Merge tag 'asoc-fix-v4.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broon...
[platform/kernel/linux-exynos.git] / net / tls / tls_sw.c
1 /*
2  * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
3  * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
4  * Copyright (c) 2016-2017, Lance Chao <lancerchao@fb.com>. All rights reserved.
5  * Copyright (c) 2016, Fridolin Pokorny <fridolin.pokorny@gmail.com>. All rights reserved.
6  * Copyright (c) 2016, Nikos Mavrogiannopoulos <nmav@gnutls.org>. All rights reserved.
7  *
8  * This software is available to you under a choice of one of two
9  * licenses.  You may choose to be licensed under the terms of the GNU
10  * General Public License (GPL) Version 2, available from the file
11  * COPYING in the main directory of this source tree, or the
12  * OpenIB.org BSD license below:
13  *
14  *     Redistribution and use in source and binary forms, with or
15  *     without modification, are permitted provided that the following
16  *     conditions are met:
17  *
18  *      - Redistributions of source code must retain the above
19  *        copyright notice, this list of conditions and the following
20  *        disclaimer.
21  *
22  *      - Redistributions in binary form must reproduce the above
23  *        copyright notice, this list of conditions and the following
24  *        disclaimer in the documentation and/or other materials
25  *        provided with the distribution.
26  *
27  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
28  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
29  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
30  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
31  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
32  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
33  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
34  * SOFTWARE.
35  */
36
37 #include <linux/module.h>
38 #include <crypto/aead.h>
39
40 #include <net/tls.h>
41
42 static inline void tls_make_aad(int recv,
43                                 char *buf,
44                                 size_t size,
45                                 char *record_sequence,
46                                 int record_sequence_size,
47                                 unsigned char record_type)
48 {
49         memcpy(buf, record_sequence, record_sequence_size);
50
51         buf[8] = record_type;
52         buf[9] = TLS_1_2_VERSION_MAJOR;
53         buf[10] = TLS_1_2_VERSION_MINOR;
54         buf[11] = size >> 8;
55         buf[12] = size & 0xFF;
56 }
57
58 static void trim_sg(struct sock *sk, struct scatterlist *sg,
59                     int *sg_num_elem, unsigned int *sg_size, int target_size)
60 {
61         int i = *sg_num_elem - 1;
62         int trim = *sg_size - target_size;
63
64         if (trim <= 0) {
65                 WARN_ON(trim < 0);
66                 return;
67         }
68
69         *sg_size = target_size;
70         while (trim >= sg[i].length) {
71                 trim -= sg[i].length;
72                 sk_mem_uncharge(sk, sg[i].length);
73                 put_page(sg_page(&sg[i]));
74                 i--;
75
76                 if (i < 0)
77                         goto out;
78         }
79
80         sg[i].length -= trim;
81         sk_mem_uncharge(sk, trim);
82
83 out:
84         *sg_num_elem = i + 1;
85 }
86
87 static void trim_both_sgl(struct sock *sk, int target_size)
88 {
89         struct tls_context *tls_ctx = tls_get_ctx(sk);
90         struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
91
92         trim_sg(sk, ctx->sg_plaintext_data,
93                 &ctx->sg_plaintext_num_elem,
94                 &ctx->sg_plaintext_size,
95                 target_size);
96
97         if (target_size > 0)
98                 target_size += tls_ctx->overhead_size;
99
100         trim_sg(sk, ctx->sg_encrypted_data,
101                 &ctx->sg_encrypted_num_elem,
102                 &ctx->sg_encrypted_size,
103                 target_size);
104 }
105
106 static int alloc_sg(struct sock *sk, int len, struct scatterlist *sg,
107                     int *sg_num_elem, unsigned int *sg_size,
108                     int first_coalesce)
109 {
110         struct page_frag *pfrag;
111         unsigned int size = *sg_size;
112         int num_elem = *sg_num_elem, use = 0, rc = 0;
113         struct scatterlist *sge;
114         unsigned int orig_offset;
115
116         len -= size;
117         pfrag = sk_page_frag(sk);
118
119         while (len > 0) {
120                 if (!sk_page_frag_refill(sk, pfrag)) {
121                         rc = -ENOMEM;
122                         goto out;
123                 }
124
125                 use = min_t(int, len, pfrag->size - pfrag->offset);
126
127                 if (!sk_wmem_schedule(sk, use)) {
128                         rc = -ENOMEM;
129                         goto out;
130                 }
131
132                 sk_mem_charge(sk, use);
133                 size += use;
134                 orig_offset = pfrag->offset;
135                 pfrag->offset += use;
136
137                 sge = sg + num_elem - 1;
