Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 4799ac81e52a72a6404827bf2738337bb581a174 / . / net / tls / tls_sw.c
blob: fe5735c57774bbe6ebbc7f88344637d5e1079137 [file] [log] [blame]
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1/*
2 * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
3 * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
4 * Copyright (c) 2016-2017, Lance Chao <lancerchao@fb.com>. All rights reserved.
5 * Copyright (c) 2016, Fridolin Pokorny <fridolin.pokorny@gmail.com>. All rights reserved.
6 * Copyright (c) 2016, Nikos Mavrogiannopoulos <nmav@gnutls.org>. All rights reserved.
7 *
8 * This software is available to you under a choice of one of two
9 * licenses. You may choose to be licensed under the terms of the GNU
10 * General Public License (GPL) Version 2, available from the file
11 * COPYING in the main directory of this source tree, or the
12 * OpenIB.org BSD license below:
13 *
14 * Redistribution and use in source and binary forms, with or
15 * without modification, are permitted provided that the following
16 * conditions are met:
17 *
18 * - Redistributions of source code must retain the above
19 * copyright notice, this list of conditions and the following
20 * disclaimer.
21 *
22 * - Redistributions in binary form must reproduce the above
23 * copyright notice, this list of conditions and the following
24 * disclaimer in the documentation and/or other materials
25 * provided with the distribution.
26 *
27 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
28 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
29 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
30 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
31 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
32 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
33 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
34 * SOFTWARE.
35 */
36
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]37#include <linux/sched/signal.h>
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]38#include <linux/module.h>
39#include <crypto/aead.h>
40
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]41#include <net/strparser.h>
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]42#include <net/tls.h>
43
Kees Cookb16520f2018-04-10 17:52:34 -0700[diff] [blame]44#define MAX_IV_SIZE TLS_CIPHER_AES_GCM_128_IV_SIZE
45
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]46static int tls_do_decryption(struct sock *sk,
47 struct scatterlist *sgin,
48 struct scatterlist *sgout,
49 char *iv_recv,
50 size_t data_len,
51 struct sk_buff *skb,
52 gfp_t flags)
53{
54 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]55 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]56 struct aead_request *aead_req;
57
58 int ret;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]59
Vakul Gargd2bdd262018-07-11 14:32:20 +0530[diff] [blame]60 aead_req = aead_request_alloc(ctx->aead_recv, flags);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]61 if (!aead_req)
62 return -ENOMEM;
63
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]64 aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE);
65 aead_request_set_crypt(aead_req, sgin, sgout,
66 data_len + tls_ctx->rx.tag_size,
67 (u8 *)iv_recv);
68 aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
69 crypto_req_done, &ctx->async_wait);
70
71 ret = crypto_wait_req(crypto_aead_decrypt(aead_req), &ctx->async_wait);
72
Vakul Gargd2bdd262018-07-11 14:32:20 +0530[diff] [blame]73 aead_request_free(aead_req);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]74 return ret;
75}
76
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]77static void trim_sg(struct sock *sk, struct scatterlist *sg,
78 int *sg_num_elem, unsigned int *sg_size, int target_size)
79{
80 int i = *sg_num_elem - 1;
81 int trim = *sg_size - target_size;
82
83 if (trim <= 0) {
84 WARN_ON(trim < 0);
85 return;
86 }
87
88 *sg_size = target_size;
89 while (trim >= sg[i].length) {
90 trim -= sg[i].length;
91 sk_mem_uncharge(sk, sg[i].length);
92 put_page(sg_page(&sg[i]));
93 i--;
94
95 if (i < 0)
96 goto out;
97 }
98
99 sg[i].length -= trim;
100 sk_mem_uncharge(sk, trim);
101
102out:
103 *sg_num_elem = i + 1;
104}
105
106static void trim_both_sgl(struct sock *sk, int target_size)
107{
108 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]109 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]110
111 trim_sg(sk, ctx->sg_plaintext_data,
112 &ctx->sg_plaintext_num_elem,
113 &ctx->sg_plaintext_size,
114 target_size);
115
116 if (target_size > 0)
Dave Watsondbe42552018-03-22 10:10:06 -0700[diff] [blame]117 target_size += tls_ctx->tx.overhead_size;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]118
119 trim_sg(sk, ctx->sg_encrypted_data,
120 &ctx->sg_encrypted_num_elem,
121 &ctx->sg_encrypted_size,
122 target_size);
123}
124
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]125static int alloc_encrypted_sg(struct sock *sk, int len)
126{
127 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]128 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]129 int rc = 0;
130
John Fastabend2c3682f2018-03-18 12:56:49 -0700[diff] [blame]131 rc = sk_alloc_sg(sk, len,
John Fastabend8c05dbf2018-03-18 12:57:05 -0700[diff] [blame]132 ctx->sg_encrypted_data, 0,
John Fastabend2c3682f2018-03-18 12:56:49 -0700[diff] [blame]133 &ctx->sg_encrypted_num_elem,
134 &ctx->sg_encrypted_size, 0);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]135
136 return rc;
137}
138
139static int alloc_plaintext_sg(struct sock *sk, int len)
140{
141 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]142 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]143 int rc = 0;
144
