From patchwork Thu Mar 8 16:50:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Watson X-Patchwork-Id: 10268419 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 74C666016D for ; Thu, 8 Mar 2018 16:51:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 610B72993E for ; Thu, 8 Mar 2018 16:51:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 54FC729AE8; Thu, 8 Mar 2018 16:51:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 704C829ADF for ; Thu, 8 Mar 2018 16:51:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933700AbeCHQvK (ORCPT ); Thu, 8 Mar 2018 11:51:10 -0500 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:55066 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932801AbeCHQvI (ORCPT ); Thu, 8 Mar 2018 11:51:08 -0500 Received: from pps.filterd (m0001303.ppops.net [127.0.0.1]) by m0001303.ppops.net (8.16.0.22/8.16.0.22) with SMTP id w28Gl9iZ010893; Thu, 8 Mar 2018 08:50:31 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=facebook; bh=yPu95w1kWd0HC7voaA+VTNgr1b1hyTsMaA7v/T9t/1w=; b=ctUKs28DzeOU2jV3kLvNEtq1r141hc3SCwlPFc29J7KC5zWpNqaRCQm82tf+9/6+yh84 yHrT5IrZRbw00Ky8QgH7e2VuN0Zkagh28Om0fA5aqEVymolOjRxXdAzJuUtoBxiQrsvN +V5icNBVscREUhLPZp3BBOCNoP4nlQmKr4E= Received: from maileast.thefacebook.com ([199.201.65.23]) by m0001303.ppops.net with ESMTP id 2gk70qgd9x-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 08 Mar 2018 08:50:31 -0800 Received: from NAM01-BY2-obe.outbound.protection.outlook.com (192.168.183.28) by o365-in.thefacebook.com (192.168.177.25) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 8 Mar 2018 11:50:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yPu95w1kWd0HC7voaA+VTNgr1b1hyTsMaA7v/T9t/1w=; b=IbpHhX/q2WbpvSqWePe5UXTt7XdJecntZKwgN6jVDMR5fJzHsAtBekiGTvlrABorwZY/hmOYasmWtCmOjxtyuIKCRuii7kzAp1lHywczlHejnZUjK0zXlFJ1EyDKebyMrgORDQJlPJmaq3yrFaJCmAPuhXzsvpZftja7QGw0jVA= Received: from localhost (2620:10d:c090:180::1:bce7) by CY4PR15MB1127.namprd15.prod.outlook.com (2603:10b6:903:106::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 16:50:26 +0000 Date: Thu, 8 Mar 2018 08:50:23 -0800 From: Dave Watson To: "David S. Miller" , Tom Herbert , Alexei Starovoitov , , , , , CC: Atul Gupta , Vakul Garg , Hannes Frederic Sowa , Steffen Klassert , John Fastabend , Daniel Borkmann Subject: [PATCH RFC 2/5] tls: Move cipher info to a separate struct Message-ID: <20180308165023.GA19531@davejwatson-mba> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.0 (2016-04-01) X-Originating-IP: [2620:10d:c090:180::1:bce7] X-ClientProxiedBy: CY4PR2201CA0023.namprd22.prod.outlook.com (2603:10b6:910:5f::33) To CY4PR15MB1127.namprd15.prod.outlook.com (2603:10b6:903:106::13) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 54418913-d158-46a6-d6e5-08d58514b19d X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:CY4PR15MB1127; X-Microsoft-Exchange-Diagnostics: 