net/tls: add CHACHA20-POLY1305 specific behavior
RFC 7905 defines special behavior for ChaCha-Poly TLS sessions. The differences are in the calculation of nonce and the absence of explicit IV. This behavior is like TLSv1.3 partly. Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Родитель
923c40c465
Коммит
a6acbe6235
|
@ -502,7 +502,8 @@ static inline void tls_advance_record_sn(struct sock *sk,
|
|||
if (tls_bigint_increment(ctx->rec_seq, prot->rec_seq_size))
|
||||
tls_err_abort(sk, EBADMSG);
|
||||
|
||||
if (prot->version != TLS_1_3_VERSION)
|
||||
if (prot->version != TLS_1_3_VERSION &&
|
||||
prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305)
|
||||
tls_bigint_increment(ctx->iv + prot->salt_size,
|
||||
prot->iv_size);
|
||||
}
|
||||
|
@ -516,7 +517,8 @@ static inline void tls_fill_prepend(struct tls_context *ctx,
|
|||
size_t pkt_len, iv_size = prot->iv_size;
|
||||
|
||||
pkt_len = plaintext_len + prot->tag_size;
|
||||
if (prot->version != TLS_1_3_VERSION) {
|
||||
if (prot->version != TLS_1_3_VERSION &&
|
||||
prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) {
|
||||
pkt_len += iv_size;
|
||||
|
||||
memcpy(buf + TLS_NONCE_OFFSET,
|
||||
|
@ -561,7 +563,8 @@ static inline void xor_iv_with_seq(struct tls_prot_info *prot, char *iv, char *s
|
|||
{
|
||||
int i;
|
||||
|
||||
if (prot->version == TLS_1_3_VERSION) {
|
||||
if (prot->version == TLS_1_3_VERSION ||
|
||||
prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) {
|
||||
for (i = 0; i < 8; i++)
|
||||
iv[i + 4] ^= seq[i];
|
||||
}
|
||||
|
|
|
@ -1464,7 +1464,8 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
|
|||
kfree(mem);
|
||||
return err;
|
||||
}
|
||||
if (prot->version == TLS_1_3_VERSION)
|
||||
if (prot->version == TLS_1_3_VERSION ||
|
||||
prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305)
|
||||
memcpy(iv + iv_offset, tls_ctx->rx.iv,
|
||||
crypto_aead_ivsize(ctx->aead_recv));
|
||||
else
|
||||
|
@ -2068,7 +2069,8 @@ static int tls_read_size(struct strparser *strp, struct sk_buff *skb)
|
|||
data_len = ((header[4] & 0xFF) | (header[3] << 8));
|
||||
|
||||
cipher_overhead = prot->tag_size;
|
||||
if (prot->version != TLS_1_3_VERSION)
|
||||
if (prot->version != TLS_1_3_VERSION &&
|
||||
prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305)
|
||||
cipher_overhead += prot->iv_size;
|
||||
|
||||
if (data_len > TLS_MAX_PAYLOAD_SIZE + cipher_overhead +
|
||||
|
|
Загрузка…
Ссылка в новой задаче