John Fastabend8c05dbf2018-03-18 12:57:05 -0700[diff] [blame]145 rc = sk_alloc_sg(sk, len, ctx->sg_plaintext_data, 0,
John Fastabend2c3682f2018-03-18 12:56:49 -0700[diff] [blame]146 &ctx->sg_plaintext_num_elem, &ctx->sg_plaintext_size,
147 tls_ctx->pending_open_record_frags);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]148
149 return rc;
150}
151
152static void free_sg(struct sock *sk, struct scatterlist *sg,
153 int *sg_num_elem, unsigned int *sg_size)
154{
155 int i, n = *sg_num_elem;
156
157 for (i = 0; i < n; ++i) {
158 sk_mem_uncharge(sk, sg[i].length);
159 put_page(sg_page(&sg[i]));
160 }
161 *sg_num_elem = 0;
162 *sg_size = 0;
163}
164
165static void tls_free_both_sg(struct sock *sk)
166{
167 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]168 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]169
170 free_sg(sk, ctx->sg_encrypted_data, &ctx->sg_encrypted_num_elem,
171 &ctx->sg_encrypted_size);
172
173 free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
174 &ctx->sg_plaintext_size);
175}
176
177static int tls_do_encryption(struct tls_context *tls_ctx,
Daniel Borkmanna447da72018-06-15 03:07:45 +0200[diff] [blame]178 struct tls_sw_context_tx *ctx,
179 struct aead_request *aead_req,
180 size_t data_len)
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]181{
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]182 int rc;
183
Dave Watsondbe42552018-03-22 10:10:06 -0700[diff] [blame]184 ctx->sg_encrypted_data[0].offset += tls_ctx->tx.prepend_size;
185 ctx->sg_encrypted_data[0].length -= tls_ctx->tx.prepend_size;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]186
187 aead_request_set_tfm(aead_req, ctx->aead_send);
188 aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE);
189 aead_request_set_crypt(aead_req, ctx->sg_aead_in, ctx->sg_aead_out,
Dave Watsondbe42552018-03-22 10:10:06 -0700[diff] [blame]190 data_len, tls_ctx->tx.iv);
Vakul Garga54667f2018-01-31 21:34:37 +0530[diff] [blame]191
192 aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
193 crypto_req_done, &ctx->async_wait);
194
195 rc = crypto_wait_req(crypto_aead_encrypt(aead_req), &ctx->async_wait);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]196
Dave Watsondbe42552018-03-22 10:10:06 -0700[diff] [blame]197 ctx->sg_encrypted_data[0].offset -= tls_ctx->tx.prepend_size;
198 ctx->sg_encrypted_data[0].length += tls_ctx->tx.prepend_size;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]199
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]200 return rc;
201}
202
203static int tls_push_record(struct sock *sk, int flags,
204 unsigned char record_type)
205{
206 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]207 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
Daniel Borkmanna447da72018-06-15 03:07:45 +0200[diff] [blame]208 struct aead_request *req;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]209 int rc;
210
Vakul Gargd2bdd262018-07-11 14:32:20 +0530[diff] [blame]211 req = aead_request_alloc(ctx->aead_send, sk->sk_allocation);
Daniel Borkmanna447da72018-06-15 03:07:45 +0200[diff] [blame]212 if (!req)
213 return -ENOMEM;
214
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]215 sg_mark_end(ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem - 1);
216 sg_mark_end(ctx->sg_encrypted_data + ctx->sg_encrypted_num_elem - 1);
217
Ilya Lesokhin213ef6e2017-11-13 10:22:47 +0200[diff] [blame]218 tls_make_aad(ctx->aad_space, ctx->sg_plaintext_size,
Dave Watsondbe42552018-03-22 10:10:06 -0700[diff] [blame]219 tls_ctx->tx.rec_seq, tls_ctx->tx.rec_seq_size,
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]220 record_type);
221
222 tls_fill_prepend(tls_ctx,
223 page_address(sg_page(&ctx->sg_encrypted_data[0])) +
224 ctx->sg_encrypted_data[0].offset,
225 ctx->sg_plaintext_size, record_type);
226
227 tls_ctx->pending_open_record_frags = 0;
228 set_bit(TLS_PENDING_CLOSED_RECORD, &tls_ctx->flags);
229
Daniel Borkmanna447da72018-06-15 03:07:45 +0200[diff] [blame]230 rc = tls_do_encryption(tls_ctx, ctx, req, ctx->sg_plaintext_size);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]231 if (rc < 0) {
232 /* If we are called from write_space and
233 * we fail, we need to set this SOCK_NOSPACE
234 * to trigger another write_space in the future.
235 */
236 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
Daniel Borkmanna447da72018-06-15 03:07:45 +0200[diff] [blame]237 goto out_req;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]238 }
239
240 free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
241 &ctx->sg_plaintext_size);
242
243 ctx->sg_encrypted_num_elem = 0;
244 ctx->sg_encrypted_size = 0;
245
246 /* Only pass through MSG_DONTWAIT and MSG_NOSIGNAL flags */
247 rc = tls_push_sg(sk, tls_ctx, ctx->sg_encrypted_data, 0, flags);
248 if (rc < 0 && rc != -EAGAIN)
Dave Watsonf4a8e432018-03-22 10:10:15 -0700[diff] [blame]249 tls_err_abort(sk, EBADMSG);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]250
Dave Watsondbe42552018-03-22 10:10:06 -0700[diff] [blame]251 tls_advance_record_sn(sk, &tls_ctx->tx);
Daniel Borkmanna447da72018-06-15 03:07:45 +0200[diff] [blame]252out_req:
Vakul Gargd2bdd262018-07-11 14:32:20 +0530[diff] [blame]253 aead_request_free(req);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]254 return rc;
255}
256
257static int tls_sw_push_pending_record(struct sock *sk, int flags)
258{
259 return tls_push_record(sk, flags, TLS_RECORD_TYPE_DATA);
260}
261
262static int zerocopy_from_iter(struct sock *sk, struct iov_iter *from,
Dave Watson69ca9292018-03-22 10:09:53 -0700[diff] [blame]263 int length, int *pages_used,
264 unsigned int *size_used,
265 struct scatterlist *to, int to_max_pages,
266 bool charge)
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]267{
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]268 struct page *pages[MAX_SKB_FRAGS];
