From 233a6665b64cfaf318552d56cf991f9e5e9ef482 Mon Sep 17 00:00:00 2001 From: Hans Petter Selasky Date: Mon, 25 May 2020 12:34:15 +0000 Subject: Correctly set the initial vector for TLS v1.3 for mlx5en(4). For TLS v1.3 the 12 bytes of the initial vector, IV, should just be copied as-is from the kernel to the gcm_iv field, which hold the first 4 bytes, and the remaining 8 bytes go to the subsequent implicit_iv field. There is no need to consider the byte order on the 12 bytes of IV like initially done. Sponsored by: Mellanox Technologies --- sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) (limited to 'sys/dev') diff --git a/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c b/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c index f9b72ae35354f..8b91d27a758b1 100644 --- a/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c +++ b/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c @@ -251,18 +251,14 @@ mlx5e_tls_set_params(void *ctx, const struct tls_session_params *en) MLX5_SET(sw_tls_cntx, ctx, param.encryption_standard, 1); /* TLS */ /* copy the initial vector in place */ - if (en->iv_len == MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv)) { + switch (en->iv_len) { + case MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv): + case MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv) + + MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv): memcpy(MLX5_ADDR_OF(sw_tls_cntx, ctx, param.gcm_iv), - en->iv, MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv)); - } else if (en->iv_len == (MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv) + - MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv))) { - memcpy(MLX5_ADDR_OF(sw_tls_cntx, ctx, param.gcm_iv), - (char *)en->iv + MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv), - MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv)); - memcpy(MLX5_ADDR_OF(sw_tls_cntx, ctx, param.implicit_iv), - en->iv, - MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv)); - } else { + en->iv, en->iv_len); + break; + default: return (EINVAL); } -- cgit v1.3