From patchwork Thu Mar 22 17:10:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Watson X-Patchwork-Id: 10301937 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4A1D560216 for ; Thu, 22 Mar 2018 17:11:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1664C2898E for ; Thu, 22 Mar 2018 17:11:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C86C9289A3; Thu, 22 Mar 2018 17:11:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CEDD6288E8 for ; Thu, 22 Mar 2018 17:11:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751841AbeCVRK5 (ORCPT ); Thu, 22 Mar 2018 13:10:57 -0400 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:51492 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751753AbeCVRKy (ORCPT ); Thu, 22 Mar 2018 13:10:54 -0400 Received: from pps.filterd (m0001255.ppops.net [127.0.0.1]) by mx0b-00082601.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2MH5WmN007844; Thu, 22 Mar 2018 10:10:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=facebook; bh=zzPCSIBhdgCuKr6QBt4c3TVjulh2xi3leoABD+t3fHM=; b=FW1iVLlXGOgzi9eDPZn61a4Ql8L5iDCHCgBIILXQbJA797OOn4OC1ZiZl6LAluzHjjDX pNy2A4dabMBFLqfVedAtiJ47NUZ1lRf0I0Fzqx/IwrI/pEheJNWXtlkZrcUTxepPR5bt agmlG8RIUW86cTK3cSSxzvb265mJkRZD1t4= Received: from mail.thefacebook.com ([199.201.64.23]) by mx0b-00082601.pphosted.com with ESMTP id 2gvgk1r0g6-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 22 Mar 2018 10:10:16 -0700 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.16) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 22 Mar 2018 10:10:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=zzPCSIBhdgCuKr6QBt4c3TVjulh2xi3leoABD+t3fHM=; b=dn5vjp1mGPai/GbbmDt5RUBhnIr999wEMM3t7Y2xLWSIWqM/HNevvGkNl5knRgrZySKofNG6j7JA/nSgXXjiSiQLn3PN1IampouYB7p9ef3KummbXSUqhdnZbKo4nwHg12w8sP1KBF43m0BXLDjDWspxkKfEz7l1hphXMZ11MzI= Received: from localhost (2620:10d:c090:200::6:9ccb) by MWHPR15MB1133.namprd15.prod.outlook.com (2603:10b6:320:22::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Thu, 22 Mar 2018 17:10:09 +0000 Date: Thu, 22 Mar 2018 10:10:06 -0700 From: Dave Watson To: "David S. Miller" , Tom Herbert , Alexei Starovoitov , , , , CC: Atul Gupta , Vakul Garg , Hannes Frederic Sowa , Steffen Klassert , John Fastabend , Daniel Borkmann Subject: [PATCH v2 net-next 2/6] tls: Move cipher info to a separate struct Message-ID: <20180322171006.GA67848@GeorgeHnsiPhone.dhcp.thefacebook.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.0 (2016-04-01) X-Originating-IP: [2620:10d:c090:200::6:9ccb] X-ClientProxiedBy: MWHPR20CA0021.namprd20.prod.outlook.com (2603:10b6:300:13d::31) To MWHPR15MB1133.namprd15.prod.outlook.com (2603:10b6:320:22::11) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ddb88638-f5d7-4475-377c-08d59017c47e X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:MWHPR15MB1133; X-Microsoft-Exchange-Diagnostics: 