269
270 size_t offset;
271 ssize_t copied, use;
272 int i = 0;
Dave Watson69ca9292018-03-22 10:09:53 -0700[diff] [blame]273 unsigned int size = *size_used;
274 int num_elem = *pages_used;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]275 int rc = 0;
276 int maxpages;
277
278 while (length > 0) {
279 i = 0;
Dave Watson69ca9292018-03-22 10:09:53 -0700[diff] [blame]280 maxpages = to_max_pages - num_elem;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]281 if (maxpages == 0) {
282 rc = -EFAULT;
283 goto out;
284 }
285 copied = iov_iter_get_pages(from, pages,
286 length,
287 maxpages, &offset);
288 if (copied <= 0) {
289 rc = -EFAULT;
290 goto out;
291 }
292
293 iov_iter_advance(from, copied);
294
295 length -= copied;
296 size += copied;
297 while (copied) {
298 use = min_t(int, copied, PAGE_SIZE - offset);
299
Dave Watson69ca9292018-03-22 10:09:53 -0700[diff] [blame]300 sg_set_page(&to[num_elem],
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]301 pages[i], use, offset);
Dave Watson69ca9292018-03-22 10:09:53 -0700[diff] [blame]302 sg_unmark_end(&to[num_elem]);
303 if (charge)
304 sk_mem_charge(sk, use);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]305
306 offset = 0;
307 copied -= use;
308
309 ++i;
310 ++num_elem;
311 }
312 }
313
314out:
Dave Watson69ca9292018-03-22 10:09:53 -0700[diff] [blame]315 *size_used = size;
316 *pages_used = num_elem;
317
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]318 return rc;
319}
320
321static int memcopy_from_iter(struct sock *sk, struct iov_iter *from,
322 int bytes)
323{
324 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]325 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]326 struct scatterlist *sg = ctx->sg_plaintext_data;
327 int copy, i, rc = 0;
328
329 for (i = tls_ctx->pending_open_record_frags;
330 i < ctx->sg_plaintext_num_elem; ++i) {
331 copy = sg[i].length;
332 if (copy_from_iter(
333 page_address(sg_page(&sg[i])) + sg[i].offset,
334 copy, from) != copy) {
335 rc = -EFAULT;
336 goto out;
337 }
338 bytes -= copy;
339
340 ++tls_ctx->pending_open_record_frags;
341
342 if (!bytes)
343 break;
344 }
345
346out:
347 return rc;
348}
349
350int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
351{
352 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]353 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]354 int ret = 0;
355 int required_size;
356 long timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
357 bool eor = !(msg->msg_flags & MSG_MORE);
358 size_t try_to_copy, copied = 0;
359 unsigned char record_type = TLS_RECORD_TYPE_DATA;
360 int record_room;
361 bool full_record;
362 int orig_size;
363
364 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL))
365 return -ENOTSUPP;
366
367 lock_sock(sk);
368
369 if (tls_complete_pending_work(sk, tls_ctx, msg->msg_flags, &timeo))
370 goto send_end;
371
372 if (unlikely(msg->msg_controllen)) {
373 ret = tls_proccess_cmsg(sk, msg, &record_type);
374 if (ret)
375 goto send_end;
376 }
377
378 while (msg_data_left(msg)) {
379 if (sk->sk_err) {
r.hering@avm.de30be8f82018-01-12 15:42:06 +0100[diff] [blame]380 ret = -sk->sk_err;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]381 goto send_end;
382 }
383
384 orig_size = ctx->sg_plaintext_size;
385 full_record = false;
386 try_to_copy = msg_data_left(msg);
387 record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
388 if (try_to_copy >= record_room) {
389 try_to_copy = record_room;
390 full_record = true;
391 }
392
393 required_size = ctx->sg_plaintext_size + try_to_copy +
Dave Watsondbe42552018-03-22 10:10:06 -0700[diff] [blame]394 tls_ctx->tx.overhead_size;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]395
396 if (!sk_stream_memory_free(sk))
397 goto wait_for_sndbuf;
398alloc_encrypted:
399 ret = alloc_encrypted_sg(sk, required_size);
400 if (ret) {
401 if (ret != -ENOSPC)
402 goto wait_for_memory;
403
404 /* Adjust try_to_copy according to the amount that was
405 * actually allocated. The difference is due
406 * to max sg elements limit
407 */
408 try_to_copy -= required_size - ctx->sg_encrypted_size;
409 full_record = true;
410 }
411
412 if (full_record || eor) {
413 ret = zerocopy_from_iter(sk, &msg->msg_iter,
Dave Watson69ca9292018-03-22 10:09:53 -0700[diff] [blame]414 try_to_copy, &ctx->sg_plaintext_num_elem,
415 &ctx->sg_plaintext_size,
416 ctx->sg_plaintext_data,
417 ARRAY_SIZE(ctx->sg_plaintext_data),
418 true);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]419 if (ret)
420 goto fallback_to_reg_send;
421
422 copied += try_to_copy;
423 ret = tls_push_record(sk, msg->msg_flags, record_type);
424 if (!ret)
425 continue;
426 if (ret == -EAGAIN)
427 goto send_end;
428
429 copied -= try_to_copy;
430fallback_to_reg_send:
431 iov_iter_revert(&msg->msg_iter,
432 ctx->sg_plaintext_size - orig_size);
433 trim_sg(sk, ctx->sg_plaintext_data,
434 &ctx->sg_plaintext_num_elem,
435 &ctx->sg_plaintext_size,
436 orig_size);
437 }
438
439 required_size = ctx->sg_plaintext_size + try_to_copy;
440alloc_plaintext:
441 ret = alloc_plaintext_sg(sk, required_size);
442 if (ret) {
443 if (ret != -ENOSPC)
444 goto wait_for_memory;
445
446 /* Adjust try_to_copy according to the amount that was
447 * actually allocated. The difference is due
448 * to max sg elements limit
449 */
450 try_to_copy -= required_size - ctx->sg_plaintext_size;
451 full_record = true;
452
453 trim_sg(sk, ctx->sg_encrypted_data,
454 &ctx->sg_encrypted_num_elem,
455 &ctx->sg_encrypted_size,
456 ctx->sg_plaintext_size +
Dave Watsondbe42552018-03-22 10:10:06 -0700[diff] [blame]457 tls_ctx->tx.overhead_size);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]458 }
459
460 ret = memcopy_from_iter(sk, &msg->msg_iter, try_to_copy);
461 if (ret)
