tcp: add support to TCP_FASTOPEN_KEY for optional backup key

Add support for get/set of an optional backup key via TCP_FASTOPEN_KEY, in
addition to the current 'primary' key. The primary key is used to encrypt
and decrypt TFO cookies, while the backup is only used to decrypt TFO
cookies. The backup key is used to maximize successful TFO connections when
TFO keys are rotated.

Currently, TCP_FASTOPEN_KEY allows a single 16-byte primary key to be set.
This patch now allows a 32-byte value to be set, where the first 16 bytes
are used as the primary key and the second 16 bytes are used for the backup
key. Similarly, for getsockopt(), we can receive a 32-byte value as output
if requested. If a 16-byte value is used to set the primary key via
TCP_FASTOPEN_KEY, then any previously set backup key will be removed.

Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index bca51a351b0e3e7fd662d5dfe90336903103ef7e..27ce13ece510363143b09acfcde8620d4dcc1c58 100644 (file)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2790,16 +2790,24 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
                return err;
        }
        case TCP_FASTOPEN_KEY: {
-               __u8 key[TCP_FASTOPEN_KEY_LENGTH];
+               __u8 key[TCP_FASTOPEN_KEY_BUF_LENGTH];
+               __u8 *backup_key = NULL;
 
-               if (optlen != sizeof(key))
+               /* Allow a backup key as well to facilitate key rotation
+                * First key is the active one.
+                */
+               if (optlen != TCP_FASTOPEN_KEY_LENGTH &&
+                   optlen != TCP_FASTOPEN_KEY_BUF_LENGTH)
                        return -EINVAL;
 
                if (copy_from_user(key, optval, optlen))
                        return -EFAULT;
 
-               return tcp_fastopen_reset_cipher(net, sk, key, NULL,
-                                                sizeof(key));
+               if (optlen == TCP_FASTOPEN_KEY_BUF_LENGTH)
+                       backup_key = key + TCP_FASTOPEN_KEY_LENGTH;
+
+               return tcp_fastopen_reset_cipher(net, sk, key, backup_key,
+                                                TCP_FASTOPEN_KEY_LENGTH);
        }
        default:
                /* fallthru */
@@ -3453,21 +3461,23 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
                return 0;
 
        case TCP_FASTOPEN_KEY: {
-               __u8 key[TCP_FASTOPEN_KEY_LENGTH];
+               __u8 key[TCP_FASTOPEN_KEY_BUF_LENGTH];
                struct tcp_fastopen_context *ctx;
+               unsigned int key_len = 0;
 
                if (get_user(len, optlen))
                        return -EFAULT;
 
                rcu_read_lock();
                ctx = rcu_dereference(icsk->icsk_accept_queue.fastopenq.ctx);
-               if (ctx)
-                       memcpy(key, ctx->key, sizeof(key));
-               else
-                       len = 0;
+               if (ctx) {
+                       key_len = tcp_fastopen_context_len(ctx) *
+                                       TCP_FASTOPEN_KEY_LENGTH;
+                       memcpy(&key[0], &ctx->key[0], key_len);
+               }
                rcu_read_unlock();
 
-               len = min_t(unsigned int, len, sizeof(key));
+               len = min_t(unsigned int, len, key_len);
                if (put_user(len, optlen))
                        return -EFAULT;
                if (copy_to_user(optval, key, len))