authopt``. This is optional: doing setsockopt TCP_AUTHOPT_KEY is +sufficient to enable the feature. + +Configuration associated with TCP Authentication is indepedently attached to +each TCP socket. After listen and accept the newly returned socket gets an +independent copy of relevant settings from the listen socket. + +Key binding +----------- + +Keys can be bound to remote addresses in a way that is similar to TCP_MD5. + + * The full address must match (/32 or /128) + * Ports are ignored + * Address binding is optional, by default keys match all addresses + +RFC5925 requires that key ids do not overlap when tcp identifiers (addr/port) +overlap. This is not enforced by linux, configuring ambiguous keys will result +in packet drops and lost connections. + +ABI Reference +============= + +.. kernel-doc:: include/uapi/linux/tcp.h + :identifiers: tcp_authopt tcp_authopt_flag tcp_authopt_key tcp_authopt_key_flag tcp_authopt_alg From patchwork Tue Sep 21 16:14:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508225 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E20DC4321E for ; Tue, 21 Sep 2021 16:17:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2879360F70 for ; Tue, 21 Sep 2021 16:17:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234586AbhIUQSq (ORCPT ); Tue, 21 Sep 2021 12:18:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33554 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234424AbhIUQS3 (ORCPT ); Tue, 21 Sep 2021 12:18:29 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17085C061757; Tue, 21 Sep 2021 09:17:00 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id co2so29797493edb.8; Tue, 21 Sep 2021 09:17:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pvjovdmDUdp4zPrJ2B/xrAzrYj6YQrDNCw62XXqkzzs=; b=PWXkxbnNsfhU7VVymCc1dTqaqotQkeZTLoiU2VuufhHUNLxl3qFNjrhe6BqsUzCZxa GqJxxHipwwTDZpf2lMd3wm4EKY6GvKlBjlNbGLi7tglSywIHkjDsR3vRuWD72NV9xB57 lBDCnZ/avxqh0m+CZVZiN4dNLJXUTWlm5yceOtu4zZn+yQhdTdPonGhiK6B0TTuKtXTL I2DuNWPbFOLZBmTG1u8b0fUzyhAKO+4sTcO0hCY0nHAlMRGIczqqWRH/nnCsQ44wRyF/ 2L5GynyH9pGZ7O6yHv+7h14zM2SAfYegKZ8lPNit96L1+dL41ZSFY/r6j62riPJKAPGG KBvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pvjovdmDUdp4zPrJ2B/xrAzrYj6YQrDNCw62XXqkzzs=; b=uhPqKCR+E2XHMF/31kXKSdY8AFr8z99PkcEfC24YaolBB29KWFclDrp50fpLo9gbbs pMi3ly7ON9a9EDQJH9y3Y0yS6hKmJQlXoZ9eJw0KaBmzcjL4Vydnh2PIaY71XD2Rqs91 te+FuCUW4cpakD+B9+dD0cpXIllbhzPgC3X8IeuiHsE+rCBzSrLuBV/RQDvQ+R5N1p6c 9c35XerWCFD9hDhBLYu4sA2PyIRYwWyNqLee04a5+BqSdR4r0hyOwDaNQigp32bPJzWX PC06oXN71zetl02HinGbAJ4LWQYXY5q/lhgy6F9bSjeU+DaKBmTxw8KFWyCyoak3aTr1 ALog== X-Gm-Message-State: AOAM533cyWcMufm8a7cz0uzR+QDaENyM5q76PbAhgt4CapAPn4qnm97f 5I1StC2gmRxLCOHU7iPM0Og= X-Google-Smtp-Source: ABdhPJzmGhxUxkYtY5sWwuqlRBvyrcXJwCQ0EauQmG6L/P9shHvy+gefKtTiYgZmvQoUJ0RXMM0etQ== X-Received: by 2002:a17:906:f0d4:: with SMTP id dk20mr36279570ejb.199.1632240920503; Tue, 21 Sep 2021 09:15:20 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:20 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 03/19] selftests: Initial tcp_authopt test module Date: Tue, 21 Sep 2021 19:14:46 +0300 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This test suite is written as a standalone python3 package using dependencies such as scapy. The run.sh script wrapper called from kselftest infrastructure uses "tox" to generate an isolated virtual environment just for running these tests. The run.sh wrapper can be called from anywhere and does not rely on kselftest infrastructure. The python3 and tox packages be installed manually but not any other dependencies Signed-off-by: Leonard Crestez --- tools/testing/selftests/tcp_authopt/Makefile | 5 +++ .../testing/selftests/tcp_authopt/README.rst | 15 +++++++ tools/testing/selftests/tcp_authopt/config | 6 +++ .../selftests/tcp_authopt/requirements.txt | 40 +++++++++++++++++++ tools/testing/selftests/tcp_authopt/run.sh | 15 +++++++ tools/testing/selftests/tcp_authopt/setup.cfg | 17 ++++++++ tools/testing/selftests/tcp_authopt/setup.py | 5 +++ .../tcp_authopt/tcp_authopt_test/__init__.py | 0 8 files changed, 103 insertions(+) create mode 100644 tools/testing/selftests/tcp_authopt/Makefile create mode 100644 tools/testing/selftests/tcp_authopt/README.rst create mode 100644 tools/testing/selftests/tcp_authopt/config create mode 100644 tools/testing/selftests/tcp_authopt/requirements.txt create mode 100755 tools/testing/selftests/tcp_authopt/run.sh create mode 100644 tools/testing/selftests/tcp_authopt/setup.cfg create mode 100644 tools/testing/selftests/tcp_authopt/setup.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/__init__.py diff --git a/tools/testing/selftests/tcp_authopt/Makefile b/tools/testing/selftests/tcp_authopt/Makefile new file mode 100644 index 000000000000..391412071875 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/Makefile @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-2.0 +include ../lib.mk + +TEST_PROGS += ./run.sh +TEST_FILES := setup.py setup.cfg tcp_authopt_test diff --git a/tools/testing/selftests/tcp_authopt/README.rst b/tools/testing/selftests/tcp_authopt/README.rst new file mode 100644 index 000000000000..e9e4acc0a22a --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/README.rst @@ -0,0 +1,15 @@ +========================================= +Tests for linux TCP Authentication Option +========================================= + +Test suite is written in python3 using pytest and scapy. The test suite is +mostly self-contained as a python package. + +The recommended way to run this is the included `run.sh` script as root, this +will automatically create a virtual environment with the correct dependencies +using `tox`. + +An old separate version can be found here: https://github.com/cdleonard/tcp-authopt-test + +Integration with kselftest infrastructure is minimal: when in doubt just run +this separately. diff --git a/tools/testing/selftests/tcp_authopt/config b/tools/testing/selftests/tcp_authopt/config new file mode 100644 index 000000000000..0d4e5d47fa72 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/config @@ -0,0 +1,6 @@ +# RFC5925 TCP Authentication Option and all algorithms +CONFIG_TCP_AUTHOPT=y +CONFIG_CRYPTO_SHA1=M +CONFIG_CRYPTO_HMAC=M +CONFIG_CRYPTO_AES=M +CONFIG_CRYPTO_CMAC=M diff --git a/tools/testing/selftests/tcp_authopt/requirements.txt b/tools/testing/selftests/tcp_authopt/requirements.txt new file mode 100644 index 000000000000..e30c8d12cf2e --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/requirements.txt @@ -0,0 +1,40 @@ +# +# This file is autogenerated by pip-compile with python 3.8 +# To update, run: +# +# pip-compile +# +argparse==1.4.0 + # via nsenter +attrs==21.2.0 + # via pytest +cffi==1.14.6 + # via cryptography +contextlib2==21.6.0 + # via nsenter +cryptography==3.4.8 + # via tcp-authopt-test (setup.py) +iniconfig==1.1.1 + # via pytest +nsenter==0.2 + # via tcp-authopt-test (setup.py) +packaging==21.0 + # via pytest +pathlib==1.0.1 + # via nsenter +pluggy==0.13.1 + # via pytest +py==1.10.0 + # via pytest +pycparser==2.20 + # via cffi +pyparsing==2.4.7 + # via packaging +pytest==6.2.4 + # via tcp-authopt-test (setup.py) +scapy==2.4.5 + # via tcp-authopt-test (setup.py) +toml==0.10.2 + # via pytest +waiting==1.4.1 + # via tcp-authopt-test (setup.py) diff --git a/tools/testing/selftests/tcp_authopt/run.sh b/tools/testing/selftests/tcp_authopt/run.sh new file mode 100755 index 000000000000..b3448d678aa2 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/run.sh @@ -0,0 +1,15 @@ +#! /bin/bash +# +# Create virtualenv using tox and run pytest +# Accepts all args that pytest does +# + +if ! command -v tox >/dev/null; then + echo >&2 "error: please install the python tox package" + exit 1 +fi +if [[ $(id -u) -ne 0 ]]; then + echo >&2 "warning: running as non-root user is unlikely to work" +fi +cd "$(dirname "${BASH_SOURCE[0]}")" +exec tox -- -s --log-cli-level=DEBUG "$@" diff --git a/tools/testing/selftests/tcp_authopt/setup.cfg b/tools/testing/selftests/tcp_authopt/setup.cfg new file mode 100644 index 000000000000..258dfffab9a3 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/setup.cfg @@ -0,0 +1,17 @@ +[options] +install_requires= + cryptography + nsenter + pytest + scapy + waiting + +[tox:tox] +envlist = py3 + +[testenv] +commands = pytest {posargs} + +[metadata] +name = tcp-authopt-test +version = 0.1 diff --git a/tools/testing/selftests/tcp_authopt/setup.py b/tools/testing/selftests/tcp_authopt/setup.py new file mode 100644 index 000000000000..d5e50aa1ca5e --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/setup.py @@ -0,0 +1,5 @@ +#! /usr/bin/env python3 + +from setuptools import setup + +setup() diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/__init__.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 From patchwork Tue Sep 21 16:14:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508295 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98398C433F5 for ; Tue, 21 Sep 2021 16:20:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8113061100 for ; Tue, 21 Sep 2021 16:20:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234434AbhIUQVc (ORCPT ); Tue, 21 Sep 2021 12:21:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234419AbhIUQVI (ORCPT ); Tue, 21 Sep 2021 12:21:08 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C3A1AC061756; Tue, 21 Sep 2021 09:17:40 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id r5so6713743edi.10; Tue, 21 Sep 2021 09:17:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dLdOrq6p6YlC74JgT3Np29LL5CxIsdwa3KL77estloo=; b=Pt9xVQKOvbo778npQiES3OZYFWy9GPujeShjeRO7dOXNG9tds8ghExfQbxqalENHme Iqz7YG+KhabAfY5HZKjziKDm7u6DmFWCqi3YZ+1aA0EZ25raxePSYu85oHJTvy+ExP/S VBt8GucxoQplfT9R54EwcBTmR+MGlWblY2JgyQ0erEkThtl/p3XQhcTeUTAoAri0EPmi 47Re/rPICjvd3TgxtsXbTtkMyTO7yHYbXwo6TZ0xV/s7iJ0E1z8Nzo+b8Did35bXL1HP xzjm/558In1cJxJkswBwnBnbK0r2pM4AoigfzLJM09Do18Xtk0TGcdRptq3jC0Z8Rzwa /mUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dLdOrq6p6YlC74JgT3Np29LL5CxIsdwa3KL77estloo=; b=5b04Xlh2Dvunu4aAGy7sqUXXUzgJUDgubobfot5ljVp0c18ruOiWNOKCLvy61BE6Vr eZ6YcoTsILibs1KnBUEvxrj89vqe9YpKKi1hwEpvTY8zJzl3AZ9xPB+lJSkBn5kR9k1l TpozrzvrFZCgv0EnMTWzJ9Yw4Q0oPWxWIQLlyYL2Hur97pbx78PBKhlRM7Fv8p8+LvxW FejVc8EJeUeuakhvDKOuVMzXxEyaFJkIISTjO1zGdyA+adI4WtLJMzKWK0i6RbTOsNW1 8fo8mi67aRU/cs7AqrOBoeCfj6yU3kNzoNgFY8hLErqGtGQWwwmPZMrSdqxm2QggWPl8 SLWA== X-Gm-Message-State: AOAM533iJ+ODhG0uifKjpFgOoXTzw2qQeJOpnHmMwMknJae2ZtG0Wqwm dBEPTJ2Pvz6RdOKZwAdq5EY= X-Google-Smtp-Source: ABdhPJyGobVBpoZmZ0OkLX2I2OxqgiAEHCT+m7AJXeBfWN0NPaUS/9OM0odxWVHYwu0x7MTwqj/W5Q== X-Received: by 2002:a17:906:1c99:: with SMTP id g25mr35044598ejh.521.1632240922371; Tue, 21 Sep 2021 09:15:22 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:21 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 04/19] selftests: tcp_authopt: Initial sockopt manipulation Date: Tue, 21 Sep 2021 19:14:47 +0300 Message-Id: <1d55493c5879971355f31d6a8ac33612f07df500.1632240523.git.cdleonard@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Signed-off-by: Leonard Crestez --- .../tcp_authopt/tcp_authopt_test/conftest.py | 41 +++ .../tcp_authopt_test/linux_tcp_authopt.py | 238 ++++++++++++++++++ .../tcp_authopt/tcp_authopt_test/sockaddr.py | 112 +++++++++ .../tcp_authopt_test/test_sockopt.py | 185 ++++++++++++++ 4 files changed, 576 insertions(+) create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/conftest.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_authopt.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/sockaddr.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_sockopt.py diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/conftest.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/conftest.py new file mode 100644 index 000000000000..dfab5a631e34 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/conftest.py @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: GPL-2.0 +import logging +import os +from contextlib import ExitStack + +import pytest + +from .linux_tcp_authopt import has_tcp_authopt, enable_sysctl_tcp_authopt + +logger = logging.getLogger(__name__) + +skipif_missing_tcp_authopt = pytest.mark.skipif( + not has_tcp_authopt(), reason="Need CONFIG_TCP_AUTHOPT" +) + + +def can_capture(): + # This is too restrictive: + return os.geteuid() == 0 + + +skipif_cant_capture = pytest.mark.skipif( + not can_capture(), reason="run as root to capture packets" +) + + +@pytest.fixture +def exit_stack(): + """Return a contextlib.ExitStack as a pytest fixture + + This reduces indentation making code more readable + """ + with ExitStack() as exit_stack: + yield exit_stack + + +def pytest_configure(): + # Silence messages regarding netns enter/exit: + logging.getLogger("nsenter").setLevel(logging.INFO) + if has_tcp_authopt(): + enable_sysctl_tcp_authopt() diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_authopt.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_authopt.py new file mode 100644 index 000000000000..339298998ff9 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_authopt.py @@ -0,0 +1,238 @@ +# SPDX-License-Identifier: GPL-2.0 +"""Python wrapper around linux TCP_AUTHOPT ABI""" + +from dataclasses import dataclass +from ipaddress import IPv4Address, IPv6Address, ip_address +import socket +from enum import IntEnum, IntFlag +import errno +import logging +from .sockaddr import sockaddr_in, sockaddr_in6, sockaddr_storage, sockaddr_unpack +import typing +import struct + +logger = logging.getLogger(__name__) + + +def BIT(x): + return 1 << x + + +TCP_AUTHOPT = 38 +TCP_AUTHOPT_KEY = 39 + +TCP_AUTHOPT_MAXKEYLEN = 80 + + +class TCP_AUTHOPT_FLAG(IntFlag): + REJECT_UNEXPECTED = BIT(2) + + +class TCP_AUTHOPT_KEY_FLAG(IntFlag): + DEL = BIT(0) + EXCLUDE_OPTS = BIT(1) + BIND_ADDR = BIT(2) + + +class TCP_AUTHOPT_ALG(IntEnum): + HMAC_SHA_1_96 = 1 + AES_128_CMAC_96 = 2 + + +@dataclass +class tcp_authopt: + """Like linux struct tcp_authopt""" + + flags: int = 0 + sizeof = 4 + + def pack(self) -> bytes: + return struct.pack( + "I", + self.flags, + ) + + def __bytes__(self): + return self.pack() + + @classmethod + def unpack(cls, b: bytes): + tup = struct.unpack("I", b) + return cls(*tup) + + +def set_tcp_authopt(sock, opt: tcp_authopt): + return sock.setsockopt(socket.SOL_TCP, TCP_AUTHOPT, bytes(opt)) + + +def get_tcp_authopt(sock: socket.socket) -> tcp_authopt: + b = sock.getsockopt(socket.SOL_TCP, TCP_AUTHOPT, tcp_authopt.sizeof) + return tcp_authopt.unpack(b) + + +class tcp_authopt_key: + """Like linux struct tcp_authopt_key""" + + def __init__( + self, + flags: int = 0, + send_id: int = 0, + recv_id: int = 0, + alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, + key: bytes = b"", + addr: bytes = b"", + include_options=None, + ): + self.flags = flags + self.send_id = send_id + self.recv_id = recv_id + self.alg = alg + self.key = key + self.addr = addr + if include_options is not None: + self.include_options = include_options + + def pack(self): + if len(self.key) > TCP_AUTHOPT_MAXKEYLEN: + raise ValueError(f"Max key length is {TCP_AUTHOPT_MAXKEYLEN}") + data = struct.pack( + "IBBBB80s", + self.flags, + self.send_id, + self.recv_id, + self.alg, + len(self.key), + self.key, + ) + data += bytes(self.addrbuf.ljust(sockaddr_storage.sizeof, b"\x00")) + return data + + def __bytes__(self): + return self.pack() + + @property + def key(self) -> bytes: + return self._key + + @key.setter + def key(self, val: typing.Union[bytes, str]) -> bytes: + if isinstance(val, str): + val = val.encode("utf-8") + if len(val) > TCP_AUTHOPT_MAXKEYLEN: + raise ValueError(f"Max key length is {TCP_AUTHOPT_MAXKEYLEN}") + self._key = val + return val + + @property + def addr(self): + if not self.addrbuf: + return None + else: + return sockaddr_unpack(bytes(self.addrbuf)) + + @addr.setter + def addr(self, val): + if isinstance(val, bytes): + if len(val) > sockaddr_storage.sizeof: + raise ValueError(f"Must be up to {sockaddr_storage.sizeof}") + self.addrbuf = val + elif val is None: + self.addrbuf = b"" + elif isinstance(val, str): + self.addr = ip_address(val) + elif isinstance(val, IPv4Address): + self.addr = sockaddr_in(addr=val) + elif isinstance(val, IPv6Address): + self.addr = sockaddr_in6(addr=val) + elif ( + isinstance(val, sockaddr_in) + or isinstance(val, sockaddr_in6) + or isinstance(val, sockaddr_storage) + ): + self.addr = bytes(val) + else: + raise TypeError(f"Can't handle addr {val}") + return self.addr + + @property + def include_options(self) -> bool: + return (self.flags & TCP_AUTHOPT_KEY.EXCLUDE_OPTS) == 0 + + @include_options.setter + def include_options(self, value) -> bool: + if value: + self.flags &= ~TCP_AUTHOPT_KEY_FLAG.EXCLUDE_OPTS + else: + self.flags |= TCP_AUTHOPT_KEY_FLAG.EXCLUDE_OPTS + + @property + def delete_flag(self) -> bool: + return bool(self.flags & TCP_AUTHOPT_KEY_FLAG.DEL) + + @delete_flag.setter + def delete_flag(self, value) -> bool: + if value: + self.flags |= TCP_AUTHOPT_KEY_FLAG.DEL + else: + self.flags &= ~TCP_AUTHOPT_KEY_FLAG.DEL + + +def set_tcp_authopt_key(sock, key: tcp_authopt_key): + return sock.setsockopt(socket.SOL_TCP, TCP_AUTHOPT_KEY, bytes(key)) + + +def del_tcp_authopt_key(sock, key: tcp_authopt_key) -> bool: + """Try to delete an authopt key + + :return: True if a key was deleted, False if it was not present + """ + import copy + + key = copy.copy(key) + key.delete_flag = True + try: + sock.setsockopt(socket.SOL_TCP, TCP_AUTHOPT_KEY, bytes(key)) + return True + except OSError as e: + if e.errno == errno.ENOENT: + return False + raise + + +def get_sysctl_tcp_authopt() -> bool: + from pathlib import Path + + path = Path("/proc/sys/net/ipv4/tcp_authopt") + if path.exists(): + return path.read_text().strip() != "0" + + +def enable_sysctl_tcp_authopt() -> bool: + from pathlib import Path + + path = Path("/proc/sys/net/ipv4/tcp_authopt") + try: + if path.read_text().strip() == "0": + path.write_text("1") + except: + raise Exception("Failed to enable /proc/sys/net/ipv4/tcp_authopt") + + +def has_tcp_authopt() -> bool: + """Check is TCP_AUTHOPT is implemented by the OS + + Returns True if implemented but disabled by sysctl + Returns False if disabled at compile time + """ + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + try: + optbuf = bytes(4) + sock.setsockopt(socket.SOL_TCP, TCP_AUTHOPT, optbuf) + return True + except OSError as e: + if e.errno == errno.ENOPROTOOPT: + return False + elif e.errno == errno.EPERM and get_sysctl_tcp_authopt() is False: + return True + else: + raise diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/sockaddr.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/sockaddr.py new file mode 100644 index 000000000000..be1745ac10ab --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/sockaddr.py @@ -0,0 +1,112 @@ +# SPDX-License-Identifier: GPL-2.0 +"""pack/unpack wrappers for sockaddr""" +import socket +import struct +from dataclasses import dataclass +from ipaddress import IPv4Address, IPv6Address, ip_address + + +@dataclass +class sockaddr_in: + port: int + addr: IPv4Address + sizeof = 8 + + def __init__(self, port=0, addr=None): + self.port = port + if addr is None: + addr = IPv4Address(0) + self.addr = IPv4Address(addr) + + def pack(self): + return struct.pack("HH4s", socket.AF_INET, self.port, self.addr.packed) + + @classmethod + def unpack(cls, buffer): + family, port, addr_packed = struct.unpack("HH4s", buffer[:8]) + if family != socket.AF_INET: + raise ValueError(f"Must be AF_INET not {family}") + return cls(port, addr_packed) + + def __bytes__(self): + return self.pack() + + +@dataclass +class sockaddr_in6: + """Like sockaddr_in6 but for python. Always contains scope_id""" + + port: int + addr: IPv6Address + flowinfo: int + scope_id: int + sizeof = 28 + + def __init__(self, port=0, addr=None, flowinfo=0, scope_id=0): + self.port = port + if addr is None: + addr = IPv6Address(0) + self.addr = IPv6Address(addr) + self.flowinfo = flowinfo + self.scope_id = scope_id + + def pack(self): + return struct.pack( + "HHI16sI", + socket.AF_INET6, + self.port, + self.flowinfo, + self.addr.packed, + self.scope_id, + ) + + @classmethod + def unpack(cls, buffer): + family, port, flowinfo, addr_packed, scope_id = struct.unpack( + "HHI16sI", buffer[:28] + ) + if family != socket.AF_INET6: + raise ValueError(f"Must be AF_INET6 not {family}") + return cls(port, addr_packed, flowinfo=flowinfo, scope_id=scope_id) + + def __bytes__(self): + return self.pack() + + +@dataclass +class sockaddr_storage: + family: int + data: bytes + sizeof = 128 + + def pack(self): + return struct.pack("H126s", self.family, self.data) + + def __bytes__(self): + return self.pack() + + @classmethod + def unpack(cls, buffer): + return cls(*struct.unpack("H126s", buffer)) + + +def sockaddr_unpack(buffer: bytes): + """Unpack based on family""" + family = struct.unpack("H", buffer[:2])[0] + if family == socket.AF_INET: + return sockaddr_in.unpack(buffer) + elif family == socket.AF_INET6: + return sockaddr_in6.unpack(buffer) + else: + return sockaddr_storage.unpack(buffer) + + +def sockaddr_convert(val): + """Try to convert address into some sort of sockaddr""" + if isinstance(val, IPv4Address): + return sockaddr_in(addr=val) + if isinstance(val, IPv6Address): + return sockaddr_in6(addr=val) + if isinstance(val, str): + return sockaddr_convert(ip_address(val)) + raise TypeError(f"Don't know how to convert {val!r} to sockaddr") diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_sockopt.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_sockopt.py new file mode 100644 index 000000000000..dd389ae6055e --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_sockopt.py @@ -0,0 +1,185 @@ +# SPDX-License-Identifier: GPL-2.0 +"""Test TCP_AUTHOPT sockopt API""" +import errno +import socket +import struct +from ipaddress import IPv4Address, IPv6Address + +import pytest + +from .linux_tcp_authopt import ( + TCP_AUTHOPT, + TCP_AUTHOPT_KEY, + TCP_AUTHOPT_ALG, + TCP_AUTHOPT_FLAG, + TCP_AUTHOPT_KEY_FLAG, + set_tcp_authopt, + get_tcp_authopt, + set_tcp_authopt_key, + del_tcp_authopt_key, + tcp_authopt, + tcp_authopt_key, +) +from .sockaddr import sockaddr_in, sockaddr_in6, sockaddr_unpack +from .conftest import skipif_missing_tcp_authopt + +pytestmark = skipif_missing_tcp_authopt + + +def test_authopt_key_pack_noaddr(): + b = bytes(tcp_authopt_key(key=b"a\x00b")) + assert b[7] == 3 + assert b[8:13] == b"a\x00b\x00\x00" + + +def test_authopt_key_pack_addr(): + b = bytes(tcp_authopt_key(key=b"a\x00b", addr="10.0.0.1")) + assert struct.unpack("H", b[88:90])[0] == socket.AF_INET + assert sockaddr_unpack(b[88:]).addr == IPv4Address("10.0.0.1") + + +def test_authopt_key_pack_addr6(): + b = bytes(tcp_authopt_key(key=b"abc", addr="fd00::1")) + assert struct.unpack("H", b[88:90])[0] == socket.AF_INET6 + assert sockaddr_unpack(b[88:]).addr == IPv6Address("fd00::1") + + +def test_tcp_authopt_key_del_without_active(exit_stack): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + exit_stack.push(sock) + + # nothing happens: + key = tcp_authopt_key() + assert key.delete_flag is False + key.delete_flag = True + assert key.delete_flag is True + with pytest.raises(OSError) as e: + set_tcp_authopt_key(sock, key) + assert e.value.errno in [errno.EINVAL, errno.ENOENT] + + +def test_tcp_authopt_key_setdel(exit_stack): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + exit_stack.push(sock) + set_tcp_authopt(sock, tcp_authopt()) + + # delete returns ENOENT + key = tcp_authopt_key() + key.delete_flag = True + with pytest.raises(OSError) as e: + set_tcp_authopt_key(sock, key) + assert e.value.errno == errno.ENOENT + + key = tcp_authopt_key(send_id=1, recv_id=2) + set_tcp_authopt_key(sock, key) + # First delete works fine: + key.delete_flag = True + set_tcp_authopt_key(sock, key) + # Duplicate delete returns ENOENT + with pytest.raises(OSError) as e: + set_tcp_authopt_key(sock, key) + assert e.value.errno == errno.ENOENT + + +def test_get_tcp_authopt(): + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + with pytest.raises(OSError) as e: + sock.getsockopt(socket.SOL_TCP, TCP_AUTHOPT, 4) + assert e.value.errno == errno.ENOENT + + +def test_set_get_tcp_authopt_flags(): + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + # No flags by default + set_tcp_authopt(sock, tcp_authopt()) + opt = get_tcp_authopt(sock) + assert opt.flags == 0 + + # simple flags are echoed + goodflag = TCP_AUTHOPT_FLAG.REJECT_UNEXPECTED + set_tcp_authopt(sock, tcp_authopt(flags=goodflag)) + opt = get_tcp_authopt(sock) + assert opt.flags == goodflag + + # attempting to set a badflag returns an error and has no effect + badflag = 1 << 27 + with pytest.raises(OSError) as e: + set_tcp_authopt(sock, tcp_authopt(flags=badflag)) + opt = get_tcp_authopt(sock) + assert opt.flags == goodflag + + +def test_set_ipv6_key_on_ipv4(): + """Binding a key to an ipv6 address on an ipv4 socket makes no sense""" + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + key = tcp_authopt_key("abc") + key.flags = TCP_AUTHOPT_KEY_FLAG.BIND_ADDR + key.addr = IPv6Address("::1234") + with pytest.raises(OSError): + set_tcp_authopt_key(sock, key) + + +def test_set_ipv4_key_on_ipv6(): + """This could be implemented for ipv6-mapped-ipv4 but it is not + + TCP_MD5SIG has a similar limitation + """ + with socket.socket(socket.AF_INET6, socket.SOCK_STREAM) as sock: + key = tcp_authopt_key("abc") + key.flags = TCP_AUTHOPT_KEY_FLAG.BIND_ADDR + key.addr = IPv4Address("1.2.3.4") + with pytest.raises(OSError): + set_tcp_authopt_key(sock, key) + + +def test_authopt_key_badflags(): + """Don't pretend to handle unknown flags""" + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + with pytest.raises(OSError): + set_tcp_authopt_key(sock, tcp_authopt_key(flags=0xabcdef)) + + +def test_authopt_key_longer_bad(): + """Test that pass a longer sockopt with unknown data fails + + Old kernels won't pretend to handle features they don't know about + """ + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + key = tcp_authopt_key(alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, key="aaa") + optbuf = bytes(key) + optbuf = optbuf.ljust(len(optbuf) + 256, b"\x5a") + with pytest.raises(OSError): + sock.setsockopt(socket.SOL_TCP, TCP_AUTHOPT_KEY, optbuf) + + +def test_authopt_key_longer_zeros(): + """Test that passing a longer sockopt padded with zeros works + + This ensures applications using a larger struct tcp_authopt_key won't have + to pass a shorter optlen on old kernels. + """ + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + key = tcp_authopt_key(alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, key="aaa") + optbuf = bytes(key) + optbuf = optbuf.ljust(len(optbuf) + 256, b"\x00") + sock.setsockopt(socket.SOL_TCP, TCP_AUTHOPT_KEY, optbuf) + # the key was added and can be deleted normally + assert del_tcp_authopt_key(sock, key) == True + assert del_tcp_authopt_key(sock, key) == False + + +def test_authopt_longer_baddata(): + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + opt = tcp_authopt() + optbuf = bytes(opt) + optbuf = optbuf.ljust(len(optbuf) + 256, b"\x5a") + with pytest.raises(OSError): + sock.setsockopt(socket.SOL_TCP, TCP_AUTHOPT, optbuf) + + +def test_authopt_longer_zeros(): + with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: + opt = tcp_authopt() + optbuf = bytes(opt) + optbuf = optbuf.ljust(len(optbuf) + 256, b"\x00") + sock.setsockopt(socket.SOL_TCP, TCP_AUTHOPT, optbuf) From patchwork Tue Sep 21 16:14:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508215 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02B19C433EF for ; Tue, 21 Sep 2021 16:17:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D2D5F60F70 for ; Tue, 21 Sep 2021 16:17:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231297AbhIUQSg (ORCPT ); Tue, 21 Sep 2021 12:18:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33464 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234497AbhIUQSX (ORCPT ); Tue, 21 Sep 2021 12:18:23 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 02DB1C0613CF; Tue, 21 Sep 2021 09:16:51 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id g8so76403210edt.7; Tue, 21 Sep 2021 09:16:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=k7p7QaTSoTZWLvuDt7GtkWZSqdjOhyzdDvUctatw7Fo=; b=oWOFbYW1gjoYkv/W6G+lPtM4GuoH3Fcvu+QrAvbXISECYQ07E6LUrNaoSRCf6Lf+FX k3RVAcWwTF+9287kvXsT4XyUNoGDa6NM8V9JPAfkL4f2HPIoZLoas+QF6wvCj/526vj5 i1XOuxeX1GTDdbxigmdqRmF3A7HoD2mrQIyP+RW3Htvo1/twzYRVylT3paTJSAp9JTPN 8LOQs9gjvE/eGaBvfMKJZHdFxYlz/pDsnc4h60EnT4+kcZ1Q5Eq3jFtgK4chk8e31JoV lQelqyv0QI8zXPR/Gq0QWUnCR7MBB68KIt/oGpeabTps26I4VnXW37b0qZE0ZcyibVoP iGUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=k7p7QaTSoTZWLvuDt7GtkWZSqdjOhyzdDvUctatw7Fo=; b=Nouy6STaD1RY8Q4mr+CpgHWMWhTiIflVBhH7zd7z9x2/Ms+HRknL6WC8dEV6ix4qQ5 FsLCy3Ft948nMNbBJV2c5ydIqoE6Hlh04yWTvsh5JyzRozkpsoKiahSDH7Q+7qme+ZjV llKd/a4PXOd2zLoGkyHp2LH1ZCZ42MrNgT05y1IA+y5JIctqnYBsPwxm8JF3WDJ1xWB/ LXHtEw6zHayf1UIcAppLJlh1JWvsJulUewpLGmmOuxse6VMNOMQZ3dDc63MUS26WwAFb idzhhgZTtrwuyjwcJ2NU7OWL2OUWYj1b5mgAa/HSlGfFknbA+sPF9nPwdxBWmiOyC5s+ 5f/w== X-Gm-Message-State: AOAM531dX/Ty8auAcAs3ZSjRs+EC5/Jzdas1D0mVs2h2D8v1krAMYxO5 Mubopk/Kh5jn8NaDcLkZJaA= X-Google-Smtp-Source: ABdhPJxRqxWpjIVx7eTB5IaEK5vZ1zXnQx3Xwt+6BHoE6U+3ZhuLFloVnBcCqvRbaLZ/T8i12idO3Q== X-Received: by 2002:a17:906:a18f:: with SMTP id s15mr36911009ejy.269.1632240924153; Tue, 21 Sep 2021 09:15:24 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:23 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 05/19] tcp: authopt: Add crypto initialization Date: Tue, 21 Sep 2021 19:14:48 +0300 Message-Id: <5707b6b12d5329f43f76daaabbb270ea7ec3e640.1632240523.git.cdleonard@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The crypto_shash API is used in order to compute packet signatures. The API comes with several unfortunate limitations: 1) Allocating a crypto_shash can sleep and must be done in user context. 