462 goto trim_sgl;
463
464 copied += try_to_copy;
465 if (full_record || eor) {
466push_record:
467 ret = tls_push_record(sk, msg->msg_flags, record_type);
468 if (ret) {
469 if (ret == -ENOMEM)
470 goto wait_for_memory;
471
472 goto send_end;
473 }
474 }
475
476 continue;
477
478wait_for_sndbuf:
479 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
480wait_for_memory:
481 ret = sk_stream_wait_memory(sk, &timeo);
482 if (ret) {
483trim_sgl:
484 trim_both_sgl(sk, orig_size);
485 goto send_end;
486 }
487
488 if (tls_is_pending_closed_record(tls_ctx))
489 goto push_record;
490
491 if (ctx->sg_encrypted_size < required_size)
492 goto alloc_encrypted;
493
494 goto alloc_plaintext;
495 }
496
497send_end:
498 ret = sk_stream_error(sk, msg->msg_flags, ret);
499
500 release_sock(sk);
501 return copied ? copied : ret;
502}
503
504int tls_sw_sendpage(struct sock *sk, struct page *page,
505 int offset, size_t size, int flags)
506{
507 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]508 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]509 int ret = 0;
510 long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
511 bool eor;
512 size_t orig_size = size;
513 unsigned char record_type = TLS_RECORD_TYPE_DATA;
514 struct scatterlist *sg;
515 bool full_record;
516 int record_room;
517
518 if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
519 MSG_SENDPAGE_NOTLAST))
520 return -ENOTSUPP;
521
522 /* No MSG_EOR from splice, only look at MSG_MORE */
523 eor = !(flags & (MSG_MORE | MSG_SENDPAGE_NOTLAST));
524
525 lock_sock(sk);
526
527 sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
528
529 if (tls_complete_pending_work(sk, tls_ctx, flags, &timeo))
530 goto sendpage_end;
531
532 /* Call the sk_stream functions to manage the sndbuf mem. */
533 while (size > 0) {
534 size_t copy, required_size;
535
536 if (sk->sk_err) {
r.hering@avm.de30be8f82018-01-12 15:42:06 +0100[diff] [blame]537 ret = -sk->sk_err;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]538 goto sendpage_end;
539 }
540
541 full_record = false;
542 record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
543 copy = size;
544 if (copy >= record_room) {
545 copy = record_room;
546 full_record = true;
547 }
548 required_size = ctx->sg_plaintext_size + copy +
Dave Watsondbe42552018-03-22 10:10:06 -0700[diff] [blame]549 tls_ctx->tx.overhead_size;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]550
551 if (!sk_stream_memory_free(sk))
552 goto wait_for_sndbuf;
553alloc_payload:
554 ret = alloc_encrypted_sg(sk, required_size);
555 if (ret) {
556 if (ret != -ENOSPC)
557 goto wait_for_memory;
558
559 /* Adjust copy according to the amount that was
560 * actually allocated. The difference is due
561 * to max sg elements limit
562 */
563 copy -= required_size - ctx->sg_plaintext_size;
564 full_record = true;
565 }
566
567 get_page(page);
568 sg = ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem;
569 sg_set_page(sg, page, copy, offset);
Dave Watson7a8c4dd2018-01-19 12:30:13 -0800[diff] [blame]570 sg_unmark_end(sg);
571
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]572 ctx->sg_plaintext_num_elem++;
573
574 sk_mem_charge(sk, copy);
575 offset += copy;
576 size -= copy;
577 ctx->sg_plaintext_size += copy;
578 tls_ctx->pending_open_record_frags = ctx->sg_plaintext_num_elem;
579
580 if (full_record || eor ||
581 ctx->sg_plaintext_num_elem ==
582 ARRAY_SIZE(ctx->sg_plaintext_data)) {
583push_record:
584 ret = tls_push_record(sk, flags, record_type);
585 if (ret) {
586 if (ret == -ENOMEM)
587 goto wait_for_memory;
588
589 goto sendpage_end;
590 }
591 }
592 continue;
593wait_for_sndbuf:
594 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
595wait_for_memory:
596 ret = sk_stream_wait_memory(sk, &timeo);
597 if (ret) {
598 trim_both_sgl(sk, ctx->sg_plaintext_size);
599 goto sendpage_end;
600 }
601
602 if (tls_is_pending_closed_record(tls_ctx))
603 goto push_record;
604
605 goto alloc_payload;
606 }
607
608sendpage_end:
609 if (orig_size > size)
610 ret = orig_size - size;
611 else
612 ret = sk_stream_error(sk, flags, ret);
613
614 release_sock(sk);
615 return ret;
616}
617
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]618static struct sk_buff *tls_wait_data(struct sock *sk, int flags,
619 long timeo, int *err)
620{
621 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]622 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]623 struct sk_buff *skb;
624 DEFINE_WAIT_FUNC(wait, woken_wake_function);
625
626 while (!(skb = ctx->recv_pkt)) {
627 if (sk->sk_err) {
628 *err = sock_error(sk);
629 return NULL;
630 }
631
632 if (sock_flag(sk, SOCK_DONE))
633 return NULL;
634
635 if ((flags & MSG_DONTWAIT) || !timeo) {
636 *err = -EAGAIN;
637 return NULL;
638 }
639
640 add_wait_queue(sk_sleep(sk), &wait);
641 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
642 sk_wait_event(sk, &timeo, ctx->recv_pkt != skb, &wait);
643 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
644 remove_wait_queue(sk_sleep(sk), &wait);
645
646 /* Handle signals */
647 if (signal_pending(current)) {
648 *err = sock_intr_errno(timeo);
649 return NULL;
650 }
651 }
652
653 return skb;
654}
655
Boris Pismennydafb67f2018-07-13 14:33:40 +0300[diff] [blame]656static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
Boris Pismenny4799ac82018-07-13 14:33:43 +0300[diff] [blame^]657 struct scatterlist *sgout, bool *zc)
Boris Pismennydafb67f2018-07-13 14:33:40 +0300[diff] [blame]658{
659 struct tls_context *tls_ctx = tls_get_ctx(sk);
660 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
661 struct strp_msg *rxm = strp_msg(skb);
662 int err = 0;
663
Boris Pismenny4799ac82018-07-13 14:33:43 +0300[diff] [blame^]664#ifdef CONFIG_TLS_DEVICE
665 err = tls_device_decrypted(sk, skb);