138                 if (num_elem > first_coalesce && sg_page(sg) == pfrag->page &&
139                     sg->offset + sg->length == orig_offset) {
140                         sg->length += use;
141                 } else {
142                         sge++;
143                         sg_unmark_end(sge);
144                         sg_set_page(sge, pfrag->page, use, orig_offset);
145                         get_page(pfrag->page);
146                         ++num_elem;
147                         if (num_elem == MAX_SKB_FRAGS) {
148                                 rc = -ENOSPC;
149                                 break;
150                         }
151                 }
152
153                 len -= use;
154         }
155         goto out;
156
157 out:
158         *sg_size = size;
159         *sg_num_elem = num_elem;
160         return rc;
161 }
162
163 static int alloc_encrypted_sg(struct sock *sk, int len)
164 {
165         struct tls_context *tls_ctx = tls_get_ctx(sk);
166         struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
167         int rc = 0;
168
169         rc = alloc_sg(sk, len, ctx->sg_encrypted_data,
170                       &ctx->sg_encrypted_num_elem, &ctx->sg_encrypted_size, 0);
171
172         return rc;
173 }
174
175 static int alloc_plaintext_sg(struct sock *sk, int len)
176 {
177         struct tls_context *tls_ctx = tls_get_ctx(sk);
178         struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
179         int rc = 0;
180
181         rc = alloc_sg(sk, len, ctx->sg_plaintext_data,
182                       &ctx->sg_plaintext_num_elem, &ctx->sg_plaintext_size,
183                       tls_ctx->pending_open_record_frags);
184
185         return rc;
186 }
187
188 static void free_sg(struct sock *sk, struct scatterlist *sg,
189                     int *sg_num_elem, unsigned int *sg_size)
190 {
191         int i, n = *sg_num_elem;
192
193         for (i = 0; i < n; ++i) {
194                 sk_mem_uncharge(sk, sg[i].length);
195                 put_page(sg_page(&sg[i]));
196         }
197         *sg_num_elem = 0;
198         *sg_size = 0;
199 }
200
201 static void tls_free_both_sg(struct sock *sk)
202 {
203         struct tls_context *tls_ctx = tls_get_ctx(sk);
204         struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
205
206         free_sg(sk, ctx->sg_encrypted_data, &ctx->sg_encrypted_num_elem,
207                 &ctx->sg_encrypted_size);
208
209         free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
210                 &ctx->sg_plaintext_size);
211 }
212
213 static int tls_do_encryption(struct tls_context *tls_ctx,
214                              struct tls_sw_context *ctx, size_t data_len,
215                              gfp_t flags)
216 {
217         unsigned int req_size = sizeof(struct aead_request) +
218                 crypto_aead_reqsize(ctx->aead_send);
219         struct aead_request *aead_req;
220         int rc;
221
222         aead_req = kmalloc(req_size, flags);
223         if (!aead_req)
224                 return -ENOMEM;
225
226         ctx->sg_encrypted_data[0].offset += tls_ctx->prepend_size;
227         ctx->sg_encrypted_data[0].length -= tls_ctx->prepend_size;
228
229         aead_request_set_tfm(aead_req, ctx->aead_send);
230         aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE);
231         aead_request_set_crypt(aead_req, ctx->sg_aead_in, ctx->sg_aead_out,
232                                data_len, tls_ctx->iv);
233         rc = crypto_aead_encrypt(aead_req);
234
235         ctx->sg_encrypted_data[0].offset -= tls_ctx->prepend_size;
236         ctx->sg_encrypted_data[0].length += tls_ctx->prepend_size;
237
238         kfree(aead_req);
239         return rc;
240 }
241
242 static int tls_push_record(struct sock *sk, int flags,
243                            unsigned char record_type)
244 {
245         struct tls_context *tls_ctx = tls_get_ctx(sk);
246         struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
247         int rc;
248
249         sg_mark_end(ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem - 1);
250         sg_mark_end(ctx->sg_encrypted_data + ctx->sg_encrypted_num_elem - 1);
251
252         tls_make_aad(0, ctx->aad_space, ctx->sg_plaintext_size,
253                      tls_ctx->rec_seq, tls_ctx->rec_seq_size,
254                      record_type);
255
256         tls_fill_prepend(tls_ctx,
257                          page_address(sg_page(&ctx->sg_encrypted_data[0])) +
258                          ctx->sg_encrypted_data[0].offset,
259                          ctx->sg_plaintext_size, record_type);
260
261         tls_ctx->pending_open_record_frags = 0;
262         set_bit(TLS_PENDING_CLOSED_RECORD, &tls_ctx->flags);
263
264         rc = tls_do_encryption(tls_ctx, ctx, ctx->sg_plaintext_size,
265                                sk->sk_allocation);
266         if (rc < 0) {
267                 /* If we are called from write_space and
268                  * we fail, we need to set this SOCK_NOSPACE
269                  * to trigger another write_space in the future.
