From patchwork Tue Mar 20 17:53:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Watson X-Patchwork-Id: 10297675 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5FA5D60386 for ; Tue, 20 Mar 2018 17:54:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4BCE726538 for ; Tue, 20 Mar 2018 17:54:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3F153283A6; Tue, 20 Mar 2018 17:54:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F7EA26538 for ; Tue, 20 Mar 2018 17:54:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751682AbeCTRyj (ORCPT ); Tue, 20 Mar 2018 13:54:39 -0400 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:37410 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751755AbeCTRyd (ORCPT ); Tue, 20 Mar 2018 13:54:33 -0400 Received: from pps.filterd (m0044008.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2KHne68026801; Tue, 20 Mar 2018 10:53:58 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=facebook; bh=yPu95w1kWd0HC7voaA+VTNgr1b1hyTsMaA7v/T9t/1w=; b=F5EXjJTkjKhNp0WdAFfcQxvM+uvxQoJthGlkibUM5+gLywCrGBpmqVJ4Er6gz+O2w6q/ Fp9inGU99GWONS7g9Zryoe4+5OA/21IYE9/Bj3cCNgdCeMkCEoIv7qRAvx487l9249vo 9hS51f/bPEq4ek34rfstSwM6nQd9cJ9o/EM= Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2gu56m8j66-3 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 20 Mar 2018 10:53:58 -0700 Received: from NAM03-BY2-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.23) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 20 Mar 2018 10:53:53 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yPu95w1kWd0HC7voaA+VTNgr1b1hyTsMaA7v/T9t/1w=; b=Sr0E5kRUVjk1EagtUx7ob9fJtHAox4fWPoNiDxFPd+oeCtboSCe29Ri09bnstI7z6Ss+7lFKk23D+jU0asB//HfEQHZjDFpI1ZGBx6SMJEIdHrhtH5PXKU1rpKGGttKi8J3tukINniH/dfQzDO755J/gCdEYjdgvt132/kJMXng= Received: from localhost (2620:10d:c090:180::1:828d) by MWHPR15MB1134.namprd15.prod.outlook.com (2603:10b6:320:22::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Tue, 20 Mar 2018 17:53:50 +0000 Date: Tue, 20 Mar 2018 10:53:46 -0700 From: Dave Watson To: "David S. Miller" , Tom Herbert , Alexei Starovoitov , , , , CC: Atul Gupta , Vakul Garg , Hannes Frederic Sowa , Steffen Klassert , John Fastabend , Daniel Borkmann Subject: [PATCH net-next 2/6] tls: Move cipher info to a separate struct Message-ID: <20180320175346.GA23821@davejwatson-mba.local> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.0 (2016-04-01) X-Originating-IP: [2620:10d:c090:180::1:828d] X-ClientProxiedBy: CY4PR14CA0027.namprd14.prod.outlook.com (2603:10b6:903:101::13) To MWHPR15MB1134.namprd15.prod.outlook.com (2603:10b6:320:22::12) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8f15e401-f9bf-4f3b-d317-08d58e8b89b3 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:MWHPR15MB1134; X-Microsoft-Exchange-Diagnostics: 1; MWHPR15MB1134; 