Page MenuHomeFreeBSD

KTLS: Add a new recrypt operation to the software backend.
ClosedPublic

Authored by jhb on Apr 20 2022, 9:09 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 14, 4:36 PM
Unknown Object (File)
Sun, Dec 1, 1:37 PM
Unknown Object (File)
Thu, Nov 28, 6:52 AM
Unknown Object (File)
Nov 20 2024, 6:34 AM
Unknown Object (File)
Nov 18 2024, 8:09 AM
Unknown Object (File)
Nov 18 2024, 8:08 AM
Unknown Object (File)
Nov 18 2024, 7:14 AM
Unknown Object (File)
Nov 17 2024, 5:29 AM
Subscribers

Details

Summary

When using NIC TLS RX, packets that are dropped and retransmitted are
not decrypted by the NIC but are passed along as-is. As a result, a
received TLS record might contain a mix of encrypted and decrypted
data. If this occurs, the already-decrypted data needs to be
re-encrypted so that the resulting record can then be decrypted
normally.

Add support for this for sessions using AES-GCM with TLS 1.2 or TLS
1.3. For the recrypt operation, allocate a temporary buffer and
encrypt the the payload portion of the TLS record with AES-CTR with an
initial IV constructed from the AES-GCM nonce. Then fixup the
original mbuf chain by copying the results from the temporary buffer
back into the original mbufs for any mbufs containing decrypted data.

Once it has been recrypted, the mbuf chain can then be decrypted via
the normal software decryption path.

Co-authored by: Hans Petter Selasky <hselasky@FreeBSD.org>
Sponsored by: Netflix

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

  • Moved freesession fix for mac_sid to its own commit.
sys/opencrypto/ktls_ocf.c
578

I think it wouldn't hurt to do ">=" here, and "skip" is unsigned and m_len is signed, so do we need a cast ?

797

Just copy data straight into crp.crp_iv ? Why do we need a second structure ?

sys/opencrypto/ktls_ocf.c
578

We don't enable the warning about comparisons between signed and unsigned in the kernel, so we don't require the cast in practice. >= is good, yes.

797

This is just duplicating what is done in the other tls13 functions. I might go back and redo those however.

jhb marked an inline comment as done.Apr 21 2022, 6:19 PM

Fix a few things noted by Hans.

This revision is now accepted and ready to land.Apr 22 2022, 6:39 AM