freebsd-nq/sys/opencrypto
John Baldwin a8280123e4 KTLS: Add a new recrypt operation to the software backend.
When using NIC TLS RX, packets that are dropped and retransmitted are
not decrypted by the NIC but are passed along as-is.  As a result, a
received TLS record might contain a mix of encrypted and decrypted
data.  If this occurs, the already-decrypted data needs to be
re-encrypted so that the resulting record can then be decrypted
normally.

Add support for this for sessions using AES-GCM with TLS 1.2 or TLS
1.3.  For the recrypt operation, allocate a temporary buffer and
encrypt the the payload portion of the TLS record with AES-CTR with an
initial IV constructed from the AES-GCM nonce.  Then fixup the
original mbuf chain by copying the results from the temporary buffer
back into the original mbufs for any mbufs containing decrypted data.

Once it has been recrypted, the mbuf chain can then be decrypted via
the normal software decryption path.

Co-authored by:	Hans Petter Selasky <hselasky@FreeBSD.org>
Reviewed by:	hselasky
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D35012
2022-04-22 15:52:50 -07:00
..
_cryptodev.h
cbc_mac.c cryptosoft: Fix support for variable tag lengths in AES-CCM. 2021-10-06 14:08:48 -07:00
cbc_mac.h cryptosoft: Fix support for variable tag lengths in AES-CCM. 2021-10-06 14:08:48 -07:00
criov.c Fix "set but not used" in opencrypto, with a correction for the previous 2021-12-05 15:30:36 -07:00
crypto.c crypto: hide crypto_destroyreq behind a tunable 2022-02-16 07:45:12 +00:00
cryptodeflate.c Replace some K&R function definitions with ANSI C. 2020-11-03 22:32:30 +00:00
cryptodev_if.m OCF: Remove support for asymmetric cryptographic operations. 2021-04-12 14:28:43 -07:00
cryptodev.c cryptodev: Use a private malloc type (M_CRYPTODEV) instead of M_XDATA. 2022-01-24 15:27:39 -08:00
cryptodev.h opencrypto: Add a routine to copy a crypto buffer cursor 2022-02-15 21:47:10 -05:00
cryptosoft.c cryptosoft: Avoid referencing end-of-buffer cursors 2022-01-17 19:01:24 -05:00
deflate.h Consistently use C99 fixed-width types in the in-kernel crypto code. 2020-11-03 22:27:54 +00:00
gfmult.c Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2021-08-08 10:42:24 -04:00
gfmult.h Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2021-08-08 10:42:24 -04:00
gmac.c GMAC: Reset initial hash value and counter in AES_GMAC_Reinit(). 2021-12-09 11:52:42 -08:00
gmac.h Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2021-08-08 10:42:24 -04:00
ktls_ocf.c KTLS: Add a new recrypt operation to the software backend. 2022-04-22 15:52:50 -07:00
ktls.h KTLS: Add a new recrypt operation to the software backend. 2022-04-22 15:52:50 -07:00
rmd160.c Consistently use C99 fixed-width types in the in-kernel crypto code. 2020-11-03 22:27:54 +00:00
rmd160.h Consistently use C99 fixed-width types in the in-kernel crypto code. 2020-11-03 22:27:54 +00:00
xform_aes_cbc.c xform_*.c: Add headers when needed to compile standalone. 2022-01-24 15:27:40 -08:00
xform_aes_icm.c crypto: Re-add encrypt/decrypt_multi hooks to enc_xform. 2022-01-11 14:17:41 -08:00
xform_aes_xts.c stand: Fix KASSERT use 2022-01-11 16:43:18 -07:00
xform_auth.h opencrypto/xform_*.h: Trim scope of included headers. 2022-01-25 15:21:22 -08:00
xform_cbc_mac.c crypto: Constify all transform descriptors 2021-07-26 16:41:05 -04:00
xform_chacha20_poly1305.c crypto: Re-add encrypt/decrypt_multi hooks to enc_xform. 2022-01-11 14:17:41 -08:00
xform_cml.c xform_*.c: Add headers when needed to compile standalone. 2022-01-24 15:27:40 -08:00
xform_comp.h opencrypto/xform_*.h: Trim scope of included headers. 2022-01-25 15:21:22 -08:00
xform_deflate.c xform_*.c: Add headers when needed to compile standalone. 2022-01-24 15:27:40 -08:00
xform_enc.h opencrypto/xform_*.h: Trim scope of included headers. 2022-01-25 15:21:22 -08:00
xform_gmac.c xform_*.c: Add headers when needed to compile standalone. 2022-01-24 15:27:40 -08:00
xform_null.c crypto: Re-add encrypt/decrypt_multi hooks to enc_xform. 2022-01-11 14:17:41 -08:00
xform_poly1305.c crypto: Define POLY1305_BLOCK_LEN constant. 2021-12-16 13:47:16 -08:00
xform_rmd160.c xform_*.c: Add headers when needed to compile standalone. 2022-01-24 15:27:40 -08:00
xform_sha1.c xform_*.c: Add headers when needed to compile standalone. 2022-01-24 15:27:40 -08:00
xform_sha2.c xform_*.c: Add headers when needed to compile standalone. 2022-01-24 15:27:40 -08:00
xform.h Retire now-unused M_XDATA. 2022-01-24 15:27:39 -08:00