2 * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
3 * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
4 * Copyright (c) 2016-2017, Lance Chao <lancerchao@fb.com>. All rights reserved.
5 * Copyright (c) 2016, Fridolin Pokorny <fridolin.pokorny@gmail.com>. All rights reserved.
6 * Copyright (c) 2016, Nikos Mavrogiannopoulos <nmav@gnutls.org>. All rights reserved.
8 * This software is available to you under a choice of one of two
9 * licenses. You may choose to be licensed under the terms of the GNU
10 * General Public License (GPL) Version 2, available from the file
11 * COPYING in the main directory of this source tree, or the
12 * OpenIB.org BSD license below:
14 * Redistribution and use in source and binary forms, with or
15 * without modification, are permitted provided that the following
18 * - Redistributions of source code must retain the above
19 * copyright notice, this list of conditions and the following
22 * - Redistributions in binary form must reproduce the above
23 * copyright notice, this list of conditions and the following
24 * disclaimer in the documentation and/or other materials
25 * provided with the distribution.
27 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
28 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
29 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
30 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
31 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
32 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
33 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
37 #include <linux/sched/signal.h>
38 #include <linux/module.h>
39 #include <crypto/aead.h>
41 #include <net/strparser.h>
44 #define MAX_IV_SIZE TLS_CIPHER_AES_GCM_128_IV_SIZE
46 static int tls_do_decryption(struct sock *sk,
47 struct scatterlist *sgin,
48 struct scatterlist *sgout,
54 struct tls_context *tls_ctx = tls_get_ctx(sk);
55 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
56 struct strp_msg *rxm = strp_msg(skb);
57 struct aead_request *aead_req;
60 unsigned int req_size = sizeof(struct aead_request) +
61 crypto_aead_reqsize(ctx->aead_recv);
63 aead_req = kzalloc(req_size, flags);
67 aead_request_set_tfm(aead_req, ctx->aead_recv);
68 aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE);
69 aead_request_set_crypt(aead_req, sgin, sgout,
70 data_len + tls_ctx->rx.tag_size,
72 aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
73 crypto_req_done, &ctx->async_wait);
75 ret = crypto_wait_req(crypto_aead_decrypt(aead_req), &ctx->async_wait);
80 rxm->offset += tls_ctx->rx.prepend_size;
81 rxm->full_len -= tls_ctx->rx.overhead_size;
82 tls_advance_record_sn(sk, &tls_ctx->rx);
84 ctx->decrypted = true;
86 ctx->saved_data_ready(sk);
93 static void trim_sg(struct sock *sk, struct scatterlist *sg,
94 int *sg_num_elem, unsigned int *sg_size, int target_size)
96 int i = *sg_num_elem - 1;
97 int trim = *sg_size - target_size;
104 *sg_size = target_size;
105 while (trim >= sg[i].length) {
106 trim -= sg[i].length;
107 sk_mem_uncharge(sk, sg[i].length);
108 put_page(sg_page(&sg[i]));
115 sg[i].length -= trim;
116 sk_mem_uncharge(sk, trim);
119 *sg_num_elem = i + 1;
122 static void trim_both_sgl(struct sock *sk, int target_size)
124 struct tls_context *tls_ctx = tls_get_ctx(sk);
125 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
127 trim_sg(sk, ctx->sg_plaintext_data,
128 &ctx->sg_plaintext_num_elem,
129 &ctx->sg_plaintext_size,
133 target_size += tls_ctx->tx.overhead_size;
135 trim_sg(sk, ctx->sg_encrypted_data,
136 &ctx->sg_encrypted_num_elem,
137 &ctx->sg_encrypted_size,
141 static int alloc_encrypted_sg(struct sock *sk, int len)
