mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-28 11:18:45 +07:00
c46234ebb4
Add rx path for tls software implementation. recvmsg, splice_read, and poll implemented. An additional sockopt TLS_RX is added, with the same interface as TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or together (with two different setsockopt calls with appropriate keys). Control messages are passed via CMSG in a similar way to transmit. If no cmsg buffer is passed, then only application data records will be passed to userspace, and EIO is returned for other types of alerts. EBADMSG is passed for decryption errors, and EMSGSIZE is passed for framing too big, and EBADMSG for framing too small (matching openssl semantics). EINVAL is returned for TLS versions that do not match the original setsockopt call. All are unrecoverable. strparser is used to parse TLS framing. Decryption is done directly in to userspace buffers if they are large enough to support it, otherwise sk_cow_data is called (similar to ipsec), and buffers are decrypted in place and copied. splice_read always decrypts in place, since no buffers are provided to decrypt in to. sk_poll is overridden, and only returns POLLIN if a full TLS message is received. Otherwise we wait for strparser to finish reading a full frame. Actual decryption is only done during recvmsg or splice_read calls. Signed-off-by: Dave Watson <davejwatson@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
79 lines
2.8 KiB
C
79 lines
2.8 KiB
C
/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) */
|
|
/*
|
|
* Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
|
|
*
|
|
* This software is available to you under a choice of one of two
|
|
* licenses. You may choose to be licensed under the terms of the GNU
|
|
* General Public License (GPL) Version 2, available from the file
|
|
* COPYING in the main directory of this source tree, or the
|
|
* OpenIB.org BSD license below:
|
|
*
|
|
* Redistribution and use in source and binary forms, with or
|
|
* without modification, are permitted provided that the following
|
|
* conditions are met:
|
|
*
|
|
* - Redistributions of source code must retain the above
|
|
* copyright notice, this list of conditions and the following
|
|
* disclaimer.
|
|
*
|
|
* - Redistributions in binary form must reproduce the above
|
|
* copyright notice, this list of conditions and the following
|
|
* disclaimer in the documentation and/or other materials
|
|
* provided with the distribution.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
* SOFTWARE.
|
|
*/
|
|
|
|
#ifndef _UAPI_LINUX_TLS_H
|
|
#define _UAPI_LINUX_TLS_H
|
|
|
|
#include <linux/types.h>
|
|
|
|
/* TLS socket options */
|
|
#define TLS_TX 1 /* Set transmit parameters */
|
|
#define TLS_RX 2 /* Set receive parameters */
|
|
|
|
/* Supported versions */
|
|
#define TLS_VERSION_MINOR(ver) ((ver) & 0xFF)
|
|
#define TLS_VERSION_MAJOR(ver) (((ver) >> 8) & 0xFF)
|
|
|
|
#define TLS_VERSION_NUMBER(id) ((((id##_VERSION_MAJOR) & 0xFF) << 8) | \
|
|
((id##_VERSION_MINOR) & 0xFF))
|
|
|
|
#define TLS_1_2_VERSION_MAJOR 0x3
|
|
#define TLS_1_2_VERSION_MINOR 0x3
|
|
#define TLS_1_2_VERSION TLS_VERSION_NUMBER(TLS_1_2)
|
|
|
|
/* Supported ciphers */
|
|
#define TLS_CIPHER_AES_GCM_128 51
|
|
#define TLS_CIPHER_AES_GCM_128_IV_SIZE 8
|
|
#define TLS_CIPHER_AES_GCM_128_KEY_SIZE 16
|
|
#define TLS_CIPHER_AES_GCM_128_SALT_SIZE 4
|
|
#define TLS_CIPHER_AES_GCM_128_TAG_SIZE 16
|
|
#define TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE 8
|
|
|
|
#define TLS_SET_RECORD_TYPE 1
|
|
#define TLS_GET_RECORD_TYPE 2
|
|
|
|
struct tls_crypto_info {
|
|
__u16 version;
|
|
__u16 cipher_type;
|
|
};
|
|
|
|
struct tls12_crypto_info_aes_gcm_128 {
|
|
struct tls_crypto_info info;
|
|
unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
|
|
unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
|
|
unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
|
|
unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
|
|
};
|
|
|
|
#endif /* _UAPI_LINUX_TLS_H */
|