tcp: introduce __tcp_fastopen_cookie_gen_cipher()

Restructure __tcp_fastopen_cookie_gen() to take a 'struct crypto_cipher' argument and rename it as __tcp_fastopen_cookie_gen_cipher(). Subsequent patches will provide different ciphers based on which key is being used for the cookie generation. Signed-off-by: Christoph Paasch <cpaasch@apple.com> Signed-off-by: Jason Baron <jbaron@akamai.com> Acked-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>

tcp: introduce __tcp_fastopen_cookie_gen_cipher()
Restructure __tcp_fastopen_cookie_gen() to take a 'struct crypto_cipher' argument and rename it as __tcp_fastopen_cookie_gen_cipher(). Subsequent patches will provide different ciphers based on which key is being used for the cookie generation. Signed-off-by: Christoph Paasch <cpaasch@apple.com> Signed-off-by: Jason Baron <jbaron@akamai.com> Acked-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
483642e5 · Christoph Paasch · David S. Miller · 5b5d331a · 483642e5
Commit 483642e5 authored May 29, 2019 by Christoph Paasch Committed by David S. Miller May 30, 2019
Show whitespace changes
Inline Side-by-side

Showing with 37 additions and 36 deletions

net/ipv4/tcp_fastopen.c net/ipv4/tcp_fastopen.c +37 -36

No files found.
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -111,25 +111,38 @@ error:		kfree(ctx);
 	return err;
 }
-static bool __tcp_fastopen_cookie_gen(struct sock *sk, const void *path,
+static bool __tcp_fastopen_cookie_gen_cipher(struct request_sock *req,
+					     struct sk_buff *syn,
+					     struct crypto_cipher *tfm,
 					     struct tcp_fastopen_cookie *foc)
 {
-	struct tcp_fastopen_context *ctx;
+	if (req->rsk_ops->family == AF_INET) {
-	bool ok = false;
+		const struct iphdr *iph = ip_hdr(syn);
+		__be32 path[4] = { iph->saddr, iph->daddr, 0, 0 };
-	rcu_read_lock();
+		crypto_cipher_encrypt_one(tfm, foc->val, (void *)path);
+		foc->len = TCP_FASTOPEN_COOKIE_SIZE;
+		return true;
+	}
-	ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx);
+#if IS_ENABLED(CONFIG_IPV6)
-	if (!ctx)
+	if (req->rsk_ops->family == AF_INET6) {
-		ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx);
+		const struct ipv6hdr *ip6h = ipv6_hdr(syn);
+		struct tcp_fastopen_cookie tmp;
+		struct in6_addr *buf;
+		int i;
-	if (ctx) {
+		crypto_cipher_encrypt_one(tfm, tmp.val,
-		crypto_cipher_encrypt_one(ctx->tfm, foc->val, path);
+					  (void *)&ip6h->saddr);
+		buf = &tmp.addr;
+		for (i = 0; i < 4; i++)
+			buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i];
+		crypto_cipher_encrypt_one(tfm, foc->val, (void *)buf);
 		foc->len = TCP_FASTOPEN_COOKIE_SIZE;
-		ok = true;
+		return true;
 	}
-	rcu_read_unlock();
+#endif
-	return ok;
+	return false;
 }
 /* Generate the fastopen cookie by doing aes128 encryption on both
@@ -143,29 +156,17 @@ static bool tcp_fastopen_cookie_gen(struct sock *sk,
 				    struct sk_buff *syn,
 				    struct tcp_fastopen_cookie *foc)
 {
-	if (req->rsk_ops->family == AF_INET) {
+	struct tcp_fastopen_context *ctx;
-		const struct iphdr *iph = ip_hdr(syn);
+	bool ok = false;
-		__be32 path[4] = { iph->saddr, iph->daddr, 0, 0 };
-		return __tcp_fastopen_cookie_gen(sk, path, foc);
-	}
-#if IS_ENABLED(CONFIG_IPV6)
-	if (req->rsk_ops->family == AF_INET6) {
-		const struct ipv6hdr *ip6h = ipv6_hdr(syn);
-		struct tcp_fastopen_cookie tmp;
-		if (__tcp_fastopen_cookie_gen(sk, &ip6h->saddr, &tmp)) {
-			struct in6_addr *buf = &tmp.addr;
-			int i;
-			for (i = 0; i < 4; i++)
+	rcu_read_lock();
-				buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i];
+	ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx);
-			return __tcp_fastopen_cookie_gen(sk, buf, foc);
+	if (!ctx)
-		}
+		ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx);
-	}
+	if (ctx)
-#endif
+		ok = __tcp_fastopen_cookie_gen_cipher(req, syn, ctx->tfm, foc);
-	return false;
+	rcu_read_unlock();
+	return ok;
 }