1; MWHPR15MB1133; 3:fKLEQdtyoRPf5iLfYRJDhZYK1TEhlHJ0nPmT+KjXlyItqVuQuBmdpRfg7UL1o+CwVvKySeFsstObWwj0xLIkkp0NgPxPfP84sGw7FxNIz2EGJlbEmRnRohhfDJmvbB9pzKQiupE3Cjp8f8yWYwpRwtKwfxsR4dn0RcEp7EkeyP0egJcpDkSdJqOKq7fXY+tNMlMMe/GdATq+wJmG4NIiaDgKxOKQe0BjqBobIFhT0xi1NRd7UjVJESJgx0o0rnHG; 25:pqPLXPTxeh+myeptr13gMzw2PStnA1tRAzbDWj8pULTKGmGptO2135QMbdUQsYNa8+vG4MkepdXzRDnD7XIPnbMLmgzGvYKQGHW7E5p0CopQZzoWwMeGtbaYoQz1G1oPAAuEKwoNkrxM6BunRrlKyTQ4drkluBwxsdF6/fL5GzFTyPF5mZ9CEYgp3pglmCfeWRgDR5r1MPJjCnrLkMmHl6lOAkRYjtC5sRRbCZpIuaoSxADDxHyVZdUeMW//bHU7RyBxqMfAZYmCrebnkF4ipxIzvXrCW/afjUNXpnpRQCIhS8vB0fpnAG6jusO4kP2164bCHpeP4w2rHtHcYo+3Wg==; 31:y/NlmbRK0Ugvk8mp5xgQlnq7tEDpLtnC2ozDcwEYp9+KQm7pPWhprtJCm8FUcJkU0wh3G97GvmORHXYtTbMB9CMfMDnynBb8usUq85ktUKb4QUUSyAREPXa1YaULCjv/U67vPXbNoXbyTH24dhhR/Vd7xzDWI6NJxgpsit0SaYVl2DaV2nzypm2SXRs4wAee7F7bZcTC4PhWh6mxuLC7pDDRgFXrNRnQhWaz+0+ED7g= X-MS-TrafficTypeDiagnostic: MWHPR15MB1133: X-Microsoft-Exchange-Diagnostics: 1; MWHPR15MB1133; 20:jkPXx6VX1KUZQOq9UfDkC+KsQIy/yuIXP3RR+PC2AQ1LNC0V+OUt1jwBJkTy7vL+09Wj0g/+peVcWmZrnlKgd8z6h68G/uGonz4pcVaumFn2amwRXSy7VVYrqnh9kgrr/17fTeYRwhshUB2lgGixnf4tZIRw9Ng3hbADV6GJ/ETQMBQUA+LBlDMxv7gsIwqrUEnop2UcYHCL9GndHOz5S7nlA/sb2KQFy5bNmWfYVoNRVWOEbxn5aC/7EOA2tygyzpUZf1cALCQPOKNrL51AthvkgIJJgS0ZTAk1oi/Q0o1MefCxv9iyDtl27MDF42hlOZaCnvpGtBQycPCcFYXFmg/BVeK5Ds41vN9s/Au6BFkDFRdIdCCQ7rnrgHIu71+aCha85CdJF+QLtwVKEFjjU0swmXRrmuRW7sQHX43h1Hxk2EzRDG2J9W8M/312qRNZuo9Ft9MDE+lwQK2WmEx6zYBRsIlgP/eoQQ0PcT6SR/odigvgGUEAuM5eMaNVK7Sz; 4:qi/Y09rbogAhSRawpRuxJZ6VHGNxFOPhR5LGVDBp7GRWv2b3Vkz+MAKRm3/8pcY6gEwl5d9rTfjTlnJ83/2CZt1FOS2TAXBHZOgC2s7N5bkIOfjBtiz+XfGRN9rqAwSm5lhn9jMZoKTywsUx6oj2v3Co3Lt9ZWi0eAXRpRXv02vHG8ZcATorkqzE3p9tM5XkwnVEvRFqyuJTGkM9X+pqNtAqzLm7Kk3kbrTm8XC46JJu2CcH18T8QDyKi/C/XDVO1VkX7mPuGTVseWhKmIRGYwXpgPvTnqBpCrWB1XPArQatjzhDalnHW5DffPXXj1NMjnOXo6juDu7QdhatfZawX+tYp6L1OSVaW4JAlOmFMjc= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(67672495146484)(266576461109395); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(3231221)(11241501184)(944501327)(52105095)(10201501046)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:MWHPR15MB1133; BCL:0; PCL:0; RULEID:; SRVR:MWHPR15MB1133; X-Forefront-PRVS: 0619D53754 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6069001)(39860400002)(39380400002)(396003)(376002)(346002)(366004)(189003)(199004)(106356001)(7416002)(23726003)(1076002)(68736007)(105586002)(6116002)(6666003)(46003)(76506005)(25786009)(2906002)(110136005)(16586007)(446003)(47776003)(4326008)(54906003)(59450400001)(386003)(58126008)(39060400002)(81166006)(186003)(81156014)(8676002)(8936002)(7736002)(6496006)(9686003)(5660300001)(316002)(33656002)(16526019)(97736004)(8656006)(6486002)(52396003)(478600001)(50466002)(86362001)(53936002)(76176011)(33896004)(52116002)(11346002)(305945005)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR15MB1133; H:localhost; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: fb.