net: tls: Add ARIA-GCM algorithm · tjh.dev/kernel@62e56ef

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

net: tls: Add ARIA-GCM algorithm

RFC 6209 describes ARIA for TLS 1.2.
ARIA-128-GCM and ARIA-256-GCM are defined in RFC 6209.

This patch would offer performance increment and an opportunity for
hardware offload.

Benchmark results:
iperf-ssl are used.
CPU: intel i3-12100.

TLS(openssl-3.0-dev)
[ 3] 0.0- 1.0 sec 185 MBytes 1.55 Gbits/sec
[ 3] 1.0- 2.0 sec 186 MBytes 1.56 Gbits/sec
[ 3] 2.0- 3.0 sec 186 MBytes 1.56 Gbits/sec
[ 3] 3.0- 4.0 sec 186 MBytes 1.56 Gbits/sec
[ 3] 4.0- 5.0 sec 186 MBytes 1.56 Gbits/sec
[ 3] 0.0- 5.0 sec 927 MBytes 1.56 Gbits/sec
kTLS(aria-generic)
[ 3] 0.0- 1.0 sec 198 MBytes 1.66 Gbits/sec
[ 3] 1.0- 2.0 sec 194 MBytes 1.62 Gbits/sec
[ 3] 2.0- 3.0 sec 194 MBytes 1.63 Gbits/sec
[ 3] 3.0- 4.0 sec 194 MBytes 1.63 Gbits/sec
[ 3] 4.0- 5.0 sec 194 MBytes 1.62 Gbits/sec
[ 3] 0.0- 5.0 sec 974 MBytes 1.63 Gbits/sec
kTLS(aria-avx wirh GFNI)
[ 3] 0.0- 1.0 sec 632 MBytes 5.30 Gbits/sec
[ 3] 1.0- 2.0 sec 657 MBytes 5.51 Gbits/sec
[ 3] 2.0- 3.0 sec 657 MBytes 5.51 Gbits/sec
[ 3] 3.0- 4.0 sec 656 MBytes 5.50 Gbits/sec
[ 3] 4.0- 5.0 sec 656 MBytes 5.50 Gbits/sec
[ 3] 0.0- 5.0 sec 3.18 GBytes 5.47 Gbits/sec

Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Reviewed-by: Vadim Fedorenko <vfedorenko@novek.ru>
Link: https://lore.kernel.org/r/20220925150033.24615-1-ap420073@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Taehee Yoo and committed by

