2017-06-14 18:37:39 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
|
|
|
|
* Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
|
|
|
|
*
|
|
|
|
* This software is available to you under a choice of one of two
|
|
|
|
* licenses. You may choose to be licensed under the terms of the GNU
|
|
|
|
* General Public License (GPL) Version 2, available from the file
|
|
|
|
* COPYING in the main directory of this source tree, or the
|
|
|
|
* OpenIB.org BSD license below:
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or
|
|
|
|
* without modification, are permitted provided that the following
|
|
|
|
* conditions are met:
|
|
|
|
*
|
|
|
|
* - Redistributions of source code must retain the above
|
|
|
|
* copyright notice, this list of conditions and the following
|
|
|
|
* disclaimer.
|
|
|
|
*
|
|
|
|
* - Redistributions in binary form must reproduce the above
|
|
|
|
* copyright notice, this list of conditions and the following
|
|
|
|
* disclaimer in the documentation and/or other materials
|
|
|
|
* provided with the distribution.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
* SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/module.h>
|
|
|
|
|
|
|
|
#include <net/tcp.h>
|
|
|
|
#include <net/inet_common.h>
|
|
|
|
#include <linux/highmem.h>
|
|
|
|
#include <linux/netdevice.h>
|
|
|
|
#include <linux/sched/signal.h>
|
2018-03-31 16:11:52 +00:00
|
|
|
#include <linux/inetdevice.h>
|
2017-06-14 18:37:39 +00:00
|
|
|
|
|
|
|
#include <net/tls.h>
|
|
|
|
|
|
|
|
MODULE_AUTHOR("Mellanox Technologies");
|
|
|
|
MODULE_DESCRIPTION("Transport Layer Security Support");
|
|
|
|
MODULE_LICENSE("Dual BSD/GPL");
|
tcp, ulp: add alias for all ulp modules
Lets not turn the TCP ULP lookup into an arbitrary module loader as
we only intend to load ULP modules through this mechanism, not other
unrelated kernel modules:
[root@bar]# cat foo.c
#include <sys/types.h>
#include <sys/socket.h>
#include <linux/tcp.h>
#include <linux/in.h>
int main(void)
{
int sock = socket(PF_INET, SOCK_STREAM, 0);
setsockopt(sock, IPPROTO_TCP, TCP_ULP, "sctp", sizeof("sctp"));
return 0;
}
[root@bar]# gcc foo.c -O2 -Wall
[root@bar]# lsmod | grep sctp
[root@bar]# ./a.out
[root@bar]# lsmod | grep sctp
sctp 1077248 4
libcrc32c 16384 3 nf_conntrack,nf_nat,sctp
[root@bar]#
Fix it by adding module alias to TCP ULP modules, so probing module
via request_module() will be limited to tcp-ulp-[name]. The existing
modules like kTLS will load fine given tcp-ulp-tls alias, but others
will fail to load:
[root@bar]# lsmod | grep sctp
[root@bar]# ./a.out
[root@bar]# lsmod | grep sctp
[root@bar]#
Sockmap is not affected from this since it's either built-in or not.
Fixes: 734942cc4ea6 ("tcp: ULP infrastructure")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2018-08-16 19:49:06 +00:00
|
|
|
MODULE_ALIAS_TCP_ULP("tls");
|
2017-06-14 18:37:39 +00:00
|
|
|
|
2018-02-27 12:18:39 +00:00
|
|
|
enum {
|
|
|
|
TLSV4,
|
|
|
|
TLSV6,
|
|
|
|
TLS_NUM_PROTS,
|
|
|
|
};
|
2017-11-13 08:22:45 +00:00
|
|
|
|
2018-02-27 12:18:39 +00:00
|
|
|
static struct proto *saved_tcpv6_prot;
|
|
|
|
static DEFINE_MUTEX(tcpv6_prot_mutex);
|
2018-03-31 16:11:52 +00:00
|
|
|
static LIST_HEAD(device_list);
|
|
|
|
static DEFINE_MUTEX(device_mutex);
|
2018-04-30 07:16:15 +00:00
|
|
|
static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG];
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
static struct proto_ops tls_sw_proto_ops;
|
2017-11-13 08:22:45 +00:00
|
|
|
|
2018-04-30 07:16:15 +00:00
|
|
|
static void update_sk_prot(struct sock *sk, struct tls_context *ctx)
|
2017-11-13 08:22:45 +00:00
|
|
|
{
|
2018-02-27 12:18:39 +00:00
|
|
|
int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
|
|
|
|
|
2018-04-30 07:16:15 +00:00
|
|
|
sk->sk_prot = &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf];
|
2017-11-13 08:22:45 +00:00
|
|
|
}
|
2017-06-14 18:37:39 +00:00
|
|
|
|
|
|
|
int wait_on_pending_writer(struct sock *sk, long *timeo)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
DEFINE_WAIT_FUNC(wait, woken_wake_function);
|
|
|
|
|
|
|
|
add_wait_queue(sk_sleep(sk), &wait);
|
|
|
|
while (1) {
|
|
|
|
if (!*timeo) {
|
|
|
|
rc = -EAGAIN;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (signal_pending(current)) {
|
|
|
|
rc = sock_intr_errno(*timeo);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sk_wait_event(sk, timeo, !sk->sk_write_pending, &wait))
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