143 struct tls_context *tls_ctx = tls_get_ctx(sk);
144 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
147 rc = sk_alloc_sg(sk, len,
148 ctx->sg_encrypted_data, 0,
149 &ctx->sg_encrypted_num_elem,
150 &ctx->sg_encrypted_size, 0);
155 static int alloc_plaintext_sg(struct sock *sk, int len)
157 struct tls_context *tls_ctx = tls_get_ctx(sk);
158 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
161 rc = sk_alloc_sg(sk, len, ctx->sg_plaintext_data, 0,
162 &ctx->sg_plaintext_num_elem, &ctx->sg_plaintext_size,
163 tls_ctx->pending_open_record_frags);
168 static void free_sg(struct sock *sk, struct scatterlist *sg,
169 int *sg_num_elem, unsigned int *sg_size)
171 int i, n = *sg_num_elem;
173 for (i = 0; i < n; ++i) {
174 sk_mem_uncharge(sk, sg[i].length);
175 put_page(sg_page(&sg[i]));
181 static void tls_free_both_sg(struct sock *sk)
183 struct tls_context *tls_ctx = tls_get_ctx(sk);
184 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
186 free_sg(sk, ctx->sg_encrypted_data, &ctx->sg_encrypted_num_elem,
187 &ctx->sg_encrypted_size);
189 free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
190 &ctx->sg_plaintext_size);
193 static int tls_do_encryption(struct tls_context *tls_ctx,
194 struct tls_sw_context_tx *ctx,
195 struct aead_request *aead_req,
200 ctx->sg_encrypted_data[0].offset += tls_ctx->tx.prepend_size;
201 ctx->sg_encrypted_data[0].length -= tls_ctx->tx.prepend_size;
203 aead_request_set_tfm(aead_req, ctx->aead_send);
204 aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE);
205 aead_request_set_crypt(aead_req, ctx->sg_aead_in, ctx->sg_aead_out,
206 data_len, tls_ctx->tx.iv);
208 aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
209 crypto_req_done, &ctx->async_wait);
211 rc = crypto_wait_req(crypto_aead_encrypt(aead_req), &ctx->async_wait);
213 ctx->sg_encrypted_data[0].offset -= tls_ctx->tx.prepend_size;
214 ctx->sg_encrypted_data[0].length += tls_ctx->tx.prepend_size;
219 static int tls_push_record(struct sock *sk, int flags,
220 unsigned char record_type)
222 struct tls_context *tls_ctx = tls_get_ctx(sk);
223 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
224 struct aead_request *req;
227 req = kzalloc(sizeof(struct aead_request) +
228 crypto_aead_reqsize(ctx->aead_send), sk->sk_allocation);
232 sg_mark_end(ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem - 1);
233 sg_mark_end(ctx->sg_encrypted_data + ctx->sg_encrypted_num_elem - 1);
235 tls_make_aad(ctx->aad_space, ctx->sg_plaintext_size,
236 tls_ctx->tx.rec_seq, tls_ctx->tx.rec_seq_size,
239 tls_fill_prepend(tls_ctx,
240 page_address(sg_page(&ctx->sg_encrypted_data[0])) +
241 ctx->sg_encrypted_data[0].offset,
242 ctx->sg_plaintext_size, record_type);
244 tls_ctx->pending_open_record_frags = 0;
245 set_bit(TLS_PENDING_CLOSED_RECORD, &tls_ctx->flags);
247 rc = tls_do_encryption(tls_ctx, ctx, req, ctx->sg_plaintext_size);
249 /* If we are called from write_space and
250 * we fail, we need to set this SOCK_NOSPACE
251 * to trigger another write_space in the future.
253 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
257 free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
258 &ctx->sg_plaintext_size);
260 ctx->sg_encrypted_num_elem = 0;
261 ctx->sg_encrypted_size = 0;
263 /* Only pass through MSG_DONTWAIT and MSG_NOSIGNAL flags */
264 rc = tls_push_sg(sk, tls_ctx, ctx->sg_encrypted_data, 0, flags);
265 if (rc < 0 && rc != -EAGAIN)
266 tls_err_abort(sk, EBADMSG);
268 tls_advance_record_sn(sk, &tls_ctx->tx);
274 static int tls_sw_push_pending_record(struct sock *sk, int flags)
276 return tls_push_record(sk, flags, TLS_RECORD_TYPE_DATA);
