Page MenuHomeFreeBSD
Files F145426318

D35011.id105333.diff
No OneTemporary
Actions

D35011.id105333.diff
View Options

diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -2073,7 +2073,7 @@
SBCHECK(sb);
SOCKBUF_UNLOCK(sb);
- error = tls->sw_decrypt(tls, hdr, data, seqno, &trail_len);
+ error = ktls_ocf_decrypt(tls, hdr, data, seqno, &trail_len);
if (error == 0) {
if (tls13)
error = tls13_find_record_type(tls, data,
@@ -2262,7 +2262,7 @@
/* Anonymous mbufs are encrypted in place. */
if ((m->m_epg_flags & EPG_FLAG_ANON) != 0)
- return (tls->sw_encrypt(state, tls, m, NULL, 0));
+ return (ktls_ocf_encrypt(state, tls, m, NULL, 0));
/*
* For file-backed mbufs (from sendfile), anonymous wired
@@ -2292,7 +2292,7 @@
state->dst_iov[i].iov_base = m->m_epg_trail;
state->dst_iov[i].iov_len = m->m_epg_trllen;
- error = tls->sw_encrypt(state, tls, m, state->dst_iov, i + 1);
+ error = ktls_ocf_encrypt(state, tls, m, state->dst_iov, i + 1);
if (__predict_false(error != 0)) {
/* Free the anonymous pages. */
diff --git a/sys/opencrypto/ktls.h b/sys/opencrypto/ktls.h
--- a/sys/opencrypto/ktls.h
+++ b/sys/opencrypto/ktls.h
@@ -49,5 +49,11 @@
void ktls_encrypt_cb(struct ktls_ocf_encrypt_state *state, int error);
void ktls_ocf_free(struct ktls_session *tls);
int ktls_ocf_try(struct socket *so, struct ktls_session *tls, int direction);
+int ktls_ocf_encrypt(struct ktls_ocf_encrypt_state *state,
+ struct ktls_session *tls, struct mbuf *m, struct iovec *outiov,
+ int outiovcnt);
+int ktls_ocf_decrypt(struct ktls_session *tls,
+ const struct tls_record_layer *hdr, struct mbuf *m, uint64_t seqno,
+ int *trailer_len);
#endif /* !__OPENCRYPTO_KTLS_H__ */
diff --git a/sys/opencrypto/ktls_ocf.c b/sys/opencrypto/ktls_ocf.c
--- a/sys/opencrypto/ktls_ocf.c
+++ b/sys/opencrypto/ktls_ocf.c
@@ -47,7 +47,20 @@
#include <opencrypto/cryptodev.h>
#include <opencrypto/ktls.h>
+struct ktls_ocf_sw {
+ /* Encrypt a single outbound TLS record. */
+ int (*encrypt)(struct ktls_ocf_encrypt_state *state,
+ struct ktls_session *tls, struct mbuf *m,
+ struct iovec *outiov, int outiovcnt);
+
+ /* Decrypt a received TLS record. */
+ int (*decrypt)(struct ktls_session *tls,
+ const struct tls_record_layer *hdr, struct mbuf *m,
+ uint64_t seqno, int *trailer_len);
+};
+
struct ktls_ocf_session {
+ const struct ktls_ocf_sw *sw;
crypto_session_t sid;
crypto_session_t mac_sid;
struct mtx lock;
@@ -386,6 +399,10 @@
return (error);
}
+static const struct ktls_ocf_sw ktls_ocf_tls_cbc_sw = {
+ .encrypt = ktls_ocf_tls_cbc_encrypt
+};
+
static int
ktls_ocf_tls12_aead_encrypt(struct ktls_ocf_encrypt_state *state,
struct ktls_session *tls, struct mbuf *m, struct iovec *outiov,
@@ -532,6 +549,11 @@
return (error);
}
+static const struct ktls_ocf_sw ktls_ocf_tls12_aead_sw = {
