diff options
author | Vadim Fedorenko <vfedorenko@novek.ru> | 2020-11-24 18:24:48 +0300 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2020-11-27 14:32:37 -0800 |
commit | a6acbe62353834dc1913d96e1ace140bc9aafca3 (patch) | |
tree | 8bca70c8fc63e7f3ba5a7acf7686fb7987cd481c | |
parent | 923c40c4651ed8b30cbd9fbac0f0ab612216cccc (diff) |
net/tls: add CHACHA20-POLY1305 specific behavior
RFC 7905 defines special behavior for ChaCha-Poly TLS sessions.
The differences are in the calculation of nonce and the absence
of explicit IV. This behavior is like TLSv1.3 partly.
Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-rw-r--r-- | include/net/tls.h | 9 | ||||
-rw-r--r-- | net/tls/tls_sw.c | 6 |
2 files changed, 10 insertions, 5 deletions
diff --git a/include/net/tls.h b/include/net/tls.h index e4e9c2ae689e..b2637edc2726 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -502,7 +502,8 @@ static inline void tls_advance_record_sn(struct sock *sk, if (tls_bigint_increment(ctx->rec_seq, prot->rec_seq_size)) tls_err_abort(sk, EBADMSG); - if (prot->version != TLS_1_3_VERSION) + if (prot->version != TLS_1_3_VERSION && + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) tls_bigint_increment(ctx->iv + prot->salt_size, prot->iv_size); } @@ -516,7 +517,8 @@ static inline void tls_fill_prepend(struct tls_context *ctx, size_t pkt_len, iv_size = prot->iv_size; pkt_len = plaintext_len + prot->tag_size; - if (prot->version != TLS_1_3_VERSION) { + if (prot->version != TLS_1_3_VERSION && + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) { pkt_len += iv_size; memcpy(buf + TLS_NONCE_OFFSET, @@ -561,7 +563,8 @@ static inline void xor_iv_with_seq(struct tls_prot_info *prot, char *iv, char *s { int i; - if (prot->version == TLS_1_3_VERSION) { + if (prot->version == TLS_1_3_VERSION || + prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) { for (i = 0; i < 8; i++) iv[i + 4] ^= seq[i]; } diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 6bc757a0a0ad..b4eefdb9c30a 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1464,7 +1464,8 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, kfree(mem); return err; } - if (prot->version == TLS_1_3_VERSION) + if (prot->version == TLS_1_3_VERSION || + prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) memcpy(iv + iv_offset, tls_ctx->rx.iv, crypto_aead_ivsize(ctx->aead_recv)); else @@ -2068,7 +2069,8 @@ static int tls_read_size(struct strparser *strp, struct sk_buff *skb) data_len = ((header[4] & 0xFF) | (header[3] << 8)); cipher_overhead = prot->tag_size; - if (prot->version != TLS_1_3_VERSION) + if (prot->version != TLS_1_3_VERSION && + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) cipher_overhead += prot->iv_size; if (data_len > TLS_MAX_PAYLOAD_SIZE + cipher_overhead + |