Differential D37372 Diff 113156 sys/opencrypto/ktls_ocf.c

Changeset View

Standalone View

sys/opencrypto/ktls_ocf.c

Show First 20 Lines • Show All 632 Lines • ▼ Show 20 Lines
ktls_ocf_tls12_aead_decrypt(struct ktls_session *tls,		ktls_ocf_tls12_aead_decrypt(struct ktls_session *tls,
const struct tls_record_layer hdr, struct mbuf m, uint64_t seqno,		const struct tls_record_layer hdr, struct mbuf m, uint64_t seqno,
int *trailer_len)		int *trailer_len)
{		{
struct tls_aead_data ad;		struct tls_aead_data ad;
struct cryptop crp;		struct cryptop crp;
struct ktls_ocf_session *os;		struct ktls_ocf_session *os;
int error;		int error;
uint16_t tls_comp_len;		uint16_t tls_comp_len, tls_len;

os = tls->ocf_session;		os = tls->ocf_session;

		/* Ensure record contains at least an explicit IV and tag. */
		tls_len = ntohs(hdr->tls_length);
		if (tls_len + sizeof(*hdr) < tls->params.tls_hlen +
		tls->params.tls_tlen)
		return (EMSGSIZE);

crypto_initreq(&crp, os->sid);		crypto_initreq(&crp, os->sid);

/* Setup the IV. */		/* Setup the IV. */
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) {		if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) {
memcpy(crp.crp_iv, tls->params.iv, TLS_AEAD_GCM_LEN);		memcpy(crp.crp_iv, tls->params.iv, TLS_AEAD_GCM_LEN);
memcpy(crp.crp_iv + TLS_AEAD_GCM_LEN, hdr + 1,		memcpy(crp.crp_iv + TLS_AEAD_GCM_LEN, hdr + 1,
sizeof(uint64_t));		sizeof(uint64_t));
} else {		} else {
/*		/*
* Chacha20-Poly1305 constructs the IV for TLS 1.2		* Chacha20-Poly1305 constructs the IV for TLS 1.2
* identically to constructing the IV for AEAD in TLS		* identically to constructing the IV for AEAD in TLS
* 1.3.		* 1.3.
*/		*/
memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len);		memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len);
(uint64_t )(crp.crp_iv + 4) ^= htobe64(seqno);		(uint64_t )(crp.crp_iv + 4) ^= htobe64(seqno);
}		}

/* Setup the AAD. */		/* Setup the AAD. */
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16)		if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16)
tls_comp_len = ntohs(hdr->tls_length) -		tls_comp_len = tls_len -
(AES_GMAC_HASH_LEN + sizeof(uint64_t));		(AES_GMAC_HASH_LEN + sizeof(uint64_t));
else		else
tls_comp_len = ntohs(hdr->tls_length) - POLY1305_HASH_LEN;		tls_comp_len = tls_len - POLY1305_HASH_LEN;
ad.seq = htobe64(seqno);		ad.seq = htobe64(seqno);
ad.type = hdr->tls_type;		ad.type = hdr->tls_type;
ad.tls_vmajor = hdr->tls_vmajor;		ad.tls_vmajor = hdr->tls_vmajor;
ad.tls_vminor = hdr->tls_vminor;		ad.tls_vminor = hdr->tls_vminor;
ad.tls_length = htons(tls_comp_len);		ad.tls_length = htons(tls_comp_len);
crp.crp_aad = &ad;		crp.crp_aad = &ad;
crp.crp_aad_length = sizeof(ad);		crp.crp_aad_length = sizeof(ad);

▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines	ktls_ocf_tls12_aead_recrypt(struct ktls_session *tls,
const struct tls_record_layer hdr, struct mbuf m,		const struct tls_record_layer hdr, struct mbuf m,
uint64_t seqno)		uint64_t seqno)
{		{
struct cryptop crp;		struct cryptop crp;
struct ktls_ocf_session *os;		struct ktls_ocf_session *os;
char *buf;		char *buf;
u_int payload_len;		u_int payload_len;
int error;		int error;
		uint16_t tls_len;

os = tls->ocf_session;		os = tls->ocf_session;

