Add the initial sequence number to the TLS enable socket option.
This will be needed for KTLS RX. Reviewed by: gallatin Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24451
This commit is contained in:
parent
7840d1c45f
commit
ec1db6e13d
sys
@ -957,6 +957,7 @@ ktls_enable_tx(struct socket *so, struct tls_enable *en)
|
||||
}
|
||||
|
||||
SOCKBUF_LOCK(&so->so_snd);
|
||||
so->so_snd.sb_tls_seqno = be64dec(en->rec_seq);
|
||||
so->so_snd.sb_tls_info = tls;
|
||||
if (tls->mode != TCP_TLS_MODE_SW)
|
||||
so->so_snd.sb_flags |= SB_TLS_IFNET;
|
||||
|
@ -1823,6 +1823,37 @@ CTASSERT(TCP_CA_NAME_MAX <= TCP_LOG_ID_LEN);
|
||||
CTASSERT(TCP_LOG_REASON_LEN <= TCP_LOG_ID_LEN);
|
||||
#endif
|
||||
|
||||
#ifdef KERN_TLS
|
||||
static int
|
||||
copyin_tls_enable(struct sockopt *sopt, struct tls_enable *tls)
|
||||
{
|
||||
struct tls_enable_v0 tls_v0;
|
||||
int error;
|
||||
|
||||
if (sopt->sopt_valsize == sizeof(tls_v0)) {
|
||||
error = sooptcopyin(sopt, &tls_v0, sizeof(tls_v0),
|
||||
sizeof(tls_v0));
|
||||
if (error)
|
||||
return (error);
|
||||
memset(tls, 0, sizeof(*tls));
|
||||
tls->cipher_key = tls_v0.cipher_key;
|
||||
tls->iv = tls_v0.iv;
|
||||
tls->auth_key = tls_v0.auth_key;
|
||||
tls->cipher_algorithm = tls_v0.cipher_algorithm;
|
||||
tls->cipher_key_len = tls_v0.cipher_key_len;
|
||||
tls->iv_len = tls_v0.iv_len;
|
||||
tls->auth_algorithm = tls_v0.auth_algorithm;
|
||||
tls->auth_key_len = tls_v0.auth_key_len;
|
||||
tls->flags = tls_v0.flags;
|
||||
tls->tls_vmajor = tls_v0.tls_vmajor;
|
||||
tls->tls_vminor = tls_v0.tls_vminor;
|
||||
return (0);
|
||||
}
|
||||
|
||||
return (sooptcopyin(sopt, tls, sizeof(*tls), sizeof(*tls)));
|
||||
}
|
||||
#endif
|
||||
|
||||
int
|
||||
tcp_default_ctloutput(struct socket *so, struct sockopt *sopt, struct inpcb *inp, struct tcpcb *tp)
|
||||
{
|
||||
@ -2034,8 +2065,7 @@ unlock_and_done:
|
||||
#ifdef KERN_TLS
|
||||
case TCP_TXTLS_ENABLE:
|
||||
INP_WUNLOCK(inp);
|
||||
error = sooptcopyin(sopt, &tls, sizeof(tls),
|
||||
sizeof(tls));
|
||||
error = copyin_tls_enable(sopt, &tls);
|
||||
if (error)
|
||||
break;
|
||||
error = ktls_enable_tx(so, &tls);
|
||||
|
@ -99,6 +99,22 @@ struct tls_mac_data {
|
||||
#define TLS_MINOR_VER_THREE 4 /* 3, 4 */
|
||||
|
||||
/* For TCP_TXTLS_ENABLE */
|
||||
#ifdef _KERNEL
|
||||
struct tls_enable_v0 {
|
||||
const uint8_t *cipher_key;
|
||||
const uint8_t *iv; /* Implicit IV. */
|
||||
const uint8_t *auth_key;
|
||||
int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
|
||||
int cipher_key_len;
|
||||
int iv_len;
|
||||
int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
|
||||
int auth_key_len;
|
||||
int flags;
|
||||
uint8_t tls_vmajor;
|
||||
uint8_t tls_vminor;
|
||||
};
|
||||
#endif
|
||||
|
||||
struct tls_enable {
|
||||
const uint8_t *cipher_key;
|
||||
const uint8_t *iv; /* Implicit IV. */
|
||||
@ -111,6 +127,7 @@ struct tls_enable {
|
||||
int flags;
|
||||
uint8_t tls_vmajor;
|
||||
uint8_t tls_vminor;
|
||||
uint8_t rec_seq[8];
|
||||
};
|
||||
|
||||
struct tls_session_params {
|
||||
|
Loading…
x
Reference in New Issue
Block a user