From 4ffccf6c4deebd6f3ab5d46234c64f957ff1c1c5 Mon Sep 17 00:00:00 2001 From: Vadim Fedorenko Date: Fri, 24 Jan 2020 16:57:56 +0300 Subject: [PATCH] kTLS: add support for AES_CCM128 and AES_GCM256 The support of new algos is added by converting code to use helper functions found in ktls.h. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11589) --- crypto/bio/bss_sock.c | 9 +++++--- ssl/t1_enc.c | 50 +++++++++++++++++++++---------------------- 2 files changed, 30 insertions(+), 29 deletions(-) diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index a72a476803..ff2bde7a58 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -154,10 +154,11 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) long ret = 1; int *ip; # ifndef OPENSSL_NO_KTLS + size_t crypto_info_len; # ifdef __FreeBSD__ struct tls_enable *crypto_info; # else - struct tls12_crypto_info_aes_gcm_128 *crypto_info; + struct tls_crypto_info_all *crypto_info; # endif # endif @@ -191,10 +192,12 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_SET_KTLS: # ifdef __FreeBSD__ crypto_info = (struct tls_enable *)ptr; + crypto_info_len = sizeof(*crypto_info); # else - crypto_info = (struct tls12_crypto_info_aes_gcm_128 *)ptr; + crypto_info = (struct tls_crypto_info_all *)ptr; + crypto_info_len = crypto_info->tls_crypto_info_len; # endif - ret = ktls_start(b->num, crypto_info, sizeof(*crypto_info), num); + ret = ktls_start(b->num, crypto_info, crypto_info_len, num); if (ret) BIO_set_ktls_flag(b, num); break; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 7f908f3b4c..108c7f1640 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -109,6 +109,7 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) * record layer. If read_ahead is enabled, then this might be false and this * function will fail. */ +# ifndef OPENSSL_NO_KTLS_RX static int count_unprocessed_records(SSL *s) { SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); @@ -132,6 +133,7 @@ static int count_unprocessed_records(SSL *s) return count; } +# endif #endif int tls1_change_cipher_state(SSL *s, int which) @@ -154,10 +156,13 @@ int tls1_change_cipher_state(SSL *s, int which) # ifdef __FreeBSD__ struct tls_enable crypto_info; # else - struct tls12_crypto_info_aes_gcm_128 crypto_info; - unsigned char geniv[12]; + struct tls_crypto_info_all crypto_info; + unsigned char *rec_seq; + void *rl_sequence; +# ifndef OPENSSL_NO_KTLS_RX int count_unprocessed; int bit; +# endif # endif BIO *bio; #endif @@ -441,14 +446,12 @@ int tls1_change_cipher_state(SSL *s, int which) crypto_info.iv = iv; crypto_info.tls_vmajor = (s->version >> 8) & 0x000000ff; crypto_info.tls_vminor = (s->version & 0x000000ff); -# else - /* check that cipher is AES_GCM_128 */ - if (EVP_CIPHER_nid(c) != NID_aes_128_gcm - || EVP_CIPHER_mode(c) != EVP_CIPH_GCM_MODE - || EVP_CIPHER_key_length(c) != TLS_CIPHER_AES_GCM_128_KEY_SIZE) +# else /* !defined(__FreeBSD__) */ + /* check that cipher is supported */ + if (!ktls_check_supported_cipher(c, dd)) goto skip_ktls; - /* check version is 1.2 */ + /* check version */ if (s->version != TLS1_2_VERSION) goto skip_ktls; # endif @@ -479,25 +482,17 @@ int tls1_change_cipher_state(SSL *s, int which) } # ifndef __FreeBSD__ - memset(&crypto_info, 0, sizeof(crypto_info)); - crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; - crypto_info.info.version = s->version; - - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GET_IV, - EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN, - geniv); - memcpy(crypto_info.iv, geniv + EVP_GCM_TLS_FIXED_IV_LEN, - TLS_CIPHER_AES_GCM_128_IV_SIZE); - memcpy(crypto_info.salt, geniv, TLS_CIPHER_AES_GCM_128_SALT_SIZE); - memcpy(crypto_info.key, key, EVP_CIPHER_key_length(c)); if (which & SSL3_CC_WRITE) - memcpy(crypto_info.rec_seq, &s->rlayer.write_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); else - memcpy(crypto_info.rec_seq, &s->rlayer.read_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); + + if (!ktls_configure_crypto(c, s->version, dd, rl_sequence, &crypto_info, + &rec_seq, iv, key)) + goto skip_ktls; if (which & SSL3_CC_READ) { +# ifndef OPENSSL_NO_KTLS_RX count_unprocessed = count_unprocessed_records(s); if (count_unprocessed < 0) goto skip_ktls; @@ -505,14 +500,17 @@ int tls1_change_cipher_state(SSL *s, int which) /* increment the crypto_info record sequence */ while (count_unprocessed) { for (bit = 7; bit >= 0; bit--) { /* increment */ - ++crypto_info.rec_seq[bit]; - if (crypto_info.rec_seq[bit] != 0) + ++rec_seq[bit]; + if (rec_seq[bit] != 0) break; } count_unprocessed--; } +# else + goto skip_ktls; +# endif } -# endif +# endif /* !__FreeBSD__ */ /* ktls works with user provided buffers directly */ if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { -- 2.25.1