Commit f779bf79 authored by Tuong Lien's avatar Tuong Lien Committed by David S. Miller

tipc: optimize key switching time and logic

We reduce the lasting time for a pending TX key to be active as well as
for a passive RX key to be freed which generally helps speed up the key
switching. It is not expected to be too fast but should not be too slow
either. Also the key handling logic is simplified that a pending RX key
will be removed automatically if it is found not working after a number
of times; the probing for a pending TX key is now carried on a specific
message user ('LINK_PROTOCOL' or 'LINK_CONFIG') which is more efficient
than using a timer on broadcast messages, the timer is reserved for use
later as needed.

The kernel logs or 'pr***()' are now made as clear as possible to user.
Some prints are added, removed or changed to the debug-level. The
'TIPC_CRYPTO_DEBUG' definition is removed, and the 'pr_debug()' is used
instead which will be much helpful in runtime.

Besides we also optimize the code in some other places as a preparation
for later commits.

v2: silent more kernel logs, also use 'info->extack' for a message
emitted due to netlink operations instead (- David's comments).
Acked-by: default avatarJon Maloy <jmaloy@redhat.com>
Signed-off-by: default avatarTuong Lien <tuong.t.lien@dektech.com.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent cb589a55
...@@ -38,10 +38,10 @@ ...@@ -38,10 +38,10 @@
#include <crypto/aes.h> #include <crypto/aes.h>
#include "crypto.h" #include "crypto.h"
#define TIPC_TX_PROBE_LIM msecs_to_jiffies(1000) /* > 1s */ #define TIPC_TX_LASTING_TIME msecs_to_jiffies(10000) /* 10s */
#define TIPC_TX_LASTING_LIM msecs_to_jiffies(120000) /* 2 mins */
#define TIPC_RX_ACTIVE_LIM msecs_to_jiffies(3000) /* 3s */ #define TIPC_RX_ACTIVE_LIM msecs_to_jiffies(3000) /* 3s */
#define TIPC_RX_PASSIVE_LIM msecs_to_jiffies(180000) /* 3 mins */ #define TIPC_RX_PASSIVE_LIM msecs_to_jiffies(15000) /* 15s */
#define TIPC_MAX_TFMS_DEF 10 #define TIPC_MAX_TFMS_DEF 10
#define TIPC_MAX_TFMS_LIM 1000 #define TIPC_MAX_TFMS_LIM 1000
...@@ -144,7 +144,7 @@ struct tipc_aead { ...@@ -144,7 +144,7 @@ struct tipc_aead {
u32 salt; u32 salt;
u8 authsize; u8 authsize;
u8 mode; u8 mode;
char hint[TIPC_AEAD_HINT_LEN + 1]; char hint[2 * TIPC_AEAD_HINT_LEN + 1];
struct rcu_head rcu; struct rcu_head rcu;
atomic64_t seqno ____cacheline_aligned; atomic64_t seqno ____cacheline_aligned;
...@@ -168,9 +168,10 @@ struct tipc_crypto_stats { ...@@ -168,9 +168,10 @@ struct tipc_crypto_stats {
* @key: the key states * @key: the key states
* @working: the crypto is working or not * @working: the crypto is working or not
* @stats: the crypto statistics * @stats: the crypto statistics
* @name: the crypto name
* @sndnxt: the per-peer sndnxt (TX) * @sndnxt: the per-peer sndnxt (TX)
* @timer1: general timer 1 (jiffies) * @timer1: general timer 1 (jiffies)
* @timer2: general timer 1 (jiffies) * @timer2: general timer 2 (jiffies)
* @lock: tipc_key lock * @lock: tipc_key lock
*/ */
struct tipc_crypto { struct tipc_crypto {
...@@ -181,6 +182,7 @@ struct tipc_crypto { ...@@ -181,6 +182,7 @@ struct tipc_crypto {
struct tipc_key key; struct tipc_key key;
u8 working:1; u8 working:1;
struct tipc_crypto_stats __percpu *stats; struct tipc_crypto_stats __percpu *stats;
char name[48];
atomic64_t sndnxt ____cacheline_aligned; atomic64_t sndnxt ____cacheline_aligned;
unsigned long timer1; unsigned long timer1;
...@@ -239,18 +241,17 @@ static bool tipc_crypto_key_try_align(struct tipc_crypto *rx, u8 new_pending); ...@@ -239,18 +241,17 @@ static bool tipc_crypto_key_try_align(struct tipc_crypto *rx, u8 new_pending);
static struct tipc_aead *tipc_crypto_key_pick_tx(struct tipc_crypto *tx, static struct tipc_aead *tipc_crypto_key_pick_tx(struct tipc_crypto *tx,
struct tipc_crypto *rx, struct tipc_crypto *rx,
struct sk_buff *skb); struct sk_buff *skb);
static void tipc_crypto_key_synch(struct tipc_crypto *rx, u8 new_rx_active, static void tipc_crypto_key_synch(struct tipc_crypto *rx, struct sk_buff *skb);
struct tipc_msg *hdr);
static int tipc_crypto_key_revoke(struct net *net, u8 tx_key); static int tipc_crypto_key_revoke(struct net *net, u8 tx_key);
static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead, static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead,
struct tipc_bearer *b, struct tipc_bearer *b,
struct sk_buff **skb, int err); struct sk_buff **skb, int err);
static void tipc_crypto_do_cmd(struct net *net, int cmd); static void tipc_crypto_do_cmd(struct net *net, int cmd);