Boris Pismennydafb67f2018-07-13 14:33:40 +0300[diff] [blame]666 if (err < 0)
667 return err;
Boris Pismenny4799ac82018-07-13 14:33:43 +0300[diff] [blame^]668#endif
669 if (!ctx->decrypted) {
670 err = decrypt_skb(sk, skb, sgout);
671 if (err < 0)
672 return err;
673 } else {
674 *zc = false;
675 }
Boris Pismennydafb67f2018-07-13 14:33:40 +0300[diff] [blame]676
677 rxm->offset += tls_ctx->rx.prepend_size;
678 rxm->full_len -= tls_ctx->rx.overhead_size;
679 tls_advance_record_sn(sk, &tls_ctx->rx);
680 ctx->decrypted = true;
681 ctx->saved_data_ready(sk);
682
683 return err;
684}
685
686int decrypt_skb(struct sock *sk, struct sk_buff *skb,
687 struct scatterlist *sgout)
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]688{
689 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]690 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
Kees Cookb16520f2018-04-10 17:52:34 -0700[diff] [blame]691 char iv[TLS_CIPHER_AES_GCM_128_SALT_SIZE + MAX_IV_SIZE];
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]692 struct scatterlist sgin_arr[MAX_SKB_FRAGS + 2];
693 struct scatterlist *sgin = &sgin_arr[0];
694 struct strp_msg *rxm = strp_msg(skb);
695 int ret, nsg = ARRAY_SIZE(sgin_arr);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]696 struct sk_buff *unused;
697
698 ret = skb_copy_bits(skb, rxm->offset + TLS_HEADER_SIZE,
699 iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
700 tls_ctx->rx.iv_size);
701 if (ret < 0)
702 return ret;
703
704 memcpy(iv, tls_ctx->rx.iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
705 if (!sgout) {
706 nsg = skb_cow_data(skb, 0, &unused) + 1;
707 sgin = kmalloc_array(nsg, sizeof(*sgin), sk->sk_allocation);
Colin Ian King95ad7542018-04-24 13:36:58 +0100[diff] [blame]708 sgout = sgin;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]709 }
710
711 sg_init_table(sgin, nsg);
Matt Mullins8ab6ffb2018-05-16 10:48:40 -0700[diff] [blame]712 sg_set_buf(&sgin[0], ctx->rx_aad_ciphertext, TLS_AAD_SPACE_SIZE);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]713
714 nsg = skb_to_sgvec(skb, &sgin[1],
715 rxm->offset + tls_ctx->rx.prepend_size,
716 rxm->full_len - tls_ctx->rx.prepend_size);
717
Matt Mullins8ab6ffb2018-05-16 10:48:40 -0700[diff] [blame]718 tls_make_aad(ctx->rx_aad_ciphertext,
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]719 rxm->full_len - tls_ctx->rx.overhead_size,
720 tls_ctx->rx.rec_seq,
721 tls_ctx->rx.rec_seq_size,
722 ctx->control);
723
724 ret = tls_do_decryption(sk, sgin, sgout, iv,
725 rxm->full_len - tls_ctx->rx.overhead_size,
726 skb, sk->sk_allocation);
727
728 if (sgin != &sgin_arr[0])
729 kfree(sgin);
730
731 return ret;
732}
733
734static bool tls_sw_advance_skb(struct sock *sk, struct sk_buff *skb,
735 unsigned int len)
736{
737 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]738 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]739 struct strp_msg *rxm = strp_msg(skb);
740
741 if (len < rxm->full_len) {
742 rxm->offset += len;
743 rxm->full_len -= len;
744
745 return false;
746 }
747
748 /* Finished with message */
749 ctx->recv_pkt = NULL;
750 kfree_skb(skb);
Doron Roberts-Kedes7170e602018-06-06 09:33:28 -0700[diff] [blame]751 __strp_unpause(&ctx->strp);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]752
753 return true;
754}
755
756int tls_sw_recvmsg(struct sock *sk,
757 struct msghdr *msg,
758 size_t len,
759 int nonblock,
760 int flags,
761 int *addr_len)
762{
763 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]764 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]765 unsigned char control;
766 struct strp_msg *rxm;
767 struct sk_buff *skb;
768 ssize_t copied = 0;
769 bool cmsg = false;
Daniel Borkmann06030db2018-06-15 03:07:46 +0200[diff] [blame]770 int target, err = 0;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]771 long timeo;
772
773 flags |= nonblock;
774
775 if (unlikely(flags & MSG_ERRQUEUE))
776 return sock_recv_errqueue(sk, msg, len, SOL_IP, IP_RECVERR);
777
778 lock_sock(sk);
779
Daniel Borkmann06030db2018-06-15 03:07:46 +0200[diff] [blame]780 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]781 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
782 do {
783 bool zc = false;
784 int chunk = 0;
785
786 skb = tls_wait_data(sk, flags, timeo, &err);
787 if (!skb)
788 goto recv_end;
789
790 rxm = strp_msg(skb);
791 if (!cmsg) {
792 int cerr;
793
794 cerr = put_cmsg(msg, SOL_TLS, TLS_GET_RECORD_TYPE,
795 sizeof(ctx->control), &ctx->control);
796 cmsg = true;
797 control = ctx->control;
798 if (ctx->control != TLS_RECORD_TYPE_DATA) {
799 if (cerr || msg->msg_flags & MSG_CTRUNC) {
800 err = -EIO;
801 goto recv_end;
802 }
803 }
804 } else if (control != ctx->control) {
805 goto recv_end;
806 }
807
808 if (!ctx->decrypted) {
809 int page_count;
810 int to_copy;
811
812 page_count = iov_iter_npages(&msg->msg_iter,
813 MAX_SKB_FRAGS);
814 to_copy = rxm->full_len - tls_ctx->rx.overhead_size;
815 if (to_copy <= len && page_count < MAX_SKB_FRAGS &&
816 likely(!(flags & MSG_PEEK))) {
817 struct scatterlist sgin[MAX_SKB_FRAGS + 1];
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]818 int pages = 0;
819
820 zc = true;
821 sg_init_table(sgin, MAX_SKB_FRAGS + 1);
Matt Mullins8ab6ffb2018-05-16 10:48:40 -0700[diff] [blame]822 sg_set_buf(&sgin[0], ctx->rx_aad_plaintext,
823 TLS_AAD_SPACE_SIZE);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]824
825 err = zerocopy_from_iter(sk, &msg->msg_iter,
826 to_copy, &pages,
827 &chunk, &sgin[1],
828 MAX_SKB_FRAGS, false);
829 if (err < 0)
830 goto fallback_to_reg_recv;
831
Boris Pismenny4799ac82018-07-13 14:33:43 +0300[diff] [blame^]832 err = decrypt_skb_update(sk, skb, sgin, &zc);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]833 for (; pages > 0; pages--)
