}\r
memcpy(crypto_info.rec_seq, &context->local_sequence_number, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);\r
context->local_sequence_number = ntohll(context->local_sequence_number);\r
+#ifdef TLS_RX\r
+ crypt_info_size = sizeof(crypto_info);\r
+ if (getsockopt(socket, SOL_TLS, TLS_RX, &crypto_info, &crypt_info_size)) {\r
+ DEBUG_PRINT("ERROR IN getsockopt\n");\r
+ return TLS_GENERIC_ERROR;\r
+ }\r
+ memcpy(crypto_info.rec_seq, &context->remote_sequence_number, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);\r
+ context->remote_sequence_number = ntohll(context->remote_sequence_number);\r
+#endif\r
return 0;\r
#endif\r
DEBUG_PRINT("TLSe COMPILED WITHOUT kTLS SUPPORT\n");\r
return TLS_FEATURE_NOT_SUPPORTED;\r
}\r
#ifdef WITH_KTLS\r
- if (context->exportable_size < TLS_CIPHER_AES_GCM_128_KEY_SIZE) {\r
+ if (context->exportable_size < TLS_CIPHER_AES_GCM_128_KEY_SIZE * 2) {\r
DEBUG_PRINT("INVALID KEY SIZE\n");\r
return TLS_GENERIC_ERROR;\r
}\r
memcpy(crypto_info.rec_seq, &local_sequence_number, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);\r
memcpy(crypto_info.key, context->exportable_keys, TLS_CIPHER_AES_GCM_128_KEY_SIZE);\r
memcpy(crypto_info.salt, context->crypto.ctx_local_mac.local_aead_iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);\r
+\r
setsockopt(socket, SOL_TCP, TCP_ULP, "tls", sizeof("tls"));\r
+\r
+#ifdef TLS_RX\r
+ // kernel 4.17 adds TLS_RX support\r
+ struct tls12_crypto_info_aes_gcm_128 crypto_info_read;\r
+\r
+ crypto_info_read.info.version = TLS_1_2_VERSION;\r
+ crypto_info_read.info.cipher_type = TLS_CIPHER_AES_GCM_128;\r
+\r
+ uint64_t remote_sequence_number = htonll(context->remote_sequence_number);\r
+ memcpy(crypto_info_read.iv, &remote_sequence_number, TLS_CIPHER_AES_GCM_128_IV_SIZE);\r
+ memcpy(crypto_info_read.rec_seq, &remote_sequence_number, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);\r
+ memcpy(crypto_info_read.key, context->exportable_keys + TLS_CIPHER_AES_GCM_128_KEY_SIZE, TLS_CIPHER_AES_GCM_128_KEY_SIZE);\r
+ memcpy(crypto_info_read.salt, context->crypto.ctx_remote_mac.remote_aead_iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);\r
+\r
+ int err = setsockopt(socket, SOL_TLS, TLS_RX, &crypto_info_read, sizeof(crypto_info_read));\r
+ if (err)\r
+ return err;\r
+#endif\r
return setsockopt(socket, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info));\r
#else\r
DEBUG_PRINT("TLSe COMPILED WITHOUT kTLS SUPPORT\n");\r