static char *tipc_crypto_key_dump(struct tipc_crypto *c, char *buf); static char *tipc_crypto_key_dump(struct tipc_crypto *c, char *buf);
#ifdef TIPC_CRYPTO_DEBUG
static char *tipc_key_change_dump(struct tipc_key old, struct tipc_key new, static char *tipc_key_change_dump(struct tipc_key old, struct tipc_key new,
char *buf); char *buf);
#endif #define is_tx(crypto) (!(crypto)->node)
#define is_rx(crypto) (!is_tx(crypto))
#define key_next(cur) ((cur) % KEY_MAX + 1) #define key_next(cur) ((cur) % KEY_MAX + 1)
...@@ -271,26 +272,30 @@ do { \ ...@@ -271,26 +272,30 @@ do { \
/** /**
* tipc_aead_key_validate - Validate a AEAD user key * tipc_aead_key_validate - Validate a AEAD user key
*/ */
int tipc_aead_key_validate(struct tipc_aead_key *ukey) int tipc_aead_key_validate(struct tipc_aead_key *ukey, struct genl_info *info)
{ {
int keylen; int keylen;
/* Check if algorithm exists */ /* Check if algorithm exists */
if (unlikely(!crypto_has_alg(ukey->alg_name, 0, 0))) { if (unlikely(!crypto_has_alg(ukey->alg_name, 0, 0))) {
pr_info("Not found cipher: \"%s\"!\n", ukey->alg_name); GENL_SET_ERR_MSG(info, "unable to load the algorithm (module existed?)");
return -ENODEV; return -ENODEV;
} }
/* Currently, we only support the "gcm(aes)" cipher algorithm */ /* Currently, we only support the "gcm(aes)" cipher algorithm */
if (strcmp(ukey->alg_name, "gcm(aes)")) if (strcmp(ukey->alg_name, "gcm(aes)")) {
GENL_SET_ERR_MSG(info, "not supported yet the algorithm");
return -ENOTSUPP; return -ENOTSUPP;
}
/* Check if key size is correct */ /* Check if key size is correct */
keylen = ukey->keylen - TIPC_AES_GCM_SALT_SIZE; keylen = ukey->keylen - TIPC_AES_GCM_SALT_SIZE;
if (unlikely(keylen != TIPC_AES_GCM_KEY_SIZE_128 && if (unlikely(keylen != TIPC_AES_GCM_KEY_SIZE_128 &&
keylen != TIPC_AES_GCM_KEY_SIZE_192 && keylen != TIPC_AES_GCM_KEY_SIZE_192 &&
keylen != TIPC_AES_GCM_KEY_SIZE_256)) keylen != TIPC_AES_GCM_KEY_SIZE_256)) {
return -EINVAL; GENL_SET_ERR_MSG(info, "incorrect key length (20, 28 or 36 octets?)");
return -EKEYREJECTED;
}
return 0; return 0;
} }
...@@ -501,9 +506,9 @@ static int tipc_aead_init(struct tipc_aead **aead, struct tipc_aead_key *ukey, ...@@ -501,9 +506,9 @@ static int tipc_aead_init(struct tipc_aead **aead, struct tipc_aead_key *ukey,
return err; return err;
} }
/* Copy some chars from the user key as a hint */ /* Form a hex string of some last bytes as the key's hint */
memcpy(tmp->hint, ukey->key, TIPC_AEAD_HINT_LEN); bin2hex(tmp->hint, ukey->key + keylen - TIPC_AEAD_HINT_LEN,
tmp->hint[TIPC_AEAD_HINT_LEN] = '\0'; TIPC_AEAD_HINT_LEN);
/* Initialize the other data */ /* Initialize the other data */
tmp->mode = mode; tmp->mode = mode;
...@@ -663,13 +668,11 @@ static int tipc_aead_encrypt(struct tipc_aead *aead, struct sk_buff *skb, ...@@ -663,13 +668,11 @@ static int tipc_aead_encrypt(struct tipc_aead *aead, struct sk_buff *skb,
* but there is no frag_list, it should be still fine! * but there is no frag_list, it should be still fine!
* Otherwise, we must cow it to be a writable buffer with the tailroom. * Otherwise, we must cow it to be a writable buffer with the tailroom.
*/ */
#ifdef TIPC_CRYPTO_DEBUG
SKB_LINEAR_ASSERT(skb); SKB_LINEAR_ASSERT(skb);
if (tailen > skb_tailroom(skb)) { if (tailen > skb_tailroom(skb)) {
pr_warn("TX: skb tailroom is not enough: %d, requires: %d\n", pr_debug("TX(): skb tailroom is not enough: %d, requires: %d\n",
skb_tailroom(skb), tailen); skb_tailroom(skb), tailen);
} }
#endif
if (unlikely(!skb_cloned(skb) && tailen <= skb_tailroom(skb))) { if (unlikely(!skb_cloned(skb) && tailen <= skb_tailroom(skb))) {
nsg = 1; nsg = 1;
...@@ -1019,23 +1022,16 @@ static inline void tipc_crypto_key_set_state(struct tipc_crypto *c, ...@@ -1019,23 +1022,16 @@ static inline void tipc_crypto_key_set_state(struct tipc_crypto *c,
u8 new_active, u8 new_active,
u8 new_pending) u8 new_pending)
{ {
#ifdef TIPC_CRYPTO_DEBUG
struct tipc_key old = c->key; struct tipc_key old = c->key;
char buf[32]; char buf[32];
#endif
c->key.keys = ((new_passive & KEY_MASK) << (KEY_BITS * 2)) | c->key.keys = ((new_passive & KEY_MASK) << (KEY_BITS * 2)) |
((new_active & KEY_MASK) << (KEY_BITS)) | ((new_active & KEY_MASK) << (KEY_BITS)) |
((new_pending & KEY_MASK)); ((new_pending & KEY_MASK));
#ifdef TIPC_CRYPTO_DEBUG pr_debug("%s: key changing %s ::%pS\n", c->name,
pr_info("%s(%s): key changing %s ::%pS\n",
(c->node) ? "RX" : "TX",
(c->node) ? tipc_node_get_id_str(c->node) :
tipc_own_id_string(c->net),
tipc_key_change_dump(old, c->key, buf), tipc_key_change_dump(old, c->key, buf),
