From patchwork Tue Nov 24 15:24:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vadim Fedorenko X-Patchwork-Id: 332474 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49EE4C64E7A for ; Tue, 24 Nov 2020 15:33:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 035A2206D9 for ; Tue, 24 Nov 2020 15:33:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=novek.ru header.i=@novek.ru header.b="iK8VJ5j1" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389354AbgKXPdJ (ORCPT ); Tue, 24 Nov 2020 10:33:09 -0500 Received: from novek.ru ([213.148.174.62]:47484 "EHLO novek.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389632AbgKXPdJ (ORCPT ); Tue, 24 Nov 2020 10:33:09 -0500 Received: from nat1.ooonet.ru (gw.zelenaya.net [91.207.137.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by novek.ru (Postfix) with ESMTPSA id 787DE5030C0; Tue, 24 Nov 2020 18:25:27 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 novek.ru 787DE5030C0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=novek.ru; s=mail; t=1606231530; bh=edei20iVuxZFuJ600w5BAUkLPX3Rrk0b8tH5lH1ocxA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iK8VJ5j14rUth26MoECB+vz52i2E4J4mALmk3dpaHKsUDJ2x/6TQbczDaEMTgoSar rD5eGevPwUsG8CvDboJEpWb+THBvPqfuoywwbaG7KDlgLfYkgGaocisIx/N5f1gUMc dVVV1LYq6uAuJHSNbIwCEZxAFfgFnutcs4L0h8j8= From: Vadim Fedorenko To: Jakub Kicinski , Boris Pismenny , Aviad Yehezkel Cc: Vadim Fedorenko , netdev@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [net-next v2 1/5] net/tls: make inline helpers protocol-aware Date: Tue, 24 Nov 2020 18:24:46 +0300 Message-Id: <1606231490-653-2-git-send-email-vfedorenko@novek.ru> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> References: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Inline functions defined in tls.h have a lot of AES-specific constants. Remove these constants and change argument to struct tls_prot_info to have an access to cipher type in later patches Signed-off-by: Vadim Fedorenko --- include/net/tls.h | 26 ++++++++++++-------------- net/tls/tls_device.c | 2 +- net/tls/tls_device_fallback.c | 13 +++++++------ net/tls/tls_sw.c | 12 +++++------- 4 files changed, 25 insertions(+), 28 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index cf14730..d04ce73 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -502,31 +502,30 @@ static inline void tls_advance_record_sn(struct sock *sk, tls_err_abort(sk, EBADMSG); if (prot->version != TLS_1_3_VERSION) - tls_bigint_increment(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + tls_bigint_increment(ctx->iv + prot->salt_size, prot->iv_size); } static inline void tls_fill_prepend(struct tls_context *ctx, char *buf, size_t plaintext_len, - unsigned char record_type, - int version) + unsigned char record_type) { struct tls_prot_info *prot = &ctx->prot_info; size_t pkt_len, iv_size = prot->iv_size; pkt_len = plaintext_len + prot->tag_size; - if (version != TLS_1_3_VERSION) { + if (prot->version != TLS_1_3_VERSION) { pkt_len += iv_size; memcpy(buf + TLS_NONCE_OFFSET, - ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv_size); + ctx->tx.iv + prot->salt_size, iv_size); } /* we cover nonce explicit here as well, so buf should be of * size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE */ - buf[0] = version == TLS_1_3_VERSION ? + buf[0] = prot->version == TLS_1_3_VERSION ? TLS_RECORD_TYPE_DATA : record_type; /* Note that VERSION must be TLS_1_2 for both TLS1.2 and TLS1.3 */ buf[1] = TLS_1_2_VERSION_MINOR; @@ -539,18 +538,17 @@ static inline void tls_fill_prepend(struct tls_context *ctx, static inline void tls_make_aad(char *buf, size_t size, char *record_sequence, - int record_sequence_size, unsigned char record_type, - int version) + struct tls_prot_info *prot) { - if (version != TLS_1_3_VERSION) { - memcpy(buf, record_sequence, record_sequence_size); + if (prot->version != TLS_1_3_VERSION) { + memcpy(buf, record_sequence, prot->rec_seq_size); buf += 8; } else { - size += TLS_CIPHER_AES_GCM_128_TAG_SIZE; + size += prot->tag_size; } - buf[0] = version == TLS_1_3_VERSION ? + buf[0] = prot->version == TLS_1_3_VERSION ? TLS_RECORD_TYPE_DATA : record_type; buf[1] = TLS_1_2_VERSION_MAJOR; buf[2] = TLS_1_2_VERSION_MINOR; @@ -558,11 +556,11 @@ static inline void tls_make_aad(char *buf, buf[4] = size & 0xFF; } -static inline void xor_iv_with_seq(int version, char *iv, char *seq) +static inline void xor_iv_with_seq(struct tls_prot_info *prot, char *iv, char *seq) { int i; - if (version == TLS_1_3_VERSION) { + if (prot->version == TLS_1_3_VERSION) { for (i = 0; i < 8; i++) iv[i + 4] ^= seq[i]; } diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 54d3e16..6f93ad5 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -327,7 +327,7 @@ static int tls_device_record_close(struct sock *sk, /* fill prepend */ tls_fill_prepend(ctx, skb_frag_address(&record->frags[0]), record->len - prot->overhead_size, - record_type, prot->version); + record_type); return ret; } diff --git a/net/tls/tls_device_fallback.c b/net/tls/tls_device_fallback.c index 2889533..d946817 100644 --- a/net/tls/tls_device_fallback.c +++ b/net/tls/tls_device_fallback.c @@ -49,7 +49,8 @@ static int tls_enc_record(struct aead_request *aead_req, struct crypto_aead *aead, char *aad, char *iv, __be64 rcd_sn, struct scatter_walk *in, - struct scatter_walk *out, int *in_len) + struct scatter_walk *out, int *in_len, + struct tls_prot_info *prot) { unsigned char buf[TLS_HEADER_SIZE + TLS_CIPHER_AES_GCM_128_IV_SIZE]; struct scatterlist sg_in[3]; @@ -73,8 +74,7 @@ static int tls_enc_record(struct aead_request *aead_req, len -= TLS_CIPHER_AES_GCM_128_IV_SIZE; tls_make_aad(aad, len - TLS_CIPHER_AES_GCM_128_TAG_SIZE, - (char *)&rcd_sn, sizeof(rcd_sn), buf[0], - TLS_1_2_VERSION); + (char *)&rcd_sn, buf[0], prot); memcpy(iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, buf + TLS_HEADER_SIZE, TLS_CIPHER_AES_GCM_128_IV_SIZE); @@ -140,7 +140,7 @@ static struct aead_request *tls_alloc_aead_request(struct crypto_aead *aead, static int tls_enc_records(struct aead_request *aead_req, struct crypto_aead *aead, struct scatterlist *sg_in, struct scatterlist *sg_out, char *aad, char *iv, - u64 rcd_sn, int len) + u64 rcd_sn, int len, struct tls_prot_info *prot) { struct scatter_walk out, in; int rc; @@ -150,7 +150,7 @@ static int tls_enc_records(struct aead_request *aead_req, do { rc = tls_enc_record(aead_req, aead, aad, iv, - cpu_to_be64(rcd_sn), &in, &out, &len); + cpu_to_be64(rcd_sn), &in, &out, &len, prot); rcd_sn++; } while (rc == 0 && len); @@ -348,7 +348,8 @@ static struct sk_buff *tls_enc_skb(struct tls_context *tls_ctx, payload_len, sync_size, dummy_buf); if (tls_enc_records(aead_req, ctx->aead_send, sg_in, sg_out, aad, iv, - rcd_sn, sync_size + payload_len) < 0) + rcd_sn, sync_size + payload_len, + &tls_ctx->prot_info) < 0) goto free_nskb; complete_skb(nskb, skb, tcp_payload_offset); diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 2fe9e2c..6bc757a 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -505,7 +505,7 @@ static int tls_do_encryption(struct sock *sk, memcpy(&rec->iv_data[iv_offset], tls_ctx->tx.iv, prot->iv_size + prot->salt_size); - xor_iv_with_seq(prot->version, rec->iv_data, tls_ctx->tx.rec_seq); + xor_iv_with_seq(prot, rec->iv_data, tls_ctx->tx.rec_seq); sge->offset += prot->prepend_size; sge->length -= prot->prepend_size; @@ -748,14 +748,13 @@ static int tls_push_record(struct sock *sk, int flags, sg_chain(rec->sg_aead_out, 2, &msg_en->sg.data[i]); tls_make_aad(rec->aad_space, msg_pl->sg.size + prot->tail_size, - tls_ctx->tx.rec_seq, prot->rec_seq_size, - record_type, prot->version); + tls_ctx->tx.rec_seq, record_type, prot); tls_fill_prepend(tls_ctx, page_address(sg_page(&msg_en->sg.data[i])) + msg_en->sg.data[i].offset, msg_pl->sg.size + prot->tail_size, - record_type, prot->version); + record_type); tls_ctx->pending_open_record_frags = false; @@ -1471,13 +1470,12 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, else memcpy(iv + iv_offset, tls_ctx->rx.iv, prot->salt_size); - xor_iv_with_seq(prot->version, iv, tls_ctx->rx.rec_seq); + xor_iv_with_seq(prot, iv, tls_ctx->rx.rec_seq); /* Prepare AAD */ tls_make_aad(aad, rxm->full_len - prot->overhead_size + prot->tail_size, - tls_ctx->rx.rec_seq, prot->rec_seq_size, - ctx->control, prot->version); + tls_ctx->rx.rec_seq, ctx->control, prot); /* Prepare sgin */ sg_init_table(sgin, n_sgin); From patchwork Tue Nov 24 15:24:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vadim Fedorenko X-Patchwork-Id: 331534 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B513C64E75 for ; Tue, 24 Nov 2020 15:33:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BA7452087C for ; Tue, 24 Nov 2020 15:33:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=novek.ru header.i=@novek.ru header.b="OiMJ8Cnb" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730900AbgKXPdI (ORCPT ); Tue, 24 Nov 2020 10:33:08 -0500 Received: from novek.ru ([213.148.174.62]:47468 "EHLO novek.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388503AbgKXPdI (ORCPT ); Tue, 24 Nov 2020 10:33:08 -0500 Received: from nat1.ooonet.ru (gw.zelenaya.net [91.207.137.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by novek.ru (Postfix) with ESMTPSA id 610CB5030C6; Tue, 24 Nov 2020 18:25:30 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 novek.ru 610CB5030C6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=novek.ru; s=mail; t=1606231531; bh=Bv+hdH7fjyTLoJNNDryt7IIuhMR66vzunJw2y57lQdk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OiMJ8CnbKkMDoEv74Wq96NFHvrraa4oBJLtDgr0OE09Z7I+ShfCnr6dPMQKkqOBGo tK1cTN/2qzUPOpwc1mzXjq7Og96GyKDhwstCrQ/zV/zVJonw+SoMnbe/mjhZnhOzuE ekIZRGh9ag3uMVIJ0916Yq2FE6ZhL7IOaHfCR3C8= From: Vadim Fedorenko To: Jakub Kicinski , Boris Pismenny , Aviad Yehezkel Cc: Vadim Fedorenko , netdev@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [net-next v2 2/5] net/tls: add CHACHA20-POLY1305 specific defines and structures Date: Tue, 24 Nov 2020 18:24:47 +0300 Message-Id: <1606231490-653-3-git-send-email-vfedorenko@novek.ru> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> References: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org To provide support for ChaCha-Poly cipher we need to define specific constants and structures. Signed-off-by: Vadim Fedorenko --- include/net/tls.h | 1 + include/uapi/linux/tls.h | 15 +++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/tls.h b/include/net/tls.h index d04ce73..e4e9c2a 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -211,6 +211,7 @@ struct cipher_context { union { struct tls12_crypto_info_aes_gcm_128 aes_gcm_128; struct tls12_crypto_info_aes_gcm_256 aes_gcm_256; + struct tls12_crypto_info_chacha20_poly1305 chacha20_poly1305; }; }; diff --git a/include/uapi/linux/tls.h b/include/uapi/linux/tls.h index bcd2869..0d54bae 100644 --- a/include/uapi/linux/tls.h +++ b/include/uapi/linux/tls.h @@ -77,6 +77,13 @@ #define TLS_CIPHER_AES_CCM_128_TAG_SIZE 16 #define TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE 8 +#define TLS_CIPHER_CHACHA20_POLY1305 54 +#define TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE 12 +#define TLS_CIPHER_CHACHA20_POLY1305_KEY_SIZE 32 +#define TLS_CIPHER_CHACHA20_POLY1305_SALT_SIZE 0 +#define TLS_CIPHER_CHACHA20_POLY1305_TAG_SIZE 16 +#define TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE 8 + #define TLS_SET_RECORD_TYPE 1 #define TLS_GET_RECORD_TYPE 2 @@ -109,6 +116,14 @@ struct tls12_crypto_info_aes_ccm_128 { unsigned char rec_seq[TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE]; }; +struct tls12_crypto_info_chacha20_poly1305 { + struct tls_crypto_info info; + unsigned char iv[TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE]; + unsigned char