270                  */
271                 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
272                 return rc;
273         }
274
275         free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
276                 &ctx->sg_plaintext_size);
277
278         ctx->sg_encrypted_num_elem = 0;
279         ctx->sg_encrypted_size = 0;
280
281         /* Only pass through MSG_DONTWAIT and MSG_NOSIGNAL flags */
282         rc = tls_push_sg(sk, tls_ctx, ctx->sg_encrypted_data, 0, flags);
283         if (rc < 0 && rc != -EAGAIN)
284                 tls_err_abort(sk);
285
286         tls_advance_record_sn(sk, tls_ctx);
287         return rc;
288 }
289
290 static int tls_sw_push_pending_record(struct sock *sk, int flags)
291 {
292         return tls_push_record(sk, flags, TLS_RECORD_TYPE_DATA);
293 }
294
295 static int zerocopy_from_iter(struct sock *sk, struct iov_iter *from,
296                               int length)
297 {
298         struct tls_context *tls_ctx = tls_get_ctx(sk);
299         struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
300         struct page *pages[MAX_SKB_FRAGS];
301
302         size_t offset;
303         ssize_t copied, use;
304         int i = 0;
305         unsigned int size = ctx->sg_plaintext_size;
306         int num_elem = ctx->sg_plaintext_num_elem;
307         int rc = 0;
308         int maxpages;
309
310         while (length > 0) {
311                 i = 0;
312                 maxpages = ARRAY_SIZE(ctx->sg_plaintext_data) - num_elem;
313                 if (maxpages == 0) {
314                         rc = -EFAULT;
315                         goto out;
316                 }
317                 copied = iov_iter_get_pages(from, pages,
318                                             length,
319                                             maxpages, &offset);
320                 if (copied <= 0) {
321                         rc = -EFAULT;
322                         goto out;
323                 }
324
325                 iov_iter_advance(from, copied);
326
327                 length -= copied;
328                 size += copied;
329                 while (copied) {
330                         use = min_t(int, copied, PAGE_SIZE - offset);
331
332                         sg_set_page(&ctx->sg_plaintext_data[num_elem],
333                                     pages[i], use, offset);
334                         sg_unmark_end(&ctx->sg_plaintext_data[num_elem]);
335                         sk_mem_charge(sk, use);
336
337                         offset = 0;
338                         copied -= use;
339
340                         ++i;
341                         ++num_elem;
342                 }
343         }
344
345 out:
346         ctx->sg_plaintext_size = size;
347         ctx->sg_plaintext_num_elem = num_elem;
348         return rc;
349 }
350
351 static int memcopy_from_iter(struct sock *sk, struct iov_iter *from,
352                              int bytes)
353 {
354         struct tls_context *tls_ctx = tls_get_ctx(sk);
355         struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
356         struct scatterlist *sg = ctx->sg_plaintext_data;
357         int copy, i, rc = 0;
358
359         for (i = tls_ctx->pending_open_record_frags;
360              i < ctx->sg_plaintext_num_elem; ++i) {
361                 copy = sg[i].length;
362                 if (copy_from_iter(
363                                 page_address(sg_page(&sg[i])) + sg[i].offset,
364                                 copy, from) != copy) {
365                         rc = -EFAULT;
366                         goto out;
367                 }
368                 bytes -= copy;
369
370                 ++tls_ctx->pending_open_record_frags;
371
372                 if (!bytes)
373                         break;
374         }
375
376 out:
377         return rc;
378 }
379
380 int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
381 {
382         struct tls_context *tls_ctx = tls_get_ctx(sk);
383         struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
384         int ret = 0;
385         int required_size;
386         long timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
387         bool eor = !(msg->msg_flags & MSG_MORE);
388         size_t try_to_copy, copied = 0;
389         unsigned char record_type = TLS_RECORD_TYPE_DATA;
390         int record_room;
391         bool full_record;
392         int orig_size;
393
394         if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL))
395                 return -ENOTSUPP;
396
397         lock_sock(sk);
398
399         if (tls_complete_pending_work(sk, tls_ctx, msg->msg_flags, &timeo))
400                 goto send_end;
401
402         if (unlikely(msg->msg_controllen)) {
403                 ret = tls_proccess_cmsg(sk, msg, &record_type);
404                 if (ret)
405                         goto send_end;
406         }
407
408         while (msg_data_left(msg)) {
409                 if (sk->sk_err) {
410                         ret = sk->sk_err;
411                         goto send_end;
412                 }
413
414                 orig_size = ctx->sg_plaintext_size;
415                 full_record = false;
416                 try_to_copy = msg_data_left(msg);
417                 record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
418                 if (try_to_copy >= record_room) {
419                         try_to_copy = record_room;
420                         full_record = true;
421                 }
422
423                 required_size = ctx->sg_plaintext_size + try_to_copy +
424                                 tls_ctx->overhead_size;
425
426                 if (!sk_stream_memory_free(sk))
427                         goto wait_for_sndbuf;
428 alloc_encrypted:
429                 ret = alloc_encrypted_sg(sk, required_size);
430                 if (ret) {
431                         if (ret != -ENOSPC)
432                                 goto wait_for_memory;
433
434                         /* Adjust try_to_copy according to the amount that was
435                          * actually allocated. The difference is due
436                          * to max sg elements limit
437                          */
438                         try_to_copy -= required_size - ctx->sg_encrypted_size;
439                         full_record = true;
440                 }
441
442                 if (full_record || eor) {
443                         ret = zerocopy_from_iter(sk, &msg->msg_iter,
444                                                  try_to_copy);
445                         if (ret)
446                                 goto fallback_to_reg_send;
447
448                         copied += try_to_copy;
449                         ret = tls_push_record(sk, msg->msg_flags, record_type);
450                         if (!ret)
451                                 continue;
452                         if (ret == -EAGAIN)
453                                 goto send_end;
454
455                         copied -= try_to_copy;
456 fallback_to_reg_send:
457                         iov_iter_revert(&msg->msg_iter,
458                                         ctx->sg_plaintext_size - orig_size);
459                         trim_sg(sk, ctx->sg_plaintext_data,
460                                 &ctx->sg_plaintext_num_elem,
461                                 &ctx->sg_plaintext_size,
462                                 orig_size);
463                 }
464
465                 required_size = ctx->sg_plaintext_size + try_to_copy;
466 alloc_plaintext:
467                 ret = alloc_plaintext_sg(sk, required_size);
468                 if (ret) {
469                         if (ret != -ENOSPC)
470                                 goto wait_for_memory;
471
472                         /* Adjust try_to_copy according to the amount that was
473                          * actually allocated. The difference is due
474                          * to max sg elements limit
475                          */
476                         try_to_copy -= required_size - ctx->sg_plaintext_size;
477                         full_record = true;
478
479                         trim_sg(sk, ctx->sg_encrypted_data,
480                                 &ctx->sg_encrypted_num_elem,
481                                 &ctx->sg_encrypted_size,
482                                 ctx->sg_plaintext_size +
483                                 tls_ctx->overhead_size);
484                 }
485
486                 ret = memcopy_from_iter(sk, &msg->msg_iter, try_to_copy);
487                 if (ret)
488                         goto trim_sgl;
489
490                 copied += try_to_copy;
491                 if (full_record || eor) {
492 push_record:
493                         ret = tls_push_record(sk, msg->msg_flags, record_type);
494                         if (ret) {
495                                 if (ret == -ENOMEM)
496                                         goto wait_for_memory;
497
498                                 goto send_end;
499                         }
500                 }
501
502                 continue;
503
504 wait_for_sndbuf:
505                 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
506 wait_for_memory:
507                 ret = sk_stream_wait_memory(sk, &timeo);
508                 if (ret) {
509 trim_sgl:
510                         trim_both_sgl(sk, orig_size);
511                         goto send_end;
512                 }
513
514                 if (tls_is_pending_closed_record(tls_ctx))
515                         goto push_record;
516
517                 if (ctx->sg_encrypted_size < required_size)