1; CY4PR15MB1127; 3:DDajQaPAzVTuNFeM+LGDA8Y3ywdktQunUFZbCJYte8q3AztNaDA0KM7KSsLl+Y7/7z0W8ssB8vDG3tnUO3ZnVZsOJrp5KwKqzg7liJX9pwkj2jjhA5zDOtDXxRZv/zkN8bvBJdBLtBmigXRLhozcrgoMqM3+xX1x+axk0FU8gevXoPt1ZcagOveq3VqhDg+7IdxyFGod7VGykwUBMwUeBJfxJAXjCeZ17Bs7R+diwxD16C0H0lH2IduundE23R5c; 25:uaJq//0ojxq9js4iItJzfxAMxJGbiXee7s3/AArw5cNzj4r8ArSTgSEEuNODYmgzIWmSb/3flCc6EhhC9Me95SZ3El5E45uJXbg2VaBEXdDzp5axnOEhefNi3DbHsaPiaraEbL6IkSyW5UKvNh4W4OEgrUCzWr68hCYGZgr///pZKtr5fgK7lKyY6GEkwEpQ5SQRFFJ/l8CvXYUxD4LY3L3XRfcYwUSCSc3hjA3+anRGsXGUrkUMgFpVbWF6w88m0Ng78oNHEkeImsmJ9XLYydMSYCdx/WFh5UNDxh77HPni0akxaxpSoZeZOcS1kR7IiAku1by1aOeK1Zssr64m7Q==; 31:g5Von2qlO4VjnskWuKYbOsyGEcRthm35rjGEECfNBdYrEiN0Z5HKv3XGyM3UroGZVyRbjoFVrZPqkHeqQiyQv89yRkzYCAA/uX5hL9/nHifGMuJxeooqJNE0zZnDTmbS04dqC3efyeeLJORCsVMdUJj/fwd/fXhxfY08iaOCcPhkgkaQf8EO2CF2TaikJZVKbRDNjZspS7Ne4k0mBNdVBErvXp82ayK/DmK2ktMiCFQ= X-MS-TrafficTypeDiagnostic: CY4PR15MB1127: X-Microsoft-Exchange-Diagnostics: 1; CY4PR15MB1127; 20:ePrM1szwFqdZmfsJHw6VBa9BssKoy0EdYXn10nbcDwLIT7feqcAgcqL93FQjapL4huKYdFj/qHmukLCt1j0qQlbI93q7OImQcBk3O9oamAhNOWxj3cq5mO6ccha9u0fPhA+oXR4RPQl+2JePCWEo4YZIXmKwZ5dAGQayjABQISX1QXpyhICZR14ts+HCPYx+2Dkx8zkJuPGKZb168hJ1hD0pJaIO0gjJty2mtT6IegqMuw6bSQTFNnARO+bHGdvFzecpRxzEbZo/+urGVckDijl9zgjO6dE7X+4yCdWtCln2Lg3akp1D0Qiv0QXkc9h1CgsfA5KGGnt4XgY5rusMYjSJ+FTjliQAtN9VSKNc1GsG7rXTWt+AWveidkmVj/qgRMPmOg2J8EJp4XAhXqC5PfzUeNAoiL4qqb5vONGzN6X41gcIhI+BG3OgNWeakvq/plsY9sJJ9nmyiOQg6YOtm0APw07dflPN57b2xwRR2tHaSbtGRhKgZJbaIPVGLILM; 4:j/WULLD/ds+cNm7qt8FV5/C+uB+7/AdKUn9o6oTKGXJsKnUp+jpcnWBRoEjEVInjjavyNAauKJa4gQkvdBGRzih24YZRYn0LGy+qnoKX0vxYw5gIGx2X3nKR+LY3sve4NwneNFQVdGtmOoBUJckgwQo46Rzb8s1a7aWFkrtRLF/cB2cFij2f+cnRGtEee57qb0vdYTJxXVhK1HkExDjCFJfZX4GAZHuHEmiMamLTDDp9eNDvUW3DkoR7LQ0SVkzndlLLtnbGgjkVidaWLXOuUK/URem98udEYiTqISSc7dCNukmDpiop5NqYT5f9XHjvc67V/rqIjxK+8tw7K1FR92Ht56UAR3bUdVZDxuaCX5w= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(67672495146484)(266576461109395); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3231220)(11241501184)(944501244)(52105095)(3002001)(10201501046)(93006095)(93001095)(6041288)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:CY4PR15MB1127; BCL:0; PCL:0; RULEID:; SRVR:CY4PR15MB1127; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6069001)(7916004)(366004)(376002)(396003)(39380400002)(346002)(39860400002)(189003)(199004)(105586002)(76506005)(25786009)(59450400001)(76176011)(52116002)(46003)(110136005)(58126008)(316002)(16586007)(52396003)(6496006)(8656006)(54906003)(6486002)(386003)(47776003)(86362001)(5660300001)(33716001)(9686003)(4326008)(39060400002)(33896004)(53936002)(7736002)(50466002)(97736004)(305945005)(68736007)(81156014)(33656002)(478600001)(8676002)(1076002)(23726003)(6116002)(6666003)(106356001)(2950100002)(186003)(16526019)(2906002)(8936002)(7416002)(81166006)(18370500001)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR15MB1127; H:localhost; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: fb.