remove_wait_queue(sk_sleep(sk), &wait);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
int tls_push_sg(struct sock *sk,
|
|
|
|
struct tls_context *ctx,
|
|
|
|
struct scatterlist *sg,
|
|
|
|
u16 first_offset,
|
|
|
|
int flags)
|
|
|
|
{
|
|
|
|
int sendpage_flags = flags | MSG_SENDPAGE_NOTLAST;
|
|
|
|
int ret = 0;
|
|
|
|
struct page *p;
|
|
|
|
size_t size;
|
|
|
|
int offset = first_offset;
|
|
|
|
|
|
|
|
size = sg->length - offset;
|
|
|
|
offset += sg->offset;
|
|
|
|
|
2018-05-01 20:05:39 +00:00
|
|
|
ctx->in_tcp_sendpages = true;
|
2017-06-14 18:37:39 +00:00
|
|
|
while (1) {
|
|
|
|
if (sg_is_last(sg))
|
|
|
|
sendpage_flags = flags;
|
|
|
|
|
|
|
|
/* is sending application-limited? */
|
|
|
|
tcp_rate_check_app_limited(sk);
|
|
|
|
p = sg_page(sg);
|
|
|
|
retry:
|
|
|
|
ret = do_tcp_sendpages(sk, p, offset, size, sendpage_flags);
|
|
|
|
|
|
|
|
if (ret != size) {
|
|
|
|
if (ret > 0) {
|
|
|
|
offset += ret;
|
|
|
|
size -= ret;
|
|
|
|
goto retry;
|
|
|
|
}
|
|
|
|
|
|
|
|
offset -= sg->offset;
|
|
|
|
ctx->partially_sent_offset = offset;
|
|
|
|
ctx->partially_sent_record = (void *)sg;
|
2018-05-07 02:24:39 +00:00
|
|
|
ctx->in_tcp_sendpages = false;
|
2017-06-14 18:37:39 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
put_page(p);
|
|
|
|
sk_mem_uncharge(sk, sg->length);
|
|
|
|
sg = sg_next(sg);
|
|
|
|
if (!sg)
|
|
|
|
break;
|
|
|
|
|
|
|
|
offset = sg->offset;
|
|
|
|
size = sg->length;
|
|
|
|
}
|
|
|
|
|
2018-05-01 20:05:39 +00:00
|
|
|
ctx->in_tcp_sendpages = false;
|
|
|
|
ctx->sk_write_space(sk);
|
2017-06-14 18:37:39 +00:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tls_handle_open_record(struct sock *sk, int flags)
|
|
|
|
{
|
|
|
|
struct tls_context *ctx = tls_get_ctx(sk);
|
|
|
|
|
|
|
|
if (tls_is_pending_open_record(ctx))
|
|
|
|
return ctx->push_pending_record(sk, flags);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int tls_proccess_cmsg(struct sock *sk, struct msghdr *msg,
|
|
|
|
unsigned char *record_type)
|
|
|
|
{
|
|
|
|
struct cmsghdr *cmsg;
|
|
|
|
int rc = -EINVAL;
|
|
|
|
|
|
|
|
for_each_cmsghdr(cmsg, msg) {
|
|
|
|
if (!CMSG_OK(msg, cmsg))
|
|
|
|
return -EINVAL;
|
|
|
|
if (cmsg->cmsg_level != SOL_TLS)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
switch (cmsg->cmsg_type) {
|
|
|
|
case TLS_SET_RECORD_TYPE:
|
|
|
|
if (cmsg->cmsg_len < CMSG_LEN(sizeof(*record_type)))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (msg->msg_flags & MSG_MORE)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
rc = tls_handle_open_record(sk, msg->msg_flags);
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
*record_type = *(unsigned char *)CMSG_DATA(cmsg);
|
|
|
|
rc = 0;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2018-09-21 04:16:13 +00:00
|
|
|
int tls_push_partial_record(struct sock *sk, struct tls_context *ctx,
|
|
|
|
int flags)
|
2017-06-14 18:37:39 +00:00
|
|
|
{
|
|
|
|
struct scatterlist *sg;
|
|
|
|
u16 offset;
|
|
|
|
|
|
|
|
sg = ctx->partially_sent_record;
|
|
|
|
offset = ctx->partially_sent_offset;
|
|
|
|
|
|
|
|
ctx->partially_sent_record = NULL;
|
|
|
|
return tls_push_sg(sk, ctx, sg, offset, flags);
|
|
|
|
}
|
|
|
|
|
2018-09-21 04:16:13 +00:00
|
|
|
int tls_push_pending_closed_record(struct sock *sk,
|
|
|
|
struct tls_context *tls_ctx,
|
|
|
|
int flags, long *timeo)
|
|
|
|
{
|
|
|
|
struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
|
|
|
|
|
|
|
|
if (tls_is_partially_sent_record(tls_ctx) ||
|
net/tls: Fixed race condition in async encryption
On processors with multi-engine crypto accelerators, it is possible that
multiple records get encrypted in parallel and their encryption
completion is notified to different cpus in multicore processor. This
leads to the situation where tls_encrypt_done() starts executing in
parallel on different cores. In current implementation, encrypted
records are queued to tx_ready_list in tls_encrypt_done(). This requires
addition to linked list 'tx_ready_list' to be protected. As
tls_decrypt_done() could be executing in irq content, it is not possible
to protect linked list addition operation using a lock.
To fix the problem, we remove linked list addition operation from the
irq context. We do tx_ready_list addition/removal operation from
application context only and get rid of possible multiple access to
the linked list. Before starting encryption on the record, we add it to
the tail of tx_ready_list. To prevent tls_tx_records() from transmitting
it, we mark the record with a new flag 'tx_ready' in 'struct tls_rec'.
