1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2014-2019 Netflix Inc. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 #ifndef _SYS_KTLS_H_ 28 #define _SYS_KTLS_H_ 29 30 #ifdef _KERNEL 31 #include <sys/_null.h> 32 #include <sys/refcount.h> 33 #include <sys/_task.h> 34 35 #include <machine/param.h> 36 #endif 37 38 struct tls_record_layer { 39 uint8_t tls_type; 40 uint8_t tls_vmajor; 41 uint8_t tls_vminor; 42 uint16_t tls_length; 43 uint8_t tls_data[0]; 44 } __attribute__ ((packed)); 45 46 #define TLS_MAX_MSG_SIZE_V10_2 16384 47 #define TLS_MAX_PARAM_SIZE 1024 /* Max key/mac/iv in sockopt */ 48 #define TLS_AEAD_GCM_LEN 4 49 #define TLS_1_3_GCM_IV_LEN 12 50 #define TLS_CHACHA20_IV_LEN 12 51 #define TLS_CBC_IMPLICIT_IV_LEN 16 52 53 /* Type values for the record layer */ 54 #define TLS_RLTYPE_ALERT 21 55 #define TLS_RLTYPE_HANDSHAKE 22 56 #define TLS_RLTYPE_APP 23 57 58 /* 59 * Nonce for GCM for TLS 1.2 per RFC 5288. 60 */ 61 struct tls_nonce_data { 62 uint8_t fixed[TLS_AEAD_GCM_LEN]; 63 uint64_t seq; 64 } __packed; 65 66 /* 67 * AEAD additional data format for TLS 1.2 per RFC 5246. 68 */ 69 struct tls_aead_data { 70 uint64_t seq; /* In network order */ 71 uint8_t type; 72 uint8_t tls_vmajor; 73 uint8_t tls_vminor; 74 uint16_t tls_length; 75 } __packed; 76 77 /* 78 * AEAD additional data format for TLS 1.3 per RFC 8446. 79 */ 80 struct tls_aead_data_13 { 81 uint8_t type; 82 uint8_t tls_vmajor; 83 uint8_t tls_vminor; 84 uint16_t tls_length; 85 } __packed; 86 87 /* 88 * Stream Cipher MAC additional data input. This does not match the 89 * exact data on the wire (the sequence number is not placed on the 90 * wire, and any explicit IV after the record header is not covered by 91 * the MAC). 92 */ 93 struct tls_mac_data { 94 uint64_t seq; 95 uint8_t type; 96 uint8_t tls_vmajor; 97 uint8_t tls_vminor; 98 uint16_t tls_length; 99 } __packed; 100 101 #define TLS_MAJOR_VER_ONE 3 102 #define TLS_MINOR_VER_ZERO 1 /* 3, 1 */ 103 #define TLS_MINOR_VER_ONE 2 /* 3, 2 */ 104 #define TLS_MINOR_VER_TWO 3 /* 3, 3 */ 105 #define TLS_MINOR_VER_THREE 4 /* 3, 4 */ 106 107 /* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */ 108 #ifdef _KERNEL 109 struct tls_enable_v0 { 110 const uint8_t *cipher_key; 111 const uint8_t *iv; /* Implicit IV. */ 112 const uint8_t *auth_key; 113 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */ 114 int cipher_key_len; 115 int iv_len; 116 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */ 117 int auth_key_len; 118 int flags; 119 uint8_t tls_vmajor; 120 uint8_t tls_vminor; 121 }; 122 #endif 123 124 struct tls_enable { 125 const uint8_t *cipher_key; 126 const uint8_t *iv; /* Implicit IV. */ 127 const uint8_t *auth_key; 128 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */ 129 int cipher_key_len; 130 int iv_len; 131 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */ 132 int auth_key_len; 133 int flags; 134 uint8_t tls_vmajor; 135 uint8_t tls_vminor; 136 uint8_t rec_seq[8]; 137 }; 138 139 /* Structure for TLS_GET_RECORD. */ 140 struct tls_get_record { 141 /* TLS record header. */ 142 uint8_t tls_type; 143 uint8_t tls_vmajor; 144 uint8_t tls_vminor; 145 uint16_t tls_length; 146 }; 147 148 #ifdef _KERNEL 149 150 struct tls_session_params { 151 uint8_t *cipher_key; 152 uint8_t *auth_key; 153 uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN]; 