Changeset View
Changeset View
Standalone View
Standalone View
sys/opencrypto/ktls_ocf.c
Show First 20 Lines • Show All 42 Lines • ▼ Show 20 Lines | |||||
#include <sys/sysctl.h> | #include <sys/sysctl.h> | ||||
#include <sys/uio.h> | #include <sys/uio.h> | ||||
#include <vm/vm.h> | #include <vm/vm.h> | ||||
#include <vm/pmap.h> | #include <vm/pmap.h> | ||||
#include <vm/vm_param.h> | #include <vm/vm_param.h> | ||||
#include <opencrypto/cryptodev.h> | #include <opencrypto/cryptodev.h> | ||||
#include <opencrypto/ktls.h> | #include <opencrypto/ktls.h> | ||||
struct ocf_session { | struct ktls_ocf_session { | ||||
crypto_session_t sid; | crypto_session_t sid; | ||||
crypto_session_t mac_sid; | crypto_session_t mac_sid; | ||||
struct mtx lock; | struct mtx lock; | ||||
int mac_len; | int mac_len; | ||||
bool implicit_iv; | bool implicit_iv; | ||||
/* Only used for TLS 1.0 with the implicit IV. */ | /* Only used for TLS 1.0 with the implicit IV. */ | ||||
#ifdef INVARIANTS | #ifdef INVARIANTS | ||||
bool in_progress; | bool in_progress; | ||||
uint64_t next_seqno; | uint64_t next_seqno; | ||||
#endif | #endif | ||||
char iv[AES_BLOCK_LEN]; | char iv[AES_BLOCK_LEN]; | ||||
}; | }; | ||||
struct ocf_operation { | struct ocf_operation { | ||||
struct ocf_session *os; | struct ktls_ocf_session *os; | ||||
bool done; | bool done; | ||||
}; | }; | ||||
static MALLOC_DEFINE(M_KTLS_OCF, "ktls_ocf", "OCF KTLS"); | static MALLOC_DEFINE(M_KTLS_OCF, "ktls_ocf", "OCF KTLS"); | ||||
SYSCTL_DECL(_kern_ipc_tls); | SYSCTL_DECL(_kern_ipc_tls); | ||||
SYSCTL_DECL(_kern_ipc_tls_stats); | SYSCTL_DECL(_kern_ipc_tls_stats); | ||||
▲ Show 20 Lines • Show All 61 Lines • ▼ Show 20 Lines | ktls_ocf_callback_async(struct cryptop *crp) | ||||
mtx_lock(&oo->os->lock); | mtx_lock(&oo->os->lock); | ||||
oo->done = true; | oo->done = true; | ||||
mtx_unlock(&oo->os->lock); | mtx_unlock(&oo->os->lock); | ||||
wakeup(oo); | wakeup(oo); | ||||
return (0); | return (0); | ||||
} | } | ||||
static int | static int | ||||
ktls_ocf_dispatch(struct ocf_session *os, struct cryptop *crp) | ktls_ocf_dispatch(struct ktls_ocf_session *os, struct cryptop *crp) | ||||
{ | { | ||||
struct ocf_operation oo; | struct ocf_operation oo; | ||||
int error; | int error; | ||||
bool async; | bool async; | ||||
oo.os = os; | oo.os = os; | ||||
oo.done = false; | oo.done = false; | ||||
▲ Show 20 Lines • Show All 69 Lines • ▼ Show 20 Lines | |||||
ktls_ocf_tls_cbc_encrypt(struct ktls_ocf_encrypt_state *state, | ktls_ocf_tls_cbc_encrypt(struct ktls_ocf_encrypt_state *state, | ||||
struct ktls_session *tls, struct mbuf *m, struct iovec *outiov, | struct ktls_session *tls, struct mbuf *m, struct iovec *outiov, | ||||
int outiovcnt) | int outiovcnt) | ||||
{ | { | ||||
const struct tls_record_layer *hdr; | const struct tls_record_layer *hdr; | ||||
struct uio *uio; | struct uio *uio; | ||||
struct tls_mac_data *ad; | struct tls_mac_data *ad; | ||||
struct cryptop *crp; | struct cryptop *crp; | ||||
struct ocf_session *os; | struct ktls_ocf_session *os; | ||||
struct iovec iov[m->m_epg_npgs + 2]; | struct iovec iov[m->m_epg_npgs + 2]; | ||||
u_int pgoff; | u_int pgoff; | ||||
int i, error; | int i, error; | ||||
uint16_t tls_comp_len; | uint16_t tls_comp_len; | ||||
uint8_t pad; | uint8_t pad; | ||||
MPASS(outiovcnt + 1 <= nitems(iov)); | MPASS(outiovcnt + 1 <= nitems(iov)); | ||||
