1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2014-2019 Netflix Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27 #ifndef _SYS_KTLS_H_
28 #define _SYS_KTLS_H_
29
30 #ifdef _KERNEL
31 #include <sys/mbuf.h>
32 #include <sys/_null.h>
33 #include <sys/refcount.h>
34 #include <sys/_task.h>
35
36 #include <machine/param.h>
37 #endif
38
39 struct tls_record_layer {
40 uint8_t tls_type;
41 uint8_t tls_vmajor;
42 uint8_t tls_vminor;
43 uint16_t tls_length;
44 uint8_t tls_data[0];
45 } __attribute__ ((packed));
46
47 #define TLS_MAX_MSG_SIZE_V10_2 16384
48 #define TLS_MAX_PARAM_SIZE 1024 /* Max key/mac/iv in sockopt */
49 #define TLS_AEAD_GCM_LEN 4
50 #define TLS_1_3_GCM_IV_LEN 12
51 #define TLS_CHACHA20_IV_LEN 12
52 #define TLS_CBC_IMPLICIT_IV_LEN 16
53
54 /* Type values for the record layer */
55 #define TLS_RLTYPE_ALERT 21
56 #define TLS_RLTYPE_HANDSHAKE 22
57 #define TLS_RLTYPE_APP 23
58
59 /*
60 * Nonce for GCM for TLS 1.2 per RFC 5288.
61 */
62 struct tls_nonce_data {
63 uint8_t fixed[TLS_AEAD_GCM_LEN];
64 uint64_t seq;
65 } __packed;
66
67 /*
68 * AEAD additional data format for TLS 1.2 per RFC 5246.
69 */
70 struct tls_aead_data {
71 uint64_t seq; /* In network order */
72 uint8_t type;
73 uint8_t tls_vmajor;
74 uint8_t tls_vminor;
75 uint16_t tls_length;
76 } __packed;
77
78 /*
79 * AEAD additional data format for TLS 1.3 per RFC 8446.
80 */
81 struct tls_aead_data_13 {
82 uint8_t type;
83 uint8_t tls_vmajor;
84 uint8_t tls_vminor;
85 uint16_t tls_length;
86 } __packed;
87
88 /*
89 * Stream Cipher MAC additional data input. This does not match the
90 * exact data on the wire (the sequence number is not placed on the
91 * wire, and any explicit IV after the record header is not covered by
92 * the MAC).
93 */
94 struct tls_mac_data {
95 uint64_t seq;
96 uint8_t type;
97 uint8_t tls_vmajor;
98 uint8_t tls_vminor;
99 uint16_t tls_length;
100 } __packed;
101
102 #define TLS_MAJOR_VER_ONE 3
103 #define TLS_MINOR_VER_ZERO 1 /* 3, 1 */
104 #define TLS_MINOR_VER_ONE 2 /* 3, 2 */
105 #define TLS_MINOR_VER_TWO 3 /* 3, 3 */
106 #define TLS_MINOR_VER_THREE 4 /* 3, 4 */
107
108 /* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */
109 #ifdef _KERNEL
110 struct tls_enable_v0 {
111 const uint8_t *cipher_key;
112 const uint8_t *iv; /* Implicit IV. */
113 const uint8_t *auth_key;
114 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
115 int cipher_key_len;
116 int iv_len;
117 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
118 int auth_key_len;
119 int flags;
120 uint8_t tls_vmajor;
121 uint8_t tls_vminor;
122 };
123 #endif
124
125 struct tls_enable {
126 const uint8_t *cipher_key;
127 const uint8_t *iv; /* Implicit IV. */
128 const uint8_t *auth_key;
129 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
130 int cipher_key_len;
131 int iv_len;
132 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
133 int auth_key_len;
134 int flags;
135 uint8_t tls_vmajor;
136 uint8_t tls_vminor;
137 uint8_t rec_seq[8];
138 };
139
140 /* Structure for TLS_GET_RECORD. */
141 struct tls_get_record {
142 /* TLS record header. */
143 uint8_t tls_type;
144 uint8_t tls_vmajor;
145 uint8_t tls_vminor;
146 uint16_t tls_length;
147 };
148
149 #define XKTLS_SESSION_IV_BUF_LEN 32
150 struct xktls_session_onedir {
151 uint64_t gen;
152 uint64_t rsrv1[8];
153 uint32_t rsrv2[8];
154 uint8_t iv[XKTLS_SESSION_IV_BUF_LEN];
155 int cipher_algorithm;
156 int auth_algorithm;
157 uint16_t cipher_key_len;
158 uint16_t iv_len;
159 uint16_t auth_key_len;
160 uint16_t max_frame_len;
161 uint8_t tls_vmajor;
162 uint8_t tls_vminor;
163 uint8_t tls_hlen;
164 uint8_t tls_tlen;
165 uint8_t tls_bs;
166 uint8_t flags;
167 uint16_t drv_st_len;
168 char ifnet[16]; /* IFNAMSIZ */
169 };
170
171 #ifdef _KERNEL
172
173 struct tls_session_params {
174 uint8_t *cipher_key;
175 uint8_t *auth_key;
176 uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN];
177 int cipher_algorithm;
178 int auth_algorithm;
179 uint16_t cipher_key_len;
