1. 23 Mar, 2018 4 commits
    • Dave Watson's avatar
      tls: RX path for ktls · c46234eb
      Dave Watson authored
      Add rx path for tls software implementation.
      
      recvmsg, splice_read, and poll implemented.
      
      An additional sockopt TLS_RX is added, with the same interface as
      TLS_TX.  Either TLX_RX or TLX_TX may be provided separately, or
      together (with two different setsockopt calls with appropriate keys).
      
      Control messages are passed via CMSG in a similar way to transmit.
      If no cmsg buffer is passed, then only application data records
      will be passed to userspace, and EIO is returned for other types of
      alerts.
      
      EBADMSG is passed for decryption errors, and EMSGSIZE is passed for
      framing too big, and EBADMSG for framing too small (matching openssl
      semantics). EINVAL is returned for TLS versions that do not match the
      original setsockopt call.  All are unrecoverable.
      
      strparser is used to parse TLS framing.   Decryption is done directly
      in to userspace buffers if they are large enough to support it, otherwise
      sk_cow_data is called (similar to ipsec), and buffers are decrypted in
      place and copied.  splice_read always decrypts in place, since no
      buffers are provided to decrypt in to.
      
      sk_poll is overridden, and only returns POLLIN if a full TLS message is
      received.  Otherwise we wait for strparser to finish reading a full frame.
      Actual decryption is only done during recvmsg or splice_read calls.
      Signed-off-by: default avatarDave Watson <davejwatson@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c46234eb
    • Dave Watson's avatar
      tls: Pass error code explicitly to tls_err_abort · f4a8e43f
      Dave Watson authored
      Pass EBADMSG explicitly to tls_err_abort.  Receive path will
      pass additional codes - EMSGSIZE if framing is larger than max
      TLS record size, EINVAL if TLS version mismatch.
      Signed-off-by: default avatarDave Watson <davejwatson@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4a8e43f
    • Dave Watson's avatar
      tls: Move cipher info to a separate struct · dbe42559
      Dave Watson authored
      Separate tx crypto parameters to a separate cipher_context struct.
      The same parameters will be used for rx using the same struct.
      
      tls_advance_record_sn is modified to only take the cipher info.
      Signed-off-by: default avatarDave Watson <davejwatson@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dbe42559
    • Dave Watson's avatar
      tls: Generalize zerocopy_from_iter · 69ca9293
      Dave Watson authored
      Refactor zerocopy_from_iter to take arguments for pages and size,
      such that it can be used for both tx and rx. RX will also support
      zerocopy direct to output iter, as long as the full message can
      be copied at once (a large enough userspace buffer was provided).
      Signed-off-by: default avatarDave Watson <davejwatson@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      69ca9293
  2. 19 Mar, 2018 2 commits
  3. 31 Jan, 2018 1 commit
  4. 22 Jan, 2018 1 commit
  5. 17 Jan, 2018 1 commit
  6. 15 Jan, 2018 1 commit
  7. 14 Nov, 2017 3 commits
  8. 14 Sep, 2017 1 commit
  9. 15 Jun, 2017 1 commit