os = tls->cipher; | os = tls->ocf_session; | ||||
hdr = (const struct tls_record_layer *)m->m_epg_hdr; | hdr = (const struct tls_record_layer *)m->m_epg_hdr; | ||||
crp = &state->crp; | crp = &state->crp; | ||||
uio = &state->uio; | uio = &state->uio; | ||||
MPASS(tls->sync_dispatch); | MPASS(tls->sync_dispatch); | ||||
#ifdef INVARIANTS | #ifdef INVARIANTS | ||||
if (os->implicit_iv) { | if (os->implicit_iv) { | ||||
mtx_lock(&os->lock); | mtx_lock(&os->lock); | ||||
▲ Show 20 Lines • Show All 122 Lines • ▼ Show 20 Lines | |||||
ktls_ocf_tls12_aead_encrypt(struct ktls_ocf_encrypt_state *state, | ktls_ocf_tls12_aead_encrypt(struct ktls_ocf_encrypt_state *state, | ||||
struct ktls_session *tls, struct mbuf *m, struct iovec *outiov, | struct ktls_session *tls, struct mbuf *m, struct iovec *outiov, | ||||
int outiovcnt) | int outiovcnt) | ||||
{ | { | ||||
const struct tls_record_layer *hdr; | const struct tls_record_layer *hdr; | ||||
struct uio *uio; | struct uio *uio; | ||||
struct tls_aead_data *ad; | struct tls_aead_data *ad; | ||||
struct cryptop *crp; | struct cryptop *crp; | ||||
struct ocf_session *os; | struct ktls_ocf_session *os; | ||||
int error; | int error; | ||||
uint16_t tls_comp_len; | uint16_t tls_comp_len; | ||||
os = tls->cipher; | os = tls->ocf_session; | ||||
hdr = (const struct tls_record_layer *)m->m_epg_hdr; | hdr = (const struct tls_record_layer *)m->m_epg_hdr; | ||||
crp = &state->crp; | crp = &state->crp; | ||||
uio = &state->uio; | uio = &state->uio; | ||||
crypto_initreq(crp, os->sid); | crypto_initreq(crp, os->sid); | ||||
/* Setup the IV. */ | /* Setup the IV. */ | ||||
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) { | if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) { | ||||
▲ Show 20 Lines • Show All 60 Lines • ▼ Show 20 Lines | |||||
static int | static int | ||||
ktls_ocf_tls12_aead_decrypt(struct ktls_session *tls, | ktls_ocf_tls12_aead_decrypt(struct ktls_session *tls, | ||||
const struct tls_record_layer *hdr, struct mbuf *m, uint64_t seqno, | const struct tls_record_layer *hdr, struct mbuf *m, uint64_t seqno, | ||||
int *trailer_len) | int *trailer_len) | ||||
{ | { | ||||
struct tls_aead_data ad; | struct tls_aead_data ad; | ||||
struct cryptop crp; | struct cryptop crp; | ||||
struct ocf_session *os; | struct ktls_ocf_session *os; | ||||
struct ocf_operation oo; | struct ocf_operation oo; | ||||
int error; | int error; | ||||
uint16_t tls_comp_len; | uint16_t tls_comp_len; | ||||
os = tls->cipher; | os = tls->ocf_session; | ||||
oo.os = os; | oo.os = os; | ||||
oo.done = false; | oo.done = false; | ||||
crypto_initreq(&crp, os->sid); | crypto_initreq(&crp, os->sid); | ||||
/* Setup the IV. */ | /* Setup the IV. */ | ||||
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) { | if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) { | ||||
▲ Show 20 Lines • Show All 47 Lines • ▼ Show 20 Lines | |||||
ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state, | ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state, | ||||
struct ktls_session *tls, struct mbuf *m, struct iovec *outiov, | struct ktls_session *tls, struct mbuf *m, struct iovec *outiov, | ||||
int outiovcnt) | int outiovcnt) | ||||
{ | { | ||||
const struct tls_record_layer *hdr; | const struct tls_record_layer *hdr; | ||||
struct uio *uio; | struct uio *uio; | ||||
