KTLS: Move OCF function pointers out of ktls_session.
Instead, create a switch structure private to ktls_ocf.c and store a pointer to the switch in the ocf_session. This will permit adding an additional function pointer needed for NIC TLS RX without further bloating ktls_session. Reviewed by: hselasky Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D35011
This commit is contained in:
parent
f2d166d532
commit
a4c5d490f6
@ -2073,7 +2073,7 @@ ktls_decrypt(struct socket *so)
|
||||
SBCHECK(sb);
|
||||
SOCKBUF_UNLOCK(sb);
|
||||
|
||||
error = tls->sw_decrypt(tls, hdr, data, seqno, &trail_len);
|
||||
error = ktls_ocf_decrypt(tls, hdr, data, seqno, &trail_len);
|
||||
if (error == 0) {
|
||||
if (tls13)
|
||||
error = tls13_find_record_type(tls, data,
|
||||
@ -2262,7 +2262,7 @@ ktls_encrypt_record(struct ktls_wq *wq, struct mbuf *m,
|
||||
|
||||
/* Anonymous mbufs are encrypted in place. */
|
||||
if ((m->m_epg_flags & EPG_FLAG_ANON) != 0)
|
||||
return (tls->sw_encrypt(state, tls, m, NULL, 0));
|
||||
return (ktls_ocf_encrypt(state, tls, m, NULL, 0));
|
||||
|
||||
/*
|
||||
* For file-backed mbufs (from sendfile), anonymous wired
|
||||
@ -2292,7 +2292,7 @@ ktls_encrypt_record(struct ktls_wq *wq, struct mbuf *m,
|
||||
state->dst_iov[i].iov_base = m->m_epg_trail;
|
||||
state->dst_iov[i].iov_len = m->m_epg_trllen;
|
||||
|
||||
error = tls->sw_encrypt(state, tls, m, state->dst_iov, i + 1);
|
||||
error = ktls_ocf_encrypt(state, tls, m, state->dst_iov, i + 1);
|
||||
|
||||
if (__predict_false(error != 0)) {
|
||||
/* Free the anonymous pages. */
|
||||
|
@ -49,5 +49,11 @@ struct ktls_ocf_encrypt_state {
|
||||
void ktls_encrypt_cb(struct ktls_ocf_encrypt_state *state, int error);
|
||||
void ktls_ocf_free(struct ktls_session *tls);
|
||||
int ktls_ocf_try(struct socket *so, struct ktls_session *tls, int direction);
|
||||
int ktls_ocf_encrypt(struct ktls_ocf_encrypt_state *state,
|
||||
struct ktls_session *tls, struct mbuf *m, struct iovec *outiov,
|
||||
int outiovcnt);
|
||||
int ktls_ocf_decrypt(struct ktls_session *tls,
|
||||
const struct tls_record_layer *hdr, struct mbuf *m, uint64_t seqno,
|
||||
int *trailer_len);
|
||||
|
||||
#endif /* !__OPENCRYPTO_KTLS_H__ */
|
||||
|
@ -47,7 +47,20 @@ __FBSDID("$FreeBSD$");
|
||||
#include <opencrypto/cryptodev.h>
|
||||
#include <opencrypto/ktls.h>
|
||||
|
||||
struct ktls_ocf_sw {
|
||||
/* Encrypt a single outbound TLS record. */
|
||||
int (*encrypt)(struct ktls_ocf_encrypt_state *state,
|
||||
struct ktls_session *tls, struct mbuf *m,
|
||||
struct iovec *outiov, int outiovcnt);
|
||||
|
||||
/* Decrypt a received TLS record. */
|
||||
int (*decrypt)(struct ktls_session *tls,
|
||||
const struct tls_record_layer *hdr, struct mbuf *m,
|
||||
uint64_t seqno, int *trailer_len);
|
||||
};
|
||||
|
||||
struct ktls_ocf_session {
|
||||
const struct ktls_ocf_sw *sw;
|
||||
crypto_session_t sid;
|
||||
crypto_session_t mac_sid;
|
||||
struct mtx lock;
|
||||
@ -386,6 +399,10 @@ ktls_ocf_tls_cbc_encrypt(struct ktls_ocf_encrypt_state *state,
|
||||
return (error);
|
||||
}
|
||||
|
||||
static const struct ktls_ocf_sw ktls_ocf_tls_cbc_sw = {
|
||||
.encrypt = ktls_ocf_tls_cbc_encrypt
|
||||
};
|
||||
|
||||
static int
|
||||
ktls_ocf_tls12_aead_encrypt(struct ktls_ocf_encrypt_state *state,
|
||||
struct ktls_session *tls, struct mbuf *m, struct iovec *outiov,
|
||||
@ -532,6 +549,11 @@ ktls_ocf_tls12_aead_decrypt(struct ktls_session *tls,