3:3d2xu6HAvevuYc+1Z9KCApbaSxzHmE04ynkcwieAgPnH/BUsNDokgnJgU8Mb/9V5d5/3rpF6i68QZE64WTS0jl6x6u7H509WzT86aeT+B4ILl/HQXJWX72dTQBxPHvgwHl6u34mHjt6vitk/1f+fDt/6fPDzNP2ks6LP+iR/NQdtLIm21J98+cjkp+PG9waPLccE+amOTqLIrOAoHkeqZSWjN3c6zCzXK3N/YPiG7sBXrAFaHgEG1lE+BlogX7Tj; 25:Aw/QXJc2nk25C1Dfy67Ud7RS5d4xPWwvzqB8CIq5B8M5Ek5cCszwqYi9VoEpyUHL/LHseNFN6eJHwxMhmMoBAmS+SfbLB8HebX5uoAaav35iMQUNO96XYmDK7t1e2MH1H6rUtdxuWj0Y1LoJjggdz35orKiRYoJ/tzq33zt3qU9wE1zDO9IotrYQoCKATS6hGuZf5takuiG8916+Ax8jHflg/ozIMAMH28uhu3XtU1Xylp+MYGSrZe0H99MCZeqv9p0/AmY6IggMdotIdAjS7lq8tck9kXFY8XUpUM821aBqOxaRXybDHbZulpv5dL830IQpn41wdTgllQEegSU5fA==; 31:yXIinLgBcZfxIvTXvJHTgGHrp9Wdih85VgQVjwVS85Zn90UXAE1aDIJ3XyPva2yKKL4g6GQucCDUhcN1Mm64rhUgsC5BZvaoTTnl/ZN1jhqja6HNr6GnlWuWw9y/X5po4nk7Y314XPXGKPDyB9oxaEppZXmkxlDdbLrUx/B8RpAzfwpHfMfDJIeFpMeeDs9b8rIFfqdVubRCFjRxLwQcVTDrwg553SVOJizFqknywgw= X-MS-TrafficTypeDiagnostic: MWHPR15MB1134: X-Microsoft-Exchange-Diagnostics: 1; MWHPR15MB1134; 20:M82N8oYQSNbKNJJ7uLYZBcTET3phjgJtQ7csChZE06NHd+7/MH8QjBekfh9qB9RqJqz/jBeWtQu6OAQ5d7gZwC59a6LduuRdhR2cyPb1HrvKHfB0p+flLSrHfdu4HeOr1ZNjPeOR/WMEgNMgJJiTo14lxKeZcyKbMbmFuuwk5KS+Xp78gXDPV9Yw3r+yraUJ0XeHU2KlGR9EkIjfYEYqPLWsuOWUL8D3TyI/nEAHkCQL7mKOIAmRS/X3GYqwmBJOWsbTuUZx7TVV3jJzi9b0DNMYSvvcKgxTYFvMIlai1lNEahWs/89Ua9QldhgtgmsvwS3Wll8AkWMoDt2dQMk2+lI3ry6rQwNgS51DJaqNWg7vy9xlKAiFxx7dvXJUH9IhtW8va99f3B6PbarBIr8Spq9H3LiLF6JcilbDXMAKF0B5QcNHv5g8S7OEX1Mwe7G6Iv1WYdlr6+WchaRxv96n1GmbjroW8R2Y2S+TtvYgMv3bKk83s0EL2+QhUYzyS4B+; 4:fd2R/r0K7eRc/eJAtURsqDnJOlCkX23i7JcmPbXHB3dptFobCsMfs5uRht/JDLR8kHZp96sFhCd8GRRS/5ip4Z4MB6vXbpIG/uJU7HIbqUypoqVqpEMwL+zp+vvN3jmEIOad41uVdhEzpaTBsl+CAqMckQJvQkgkNEk6ZGxAjljLJ936xxqZqzHGbCR7SG7PDC0iUif68ynndjRQqtqhR6lSPlnY0Wcbc6nylka9o3sA9O6Te6ad2yvfv9MsfhPD5AjCGL7yMVD+n/9nLiUt/758ETg4Nv/rC6RXRTUUaQSLuRedqNXFsJ74OmIjZM++q8RaZA808szpFvIX6WrPygPy86pKxbHaeq16f4vOTmw= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(67672495146484)(266576461109395); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(3231221)(11241501184)(944501313)(52105095)(10201501046)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:MWHPR15MB1134; BCL:0; PCL:0; RULEID:; SRVR:MWHPR15MB1134; X-Forefront-PRVS: 061725F016 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6069001)(366004)(39380400002)(376002)(396003)(39860400002)(346002)(199004)(189003)(2950100002)(6486002)(68736007)(33656002)(54906003)(386003)(98436002)(16526019)(316002)(186003)(58126008)(53936002)(110136005)(9686003)(76506005)(16586007)(7736002)(59450400001)(105586002)(2906002)(1076002)(6496006)(23726003)(52116002)(47776003)(52396003)(46003)(6666003)(6116002)(50466002)(305945005)(7416002)(4326008)(25786009)(39060400002)(33896004)(76176011)(478600001)(5660300001)(97736004)(106356001)(81156014)(86362001)(81166006)(8656006)(8936002)(8676002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR15MB1134; H:localhost; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: fb.