mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-25 10:23:55 +07:00
f295b3ae9f
Added support for AES128-CCM based record encryption. AES128-CCM is similar to AES128-GCM. Both of them have same salt/iv/mac size. The notable difference between the two is that while invoking AES128-CCM operation, the salt||nonce (which is passed as IV) has to be prefixed with a hardcoded value '2'. Further, CCM implementation in kernel requires IV passed in crypto_aead_request() to be full '16' bytes. Therefore, the record structure 'struct tls_rec' has been modified to reserve '16' bytes for IV. This works for both GCM and CCM based cipher. Signed-off-by: Vakul Garg <vakul.garg@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
113 lines
3.9 KiB
C
113 lines
3.9 KiB
C
/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR Linux-OpenIB) */
|
|
/*
|
|
* Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
|
|
*
|
|
* This software is available to you under a choice of one of two
|
|
* licenses. You may choose to be licensed under the terms of the GNU
|
|
* General Public License (GPL) Version 2, available from the file
|
|
* COPYING in the main directory of this source tree, or the
|
|
* OpenIB.org BSD license below:
|
|
*
|
|
* Redistribution and use in source and binary forms, with or
|
|
* without modification, are permitted provided that the following
|
|
* conditions are met:
|
|
*
|
|
* - Redistributions of source code must retain the above
|
|
* copyright notice, this list of conditions and the following
|
|
* disclaimer.
|
|
*
|
|
* - Redistributions in binary form must reproduce the above
|
|
* copyright notice, this list of conditions and the following
|
|
* disclaimer in the documentation and/or other materials
|
|
* provided with the distribution.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
* SOFTWARE.
|
|
*/
|
|
|
|
#ifndef _UAPI_LINUX_TLS_H
|
|
#define _UAPI_LINUX_TLS_H
|
|
|
|
#include <linux/types.h>
|
|
|
|
/* TLS socket options */
|
|
#define TLS_TX 1 /* Set transmit parameters */
|
|
#define TLS_RX 2 /* Set receive parameters */
|
|
|
|
/* Supported versions */
|
|
#define TLS_VERSION_MINOR(ver) ((ver) & 0xFF)
|
|
#define TLS_VERSION_MAJOR(ver) (((ver) >> 8) & 0xFF)
|
|
|
|
#define TLS_VERSION_NUMBER(id) ((((id##_VERSION_MAJOR) & 0xFF) << 8) | \
|
|
((id##_VERSION_MINOR) & 0xFF))
|
|
|
|
#define TLS_1_2_VERSION_MAJOR 0x3
|
|
#define TLS_1_2_VERSION_MINOR 0x3
|
|
#define TLS_1_2_VERSION TLS_VERSION_NUMBER(TLS_1_2)
|
|
|
|
#define TLS_1_3_VERSION_MAJOR 0x3
|
|
#define TLS_1_3_VERSION_MINOR 0x4
|
|
#define TLS_1_3_VERSION TLS_VERSION_NUMBER(TLS_1_3)
|
|
|
|
/* Supported ciphers */
|
|
#define TLS_CIPHER_AES_GCM_128 51
|
|
#define TLS_CIPHER_AES_GCM_128_IV_SIZE 8
|
|
#define TLS_CIPHER_AES_GCM_128_KEY_SIZE 16
|
|
#define TLS_CIPHER_AES_GCM_128_SALT_SIZE 4
|
|
#define TLS_CIPHER_AES_GCM_128_TAG_SIZE 16
|
|
#define TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE 8
|
|
|
|
#define TLS_CIPHER_AES_GCM_256 52
|
|
#define TLS_CIPHER_AES_GCM_256_IV_SIZE 8
|
|
#define TLS_CIPHER_AES_GCM_256_KEY_SIZE 32
|
|
#define TLS_CIPHER_AES_GCM_256_SALT_SIZE 4
|
|
#define TLS_CIPHER_AES_GCM_256_TAG_SIZE 16
|
|
#define TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE 8
|
|
|
|
#define TLS_CIPHER_AES_CCM_128 53
|
|
#define TLS_CIPHER_AES_CCM_128_IV_SIZE 8
|
|
#define TLS_CIPHER_AES_CCM_128_KEY_SIZE 16
|
|
#define TLS_CIPHER_AES_CCM_128_SALT_SIZE 4
|
|
#define TLS_CIPHER_AES_CCM_128_TAG_SIZE 16
|
|
#define TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE 8
|
|
|
|
#define TLS_SET_RECORD_TYPE 1
|
|
#define TLS_GET_RECORD_TYPE 2
|
|
|
|
struct tls_crypto_info {
|
|
__u16 version;
|
|
__u16 cipher_type;
|
|
};
|
|
|
|
struct tls12_crypto_info_aes_gcm_128 {
|
|
struct tls_crypto_info info;
|
|
unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
|
|
unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
|
|
unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
|
|
unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
|
|
};
|
|
|
|
struct tls12_crypto_info_aes_gcm_256 {
|
|
struct tls_crypto_info info;
|
|
unsigned char iv[TLS_CIPHER_AES_GCM_256_IV_SIZE];
|
|
unsigned char key[TLS_CIPHER_AES_GCM_256_KEY_SIZE];
|
|
unsigned char salt[TLS_CIPHER_AES_GCM_256_SALT_SIZE];
|
|
unsigned char rec_seq[TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE];
|
|
};
|
|
|
|
struct tls12_crypto_info_aes_ccm_128 {
|
|
struct tls_crypto_info info;
|
|
unsigned char iv[TLS_CIPHER_AES_CCM_128_IV_SIZE];
|
|
unsigned char key[TLS_CIPHER_AES_CCM_128_KEY_SIZE];
|
|
unsigned char salt[TLS_CIPHER_AES_CCM_128_SALT_SIZE];
|
|
unsigned char rec_seq[TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE];
|
|
};
|
|
|
|
#endif /* _UAPI_LINUX_TLS_H */
|