__builtin_return_address(0)); __builtin_return_address(0));
#endif
} }
/** /**
...@@ -1065,12 +1061,6 @@ int tipc_crypto_key_init(struct tipc_crypto *c, struct tipc_aead_key *ukey, ...@@ -1065,12 +1061,6 @@ int tipc_crypto_key_init(struct tipc_crypto *c, struct tipc_aead_key *ukey,
tipc_aead_free(&aead->rcu); tipc_aead_free(&aead->rcu);
} }
pr_info("%s(%s): key initiating, rc %d!\n",
(c->node) ? "RX" : "TX",
(c->node) ? tipc_node_get_id_str(c->node) :
tipc_own_id_string(c->net),
rc);
return rc; return rc;
} }
...@@ -1085,49 +1075,42 @@ int tipc_crypto_key_init(struct tipc_crypto *c, struct tipc_aead_key *ukey, ...@@ -1085,49 +1075,42 @@ int tipc_crypto_key_init(struct tipc_crypto *c, struct tipc_aead_key *ukey,
static int tipc_crypto_key_attach(struct tipc_crypto *c, static int tipc_crypto_key_attach(struct tipc_crypto *c,
struct tipc_aead *aead, u8 pos) struct tipc_aead *aead, u8 pos)
{ {
u8 new_pending, new_passive, new_key;
struct tipc_key key; struct tipc_key key;
int rc = -EBUSY; int rc = -EBUSY;
u8 new_key;
spin_lock_bh(&c->lock); spin_lock_bh(&c->lock);
key = c->key; key = c->key;
if (key.active && key.passive) if (key.active && key.passive)
goto exit; goto exit;
if (key.passive && !tipc_aead_users(c->aead[key.passive]))
goto exit;
if (key.pending) { if (key.pending) {
if (pos)
goto exit;
if (tipc_aead_users(c->aead[key.pending]) > 0) if (tipc_aead_users(c->aead[key.pending]) > 0)
goto exit; goto exit;
/* if (pos): ok with replacing, will be aligned when needed */
/* Replace it */ /* Replace it */
new_pending = key.pending; new_key = key.pending;
new_passive = key.passive;
new_key = new_pending;
} else { } else {
if (pos) { if (pos) {
if (key.active && pos != key_next(key.active)) { if (key.active && pos != key_next(key.active)) {
new_pending = key.pending; key.passive = pos;
new_passive = pos; new_key = pos;
new_key = new_passive;
goto attach; goto attach;
} else if (!key.active && !key.passive) { } else if (!key.active && !key.passive) {
new_pending = pos; key.pending = pos;
new_passive = key.passive; new_key = pos;
new_key = new_pending;
goto attach; goto attach;
} }
} }
new_pending = key_next(key.active ?: key.passive); key.pending = key_next(key.active ?: key.passive);
new_passive = key.passive; new_key = key.pending;
new_key = new_pending;
} }
attach: attach:
aead->crypto = c; aead->crypto = c;
tipc_crypto_key_set_state(c, new_passive, key.active, new_pending);
tipc_aead_rcu_replace(c->aead[new_key], aead, &c->lock); tipc_aead_rcu_replace(c->aead[new_key], aead, &c->lock);
if (likely(c->key.keys != key.keys))
tipc_crypto_key_set_state(c, key.passive, key.active,
key.pending);
c->working = 1; c->working = 1;
c->timer1 = jiffies; c->timer1 = jiffies;
c->timer2 = jiffies; c->timer2 = jiffies;
...@@ -1206,7 +1189,8 @@ static bool tipc_crypto_key_try_align(struct tipc_crypto *rx, u8 new_pending) ...@@ -1206,7 +1189,8 @@ static bool tipc_crypto_key_try_align(struct tipc_crypto *rx, u8 new_pending)
rcu_assign_pointer(rx->aead[new_passive], tmp2); rcu_assign_pointer(rx->aead[new_passive], tmp2);
refcount_set(&tmp1->refcnt, 1); refcount_set(&tmp1->refcnt, 1);
aligned = true; aligned = true;
pr_info("RX(%s): key is aligned!\n", tipc_node_get_id_str(rx->node)); pr_info_ratelimited("%s: key[%d] -> key[%d]\n", rx->name, key.pending,
new_pending);
exit: exit:
spin_unlock(&rx->lock); spin_unlock(&rx->lock);
...@@ -1276,8 +1260,7 @@ static struct tipc_aead *tipc_crypto_key_pick_tx(struct tipc_crypto *tx, ...@@ -1276,8 +1260,7 @@ static struct tipc_aead *tipc_crypto_key_pick_tx(struct tipc_crypto *tx,
/** /**
* tipc_crypto_key_synch: Synch own key data according to peer key status * tipc_crypto_key_synch: Synch own key data according to peer key status
* @rx: RX crypto handle * @rx: RX crypto handle
* @new_rx_active: latest RX active key from peer * @skb: TIPCv2 message buffer (incl. the ehdr from peer)
* @hdr: TIPCv2 message
* *
* This function updates the peer node related data as the peer RX active key * This function updates the peer node related data as the peer RX active key
* has changed, so the number of TX keys' users on this node are increased and * has changed, so the number of TX keys' users on this node are increased and
...@@ -1285,44 +1268,35 @@ static struct tipc_aead *tipc_crypto_key_pick_tx(struct tipc_crypto *tx, ...@@ -1285,44 +1268,35 @@ static struct tipc_aead *tipc_crypto_key_pick_tx(struct tipc_crypto *tx,
* *
* The "per-peer" sndnxt is also reset when the peer key has switched. * The "per-peer" sndnxt is also reset when the peer key has switched.