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MWHPR15MB1134; 23:ALPExPZk/0UfZkmbFh6SZnFn56P4S5MmpyaWoXv+j?= =?us-ascii?Q?8UrruKxYlg+8ALmOmZ3iA7+iqbUsdlXbS077joIR549bCD8bRK6JkGP+bzvl?= =?us-ascii?Q?wzkbQA7nrTnpQyDzHDRmsk9QCXn9pu7ndDKN/SoLY3HXEsIjKFzx87DrLV+E?= =?us-ascii?Q?SGm48/Jt67fJDCB3r2C+bnmw3ifOodnWiTQztrZN4xEMG1yLb565RMfzGkH4?= =?us-ascii?Q?TF+be6md74+KvVH+c8mSOaTNZWlQY68kg7lRN+id3tENoX4cc7nQhfAYrWud?= =?us-ascii?Q?x3BIX8lVOFM1m4AkZm48JH6kPqb1/CxkboR5+kr+55aEkB8e8b0JHuUIwPnl?= =?us-ascii?Q?KL45cjwQf5ttLheRVyhIAImDGwGtnmC4qTglVWYH8kJlW2LszL/VciCbk1YB?= =?us-ascii?Q?wC+7UrLaAHrH80clQpChGOuSMtV2ztpr1YnKCo5smkuwyZHxPbZIFlVNyCfG?= =?us-ascii?Q?ZJBruIp3a6umEx3s7Ui82iEA4kAyd5zYQInPj79aDz6J36Zh7neVKBFAyct/?= =?us-ascii?Q?xsSM6FuEsE2+lKo6s3X/d43TpZzvv/9+0Yp58VxjBvEu/swPw/VwiBClHX6S?= =?us-ascii?Q?2nGSYaED7YD1vDueWlcB08zi+/SglS5rpEE013iLsw6/kHfUAvzgUI3RZRvt?= =?us-ascii?Q?g0G0cedO3HovTyX2wP7tlAHGNw0Kt5mF+apAW1WzzhG4Rpe0PHPDKJ+RdlF+?= =?us-ascii?Q?jIp+1fbFpzjTlKCExnoGLGrVJOeMm+cDXsQscazHQO/lbr/w8WlcqnrMi1yN?= =?us-ascii?Q?Wj9lwg3O/I95trNSzhG3dNYQaZzS3xz2nteY9B0cjcAJKEcqLhPrlGvgfNE3?= =?us-ascii?Q?dZFDnTuo1YWwSddH8YTKvCdXpcefTvHTcxVbcRhunDv8LlhI5wVZvLKSm5rV?= =?us-ascii?Q?m8C+j+VaA5ZwbQxgfTRlq52yL0KWhxvb7UnwxAQU2Gp7CwnEPptivgsI3gXE?= =?us-ascii?Q?9SpnWNHYaWytLaXsE1XOHvW9Ap+HylCf3sWxc2Q58GhzypaPzsFl1pnh+nzl?= =?us-ascii?Q?6M5PitJdculCubjh6XtXH8MUduyI/DGGf36DZu1WAz6Bc6JTW7P7wRGMotcE?= =?us-ascii?Q?b+4GMtT35YqVbMkHt9FQSYREXNOyiRZXdXARMhSEYlXfLZn04qTsSwojWmiC?= =?us-ascii?Q?0aaBRRGM6dBqInzt1bYhJI+w6imtfDvqis9/+b5j+jSus1umY/XL1lIQpngT?= =?us-ascii?Q?UcKu1NCZdGREVuWXTDTKx2Vam2FkiFLKugk1zoqeeAEQqtTm/Gle6XURMxm5?= =?us-ascii?Q?XYbTLBW1hBmtewdYnv/aQ7hw0SLPse1yigBLLLPCAS3DCTN49wuol5UkicDj?= =?us-ascii?Q?oDcTJ6aLzUOtSWgNzsPIP4=3D?= X-Microsoft-Antispam-Message-Info: Vv8F7NkTPnP5sA3yowg4s1eE0LGXwKmfoOmhX3X7dWnlLkpnIWwLZL/gr9TbYhlxtusjV7GmifKEc4JcO9ZmWMuwenF1k61NyM9IR9s7++P6IcMiy8PdZE4V0wh7x05AEFYHh4WmQpOn0xeabq5qRb7I2dKu0UVyIkLPnYm5UyuzVMqRkTWzqtqB7QGXfiLU X-Microsoft-Exchange-Diagnostics: 1; MWHPR15MB1134; 6:tL+goZLagR7RTboUTiogdvqaFa8JSJMpyXPVm+4QtUAphYUF/YEIF0ibDEOuF3ucpAShnI53WjDUzDsGhccfRSxlbPqWAnWeRnEDfylLBMtKpolo/0P+ppM/J5KJnJJgEewhhiaKgWcnWjTUzEdcYN4jlu+QZpJxhuzmIqCcuCqoQV9p4rSHl5W6Kaepn9CtAzLM0lPt9c0K9n3p4zHXQwEwxrikMfgVYO1NrTuNkB1xSZuH2EQg5gNeWBfBMGoIUNUM136DGXlmOv1sef7o/5hG+pJNrcHUh8n6duY5gcCHusRuYVgrVQdpuvxCuHh3LUespx4WgYvNIZqlmNrEHH804OjZXlFgd2lqV1goyNU=; 5:hi8PA3GjX7L1ryBdiNI2nplX4EKHhh8mEJ99ngI93zbyAzl0RtQKSZtzajHpJFDXAhAkRt43QIL6IieALW4WK73eGQ2j6oketlAKQyO/1wBV7MocMP17TBIk1NKGLtafglMAQIvM/z4+scXNl8a3v5DuTXQuV35TEUN+BKx72fo=; 24:UDFY4wKb8l/QuHcTHx39ENewiUkOALo7QwiPENfz8mbDo1V1SimsAwDo60Q6NuUioz45Mh2mWNqLZ9YGYFJPgbtlZ+5cQNKq5dpjAYP4lJQ=; 