180 uint16_t iv_len;
181 uint16_t auth_key_len;
182 uint16_t max_frame_len;
183 uint8_t tls_vmajor;
184 uint8_t tls_vminor;
185 uint8_t tls_hlen;
186 uint8_t tls_tlen;
187 uint8_t tls_bs;
188 uint8_t flags;
189 };
190
191 /* Used in APIs to request RX vs TX sessions. */
192 #define KTLS_TX 1
193 #define KTLS_RX 2
194
195 struct iovec;
196 struct ktls_ocf_encrypt_state;
197 struct ktls_ocf_session;
198 struct ktls_session;
199 struct m_snd_tag;
200 struct mbuf;
201 struct sockbuf;
202 struct socket;
203 struct sockopt;
204
205 struct ktls_session {
206 struct ktls_ocf_session *ocf_session;
207 struct m_snd_tag *snd_tag;
208 struct tls_session_params params;
209 u_int wq_index;
210 volatile u_int refcount;
211 int mode;
212
213 struct task reset_tag_task;
214 struct task disable_ifnet_task;
215 union {
216 struct inpcb *inp; /* Used by transmit tasks. */
217 struct socket *so; /* Used by receive task. */
218 };
219 struct ifnet *rx_ifp;
220 u_short rx_vlan_id;
221 bool reset_pending;
222 bool tx;
223 bool sync_dispatch;
224 bool sequential_records;
225 union {
226 /* Only used for TLS 1.0. */
227 uint64_t next_seqno;
228 /* Needed by some ktls offload NICs */
229 uint64_t initial_offload_seqno;
230 };
231 STAILQ_HEAD(, mbuf) pending_records;
232
233 /* Used to destroy any kTLS session */
234 struct task destroy_task;
235
236 uint64_t gen;
237 } __aligned(CACHE_LINE_SIZE);
238
239 extern unsigned int ktls_ifnet_max_rexmit_pct;
240
241 typedef enum {
242 KTLS_MBUF_CRYPTO_ST_MIXED = 0,
243 KTLS_MBUF_CRYPTO_ST_ENCRYPTED = 1,
244 KTLS_MBUF_CRYPTO_ST_DECRYPTED = -1,
245 } ktls_mbuf_crypto_st_t;
246
247 void ktls_check_rx(struct sockbuf *sb);
248 void ktls_cleanup_tls_enable(struct tls_enable *tls);
249 int ktls_copyin_tls_enable(struct sockopt *sopt, struct tls_enable *tls);
250 void ktls_disable_ifnet(void *arg);
251 int ktls_enable_rx(struct socket *so, struct tls_enable *en);
252 int ktls_enable_tx(struct socket *so, struct tls_enable *en);
253 void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count);
254 void ktls_enqueue_to_free(struct mbuf *m);
255 void ktls_destroy(struct ktls_session *tls);
256 void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt,
257 uint8_t record_type);
258 int ktls_get_rx_mode(struct socket *so, int *modep);
259 int ktls_get_tx_mode(struct socket *so, int *modep);
260 int ktls_get_rx_sequence(struct inpcb *inp, uint32_t *tcpseq, uint64_t *tlsseq);
261 void ktls_input_ifp_mismatch(struct sockbuf *sb, struct ifnet *ifp);
262 ktls_mbuf_crypto_st_t ktls_mbuf_crypto_state(struct mbuf *mb, int offset, int len);
263 #ifdef RATELIMIT
264 int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate);
265 #endif
266 int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls);
267 bool ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp);
268 bool ktls_permit_empty_frames(struct ktls_session *tls);
269 void ktls_seq(struct sockbuf *sb, struct mbuf *m);
270 int ktls_set_tx_mode(struct socket *so, int mode);
271
272 static inline struct ktls_session *
ktls_hold(struct ktls_session * tls)273 ktls_hold(struct ktls_session *tls)
274 {
275
276 if (tls != NULL)
277 refcount_acquire(&tls->refcount);
278 return (tls);
279 }
280
281 static inline void
ktls_free(struct ktls_session * tls)282 ktls_free(struct ktls_session *tls)
283 {
284
285 if (refcount_release(&tls->refcount))
286 ktls_destroy(tls);
287 }
288
289 static inline void
ktls_release_snd_tag(struct ktls_session * tls)290 ktls_release_snd_tag(struct ktls_session *tls)
291 {
292 struct m_snd_tag *mst;
293
294 mst = tls->snd_tag;
295 tls->snd_tag = NULL;
296 if (mst != NULL)
297 m_snd_tag_rele(mst);
298 }
299
300 void ktls_session_to_xktls_onedir(const struct ktls_session *ks,
301 bool export_keys, struct xktls_session_onedir *xktls_od);
302 void ktls_session_copy_keys(const struct ktls_session *ktls,
303 uint8_t *data, size_t *sz);
304
305 #endif /* !_KERNEL */
306 #endif /* !_SYS_KTLS_H_ */
307