*/ */
static void tipc_crypto_key_synch(struct tipc_crypto *rx, u8 new_rx_active, static void tipc_crypto_key_synch(struct tipc_crypto *rx, struct sk_buff *skb)
struct tipc_msg *hdr)
{ {
struct net *net = rx->net; struct tipc_ehdr *ehdr = (struct tipc_ehdr *)skb_network_header(skb);
struct tipc_crypto *tx = tipc_net(net)->crypto_tx; struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx;
u8 cur_rx_active; struct tipc_msg *hdr = buf_msg(skb);
u32 self = tipc_own_addr(rx->net);
/* TX might be even not ready yet */ u8 cur, new;
if (unlikely(!tx->key.active && !tx->key.pending))
return;
cur_rx_active = atomic_read(&rx->peer_rx_active);
if (likely(cur_rx_active == new_rx_active))
return;
/* Make sure this message destined for this node */ /* Ensure this message is destined to us first */
if (unlikely(msg_short(hdr) || if (!ehdr->destined || msg_short(hdr) || msg_destnode(hdr) != self)
msg_destnode(hdr) != tipc_own_addr(net)))
return; return;
/* Peer RX active key has changed, try to update owns' & TX users */ /* Peer RX active key has changed, let's update own TX users */
if (atomic_cmpxchg(&rx->peer_rx_active, cur = atomic_read(&rx->peer_rx_active);
cur_rx_active, new = ehdr->rx_key_active;
new_rx_active) == cur_rx_active) { if (tx->key.keys &&
if (new_rx_active) cur != new &&
tipc_aead_users_inc(tx->aead[new_rx_active], INT_MAX); atomic_cmpxchg(&rx->peer_rx_active, cur, new) == cur) {
if (cur_rx_active) if (new)
tipc_aead_users_dec(tx->aead[cur_rx_active], 0); tipc_aead_users_inc(tx->aead[new], INT_MAX);
if (cur)
tipc_aead_users_dec(tx->aead[cur], 0);
atomic64_set(&rx->sndnxt, 0); atomic64_set(&rx->sndnxt, 0);
/* Mark the point TX key users changed */ /* Mark the point TX key users changed */
tx->timer1 = jiffies; tx->timer1 = jiffies;
#ifdef TIPC_CRYPTO_DEBUG pr_debug("%s: key users changed %d-- %d++, peer %s\n",
pr_info("TX(%s): key users changed %d-- %d++, peer RX(%s)\n", tx->name, cur, new, rx->name);
tipc_own_id_string(net), cur_rx_active,
new_rx_active, tipc_node_get_id_str(rx->node));
#endif
} }
} }
...@@ -1340,7 +1314,7 @@ static int tipc_crypto_key_revoke(struct net *net, u8 tx_key) ...@@ -1340,7 +1314,7 @@ static int tipc_crypto_key_revoke(struct net *net, u8 tx_key)
tipc_crypto_key_detach(tx->aead[key.active], &tx->lock); tipc_crypto_key_detach(tx->aead[key.active], &tx->lock);
spin_unlock(&tx->lock); spin_unlock(&tx->lock);
pr_warn("TX(%s): key is revoked!\n", tipc_own_id_string(net)); pr_warn("%s: key is revoked\n", tx->name);
return -EKEYREVOKED; return -EKEYREVOKED;
} }
...@@ -1373,25 +1347,26 @@ int tipc_crypto_start(struct tipc_crypto **crypto, struct net *net, ...@@ -1373,25 +1347,26 @@ int tipc_crypto_start(struct tipc_crypto **crypto, struct net *net,
c->timer1 = jiffies; c->timer1 = jiffies;
c->timer2 = jiffies; c->timer2 = jiffies;
spin_lock_init(&c->lock); spin_lock_init(&c->lock);
*crypto = c; scnprintf(c->name, 48, "%s(%s)", (is_rx(c)) ? "RX" : "TX",
(is_rx(c)) ? tipc_node_get_id_str(c->node) :
tipc_own_id_string(c->net));
*crypto = c;
return 0; return 0;
} }
void tipc_crypto_stop(struct tipc_crypto **crypto) void tipc_crypto_stop(struct tipc_crypto **crypto)
{ {
struct tipc_crypto *c, *tx, *rx; struct tipc_crypto *c = *crypto, *tx, *rx;
bool is_rx;
u8 k; u8 k;
if (!*crypto) if (!c)
return; return;
rcu_read_lock(); rcu_read_lock();
/* RX stopping? => decrease TX key users if any */ /* RX stopping? => decrease TX key users if any */
is_rx = !!((*crypto)->node); if (is_rx(c)) {
if (is_rx) { rx = c;
rx = *crypto;
tx = tipc_net(rx->net)->crypto_tx; tx = tipc_net(rx->net)->crypto_tx;
k = atomic_read(&rx->peer_rx_active); k = atomic_read(&rx->peer_rx_active);
if (k) { if (k) {
...@@ -1402,15 +1377,10 @@ void tipc_crypto_stop(struct tipc_crypto **crypto) ...@@ -1402,15 +1377,10 @@ void tipc_crypto_stop(struct tipc_crypto **crypto)
} }
/* Release AEAD keys */ /* Release AEAD keys */
c = *crypto;
for (k = KEY_MIN; k <= KEY_MAX; k++) for (k = KEY_MIN; k <= KEY_MAX; k++)
tipc_aead_put(rcu_dereference(c->aead[k])); tipc_aead_put(rcu_dereference(c->aead[k]));
rcu_read_unlock(); rcu_read_unlock();
pr_debug("%s: has been stopped\n", c->name);
pr_warn("%s(%s) has been purged, node left!\n",
(is_rx) ? "RX" : "TX",
(is_rx) ? tipc_node_get_id_str((*crypto)->node) :
tipc_own_id_string((*crypto)->net));
/* Free this crypto statistics */ /* Free this crypto statistics */
free_percpu(c->stats); free_percpu(c->stats);
...@@ -1424,102 +1394,81 @@ void tipc_crypto_timeout(struct tipc_crypto *rx) ...@@ -1424,102 +1394,81 @@ void tipc_crypto_timeout(struct tipc_crypto *rx)
struct tipc_net *tn = tipc_net(rx->net); struct tipc_net *tn = tipc_net(rx->net);
struct tipc_crypto *tx = tn->crypto_tx; struct tipc_crypto *tx = tn->crypto_tx;
