summaryrefslogtreecommitdiff
path: root/lib/system/ktls.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/system/ktls.c')
-rw-r--r--lib/system/ktls.c420
1 files changed, 420 insertions, 0 deletions
diff --git a/lib/system/ktls.c b/lib/system/ktls.c
new file mode 100644
index 0000000000..7ab1d3215d
--- /dev/null
+++ b/lib/system/ktls.c
@@ -0,0 +1,420 @@
+/*
+ * Copyright (C) 2021 Free Software Foundation, Inc.
+ *
+ * Author: Fratnišek Krenželok
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
+ *
+ */
+
+#include "config.h"
+#include "system/ktls.h"
+
+#ifdef ENABLE_KTLS
+
+#include <linux/tls.h>
+#include <record.h>
+#include <sys/socket.h>
+#include <netinet/tcp.h>
+#include <unistd.h>
+#include <errno.h>
+#include "ext/session_ticket.h"
+
+/**
+ * gnutls_transport_set_ktls:
+ * @session: is a #gnutls_session_t type.
+ * @sockin: is a socket descriptor.
+ * @sockout: is a socket descriptor.
+ *
+ * Enables Kernel TLS for the @session
+ * Requieres `tls` kernel module and
+ * gnutls configuration with `--enable-ktls`
+ *
+ * Returns: 0 on success error otherwise
+ *
+ * Since: 3.7.2
+ **/
+int _gnutls_ktls_enable(gnutls_session_t session, int sockin, int sockout)
+{
+ if (setsockopt(sockin, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) < 0)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ session->internals.recv_fd = sockin;
+ session->internals.send_fd = sockin;
+
+ if (sockin != sockout){
+ if (setsockopt(sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) < 0)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ session->internals.send_fd = sockout;
+ }
+
+ session->internals.ktls_enabled = 1;
+ return 0;
+}
+
+int _gnutls_ktls_set_keys(gnutls_session_t session)
+{
+ gnutls_cipher_algorithm_t cipher = gnutls_cipher_get(session);
+ gnutls_datum_t mac_key;
+ gnutls_datum_t iv;
+ gnutls_datum_t cipher_key;
+ unsigned char seq_number[8];
+ int ret;
+
+ session->internals.ktls_enabled = 0;
+
+ /* check whether or not cipher suite supports ktls
+ */
+ int version = gnutls_protocol_get_version(session);
+ if ((version != GNUTLS_TLS1_3 && version != GNUTLS_TLS1_2) ||
+ (gnutls_cipher_get(session) != GNUTLS_CIPHER_AES_128_GCM &&
+ gnutls_cipher_get(session) != GNUTLS_CIPHER_AES_256_GCM)) {
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ version = (version == GNUTLS_TLS1_2) ? TLS_1_2_VERSION : TLS_1_3_VERSION;
+
+ ret = gnutls_record_get_state(session, 1, &mac_key, &iv, &cipher_key,
+ seq_number);
+ if (ret < 0) {
+ return ret;
+ }
+
+ switch (cipher) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ {
+ struct tls12_crypto_info_aes_gcm_128 crypto_info;
+
+ crypto_info.info.version = version;
+ crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128;
+
+ assert(cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE);
+
+ /* for TLS 1.2 IV is generated in kernel */
+ if (version == TLS_1_2_VERSION) {
+ assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE);
+ } else {
+ assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE
+ + TLS_CIPHER_AES_GCM_128_IV_SIZE);
+
+ memcpy(crypto_info.iv, iv.data +
+ TLS_CIPHER_AES_GCM_128_SALT_SIZE,
+ TLS_CIPHER_AES_GCM_128_IV_SIZE);
+ }
+
+ memcpy(crypto_info.salt, iv.data,
+ TLS_CIPHER_AES_GCM_128_SALT_SIZE);
+ memcpy(crypto_info.rec_seq, seq_number,
+ TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
+ memcpy(crypto_info.key, cipher_key.data,
+ TLS_CIPHER_AES_GCM_128_KEY_SIZE);
+
+ if (setsockopt(session->internals.recv_fd, SOL_TLS, TLS_RX,
+ &crypto_info, sizeof (crypto_info))) {
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+ }
+ break;
+ case GNUTLS_CIPHER_AES_256_GCM:
+ {
+ struct tls12_crypto_info_aes_gcm_256 crypto_info;