279 static int zerocopy_from_iter(struct sock *sk, struct iov_iter *from,
280 int length, int *pages_used,
281 unsigned int *size_used,
282 struct scatterlist *to, int to_max_pages,
285 struct page *pages[MAX_SKB_FRAGS];
290 unsigned int size = *size_used;
291 int num_elem = *pages_used;
297 maxpages = to_max_pages - num_elem;
302 copied = iov_iter_get_pages(from, pages,
310 iov_iter_advance(from, copied);
315 use = min_t(int, copied, PAGE_SIZE - offset);
317 sg_set_page(&to[num_elem],
318 pages[i], use, offset);
319 sg_unmark_end(&to[num_elem]);
321 sk_mem_charge(sk, use);
333 *pages_used = num_elem;
338 static int memcopy_from_iter(struct sock *sk, struct iov_iter *from,
341 struct tls_context *tls_ctx = tls_get_ctx(sk);
342 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
343 struct scatterlist *sg = ctx->sg_plaintext_data;
346 for (i = tls_ctx->pending_open_record_frags;
347 i < ctx->sg_plaintext_num_elem; ++i) {
350 page_address(sg_page(&sg[i])) + sg[i].offset,
351 copy, from) != copy) {
357 ++tls_ctx->pending_open_record_frags;
367 int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
369 struct tls_context *tls_ctx = tls_get_ctx(sk);
370 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
373 long timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
374 bool eor = !(msg->msg_flags & MSG_MORE);
375 size_t try_to_copy, copied = 0;
376 unsigned char record_type = TLS_RECORD_TYPE_DATA;
381 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL))
386 if (tls_complete_pending_work(sk, tls_ctx, msg->msg_flags, &timeo))
389 if (unlikely(msg->msg_controllen)) {
390 ret = tls_proccess_cmsg(sk, msg, &record_type);
395 while (msg_data_left(msg)) {
401 orig_size = ctx->sg_plaintext_size;
403 try_to_copy = msg_data_left(msg);
404 record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
405 if (try_to_copy >= record_room) {
406 try_to_copy = record_room;
410 required_size = ctx->sg_plaintext_size + try_to_copy +
411 tls_ctx->tx.overhead_size;
413 if (!sk_stream_memory_free(sk))
414 goto wait_for_sndbuf;
416 ret = alloc_encrypted_sg(sk, required_size);
419 goto wait_for_memory;
421 /* Adjust try_to_copy according to the amount that was
422 * actually allocated. The difference is due
423 * to max sg elements limit
425 try_to_copy -= required_size - ctx->sg_encrypted_size;
429 if (full_record || eor) {
430 ret = zerocopy_from_iter(sk, &msg->msg_iter,
431 try_to_copy, &ctx->sg_plaintext_num_elem,
432 &ctx->sg_plaintext_size,
433 ctx->sg_plaintext_data,
434 ARRAY_SIZE(ctx->sg_plaintext_data),
437 goto fallback_to_reg_send;
439 copied += try_to_copy;
440 ret = tls_push_record(sk, msg->msg_flags, record_type);
446 copied -= try_to_copy;
447 fallback_to_reg_send:
448 iov_iter_revert(&msg->msg_iter,
449 ctx->sg_plaintext_size - orig_size);
450 trim_sg(sk, ctx->sg_plaintext_data,
451 &ctx->sg_plaintext_num_elem,
452 &ctx->sg_plaintext_size,
456 required_size = ctx->sg_plaintext_size + try_to_copy;
458 ret = alloc_plaintext_sg(sk, required_size);
461 goto wait_for_memory;
463 /* Adjust try_to_copy according to the amount that was
464 * actually allocated. The difference is due
465 * to max sg elements limit
467 try_to_copy -= required_size - ctx->sg_plaintext_size;
470 trim_sg(sk, ctx->sg_encrypted_data,
471 &ctx->sg_encrypted_num_elem,
472 &ctx->sg_encrypted_size,
473 ctx->sg_plaintext_size +
474 tls_ctx->tx.overhead_size);
477 ret = memcopy_from_iter(sk, &msg->msg_iter, try_to_copy);
481 copied += try_to_copy;
482 if (full_record || eor) {
484 ret = tls_push_record(sk, msg->msg_flags, record_type);
487 goto wait_for_memory;