		/* Ensure record contains at least an explicit IV and tag. */
		tls_len = ntohs(hdr->tls_length);
		if (tls_len < sizeof(uint64_t) + AES_GMAC_HASH_LEN)
		return (EMSGSIZE);

crypto_initreq(&crp, os->recrypt_sid);		crypto_initreq(&crp, os->recrypt_sid);

KASSERT(tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16,		KASSERT(tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16,
("%s: only AES-GCM is supported", __func__));		("%s: only AES-GCM is supported", __func__));

/* Setup the IV. */		/* Setup the IV. */
memcpy(crp.crp_iv, tls->params.iv, TLS_AEAD_GCM_LEN);		memcpy(crp.crp_iv, tls->params.iv, TLS_AEAD_GCM_LEN);
memcpy(crp.crp_iv + TLS_AEAD_GCM_LEN, hdr + 1, sizeof(uint64_t));		memcpy(crp.crp_iv + TLS_AEAD_GCM_LEN, hdr + 1, sizeof(uint64_t));
be32enc(crp.crp_iv + AES_GCM_IV_LEN, 2);		be32enc(crp.crp_iv + AES_GCM_IV_LEN, 2);

payload_len = ntohs(hdr->tls_length) -		payload_len = tls_len - (AES_GMAC_HASH_LEN + sizeof(uint64_t));
(AES_GMAC_HASH_LEN + sizeof(uint64_t));
crp.crp_op = CRYPTO_OP_ENCRYPT;		crp.crp_op = CRYPTO_OP_ENCRYPT;
crp.crp_flags = CRYPTO_F_CBIMM \| CRYPTO_F_IV_SEPARATE;		crp.crp_flags = CRYPTO_F_CBIMM \| CRYPTO_F_IV_SEPARATE;
crypto_use_mbuf(&crp, m);		crypto_use_mbuf(&crp, m);
crp.crp_payload_start = tls->params.tls_hlen;		crp.crp_payload_start = tls->params.tls_hlen;
crp.crp_payload_length = payload_len;		crp.crp_payload_length = payload_len;

buf = malloc(payload_len, M_KTLS_OCF, M_WAITOK);		buf = malloc(payload_len, M_KTLS_OCF, M_WAITOK);
crypto_use_output_buf(&crp, buf, payload_len);		crypto_use_output_buf(&crp, buf, payload_len);
▲ Show 20 Lines • Show All 97 Lines • ▼ Show 20 Lines	ktls_ocf_tls13_aead_decrypt(struct ktls_session *tls,
const struct tls_record_layer hdr, struct mbuf m, uint64_t seqno,		const struct tls_record_layer hdr, struct mbuf m, uint64_t seqno,
int *trailer_len)		int *trailer_len)
{		{
struct tls_aead_data_13 ad;		struct tls_aead_data_13 ad;
struct cryptop crp;		struct cryptop crp;
struct ktls_ocf_session *os;		struct ktls_ocf_session *os;
int error;		int error;
u_int tag_len;		u_int tag_len;
		uint16_t tls_len;

os = tls->ocf_session;		os = tls->ocf_session;

tag_len = tls->params.tls_tlen - 1;		tag_len = tls->params.tls_tlen - 1;

/* Payload must contain at least one byte for the record type. */		/* Payload must contain at least one byte for the record type. */
if (ntohs(hdr->tls_length) < tag_len + 1)		tls_len = ntohs(hdr->tls_length);
return (EBADMSG);		if (tls_len < tag_len + 1)
		return (EMSGSIZE);

crypto_initreq(&crp, os->sid);		crypto_initreq(&crp, os->sid);

/* Setup the nonce. */		/* Setup the nonce. */
memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len);		memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len);
(uint64_t )(crp.crp_iv + 4) ^= htobe64(seqno);		(uint64_t )(crp.crp_iv + 4) ^= htobe64(seqno);

