aboutsummaryrefslogtreecommitdiff
path: root/include/net/tls.h
AgeCommit message (Collapse)AuthorFilesLines
2018-03-23tls: Refactor variable namesDave Watson1-1/+1
Several config variables are prefixed with tx, drop the prefix since these will be used for both tx and rx. Signed-off-by: Dave Watson <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2018-03-23tls: Pass error code explicitly to tls_err_abortDave Watson1-3/+3
Pass EBADMSG explicitly to tls_err_abort. Receive path will pass additional codes - EMSGSIZE if framing is larger than max TLS record size, EINVAL if TLS version mismatch. Signed-off-by: Dave Watson <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2018-03-23tls: Move cipher info to a separate structDave Watson1-11/+15
Separate tx crypto parameters to a separate cipher_context struct. The same parameters will be used for rx using the same struct. tls_advance_record_sn is modified to only take the cipher info. Signed-off-by: Dave Watson <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2018-01-31tls: Add support for encryption using async offload acceleratorVakul Garg1-0/+2
Async crypto accelerators (e.g. drivers/crypto/caam) support offloading GCM operation. If they are enabled, crypto_aead_encrypt() return error code -EINPROGRESS. In this case tls_do_encryption() needs to wait on a completion till the time the response for crypto offload request is received. Signed-off-by: Vakul Garg <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2018-01-15net/tls: Fix inverted error codes to avoid endless loop[email protected]1-1/+1
sendfile() calls can hang endless with using Kernel TLS if a socket error occurs. Socket error codes must be inverted by Kernel TLS before returning because they are stored with positive sign. If returned non-inverted they are interpreted as number of bytes sent, causing endless looping of the splice mechanic behind sendfile(). Signed-off-by: Robert Hering <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2017-11-15uapi: fix linux/tls.h userspace compilation errorDmitry V. Levin1-0/+4
Move inclusion of a private kernel header <net/tcp.h> from uapi/linux/tls.h to its only user - net/tls.h, to fix the following linux/tls.h userspace compilation error: /usr/include/linux/tls.h:41:21: fatal error: net/tcp.h: No such file or directory As to this point uapi/linux/tls.h was totaly unusuable for userspace, cleanup this header file further by moving other redundant includes to net/tls.h. Fixes: 3c4d7559159b ("tls: kernel TLS support") Cc: <[email protected]> # v4.13+ Signed-off-by: Dmitry V. Levin <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2017-11-14tls: Move tls_make_aad to header to allow sharingIlya Lesokhin1-0/+15
move tls_make_aad as it is going to be reused by the device offload code and rx path. Remove unused recv parameter. Signed-off-by: Ilya Lesokhin <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2017-11-14tls: Fix TLS ulp context leak, when TLS_TX setsockopt is not used.Ilya Lesokhin1-1/+1
Previously the TLS ulp context would leak if we attached a TLS ulp to a socket but did not use the TLS_TX setsockopt, or did use it but it failed. This patch solves the issue by overriding prot[TLS_BASE_TX].close and fixing tls_sk_proto_close to work properly when its called with ctx->tx_conf == TLS_BASE_TX. This patch also removes ctx->free_resources as we can use ctx->tx_conf to obtain the relevant information. Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2017-11-14tls: Add function to update the TLS socket configurationIlya Lesokhin1-0/+2
The tx configuration is now stored in ctx->tx_conf. And sk->sk_prot is updated trough a function This will simplify things when we add rx and support for different possible tx and rx cross configurations. Signed-off-by: Ilya Lesokhin <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2017-06-15tls: kernel TLS supportDave Watson1-0/+237
Software implementation of transport layer security, implemented using ULP infrastructure. tcp proto_ops are replaced with tls equivalents of sendmsg and sendpage. Only symmetric crypto is done in the kernel, keys are passed by setsockopt after the handshake is complete. All control messages are supported via CMSG data - the actual symmetric encryption is the same, just the message type needs to be passed separately. For user API, please see Documentation patch. Pieces that can be shared between hw and sw implementation are in tls_main.c Signed-off-by: Boris Pismenny <[email protected]> Signed-off-by: Ilya Lesokhin <[email protected]> Signed-off-by: Aviad Yehezkel <[email protected]> Signed-off-by: Dave Watson <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Powered by cgit, Gruvboxed by Blaster4385.