When record encryption gets completed, tls_encrypt_done() has to only
update the 'tx_ready' flag to true & linked list add operation is not
required.
The changed logic brings some other side benefits. Since the records
are always submitted in tls sequence number order for encryption, the
tx_ready_list always remains sorted and addition of new records to it
does not have to traverse the linked list.
Lastly, we renamed tx_ready_list in 'struct tls_sw_context_tx' to
'tx_list'. This is because now, the some of the records at the tail are
not ready to transmit.
Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption")
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-24 10:05:56 +00:00
|
|
|
!list_empty(&ctx->tx_list))
|
2018-09-21 04:16:13 +00:00
|
|
|
return tls_tx_records(sk, flags);
|
|
|
|
else
|
|
|
|
return tls_ctx->push_pending_record(sk, flags);
|
|
|
|
}
|
|
|
|
|
2017-06-14 18:37:39 +00:00
|
|
|
static void tls_write_space(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct tls_context *ctx = tls_get_ctx(sk);
|
2018-09-21 04:16:13 +00:00
|
|
|
struct tls_sw_context_tx *tx_ctx = tls_sw_ctx_tx(ctx);
|
2017-06-14 18:37:39 +00:00
|
|
|
|
2018-08-22 15:37:32 +00:00
|
|
|
/* If in_tcp_sendpages call lower protocol write space handler
|
|
|
|
* to ensure we wake up any waiting operations there. For example
|
|
|
|
* if do_tcp_sendpages where to call sk_wait_event.
|
|
|
|
*/
|
|
|
|
if (ctx->in_tcp_sendpages) {
|
|
|
|
ctx->sk_write_space(sk);
|
2018-05-01 20:05:39 +00:00
|
|
|
return;
|
2018-08-22 15:37:32 +00:00
|
|
|
}
|
2018-05-01 20:05:39 +00:00
|
|
|
|
2018-09-21 04:16:13 +00:00
|
|
|
/* Schedule the transmission if tx list is ready */
|
net/tls: Fixed race condition in async encryption
On processors with multi-engine crypto accelerators, it is possible that
multiple records get encrypted in parallel and their encryption
completion is notified to different cpus in multicore processor. This
leads to the situation where tls_encrypt_done() starts executing in
parallel on different cores. In current implementation, encrypted
records are queued to tx_ready_list in tls_encrypt_done(). This requires
addition to linked list 'tx_ready_list' to be protected. As
tls_decrypt_done() could be executing in irq content, it is not possible
to protect linked list addition operation using a lock.
To fix the problem, we remove linked list addition operation from the
irq context. We do tx_ready_list addition/removal operation from
application context only and get rid of possible multiple access to
the linked list. Before starting encryption on the record, we add it to
the tail of tx_ready_list. To prevent tls_tx_records() from transmitting
it, we mark the record with a new flag 'tx_ready' in 'struct tls_rec'.
When record encryption gets completed, tls_encrypt_done() has to only
update the 'tx_ready' flag to true & linked list add operation is not
required.
The changed logic brings some other side benefits. Since the records
are always submitted in tls sequence number order for encryption, the
tx_ready_list always remains sorted and addition of new records to it
does not have to traverse the linked list.
Lastly, we renamed tx_ready_list in 'struct tls_sw_context_tx' to
'tx_list'. This is because now, the some of the records at the tail are
not ready to transmit.
Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption")
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-24 10:05:56 +00:00
|
|
|
if (is_tx_ready(tx_ctx) && !sk->sk_write_pending) {
|
2018-09-21 04:16:13 +00:00
|
|
|
/* Schedule the transmission */
|
|
|
|
if (!test_and_set_bit(BIT_TX_SCHEDULED, &tx_ctx->tx_bitmask))
|
|
|
|
schedule_delayed_work(&tx_ctx->tx_work.work, 0);
|
2017-06-14 18:37:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
ctx->sk_write_space(sk);
|
|
|
|
}
|
|
|
|
|
2018-09-12 15:44:42 +00:00
|
|
|
static void tls_ctx_free(struct tls_context *ctx)
|
|
|
|
{
|
|
|
|
if (!ctx)
|
|
|
|
return;
|
|
|
|
|
|
|
|
memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send));
|
|
|
|
memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv));
|
|
|
|
kfree(ctx);
|
|
|
|
}
|
|
|
|
|
2017-06-14 18:37:39 +00:00
|
|
|
static void tls_sk_proto_close(struct sock *sk, long timeout)
|
|
|
|
{
|
|
|
|
struct tls_context *ctx = tls_get_ctx(sk);
