net: tls: Support 256 bit keys

Wire up support for 256 bit keys from the setsockopt to the crypto framework Signed-off-by: Dave Watson <davejwatson@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Dave Watson <davejwatson@fb.com> 2019-01-30 16:58:05 -0500
committer: David S. Miller <davem@davemloft.net> 2019-02-01 18:00:55 -0500
commit: fb99bce7120014307dde57b3d7def6977a9a62a1 (patch)
tree: 675e706950fa83542e60630c08a1eee8c91400ad /net/tls/tls_main.c
parent: d3a5fd3c987c5e341bf78b79ef4d81080081b7d2 (diff)
1 files changed, 31 insertions, 2 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index d36d095cbcf0..0f028cfdf835 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -372,6 +372,30 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval,
                        rc = -EFAULT;
                break;
        }
+        case TLS_CIPHER_AES_GCM_256: {
+                struct tls12_crypto_info_aes_gcm_256 *
+                  crypto_info_aes_gcm_256 =
+                  container_of(crypto_info,
+                               struct tls12_crypto_info_aes_gcm_256,
+                               info);
+                if (len != sizeof(*crypto_info_aes_gcm_256)) {
+                        rc = -EINVAL;
+                        goto out;
+                }
+                lock_sock(sk);
+                memcpy(crypto_info_aes_gcm_256->iv,
+                       ctx->tx.iv + TLS_CIPHER_AES_GCM_256_SALT_SIZE,
+                       TLS_CIPHER_AES_GCM_256_IV_SIZE);
+                memcpy(crypto_info_aes_gcm_256->rec_seq, ctx->tx.rec_seq,
+                       TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
+                release_sock(sk);
+                if (copy_to_user(optval,
+                                 crypto_info_aes_gcm_256,
+                                 sizeof(*crypto_info_aes_gcm_256)))
+                        rc = -EFAULT;
+                break;
+        }
        default:
                rc = -EINVAL;
        }
@@ -412,6 +436,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
 {
        struct tls_crypto_info *crypto_info;
        struct tls_context *ctx = tls_get_ctx(sk);
+        size_t optsize;
        int rc = 0;
        int conf;
@@ -444,8 +469,12 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
        }
        switch (crypto_info->cipher_type) {
-        case TLS_CIPHER_AES_GCM_128: {
+        case TLS_CIPHER_AES_GCM_128:
-                if (optlen != sizeof(struct tls12_crypto_info_aes_gcm_128)) {
+        case TLS_CIPHER_AES_GCM_256: {
+                optsize = crypto_info->cipher_type == TLS_CIPHER_AES_GCM_128 ?
+                        sizeof(struct tls12_crypto_info_aes_gcm_128) :
+                        sizeof(struct tls12_crypto_info_aes_gcm_256);
+                if (optlen != optsize) {
                        rc = -EINVAL;
                        goto err_crypto_info;
                }
author	Dave Watson <davejwatson@fb.com>	2019-01-30 16:58:05 -0500
committer	David S. Miller <davem@davemloft.net>	2019-02-01 18:00:55 -0500
commit	fb99bce7120014307dde57b3d7def6977a9a62a1 (patch)
tree	675e706950fa83542e60630c08a1eee8c91400ad /net/tls/tls_main.c
parent	d3a5fd3c987c5e341bf78b79ef4d81080081b7d2 (diff)

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index d36d095cbcf0..0f028cfdf835 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c
@@ -372,6 +372,30 @@ static int do_tls_getsockopt_tx(struct sock sk, char __user optval,
372	rc = -EFAULT;	372	rc = -EFAULT;
373	break;	373	break;
374	}	374	}
		375	case TLS_CIPHER_AES_GCM_256: {
		376	struct tls12_crypto_info_aes_gcm_256 *
		377	crypto_info_aes_gcm_256 =
		378	container_of(crypto_info,
		379	struct tls12_crypto_info_aes_gcm_256,
		380	info);
		381
		382	if (len != sizeof(*crypto_info_aes_gcm_256)) {
		383	rc = -EINVAL;
		384	goto out;
		385	}
		386	lock_sock(sk);
		387	memcpy(crypto_info_aes_gcm_256->iv,
		388	ctx->tx.iv + TLS_CIPHER_AES_GCM_256_SALT_SIZE,
		389	TLS_CIPHER_AES_GCM_256_IV_SIZE);
		390	memcpy(crypto_info_aes_gcm_256->rec_seq, ctx->tx.rec_seq,
		391	TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
		392	release_sock(sk);
		393	if (copy_to_user(optval,
		394	crypto_info_aes_gcm_256,
		395	sizeof(*crypto_info_aes_gcm_256)))
		396	rc = -EFAULT;
		397	break;
		398	}
375	default:	399	default:
376	rc = -EINVAL;	400	rc = -EINVAL;
377	}	401	}
@@ -412,6 +436,7 @@ static int do_tls_setsockopt_conf(struct sock sk, char __user optval,
412	{	436	{
413	struct tls_crypto_info *crypto_info;	437	struct tls_crypto_info *crypto_info;
414	struct tls_context *ctx = tls_get_ctx(sk);	438	struct tls_context *ctx = tls_get_ctx(sk);
		439	size_t optsize;
415	int rc = 0;	440	int rc = 0;
416	int conf;	441	int conf;
417		442
@@ -444,8 +469,12 @@ static int do_tls_setsockopt_conf(struct sock sk, char __user optval,
444	}	469	}
445		470
446	switch (crypto_info->cipher_type) {	471	switch (crypto_info->cipher_type) {
447	case TLS_CIPHER_AES_GCM_128: {	472	case TLS_CIPHER_AES_GCM_128:
448	if (optlen != sizeof(struct tls12_crypto_info_aes_gcm_128)) {	473	case TLS_CIPHER_AES_GCM_256: {
		474	optsize = crypto_info->cipher_type == TLS_CIPHER_AES_GCM_128 ?
		475	sizeof(struct tls12_crypto_info_aes_gcm_128) :
		476	sizeof(struct tls12_crypto_info_aes_gcm_256);
		477	if (optlen != optsize) {
449	rc = -EINVAL;	478	rc = -EINVAL;
450	goto err_crypto_info;	479	goto err_crypto_info;
451	}	480	}