net/tls: add CHACHA20-POLY1305 specific behavior

RFC 7905 defines special behavior for ChaCha-Poly TLS sessions.
The differences are in the calculation of nonce and the absence
of explicit IV. This behavior is like TLSv1.3 partly.

Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/include/net/tls.h b/include/net/tls.h
index e4e9c2ae689e5edca224861c15ef56eef32bfeb1..b2637edc272675cfc7367a58a16aa97ac0dbd233 100644 (file)
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -502,7 +502,8 @@ static inline void tls_advance_record_sn(struct sock *sk,
        if (tls_bigint_increment(ctx->rec_seq, prot->rec_seq_size))
                tls_err_abort(sk, EBADMSG);
 
-       if (prot->version != TLS_1_3_VERSION)
+       if (prot->version != TLS_1_3_VERSION &&
+           prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305)
                tls_bigint_increment(ctx->iv + prot->salt_size,
                                     prot->iv_size);
 }
@@ -516,7 +517,8 @@ static inline void tls_fill_prepend(struct tls_context *ctx,
        size_t pkt_len, iv_size = prot->iv_size;
 
        pkt_len = plaintext_len + prot->tag_size;
-       if (prot->version != TLS_1_3_VERSION) {
+       if (prot->version != TLS_1_3_VERSION &&
+           prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) {
                pkt_len += iv_size;
 
                memcpy(buf + TLS_NONCE_OFFSET,
@@ -561,7 +563,8 @@ static inline void xor_iv_with_seq(struct tls_prot_info *prot, char *iv, char *s
 {
        int i;
 
-       if (prot->version == TLS_1_3_VERSION) {
+       if (prot->version == TLS_1_3_VERSION ||
+           prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) {
                for (i = 0; i < 8; i++)
                        iv[i + 4] ^= seq[i];
        }

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 6bc757a0a0ad6555a261d331edc020635c37b004..b4eefdb9c30abf9b184b231da8c01050cb973412 100644 (file)
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1464,7 +1464,8 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
                kfree(mem);
                return err;
        }
-       if (prot->version == TLS_1_3_VERSION)
+       if (prot->version == TLS_1_3_VERSION ||
+           prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305)
                memcpy(iv + iv_offset, tls_ctx->rx.iv,
                       crypto_aead_ivsize(ctx->aead_recv));
        else
@@ -2068,7 +2069,8 @@ static int tls_read_size(struct strparser *strp, struct sk_buff *skb)
        data_len = ((header[4] & 0xFF) | (header[3] << 8));
 
        cipher_overhead = prot->tag_size;
-       if (prot->version != TLS_1_3_VERSION)
+       if (prot->version != TLS_1_3_VERSION &&
+           prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305)
                cipher_overhead += prot->iv_size;
 
        if (data_len > TLS_MAX_PAYLOAD_SIZE + cipher_overhead +