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MWHPR15MB1133; 23:4Y1aHqWntdihVvNAPxloSIpC2cg5vqlxs01DHxy3D?= =?us-ascii?Q?De7mwTi62LLRCQBS2W4rgMeOPrnMvNWoOEsMQOMPPQIfUZcim3Bf3uv9MUQZ?= =?us-ascii?Q?TZLPLGQEwp1qiKKJTYc5KdKykHYv1qwrPo+LrbKYh2NLPewfGqCUa7WwoxjZ?= =?us-ascii?Q?upVox8mReClQexIXK1K09vHeJ95sPRkWCJFWr76bGXBYlPL9OJyViv9t4LB7?= =?us-ascii?Q?9dEbG/4YlBvtGEc/A9iY59fVoU4c66sVXx0sKzeOR66Q3BxOnLMrUSBXv9qh?= =?us-ascii?Q?cLDQlMJIgt/DRsBuQ0ho5TbvTVAc8gTHUbA6sf97Jo7qa7j7pbj8yHqTSF95?= =?us-ascii?Q?NtwVHH1OsjRyIHZ8HTgFBelqiZABYtbXXOb/pckMFbb25iZldd7dPqce5zOo?= =?us-ascii?Q?OUPf4vZdDrcEHcHXYjR0LRcVDGGC9sYlz6VDib+YT95dw0odheeMNKDz9nmc?= =?us-ascii?Q?x0i2lVERl3umwoBFroJ8ZHNHNVYjqtzd/PGkVZfqXkeYhCsYl3Stcz/gvHNI?= =?us-ascii?Q?pw4KCyHRLRd0lzR8hyTF+s+JLmliu3h211zLjw30GdWbrB4dZk7noVnjQ434?= =?us-ascii?Q?x4BV1eHdPKLov87nxx3eR28uP/Qcyc3am+fCJwMOkKW+jJ53mlSVpVZIy+4i?= =?us-ascii?Q?rAOwfWbiaPXjIBm9bZD960q6jIDtCp7K6D7uA8FkEvti/fa5hgRPNdRC/kSg?= =?us-ascii?Q?uzm9Qof1mnpr+6tpnU42StGadT3NFe2dBpKplNfLJJhhBHR1a9tzMiyoviTF?= =?us-ascii?Q?bUp2AwCxQRLPUQ1xBsTIZXKWOeZ6XPjuUh/llHhGxwalEzQ5Pa6CtqFD8ZU3?= =?us-ascii?Q?fg/qL62CFbeTSgQlidyUFnFAoIICdY9d+5ViYkjXPQ8UKE1jrW1eRI9+9z27?= =?us-ascii?Q?Nk+lDhcsCQfJQQLKwqh39TI6W4z6y8UFaFksbmpuqfMuSR9z9wM8b/w7RxJb?= =?us-ascii?Q?+EiX5VekchP3DPmmPUOCDc00hErc8h/6KsVp+hvIG7jqrt2N3uYnWFrauDRO?= =?us-ascii?Q?Ei0O/az0UHhklblJ9QBUZG91PJtpXkE1YtXx5nAcLQx4OfE0L9ZCXSucpoBK?= =?us-ascii?Q?jRmipANVRJ5ctvYlukKCwDxivdMAIwiJQ359VZq1a//eyCoIkOCFmE8+SoLy?= =?us-ascii?Q?CTfS3lASWgqoWWlkX7lAJuT0w1G7m/r/wVss0eyhUh4+q9TUZhwiLkRJAeCD?= =?us-ascii?Q?DdQWyFgt+DUWhBFloEDkwVYlF0RsYt+o7Wfmv3EJOl3vTWRxTlLfcIpbgl/U?= =?us-ascii?Q?GcFpNp/Zl5O4nc8C/grgGnq1uEIMxlIkr/v4d8A/Ks7PUqysmfJ1wsczW2+y?= =?us-ascii?B?dz09?= X-Microsoft-Antispam-Message-Info: strEWyYNkkPOMPDdIlPxQu2Go/8ufykU0ICfONKAjXfyY8SZXQKfi1uuDTjZrytqOJlSIv/F5BqT6yoMXF1Oeoi+ZFBBZYbrf7OnKXzuVWS8GqGHZsnbKpirQiA0gq1lctrQY6E+eqo3bJrypmlfoYU5o46/HPMBpmtKXNFj2mEy/HD505UkKrDFkfEVAXN2 X-Microsoft-Exchange-Diagnostics: 1; MWHPR15MB1133; 6:go1l8B9FqDOPCsG3Tn0jv17xBQ/ca877ODf4R+uye5T69+2EhV3c1LXIskttkoKRa1w/REcJTo1Pk8GkSclYy5QUfwiu1zlves2Uu4nj5Ljgdq7T2D54lVDe8xOkgl1aNNHpwUnIseoq1meVZO9Y52J7fNfDg8VhSRYumJZS/i4TP2AK3zmIQzLCTnmoudq0hQekSv36T9E7sXq2D9eJl75TPM4fIxRVjGJLVdVwOMq2eDvVH6EV/iJLdOV3xQmOnhIS696eJ0/oS8GBi/n9RTI5ALMJOUJkTYt+NVvdWd29h9v8H5JSG4phg3H2NsVebNTDufowzz5oo50tIpqM+tLeSDObtpkR2uXynZiwwbI=; 5:Md7WZYl8PjVERk2bfCFhdH7XRxkDp5KLESYls92UV6AfAe2sTfba5eSnYCbKP/NQ0wJU87aEtF5oSk60JuJllkWVfQDZw4ufp182MnG8XTGaKkr6MIvjogzJv2Hunq5hGxUeYzjHL48Q+ns+Vv6VrWIYoBNhyFaljEVaihKXyVI=; 24:rSFeZIDG20nUNNaXeAkUImIsM5u3wGHg6T5DIBCXCfqu7Ksdiihkd9xKF+yGNLM+Lwk/P1ldeu1A0uMpNl3IkqF5ZZAKTWq/8ZHIHh9XxpA=; 