|
|
|
|
long timeo = sock_sndtimeo(sk, 0);
|
|
|
|
void (*sk_proto_close)(struct sock *sk, long timeout);
|
2018-05-05 15:35:04 +00:00
|
|
|
bool free_ctx = false;
|
2017-06-14 18:37:39 +00:00
|
|
|
|
|
|
|
lock_sock(sk);
|
2017-11-13 08:22:46 +00:00
|
|
|
sk_proto_close = ctx->sk_proto_close;
|
|
|
|
|
2018-05-12 00:53:22 +00:00
|
|
|
if ((ctx->tx_conf == TLS_HW_RECORD && ctx->rx_conf == TLS_HW_RECORD) ||
|
|
|
|
(ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE)) {
|
2018-05-05 15:35:04 +00:00
|
|
|
free_ctx = true;
|
2017-11-13 08:22:46 +00:00
|
|
|
goto skip_tx_cleanup;
|
|
|
|
}
|
2017-06-14 18:37:39 +00:00
|
|
|
|
|
|
|
if (!tls_complete_pending_work(sk, ctx, 0, &timeo))
|
|
|
|
tls_handle_open_record(sk, 0);
|
|
|
|
|
2018-04-30 07:16:15 +00:00
|
|
|
/* We need these for tls_sw_fallback handling of other packets */
|
|
|
|
if (ctx->tx_conf == TLS_SW) {
|
|
|
|
kfree(ctx->tx.rec_seq);
|
|
|
|
kfree(ctx->tx.iv);
|
|
|
|
tls_sw_free_resources_tx(sk);
|
|
|
|
}
|
2017-06-14 18:37:39 +00:00
|
|
|
|
2018-04-30 07:16:15 +00:00
|
|
|
if (ctx->rx_conf == TLS_SW) {
|
|
|
|
kfree(ctx->rx.rec_seq);
|
|
|
|
kfree(ctx->rx.iv);
|
|
|
|
tls_sw_free_resources_rx(sk);
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
}
|
2017-06-14 18:37:39 +00:00
|
|
|
|
2018-04-30 07:16:16 +00:00
|
|
|
#ifdef CONFIG_TLS_DEVICE
|
2018-07-13 11:33:43 +00:00
|
|
|
if (ctx->rx_conf == TLS_HW)
|
|
|
|
tls_device_offload_cleanup_rx(sk);
|
|
|
|
|
|
|
|
if (ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW) {
|
2018-04-30 07:16:16 +00:00
|
|
|
#else
|
|
|
|
{
|
|
|
|
#endif
|
2018-09-12 15:44:42 +00:00
|
|
|
tls_ctx_free(ctx);
|
2018-04-30 07:16:16 +00:00
|
|
|
ctx = NULL;
|
|
|
|
}
|
|
|
|
|
2017-11-13 08:22:46 +00:00
|
|
|
skip_tx_cleanup:
|
2017-06-14 18:37:39 +00:00
|
|
|
release_sock(sk);
|
|
|
|
sk_proto_close(sk, timeout);
|
2018-03-31 16:11:52 +00:00
|
|
|
/* free ctx for TLS_HW_RECORD, used by tcp_set_state
|
|
|
|
* for sk->sk_prot->unhash [tls_hw_unhash]
|
|
|
|
*/
|
2018-05-05 15:35:04 +00:00
|
|
|
if (free_ctx)
|
2018-09-12 15:44:42 +00:00
|
|
|
tls_ctx_free(ctx);
|
2017-06-14 18:37:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval,
|
|
|
|
int __user *optlen)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
struct tls_context *ctx = tls_get_ctx(sk);
|
|
|
|
struct tls_crypto_info *crypto_info;
|
|
|
|
int len;
|
|
|
|
|
|
|
|
if (get_user(len, optlen))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
if (!optval || (len < sizeof(*crypto_info))) {
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!ctx) {
|
|
|
|
rc = -EBUSY;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* get user crypto info */
|
2018-09-12 15:44:42 +00:00
|
|
|
crypto_info = &ctx->crypto_send.info;
|
2017-06-14 18:37:39 +00:00
|
|
|
|
|
|
|
if (!TLS_CRYPTO_INFO_READY(crypto_info)) {
|
|
|
|
rc = -EBUSY;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2017-07-06 04:56:36 +00:00
|
|
|
if (len == sizeof(*crypto_info)) {
|
2017-06-23 10:15:44 +00:00
|
|
|
if (copy_to_user(optval, crypto_info, sizeof(*crypto_info)))
|
|
|
|
rc = -EFAULT;
|
2017-06-14 18:37:39 +00:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (crypto_info->cipher_type) {
|
|
|
|
case TLS_CIPHER_AES_GCM_128: {
|
|
|
|
struct tls12_crypto_info_aes_gcm_128 *
|
|
|
|
crypto_info_aes_gcm_128 =
|
|
|
|
container_of(crypto_info,
|
|
|
|
struct tls12_crypto_info_aes_gcm_128,
|
|
|
|
info);
|
|
|
|
|
|
|
|
if (len != sizeof(*crypto_info_aes_gcm_128)) {
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
lock_sock(sk);
|
2018-02-14 08:46:06 +00:00
|
|
|
memcpy(crypto_info_aes_gcm_128->iv,
|
2018-03-22 17:10:06 +00:00
|
|
|
ctx->tx.iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
|
2017-06-14 18:37:39 +00:00
|
|
|
TLS_CIPHER_AES_GCM_128_IV_SIZE);
|
2018-03-22 17:10:06 +00:00
|
|
|
memcpy(crypto_info_aes_gcm_128->rec_seq, ctx->tx.rec_seq,
|
2018-02-14 08:46:08 +00:00
|
|
|
TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
|
2017-06-14 18:37:39 +00:00
|
|
|
release_sock(sk);
|
2017-06-23 10:15:44 +00:00
|
|
|
if (copy_to_user(optval,
|
|
|
|
crypto_info_aes_gcm_128,
|
|
|
|
sizeof(*crypto_info_aes_gcm_128)))
|
|
|
|
rc = -EFAULT;
|
2017-06-14 18:37:39 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
