]> git.sesse.net Git - cubemap/blobdiff - tlse/tlse.c
projects / cubemap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Enable RX support for kTLS.
[cubemap] / tlse / tlse.c
diff --git a/tlse/tlse.c b/tlse/tlse.c
index dac026359e8d8396a1e7118d02e3362dc43e1256..9b70bc1dbeb49a121c27aaac6963e5194cccb802 100644 (file)
--- a/tlse/tlse.c
+++ b/tlse/tlse.c
@@ -8187,6 +8187,15 @@ int tls_unmake_ktls(struct TLSContext *context, int socket) {
     }\r
     memcpy(crypto_info.rec_seq, &context->local_sequence_number, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);\r
     context->local_sequence_number = ntohll(context->local_sequence_number);\r
+#ifdef TLS_RX\r
+    crypt_info_size = sizeof(crypto_info);\r
+    if (getsockopt(socket, SOL_TLS, TLS_RX, &crypto_info, &crypt_info_size)) {\r
+        DEBUG_PRINT("ERROR IN getsockopt\n");\r
+        return TLS_GENERIC_ERROR;\r
+    }\r
+    memcpy(crypto_info.rec_seq, &context->remote_sequence_number, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);\r
+    context->remote_sequence_number = ntohll(context->remote_sequence_number);\r
+#endif\r
     return 0;\r
 #endif\r
     DEBUG_PRINT("TLSe COMPILED WITHOUT kTLS SUPPORT\n");\r
@@ -8217,7 +8226,7 @@ int tls_make_ktls(struct TLSContext *context, int socket) {
             return TLS_FEATURE_NOT_SUPPORTED;\r
     }\r
 #ifdef WITH_KTLS\r
-    if (context->exportable_size < TLS_CIPHER_AES_GCM_128_KEY_SIZE) {\r
+    if (context->exportable_size < TLS_CIPHER_AES_GCM_128_KEY_SIZE * 2) {\r
         DEBUG_PRINT("INVALID KEY SIZE\n");\r
         return TLS_GENERIC_ERROR;\r
     }\r
@@ -8231,7 +8240,26 @@ int tls_make_ktls(struct TLSContext *context, int socket) {
     memcpy(crypto_info.rec_seq, &local_sequence_number, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);\r
     memcpy(crypto_info.key, context->exportable_keys, TLS_CIPHER_AES_GCM_128_KEY_SIZE);\r
     memcpy(crypto_info.salt, context->crypto.ctx_local_mac.local_aead_iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);\r
+\r
     setsockopt(socket, SOL_TCP, TCP_ULP, "tls", sizeof("tls"));\r
+\r
+#ifdef TLS_RX\r
+    // kernel 4.17 adds TLS_RX support\r
+    struct tls12_crypto_info_aes_gcm_128 crypto_info_read;\r
+\r
+    crypto_info_read.info.version = TLS_1_2_VERSION;\r
+    crypto_info_read.info.cipher_type = TLS_CIPHER_AES_GCM_128;\r
+\r
+    uint64_t remote_sequence_number = htonll(context->remote_sequence_number);\r
+    memcpy(crypto_info_read.iv, &remote_sequence_number, TLS_CIPHER_AES_GCM_128_IV_SIZE);\r
+    memcpy(crypto_info_read.rec_seq, &remote_sequence_number, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);\r
+    memcpy(crypto_info_read.key, context->exportable_keys + TLS_CIPHER_AES_GCM_128_KEY_SIZE, TLS_CIPHER_AES_GCM_128_KEY_SIZE);\r
+    memcpy(crypto_info_read.salt, context->crypto.ctx_remote_mac.remote_aead_iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);\r
+\r
+    int err = setsockopt(socket, SOL_TLS, TLS_RX, &crypto_info_read, sizeof(crypto_info_read));\r
+    if (err)\r
+        return err;\r
+#endif\r
     return setsockopt(socket, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info));\r
 #else\r
     DEBUG_PRINT("TLSe COMPILED WITHOUT kTLS SUPPORT\n");\r
A scalable video reflector, designed to be used with VLC.