Date: Sun, 6 Oct 2019 01:42:15 +0000 (UTC) From: Mark Linimon <linimon@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r513860 - in head/security/ktls_isa-l_crypto-kmod: . files Message-ID: <201910060142.x961gFJx057629@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: linimon Date: Sun Oct 6 01:42:14 2019 New Revision: 513860 URL: https://svnweb.freebsd.org/changeset/ports/513860 Log: Rework the TLS 1.3 support in ISA-L to move the nonce work out of the seal routine and into the encrypt routine. Also obtain the nd.seqno in the TLS 1.2 case from the TLS record itself, as if we change to use a random starting value, this will prevent things from breaking due to the value on the wire being different from the passed in seqno. Submitted by:u jhb Approved by:u gallatin Differential Revision: D21857 Modified: head/security/ktls_isa-l_crypto-kmod/Makefile head/security/ktls_isa-l_crypto-kmod/files/intelisa_kern.c Modified: head/security/ktls_isa-l_crypto-kmod/Makefile ============================================================================== --- head/security/ktls_isa-l_crypto-kmod/Makefile Sun Oct 6 00:22:33 2019 (r513859) +++ head/security/ktls_isa-l_crypto-kmod/Makefile Sun Oct 6 01:42:14 2019 (r513860) @@ -4,6 +4,7 @@ PORTNAME= isa-l_crypto PORTVERSION= 2.21.0 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= security PKGNAMEPREFIX= ktls_ PKGNAMESUFFIX= -kmod Modified: head/security/ktls_isa-l_crypto-kmod/files/intelisa_kern.c ============================================================================== --- head/security/ktls_isa-l_crypto-kmod/files/intelisa_kern.c Sun Oct 6 00:22:33 2019 (r513859) +++ head/security/ktls_isa-l_crypto-kmod/files/intelisa_kern.c Sun Oct 6 01:42:14 2019 (r513860) @@ -125,7 +125,7 @@ static MALLOC_DEFINE(M_INTEL_ISA, "isal_tls", "Intel I static int intel_isa_seal(struct isa_gcm_struct *isa, struct iovec *outiov, int numiovs, - uint8_t *static_iv, int iv_len, uint64_t seq, + uint8_t * iv, struct iovec *iniov, uint8_t * ad, int adlen, uint8_t * tagout, size_t *taglen, @@ -135,36 +135,10 @@ intel_isa_seal(struct isa_gcm_struct *isa, bool nt = true; bool misaligned_len, misaligned_start; int fixup = 0; - size_t offset; uint8_t *in; uint8_t *out; uint64_t len; - uint8_t iv[32]; - uint8_t seq_num[sizeof(seq)]; - if (iv_len > 32 - sizeof(seq)) { - return (-1); - } - - if (tls_13) { - /* - * RFC 8446 5.3: left pad the 64b seqno - * with 0s, and xor with the IV - * - * gcm_init does not provde a way to specify the - * length of the iv, so we have hard-coded it to 12 in - * openssl - */ - memcpy(seq_num, &seq, sizeof(seq)); - - offset = iv_len - sizeof(seq); - memcpy(iv, static_iv, offset); - for (i = 0; i < sizeof(seq); i++) - iv[i + offset] = static_iv[i + offset] ^ seq_num[i]; - } else { - memcpy(iv, static_iv, iv_len); - memcpy(iv + iv_len, &seq, sizeof(seq)); - } isa->gcm_init(&isa->key_data, &isa->ctx_data, iv, ad, (size_t)adlen); for (i = 0; i < numiovs; i++) { in = iniov[i].iov_base; @@ -236,31 +210,43 @@ ktls_intelisa_aead_encrypt(struct ktls_session *tls, counter_u64_add(ktls_offload_isa_aead, 1); taglen = KTLS_INTELISA_AEAD_TAGLEN; + /* Setup the nonce */ + memcpy(&nd, tls->params.iv, tls->params.iv_len); + + /* Setup the associated data */ + ad.seq = htobe64(seqno); + ad.type = hdr->tls_type; + ad.tls_vmajor = hdr->tls_vmajor; + ad.tls_vminor = hdr->tls_vminor; + + /* Version-specific nonce and AAD. */ if (tls->params.tls_vminor == TLS_MINOR_VER_THREE) { tls_13 = true; counter_u64_add(ktls_offload_isa_tls_13, 1); + adlen = sizeof(ad) - sizeof(ad.seq); adptr = &ad.type; ad.tls_length = hdr->tls_length; + /* + * RFC 8446 5.3: left pad the 64b seqno + * with 0s, and xor with the IV. + */ + nd.seq ^= htobe64(seqno); } else { tls_13 = false; counter_u64_add(ktls_offload_isa_tls_12, 1); + tls_comp_len = ntohs(hdr->tls_length) - (KTLS_INTELISA_AEAD_TAGLEN + sizeof(nd.seq)); adlen = sizeof(ad); adptr = (uint8_t *)&ad; ad.tls_length = htons(tls_comp_len); + + memcpy(&nd.seq, hdr + 1, sizeof(nd.seq)); } - /* Setup the associated data */ - ad.seq = htobe64(seqno); - ad.type = hdr->tls_type; - ad.tls_vmajor = hdr->tls_vmajor; - ad.tls_vminor = hdr->tls_vminor; - ret = intel_isa_seal(isa, outiov, iovcnt, - tls->params.iv, tls->params.iv_len, - htobe64(seqno), iniov, + ret = intel_isa_seal(isa, outiov, iovcnt, (uint8_t *)&nd, iniov, adptr, adlen, trailer, &taglen, tls_13, tls_rtype);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201910060142.x961gFJx057629>