Author: jhb Date: Mon Apr 27 22:31:42 2020 New Revision: 360402 URL: https://svnweb.freebsd.org/changeset/base/360402
Log: Add the initial sequence number to the TLS enable socket option. This will be needed for KTLS RX. Reviewed by: gallatin Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24451 Modified: head/sys/kern/uipc_ktls.c head/sys/netinet/tcp_usrreq.c head/sys/sys/ktls.h Modified: head/sys/kern/uipc_ktls.c ============================================================================== --- head/sys/kern/uipc_ktls.c Mon Apr 27 22:29:24 2020 (r360401) +++ head/sys/kern/uipc_ktls.c Mon Apr 27 22:31:42 2020 (r360402) @@ -957,6 +957,7 @@ ktls_enable_tx(struct socket *so, struct tls_enable *e } SOCKBUF_LOCK(&so->so_snd); + so->so_snd.sb_tls_seqno = be64dec(en->rec_seq); so->so_snd.sb_tls_info = tls; if (tls->mode != TCP_TLS_MODE_SW) so->so_snd.sb_flags |= SB_TLS_IFNET; Modified: head/sys/netinet/tcp_usrreq.c ============================================================================== --- head/sys/netinet/tcp_usrreq.c Mon Apr 27 22:29:24 2020 (r360401) +++ head/sys/netinet/tcp_usrreq.c Mon Apr 27 22:31:42 2020 (r360402) @@ -1823,6 +1823,37 @@ CTASSERT(TCP_CA_NAME_MAX <= TCP_LOG_ID_LEN); CTASSERT(TCP_LOG_REASON_LEN <= TCP_LOG_ID_LEN); #endif +#ifdef KERN_TLS +static int +copyin_tls_enable(struct sockopt *sopt, struct tls_enable *tls) +{ + struct tls_enable_v0 tls_v0; + int error; + + if (sopt->sopt_valsize == sizeof(tls_v0)) { + error = sooptcopyin(sopt, &tls_v0, sizeof(tls_v0), + sizeof(tls_v0)); + if (error) + return (error); + memset(tls, 0, sizeof(*tls)); + tls->cipher_key = tls_v0.cipher_key; + tls->iv = tls_v0.iv; + tls->auth_key = tls_v0.auth_key; + tls->cipher_algorithm = tls_v0.cipher_algorithm; + tls->cipher_key_len = tls_v0.cipher_key_len; + tls->iv_len = tls_v0.iv_len; + tls->auth_algorithm = tls_v0.auth_algorithm; + tls->auth_key_len = tls_v0.auth_key_len; + tls->flags = tls_v0.flags; + tls->tls_vmajor = tls_v0.tls_vmajor; + tls->tls_vminor = tls_v0.tls_vminor; + return (0); + } + + return (sooptcopyin(sopt, tls, sizeof(*tls), sizeof(*tls))); +} +#endif + int tcp_default_ctloutput(struct socket *so, struct sockopt *sopt, struct inpcb *inp, struct tcpcb *tp) { @@ -2034,8 +2065,7 @@ unlock_and_done: #ifdef KERN_TLS case TCP_TXTLS_ENABLE: INP_WUNLOCK(inp); - error = sooptcopyin(sopt, &tls, sizeof(tls), - sizeof(tls)); + error = copyin_tls_enable(sopt, &tls); if (error) break; error = ktls_enable_tx(so, &tls); Modified: head/sys/sys/ktls.h ============================================================================== --- head/sys/sys/ktls.h Mon Apr 27 22:29:24 2020 (r360401) +++ head/sys/sys/ktls.h Mon Apr 27 22:31:42 2020 (r360402) @@ -99,6 +99,22 @@ struct tls_mac_data { #define TLS_MINOR_VER_THREE 4 /* 3, 4 */ /* For TCP_TXTLS_ENABLE */ +#ifdef _KERNEL +struct tls_enable_v0 { + const uint8_t *cipher_key; + const uint8_t *iv; /* Implicit IV. */ + const uint8_t *auth_key; + int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */ + int cipher_key_len; + int iv_len; + int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */ + int auth_key_len; + int flags; + uint8_t tls_vmajor; + uint8_t tls_vminor; +}; +#endif + struct tls_enable { const uint8_t *cipher_key; const uint8_t *iv; /* Implicit IV. */ @@ -111,6 +127,7 @@ struct tls_enable { int flags; uint8_t tls_vmajor; uint8_t tls_vminor; + uint8_t rec_seq[8]; }; struct tls_session_params { _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "[email protected]"
