1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2014-2019 Netflix Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27 #ifndef _SYS_KTLS_H_
28 #define _SYS_KTLS_H_
29
30 #ifdef _KERNEL
31 #include <sys/_null.h>
32 #include <sys/refcount.h>
33 #include <sys/_task.h>
34
35 #include <machine/param.h>
36 #endif
37
38 struct tls_record_layer {
39 uint8_t tls_type;
40 uint8_t tls_vmajor;
41 uint8_t tls_vminor;
42 uint16_t tls_length;
43 uint8_t tls_data[0];
44 } __attribute__ ((packed));
45
46 #define TLS_MAX_MSG_SIZE_V10_2 16384
47 #define TLS_MAX_PARAM_SIZE 1024 /* Max key/mac/iv in sockopt */
48 #define TLS_AEAD_GCM_LEN 4
49 #define TLS_1_3_GCM_IV_LEN 12
50 #define TLS_CHACHA20_IV_LEN 12
51 #define TLS_CBC_IMPLICIT_IV_LEN 16
52
53 /* Type values for the record layer */
54 #define TLS_RLTYPE_ALERT 21
55 #define TLS_RLTYPE_HANDSHAKE 22
56 #define TLS_RLTYPE_APP 23
57
58 /*
59 * Nonce for GCM for TLS 1.2 per RFC 5288.
60 */
61 struct tls_nonce_data {
62 uint8_t fixed[TLS_AEAD_GCM_LEN];
63 uint64_t seq;
64 } __packed;
65
66 /*
67 * AEAD additional data format for TLS 1.2 per RFC 5246.
68 */
69 struct tls_aead_data {
70 uint64_t seq; /* In network order */
71 uint8_t type;
72 uint8_t tls_vmajor;
73 uint8_t tls_vminor;
74 uint16_t tls_length;
75 } __packed;
76
77 /*
78 * AEAD additional data format for TLS 1.3 per RFC 8446.
79 */
80 struct tls_aead_data_13 {
81 uint8_t type;
82 uint8_t tls_vmajor;
83 uint8_t tls_vminor;
84 uint16_t tls_length;
85 } __packed;
86
87 /*
88 * Stream Cipher MAC additional data input. This does not match the
89 * exact data on the wire (the sequence number is not placed on the
90 * wire, and any explicit IV after the record header is not covered by
91 * the MAC).
92 */
93 struct tls_mac_data {
94 uint64_t seq;
95 uint8_t type;
96 uint8_t tls_vmajor;
97 uint8_t tls_vminor;
98 uint16_t tls_length;
99 } __packed;
100
101 #define TLS_MAJOR_VER_ONE 3
102 #define TLS_MINOR_VER_ZERO 1 /* 3, 1 */
103 #define TLS_MINOR_VER_ONE 2 /* 3, 2 */
104 #define TLS_MINOR_VER_TWO 3 /* 3, 3 */
105 #define TLS_MINOR_VER_THREE 4 /* 3, 4 */
106
107 /* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */
108 #ifdef _KERNEL
109 struct tls_enable_v0 {
110 const uint8_t *cipher_key;
111 const uint8_t *iv; /* Implicit IV. */
112 const uint8_t *auth_key;
113 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
114 int cipher_key_len;
115 int iv_len;
116 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
117 int auth_key_len;
118 int flags;
119 uint8_t tls_vmajor;
120 uint8_t tls_vminor;
121 };
122 #endif
123
124 struct tls_enable {
125 const uint8_t *cipher_key;
126 const uint8_t *iv; /* Implicit IV. */
127 const uint8_t *auth_key;
128 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
129 int cipher_key_len;
130 int iv_len;
131 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
132 int auth_key_len;
133 int flags;
134 uint8_t tls_vmajor;
135 uint8_t tls_vminor;
136 uint8_t rec_seq[8];
137 };
138
139 /* Structure for TLS_GET_RECORD. */
140 struct tls_get_record {
141 /* TLS record header. */
142 uint8_t tls_type;
143 uint8_t tls_vmajor;
144 uint8_t tls_vminor;
145 uint16_t tls_length;
146 };
147
148 #ifdef _KERNEL
149
150 struct tls_session_params {
151 uint8_t *cipher_key;
152 uint8_t *auth_key;
153 uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN];
154 int cipher_algorithm;
155 int auth_algorithm;
