Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F161372770
D22117.id63641.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
2 KB
Referenced Files
None
Subscribers
None
D22117.id63641.diff
View Options
Index: head/sys/kern/uipc_ktls.c
===================================================================
--- head/sys/kern/uipc_ktls.c
+++ head/sys/kern/uipc_ktls.c
@@ -408,7 +408,7 @@
struct ktls_session *tls;
int error;
- /* Only TLS 1.0 - 1.2 are supported. */
+ /* Only TLS 1.0 - 1.3 are supported. */
if (en->tls_vmajor != TLS_MAJOR_VER_ONE)
return (EINVAL);
if (en->tls_vminor < TLS_MINOR_VER_ZERO ||
@@ -576,13 +576,24 @@
/*
* This holds the implicit portion of the nonce for GCM and
* the initial implicit IV for TLS 1.0. The explicit portions
- * of the IV are generated in ktls_frame() and ktls_seq().
+ * of the IV are generated in ktls_frame().
*/
if (en->iv_len != 0) {
tls->params.iv_len = en->iv_len;
error = copyin(en->iv, tls->params.iv, en->iv_len);
if (error)
goto out;
+
+ /*
+ * For TLS 1.2, generate an 8-byte nonce as a counter
+ * to generate unique explicit IVs.
+ *
+ * Store this counter in the last 8 bytes of the IV
+ * array so that it is 8-byte aligned.
+ */
+ if (en->cipher_algorithm == CRYPTO_AES_NIST_GCM_16 &&
+ en->tls_vminor == TLS_MINOR_VER_TWO)
+ arc4rand(tls->params.iv + 8, sizeof(uint64_t), 0);
}
*tlsp = tls;
@@ -1196,8 +1207,6 @@
ktls_seq(struct sockbuf *sb, struct mbuf *m)
{
struct mbuf_ext_pgs *pgs;
- struct tls_record_layer *tlshdr;
- uint64_t seqno;
for (; m != NULL; m = m->m_next) {
KASSERT((m->m_flags & M_NOMAP) != 0,
@@ -1205,17 +1214,6 @@
pgs = m->m_ext.ext_pgs;
pgs->seqno = sb->sb_tls_seqno;
-
- /*
- * Store the sequence number in the TLS header as the
- * explicit part of the IV for GCM.
- */
- if (pgs->tls->params.cipher_algorithm ==
- CRYPTO_AES_NIST_GCM_16) {
- tlshdr = (void *)pgs->hdr;
- seqno = htobe64(pgs->seqno);
- memcpy(tlshdr + 1, &seqno, sizeof(seqno));
- }
sb->sb_tls_seqno++;
}
}
@@ -1240,6 +1238,7 @@
struct tls_record_layer *tlshdr;
struct mbuf *m;
struct mbuf_ext_pgs *pgs;
+ uint64_t *noncep;
uint16_t tls_len;
int maxlen;
@@ -1315,11 +1314,21 @@
tlshdr->tls_length = htons(m->m_len - sizeof(*tlshdr));
/*
- * For GCM, the sequence number is stored in the
- * header by ktls_seq(). For CBC, a random nonce is
- * inserted for TLS 1.1+.
+ * Store nonces / explicit IVs after the end of the
+ * TLS header.
+ *
+ * For GCM with TLS 1.2, an 8 byte nonce is copied
+ * from the end of the IV. The nonce is then
+ * incremented for use by the next record.
+ *
+ * For CBC, a random nonce is inserted for TLS 1.1+.
*/
- if (tls->params.cipher_algorithm == CRYPTO_AES_CBC &&
+ if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16 &&
+ tls->params.tls_vminor == TLS_MINOR_VER_TWO) {
+ noncep = (uint64_t *)(tls->params.iv + 8);
+ be64enc(tlshdr + 1, *noncep);
+ (*noncep)++;
+ } else if (tls->params.cipher_algorithm == CRYPTO_AES_CBC &&
tls->params.tls_vminor >= TLS_MINOR_VER_ONE)
arc4rand(tlshdr + 1, AES_BLOCK_LEN, 0);
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Jul 4, 5:53 AM (14 h, 20 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
34654925
Default Alt Text
D22117.id63641.diff (2 KB)
Attached To
Mode
D22117: Use a counter with a random base for explicit IVs in GCM.
Attached
Detach File
Event Timeline
Log In to Comment