Changeset View
Changeset View
Standalone View
Standalone View
sys/opencrypto/ktls_ocf.c
Show First 20 Lines • Show All 632 Lines • ▼ Show 20 Lines | |||||
ktls_ocf_tls12_aead_decrypt(struct ktls_session *tls, | ktls_ocf_tls12_aead_decrypt(struct ktls_session *tls, | ||||
const struct tls_record_layer *hdr, struct mbuf *m, uint64_t seqno, | const struct tls_record_layer *hdr, struct mbuf *m, uint64_t seqno, | ||||
int *trailer_len) | int *trailer_len) | ||||
{ | { | ||||
struct tls_aead_data ad; | struct tls_aead_data ad; | ||||
struct cryptop crp; | struct cryptop crp; | ||||
struct ktls_ocf_session *os; | struct ktls_ocf_session *os; | ||||
int error; | int error; | ||||
uint16_t tls_comp_len; | uint16_t tls_comp_len, tls_len; | ||||
os = tls->ocf_session; | os = tls->ocf_session; | ||||
/* Ensure record contains at least an explicit IV and tag. */ | |||||
tls_len = ntohs(hdr->tls_length); | |||||
if (tls_len + sizeof(*hdr) < tls->params.tls_hlen + | |||||
tls->params.tls_tlen) | |||||
return (EMSGSIZE); | |||||
crypto_initreq(&crp, os->sid); | crypto_initreq(&crp, os->sid); | ||||
/* Setup the IV. */ | /* Setup the IV. */ | ||||
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) { | if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) { | ||||
memcpy(crp.crp_iv, tls->params.iv, TLS_AEAD_GCM_LEN); | memcpy(crp.crp_iv, tls->params.iv, TLS_AEAD_GCM_LEN); | ||||
memcpy(crp.crp_iv + TLS_AEAD_GCM_LEN, hdr + 1, | memcpy(crp.crp_iv + TLS_AEAD_GCM_LEN, hdr + 1, | ||||
sizeof(uint64_t)); | sizeof(uint64_t)); | ||||
} else { | } else { | ||||
/* | /* | ||||
* Chacha20-Poly1305 constructs the IV for TLS 1.2 | * Chacha20-Poly1305 constructs the IV for TLS 1.2 | ||||
* identically to constructing the IV for AEAD in TLS | * identically to constructing the IV for AEAD in TLS | ||||
* 1.3. | * 1.3. | ||||
*/ | */ | ||||
memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len); | memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len); | ||||
*(uint64_t *)(crp.crp_iv + 4) ^= htobe64(seqno); | *(uint64_t *)(crp.crp_iv + 4) ^= htobe64(seqno); | ||||
} | } | ||||
/* Setup the AAD. */ | /* Setup the AAD. */ | ||||
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) | if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) | ||||
tls_comp_len = ntohs(hdr->tls_length) - | tls_comp_len = tls_len - | ||||
(AES_GMAC_HASH_LEN + sizeof(uint64_t)); | (AES_GMAC_HASH_LEN + sizeof(uint64_t)); | ||||
else | else | ||||
tls_comp_len = ntohs(hdr->tls_length) - POLY1305_HASH_LEN; | tls_comp_len = tls_len - POLY1305_HASH_LEN; | ||||
ad.seq = htobe64(seqno); | ad.seq = htobe64(seqno); | ||||
ad.type = hdr->tls_type; | ad.type = hdr->tls_type; | ||||
ad.tls_vmajor = hdr->tls_vmajor; | ad.tls_vmajor = hdr->tls_vmajor; | ||||
ad.tls_vminor = hdr->tls_vminor; | ad.tls_vminor = hdr->tls_vminor; | ||||
ad.tls_length = htons(tls_comp_len); | ad.tls_length = htons(tls_comp_len); | ||||
crp.crp_aad = &ad; | crp.crp_aad = &ad; | ||||
crp.crp_aad_length = sizeof(ad); | crp.crp_aad_length = sizeof(ad); | ||||
▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines | ktls_ocf_tls12_aead_recrypt(struct ktls_session *tls, | ||||
const struct tls_record_layer *hdr, struct mbuf *m, | const struct tls_record_layer *hdr, struct mbuf *m, | ||||
uint64_t seqno) | uint64_t seqno) | ||||
{ | { | ||||
struct cryptop crp; | struct cryptop crp; | ||||
struct ktls_ocf_session *os; | struct ktls_ocf_session *os; | ||||
