HomeFreeBSD

KTLS: Add a new recrypt operation to the software backend.

Description

KTLS: Add a new recrypt operation to the software backend.

When using NIC TLS RX, packets that are dropped and retransmitted are
not decrypted by the NIC but are passed along as-is. As a result, a
received TLS record might contain a mix of encrypted and decrypted
data. If this occurs, the already-decrypted data needs to be
re-encrypted so that the resulting record can then be decrypted
normally.

Add support for this for sessions using AES-GCM with TLS 1.2 or TLS
1.3. For the recrypt operation, allocate a temporary buffer and
encrypt the the payload portion of the TLS record with AES-CTR with an
initial IV constructed from the AES-GCM nonce. Then fixup the
original mbuf chain by copying the results from the temporary buffer
back into the original mbufs for any mbufs containing decrypted data.

Once it has been recrypted, the mbuf chain can then be decrypted via
the normal software decryption path.

Co-authored by: Hans Petter Selasky <hselasky@FreeBSD.org>
Reviewed by: hselasky
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35012

Details

Provenance
jhbAuthored on Apr 22 2022, 10:52 PM
Reviewer
hselasky
Differential Revision
D35012: KTLS: Add a new recrypt operation to the software backend.
Parents
rG663ae8f7f949: KTLS: Construct IV directly in crp.crp_iv for TLS 1.3 AEAD encryption.
Branches
Unknown
Tags
Unknown