Differential D32565 Diff 97244 sys/opencrypto/ktls_ocf.c

Changeset View

Standalone View

sys/opencrypto/ktls_ocf.c

Show First 20 Lines • Show All 42 Lines • ▼ Show 20 Lines
#include <sys/sysctl.h>		#include <sys/sysctl.h>
#include <sys/uio.h>		#include <sys/uio.h>
#include <vm/vm.h>		#include <vm/vm.h>
#include <vm/pmap.h>		#include <vm/pmap.h>
#include <vm/vm_param.h>		#include <vm/vm_param.h>
#include <opencrypto/cryptodev.h>		#include <opencrypto/cryptodev.h>
#include <opencrypto/ktls.h>		#include <opencrypto/ktls.h>

struct ocf_session {		struct ktls_ocf_session {
crypto_session_t sid;		crypto_session_t sid;
crypto_session_t mac_sid;		crypto_session_t mac_sid;
struct mtx lock;		struct mtx lock;
int mac_len;		int mac_len;
bool implicit_iv;		bool implicit_iv;

/* Only used for TLS 1.0 with the implicit IV. */		/* Only used for TLS 1.0 with the implicit IV. */
#ifdef INVARIANTS		#ifdef INVARIANTS
bool in_progress;		bool in_progress;
uint64_t next_seqno;		uint64_t next_seqno;
#endif		#endif
char iv[AES_BLOCK_LEN];		char iv[AES_BLOCK_LEN];
};		};

struct ocf_operation {		struct ocf_operation {
struct ocf_session *os;		struct ktls_ocf_session *os;
bool done;		bool done;
};		};

static MALLOC_DEFINE(M_KTLS_OCF, "ktls_ocf", "OCF KTLS");		static MALLOC_DEFINE(M_KTLS_OCF, "ktls_ocf", "OCF KTLS");

SYSCTL_DECL(_kern_ipc_tls);		SYSCTL_DECL(_kern_ipc_tls);
SYSCTL_DECL(_kern_ipc_tls_stats);		SYSCTL_DECL(_kern_ipc_tls_stats);

▲ Show 20 Lines • Show All 61 Lines • ▼ Show 20 Lines	ktls_ocf_callback_async(struct cryptop *crp)
mtx_lock(&oo->os->lock);		mtx_lock(&oo->os->lock);
oo->done = true;		oo->done = true;
mtx_unlock(&oo->os->lock);		mtx_unlock(&oo->os->lock);
wakeup(oo);		wakeup(oo);
return (0);		return (0);
}		}

static int		static int
ktls_ocf_dispatch(struct ocf_session os, struct cryptop crp)		ktls_ocf_dispatch(struct ktls_ocf_session os, struct cryptop crp)
{		{
struct ocf_operation oo;		struct ocf_operation oo;
int error;		int error;
bool async;		bool async;

oo.os = os;		oo.os = os;
oo.done = false;		oo.done = false;

▲ Show 20 Lines • Show All 69 Lines • ▼ Show 20 Lines
ktls_ocf_tls_cbc_encrypt(struct ktls_ocf_encrypt_state *state,		ktls_ocf_tls_cbc_encrypt(struct ktls_ocf_encrypt_state *state,
struct ktls_session tls, struct mbuf m, struct iovec *outiov,		struct ktls_session tls, struct mbuf m, struct iovec *outiov,
int outiovcnt)		int outiovcnt)
{		{
const struct tls_record_layer *hdr;		const struct tls_record_layer *hdr;
struct uio *uio;		struct uio *uio;
struct tls_mac_data *ad;		struct tls_mac_data *ad;
struct cryptop *crp;		struct cryptop *crp;
struct ocf_session *os;		struct ktls_ocf_session *os;
struct iovec iov[m->m_epg_npgs + 2];		struct iovec iov[m->m_epg_npgs + 2];
u_int pgoff;		u_int pgoff;
int i, error;		int i, error;
uint16_t tls_comp_len;		uint16_t tls_comp_len;
uint8_t pad;		uint8_t pad;

MPASS(outiovcnt + 1 <= nitems(iov));		MPASS(outiovcnt + 1 <= nitems(iov));

os = tls->cipher;		os = tls->ocf_session;
hdr = (const struct tls_record_layer *)m->m_epg_hdr;		hdr = (const struct tls_record_layer *)m->m_epg_hdr;
crp = &state->crp;		crp = &state->crp;
uio = &state->uio;		uio = &state->uio;
MPASS(tls->sync_dispatch);		MPASS(tls->sync_dispatch);

#ifdef INVARIANTS		#ifdef INVARIANTS
if (os->implicit_iv) {		if (os->implicit_iv) {
mtx_lock(&os->lock);		mtx_lock(&os->lock);
▲ Show 20 Lines • Show All 122 Lines • ▼ Show 20 Lines
ktls_ocf_tls12_aead_encrypt(struct ktls_ocf_encrypt_state *state,		ktls_ocf_tls12_aead_encrypt(struct ktls_ocf_encrypt_state *state,
struct ktls_session tls, struct mbuf m, struct iovec *outiov,		struct ktls_session tls, struct mbuf m, struct iovec *outiov,
int outiovcnt)		int outiovcnt)
{		{
const struct tls_record_layer *hdr;		const struct tls_record_layer *hdr;
struct uio *uio;		struct uio *uio;
struct tls_aead_data *ad;		struct tls_aead_data *ad;
struct cryptop *crp;		struct cryptop *crp;
struct ocf_session *os;		struct ktls_ocf_session *os;
int error;		int error;
uint16_t tls_comp_len;		uint16_t tls_comp_len;

os = tls->cipher;		os = tls->ocf_session;
hdr = (const struct tls_record_layer *)m->m_epg_hdr;		hdr = (const struct tls_record_layer *)m->m_epg_hdr;
crp = &state->crp;		crp = &state->crp;
uio = &state->uio;		uio = &state->uio;

crypto_initreq(crp, os->sid);		crypto_initreq(crp, os->sid);