518                         goto alloc_encrypted;
519
520                 goto alloc_plaintext;
521         }
522
523 send_end:
524         ret = sk_stream_error(sk, msg->msg_flags, ret);
525
526         release_sock(sk);
527         return copied ? copied : ret;
528 }
529
530 int tls_sw_sendpage(struct sock *sk, struct page *page,
531                     int offset, size_t size, int flags)
532 {
533         struct tls_context *tls_ctx = tls_get_ctx(sk);
534         struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
535         int ret = 0;
536         long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
537         bool eor;
538         size_t orig_size = size;
539         unsigned char record_type = TLS_RECORD_TYPE_DATA;
540         struct scatterlist *sg;
541         bool full_record;
542         int record_room;
543
544         if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
545                       MSG_SENDPAGE_NOTLAST))
546                 return -ENOTSUPP;
547
548         /* No MSG_EOR from splice, only look at MSG_MORE */
549         eor = !(flags & (MSG_MORE | MSG_SENDPAGE_NOTLAST));
550
551         lock_sock(sk);
552
553         sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
554
555         if (tls_complete_pending_work(sk, tls_ctx, flags, &timeo))
556                 goto sendpage_end;
557
558         /* Call the sk_stream functions to manage the sndbuf mem. */
559         while (size > 0) {
560                 size_t copy, required_size;
561
562                 if (sk->sk_err) {
563                         ret = sk->sk_err;
564                         goto sendpage_end;
565                 }
566
567                 full_record = false;
568                 record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
569                 copy = size;
570                 if (copy >= record_room) {
571                         copy = record_room;
572                         full_record = true;
573                 }
574                 required_size = ctx->sg_plaintext_size + copy +
575                               tls_ctx->overhead_size;
576
577                 if (!sk_stream_memory_free(sk))
578                         goto wait_for_sndbuf;
579 alloc_payload:
580                 ret = alloc_encrypted_sg(sk, required_size);
581                 if (ret) {
582                         if (ret != -ENOSPC)
583                                 goto wait_for_memory;
584
585                         /* Adjust copy according to the amount that was
586                          * actually allocated. The difference is due
587                          * to max sg elements limit
588                          */
589                         copy -= required_size - ctx->sg_plaintext_size;
590                         full_record = true;
591                 }
592
593                 get_page(page);
594                 sg = ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem;
595                 sg_set_page(sg, page, copy, offset);
596                 ctx->sg_plaintext_num_elem++;
597
598                 sk_mem_charge(sk, copy);
599                 offset += copy;
600                 size -= copy;
601                 ctx->sg_plaintext_size += copy;
602                 tls_ctx->pending_open_record_frags = ctx->sg_plaintext_num_elem;
603
604                 if (full_record || eor ||
605                     ctx->sg_plaintext_num_elem ==
606                     ARRAY_SIZE(ctx->sg_plaintext_data)) {
607 push_record:
608                         ret = tls_push_record(sk, flags, record_type);
609                         if (ret) {
610                                 if (ret == -ENOMEM)
611                                         goto wait_for_memory;
612
613                                 goto sendpage_end;
614                         }
615                 }
616                 continue;
617 wait_for_sndbuf:
618                 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
619 wait_for_memory:
620                 ret = sk_stream_wait_memory(sk, &timeo);
621                 if (ret) {
622                         trim_both_sgl(sk, ctx->sg_plaintext_size);
623                         goto sendpage_end;
624                 }
625
626                 if (tls_is_pending_closed_record(tls_ctx))
627                         goto push_record;
628
629                 goto alloc_payload;
630         }
631
632 sendpage_end:
633         if (orig_size > size)
634                 ret = orig_size - size;
635         else
636                 ret = sk_stream_error(sk, flags, ret);
637
638         release_sock(sk);
639         return ret;
640 }
641
642 void tls_sw_free_resources(struct sock *sk)
643 {
644         struct tls_context *tls_ctx = tls_get_ctx(sk);
645         struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
