| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220112144013.1060a854@kicinski-fedora-PC1C0HJN.hsd1.ca.comcast.net>
Date: Wed, 12 Jan 2022 14:40:13 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Dimitris Michailidis <d.michailidis@...gible.com>
Cc: davem@...emloft.net, netdev@...r.kernel.org, andrew@...n.ch
Subject: Re: [PATCH net-next v6 7/8] net/funeth: add kTLS TX control part
On Wed, 12 Jan 2022 14:35:32 -0800 Jakub Kicinski wrote:
> > + if (crypto_info->version == TLS_1_2_VERSION)
> > + req.version = FUN_KTLS_TLSV2;
> > + else if (crypto_info->version == TLS_1_3_VERSION)
> > + req.version = FUN_KTLS_TLSV3;
I don't think offload of TLS 1.3 is supported by the kernel.
> > + else
> > + return -EOPNOTSUPP;
> > +
> > + switch (crypto_info->cipher_type) {
> > + case TLS_CIPHER_AES_GCM_128: {
> > + struct tls12_crypto_info_aes_gcm_128 *c = (void *)crypto_info;
> > +
> > + req.cipher = FUN_KTLS_CIPHER_AES_GCM_128;
> > + memcpy(req.key, c->key, sizeof(c->key));
> > + memcpy(req.iv, c->iv, sizeof(c->iv));
> > + memcpy(req.salt, c->salt, sizeof(c->salt));
> > + memcpy(req.record_seq, c->rec_seq, sizeof(c->rec_seq));
> > + break;
> > + }
Neither are all the algos below. Please remove dead code.
> > + case TLS_CIPHER_AES_GCM_256: {
> > + struct tls12_crypto_info_aes_gcm_256 *c = (void *)crypto_info;
> > +
> > + req.cipher = FUN_KTLS_CIPHER_AES_GCM_256;
> > + memcpy(req.key, c->key, sizeof(c->key));
> > + memcpy(req.iv, c->iv, sizeof(c->iv));
> > + memcpy(req.salt, c->salt, sizeof(c->salt));
> > + memcpy(req.record_seq, c->rec_seq, sizeof(c->rec_seq));
> > + break;
> > + }
> > +
> > + case TLS_CIPHER_CHACHA20_POLY1305: {
> > + struct tls12_crypto_info_chacha20_poly1305 *c;
> > +
> > + c = (void *)crypto_info;
> > + req.cipher = FUN_KTLS_CIPHER_CHACHA20_POLY1305;
> > + memcpy(req.key, c->key, sizeof(c->key));
> > + memcpy(req.iv, c->iv, sizeof(c->iv));
> > + memcpy(req.salt, c->salt, sizeof(c->salt));
> > + memcpy(req.record_seq, c->rec_seq, sizeof(c->rec_seq));
> > + break;
> > + }
Powered by blists - more mailing lists