Page MenuHomeFreeBSD
Differential D35012

KTLS: Add a new recrypt operation to the software backend.
ClosedPublic
Actions

Authored by jhb on Apr 20 2022, 9:09 PM.
Tags
None
Referenced Files
F97622244: D35012.diff
Mon, Sep 30, 10:28 AM
Unknown Object (File)
Tue, Sep 24, 4:08 AM
Unknown Object (File)
Mon, Sep 23, 4:52 AM
Unknown Object (File)
Wed, Sep 18, 12:17 AM
Unknown Object (File)
Tue, Sep 17, 5:59 PM
Unknown Object (File)
Tue, Sep 17, 1:16 PM
Unknown Object (File)
Tue, Sep 17, 2:49 AM
Unknown Object (File)
Mon, Sep 16, 12:51 PM
View All 76 Files
Subscribers
imp
jmg

Details

Reviewers
gallatin
hselasky
Commits
rGa8280123e4c6: KTLS: Add a new recrypt operation to the software backend.
Summary

When using NIC TLS RX, packets that are dropped and retransmitted are
not decrypted by the NIC but are passed along as-is. As a result, a
received TLS record might contain a mix of encrypted and decrypted
data. If this occurs, the already-decrypted data needs to be
re-encrypted so that the resulting record can then be decrypted
normally.

Add support for this for sessions using AES-GCM with TLS 1.2 or TLS
1.3. For the recrypt operation, allocate a temporary buffer and
encrypt the the payload portion of the TLS record with AES-CTR with an
initial IV constructed from the AES-GCM nonce. Then fixup the
original mbuf chain by copying the results from the temporary buffer
back into the original mbufs for any mbufs containing decrypted data.

Once it has been recrypted, the mbuf chain can then be decrypted via
the normal software decryption path.

Co-authored by: Hans Petter Selasky <hselasky@FreeBSD.org>
Sponsored by: Netflix

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 45284
Build 42172: arc lint + arc unit

Event Timeline

jhb created this revision.Apr 20 2022, 9:09 PM
Herald added subscribers: jmg, imp. · View Herald TranscriptApr 20 2022, 9:09 PM
jhb requested review of this revision.Apr 20 2022, 9:09 PM
jhb added a parent revision: D35011: KTLS: Move OCF function pointers out of ktls_session..
Harbormaster completed remote builds in B45284: Diff 105242.Apr 20 2022, 9:10 PM
jhb updated this revision to Diff 105244.Apr 20 2022, 9:13 PM
  • Moved freesession fix for mac_sid to its own commit.
Harbormaster completed remote builds in B45286: Diff 105244.Apr 20 2022, 9:13 PM
jhb added a parent revision: D35013: KTLS: Free the MAC session when destroying AES-CBC software sessions..Apr 20 2022, 9:13 PM
hselasky added inline comments.Apr 21 2022, 6:03 AM
sys/opencrypto/ktls_ocf.c
578

I think it wouldn't hurt to do ">=" here, and "skip" is unsigned and m_len is signed, so do we need a cast ?

800

Just copy data straight into crp.crp_iv ? Why do we need a second structure ?

jhb added inline comments.Apr 21 2022, 6:13 PM
sys/opencrypto/ktls_ocf.c
578

We don't enable the warning about comparisons between signed and unsigned in the kernel, so we don't require the cast in practice. >= is good, yes.

800

This is just duplicating what is done in the other tls13 functions. I might go back and redo those however.

jhb marked an inline comment as done.Apr 21 2022, 6:19 PM
jhb updated this revision to Diff 105315.Apr 21 2022, 8:48 PM

Fix a few things noted by Hans.

Harbormaster completed remote builds in B45312: Diff 105315.Apr 21 2022, 8:48 PM
hselasky accepted this revision.Apr 22 2022, 6:39 AM
This revision is now accepted and ready to land.Apr 22 2022, 6:39 AM
Closed by commit rGa8280123e4c6: KTLS: Add a new recrypt operation to the software backend. (authored by jhb). · Explain WhyApr 22 2022, 10:55 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGa8280123e4c6: KTLS: Add a new recrypt operation to the software backend..

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
3 lines
179 lines

Diff 105242

View Options

sys/opencrypto/ktls.h

Loading...
View Options

sys/opencrypto/ktls_ocf.c

Loading...