struct tipc_key key; struct tipc_key key;
u8 new_pending, new_passive;
int cmd; int cmd;
/* TX key activating: /* TX pending: taking all users & stable -> active */
* The pending key (users > 0) -> active
* The active key if any (users == 0) -> free
*/
spin_lock(&tx->lock); spin_lock(&tx->lock);
key = tx->key; key = tx->key;
if (key.active && tipc_aead_users(tx->aead[key.active]) > 0) if (key.active && tipc_aead_users(tx->aead[key.active]) > 0)
goto s1; goto s1;
if (!key.pending || tipc_aead_users(tx->aead[key.pending]) <= 0) if (!key.pending || tipc_aead_users(tx->aead[key.pending]) <= 0)
goto s1; goto s1;
if (time_before(jiffies, tx->timer1 + TIPC_TX_LASTING_LIM)) if (time_before(jiffies, tx->timer1 + TIPC_TX_LASTING_TIME))
goto s1; goto s1;
tipc_crypto_key_set_state(tx, key.passive, key.pending, 0); tipc_crypto_key_set_state(tx, key.passive, key.pending, 0);
if (key.active) if (key.active)
tipc_crypto_key_detach(tx->aead[key.active], &tx->lock); tipc_crypto_key_detach(tx->aead[key.active], &tx->lock);
this_cpu_inc(tx->stats->stat[STAT_SWITCHES]); this_cpu_inc(tx->stats->stat[STAT_SWITCHES]);
pr_info("TX(%s): key %d is activated!\n", tipc_own_id_string(tx->net), pr_info("%s: key[%d] is activated\n", tx->name, key.pending);
key.pending);
s1: s1:
spin_unlock(&tx->lock); spin_unlock(&tx->lock);
/* RX key activating: /* RX pending: having user -> active */
* The pending key (users > 0) -> active
* The active key if any -> passive, freed later
*/
spin_lock(&rx->lock); spin_lock(&rx->lock);
key = rx->key; key = rx->key;
if (!key.pending || tipc_aead_users(rx->aead[key.pending]) <= 0) if (!key.pending || tipc_aead_users(rx->aead[key.pending]) <= 0)
goto s2; goto s2;
new_pending = (key.passive && if (key.active)
!tipc_aead_users(rx->aead[key.passive])) ? key.passive = key.active;
key.passive : 0; key.active = key.pending;
new_passive = (key.active) ?: ((new_pending) ? 0 : key.passive); rx->timer2 = jiffies;
tipc_crypto_key_set_state(rx, new_passive, key.pending, new_pending); tipc_crypto_key_set_state(rx, key.passive, key.active, 0);
this_cpu_inc(rx->stats->stat[STAT_SWITCHES]); this_cpu_inc(rx->stats->stat[STAT_SWITCHES]);
pr_info("RX(%s): key %d is activated!\n", pr_info("%s: key[%d] is activated\n", rx->name, key.pending);
tipc_node_get_id_str(rx->node), key.pending);
goto s5; goto s5;
s2: s2:
/* RX key "faulty" switching: /* RX pending: not working -> remove */
* The faulty pending key (users < -30) -> passive if (!key.pending || tipc_aead_users(rx->aead[key.pending]) > -10)
* The passive key (users = 0) -> pending
* Note: This only happens after RX deactivated - s3!
*/
key = rx->key;
if (!key.pending || tipc_aead_users(rx->aead[key.pending]) > -30)
goto s3;
if (!key.passive || tipc_aead_users(rx->aead[key.passive]) != 0)
goto s3; goto s3;
new_pending = key.passive; tipc_crypto_key_set_state(rx, key.passive, key.active, 0);
new_passive = key.pending; tipc_crypto_key_detach(rx->aead[key.pending], &rx->lock);
tipc_crypto_key_set_state(rx, new_passive, key.active, new_pending); pr_debug("%s: key[%d] is removed\n", rx->name, key.pending);
goto s5; goto s5;
s3: s3:
/* RX key deactivating: /* RX active: timed out or no user -> pending */
* The passive key if any -> pending
* The active key -> passive (users = 0) / pending
* The pending key if any -> passive (users = 0)
*/
key = rx->key;
if (!key.active) if (!key.active)
goto s4; goto s4;
if (time_before(jiffies, rx->timer1 + TIPC_RX_ACTIVE_LIM)) if (time_before(jiffies, rx->timer1 + TIPC_RX_ACTIVE_LIM) &&
tipc_aead_users(rx->aead[key.active]) > 0)
goto s4; goto s4;
new_pending = (key.passive) ?: key.active; if (key.pending)
new_passive = (key.passive) ? key.active : key.pending; key.passive = key.active;
tipc_aead_users_set(rx->aead[new_pending], 0); else
if (new_passive) key.pending = key.active;
tipc_aead_users_set(rx->aead[new_passive], 0); rx->timer2 = jiffies;
tipc_crypto_key_set_state(rx, new_passive, 0, new_pending); tipc_crypto_key_set_state(rx, key.passive, 0, key.pending);
pr_info("RX(%s): key %d is deactivated!\n", tipc_aead_users_set(rx->aead[key.pending], 0);
tipc_node_get_id_str(rx->node), key.active); pr_debug("%s: key[%d] is deactivated\n", rx->name, key.active);
goto s5; goto s5;
s4: s4:
/* RX key passive -> freed: */ /* RX passive: outdated or not working -> free */
key = rx->key; if (!key.passive)
if (!key.passive || !tipc_aead_users(rx->aead[key.passive]))
goto s5; goto s5;
if (time_before(jiffies, rx->timer2 + TIPC_RX_PASSIVE_LIM)) if (time_before(jiffies, rx->timer2 + TIPC_RX_PASSIVE_LIM) &&
tipc_aead_users(rx->aead[key.passive]) > -10)
goto s5; goto s5;
tipc_crypto_key_set_state(rx, 0, key.active, key.pending); tipc_crypto_key_set_state(rx, 0, key.active, key.pending);
