net/tls: add CHACHA20-POLY1305 specific behavior

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

RFC 7905 defines special behavior for ChaCha-Poly TLS sessions.
The differences are in the calculation of nonce and the absence
of explicit IV. This behavior is like TLSv1.3 partly.

Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Vadim Fedorenko and committed by

Jakub Kicinski 5 years ago a6acbe62 923c40c4

+10 -5

2 changed files

expand all

include

net

tls.h

net

tls

tls_sw.c

+6 -3

include/net/tls.h

··· 502 502 if (tls_bigint_increment(ctx->rec_seq, prot->rec_seq_size)) 503 503 tls_err_abort(sk, EBADMSG); 504 504 505 - if (prot->version != TLS_1_3_VERSION) 505 + if (prot->version != TLS_1_3_VERSION && 506 + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) 506 507 tls_bigint_increment(ctx->iv + prot->salt_size, 507 508 prot->iv_size); 508 509 } ··· 517 516 size_t pkt_len, iv_size = prot->iv_size; 518 517 519 518 pkt_len = plaintext_len + prot->tag_size; 520 - if (prot->version != TLS_1_3_VERSION) { 519 + if (prot->version != TLS_1_3_VERSION && 520 + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) { 521 521 pkt_len += iv_size; 522 522 523 523 memcpy(buf + TLS_NONCE_OFFSET, ··· 563 561 { 564 562 int i; 565 563 566 - if (prot->version == TLS_1_3_VERSION) { 564 + if (prot->version == TLS_1_3_VERSION || 565 + prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) { 567 566 for (i = 0; i < 8; i++) 568 567 iv[i + 4] ^= seq[i]; 569 568 }

+4 -2

net/tls/tls_sw.c

··· 1464 1464 kfree(mem); 1465 1465 return err; 1466 1466 } 1467 - if (prot->version == TLS_1_3_VERSION) 1467 + if (prot->version == TLS_1_3_VERSION || 1468 + prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) 1468 1469 memcpy(iv + iv_offset, tls_ctx->rx.iv, 1469 1470 crypto_aead_ivsize(ctx->aead_recv)); 1470 1471 else ··· 2069 2068 data_len = ((header[4] & 0xFF) | (header[3] << 8)); 2070 2069 2071 2070 cipher_overhead = prot->tag_size; 2072 - if (prot->version != TLS_1_3_VERSION) 2071 + if (prot->version != TLS_1_3_VERSION && 2072 + prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) 2073 2073 cipher_overhead += prot->iv_size; 2074 2074 2075 2075 if (data_len > TLS_MAX_PAYLOAD_SIZE + cipher_overhead +