ktls: rename and document SSL_generate_key_block output

Rename rx/tx to client/server to better match reality. The test defines a struct with the output from SSL_generate_key_block. The current layout uses _rx/_tx suffixes and works correctly when passing to TLS_RX/TLS_TX on the server. But the struct is actually defined in terms of client/server, which means that this order has to be reversed for client sockets (opened with SSL_connect). Rename the struct fields to better match their contents and document this subtle difference between RFC and KTLS terminology. Signed-off-by: Willem de Bruijn <[email protected]>
wdebruij · Jan 30, 2020 · d686225 · d686225
1 parent dd8c00b
commit d686225
Showing 1 changed file with 20 additions and 8 deletions.
diff --git a/tools/ktls/ktls.c b/tools/ktls/ktls.c
@@ -108,11 +108,23 @@ static void readwrite_tls(SSL *ssl)
 
 #ifdef OPENSSL_IS_BORINGSSL
 
+/* BoringSSL SSL_generate_key_block generates a concatenation of
+ * digest + encryption secrets and optional IV.
+ *
+ * The exact layout is cipher specific. GCM does not have independent
+ * digest secrets, for instance.
+ *
+ * Note: fields follow a client/server layout, as described in RFC 5246 6.3
+ *       this does NOT map 1:1 onto kTLS TLS_TX/TLS_RX.
+ *
+ *       on the server (SSL_accept), map key_server onto TLS_TX
+ *       on the client (SSL_connect), do the opposite
+ */
 struct boringssl_aesgcm128_keyblock {
-	unsigned char key_rx[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
-	unsigned char key_tx[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
-	unsigned char salt_rx[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
-	unsigned char salt_tx[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
+	unsigned char key_client[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
+	unsigned char key_server[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
+	unsigned char salt_client[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
+	unsigned char salt_server[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
 } __attribute__((packed));
 
 static void setup_kernel_tls(SSL *ssl, int fd, bool is_tx)
@@ -138,13 +150,13 @@ static void setup_kernel_tls(SSL *ssl, int fd, bool is_tx)
 
 	if (is_tx) {
 		seq = SSL_get_write_sequence(ssl);
-		key = kb.key_tx;
-		salt = kb.salt_tx;
+		key = kb.key_server;
+		salt = kb.salt_server;
 		optname = TLS_TX;
 	} else {
 		seq = SSL_get_read_sequence(ssl);
-		key = kb.key_rx;
-		salt = kb.salt_rx;
+		key = kb.key_client;
+		salt = kb.salt_client;
 		optname = TLS_RX;
 	}