rc = -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_tls_getsockopt(struct sock *sk, int optname,
|
|
|
|
char __user *optval, int __user *optlen)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
switch (optname) {
|
|
|
|
case TLS_TX:
|
|
|
|
rc = do_tls_getsockopt_tx(sk, optval, optlen);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
rc = -ENOPROTOOPT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tls_getsockopt(struct sock *sk, int level, int optname,
|
|
|
|
char __user *optval, int __user *optlen)
|
|
|
|
{
|
|
|
|
struct tls_context *ctx = tls_get_ctx(sk);
|
|
|
|
|
|
|
|
if (level != SOL_TLS)
|
|
|
|
return ctx->getsockopt(sk, level, optname, optval, optlen);
|
|
|
|
|
|
|
|
return do_tls_getsockopt(sk, optname, optval, optlen);
|
|
|
|
}
|
|
|
|
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
|
|
|
|
unsigned int optlen, int tx)
|
2017-06-14 18:37:39 +00:00
|
|
|
{
|
2017-11-13 08:22:48 +00:00
|
|
|
struct tls_crypto_info *crypto_info;
|
2017-06-14 18:37:39 +00:00
|
|
|
struct tls_context *ctx = tls_get_ctx(sk);
|
|
|
|
int rc = 0;
|
2018-03-22 17:10:26 +00:00
|
|
|
int conf;
|
2017-06-14 18:37:39 +00:00
|
|
|
|
|
|
|
if (!optval || (optlen < sizeof(*crypto_info))) {
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
if (tx)
|
2018-09-12 15:44:42 +00:00
|
|
|
crypto_info = &ctx->crypto_send.info;
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
else
|
2018-09-12 15:44:42 +00:00
|
|
|
crypto_info = &ctx->crypto_recv.info;
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
|
2017-11-13 08:22:48 +00:00
|
|
|
/* Currently we don't support set crypto info more than one time */
|
2018-01-16 15:04:27 +00:00
|
|
|
if (TLS_CRYPTO_INFO_READY(crypto_info)) {
|
|
|
|
rc = -EBUSY;
|
2017-11-13 08:22:48 +00:00
|
|
|
goto out;
|
2018-01-16 15:04:27 +00:00
|
|
|
}
|
2017-11-13 08:22:48 +00:00
|
|
|
|
|
|
|
rc = copy_from_user(crypto_info, optval, sizeof(*crypto_info));
|
2017-06-14 18:37:39 +00:00
|
|
|
if (rc) {
|
|
|
|
rc = -EFAULT;
|
2018-02-14 08:46:07 +00:00
|
|
|
goto err_crypto_info;
|
2017-06-14 18:37:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* check version */
|
2017-11-13 08:22:48 +00:00
|
|
|
if (crypto_info->version != TLS_1_2_VERSION) {
|
2017-06-14 18:37:39 +00:00
|
|
|
rc = -ENOTSUPP;
|
2017-11-13 08:22:48 +00:00
|
|
|
goto err_crypto_info;
|
2017-06-14 18:37:39 +00:00
|
|
|
}
|
|
|
|
|
2017-11-13 08:22:48 +00:00
|
|
|
switch (crypto_info->cipher_type) {
|
2017-06-14 18:37:39 +00:00
|
|
|
case TLS_CIPHER_AES_GCM_128: {
|
|
|
|
if (optlen != sizeof(struct tls12_crypto_info_aes_gcm_128)) {
|
|
|
|
rc = -EINVAL;
|
tls: reset crypto_info when do_tls_setsockopt_tx fails
The current code copies directly from userspace to ctx->crypto_send, but
doesn't always reinitialize it to 0 on failure. This causes any
subsequent attempt to use this setsockopt to fail because of the
TLS_CRYPTO_INFO_READY check, eventhough crypto_info is not actually
ready.
This should result in a correctly set up socket after the 3rd call, but
currently it does not:
size_t s = sizeof(struct tls12_crypto_info_aes_gcm_128);
struct tls12_crypto_info_aes_gcm_128 crypto_good = {
.info.version = TLS_1_2_VERSION,
.info.cipher_type = TLS_CIPHER_AES_GCM_128,
};
struct tls12_crypto_info_aes_gcm_128 crypto_bad_type = crypto_good;
crypto_bad_type.info.cipher_type = 42;
setsockopt(sock, SOL_TLS, TLS_TX, &crypto_bad_type, s);
setsockopt(sock, SOL_TLS, TLS_TX, &crypto_good, s - 1);
setsockopt(sock, SOL_TLS, TLS_TX, &crypto_good, s);
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-01-16 15:04:28 +00:00
|
|
|
goto err_crypto_info;
|
2017-06-14 18:37:39 +00:00
|
|
|
}
|
2017-11-13 08:22:48 +00:00
|
|
|
rc = copy_from_user(crypto_info + 1, optval + sizeof(*crypto_info),
|
|
|
|
optlen - sizeof(*crypto_info));
|
2017-06-14 18:37:39 +00:00
|
|
|
if (rc) {
|
|
|
|
rc = -EFAULT;
|
|
|
|
goto err_crypto_info;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
rc = -EINVAL;
|
tls: reset crypto_info when do_tls_setsockopt_tx fails
The current code copies directly from userspace to ctx->crypto_send, but
doesn't always reinitialize it to 0 on failure. This causes any
subsequent attempt to use this setsockopt to fail because of the
TLS_CRYPTO_INFO_READY check, eventhough crypto_info is not actually
ready.