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY4PR15MB1127; 23:bhWne9QUwxcBTfV3DfzBGAkggZlIS1GmSX5U6t8Xk?= =?us-ascii?Q?wgGX27dxL96E6fN5xkUEcArfsfUlt8+jwl6XVDB6o1//MqHbySFbaJ7jUE/W?= =?us-ascii?Q?DOH8HC3Rz1xh/olNTqI20TKqj1LYXvwOu8yc1cNh9rPwfKMGrFa6v2UVcj7X?= =?us-ascii?Q?ZgrzYSMus5D80/xZScmqK4QyWc3QH5ObT6o2X0sPeQ1fiR2HLbCtSEH6924X?= =?us-ascii?Q?/FnM2IiUkle/IzvWO/3PYoeUNe9/2Y5IuJ56tJYEKMYX51l0sNrJ6a4IfHb4?= =?us-ascii?Q?/K3WtK7r65J9R438+UyEQee9xQ8/tjb7zDwQbvZ2tqpCSincYHOhAbsDDjTB?= =?us-ascii?Q?ga65LSniJZuWtwj/e0aCd5vvL1y+3BHc/mLjRDFt6o8NXK5LZPRqb+0GWV0k?= =?us-ascii?Q?DjkjNDMdkztIowDApS3V/qhCoBc9n/VVMH2lxoHh1Xq2C+pbd3tOpBunk3BV?= =?us-ascii?Q?0fHEj4Qx4CGgVvCyIcBZsjtC/LDqV9hKdVzz5TjfnxbgQlz+Eq91gjIdNtYT?= =?us-ascii?Q?TmwWCR+2hFM16D33fTmjTlN8BMHLkkG0D0Gs9a3t9Zs78ooRAKTsrIMCLjYs?= =?us-ascii?Q?2cgaLMlojkbZZ+UpdU7mmXn0Hn4dY6w5+qZEKKSuFIh9cd3i/dNfa2Ct14LT?= =?us-ascii?Q?AHcTrxqexnrNbTpKM0NJ12/0Zce/tJkbjJohIonwrENSYG9kyULp5RKnOQsS?= =?us-ascii?Q?kjv5T1iECShgdozyibFyzPH36DtAzBYLliUF7s49V81GfX2zNF2xHPjVL/w9?= =?us-ascii?Q?hAOTvNygRC86NXPmMukZJ4clYGyI5BPmfeEivuX/JuHuSxQejOCB+lmaoxQ1?= =?us-ascii?Q?KaFgzrfl1X84p00ldm8HJlarj4irZzMLwBYJZ+hKc0kEAOoCylWHB/PfWJiQ?= =?us-ascii?Q?iVrMzSv50It9Oh43dfvO1EUrikqMA4ftXvZzDUWSSP8H6OUQAl+jOUhofg9o?= =?us-ascii?Q?7hzxLuMLFpO7nikw3XxEV8Ww9V56OrWX5V1eEnEd3pY6LUPgGTDZUXSwBnHO?= =?us-ascii?Q?9fKNSi0Rh/wKK/PyP8/Is/C/02nORy07dmdt2riteHnBCnPkUdrAq5aKNdwy?= =?us-ascii?Q?Vo9a8YiHH1FA8Bm8xpsFCuywNruk2q6XfxCpvbrYBcX9cMjR3hTET6wpQybQ?= =?us-ascii?Q?l9++VJ66CN1Hg+FRFA8ZkoFyCYiZ9w1TTqD+3XeSq+WPlAEAYVnIVUHMo3xn?= =?us-ascii?Q?i6As1joDNjgXxwve5u3uqIXp9IInXZ+sor+S9BJcD+WhrD0BF10/REetc3JF?= =?us-ascii?Q?TtJAzHSIBHDctHw74nuZBChdm+ELM1ULMr0Q3MrT5mj1YAfGPxRx7UjscQmu?= =?us-ascii?Q?yDZGuLRZLshyGukHEO0UGFWxo1+FL3zUOsxbUAAgWYi?= X-Microsoft-Antispam-Message-Info: sAwQD8WtDYmJdV8v3dUPL3pJSCbwMHw8htvoSJHsBI1zpY5BB4FthLcGYoGi0CestobDIJ/L8XRbLRz1FbOJss+aaiNWn4q2wXekVIMx2gBnDfEc4ZgibcKexVTrZrldsVa6/3EGBOu7pvIT5f1fQwXl2Z/1R+/0CkOh0f8uFdlLILKHc+5CPbbUDMxmKtGT X-Microsoft-Exchange-Diagnostics: 1; CY4PR15MB1127; 6:qWq9w2lt4oEM4Q9c/PqTt5/ld9Qsuvs2OLAKTA8c21VONeSc02PWQ8ddUfPLLmW/TIhXFbvKwKn8Afh1xe8XIEhTcFtx/taRbDXQJnSEhSesSZ1+z/nqZFCzf4LxxyDy7eeU9Az9k2QM+QDVLCcz68SG4w11dr5dw9BO5r8b0+C5YyGgDMMb6aGZMSZa47sWYIxC4HIxaPHrsjG8pm2I3AmZKHHoQU7vObsvDr7znE1y6Ts/KwBWK0iRN+7VxZ/TwpbcsfGVlCP1XNt5A0aB3Ufhzg37RQKvM8Xnk7fQ8+y5GbKC6XxLipRMQ+brIENX6W0mg7RIVIsJwuf+2GnwtyUrd/PPndos647WyIoYOS8=; 5:LM3Q+fTw1aAzXWqfHhkZ+3LYqeoTHjvTbd0raIxIn70B2byiaahZjKQTN0aqc/5utEswO+K42nlakVW0e1BeZJQMDXkQKz2izJYCAH+xBkOFS0nBaoFfAIXiCz3tbSkY0dez0bHDc2IXo5JlJktBACElUoDQwsaqot4Ckd9giNw=; 24:mi3Zuk8rwXPvJ27HJOjr19779dpYb5bddScCzlYaDX+qDoc1k4WLz3yG/dWJJIczVKTQ+6W1n8FcCwD/7RQG75cqvPP2Nn1BX7QdgD+xf3I=; 