2) Packet signatures must be computed in softirq context 3) Packet signatures use dynamic "traffic keys" which require exclusive access to crypto_shash for crypto_setkey. The solution is to allocate one crypto_shash for each possible cpu for each algorithm at setsockopt time. The per-cpu tfm is then borrowed from softirq context, signatures are computed and the tfm is returned. The pool for each algorithm is allocated on first use. Signed-off-by: Leonard Crestez --- include/net/tcp_authopt.h | 15 ++++ net/ipv4/tcp_authopt.c | 167 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 182 insertions(+) diff --git a/include/net/tcp_authopt.h b/include/net/tcp_authopt.h index 19d304de18f8..f6d7d6fa50c0 100644 --- a/include/net/tcp_authopt.h +++ b/include/net/tcp_authopt.h @@ -2,10 +2,24 @@ #ifndef _LINUX_TCP_AUTHOPT_H #define _LINUX_TCP_AUTHOPT_H #include +/* According to RFC5925 the length of the authentication option varies based on + * the signature algorithm. Linux only implements the algorithms defined in + * RFC5926 which have a constant length of 16. + * + * This is used in stack allocation of tcp option buffers for output. It is + * shorter than the length of the MD5 option. + * + * Input packets can have authentication options of different lengths but they + * will always be flagged as invalid (since no such algorithms are supported). + */ +#define TCPOLEN_AUTHOPT_OUTPUT 16 + +struct tcp_authopt_alg_imp; + /** * struct tcp_authopt_key_info - Representation of a Master Key Tuple as per RFC5925 * * Key structure lifetime is only protected by RCU so readers needs to hold a * single rcu_read_lock until they're done with the key. @@ -18,10 +32,11 @@ struct tcp_authopt_key_info { u8 send_id, recv_id; u8 alg_id; u8 keylen; u8 key[TCP_AUTHOPT_MAXKEYLEN]; struct sockaddr_storage addr; + struct tcp_authopt_alg_imp *alg; }; /** * struct tcp_authopt_info - Per-socket information regarding tcp_authopt * diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c index a771e5754c8a..a682f88509aa 100644 --- a/net/ipv4/tcp_authopt.c +++ b/net/ipv4/tcp_authopt.c @@ -3,10 +3,164 @@ #include #include #include #include +/* All current algorithms have a mac length of 12 but crypto API digestsize can be larger */ +#define TCP_AUTHOPT_MAXMACBUF 20 +#define TCP_AUTHOPT_MAX_TRAFFIC_KEY_LEN 20 +#define TCP_AUTHOPT_MACLEN 12 + +/* Constant data with per-algorithm information from RFC5926 + * The "KDF" and "MAC" happen to be the same for both algorithms. + */ +struct tcp_authopt_alg_imp { + /* Name of algorithm in crypto-api */ + const char *alg_name; + /* One of the TCP_AUTHOPT_ALG_* constants from uapi */ + u8 alg_id; + /* Length of traffic key */ + u8 traffic_key_len; + + /* shared crypto_shash */ + struct mutex init_mutex; + bool init_done; + struct crypto_shash * __percpu *tfms; +}; + +static struct tcp_authopt_alg_imp tcp_authopt_alg_list[] = { + { + .alg_id = TCP_AUTHOPT_ALG_HMAC_SHA_1_96, + .alg_name = "hmac(sha1)", + .traffic_key_len = 20, + .init_mutex = __MUTEX_INITIALIZER(tcp_authopt_alg_list[0].init_mutex), + }, + { + .alg_id = TCP_AUTHOPT_ALG_AES_128_CMAC_96, + .alg_name = "cmac(aes)", + .traffic_key_len = 16, + .init_mutex = __MUTEX_INITIALIZER(tcp_authopt_alg_list[1].init_mutex), + }, +}; + +/* get a pointer to the tcp_authopt_alg instance or NULL if id invalid */ +static inline struct tcp_authopt_alg_imp *tcp_authopt_alg_get(int alg_num) +{ + if (alg_num <= 0 || alg_num > 2) + return NULL; + return &tcp_authopt_alg_list[alg_num - 1]; +} + +static void __tcp_authopt_alg_free(struct tcp_authopt_alg_imp *alg) +{ + int cpu; + struct crypto_shash *tfm; + + if (!alg->tfms) + return; + for_each_possible_cpu(cpu) { + tfm = *per_cpu_ptr(alg->tfms, cpu); + if (tfm) { + crypto_free_shash(tfm); + *per_cpu_ptr(alg->tfms, cpu) = NULL; + } + } + free_percpu(alg->tfms); + alg->tfms = NULL; +} + +static int __tcp_authopt_alg_init(struct tcp_authopt_alg_imp *alg) +{ + struct crypto_shash *tfm; + int cpu; + int err; + + BUILD_BUG_ON(TCP_AUTHOPT_MAXMACBUF < TCPOLEN_AUTHOPT_OUTPUT); + if (WARN_ON_ONCE(alg->traffic_key_len > TCP_AUTHOPT_MAX_TRAFFIC_KEY_LEN)) + return -ENOBUFS; + + alg->tfms = alloc_percpu(struct crypto_shash*); + if (!alg->tfms) + return -ENOMEM; + for_each_possible_cpu(cpu) { + tfm = crypto_alloc_shash(alg->alg_name, 0, 0); + if (IS_ERR(tfm)) { + err = PTR_ERR(tfm); + goto out_err; + } + + /* sanity checks: */ + if (WARN_ON_ONCE(crypto_shash_digestsize(tfm) != alg->traffic_key_len)) { + err = -EINVAL; + goto out_err; + } + if (WARN_ON_ONCE(crypto_shash_digestsize(tfm) > TCP_AUTHOPT_MAXMACBUF)) { + err = -EINVAL; + goto out_err; + } + + *per_cpu_ptr(alg->tfms, cpu) = tfm; + } + return 0; + +out_err: + __tcp_authopt_alg_free(alg); + return err; +} + +static int tcp_authopt_alg_require(struct tcp_authopt_alg_imp *alg) +{ + int err = 0; + + mutex_lock(&alg->init_mutex); + if (alg->init_done) + goto out; + err = __tcp_authopt_alg_init(alg); + if (err) + goto out; + pr_info("initialized tcp-ao algorithm %s", alg->alg_name); + alg->init_done = true; + +out: + mutex_unlock(&alg->init_mutex); + return err; +} + +static struct crypto_shash *tcp_authopt_alg_get_tfm(struct tcp_authopt_alg_imp *alg) +{ + preempt_disable(); + return *this_cpu_ptr(alg->tfms); +} + +static void tcp_authopt_alg_put_tfm(struct tcp_authopt_alg_imp *alg, struct crypto_shash *tfm) +{ + WARN_ON(tfm != *this_cpu_ptr(alg->tfms)); + preempt_enable(); +} + +static struct crypto_shash *tcp_authopt_get_kdf_shash(struct tcp_authopt_key_info *key) +{ + return tcp_authopt_alg_get_tfm(key->alg); +} + +static void tcp_authopt_put_kdf_shash(struct tcp_authopt_key_info *key, + struct crypto_shash *tfm) +{ + return tcp_authopt_alg_put_tfm(key->alg, tfm); +} + +static struct crypto_shash *tcp_authopt_get_mac_shash(struct tcp_authopt_key_info *key) +{ + return tcp_authopt_alg_get_tfm(key->alg); +} + +static void tcp_authopt_put_mac_shash(struct tcp_authopt_key_info *key, + struct crypto_shash *tfm) +{ + return tcp_authopt_alg_put_tfm(key->alg, tfm); +} + /* checks that ipv4 or ipv6 addr matches. */ static bool ipvx_addr_match(struct sockaddr_storage *a1, struct sockaddr_storage *a2) { if (a1->ss_family != a2->ss_family) @@ -201,10 +355,12 @@ void tcp_authopt_clear(struct sock *sk) int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen) { struct tcp_authopt_key opt; struct tcp_authopt_info *info; struct tcp_authopt_key_info *key_info, *old_key_info; + struct tcp_authopt_alg_imp *alg; + int err; sock_owned_by_me(sk); err = _copy_from_sockptr_tolerant((u8*)&opt, sizeof(opt), optval, optlen); if (err) @@ -237,10 +393,20 @@ int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen) /* Initialize tcp_authopt_info if not already set */ info = __tcp_authopt_info_get_or_create(sk); if (IS_ERR(info)) return PTR_ERR(info); + /* check the algorithm */ + alg = tcp_authopt_alg_get(opt.alg); + if (!alg) + return -EINVAL; + if (WARN_ON_ONCE(alg->alg_id != opt.alg)) + return -EINVAL; + err = tcp_authopt_alg_require(alg); + if (err) + return err; + key_info = sock_kmalloc(sk, sizeof(*key_info), GFP_KERNEL | __GFP_ZERO); if (!key_info) return -ENOMEM; /* If an old key exists with exact ID then remove and replace. * RCU-protected readers might observe both and pick any. @@ -249,10 +415,11 @@ int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen) tcp_authopt_key_del(sk, info, old_key_info); key_info->flags = opt.flags & TCP_AUTHOPT_KEY_KNOWN_FLAGS; key_info->send_id = opt.send_id; key_info->recv_id = opt.recv_id; key_info->alg_id = opt.alg; + key_info->alg = alg; key_info->keylen = opt.keylen; memcpy(key_info->key, opt.key, opt.keylen); memcpy(&key_info->addr, &opt.addr, sizeof(key_info->addr)); hlist_add_head_rcu(&key_info->node, &info->head); From patchwork Tue Sep 21 16:14:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508211 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04C3FC433EF for ; Tue, 21 Sep 2021 16:16:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DFB3E61247 for ; Tue, 21 Sep 2021 16:16:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234355AbhIUQSJ (ORCPT ); Tue, 21 Sep 2021 12:18:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33440 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234320AbhIUQSJ (ORCPT ); Tue, 21 Sep 2021 12:18:09 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A996C061574; Tue, 21 Sep 2021 09:16:39 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id ee50so2724068edb.13; Tue, 21 Sep 2021 09:16:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=i+2XaMp8zEe7pN5i1R34rQO2tivU8lvGAikorqVDp2A=; b=KLnpQD9aVzauAyVxhjEcYEK1RLf9w41ZNg7VmAGTQocHRoOqixDzVuTCNs9AER4rrQ FbaYLDVBh2DpPl3CYtvCMu+gIX/bQaCi3oMsmLr4fr7FFzS83eK9BF9AqTS7S9R0Nj66 gTRa3PEK9/7PclTCUgITL/2pkp4auiM1QxFleEd++TdMrDUwgHmaNmsSbTmMf2KHGaXV D2a0WBCkqkefgHEdAfemiaE/Wmg5Rr6UgSQ1aCEdR5lu+Tfac6OjPcW81AcCCvhXFRbQ E9TIt9/sbhdLubZ24JwC6bImS6ow85E2yKy23snOGbGuC+VCfCZQ41ibHo+7xtFOFSfj cq1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=i+2XaMp8zEe7pN5i1R34rQO2tivU8lvGAikorqVDp2A=; b=UX7QGrX5dvtuLnmum1DQj2hWbQLRm+98KtecK35KA4gZim5MSvKs/tn5RBsLkVW2sQ VYx6QvhoHhxez7lb0ko+12S6YHpM0i25P1xSgnzdvMUGP1c67qej0YrQOQxeOQr3Nv3G z/LKaHv8HVeQnhMJnxGnzBraueuva6dnqzt8NBRjxsxzkquNv7WXyn25fcWr1t003nwe YyQEYrzt+61evJjVBPaFf3nKsNBZwEAkSdLNBq+DEwRgivmcdHwDgwmujYkkEDFTWO+Y E088cB0Cdh5kkS8CEyKM9aOColjoe66ScsBCzgSgGi/bBzFa/dDpfFH745/gHHkxUlYs kFTQ== X-Gm-Message-State: AOAM533rsAYznToBGwjRab4XuPZJWvQ6lWhwqOaquQ+Ks9nribrRekDp NAYn+OcAwowZYiFdDkkuCw0= X-Google-Smtp-Source: ABdhPJwqBDfW2JaCNfO0mwkMLSn4nptTEDPxvYkRmapiii8z1FUDSMZQtmZOLMVmCVu9h6S33T/7zg== X-Received: by 2002:a50:cf4c:: with SMTP id d12mr9903850edk.115.1632240925999; Tue, 21 Sep 2021 09:15:25 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:25 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 06/19] tcp: authopt: Compute packet signatures Date: Tue, 21 Sep 2021 19:14:49 +0300 Message-Id: <360fa64e6ea4ee36929ad42ec8a412f59f391f33.1632240523.git.cdleonard@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Computing tcp authopt packet signatures is a two step process: * traffic key is computed based on tcp 4-tuple, initial sequence numbers and the secret key. * packet mac is computed based on traffic key and content of individual packets. The traffic key could be cached for established sockets but it is not. A single code path exists for ipv4/ipv6 and input/output. This keeps the code short but slightly slower due to lots of conditionals. On output we read remote IP address from socket members on output, we can't use skb network header because it's computed after TCP options. On input we read remote IP address from skb network headers, we can't use socket binding members because those are not available for SYN. Signed-off-by: Leonard Crestez --- net/ipv4/tcp_authopt.c | 510 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 510 insertions(+) diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c index a682f88509aa..e2fd851b687b 100644 --- a/net/ipv4/tcp_authopt.c +++ b/net/ipv4/tcp_authopt.c @@ -423,5 +423,515 @@ int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen) memcpy(&key_info->addr, &opt.addr, sizeof(key_info->addr)); hlist_add_head_rcu(&key_info->node, &info->head); return 0; } + +static int tcp_authopt_get_isn(struct sock *sk, + struct sk_buff *skb, + int input, + __be32 *sisn, + __be32 *disn) +{ + struct tcp_authopt_info *authopt_info; + struct tcphdr *th = tcp_hdr(skb); + + /* special cases for SYN and SYN/ACK */ + if (th->syn && !th->ack) { + *sisn = th->seq; + *disn = 0; + return 0; + } + if (th->syn && th->ack) { + *sisn = th->seq; + *disn = htonl(ntohl(th->ack_seq) - 1); + return 0; + } + + /* Fetching authopt_info like this should be safe because authopt_info + * is never released intil the socket is being closed + * + * tcp_timewait_sock is handled but not tcp_request_sock. + * for the synack case sk should be the listen socket. + */ + rcu_read_lock(); + if (sk->sk_state == TCP_TIME_WAIT) + authopt_info = tcp_twsk(sk)->tw_authopt_info; + else if (unlikely(sk->sk_state == TCP_NEW_SYN_RECV)) { + /* should never happen, sk should be the listen socket */ + authopt_info = NULL; + WARN_ONCE(1, "TCP-AO can't sign with request sock\n"); + return -EINVAL; + } else if (sk->sk_state == TCP_LISTEN) { + /* Signature computation for non-syn packet on a listen + * socket is not possible because we lack the initial + * sequence numbers. + * + * Input segments that are not matched by any request, + * established or timewait socket will get here. These + * are not normally sent by peers. + * + * Their signature might be valid but we don't have + * enough state to determine that. TCP-MD5 can attempt + * to validate and reply with a signed RST because it + * doesn't care about ISNs. + * + * Reporting an error from signature code causes the + * packet to be discarded which is good. + */ + if (input) { + /* Assume this is an ACK to a SYN/ACK + * This will incorrectly report "failed + * signature" for segments without a connection. + */ + *sisn = htonl(ntohl(th->seq) - 1); + *disn = htonl(ntohl(th->ack_seq) - 1); + rcu_read_unlock(); + return 0; + } else { + /* This would be an internal bug. */ + authopt_info = NULL; + WARN_ONCE(1, "TCP-AO can't sign non-syn from TCP_LISTEN sock\n"); + return -EINVAL; + } + } else + authopt_info = rcu_dereference(tcp_sk(sk)->authopt_info); + if (!authopt_info) { + rcu_read_unlock(); + return -EINVAL; + } + /* Initial sequence numbers for ESTABLISHED connections from info */ + if (input) { + *sisn = htonl(authopt_info->dst_isn); + *disn = htonl(authopt_info->src_isn); + } else { + *sisn = htonl(authopt_info->src_isn); + *disn = htonl(authopt_info->dst_isn); + } + rcu_read_unlock(); + return 0; +} + +/* feed traffic key into shash */ +static int tcp_authopt_shash_traffic_key(struct shash_desc *desc, + struct sock *sk, + struct sk_buff *skb, + bool input, + bool ipv6) +{ + struct tcphdr *th = tcp_hdr(skb); + int err; + __be32 sisn, disn; + __be16 digestbits = htons(crypto_shash_digestsize(desc->tfm) * 8); + + // RFC5926 section 3.1.1.1 + err = crypto_shash_update(desc, "\x01TCP-AO", 7); + if (err) + return err; + + /* Addresses from packet on input and from sk_common on output + * This is because on output MAC is computed before prepending IP header + */ + if (input) { + if (ipv6) + err = crypto_shash_update(desc, (u8 *)&ipv6_hdr(skb)->saddr, 32); + else + err = crypto_shash_update(desc, (u8 *)&ip_hdr(skb)->saddr, 8); + if (err) + return err; + } else { + if (ipv6) { + err = crypto_shash_update(desc, (u8 *)&sk->sk_v6_rcv_saddr, 16); + if (err) + return err; + err = crypto_shash_update(desc, (u8 *)&sk->sk_v6_daddr, 16); + if (err) + return err; + } else { + err = crypto_shash_update(desc, (u8 *)&sk->sk_rcv_saddr, 4); + if (err) + return err; + err = crypto_shash_update(desc, (u8 *)&sk->sk_daddr, 4); + if (err) + return err; + } + } + + /* TCP ports from header */ + err = crypto_shash_update(desc, (u8 *)&th->source, 4); + if (err) + return err; + err = tcp_authopt_get_isn(sk, skb, input, &sisn, &disn); + if (err) + return err; + err = crypto_shash_update(desc, (u8 *)&sisn, 4); + if (err) + return err; + err = crypto_shash_update(desc, (u8 *)&disn, 4); + if (err) + return err; + err = crypto_shash_update(desc, (u8 *)&digestbits, 2); + if (err) + return err; + + return 0; +} + +/* Convert a variable-length key to a 16-byte fixed-length key for AES-CMAC + * This is described in RFC5926 section 3.1.1.2 + */ +static int aes_setkey_derived(struct crypto_shash *tfm, u8 *key, size_t keylen) +{ + static const u8 zeros[16] = {0}; + u8 derived_key[16]; + int err; + + if (WARN_ON_ONCE(crypto_shash_digestsize(tfm) != 16)) + return -EINVAL; + err = crypto_shash_setkey(tfm, zeros, sizeof(zeros)); + if (err) + return err; + err = crypto_shash_tfm_digest(tfm, key, keylen, derived_key); + if (err) + return err; + return crypto_shash_setkey(tfm, derived_key, sizeof(derived_key)); +} + +static int tcp_authopt_setkey(struct crypto_shash *tfm, struct tcp_authopt_key_info *key) +{ + if (key->alg_id == TCP_AUTHOPT_ALG_AES_128_CMAC_96 && key->keylen != 16) + return aes_setkey_derived(tfm, key->key, key->keylen); + else + return crypto_shash_setkey(tfm, key->key, key->keylen); +} + +static int tcp_authopt_get_traffic_key(struct sock *sk, + struct sk_buff *skb, + struct tcp_authopt_key_info *key, + bool input, + bool ipv6, + u8 *traffic_key) +{ + SHASH_DESC_ON_STACK(desc, kdf_tfm); + struct crypto_shash *kdf_tfm; + int err; + + kdf_tfm = tcp_authopt_get_kdf_shash(key); + if (IS_ERR(kdf_tfm)) + return PTR_ERR(kdf_tfm); + + err = tcp_authopt_setkey(kdf_tfm, key); + if (err) + goto out; + + desc->tfm = kdf_tfm; + err = crypto_shash_init(desc); + if (err) + goto out; + + err = tcp_authopt_shash_traffic_key(desc, sk, skb, input, ipv6); + if (err) + goto out; + + err = crypto_shash_final(desc, traffic_key); + if (err) + goto out; + +out: + tcp_authopt_put_kdf_shash(key, kdf_tfm); + return err; +} + +static int crypto_shash_update_zero(struct shash_desc *desc, int len) +{ + u8 zero = 0; + int i, err; + + for (i = 0; i < len; ++i) { + err = crypto_shash_update(desc, &zero, 1); + if (err) + return err; + } + + return 0; +} + +static int tcp_authopt_hash_tcp4_pseudoheader(struct shash_desc *desc, + __be32 saddr, + __be32 daddr, + int nbytes) +{ + struct tcp4_pseudohdr phdr = { + .saddr = saddr, + .daddr = daddr, + .pad = 0, + .protocol = IPPROTO_TCP, + .len = htons(nbytes) + }; + return crypto_shash_update(desc, (u8 *)&phdr, sizeof(phdr)); +} + +static int tcp_authopt_hash_tcp6_pseudoheader(struct shash_desc *desc, + struct in6_addr *saddr, + struct in6_addr *daddr, + u32 plen) +{ + int err; + __be32 buf[2]; + + buf[0] = htonl(plen); + buf[1] = htonl(IPPROTO_TCP); + + err = crypto_shash_update(desc, (u8 *)saddr, sizeof(*saddr)); + if (err) + return err; + err = crypto_shash_update(desc, (u8 *)daddr, sizeof(*daddr)); + if (err) + return err; + return crypto_shash_update(desc, (u8 *)&buf, sizeof(buf)); +} + +/* TCP authopt as found in header */ +struct tcphdr_authopt { + u8 num; + u8 len; + u8 keyid; + u8 rnextkeyid; + u8 mac[0]; +}; + +/* Find TCP_AUTHOPT in header. + * + * Returns pointer to TCP_AUTHOPT or NULL if not found. + */ +static u8 *tcp_authopt_find_option(struct tcphdr *th) +{ + int length = (th->doff << 2) - sizeof(*th); + u8 *ptr = (u8 *)(th + 1); + + while (length >= 2) { + int opcode = *ptr++; + int opsize; + + switch (opcode) { + case TCPOPT_EOL: + return NULL; + case TCPOPT_NOP: + length--; + continue; + default: + if (length < 2) + return NULL; + opsize = *ptr++; + if (opsize < 2) + return NULL; + if (opsize > length) + return NULL; + if (opcode == TCPOPT_AUTHOPT) + return ptr - 2; + } + ptr += opsize - 2; + length -= opsize; + } + return NULL; +} + +/** Hash tcphdr options. + * If include_options is false then only the TCPOPT_AUTHOPT option itself is hashed + * Maybe we could skip option parsing by assuming the AUTHOPT header is at hash_location-4? + */ +static int tcp_authopt_hash_opts(struct shash_desc *desc, + struct tcphdr *th, + bool include_options) +{ + int err; + /* start of options */ + u8 *tcp_opts = (u8 *)(th + 1); + /* end of options */ + u8 *tcp_data = ((u8 *)th) + th->doff * 4; + /* pointer to TCPOPT_AUTHOPT */ + u8 *authopt_ptr = tcp_authopt_find_option(th); + u8 authopt_len; + + if (!authopt_ptr) + return -EINVAL; + authopt_len = *(authopt_ptr + 1); + + if (include_options) { + err = crypto_shash_update(desc, tcp_opts, authopt_ptr - tcp_opts + 4); + if (err) + return err; + err = crypto_shash_update_zero(desc, authopt_len - 4); + if (err) + return err; + err = crypto_shash_update(desc, + authopt_ptr + authopt_len, + tcp_data - (authopt_ptr + authopt_len)); + if (err) + return err; + } else { + err = crypto_shash_update(desc, authopt_ptr, 4); + if (err) + return err; + err = crypto_shash_update_zero(desc, authopt_len - 4); + if (err) + return err; + } + + return 0; +} + +static int skb_shash_frags(struct shash_desc *desc, + struct sk_buff *skb) +{ + struct sk_buff *frag_iter; + int err, i; + + for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { + skb_frag_t *f = &skb_shinfo(skb)->frags[i]; + u32 p_off, p_len, copied; + struct page *p; + u8 *vaddr; + + skb_frag_foreach_page(f, skb_frag_off(f), skb_frag_size(f), + p, p_off, p_len, copied) { + vaddr = kmap_atomic(p); + err = crypto_shash_update(desc, vaddr + p_off, p_len); + kunmap_atomic(vaddr); + if (err) + return err; + } + } + + skb_walk_frags(skb, frag_iter) { + err = skb_shash_frags(desc, frag_iter); + if (err) + return err; + } + + return 0; +} + +static int tcp_authopt_hash_packet(struct crypto_shash *tfm, + struct sock *sk, + struct sk_buff *skb, + bool input, + bool ipv6, + bool include_options, + u8 *macbuf) +{ + struct tcphdr *th = tcp_hdr(skb); + SHASH_DESC_ON_STACK(desc, tfm); + int err; + + /* NOTE: SNE unimplemented */ + __be32 sne = 0; + + desc->tfm = tfm; + err = crypto_shash_init(desc); + if (err) + return err; + + err = crypto_shash_update(desc, (u8 *)&sne, 4); + if (err) + return err; + + if (ipv6) { + struct in6_addr *saddr; + struct in6_addr *daddr; + + if (input) { + saddr = &ipv6_hdr(skb)->saddr; + daddr = &ipv6_hdr(skb)->daddr; + } else { + saddr = &sk->sk_v6_rcv_saddr; + daddr = &sk->sk_v6_daddr; + } + err = tcp_authopt_hash_tcp6_pseudoheader(desc, saddr, daddr, skb->len); + if (err) + return err; + } else { + __be32 saddr; + __be32 daddr; + + if (input) { + saddr = ip_hdr(skb)->saddr; + daddr = ip_hdr(skb)->daddr; + } else { + saddr = sk->sk_rcv_saddr; + daddr = sk->sk_daddr; + } + err = tcp_authopt_hash_tcp4_pseudoheader(desc, saddr, daddr, skb->len); + if (err) + return err; + } + + // TCP header with checksum set to zero + { + struct tcphdr hashed_th = *th; + + hashed_th.check = 0; + err = crypto_shash_update(desc, (u8 *)&hashed_th, sizeof(hashed_th)); + if (err) + return err; + } + + // TCP options + err = tcp_authopt_hash_opts(desc, th, include_options); + if (err) + return err; + + // Rest of SKB->data + err = crypto_shash_update(desc, (u8 *)th + th->doff * 4, skb_headlen(skb) - th->doff * 4); + if (err) + return err; + + err = skb_shash_frags(desc, skb); + if (err) + return err; + + return crypto_shash_final(desc, macbuf); +} + +/** + * __tcp_authopt_calc_mac - Compute packet MAC using key + * + * @macbuf: output buffer. Must be large enough to fit the digestsize of the + * underlying transform before truncation. Please use TCP_AUTHOPT_MAXMACBUF + */ +static int __tcp_authopt_calc_mac(struct sock *sk, + struct sk_buff *skb, + struct tcp_authopt_key_info *key, + bool input, + char *macbuf) +{ + struct crypto_shash *mac_tfm; + u8 traffic_key[TCP_AUTHOPT_MAX_TRAFFIC_KEY_LEN]; + int err; + bool ipv6 = (sk->sk_family != AF_INET); + + if (sk->sk_family != AF_INET && sk->sk_family != AF_INET6) + return -EINVAL; + + err = tcp_authopt_get_traffic_key(sk, skb, key, input, ipv6, traffic_key); + if (err) + return err; + + mac_tfm = tcp_authopt_get_mac_shash(key); + if (IS_ERR(mac_tfm)) + return PTR_ERR(mac_tfm); + err = crypto_shash_setkey(mac_tfm, traffic_key, key->alg->traffic_key_len); + if (err) + goto out; + + err = tcp_authopt_hash_packet(mac_tfm, + sk, + skb, + input, + ipv6, + !(key->flags & TCP_AUTHOPT_KEY_EXCLUDE_OPTS), + macbuf); + +out: + tcp_authopt_put_mac_shash(key, mac_tfm); + return err; +} From patchwork Tue Sep 21 16:14:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508221 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F739C4332F for ; Tue, 21 Sep 2021 16:17:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4BB1960F70 for ; Tue, 21 Sep 2021 16:17:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234518AbhIUQSi (ORCPT ); Tue, 21 Sep 2021 12:18:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33474 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234406AbhIUQSY (ORCPT ); Tue, 21 Sep 2021 12:18:24 -0400 Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2CB9C061575; Tue, 21 Sep 2021 09:16:55 -0700 (PDT) Received: by mail-ed1-x52a.google.com with SMTP id bx4so32130791edb.4; Tue, 21 Sep 2021 09:16:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=TGD8Zo75Jqbv0QbP3e07tR+UA7kcSP/jAo1qSepcsg0=; b=o6Gnq8aO5EKMmhVC6JlNVFLIi38nSs4NO06S/ZR4FQaS5VC3ZobovlTvItuXPms6MF oBexTps/VF53ijhaDTf/5ILlr2d8KKohzgFnTPRsIqyk2NJ6x5errU+rGUGiuejrbGqx QA6ziZW5WIrZ4k7AhIWVvIFvS2llkkVFfVTMZCn8xuFBt3+hyX07TW4vmkLQun9PcWTM 6fRY2QY3Egbk1iqDYM65CuXisOuq5t1fXQTrAdRCfJZiUUwGpjxwhl/aI5HepHB7TNUG 3FJYdhZdxUwYI77p1Tp6vdTlCYOlBOrUadQO0H73nvA6lzptS6nWiigoP1R+XZNXzWyI +PIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TGD8Zo75Jqbv0QbP3e07tR+UA7kcSP/jAo1qSepcsg0=; b=Gg751N8Ua11NfXfjj24sfPx4p3WCQo05YRFCBQxAmG+E3I5dMnwOc3L5CJRp1327n3 a3vCQeJQDZBf0gYr9gt6uSA9SEit/1Qvs1Csyvbe7yjYn7YZmxVZ57pwZ+WY57cQeJu3 Tm2IqQILlbtaTvEO/NWdx5O38vltR6bz5vJ6GlNYyPgb12N1YveSY2nABapGHpT1ymGe r7shhVTfLCa1LlUMONvGeJuS3bT3zdEiCMDqWCBZpLMQ3x30LSZRn1BypbpNxoiwTIqX obc5odySezDV523bJ+qaZgPfOoIJdhCxfwjUeS7mO4dfrP04hpPTRtISx+lhRgQpogP+ l+rw== X-Gm-Message-State: AOAM533HD9HHHWaUggadlj+atXwOOIrAAWjnd+Fdxe4RnjnLlN7ctgQI CtqPxEeFocbzJyY6CGMaqfs= X-Google-Smtp-Source: ABdhPJyjleb8Vgy1RwZzojdy2jTfZ1xXgVF64XtFZVGfGDAJh2MYf20nAa7qFABwIL/zai0UiFzWjg== X-Received: by 2002:aa7:c80d:: with SMTP id a13mr35625949edt.71.1632240927906; Tue, 21 Sep 2021 09:15:27 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:27 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 07/19] tcp: authopt: Hook into tcp core Date: Tue, 21 Sep 2021 19:14:50 +0300 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The tcp_authopt features exposes a minimal interface to the rest of the TCP stack. Only a few functions are exposed and if the feature is disabled they return neutral values, avoiding ifdefs in the rest of the code. Add calls into tcp authopt from send, receive and accept code. Signed-off-by: Leonard Crestez --- include/net/tcp_authopt.h | 103 +++++++++++++++ include/uapi/linux/snmp.h | 1 + net/ipv4/proc.c | 1 + net/ipv4/tcp_authopt.c | 263 ++++++++++++++++++++++++++++++++++++++ net/ipv4/tcp_input.c | 17 +++ net/ipv4/tcp_ipv4.c | 20 ++- net/ipv4/tcp_minisocks.c | 12 ++ net/ipv4/tcp_output.c | 80 +++++++++++- net/ipv6/tcp_ipv6.c | 21 ++- 9 files changed, 512 insertions(+), 6 deletions(-) diff --git a/include/net/tcp_authopt.h b/include/net/tcp_authopt.h index f6d7d6fa50c0..263f98c3a1a8 100644 --- a/include/net/tcp_authopt.h +++ b/include/net/tcp_authopt.h @@ -51,28 +51,131 @@ struct tcp_authopt_info { u32 src_isn; u32 dst_isn; }; #ifdef CONFIG_TCP_AUTHOPT +DECLARE_STATIC_KEY_FALSE(tcp_authopt_needed); + +void tcp_authopt_free(struct sock *sk, struct tcp_authopt_info *info); void tcp_authopt_clear(struct sock *sk); int tcp_set_authopt(struct sock *sk, sockptr_t optval, unsigned int optlen); int tcp_get_authopt_val(struct sock *sk, struct tcp_authopt *key); int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen); +struct tcp_authopt_key_info *__tcp_authopt_select_key( + const struct sock *sk, + struct tcp_authopt_info *info, + const struct sock *addr_sk, + u8 *rnextkeyid); +static inline struct tcp_authopt_key_info *tcp_authopt_select_key( + const struct sock *sk, + const struct sock *addr_sk, + u8 *rnextkeyid) +{ + if (static_branch_unlikely(&tcp_authopt_needed)) { + struct tcp_authopt_info *info = rcu_dereference(tcp_sk(sk)->authopt_info); + + if (info) + return __tcp_authopt_select_key(sk, info, addr_sk, rnextkeyid); + } + return NULL; +} +int tcp_authopt_hash( + char *hash_location, + struct tcp_authopt_key_info *key, + struct sock *sk, struct sk_buff *skb); +int __tcp_authopt_openreq(struct sock *newsk, const struct sock *oldsk, struct request_sock *req); +static inline int tcp_authopt_openreq( + struct sock *newsk, + const struct sock *oldsk, + struct request_sock *req) +{ + if (!rcu_dereference(tcp_sk(oldsk)->authopt_info)) + return 0; + else + return __tcp_authopt_openreq(newsk, oldsk, req); +} +static inline void tcp_authopt_time_wait( + struct tcp_timewait_sock *tcptw, + struct tcp_sock *tp) +{ + if (static_branch_unlikely(&tcp_authopt_needed)) { + /* Transfer ownership of authopt_info to the twsk + * This requires no other users of the origin sock. + */ + sock_owned_by_me((struct sock *)tp); + tcptw->tw_authopt_info = tp->authopt_info; + tp->authopt_info = NULL; + } else { + tcptw->tw_authopt_info = NULL; + } +} +int __tcp_authopt_inbound_check( + struct sock *sk, + struct sk_buff *skb, + struct tcp_authopt_info *info); +/** tcp_authopt_inbound_check - check for valid TCP-AO signature. + * + * Return negative ERRNO on error, 0 if not present and 1 if present and valid + * If both TCP-AO and MD5 signatures are found this is reported as an error. + */ +static inline int tcp_authopt_inbound_check(struct sock *sk, struct sk_buff *skb) +{ + if (static_branch_unlikely(&tcp_authopt_needed)) { + struct tcp_authopt_info *info = rcu_dereference(tcp_sk(sk)->authopt_info); + + if (info) + return __tcp_authopt_inbound_check(sk, skb, info); + } + + return 0; +} #else static inline int tcp_set_authopt(struct sock *sk, sockptr_t optval, unsigned int optlen) { return -ENOPROTOOPT; } static inline int tcp_get_authopt_val(struct sock *sk, struct tcp_authopt *key) { return -ENOPROTOOPT; } +static inline void tcp_authopt_free(struct sock *sk, struct tcp_authopt_info *info) +{ +} static inline void tcp_authopt_clear(struct sock *sk) { } static inline int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen) { return -ENOPROTOOPT; } +static inline struct tcp_authopt_key_info *tcp_authopt_select_key( + const struct sock *sk, + const struct sock *addr_sk, + u8 *rnextkeyid) +{ + return NULL; +} +static inline int tcp_authopt_hash( + char *hash_location, + struct tcp_authopt_key_info *key, + struct sock *sk, struct sk_buff *skb) +{ + return -EINVAL; +} +static inline int tcp_authopt_openreq(struct sock *newsk, + const struct sock *oldsk, + struct request_sock *req) +{ + return 0; +} +static inline void tcp_authopt_time_wait( + struct tcp_timewait_sock *tcptw, + struct tcp_sock *tp); +{ +} +static inline int tcp_authopt_inbound_check(struct sock *sk, struct sk_buff *skb) +{ + return 0; +} #endif #endif /* _LINUX_TCP_AUTHOPT_H */ diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h index 904909d020e2..1d96030889a1 100644 --- a/include/uapi/linux/snmp.h +++ b/include/uapi/linux/snmp.h @@ -290,10 +290,11 @@ enum LINUX_MIB_TCPDUPLICATEDATAREHASH, /* TCPDuplicateDataRehash */ LINUX_MIB_TCPDSACKRECVSEGS, /* TCPDSACKRecvSegs */ LINUX_MIB_TCPDSACKIGNOREDDUBIOUS, /* TCPDSACKIgnoredDubious */ LINUX_MIB_TCPMIGRATEREQSUCCESS, /* TCPMigrateReqSuccess */ LINUX_MIB_TCPMIGRATEREQFAILURE, /* TCPMigrateReqFailure */ + LINUX_MIB_TCPAUTHOPTFAILURE, /* TCPAuthOptFailure */ __LINUX_MIB_MAX }; /* linux Xfrm mib definitions */ enum diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c index b0d3a09dc84e..61dd06f8389c 100644 --- a/net/ipv4/proc.c +++ b/net/ipv4/proc.c @@ -295,10 +295,11 @@ static const struct snmp_mib snmp4_net_list[] = { SNMP_MIB_ITEM("TcpDuplicateDataRehash", LINUX_MIB_TCPDUPLICATEDATAREHASH), SNMP_MIB_ITEM("TCPDSACKRecvSegs", LINUX_MIB_TCPDSACKRECVSEGS), SNMP_MIB_ITEM("TCPDSACKIgnoredDubious", LINUX_MIB_TCPDSACKIGNOREDDUBIOUS), SNMP_MIB_ITEM("TCPMigrateReqSuccess", LINUX_MIB_TCPMIGRATEREQSUCCESS), SNMP_MIB_ITEM("TCPMigrateReqFailure", LINUX_MIB_TCPMIGRATEREQFAILURE), + SNMP_MIB_ITEM("TCPAuthOptFailure", LINUX_MIB_TCPAUTHOPTFAILURE), SNMP_MIB_SENTINEL }; static void icmpmsg_put_line(struct seq_file *seq, unsigned long *vals, unsigned short *type, int count) diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c index e2fd851b687b..0c32b8fb1d41 100644 --- a/net/ipv4/tcp_authopt.c +++ b/net/ipv4/tcp_authopt.c @@ -3,10 +3,15 @@ #include #include #include #include +/* This is enabled when first struct tcp_authopt_info is allocated and never released */ +DEFINE_STATIC_KEY_FALSE(tcp_authopt_needed); +/* only for CONFIG_IPV6=m */ +EXPORT_SYMBOL(tcp_authopt_needed); + /* All current algorithms have a mac length of 12 but crypto API digestsize can be larger */ #define TCP_AUTHOPT_MAXMACBUF 20 #define TCP_AUTHOPT_MAX_TRAFFIC_KEY_LEN 20 #define TCP_AUTHOPT_MACLEN 12 @@ -190,10 +195,57 @@ static bool tcp_authopt_key_match_exact(struct tcp_authopt_key_info *info, return false; return true; } +static bool tcp_authopt_key_match_skb_addr( + struct tcp_authopt_key_info *key, + struct sk_buff *skb) +{ + u16 keyaf = key->addr.ss_family; + struct iphdr *iph = (struct iphdr *)skb_network_header(skb); + + if (keyaf == AF_INET && iph->version == 4) { + struct sockaddr_in *key_addr = (struct sockaddr_in *)&key->addr; + + return iph->saddr == key_addr->sin_addr.s_addr; + } else if (keyaf == AF_INET6 && iph->version == 6) { + struct ipv6hdr *ip6h = (struct ipv6hdr *)skb_network_header(skb); + struct sockaddr_in6 *key_addr = (struct sockaddr_in6 *)&key->addr; + + return ipv6_addr_equal(&ip6h->saddr, &key_addr->sin6_addr); + } else { + /* This actually happens with ipv6-mapped-ipv4-addresses + * IPv6 listen sockets will be asked to validate ipv4 packets. + */ + return false; + } +} + +static bool tcp_authopt_key_match_sk_addr( + struct tcp_authopt_key_info *key, + const struct sock *addr_sk) +{ + u16 keyaf = key->addr.ss_family; + + /* This probably can't happen even with ipv4-mapped-ipv6 */ + if (keyaf != addr_sk->sk_family) + return false; + + if (keyaf == AF_INET) { + struct sockaddr_in *key_addr = (struct sockaddr_in *)&key->addr; + + return addr_sk->sk_daddr == key_addr->sin_addr.s_addr; + } else if (keyaf == AF_INET6) { + struct sockaddr_in6 *key_addr = (struct sockaddr_in6 *)&key->addr; + + return ipv6_addr_equal(&addr_sk->sk_v6_daddr, &key_addr->sin6_addr); + } + + return false; +} + static struct tcp_authopt_key_info *tcp_authopt_key_lookup_exact(const struct sock *sk, struct tcp_authopt_info *info, struct tcp_authopt_key *ukey) { struct tcp_authopt_key_info *key_info; @@ -203,10 +255,49 @@ static struct tcp_authopt_key_info *tcp_authopt_key_lookup_exact(const struct so return key_info; return NULL; } +static struct tcp_authopt_key_info *tcp_authopt_lookup_send(struct tcp_authopt_info *info, + const struct sock *addr_sk, + int send_id) +{ + struct tcp_authopt_key_info *result = NULL; + struct tcp_authopt_key_info *key; + + hlist_for_each_entry_rcu(key, &info->head, node, 0) { + if (send_id >= 0 && key->send_id != send_id) + continue; + if (key->flags & TCP_AUTHOPT_KEY_ADDR_BIND) + if (!tcp_authopt_key_match_sk_addr(key, addr_sk)) + continue; + if (result && net_ratelimit()) + pr_warn("ambiguous tcp authentication keys configured for send\n"); + result = key; + } + + return result; +} + +/** + * tcp_authopt_select_key - select key for sending + * + * addr_sk is the sock used for comparing daddr, it is only different from sk in + * the synack case. + * + * Result is protected by RCU and can't be stored, it may only be passed to + * tcp_authopt_hash and only under a single rcu_read_lock. + */ +struct tcp_authopt_key_info *__tcp_authopt_select_key( + const struct sock *sk, + struct tcp_authopt_info *info, + const struct sock *addr_sk, + u8 *rnextkeyid) +{ + return tcp_authopt_lookup_send(info, addr_sk, -1); +} + static struct tcp_authopt_info *__tcp_authopt_info_get_or_create(struct sock *sk) { struct tcp_sock *tp = tcp_sk(sk); struct tcp_authopt_info *info; @@ -216,10 +307,12 @@ static struct tcp_authopt_info *__tcp_authopt_info_get_or_create(struct sock *sk info = kzalloc(sizeof(*info), GFP_KERNEL); if (!info) return ERR_PTR(-ENOMEM); + /* Never released: */ + static_branch_inc(&tcp_authopt_needed); sk_nocaps_add(sk, NETIF_F_GSO_MASK); INIT_HLIST_HEAD(&info->head); rcu_assign_pointer(tp->authopt_info, info); return info; @@ -506,10 +599,65 @@ static int tcp_authopt_get_isn(struct sock *sk, } else { *sisn = htonl(authopt_info->src_isn); *disn = htonl(authopt_info->dst_isn); } rcu_read_unlock(); + + return 0; +} + +static int tcp_authopt_clone_keys(struct sock *newsk, + const struct sock *oldsk, + struct tcp_authopt_info *new_info, + struct tcp_authopt_info *old_info) +{ + struct tcp_authopt_key_info *old_key; + struct tcp_authopt_key_info *new_key; + + hlist_for_each_entry_rcu(old_key, &old_info->head, node, lockdep_sock_is_held(oldsk)) { + new_key = sock_kmalloc(newsk, sizeof(*new_key), GFP_ATOMIC); + if (!new_key) + return -ENOMEM; + memcpy(new_key, old_key, sizeof(*new_key)); + hlist_add_head_rcu(&new_key->node, &new_info->head); + } + + return 0; +} + +/** Called to create accepted sockets. + * + * Need to copy authopt info from listen socket. + */ +int __tcp_authopt_openreq(struct sock *newsk, const struct sock *oldsk, struct request_sock *req) +{ + struct tcp_authopt_info *old_info; + struct tcp_authopt_info *new_info; + int err; + + old_info = rcu_dereference(tcp_sk(oldsk)->authopt_info); + if (!old_info) + return 0; + + /* Clear value copies from oldsk: */ + rcu_assign_pointer(tcp_sk(newsk)->authopt_info, NULL); + + new_info = kzalloc(sizeof(*new_info), GFP_ATOMIC); + if (!new_info) + return -ENOMEM; + + new_info->src_isn = tcp_rsk(req)->snt_isn; + new_info->dst_isn = tcp_rsk(req)->rcv_isn; + INIT_HLIST_HEAD(&new_info->head); + err = tcp_authopt_clone_keys(newsk, oldsk, new_info, old_info); + if (err) { + tcp_authopt_free(newsk, new_info); + return err; + } + sk_nocaps_add(newsk, NETIF_F_GSO_MASK); + rcu_assign_pointer(tcp_sk(newsk)->authopt_info, new_info); + return 0; } /* feed traffic key into shash */ static int tcp_authopt_shash_traffic_key(struct shash_desc *desc, @@ -933,5 +1081,120 @@ static int __tcp_authopt_calc_mac(struct sock *sk, out: tcp_authopt_put_mac_shash(key, mac_tfm); return err; } + +/** + * tcp_authopt_hash - fill in the mac + * + * The key must come from tcp_authopt_select_key. + */ +int tcp_authopt_hash(char *hash_location, + struct tcp_authopt_key_info *key, + struct sock *sk, + struct sk_buff *skb) +{ + /* MAC inside option is truncated to 12 bytes but crypto API needs output + * buffer to be large enough so we use a buffer on the stack. + */ + u8 macbuf[TCP_AUTHOPT_MAXMACBUF]; + int err; + + err = __tcp_authopt_calc_mac(sk, skb, key, false, macbuf); + if (err) { + /* If mac calculation fails and caller doesn't handle the error + * try to make it obvious inside the packet. + */ + memset(hash_location, 0, TCP_AUTHOPT_MACLEN); + return err; + } + memcpy(hash_location, macbuf, TCP_AUTHOPT_MACLEN); + + return 0; +} + +static struct tcp_authopt_key_info *tcp_authopt_lookup_recv(struct sock *sk, + struct sk_buff *skb, + struct tcp_authopt_info *info, + int recv_id) +{ + struct tcp_authopt_key_info *result = NULL; + struct tcp_authopt_key_info *key; + + /* multiple matches will cause occasional failures */ + hlist_for_each_entry_rcu(key, &info->head, node, 0) { + if (recv_id >= 0 && key->recv_id != recv_id) + continue; + if (key->flags & TCP_AUTHOPT_KEY_ADDR_BIND && + !tcp_authopt_key_match_skb_addr(key, skb)) + continue; + if (result && net_ratelimit()) + pr_warn("ambiguous tcp authentication keys configured for receive\n"); + result = key; + } + + return result; +} + +int __tcp_authopt_inbound_check(struct sock *sk, struct sk_buff *skb, struct tcp_authopt_info *info) +{ + struct tcphdr *th = (struct tcphdr *)skb_transport_header(skb); + struct tcphdr_authopt *opt; + struct tcp_authopt_key_info *key; + u8 macbuf[TCP_AUTHOPT_MAXMACBUF]; + int err; + + opt = (struct tcphdr_authopt *)tcp_authopt_find_option(th); + /* RFC5925 2.2: An endpoint MUST NOT use TCP-AO for the same connection + * in which TCP MD5 is used. When both options appear, TCP MUST silently + * discard the segment. + */ + if (tcp_parse_md5sig_option(th)) { + NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAUTHOPTFAILURE); + return -EINVAL; + } + key = tcp_authopt_lookup_recv(sk, skb, info, opt ? opt->keyid : -1); + + /* nothing found or expected */ + if (!opt && !key) + return 0; + if (!opt && key) { + NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAUTHOPTFAILURE); + net_info_ratelimited("TCP Authentication Missing\n"); + return -EINVAL; + } + if (opt && !key) { + /* RFC5925 Section 7.3: + * A TCP-AO implementation MUST allow for configuration of the behavior + * of segments with TCP-AO but that do not match an MKT. The initial + * default of this configuration SHOULD be to silently accept such + * connections. + */ + if (info->flags & TCP_AUTHOPT_FLAG_REJECT_UNEXPECTED) { + NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAUTHOPTFAILURE); + net_info_ratelimited("TCP Authentication Unexpected: Rejected\n"); + return -EINVAL; + } else { + net_info_ratelimited("TCP Authentication Unexpected: Accepted\n"); + return 0; + } + } + + /* bad inbound key len */ + if (TCPOLEN_AUTHOPT_OUTPUT != opt->len) + return -EINVAL; + + err = __tcp_authopt_calc_mac(sk, skb, key, true, macbuf); + if (err) + return err; + + if (memcmp(macbuf, opt->mac, TCP_AUTHOPT_MACLEN)) { + NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAUTHOPTFAILURE); + net_info_ratelimited("TCP Authentication Failed\n"); + return -EINVAL; + } + + return 1; +} +/* only for CONFIG_IPV6=m */ +EXPORT_SYMBOL(__tcp_authopt_inbound_check); diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 141e85e6422b..7691eac93051 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -70,10 +70,11 @@ #include #include #include #include #include +#include #include #include #include #include #include @@ -5967,18 +5968,34 @@ void tcp_init_transfer(struct sock *sk, int bpf_op, struct sk_buff *skb) if (!icsk->icsk_ca_initialized) tcp_init_congestion_control(sk); tcp_init_buffer_space(sk); } +static void tcp_authopt_finish_connect(struct sock *sk, struct sk_buff *skb) +{ +#ifdef CONFIG_TCP_AUTHOPT + struct tcp_authopt_info *info; + + info = rcu_dereference_protected(tcp_sk(sk)->authopt_info, lockdep_sock_is_held(sk)); + if (!info) + return; + + info->src_isn = ntohl(tcp_hdr(skb)->ack_seq) - 1; + info->dst_isn = ntohl(tcp_hdr(skb)->seq); +#endif +} + void tcp_finish_connect(struct sock *sk, struct sk_buff *skb) { struct tcp_sock *tp = tcp_sk(sk); struct inet_connection_sock *icsk = inet_csk(sk); tcp_set_state(sk, TCP_ESTABLISHED); icsk->icsk_ack.lrcvtime = tcp_jiffies32; + tcp_authopt_finish_connect(sk, skb); + if (skb) { icsk->icsk_af_ops->sk_rx_dst_set(sk, skb); security_inet_conn_established(sk, skb); sk_mark_napi_id(sk, skb); } diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 1348615c7576..e5c790795662 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1933,10 +1933,26 @@ static void tcp_v4_fill_cb(struct sk_buff *skb, const struct iphdr *iph, TCP_SKB_CB(skb)->sacked = 0; TCP_SKB_CB(skb)->has_rxtstamp = skb->tstamp || skb_hwtstamps(skb)->hwtstamp; } +static int tcp_v4_auth_inbound_check( + struct sock *sk, + struct sk_buff *skb, + int dif, int sdif) +{ + int aoret; + + aoret = tcp_authopt_inbound_check(sk, skb); + if (aoret < 0) + return aoret; + if (aoret > 0) + return 0; + + return tcp_v4_inbound_md5_hash(sk, skb, dif, sdif); +} + /* * From tcp_input.c */ int tcp_v4_rcv(struct sk_buff *skb) @@ -1991,11 +2007,11 @@ int tcp_v4_rcv(struct sk_buff *skb) struct request_sock *req = inet_reqsk(sk); bool req_stolen = false; struct sock *nsk; sk = req->rsk_listener; - if (unlikely(tcp_v4_inbound_md5_hash(sk, skb, dif, sdif))) { + if (unlikely(tcp_v4_auth_inbound_check(sk, skb, dif, sdif))) { sk_drops_add(sk, skb); reqsk_put(req); goto discard_it; } if (tcp_checksum_complete(skb)) { @@ -2057,11 +2073,11 @@ int tcp_v4_rcv(struct sk_buff *skb) } if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) goto discard_and_relse; - if (tcp_v4_inbound_md5_hash(sk, skb, dif, sdif)) + if (tcp_v4_auth_inbound_check(sk, skb, dif, sdif)) goto discard_and_relse; nf_reset_ct(skb); if (tcp_filter(sk, skb)) diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index cf913a66df17..d4828cf3d6d1 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -18,10 +18,11 @@ * Arnt Gulbrandsen, * Jorge Cwik, */ #include +#include #include #include static bool tcp_in_window(u32 seq, u32 end_seq, u32 s_win, u32 e_win) { @@ -300,10 +301,11 @@ void tcp_time_wait(struct sock *sk, int state, int timeo) BUG_ON(tcptw->tw_md5_key && !tcp_alloc_md5sig_pool()); } } } while (0); #endif + tcp_authopt_time_wait(tcptw, tcp_sk(sk)); /* Get the TIME_WAIT timeout firing. */ if (timeo < rto) timeo = rto; @@ -342,10 +344,19 @@ void tcp_twsk_destructor(struct sock *sk) if (twsk->tw_md5_key) kfree_rcu(twsk->tw_md5_key, rcu); } #endif +#ifdef CONFIG_TCP_AUTHOPT + if (static_branch_unlikely(&tcp_authopt_needed)) { + struct tcp_timewait_sock *twsk = tcp_twsk(sk); + + /* twsk only contains sock_common so pass NULL as sk. */ + if (twsk->tw_authopt_info) + tcp_authopt_free(NULL, twsk->tw_authopt_info); + } +#endif } EXPORT_SYMBOL_GPL(tcp_twsk_destructor); /* Warning : This function is called without sk_listener being locked. * Be sure to read socket fields once, as their value could change under us. @@ -532,10 +543,11 @@ struct sock *tcp_create_openreq_child(const struct sock *sk, #ifdef CONFIG_TCP_MD5SIG newtp->md5sig_info = NULL; /*XXX*/ if (newtp->af_specific->md5_lookup(sk, newsk)) newtp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED; #endif + tcp_authopt_openreq(newsk, sk, req); if (skb->len >= TCP_MSS_DEFAULT + newtp->tcp_header_len) newicsk->icsk_ack.last_seg_size = skb->len - newtp->tcp_header_len; newtp->rx_opt.mss_clamp = req->mss; tcp_ecn_openreq_child(newtp, req); newtp->fastopen_req = NULL; diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 6d72f3ea48c4..fe5be506edb2 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -37,10 +37,11 @@ #define pr_fmt(fmt) "TCP: " fmt #include #include +#include #include #include #include #include @@ -411,10 +412,11 @@ static inline bool tcp_urg_mode(const struct tcp_sock *tp) #define OPTION_SACK_ADVERTISE (1 << 0) #define OPTION_TS (1 << 1) #define OPTION_MD5 (1 << 2) #define OPTION_WSCALE (1 << 3) +#define OPTION_AUTHOPT (1 << 4) #define OPTION_FAST_OPEN_COOKIE (1 << 8) #define OPTION_SMC (1 << 9) #define OPTION_MPTCP (1 << 10) static void smc_options_write(__be32 *ptr, u16 *options) @@ -435,16 +437,21 @@ static void smc_options_write(__be32 *ptr, u16 *options) struct tcp_out_options { u16 options; /* bit field of OPTION_* */ u16 mss; /* 0 to disable */ u8 ws; /* window scale, 0 to disable */ u8 num_sack_blocks; /* number of SACK blocks to include */ - u8 hash_size; /* bytes in hash_location */ u8 bpf_opt_len; /* length of BPF hdr option */ +#ifdef CONFIG_TCP_AUTHOPT + u8 authopt_rnextkeyid; /* rnextkey */ +#endif __u8 *hash_location; /* temporary pointer, overloaded */ __u32 tsval, tsecr; /* need to include OPTION_TS */ struct tcp_fastopen_cookie *fastopen_cookie; /* Fast open cookie */ struct mptcp_out_options mptcp; +#ifdef CONFIG_TCP_AUTHOPT + struct tcp_authopt_key_info *authopt_key; +#endif }; static void mptcp_options_write(__be32 *ptr, const struct tcp_sock *tp, struct tcp_out_options *opts) { @@ -617,10 +624,25 @@ static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp, /* overload cookie hash location */ opts->hash_location = (__u8 *)ptr; ptr += 4; } +#ifdef CONFIG_TCP_AUTHOPT + if (unlikely(OPTION_AUTHOPT & options)) { + struct tcp_authopt_key_info *key = opts->authopt_key; + + WARN_ON(!key); + *ptr = htonl((TCPOPT_AUTHOPT << 24) | + (TCPOLEN_AUTHOPT_OUTPUT << 16) | + (key->send_id << 8) | + opts->authopt_rnextkeyid); + /* overload cookie hash location */ + opts->hash_location = (__u8 *)(ptr + 1); + ptr += TCPOLEN_AUTHOPT_OUTPUT / 4; + } +#endif + if (unlikely(opts->mss)) { *ptr++ = htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | opts->mss); } @@ -752,10 +774,28 @@ static void mptcp_set_option_cond(const struct request_sock *req, } } } } +static int tcp_authopt_init_options(const struct sock *sk, + const struct sock *addr_sk, + struct tcp_out_options *opts) +{ +#ifdef CONFIG_TCP_AUTHOPT + struct tcp_authopt_key_info *key; + + key = tcp_authopt_select_key(sk, addr_sk, &opts->authopt_rnextkeyid); + if (key) { + opts->options |= OPTION_AUTHOPT; + opts->authopt_key = key; + return TCPOLEN_AUTHOPT_OUTPUT; + } +#endif + + return 0; +} + /* Compute TCP options for SYN packets. This is not the final * network wire format yet. */ static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb, struct tcp_out_options *opts, @@ -764,12 +804,15 @@ static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb, struct tcp_sock *tp = tcp_sk(sk); unsigned int remaining = MAX_TCP_OPTION_SPACE; struct tcp_fastopen_request *fastopen = tp->fastopen_req; *md5 = NULL; + + remaining -= tcp_authopt_init_options(sk, sk, opts); #ifdef CONFIG_TCP_MD5SIG if (static_branch_unlikely(&tcp_md5_needed) && + !(opts->options & OPTION_AUTHOPT) && rcu_access_pointer(tp->md5sig_info)) { *md5 = tp->af_specific->md5_lookup(sk, sk); if (*md5) { opts->options |= OPTION_MD5; remaining -= TCPOLEN_MD5SIG_ALIGNED; @@ -848,12 +891,13 @@ static unsigned int tcp_synack_options(const struct sock *sk, struct sk_buff *syn_skb) { struct inet_request_sock *ireq = inet_rsk(req); unsigned int remaining = MAX_TCP_OPTION_SPACE; + remaining -= tcp_authopt_init_options(sk, req_to_sk(req), opts); #ifdef CONFIG_TCP_MD5SIG - if (md5) { + if (md5 && !(opts->options & OPTION_AUTHOPT)) { opts->options |= OPTION_MD5; remaining -= TCPOLEN_MD5SIG_ALIGNED; /* We can't fit any SACK blocks in a packet with MD5 + TS * options. There was discussion about disabling SACK @@ -919,13 +963,15 @@ static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb unsigned int size = 0; unsigned int eff_sacks; opts->options = 0; + size += tcp_authopt_init_options(sk, sk, opts); *md5 = NULL; #ifdef CONFIG_TCP_MD5SIG if (static_branch_unlikely(&tcp_md5_needed) && + !(opts->options & OPTION_AUTHOPT) && rcu_access_pointer(tp->md5sig_info)) { *md5 = tp->af_specific->md5_lookup(sk, sk); if (*md5) { opts->options |= OPTION_MD5; size += TCPOLEN_MD5SIG_ALIGNED; @@ -1277,10 +1323,14 @@ static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, inet = inet_sk(sk); tcb = TCP_SKB_CB(skb); memset(&opts, 0, sizeof(opts)); +#ifdef CONFIG_TCP_AUTHOPT + /* for tcp_authopt_init_options inside tcp_syn_options or tcp_established_options */ + rcu_read_lock(); +#endif if (unlikely(tcb->tcp_flags & TCPHDR_SYN)) { tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5); } else { tcp_options_size = tcp_established_options(sk, skb, &opts, &md5); @@ -1365,10 +1415,17 @@ static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, sk_nocaps_add(sk, NETIF_F_GSO_MASK); tp->af_specific->calc_md5_hash(opts.hash_location, md5, sk, skb); } #endif +#ifdef CONFIG_TCP_AUTHOPT + if (opts.authopt_key) { + sk_nocaps_add(sk, NETIF_F_GSO_MASK); + tcp_authopt_hash(opts.hash_location, opts.authopt_key, sk, skb); + } + rcu_read_unlock(); +#endif /* BPF prog is the last one writing header option */ bpf_skops_write_hdr_opt(sk, skb, NULL, NULL, 0, &opts); INDIRECT_CALL_INET(icsk->icsk_af_ops->send_check, @@ -1836,12 +1893,21 @@ unsigned int tcp_current_mss(struct sock *sk) u32 mtu = dst_mtu(dst); if (mtu != inet_csk(sk)->icsk_pmtu_cookie) mss_now = tcp_sync_mss(sk, mtu); } +#ifdef CONFIG_TCP_AUTHOPT + /* Even if the result is not used rcu_read_lock is required when scanning for + * tcp authentication keys. Otherwise lockdep will complain. + */ + rcu_read_lock(); +#endif header_len = tcp_established_options(sk, NULL, &opts, &md5) + sizeof(struct tcphdr); +#ifdef CONFIG_TCP_AUTHOPT + rcu_read_unlock(); +#endif /* The mss_cache is sized based on tp->tcp_header_len, which assumes * some common options. If this is an odd packet (because we have SACK * blocks etc) then our calculated header_len will be different, and * we have to adjust mss_now correspondingly */ if (header_len != tp->tcp_header_len) { @@ -3566,10 +3632,14 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, } #ifdef CONFIG_TCP_MD5SIG rcu_read_lock(); md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, req_to_sk(req)); +#endif +#ifdef CONFIG_TCP_AUTHOPT + /* for tcp_authopt_init_options inside tcp_synack_options */ + rcu_read_lock(); #endif skb_set_hash(skb, tcp_rsk(req)->txhash, PKT_HASH_TYPE_L4); /* bpf program will be interested in the tcp_flags */ TCP_SKB_CB(skb)->tcp_flags = TCPHDR_SYN | TCPHDR_ACK; tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts, md5, @@ -3603,10 +3673,16 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, if (md5) tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location, md5, req_to_sk(req), skb); rcu_read_unlock(); #endif +#ifdef CONFIG_TCP_AUTHOPT + /* If signature fails we do nothing */ + if (opts.authopt_key) + tcp_authopt_hash(opts.hash_location, opts.authopt_key, req_to_sk(req), skb); + rcu_read_unlock(); +#endif bpf_skops_write_hdr_opt((struct sock *)sk, skb, req, syn_skb, synack_type, &opts); skb->skb_mstamp_ns = now; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 0ce52d46e4f8..724145ddf122 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -40,10 +40,11 @@ #include #include #include #include +#include #include #include #include #include #include @@ -1614,10 +1615,26 @@ static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr, TCP_SKB_CB(skb)->sacked = 0; TCP_SKB_CB(skb)->has_rxtstamp = skb->tstamp || skb_hwtstamps(skb)->hwtstamp; } +static int tcp_v6_auth_inbound_check( + struct sock *sk, + struct sk_buff *skb, + int dif, int sdif) +{ + int aoret; + + aoret = tcp_authopt_inbound_check(sk, skb); + if (aoret < 0) + return aoret; + if (aoret > 0) + return 0; + + return tcp_v6_inbound_md5_hash(sk, skb, dif, sdif); +} + INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) { struct sk_buff *skb_to_free; int sdif = inet6_sdif(skb); int dif = inet6_iif(skb); @@ -1667,11 +1684,11 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) struct request_sock *req = inet_reqsk(sk); bool req_stolen = false; struct sock *nsk; sk = req->rsk_listener; - if (tcp_v6_inbound_md5_hash(sk, skb, dif, sdif)) { + if (tcp_v6_auth_inbound_check(sk, skb, dif, sdif)) { sk_drops_add(sk, skb); reqsk_put(req); goto discard_it; } if (tcp_checksum_complete(skb)) { @@ -1730,11 +1747,11 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) } if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) goto discard_and_relse; - if (tcp_v6_inbound_md5_hash(sk, skb, dif, sdif)) + if (tcp_v6_auth_inbound_check(sk, skb, dif, sdif)) goto discard_and_relse; if (tcp_filter(sk, skb)) goto discard_and_relse; th = (const struct tcphdr *)skb->data; From patchwork Tue Sep 21 16:14:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508219 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82171C433FE for ; Tue, 21 Sep 2021 16:17:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 70F0A60F70 for ; Tue, 21 Sep 2021 16:17:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234558AbhIUQSn (ORCPT ); Tue, 21 Sep 2021 12:18:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33546 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234429AbhIUQS0 (ORCPT ); Tue, 21 Sep 2021 12:18:26 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F4EAC061760; Tue, 21 Sep 2021 09:16:57 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id bx4so32131111edb.4; Tue, 21 Sep 2021 09:16:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Ic4Q2z9XXXj2OTblSwNtRZqZ4IEMjJyoXrA4GL7zeCA=; b=oWL309mheTHbFytAapxA7GimvOxrITtZmSXKY0g6wYgGOBZ0YpN2eK5NcT7Iandiyf DVltAYHziAlimAEYvQ+iHrct6EhTrZaoTfPccB28eRoANRJVBccrkKtlZ8OxMA35GJsV RgofYY1opsT4NynxO7eaDo+IvkUDR80paAQfH7K8SPn7Phc8w9QTGOIkzIXlbxQTC8A4 KjBxUp7+Zf0+eMpRwYUsilcZkysF1KlkYZRIdJixC7fn3LA/lu/hLa9M1ePB0aXKFboU d20sZpEDJr+pfKduZJ4lG3YSax4FYNw1dZcMEZTIXdyAtU5GbCq34DYzRIFIgxXCY1uV gVAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ic4Q2z9XXXj2OTblSwNtRZqZ4IEMjJyoXrA4GL7zeCA=; b=Zg4z/sAJZRQoNm4FFwhGPZVw49nFoLE0MqIQI2HPhAEMDciDlHtMeP8PJrbEqX68GH AmWcMNN8rOli+yc/2xF37hV53FMqmsJe42Z5X1lVW8EBZCGRA1lffKt0VXDEla4cxj/K xnT/gFPNVyRsXVroSAZ7iPkJU7HJu6T6VKq01Lem3QD8CRtIYdEF9erKEXQhWbOBjhK+ wIrCL8YG83TocS5+6kAHb0IRXQa4Q3j/io1Ra3ydUddcZGgOFVtqmroZbYOIUtirbZUs W9D1EABmSs1yI8gXFWkT4V0aUb3V6SC+mYlg4QqwflBVGD2Q1E04EtuxG5uK/sjhZFfy Aipg== X-Gm-Message-State: AOAM533EEdsWm2dZL+cY4xMFmB0hNjimqc837Xeu0gHhzGi5F7qCLo2y Wa+Ig6wzWM7GiC0zf1RJqgA= X-Google-Smtp-Source: ABdhPJw908s/5lTgFu9/PFDjVd1Psu2UWOBiFDtUSTZrDHPATaMq0K6b/ff30xqH3fLmdWLuP/KENQ== X-Received: by 2002:a50:d9c5:: with SMTP id x5mr26365664edj.37.1632240929696; Tue, 21 Sep 2021 09:15:29 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:29 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 08/19] tcp: authopt: Disable via sysctl by default Date: Tue, 21 Sep 2021 19:14:51 +0300 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This is mainly intended to protect against local privilege escalations through a rarely used feature so it is deliberately not namespaced. Enforcement is only at the setsockopt level, this should be enough to ensure that the tcp_authopt_needed static key never turns on. No effort is made to handle disabling when the feature is already in use. Signed-off-by: Leonard Crestez --- Documentation/networking/ip-sysctl.rst | 6 ++++++ include/net/tcp_authopt.h | 1 + net/ipv4/sysctl_net_ipv4.c | 10 ++++++++++ net/ipv4/tcp_authopt.c | 11 +++++++++++ 4 files changed, 28 insertions(+) diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst index d91ab28718d4..16e34268ecb4 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst @@ -995,10 +995,16 @@ tcp_rx_skb_cache - BOOLEAN on systems with a lot of TCP sockets, since it increases memory usage. Default: 0 (disabled) +tcp_authopt - BOOLEAN + Enable the TCP Authentication Option (RFC5925), a replacement for TCP + MD5 Signatures (RFC2835). + + Default: 0 + UDP variables ============= udp_l3mdev_accept - BOOLEAN Enabling