char *buf; | char *buf; | ||||
u_int payload_len; | u_int payload_len; | ||||
int error; | int error; | ||||
uint16_t tls_len; | |||||
os = tls->ocf_session; | os = tls->ocf_session; | ||||
/* Ensure record contains at least an explicit IV and tag. */ | |||||
tls_len = ntohs(hdr->tls_length); | |||||
if (tls_len < sizeof(uint64_t) + AES_GMAC_HASH_LEN) | |||||
return (EMSGSIZE); | |||||
crypto_initreq(&crp, os->recrypt_sid); | crypto_initreq(&crp, os->recrypt_sid); | ||||
KASSERT(tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16, | KASSERT(tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16, | ||||
("%s: only AES-GCM is supported", __func__)); | ("%s: only AES-GCM is supported", __func__)); | ||||
/* Setup the IV. */ | /* Setup the IV. */ | ||||
memcpy(crp.crp_iv, tls->params.iv, TLS_AEAD_GCM_LEN); | memcpy(crp.crp_iv, tls->params.iv, TLS_AEAD_GCM_LEN); | ||||
memcpy(crp.crp_iv + TLS_AEAD_GCM_LEN, hdr + 1, sizeof(uint64_t)); | memcpy(crp.crp_iv + TLS_AEAD_GCM_LEN, hdr + 1, sizeof(uint64_t)); | ||||
be32enc(crp.crp_iv + AES_GCM_IV_LEN, 2); | be32enc(crp.crp_iv + AES_GCM_IV_LEN, 2); | ||||
payload_len = ntohs(hdr->tls_length) - | payload_len = tls_len - (AES_GMAC_HASH_LEN + sizeof(uint64_t)); | ||||
(AES_GMAC_HASH_LEN + sizeof(uint64_t)); | |||||
crp.crp_op = CRYPTO_OP_ENCRYPT; | crp.crp_op = CRYPTO_OP_ENCRYPT; | ||||
crp.crp_flags = CRYPTO_F_CBIMM | CRYPTO_F_IV_SEPARATE; | crp.crp_flags = CRYPTO_F_CBIMM | CRYPTO_F_IV_SEPARATE; | ||||
crypto_use_mbuf(&crp, m); | crypto_use_mbuf(&crp, m); | ||||
crp.crp_payload_start = tls->params.tls_hlen; | crp.crp_payload_start = tls->params.tls_hlen; | ||||
crp.crp_payload_length = payload_len; | crp.crp_payload_length = payload_len; | ||||
buf = malloc(payload_len, M_KTLS_OCF, M_WAITOK); | buf = malloc(payload_len, M_KTLS_OCF, M_WAITOK); | ||||
crypto_use_output_buf(&crp, buf, payload_len); | crypto_use_output_buf(&crp, buf, payload_len); | ||||
▲ Show 20 Lines • Show All 97 Lines • ▼ Show 20 Lines | ktls_ocf_tls13_aead_decrypt(struct ktls_session *tls, | ||||
const struct tls_record_layer *hdr, struct mbuf *m, uint64_t seqno, | const struct tls_record_layer *hdr, struct mbuf *m, uint64_t seqno, | ||||
int *trailer_len) | int *trailer_len) | ||||
{ | { | ||||
struct tls_aead_data_13 ad; | struct tls_aead_data_13 ad; | ||||
struct cryptop crp; | struct cryptop crp; | ||||
struct ktls_ocf_session *os; | struct ktls_ocf_session *os; | ||||
int error; | int error; | ||||
u_int tag_len; | u_int tag_len; | ||||
uint16_t tls_len; | |||||
os = tls->ocf_session; | os = tls->ocf_session; | ||||
tag_len = tls->params.tls_tlen - 1; | tag_len = tls->params.tls_tlen - 1; | ||||
/* Payload must contain at least one byte for the record type. */ | /* Payload must contain at least one byte for the record type. */ | ||||
if (ntohs(hdr->tls_length) < tag_len + 1) | tls_len = ntohs(hdr->tls_length); | ||||
return (EBADMSG); | if (tls_len < tag_len + 1) | ||||
return (EMSGSIZE); | |||||
crypto_initreq(&crp, os->sid); | crypto_initreq(&crp, os->sid); | ||||
/* Setup the nonce. */ | /* Setup the nonce. */ | ||||
memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len); | memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len); | ||||
*(uint64_t *)(crp.crp_iv + 4) ^= htobe64(seqno); | *(uint64_t *)(crp.crp_iv + 4) ^= htobe64(seqno); | ||||
/* Setup the AAD. */ | /* Setup the AAD. */ | ||||
ad.type = hdr->tls_type; | ad.type = hdr->tls_type; | ||||