496 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
498 ret = sk_stream_wait_memory(sk, &timeo);
501 trim_both_sgl(sk, orig_size);
505 if (tls_is_pending_closed_record(tls_ctx))
508 if (ctx->sg_encrypted_size < required_size)
509 goto alloc_encrypted;
511 goto alloc_plaintext;
515 ret = sk_stream_error(sk, msg->msg_flags, ret);
518 return copied ? copied : ret;
521 int tls_sw_sendpage(struct sock *sk, struct page *page,
522 int offset, size_t size, int flags)
524 struct tls_context *tls_ctx = tls_get_ctx(sk);
525 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
527 long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
529 size_t orig_size = size;
530 unsigned char record_type = TLS_RECORD_TYPE_DATA;
531 struct scatterlist *sg;
535 if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
536 MSG_SENDPAGE_NOTLAST))
539 /* No MSG_EOR from splice, only look at MSG_MORE */
540 eor = !(flags & (MSG_MORE | MSG_SENDPAGE_NOTLAST));
544 sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
546 if (tls_complete_pending_work(sk, tls_ctx, flags, &timeo))
549 /* Call the sk_stream functions to manage the sndbuf mem. */
551 size_t copy, required_size;
559 record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
561 if (copy >= record_room) {
565 required_size = ctx->sg_plaintext_size + copy +
566 tls_ctx->tx.overhead_size;
568 if (!sk_stream_memory_free(sk))
569 goto wait_for_sndbuf;
571 ret = alloc_encrypted_sg(sk, required_size);
574 goto wait_for_memory;
576 /* Adjust copy according to the amount that was
577 * actually allocated. The difference is due
578 * to max sg elements limit
580 copy -= required_size - ctx->sg_plaintext_size;
585 sg = ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem;
586 sg_set_page(sg, page, copy, offset);
589 ctx->sg_plaintext_num_elem++;
591 sk_mem_charge(sk, copy);
594 ctx->sg_plaintext_size += copy;
595 tls_ctx->pending_open_record_frags = ctx->sg_plaintext_num_elem;
597 if (full_record || eor ||
598 ctx->sg_plaintext_num_elem ==
599 ARRAY_SIZE(ctx->sg_plaintext_data)) {
601 ret = tls_push_record(sk, flags, record_type);
604 goto wait_for_memory;
611 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
613 ret = sk_stream_wait_memory(sk, &timeo);
615 trim_both_sgl(sk, ctx->sg_plaintext_size);
619 if (tls_is_pending_closed_record(tls_ctx))
626 if (orig_size > size)
627 ret = orig_size - size;
629 ret = sk_stream_error(sk, flags, ret);
635 static struct sk_buff *tls_wait_data(struct sock *sk, int flags,
636 long timeo, int *err)
638 struct tls_context *tls_ctx = tls_get_ctx(sk);
639 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
641 DEFINE_WAIT_FUNC(wait, woken_wake_function);
643 while (!(skb = ctx->recv_pkt)) {
645 *err = sock_error(sk);
649 if (sk->sk_shutdown & RCV_SHUTDOWN)
652 if (sock_flag(sk, SOCK_DONE))
655 if ((flags & MSG_DONTWAIT) || !timeo) {
660 add_wait_queue(sk_sleep(sk), &wait);
661 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
662 sk_wait_event(sk, &timeo, ctx->recv_pkt != skb, &wait);
663 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
664 remove_wait_queue(sk_sleep(sk), &wait);
667 if (signal_pending(current)) {
668 *err = sock_intr_errno(timeo);
676 static int decrypt_skb(struct sock *sk, struct sk_buff *skb,
677 struct scatterlist *sgout)
679 struct tls_context *tls_ctx = tls_get_ctx(sk);
680 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
681 char iv[TLS_CIPHER_AES_GCM_128_SALT_SIZE + MAX_IV_SIZE];
682 struct scatterlist sgin_arr[MAX_SKB_FRAGS + 2];
683 struct scatterlist *sgin = &sgin_arr[0];
684 struct strp_msg *rxm = strp_msg(skb);
685 int ret, nsg = ARRAY_SIZE(sgin_arr);