this option allows a "global" bound socket to work diff --git a/include/net/tcp_authopt.h b/include/net/tcp_authopt.h index 263f98c3a1a8..422f0034d32b 100644 --- a/include/net/tcp_authopt.h +++ b/include/net/tcp_authopt.h @@ -51,10 +51,11 @@ struct tcp_authopt_info { u32 src_isn; u32 dst_isn; }; #ifdef CONFIG_TCP_AUTHOPT +extern int sysctl_tcp_authopt; DECLARE_STATIC_KEY_FALSE(tcp_authopt_needed); void tcp_authopt_free(struct sock *sk, struct tcp_authopt_info *info); void tcp_authopt_clear(struct sock *sk); int tcp_set_authopt(struct sock *sk, sockptr_t optval, unsigned int optlen); diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 4680268f2e59..365466fbca8b 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c @@ -17,10 +17,11 @@ #include #include #include #include #include +#include static int two = 2; static int three __maybe_unused = 3; static int four = 4; static int thousand = 1000; @@ -595,10 +596,19 @@ static struct ctl_table ipv4_table[] = { .procname = "tcp_tx_skb_cache", .data = &tcp_tx_skb_cache_key.key, .mode = 0644, .proc_handler = proc_do_static_key, }, +#ifdef CONFIG_TCP_AUTHOPT + { + .procname = "tcp_authopt", + .data = &sysctl_tcp_authopt, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, +#endif { } }; static struct ctl_table ipv4_net_table[] = { { diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c index 0c32b8fb1d41..41f844d5d49a 100644 --- a/net/ipv4/tcp_authopt.c +++ b/net/ipv4/tcp_authopt.c @@ -3,10 +3,15 @@ #include #include #include #include +/* This is mainly intended to protect against local privilege escalations through + * a rarely used feature so it is deliberately not namespaced. + */ +int sysctl_tcp_authopt; + /* This is enabled when first struct tcp_authopt_info is allocated and never released */ DEFINE_STATIC_KEY_FALSE(tcp_authopt_needed); /* only for CONFIG_IPV6=m */ EXPORT_SYMBOL(tcp_authopt_needed); @@ -361,10 +366,12 @@ int tcp_set_authopt(struct sock *sk, sockptr_t optval, unsigned int optlen) struct tcp_authopt opt; struct tcp_authopt_info *info; int err; sock_owned_by_me(sk); + if (!sysctl_tcp_authopt) + return -EPERM; err = _copy_from_sockptr_tolerant((u8*)&opt, sizeof(opt), optval, optlen); if (err) return err; @@ -384,10 +391,12 @@ int tcp_get_authopt_val(struct sock *sk, struct tcp_authopt *opt) { struct tcp_sock *tp = tcp_sk(sk); struct tcp_authopt_info *info; sock_owned_by_me(sk); + if (!sysctl_tcp_authopt) + return -EPERM; memset(opt, 0, sizeof(*opt)); info = rcu_dereference_check(tp->authopt_info, lockdep_sock_is_held(sk)); if (!info) return -ENOENT; @@ -452,10 +461,12 @@ int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen) struct tcp_authopt_key_info *key_info, *old_key_info; struct tcp_authopt_alg_imp *alg; int err; sock_owned_by_me(sk); + if (!sysctl_tcp_authopt) + return -EPERM; err = _copy_from_sockptr_tolerant((u8*)&opt, sizeof(opt), optval, optlen); if (err) return err; From patchwork Tue Sep 21 16:14:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508233 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37940C43217 for ; Tue, 21 Sep 2021 16:17:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 16B4261100 for ; Tue, 21 Sep 2021 16:17:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234544AbhIUQTM (ORCPT ); Tue, 21 Sep 2021 12:19:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33494 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234542AbhIUQSm (ORCPT ); Tue, 21 Sep 2021 12:18:42 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4819CC061756; Tue, 21 Sep 2021 09:17:11 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id dj4so20419496edb.5; Tue, 21 Sep 2021 09:17:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kmXhK3TuHHDV/M+XAJQNHWAnk8TgePzTIwEJelU18Vw=; b=BYYsQy9bjsUMhsBbujMViRwZndHysgJ6Qxcf9Xirh/dsVC0Nyd/3EBP6us7yzHURll rYEqWCTJSkEXnx8O5jl5mSZ3OM3o4axRtHtdPCB/FFbeZt7DrigoU1Mmk6MMKjQ3BVrZ QWIDsvdCwpOmHqkOJwcqy3ZN3PN6f9Mw+mZdhDBBQFh9ISpWuSixsq3NHHXq5pvr74ax gaxhsg11OYAI1P/HNVCyGTKZxLc0gfaaP9PwPed15zKj+9AD5WqOx9DFwnl6y4Wa3aK+ um6WNIKgpXj2vmGU05txh3Ej81VhcSMdhVSg7BJEQFOgtJEjer+xDdkLMHO98rfApnES H4vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kmXhK3TuHHDV/M+XAJQNHWAnk8TgePzTIwEJelU18Vw=; b=NJRtdzU9slKgNce4JdsnasrP4lmddTttizZAMQDtXHpSbqlHoARulfbpB12DdD1N0e wlccv+lCrtYpn98b/XFL0dLfNsltGKQvG4CVEVyO9v8PUHQBafSCBpB9YssIQDZMW1rH fS0hL8M8hhvnB/VJdzd9X32Ehj9L4IYd53N5tp54eMEH2z3NPbPiCtGTP3GzIrjqBLEs isgFx6HbjMW5JWA0tYIV3cjdRlmh8ZkbHrWtB2HJwlzDEnMiFCQsHDJ+R7vK8fmRXkKK gSJmsMqF39ZDKjgoNGVGm7wVRSduEGSUQHD8x0Lxo4AWJUsv6B1OE1PEcd7RvjqLN2K1 1ESg== X-Gm-Message-State: AOAM533Gv2LfF8OjjkmFgIDz89Imm92Fv4jPrdLe62tSr7+Mn2XGTH8c IEsIe6GBsr92U+LGoczzQeQ= X-Google-Smtp-Source: ABdhPJwnAPKpuQI8Uvyk4rm0caxiC9ndm48HdcXwaiNuMSD4Ap3MJxaZm9HhzdZXo5sfWT4luIprJQ== X-Received: by 2002:a50:bf02:: with SMTP id f2mr23411165edk.98.1632240931581; Tue, 21 Sep 2021 09:15:31 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:31 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 09/19] selftests: tcp_authopt: Test key address binding Date: Tue, 21 Sep 2021 19:14:52 +0300 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org By default TCP-AO keys apply to all possible peers but it's possible to have different keys for different remote hosts. This patch adds initial tests for the behavior behind the TCP_AUTHOPT_KEY_BIND_ADDR flag. Server rejection is tested via client timeout so this can be slightly slow. Signed-off-by: Leonard Crestez --- .../tcp_authopt_test/netns_fixture.py | 83 ++++++++++ .../tcp_authopt/tcp_authopt_test/server.py | 95 ++++++++++++ .../tcp_authopt/tcp_authopt_test/test_bind.py | 145 ++++++++++++++++++ .../tcp_authopt/tcp_authopt_test/utils.py | 102 ++++++++++++ 4 files changed, 425 insertions(+) create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/netns_fixture.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/server.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_bind.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/utils.py diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/netns_fixture.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/netns_fixture.py new file mode 100644 index 000000000000..ca80f424dafd --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/netns_fixture.py @@ -0,0 +1,83 @@ +# SPDX-License-Identifier: GPL-2.0 +import subprocess +import socket +from ipaddress import IPv4Address +from ipaddress import IPv6Address + + +class NamespaceFixture: + """Create a pair of namespaces connected by one veth pair + + Each end of the pair has multiple addresses but everything is in the same subnet + """ + + server_netns_name = "tcp_authopt_test_server" + client_netns_name = "tcp_authopt_test_client" + + @classmethod + def get_ipv4_addr(cls, ns=1, index=1) -> IPv4Address: + return IPv4Address("10.10.0.0") + (ns << 8) + index + + @classmethod + def get_ipv6_addr(cls, ns=1, index=1) -> IPv6Address: + return IPv6Address("fd00::") + (ns << 16) + index + + @classmethod + def get_addr(cls, address_family=socket.AF_INET, ns=1, index=1): + if address_family == socket.AF_INET: + return cls.get_ipv4_addr(ns, index) + elif address_family == socket.AF_INET6: + return cls.get_ipv6_addr(ns, index) + else: + raise ValueError(f"Bad address_family={address_family}") + + # 02:* means "locally administered" + server_mac_addr = "02:00:00:00:00:01" + client_mac_addr = "02:00:00:00:00:02" + + ipv4_prefix_len = 16 + ipv6_prefix_len = 64 + + @classmethod + def get_prefix_length(cls, address_family) -> int: + return { + socket.AF_INET: cls.ipv4_prefix_len, + socket.AF_INET6: cls.ipv6_prefix_len, + }[address_family] + + def __init__(self, **kw): + for k, v in kw.items(): + setattr(self, k, v) + + def __enter__(self): + self._del_netns() + script = f""" +set -e +ip netns add {self.server_netns_name} +ip netns add {self.client_netns_name} +ip link add veth0 netns {self.server_netns_name} type veth peer name veth0 netns {self.client_netns_name} +ip netns exec {self.server_netns_name} ip link set veth0 up addr {self.server_mac_addr} +ip netns exec {self.client_netns_name} ip link set veth0 up addr {self.client_mac_addr} +""" + for index in [1, 2, 3]: + script += f"ip -n {self.server_netns_name} addr add {self.get_ipv4_addr(1, index)}/16 dev veth0\n" + script += f"ip -n {self.client_netns_name} addr add {self.get_ipv4_addr(2, index)}/16 dev veth0\n" + script += f"ip -n {self.server_netns_name} addr add {self.get_ipv6_addr(1, index)}/64 dev veth0 nodad\n" + script += f"ip -n {self.client_netns_name} addr add {self.get_ipv6_addr(2, index)}/64 dev veth0 nodad\n" + subprocess.run(script, shell=True, check=True) + return self + + def _del_netns(self): + script = f"""\ +set -e +if ip netns list | grep -q {self.server_netns_name}; then + ip netns del {self.server_netns_name} +fi +if ip netns list | grep -q {self.client_netns_name}; then + ip netns del {self.client_netns_name} +fi +""" + subprocess.run(script, shell=True, check=True) + + def __exit__(self, *a): + self._del_netns() diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/server.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/server.py new file mode 100644 index 000000000000..35e717fcf5f6 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/server.py @@ -0,0 +1,95 @@ +# SPDX-License-Identifier: GPL-2.0 +import logging +import os +import selectors +from contextlib import ExitStack +from threading import Thread + +logger = logging.getLogger(__name__) + + +class SimpleServerThread(Thread): + """Simple server thread for testing TCP sockets + + All data is read in 1000 bytes chunks and either echoed back or discarded. + + :ivar keep_half_open: do not close in response to remote close. + """ + + DEFAULT_BUFSIZE = 1000 + + def __init__(self, socket, mode="recv", bufsize=DEFAULT_BUFSIZE, keep_half_open=False): + self.listen_socket = socket + self.server_socket = [] + self.bufsize = bufsize + self.keep_half_open = keep_half_open + self.mode = mode + super().__init__() + + def _read(self, conn, events): + # logger.debug("events=%r", events) + try: + data = conn.recv(self.bufsize) + except ConnectionResetError: + # logger.info("reset %r", conn) + conn.close() + self.sel.unregister(conn) + return + # logger.debug("len(data)=%r", len(data)) + if len(data) == 0: + if not self.keep_half_open: + # logger.info("closing %r", conn) + conn.close() + self.sel.unregister(conn) + else: + if self.mode == "echo": + conn.sendall(data) + elif self.mode == "recv": + pass + else: + raise ValueError(f"Unknown mode {self.mode}") + + def _stop_pipe_read(self, conn, events): + self.should_loop = False + + def start(self) -> None: + self.exit_stack = ExitStack() + self._stop_pipe_rfd, self._stop_pipe_wfd = os.pipe() + self.exit_stack.callback(lambda: os.close(self._stop_pipe_rfd)) + self.exit_stack.callback(lambda: os.close(self._stop_pipe_wfd)) + return super().start() + + def _accept(self, conn, events): + assert conn == self.listen_socket + conn, _addr = self.listen_socket.accept() + conn = self.exit_stack.enter_context(conn) + conn.setblocking(False) + self.sel.register(conn, selectors.EVENT_READ, self._read) + self.server_socket.append(conn) + + def run(self): + self.should_loop = True + self.sel = self.exit_stack.enter_context(selectors.DefaultSelector()) + self.sel.register( + self._stop_pipe_rfd, selectors.EVENT_READ, self._stop_pipe_read + ) + self.sel.register(self.listen_socket, selectors.EVENT_READ, self._accept) + # logger.debug("loop init") + while self.should_loop: + for key, events in self.sel.select(timeout=1): + callback = key.data + callback(key.fileobj, events) + # logger.debug("loop done") + + def stop(self): + """Try to stop nicely""" + os.write(self._stop_pipe_wfd, b"Q") + self.join() + self.exit_stack.close() + + def __enter__(self): + self.start() + return self + + def __exit__(self, *args): + self.stop() diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_bind.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_bind.py new file mode 100644 index 000000000000..ecbaadcd6be8 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_bind.py @@ -0,0 +1,145 @@ +# SPDX-License-Identifier: GPL-2.0 +"""Test TCP-AO keys can be bound to specific remote addresses""" +from contextlib import ExitStack +import socket +import pytest +from .netns_fixture import NamespaceFixture +from .utils import create_listen_socket +from .server import SimpleServerThread +from .linux_tcp_authopt import ( + tcp_authopt, + TCP_AUTHOPT_FLAG, + TCP_AUTHOPT_KEY_FLAG, + TCP_AUTHOPT_ALG, + set_tcp_authopt, + set_tcp_authopt_key, + tcp_authopt_key, +) +from .utils import netns_context, DEFAULT_TCP_SERVER_PORT, check_socket_echo +from .conftest import skipif_missing_tcp_authopt + +pytestmark = skipif_missing_tcp_authopt + + +@pytest.mark.parametrize("address_family", [socket.AF_INET, socket.AF_INET6]) +def test_addr_server_bind(exit_stack: ExitStack, address_family): + """ "Server only accept client2, check client1 fails""" + nsfixture = exit_stack.enter_context(NamespaceFixture()) + server_addr = str(nsfixture.get_addr(address_family, 1, 1)) + client_addr = str(nsfixture.get_addr(address_family, 2, 1)) + client_addr2 = str(nsfixture.get_addr(address_family, 2, 2)) + + # create server: + listen_socket = exit_stack.push( + create_listen_socket(family=address_family, ns=nsfixture.server_netns_name) + ) + exit_stack.enter_context(SimpleServerThread(listen_socket, mode="echo")) + + # set keys: + server_key = tcp_authopt_key( + alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, + key="hello", + flags=TCP_AUTHOPT_KEY_FLAG.BIND_ADDR, + addr=client_addr2, + ) + set_tcp_authopt( + listen_socket, + tcp_authopt(flags=TCP_AUTHOPT_FLAG.REJECT_UNEXPECTED), + ) + set_tcp_authopt_key(listen_socket, server_key) + + # create client socket: + def create_client_socket(): + with netns_context(nsfixture.client_netns_name): + client_socket = socket.socket(address_family, socket.SOCK_STREAM) + client_key = tcp_authopt_key( + alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, + key="hello", + ) + set_tcp_authopt_key(client_socket, client_key) + return client_socket + + # addr match: + # with create_client_socket() as client_socket2: + # client_socket2.bind((client_addr2, 0)) + # client_socket2.settimeout(1.0) + # client_socket2.connect((server_addr, TCP_SERVER_PORT)) + + # addr mismatch: + with create_client_socket() as client_socket1: + client_socket1.bind((client_addr, 0)) + with pytest.raises(socket.timeout): + client_socket1.settimeout(1.0) + client_socket1.connect((server_addr, DEFAULT_TCP_SERVER_PORT)) + + +@pytest.mark.parametrize("address_family", [socket.AF_INET, socket.AF_INET6]) +def test_addr_client_bind(exit_stack: ExitStack, address_family): + """Client configures different keys with same id but different addresses""" + nsfixture = exit_stack.enter_context(NamespaceFixture()) + server_addr1 = str(nsfixture.get_addr(address_family, 1, 1)) + server_addr2 = str(nsfixture.get_addr(address_family, 1, 2)) + client_addr = str(nsfixture.get_addr(address_family, 2, 1)) + + # create servers: + listen_socket1 = exit_stack.enter_context( + create_listen_socket( + family=address_family, ns=nsfixture.server_netns_name, bind_addr=server_addr1 + ) + ) + listen_socket2 = exit_stack.enter_context( + create_listen_socket( + family=address_family, ns=nsfixture.server_netns_name, bind_addr=server_addr2 + ) + ) + exit_stack.enter_context(SimpleServerThread(listen_socket1, mode="echo")) + exit_stack.enter_context(SimpleServerThread(listen_socket2, mode="echo")) + + # set keys: + set_tcp_authopt_key( + listen_socket1, + tcp_authopt_key( + alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, + key="11111", + ), + ) + set_tcp_authopt_key( + listen_socket2, + tcp_authopt_key( + alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, + key="22222", + ), + ) + + # create client socket: + def create_client_socket(): + with netns_context(nsfixture.client_netns_name): + client_socket = socket.socket(address_family, socket.SOCK_STREAM) + set_tcp_authopt_key( + client_socket, + tcp_authopt_key( + alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, + key="11111", + flags=TCP_AUTHOPT_KEY_FLAG.BIND_ADDR, + addr=server_addr1, + ), + ) + set_tcp_authopt_key( + client_socket, + tcp_authopt_key( + alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, + key="22222", + flags=TCP_AUTHOPT_KEY_FLAG.BIND_ADDR, + addr=server_addr2, + ), + ) + client_socket.settimeout(1.0) + client_socket.bind((client_addr, 0)) + return client_socket + + with create_client_socket() as client_socket1: + client_socket1.connect((server_addr1, DEFAULT_TCP_SERVER_PORT)) + check_socket_echo(client_socket1) + with create_client_socket() as client_socket2: + client_socket2.connect((server_addr2, DEFAULT_TCP_SERVER_PORT)) + check_socket_echo(client_socket2) diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/utils.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/utils.py new file mode 100644 index 000000000000..acbd7307f712 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/utils.py @@ -0,0 +1,102 @@ +# SPDX-License-Identifier: GPL-2.0 +import json +import random +import subprocess +import socket +from contextlib import nullcontext + +from nsenter import Namespace + +# TCP port does not impact Authentication Option so define a single default +DEFAULT_TCP_SERVER_PORT = 17971 + + +def recvall(sock, todo): + """Receive exactly todo bytes unless EOF""" + data = bytes() + while True: + chunk = sock.recv(todo) + if not len(chunk): + return data + data += chunk + todo -= len(chunk) + if todo == 0: + return data + assert todo > 0 + + +def randbytes(count) -> bytes: + """Return a random byte array""" + return bytes([random.randint(0, 255) for index in range(count)]) + + +def check_socket_echo(sock: socket.socket, size=1000): + """Send random bytes and check they are received + + The default size is equal to `SimpleServerThread.DEFAULT_BUFSIZE` which + means that a single pair of packets will be sent at the TCP level. + """ + send_buf = randbytes(size) + sock.sendall(send_buf) + recv_buf = recvall(sock, size) + assert send_buf == recv_buf + + +def nstat_json(command_prefix: str = ""): + """Parse nstat output into a python dict""" + runres = subprocess.run( + f"{command_prefix}nstat -a --zeros --json", + shell=True, + check=True, + stdout=subprocess.PIPE, + encoding="utf-8", + ) + return json.loads(runres.stdout)["kernel"] + + +def netns_context(ns: str = ""): + """Create context manager for a certain optional netns + + If the ns argument is empty then just return a `nullcontext` + """ + if ns: + return Namespace("/var/run/netns/" + ns, "net") + else: + return nullcontext() + + +def create_listen_socket( + ns: str = "", + family=socket.AF_INET, + reuseaddr=True, + listen_depth=10, + bind_addr="", + bind_port=DEFAULT_TCP_SERVER_PORT, +): + with netns_context(ns): + listen_socket = socket.socket(family, socket.SOCK_STREAM) + if reuseaddr: + listen_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + listen_socket.bind((str(bind_addr), bind_port)) + listen_socket.listen(listen_depth) + return listen_socket + + +def create_client_socket( + ns: str = "", family=socket.AF_INET, bind_addr="", bind_port=0, timeout=1.0 +): + with netns_context(ns): + client_socket = socket.socket(family, socket.SOCK_STREAM) + if bind_addr or bind_port: + client_socket.bind((str(bind_addr), bind_port)) + if timeout is not None: + client_socket.settimeout(timeout) + return client_socket + + +def socket_set_linger(sock, onoff, value): + import struct + + sock.setsockopt( + socket.SOL_SOCKET, socket.SO_LINGER, struct.pack("ii", int(onoff), int(value)) + ) From patchwork Tue Sep 21 16:14:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508231 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9D8CC433FE for ; Tue, 21 Sep 2021 16:17:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B55B961100 for ; Tue, 21 Sep 2021 16:17:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234552AbhIUQTL (ORCPT ); Tue, 21 Sep 2021 12:19:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33620 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234546AbhIUQSm (ORCPT ); Tue, 21 Sep 2021 12:18:42 -0400 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 681A4C061760; Tue, 21 Sep 2021 09:17:12 -0700 (PDT) Received: by mail-ed1-x536.google.com with SMTP id co2so29799531edb.8; Tue, 21 Sep 2021 09:17:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HG7lO2Auqog9LQbUof/KxwFt3hgNmc5olI0OW6ZVatU=; b=mWPnMa30UuQZFU6f2ypidGLMHP2lLlUxl7seL4ZC3pvb3IahmCoC18SugVCWMKy2dX 0mk7JuPTEPJho06rvrZaCKZgNIYEwHe2NDoelsI36XtLjcLG2Egb/DqYCZIQXWiKVAgu fnaZLbjHmuK9oXxc+pgjqbIJ8avquNIhAiEJOjR2pbyrkM6KbAuZKGFnyZXJzEVYP3s6 ybSZiONhz3gea+LoSGojAFxaEPE5MUPsWcAcVp86zsW6/m1fK/H5g55VK12N/BA0TBDM HahcGlJhZtVpDUYGot8imeZC0C1WUYqY2zmyxkrTmMUdnckT49Elegy1sYFT8zzDcBdu cvpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HG7lO2Auqog9LQbUof/KxwFt3hgNmc5olI0OW6ZVatU=; b=llV+L7a7DX+YucICVK5iqtPh3O0q0ssehw+QXww2zIf2WMGNRRlQy07BmE54g1uicr NIONheM93b7RwUUYg06E95+I07imeJ+RUnPX6a8mHLLgw+6w0xv+OvkkahedEN0grfrz SwnUpJV5fluYRem7MQBgqfPBZidNUC35sUUgQ69sYPGYM0cXL0aqtMs51BvucIZbuoZ5 f4OTLyXl8qCM/OwpSY9QNHRDaDB1Y8BE9xO3HKVD49aKLM2RsUcNss4fe1DbZSMunXK0 bbhV/0iANUtAN5pCD6Vo6dEfunee7cbl3bM0qv19W7vORI39NGouacDWUmfbbwv1GxjI ZxFg== X-Gm-Message-State: AOAM531qk8LxkyfCFcaZYkJGqMghqz6dNSQ3+z7lt4gez8PEcnU8uDh7 GEC6yEzLUh+snX8zk4K1wrQ= X-Google-Smtp-Source: ABdhPJwzP4oBIORcv9u/AdUF7zadNt0SEGu2D3IwhLHGlIE446zoe/5qPH3XbXx6k41AsZ/PIuwRZQ== X-Received: by 2002:a05:6402:455:: with SMTP id p21mr36203509edw.309.1632240933293; Tue, 21 Sep 2021 09:15:33 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:32 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 10/19] tcp: ipv6: Add AO signing for tcp_v6_send_response Date: Tue, 21 Sep 2021 19:14:53 +0300 Message-Id: <8e833ab5b18f35909261cbd5c117f739f2611e0d.1632240523.git.cdleonard@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This is a special code path for acks and resets outside of normal connection establishment and closing. Signed-off-by: Leonard Crestez --- net/ipv6/tcp_ipv6.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 724145ddf122..d922219af20e 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -896,13 +896,37 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 struct sock *ctl_sk = net->ipv6.tcp_sk; unsigned int tot_len = sizeof(struct tcphdr); __be32 mrst = 0, *topt; struct dst_entry *dst; __u32 mark = 0; +#ifdef CONFIG_TCP_AUTHOPT + struct tcp_authopt_info *authopt_info = NULL; + struct tcp_authopt_key_info *authopt_key_info = NULL; + u8 authopt_rnextkeyid; +#endif if (tsecr) tot_len += TCPOLEN_TSTAMP_ALIGNED; +#ifdef CONFIG_TCP_AUTHOPT + /* Key lookup before SKB allocation */ + if (static_branch_unlikely(&tcp_authopt_needed) && sk) + { + if (sk->sk_state == TCP_TIME_WAIT) + authopt_info = tcp_twsk(sk)->tw_authopt_info; + else + authopt_info = rcu_dereference(tcp_sk(sk)->authopt_info); + + if (authopt_info) { + authopt_key_info = __tcp_authopt_select_key(sk, authopt_info, sk, &authopt_rnextkeyid); + if (authopt_key_info) { + tot_len += TCPOLEN_AUTHOPT_OUTPUT; + /* Don't use MD5 */ + key = NULL; + } + } + } +#endif #ifdef CONFIG_TCP_MD5SIG if (key) tot_len += TCPOLEN_MD5SIG_ALIGNED; #endif @@ -955,10 +979,21 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 tcp_v6_md5_hash_hdr((__u8 *)topt, key, &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, t1); } #endif +#ifdef CONFIG_TCP_AUTHOPT + /* Compute the TCP-AO mac. Unlike in the ipv4 case we have a real SKB */ + if (static_branch_unlikely(&tcp_authopt_needed) && authopt_key_info) + { + *topt++ = htonl((TCPOPT_AUTHOPT << 24) | + (TCPOLEN_AUTHOPT_OUTPUT << 16) | + (authopt_key_info->send_id << 8) | + (authopt_rnextkeyid)); + tcp_authopt_hash((char*)topt, authopt_key_info, (struct sock*)sk, buff); + } +#endif memset(&fl6, 0, sizeof(fl6)); fl6.daddr = ipv6_hdr(skb)->saddr; fl6.saddr = ipv6_hdr(skb)->daddr; fl6.flowlabel = label; From patchwork Tue Sep 21 16:14:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508235 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DC64C433F5 for ; Tue, 21 Sep 2021 16:17:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 69D666115A for ; Tue, 21 Sep 2021 16:17:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234470AbhIUQTN (ORCPT ); Tue, 21 Sep 2021 12:19:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234526AbhIUQSk (ORCPT ); Tue, 21 Sep 2021 12:18:40 -0400 Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E1399C061575; Tue, 21 Sep 2021 09:17:09 -0700 (PDT) Received: by mail-ed1-x52a.google.com with SMTP id eg28so53600344edb.1; Tue, 21 Sep 2021 09:17:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=tn4CP0rVaPBCvAa1AgJpDJmjYYuaun+JN2VJXULQEUA=; b=PplHb97KK0YpRW+4V+pSfbmFVxwSeVGHIpgptNQgAf/kL3vRQda4R0IpqH/Ypy7/AP Bc1V2G4vtYXlwWXlrMslzdVwT2DMUVWLLJ0bPUqhkEGxusP1ATbO23UPwWhqzoUfMdGo EIx025OkPm+UxzfuZRQbePSCuVHZgdRzsAINMMLUq/jMkh7cuwfBRrJL7seKn/Cp5W1W CTEyNoLU3KjcoXLRxQZmFa4CMbFRsSCXk/fYhofPdOTdLJrGnSymBXtyFMES+JW+Nyg8 wGTqFMqXO1JTUFOf5DAS3YltvDyzlm9uPtOK2NG/rJnnoFBBDGqOR0IANUt2+EM461Wa FUGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=tn4CP0rVaPBCvAa1AgJpDJmjYYuaun+JN2VJXULQEUA=; b=uF52XMbstMsBPEpiC2Q5YWQPZp5Aos9kA3rwZJeEZW0fviw5YA7Kj2pXHBYDknjxI/ UvU1QdUaQvmCOPfuM5TlQaMgSUDr9R3OsL8XI0cgrGfE64nyfHASn5TaNrTBTCjwXXWU fS66IGGCzS/S3CgAb5ZPjPn6ar39EOg+KQxBB7wCI77ElvIliVNAWo/tYenWkNFdAKwL dFVZhsobT7hBijse8SvSZNlBfSiE5wTWDISKJZCrm+9IW0Q293vbp/X9VIFpvIcHr7Nn DInIuFOF3qP8oL54zNqUE9ggj0LWTsrqQ2zrDwhxMSxGLlNSOYIDt/nE2HvCft5ckQ/j ea7w== X-Gm-Message-State: AOAM530nrGe07h42PEwtSqUSOnYhSoZhl3RKdR37K9qdrW5uRe7WAq1A 0W48xg42Q7ZGT13UHogvE0M= X-Google-Smtp-Source: ABdhPJy7x5BquSLn2axABT7ln/2JxDM53KIIbdLKZXjE++QbzVTDUQG6dr4Qa5NTgAfczj061HnQaQ== X-Received: by 2002:a05:6402:2913:: with SMTP id ee19mr35884241edb.332.1632240935288; Tue, 21 Sep 2021 09:15:35 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:34 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 11/19] tcp: authopt: Add support for signing skb-less replies Date: Tue, 21 Sep 2021 19:14:54 +0300 Message-Id: <7301a3b6ce1c5c282f10c2cc45a1409dee8abd86.1632240523.git.cdleonard@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This is required because tcp ipv4 sometimes sends replies without allocating a full skb that can be signed by tcp authopt. Handle this with additional code in tcp authopt. Signed-off-by: Leonard Crestez --- include/net/tcp_authopt.h | 7 ++ net/ipv4/tcp_authopt.c | 147 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 154 insertions(+) diff --git a/include/net/tcp_authopt.h b/include/net/tcp_authopt.h index 422f0034d32b..b012eaaf416f 100644 --- a/include/net/tcp_authopt.h +++ b/include/net/tcp_authopt.h @@ -81,10 +81,17 @@ static inline struct tcp_authopt_key_info *tcp_authopt_select_key( } int tcp_authopt_hash( char *hash_location, struct tcp_authopt_key_info *key, struct sock *sk, struct sk_buff *skb); +int tcp_v4_authopt_hash_reply( + char *hash_location, + struct tcp_authopt_info *info, + struct tcp_authopt_key_info *key, + __be32 saddr, + __be32 daddr, + struct tcphdr *th); int __tcp_authopt_openreq(struct sock *newsk, const struct sock *oldsk, struct request_sock *req); static inline int tcp_authopt_openreq( struct sock *newsk, const struct sock *oldsk, struct request_sock *req) diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c index 41f844d5d49a..756182401a3b 100644 --- a/net/ipv4/tcp_authopt.c +++ b/net/ipv4/tcp_authopt.c @@ -798,10 +798,74 @@ static int tcp_authopt_get_traffic_key(struct sock *sk, out: tcp_authopt_put_kdf_shash(key, kdf_tfm); return err; } +struct tcp_v4_authopt_context_data { + __be32 saddr; + __be32 daddr; + __be16 sport; + __be16 dport; + __be32 sisn; + __be32 disn; + __be16 digestbits; +} __packed; + +static int tcp_v4_authopt_get_traffic_key_noskb( + struct tcp_authopt_key_info *key, + __be32 saddr, + __be32 daddr, + __be16 sport, + __be16 dport, + __be32 sisn, + __be32 disn, + u8 *traffic_key) +{ + int err; + struct crypto_shash *kdf_tfm; + SHASH_DESC_ON_STACK(desc, kdf_tfm); + struct tcp_v4_authopt_context_data data; + BUILD_BUG_ON(sizeof(data) != 22); + + kdf_tfm = tcp_authopt_get_kdf_shash(key); + if (IS_ERR(kdf_tfm)) + return PTR_ERR(kdf_tfm); + + err = tcp_authopt_setkey(kdf_tfm, key); + if (err) + goto out; + + desc->tfm = kdf_tfm; + err = crypto_shash_init(desc); + if (err) + goto out; + + // RFC5926 section 3.1.1.1 + // Separate to keep alignment semi-sane + err = crypto_shash_update(desc, "\x01TCP-AO", 7); + if (err) + return err; + data.saddr = saddr; + data.daddr = daddr; + data.sport = sport; + data.dport = dport; + data.sisn = sisn; + data.disn = disn; + data.digestbits = htons(crypto_shash_digestsize(desc->tfm) * 8); + + err = crypto_shash_update(desc, (u8*)&data, sizeof(data)); + if (err) + goto out; + err = crypto_shash_final(desc, traffic_key); + if (err) + goto out; + +out: + tcp_authopt_put_kdf_shash(key, kdf_tfm); + return err; +} + static int crypto_shash_update_zero(struct shash_desc *desc, int len) { u8 zero = 0; int i, err; @@ -1122,10 +1186,93 @@ int tcp_authopt_hash(char *hash_location, memcpy(hash_location, macbuf, TCP_AUTHOPT_MACLEN); return 0; } +/** + * tcp_v4_authopt_hash_hdr - Hash tcp+ipv4 header without SKB + * + * The key must come from tcp_authopt_select_key. + */ +int tcp_v4_authopt_hash_reply(char *hash_location, + struct tcp_authopt_info *info, + struct tcp_authopt_key_info *key, + __be32 saddr, + __be32 daddr, + struct tcphdr *th) +{ + struct crypto_shash *mac_tfm; + u8 macbuf[TCP_AUTHOPT_MAXMACBUF]; + u8 traffic_key[TCP_AUTHOPT_MAX_TRAFFIC_KEY_LEN]; + SHASH_DESC_ON_STACK(desc, tfm); + __be32 sne = 0; + int err; + + /* Call special code path for computing traffic key without skb + * This can be called from tcp_v4_reqsk_send_ack so caching would be + * difficult here. + */ + err = tcp_v4_authopt_get_traffic_key_noskb( + key, + saddr, + daddr, + th->source, + th->dest, + htonl(info->src_isn), + htonl(info->dst_isn), + traffic_key); + if (err) + goto out_err_traffic_key; + + /* Init mac shash */ + mac_tfm = tcp_authopt_get_mac_shash(key); + if (IS_ERR(mac_tfm)) + return PTR_ERR(mac_tfm); + err = crypto_shash_setkey(mac_tfm, traffic_key, key->alg->traffic_key_len); + if (err) + goto out_err; + + desc->tfm = mac_tfm; + err = crypto_shash_init(desc); + if (err) + return err; + + err = crypto_shash_update(desc, (u8 *)&sne, 4); + if (err) + return err; + + err = tcp_authopt_hash_tcp4_pseudoheader(desc, saddr, daddr, th->doff * 4); + if (err) + return err; + + // TCP header with checksum set to zero. Caller ensures this. + if (WARN_ON_ONCE(th->check != 0)) + goto out_err; + err = crypto_shash_update(desc, (u8 *)th, sizeof(*th)); + if (err) + goto out_err; + + // TCP options + err = tcp_authopt_hash_opts(desc, th, !