154 int cipher_algorithm; 155 int auth_algorithm; 156 uint16_t cipher_key_len; 157 uint16_t iv_len; 158 uint16_t auth_key_len; 159 uint16_t max_frame_len; 160 uint8_t tls_vmajor; 161 uint8_t tls_vminor; 162 uint8_t tls_hlen; 163 uint8_t tls_tlen; 164 uint8_t tls_bs; 165 uint8_t flags; 166 }; 167 168 /* Used in APIs to request RX vs TX sessions. */ 169 #define KTLS_TX 1 170 #define KTLS_RX 2 171 172 struct iovec; 173 struct ktls_ocf_encrypt_state; 174 struct ktls_ocf_session; 175 struct ktls_session; 176 struct m_snd_tag; 177 struct mbuf; 178 struct sockbuf; 179 struct socket; 180 struct sockopt; 181 182 struct ktls_session { 183 struct ktls_ocf_session *ocf_session; 184 struct m_snd_tag *snd_tag; 185 struct tls_session_params params; 186 u_int wq_index; 187 volatile u_int refcount; 188 int mode; 189 190 struct task reset_tag_task; 191 struct task disable_ifnet_task; 192 union { 193 struct inpcb *inp; /* Used by transmit tasks. */ 194 struct socket *so; /* Used by receive task. */ 195 }; 196 struct ifnet *rx_ifp; 197 u_short rx_vlan_id; 198 bool reset_pending; 199 bool tx; 200 bool sync_dispatch; 201 bool sequential_records; 202 203 /* Only used for TLS 1.0. */ 204 uint64_t next_seqno; 205 STAILQ_HEAD(, mbuf) pending_records; 206 207 /* Used to destroy any kTLS session */ 208 struct task destroy_task; 209 } __aligned(CACHE_LINE_SIZE); 210 211 extern unsigned int ktls_ifnet_max_rexmit_pct; 212 213 typedef enum { 214 KTLS_MBUF_CRYPTO_ST_MIXED = 0, 215 KTLS_MBUF_CRYPTO_ST_ENCRYPTED = 1, 216 KTLS_MBUF_CRYPTO_ST_DECRYPTED = -1, 217 } ktls_mbuf_crypto_st_t; 218 219 void ktls_check_rx(struct sockbuf *sb); 220 void ktls_cleanup_tls_enable(struct tls_enable *tls); 221 int ktls_copyin_tls_enable(struct sockopt *sopt, struct tls_enable *tls); 222 void ktls_disable_ifnet(void *arg); 223 int ktls_enable_rx(struct socket *so, struct tls_enable *en); 224 int ktls_enable_tx(struct socket *so, struct tls_enable *en); 225 void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count); 226 void ktls_enqueue_to_free(struct mbuf *m); 227 void ktls_destroy(struct ktls_session *tls); 228 void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt, 229 uint8_t record_type); 230 int ktls_get_rx_mode(struct socket *so, int *modep); 231 int ktls_get_tx_mode(struct socket *so, int *modep); 232 int ktls_get_rx_sequence(struct inpcb *inp, uint32_t *tcpseq, uint64_t *tlsseq); 233 void ktls_input_ifp_mismatch(struct sockbuf *sb, struct ifnet *ifp); 234 ktls_mbuf_crypto_st_t ktls_mbuf_crypto_state(struct mbuf *mb, int offset, int len); 235 #ifdef RATELIMIT 236 int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate); 237 #endif 238 int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls); 239 bool ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp); 240 bool ktls_permit_empty_frames(struct ktls_session *tls); 241 void ktls_seq(struct sockbuf *sb, struct mbuf *m); 242 int ktls_set_tx_mode(struct socket *so, int mode); 243 244 static inline struct ktls_session * 245 ktls_hold(struct ktls_session *tls) 246 { 247 248 if (tls != NULL) 249 refcount_acquire(&tls->refcount); 250 return (tls); 251 } 252 253 static inline void 254 ktls_free(struct ktls_session *tls) 255 { 256 257 if (refcount_release(&tls->refcount)) 258 ktls_destroy(tls); 259 } 260 261 #endif /* !_KERNEL */ 262 #endif /* !_SYS_KTLS_H_ */ 263