Skip to content

Commit a6acbe6

Browse files
vvfedorenkokuba-moo
vvfedorenko
authored and
kuba-moo
committed
net/tls: add CHACHA20-POLY1305 specific behavior
RFC 7905 defines special behavior for ChaCha-Poly TLS sessions. The differences are in the calculation of nonce and the absence of explicit IV. This behavior is like TLSv1.3 partly. Signed-off-by: Vadim Fedorenko <[email protected]> Signed-off-by: Jakub Kicinski <[email protected]>
1 parent 923c40c commit a6acbe6

File tree

2 files changed

+10
-5
lines changed

2 files changed

+10
-5
lines changed

include/net/tls.h

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -502,7 +502,8 @@ static inline void tls_advance_record_sn(struct sock *sk,
502502
if (tls_bigint_increment(ctx->rec_seq, prot->rec_seq_size))
503503
tls_err_abort(sk, EBADMSG);
504504

505-
if (prot->version != TLS_1_3_VERSION)
505+
if (prot->version != TLS_1_3_VERSION &&
506+
prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305)
506507
tls_bigint_increment(ctx->iv + prot->salt_size,
507508
prot->iv_size);
508509
}
@@ -516,7 +517,8 @@ static inline void tls_fill_prepend(struct tls_context *ctx,
516517
size_t pkt_len, iv_size = prot->iv_size;
517518

518519
pkt_len = plaintext_len + prot->tag_size;
519-
if (prot->version != TLS_1_3_VERSION) {
520+
if (prot->version != TLS_1_3_VERSION &&
521+
prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) {
520522
pkt_len += iv_size;
521523

522524
memcpy(buf + TLS_NONCE_OFFSET,
@@ -561,7 +563,8 @@ static inline void xor_iv_with_seq(struct tls_prot_info *prot, char *iv, char *s
561563
{
562564
int i;
563565

564-
if (prot->version == TLS_1_3_VERSION) {
566+
if (prot->version == TLS_1_3_VERSION ||
567+
prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) {
565568
for (i = 0; i < 8; i++)
566569
iv[i + 4] ^= seq[i];
567570
}

net/tls/tls_sw.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1464,7 +1464,8 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
14641464
kfree(mem);
14651465
return err;
14661466
}
1467-
if (prot->version == TLS_1_3_VERSION)
1467+
if (prot->version == TLS_1_3_VERSION ||
1468+
prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305)
14681469
memcpy(iv + iv_offset, tls_ctx->rx.iv,
14691470
crypto_aead_ivsize(ctx->aead_recv));
14701471
else
@@ -2068,7 +2069,8 @@ static int tls_read_size(struct strparser *strp, struct sk_buff *skb)
20682069
data_len = ((header[4] & 0xFF) | (header[3] << 8));
20692070

20702071
cipher_overhead = prot->tag_size;
2071-
if (prot->version != TLS_1_3_VERSION)
2072+
if (prot->version != TLS_1_3_VERSION &&
2073+
prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305)
20722074
cipher_overhead += prot->iv_size;
20732075

20742076
if (data_len > TLS_MAX_PAYLOAD_SIZE + cipher_overhead +

0 commit comments

Comments
 (0)