686 struct sk_buff *unused;
688 ret = skb_copy_bits(skb, rxm->offset + TLS_HEADER_SIZE,
689 iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
690 tls_ctx->rx.iv_size);
694 memcpy(iv, tls_ctx->rx.iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
696 nsg = skb_cow_data(skb, 0, &unused) + 1;
697 sgin = kmalloc_array(nsg, sizeof(*sgin), sk->sk_allocation);
701 sg_init_table(sgin, nsg);
702 sg_set_buf(&sgin[0], ctx->rx_aad_ciphertext, TLS_AAD_SPACE_SIZE);
704 nsg = skb_to_sgvec(skb, &sgin[1],
705 rxm->offset + tls_ctx->rx.prepend_size,
706 rxm->full_len - tls_ctx->rx.prepend_size);
712 tls_make_aad(ctx->rx_aad_ciphertext,
713 rxm->full_len - tls_ctx->rx.overhead_size,
715 tls_ctx->rx.rec_seq_size,
718 ret = tls_do_decryption(sk, sgin, sgout, iv,
719 rxm->full_len - tls_ctx->rx.overhead_size,
720 skb, sk->sk_allocation);
723 if (sgin != &sgin_arr[0])
729 static bool tls_sw_advance_skb(struct sock *sk, struct sk_buff *skb,
732 struct tls_context *tls_ctx = tls_get_ctx(sk);
733 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
734 struct strp_msg *rxm = strp_msg(skb);
736 if (len < rxm->full_len) {
738 rxm->full_len -= len;
743 /* Finished with message */
744 ctx->recv_pkt = NULL;
746 __strp_unpause(&ctx->strp);
751 int tls_sw_recvmsg(struct sock *sk,
758 struct tls_context *tls_ctx = tls_get_ctx(sk);
759 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
760 unsigned char control;
761 struct strp_msg *rxm;
770 if (unlikely(flags & MSG_ERRQUEUE))
771 return sock_recv_errqueue(sk, msg, len, SOL_IP, IP_RECVERR);
775 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
776 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
781 skb = tls_wait_data(sk, flags, timeo, &err);
789 cerr = put_cmsg(msg, SOL_TLS, TLS_GET_RECORD_TYPE,
790 sizeof(ctx->control), &ctx->control);
792 control = ctx->control;
793 if (ctx->control != TLS_RECORD_TYPE_DATA) {
794 if (cerr || msg->msg_flags & MSG_CTRUNC) {
799 } else if (control != ctx->control) {
803 if (!ctx->decrypted) {
807 page_count = iov_iter_npages(&msg->msg_iter,
809 to_copy = rxm->full_len - tls_ctx->rx.overhead_size;
810 if (to_copy <= len && page_count < MAX_SKB_FRAGS &&
811 likely(!(flags & MSG_PEEK))) {
812 struct scatterlist sgin[MAX_SKB_FRAGS + 1];
816 sg_init_table(sgin, MAX_SKB_FRAGS + 1);
817 sg_set_buf(&sgin[0], ctx->rx_aad_plaintext,
820 err = zerocopy_from_iter(sk, &msg->msg_iter,
823 MAX_SKB_FRAGS, false);
825 goto fallback_to_reg_recv;
827 err = decrypt_skb(sk, skb, sgin);
828 for (; pages > 0; pages--)
829 put_page(sg_page(&sgin[pages]));
831 tls_err_abort(sk, EBADMSG);
835 fallback_to_reg_recv:
836 err = decrypt_skb(sk, skb, NULL);
838 tls_err_abort(sk, EBADMSG);
842 ctx->decrypted = true;
846 chunk = min_t(unsigned int, rxm->full_len, len);
847 err = skb_copy_datagram_msg(skb, rxm->offset, msg,
855 if (likely(!(flags & MSG_PEEK))) {
856 u8 control = ctx->control;
858 if (tls_sw_advance_skb(sk, skb, chunk)) {
859 /* Return full control message to
860 * userspace before trying to parse
861 * another message type
863 msg->msg_flags |= MSG_EOR;
864 if (control != TLS_RECORD_TYPE_DATA)
868 /* If we have a new message from strparser, continue now. */
869 if (copied >= target && !ctx->recv_pkt)
875 return copied ? : err;
878 ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos,
879 struct pipe_inode_info *pipe,
880 size_t len, unsigned int flags)
882 struct tls_context *tls_ctx = tls_get_ctx(sock->sk);
883 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
884 struct strp_msg *rxm = NULL;
885 struct sock *sk = sock->sk;
894 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