key[TLS_CIPHER_CHACHA20_POLY1305_KEY_SIZE]; + unsigned char salt[TLS_CIPHER_CHACHA20_POLY1305_SALT_SIZE]; + unsigned char rec_seq[TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE]; +}; + enum { TLS_INFO_UNSPEC, TLS_INFO_VERSION, From patchwork Tue Nov 24 15:24:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vadim Fedorenko X-Patchwork-Id: 332476 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43F4DC63798 for ; Tue, 24 Nov 2020 15:33:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D8DF720738 for ; Tue, 24 Nov 2020 15:33:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=novek.ru header.i=@novek.ru header.b="JC8BNMsI" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389078AbgKXPdI (ORCPT ); Tue, 24 Nov 2020 10:33:08 -0500 Received: from novek.ru ([213.148.174.62]:47476 "EHLO novek.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389662AbgKXPdH (ORCPT ); Tue, 24 Nov 2020 10:33:07 -0500 Received: from nat1.ooonet.ru (gw.zelenaya.net [91.207.137.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by novek.ru (Postfix) with ESMTPSA id C90E35030C8; Tue, 24 Nov 2020 18:25:31 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 novek.ru C90E35030C8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=novek.ru; s=mail; t=1606231533; bh=7QInkW/Oq3shx84L/3laQQ6VwguvjNXZ8FcFLS5fzv8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JC8BNMsIpMof43AK8eFWJSfjEU6KZVOQDf/LnaxWhLtzlqXr+EgsQgIlMasXU6Msb xO7O9YmJcTP0kuk3ZidFYMpCQoYArtGBI2RzuhCOeSLrnZ6EyY1vvfEhz3+0Cwbb3R CH2Q6MUnYmephjYJ3Yc8Y14/r/v7TfNU9+CeX/D4= From: Vadim Fedorenko To: Jakub Kicinski , Boris Pismenny , Aviad Yehezkel Cc: Vadim Fedorenko , netdev@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [net-next v2 3/5] net/tls: add CHACHA20-POLY1305 specific behavior Date: Tue, 24 Nov 2020 18:24:48 +0300 Message-Id: <1606231490-653-4-git-send-email-vfedorenko@novek.ru> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> References: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org RFC 7905 defines special behavior for ChaCha-Poly TLS sessions. The differences are in the calculation of nonce and the absence of explicit IV. This behavior is like TLSv1.3 partly. Signed-off-by: Vadim Fedorenko --- include/net/tls.h | 9 ++++++--- net/tls/tls_sw.c | 6 ++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index e4e9c2a..b2637ed 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -502,7 +502,8 @@ static inline void tls_advance_record_sn(struct sock *sk, if (tls_bigint_increment(ctx->rec_seq, prot->rec_seq_size)) tls_err_abort(sk, EBADMSG); - if (prot->version != TLS_1_3_VERSION) + if (prot->version != TLS_1_3_VERSION && + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) tls_bigint_increment(ctx->iv + prot->salt_size, prot->iv_size); } @@ -516,7 +517,8 @@ static inline void tls_fill_prepend(struct tls_context *ctx, size_t pkt_len, iv_size = prot->iv_size; pkt_len = plaintext_len + prot->tag_size; - if (prot->version != TLS_1_3_VERSION) { + if (prot->version != TLS_1_3_VERSION && + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) { pkt_len += iv_size; memcpy(buf + TLS_NONCE_OFFSET, @@ -561,7 +563,8 @@ static inline void xor_iv_with_seq(struct tls_prot_info *prot, char *iv, char *s { int i; - if (prot->version == TLS_1_3_VERSION) { + if (prot->version == TLS_1_3_VERSION || + prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) { for (i = 0; i < 8; i++) iv[i + 4] ^= seq[i]; } diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 6bc757a..b4eefdb 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1464,7 +1464,8 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, kfree(mem); return err; } - if (prot->version == TLS_1_3_VERSION) + if (prot->version == TLS_1_3_VERSION || + prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) memcpy(iv + iv_offset, tls_ctx->rx.iv, crypto_aead_ivsize(ctx->aead_recv)); else @@ -2068,7 +2069,8 @@ static int tls_read_size(struct