834 put_page(sg_page(&sgin[pages]));
835 if (err < 0) {
836 tls_err_abort(sk, EBADMSG);
837 goto recv_end;
838 }
839 } else {
840fallback_to_reg_recv:
Boris Pismenny4799ac82018-07-13 14:33:43 +0300[diff] [blame^]841 err = decrypt_skb_update(sk, skb, NULL, &zc);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]842 if (err < 0) {
843 tls_err_abort(sk, EBADMSG);
844 goto recv_end;
845 }
846 }
847 ctx->decrypted = true;
848 }
849
850 if (!zc) {
851 chunk = min_t(unsigned int, rxm->full_len, len);
852 err = skb_copy_datagram_msg(skb, rxm->offset, msg,
853 chunk);
854 if (err < 0)
855 goto recv_end;
856 }
857
858 copied += chunk;
859 len -= chunk;
860 if (likely(!(flags & MSG_PEEK))) {
861 u8 control = ctx->control;
862
863 if (tls_sw_advance_skb(sk, skb, chunk)) {
864 /* Return full control message to
865 * userspace before trying to parse
866 * another message type
867 */
868 msg->msg_flags |= MSG_EOR;
869 if (control != TLS_RECORD_TYPE_DATA)
870 goto recv_end;
871 }
872 }
Daniel Borkmann06030db2018-06-15 03:07:46 +0200[diff] [blame]873 /* If we have a new message from strparser, continue now. */
874 if (copied >= target && !ctx->recv_pkt)
875 break;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]876 } while (len);
877
878recv_end:
879 release_sock(sk);
880 return copied ? : err;
881}
882
883ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos,
884 struct pipe_inode_info *pipe,
885 size_t len, unsigned int flags)
886{
887 struct tls_context *tls_ctx = tls_get_ctx(sock->sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]888 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]889 struct strp_msg *rxm = NULL;
890 struct sock *sk = sock->sk;
891 struct sk_buff *skb;
892 ssize_t copied = 0;
893 int err = 0;
894 long timeo;
895 int chunk;
Boris Pismenny4799ac82018-07-13 14:33:43 +0300[diff] [blame^]896 bool zc;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]897
898 lock_sock(sk);
899
900 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
901
902 skb = tls_wait_data(sk, flags, timeo, &err);
903 if (!skb)
904 goto splice_read_end;
905
906 /* splice does not support reading control messages */
907 if (ctx->control != TLS_RECORD_TYPE_DATA) {
908 err = -ENOTSUPP;
909 goto splice_read_end;
910 }
911
912 if (!ctx->decrypted) {
Boris Pismenny4799ac82018-07-13 14:33:43 +0300[diff] [blame^]913 err = decrypt_skb_update(sk, skb, NULL, &zc);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]914
915 if (err < 0) {
916 tls_err_abort(sk, EBADMSG);
917 goto splice_read_end;
918 }
919 ctx->decrypted = true;
920 }
921 rxm = strp_msg(skb);
922
923 chunk = min_t(unsigned int, rxm->full_len, len);
924 copied = skb_splice_bits(skb, sk, rxm->offset, pipe, chunk, flags);
925 if (copied < 0)
926 goto splice_read_end;
927
928 if (likely(!(flags & MSG_PEEK)))
929 tls_sw_advance_skb(sk, skb, copied);
930
931splice_read_end:
932 release_sock(sk);
933 return copied ? : err;
934}
935
Linus Torvaldsa11e1d42018-06-28 09:43:44 -0700[diff] [blame]936unsigned int tls_sw_poll(struct file *file, struct socket *sock,
937 struct poll_table_struct *wait)
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]938{
Linus Torvaldsa11e1d42018-06-28 09:43:44 -0700[diff] [blame]939 unsigned int ret;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]940 struct sock *sk = sock->sk;
941 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]942 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]943
Linus Torvaldsa11e1d42018-06-28 09:43:44 -0700[diff] [blame]944 /* Grab POLLOUT and POLLHUP from the underlying socket */
945 ret = ctx->sk_poll(file, sock, wait);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]946
Linus Torvaldsa11e1d42018-06-28 09:43:44 -0700[diff] [blame]947 /* Clear POLLIN bits, and set based on recv_pkt */
948 ret &= ~(POLLIN | POLLRDNORM);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]949 if (ctx->recv_pkt)
Linus Torvaldsa11e1d42018-06-28 09:43:44 -0700[diff] [blame]950 ret |= POLLIN | POLLRDNORM;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]951
Linus Torvaldsa11e1d42018-06-28 09:43:44 -0700[diff] [blame]952 return ret;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]953}
954
955static int tls_read_size(struct strparser *strp, struct sk_buff *skb)
956{
957 struct tls_context *tls_ctx = tls_get_ctx(strp->sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]958 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
Kees Cook3463e512018-06-25 16:55:05 -0700[diff] [blame]959 char header[TLS_HEADER_SIZE + MAX_IV_SIZE];
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]960 struct strp_msg *rxm = strp_msg(skb);
961 size_t cipher_overhead;
962 size_t data_len = 0;
963 int ret;
964
965 /* Verify that we have a full TLS header, or wait for more data */
966 if (rxm->offset + tls_ctx->rx.prepend_size > skb->len)
967 return 0;
968
Kees Cook3463e512018-06-25 16:55:05 -0700[diff] [blame]969 /* Sanity-check size of on-stack buffer. */
970 if (WARN_ON(tls_ctx->rx.prepend_size > sizeof(header))) {
971 ret = -EINVAL;
972 goto read_failure;
973 }
974
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]975 /* Linearize header to local buffer */
976 ret = skb_copy_bits(skb, rxm->offset, header, tls_ctx->rx.prepend_size);
977
978 if (ret < 0)
979 goto read_failure;
980
981 ctx->control = header[0];
982
983 data_len = ((header[4] & 0xFF) | (header[3] << 8));
984
985 cipher_overhead = tls_ctx->rx.tag_size + tls_ctx->rx.iv_size;
986
987 if (data_len > TLS_MAX_PAYLOAD_SIZE + cipher_overhead) {
988 ret = -EMSGSIZE;
989 goto read_failure;
990 }
991 if (data_len < cipher_overhead) {
992 ret = -EBADMSG;
993 goto read_failure;
994 }
995
996 if (header[1] != TLS_VERSION_MINOR(tls_ctx->crypto_recv.version) ||
997 header[2] != TLS_VERSION_MAJOR(tls_ctx->crypto_recv.version)) {