Jakub Kicinski 3 years ago 62e56ef5 c64655f3

+126

3 changed files

expand all

include

uapi

linux

tls.h

net

tls

tls_main.c

tls_sw.c

+30

include/uapi/linux/tls.h

··· 100 100 #define TLS_CIPHER_SM4_CCM_TAG_SIZE 16 101 101 #define TLS_CIPHER_SM4_CCM_REC_SEQ_SIZE 8 102 102 103 + #define TLS_CIPHER_ARIA_GCM_128 57 104 + #define TLS_CIPHER_ARIA_GCM_128_IV_SIZE 8 105 + #define TLS_CIPHER_ARIA_GCM_128_KEY_SIZE 16 106 + #define TLS_CIPHER_ARIA_GCM_128_SALT_SIZE 4 107 + #define TLS_CIPHER_ARIA_GCM_128_TAG_SIZE 16 108 + #define TLS_CIPHER_ARIA_GCM_128_REC_SEQ_SIZE 8 109 + 110 + #define TLS_CIPHER_ARIA_GCM_256 58 111 + #define TLS_CIPHER_ARIA_GCM_256_IV_SIZE 8 112 + #define TLS_CIPHER_ARIA_GCM_256_KEY_SIZE 32 113 + #define TLS_CIPHER_ARIA_GCM_256_SALT_SIZE 4 114 + #define TLS_CIPHER_ARIA_GCM_256_TAG_SIZE 16 115 + #define TLS_CIPHER_ARIA_GCM_256_REC_SEQ_SIZE 8 116 + 103 117 #define TLS_SET_RECORD_TYPE 1 104 118 #define TLS_GET_RECORD_TYPE 2 105 119 ··· 168 154 unsigned char key[TLS_CIPHER_SM4_CCM_KEY_SIZE]; 169 155 unsigned char salt[TLS_CIPHER_SM4_CCM_SALT_SIZE]; 170 156 unsigned char rec_seq[TLS_CIPHER_SM4_CCM_REC_SEQ_SIZE]; 157 + }; 158 + 159 + struct tls12_crypto_info_aria_gcm_128 { 160 + struct tls_crypto_info info; 161 + unsigned char iv[TLS_CIPHER_ARIA_GCM_128_IV_SIZE]; 162 + unsigned char key[TLS_CIPHER_ARIA_GCM_128_KEY_SIZE]; 163 + unsigned char salt[TLS_CIPHER_ARIA_GCM_128_SALT_SIZE]; 164 + unsigned char rec_seq[TLS_CIPHER_ARIA_GCM_128_REC_SEQ_SIZE]; 165 + }; 166 + 167 + struct tls12_crypto_info_aria_gcm_256 { 168 + struct tls_crypto_info info; 169 + unsigned char iv[TLS_CIPHER_ARIA_GCM_256_IV_SIZE]; 170 + unsigned char key[TLS_CIPHER_ARIA_GCM_256_KEY_SIZE]; 171 + unsigned char salt[TLS_CIPHER_ARIA_GCM_256_SALT_SIZE]; 172 + unsigned char rec_seq[TLS_CIPHER_ARIA_GCM_256_REC_SEQ_SIZE]; 171 173 }; 172 174 173 175 enum {

+62

net/tls/tls_main.c

··· 524 524 rc = -EFAULT; 525 525 break; 526 526 } 527 + case TLS_CIPHER_ARIA_GCM_128: { 528 + struct tls12_crypto_info_aria_gcm_128 * 529 + crypto_info_aria_gcm_128 = 530 + container_of(crypto_info, 531 + struct tls12_crypto_info_aria_gcm_128, 532 + info); 533 + 534 + if (len != sizeof(*crypto_info_aria_gcm_128)) { 535 + rc = -EINVAL; 536 + goto out; 537 + } 538 + lock_sock(sk); 539 + memcpy(crypto_info_aria_gcm_128->iv, 540 + cctx->iv + TLS_CIPHER_ARIA_GCM_128_SALT_SIZE, 541 + TLS_CIPHER_ARIA_GCM_128_IV_SIZE); 542 + memcpy(crypto_info_aria_gcm_128->rec_seq, cctx->rec_seq, 543 + TLS_CIPHER_ARIA_GCM_128_REC_SEQ_SIZE); 544 + release_sock(sk); 545 + if (copy_to_user(optval, 546 + crypto_info_aria_gcm_128, 547 + sizeof(*crypto_info_aria_gcm_128))) 548 + rc = -EFAULT; 549 + break; 550 + } 551 + case TLS_CIPHER_ARIA_GCM_256: { 552 + struct tls12_crypto_info_aria_gcm_256 * 553 + crypto_info_aria_gcm_256 = 554 + container_of(crypto_info, 555 + struct tls12_crypto_info_aria_gcm_256, 556 + info); 557 + 558 + if (len != sizeof(*crypto_info_aria_gcm_256)) { 559 + rc = -EINVAL; 560 + goto out; 561 + } 562 + lock_sock(sk); 563 + memcpy(crypto_info_aria_gcm_256->iv, 564 + cctx->iv + TLS_CIPHER_ARIA_GCM_256_SALT_SIZE, 565 + TLS_CIPHER_ARIA_GCM_256_IV_SIZE); 566 + memcpy(crypto_info_aria_gcm_256->rec_seq, cctx->rec_seq, 567 + TLS_CIPHER_ARIA_GCM_256_REC_SEQ_SIZE); 568 + release_sock(sk); 569 + if (copy_to_user(optval, 570 + crypto_info_aria_gcm_256, 571 + sizeof(*crypto_info_aria_gcm_256))) 572 + rc = -EFAULT; 573 + break; 574 + } 527 575 default: 528 576 rc = -EINVAL; 529 577 } ··· 732 684 break; 733 685 case TLS_CIPHER_SM4_CCM: 734 686 optsize = sizeof(struct tls12_crypto_info_sm4_ccm); 687 + break; 688 + case TLS_CIPHER_ARIA_GCM_128: 689 + if (crypto_info->version != TLS_1_2_VERSION) { 690 + rc = -EINVAL; 691 + goto err_crypto_info; 692 + } 693 + optsize = sizeof(struct tls12_crypto_info_aria_gcm_128); 694 + break; 695 + case TLS_CIPHER_ARIA_GCM_256: 696 + if (crypto_info->version != TLS_1_2_VERSION) { 697 + rc = -EINVAL; 698 + goto err_crypto_info; 699 + } 700 + optsize = sizeof(struct tls12_crypto_info_aria_gcm_256); 735 701 break; 736 702 default: 737 703 rc = -EINVAL;