646
647         if (ctx->aead_send)
648                 crypto_free_aead(ctx->aead_send);
649
650         tls_free_both_sg(sk);
651
652         kfree(ctx);
653 }
654
655 int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx)
656 {
657         char keyval[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
658         struct tls_crypto_info *crypto_info;
659         struct tls12_crypto_info_aes_gcm_128 *gcm_128_info;
660         struct tls_sw_context *sw_ctx;
661         u16 nonce_size, tag_size, iv_size, rec_seq_size;
662         char *iv, *rec_seq;
663         int rc = 0;
664
665         if (!ctx) {
666                 rc = -EINVAL;
667                 goto out;
668         }
669
670         if (ctx->priv_ctx) {
671                 rc = -EEXIST;
672                 goto out;
673         }
674
675         sw_ctx = kzalloc(sizeof(*sw_ctx), GFP_KERNEL);
676         if (!sw_ctx) {
677                 rc = -ENOMEM;
678                 goto out;
679         }
680
681         ctx->priv_ctx = (struct tls_offload_context *)sw_ctx;
682         ctx->free_resources = tls_sw_free_resources;
683
684         crypto_info = &ctx->crypto_send;
685         switch (crypto_info->cipher_type) {
686         case TLS_CIPHER_AES_GCM_128: {
687                 nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
688                 tag_size = TLS_CIPHER_AES_GCM_128_TAG_SIZE;
689                 iv_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
690                 iv = ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->iv;
691                 rec_seq_size = TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE;
692                 rec_seq =
693                  ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->rec_seq;
694                 gcm_128_info =
695                         (struct tls12_crypto_info_aes_gcm_128 *)crypto_info;
696                 break;
697         }
698         default:
699                 rc = -EINVAL;
700                 goto out;
701         }
702
703         ctx->prepend_size = TLS_HEADER_SIZE + nonce_size;
704         ctx->tag_size = tag_size;
705         ctx->overhead_size = ctx->prepend_size + ctx->tag_size;
706         ctx->iv_size = iv_size;
707         ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
708                           GFP_KERNEL);
709         if (!ctx->iv) {
710                 rc = -ENOMEM;
711                 goto out;
712         }
713         memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
714         memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size);
715         ctx->rec_seq_size = rec_seq_size;
716         ctx->rec_seq = kmalloc(rec_seq_size, GFP_KERNEL);
717         if (!ctx->rec_seq) {
718                 rc = -ENOMEM;
719                 goto free_iv;
720         }
721         memcpy(ctx->rec_seq, rec_seq, rec_seq_size);
722
723         sg_init_table(sw_ctx->sg_encrypted_data,
724                       ARRAY_SIZE(sw_ctx->sg_encrypted_data));
725         sg_init_table(sw_ctx->sg_plaintext_data,
726                       ARRAY_SIZE(sw_ctx->sg_plaintext_data));
727
728         sg_init_table(sw_ctx->sg_aead_in, 2);
729         sg_set_buf(&sw_ctx->sg_aead_in[0], sw_ctx->aad_space,
730                    sizeof(sw_ctx->aad_space));
731         sg_unmark_end(&sw_ctx->sg_aead_in[1]);
732         sg_chain(sw_ctx->sg_aead_in, 2, sw_ctx->sg_plaintext_data);
733         sg_init_table(sw_ctx->sg_aead_out, 2);
734         sg_set_buf(&sw_ctx->sg_aead_out[0], sw_ctx->aad_space,
735                    sizeof(sw_ctx->aad_space));
736         sg_unmark_end(&sw_ctx->sg_aead_out[1]);
737         sg_chain(sw_ctx->sg_aead_out, 2, sw_ctx->sg_encrypted_data);
738
739         if (!sw_ctx->aead_send) {
740                 sw_ctx->aead_send = crypto_alloc_aead("gcm(aes)", 0, 0);
741                 if (IS_ERR(sw_ctx->aead_send)) {
742                         rc = PTR_ERR(sw_ctx->aead_send);
743                         sw_ctx->aead_send = NULL;
744                         goto free_rec_seq;
745                 }
746         }
747
748         ctx->push_pending_record = tls_sw_push_pending_record;
749
750         memcpy(keyval, gcm_128_info->key, TLS_CIPHER_AES_GCM_128_KEY_SIZE);
751
752         rc = crypto_aead_setkey(sw_ctx->aead_send, keyval,
753                                 TLS_CIPHER_AES_GCM_128_KEY_SIZE);
754         if (rc)
755                 goto free_aead;
756
757         rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size);
758         if (!rc)
759                 goto out;
760
761 free_aead:
762         crypto_free_aead(sw_ctx->aead_send);
763         sw_ctx->aead_send = NULL;
764 free_rec_seq:
765         kfree(ctx->rec_seq);
766         ctx->rec_seq = NULL;
767 free_iv:
768         kfree(ctx->iv);
769         ctx->iv = NULL;
770 out:
771         return rc;
772 }