tipc_crypto_key_detach(rx->aead[key.passive], &rx->lock); tipc_crypto_key_detach(rx->aead[key.passive], &rx->lock);
pr_info("RX(%s): key %d is freed!\n", tipc_node_get_id_str(rx->node), pr_debug("%s: key[%d] is freed\n", rx->name, key.passive);
key.passive);
s5: s5:
spin_unlock(&rx->lock); spin_unlock(&rx->lock);
...@@ -1562,10 +1511,12 @@ int tipc_crypto_xmit(struct net *net, struct sk_buff **skb, ...@@ -1562,10 +1511,12 @@ int tipc_crypto_xmit(struct net *net, struct sk_buff **skb,
struct tipc_crypto *__rx = tipc_node_crypto_rx(__dnode); struct tipc_crypto *__rx = tipc_node_crypto_rx(__dnode);
struct tipc_crypto *tx = tipc_net(net)->crypto_tx; struct tipc_crypto *tx = tipc_net(net)->crypto_tx;
struct tipc_crypto_stats __percpu *stats = tx->stats; struct tipc_crypto_stats __percpu *stats = tx->stats;
struct tipc_msg *hdr = buf_msg(*skb);
struct tipc_key key = tx->key; struct tipc_key key = tx->key;
struct tipc_aead *aead = NULL; struct tipc_aead *aead = NULL;
struct sk_buff *probe; struct sk_buff *_skb;
int rc = -ENOKEY; int rc = -ENOKEY;
u32 user = msg_user(hdr);
u8 tx_key; u8 tx_key;
/* No encryption? */ /* No encryption? */
...@@ -1583,17 +1534,18 @@ int tipc_crypto_xmit(struct net *net, struct sk_buff **skb, ...@@ -1583,17 +1534,18 @@ int tipc_crypto_xmit(struct net *net, struct sk_buff **skb,
goto encrypt; goto encrypt;
if (__rx && atomic_read(&__rx->peer_rx_active) == tx_key) if (__rx && atomic_read(&__rx->peer_rx_active) == tx_key)
goto encrypt; goto encrypt;
if (TIPC_SKB_CB(*skb)->probe) if (TIPC_SKB_CB(*skb)->probe) {
pr_debug("%s: probing for key[%d]\n", tx->name,
key.pending);
goto encrypt; goto encrypt;
if (!__rx && }
time_after(jiffies, tx->timer2 + TIPC_TX_PROBE_LIM)) { if (user == LINK_CONFIG || user == LINK_PROTOCOL) {
tx->timer2 = jiffies; _skb = skb_clone(*skb, GFP_ATOMIC);
probe = skb_clone(*skb, GFP_ATOMIC); if (_skb) {
if (probe) { TIPC_SKB_CB(_skb)->probe = 1;
TIPC_SKB_CB(probe)->probe = 1; tipc_crypto_xmit(net, &_skb, b, dst, __dnode);
tipc_crypto_xmit(net, &probe, b, dst, __dnode); if (_skb)
if (probe) b->media->send_msg(net, _skb, b, dst);
b->media->send_msg(net, probe, b, dst);
} }
} }
} }
...@@ -1675,22 +1627,12 @@ int tipc_crypto_rcv(struct net *net, struct tipc_crypto *rx, ...@@ -1675,22 +1627,12 @@ int tipc_crypto_rcv(struct net *net, struct tipc_crypto *rx,
if (unlikely(!rx)) if (unlikely(!rx))
goto pick_tx; goto pick_tx;
/* Pick RX key according to TX key, three cases are possible:
* 1) The current active key (likely) or;
* 2) The pending (new or deactivated) key (if any) or;
* 3) The passive or old active key (i.e. users > 0);
*/
tx_key = ((struct tipc_ehdr *)(*skb)->data)->tx_key; tx_key = ((struct tipc_ehdr *)(*skb)->data)->tx_key;
/* Pick RX key according to TX key if any */
key = rx->key; key = rx->key;
if (likely(tx_key == key.active)) if (tx_key == key.active || tx_key == key.pending ||
goto decrypt; tx_key == key.passive)
if (tx_key == key.pending)
goto decrypt; goto decrypt;
if (tx_key == key.passive) {
rx->timer2 = jiffies;
if (tipc_aead_users(rx->aead[key.passive]) > 0)
goto decrypt;
}
/* Unknown key, let's try to align RX key(s) */ /* Unknown key, let's try to align RX key(s) */
if (tipc_crypto_key_try_align(rx, tx_key)) if (tipc_crypto_key_try_align(rx, tx_key))
...@@ -1749,21 +1691,17 @@ static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead, ...@@ -1749,21 +1691,17 @@ static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead,
struct tipc_aead *tmp = NULL; struct tipc_aead *tmp = NULL;
struct tipc_ehdr *ehdr; struct tipc_ehdr *ehdr;
struct tipc_node *n; struct tipc_node *n;
u8 rx_key_active;
bool destined;
/* Is this completed by TX? */ /* Is this completed by TX? */
if (unlikely(!rx->node)) { if (unlikely(is_tx(aead->crypto))) {
rx = skb_cb->tx_clone_ctx.rx; rx = skb_cb->tx_clone_ctx.rx;
#ifdef TIPC_CRYPTO_DEBUG pr_debug("TX->RX(%s): err %d, aead %p, skb->next %p, flags %x\n",
pr_info("TX->RX(%s): err %d, aead %p, skb->next %p, flags %x\n",
(rx) ? tipc_node_get_id_str(rx->node) : "-", err, aead, (rx) ? tipc_node_get_id_str(rx->node) : "-", err, aead,
(*skb)->next, skb_cb->flags); (*skb)->next, skb_cb->flags);
pr_info("skb_cb [recurs %d, last %p], tx->aead [%p %p %p]\n", pr_debug("skb_cb [recurs %d, last %p], tx->aead [%p %p %p]\n",
skb_cb->tx_clone_ctx.recurs, skb_cb->tx_clone_ctx.last, skb_cb->tx_clone_ctx.recurs, skb_cb->tx_clone_ctx.last,
aead->crypto->aead[1], aead->crypto->aead[2], aead->crypto->aead[1], aead->crypto->aead[2],
aead->crypto->aead[3]); aead->crypto->aead[3]);
#endif
if (unlikely(err)) { if (unlikely(err)) {
if (err == -EBADMSG && (*skb)->next) if (err == -EBADMSG && (*skb)->next)