This should result in a correctly set up socket after the 3rd call, but
currently it does not:
size_t s = sizeof(struct tls12_crypto_info_aes_gcm_128);
struct tls12_crypto_info_aes_gcm_128 crypto_good = {
.info.version = TLS_1_2_VERSION,
.info.cipher_type = TLS_CIPHER_AES_GCM_128,
};
struct tls12_crypto_info_aes_gcm_128 crypto_bad_type = crypto_good;
crypto_bad_type.info.cipher_type = 42;
setsockopt(sock, SOL_TLS, TLS_TX, &crypto_bad_type, s);
setsockopt(sock, SOL_TLS, TLS_TX, &crypto_good, s - 1);
setsockopt(sock, SOL_TLS, TLS_TX, &crypto_good, s);
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-01-16 15:04:28 +00:00
|
|
|
goto err_crypto_info;
|
2017-06-14 18:37:39 +00:00
|
|
|
}
|
|
|
|
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
if (tx) {
|
2018-04-30 07:16:16 +00:00
|
|
|
#ifdef CONFIG_TLS_DEVICE
|
|
|
|
rc = tls_set_device_offload(sk, ctx);
|
|
|
|
conf = TLS_HW;
|
|
|
|
if (rc) {
|
|
|
|
#else
|
|
|
|
{
|
|
|
|
#endif
|
|
|
|
rc = tls_set_sw_offload(sk, ctx, 1);
|
|
|
|
conf = TLS_SW;
|
|
|
|
}
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
} else {
|
2018-07-13 11:33:43 +00:00
|
|
|
#ifdef CONFIG_TLS_DEVICE
|
|
|
|
rc = tls_set_device_offload_rx(sk, ctx);
|
|
|
|
conf = TLS_HW;
|
|
|
|
if (rc) {
|
|
|
|
#else
|
|
|
|
{
|
|
|
|
#endif
|
|
|
|
rc = tls_set_sw_offload(sk, ctx, 0);
|
|
|
|
conf = TLS_SW;
|
|
|
|
}
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
}
|
|
|
|
|
2017-06-14 18:37:39 +00:00
|
|
|
if (rc)
|
|
|
|
goto err_crypto_info;
|
|
|
|
|
2018-04-30 07:16:15 +00:00
|
|
|
if (tx)
|
|
|
|
ctx->tx_conf = conf;
|
|
|
|
else
|
|
|
|
ctx->rx_conf = conf;
|
2017-11-13 08:22:45 +00:00
|
|
|
update_sk_prot(sk, ctx);
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
if (tx) {
|
|
|
|
ctx->sk_write_space = sk->sk_write_space;
|
|
|
|
sk->sk_write_space = tls_write_space;
|
|
|
|
} else {
|
|
|
|
sk->sk_socket->ops = &tls_sw_proto_ops;
|
|
|
|
}
|
2017-06-14 18:37:39 +00:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
err_crypto_info:
|
2018-09-12 15:44:43 +00:00
|
|
|
memzero_explicit(crypto_info, sizeof(union tls_crypto_context));
|
2017-06-14 18:37:39 +00:00
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_tls_setsockopt(struct sock *sk, int optname,
|
|
|
|
char __user *optval, unsigned int optlen)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
switch (optname) {
|
|
|
|
case TLS_TX:
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
case TLS_RX:
|
2017-06-14 18:37:39 +00:00
|
|
|
lock_sock(sk);
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
rc = do_tls_setsockopt_conf(sk, optval, optlen,
|
|
|
|
optname == TLS_TX);
|
2017-06-14 18:37:39 +00:00
|
|
|
release_sock(sk);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
rc = -ENOPROTOOPT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tls_setsockopt(struct sock *sk, int level, int optname,
|
|
|
|
char __user *optval, unsigned int optlen)
|
|
|
|
{
|
|
|
|
struct tls_context *ctx = tls_get_ctx(sk);
|
|
|
|
|
|
|
|
if (level != SOL_TLS)
|
|
|
|
return ctx->setsockopt(sk, level, optname, optval, optlen);
|
|
|
|
|
|
|
|
return do_tls_setsockopt(sk, optname, optval, optlen);
|
|
|
|
}
|
|
|
|
|
2018-03-31 16:11:52 +00:00
|
|
|
static struct tls_context *create_ctx(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct inet_connection_sock *icsk = inet_csk(sk);
|
|
|
|
struct tls_context *ctx;
|
|
|
|
|
|
|
|
ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
|
|
|
|
if (!ctx)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
icsk->icsk_ulp_data = ctx;
|
|
|
|
return ctx;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tls_hw_prot(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct tls_context *ctx;
|
|
|
|
struct tls_device *dev;
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
mutex_lock(&device_mutex);
|
|
|
|
list_for_each_entry(dev, &device_list, dev_list) {
|
|
|
|
if (dev->feature && dev->feature(dev)) {
|
|
|
|
ctx = create_ctx(sk);
|
|
|
|
if (!ctx)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
ctx->hash = sk->sk_prot->hash;
|
|
|