/* Setup the AAD. */		/* Setup the AAD. */
ad.type = hdr->tls_type;		ad.type = hdr->tls_type;
ad.tls_vmajor = hdr->tls_vmajor;		ad.tls_vmajor = hdr->tls_vmajor;
ad.tls_vminor = hdr->tls_vminor;		ad.tls_vminor = hdr->tls_vminor;
ad.tls_length = hdr->tls_length;		ad.tls_length = hdr->tls_length;
crp.crp_aad = &ad;		crp.crp_aad = &ad;
crp.crp_aad_length = sizeof(ad);		crp.crp_aad_length = sizeof(ad);

crp.crp_payload_start = tls->params.tls_hlen;		crp.crp_payload_start = tls->params.tls_hlen;
crp.crp_payload_length = ntohs(hdr->tls_length) - tag_len;		crp.crp_payload_length = tls_len - tag_len;
crp.crp_digest_start = crp.crp_payload_start + crp.crp_payload_length;		crp.crp_digest_start = crp.crp_payload_start + crp.crp_payload_length;

crp.crp_op = CRYPTO_OP_DECRYPT \| CRYPTO_OP_VERIFY_DIGEST;		crp.crp_op = CRYPTO_OP_DECRYPT \| CRYPTO_OP_VERIFY_DIGEST;
crp.crp_flags = CRYPTO_F_CBIMM \| CRYPTO_F_IV_SEPARATE;		crp.crp_flags = CRYPTO_F_CBIMM \| CRYPTO_F_IV_SEPARATE;
crypto_use_mbuf(&crp, m);		crypto_use_mbuf(&crp, m);

if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16)		if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16)
counter_u64_add(ocf_tls13_gcm_decrypts, 1);		counter_u64_add(ocf_tls13_gcm_decrypts, 1);
Show All 11 Lines	ktls_ocf_tls13_aead_recrypt(struct ktls_session *tls,
const struct tls_record_layer hdr, struct mbuf m,		const struct tls_record_layer hdr, struct mbuf m,
uint64_t seqno)		uint64_t seqno)
{		{
struct cryptop crp;		struct cryptop crp;
struct ktls_ocf_session *os;		struct ktls_ocf_session *os;
char *buf;		char *buf;
u_int payload_len;		u_int payload_len;
int error;		int error;
		uint16_t tls_len;

os = tls->ocf_session;		os = tls->ocf_session;

		/* Payload must contain at least one byte for the record type. */
		tls_len = ntohs(hdr->tls_length);
		if (tls_len < AES_GMAC_HASH_LEN + 1)
		return (EMSGSIZE);

crypto_initreq(&crp, os->recrypt_sid);		crypto_initreq(&crp, os->recrypt_sid);

KASSERT(tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16,		KASSERT(tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16,
("%s: only AES-GCM is supported", __func__));		("%s: only AES-GCM is supported", __func__));

/* Setup the IV. */		/* Setup the IV. */
memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len);		memcpy(crp.crp_iv, tls->params.iv, tls->params.iv_len);
(uint64_t )(crp.crp_iv + 4) ^= htobe64(seqno);		(uint64_t )(crp.crp_iv + 4) ^= htobe64(seqno);
be32enc(crp.crp_iv + 12, 2);		be32enc(crp.crp_iv + 12, 2);

payload_len = ntohs(hdr->tls_length) - AES_GMAC_HASH_LEN;		payload_len = tls_len - AES_GMAC_HASH_LEN;
crp.crp_op = CRYPTO_OP_ENCRYPT;		crp.crp_op = CRYPTO_OP_ENCRYPT;
crp.crp_flags = CRYPTO_F_CBIMM \| CRYPTO_F_IV_SEPARATE;		crp.crp_flags = CRYPTO_F_CBIMM \| CRYPTO_F_IV_SEPARATE;
crypto_use_mbuf(&crp, m);		crypto_use_mbuf(&crp, m);
crp.crp_payload_start = tls->params.tls_hlen;		crp.crp_payload_start = tls->params.tls_hlen;
crp.crp_payload_length = payload_len;		crp.crp_payload_length = payload_len;

buf = malloc(payload_len, M_KTLS_OCF, M_WAITOK);		buf = malloc(payload_len, M_KTLS_OCF, M_WAITOK);
crypto_use_output_buf(&crp, buf, payload_len);		crypto_use_output_buf(&crp, buf, payload_len);
▲ Show 20 Lines • Show All 239 Lines • Show Last 20 Lines