tipc_rcv(net, (*skb)->next, b); tipc_rcv(net, (*skb)->next, b);
...@@ -1784,9 +1722,6 @@ static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead, ...@@ -1784,9 +1722,6 @@ static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead,
goto free_skb; goto free_skb;
} }
/* Skip cloning this time as we had a RX pending key */
if (rx->key.pending)
goto rcv;
if (tipc_aead_clone(&tmp, aead) < 0) if (tipc_aead_clone(&tmp, aead) < 0)
goto rcv; goto rcv;
if (tipc_crypto_key_attach(rx, tmp, ehdr->tx_key) < 0) { if (tipc_crypto_key_attach(rx, tmp, ehdr->tx_key) < 0) {
...@@ -1811,8 +1746,12 @@ static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead, ...@@ -1811,8 +1746,12 @@ static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead,
/* Remove ehdr & auth. tag prior to tipc_rcv() */ /* Remove ehdr & auth. tag prior to tipc_rcv() */
ehdr = (struct tipc_ehdr *)(*skb)->data; ehdr = (struct tipc_ehdr *)(*skb)->data;
destined = ehdr->destined;
rx_key_active = ehdr->rx_key_active; /* Mark this point, RX passive still works */
if (rx->key.passive && ehdr->tx_key == rx->key.passive)
rx->timer2 = jiffies;
skb_reset_network_header(*skb);
skb_pull(*skb, tipc_ehdr_size(ehdr)); skb_pull(*skb, tipc_ehdr_size(ehdr));
pskb_trim(*skb, (*skb)->len - aead->authsize); pskb_trim(*skb, (*skb)->len - aead->authsize);
...@@ -1822,9 +1761,8 @@ static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead, ...@@ -1822,9 +1761,8 @@ static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead,
goto free_skb; goto free_skb;
} }
/* Update peer RX active key & TX users */ /* Ok, everything's fine, try to synch own keys according to peers' */
if (destined) tipc_crypto_key_synch(rx, *skb);
tipc_crypto_key_synch(rx, rx_key_active, buf_msg(*skb));
/* Mark skb decrypted */ /* Mark skb decrypted */
skb_cb->decrypted = 1; skb_cb->decrypted = 1;
...@@ -1883,7 +1821,7 @@ static void tipc_crypto_do_cmd(struct net *net, int cmd) ...@@ -1883,7 +1821,7 @@ static void tipc_crypto_do_cmd(struct net *net, int cmd)
/* Print crypto statistics */ /* Print crypto statistics */
for (i = 0, j = 0; i < MAX_STATS; i++) for (i = 0, j = 0; i < MAX_STATS; i++)
j += scnprintf(buf + j, 200 - j, "|%11s ", hstats[i]); j += scnprintf(buf + j, 200 - j, "|%11s ", hstats[i]);
pr_info("\nCounter %s", buf); pr_info("Counter %s", buf);
memset(buf, '-', 115); memset(buf, '-', 115);
buf[115] = '\0'; buf[115] = '\0';
...@@ -1941,7 +1879,7 @@ static char *tipc_crypto_key_dump(struct tipc_crypto *c, char *buf) ...@@ -1941,7 +1879,7 @@ static char *tipc_crypto_key_dump(struct tipc_crypto *c, char *buf)
aead = rcu_dereference(c->aead[k]); aead = rcu_dereference(c->aead[k]);
if (aead) if (aead)
i += scnprintf(buf + i, 200 - i, i += scnprintf(buf + i, 200 - i,
"{\"%s...\", \"%s\"}/%d:%d", "{\"0x...%s\", \"%s\"}/%d:%d",
aead->hint, aead->hint,
(aead->mode == CLUSTER_KEY) ? "c" : "p", (aead->mode == CLUSTER_KEY) ? "c" : "p",
atomic_read(&aead->users), atomic_read(&aead->users),
...@@ -1950,14 +1888,13 @@ static char *tipc_crypto_key_dump(struct tipc_crypto *c, char *buf) ...@@ -1950,14 +1888,13 @@ static char *tipc_crypto_key_dump(struct tipc_crypto *c, char *buf)
i += scnprintf(buf + i, 200 - i, "\n"); i += scnprintf(buf + i, 200 - i, "\n");
} }
if (c->node) if (is_rx(c))
i += scnprintf(buf + i, 200 - i, "\tPeer RX active: %d\n", i += scnprintf(buf + i, 200 - i, "\tPeer RX active: %d\n",
atomic_read(&c->peer_rx_active)); atomic_read(&c->peer_rx_active));
return buf; return buf;
} }
#ifdef TIPC_CRYPTO_DEBUG
static char *tipc_key_change_dump(struct tipc_key old, struct tipc_key new, static char *tipc_key_change_dump(struct tipc_key old, struct tipc_key new,
char *buf) char *buf)
{ {
...@@ -1988,4 +1925,3 @@ static char *tipc_key_change_dump(struct tipc_key old, struct tipc_key new, ...@@ -1988,4 +1925,3 @@ static char *tipc_key_change_dump(struct tipc_key old, struct tipc_key new,
i += scnprintf(buf + i, 32 - i, "]"); i += scnprintf(buf + i, 32 - i, "]");
return buf; return buf;
} }
#endif
...@@ -160,7 +160,7 @@ int tipc_crypto_rcv(struct net *net, struct tipc_crypto *rx, ...@@ -160,7 +160,7 @@ int tipc_crypto_rcv(struct net *net, struct tipc_crypto *rx,
int tipc_crypto_key_init(struct tipc_crypto *c, struct tipc_aead_key *ukey, int tipc_crypto_key_init(struct tipc_crypto *c, struct tipc_aead_key *ukey,
u8 mode); u8 mode);
void tipc_crypto_key_flush(struct tipc_crypto *c); void tipc_crypto_key_flush(struct tipc_crypto *c);
int tipc_aead_key_validate(struct tipc_aead_key *ukey); int tipc_aead_key_validate(struct tipc_aead_key *ukey, struct genl_info *info);
bool tipc_ehdr_validate(struct sk_buff *skb); bool tipc_ehdr_validate(struct sk_buff *skb);
#endif /* _TIPC_CRYPTO_H */ #endif /* _TIPC_CRYPTO_H */
......