|
ctx->unhash = sk->sk_prot->unhash;
|
|
|
|
ctx->sk_proto_close = sk->sk_prot->close;
|
2018-04-30 07:16:15 +00:00
|
|
|
ctx->rx_conf = TLS_HW_RECORD;
|
|
|
|
ctx->tx_conf = TLS_HW_RECORD;
|
2018-03-31 16:11:52 +00:00
|
|
|
update_sk_prot(sk, ctx);
|
|
|
|
rc = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
mutex_unlock(&device_mutex);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void tls_hw_unhash(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct tls_context *ctx = tls_get_ctx(sk);
|
|
|
|
struct tls_device *dev;
|
|
|
|
|
|
|
|
mutex_lock(&device_mutex);
|
|
|
|
list_for_each_entry(dev, &device_list, dev_list) {
|
|
|
|
if (dev->unhash)
|
|
|
|
dev->unhash(dev, sk);
|
|
|
|
}
|
|
|
|
mutex_unlock(&device_mutex);
|
|
|
|
ctx->unhash(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tls_hw_hash(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct tls_context *ctx = tls_get_ctx(sk);
|
|
|
|
struct tls_device *dev;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
err = ctx->hash(sk);
|
|
|
|
mutex_lock(&device_mutex);
|
|
|
|
list_for_each_entry(dev, &device_list, dev_list) {
|
|
|
|
if (dev->hash)
|
|
|
|
err |= dev->hash(dev, sk);
|
|
|
|
}
|
|
|
|
mutex_unlock(&device_mutex);
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
tls_hw_unhash(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2018-04-30 07:16:15 +00:00
|
|
|
static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
|
|
|
|
struct proto *base)
|
2018-02-27 12:18:39 +00:00
|
|
|
{
|
2018-04-30 07:16:15 +00:00
|
|
|
prot[TLS_BASE][TLS_BASE] = *base;
|
|
|
|
prot[TLS_BASE][TLS_BASE].setsockopt = tls_setsockopt;
|
|
|
|
prot[TLS_BASE][TLS_BASE].getsockopt = tls_getsockopt;
|
|
|
|
prot[TLS_BASE][TLS_BASE].close = tls_sk_proto_close;
|
|
|
|
|
|
|
|
prot[TLS_SW][TLS_BASE] = prot[TLS_BASE][TLS_BASE];
|
|
|
|
prot[TLS_SW][TLS_BASE].sendmsg = tls_sw_sendmsg;
|
|
|
|
prot[TLS_SW][TLS_BASE].sendpage = tls_sw_sendpage;
|
|
|
|
|
|
|
|
prot[TLS_BASE][TLS_SW] = prot[TLS_BASE][TLS_BASE];
|
2018-10-13 00:46:00 +00:00
|
|
|
prot[TLS_BASE][TLS_SW].recvmsg = tls_sw_recvmsg;
|
|
|
|
prot[TLS_BASE][TLS_SW].stream_memory_read = tls_sw_stream_read;
|
|
|
|
prot[TLS_BASE][TLS_SW].close = tls_sk_proto_close;
|
2018-04-30 07:16:15 +00:00
|
|
|
|
|
|
|
prot[TLS_SW][TLS_SW] = prot[TLS_SW][TLS_BASE];
|
2018-10-13 00:46:00 +00:00
|
|
|
prot[TLS_SW][TLS_SW].recvmsg = tls_sw_recvmsg;
|
|
|
|
prot[TLS_SW][TLS_SW].stream_memory_read = tls_sw_stream_read;
|
|
|
|
prot[TLS_SW][TLS_SW].close = tls_sk_proto_close;
|
2018-04-30 07:16:15 +00:00
|
|
|
|
2018-04-30 07:16:16 +00:00
|
|
|
#ifdef CONFIG_TLS_DEVICE
|
|
|
|
prot[TLS_HW][TLS_BASE] = prot[TLS_BASE][TLS_BASE];
|
|
|
|
prot[TLS_HW][TLS_BASE].sendmsg = tls_device_sendmsg;
|
|
|
|
prot[TLS_HW][TLS_BASE].sendpage = tls_device_sendpage;
|
|
|
|
|
|
|
|
prot[TLS_HW][TLS_SW] = prot[TLS_BASE][TLS_SW];
|
|
|
|
prot[TLS_HW][TLS_SW].sendmsg = tls_device_sendmsg;
|
|
|
|
prot[TLS_HW][TLS_SW].sendpage = tls_device_sendpage;
|
2018-07-13 11:33:43 +00:00
|
|
|
|
|
|
|
prot[TLS_BASE][TLS_HW] = prot[TLS_BASE][TLS_SW];
|
|
|
|
|
|
|
|
prot[TLS_SW][TLS_HW] = prot[TLS_SW][TLS_SW];
|
|
|
|
|
|
|
|
prot[TLS_HW][TLS_HW] = prot[TLS_HW][TLS_SW];
|
2018-04-30 07:16:16 +00:00
|
|
|
#endif
|
|
|
|
|
2018-04-30 07:16:15 +00:00
|
|
|
prot[TLS_HW_RECORD][TLS_HW_RECORD] = *base;
|
|
|
|
prot[TLS_HW_RECORD][TLS_HW_RECORD].hash = tls_hw_hash;
|
|
|
|
prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash = tls_hw_unhash;
|
|
|
|
prot[TLS_HW_RECORD][TLS_HW_RECORD].close = tls_sk_proto_close;
|
2018-02-27 12:18:39 +00:00
|
|
|
}
|
|
|
|
|
2017-06-14 18:37:39 +00:00
|
|
|
static int tls_init(struct sock *sk)
|
|
|
|
{
|
2018-02-27 12:18:39 +00:00
|
|
|
int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
|
2017-06-14 18:37:39 +00:00
|
|
|
struct tls_context *ctx;
|
|
|
|
int rc = 0;
|
|
|
|
|
2018-03-31 16:11:52 +00:00
|
|
|
if (tls_hw_prot(sk))
|
|
|
|
goto out;
|
|
|
|
|
2018-01-16 13:31:52 +00:00
|
|
|
/* The TLS ulp is currently supported only for TCP sockets
|
|
|
|
* in ESTABLISHED state.