(key->flags & TCP_AUTHOPT_KEY_EXCLUDE_OPTS)); + if (err) + goto out_err; + + err = crypto_shash_final(desc, macbuf); + if (err) + goto out_err; + memcpy(hash_location, macbuf, TCP_AUTHOPT_MACLEN); + + tcp_authopt_put_mac_shash(key, mac_tfm); + return 0; + +out_err: + tcp_authopt_put_mac_shash(key, mac_tfm); +out_err_traffic_key: + memset(hash_location, 0, TCP_AUTHOPT_MACLEN); + return err; +} + static struct tcp_authopt_key_info *tcp_authopt_lookup_recv(struct sock *sk, struct sk_buff *skb, struct tcp_authopt_info *info, int recv_id) { From patchwork Tue Sep 21 16:14:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508213 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F985C433EF for ; Tue, 21 Sep 2021 16:17:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 07A7D60EE4 for ; Tue, 21 Sep 2021 16:17:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233250AbhIUQS0 (ORCPT ); Tue, 21 Sep 2021 12:18:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33482 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234408AbhIUQSN (ORCPT ); Tue, 21 Sep 2021 12:18:13 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 262CEC061757; Tue, 21 Sep 2021 09:16:45 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id u27so4130877edi.9; Tue, 21 Sep 2021 09:16:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=WgCl/8N1xU0ogg40eA7oe0JV/xgw+jVwPRhb8bXB9rI=; b=QdHOZqy7jL7ykg/jKXOfpwYc4/Jy872Uo4uu2qBMHyURzWvSq678LeYot53vie6Qds E+y4QXzdmL4Q4yWN8+EYcBLBRuHuYFcDhCKxpzXWVrdh79CDXfHyXiCYPbXtan1BppQf i9DOicoBJfQqN6Lqp0FeYxUNQzwc3VC1QKArwRT2Y8IDWZn8u6aBcWC1aLSGT3VPjW8w sUfkIPDfNmLkuEuE3RKCxvSHTyUW3UoVURmeTJ42cFA8Z29o+CZVMAEu/+kFtd4plVKd UR182GsZdLNb6MHe3mzxpRfQGa5vuqv3yWv039umXJdF4HiS/LaVZ5XvkX1Cp/DKNU5n LLtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WgCl/8N1xU0ogg40eA7oe0JV/xgw+jVwPRhb8bXB9rI=; b=Ichl3vliokCoR4Q1BvVKItnTin3uO5LmKLaTnXru3aWHchu4oxF1aazMcqep2qi8Qj 9fBWCvuDPW7SbSwKyCfnhAZ+49LO4hf1psGxN35AbhQn3gqxmrTyLn9iiIxmhSzJdsbH PQopOMoKlZbuafpEoNuOmHqcb5NDY2Y7dxj7AAab0QXB794Tr9UHN6vPe6VZX3rTg+5E S+P1Z1ZgQs9DYYXKJgv1D+XpBYfl/7f27m5YWP+ftVgoRuR415axzDBNklcVFjAXHghs XPb7RI2WuiR7LLIaPnXfTpxwMKUrDGauGr7YwSp5n+HemfgC/zgeyS0DN4YtHtPQxJqD IQvQ== X-Gm-Message-State: AOAM530K3WV+ur9o/mFEphW1f67rkCBq4QBVTGUlchkRTj5tQz+BlGNy HGXUInxgu6Mhpe/m/3HioXI= X-Google-Smtp-Source: ABdhPJzdAHGAoFGVBFMnG+75GZi6HDU5jM/M6p7NHklJ4FCVqWC9WtYNGB3I212c5+QHycHEKSCJpw== X-Received: by 2002:a17:907:628d:: with SMTP id nd13mr36191653ejc.7.1632240937066; Tue, 21 Sep 2021 09:15:37 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:36 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 12/19] tcp: ipv4: Add AO signing for skb-less replies Date: Tue, 21 Sep 2021 19:14:55 +0300 Message-Id: <447b514284c1f8a6462bd8c248e3312095f4f5af.1632240523.git.cdleonard@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The code in tcp_v4_send_ack and tcp_v4_send_reset does not allocate a full skb so special handling is required for tcp-authopt handling. Signed-off-by: Leonard Crestez --- net/ipv4/tcp_ipv4.c | 79 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 76 insertions(+), 3 deletions(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index e5c790795662..2d5fbe7690aa 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -641,10 +641,50 @@ void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb) __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr); } EXPORT_SYMBOL(tcp_v4_send_check); +/** tcp_v4_authopt_handle_reply - Insert TCPOPT_AUTHOPT if required + * + * returns number of bytes (always aligned to 4) or zero + */ +static int tcp_v4_authopt_handle_reply( + const struct sock *sk, + struct sk_buff *skb, + __be32* optptr, + struct tcphdr *th) +{ + struct tcp_authopt_info *info; + struct tcp_authopt_key_info *key_info; + u8 rnextkeyid; + + if (sk->sk_state == TCP_TIME_WAIT) + info = tcp_twsk(sk)->tw_authopt_info; + else + info = tcp_sk(sk)->authopt_info; + if (!info) + return 0; + key_info = __tcp_authopt_select_key(sk, info, sk, &rnextkeyid); + if (!key_info) + return 0; + *optptr = htonl((TCPOPT_AUTHOPT << 24) | + (TCPOLEN_AUTHOPT_OUTPUT << 16) | + (key_info->send_id << 8) | + (rnextkeyid)); + /* must update doff before signature computation */ + th->doff += TCPOLEN_AUTHOPT_OUTPUT / 4; + tcp_v4_authopt_hash_reply( + (char*)(optptr + 1), + info, + key_info, + ip_hdr(skb)->daddr, + ip_hdr(skb)->saddr, + th); + + return TCPOLEN_AUTHOPT_OUTPUT; +} + /* * This routine will send an RST to the other tcp. * * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.) * for reset. @@ -656,10 +696,12 @@ EXPORT_SYMBOL(tcp_v4_send_check); * Exception: precedence violation. We do not implement it in any case. */ #ifdef CONFIG_TCP_MD5SIG #define OPTION_BYTES TCPOLEN_MD5SIG_ALIGNED +#elif defined(OPTION_BYTES_TCP_AUTHOPT) +#define OPTION_BYTES TCPOLEN_AUTHOPT_OUTPUT #else #define OPTION_BYTES sizeof(__be32) #endif static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb) @@ -709,12 +751,28 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb) memset(&arg, 0, sizeof(arg)); arg.iov[0].iov_base = (unsigned char *)&rep; arg.iov[0].iov_len = sizeof(rep.th); net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev); -#ifdef CONFIG_TCP_MD5SIG +#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AUTHOPT) rcu_read_lock(); +#endif +#ifdef CONFIG_TCP_AUTHOPT + /* Unlike TCP-MD5 the signatures for TCP-AO depend on initial sequence + * numbers so we can only handle established and time-wait sockets. + * + * FIXME: What about RST in response to SYN? + */ + if (static_branch_unlikely(&tcp_authopt_needed) && sk && sk->sk_state != TCP_NEW_SYN_RECV && sk->sk_state != TCP_LISTEN) { + int tcp_authopt_ret = tcp_v4_authopt_handle_reply(sk, skb, rep.opt, &rep.th); + if (tcp_authopt_ret) { + arg.iov[0].iov_len += tcp_authopt_ret; + goto skip_md5sig; + } + } +#endif +#ifdef CONFIG_TCP_MD5SIG hash_location = tcp_parse_md5sig_option(th); if (sk && sk_fullsock(sk)) { const union tcp_md5_addr *addr; int l3index; @@ -752,11 +810,10 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb) addr = (union tcp_md5_addr *)&ip_hdr(skb)->saddr; key = tcp_md5_do_lookup(sk1, l3index, addr, AF_INET); if (!key) goto out; - genhash = tcp_v4_md5_hash_skb(newhash, key, NULL, skb); if (genhash || memcmp(hash_location, newhash, 16) != 0) goto out; } @@ -773,10 +830,11 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb) tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1], key, ip_hdr(skb)->saddr, ip_hdr(skb)->daddr, &rep.th); } #endif +skip_md5sig: /* Can't co-exist with TCPMD5, hence check rep.opt[0] */ if (rep.opt[0] == 0) { __be32 mrst = mptcp_reset_option(skb); if (mrst) { @@ -825,11 +883,11 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb) ctl_sk->sk_mark = 0; __TCP_INC_STATS(net, TCP_MIB_OUTSEGS); __TCP_INC_STATS(net, TCP_MIB_OUTRSTS); local_bh_enable(); -#ifdef CONFIG_TCP_MD5SIG +#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AUTHOPT) out: rcu_read_unlock(); #endif } @@ -847,10 +905,12 @@ static void tcp_v4_send_ack(const struct sock *sk, struct { struct tcphdr th; __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2) #ifdef CONFIG_TCP_MD5SIG + (TCPOLEN_MD5SIG_ALIGNED >> 2) +#elif defined (CONFIG_TCP_AUTHOPT) + + (TCPOLEN_AUTHOPT_OUTPUT >> 2) #endif ]; } rep; struct net *net = sock_net(sk); struct ip_reply_arg arg; @@ -878,10 +938,22 @@ static void tcp_v4_send_ack(const struct sock *sk, rep.th.seq = htonl(seq); rep.th.ack_seq = htonl(ack); rep.th.ack = 1; rep.th.window = htons(win); +#ifdef CONFIG_TCP_AUTHOPT + if (static_branch_unlikely(&tcp_authopt_needed)) + { + int offset = (tsecr) ? 3 : 0; + + int tcp_authopt_ret = tcp_v4_authopt_handle_reply(sk, skb, &rep.opt[offset], &rep.th); + if (tcp_authopt_ret) { + arg.iov[0].iov_len += tcp_authopt_ret; + goto skip_md5sig; + } + } +#endif #ifdef CONFIG_TCP_MD5SIG if (key) { int offset = (tsecr) ? 3 : 0; rep.opt[offset++] = htonl((TCPOPT_NOP << 24) | @@ -894,10 +966,11 @@ static void tcp_v4_send_ack(const struct sock *sk, tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset], key, ip_hdr(skb)->saddr, ip_hdr(skb)->daddr, &rep.th); } #endif +skip_md5sig: arg.flags = reply_flags; arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr, ip_hdr(skb)->saddr, /* XXX */ arg.iov[0].iov_len, IPPROTO_TCP, 0); arg.csumoffset = offsetof(struct tcphdr, check) / 2; From patchwork Tue Sep 21 16:14:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508227 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3A87C4332F for ; Tue, 21 Sep 2021 16:17:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AD3CE60F70 for ; Tue, 21 Sep 2021 16:17:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234675AbhIUQSz (ORCPT ); Tue, 21 Sep 2021 12:18:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33464 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234475AbhIUQSf (ORCPT ); Tue, 21 Sep 2021 12:18:35 -0400 Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 78991C061764; Tue, 21 Sep 2021 09:17:06 -0700 (PDT) Received: by mail-ed1-x533.google.com with SMTP id bx4so32132965edb.4; Tue, 21 Sep 2021 09:17:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HeAfkH4ROj0yxoB2AlM931ZPipLTsDyKMbP+SmnI7KE=; b=CCt4Bl5CFLY2QNtn0yqZVnMYe6HFvqET7vCz1B0bQ2PxGQHLOFpkme9Wst7S1EPIvT bRpL1nZZWi2vayi8ZgW8n0hpc0uBr4wSGLGnpk/Nz8E64JlDzIjc0s0QDpeXycDxZTHC 2ExGBB3cQOn2IaYfadgbaVv/Y0iqDC4y4elnbGCuMwOfIy1uS/U2vtjeSbzURyS0HQyX IreA7Ze9M2PceBXdjAbPAj4HM2zCmqM15Eeb0pToBrHI/qODo3jOrqJEAGsoWSqajaON ShjzrDRm5f0BXPhJ2sEANDq65AKjuWbpbzirTgJycJjzlEv+ARC2eDJcA9s+7PhM08S7 clAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HeAfkH4ROj0yxoB2AlM931ZPipLTsDyKMbP+SmnI7KE=; b=rZPiTJtnlBbe8CX8kvWuyH9kLAEEJJqa/hfNP6RBNkgu1zh+Tm0WZ8szrRAqucDMfN 0A6jT9niHti1K2ZXTZ7iUlVlPDr1DdEIw66Q1hTIJrJSQvmRVPtdC5nsXfX1o14C6znV DOjhUkFKy1HimzE0mMEsEXNhum+OdTPskh81H3UFfM+YwNjiwkf2XJ+qj1/3KcjGSUK9 LxH+PeUvtVJcbEd/E4oH/u7P33gYvi8XZUOYTYzNzH7C0Mwp1Shf09cEmr4BdU4LhNoC eaAdg2lE5ZZSALJB4pg2uzNXphBGOML2BDkmGU+bMvrNAIti8ogHnN8PBUUpJvb/y88X Z+wg== X-Gm-Message-State: AOAM531HQ8x2rFmXcfip2naLSl6NQQfi9xp0FE/CwgJvEgOOBnFxO4fN QzIb+lGkB6nWuMaHJ2lUzRE= X-Google-Smtp-Source: ABdhPJzCA0IYASRKvJIbSUlBfGDIhzTLtT3IanpwvQ6xEHdXbO24xVofplUkJ/gyPwJ8cLsPr+BJbQ== X-Received: by 2002:a17:906:7047:: with SMTP id r7mr34942161ejj.342.1632240938899; Tue, 21 Sep 2021 09:15:38 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:38 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 13/19] selftests: tcp_authopt: Add scapy-based packet signing code Date: Tue, 21 Sep 2021 19:14:56 +0300 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Tools like tcpdump and wireshark can parse the TCP Authentication Option but there is not yet support to verify correct signatures. This patch implements TCP-AO signature verification using scapy and the python cryptography package. The python code is verified itself with a subset of IETF test vectors from this page: https://datatracker.ietf.org/doc/html/draft-touch-tcpm-ao-test-vectors-02 The code in this commit is not specific to linux Signed-off-by: Leonard Crestez --- .../tcp_authopt_test/scapy_tcp_authopt.py | 211 ++++++++++ .../tcp_authopt_test/scapy_utils.py | 176 +++++++++ .../tcp_authopt_test/test_vectors.py | 359 ++++++++++++++++++ .../tcp_authopt/tcp_authopt_test/validator.py | 127 +++++++ 4 files changed, 873 insertions(+) create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_tcp_authopt.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_utils.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_vectors.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/validator.py diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_tcp_authopt.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_tcp_authopt.py new file mode 100644 index 000000000000..c32f9d931d2b --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_tcp_authopt.py @@ -0,0 +1,211 @@ +# SPDX-License-Identifier: GPL-2.0 +"""Packet-processing utilities implementing RFC5925 and RFC2926""" + +import logging +from scapy.layers.inet import TCP +from scapy.packet import Packet +from .scapy_utils import TCPOPT_AUTHOPT, IPvXAddress, get_packet_ipvx_src, get_packet_ipvx_dst, get_tcp_pseudoheader, get_tcp_doff +import struct +import hmac + +logger = logging.getLogger(__name__) + + +def _cmac_aes_digest(key: bytes, msg: bytes) -> bytes: + from cryptography.hazmat.primitives import cmac + from cryptography.hazmat.primitives.ciphers import algorithms + from cryptography.hazmat.backends import default_backend + + backend = default_backend() + c = cmac.CMAC(algorithms.AES(key), backend=backend) + c.update(bytes(msg)) + return c.finalize() + + +class TcpAuthOptAlg: + @classmethod + def kdf(cls, master_key: bytes, context: bytes) -> bytes: + raise NotImplementedError() + + @classmethod + def mac(cls, traffic_key: bytes, message: bytes) -> bytes: + raise NotImplementedError() + + maclen = -1 + + +class TcpAuthOptAlg_HMAC_SHA1(TcpAuthOptAlg): + @classmethod + def kdf(cls, master_key: bytes, context: bytes) -> bytes: + input = b"\x01" + b"TCP-AO" + context + b"\x00\xa0" + return hmac.digest(master_key, input, "SHA1") + + @classmethod + def mac(cls, traffic_key: bytes, message: bytes) -> bytes: + return hmac.digest(traffic_key, message, "SHA1")[:12] + + maclen = 12 + + +class TcpAuthOptAlg_CMAC_AES(TcpAuthOptAlg): + @classmethod + def kdf(self, master_key: bytes, context: bytes) -> bytes: + if len(master_key) == 16: + key = master_key + else: + key = _cmac_aes_digest(b"\x00" * 16, master_key) + return _cmac_aes_digest(key, b"\x01" + b"TCP-AO" + context + b"\x00\x80") + + @classmethod + def mac(self, traffic_key: bytes, message: bytes) -> bytes: + return _cmac_aes_digest(traffic_key, message)[:12] + + maclen = 12 + + +def get_alg(name: str) -> TcpAuthOptAlg: + if name.upper() == "HMAC-SHA-1-96": + return TcpAuthOptAlg_HMAC_SHA1() + elif name.upper() == "AES-128-CMAC-96": + return TcpAuthOptAlg_CMAC_AES() + else: + raise ValueError(f"Bad TCP AuthOpt algorithms {name}") + + +def build_context( + saddr: IPvXAddress, daddr: IPvXAddress, sport, dport, src_isn, dst_isn +) -> bytes: + """Build context bytes as specified by RFC5925 section 5.2""" + return ( + saddr.packed + + daddr.packed + + struct.pack( + "!HHII", + sport, + dport, + src_isn, + dst_isn, + ) + ) + + +def build_context_from_packet(p: Packet, src_isn: int, dst_isn: int) -> bytes: + """Build context based on a scapy Packet and src/dst initial-sequence numbers""" + return build_context( + get_packet_ipvx_src(p), + get_packet_ipvx_dst(p), + p[TCP].sport, + p[TCP].dport, + src_isn, + dst_isn, + ) + + +def build_message_from_packet(p: Packet, include_options=True, sne=0) -> bytearray: + """Build message bytes as described by RFC5925 section 5.1""" + result = bytearray() + result += struct.pack("!I", sne) + th = p[TCP] + + # ip pseudo-header: + result += get_tcp_pseudoheader(th) + + # tcp header with checksum set to zero + th_bytes = bytes(p[TCP]) + result += th_bytes[:16] + result += b"\x00\x00" + result += th_bytes[18:20] + + # Even if include_options=False the TCP-AO option itself is still included + # with the MAC set to all-zeros. This means we need to parse TCP options. + pos = 20 + tcphdr_optend = get_tcp_doff(th) * 4 + # logger.info("th_bytes: %s", th_bytes.hex(' ')) + assert len(th_bytes) >= tcphdr_optend + while pos < tcphdr_optend: + optnum = th_bytes[pos] + pos += 1 + if optnum == 0 or optnum == 1: + if include_options: + result += bytes([optnum]) + continue + + optlen = th_bytes[pos] + pos += 1 + if pos + optlen - 2 > tcphdr_optend: + logger.info( + "bad tcp option %d optlen %d beyond end-of-header", optnum, optlen + ) + break + if optlen < 2: + logger.info("bad tcp option %d optlen %d less than two", optnum, optlen) + break + if optnum == TCPOPT_AUTHOPT: + if optlen < 4: + logger.info("bad tcp option %d optlen %d", optnum, optlen) + break + result += bytes([optnum, optlen]) + result += th_bytes[pos : pos + 2] + result += (optlen - 4) * b"\x00" + elif include_options: + result += bytes([optnum, optlen]) + result += th_bytes[pos : pos + optlen - 2] + pos += optlen - 2 + result += bytes(p[TCP].payload) + return result + + +def check_tcp_authopt_signature( + p: Packet, alg: TcpAuthOptAlg, master_key, sisn, disn, include_options=True, sne=0 +): + from .scapy_utils import scapy_tcp_get_authopt_val + + ao = scapy_tcp_get_authopt_val(p[TCP]) + if ao is None: + return None + + context_bytes = build_context_from_packet(p, sisn, disn) + traffic_key = alg.kdf(master_key, context_bytes) + message_bytes = build_message_from_packet( + p, include_options=include_options, sne=sne + ) + mac = alg.mac(traffic_key, message_bytes) + return mac == ao.mac + + +def add_tcp_authopt_signature( + p: Packet, + alg: TcpAuthOptAlg, + master_key, + sisn, + disn, + keyid=0, + rnextkeyid=0, + include_options=True, + sne=0, +): + """Sign a packet""" + th = p[TCP] + keyids = struct.pack("BB", keyid, rnextkeyid) + th.options = th.options + [(TCPOPT_AUTHOPT, keyids + alg.maclen * b"\x00")] + + context_bytes = build_context_from_packet(p, sisn, disn) + traffic_key = alg.kdf(master_key, context_bytes) + message_bytes = build_message_from_packet( + p, include_options=include_options, sne=sne + ) + mac = alg.mac(traffic_key, message_bytes) + th.options[-1] = (TCPOPT_AUTHOPT, keyids + mac) + + +def break_tcp_authopt_signature(packet: Packet): + """Invalidate TCP-AO signature inside a packet + + The packet must already be signed and it gets modified in-place. + """ + opt = packet[TCP].options[-1] + if opt[0] != TCPOPT_AUTHOPT: + raise ValueError("TCP option list must end with TCP_AUTHOPT") + opt_mac = bytearray(opt[1]) + opt_mac[-1] ^= 0xFF + packet[TCP].options[-1] = (opt[0], bytes(opt_mac)) diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_utils.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_utils.py new file mode 100644 index 000000000000..5000b8fe9ada --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_utils.py @@ -0,0 +1,176 @@ +import typing +import struct +import socket +import threading +from dataclasses import dataclass +from ipaddress import IPv4Address, IPv6Address + +from scapy.packet import Packet +from scapy.layers.inet import IP, TCP +from scapy.layers.inet6 import IPv6 +from scapy.config import conf as scapy_conf +from scapy.sendrecv import AsyncSniffer + +from .utils import netns_context + +# TCPOPT numbers are apparently not available in scapy +TCPOPT_MD5SIG = 19 +TCPOPT_AUTHOPT = 29 + +# Easy generic handling of IPv4/IPv6Address +IPvXAddress = typing.Union[IPv4Address, IPv6Address] + + +def get_packet_ipvx_src(p: Packet) -> IPvXAddress: + if IP in p: + return IPv4Address(p[IP].src) + elif IPv6 in p: + return IPv6Address(p[IPv6].src) + else: + raise Exception("Neither IP nor IPv6 found on packet") + + +def get_packet_ipvx_dst(p: Packet) -> IPvXAddress: + if IP in p: + return IPv4Address(p[IP].dst) + elif IPv6 in p: + return IPv6Address(p[IPv6].dst) + else: + raise Exception("Neither IP nor IPv6 found on packet") + + +def get_tcp_doff(th: TCP): + """Get the TCP data offset, even if packet is not yet built""" + doff = th.dataofs + if doff is None: + opt_len = len(th.get_field("options").i2m(th, th.options)) + doff = 5 + ((opt_len + 3) // 4) + return doff + + +def get_tcp_v4_pseudoheader(tcp_packet: TCP) -> bytes: + iph = tcp_packet.underlayer + return struct.pack( + "!4s4sHH", + IPv4Address(iph.src).packed, + IPv4Address(iph.dst).packed, + socket.IPPROTO_TCP, + get_tcp_doff(tcp_packet) * 4 + len(tcp_packet.payload), + ) + + +def get_tcp_v6_pseudoheader(tcp_packet: TCP) -> bytes: + ipv6 = tcp_packet.underlayer + return struct.pack( + "!16s16sII", + IPv6Address(ipv6.src).packed, + IPv6Address(ipv6.dst).packed, + get_tcp_doff(tcp_packet) * 4 + len(tcp_packet.payload), + socket.IPPROTO_TCP, + ) + + +def get_tcp_pseudoheader(tcp_packet: TCP): + if isinstance(tcp_packet.underlayer, IP): + return get_tcp_v4_pseudoheader(tcp_packet) + if isinstance(tcp_packet.underlayer, IPv6): + return get_tcp_v6_pseudoheader(tcp_packet) + raise ValueError("TCP underlayer is neither IP nor IPv6") + + +def tcp_seq_wrap(seq): + return seq & 0xFFFFFFFF + + +@dataclass +class tcphdr_authopt: + """Representation of a TCP auth option as it appears in a TCP packet""" + + keyid: int + rnextkeyid: int + mac: bytes + + @classmethod + def unpack(cls, buf) -> "tcphdr_authopt": + return cls(buf[0], buf[1], buf[2:]) + + def __repr__(self): + return f"tcphdr_authopt({self.keyid}, {self.rnextkeyid}, bytes.fromhex({self.mac.hex(' ')!r})" + + +def scapy_tcp_get_authopt_val(tcp) -> typing.Optional[tcphdr_authopt]: + for optnum, optval in tcp.options: + if optnum == TCPOPT_AUTHOPT: + return tcphdr_authopt.unpack(optval) + return None + + +def scapy_tcp_get_md5_sig(tcp) -> typing.Optional[bytes]: + """Return the MD5 signature (as bytes) or None""" + for optnum, optval in tcp.options: + if optnum == TCPOPT_MD5SIG: + return optval + return None + + +def calc_tcp_md5_hash(p, key: bytes) -> bytes: + """Calculate TCP-MD5 hash from packet and return a 16-byte string""" + import hashlib + + h = hashlib.md5() + tp = p[TCP] + th_bytes = bytes(p[TCP]) + h.update(get_tcp_pseudoheader(tp)) + h.update(th_bytes[:16]) + h.update(b"\x00\x00") + h.update(th_bytes[18:20]) + h.update(bytes(tp.payload)) + h.update(key) + + return h.digest() + + +def create_l2socket(ns: str = "", **kw): + """Create a scapy L2socket inside a namespace""" + + with netns_context(ns): + return scapy_conf.L2socket(**kw) + + +def create_capture_socket(ns: str = "", **kw): + """Create a scapy L2listen socket inside a namespace""" + from scapy.config import conf as scapy_conf + + with netns_context(ns): + return scapy_conf.L2listen(**kw) + + +def scapy_sniffer_start_block(sniffer: AsyncSniffer, timeout=1): + """Like AsyncSniffer.start except block until sniffing starts + + This ensures no lost packets and no delays + """ + if sniffer.kwargs.get("started_callback"): + raise ValueError("sniffer must not already have a started_callback") + + e = threading.Event() + sniffer.kwargs["started_callback"] = e.set + sniffer.start() + e.wait(timeout=timeout) + if not e.is_set(): + raise TimeoutError("Timed out waiting for sniffer to start") + + +def scapy_sniffer_stop(sniffer: AsyncSniffer): + """Like AsyncSniffer.stop except no error is raising if not running""" + if sniffer is not None and sniffer.running: + sniffer.stop() + + +class AsyncSnifferContext(AsyncSniffer): + def __enter__(self): + scapy_sniffer_start_block(self) + return self + + def __exit__(self, *a): + scapy_sniffer_stop(self) diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_vectors.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_vectors.py new file mode 100644 index 000000000000..e918439ef9f4 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_vectors.py @@ -0,0 +1,359 @@ +# SPDX-License-Identifier: GPL-2.0 +import logging +from ipaddress import IPv4Address, IPv6Address +from scapy.layers.inet import IP, TCP +from scapy.layers.inet6 import IPv6 +from .scapy_tcp_authopt import get_alg, build_context_from_packet, build_message_from_packet +from .scapy_utils import scapy_tcp_get_authopt_val +import socket + +logger = logging.getLogger(__name__) + + +class TestIETFVectors: + """Test python implementation of TCP-AO algorithms + + Data is a subset of IETF test vectors: + https://datatracker.ietf.org/doc/html/draft-touch-tcpm-ao-test-vectors-02 + """ + + master_key = b"testvector" + client_keyid = 61 + server_keyid = 84 + client_ipv4 = IPv4Address("10.11.12.13") + client_ipv6 = IPv6Address("FD00::1") + server_ipv4 = IPv4Address("172.27.28.29") + server_ipv6 = IPv6Address("FD00::2") + + client_isn_41x = 0xFBFBAB5A + server_isn_41x = 0x11C14261 + client_isn_42x = 0xCB0EFBEE + server_isn_42x = 0xACD5B5E1 + client_isn_61x = 0x176A833F + server_isn_61x = 0x3F51994B + client_isn_62x = 0x020C1E69 + server_isn_62x = 0xEBA3734D + + def check( + self, + packet_hex: str, + traffic_key_hex: str, + mac_hex: str, + src_isn, + dst_isn, + include_options=True, + alg_name="HMAC-SHA-1-96", + sne=0, + ): + packet_bytes = bytes.fromhex(packet_hex) + + # sanity check for ip version + ipv = packet_bytes[0] >> 4 + if ipv == 4: + p = IP(bytes.fromhex(packet_hex)) + assert p[IP].proto == socket.IPPROTO_TCP + elif ipv == 6: + p = IPv6(bytes.fromhex(packet_hex)) + assert p[IPv6].nh == socket.IPPROTO_TCP + else: + raise ValueError(f"bad ipv={ipv}") + + # sanity check for seq/ack in SYN/ACK packets + if p[TCP].flags.S and p[TCP].flags.A is False: + assert p[TCP].seq == src_isn + assert p[TCP].ack == 0 + if p[TCP].flags.S and p[TCP].flags.A: + assert p[TCP].seq == src_isn + assert p[TCP].ack == dst_isn + 1 + + # check traffic key + alg = get_alg(alg_name) + context_bytes = build_context_from_packet(p, src_isn, dst_isn) + traffic_key = alg.kdf(self.master_key, context_bytes) + assert traffic_key.hex(" ") == traffic_key_hex + + # check mac + message_bytes = build_message_from_packet( + p, include_options=include_options, sne=sne + ) + mac = alg.mac(traffic_key, message_bytes) + assert mac.hex(" ") == mac_hex + + # check option bytes in header + opt = scapy_tcp_get_authopt_val(p[TCP]) + assert opt is not None + assert opt.keyid in [self.client_keyid, self.server_keyid] + assert opt.rnextkeyid in [self.client_keyid, self.server_keyid] + assert opt.mac.hex(" ") == mac_hex + + def test_4_1_1(self): + self.check( + """ + 45 e0 00 4c dd 0f 40 00 ff 06 bf 6b 0a 0b 0c 0d + ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5a 00 00 00 00 + e0 02 ff ff ca c4 00 00 02 04 05 b4 01 03 03 08 + 04 02 08 0a 00 15 5a b7 00 00 00 00 1d 10 3d 54 + 2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7 + """, + "6d 63 ef 1b 02 fe 15 09 d4 b1 40 27 07 fd 7b 04 16 ab b7 4f", + "2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7", + self.client_isn_41x, + 0, + ) + + def test_4_1_2(self): + self.check( + """ + 45 e0 00 4c 65 06 40 00 ff 06 37 75 ac 1b 1c 1d + 0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 61 fb fb ab 5b + e0 12 ff ff 37 76 00 00 02 04 05 b4 01 03 03 08 + 04 02 08 0a 84 a5 0b eb 00 15 5a b7 1d 10 54 3d + ee ab 0f e2 4c 30 10 81 51 16 b3 be + """, + "d9 e2 17 e4 83 4a 80 ca 2f 3f d8 de 2e 41 b8 e6 79 7f ea 96", + "ee ab 0f e2 4c 30 10 81 51 16 b3 be", + self.server_isn_41x, + self.client_isn_41x, + ) + + def test_4_1_3(self): + self.check( + """ + 45 e0 00 87 36 a1 40 00 ff 06 65 9f 0a 0b 0c 0d + ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5b 11 c1 42 62 + c0 18 01 04 a1 62 00 00 01 01 08 0a 00 15 5a c1 + 84 a5 0b eb 1d 10 3d 54 70 64 cf 99 8c c6 c3 15 + c2 c2 e2 bf ff ff ff ff ff ff ff ff ff ff ff ff + ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d + 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 + 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 + 06 00 64 00 01 01 00 + """, + "d2 e5 9c 65 ff c7 b1 a3 93 47 65 64 63 b7 0e dc 24 a1 3d 71", + "70 64 cf 99 8c c6 c3 15 c2 c2 e2 bf", + self.client_isn_41x, + self.server_isn_41x, + ) + + def test_4_1_4(self): + self.check( + """ + 45 e0 00 87 1f a9 40 00 ff 06 7c 97 ac 1b 1c 1d + 0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 62 fb fb ab 9e + c0 18 01 00 40 0c 00 00 01 01 08 0a 84 a5 0b f5 + 00 15 5a c1 1d 10 54 3d a6 3f 0e cb bb 2e 63 5c + 95 4d ea c7 ff ff ff ff ff ff ff ff ff ff ff ff + ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d + 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 + 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 + 06 00 64 00 01 01 00 + """, + "d9 e2 17 e4 83 4a 80 