156 uint16_t cipher_key_len;
157 uint16_t iv_len;
158 uint16_t auth_key_len;
159 uint16_t max_frame_len;
160 uint8_t tls_vmajor;
161 uint8_t tls_vminor;
162 uint8_t tls_hlen;
163 uint8_t tls_tlen;
164 uint8_t tls_bs;
165 uint8_t flags;
166 };
167
168 /* Used in APIs to request RX vs TX sessions. */
169 #define KTLS_TX 1
170 #define KTLS_RX 2
171
172 struct iovec;
173 struct ktls_ocf_encrypt_state;
174 struct ktls_ocf_session;
175 struct ktls_session;
176 struct m_snd_tag;
177 struct mbuf;
178 struct sockbuf;
179 struct socket;
180 struct sockopt;
181
182 struct ktls_session {
183 struct ktls_ocf_session *ocf_session;
184 struct m_snd_tag *snd_tag;
185 struct tls_session_params params;
186 u_int wq_index;
187 volatile u_int refcount;
188 int mode;
189
190 struct task reset_tag_task;
191 struct task disable_ifnet_task;
192 union {
193 struct inpcb *inp; /* Used by transmit tasks. */
194 struct socket *so; /* Used by receive task. */
195 };
196 struct ifnet *rx_ifp;
197 u_short rx_vlan_id;
198 bool reset_pending;
199 bool tx;
200 bool sync_dispatch;
201 bool sequential_records;
202
203 /* Only used for TLS 1.0. */
204 uint64_t next_seqno;
205 STAILQ_HEAD(, mbuf) pending_records;
206
207 /* Used to destroy any kTLS session */
208 struct task destroy_task;
209 } __aligned(CACHE_LINE_SIZE);
210
211 extern unsigned int ktls_ifnet_max_rexmit_pct;
212
213 typedef enum {
214 KTLS_MBUF_CRYPTO_ST_MIXED = 0,
215 KTLS_MBUF_CRYPTO_ST_ENCRYPTED = 1,
216 KTLS_MBUF_CRYPTO_ST_DECRYPTED = -1,
217 } ktls_mbuf_crypto_st_t;
218
219 void ktls_check_rx(struct sockbuf *sb);
220 void ktls_cleanup_tls_enable(struct tls_enable *tls);
221 int ktls_copyin_tls_enable(struct sockopt *sopt, struct tls_enable *tls);
222 void ktls_disable_ifnet(void *arg);
223 int ktls_enable_rx(struct socket *so, struct tls_enable *en);
224 int ktls_enable_tx(struct socket *so, struct tls_enable *en);
225 void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count);
226 void ktls_enqueue_to_free(struct mbuf *m);
227 void ktls_destroy(struct ktls_session *tls);
228 void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt,
229 uint8_t record_type);
230 int ktls_get_rx_mode(struct socket *so, int *modep);
231 int ktls_get_tx_mode(struct socket *so, int *modep);
232 int ktls_get_rx_sequence(struct inpcb *inp, uint32_t *tcpseq, uint64_t *tlsseq);
233 void ktls_input_ifp_mismatch(struct sockbuf *sb, struct ifnet *ifp);
234 ktls_mbuf_crypto_st_t ktls_mbuf_crypto_state(struct mbuf *mb, int offset, int len);
235 #ifdef RATELIMIT
236 int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate);
237 #endif
238 int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls);
239 bool ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp);
240 bool ktls_permit_empty_frames(struct ktls_session *tls);
241 void ktls_seq(struct sockbuf *sb, struct mbuf *m);
242 int ktls_set_tx_mode(struct socket *so, int mode);
243
244 static inline struct ktls_session *
ktls_hold(struct ktls_session * tls)245 ktls_hold(struct ktls_session *tls)
246 {
247
248 if (tls != NULL)
249 refcount_acquire(&tls->refcount);
250 return (tls);
251 }
252
253 static inline void
ktls_free(struct ktls_session * tls)254 ktls_free(struct ktls_session *tls)
255 {
256
257 if (refcount_release(&tls->refcount))
258 ktls_destroy(tls);
259 }
260
261 #endif /* !_KERNEL */
262 #endif /* !_SYS_KTLS_H_ */
263