diff options
| author | Vakul Garg <vakul.garg@nxp.com> | 2019-03-19 22:03:36 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-03-20 14:02:05 -0400 |
| commit | f295b3ae9f5927e084bd5decdff82390e3471801 (patch) | |
| tree | 787496d890b276c25f9df4df497c9c5eb1a4f9fd /net/tls/tls_main.c | |
| parent | 6a23c0a6af98c927f387353a219c1f5664bb3d5b (diff) | |
net/tls: Add support of AES128-CCM based ciphers
Added support for AES128-CCM based record encryption. AES128-CCM is
similar to AES128-GCM. Both of them have same salt/iv/mac size. The
notable difference between the two is that while invoking AES128-CCM
operation, the salt||nonce (which is passed as IV) has to be prefixed
with a hardcoded value '2'. Further, CCM implementation in kernel
requires IV passed in crypto_aead_request() to be full '16' bytes.
Therefore, the record structure 'struct tls_rec' has been modified to
reserve '16' bytes for IV. This works for both GCM and CCM based cipher.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tls/tls_main.c')
| -rw-r--r-- | net/tls/tls_main.c | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index df921a2904b9..0e24edab2535 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c | |||
| @@ -469,27 +469,32 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval, | |||
| 469 | 469 | ||
| 470 | switch (crypto_info->cipher_type) { | 470 | switch (crypto_info->cipher_type) { |
| 471 | case TLS_CIPHER_AES_GCM_128: | 471 | case TLS_CIPHER_AES_GCM_128: |
| 472 | optsize = sizeof(struct tls12_crypto_info_aes_gcm_128); | ||
| 473 | break; | ||
| 472 | case TLS_CIPHER_AES_GCM_256: { | 474 | case TLS_CIPHER_AES_GCM_256: { |
| 473 | optsize = crypto_info->cipher_type == TLS_CIPHER_AES_GCM_128 ? | 475 | optsize = sizeof(struct tls12_crypto_info_aes_gcm_256); |
| 474 | sizeof(struct tls12_crypto_info_aes_gcm_128) : | ||
| 475 | sizeof(struct tls12_crypto_info_aes_gcm_256); | ||
| 476 | if (optlen != optsize) { | ||
| 477 | rc = -EINVAL; | ||
| 478 | goto err_crypto_info; | ||
| 479 | } | ||
| 480 | rc = copy_from_user(crypto_info + 1, optval + sizeof(*crypto_info), | ||
| 481 | optlen - sizeof(*crypto_info)); | ||
| 482 | if (rc) { | ||
| 483 | rc = -EFAULT; | ||
| 484 | goto err_crypto_info; | ||
| 485 | } | ||
| 486 | break; | 476 | break; |
| 487 | } | 477 | } |
| 478 | case TLS_CIPHER_AES_CCM_128: | ||
| 479 | optsize = sizeof(struct tls12_crypto_info_aes_ccm_128); | ||
| 480 | break; | ||
| 488 | default: | 481 | default: |
| 489 | rc = -EINVAL; | 482 | rc = -EINVAL; |
| 490 | goto err_crypto_info; | 483 | goto err_crypto_info; |
| 491 | } | 484 | } |
| 492 | 485 | ||
| 486 | if (optlen != optsize) { | ||
| 487 | rc = -EINVAL; | ||
| 488 | goto err_crypto_info; | ||
| 489 | } | ||
| 490 | |||
| 491 | rc = copy_from_user(crypto_info + 1, optval + sizeof(*crypto_info), | ||
| 492 | optlen - sizeof(*crypto_info)); | ||
| 493 | if (rc) { | ||
| 494 | rc = -EFAULT; | ||
| 495 | goto err_crypto_info; | ||
| 496 | } | ||
| 497 | |||
| 493 | if (tx) { | 498 | if (tx) { |
| 494 | #ifdef CONFIG_TLS_DEVICE | 499 | #ifdef CONFIG_TLS_DEVICE |
| 495 | rc = tls_set_device_offload(sk, ctx); | 500 | rc = tls_set_device_offload(sk, ctx); |