998 ret = -EINVAL;
999 goto read_failure;
1000 }
1001
Boris Pismenny4799ac82018-07-13 14:33:43 +0300[diff] [blame^]1002#ifdef CONFIG_TLS_DEVICE
1003 handle_device_resync(strp->sk, TCP_SKB_CB(skb)->seq + rxm->offset,
1004 *(u64*)tls_ctx->rx.rec_seq);
1005#endif
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1006 return data_len + TLS_HEADER_SIZE;
1007
1008read_failure:
1009 tls_err_abort(strp->sk, ret);
1010
1011 return ret;
1012}
1013
1014static void tls_queue(struct strparser *strp, struct sk_buff *skb)
1015{
1016 struct tls_context *tls_ctx = tls_get_ctx(strp->sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1017 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1018
1019 ctx->decrypted = false;
1020
1021 ctx->recv_pkt = skb;
1022 strp_pause(strp);
1023
1024 strp->sk->sk_state_change(strp->sk);
1025}
1026
1027static void tls_data_ready(struct sock *sk)
1028{
1029 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1030 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1031
1032 strp_data_ready(&ctx->strp);
1033}
1034
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1035void tls_sw_free_resources_tx(struct sock *sk)
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1036{
1037 struct tls_context *tls_ctx = tls_get_ctx(sk);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1038 struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1039
1040 if (ctx->aead_send)
1041 crypto_free_aead(ctx->aead_send);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1042 tls_free_both_sg(sk);
1043
1044 kfree(ctx);
1045}
1046
Boris Pismenny39f56e12018-07-13 14:33:41 +0300[diff] [blame]1047void tls_sw_release_resources_rx(struct sock *sk)
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1048{
1049 struct tls_context *tls_ctx = tls_get_ctx(sk);
1050 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
1051
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1052 if (ctx->aead_recv) {
1053 if (ctx->recv_pkt) {
1054 kfree_skb(ctx->recv_pkt);
1055 ctx->recv_pkt = NULL;
1056 }
1057 crypto_free_aead(ctx->aead_recv);
1058 strp_stop(&ctx->strp);
1059 write_lock_bh(&sk->sk_callback_lock);
1060 sk->sk_data_ready = ctx->saved_data_ready;
1061 write_unlock_bh(&sk->sk_callback_lock);
1062 release_sock(sk);
1063 strp_done(&ctx->strp);
1064 lock_sock(sk);
1065 }
Boris Pismenny39f56e12018-07-13 14:33:41 +0300[diff] [blame]1066}
1067
1068void tls_sw_free_resources_rx(struct sock *sk)
1069{
1070 struct tls_context *tls_ctx = tls_get_ctx(sk);
1071 struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
1072
1073 tls_sw_release_resources_rx(sk);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1074
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1075 kfree(ctx);
1076}
1077
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1078int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx)
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1079{
1080 char keyval[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
1081 struct tls_crypto_info *crypto_info;
1082 struct tls12_crypto_info_aes_gcm_128 *gcm_128_info;
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1083 struct tls_sw_context_tx *sw_ctx_tx = NULL;
1084 struct tls_sw_context_rx *sw_ctx_rx = NULL;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1085 struct cipher_context *cctx;
1086 struct crypto_aead **aead;
1087 struct strp_callbacks cb;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1088 u16 nonce_size, tag_size, iv_size, rec_seq_size;
1089 char *iv, *rec_seq;
1090 int rc = 0;
1091
1092 if (!ctx) {
1093 rc = -EINVAL;
1094 goto out;
1095 }
1096
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1097 if (tx) {
Boris Pismennyb190a582018-07-13 14:33:42 +0300[diff] [blame]1098 if (!ctx->priv_ctx_tx) {
1099 sw_ctx_tx = kzalloc(sizeof(*sw_ctx_tx), GFP_KERNEL);
1100 if (!sw_ctx_tx) {
1101 rc = -ENOMEM;
1102 goto out;
1103 }
1104 ctx->priv_ctx_tx = sw_ctx_tx;
1105 } else {
1106 sw_ctx_tx =
1107 (struct tls_sw_context_tx *)ctx->priv_ctx_tx;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1108 }
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1109 } else {
Boris Pismennyb190a582018-07-13 14:33:42 +0300[diff] [blame]1110 if (!ctx->priv_ctx_rx) {
1111 sw_ctx_rx = kzalloc(sizeof(*sw_ctx_rx), GFP_KERNEL);
1112 if (!sw_ctx_rx) {
1113 rc = -ENOMEM;
1114 goto out;
1115 }
1116 ctx->priv_ctx_rx = sw_ctx_rx;
1117 } else {
1118 sw_ctx_rx =
1119 (struct tls_sw_context_rx *)ctx->priv_ctx_rx;
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1120 }
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1121 }
1122
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1123 if (tx) {
Boris Pismennyb190a582018-07-13 14:33:42 +0300[diff] [blame]1124 crypto_init_wait(&sw_ctx_tx->async_wait);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1125 crypto_info = &ctx->crypto_send;
1126 cctx = &ctx->tx;
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1127 aead = &sw_ctx_tx->aead_send;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1128 } else {
Boris Pismennyb190a582018-07-13 14:33:42 +0300[diff] [blame]1129 crypto_init_wait(&sw_ctx_rx->async_wait);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1130 crypto_info = &ctx->crypto_recv;
1131 cctx = &ctx->rx;
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1132 aead = &sw_ctx_rx->aead_recv;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1133 }
1134
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1135 switch (crypto_info->cipher_type) {
1136 case TLS_CIPHER_AES_GCM_128: {
1137 nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
1138 tag_size = TLS_CIPHER_AES_GCM_128_TAG_SIZE;
1139 iv_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