7:o4ibXo2HvCmClZEG3ymLvuVpC4ZTgltvcRpgoznMA2GLM0t2Q95KSVLI9Xt8O4HPPEnk9/Dl8C9YZ9ie2iI5QkveTNq+cUHitrkAPMSBFbUQgWjAr9Cg8n2KLh8Vnw0ATnoo7awq5+TOGa2ZH0UEiZfOi0H8Z/PiXNIv+PVSMXnhvLufR7S1hmXdU7SKmt3AfqD1n2fKLJaPtW76jXnWEzCI4/APlfQS745SfKauHA2yc+b38PZsrp9oXiMmWNl1 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; MWHPR15MB1134; 20:rE376fyfivWHAxOE7m53UF3LVdVVV5wK2XtQgDjL2zjeIxsqoEbwT13Q5+IQO5GjMytZJuFAjpiqpaAbbDzng0yBzTYTWqzPHyiT5zLVtqKEGaveWy4IR/zzQQG/wwTqi91bWSSJ1fovd77RBeTKiilX0yxhL7sMM91lbs0EyyY= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2018 17:53:50.1842 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8f15e401-f9bf-4f3b-d317-08d58e8b89b3 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1134 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-20_06:, , signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Separate tx crypto parameters to a separate cipher_context struct. The same parameters will be used for rx using the same struct. tls_advance_record_sn is modified to only take the cipher info. Signed-off-by: Dave Watson --- include/net/tls.h | 26 +++++++++++++----------- net/tls/tls_main.c | 8 ++++---- net/tls/tls_sw.c | 58 ++++++++++++++++++++++++++++-------------------------- 3 files changed, 49 insertions(+), 43 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 4913430..019e52d 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -81,6 +81,16 @@ enum { TLS_PENDING_CLOSED_RECORD }; +struct cipher_context { + u16 prepend_size; + u16 tag_size; + u16 overhead_size; + u16 iv_size; + char *iv; + u16 rec_seq_size; + char *rec_seq; +}; + struct tls_context { union { struct tls_crypto_info crypto_send; @@ -91,13 +101,7 @@ struct tls_context { u8 tx_conf:2; - u16 prepend_size; - u16 tag_size; - u16 overhead_size; - u16 iv_size; - char *iv; - u16 rec_seq_size; - char *rec_seq; + struct cipher_context tx; struct scatterlist *partially_sent_record; u16 partially_sent_offset; @@ -190,7 +194,7 @@ static inline bool tls_bigint_increment(unsigned char *seq, int len) } static inline void tls_advance_record_sn(struct sock *sk, - struct tls_context *ctx) + struct cipher_context *ctx) { if (tls_bigint_increment(ctx->rec_seq, ctx->rec_seq_size)) tls_err_abort(sk); @@ -203,9 +207,9 @@ static inline void tls_fill_prepend(struct tls_context *ctx, size_t plaintext_len, unsigned char record_type) { - size_t pkt_len, iv_size = ctx->iv_size; + size_t pkt_len, iv_size = ctx->tx.iv_size; - pkt_len = plaintext_len + iv_size + ctx->tag_size; + pkt_len = plaintext_len + iv_size + ctx->tx.tag_size; /* we cover nonce explicit here as well, so buf should be of * size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE @@ -217,7 +221,7 @@ static inline void tls_fill_prepend(struct tls_context *ctx, buf[3] = pkt_len >> 8; buf[4] = pkt_len & 0xFF; memcpy(buf + TLS_NONCE_OFFSET, - ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv_size); + ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv_size); } static inline void tls_make_aad(char *buf, diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index d824d54..c671560 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -259,8 +259,8 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) } } - kfree(ctx->rec_seq); - kfree(ctx->iv); + kfree(ctx->tx.rec_seq); + kfree(ctx->tx.iv); if (ctx->tx_conf == TLS_SW_TX) tls_sw_free_tx_resources(sk); @@ -319,9 +319,9 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval, } lock_sock(sk); memcpy(crypto_info_aes_gcm_128->iv, - ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, TLS_CIPHER_AES_GCM_128_IV_SIZE); - memcpy(crypto_info_aes_gcm_128->rec_seq, ctx->rec_seq, + memcpy(crypto_info_aes_gcm_128->rec_seq, ctx->tx.rec_seq, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); release_sock(sk); if (copy_to_user(optval, diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index d58f675..dd4441d 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -79,7 +79,7 @@ static void trim_both_sgl(struct sock *sk, int target_size) target_size); if (target_size > 0) - target_size += tls_ctx->overhead_size; + target_size += tls_ctx->tx.overhead_size; trim_sg(sk, ctx->sg_encrypted_data, &ctx->sg_encrypted_num_elem, @@ -207,21 +207,21 @@ static int tls_do_encryption(struct tls_context *tls_ctx, if (!aead_req) return -ENOMEM; - ctx->sg_encrypted_data[0].offset += tls_ctx->prepend_size; - ctx->sg_encrypted_data[0].length -= tls_ctx->prepend_size; + ctx->sg_encrypted_data[0].offset += tls_ctx->tx.prepend_size; + ctx->sg_encrypted_data[0].length -= tls_ctx->tx.prepend_size; aead_request_set_tfm(aead_req, ctx->aead_send); aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE); aead_request_set_crypt(aead_req, ctx->sg_aead_in, ctx->sg_aead_out, - data_len, tls_ctx->iv); + data_len, tls_ctx->tx.iv); aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG, crypto_req_done, &ctx->async_wait); rc = crypto_wait_req(crypto_aead_encrypt(aead_req), &ctx->async_wait); - ctx->sg_encrypted_data[0].offset -= tls_ctx->prepend_size; - ctx->sg_encrypted_data[0].length += tls_ctx->prepend_size; + ctx->sg_encrypted_data[0].offset -= tls_ctx->tx.prepend_size; + ctx->sg_encrypted_data[0].length += tls_ctx->tx.prepend_size; kfree(aead_req); return rc; @@ -238,7 +238,7 @@ static int tls_push_record(struct sock *sk, int flags, sg_mark_end(ctx->sg_encrypted_data + ctx->sg_encrypted_num_elem - 1); tls_make_aad(ctx->aad_space, ctx->sg_plaintext_size, - tls_ctx->rec_seq, tls_ctx->rec_seq_size, + tls_ctx->tx.rec_seq, tls_ctx->tx.rec_seq_size, record_type); tls_fill_prepend(tls_ctx, @@ -271,7 +271,7 @@ static int tls_push_record(struct sock *sk, int flags, if (rc < 0 && rc != -EAGAIN) tls_err_abort(sk); - tls_advance_record_sn(sk, tls_ctx); + tls_advance_record_sn(sk, &tls_ctx->tx); return