7:jDl3Ymsr8+F7TI4meVB/poEOD1wiMS8snB6/L8YRSmqvNhcMrPZXqQTAoviplDouexGmXEx3JcQygZb+b2Sx8ggd5JrxiOZxJ+x0P/Jrl91lOmiohXT8nA+rg0VN3vHQCR34F56psZBcdAC0cJthpuJaZxF34CFe1FEOu//R9++rFjeplInn3IbNyYv8HlNofO0gNZyS0P3SaeFn0EjajLrUSnPAQYW139fT2pfmd5RjNmZBdnkaT1WhAn/664SD SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR15MB1127; 20:OZFVHQ9fQUHNRh2e81kjkOMXWfo9Wpx4rK0YgKAs0ToH2OU/9CPqDjugRZGBLsA89/2WJv5SqUmxIZW91gbOUlOjHoJCmAi4dyoSFALNIltDi0G6E3X5OpNeNmXOsxnhJksc0eWkGnDXax8ZK8vahPEdNhhHR26BSc8vJVoEho8= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 16:50:26.6826 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 54418913-d158-46a6-d6e5-08d58514b19d X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR15MB1127 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-08_09:, , signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Separate tx crypto parameters to a separate cipher_context struct. The same parameters will be used for rx using the same struct. tls_advance_record_sn is modified to only take the cipher info. Signed-off-by: Dave Watson --- include/net/tls.h | 26 +++++++++++++----------- net/tls/tls_main.c | 8 ++++---- net/tls/tls_sw.c | 58 ++++++++++++++++++++++++++++-------------------------- 3 files changed, 49 insertions(+), 43 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 4913430..019e52d 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -81,6 +81,16 @@ enum { TLS_PENDING_CLOSED_RECORD }; +struct cipher_context { + u16 prepend_size; + u16 tag_size; + u16 overhead_size; + u16 iv_size; + char *iv; + u16 rec_seq_size; + char *rec_seq; +}; + struct tls_context { union { struct tls_crypto_info crypto_send; @@ -91,13 +101,7 @@ struct tls_context { u8 tx_conf:2; - u16 prepend_size; - u16 tag_size; - u16 overhead_size; - u16 iv_size; - char *iv; - u16 rec_seq_size; - char *rec_seq; + struct cipher_context tx; struct scatterlist *partially_sent_record; u16 partially_sent_offset; @@ -190,7 +194,7 @@ static inline bool tls_bigint_increment(unsigned char *seq, int len) } static inline void tls_advance_record_sn(struct sock *sk, - struct tls_context *ctx) + struct cipher_context *ctx) { if (tls_bigint_increment(ctx->rec_seq, ctx->rec_seq_size)) tls_err_abort(sk); @@ -203,9 +207,9 @@ static inline void tls_fill_prepend(struct tls_context *ctx, size_t plaintext_len, unsigned char record_type) { - size_t pkt_len, iv_size = ctx->iv_size; + size_t pkt_len, iv_size = ctx->tx.iv_size; - pkt_len = plaintext_len + iv_size + ctx->tag_size; + pkt_len = plaintext_len + iv_size + ctx->tx.tag_size; /* we cover nonce explicit here as well, so buf should be of * size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE @@ -217,7 +221,7 @@ static inline void tls_fill_prepend(struct tls_context *ctx, buf[3] = pkt_len >> 8; buf[4] = pkt_len & 0xFF; memcpy(buf + TLS_NONCE_OFFSET, - ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv_size); + ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv_size); } static inline void tls_make_aad(char *buf, diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index d824d54..c671560 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -259,8 +259,8 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) } } - kfree(ctx->rec_seq); - kfree(ctx->iv); + kfree(ctx->tx.rec_seq); + kfree(ctx->tx.iv); if (ctx->tx_conf == TLS_SW_TX) tls_sw_free_tx_resources(sk); @@ -319,9 +319,9 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval, } lock_sock(sk); memcpy(crypto_info_aes_gcm_128->iv, - ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, TLS_CIPHER_AES_GCM_128_IV_SIZE); - memcpy(crypto_info_aes_gcm_128->rec_seq, ctx->rec_seq, + memcpy(crypto_info_aes_gcm_128->rec_seq, ctx->tx.rec_seq, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); release_sock(sk); if (copy_to_user(optval, diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index d58f675..dd4441d 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -79,7 +79,7 @@ static void trim_both_sgl(struct sock *sk, int target_size) target_size); if (target_size > 0) - target_size += tls_ctx->overhead_size; + target_size += tls_ctx->tx.overhead_size; trim_sg(sk, ctx->sg_encrypted_data, &ctx->sg_encrypted_num_elem, @@ -207,21 +207,21 @@ static int tls_do_encryption(struct tls_context *tls_ctx, if (!aead_req) return -ENOMEM; - ctx->sg_encrypted_data[0].offset += tls_ctx->prepend_size; - ctx->sg_encrypted_data[0].length -= tls_ctx->prepend_size; + ctx->sg_encrypted_data[0].offset += tls_ctx->tx.prepend_size; + ctx->sg_encrypted_data[0].length -= tls_ctx->tx.prepend_size; aead_request_set_tfm(aead_req, ctx->aead_send); aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE); aead_request_set_crypt(aead_req, ctx->sg_aead_in, ctx->sg_aead_out, - data_len, tls_ctx->iv); + data_len, tls_ctx->tx.iv); aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG, crypto_req_done, &ctx->async_wait); rc = crypto_wait_req(crypto_aead_encrypt(aead_req), &ctx->async_wait); - ctx->sg_encrypted_data[0].offset -= tls_ctx->prepend_size; - ctx->sg_encrypted_data[0].length += tls_ctx->prepend_size; + ctx->sg_encrypted_data[0].offset -= tls_ctx->tx.prepend_size; + ctx->sg_encrypted_data[0].length += tls_ctx->tx.prepend_size; kfree(aead_req); return rc; @@ -238,7 +238,7 @@ static int tls_push_record(struct sock *sk, int flags, sg_mark_end(ctx->sg_encrypted_data + ctx->sg_encrypted_num_elem - 1); tls_make_aad(ctx->aad_space, ctx->sg_plaintext_size, - tls_ctx->rec_seq, tls_ctx->rec_seq_size, + tls_ctx->tx.rec_seq, tls_ctx->tx.rec_seq_size, record_type); tls_fill_prepend(tls_ctx, @@ -271,7 +271,7 @@ static int tls_push_record(struct sock *sk, int flags, if (rc < 0 && rc != -EAGAIN) tls_err_abort(sk); - tls_advance_record_sn(sk, tls_ctx); + tls_advance_record_sn(sk, &tls_ctx->tx); return rc; } @@ -412,7 +412,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) } required_size = ctx->sg_plaintext_size + try_to_copy + - tls_ctx->overhead_size; + tls_ctx->tx.overhead_size; if (!sk_stream_memory_free(sk)) goto wait_for_sndbuf; @@ -475,7 +475,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) &ctx->sg_encrypted_num_elem, &ctx->sg_encrypted_size, ctx->sg_plaintext_size + - tls_ctx->overhead_size); + tls_ctx->tx.overhead_size); } ret = memcopy_from_iter(sk, &msg->msg_iter, try_to_copy); @@ -567,7 +567,7 @@ int tls_sw_sendpage(struct sock *sk, struct page *page, full_record = true; } required_size = ctx->sg_plaintext_size + copy + - tls_ctx->overhead_size; + tls_ctx->tx.overhead_size; if (!sk_stream_memory_free(sk)) goto wait_for_sndbuf; @@ -699,24 +699,26 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) goto free_priv; } - ctx->prepend_size = TLS_HEADER_SIZE + nonce_size; - ctx->tag_size = tag_size; - ctx->overhead_size = ctx->prepend_size + ctx->tag_size; - ctx->iv_size = iv_size; - ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, GFP_KERNEL); - if (!ctx->iv) { + ctx->tx.prepend_size = TLS_HEADER_SIZE + nonce_size; + ctx->tx.tag_size = tag_size; + ctx->tx.overhead_size = ctx->tx.prepend_size + ctx->tx.tag_size; + ctx->tx.iv_size = iv_size; + ctx->tx.iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + GFP_KERNEL); + if (!ctx->tx.iv) { rc = -ENOMEM; goto free_priv; } - memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE); - memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size); - ctx->rec_seq_size = rec_seq_size; - ctx->rec_seq = kmalloc(rec_seq_size, GFP_KERNEL); - if (!ctx->rec_seq) { + memcpy(ctx->tx.iv, gcm_128_info->salt, + TLS_CIPHER_AES_GCM_128_SALT_SIZE); + memcpy(ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size); + ctx->tx.rec_seq_size = rec_seq_size; + ctx->tx.rec_seq = kmalloc(rec_seq_size, GFP_KERNEL); + if (!ctx->tx.rec_seq) { rc = -ENOMEM; goto free_iv; } - memcpy(ctx->rec_seq, rec_seq, rec_seq_size); + memcpy(ctx->tx.rec_seq, rec_seq, rec_seq_size); sg_init_table(sw_ctx->sg_encrypted_data, ARRAY_SIZE(sw_ctx->sg_encrypted_data)); @@ -752,7 +754,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) if (rc) goto free_aead; - rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size); + rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tx.tag_size); if (!rc) return 0; @@ -760,11 +762,11 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) crypto_free_aead(sw_ctx->aead_send); sw_ctx->aead_send = NULL; free_rec_seq: - kfree(ctx->rec_seq); - ctx->rec_seq = NULL; + kfree(ctx->tx.rec_seq); + ctx->tx.rec_seq = NULL; free_iv: - kfree(ctx->iv); - ctx->iv = NULL; + kfree(ctx->tx.iv); + ctx->tx.iv = NULL; free_priv: kfree(ctx->priv_ctx); ctx->priv_ctx = NULL;