ca 2f 3f d8 de 2e 41 b8 e6 79 7f ea 96", + "a6 3f 0e cb bb 2e 63 5c 95 4d ea c7", + self.server_isn_41x, + self.client_isn_41x, + ) + + def test_4_2_1(self): + self.check( + """ + 45 e0 00 4c 53 99 40 00 ff 06 48 e2 0a 0b 0c 0d + ac 1b 1c 1d ff 12 00 b3 cb 0e fb ee 00 00 00 00 + e0 02 ff ff 54 1f 00 00 02 04 05 b4 01 03 03 08 + 04 02 08 0a 00 02 4c ce 00 00 00 00 1d 10 3d 54 + 80 af 3c fe b8 53 68 93 7b 8f 9e c2 + """, + "30 ea a1 56 0c f0 be 57 da b5 c0 45 22 9f b1 0a 42 3c d7 ea", + "80 af 3c fe b8 53 68 93 7b 8f 9e c2", + self.client_isn_42x, + 0, + include_options=False, + ) + + def test_4_2_2(self): + self.check( + """ + 45 e0 00 4c 32 84 40 00 ff 06 69 f7 ac 1b 1c 1d + 0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e1 cb 0e fb ef + e0 12 ff ff 38 8e 00 00 02 04 05 b4 01 03 03 08 + 04 02 08 0a 57 67 72 f3 00 02 4c ce 1d 10 54 3d + 09 30 6f 9a ce a6 3a 8c 68 cb 9a 70 + """, + "b5 b2 89 6b b3 66 4e 81 76 b0 ed c6 e7 99 52 41 01 a8 30 7f", + "09 30 6f 9a ce a6 3a 8c 68 cb 9a 70", + self.server_isn_42x, + self.client_isn_42x, + include_options=False, + ) + + def test_4_2_3(self): + self.check( + """ + 45 e0 00 87 a8 f5 40 00 ff 06 f3 4a 0a 0b 0c 0d + ac 1b 1c 1d ff 12 00 b3 cb 0e fb ef ac d5 b5 e2 + c0 18 01 04 6c 45 00 00 01 01 08 0a 00 02 4c ce + 57 67 72 f3 1d 10 3d 54 71 06 08 cc 69 6c 03 a2 + 71 c9 3a a5 ff ff ff ff ff ff ff ff ff ff ff ff + ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d + 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 + 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 + 06 00 64 00 01 01 00 + """, + "f3 db 17 93 d7 91 0e cd 80 6c 34 f1 55 ea 1f 00 34 59 53 e3", + "71 06 08 cc 69 6c 03 a2 71 c9 3a a5", + self.client_isn_42x, + self.server_isn_42x, + include_options=False, + ) + + def test_4_2_4(self): + self.check( + """ + 45 e0 00 87 54 37 40 00 ff 06 48 09 ac 1b 1c 1d + 0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e2 cb 0e fc 32 + c0 18 01 00 46 b6 00 00 01 01 08 0a 57 67 72 f3 + 00 02 4c ce 1d 10 54 3d 97 76 6e 48 ac 26 2d e9 + ae 61 b4 f9 ff ff ff ff ff ff ff ff ff ff ff ff + ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d + 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 + 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 + 06 00 64 00 01 01 00 + """, + "b5 b2 89 6b b3 66 4e 81 76 b0 ed c6 e7 99 52 41 01 a8 30 7f", + "97 76 6e 48 ac 26 2d e9 ae 61 b4 f9", + self.server_isn_42x, + self.client_isn_42x, + include_options=False, + ) + + def test_5_1_1(self): + self.check( + """ + 45 e0 00 4c 7b 9f 40 00 ff 06 20 dc 0a 0b 0c 0d + ac 1b 1c 1d c4 fa 00 b3 78 7a 1d df 00 00 00 00 + e0 02 ff ff 5a 0f 00 00 02 04 05 b4 01 03 03 08 + 04 02 08 0a 00 01 7e d0 00 00 00 00 1d 10 3d 54 + e4 77 e9 9c 80 40 76 54 98 e5 50 91 + """, + "f5 b8 b3 d5 f3 4f db b6 eb 8d 4a b9 66 0e 60 e3", + "e4 77 e9 9c 80 40 76 54 98 e5 50 91", + 0x787A1DDF, + 0, + include_options=True, + alg_name="AES-128-CMAC-96", + ) + + def test_6_1_1(self): + self.check( + """ + 6e 08 91 dc 00 38 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 f7 e4 00 b3 17 6a 83 3f + 00 00 00 00 e0 02 ff ff 47 21 00 00 02 04 05 a0 + 01 03 03 08 04 02 08 0a 00 41 d0 87 00 00 00 00 + 1d 10 3d 54 90 33 ec 3d 73 34 b6 4c 5e dd 03 9f + """, + "62 5e c0 9d 57 58 36 ed c9 b6 42 84 18 bb f0 69 89 a3 61 bb", + "90 33 ec 3d 73 34 b6 4c 5e dd 03 9f", + self.client_isn_61x, + 0, + include_options=True, + ) + + def test_6_1_2(self): + self.check( + """ + 6e 01 00 9e 00 38 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 00 b3 f7 e4 3f 51 99 4b + 17 6a 83 40 e0 12 ff ff bf ec 00 00 02 04 05 a0 + 01 03 03 08 04 02 08 0a bd 33 12 9b 00 41 d0 87 + 1d 10 54 3d f1 cb a3 46 c3 52 61 63 f7 1f 1f 55 + """, + "e4 a3 7a da 2a 0a fc a8 71 14 34 91 3f e1 38 c7 71 eb cb 4a", + "f1 cb a3 46 c3 52 61 63 f7 1f 1f 55", + self.server_isn_61x, + self.client_isn_61x, + include_options=True, + ) + + def test_6_2_2(self): + self.check( + """ + 6e 0a 7e 1f 00 38 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 00 b3 c6 cd eb a3 73 4d + 02 0c 1e 6a e0 12 ff ff 77 4d 00 00 02 04 05 a0 + 01 03 03 08 04 02 08 0a 5e c9 9b 70 00 9d b9 5b + 1d 10 54 3d 3c 54 6b ad 97 43 f1 2d f8 b8 01 0d + """, + "40 51 08 94 7f 99 65 75 e7 bd bc 26 d4 02 16 a2 c7 fa 91 bd", + "3c 54 6b ad 97 43 f1 2d f8 b8 01 0d", + self.server_isn_62x, + self.client_isn_62x, + include_options=False, + ) + + def test_6_2_4(self): + self.check( + """ + 6e 0a 7e 1f 00 73 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 00 b3 c6 cd eb a3 73 4e + 02 0c 1e ad c0 18 01 00 71 6a 00 00 01 01 08 0a + 5e c9 9b 7a 00 9d b9 65 1d 10 54 3d 55 9a 81 94 + 45 b4 fd e9 8d 9e 13 17 ff ff ff ff ff ff ff ff + ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 + 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 + 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd + e8 02 08 40 06 00 64 00 01 01 00 + """, + "40 51 08 94 7f 99 65 75 e7 bd bc 26 d4 02 16 a2 c7 fa 91 bd", + "55 9a 81 94 45 b4 fd e9 8d 9e 13 17", + self.server_isn_62x, + self.client_isn_62x, + include_options=False, + ) + + server_isn_71x = 0xA6744ECB + client_isn_71x = 0x193CCCEC + + def test_7_1_2(self): + self.check( + """ + 6e 06 15 20 00 38 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 00 b3 f8 5a a6 74 4e cb + 19 3c cc ed e0 12 ff ff ea bb 00 00 02 04 05 a0 + 01 03 03 08 04 02 08 0a 71 da ab c8 13 e4 ab 99 + 1d 10 54 3d dc 28 43 a8 4e 78 a6 bc fd c5 ed 80 + """, + "cf 1b 1e 22 5e 06 a6 36 16 76 4a 06 7b 46 f4 b1", + "dc 28 43 a8 4e 78 a6 bc fd c5 ed 80", + self.server_isn_71x, + self.client_isn_71x, + alg_name="AES-128-CMAC-96", + include_options=True, + ) + + def test_7_1_4(self): + self.check( + """ + 6e 06 15 20 00 73 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 00 b3 f8 5a a6 74 4e cc + 19 3c cd 30 c0 18 01 00 52 f4 00 00 01 01 08 0a + 71 da ab d3 13 e4 ab a3 1d 10 54 3d c1 06 9b 7d + fd 3d 69 3a 6d f3 f2 89 ff ff ff ff ff ff ff ff + ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 + 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 + 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd + e8 02 08 40 06 00 64 00 01 01 00 + """, + "cf 1b 1e 22 5e 06 a6 36 16 76 4a 06 7b 46 f4 b1", + "c1 06 9b 7d fd 3d 69 3a 6d f3 f2 89", + self.server_isn_71x, + self.client_isn_71x, + alg_name="AES-128-CMAC-96", + include_options=True, + ) diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/validator.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/validator.py new file mode 100644 index 000000000000..9becd39dc31e --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/validator.py @@ -0,0 +1,127 @@ +# SPDX-License-Identifier: GPL-2.0 +import logging +import typing +from dataclasses import dataclass + +from scapy.layers.inet import TCP +from scapy.packet import Packet + +from . import scapy_tcp_authopt +from .scapy_conntrack import TCPConnectionTracker, get_packet_tcp_connection_key +from .scapy_utils import scapy_tcp_get_authopt_val + +logger = logging.getLogger(__name__) + + +@dataclass +class TcpAuthValidatorKey: + """Representation of a TCP Authentication Option key for the validator + + The matching rules are independent. + """ + + key: bytes + alg_name: str + include_options: bool = True + keyid: typing.Optional[int] = None + sport: typing.Optional[int] = None + dport: typing.Optional[int] = None + + def match_packet(self, p: Packet) -> bool: + """Determine if this key matches a specific packet""" + if not TCP in p: + return False + authopt = scapy_tcp_get_authopt_val(p[TCP]) + if authopt is None: + return False + if self.keyid is not None and authopt.keyid != self.keyid: + return False + if self.sport is not None and p[TCP].sport != self.sport: + return False + if self.dport is not None and p[TCP].dport != self.dport: + return False + return True + + def get_alg_imp(self): + return scapy_tcp_authopt.get_alg(self.alg_name) + + +class TcpAuthValidator: + """Validate TCP Authentication Option signatures inside a capture + + This can track multiple connections, determine their initial sequence numbers + and verify their signatues independently. + + Keys are provided as a collection of `.TcpAuthValidatorKey` + """ + + keys: typing.List[TcpAuthValidatorKey] + tracker: TCPConnectionTracker + any_incomplete: bool = False + any_unsigned: bool = False + any_fail: bool = False + + def __init__(self, keys=None): + self.keys = keys or [] + self.tracker = TCPConnectionTracker() + self.conn_dict = {} + + def get_key_for_packet(self, p): + for k in self.keys: + if k.match_packet(p): + return k + return None + + def handle_packet(self, p: Packet): + if not TCP in p: + return + self.tracker.handle_packet(p) + authopt = scapy_tcp_get_authopt_val(p[TCP]) + if not authopt: + self.any_unsigned = True + logger.debug("skip packet without tcp authopt: %r", p) + return + key = self.get_key_for_packet(p) + if not key: + self.any_unsigned = True + logger.debug("skip packet not matching any known keys: %r", p) + return + tcp_track_key = get_packet_tcp_connection_key(p) + conn = self.tracker.get(tcp_track_key) + + if not conn.found_syn: + logger.warning("missing SYN for %s", p) + self.any_incomplete = True + return + if not conn.found_synack and not p[TCP].flags.S: + logger.warning("missing SYNACK for %s", p) + self.any_incomplete = True + return + + alg = key.get_alg_imp() + context_bytes = scapy_tcp_authopt.build_context_from_packet( + p, conn.sisn or 0, conn.disn or 0 + ) + traffic_key = alg.kdf(key.key, context_bytes) + message_bytes = scapy_tcp_authopt.build_message_from_packet( + p, include_options=key.include_options + ) + computed_mac = alg.mac(traffic_key, message_bytes) + captured_mac = authopt.mac + if computed_mac == captured_mac: + logger.debug("ok - mac %s", computed_mac.hex()) + else: + self.any_fail = True + logger.error( + "not ok - captured %s computed %s", + captured_mac.hex(), + computed_mac.hex(), + ) + + def raise_errors(self, allow_unsigned=False, allow_incomplete=False): + if self.any_fail: + raise Exception("Found failed signatures") + if self.any_incomplete and not allow_incomplete: + raise Exception("Incomplete capture missing SYN/ACK") + if self.any_unsigned and not allow_unsigned: + raise Exception("Found unsigned packets") From patchwork Tue Sep 21 16:14:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508241 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02CF9C433EF for ; Tue, 21 Sep 2021 16:19:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D68E360F70 for ; Tue, 21 Sep 2021 16:19:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234728AbhIUQU3 (ORCPT ); Tue, 21 Sep 2021 12:20:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33624 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234545AbhIUQTJ (ORCPT ); Tue, 21 Sep 2021 12:19:09 -0400 Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 245ADC0613E7; Tue, 21 Sep 2021 09:17:27 -0700 (PDT) Received: by mail-ed1-x533.google.com with SMTP id v22so71465473edd.11; Tue, 21 Sep 2021 09:17:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vOv+OGM5tRt5YbiMNZRNqVs2R78kqeBwCLynl++2lQk=; b=ju7wQs/eWCes2wtPYt0Gm8j34XZYjhDQgDRNXf6Dlb1tfF+yFwHXIRGzGcT0sFNRf1 IB6l+RS+OiaX29GvLaCqoTjHf8KmQuLRnVojpcraJmbIDfqKRupVeltabG9qYIo0fmBM geHcYGxbNVpyg2Igrw4pFJvO5PFpspsCp1K50G4R/PpzrwNulP3aLzhDt1enrfI2euRl JCDhxmhIocXjnZSkqDr++ET2rL3H3wa2EP+7X6zDx+AwdFyiQkVmia42oZktjjaIpPns eNBoQJp3Knk9Tw6lGp1KQHEoAxw18OkUNJmJERVZr606/UlZ6I9O3YqllA2/AeNbLRSf x4Dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vOv+OGM5tRt5YbiMNZRNqVs2R78kqeBwCLynl++2lQk=; b=2fUs2RTEwQfuYJF+4GvU9D5rgty8vEhcU2SzjSqReIXjFi9ujlb/U13obDoXnDPg3P CK/Yb7LIfE9NBJYIdiXt0Iy5fhbUF/fMzKg3P5MgOivyRX8wRLnL2TizzWamBce9EtKT Qz1fQeV+CmcfY7G6k0uQgo18I0cdoyf0IR/4eNbXQVTAJpbtHJCeJF/dKYBEw0xeBJa9 eQOmrD7uioM3UwlLCI43xxuIk5N6lJ/lnZXJhzeNpau9KJedbpSau3Za0S522YLEb/vU LnA75eqtYNaZ6cXxNWlmgG+5ahvuvNn0sYag1Yr1yQbwFTgFCoKDC46VUSYP3lf/xhIg k2fg== X-Gm-Message-State: AOAM5315yZ5QZzfrZSS0Ws7HzJlcWMHnlLwN5br3kZWUT4Q8S/EsarFi q2fTWsmQj00qRA6c6P5epr4= X-Google-Smtp-Source: ABdhPJwAZJzYwGyKMzB8PGSrlpuypFGzZiyL8cudZ/2Jrv+cSJyH9Ztp2iMmUzT7IBfMp9LtYfQxHQ== X-Received: by 2002:a17:906:37d4:: with SMTP id o20mr35885657ejc.508.1632240940875; Tue, 21 Sep 2021 09:15:40 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:40 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 14/19] selftests: tcp_authopt: Add packet-level tests Date: Tue, 21 Sep 2021 19:14:57 +0300 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This patch validates that the TCP-AO signatures inserted by linux are correct in all algorithm permutations, using scapy. It also tests that TCP-AO behaves correctly in a number of corner cases such as: * reset handling * timewait * syn-recv * ipv4-mapped ipv6 * interaction with tcp-md5 This reverts commit 297a301a4f1c3abe41d554a9f6df192257a017b8. Signed-off-by: Leonard Crestez --- .../full_tcp_sniff_session.py | 81 +++ .../tcp_authopt_test/linux_tcp_md5sig.py | 95 +++ .../tcp_authopt_test/scapy_conntrack.py | 150 +++++ .../tcp_connection_fixture.py | 269 +++++++++ .../tcp_authopt_test/test_verify_capture.py | 555 ++++++++++++++++++ 5 files changed, 1150 insertions(+) create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/full_tcp_sniff_session.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_md5sig.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_conntrack.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/tcp_connection_fixture.py create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_verify_capture.py diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/full_tcp_sniff_session.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/full_tcp_sniff_session.py new file mode 100644 index 000000000000..11b46f6378c8 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/full_tcp_sniff_session.py @@ -0,0 +1,81 @@ +# SPDX-License-Identifier: GPL-2.0 +import threading +import scapy.sessions +from scapy.packet import Packet +import typing +import logging +from .scapy_conntrack import TCPConnectionTracker, TCPConnectionInfo + +logger = logging.getLogger(__name__) + + +class FullTCPSniffSession(scapy.sessions.DefaultSession): + """Implementation of a scapy sniff session that can wait for a full TCP capture + + Allows another thread to wait for a complete FIN handshake without polling or sleep. + """ + + #: Server port used to identify client and server + server_port: int + #: Connection tracker + tracker: TCPConnectionTracker + + def __init__(self, server_port, **kw): + super().__init__(**kw) + self.server_port = server_port + self.tracker = TCPConnectionTracker() + self._close_event = threading.Event() + self._init_isn_event = threading.Event() + self._client_info = None + self._server_info = None + + @property + def client_info(self) -> TCPConnectionInfo: + if not self._client_info: + self._client_info = self.tracker.match_one(dport=self.server_port) + return self._client_info + + @property + def server_info(self) -> TCPConnectionInfo: + if not self._server_info: + self._server_info = self.tracker.match_one(sport=self.server_port) + return self._server_info + + @property + def client_isn(self): + return self.client_info.sisn + + @property + def server_isn(self): + return self.server_info.sisn + + def on_packet_received(self, p: Packet): + super().on_packet_received(p) + self.tracker.handle_packet(p) + + # check events: + if self.client_info.sisn is not None and self.client_info.disn is not None: + assert ( + self.client_info.sisn == self.server_info.disn + and self.server_info.sisn == self.client_info.disn + ) + self._init_isn_event.set() + if self.client_info.found_recv_finack and self.server_info.found_recv_finack: + self._close_event.set() + + def wait_close(self, timeout=10): + """Wait for a graceful close with FINs acked by both side""" + self._close_event.wait(timeout=timeout) + if not self._close_event.is_set(): + raise TimeoutError("Timed out waiting for graceful close") + + def wait_init_isn(self, timeout=10): + """Wait for both client_isn and server_isn to be determined""" + self._init_isn_event.wait(timeout=timeout) + if not self._init_isn_event.is_set(): + raise TimeoutError("Timed out waiting for Initial Sequence Numbers") + + def get_client_server_isn(self, timeout=10) -> typing.Tuple[int, int]: + """Return client/server ISN, blocking until they are captured""" + self.wait_init_isn(timeout=timeout) + return self.client_isn, self.server_isn diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_md5sig.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_md5sig.py new file mode 100644 index 000000000000..ebc001b80472 --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_md5sig.py @@ -0,0 +1,95 @@ +# SPDX-License-Identifier: GPL-2.0 +"""Python wrapper around linux TCP_MD5SIG ABI""" + +from enum import IntFlag +import socket +import struct +from dataclasses import dataclass +from .sockaddr import sockaddr_unpack + + +TCP_MD5SIG = 14 +TCP_MD5SIG_EXT = 32 +TCP_MD5SIG_MAXKEYLEN = 80 + + +class TCP_MD5SIG_FLAG(IntFlag): + PREFIX = 0x1 + IFINDEX = 0x2 + + +@dataclass +class tcp_md5sig: + """Like linux struct tcp_md5sig""" + + addr = None + flags: int + prefixlen: int + keylen: int + ifindex: int + key: bytes + + sizeof = 128 + 88 + + def __init__( + self, addr=None, flags=0, prefixlen=0, keylen=None, ifindex=0, key=bytes() + ): + self.addr = addr + self.flags = flags + self.prefixlen = prefixlen + self.ifindex = ifindex + self.key = key + if keylen is None: + self.keylen = len(key) + else: + self.keylen = keylen + + def get_addr_bytes(self) -> bytes: + if self.addr is None: + return b"\0" * 128 + if self.addr is bytes: + assert len(self.addr) == 128 + return self.addr + return self.addr.pack() + + def pack(self) -> bytes: + return struct.pack( + "128sBBHi80s", + self.get_addr_bytes(), + self.flags, + self.prefixlen, + self.keylen, + self.ifindex, + self.key, + ) + + def __bytes__(self): + return self.pack() + + @classmethod + def unpack(cls, buffer: bytes) -> "tcp_md5sig": + tup = struct.unpack("128sBBHi80s", buffer) + addr = sockaddr_unpack(tup[0]) + return cls(addr, *tup[1:]) + + def set_ipv4_addr_all(self): + from .sockaddr import sockaddr_in + + self.addr = sockaddr_in() + self.prefixlen = 0 + self.flags |= TCP_MD5SIG_FLAG.PREFIX + + def set_ipv6_addr_all(self): + from .sockaddr import sockaddr_in6 + + self.addr = sockaddr_in6() + self.prefixlen = 0 + self.flags |= TCP_MD5SIG_FLAG.PREFIX + + +def setsockopt_md5sig(sock, opt: tcp_md5sig): + if opt.flags != 0: + optname = TCP_MD5SIG_EXT + else: + optname = TCP_MD5SIG + return sock.setsockopt(socket.SOL_TCP, optname, bytes(opt)) diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_conntrack.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_conntrack.py new file mode 100644 index 000000000000..b62276f4027f --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/scapy_conntrack.py @@ -0,0 +1,150 @@ +# SPDX-License-Identifier: GPL-2.0 +"""Identify TCP connections inside a capture and collect per-connection information""" +import typing +from dataclasses import dataclass +from scapy.packet import Packet +from scapy.layers.inet import TCP +from .scapy_utils import IPvXAddress, get_packet_ipvx_src, get_packet_ipvx_dst + + +@dataclass(frozen=True) +class TCPConnectionKey: + """TCP connection identification key: standard 4-tuple""" + + saddr: IPvXAddress = None + daddr: IPvXAddress = None + sport: int = 0 + dport: int = 0 + + def rev(self) -> "TCPConnectionKey": + return TCPConnectionKey(self.daddr, self.saddr, self.dport, self.sport) + + +def get_packet_tcp_connection_key(p: Packet) -> TCPConnectionKey: + th = p[TCP] + return TCPConnectionKey( + get_packet_ipvx_src(p), get_packet_ipvx_dst(p), th.sport, th.dport + ) + + +class TCPConnectionInfo: + saddr: IPvXAddress = None + daddr: IPvXAddress = None + sport: int = 0 + dport: int = 0 + sisn: typing.Optional[int] = None + disn: typing.Optional[int] = None + + found_syn = False + found_synack = False + + found_send_fin = False + found_send_finack = False + found_recv_fin = False + found_recv_finack = False + + def get_key(self): + return TCPConnectionKey(self.saddr, self.daddr, self.sport, self.dport) + + @classmethod + def from_key(cls, key: TCPConnectionKey) -> "TCPConnectionInfo": + obj = cls() + obj.saddr = key.saddr + obj.daddr = key.daddr + obj.sport = key.sport + obj.dport = key.dport + return obj + + def handle_send(self, p: Packet): + th = p[TCP] + if self.get_key() != get_packet_tcp_connection_key(p): + raise ValueError("Packet not for this connection") + + if th.flags.S and not th.flags.A: + assert th.ack == 0 + self.found_syn = True + self.sisn = th.seq + elif th.flags.S and th.flags.A: + self.found_synack = True + self.sisn = th.seq + assert self.disn == th.ack - 1 + + # Should track seq numbers instead + if th.flags.F: + self.found_send_fin = True + if th.flags.A and self.found_recv_fin: + self.found_send_finack = True + + def handle_recv(self, p: Packet): + th = p[TCP] + if self.get_key().rev() != get_packet_tcp_connection_key(p): + raise ValueError("Packet not for this connection") + + if th.flags.S and not th.flags.A: + assert th.ack == 0 + self.found_syn = True + self.disn = th.seq + elif th.flags.S and th.flags.A: + self.found_synack = True + self.disn = th.seq + assert self.sisn == th.ack - 1 + + # Should track seq numbers instead + if th.flags.F: + self.found_recv_fin = True + if th.flags.A and self.found_send_fin: + self.found_recv_finack = True + + +class TCPConnectionTracker: + table: typing.Dict[TCPConnectionKey, TCPConnectionInfo] + + def __init__(self): + self.table = {} + + def get_or_create(self, key: TCPConnectionKey) -> TCPConnectionInfo: + info = self.table.get(key, None) + if info is None: + info = TCPConnectionInfo.from_key(key) + self.table[key] = info + return info + + def get(self, key: TCPConnectionKey) -> TCPConnectionInfo: + return self.table.get(key, None) + + def handle_packet(self, p: Packet): + if not p or not TCP in p: + return + key = get_packet_tcp_connection_key(p) + info = self.get_or_create(key) + info.handle_send(p) + rkey = key.rev() + rinfo = self.get_or_create(rkey) + rinfo.handle_recv(p) + + def iter_match(self, saddr=None, daddr=None, sport=None, dport=None): + def attr_optional_match(obj, name, val) -> bool: + if val is None: + return True + else: + return getattr(obj, name) == val + + for key, info in self.table.items(): + if ( + attr_optional_match(key, "saddr", saddr) + and attr_optional_match(key, "daddr", daddr) + and attr_optional_match(key, "sport", sport) + and attr_optional_match(key, "dport", dport) + ): + yield info + + def match_one( + self, saddr=None, daddr=None, sport=None, dport=None + ) -> TCPConnectionInfo: + res = list(self.iter_match(saddr, daddr, sport, dport)) + if len(res) == 1: + return res[0] + elif len(res) == 0: + return None + else: + raise ValueError("Multiple connection matches") diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/tcp_connection_fixture.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/tcp_connection_fixture.py new file mode 100644 index 000000000000..f78f21ab913d --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/tcp_connection_fixture.py @@ -0,0 +1,269 @@ +# SPDX-License-Identifier: GPL-2.0 +import logging +import socket +import subprocess +from contextlib import ExitStack + +import pytest +from scapy.data import ETH_P_IP, ETH_P_IPV6 +from scapy.layers.inet import IP, TCP +from scapy.layers.inet6 import IPv6 +from scapy.layers.l2 import Ether +from scapy.packet import Packet + +from . import linux_tcp_authopt +from .full_tcp_sniff_session import FullTCPSniffSession +from .linux_tcp_authopt import set_tcp_authopt_key, tcp_authopt_key +from .netns_fixture import NamespaceFixture +from .server import SimpleServerThread +from .scapy_utils import ( + AsyncSnifferContext, + create_l2socket, + create_capture_socket, + scapy_tcp_get_authopt_val, + scapy_tcp_get_md5_sig, +) +from .utils import ( + DEFAULT_TCP_SERVER_PORT, + create_listen_socket, + create_client_socket, + netns_context, + nstat_json, +) + +logger = logging.getLogger(__name__) + + +class TCPConnectionFixture: + """Test fixture with an instrumented TCP connection + + Includes: + * pair of network namespaces + * one listen socket + * server thread with echo protocol + * one client socket + * one async sniffer on the server interface + * A `FullTCPSniffSession` examining TCP packets + * l2socket allowing packet injection from client + + :ivar tcp_md5_key: Secret key for md5 (addr is implicit) + """ + + sniffer_session: FullTCPSniffSession + + def __init__( + self, + address_family=socket.AF_INET, + sniffer_kwargs=None, + tcp_authopt_key: tcp_authopt_key = None, + server_thread_kwargs=None, + tcp_md5_key=None, + ): + self.address_family = address_family + self.server_port = DEFAULT_TCP_SERVER_PORT + self.client_port = 27972 + self.sniffer_session = FullTCPSniffSession(DEFAULT_TCP_SERVER_PORT) + if sniffer_kwargs is None: + sniffer_kwargs = {} + self.sniffer_kwargs = sniffer_kwargs + self.tcp_authopt_key = tcp_authopt_key + self.server_thread = SimpleServerThread( + None, mode="echo", **(server_thread_kwargs or {}) + ) + self.tcp_md5_key = tcp_md5_key + + def _set_tcp_md5(self): + from . import linux_tcp_md5sig + from .sockaddr import sockaddr_convert + + linux_tcp_md5sig.setsockopt_md5sig( + self.listen_socket, + linux_tcp_md5sig.tcp_md5sig( + key=self.tcp_md5_key, addr=sockaddr_convert(self.client_addr) + ), + ) + linux_tcp_md5sig.setsockopt_md5sig( + self.client_socket, + linux_tcp_md5sig.tcp_md5sig( + key=self.tcp_md5_key, addr=sockaddr_convert(self.server_addr) + ), + ) + + def __enter__(self): + if self.tcp_authopt_key and not linux_tcp_authopt.has_tcp_authopt(): + pytest.skip("Need TCP_AUTHOPT") + + self.exit_stack = ExitStack() + self.exit_stack.__enter__() + + self.nsfixture = self.exit_stack.enter_context(NamespaceFixture()) + self.server_addr = self.nsfixture.get_addr(self.address_family, 1) + self.client_addr = self.nsfixture.get_addr(self.address_family, 2) + + self.listen_socket = create_listen_socket( + ns=self.nsfixture.server_netns_name, + family=self.address_family, + bind_addr=self.server_addr, + bind_port=self.server_port, + ) + self.exit_stack.enter_context(self.listen_socket) + self.client_socket = create_client_socket( + ns=self.nsfixture.client_netns_name, + family=self.address_family, + bind_addr=self.client_addr, + bind_port=self.client_port, + ) + self.exit_stack.enter_context(self.client_socket) + self.server_thread.listen_socket = self.listen_socket + self.exit_stack.enter_context(self.server_thread) + + if self.tcp_authopt_key: + set_tcp_authopt_key(self.listen_socket, self.tcp_authopt_key) + set_tcp_authopt_key(self.client_socket, self.tcp_authopt_key) + + if self.tcp_md5_key: + self._set_tcp_md5() + + capture_filter = f"tcp port {self.server_port}" + self.capture_socket = create_capture_socket( + ns=self.nsfixture.server_netns_name, iface="veth0", filter=capture_filter + ) + self.exit_stack.enter_context(self.capture_socket) + + self.sniffer = AsyncSnifferContext( + opened_socket=self.capture_socket, + session=self.sniffer_session, + prn=log_tcp_authopt_packet, + **self.sniffer_kwargs, + ) + self.exit_stack.enter_context(self.sniffer) + + self.client_l2socket = create_l2socket( + ns=self.nsfixture.client_netns_name, iface="veth0" + ) + self.exit_stack.enter_context(self.client_l2socket) + self.server_l2socket = create_l2socket( + ns=self.nsfixture.server_netns_name, iface="veth0" + ) + self.exit_stack.enter_context(self.server_l2socket) + + def __exit__(self, *args): + self.exit_stack.