t4_tls.c - OpenGrok cross reference for /freebsd/sys/dev/cxgbe/tom/t4

Lines Matching full:tls
81 /* TLS and DTLS common routines */
86 	return (sc->tt.tls && sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS);
92 	struct tls_ofld_info *tls_ofld = &toep->tls;
114 /* TLS/DTLS content type  for CPL SFO */
132 /* TLS Key memory management */
136 	struct tls_ofld_info *tls_ofld = &toep->tls;
150 get_tp_plen_max(struct ktls_session *tls)
154 	return (tls->params.max_frame_len <= 8192 ? plen : FC_TP_PLEN_MAX);
159 tls_program_key_id(struct toepcb *toep, struct ktls_session *tls,
162 	struct tls_ofld_info *tls_ofld = &toep->tls;
192 	t4_write_tlskey_wr(tls, direction, toep->tid, F_FW_WR_COMPL, keyid,
199 	t4_tls_key_ctx(tls, direction, kctx);
207 tls_alloc_ktls(struct toepcb *toep, struct ktls_session *tls, int direction)
231 	/* TLS 1.1 through TLS 1.3 are currently supported. */
232 	if (tls->params.tls_vmajor != TLS_MAJOR_VER_ONE ||
233 	    tls->params.tls_vminor < TLS_MINOR_VER_ONE ||
234 	    tls->params.tls_vminor > TLS_MINOR_VER_THREE) {
238 	/* TLS 1.3 is only supported on T7+. */
239 	if (tls->params.tls_vminor == TLS_MINOR_VER_THREE) {
245 	/* Sanity check values in *tls. */
246 	switch (tls->params.cipher_algorithm) {
249 		switch (tls->params.cipher_key_len) {
257 		switch (tls->params.auth_algorithm) {
269 		switch (tls->params.cipher_key_len) {
279 		 * The IV size for TLS 1.2 is the explicit IV in the
280 		 * record header.  For TLS 1.3 it is the size of the
292 		if (toep->tls.tx_key_addr != -1)
295 		if (toep->tls.rx_key_addr != -1)
299 	error = tls_program_key_id(toep, tls, direction);
303 	toep->tls.tls13 = tls->params.tls_vminor == TLS_MINOR_VER_THREE;
305 		toep->tls.scmd0.seqno_numivs =
307 			 V_SCMD_PROTO_VERSION(t4_tls_proto_ver(tls)) |
310 			 V_SCMD_CIPH_MODE(t4_tls_cipher_mode(tls)) |
311 			 V_SCMD_AUTH_MODE(t4_tls_auth_mode(tls)) |
312 			 V_SCMD_HMAC_CTRL(t4_tls_hmac_ctrl(tls)) |
315 		toep->tls.scmd0.ivgen_hdrlen =
320 		toep->tls.iv_len = iv_size;
321 		toep->tls.frag_size = tls->params.max_frame_len;
322 		toep->tls.fcplenmax = get_tp_plen_max(tls);
323 		toep->tls.expn_per_ulp = tls->params.tls_hlen +
324 		    tls->params.tls_tlen;
325 		toep->tls.pdus_per_ulp = 1;
326 		toep->tls.adjusted_plen = toep->tls.expn_per_ulp +
327 		    tls->params.max_frame_len;
328 		toep->tls.tx_key_info_size = t4_tls_key_info_size(tls);
331 		toep->tls.rx_version = tls->params.tls_vmajor << 8 |
332 		    tls->params.tls_vminor;
345 	struct tls_ofld_info *tls_ofld = &toep->tls;
370 	struct tls_ofld_info *tls_ofld = &toep->tls;
400 	struct tls_ofld_info *tls_ofld = &toep->tls;
491  * Similar to t4_push_frames() but handles sockets that contain TLS
550 	tls13 = toep->tls.tls13;
610 		    ("%s: mbuf %p doesn't have TLS session", __func__, m));
619 			MPASS(toep->tls.iv_len <= AES_BLOCK_LEN);
680 		CTR5(KTR_CXGBE, "%s: tid %d TLS record %ju type %d len %#x",
702 		    V_ULPTX_LEN16(toep->tls.tx_key_info_size >> 4));
703 		memrd->addr = htobe32(toep->tls.tx_key_addr >> 5);
708 			memcpy(buf, thdr + 1, toep->tls.iv_len);
750  * For TLS data we place received mbufs received via CPL_TLS_DATA into
751  * an mbufq in the TLS offload state.  When CPL_RX_TLS_CMP is
755  * The TLS code reuses the ulp_pdu_reclaimq to hold the pending mbufs.
797 		panic("Failed to queue TLS data packet");
799 		printf("%s: Failed to queue TLS data packet\n", __func__);
880 	 * The payload of this CPL is the TLS header followed by
881 	 * additional fields.  For TLS 1.3 the type field holds the
898 	 * XXX: To support rekeying for TLS 1.3 this will eventually
904 		CTR4(KTR_CXGBE, "%s: tid %u TLS error %#x ddp_vld %#x",
920 	/* For TLS 1.3 trim the header and trailer. */
921 	if (toep->tls.tls13) {
922 		KASSERT(tls_data != NULL, ("%s: TLS 1.3 record without data",
1065 	struct tls_ofld_info *tls_ofld = &toep->tls;
1086 	/* Do we have a full TLS header? */
1088 		CTR3(KTR_CXGBE, "%s: tid %u len %d: too short for a TLS header",
1111 		CTR4(KTR_CXGBE, "%s: tid %u truncated TLS record (%d vs %u)",
1126 		CTR3(KTR_CXGBE, "%s: tid %u invalid TLS record type %u",
1136 	CTR4(KTR_CXGBE, "%s: tid %u dropping TLS record type %u, length %u",
1156  *   to ULP_MODE_TLS (if not already) and enable TLS decryption.
1161  *   arrive, this is called again with resid == 0 and enables TLS
1175 	 * a record boundary and ready to finish enabling TLS RX.
1225 		 * Clear the TLS overlay region: 1023:832.
1228 		 * contain seqno and are set when enabling TLS
1240 		key_offset = toep->tls.rx_key_addr - sc->vres.key.start;
1249 		 * complete TLS records: Set the sequence number and
1250 		 * enable TLS decryption.
1252 		CTR3(KTR_CXGBE, "%s: tid %d enable TLS seqno %lu", __func__,
1270 		 * as a TLS PDU, so the first 5 bytes are a fake
1285 		toep->tls.rx_resid = resid;
1304  * Examine the pending data in the socket buffer and either enable TLS
1316 	MPASS(toep->tls.rx_resid == 0);
1324 	 * size of a TLS record, re-enable receive and pause again once
1361 	KASSERT(len <= toep->tls.rx_resid,
1363 	    toep->tls.rx_resid));
1364 	toep->tls.rx_resid -= len;
1365 	if (toep->tls.rx_resid != 0)
1391 			panic("%s: connection is not starting TLS RX\n",