+ .encrypt = ktls_ocf_tls12_aead_encrypt,
+ .decrypt = ktls_ocf_tls12_aead_decrypt,
+};
+
static int
ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state,
struct ktls_session *tls, struct mbuf *m, struct iovec *outiov,
@@ -662,6 +684,11 @@
return (error);
}
+static const struct ktls_ocf_sw ktls_ocf_tls13_aead_sw = {
+ .encrypt = ktls_ocf_tls13_aead_encrypt,
+ .decrypt = ktls_ocf_tls13_aead_decrypt,
+};
+
void
ktls_ocf_free(struct ktls_session *tls)
{
@@ -806,19 +833,12 @@
tls->ocf_session = os;
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16 ||
tls->params.cipher_algorithm == CRYPTO_CHACHA20_POLY1305) {
- if (direction == KTLS_TX) {
- if (tls->params.tls_vminor == TLS_MINOR_VER_THREE)
- tls->sw_encrypt = ktls_ocf_tls13_aead_encrypt;
- else
- tls->sw_encrypt = ktls_ocf_tls12_aead_encrypt;
- } else {
- if (tls->params.tls_vminor == TLS_MINOR_VER_THREE)
- tls->sw_decrypt = ktls_ocf_tls13_aead_decrypt;
- else
- tls->sw_decrypt = ktls_ocf_tls12_aead_decrypt;
- }
+ if (tls->params.tls_vminor == TLS_MINOR_VER_THREE)
+ os->sw = &ktls_ocf_tls13_aead_sw;
+ else
+ os->sw = &ktls_ocf_tls12_aead_sw;
} else {
- tls->sw_encrypt = ktls_ocf_tls_cbc_encrypt;
+ os->sw = &ktls_ocf_tls_cbc_sw;
if (tls->params.tls_vminor == TLS_MINOR_VER_ZERO) {
os->implicit_iv = true;
memcpy(os->iv, tls->params.iv, AES_BLOCK_LEN);
@@ -837,3 +857,19 @@
tls->params.cipher_algorithm == CRYPTO_AES_CBC;
return (0);
}
+
+int
+ktls_ocf_encrypt(struct ktls_ocf_encrypt_state *state,
+ struct ktls_session *tls, struct mbuf *m, struct iovec *outiov,
+ int outiovcnt)
+{
+ return (tls->ocf_session->sw->encrypt(state, tls, m, outiov,
+ outiovcnt));
+}
+
+int
+ktls_ocf_decrypt(struct ktls_session *tls, const struct tls_record_layer *hdr,
+ struct mbuf *m, uint64_t seqno, int *trailer_len)
+{
+ return (tls->ocf_session->sw->decrypt(tls, hdr, m, seqno, trailer_len));
+}
diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h
--- a/sys/sys/ktls.h
+++ b/sys/sys/ktls.h
@@ -167,8 +167,8 @@
#define KTLS_RX 2
struct iovec;
-struct ktls_ocf_session;
struct ktls_ocf_encrypt_state;
+struct ktls_ocf_session;
struct ktls_session;
struct m_snd_tag;
struct mbuf;
@@ -176,14 +176,6 @@
struct socket;
struct ktls_session {
- union {
- int (*sw_encrypt)(struct ktls_ocf_encrypt_state *state,
- struct ktls_session *tls, struct mbuf *m,
- struct iovec *outiov, int outiovcnt);
- int (*sw_decrypt)(struct ktls_session *tls,
- const struct tls_record_layer *hdr, struct mbuf *m,
- uint64_t seqno, int *trailer_len);
- };
struct ktls_ocf_session *ocf_session;
struct m_snd_tag *snd_tag;
struct tls_session_params params;

File Metadata

Mime Type
text/plain
Expires
Fri, Feb 20, 5:20 PM (6 h, 8 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28902065
Default Alt Text
D35011.id105333.diff (5 KB)

Event Timeline