__exit__(*args) + + @property + def ethertype(self): + if self.address_family == socket.AF_INET: + return ETH_P_IP + elif self.address_family == socket.AF_INET6: + return ETH_P_IPV6 + else: + raise ValueError("bad address_family={self.address_family}") + + def scapy_iplayer(self): + if self.address_family == socket.AF_INET: + return IP + elif self.address_family == socket.AF_INET6: + return IPv6 + else: + raise ValueError("bad address_family={self.address_family}") + + def create_client2server_packet(self) -> Packet: + return ( + Ether( + type=self.ethertype, + src=self.nsfixture.client_mac_addr, + dst=self.nsfixture.server_mac_addr, + ) + / self.scapy_iplayer()(src=str(self.client_addr), dst=str(self.server_addr)) + / TCP(sport=self.client_port, dport=self.server_port) + ) + + def create_server2client_packet(self) -> Packet: + return ( + Ether( + type=self.ethertype, + src=self.nsfixture.server_mac_addr, + dst=self.nsfixture.client_mac_addr, + ) + / self.scapy_iplayer()(src=str(self.server_addr), dst=str(self.client_addr)) + / TCP(sport=self.server_port, dport=self.client_port) + ) + + @property + def server_netns_name(self): + return self.nsfixture.server_netns_name + + @property + def client_netns_name(self): + return self.nsfixture.client_netns_name + + def client_nstat_json(self): + with netns_context(self.client_netns_name): + return nstat_json() + + def server_nstat_json(self): + with netns_context(self.server_netns_name): + return nstat_json() + + def assert_no_snmp_output_failures(self): + client_nstat_dict = self.client_nstat_json() + assert client_nstat_dict["TcpExtTCPAuthOptFailure"] == 0 + server_nstat_dict = self.server_nstat_json() + assert server_nstat_dict["TcpExtTCPAuthOptFailure"] == 0 + + def _get_state_via_ss(self, command_prefix: str): + # Every namespace should have at most one socket + # the "state connected" filter includes TIME-WAIT but not LISTEN + cmd = command_prefix + "ss --numeric --no-header --tcp state connected" + out = subprocess.check_output(cmd, text=True, shell=True) + lines = out.splitlines() + # No socket found usually means "CLOSED". It is distinct from "TIME-WAIT" + if len(lines) == 0: + return None + if len(lines) > 1: + raise ValueError("At most one line expected") + return lines[0].split()[0] + + def get_client_tcp_state(self): + return self._get_state_via_ss(f"ip netns exec {self.client_netns_name} ") + + def get_server_tcp_state(self): + return self._get_state_via_ss(f"ip netns exec {self.server_netns_name} ") + + +def format_tcp_authopt_packet( + p: Packet, include_ethernet=False, include_seq=False, include_md5=True +) -> str: + """Format a TCP packet in a way that is useful for TCP-AO testing""" + if not TCP in p: + return p.summary() + th = p[TCP] + if isinstance(th.underlayer, IP): + result = p.sprintf(r"%IP.src%:%TCP.sport% > %IP.dst%:%TCP.dport%") + elif isinstance(th.underlayer, IPv6): + result = p.sprintf(r"%IPv6.src%:%TCP.sport% > %IPv6.dst%:%TCP.dport%") + else: + raise ValueError(f"Unknown TCP underlayer {th.underlayer}") + result += p.sprintf(r" Flags %-2s,TCP.flags%") + if include_ethernet: + result = p.sprintf(r"ethertype %Ether.type% ") + result + result = p.sprintf(r"%Ether.src% > %Ether.dst% ") + result + if include_seq: + result += p.sprintf(r" seq %TCP.seq% ack %TCP.ack%") + result += f" len {len(p[TCP].payload)}" + authopt = scapy_tcp_get_authopt_val(p[TCP]) + if authopt: + result += f" AO keyid={authopt.keyid} rnextkeyid={authopt.rnextkeyid} mac={authopt.mac.hex()}" + else: + result += " no AO" + if include_md5: + md5sig = scapy_tcp_get_md5_sig(p[TCP]) + if md5sig: + result += f" MD5 {md5sig.hex()}" + else: + result += " no MD5" + return result + + +def log_tcp_authopt_packet(p): + logger.info("sniff %s", format_tcp_authopt_packet(p, include_seq=True)) diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_verify_capture.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_verify_capture.py new file mode 100644 index 000000000000..2d893b43e0ca --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_verify_capture.py @@ -0,0 +1,555 @@ +# SPDX-License-Identifier: GPL-2.0 +"""Capture packets with TCP-AO and verify signatures""" + +import logging +import os +import socket +import subprocess +from contextlib import ExitStack, nullcontext + +import pytest +import waiting +from scapy.layers.inet import TCP + +from .conftest import skipif_cant_capture, skipif_missing_tcp_authopt +from .full_tcp_sniff_session import FullTCPSniffSession +from .linux_tcp_authopt import ( + TCP_AUTHOPT_ALG, + TCP_AUTHOPT_KEY_FLAG, + set_tcp_authopt_key, + tcp_authopt_key, +) +from .netns_fixture import NamespaceFixture +from .scapy_tcp_authopt import ( + TcpAuthOptAlg_HMAC_SHA1, + add_tcp_authopt_signature, + break_tcp_authopt_signature, +) +from .scapy_utils import ( + AsyncSnifferContext, + scapy_sniffer_stop, + scapy_tcp_get_authopt_val, + scapy_tcp_get_md5_sig, + tcp_seq_wrap, +) +from .server import SimpleServerThread +from .tcp_connection_fixture import TCPConnectionFixture +from .utils import ( + DEFAULT_TCP_SERVER_PORT, + check_socket_echo, + create_client_socket, + create_listen_socket, + nstat_json, + socket_set_linger, +) +from .validator import TcpAuthValidator, TcpAuthValidatorKey + +logger = logging.getLogger(__name__) +pytestmark = [skipif_missing_tcp_authopt, skipif_cant_capture] +DEFAULT_TCP_AUTHOPT_KEY = tcp_authopt_key( + alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, + key=b"hello", +) + + +def get_alg_id(alg_name) -> int: + if alg_name == "HMAC-SHA-1-96": + return TCP_AUTHOPT_ALG.HMAC_SHA_1_96 + elif alg_name == "AES-128-CMAC-96": + return TCP_AUTHOPT_ALG.AES_128_CMAC_96 + else: + raise ValueError() + + +@pytest.mark.parametrize( + "address_family,alg_name,include_options,transfer_data", + [ + (socket.AF_INET, "HMAC-SHA-1-96", True, True), + (socket.AF_INET, "AES-128-CMAC-96", True, True), + (socket.AF_INET, "AES-128-CMAC-96", False, True), + (socket.AF_INET6, "HMAC-SHA-1-96", True, True), + (socket.AF_INET6, "HMAC-SHA-1-96", False, True), + (socket.AF_INET6, "AES-128-CMAC-96", True, True), + (socket.AF_INET, "HMAC-SHA-1-96", True, False), + (socket.AF_INET6, "AES-128-CMAC-96", False, False), + ], +) +def test_verify_capture( + exit_stack, address_family, alg_name, include_options, transfer_data +): + master_key = b"testvector" + alg_id = get_alg_id(alg_name) + + session = FullTCPSniffSession(server_port=DEFAULT_TCP_SERVER_PORT) + sniffer = exit_stack.enter_context( + AsyncSnifferContext( + filter=f"inbound and tcp port {DEFAULT_TCP_SERVER_PORT}", + iface="lo", + session=session, + ) + ) + + listen_socket = create_listen_socket(family=address_family) + listen_socket = exit_stack.enter_context(listen_socket) + exit_stack.enter_context(SimpleServerThread(listen_socket, mode="echo")) + + client_socket = socket.socket(address_family, socket.SOCK_STREAM) + client_socket = exit_stack.push(client_socket) + + key = tcp_authopt_key(alg=alg_id, key=master_key, include_options=include_options) + set_tcp_authopt_key(listen_socket, key) + set_tcp_authopt_key(client_socket, key) + + # even if one signature is incorrect keep processing the capture + old_nstat = nstat_json() + valkey = TcpAuthValidatorKey( + key=master_key, alg_name=alg_name, include_options=include_options + ) + validator = TcpAuthValidator(keys=[valkey]) + + try: + client_socket.settimeout(1.0) + client_socket.connect(("localhost", DEFAULT_TCP_SERVER_PORT)) + if transfer_data: + for _ in range(5): + check_socket_echo(client_socket) + client_socket.close() + session.wait_close() + except socket.timeout: + # If invalid packets are sent let the validator run + logger.warning("socket timeout", exc_info=True) + pass + + sniffer.stop() + + logger.info("capture: %r", sniffer.results) + for p in sniffer.results: + validator.handle_packet(p) + validator.raise_errors() + + new_nstat = nstat_json() + assert old_nstat["TcpExtTCPAuthOptFailure"] == new_nstat["TcpExtTCPAuthOptFailure"] + + +@pytest.mark.parametrize( + "address_family,use_tcp_authopt,use_tcp_md5sig", + [ + (socket.AF_INET, 0, 0), + (socket.AF_INET, 1, 0), + (socket.AF_INET, 0, 1), + (socket.AF_INET6, 0, 0), + (socket.AF_INET6, 1, 0), + (socket.AF_INET6, 0, 1), + (socket.AF_INET, 1, 1), + (socket.AF_INET6, 1, 1), + ], +) +def test_both_authopt_md5(exit_stack, address_family, use_tcp_authopt, use_tcp_md5sig): + """Basic test for interaction between TCP_AUTHOPT and TCP_MD5SIG + + Configuring both on same socket is allowed but RFC5925 doesn't allow both on the + same packet or same connection. + + The naive handling of inserting or validation both options is incorrect. + """ + con = TCPConnectionFixture(address_family=address_family) + if use_tcp_authopt: + con.tcp_authopt_key = DEFAULT_TCP_AUTHOPT_KEY + if use_tcp_md5sig: + con.tcp_md5_key = b"hello" + exit_stack.enter_context(con) + + con.client_socket.connect((str(con.server_addr), con.server_port)) + check_socket_echo(con.client_socket) + check_socket_echo(con.client_socket) + check_socket_echo(con.client_socket) + con.client_socket.close() + + scapy_sniffer_stop(con.sniffer) + fail = False + for p in con.sniffer.results: + has_tcp_authopt = scapy_tcp_get_authopt_val(p[TCP]) is not None + has_tcp_md5sig = scapy_tcp_get_md5_sig(p[TCP]) is not None + + if has_tcp_authopt and has_tcp_md5sig: + logger.error("Packet has both AO and MD5: %r", p) + fail = False + + if use_tcp_authopt: + if not has_tcp_authopt: + logger.error("missing AO: %r", p) + fail = True + elif use_tcp_md5sig: + if not has_tcp_md5sig: + logger.error("missing MD5: %r", p) + fail = True + else: + if has_tcp_md5sig or has_tcp_authopt: + logger.error("unexpected MD5 or AO: %r", p) + fail = True + + assert not fail + + +@pytest.mark.parametrize("mode", ["none", "ao", "ao-addrbind", "md5"]) +def test_v4mapv6(exit_stack, mode: str): + """Test ipv4 client and ipv6 server with and without TCP-AO + + By default any IPv6 server will also receive packets from IPv4 clients. This + is not currently supported by TCP_AUTHOPT but it should fail in an orderly + manner. + """ + nsfixture = NamespaceFixture() + exit_stack.enter_context(nsfixture) + server_ipv4_addr = nsfixture.get_addr(socket.AF_INET, 1) + + listen_socket = create_listen_socket( + ns=nsfixture.server_netns_name, family=socket.AF_INET6 + ) + listen_socket = exit_stack.enter_context(listen_socket) + + server_thread = SimpleServerThread(listen_socket, mode="echo") + exit_stack.enter_context(server_thread) + + client_socket = create_client_socket( + ns=nsfixture.client_netns_name, + family=socket.AF_INET, + ) + client_socket = exit_stack.push(client_socket) + + if mode == "ao": + alg = TCP_AUTHOPT_ALG.HMAC_SHA_1_96 + key = tcp_authopt_key(alg=alg, key="hello") + set_tcp_authopt_key(listen_socket, key) + set_tcp_authopt_key(client_socket, key) + + if mode == "ao-addrbind": + alg = TCP_AUTHOPT_ALG.HMAC_SHA_1_96 + client_ipv6_addr = nsfixture.get_addr(socket.AF_INET6, 2) + server_key = tcp_authopt_key(alg=alg, key="hello", addr=client_ipv6_addr) + server_key.flags = TCP_AUTHOPT_KEY_FLAG.BIND_ADDR + set_tcp_authopt_key(listen_socket, server_key) + + client_key = tcp_authopt_key(alg=alg, key="hello") + set_tcp_authopt_key(client_socket, client_key) + + if mode == "md5": + from . import linux_tcp_md5sig + + server_key = linux_tcp_md5sig.tcp_md5sig(key=b"hello") + server_key.set_ipv6_addr_all() + linux_tcp_md5sig.setsockopt_md5sig(listen_socket, server_key) + client_key = linux_tcp_md5sig.tcp_md5sig(key=b"hellx") + client_key.set_ipv4_addr_all() + linux_tcp_md5sig.setsockopt_md5sig(client_socket, client_key) + + with pytest.raises(socket.timeout) if mode != "none" else nullcontext(): + client_socket.connect((str(server_ipv4_addr), DEFAULT_TCP_SERVER_PORT)) + check_socket_echo(client_socket) + client_socket.close() + + +@pytest.mark.parametrize( + "address_family,signed", + [ + (socket.AF_INET, True), + (socket.AF_INET, False), + (socket.AF_INET6, True), + (socket.AF_INET6, False), + ], +) +def test_rst(exit_stack: ExitStack, address_family, signed: bool): + """Check that an unsigned RST breaks a normal connection but not one protected by TCP-AO""" + + con = TCPConnectionFixture(address_family=address_family) + if signed: + con.tcp_authopt_key = DEFAULT_TCP_AUTHOPT_KEY + exit_stack.enter_context(con) + + # connect + con.client_socket.connect((str(con.server_addr), con.server_port)) + check_socket_echo(con.client_socket) + + client_isn, server_isn = con.sniffer_session.get_client_server_isn() + p = con.create_client2server_packet() + p[TCP].flags = "R" + p[TCP].seq = tcp_seq_wrap(client_isn + 1001) + p[TCP].ack = tcp_seq_wrap(server_isn + 1001) + con.client_l2socket.send(p) + + if signed: + # When protected by TCP-AO unsigned RSTs are ignored. + check_socket_echo(con.client_socket) + else: + # By default an RST that guesses seq can kill the connection. + with pytest.raises(ConnectionResetError): + check_socket_echo(con.client_socket) + + +@pytest.mark.parametrize("address_family", [socket.AF_INET, socket.AF_INET6]) +def test_rst_signed_manually(exit_stack: ExitStack, address_family): + """Check that an manually signed RST breaks a connection protected by TCP-AO""" + + con = TCPConnectionFixture(address_family=address_family) + con.tcp_authopt_key = key = DEFAULT_TCP_AUTHOPT_KEY + exit_stack.enter_context(con) + + # connect + con.client_socket.connect((str(con.server_addr), con.server_port)) + check_socket_echo(con.client_socket) + + client_isn, server_isn = con.sniffer_session.get_client_server_isn() + p = con.create_client2server_packet() + p[TCP].flags = "R" + p[TCP].seq = tcp_seq_wrap(client_isn + 1001) + p[TCP].ack = tcp_seq_wrap(server_isn + 1001) + + add_tcp_authopt_signature( + p, TcpAuthOptAlg_HMAC_SHA1(), key.key, client_isn, server_isn + ) + con.client_l2socket.send(p) + + # The server socket will close in response to RST without a TIME-WAIT + # Attempting to send additional packets will result in a timeout because + # the signature can't be validated. + with pytest.raises(socket.timeout): + check_socket_echo(con.client_socket) + + +@pytest.mark.parametrize("address_family", [socket.AF_INET, socket.AF_INET6]) +def test_tw_ack(exit_stack: ExitStack, address_family): + """Manually sent a duplicate ACK after FIN and check TWSK signs replies correctly + + Kernel has a custom code path for this + """ + + con = TCPConnectionFixture(address_family=address_family) + con.tcp_authopt_key = key = DEFAULT_TCP_AUTHOPT_KEY + exit_stack.enter_context(con) + + # connect and close nicely + con.client_socket.connect((str(con.server_addr), con.server_port)) + check_socket_echo(con.client_socket) + assert con.get_client_tcp_state() == "ESTAB" + assert con.get_server_tcp_state() == "ESTAB" + con.client_socket.close() + con.sniffer_session.wait_close() + + assert con.get_client_tcp_state() == "TIME-WAIT" + assert con.get_server_tcp_state() is None + + # Sent a duplicate FIN/ACK + client_isn, server_isn = con.sniffer_session.get_client_server_isn() + p = con.create_server2client_packet() + p[TCP].flags = "FA" + p[TCP].seq = tcp_seq_wrap(server_isn + 1001) + p[TCP].ack = tcp_seq_wrap(client_isn + 1002) + add_tcp_authopt_signature( + p, TcpAuthOptAlg_HMAC_SHA1(), key.key, server_isn, client_isn + ) + pr = con.server_l2socket.sr1(p) + assert pr[TCP].ack == tcp_seq_wrap(server_isn + 1001) + assert pr[TCP].seq == tcp_seq_wrap(client_isn + 1001) + assert pr[TCP].flags == "A" + + scapy_sniffer_stop(con.sniffer) + + val = TcpAuthValidator() + val.keys.append(TcpAuthValidatorKey(key=b"hello", alg_name="HMAC-SHA-1-96")) + for p in con.sniffer.results: + val.handle_packet(p) + val.raise_errors() + + # The server does not have enough state to validate the ACK from TIME-WAIT + # so it reports a failure. + assert con.server_nstat_json()["TcpExtTCPAuthOptFailure"] == 1 + assert con.client_nstat_json()["TcpExtTCPAuthOptFailure"] == 0 + + +@pytest.mark.parametrize("address_family", [socket.AF_INET, socket.AF_INET6]) +def test_tw_rst(exit_stack: ExitStack, address_family): + """Manually sent a signed invalid packet after FIN and check TWSK signs RST correctly + + Kernel has a custom code path for this + """ + key = DEFAULT_TCP_AUTHOPT_KEY + con = TCPConnectionFixture( + address_family=address_family, + tcp_authopt_key=key, + ) + con.server_thread.keep_half_open = True + exit_stack.enter_context(con) + + # connect, transfer data and close client nicely + con.client_socket.connect((str(con.server_addr), con.server_port)) + check_socket_echo(con.client_socket) + con.client_socket.close() + + # since server keeps connection open client goes to FIN-WAIT-2 + def check_socket_states(): + client_tcp_state_name = con.get_client_tcp_state() + server_tcp_state_name = con.get_server_tcp_state() + logger.info("%s %s", client_tcp_state_name, server_tcp_state_name) + return ( + client_tcp_state_name == "FIN-WAIT-2" + and server_tcp_state_name == "CLOSE-WAIT" + ) + + waiting.wait(check_socket_states) + + # sending a FIN-ACK with incorrect seq makes + # tcp_timewait_state_process return a TCP_TW_RST + client_isn, server_isn = con.sniffer_session.get_client_server_isn() + p = con.create_server2client_packet() + p[TCP].flags = "FA" + p[TCP].seq = tcp_seq_wrap(server_isn + 1001 + 1) + p[TCP].ack = tcp_seq_wrap(client_isn + 1002) + add_tcp_authopt_signature( + p, TcpAuthOptAlg_HMAC_SHA1(), key.key, server_isn, client_isn + ) + con.server_l2socket.send(p) + + # remove delay by scapy trick? + import time + + time.sleep(1) + scapy_sniffer_stop(con.sniffer) + + # Check client socket moved from FIN-WAIT-2 to CLOSED + assert con.get_client_tcp_state() is None + + # Check some RST was seen + def is_tcp_rst(p): + return TCP in p and p[TCP].flags.R + + assert any(is_tcp_rst(p) for p in con.sniffer.results) + + # Check everything was valid + val = TcpAuthValidator() + val.keys.append(TcpAuthValidatorKey(key=b"hello", alg_name="HMAC-SHA-1-96")) + for p in con.sniffer.results: + val.handle_packet(p) + val.raise_errors() + + # Check no snmp failures + con.assert_no_snmp_output_failures() + + +def test_rst_linger(exit_stack: ExitStack): + """Test RST sent deliberately via SO_LINGER is valid""" + con = TCPConnectionFixture( + sniffer_kwargs=dict(count=8), tcp_authopt_key=DEFAULT_TCP_AUTHOPT_KEY + ) + exit_stack.enter_context(con) + + con.client_socket.connect((str(con.server_addr), con.server_port)) + check_socket_echo(con.client_socket) + socket_set_linger(con.client_socket, 1, 0) + con.client_socket.close() + + con.sniffer.join(timeout=3) + + val = TcpAuthValidator() + val.keys.append(TcpAuthValidatorKey(key=b"hello", alg_name="HMAC-SHA-1-96")) + for p in con.sniffer.results: + val.handle_packet(p) + val.raise_errors() + + def is_tcp_rst(p): + return TCP in p and p[TCP].flags.R + + assert any(is_tcp_rst(p) for p in con.sniffer.results) + + +@pytest.mark.parametrize( + "address_family,mode", + [ + (socket.AF_INET, "goodsign"), + (socket.AF_INET, "fakesign"), + (socket.AF_INET, "unsigned"), + (socket.AF_INET6, "goodsign"), + (socket.AF_INET6, "fakesign"), + (socket.AF_INET6, "unsigned"), + ], +) +def test_badack_to_synack(exit_stack, address_family, mode: str): + """Test bad ack in reponse to server to syn/ack. + + This is handled by a minisocket in the TCP_SYN_RECV state on a separate code path + """ + con = TCPConnectionFixture(address_family=address_family) + if mode != "unsigned": + con.tcp_authopt_key = tcp_authopt_key( + alg=TCP_AUTHOPT_ALG.HMAC_SHA_1_96, + key=b"hello", + ) + exit_stack.enter_context(con) + + client_l2socket = con.client_l2socket + client_isn = 1000 + server_isn = 0 + + def sign(packet): + if mode == "unsigned": + return + add_tcp_authopt_signature( + packet, + TcpAuthOptAlg_HMAC_SHA1(), + con.tcp_authopt_key.key, + client_isn, + server_isn, + ) + + # Prevent TCP in client namespace from sending RST + # Do this by removing the client address and insert a static ARP on server side + client_prefix_length = con.nsfixture.get_prefix_length(address_family) + subprocess.run( + f"""\ +set -e +ip netns exec {con.nsfixture.client_netns_name} ip addr del {con.client_addr}/{client_prefix_length} dev veth0 +ip netns exec {con.nsfixture.server_netns_name} ip neigh add {con.client_addr} lladdr {con.nsfixture.client_mac_addr} dev veth0 +""", + shell=True, + check=True, + ) + + p1 = con.create_client2server_packet() + p1[TCP].flags = "S" + p1[TCP].seq = client_isn + p1[TCP].ack = 0 + sign(p1) + + p2 = client_l2socket.sr1(p1, timeout=1) + server_isn = p2[TCP].seq + assert p2[TCP].ack == client_isn + 1 + assert p2[TCP].flags == "SA" + + p3 = con.create_client2server_packet() + p3[TCP].flags = "A" + p3[TCP].seq = client_isn + 1 + p3[TCP].ack = server_isn + 1 + sign(p3) + if mode == "fakesign": + break_tcp_authopt_signature(p3) + + assert con.server_nstat_json()["TcpExtTCPAuthOptFailure"] == 0 + client_l2socket.send(p3) + + def confirm_good(): + return len(con.server_thread.server_socket) > 0 + + def confirm_fail(): + return con.server_nstat_json()["TcpExtTCPAuthOptFailure"] == 1 + + def wait_good(): + assert not confirm_fail() + return confirm_good() + + def wait_fail(): + assert not confirm_good() + return confirm_fail() + + if mode == "fakesign": + waiting.wait(wait_fail, timeout_seconds=5, sleep_seconds=0.1) + else: + waiting.wait(wait_good, timeout_seconds=5, sleep_seconds=0.1) From patchwork Tue Sep 21 16:14:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508229 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73F31C43219 for ; Tue, 21 Sep 2021 16:17:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5FAA56115A for ; Tue, 21 Sep 2021 16:17:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234686AbhIUQS4 (ORCPT ); Tue, 21 Sep 2021 12:18:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33476 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234502AbhIUQSh (ORCPT ); Tue, 21 Sep 2021 12:18:37 -0400 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1BC18C061574; Tue, 21 Sep 2021 09:17:09 -0700 (PDT) Received: by mail-ed1-x52c.google.com with SMTP id v24so76388058eda.3; Tue, 21 Sep 2021 09:17:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6bd81ZzhYWDXtU8irtzbLufy7NFGe2+2aZRj+xbH9LY=; b=Bvtk6TkusVu/JWbLJTdW36xaH1wfyAtjW3rrmH0cNlnOzLvadqo4frlCxmlr28T65L TeK5PDJLIubWVndww7v5yJDnz3fGOaBw9f2T4//w/wk9UnKpKDkiiDRXq438SQ6deqQY YbextJuw7ppg4gvXx7Qo73u5IOvqDzmTNpgwgWyDFe8+NMvTe5Br6gxRWQx6NKSVVqeH Wjm+gMeHFO+7DYkd/JUfSw6C0xAabhcLj01lEWI9LTGo7yE0TmLzJ81UUmt03+wNuSWh TFDGgD4GO80EibVJKvulN43kfhTcYcstt/EG91iTqmflaY7QE+eEzn8ZDVoYSmjooD2g vikw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6bd81ZzhYWDXtU8irtzbLufy7NFGe2+2aZRj+xbH9LY=; b=6J5HJAmIQkGeH6tXkXzyZ35bWs7aXuvSv2mgLrv5mxFOX6NVddl56B4+mk/oHymfSG WzN/eb6DbHkqI180HWb50uv6nh1cVgC4tJsH7UYKNKimvzcgoQrCtTWh7OQTyn1zOqZT 12NCrnoOh8SP+sfZIhRs7Gb8fHLOXp099hd2zSzOf46N4OHW9jmvaQ+1aV6RXzQVBBSv utfxkB6sinzuUw9YqdroIEYU9Ip0whVDJaJ9K01x3Vo3yfeR00GqV6am4BR1CgKHgZF3 pMs5w55+zXfeq0dBgqeaN/udczVkapf+awudbbJA6r5d9ujZSdGtukx38PRmA0vCB/UV EsKQ== X-Gm-Message-State: AOAM531xdQSULS6yeg5hdgIsphu90UEWr1Ts3MnpuPMaC3l+lzSyj4Fj VFku2dD4MfpIlZL74bBzZ7A= X-Google-Smtp-Source: ABdhPJzR5UVUBua/yTJy+sxqbTjGVDhg8IUpSZuhT9ZOGZlfmKlasoJUJaWZ7q8A3//H7K5W3Eo4HQ== X-Received: by 2002:a05:6402:411:: with SMTP id q17mr36360205edv.35.1632240942701; Tue, 21 Sep 2021 09:15:42 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:42 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 15/19] selftests: Initial tcp_authopt support for nettest Date: Tue, 21 Sep 2021 19:14:58 +0300 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Add support for configuring TCP Authentication Option. Only a single key with default options. Signed-off-by: Leonard Crestez --- tools/testing/selftests/net/nettest.c | 34 ++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/nettest.c b/tools/testing/selftests/net/nettest.c index bd6288302094..f04c6af79129 100644 --- a/tools/testing/selftests/net/nettest.c +++ b/tools/testing/selftests/net/nettest.c @@ -100,10 +100,12 @@ struct sock_args { struct sockaddr_in v4; struct sockaddr_in6 v6; } md5_prefix; unsigned int prefix_len; + const char *authopt_password; + /* expected addresses and device index for connection */ const char *expected_dev; const char *expected_server_dev; int expected_ifindex; @@ -250,10 +252,27 @@ static int switch_ns(const char *ns) close(fd); return ret; } +static int tcp_set_authopt(int sd, struct sock_args *args) +{ + struct tcp_authopt_key key; + int rc; + + memset(&key, 0, sizeof(key)); + strcpy((char *)key.key, args->authopt_password); + key.keylen = strlen(args->authopt_password); + key.alg = TCP_AUTHOPT_ALG_HMAC_SHA_1_96; + + rc = setsockopt(sd, IPPROTO_TCP, TCP_AUTHOPT_KEY, &key, sizeof(key)); + if (rc < 0) + log_err_errno("setsockopt(TCP_AUTHOPT_KEY)"); + + return rc; +} + static int tcp_md5sig(int sd, void *addr, socklen_t alen, struct sock_args *args) { int keylen = strlen(args->password); struct tcp_md5sig md5sig = {}; int opt = TCP_MD5SIG; @@ -1508,10 +1527,15 @@ static int do_server(struct sock_args *args, int ipc_fd) if (args->password && tcp_md5_remote(lsd, args)) { close(lsd); goto err_exit; } + if (args->authopt_password && tcp_set_authopt(lsd, args)) { + close(lsd); + goto err_exit; + } + ipc_write(ipc_fd, 1); while (1) { log_msg("waiting for client connection.\n"); FD_ZERO(&rfds); FD_SET(lsd, &rfds); @@ -1630,10 +1654,13 @@ static int connectsock(void *addr, socklen_t alen, struct sock_args *args) goto out; if (args->password && tcp_md5sig(sd, addr, alen, args)) goto err; + if (args->authopt_password && tcp_set_authopt(sd, args)) + goto err; + if (args->bind_test_only) goto out; if (connect(sd, addr, alen) < 0) { if (errno != EINPROGRESS) { @@ -1819,11 +1846,11 @@ static int ipc_parent(int cpid, int fd, struct sock_args *args) wait(&status); return client_status; } -#define GETOPT_STR "sr:l:c:p:t:g:P:DRn:M:X:m:d:I:BN:O:SCi6xL:0:1:2:3:Fbq" +#define GETOPT_STR "sr:l:c:p:t:g:P:DRn:M:X:m:A:d:I:BN:O:SCi6xL:0:1:2:3:Fbq" static void print_usage(char *prog) { printf( "usage: %s OPTS\n" @@ -1856,10 +1883,12 @@ static void print_usage(char *prog) " -n num number of times to send message\n" "\n" " -M password use MD5 sum protection\n" " -X password MD5 password for client mode\n" " -m prefix/len prefix and length to use for MD5 key\n" + " -A password use RFC5925 TCP Authentication option\n" + "\n" " -g grp multicast group (e.g., 239.1.1.1)\n" " -i interactive mode (default is echo and terminate)\n" "\n" " -0 addr Expected local address\n" " -1 addr Expected remote address\n" @@ -1970,10 +1999,13 @@ int main(int argc, char *argv[]) args.client_pw = optarg; break; case 'm': args.md5_prefix_str = optarg; break; + case 'A': + args.authopt_password = optarg; + break; case 'S': args.use_setsockopt = 1; break; case 'C': args.use_cmsg = 1; From patchwork Tue Sep 21 16:14:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508237 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26D7DC4332F for ; Tue, 21 Sep 2021 16:17:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0ECBB60F70 for ; Tue, 21 Sep 2021 16:17:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234817AbhIUQTP (ORCPT ); Tue, 21 Sep 2021 12:19:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33490 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234508AbhIUQSa (ORCPT ); Tue, 21 Sep 2021 12:18:30 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2273C061762; Tue, 21 Sep 2021 09:17:00 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id h17so76523564edj.6; Tue, 21 Sep 2021 09:17:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=qzSzcBiAygB368FHnqyMm4HmQ/+EU21PkgWKIufGPUI=; b=N9w751/z5zSxSkpIR7c39xPDws3A/lhRJVP+XVDvwejBnoghB60u6DRTczpsQHRzlD lfoeyTw1HuZ9NQAy6Sa07aJnOAa105W4jvlPXtH22OwLUqz5Pdm4bsfN/lc7nfWkS+cv qGqGtIZdsbg3sWgUkoXWzvCtmL+JbpVDx9e55Eha67olftneHLq+JcfQYykxydv7Ftyw tuHio+onX/zgr4WeJeHwfZGgzMHA/mAwJJryQ6ZR7u/vxWlCqyxptc5V+Jz5g667M5Wu fCvbBIaCwSUGwVv6FjFE7JeUci7v9Qjgu1Fs3gC//ughBOf3p+oyKHE6m/SWsjURZ/Qj eZcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qzSzcBiAygB368FHnqyMm4HmQ/+EU21PkgWKIufGPUI=; b=KcqY9ifKXvH+oJY2SIJnaj1MlmoEs4hkV3KD5uo96PONXBHcCHwBP++Pe2RuFZcM61 FYVH2PQWqda5t3wQqIji4Lmw20N0I1PpTE9x+9K+Yown24gJjWx7PRDQCKe428X49mjj IrpDw3jJWmYOIqKz019jk3YgUh5R6U1P3jP7GQClIECJ6NiS/+4nTcFyhmZ3HrPeGK7p Rme2R3ysAusCpI85Cqwi6oEgPOwovtWVJwXXT8YRNY0V0sN+iKfbUGZZJFGF51BoeSNz kBrZ+ULF2GJCSg/tt373cc3e8yCQUxLyvrIqbUZUhZjMVE87Wnyrh9FFB/x7MkSzWSxD C1wg== X-Gm-Message-State: AOAM532XuQyvuVHWW036H6rYhNS1DWwgqz8saN1a5A6YsyAhKDVeIZ61 8FSf3IMSD8Djv9qAu7NmeQ4= X-Google-Smtp-Source: ABdhPJxQRtR6CUvuGguGGsL9kDkUgBeyz49aPVCISKh47OYKF0j0wGgG/BgifNGX1gZNQjKywCqMjQ== X-Received: by 2002:a17:906:7802:: with SMTP id u2mr35684454ejm.325.1632240944668; Tue, 21 Sep 2021 09:15:44 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:44 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 16/19] selftests: Initial tcp_authopt support for fcnal-test Date: Tue, 21 Sep 2021 19:14:59 +0300 Message-Id: <694da73ec4367c97cbaf9c17eec0db4edfe25c48.1632240523.git.cdleonard@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Just test that a correct password is passed or otherwise a timeout is obtained. Signed-off-by: Leonard Crestez --- tools/testing/selftests/net/fcnal-test.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 13350cd5c8ac..74a7580b6bde 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -791,10 +791,31 @@ ipv4_ping() } ################################################################################ # IPv4 TCP +# +# TCP Authentication Option Tests +# +ipv4_tcp_authopt() +{ + # basic use case + log_start + run_cmd nettest -s -A ${MD5_PW} & + sleep 1 + run_cmd_nsb nettest -r ${NSA_IP} -A ${MD5_PW} + log_test $? 0 "AO: Simple password" + + # wrong password + log_start + show_hint "Should timeout since client uses wrong password" + run_cmd nettest -s -A ${MD5_PW} & + sleep 1 + run_cmd_nsb nettest -r ${NSA_IP} -A ${MD5_WRONG_PW} + log_test $? 2 "AO: Client uses wrong password" +} + # # MD5 tests without VRF # ipv4_tcp_md5_novrf() { @@ -1122,10 +1143,11 @@ ipv4_tcp_novrf() show_hint "Should fail 'Connection refused'" run_cmd nettest -d ${NSA_DEV} -r ${a} log_test_addr ${a} $? 