struct tls_aead_data_13 *ad; | struct tls_aead_data_13 *ad; | ||||
struct cryptop *crp; | struct cryptop *crp; | ||||
struct ocf_session *os; | struct ktls_ocf_session *os; | ||||
char nonce[12]; | char nonce[12]; | ||||
int error; | int error; | ||||
os = tls->cipher; | os = tls->ocf_session; | ||||
hdr = (const struct tls_record_layer *)m->m_epg_hdr; | hdr = (const struct tls_record_layer *)m->m_epg_hdr; | ||||
crp = &state->crp; | crp = &state->crp; | ||||
uio = &state->uio; | uio = &state->uio; | ||||
crypto_initreq(crp, os->sid); | crypto_initreq(crp, os->sid); | ||||
/* Setup the nonce. */ | /* Setup the nonce. */ | ||||
memcpy(nonce, tls->params.iv, tls->params.iv_len); | memcpy(nonce, tls->params.iv, tls->params.iv_len); | ||||
▲ Show 20 Lines • Show All 51 Lines • ▼ Show 20 Lines | ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state, | ||||
} else | } else | ||||
error = ktls_ocf_dispatch_async(state, crp); | error = ktls_ocf_dispatch_async(state, crp); | ||||
return (error); | return (error); | ||||
} | } | ||||
void | void | ||||
ktls_ocf_free(struct ktls_session *tls) | ktls_ocf_free(struct ktls_session *tls) | ||||
{ | { | ||||
struct ocf_session *os; | struct ktls_ocf_session *os; | ||||
os = tls->cipher; | os = tls->ocf_session; | ||||
crypto_freesession(os->sid); | crypto_freesession(os->sid); | ||||
mtx_destroy(&os->lock); | mtx_destroy(&os->lock); | ||||
zfree(os, M_KTLS_OCF); | zfree(os, M_KTLS_OCF); | ||||
} | } | ||||
int | int | ||||
ktls_ocf_try(struct socket *so, struct ktls_session *tls, int direction) | ktls_ocf_try(struct socket *so, struct ktls_session *tls, int direction) | ||||
{ | { | ||||
struct crypto_session_params csp, mac_csp; | struct crypto_session_params csp, mac_csp; | ||||
struct ocf_session *os; | struct ktls_ocf_session *os; | ||||
int error, mac_len; | int error, mac_len; | ||||
memset(&csp, 0, sizeof(csp)); | memset(&csp, 0, sizeof(csp)); | ||||
memset(&mac_csp, 0, sizeof(mac_csp)); | memset(&mac_csp, 0, sizeof(mac_csp)); | ||||
mac_csp.csp_mode = CSP_MODE_NONE; | mac_csp.csp_mode = CSP_MODE_NONE; | ||||
mac_len = 0; | mac_len = 0; | ||||
switch (tls->params.cipher_algorithm) { | switch (tls->params.cipher_algorithm) { | ||||
▲ Show 20 Lines • Show All 118 Lines • ▼ Show 20 Lines | if (error) { | ||||
crypto_freesession(os->sid); | crypto_freesession(os->sid); | ||||
free(os, M_KTLS_OCF); | free(os, M_KTLS_OCF); | ||||
return (error); | return (error); | ||||
} | } | ||||
os->mac_len = mac_len; | os->mac_len = mac_len; | ||||
} | } | ||||
mtx_init(&os->lock, "ktls_ocf", NULL, MTX_DEF); | mtx_init(&os->lock, "ktls_ocf", NULL, MTX_DEF); | ||||
tls->cipher = os; | tls->ocf_session = os; | ||||
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16 || | if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16 || | ||||
tls->params.cipher_algorithm == CRYPTO_CHACHA20_POLY1305) { | tls->params.cipher_algorithm == CRYPTO_CHACHA20_POLY1305) { | ||||
if (direction == KTLS_TX) { | if (direction == KTLS_TX) { | ||||
if (tls->params.tls_vminor == TLS_MINOR_VER_THREE) | if (tls->params.tls_vminor == TLS_MINOR_VER_THREE) | ||||
tls->sw_encrypt = ktls_ocf_tls13_aead_encrypt; | tls->sw_encrypt = ktls_ocf_tls13_aead_encrypt; | ||||
else | else | ||||
tls->sw_encrypt = ktls_ocf_tls12_aead_encrypt; | tls->sw_encrypt = ktls_ocf_tls12_aead_encrypt; | ||||
} else { | } else { | ||||
Show All 19 Lines |