/* Setup the IV. */		/* Setup the IV. */
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) {		if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) {
▲ Show 20 Lines • Show All 60 Lines • ▼ Show 20 Lines

static int		static int
ktls_ocf_tls12_aead_decrypt(struct ktls_session *tls,		ktls_ocf_tls12_aead_decrypt(struct ktls_session *tls,
const struct tls_record_layer hdr, struct mbuf m, uint64_t seqno,		const struct tls_record_layer hdr, struct mbuf m, uint64_t seqno,
int *trailer_len)		int *trailer_len)
{		{
struct tls_aead_data ad;		struct tls_aead_data ad;
struct cryptop crp;		struct cryptop crp;
struct ocf_session *os;		struct ktls_ocf_session *os;
struct ocf_operation oo;		struct ocf_operation oo;
int error;		int error;
uint16_t tls_comp_len;		uint16_t tls_comp_len;

os = tls->cipher;		os = tls->ocf_session;

oo.os = os;		oo.os = os;
oo.done = false;		oo.done = false;

crypto_initreq(&crp, os->sid);		crypto_initreq(&crp, os->sid);

/* Setup the IV. */		/* Setup the IV. */
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) {		if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) {
▲ Show 20 Lines • Show All 47 Lines • ▼ Show 20 Lines
ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state,		ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state,
struct ktls_session tls, struct mbuf m, struct iovec *outiov,		struct ktls_session tls, struct mbuf m, struct iovec *outiov,
int outiovcnt)		int outiovcnt)
{		{
const struct tls_record_layer *hdr;		const struct tls_record_layer *hdr;
struct uio *uio;		struct uio *uio;
struct tls_aead_data_13 *ad;		struct tls_aead_data_13 *ad;
struct cryptop *crp;		struct cryptop *crp;
struct ocf_session *os;		struct ktls_ocf_session *os;
char nonce[12];		char nonce[12];
int error;		int error;

os = tls->cipher;		os = tls->ocf_session;
hdr = (const struct tls_record_layer *)m->m_epg_hdr;		hdr = (const struct tls_record_layer *)m->m_epg_hdr;
crp = &state->crp;		crp = &state->crp;
uio = &state->uio;		uio = &state->uio;

crypto_initreq(crp, os->sid);		crypto_initreq(crp, os->sid);

/* Setup the nonce. */		/* Setup the nonce. */
memcpy(nonce, tls->params.iv, tls->params.iv_len);		memcpy(nonce, tls->params.iv, tls->params.iv_len);
▲ Show 20 Lines • Show All 51 Lines • ▼ Show 20 Lines	ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state,
} else		} else
error = ktls_ocf_dispatch_async(state, crp);		error = ktls_ocf_dispatch_async(state, crp);
return (error);		return (error);
}		}

void		void
ktls_ocf_free(struct ktls_session *tls)		ktls_ocf_free(struct ktls_session *tls)
{		{
struct ocf_session *os;		struct ktls_ocf_session *os;

os = tls->cipher;		os = tls->ocf_session;
crypto_freesession(os->sid);		crypto_freesession(os->sid);
mtx_destroy(&os->lock);		mtx_destroy(&os->lock);
zfree(os, M_KTLS_OCF);		zfree(os, M_KTLS_OCF);
}		}

int		int
ktls_ocf_try(struct socket so, struct ktls_session tls, int direction)		ktls_ocf_try(struct socket so, struct ktls_session tls, int direction)
{		{
struct crypto_session_params csp, mac_csp;		struct crypto_session_params csp, mac_csp;
struct ocf_session *os;		struct ktls_ocf_session *os;
int error, mac_len;		int error, mac_len;

memset(&csp, 0, sizeof(csp));		memset(&csp, 0, sizeof(csp));
memset(&mac_csp, 0, sizeof(mac_csp));		memset(&mac_csp, 0, sizeof(mac_csp));
mac_csp.csp_mode = CSP_MODE_NONE;		mac_csp.csp_mode = CSP_MODE_NONE;
mac_len = 0;		mac_len = 0;

switch (tls->params.cipher_algorithm) {		switch (tls->params.cipher_algorithm) {
▲ Show 20 Lines • Show All 118 Lines • ▼ Show 20 Lines	if (error) {
crypto_freesession(os->sid);		crypto_freesession(os->sid);
free(os, M_KTLS_OCF);		free(os, M_KTLS_OCF);
return (error);		return (error);
}		}
os->mac_len = mac_len;		os->mac_len = mac_len;
}		}

mtx_init(&os->lock, "ktls_ocf", NULL, MTX_DEF);		mtx_init(&os->lock, "ktls_ocf", NULL, MTX_DEF);
tls->cipher = os;		tls->ocf_session = os;
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16 \|\|		if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16 \|\|
tls->params.cipher_algorithm == CRYPTO_CHACHA20_POLY1305) {		tls->params.cipher_algorithm == CRYPTO_CHACHA20_POLY1305) {
if (direction == KTLS_TX) {		if (direction == KTLS_TX) {
if (tls->params.tls_vminor == TLS_MINOR_VER_THREE)		if (tls->params.tls_vminor == TLS_MINOR_VER_THREE)
tls->sw_encrypt = ktls_ocf_tls13_aead_encrypt;		tls->sw_encrypt = ktls_ocf_tls13_aead_encrypt;
else		else
tls->sw_encrypt = ktls_ocf_tls12_aead_encrypt;		tls->sw_encrypt = ktls_ocf_tls12_aead_encrypt;
} else {		} else {
Show All 19 Lines