1 "No server, device client, local conn" ipv4_tcp_md5_novrf + ipv4_tcp_authopt } ipv4_tcp_vrf() { local a From patchwork Tue Sep 21 16:15:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508217 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64A91C433F5 for ; Tue, 21 Sep 2021 16:17:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4D46C60F70 for ; Tue, 21 Sep 2021 16:17:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234484AbhIUQSh (ORCPT ); Tue, 21 Sep 2021 12:18:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33478 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234503AbhIUQSX (ORCPT ); Tue, 21 Sep 2021 12:18:23 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27A3BC061574; Tue, 21 Sep 2021 09:16:55 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id u27so4133195edi.9; Tue, 21 Sep 2021 09:16:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=SFcfoPPel7lTojPt9vUi/iKxjORTRUrzm14vPDBAPlA=; b=okRVqlfk3og9Jtrd65RJID0/aJeYAm8Va0Lr+okgjWMwqTXGx8DVjyHOHkK+b/NiQP q5APFtRbieLYz9xoXUUMkS3abJcj87JDvZ3CQwQF0dUHW3h978iey/xnsoSjfkHFIu1q qCvEreqfh2tG9hwJEelcHFLg11U6WS1xDD5v4UBkbJ0VU4zSPYrql+J8W8Y6JPFNX7wq uQJsPkD8nb9TfyLK7HjKh6LFSY0NnNJkzlzSYbuaHDMGR8f2vo1r/bsUwmpDkoi9fYla MzQvdCiF69MeXRU4RMWIt+P3Gdb5rfgCHot7/VfCJqKs9Hig/A/ZawmpbjumbQcUHRiN im3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SFcfoPPel7lTojPt9vUi/iKxjORTRUrzm14vPDBAPlA=; b=mXM9DdlnZm2wIa8N+hgnv/WD5jXEtPBQjs5Nw2JyEH7YmHA4Vd9v7K8ynt0PIy30jF V+N5IvhOdoU4K6xSboozKvdxpR9I0+Rm932uURqF68R9kHx8xOl/ZMdXwiqhA3Nm/uZZ SH+5S/FGKxmwA0Fw1DxAsmnrvd+8WhIj6MEgG1/+mFb4jAOaABtBv7QQsnypRC07CGCA ldv50n0K+YH27z4eQqRwztGeb0sqbapkiON4NBFo+d3rq5hBdf8ZD+Z6lYb5eANpNkuD 0khE60BpLeYB2zC07Zo1YS3ylCH/zBZpVfNGSdcJ4CwsfrB5WD0mqvbdhYcDzoFO/cZb Qlxg== X-Gm-Message-State: AOAM532vG+c/Z9uQo0H3NpOgn4svNJvyG54ww3dIRkAAFlB/ZqE6223s Uy+re3ExF28cd01J60vILnY= X-Google-Smtp-Source: ABdhPJyFtJiRAGfWkAT2Olxg6++rMn+qLhemQeDmBPRpx4WcxDa3mjb5C0+/K4EraLJEu6/zZF8dkg== X-Received: by 2002:a17:907:760d:: with SMTP id jx13mr33129121ejc.194.1632240946508; Tue, 21 Sep 2021 09:15:46 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:46 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 17/19] selftests: Add -t tcp_authopt option for fcnal-test.sh Date: Tue, 21 Sep 2021 19:15:00 +0300 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This script is otherwise very slow to run! Signed-off-by: Leonard Crestez --- tools/testing/selftests/net/fcnal-test.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 74a7580b6bde..484734db708f 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -1331,10 +1331,21 @@ ipv4_tcp() log_subsection "With VRF" setup "yes" ipv4_tcp_vrf } + +only_tcp_authopt() +{ + log_section "TCP Authentication" + setup + set_sysctl net.ipv4.tcp_l3mdev_accept=0 + log_subsection "IPv4 no VRF" + ipv4_tcp_authopt +} + + ################################################################################ # IPv4 UDP ipv4_udp_novrf() { @@ -4021,10 +4032,11 @@ do ipv6_bind|bind6) ipv6_addr_bind;; ipv6_runtime) ipv6_runtime;; ipv6_netfilter) ipv6_netfilter;; use_cases) use_cases;; + tcp_authopt) only_tcp_authopt;; # setup namespaces and config, but do not run any tests setup) setup; exit 0;; vrf_setup) setup "yes"; exit 0;; From patchwork Tue Sep 21 16:15:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508223 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 200B5C433FE for ; Tue, 21 Sep 2021 16:17:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0D9FE60F70 for ; Tue, 21 Sep 2021 16:17:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234568AbhIUQSp (ORCPT ); Tue, 21 Sep 2021 12:18:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234416AbhIUQS0 (ORCPT ); Tue, 21 Sep 2021 12:18:26 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D049C061756; Tue, 21 Sep 2021 09:16:57 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id u27so4133598edi.9; Tue, 21 Sep 2021 09:16:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Hq6EJ6+PaDYa/zKF18KShOfqfhtkH5ip+hcAHx5j5P0=; b=kpZn5ZdOFnExjoFSxQwegqyMLBa+XUJ3np4fFOAPU3mhUu3yz45SekJrjsxZn/6dIB 5/97WyzG83cNN4CddS07lUcXwoMne89HGM3YInEqGep7iG/7Ks72hUrm52GFQjqKysmM 4nAjzDI+ulhpbZ9lA4EeJ1McwjuSCyJPaBHy+ntN4LC/vjiFK746p1KoBL69J9D3Buwo jki7jHSVYRs5vNuGfjqqwYqhO4w8XU1IC5FXSCosm+Db8TJuCSX4sST+/be2ruViaZkQ HaOWWpYQVcNhQ21FP1G/pHQy3CdKQ+LTaZ6GcKVpEddXMDmWYIyeBRohT33IxGpCT07s 3sMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Hq6EJ6+PaDYa/zKF18KShOfqfhtkH5ip+hcAHx5j5P0=; b=7wdAndfsvPzMcRRpCFe/Zu2cIUjZmpR4lb28FHtB+rGSOCik5tm7q7BO+IoTSuO1ls kSLkI4BjNGgfMInupjdKP1U6JW/DlYzOkdqMv7LfQjskTdtIRD0dTXT6FiE3WQgkC9lR LqOMFW290MvX4TfiWSyWeK135enxOYml7pdTLfB7mUx9FZvqU3RBvdzGvNKdaxfRZhlT HEh2KuHqXmWc75/G+ExYT5QPmYRbwKfX3a/GsH1YxhVNFpsg2cnj+sDwgSEwOMORw1H7 UmbYztAhiDiQD9rQEeo+z7YSnJOUU/RTPguJlt5TKF01d/EjFTKkC39IGIEMJZh5tc/Q jfDg== X-Gm-Message-State: AOAM532eRcZXyhoX9dQ6Pl90bEgx5FHxX4DLtXv2YgnOB4WiFRYTzhDf Ar4x8eoIyx/PBWqK+/qcVbY= X-Google-Smtp-Source: ABdhPJwFXzzsnDS5s7fbNQPE8fG7teKsuuJiIgCbhKI/b/CWLERzk+9Pp1IyR3ot88xcJR/LPFFiHQ== X-Received: by 2002:a17:906:3699:: with SMTP id a25mr35644117ejc.452.1632240948296; Tue, 21 Sep 2021 09:15:48 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:47 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 18/19] tcp: authopt: Add key selection controls Date: Tue, 21 Sep 2021 19:15:01 +0300 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The RFC requires that TCP can report the keyid and rnextkeyid values being sent or received, implement this via getsockopt values. The RFC also requires that user can select the sending key and that the sending key is automatically switched based on rnextkeyid. These requirements can conflict so we implement both and add a flag which specifies if user or peer request takes priority. Also add an option to control rnextkeyid explicitly from userspace. Signed-off-by: Leonard Crestez --- Documentation/networking/tcp_authopt.rst | 25 ++++++ include/net/tcp_authopt.h | 15 +++- include/uapi/linux/tcp.h | 31 ++++++++ net/ipv4/tcp_authopt.c | 98 +++++++++++++++++++++++- net/ipv4/tcp_ipv4.c | 2 +- net/ipv6/tcp_ipv6.c | 2 +- 6 files changed, 166 insertions(+), 7 deletions(-) diff --git a/Documentation/networking/tcp_authopt.rst b/Documentation/networking/tcp_authopt.rst index 484f66f41ad5..cded87a70d05 100644 --- a/Documentation/networking/tcp_authopt.rst +++ b/Documentation/networking/tcp_authopt.rst @@ -35,10 +35,35 @@ Keys can be bound to remote addresses in a way that is similar to TCP_MD5. RFC5925 requires that key ids do not overlap when tcp identifiers (addr/port) overlap. This is not enforced by linux, configuring ambiguous keys will result in packet drops and lost connections. +Key selection +------------- + +On getsockopt(TCP_AUTHOPT) information is provided about keyid/rnextkeyid in +the last send packet and about the keyid/rnextkeyd in the last valid received +packet. + +By default the sending keyid is selected to match the "rnextkeyid" value sent +by the remote side. If that keyid is not available (or for new connections) a +random matching key is selected. + +If the `TCP_AUTHOPT_LOCK_KEYID` is set then the sending key is selected by the +`tcp_authopt.send_local_id` field and rnextkeyid is ignored. If no key with +local_id == send_local_id is configured then a random matching key is +selected. + +The current sending key is cached in the socket and will not change unless +requested by remote rnextkeyid or by setsockopt. + +The rnextkeyid value sent on the wire is usually the recv_id of the current +key used for sending. If the TCP_AUTHOPT_LOCK_RNEXTKEY flag is set in +`tcp_authopt.flags` the value of `tcp_authopt.send_rnextkeyid` is send +instead. This can be used to implement smooth rollover: the peer will switch +its keyid to the received rnextkeyid when it is available. + ABI Reference ============= .. kernel-doc:: include/uapi/linux/tcp.h :identifiers: tcp_authopt tcp_authopt_flag tcp_authopt_key tcp_authopt_key_flag tcp_authopt_alg diff --git a/include/net/tcp_authopt.h b/include/net/tcp_authopt.h index b012eaaf416f..c7d6a51fa5c5 100644 --- a/include/net/tcp_authopt.h +++ b/include/net/tcp_authopt.h @@ -45,11 +45,21 @@ struct tcp_authopt_key_info { */ struct tcp_authopt_info { /** @head: List of tcp_authopt_key_info */ struct hlist_head head; struct rcu_head rcu; + /** + * @send_keyid - Current key used for sending, cached. + * + * Once a key is found it only changes by user or remote request. + */ + struct tcp_authopt_key_info *send_key; u32 flags; + u8 send_keyid; + u8 send_rnextkeyid; + u8 recv_keyid; + u8 recv_rnextkeyid; u32 src_isn; u32 dst_isn; }; #ifdef CONFIG_TCP_AUTHOPT @@ -63,21 +73,22 @@ int tcp_get_authopt_val(struct sock *sk, struct tcp_authopt *key); int tcp_set_authopt_key(struct sock *sk, sockptr_t optval, unsigned int optlen); struct tcp_authopt_key_info *__tcp_authopt_select_key( const struct sock *sk, struct tcp_authopt_info *info, const struct sock *addr_sk, - u8 *rnextkeyid); + u8 *rnextkeyid, + bool locked); static inline struct tcp_authopt_key_info *tcp_authopt_select_key( const struct sock *sk, const struct sock *addr_sk, u8 *rnextkeyid) { if (static_branch_unlikely(&tcp_authopt_needed)) { struct tcp_authopt_info *info = rcu_dereference(tcp_sk(sk)->authopt_info); if (info) - return __tcp_authopt_select_key(sk, info, addr_sk, rnextkeyid); + return __tcp_authopt_select_key(sk, info, addr_sk, rnextkeyid, true); } return NULL; } int tcp_authopt_hash( char *hash_location, diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h index c68ecd617774..6357966bada9 100644 --- a/include/uapi/linux/tcp.h +++ b/include/uapi/linux/tcp.h @@ -346,10 +346,24 @@ struct tcp_diag_md5sig { /** * enum tcp_authopt_flag - flags for `tcp_authopt.flags` */ enum tcp_authopt_flag { + /** + * @TCP_AUTHOPT_FLAG_LOCK_KEYID: keyid controlled by sockopt + * + * If this is set `tcp_authopt.send_keyid` is used to determined sending + * key. Otherwise a key with send_id == recv_rnextkeyid is preferred. + */ + TCP_AUTHOPT_FLAG_LOCK_KEYID = (1 << 0), + /** + * @TCP_AUTHOPT_FLAG_LOCK_RNEXTKEYID: Override rnextkeyid from userspace + * + * If this is set then `tcp_authopt.send_rnextkeyid` is sent on outbound + * packets. Other the recv_id of the current sending key is sent. + */ + TCP_AUTHOPT_FLAG_LOCK_RNEXTKEYID = (1 << 1), /** * @TCP_AUTHOPT_FLAG_REJECT_UNEXPECTED: * Configure behavior of segments with TCP-AO coming from hosts for which no * key is configured. The default recommended by RFC is to silently accept * such connections. @@ -361,10 +375,27 @@ enum tcp_authopt_flag { * struct tcp_authopt - Per-socket options related to TCP Authentication Option */ struct tcp_authopt { /** @flags: Combination of &enum tcp_authopt_flag */ __u32 flags; + /** + * @send_keyid: `tcp_authopt_key.send_id` of preferred send key + * + * This is only used if `TCP_AUTHOPT_FLAG_LOCK_KEYID` is set. + */ + __u8 send_keyid; + /** + * @send_rnextkeyid: The rnextkeyid to send in packets + * + * This is controlled by the user iff TCP_AUTHOPT_FLAG_LOCK_RNEXTKEYID is + * set. Otherwise rnextkeyid is the recv_id of the current key. + */ + __u8 send_rnextkeyid; + /** @recv_keyid: A recently-received keyid value. Only for getsockopt. */ + __u8 recv_keyid; + /** @recv_rnextkeyid: A recently-received rnextkeyid value. Only for getsockopt. */ + __u8 recv_rnextkeyid; }; /** * enum tcp_authopt_key_flag - flags for `tcp_authopt.flags` * diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c index 756182401a3b..550ca6bec1ec 100644 --- a/net/ipv4/tcp_authopt.c +++ b/net/ipv4/tcp_authopt.c @@ -289,18 +289,75 @@ static struct tcp_authopt_key_info *tcp_authopt_lookup_send(struct tcp_authopt_i * addr_sk is the sock used for comparing daddr, it is only different from sk in * the synack case. * * Result is protected by RCU and can't be stored, it may only be passed to * tcp_authopt_hash and only under a single rcu_read_lock. + * + * If locked is false then we're not holding the socket lock. This happens for + * some timewait and reset cases. */ struct tcp_authopt_key_info *__tcp_authopt_select_key( const struct sock *sk, struct tcp_authopt_info *info, const struct sock *addr_sk, - u8 *rnextkeyid) + u8 *rnextkeyid, + bool locked) { - return tcp_authopt_lookup_send(info, addr_sk, -1); + struct tcp_authopt_key_info *key, *new_key = NULL; + + /* Listen sockets don't refer to any specific connection so we don't try + * to keep using the same key and ignore any received keyids. + */ + if (sk->sk_state == TCP_LISTEN) { + int send_keyid = -1; + if (info->flags & TCP_AUTHOPT_FLAG_LOCK_KEYID) + send_keyid = info->send_keyid; + key = tcp_authopt_lookup_send(info, addr_sk, send_keyid); + if (key) + *rnextkeyid = key->recv_id; + + return key; + } + + if (locked) + key = rcu_dereference_protected(info->send_key, lockdep_sock_is_held(sk)); + else + key = rcu_dereference(info->send_key); + + /* Try to keep the same sending key unless user or peer requires a different key + * User request (via TCP_AUTHOPT_FLAG_LOCK_KEYID) always overrides peer request. + */ + if (info->flags & TCP_AUTHOPT_FLAG_LOCK_KEYID) { + int send_keyid = info->send_keyid; + + if (!key || key->send_id != send_keyid) + new_key = tcp_authopt_lookup_send(info, addr_sk, send_keyid); + } else { + if (!key || key->send_id != info->recv_rnextkeyid) + new_key = tcp_authopt_lookup_send(info, addr_sk, info->recv_rnextkeyid); + } + /* If no key found with specific send_id try anything else. */ + if (!key && !new_key) + new_key = tcp_authopt_lookup_send(info, addr_sk, -1); + + /* Update current key only if we hold the socket lock, otherwise we might + * store a pointer that goes stale + */ + if (new_key && key != new_key) { + key = new_key; + if (locked) + rcu_assign_pointer(info->send_key, key); + } + + if (key) { + if (info->flags & TCP_AUTHOPT_FLAG_LOCK_RNEXTKEYID) + *rnextkeyid = info->send_rnextkeyid; + else + *rnextkeyid = info->send_rnextkeyid = key->recv_id; + } + + return key; } static struct tcp_authopt_info *__tcp_authopt_info_get_or_create(struct sock *sk) { struct tcp_sock *tp = tcp_sk(sk); @@ -322,10 +379,12 @@ static struct tcp_authopt_info *__tcp_authopt_info_get_or_create(struct sock *sk return info; } #define TCP_AUTHOPT_KNOWN_FLAGS ( \ + TCP_AUTHOPT_FLAG_LOCK_KEYID | \ + TCP_AUTHOPT_FLAG_LOCK_RNEXTKEYID | \ TCP_AUTHOPT_FLAG_REJECT_UNEXPECTED) /* Like copy_from_sockopt except tolerate different optlen for compatibility reasons * * If the src is shorter then it's from an old userspace and the rest of dst is @@ -381,18 +440,23 @@ int tcp_set_authopt(struct sock *sk, sockptr_t optval, unsigned int optlen) info = __tcp_authopt_info_get_or_create(sk); if (IS_ERR(info)) return PTR_ERR(info); info->flags = opt.flags & TCP_AUTHOPT_KNOWN_FLAGS; + if (opt.flags & TCP_AUTHOPT_FLAG_LOCK_KEYID) + info->send_keyid = opt.send_keyid; + if (opt.flags & TCP_AUTHOPT_FLAG_LOCK_RNEXTKEYID) + info->send_rnextkeyid = opt.send_rnextkeyid; return 0; } int tcp_get_authopt_val(struct sock *sk, struct tcp_authopt *opt) { struct tcp_sock *tp = tcp_sk(sk); struct tcp_authopt_info *info; + struct tcp_authopt_key_info *send_key; sock_owned_by_me(sk); if (!sysctl_tcp_authopt) return -EPERM; @@ -400,10 +464,21 @@ int tcp_get_authopt_val(struct sock *sk, struct tcp_authopt *opt) info = rcu_dereference_check(tp->authopt_info, lockdep_sock_is_held(sk)); if (!info) return -ENOENT; opt->flags = info->flags & TCP_AUTHOPT_KNOWN_FLAGS; + /* These keyids might be undefined, for example before connect. + * Reporting zero is not strictly correct because there are no reserved + * values. + */ + if ((send_key = rcu_dereference_check(info->send_key, lockdep_sock_is_held(sk)))) + opt->send_keyid = send_key->send_id; + else + opt->send_keyid = 0; + opt->send_rnextkeyid = info->send_rnextkeyid; + opt->recv_keyid = info->recv_keyid; + opt->recv_rnextkeyid = info->recv_rnextkeyid; return 0; } /* Free key nicely, for living sockets */ @@ -411,10 +486,12 @@ static void tcp_authopt_key_del(struct sock *sk, struct tcp_authopt_info *info, struct tcp_authopt_key_info *key) { sock_owned_by_me(sk); hlist_del_rcu(&key->node); + if (rcu_dereference_protected(info->send_key, lockdep_sock_is_held(sk)) == key) + rcu_assign_pointer(info->send_key, NULL); atomic_sub(sizeof(*key), &sk->sk_omem_alloc); kfree_rcu(key, rcu); } /* Free info and keys. @@ -1332,11 +1409,11 @@ int __tcp_authopt_inbound_check(struct sock *sk, struct sk_buff *skb, struct tcp NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAUTHOPTFAILURE); net_info_ratelimited("TCP Authentication Unexpected: Rejected\n"); return -EINVAL; } else { net_info_ratelimited("TCP Authentication Unexpected: Accepted\n"); - return 0; + goto accept; } } /* bad inbound key len */ if (TCPOLEN_AUTHOPT_OUTPUT != opt->len) @@ -1350,9 +1427,24 @@ int __tcp_authopt_inbound_check(struct sock *sk, struct sk_buff *skb, struct tcp NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAUTHOPTFAILURE); net_info_ratelimited("TCP Authentication Failed\n"); return -EINVAL; } +accept: + /* Doing this for all valid packets will results in keyids temporarily + * flipping back and forth if packets are reordered or retransmitted + * but keys should eventually stabilize. + * + * This is connection-specific so don't store for listen sockets. + * + * We could store rnextkeyid from SYN in a request sock and use it for + * the SYNACK but we don't. + */ + if (sk->sk_state != TCP_LISTEN) { + info->recv_keyid = opt->keyid; + info->recv_rnextkeyid = opt->rnextkeyid; + } + return 1; } /* only for CONFIG_IPV6=m */ EXPORT_SYMBOL(__tcp_authopt_inbound_check); diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 2d5fbe7690aa..6b44bf0ca053 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -661,11 +661,11 @@ static int tcp_v4_authopt_handle_reply( info = tcp_twsk(sk)->tw_authopt_info; else info = tcp_sk(sk)->authopt_info; if (!info) return 0; - key_info = __tcp_authopt_select_key(sk, info, sk, &rnextkeyid); + key_info = __tcp_authopt_select_key(sk, info, sk, &rnextkeyid, false); if (!key_info) return 0; *optptr = htonl((TCPOPT_AUTHOPT << 24) | (TCPOLEN_AUTHOPT_OUTPUT << 16) | (key_info->send_id << 8) | diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index d922219af20e..3dcf0ba4a215 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -914,11 +914,11 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 authopt_info = tcp_twsk(sk)->tw_authopt_info; else authopt_info = rcu_dereference(tcp_sk(sk)->authopt_info); if (authopt_info) { - authopt_key_info = __tcp_authopt_select_key(sk, authopt_info, sk, &authopt_rnextkeyid); + authopt_key_info = __tcp_authopt_select_key(sk, authopt_info, sk, &authopt_rnextkeyid, false); if (authopt_key_info) { tot_len += TCPOLEN_AUTHOPT_OUTPUT; /* Don't use MD5 */ key = NULL; } From patchwork Tue Sep 21 16:15:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leonard Crestez X-Patchwork-Id: 12508239 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0EB0FC433F5 for ; Tue, 21 Sep 2021 16:18:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EF37161168 for ; Tue, 21 Sep 2021 16:18:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234828AbhIUQTc (ORCPT ); Tue, 21 Sep 2021 12:19:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33508 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234621AbhIUQSt (ORCPT ); Tue, 21 Sep 2021 12:18:49 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8BE7BC0613DE; Tue, 21 Sep 2021 09:17:16 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id v24so76389473eda.3; Tue, 21 Sep 2021 09:17:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PZHGXm7R/JEU6vc8GKEW973CLXt7h16wy5g4hm2R7wo=; b=qpEocCGtIbmPIBOY44TbpBrFLusxsaxnRppUrrkcvnDdz1iN4RLSCJxLa7YpvF5jrf CaNUfIOy8K56UE07kHh62MXFL5lUQfF2G+KJwuY3McPbVAa9RvkTekAys1nsz+12PSmU v3wlZcFsbitT5DjmIRRoVYJxWh2qnk1qixwz5wpj+Sp9asNbK7r2Bs652rwqHsqNvZuj dajGxjnE4luLPFIfWKgGP9/L0/d5+iZDrlFZbIybB3QYtd3gOidXeRxHq7FZn+qoV1C4 FHlcgqvNqUBgPvrUxmmF/NeOx7g6YD3NCliqeXE4Q8zwKEwkyxSNV9waNujgfqR1WzgG fOsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PZHGXm7R/JEU6vc8GKEW973CLXt7h16wy5g4hm2R7wo=; b=NMB0AdI9p/tYeXvz7DJq/T7ySqLc/6A3CBc0PQCe8OeIZIukWd3GaXgJX4mLBLeAbD m6RTQmEXE21zjRRV3WjdICl8Xv+oCnddXn7iM8Z1eY3d0yM+6TgR7XBbJNPxjy61GvCj HDBoOeqcTkglfMBYH79XK28WLXRTmRkvTqo4Ll4JnNiyaD8GeduOmmDnIru1JSJ+3dZ3 +15EJISY9btnEg7Xl4nlfJaugdLr1+vl7+0RafJUT94aj6Yjz176XVcBIkFyuOR5nOk5 EGqg/690uiNAiCmSXiR31vUkniWp3eY20ywLFe8iZfMa+S7mJDYm+UDn0MQluVugni/L yoaA== X-Gm-Message-State: AOAM530fixbCUopsvdLHUTeH9NWF8jg7/g/eFIKuxUQnE1Q28pX2gxc1 eGCR4kb0eWHEoJwiosktFJc= X-Google-Smtp-Source: ABdhPJxu+PuOaxlAzsMyFahwSkNqujCfgEOO1ijyOjTluvDHDgzsVgJiHkP1QT0qyMI/+w6yz8HQBg== X-Received: by 2002:a50:be86:: with SMTP id b6mr34762477edk.138.1632240950198; Tue, 21 Sep 2021 09:15:50 -0700 (PDT) Received: from pinky.lan ([2a04:241e:502:1df0:b065:9bdf:4016:277]) by smtp.gmail.com with ESMTPSA id kx17sm7674075ejc.51.2021.09.21.09.15.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 09:15:49 -0700 (PDT) From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , Shuah Khan Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 19/19] selftests: tcp_authopt: Add tests for rollover Date: Tue, 21 Sep 2021 19:15:02 +0300 Message-Id: <613b69cdbc7b22907af1e1359546b87822aa05d9.1632240523.git.cdleonard@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org RFC5925 requires that the use can examine or control the keys being used. This is implemented in linux via fields on the TCP_AUTHOPT sockopt. Add socket-level tests for the adjusting keyids on live connections and checking the they are reflected on the peer. Also check smooth transitions via rnextkeyid. Signed-off-by: Leonard Crestez --- .../tcp_authopt_test/linux_tcp_authopt.py | 16 +- .../tcp_authopt_test/test_rollover.py | 180 ++++++++++++++++++ 2 files changed, 193 insertions(+), 3 deletions(-) create mode 100644 tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_rollover.py diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_authopt.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_authopt.py index 339298998ff9..1ba4358654be 100644 --- a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_authopt.py +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/linux_tcp_authopt.py @@ -23,10 +23,12 @@ TCP_AUTHOPT_KEY = 39 TCP_AUTHOPT_MAXKEYLEN = 80 class TCP_AUTHOPT_FLAG(IntFlag): + LOCK_KEYID = BIT(0) + LOCK_RNEXTKEYID = BIT(1) REJECT_UNEXPECTED = BIT(2) class TCP_AUTHOPT_KEY_FLAG(IntFlag): DEL = BIT(0) @@ -42,24 +44,32 @@ class TCP_AUTHOPT_ALG(IntEnum): @dataclass class tcp_authopt: """Like linux struct tcp_authopt""" flags: int = 0 - sizeof = 4 + send_keyid: int = 0 + send_rnextkeyid: int = 0 + recv_keyid: int = 0 + recv_rnextkeyid: int = 0 + sizeof = 8 def pack(self) -> bytes: return struct.pack( - "I", + "IBBBB", self.flags, + self.send_keyid, + self.send_rnextkeyid, + self.recv_keyid, + self.recv_rnextkeyid, ) def __bytes__(self): return self.pack() @classmethod def unpack(cls, b: bytes): - tup = struct.unpack("I", b) + tup = struct.unpack("IBBBB", b) return cls(*tup) def set_tcp_authopt(sock, opt: tcp_authopt): return sock.setsockopt(socket.SOL_TCP, TCP_AUTHOPT, bytes(opt)) diff --git a/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_rollover.py b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_rollover.py new file mode 100644 index 000000000000..a348a7acfe0f --- /dev/null +++ b/tools/testing/selftests/tcp_authopt/tcp_authopt_test/test_rollover.py @@ -0,0 +1,180 @@ +# SPDX-License-Identifier: GPL-2.0 +import typing +import socket +from .server import SimpleServerThread +from .linux_tcp_authopt import ( + TCP_AUTHOPT_FLAG, + set_tcp_authopt_key, + tcp_authopt, + tcp_authopt_key, + set_tcp_authopt, + get_tcp_authopt, +) +from .utils import DEFAULT_TCP_SERVER_PORT, create_listen_socket, check_socket_echo +from contextlib import ExitStack, contextmanager +from .conftest import skipif_missing_tcp_authopt + +pytestmark = skipif_missing_tcp_authopt + + +@contextmanager +def make_tcp_authopt_socket_pair( + server_addr="127.0.0.1", + server_authopt: tcp_authopt = None, + server_key_list: typing.Iterable[tcp_authopt_key] = [], + client_authopt: tcp_authopt = None, + client_key_list: typing.Iterable[tcp_authopt_key] = [], +) -> typing.Tuple[socket.socket, socket.socket]: + """Make a pair for connected sockets for key switching tests + + Server runs in a background thread implementing echo protocol""" + with ExitStack() as exit_stack: + listen_socket = exit_stack.enter_context( + create_listen_socket(bind_addr=server_addr) + ) + server_thread = exit_stack.enter_context( + SimpleServerThread(listen_socket, mode="echo") + ) + client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + client_socket.settimeout(1.0) + + if server_authopt: + set_tcp_authopt(listen_socket, server_authopt) + for k in server_key_list: + set_tcp_authopt_key(listen_socket, k) + if client_authopt: + set_tcp_authopt(client_socket, client_authopt) + for k in client_key_list: + set_tcp_authopt_key(client_socket, k) + + client_socket.connect((server_addr, DEFAULT_TCP_SERVER_PORT)) + check_socket_echo(client_socket) + server_socket = server_thread.server_socket[0] + + yield client_socket, server_socket + + +def test_get_keyids(exit_stack: ExitStack): + """Check reading key ids""" + sk1 = tcp_authopt_key(send_id=11, recv_id=12, key="111") + sk2 = tcp_authopt_key(send_id=21, recv_id=22, key="222") + ck1 = tcp_authopt_key(send_id=12, recv_id=11, key="111") + client_socket, server_socket = exit_stack.enter_context( + make_tcp_authopt_socket_pair( + server_key_list=[sk1, sk2], + client_key_list=[ck1], + ) + ) + + check_socket_echo(client_socket) + client_tcp_authopt = get_tcp_authopt(client_socket) + server_tcp_authopt = get_tcp_authopt(server_socket) + assert server_tcp_authopt.send_keyid == 11 + assert server_tcp_authopt.send_rnextkeyid == 12 + assert server_tcp_authopt.recv_keyid == 12 + assert server_tcp_authopt.recv_rnextkeyid == 11 + assert client_tcp_authopt.send_keyid == 12 + assert client_tcp_authopt.send_rnextkeyid == 11 + assert client_tcp_authopt.recv_keyid == 11 + assert client_tcp_authopt.recv_rnextkeyid == 12 + + +def test_rollover_send_keyid(exit_stack: ExitStack): + """Check reading key ids""" + sk1 = tcp_authopt_key(send_id=11, recv_id=12, key="111") + sk2 = tcp_authopt_key(send_id=21, recv_id=22, key="222") + ck1 = tcp_authopt_key(send_id=12, recv_id=11, key="111") + ck2 = tcp_authopt_key(send_id=22, recv_id=21, key="222") + client_socket, server_socket = exit_stack.enter_context( + make_tcp_authopt_socket_pair( + server_key_list=[sk1, sk2], + client_key_list=[ck1, ck2], + client_authopt=tcp_authopt( + send_keyid=12, flags=TCP_AUTHOPT_FLAG.LOCK_KEYID + ), + ) + ) + + check_socket_echo(client_socket) + assert get_tcp_authopt(client_socket).recv_keyid == 11 + assert get_tcp_authopt(server_socket).recv_keyid == 12 + + # Explicit request for key2 + set_tcp_authopt( + client_socket, tcp_authopt(send_keyid=22, flags=TCP_AUTHOPT_FLAG.LOCK_KEYID) + ) + check_socket_echo(client_socket) + assert get_tcp_authopt(client_socket).recv_keyid == 21 + assert get_tcp_authopt(server_socket).recv_keyid == 22 + + +def test_rollover_rnextkeyid(exit_stack: ExitStack): + """Check reading key ids""" + sk1 = tcp_authopt_key(send_id=11, recv_id=12, key="111") + sk2 = tcp_authopt_key(send_id=21, recv_id=22, key="222") + ck1 = tcp_authopt_key(send_id=12, recv_id=11, key="111") + ck2 = tcp_authopt_key(send_id=22, recv_id=21, key="222") + client_socket, server_socket = exit_stack.enter_context( + make_tcp_authopt_socket_pair( + server_key_list=[sk1], + client_key_list=[ck1, ck2], + client_authopt=tcp_authopt( + send_keyid=12, flags=TCP_AUTHOPT_FLAG.LOCK_KEYID + ), + ) + ) + + check_socket_echo(client_socket) + assert get_tcp_authopt(server_socket).recv_rnextkeyid == 11 + + # request rnextkeyd=22 but server does not have it + set_tcp_authopt( + client_socket, + tcp_authopt(send_rnextkeyid=21, flags=TCP_AUTHOPT_FLAG.LOCK_RNEXTKEYID), + ) + check_socket_echo(client_socket) + check_socket_echo(client_socket) + assert get_tcp_authopt(server_socket).recv_rnextkeyid == 21 + assert get_tcp_authopt(server_socket).send_keyid == 11 + + # after adding k2 on server the key is switched + set_tcp_authopt_key(server_socket, sk2) + check_socket_echo(client_socket) + check_socket_echo(client_socket) + assert get_tcp_authopt(server_socket).send_keyid == 21 + + +def test_rollover_delkey(exit_stack: ExitStack): + sk1 = tcp_authopt_key(send_id=11, recv_id=12, key="111") + sk2 = tcp_authopt_key(send_id=21, recv_id=22, key="222") + ck1 = tcp_authopt_key(send_id=12, recv_id=11, key="111") + ck2 = tcp_authopt_key(send_id=22, recv_id=21, key="222") + client_socket, server_socket = exit_stack.enter_context( + make_tcp_authopt_socket_pair( + server_key_list=[sk1, sk2], + client_key_list=[ck1, ck2], + client_authopt=tcp_authopt( + send_keyid=12, flags=TCP_AUTHOPT_FLAG.LOCK_KEYID + ), + ) + ) + + check_socket_echo(client_socket) + assert get_tcp_authopt(server_socket).recv_keyid == 12 + + # invalid send_keyid is just ignored + set_tcp_authopt(client_socket, tcp_authopt(send_keyid=7)) + check_socket_echo(client_socket) + assert get_tcp_authopt(client_socket).send_keyid == 12 + assert get_tcp_authopt(server_socket).recv_keyid == 12 + assert get_tcp_authopt(client_socket).recv_keyid == 11 + + # If a key is removed it is replaced by anything that matches + ck1.delete_flag = True + set_tcp_authopt_key(client_socket, ck1) + check_socket_echo(client_socket) + check_socket_echo(client_socket) + assert get_tcp_authopt(client_socket).send_keyid == 22 + assert get_tcp_authopt(server_socket).send_keyid == 21 + assert get_tcp_authopt(server_socket).recv_keyid == 22 + assert get_tcp_authopt(client_socket).recv_keyid == 21