ad.tls_vmajor = hdr->tls_vmajor; | ad.tls_vmajor = hdr->tls_vmajor; | ||||
ad.tls_vminor = hdr->tls_vminor; | ad.tls_vminor = hdr->tls_vminor; | ||||
ad.tls_length = hdr->tls_length; | ad.tls_length = hdr->tls_length; | ||||
crp.crp_aad = &ad; | crp.crp_aad = &ad; | ||||
crp.crp_aad_length = sizeof(ad); | crp.crp_aad_length = sizeof(ad); | ||||
crp.crp_payload_start = tls->params.tls_hlen; | crp.crp_payload_start = tls->params.tls_hlen; | ||||
crp.crp_payload_length = ntohs(hdr->tls_length) - tag_len; | crp.crp_payload_length = tls_len - tag_len; | ||||
crp.crp_digest_start = crp.crp_payload_start + crp.crp_payload_length; | crp.crp_digest_start = crp.crp_payload_start + crp.crp_payload_length; | ||||
crp.crp_op = CRYPTO_OP_DECRYPT | CRYPTO_OP_VERIFY_DIGEST; | crp.crp_op = CRYPTO_OP_DECRYPT | CRYPTO_OP_VERIFY_DIGEST; | ||||
crp.crp_flags = CRYPTO_F_CBIMM | CRYPTO_F_IV_SEPARATE; | crp.crp_flags = CRYPTO_F_CBIMM | CRYPTO_F_IV_SEPARATE; | ||||
crypto_use_mbuf(&crp, m); | crypto_use_mbuf(&crp, m); | ||||
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) | if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) | ||||
counter_u64_add(ocf_tls13_gcm_decrypts, 1); | counter_u64_add(ocf_tls13_gcm_decrypts, 1); | ||||
Show All 11 Lines | ktls_ocf_tls13_aead_recrypt(struct ktls_session *tls, | ||||
const struct tls_record_layer *hdr, struct mbuf *m, | const struct tls_record_layer *hdr, struct mbuf *m, | ||||
uint64_t seqno) | uint64_t seqno) | ||||
{ | { | ||||
struct cryptop crp; | struct cryptop crp; | ||||
struct ktls_ocf_session *os; | struct ktls_ocf_session *os; | ||||
char *buf; | char *buf; | ||||
u_int payload_len; | u_int payload_len; | ||||
int error; | int error; | ||||
uint16_t tls_len; | |||||
os = tls->ocf_session; | os = tls->ocf_session; | ||||
/* Payload must contain at least one byte for the record type. */ | |||||
tls_len = ntohs(hdr->tls_length); | |||||
if (tls_len < AES_GMAC_HASH_LEN + 1) | |||||
return (EMSGSIZE); | |||||
crypto_initreq(&crp, os->recrypt_sid); | crypto_initreq(&crp, os->recrypt_sid); | ||||
KASSERT(tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16, | KASSERT(tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16, | ||||
("%s: only AES-GCM is supported", __func__)); | ("%s: only AES-GCM is supported", __func__)); | ||||
/* Setup the IV. */ | /* Setup the IV. */ | ||||
memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len); | memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len); | ||||
*(uint64_t *)(crp.crp_iv + 4) ^= htobe64(seqno); | *(uint64_t *)(crp.crp_iv + 4) ^= htobe64(seqno); | ||||
be32enc(crp.crp_iv + 12, 2); | be32enc(crp.crp_iv + 12, 2); | ||||
payload_len = ntohs(hdr->tls_length) - AES_GMAC_HASH_LEN; | payload_len = tls_len - AES_GMAC_HASH_LEN; | ||||
crp.crp_op = CRYPTO_OP_ENCRYPT; | crp.crp_op = CRYPTO_OP_ENCRYPT; | ||||
crp.crp_flags = CRYPTO_F_CBIMM | CRYPTO_F_IV_SEPARATE; | crp.crp_flags = CRYPTO_F_CBIMM | CRYPTO_F_IV_SEPARATE; | ||||
crypto_use_mbuf(&crp, m); | crypto_use_mbuf(&crp, m); | ||||
crp.crp_payload_start = tls->params.tls_hlen; | crp.crp_payload_start = tls->params.tls_hlen; | ||||
crp.crp_payload_length = payload_len; | crp.crp_payload_length = payload_len; | ||||
buf = malloc(payload_len, M_KTLS_OCF, M_WAITOK); | buf = malloc(payload_len, M_KTLS_OCF, M_WAITOK); | ||||
crypto_use_output_buf(&crp, buf, payload_len); | crypto_use_output_buf(&crp, buf, payload_len); | ||||
▲ Show 20 Lines • Show All 239 Lines • Show Last 20 Lines |