rc; } @@ -412,7 +412,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) } required_size = ctx->sg_plaintext_size + try_to_copy + - tls_ctx->overhead_size; + tls_ctx->tx.overhead_size; if (!sk_stream_memory_free(sk)) goto wait_for_sndbuf; @@ -475,7 +475,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) &ctx->sg_encrypted_num_elem, &ctx->sg_encrypted_size, ctx->sg_plaintext_size + - tls_ctx->overhead_size); + tls_ctx->tx.overhead_size); } ret = memcopy_from_iter(sk, &msg->msg_iter, try_to_copy); @@ -567,7 +567,7 @@ int tls_sw_sendpage(struct sock *sk, struct page *page, full_record = true; } required_size = ctx->sg_plaintext_size + copy + - tls_ctx->overhead_size; + tls_ctx->tx.overhead_size; if (!sk_stream_memory_free(sk)) goto wait_for_sndbuf; @@ -699,24 +699,26 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) goto free_priv; } - ctx->prepend_size = TLS_HEADER_SIZE + nonce_size; - ctx->tag_size = tag_size; - ctx->overhead_size = ctx->prepend_size + ctx->tag_size; - ctx->iv_size = iv_size; - ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, GFP_KERNEL); - if (!ctx->iv) { + ctx->tx.prepend_size = TLS_HEADER_SIZE + nonce_size; + ctx->tx.tag_size = tag_size; + ctx->tx.overhead_size = ctx->tx.prepend_size + ctx->tx.tag_size; + ctx->tx.iv_size = iv_size; + ctx->tx.iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + GFP_KERNEL); + if (!ctx->tx.iv) { rc = -ENOMEM; goto free_priv; } - memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE); - memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size); - ctx->rec_seq_size = rec_seq_size; - ctx->rec_seq = kmalloc(rec_seq_size, GFP_KERNEL); - if (!ctx->rec_seq) { + memcpy(ctx->tx.iv, gcm_128_info->salt, + TLS_CIPHER_AES_GCM_128_SALT_SIZE); + memcpy(ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size); + ctx->tx.rec_seq_size = rec_seq_size; + ctx->tx.rec_seq = kmalloc(rec_seq_size, GFP_KERNEL); + if (!ctx->tx.rec_seq) { rc = -ENOMEM; goto free_iv; } - memcpy(ctx->rec_seq, rec_seq, rec_seq_size); + memcpy(ctx->tx.rec_seq, rec_seq, rec_seq_size); sg_init_table(sw_ctx->sg_encrypted_data, ARRAY_SIZE(sw_ctx->sg_encrypted_data)); @@ -752,7 +754,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) if (rc) goto free_aead; - rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size); + rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tx.tag_size); if (!rc) return 0; @@ -760,11 +762,11 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) crypto_free_aead(sw_ctx->aead_send); sw_ctx->aead_send = NULL; free_rec_seq: - kfree(ctx->rec_seq); - ctx->rec_seq = NULL; + kfree(ctx->tx.rec_seq); + ctx->tx.rec_seq = NULL; free_iv: - kfree(ctx->iv); - ctx->iv = NULL; + kfree(ctx->tx.iv); + ctx->tx.iv = NULL; free_priv: kfree(ctx->priv_ctx); ctx->priv_ctx = NULL;