...@@ -2872,11 +2872,10 @@ static int __tipc_nl_node_set_key(struct sk_buff *skb, struct genl_info *info) ...@@ -2872,11 +2872,10 @@ static int __tipc_nl_node_set_key(struct sk_buff *skb, struct genl_info *info)
{ {
struct nlattr *attrs[TIPC_NLA_NODE_MAX + 1]; struct nlattr *attrs[TIPC_NLA_NODE_MAX + 1];
struct net *net = sock_net(skb->sk); struct net *net = sock_net(skb->sk);
struct tipc_net *tn = tipc_net(net); struct tipc_crypto *tx = tipc_net(net)->crypto_tx, *c = tx;
struct tipc_node *n = NULL; struct tipc_node *n = NULL;
struct tipc_aead_key *ukey; struct tipc_aead_key *ukey;
struct tipc_crypto *c; u8 *id, *own_id, mode;
u8 *id, *own_id;
int rc = 0; int rc = 0;
if (!info->attrs[TIPC_NLA_NODE]) if (!info->attrs[TIPC_NLA_NODE])
...@@ -2886,52 +2885,52 @@ static int __tipc_nl_node_set_key(struct sk_buff *skb, struct genl_info *info) ...@@ -2886,52 +2885,52 @@ static int __tipc_nl_node_set_key(struct sk_buff *skb, struct genl_info *info)
info->attrs[TIPC_NLA_NODE], info->attrs[TIPC_NLA_NODE],
tipc_nl_node_policy, info->extack); tipc_nl_node_policy, info->extack);
if (rc) if (rc)
goto exit; return rc;
own_id = tipc_own_id(net); own_id = tipc_own_id(net);
if (!own_id) { if (!own_id) {
rc = -EPERM; GENL_SET_ERR_MSG(info, "not found own node identity (set id?)");
goto exit; return -EPERM;
} }
rc = tipc_nl_retrieve_key(attrs, &ukey); rc = tipc_nl_retrieve_key(attrs, &ukey);
if (rc) if (rc)
goto exit; return rc;
rc = tipc_aead_key_validate(ukey); rc = tipc_aead_key_validate(ukey, info);
if (rc) if (rc)
goto exit; return rc;
rc = tipc_nl_retrieve_nodeid(attrs, &id); rc = tipc_nl_retrieve_nodeid(attrs, &id);
switch (rc) { switch (rc) {
case -ENODATA: case -ENODATA:
/* Cluster key mode */ mode = CLUSTER_KEY;
rc = tipc_crypto_key_init(tn->crypto_tx, ukey, CLUSTER_KEY);
break; break;
case 0: case 0:
/* Per-node key mode */ mode = PER_NODE_KEY;
if (!memcmp(id, own_id, NODE_ID_LEN)) { if (memcmp(id, own_id, NODE_ID_LEN)) {
c = tn->crypto_tx;
} else {
n = tipc_node_find_by_id(net, id) ?: n = tipc_node_find_by_id(net, id) ?:
tipc_node_create(net, 0, id, 0xffffu, 0, true); tipc_node_create(net, 0, id, 0xffffu, 0, true);
if (unlikely(!n)) { if (unlikely(!n))
rc = -ENOMEM; return -ENOMEM;
break;
}
c = n->crypto_rx; c = n->crypto_rx;
} }
break;
default:
return rc;
}
rc = tipc_crypto_key_init(c, ukey, PER_NODE_KEY); /* Initiate the TX/RX key */
rc = tipc_crypto_key_init(c, ukey, mode);
if (n) if (n)
tipc_node_put(n); tipc_node_put(n);
break;
default: if (rc < 0) {
break; GENL_SET_ERR_MSG(info, "unable to initiate or attach new key");
return rc;
} }
exit: return 0;
return (rc < 0) ? rc : 0;
} }
int tipc_nl_node_set_key(struct sk_buff *skb, struct genl_info *info) int tipc_nl_node_set_key(struct sk_buff *skb, struct genl_info *info)
...@@ -2958,7 +2957,6 @@ static int __tipc_nl_node_flush_key(struct sk_buff *skb, ...@@ -2958,7 +2957,6 @@ static int __tipc_nl_node_flush_key(struct sk_buff *skb,
tipc_crypto_key_flush(n->crypto_rx); tipc_crypto_key_flush(n->crypto_rx);
rcu_read_unlock(); rcu_read_unlock();
pr_info("All keys are flushed!\n");
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment