projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge 4.14.73 into android-4.14-p
[GitHub/moto-9609/android_kernel_motorola_exynos9610.git] / net / tls / tls_sw.c
CommitLineData
3c4d7559
DW		 1/*
2 * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
3 * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
4 * Copyright (c) 2016-2017, Lance Chao <lancerchao@fb.com>. All rights reserved.
5 * Copyright (c) 2016, Fridolin Pokorny <fridolin.pokorny@gmail.com>. All rights reserved.
6 * Copyright (c) 2016, Nikos Mavrogiannopoulos <nmav@gnutls.org>. All rights reserved.
7 *
8 * This software is available to you under a choice of one of two
9 * licenses. You may choose to be licensed under the terms of the GNU
10 * General Public License (GPL) Version 2, available from the file
11 * COPYING in the main directory of this source tree, or the
12 * OpenIB.org BSD license below:
13 *
14 * Redistribution and use in source and binary forms, with or
15 * without modification, are permitted provided that the following
16 * conditions are met:
17 *
18 * - Redistributions of source code must retain the above
19 * copyright notice, this list of conditions and the following
20 * disclaimer.
21 *
22 * - Redistributions in binary form must reproduce the above
23 * copyright notice, this list of conditions and the following
24 * disclaimer in the documentation and/or other materials
25 * provided with the distribution.
26 *
27 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
28 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
29 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
30 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
31 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
32 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
33 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
34 * SOFTWARE.
35 */
36
37#include <linux/module.h>
38#include <crypto/aead.h>
39
40#include <net/tls.h>
41
42static inline void tls_make_aad(int recv,
43 char *buf,
44 size_t size,
45 char *record_sequence,
46 int record_sequence_size,
47 unsigned char record_type)
48{
49 memcpy(buf, record_sequence, record_sequence_size);
50
51 buf[8] = record_type;
52 buf[9] = TLS_1_2_VERSION_MAJOR;
53 buf[10] = TLS_1_2_VERSION_MINOR;
54 buf[11] = size >> 8;
55 buf[12] = size & 0xFF;
56}
57
58static void trim_sg(struct sock *sk, struct scatterlist *sg,
59 int *sg_num_elem, unsigned int *sg_size, int target_size)
60{
61 int i = *sg_num_elem - 1;
62 int trim = *sg_size - target_size;
63
64 if (trim <= 0) {
65 WARN_ON(trim < 0);
66 return;
67 }
68
69 *sg_size = target_size;
70 while (trim >= sg[i].length) {
71 trim -= sg[i].length;
72 sk_mem_uncharge(sk, sg[i].length);
73 put_page(sg_page(&sg[i]));
74 i--;
75
76 if (i < 0)
77 goto out;
78 }
79
80 sg[i].length -= trim;
81 sk_mem_uncharge(sk, trim);
82
83out:
84 *sg_num_elem = i + 1;
85}
86
87static void trim_both_sgl(struct sock *sk, int target_size)
88{
89 struct tls_context *tls_ctx = tls_get_ctx(sk);
90 struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
91
92 trim_sg(sk, ctx->sg_plaintext_data,
93 &ctx->sg_plaintext_num_elem,
94 &ctx->sg_plaintext_size,
95 target_size);
96
97 if (target_size > 0)
98 target_size += tls_ctx->overhead_size;
99
100 trim_sg(sk, ctx->sg_encrypted_data,
101 &ctx->sg_encrypted_num_elem,
102 &ctx->sg_encrypted_size,
103 target_size);
104}
105
106static int alloc_sg(struct sock *sk, int len, struct scatterlist *sg,
107 int *sg_num_elem, unsigned int *sg_size,
108 int first_coalesce)
109{
110 struct page_frag *pfrag;
111 unsigned int size = *sg_size;
112 int num_elem = *sg_num_elem, use = 0, rc = 0;
113 struct scatterlist *sge;
114 unsigned int orig_offset;
115
116 len -= size;
117 pfrag = sk_page_frag(sk);
118
119 while (len > 0) {
120 if (!sk_page_frag_refill(sk, pfrag)) {
121 rc = -ENOMEM;
122 goto out;
123 }
124
125 use = min_t(int, len, pfrag->size - pfrag->offset);
126
127 if (!sk_wmem_schedule(sk, use)) {
128 rc = -ENOMEM;
129 goto out;
130 }
131
132 sk_mem_charge(sk, use);
133 size += use;
134 orig_offset = pfrag->offset;
135 pfrag->offset += use;
136
137 sge = sg + num_elem - 1;
464e2326
DB		 138
139 if (num_elem > first_coalesce && sg_page(sge) == pfrag->page &&
140 sge->offset + sge->length == orig_offset) {
141 sge->length += use;
3c4d7559
DW		 142 } else {
143 sge++;
144 sg_unmark_end(sge);
145 sg_set_page(sge, pfrag->page, use, orig_offset);
146 get_page(pfrag->page);
147 ++num_elem;
148 if (num_elem == MAX_SKB_FRAGS) {
149 rc = -ENOSPC;
150 break;
151 }
152 }
153
154 len -= use;
155 }
156 goto out;
157
158out:
159 *sg_size = size;
160 *sg_num_elem = num_elem;
161 return rc;
162}
163
164static int alloc_encrypted_sg(struct sock *sk, int len)
165{
166 struct tls_context *tls_ctx = tls_get_ctx(sk);
167 struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
168 int rc = 0;
169
170 rc = alloc_sg(sk, len, ctx->sg_encrypted_data,
171 &ctx->sg_encrypted_num_elem, &ctx->sg_encrypted_size, 0);
172
04f625fc
VG		 173 if (rc == -ENOSPC)
174 ctx->sg_encrypted_num_elem = ARRAY_SIZE(ctx->sg_encrypted_data);
175
3c4d7559
DW		 176 return rc;
177}
178
179static int alloc_plaintext_sg(struct sock *sk, int len)
180{
181 struct tls_context *tls_ctx = tls_get_ctx(sk);
182 struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
183 int rc = 0;
184
185 rc = alloc_sg(sk, len, ctx->sg_plaintext_data,
186 &ctx->sg_plaintext_num_elem, &ctx->sg_plaintext_size,
187 tls_ctx->pending_open_record_frags);
188
04f625fc
VG		 189 if (rc == -ENOSPC)
190 ctx->sg_plaintext_num_elem = ARRAY_SIZE(ctx->sg_plaintext_data);
191
3c4d7559
DW		 192 return rc;
193}
194
195static void free_sg(struct sock *sk, struct scatterlist *sg,
196 int *sg_num_elem, unsigned int *sg_size)
197{
198 int i, n = *sg_num_elem;
199
200 for (i = 0; i < n; ++i) {
201 sk_mem_uncharge(sk, sg[i].length);
202 put_page(sg_page(&sg[i]));
203 }
204 *sg_num_elem = 0;
205 *sg_size = 0;
206}
207
208static void tls_free_both_sg(struct sock *sk)
209{
210 struct tls_context *tls_ctx = tls_get_ctx(sk);
211 struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
212
213 free_sg(sk, ctx->sg_encrypted_data, &ctx->sg_encrypted_num_elem,
214 &ctx->sg_encrypted_size);
215
216 free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
217 &ctx->sg_plaintext_size);
218}
219
220static int tls_do_encryption(struct tls_context *tls_ctx,
5e8a5c30
DB		 221 struct tls_sw_context *ctx,
222 struct aead_request *aead_req,
223 size_t data_len)
3c4d7559 224{
3c4d7559
DW		 225 int rc;
226
3c4d7559
DW		 227 ctx->sg_encrypted_data[0].offset += tls_ctx->prepend_size;
228 ctx->sg_encrypted_data[0].length -= tls_ctx->prepend_size;
229
230 aead_request_set_tfm(aead_req, ctx->aead_send);
231 aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE);
232 aead_request_set_crypt(aead_req, ctx->sg_aead_in, ctx->sg_aead_out,
233 data_len, tls_ctx->iv);
234 rc = crypto_aead_encrypt(aead_req);
235
236 ctx->sg_encrypted_data[0].offset -= tls_ctx->prepend_size;
237 ctx->sg_encrypted_data[0].length += tls_ctx->prepend_size;
238
3c4d7559
DW		 239 return rc;
240}
241
242static int tls_push_record(struct sock *sk, int flags,
243 unsigned char record_type)
244{
245 struct tls_context *tls_ctx = tls_get_ctx(sk);
246 struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
5e8a5c30 247 struct aead_request *req;
3c4d7559
DW		 248 int rc;
249
5e8a5c30
DB		 250 req = kzalloc(sizeof(struct aead_request) +
251 crypto_aead_reqsize(ctx->aead_send), sk->sk_allocation);
252 if (!req)
253 return -ENOMEM;
254
3c4d7559
DW		 255 sg_mark_end(ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem - 1);
256 sg_mark_end(ctx->sg_encrypted_data + ctx->sg_encrypted_num_elem - 1);
257
258 tls_make_aad(0, ctx->aad_space, ctx->sg_plaintext_size,
259 tls_ctx->rec_seq, tls_ctx->rec_seq_size,
260 record_type);
261
262 tls_fill_prepend(tls_ctx,
263 page_address(sg_page(&ctx->sg_encrypted_data[0])) +
264 ctx->sg_encrypted_data[0].offset,
265 ctx->sg_plaintext_size, record_type);
266
267 tls_ctx->pending_open_record_frags = 0;
268 set_bit(TLS_PENDING_CLOSED_RECORD, &tls_ctx->flags);
269
5e8a5c30 270 rc = tls_do_encryption(tls_ctx, ctx, req, ctx->sg_plaintext_size);
3c4d7559
DW		 271 if (rc < 0) {
272 /* If we are called from write_space and
273 * we fail, we need to set this SOCK_NOSPACE
274 * to trigger another write_space in the future.
275 */
276 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
5e8a5c30 277 goto out_req;
3c4d7559
DW		 278 }
279
280 free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
281 &ctx->sg_plaintext_size);
282
283 ctx->sg_encrypted_num_elem = 0;
284 ctx->sg_encrypted_size = 0;
285
286 /* Only pass through MSG_DONTWAIT and MSG_NOSIGNAL flags */
287 rc = tls_push_sg(sk, tls_ctx, ctx->sg_encrypted_data, 0, flags);
288 if (rc < 0 && rc != -EAGAIN)
289 tls_err_abort(sk);
290
291 tls_advance_record_sn(sk, tls_ctx);
5e8a5c30
DB		 292out_req:
293 kfree(req);
3c4d7559
DW		 294 return rc;
295}
296
297static int tls_sw_push_pending_record(struct sock *sk, int flags)
298{
299 return tls_push_record(sk, flags, TLS_RECORD_TYPE_DATA);
300}
301
302static int zerocopy_from_iter(struct sock *sk, struct iov_iter *from,
303 int length)
304{
305 struct tls_context *tls_ctx = tls_get_ctx(sk);
306 struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
307 struct page *pages[MAX_SKB_FRAGS];
308
309 size_t offset;
310 ssize_t copied, use;
311 int i = 0;
312 unsigned int size = ctx->sg_plaintext_size;
313 int num_elem = ctx->sg_plaintext_num_elem;
314 int rc = 0;
315 int maxpages;
316
317 while (length > 0) {
318 i = 0;
319 maxpages = ARRAY_SIZE(ctx->sg_plaintext_data) - num_elem;
320 if (maxpages == 0) {
321 rc = -EFAULT;
322 goto out;
323 }
324 copied = iov_iter_get_pages(from, pages,
325 length,
326 maxpages, &offset);
327 if (copied <= 0) {
328 rc = -EFAULT;
329 goto out;
330 }
331
332 iov_iter_advance(from, copied);
333
334 length -= copied;
335 size += copied;
336 while (copied) {
337 use = min_t(int, copied, PAGE_SIZE - offset);
338
339 sg_set_page(&ctx->sg_plaintext_data[num_elem],
340 pages[i], use, offset);
341 sg_unmark_end(&ctx->sg_plaintext_data[num_elem]);
342 sk_mem_charge(sk, use);
343
344 offset = 0;
345 copied -= use;
346
347 ++i;
348 ++num_elem;
349 }
350 }
351
352out:
353 ctx->sg_plaintext_size = size;
354 ctx->sg_plaintext_num_elem = num_elem;
355 return rc;
356}
357
358static int memcopy_from_iter(struct sock *sk, struct iov_iter *from,
359 int bytes)
360{
361 struct tls_context *tls_ctx = tls_get_ctx(sk);
362 struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
363 struct scatterlist *sg = ctx->sg_plaintext_data;
364 int copy, i, rc = 0;
365
366 for (i = tls_ctx->pending_open_record_frags;
367 i < ctx->sg_plaintext_num_elem; ++i) {
368 copy = sg[i].length;
369 if (copy_from_iter(
370 page_address(sg_page(&sg[i])) + sg[i].offset,
371 copy, from) != copy) {
372 rc = -EFAULT;
373 goto out;
374 }
375 bytes -= copy;
376
377 ++tls_ctx->pending_open_record_frags;
378
379 if (!bytes)
380 break;
381 }
382
383out:
384 return rc;
385}
386
387int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
388{
389 struct tls_context *tls_ctx = tls_get_ctx(sk);
390 struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
391 int ret = 0;
392 int required_size;
393 long timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
394 bool eor = !(msg->msg_flags & MSG_MORE);
395 size_t try_to_copy, copied = 0;
396 unsigned char record_type = TLS_RECORD_TYPE_DATA;
397 int record_room;
398 bool full_record;
399 int orig_size;
400
401 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL))
402 return -ENOTSUPP;
403
404 lock_sock(sk);
405
406 if (tls_complete_pending_work(sk, tls_ctx, msg->msg_flags, &timeo))
407 goto send_end;
408
409 if (unlikely(msg->msg_controllen)) {
410 ret = tls_proccess_cmsg(sk, msg, &record_type);
411 if (ret)
412 goto send_end;
413 }
414
415 while (msg_data_left(msg)) {
416 if (sk->sk_err) {
d3048a12 417 ret = -sk->sk_err;
3c4d7559
DW		 418 goto send_end;
419 }
420
421 orig_size = ctx->sg_plaintext_size;
422 full_record = false;
423 try_to_copy = msg_data_left(msg);
424 record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
425 if (try_to_copy >= record_room) {
426 try_to_copy = record_room;
427 full_record = true;
428 }
429
430 required_size = ctx->sg_plaintext_size + try_to_copy +
431 tls_ctx->overhead_size;
432
433 if (!sk_stream_memory_free(sk))
434 goto wait_for_sndbuf;
435alloc_encrypted:
436 ret = alloc_encrypted_sg(sk, required_size);
437 if (ret) {
438 if (ret != -ENOSPC)
439 goto wait_for_memory;
440
441 /* Adjust try_to_copy according to the amount that was
442 * actually allocated. The difference is due
443 * to max sg elements limit
444 */
445 try_to_copy -= required_size - ctx->sg_encrypted_size;
446 full_record = true;
447 }
448
449 if (full_record || eor) {
450 ret = zerocopy_from_iter(sk, &msg->msg_iter,
451 try_to_copy);
452 if (ret)
453 goto fallback_to_reg_send;
454
455 copied += try_to_copy;
456 ret = tls_push_record(sk, msg->msg_flags, record_type);
457 if (!ret)
458 continue;
30a7a7b0 459 if (ret < 0)
3c4d7559
DW		 460 goto send_end;
461
462 copied -= try_to_copy;
463fallback_to_reg_send:
464 iov_iter_revert(&msg->msg_iter,
465 ctx->sg_plaintext_size - orig_size);
466 trim_sg(sk, ctx->sg_plaintext_data,
467 &ctx->sg_plaintext_num_elem,
468 &ctx->sg_plaintext_size,
469 orig_size);
470 }
471
472 required_size = ctx->sg_plaintext_size + try_to_copy;
473alloc_plaintext:
474 ret = alloc_plaintext_sg(sk, required_size);
475 if (ret) {
476 if (ret != -ENOSPC)
477 goto wait_for_memory;
478
479 /* Adjust try_to_copy according to the amount that was
480 * actually allocated. The difference is due
481 * to max sg elements limit
482 */
483 try_to_copy -= required_size - ctx->sg_plaintext_size;
484 full_record = true;
485
486 trim_sg(sk, ctx->sg_encrypted_data,
487 &ctx->sg_encrypted_num_elem,
488 &ctx->sg_encrypted_size,
489 ctx->sg_plaintext_size +
490 tls_ctx->overhead_size);
491 }
492
493 ret = memcopy_from_iter(sk, &msg->msg_iter, try_to_copy);
494 if (ret)
495 goto trim_sgl;
496
497 copied += try_to_copy;
498 if (full_record || eor) {
499push_record:
500 ret = tls_push_record(sk, msg->msg_flags, record_type);
501 if (ret) {
502 if (ret == -ENOMEM)
503 goto wait_for_memory;
504
505 goto send_end;
506 }
507 }
508
509 continue;
510
511wait_for_sndbuf:
512 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
513wait_for_memory:
514 ret = sk_stream_wait_memory(sk, &timeo);
515 if (ret) {
516trim_sgl:
517 trim_both_sgl(sk, orig_size);
518 goto send_end;
519 }
520
521 if (tls_is_pending_closed_record(tls_ctx))
522 goto push_record;
523
524 if (ctx->sg_encrypted_size < required_size)
525 goto alloc_encrypted;
526
527 goto alloc_plaintext;
528 }
529
530send_end:
531 ret = sk_stream_error(sk, msg->msg_flags, ret);
532
533 release_sock(sk);
534 return copied ? copied : ret;
535}
536
537int tls_sw_sendpage(struct sock *sk, struct page *page,
538 int offset, size_t size, int flags)
539{
540 struct tls_context *tls_ctx = tls_get_ctx(sk);
541 struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
542 int ret = 0;
543 long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
544 bool eor;
545 size_t orig_size = size;
546 unsigned char record_type = TLS_RECORD_TYPE_DATA;
547 struct scatterlist *sg;
548 bool full_record;
549 int record_room;
550
551 if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
552 MSG_SENDPAGE_NOTLAST))
553 return -ENOTSUPP;
554
555 /* No MSG_EOR from splice, only look at MSG_MORE */
556 eor = !(flags & (MSG_MORE | MSG_SENDPAGE_NOTLAST));
557
558 lock_sock(sk);
559
560 sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
561
562 if (tls_complete_pending_work(sk, tls_ctx, flags, &timeo))
563 goto sendpage_end;
564
565 /* Call the sk_stream functions to manage the sndbuf mem. */
566 while (size > 0) {
567 size_t copy, required_size;
568
569 if (sk->sk_err) {
d3048a12 570 ret = -sk->sk_err;
3c4d7559
DW		 571 goto sendpage_end;
572 }
573
574 full_record = false;
575 record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
576 copy = size;
577 if (copy >= record_room) {
578 copy = record_room;
579 full_record = true;
580 }
581 required_size = ctx->sg_plaintext_size + copy +
582 tls_ctx->overhead_size;
583
584 if (!sk_stream_memory_free(sk))
585 goto wait_for_sndbuf;
586alloc_payload:
587 ret = alloc_encrypted_sg(sk, required_size);
588 if (ret) {
589 if (ret != -ENOSPC)
590 goto wait_for_memory;
591
592 /* Adjust copy according to the amount that was
593 * actually allocated. The difference is due
594 * to max sg elements limit
595 */
596 copy -= required_size - ctx->sg_plaintext_size;
597 full_record = true;
598 }
599
600 get_page(page);
601 sg = ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem;
602 sg_set_page(sg, page, copy, offset);
603 ctx->sg_plaintext_num_elem++;
604
605 sk_mem_charge(sk, copy);
606 offset += copy;
607 size -= copy;
608 ctx->sg_plaintext_size += copy;
609 tls_ctx->pending_open_record_frags = ctx->sg_plaintext_num_elem;
610
611 if (full_record || eor ||
612 ctx->sg_plaintext_num_elem ==
613 ARRAY_SIZE(ctx->sg_plaintext_data)) {
614push_record:
615 ret = tls_push_record(sk, flags, record_type);
616 if (ret) {
617 if (ret == -ENOMEM)
618 goto wait_for_memory;
619
620 goto sendpage_end;
621 }
622 }
623 continue;
624wait_for_sndbuf:
625 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
626wait_for_memory:
627 ret = sk_stream_wait_memory(sk, &timeo);
628 if (ret) {
629 trim_both_sgl(sk, ctx->sg_plaintext_size);
630 goto sendpage_end;
631 }
632
633 if (tls_is_pending_closed_record(tls_ctx))
634 goto push_record;
635
636 goto alloc_payload;
637 }
638
639sendpage_end:
640 if (orig_size > size)
641 ret = orig_size - size;
642 else
643 ret = sk_stream_error(sk, flags, ret);
644
645 release_sock(sk);
646 return ret;
647}
648
a5135676 649static void tls_sw_free_resources(struct sock *sk)
3c4d7559
DW		 650{
651 struct tls_context *tls_ctx = tls_get_ctx(sk);
652 struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
653
654 if (ctx->aead_send)
655 crypto_free_aead(ctx->aead_send);
656
657 tls_free_both_sg(sk);
658
659 kfree(ctx);
660}
661
662int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx)
663{
3c4d7559
DW		 664 struct tls_crypto_info *crypto_info;
665 struct tls12_crypto_info_aes_gcm_128 *gcm_128_info;
666 struct tls_sw_context *sw_ctx;
667 u16 nonce_size, tag_size, iv_size, rec_seq_size;
668 char *iv, *rec_seq;
669 int rc = 0;
670
671 if (!ctx) {
672 rc = -EINVAL;
673 goto out;
674 }
675
676 if (ctx->priv_ctx) {
677 rc = -EEXIST;
678 goto out;
679 }
680
681 sw_ctx = kzalloc(sizeof(*sw_ctx), GFP_KERNEL);
682 if (!sw_ctx) {
683 rc = -ENOMEM;
684 goto out;
685 }
686
687 ctx->priv_ctx = (struct tls_offload_context *)sw_ctx;
688 ctx->free_resources = tls_sw_free_resources;
689
0c033429 690 crypto_info = &ctx->crypto_send.info;
3c4d7559
DW		 691 switch (crypto_info->cipher_type) {
692 case TLS_CIPHER_AES_GCM_128: {
693 nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
694 tag_size = TLS_CIPHER_AES_GCM_128_TAG_SIZE;
695 iv_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
696 iv = ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->iv;
697 rec_seq_size = TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE;
698 rec_seq =
699 ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->rec_seq;
700 gcm_128_info =
701 (struct tls12_crypto_info_aes_gcm_128 *)crypto_info;
702 break;
703 }
704 default:
705 rc = -EINVAL;
3a28f04b 706 goto free_priv;
3c4d7559
DW		 707 }
708
709 ctx->prepend_size = TLS_HEADER_SIZE + nonce_size;
710 ctx->tag_size = tag_size;
711 ctx->overhead_size = ctx->prepend_size + ctx->tag_size;
712 ctx->iv_size = iv_size;
3a28f04b 713 ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, GFP_KERNEL);
3c4d7559
DW		 714 if (!ctx->iv) {
715 rc = -ENOMEM;
3a28f04b 716 goto free_priv;
3c4d7559
DW		 717 }
718 memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
719 memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size);
720 ctx->rec_seq_size = rec_seq_size;
721 ctx->rec_seq = kmalloc(rec_seq_size, GFP_KERNEL);
722 if (!ctx->rec_seq) {
723 rc = -ENOMEM;
724 goto free_iv;
725 }
726 memcpy(ctx->rec_seq, rec_seq, rec_seq_size);
727
728 sg_init_table(sw_ctx->sg_encrypted_data,
729 ARRAY_SIZE(sw_ctx->sg_encrypted_data));
730 sg_init_table(sw_ctx->sg_plaintext_data,
731 ARRAY_SIZE(sw_ctx->sg_plaintext_data));
732
733 sg_init_table(sw_ctx->sg_aead_in, 2);
734 sg_set_buf(&sw_ctx->sg_aead_in[0], sw_ctx->aad_space,
735 sizeof(sw_ctx->aad_space));
736 sg_unmark_end(&sw_ctx->sg_aead_in[1]);
737 sg_chain(sw_ctx->sg_aead_in, 2, sw_ctx->sg_plaintext_data);
738 sg_init_table(sw_ctx->sg_aead_out, 2);
739 sg_set_buf(&sw_ctx->sg_aead_out[0], sw_ctx->aad_space,
740 sizeof(sw_ctx->aad_space));
741 sg_unmark_end(&sw_ctx->sg_aead_out[1]);
742 sg_chain(sw_ctx->sg_aead_out, 2, sw_ctx->sg_encrypted_data);
743
744 if (!sw_ctx->aead_send) {
745 sw_ctx->aead_send = crypto_alloc_aead("gcm(aes)", 0, 0);
746 if (IS_ERR(sw_ctx->aead_send)) {
747 rc = PTR_ERR(sw_ctx->aead_send);
748 sw_ctx->aead_send = NULL;
749 goto free_rec_seq;
750 }
751 }
752
753 ctx->push_pending_record = tls_sw_push_pending_record;
754
10cacaf1 755 rc = crypto_aead_setkey(sw_ctx->aead_send, gcm_128_info->key,
3c4d7559
DW		 756 TLS_CIPHER_AES_GCM_128_KEY_SIZE);
757 if (rc)
758 goto free_aead;
759
760 rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size);
761 if (!rc)
3a28f04b 762 return 0;
3c4d7559
DW		 763
764free_aead:
765 crypto_free_aead(sw_ctx->aead_send);
766 sw_ctx->aead_send = NULL;
767free_rec_seq:
768 kfree(ctx->rec_seq);
769 ctx->rec_seq = NULL;
770free_iv:
771 kfree(ctx->iv);
772 ctx->iv = NULL;
3a28f04b
SD		 773free_priv:
774 kfree(ctx->priv_ctx);
775 ctx->priv_ctx = NULL;
3c4d7559
DW		 776out:
777 return rc;
778}