7:gqUG6xleJpiP5MFGBKYigBe2+jzXM30OV5q13IAY136k0SY1VBgXnZ4wIYgaWjEzpT5OlfgSQ8h8bobYsGfMcK7sfAEicyh+HChxuhyWy0DCt+AsySmTpQHlzbFTowsd32ABRlMDFvJNAfrkYl5sHIcVyt19AGPad/aDnywXnr/15UCLi+Apfmot+V2Tvf8gOQ8sa/AHMsRHv5XUBbJzZWNhJ8p+kouzDMtCaeYW5O8WavVVF9AS3k1mT34eFC20 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; MWHPR15MB1133; 20:iOSvbwwW6yMeHVFcGrkGD9qGqljNLl7Fh9kTmEt373yKqMv5g3o+NXdSsH+lFjKuHplxtrW1ZsklYBti90iTGc73HmYR8GWf5sFrEyijeaAOjCww84NFRXjK4JbGqcGIqPkZcaSLsMaNwcL6KT4erMKvrCQG8AAFszp4LrqfVVU= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Mar 2018 17:10:09.7265 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ddb88638-f5d7-4475-377c-08d59017c47e X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1133 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-22_09:, , signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Separate tx crypto parameters to a separate cipher_context struct. The same parameters will be used for rx using the same struct. tls_advance_record_sn is modified to only take the cipher info. Signed-off-by: Dave Watson --- include/net/tls.h | 26 +++++++++++++----------- net/tls/tls_main.c | 8 ++++---- net/tls/tls_sw.c | 58 ++++++++++++++++++++++++++++-------------------------- 3 files changed, 49 insertions(+), 43 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 4913430..019e52d 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -81,6 +81,16 @@ enum { TLS_PENDING_CLOSED_RECORD }; +struct cipher_context { + u16 prepend_size; + u16 tag_size; + u16 overhead_size; + u16 iv_size; + char *iv; + u16 rec_seq_size; + char *rec_seq; +}; + struct tls_context { union { struct tls_crypto_info crypto_send; @@ -91,13 +101,7 @@ struct tls_context { u8 tx_conf:2; - u16 prepend_size; - u16 tag_size; - u16 overhead_size; - u16 iv_size; - char *iv; - u16 rec_seq_size; - char *rec_seq; + struct cipher_context tx; struct scatterlist *partially_sent_record; u16 partially_sent_offset; @@ -190,7 +194,7 @@ static inline bool tls_bigint_increment(unsigned char *seq, int len) } static inline void tls_advance_record_sn(struct sock *sk, - struct tls_context *ctx) + struct cipher_context *ctx) { if (tls_bigint_increment(ctx->rec_seq, ctx->rec_seq_size)) tls_err_abort(sk); @@ -203,9 +207,9 @@ static inline void tls_fill_prepend(struct tls_context *ctx, size_t plaintext_len, unsigned char record_type) { - size_t pkt_len, iv_size = ctx->iv_size; + size_t pkt_len, iv_size = ctx->tx.iv_size; - pkt_len = plaintext_len + iv_size + ctx->tag_size; + pkt_len = plaintext_len + iv_size + ctx->tx.tag_size; /* we cover nonce explicit here as well, so buf should be of * size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE @@ -217,7 +221,7 @@ static inline void tls_fill_prepend(struct tls_context *ctx, buf[3] = pkt_len >> 8; buf[4] = pkt_len & 0xFF; memcpy(buf + TLS_NONCE_OFFSET, - ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv_size); + ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv_size); } static inline void tls_make_aad(char *buf, diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index d824d54..c671560 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -259,8 +259,8 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) } } - kfree(ctx->rec_seq); - kfree(ctx->iv); + kfree(ctx->tx.rec_seq); + kfree(ctx->tx.iv); if (ctx->tx_conf == TLS_SW_TX) tls_sw_free_tx_resources(sk); @@ -319,9 +319,9 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval, } lock_sock(sk); memcpy(crypto_info_aes_gcm_128->iv, - ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, TLS_CIPHER_AES_GCM_128_IV_SIZE); - memcpy(crypto_info_aes_gcm_128->rec_seq, ctx->rec_seq, + memcpy(crypto_info_aes_gcm_128->rec_seq, ctx->tx.rec_seq, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); release_sock(sk); if (copy_to_user(optval, diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index ca1d20d..338d743 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -79,7 +79,7 @@ static void trim_both_sgl(struct sock *sk, int target_size) target_size); if (target_size > 0) - target_size += tls_ctx->overhead_size; + target_size += tls_ctx->tx.overhead_size; trim_sg(sk, ctx->sg_encrypted_data, &ctx->sg_encrypted_num_elem, @@ -152,21 +152,21 @@ static int tls_do_encryption(struct tls_context *tls_ctx, if (!aead_req) return -ENOMEM; - ctx->sg_encrypted_data[0].offset += tls_ctx->prepend_size; - ctx->sg_encrypted_data[0].length -= tls_ctx->prepend_size; + ctx->sg_encrypted_data[0].offset += tls_ctx->tx.prepend_size; + ctx->sg_encrypted_data[0].length -= tls_ctx->tx.prepend_size; aead_request_set_tfm(aead_req, ctx->aead_send); aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE); aead_request_set_crypt(aead_req, ctx->sg_aead_in, ctx->sg_aead_out, - data_len, tls_ctx->iv); + data_len, tls_ctx->tx.iv); aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG, crypto_req_done, &ctx->async_wait); rc = crypto_wait_req(crypto_aead_encrypt(aead_req), &ctx->async_wait); - ctx->sg_encrypted_data[0].offset -= tls_ctx->prepend_size; - ctx->sg_encrypted_data[0].length += tls_ctx->prepend_size; + ctx->sg_encrypted_data[0].offset -= tls_ctx->tx.prepend_size; + ctx->sg_encrypted_data[0].length += tls_ctx->tx.prepend_size; kfree(aead_req); return rc; @@ -183,7 +183,7 @@ static int tls_push_record(struct sock *sk, int flags, sg_mark_end(ctx->sg_encrypted_data + ctx->sg_encrypted_num_elem - 1); tls_make_aad(ctx->aad_space, ctx->sg_plaintext_size, - tls_ctx->rec_seq, tls_ctx->rec_seq_size, + tls_ctx->tx.rec_seq, tls_ctx->tx.rec_seq_size, record_type); tls_fill_prepend(tls_ctx, @@ -216,7 +216,7 @@ static int tls_push_record(struct sock *sk, int flags, if (rc < 0 && rc != -EAGAIN) tls_err_abort(sk); - tls_advance_record_sn(sk, tls_ctx); + tls_advance_record_sn(sk, &tls_ctx->tx); return