896 skb = tls_wait_data(sk, flags, timeo, &err);
898 goto splice_read_end;
900 /* splice does not support reading control messages */
901 if (ctx->control != TLS_RECORD_TYPE_DATA) {
903 goto splice_read_end;
906 if (!ctx->decrypted) {
907 err = decrypt_skb(sk, skb, NULL);
910 tls_err_abort(sk, EBADMSG);
911 goto splice_read_end;
913 ctx->decrypted = true;
917 chunk = min_t(unsigned int, rxm->full_len, len);
918 copied = skb_splice_bits(skb, sk, rxm->offset, pipe, chunk, flags);
920 goto splice_read_end;
922 if (likely(!(flags & MSG_PEEK)))
923 tls_sw_advance_skb(sk, skb, copied);
927 return copied ? : err;
930 unsigned int tls_sw_poll(struct file *file, struct socket *sock,
931 struct poll_table_struct *wait)
934 struct sock *sk = sock->sk;
935 struct tls_context *tls_ctx = tls_get_ctx(sk);
936 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
938 /* Grab POLLOUT and POLLHUP from the underlying socket */
939 ret = ctx->sk_poll(file, sock, wait);
941 /* Clear POLLIN bits, and set based on recv_pkt */
942 ret &= ~(POLLIN | POLLRDNORM);
944 ret |= POLLIN | POLLRDNORM;
949 static int tls_read_size(struct strparser *strp, struct sk_buff *skb)
951 struct tls_context *tls_ctx = tls_get_ctx(strp->sk);
952 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
953 char header[tls_ctx->rx.prepend_size];
954 struct strp_msg *rxm = strp_msg(skb);
955 size_t cipher_overhead;
959 /* Verify that we have a full TLS header, or wait for more data */
960 if (rxm->offset + tls_ctx->rx.prepend_size > skb->len)
963 /* Linearize header to local buffer */
964 ret = skb_copy_bits(skb, rxm->offset, header, tls_ctx->rx.prepend_size);
969 ctx->control = header[0];
971 data_len = ((header[4] & 0xFF) | (header[3] << 8));
973 cipher_overhead = tls_ctx->rx.tag_size + tls_ctx->rx.iv_size;
975 if (data_len > TLS_MAX_PAYLOAD_SIZE + cipher_overhead) {
979 if (data_len < cipher_overhead) {
984 if (header[1] != TLS_VERSION_MINOR(tls_ctx->crypto_recv.version) ||
985 header[2] != TLS_VERSION_MAJOR(tls_ctx->crypto_recv.version)) {
990 return data_len + TLS_HEADER_SIZE;
993 tls_err_abort(strp->sk, ret);
998 static void tls_queue(struct strparser *strp, struct sk_buff *skb)
1000 struct tls_context *tls_ctx = tls_get_ctx(strp->sk);
1001 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
1002 struct strp_msg *rxm;
1004 rxm = strp_msg(skb);
1006 ctx->decrypted = false;
1008 ctx->recv_pkt = skb;
1011 strp->sk->sk_state_change(strp->sk);
1014 static void tls_data_ready(struct sock *sk)
1016 struct tls_context *tls_ctx = tls_get_ctx(sk);
1017 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
1019 strp_data_ready(&ctx->strp);
1022 void tls_sw_free_resources_tx(struct sock *sk)
1024 struct tls_context *tls_ctx = tls_get_ctx(sk);
1025 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
1028 crypto_free_aead(ctx->aead_send);
1029 tls_free_both_sg(sk);
1034 void tls_sw_free_resources_rx(struct sock *sk)
1036 struct tls_context *tls_ctx = tls_get_ctx(sk);
1037 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
1039 if (ctx->aead_recv) {
1040 if (ctx->recv_pkt) {
1041 kfree_skb(ctx->recv_pkt);
1042 ctx->recv_pkt = NULL;
1044 crypto_free_aead(ctx->aead_recv);
1045 strp_stop(&ctx->strp);
1046 write_lock_bh(&sk->sk_callback_lock);
1047 sk->sk_data_ready = ctx->saved_data_ready;
1048 write_unlock_bh(&sk->sk_callback_lock);
1050 strp_done(&ctx->strp);
1057 int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx)
1059 char keyval[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
1060 struct tls_crypto_info *crypto_info;
1061 struct tls12_crypto_info_aes_gcm_128 *gcm_128_info;
1062 struct tls_sw_context_tx *sw_ctx_tx = NULL;