1140 iv = ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->iv;
1141 rec_seq_size = TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE;
1142 rec_seq =
1143 ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->rec_seq;
1144 gcm_128_info =
1145 (struct tls12_crypto_info_aes_gcm_128 *)crypto_info;
1146 break;
1147 }
1148 default:
1149 rc = -EINVAL;
Sabrina Dubrocacf6d43e2018-01-16 16:04:26 +0100[diff] [blame]1150 goto free_priv;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1151 }
1152
Kees Cookb16520f2018-04-10 17:52:34 -0700[diff] [blame]1153 /* Sanity-check the IV size for stack allocations. */
Kees Cook3463e512018-06-25 16:55:05 -0700[diff] [blame]1154 if (iv_size > MAX_IV_SIZE || nonce_size > MAX_IV_SIZE) {
Kees Cookb16520f2018-04-10 17:52:34 -0700[diff] [blame]1155 rc = -EINVAL;
1156 goto free_priv;
1157 }
1158
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1159 cctx->prepend_size = TLS_HEADER_SIZE + nonce_size;
1160 cctx->tag_size = tag_size;
1161 cctx->overhead_size = cctx->prepend_size + cctx->tag_size;
1162 cctx->iv_size = iv_size;
1163 cctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
1164 GFP_KERNEL);
1165 if (!cctx->iv) {
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1166 rc = -ENOMEM;
Sabrina Dubrocacf6d43e2018-01-16 16:04:26 +0100[diff] [blame]1167 goto free_priv;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1168 }
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1169 memcpy(cctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
1170 memcpy(cctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size);
1171 cctx->rec_seq_size = rec_seq_size;
1172 cctx->rec_seq = kmalloc(rec_seq_size, GFP_KERNEL);
1173 if (!cctx->rec_seq) {
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1174 rc = -ENOMEM;
1175 goto free_iv;
1176 }
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1177 memcpy(cctx->rec_seq, rec_seq, rec_seq_size);
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1178
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1179 if (sw_ctx_tx) {
1180 sg_init_table(sw_ctx_tx->sg_encrypted_data,
1181 ARRAY_SIZE(sw_ctx_tx->sg_encrypted_data));
1182 sg_init_table(sw_ctx_tx->sg_plaintext_data,
1183 ARRAY_SIZE(sw_ctx_tx->sg_plaintext_data));
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1184
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1185 sg_init_table(sw_ctx_tx->sg_aead_in, 2);
1186 sg_set_buf(&sw_ctx_tx->sg_aead_in[0], sw_ctx_tx->aad_space,
1187 sizeof(sw_ctx_tx->aad_space));
1188 sg_unmark_end(&sw_ctx_tx->sg_aead_in[1]);
1189 sg_chain(sw_ctx_tx->sg_aead_in, 2,
1190 sw_ctx_tx->sg_plaintext_data);
1191 sg_init_table(sw_ctx_tx->sg_aead_out, 2);
1192 sg_set_buf(&sw_ctx_tx->sg_aead_out[0], sw_ctx_tx->aad_space,
1193 sizeof(sw_ctx_tx->aad_space));
1194 sg_unmark_end(&sw_ctx_tx->sg_aead_out[1]);
1195 sg_chain(sw_ctx_tx->sg_aead_out, 2,
1196 sw_ctx_tx->sg_encrypted_data);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1197 }
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1198
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1199 if (!*aead) {
1200 *aead = crypto_alloc_aead("gcm(aes)", 0, 0);
1201 if (IS_ERR(*aead)) {
1202 rc = PTR_ERR(*aead);
1203 *aead = NULL;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1204 goto free_rec_seq;
1205 }
1206 }
1207
1208 ctx->push_pending_record = tls_sw_push_pending_record;
1209
1210 memcpy(keyval, gcm_128_info->key, TLS_CIPHER_AES_GCM_128_KEY_SIZE);
1211
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1212 rc = crypto_aead_setkey(*aead, keyval,
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1213 TLS_CIPHER_AES_GCM_128_KEY_SIZE);
1214 if (rc)
1215 goto free_aead;
1216
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1217 rc = crypto_aead_setauthsize(*aead, cctx->tag_size);
1218 if (rc)
1219 goto free_aead;
1220
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1221 if (sw_ctx_rx) {
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1222 /* Set up strparser */
1223 memset(&cb, 0, sizeof(cb));
1224 cb.rcv_msg = tls_queue;
1225 cb.parse_msg = tls_read_size;
1226
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1227 strp_init(&sw_ctx_rx->strp, sk, &cb);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1228
1229 write_lock_bh(&sk->sk_callback_lock);
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1230 sw_ctx_rx->saved_data_ready = sk->sk_data_ready;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1231 sk->sk_data_ready = tls_data_ready;
1232 write_unlock_bh(&sk->sk_callback_lock);
1233
Linus Torvaldsa11e1d42018-06-28 09:43:44 -0700[diff] [blame]1234 sw_ctx_rx->sk_poll = sk->sk_socket->ops->poll;
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1235
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1236 strp_check_rcv(&sw_ctx_rx->strp);
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1237 }
1238
1239 goto out;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1240
1241free_aead:
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1242 crypto_free_aead(*aead);
1243 *aead = NULL;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1244free_rec_seq:
Dave Watsonc46234e2018-03-22 10:10:35 -0700[diff] [blame]1245 kfree(cctx->rec_seq);
1246 cctx->rec_seq = NULL;
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1247free_iv:
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1248 kfree(cctx->iv);
1249 cctx->iv = NULL;
Sabrina Dubrocacf6d43e2018-01-16 16:04:26 +0100[diff] [blame]1250free_priv:
Boris Pismennyf66de3e2018-04-30 10:16:15 +0300[diff] [blame]1251 if (tx) {
1252 kfree(ctx->priv_ctx_tx);
1253 ctx->priv_ctx_tx = NULL;
1254 } else {
1255 kfree(ctx->priv_ctx_rx);
1256 ctx->priv_ctx_rx = NULL;
1257 }
Dave Watson3c4d7552017-06-14 11:37:39 -0700[diff] [blame]1258out:
1259 return rc;
1260}