|
||||
return (error);
|
||||
}
|
||||
|
||||
static const struct ktls_ocf_sw ktls_ocf_tls12_aead_sw = {
|
||||
.encrypt = ktls_ocf_tls12_aead_encrypt,
|
||||
.decrypt = ktls_ocf_tls12_aead_decrypt,
|
||||
};
|
||||
|
||||
static int
|
||||
ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state,
|
||||
struct ktls_session *tls, struct mbuf *m, struct iovec *outiov,
|
||||
@ -662,6 +684,11 @@ ktls_ocf_tls13_aead_decrypt(struct ktls_session *tls,
|
||||
return (error);
|
||||
}
|
||||
|
||||
static const struct ktls_ocf_sw ktls_ocf_tls13_aead_sw = {
|
||||
.encrypt = ktls_ocf_tls13_aead_encrypt,
|
||||
.decrypt = ktls_ocf_tls13_aead_decrypt,
|
||||
};
|
||||
|
||||
void
|
||||
ktls_ocf_free(struct ktls_session *tls)
|
||||
{
|
||||
@ -806,19 +833,12 @@ ktls_ocf_try(struct socket *so, struct ktls_session *tls, int direction)
|
||||
tls->ocf_session = os;
|
||||
if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16 ||
|
||||
tls->params.cipher_algorithm == CRYPTO_CHACHA20_POLY1305) {
|
||||
if (direction == KTLS_TX) {
|
||||
if (tls->params.tls_vminor == TLS_MINOR_VER_THREE)
|
||||
tls->sw_encrypt = ktls_ocf_tls13_aead_encrypt;
|
||||
else
|
||||
tls->sw_encrypt = ktls_ocf_tls12_aead_encrypt;
|
||||
} else {
|
||||
if (tls->params.tls_vminor == TLS_MINOR_VER_THREE)
|
||||
tls->sw_decrypt = ktls_ocf_tls13_aead_decrypt;
|
||||
else
|
||||
tls->sw_decrypt = ktls_ocf_tls12_aead_decrypt;
|
||||
}
|
||||
if (tls->params.tls_vminor == TLS_MINOR_VER_THREE)
|
||||
os->sw = &ktls_ocf_tls13_aead_sw;
|
||||
else
|
||||
os->sw = &ktls_ocf_tls12_aead_sw;
|
||||
} else {
|
||||
tls->sw_encrypt = ktls_ocf_tls_cbc_encrypt;
|
||||
os->sw = &ktls_ocf_tls_cbc_sw;
|
||||
if (tls->params.tls_vminor == TLS_MINOR_VER_ZERO) {
|
||||
os->implicit_iv = true;
|
||||
memcpy(os->iv, tls->params.iv, AES_BLOCK_LEN);
|
||||
@ -837,3 +857,19 @@ ktls_ocf_try(struct socket *so, struct ktls_session *tls, int direction)
|
||||
tls->params.cipher_algorithm == CRYPTO_AES_CBC;
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
ktls_ocf_encrypt(struct ktls_ocf_encrypt_state *state,
|
||||
struct ktls_session *tls, struct mbuf *m, struct iovec *outiov,
|
||||
int outiovcnt)
|
||||
{
|
||||
return (tls->ocf_session->sw->encrypt(state, tls, m, outiov,
|
||||
outiovcnt));
|
||||
}
|
||||
|
||||
int
|
||||
ktls_ocf_decrypt(struct ktls_session *tls, const struct tls_record_layer *hdr,
|
||||
struct mbuf *m, uint64_t seqno, int *trailer_len)
|
||||
{
|
||||
return (tls->ocf_session->sw->decrypt(tls, hdr, m, seqno, trailer_len));
|
||||
}
|
||||
|
@ -167,8 +167,8 @@ struct tls_session_params {
|
||||
#define KTLS_RX 2
|
||||
|
||||
struct iovec;
|
||||
struct ktls_ocf_session;
|
||||
struct ktls_ocf_encrypt_state;
|
||||
struct ktls_ocf_session;
|
||||
struct ktls_session;
|
||||
struct m_snd_tag;
|
||||
struct mbuf;
|
||||
@ -176,14 +176,6 @@ struct sockbuf;
|
||||
struct socket;
|
||||
|
||||
struct ktls_session {
|
||||
union {
|
||||
int (*sw_encrypt)(struct ktls_ocf_encrypt_state *state,
|
||||
struct ktls_session *tls, struct mbuf *m,
|
||||
struct iovec *outiov, int outiovcnt);
|
||||
int (*sw_decrypt)(struct ktls_session *tls,
|
||||
const struct tls_record_layer *hdr, struct mbuf *m,
|
||||
uint64_t seqno, int *trailer_len);
|
||||
};
|
||||
struct ktls_ocf_session *ocf_session;
|
||||
struct m_snd_tag *snd_tag;
|
||||
struct tls_session_params params;
|
||||
|
Loading…
Reference in New Issue
Block a user