1063 struct tls_sw_context_rx *sw_ctx_rx = NULL;
1064 struct cipher_context *cctx;
1065 struct crypto_aead **aead;
1066 struct strp_callbacks cb;
1067 u16 nonce_size, tag_size, iv_size, rec_seq_size;
1077 sw_ctx_tx = kzalloc(sizeof(*sw_ctx_tx), GFP_KERNEL);
1082 crypto_init_wait(&sw_ctx_tx->async_wait);
1083 ctx->priv_ctx_tx = sw_ctx_tx;
1085 sw_ctx_rx = kzalloc(sizeof(*sw_ctx_rx), GFP_KERNEL);
1090 crypto_init_wait(&sw_ctx_rx->async_wait);
1091 ctx->priv_ctx_rx = sw_ctx_rx;
1095 crypto_info = &ctx->crypto_send;
1097 aead = &sw_ctx_tx->aead_send;
1099 crypto_info = &ctx->crypto_recv;
1101 aead = &sw_ctx_rx->aead_recv;
1104 switch (crypto_info->cipher_type) {
1105 case TLS_CIPHER_AES_GCM_128: {
1106 nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
1107 tag_size = TLS_CIPHER_AES_GCM_128_TAG_SIZE;
1108 iv_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
1109 iv = ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->iv;
1110 rec_seq_size = TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE;
1112 ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->rec_seq;
1114 (struct tls12_crypto_info_aes_gcm_128 *)crypto_info;
1122 /* Sanity-check the IV size for stack allocations. */
1123 if (iv_size > MAX_IV_SIZE) {
1128 cctx->prepend_size = TLS_HEADER_SIZE + nonce_size;
1129 cctx->tag_size = tag_size;
1130 cctx->overhead_size = cctx->prepend_size + cctx->tag_size;
1131 cctx->iv_size = iv_size;
1132 cctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
1138 memcpy(cctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
1139 memcpy(cctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size);
1140 cctx->rec_seq_size = rec_seq_size;
1141 cctx->rec_seq = kmalloc(rec_seq_size, GFP_KERNEL);
1142 if (!cctx->rec_seq) {
1146 memcpy(cctx->rec_seq, rec_seq, rec_seq_size);
1149 sg_init_table(sw_ctx_tx->sg_encrypted_data,
1150 ARRAY_SIZE(sw_ctx_tx->sg_encrypted_data));
1151 sg_init_table(sw_ctx_tx->sg_plaintext_data,
1152 ARRAY_SIZE(sw_ctx_tx->sg_plaintext_data));
1154 sg_init_table(sw_ctx_tx->sg_aead_in, 2);
1155 sg_set_buf(&sw_ctx_tx->sg_aead_in[0], sw_ctx_tx->aad_space,
1156 sizeof(sw_ctx_tx->aad_space));
1157 sg_unmark_end(&sw_ctx_tx->sg_aead_in[1]);
1158 sg_chain(sw_ctx_tx->sg_aead_in, 2,
1159 sw_ctx_tx->sg_plaintext_data);
1160 sg_init_table(sw_ctx_tx->sg_aead_out, 2);
1161 sg_set_buf(&sw_ctx_tx->sg_aead_out[0], sw_ctx_tx->aad_space,
1162 sizeof(sw_ctx_tx->aad_space));
1163 sg_unmark_end(&sw_ctx_tx->sg_aead_out[1]);
1164 sg_chain(sw_ctx_tx->sg_aead_out, 2,
1165 sw_ctx_tx->sg_encrypted_data);
1169 *aead = crypto_alloc_aead("gcm(aes)", 0, 0);
1170 if (IS_ERR(*aead)) {
1171 rc = PTR_ERR(*aead);
1177 ctx->push_pending_record = tls_sw_push_pending_record;
1179 memcpy(keyval, gcm_128_info->key, TLS_CIPHER_AES_GCM_128_KEY_SIZE);
1181 rc = crypto_aead_setkey(*aead, keyval,
1182 TLS_CIPHER_AES_GCM_128_KEY_SIZE);
1186 rc = crypto_aead_setauthsize(*aead, cctx->tag_size);
1191 /* Set up strparser */
1192 memset(&cb, 0, sizeof(cb));
1193 cb.rcv_msg = tls_queue;
1194 cb.parse_msg = tls_read_size;
1196 strp_init(&sw_ctx_rx->strp, sk, &cb);
1198 write_lock_bh(&sk->sk_callback_lock);
1199 sw_ctx_rx->saved_data_ready = sk->sk_data_ready;
1200 sk->sk_data_ready = tls_data_ready;
1201 write_unlock_bh(&sk->sk_callback_lock);
1203 sw_ctx_rx->sk_poll = sk->sk_socket->ops->poll;
1205 strp_check_rcv(&sw_ctx_rx->strp);
1211 crypto_free_aead(*aead);
1214 kfree(cctx->rec_seq);
1215 cctx->rec_seq = NULL;
1221 kfree(ctx->priv_ctx_tx);
1222 ctx->priv_ctx_tx = NULL;
1224 kfree(ctx->priv_ctx_rx);
1225 ctx->priv_ctx_rx = NULL;
projects / linux-2.6-microblaze.git / blob