tls: extend tls_cipher_desc to fully describe the ciphers

- add nonce, usually equal to iv_size but not for chacha
 - add offsets into the crypto_info for each field
 - add algorithm name
 - add offloadable flag

Also add helpers to access each field of a crypto_info struct
described by a tls_cipher_desc.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/39d5f476d63c171097764e8d38f6f158b7c109ae.1692977948.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/tls/tls.h b/net/tls/tls.h
index d4b56ca..28a8c0e 100644 (file)
--- a/net/tls/tls.h
+++ b/net/tls/tls.h
@@ -52,11 +52,19 @@
        SNMP_DEC_STATS((net)->mib.tls_statistics, field)
 
 struct tls_cipher_desc {
+       unsigned int nonce;
        unsigned int iv;
        unsigned int key;
        unsigned int salt;
        unsigned int tag;
        unsigned int rec_seq;
+       unsigned int iv_offset;
+       unsigned int key_offset;
+       unsigned int salt_offset;
+       unsigned int rec_seq_offset;
+       char *cipher_name;
+       bool offloadable;
+       size_t crypto_info;
 };
 
 #define TLS_CIPHER_MIN TLS_CIPHER_AES_GCM_128
@@ -71,6 +79,30 @@ static inline const struct tls_cipher_desc *get_cipher_desc(u16 cipher_type)
        return &tls_cipher_desc[cipher_type - TLS_CIPHER_MIN];
 }
 
+static inline char *crypto_info_iv(struct tls_crypto_info *crypto_info,
+                                  const struct tls_cipher_desc *cipher_desc)
+{
+       return (char *)crypto_info + cipher_desc->iv_offset;
+}
+
+static inline char *crypto_info_key(struct tls_crypto_info *crypto_info,
+                                   const struct tls_cipher_desc *cipher_desc)
+{
+       return (char *)crypto_info + cipher_desc->key_offset;
+}
+
+static inline char *crypto_info_salt(struct tls_crypto_info *crypto_info,
+                                    const struct tls_cipher_desc *cipher_desc)
+{
+       return (char *)crypto_info + cipher_desc->salt_offset;
+}
+
+static inline char *crypto_info_rec_seq(struct tls_crypto_info *crypto_info,
+                                       const struct tls_cipher_desc *cipher_desc)
+{
+       return (char *)crypto_info + cipher_desc->rec_seq_offset;
+}
+
 
 /* TLS records are maintained in 'struct tls_rec'. It stores the memory pages
  * allocated or mapped for each TLS record. After encryption, the records are

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 217c2aa..bbdf211 100644 (file)
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -58,23 +58,46 @@ enum {
        TLS_NUM_PROTS,
 };
 
-#define CIPHER_DESC(cipher) [cipher - TLS_CIPHER_MIN] = {      \
+#define __CIPHER_DESC(ci) \
+       .iv_offset = offsetof(struct ci, iv), \
+       .key_offset = offsetof(struct ci, key), \
+       .salt_offset = offsetof(struct ci, salt), \
+       .rec_seq_offset = offsetof(struct ci, rec_seq), \
+       .crypto_info = sizeof(struct ci)
+
+#define CIPHER_DESC(cipher,ci,algname,_offloadable) [cipher - TLS_CIPHER_MIN] = {      \
+       .nonce = cipher ## _IV_SIZE, \
        .iv = cipher ## _IV_SIZE, \
        .key = cipher ## _KEY_SIZE, \
        .salt = cipher ## _SALT_SIZE, \
        .tag = cipher ## _TAG_SIZE, \
        .rec_seq = cipher ## _REC_SEQ_SIZE, \
+       .cipher_name = algname, \
+       .offloadable = _offloadable, \
+       __CIPHER_DESC(ci), \
+}
+
+#define CIPHER_DESC_NONCE0(cipher,ci,algname,_offloadable) [cipher - TLS_CIPHER_MIN] = { \
+       .nonce = 0, \
+       .iv = cipher ## _IV_SIZE, \
+       .key = cipher ## _KEY_SIZE, \
+       .salt = cipher ## _SALT_SIZE, \
+       .tag = cipher ## _TAG_SIZE, \
+       .rec_seq = cipher ## _REC_SEQ_SIZE, \
+       .cipher_name = algname, \
+       .offloadable = _offloadable, \
+       __CIPHER_DESC(ci), \
 }
 
 const struct tls_cipher_desc tls_cipher_desc[TLS_CIPHER_MAX + 1 - TLS_CIPHER_MIN] = {
-       CIPHER_DESC(TLS_CIPHER_AES_GCM_128),
-       CIPHER_DESC(TLS_CIPHER_AES_GCM_256),
-       CIPHER_DESC(TLS_CIPHER_AES_CCM_128),
-       CIPHER_DESC(TLS_CIPHER_CHACHA20_POLY1305),
-       CIPHER_DESC(TLS_CIPHER_SM4_GCM),
-       CIPHER_DESC(TLS_CIPHER_SM4_CCM),
-       CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128),
-       CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256),
+       CIPHER_DESC(TLS_CIPHER_AES_GCM_128, tls12_crypto_info_aes_gcm_128, "gcm(aes)", true),
+       CIPHER_DESC(TLS_CIPHER_AES_GCM_256, tls12_crypto_info_aes_gcm_256, "gcm(aes)", true),
+       CIPHER_DESC(TLS_CIPHER_AES_CCM_128, tls12_crypto_info_aes_ccm_128, "ccm(aes)", false),
+       CIPHER_DESC_NONCE0(TLS_CIPHER_CHACHA20_POLY1305, tls12_crypto_info_chacha20_poly1305, "rfc7539(chacha20,poly1305)", false),
+       CIPHER_DESC(TLS_CIPHER_SM4_GCM, tls12_crypto_info_sm4_gcm, "gcm(sm4)", false),
+       CIPHER_DESC(TLS_CIPHER_SM4_CCM, tls12_crypto_info_sm4_ccm, "ccm(sm4)", false),
+       CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto_info_aria_gcm_128, "gcm(aria)", false),
+       CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256, "gcm(aria)", false),
 };
 
 static const struct proto *saved_tcpv6_prot;