rc; } @@ -357,7 +357,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) } required_size = ctx->sg_plaintext_size + try_to_copy + - tls_ctx->overhead_size; + tls_ctx->tx.overhead_size; if (!sk_stream_memory_free(sk)) goto wait_for_sndbuf; @@ -420,7 +420,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) &ctx->sg_encrypted_num_elem, &ctx->sg_encrypted_size, ctx->sg_plaintext_size + - tls_ctx->overhead_size); + tls_ctx->tx.overhead_size); } ret = memcopy_from_iter(sk, &msg->msg_iter, try_to_copy); @@ -512,7 +512,7 @@ int tls_sw_sendpage(struct sock *sk, struct page *page, full_record = true; } required_size = ctx->sg_plaintext_size + copy + - tls_ctx->overhead_size; + tls_ctx->tx.overhead_size; if (!sk_stream_memory_free(sk)) goto wait_for_sndbuf; @@ -644,24 +644,26 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) goto free_priv; } - ctx->prepend_size = TLS_HEADER_SIZE + nonce_size; - ctx->tag_size = tag_size; - ctx->overhead_size = ctx->prepend_size + ctx->tag_size; - ctx->iv_size = iv_size; - ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, GFP_KERNEL); - if (!ctx->iv) { + ctx->tx.prepend_size = TLS_HEADER_SIZE + nonce_size; + ctx->tx.tag_size = tag_size; + ctx->tx.overhead_size = ctx->tx.prepend_size + ctx->tx.tag_size; + ctx->tx.iv_size = iv_size; + ctx->tx.iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + GFP_KERNEL); + if (!ctx->tx.iv) { rc = -ENOMEM; goto free_priv; } - memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE); - memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size); - ctx->rec_seq_size = rec_seq_size; - ctx->rec_seq = kmalloc(rec_seq_size, GFP_KERNEL); - if (!ctx->rec_seq) { + memcpy(ctx->tx.iv, gcm_128_info->salt, + TLS_CIPHER_AES_GCM_128_SALT_SIZE); + memcpy(ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size); + ctx->tx.rec_seq_size = rec_seq_size; + ctx->tx.rec_seq = kmalloc(rec_seq_size, GFP_KERNEL); + if (!ctx->tx.rec_seq) { rc = -ENOMEM; goto free_iv; } - memcpy(ctx->rec_seq, rec_seq, rec_seq_size); + memcpy(ctx->tx.rec_seq, rec_seq, rec_seq_size); sg_init_table(sw_ctx->sg_encrypted_data, ARRAY_SIZE(sw_ctx->sg_encrypted_data)); @@ -697,7 +699,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) if (rc) goto free_aead; - rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size); + rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tx.tag_size); if (!rc) return 0; @@ -705,11 +707,11 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) crypto_free_aead(sw_ctx->aead_send); sw_ctx->aead_send = NULL; free_rec_seq: - kfree(ctx->rec_seq); - ctx->rec_seq = NULL; + kfree(ctx->tx.rec_seq); + ctx->tx.rec_seq = NULL; free_iv: - kfree(ctx->iv); - ctx->iv = NULL; + kfree(ctx->tx.iv); + ctx->tx.iv = NULL; free_priv: kfree(ctx->priv_ctx); ctx->priv_ctx = NULL;