Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1729722pxu; Tue, 24 Nov 2020 07:35:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJzF+Z7hJCj6FkFkWLMJNrGSBc6tdrKVHb/4OICZO6EdqTeOdK0xIlM30HBlR2viLzsVii9D X-Received: by 2002:a17:906:c826:: with SMTP id dd6mr4637423ejb.191.1606232128795; Tue, 24 Nov 2020 07:35:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606232128; cv=none; d=google.com; s=arc-20160816; b=DVOzXhKXLfQTeLq96thpt9lZFu81iHnFP3lFlJgVcoqoVcmUC1bEFpNn1erixvKrQ+ bILytCh2RVNERFvBB53D+lhnOeaiqxwAIEYkRwg9UV+NJ61km7+x3vzdIRH6fPoyyPGN e8XEkW6S0K5PgGy3GNma3kWzq4TXv4ak6qcDMcXfiXeWnk50LO2wgfPBMbQlIFJUyvc+ eZtqh8R1W5axlFqXGqPrO94qeYF4XEUKAhSKNz7DtSgXnOHurJkCCCkygWitwxzEfmww 40XK8zjdtZkeHL4SmiHxfC7tB/TmrAPaeiH7Tit48C6fICYNinKJH3RvAZysPhs7tVik Mrpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature:dkim-filter; bh=Wg7qZofDASUHDPVOWGNkPhYCu8TCTGH1BxUpw/x62II=; b=LvsNIegg+saPROtDwkvebe+6P8rkpFDjlQi1/CQvK1aW6N0EiUkb55oIPEd45VsPJ3 m87Mpf4SejKh+jh1uQl+FNh7Z54GCPO5iYqLrtQ1NVJCdH9HtfLckHjXOdwVXzPpKSTt 8JRdqz28A2mvWXuScPu3EvjQVV+O0hQuvxefEQa4nxyWbami9tQAz8JFnROzdmF/ABok 9PDMKtnHa0dX8Bmy2j6Wf6vFB/EsZh3GzgeXLx2/cPEaSMmJ6NRKq0WlXgz5yVt/qVe5 iZIAcYL06I67fym9MdWZYGjiSnT6k4xXHLV9+aM1Pk4ppRp6tSa6VXHLZ9TtvFa408WG 0eQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@novek.ru header.s=mail header.b=JC8BNMsI; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id um17si8682813ejb.701.2020.11.24.07.34.56; Tue, 24 Nov 2020 07:35:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@novek.ru header.s=mail header.b=JC8BNMsI; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389078AbgKXPdI (ORCPT + 99 others); Tue, 24 Nov 2020 10:33:08 -0500 Received: from novek.ru ([213.148.174.62]:47476 "EHLO novek.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389662AbgKXPdH (ORCPT ); Tue, 24 Nov 2020 10:33:07 -0500 Received: from nat1.ooonet.ru (gw.zelenaya.net [91.207.137.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by novek.ru (Postfix) with ESMTPSA id C90E35030C8; Tue, 24 Nov 2020 18:25:31 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 novek.ru C90E35030C8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=novek.ru; s=mail; t=1606231533; bh=7QInkW/Oq3shx84L/3laQQ6VwguvjNXZ8FcFLS5fzv8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JC8BNMsIpMof43AK8eFWJSfjEU6KZVOQDf/LnaxWhLtzlqXr+EgsQgIlMasXU6Msb xO7O9YmJcTP0kuk3ZidFYMpCQoYArtGBI2RzuhCOeSLrnZ6EyY1vvfEhz3+0Cwbb3R CH2Q6MUnYmephjYJ3Yc8Y14/r/v7TfNU9+CeX/D4= From: Vadim Fedorenko To: Jakub Kicinski , Boris Pismenny , Aviad Yehezkel Cc: Vadim Fedorenko , netdev@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [net-next v2 3/5] net/tls: add CHACHA20-POLY1305 specific behavior Date: Tue, 24 Nov 2020 18:24:48 +0300 Message-Id: <1606231490-653-4-git-send-email-vfedorenko@novek.ru> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> References: <1606231490-653-1-git-send-email-vfedorenko@novek.ru> X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on gate.novek.ru Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org RFC 7905 defines special behavior for ChaCha-Poly TLS sessions. The differences are in the calculation of nonce and the absence of explicit IV. This behavior is like TLSv1.3 partly. Signed-off-by: Vadim Fedorenko --- include/net/tls.h | 9 ++++++--- net/tls/tls_sw.c | 6 ++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index e4e9c2a..b2637ed 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -502,7 +502,8 @@ static inline void tls_advance_record_sn(struct sock *sk, if (tls_bigint_increment(ctx->rec_seq, prot->rec_seq_size)) tls_err_abort(sk, EBADMSG); - if (prot->version != TLS_1_3_VERSION) + if (prot->version != TLS_1_3_VERSION && + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) tls_bigint_increment(ctx->iv + prot->salt_size, prot->iv_size); } @@ -516,7 +517,8 @@ static inline void tls_fill_prepend(struct tls_context *ctx, size_t pkt_len, iv_size = prot->iv_size; pkt_len = plaintext_len + prot->tag_size; - if (prot->version != TLS_1_3_VERSION) { + if (prot->version != TLS_1_3_VERSION && + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) { pkt_len += iv_size; memcpy(buf + TLS_NONCE_OFFSET, @@ -561,7 +563,8 @@ static inline void xor_iv_with_seq(struct tls_prot_info *prot, char *iv, char *s { int i; - if (prot->version == TLS_1_3_VERSION) { + if (prot->version == TLS_1_3_VERSION || + prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) { for (i = 0; i < 8; i++) iv[i + 4] ^= seq[i]; } diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 6bc757a..b4eefdb 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1464,7 +1464,8 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, kfree(mem); return err; } - if (prot->version == TLS_1_3_VERSION) + if (prot->version == TLS_1_3_VERSION || + prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) memcpy(iv + iv_offset, tls_ctx->rx.iv, crypto_aead_ivsize(ctx->aead_recv)); else @@ -2068,7 +2069,8 @@ static int tls_read_size(struct strparser *strp, struct sk_buff *skb) data_len = ((header[4] & 0xFF) | (header[3] << 8)); cipher_overhead = prot->tag_size; - if (prot->version != TLS_1_3_VERSION) + if (prot->version != TLS_1_3_VERSION && + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) cipher_overhead += prot->iv_size; if (data_len > TLS_MAX_PAYLOAD_SIZE + cipher_overhead + -- 1.8.3.1