+34

net/tls/tls_sw.c

··· 2629 2629 cipher_name = "ccm(sm4)"; 2630 2630 break; 2631 2631 } 2632 + case TLS_CIPHER_ARIA_GCM_128: { 2633 + struct tls12_crypto_info_aria_gcm_128 *aria_gcm_128_info; 2634 + 2635 + aria_gcm_128_info = (void *)crypto_info; 2636 + nonce_size = TLS_CIPHER_ARIA_GCM_128_IV_SIZE; 2637 + tag_size = TLS_CIPHER_ARIA_GCM_128_TAG_SIZE; 2638 + iv_size = TLS_CIPHER_ARIA_GCM_128_IV_SIZE; 2639 + iv = aria_gcm_128_info->iv; 2640 + rec_seq_size = TLS_CIPHER_ARIA_GCM_128_REC_SEQ_SIZE; 2641 + rec_seq = aria_gcm_128_info->rec_seq; 2642 + keysize = TLS_CIPHER_ARIA_GCM_128_KEY_SIZE; 2643 + key = aria_gcm_128_info->key; 2644 + salt = aria_gcm_128_info->salt; 2645 + salt_size = TLS_CIPHER_ARIA_GCM_128_SALT_SIZE; 2646 + cipher_name = "gcm(aria)"; 2647 + break; 2648 + } 2649 + case TLS_CIPHER_ARIA_GCM_256: { 2650 + struct tls12_crypto_info_aria_gcm_256 *gcm_256_info; 2651 + 2652 + gcm_256_info = (void *)crypto_info; 2653 + nonce_size = TLS_CIPHER_ARIA_GCM_256_IV_SIZE; 2654 + tag_size = TLS_CIPHER_ARIA_GCM_256_TAG_SIZE; 2655 + iv_size = TLS_CIPHER_ARIA_GCM_256_IV_SIZE; 2656 + iv = gcm_256_info->iv; 2657 + rec_seq_size = TLS_CIPHER_ARIA_GCM_256_REC_SEQ_SIZE; 2658 + rec_seq = gcm_256_info->rec_seq; 2659 + keysize = TLS_CIPHER_ARIA_GCM_256_KEY_SIZE; 2660 + key = gcm_256_info->key; 2661 + salt = gcm_256_info->salt; 2662 + salt_size = TLS_CIPHER_ARIA_GCM_256_SALT_SIZE; 2663 + cipher_name = "gcm(aria)"; 2664 + break; 2665 + } 2632 2666 default: 2633 2667 rc = -EINVAL; 2634 2668 goto free_priv;