|
|
|
|
* Supporting sockets in LISTEN state will require us
|
|
|
|
* to modify the accept implementation to clone rather then
|
|
|
|
* share the ulp context.
|
|
|
|
*/
|
|
|
|
if (sk->sk_state != TCP_ESTABLISHED)
|
|
|
|
return -ENOTSUPP;
|
|
|
|
|
2017-06-14 18:37:39 +00:00
|
|
|
/* allocate tls context */
|
2018-03-31 16:11:52 +00:00
|
|
|
ctx = create_ctx(sk);
|
2017-06-14 18:37:39 +00:00
|
|
|
if (!ctx) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
ctx->setsockopt = sk->sk_prot->setsockopt;
|
|
|
|
ctx->getsockopt = sk->sk_prot->getsockopt;
|
2017-11-13 08:22:46 +00:00
|
|
|
ctx->sk_proto_close = sk->sk_prot->close;
|
2017-11-13 08:22:45 +00:00
|
|
|
|
2018-04-30 07:16:16 +00:00
|
|
|
/* Build IPv6 TLS whenever the address of tcpv6 _prot changes */
|
2018-02-27 12:18:39 +00:00
|
|
|
if (ip_ver == TLSV6 &&
|
|
|
|
unlikely(sk->sk_prot != smp_load_acquire(&saved_tcpv6_prot))) {
|
|
|
|
mutex_lock(&tcpv6_prot_mutex);
|
|
|
|
if (likely(sk->sk_prot != saved_tcpv6_prot)) {
|
|
|
|
build_protos(tls_prots[TLSV6], sk->sk_prot);
|
|
|
|
smp_store_release(&saved_tcpv6_prot, sk->sk_prot);
|
|
|
|
}
|
|
|
|
mutex_unlock(&tcpv6_prot_mutex);
|
|
|
|
}
|
|
|
|
|
2018-04-30 07:16:15 +00:00
|
|
|
ctx->tx_conf = TLS_BASE;
|
|
|
|
ctx->rx_conf = TLS_BASE;
|
2017-11-13 08:22:45 +00:00
|
|
|
update_sk_prot(sk, ctx);
|
2017-06-14 18:37:39 +00:00
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2018-03-31 16:11:52 +00:00
|
|
|
void tls_register_device(struct tls_device *device)
|
|
|
|
{
|
|
|
|
mutex_lock(&device_mutex);
|
|
|
|
list_add_tail(&device->dev_list, &device_list);
|
|
|
|
mutex_unlock(&device_mutex);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(tls_register_device);
|
|
|
|
|
|
|
|
void tls_unregister_device(struct tls_device *device)
|
|
|
|
{
|
|
|
|
mutex_lock(&device_mutex);
|
|
|
|
list_del(&device->dev_list);
|
|
|
|
mutex_unlock(&device_mutex);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(tls_unregister_device);
|
|
|
|
|
2017-06-14 18:37:39 +00:00
|
|
|
static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = {
|
|
|
|
.name = "tls",
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.init = tls_init,
|
|
|
|
};
|
|
|
|
|
|
|
|
static int __init tls_register(void)
|
|
|
|
{
|
2018-02-27 12:18:39 +00:00
|
|
|
build_protos(tls_prots[TLSV4], &tcp_prot);
|
2017-06-14 18:37:39 +00:00
|
|
|
|
tls: RX path for ktls
Add rx path for tls software implementation.
recvmsg, splice_read, and poll implemented.
An additional sockopt TLS_RX is added, with the same interface as
TLS_TX. Either TLX_RX or TLX_TX may be provided separately, or
together (with two different setsockopt calls with appropriate keys).
Control messages are passed via CMSG in a similar way to transmit.
If no cmsg buffer is passed, then only application data records
will be passed to userspace, and EIO is returned for other types of
alerts.
EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
framing too big, and EBADMSG for framing too small (matching openssl
semantics). EINVAL is returned for TLS versions that do not match the
original setsockopt call. All are unrecoverable.
strparser is used to parse TLS framing. Decryption is done directly
in to userspace buffers if they are large enough to support it, otherwise
sk_cow_data is called (similar to ipsec), and buffers are decrypted in
place and copied. splice_read always decrypts in place, since no
buffers are provided to decrypt in to.
sk_poll is overridden, and only returns POLLIN if a full TLS message is
received. Otherwise we wait for strparser to finish reading a full frame.
Actual decryption is only done during recvmsg or splice_read calls.
Signed-off-by: Dave Watson <davejwatson@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-22 17:10:35 +00:00
|
|
|
tls_sw_proto_ops = inet_stream_ops;
|
|
|
|
tls_sw_proto_ops.splice_read = tls_sw_splice_read;
|
|
|
|
|
2018-04-30 07:16:16 +00:00
|
|
|
#ifdef CONFIG_TLS_DEVICE
|
|
|
|
tls_device_init();
|
|
|
|
#endif
|
2017-06-14 18:37:39 +00:00
|
|
|
tcp_register_ulp(&tcp_tls_ulp_ops);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __exit tls_unregister(void)
|
|
|
|
{
|
|
|
|
tcp_unregister_ulp(&tcp_tls_ulp_ops);
|
2018-04-30 07:16:16 +00:00
|
|
|
#ifdef CONFIG_TLS_DEVICE
|
|
|
|
tls_device_cleanup();
|
|
|
|
#endif
|
2017-06-14 18:37:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
module_init(tls_register);
|
|
|
|
module_exit(tls_unregister);
|