From 1a074f7618e8b82a7cebf45df6e005d2284446ce Mon Sep 17 00:00:00 2001 From: Sabrina Dubroca Date: Mon, 9 Oct 2023 22:50:48 +0200 Subject: [PATCH] tls: also use init_prot_info in tls_set_device_offload Most values are shared. Nonce size turns out to be equal to IV size for all offloadable ciphers. Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller --- net/tls/tls.h | 4 ++++ net/tls/tls_device.c | 14 ++++---------- net/tls/tls_sw.c | 14 ++++++++++---- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/net/tls/tls.h b/net/tls/tls.h index 16830aa2d6ec..756ed6cbc3df 100644 --- a/net/tls/tls.h +++ b/net/tls/tls.h @@ -142,6 +142,10 @@ void update_sk_prot(struct sock *sk, struct tls_context *ctx); int wait_on_pending_writer(struct sock *sk, long *timeo); void tls_err_abort(struct sock *sk, int err); +int init_prot_info(struct tls_prot_info *prot, + const struct tls_crypto_info *crypto_info, + const struct tls_cipher_desc *cipher_desc, + int mode); int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx); void tls_update_rx_zc_capable(struct tls_context *tls_ctx); void tls_sw_strparser_arm(struct sock *sk, struct tls_context *ctx); diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 0981496c6294..3d73dd97e903 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -1076,20 +1076,14 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx) goto release_netdev; } + rc = init_prot_info(prot, crypto_info, cipher_desc, TLS_HW); + if (rc) + goto release_netdev; + iv = crypto_info_iv(crypto_info, cipher_desc); rec_seq = crypto_info_rec_seq(crypto_info, cipher_desc); - prot->version = crypto_info->version; - prot->cipher_type = crypto_info->cipher_type; - prot->prepend_size = TLS_HEADER_SIZE + cipher_desc->iv; - prot->tag_size = cipher_desc->tag; - prot->overhead_size = prot->prepend_size + prot->tag_size; - prot->iv_size = cipher_desc->iv; - prot->salt_size = cipher_desc->salt; - memcpy(ctx->tx.iv + cipher_desc->salt, iv, cipher_desc->iv); - - prot->rec_seq_size = cipher_desc->rec_seq; memcpy(ctx->tx.rec_seq, rec_seq, cipher_desc->rec_seq); start_marker_record = kmalloc(sizeof(*start_marker_record), GFP_KERNEL); diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index b8e89bbb4a49..0995d3d14f4b 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2620,9 +2620,10 @@ static struct tls_sw_context_rx *init_ctx_rx(struct tls_context *ctx) return sw_ctx_rx; } -static int init_prot_info(struct tls_prot_info *prot, - const struct tls_crypto_info *crypto_info, - const struct tls_cipher_desc *cipher_desc) +int init_prot_info(struct tls_prot_info *prot, + const struct tls_crypto_info *crypto_info, + const struct tls_cipher_desc *cipher_desc, + int mode) { u16 nonce_size = cipher_desc->nonce; @@ -2635,6 +2636,11 @@ static int init_prot_info(struct tls_prot_info *prot, prot->tail_size = 0; } + if (mode == TLS_HW) { + prot->aad_size = 0; + prot->tail_size = 0; + } + /* Sanity-check the sizes for stack allocations. */ if (nonce_size > TLS_MAX_IV_SIZE || prot->aad_size > TLS_MAX_AAD_SIZE) return -EINVAL; @@ -2696,7 +2702,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) goto free_priv; } - rc = init_prot_info(prot, crypto_info, cipher_desc); + rc = init_prot_info(prot, crypto_info, cipher_desc, TLS_SW); if (rc) goto free_priv;