+
+ crypto_info.info.version = version;
+ crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256;
+
+ assert(cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE);
+
+ /* for TLS 1.2 IV is generated in kernel */
+ if (version == TLS_1_2_VERSION) {
+ assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE);
+ } else {
+ assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE
+ + TLS_CIPHER_AES_GCM_256_IV_SIZE);
+
+ memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE,
+ TLS_CIPHER_AES_GCM_256_IV_SIZE);
+ }
+
+ memcpy(crypto_info.salt, iv.data,
+ TLS_CIPHER_AES_GCM_256_SALT_SIZE);
+ memcpy(crypto_info.rec_seq, seq_number,
+ TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
+ memcpy(crypto_info.key, cipher_key.data,
+ TLS_CIPHER_AES_GCM_256_KEY_SIZE);
+
+ if (setsockopt(session->internals.recv_fd, SOL_TLS, TLS_RX,
+ &crypto_info, sizeof(crypto_info))) {
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+ }
+ break;
+ default:
+ assert(0);
+ }
+
+ ret = gnutls_record_get_state(session, 0, &mac_key, &iv, &cipher_key,
+ seq_number);
+ if (ret < 0) {
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ switch (cipher) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ {
+ struct tls12_crypto_info_aes_gcm_128 crypto_info;
+
+ crypto_info.info.version = version;
+ crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128;
+
+ assert(cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE);
+
+ /* for TLS 1.2 IV is generated in kernel */
+ if (version == TLS_1_2_VERSION) {
+ assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE);
+ } else {
+ assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE
+ + TLS_CIPHER_AES_GCM_128_IV_SIZE);
+
+ memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
+ TLS_CIPHER_AES_GCM_128_IV_SIZE);
+ }
+
+ memcpy(crypto_info.salt, iv.data,
+ TLS_CIPHER_AES_GCM_128_SALT_SIZE);
+ memcpy(crypto_info.rec_seq, seq_number,
+ TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
+ memcpy(crypto_info.key, cipher_key.data,
+ TLS_CIPHER_AES_GCM_128_KEY_SIZE);
+
+ if (setsockopt(session->internals.send_fd, SOL_TLS, TLS_TX,
+ &crypto_info, sizeof(crypto_info))) {
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+ }
+ break;
+ case GNUTLS_CIPHER_AES_256_GCM:
+ {
+ struct tls12_crypto_info_aes_gcm_256 crypto_info;
+
+ crypto_info.info.version = version;
+ crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256;
+ assert(cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE);
+
+ /* for TLS 1.2 IV is generated in kernel */
+ if (version == TLS_1_2_VERSION) {
+ assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE);
+ } else {
+ assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE +
+ TLS_CIPHER_AES_GCM_256_IV_SIZE);
+
+ memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE,
+ TLS_CIPHER_AES_GCM_256_IV_SIZE);
+ }
+
+ memcpy(crypto_info.salt, iv.data,
+ TLS_CIPHER_AES_GCM_256_SALT_SIZE);
+ memcpy(crypto_info.rec_seq, seq_number,
+ TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
+ memcpy(crypto_info.key, cipher_key.data,
+ TLS_CIPHER_AES_GCM_256_KEY_SIZE);
+
+ if (setsockopt(session->internals.send_fd, SOL_TLS, TLS_TX,
+ &crypto_info, sizeof(crypto_info))) {
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+ }
+ break;
+ default:
+ assert(0);
+
+ }
+
+ session->internals.ktls_enabled = 1;
+ return 0;
+}
+
+int _gnutls_ktls_send_control_msg(gnutls_session_t session,
+ unsigned char record_type, const void *data, size_t data_size)
+{
+ const char *buf = data;
+ ssize_t ret;
+
+ assert(session != NULL);
+
+ while (data_size > 0) {
+ char cmsg[CMSG_SPACE(sizeof (unsigned char))];
+ struct msghdr msg = { 0 };