strparser *strp, struct sk_buff *skb) data_len = ((header[4] & 0xFF) | (header[3] << 8)); cipher_overhead = prot->tag_size; - if (prot->version != TLS_1_3_VERSION) + if (prot->version != TLS_1_3_VERSION && + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) cipher_overhead += prot->iv_size; if (data_len > TLS_MAX_PAYLOAD_SIZE + cipher_overhead + From patchwork Tue Nov 24 15:24:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vadim Fedorenko X-Patchwork-Id: 332475 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF337C6379D for ; Tue, 24 Nov 2020 15:33:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5CBDD20738 for ; Tue, 24 Nov 2020 15:33:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=novek.ru header.i=@novek.ru header.b="wN9g57E9" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389670AbgKXPdI (ORCPT ); Tue, 24 Nov 2020 10:33:08 -0500 Received: from novek.ru ([213.148.174.62]:47474 "EHLO novek.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730900AbgKXPdH (ORCPT ); Tue, 24 Nov 2020 10:33:07 -0500 X-Greylist: delayed 475 seconds by postgrey-1.27 at vger.kernel.org; Tue, 24 Nov 2020 10:33:06 EST Received: from nat1.ooonet.ru (gw.zelenaya.net [91.207.137.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by novek.ru (Postfix) with ESMTPSA id 8C4845030CA; Tue, 24 Nov 2020 18:25:33 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 novek.ru 8C4845030CA DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=novek.ru; s=mail; t=1606231534; bh=dCPVZa/fEtN9rhac85+KpaJ3wXE+OOenM3dWYEYPgXo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wN9g57E98mWzblPLYDYFGv8X4CHe6tMeJylcl3rVlMCM3QcWiWSBA3NrKfQQ3qi7P nxgXxgUdI0y3/sXMo0JgBH+/iCGM/9iX0K3hS51oiZE/PPZ2IT8Ufm/jSwBy0OVFfV 0pk14w9T3PLcN46/OddCfVie8x7Er5xWH3ac94Xw= From: Vadim Fedorenko To: Jakub Kicinski , Boris Pismenny , Aviad Yehezkel Cc: Vadim Fedorenko , netdev@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [net-next v2 4/5] net/tls: add CHACHA20-POLY1305 configuration Date: Tue, 24 Nov 2020 18:24:49 +0300 Message-Id: <1606231490-653-5-git-send-email-vfedorenko@novek.ru> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> References: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Add ChaCha-Poly specific configuration code. Signed-off-by: Vadim Fedorenko --- net/tls/tls_main.c | 3 +++ net/tls/tls_sw.c | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 8d93cea..47b7c53 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -521,6 +521,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval, case TLS_CIPHER_AES_CCM_128: optsize = sizeof(struct tls12_crypto_info_aes_ccm_128); break; + case TLS_CIPHER_CHACHA20_POLY1305: + optsize = sizeof(struct tls12_crypto_info_chacha20_poly1305); + break; default: rc = -EINVAL; goto err_crypto_info; diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index b4eefdb..53106f0 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2290,6 +2290,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) struct tls12_crypto_info_aes_gcm_128 *gcm_128_info; struct tls12_crypto_info_aes_gcm_256 *gcm_256_info; struct tls12_crypto_info_aes_ccm_128 *ccm_128_info; + struct tls12_crypto_info_chacha20_poly1305 *chacha20_poly1305_info; struct tls_sw_context_tx *sw_ctx_tx = NULL; struct tls_sw_context_rx *sw_ctx_rx = NULL; struct cipher_context *cctx; @@ -2402,6 +2403,21 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) cipher_name = "ccm(aes)"; break; } + case TLS_CIPHER_CHACHA20_POLY1305: { + chacha20_poly1305_info = (void *)crypto_info; + nonce_size = 0; + tag_size = TLS_CIPHER_CHACHA20_POLY1305_TAG_SIZE; + iv_size = TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE; + iv = chacha20_poly1305_info->iv; + rec_seq_size = TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE; + rec_seq = chacha20_poly1305_info->rec_seq; + keysize = TLS_CIPHER_CHACHA20_POLY1305_KEY_SIZE; + key = chacha20_poly1305_info->key; + salt = chacha20_poly1305_info->salt; + salt_size = TLS_CIPHER_CHACHA20_POLY1305_SALT_SIZE; + cipher_name = "rfc7539(chacha20,poly1305)"; + break; + } default: rc = -EINVAL; goto free_priv; From patchwork Tue Nov 24 15:24:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vadim Fedorenko X-Patchwork-Id: 331535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CD8AC2D0E4 for ; Tue, 24 Nov 2020 15:33:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9AD0B20870 for ; Tue, 24 Nov 2020 15:33:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=novek.ru header.i=@novek.ru header.b="et6z/Qlb" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389728AbgKXPdH (ORCPT ); Tue, 24 Nov 2020 10:33:07 -0500 Received: from novek.ru ([213.148.174.62]:47464 "EHLO novek.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389078AbgKXPdH (ORCPT ); Tue, 24 Nov 2020 10:33:07 -0500 Received: from nat1.ooonet.ru (gw.zelenaya.net [91.207.137.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by novek.ru (Postfix) with ESMTPSA id 0652E5030CB; Tue, 24 Nov 2020 18:25:34 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 novek.ru 0652E5030CB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=novek.ru; s=mail; t=1606231536; bh=ffxa9N9sKvJdo/h06u5PPtuH3qxWyZQ9hwY4Rd25ZW0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=et6z/QlbXR9j4uQvR80W45g8X+yNgU066wrkgUczodExVQABuAVaI1BT8mklP716v B83I5sf30BqGhxCg4YNNCiJuKDSRWRxmbaA2FYiUoiBQfVNxPuxS6AMSlskiGhw0aq 7W2fxnhzJ4Ng9wFSddVqbx46fV8AXuPgwwIEK4Pc= From: Vadim Fedorenko To: Jakub Kicinski , Boris Pismenny , Aviad Yehezkel Cc: Vadim Fedorenko , netdev@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [net-next v2 5/5] selftests/tls: add CHACHA20-POLY1305 to tls selftests Date: Tue, 24 Nov 2020 18:24:50 +0300 Message-Id: <1606231490-653-6-git-send-email-vfedorenko@novek.ru> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> References: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Add new cipher as a variant of standard tls selftests Signed-off-by: Vadim Fedorenko --- tools/testing/selftests/net/tls.c | 40 ++++++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index b599f1f..cb0d189 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -103,32 +103,58 @@ FIXTURE_VARIANT(tls) { - unsigned int tls_version; + u16 tls_version; + u16 cipher_type; }; -FIXTURE_VARIANT_ADD(tls, 12) +FIXTURE_VARIANT_ADD(tls, 12_gcm) { .tls_version = TLS_1_2_VERSION, + .cipher_type = TLS_CIPHER_AES_GCM_128, }; -FIXTURE_VARIANT_ADD(tls, 13) +FIXTURE_VARIANT_ADD(tls, 13_gcm) { .tls_version = TLS_1_3_VERSION, + .cipher_type = TLS_CIPHER_AES_GCM_128, +}; + +FIXTURE_VARIANT_ADD(tls, 12_chacha) +{ + .tls_version = TLS_1_2_VERSION, + .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, +}; + +FIXTURE_VARIANT_ADD(tls, 13_chacha) +{ + .tls_version = TLS_1_3_VERSION, + .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, }; FIXTURE_SETUP(tls) { - struct tls12_crypto_info_aes_gcm_128 tls12; + union tls_crypto_context tls12; struct sockaddr_in addr; socklen_t len; int sfd, ret; + size_t tls12_sz; self->notls = false; len = sizeof(addr); memset(&tls12, 0, sizeof(tls12)); tls12.info.version = variant->tls_version; - tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128; + tls12.info.cipher_type = variant->cipher_type; + switch (variant->cipher_type) { + case TLS_CIPHER_CHACHA20_POLY1305: + tls12_sz = sizeof(tls12_crypto_info_chacha20_poly1305); + break; + case TLS_CIPHER_AES_GCM_128: + tls12_sz = sizeof(tls12_crypto_info_aes_gcm_128); + break; + default: + tls12_sz = 0; + } addr.sin_family = AF_INET; addr.sin_addr.s_addr = htonl(INADDR_ANY); @@ -156,7 +182,7 @@ if (!self->notls) { ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, - sizeof(tls12)); + tls12_sz); ASSERT_EQ(ret, 0); } @@ -169,7 +195,7 @@ ASSERT_EQ(ret, 0); ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, - sizeof(tls12)); + tls12_sz); ASSERT_EQ(ret, 0); }