+ struct iovec msg_iov; /* Vector of data to send/receive into. */
+ struct cmsghdr *hdr;
+
+ msg.msg_control = cmsg;
+ msg.msg_controllen = sizeof cmsg;
+
+ hdr = CMSG_FIRSTHDR(&msg);
+ hdr->cmsg_level = SOL_TLS;
+ hdr->cmsg_type = TLS_SET_RECORD_TYPE;
+ hdr->cmsg_len = CMSG_LEN(sizeof (unsigned char));
+
+ // construct record header
+ *CMSG_DATA(hdr) = record_type;
+ msg.msg_controllen = hdr->cmsg_len;
+
+ msg_iov.iov_base = (void *)buf;
+ msg_iov.iov_len = data_size;
+
+ msg.msg_iov = &msg_iov;
+ msg.msg_iovlen = 1;
+
+ ret = sendmsg(session->internals.send_fd, &msg, MSG_DONTWAIT);
+
+ if (ret == -1) {
+ switch (errno) {
+ case EINTR:
+ return GNUTLS_E_INTERRUPTED;
+ case EAGAIN:
+ return GNUTLS_E_AGAIN;
+ default:
+ return GNUTLS_E_PUSH_ERROR;
+ }
+ }
+
+ buf += ret;
+ data_size -= ret;
+ }
+
+ return 0;
+}
+
+int _gnutls_ktls_recv_control_msg(gnutls_session_t session,
+ unsigned char *record_type, void *data, size_t data_size)
+{
+ char *buf = data;
+ ssize_t ret;
+
+ char cmsg[CMSG_SPACE(sizeof (unsigned char))];
+ struct msghdr msg = { 0 };
+ struct iovec msg_iov;
+ struct cmsghdr *hdr;
+
+ assert(session != NULL);
+
+ if (session->internals.read_eof != 0) {
+ return 0;
+ } else if (session->internals.invalid_connection != 0 ||
+ session->internals.may_not_read != 0)
+ return GNUTLS_E_INVALID_SESSION;
+
+ /* receive message */
+ msg.msg_control = cmsg;
+ msg.msg_controllen = sizeof cmsg;
+
+ msg_iov.iov_base = buf;
+ msg_iov.iov_len = data_size;
+
+ msg.msg_iov = &msg_iov;
+ msg.msg_iovlen = 1;
+
+ ret = recvmsg(session->internals.recv_fd, &msg, MSG_DONTWAIT);
+
+ if (ret == -1){
+ switch(errno){
+ case EAGAIN:
+ return GNUTLS_E_AGAIN;
+ case EINVAL:
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ case EMSGSIZE:
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ case EBADMSG:
+ return GNUTLS_E_DECRYPTION_FAILED;
+ default:
+ return GNUTLS_E_PULL_ERROR;
+ }
+ }
+
+ /* connection closed */
+ if (ret == 0)
+ return 0;
+
+ /* get record type from header */
+ hdr = CMSG_FIRSTHDR(&msg);
+ if (hdr == NULL){
+ return GNUTLS_E_PULL_ERROR;
+ }
+ if (hdr->cmsg_level == SOL_TLS && hdr->cmsg_type == TLS_GET_RECORD_TYPE)
+ *record_type = *(unsigned char *)CMSG_DATA(hdr);
+ else
+ *record_type = GNUTLS_APPLICATION_DATA;
+
+ return ret;
+}
+
+int _gnutls_ktls_recv_int(gnutls_session_t session, content_type_t type,
+ void *data, size_t data_size)
+{
+ unsigned char record_type;
+ int ret;
+
+ ret = _gnutls_ktls_recv_control_msg(session,
+ &record_type, data, data_size);
+
+ if (ret > 0) {
+ switch (record_type){
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ break;
+ case GNUTLS_ALERT:
+ session_invalidate(session);
+ ret = 0;
+ break;
+ case GNUTLS_HANDSHAKE:
+ // ignore post-handshake messages
+ if (type != record_type)
+ return GNUTLS_E_AGAIN;
+ break;
+ case GNUTLS_APPLICATION_DATA:
+ if (type != record_type)
+ ret = GNUTLS_E_GOT_APPLICATION_DATA;
+ break;
+ case GNUTLS_HEARTBEAT:
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+ }
+ return ret;
+}
+
+#else //ENABLE_KTLS
+
+int _gnutls_ktls_enable(gnutls_session_t session, int sockin, int sockout){
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+}
+
+int _gnutls_ktls_set_keys(gnutls_session_t session) {
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+}
+
+int _gnutls_ktls_send_control_msg(gnutls_session_t session,
+ unsigned char record_type, const void *data, size_t data_size) {
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+}
+
+int _gnutls_ktls_recv_int(gnutls_session_t session, content_type_t type, void *data, size_t data_size) {
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+}
+
+#endif //ENABLE_KTLS
View Lorry Controller Status