xref: /freebsd/crypto/openssl/include/internal/ktls.h (revision 43a5ec4eb41567cc92586503212743d89686d78f)
1 /*
2  * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #if defined(OPENSSL_SYS_LINUX)
11 # ifndef OPENSSL_NO_KTLS
12 #  include <linux/version.h>
13 #  if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)
14 #   define OPENSSL_NO_KTLS
15 #   ifndef PEDANTIC
16 #    warning "KTLS requires Kernel Headers >= 4.13.0"
17 #    warning "Skipping Compilation of KTLS"
18 #   endif
19 #  endif
20 # endif
21 #endif
22 
23 #ifndef HEADER_INTERNAL_KTLS
24 # define HEADER_INTERNAL_KTLS
25 # ifndef OPENSSL_NO_KTLS
26 
27 #  if defined(__FreeBSD__)
28 #   include <sys/types.h>
29 #   include <sys/socket.h>
30 #   include <sys/ktls.h>
31 #   include <netinet/in.h>
32 #   include <netinet/tcp.h>
33 #   include "openssl/ssl3.h"
34 
35 #   ifndef TCP_RXTLS_ENABLE
36 #    define OPENSSL_NO_KTLS_RX
37 #   endif
38 #   define OPENSSL_KTLS_AES_GCM_128
39 #   define OPENSSL_KTLS_AES_GCM_256
40 #   define OPENSSL_KTLS_TLS13
41 #   ifdef TLS_CHACHA20_IV_LEN
42 #    ifndef OPENSSL_NO_CHACHA
43 #     define OPENSSL_KTLS_CHACHA20_POLY1305
44 #    endif
45 #   endif
46 
47 typedef struct tls_enable ktls_crypto_info_t;
48 
49 /*
50  * FreeBSD does not require any additional steps to enable KTLS before
51  * setting keys.
52  */
53 static ossl_inline int ktls_enable(int fd)
54 {
55     return 1;
56 }
57 
58 /*
59  * The TCP_TXTLS_ENABLE socket option marks the outgoing socket buffer
60  * as using TLS.  If successful, then data sent using this socket will
61  * be encrypted and encapsulated in TLS records using the tls_en
62  * provided here.
63  *
64  * The TCP_RXTLS_ENABLE socket option marks the incoming socket buffer
65  * as using TLS.  If successful, then data received for this socket will
66  * be authenticated and decrypted using the tls_en provided here.
67  */
68 static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *tls_en, int is_tx)
69 {
70     if (is_tx)
71         return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE,
72                           tls_en, sizeof(*tls_en)) ? 0 : 1;
73 #   ifndef OPENSSL_NO_KTLS_RX
74     return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en,
75                       sizeof(*tls_en)) ? 0 : 1;
76 #   else
77     return 0;
78 #   endif
79 }
80 
81 /*
82  * Send a TLS record using the tls_en provided in ktls_start and use
83  * record_type instead of the default SSL3_RT_APPLICATION_DATA.
84  * When the socket is non-blocking, then this call either returns EAGAIN or
85  * the entire record is pushed to TCP. It is impossible to send a partial
86  * record using this control message.
87  */
88 static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type,
89                                               const void *data, size_t length)
90 {
91     struct msghdr msg = { 0 };
92     int cmsg_len = sizeof(record_type);
93     struct cmsghdr *cmsg;
94     char buf[CMSG_SPACE(cmsg_len)];
95     struct iovec msg_iov;   /* Vector of data to send/receive into */
96 
97     msg.msg_control = buf;
98     msg.msg_controllen = sizeof(buf);
99     cmsg = CMSG_FIRSTHDR(&msg);
100     cmsg->cmsg_level = IPPROTO_TCP;
101     cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
102     cmsg->cmsg_len = CMSG_LEN(cmsg_len);
103     *((unsigned char *)CMSG_DATA(cmsg)) = record_type;
104     msg.msg_controllen = cmsg->cmsg_len;
105 
106     msg_iov.iov_base = (void *)data;
107     msg_iov.iov_len = length;
108     msg.msg_iov = &msg_iov;
109     msg.msg_iovlen = 1;
110 
111     return sendmsg(fd, &msg, 0);
112 }
113 
114 #   ifdef OPENSSL_NO_KTLS_RX
115 
116 static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
117 {
118     return -1;
119 }
120 
121 #   else /* !defined(OPENSSL_NO_KTLS_RX) */
122 
123 /*
124  * Receive a TLS record using the tls_en provided in ktls_start.  The
125  * kernel strips any explicit IV and authentication tag, but provides
126  * the TLS record header via a control message.  If there is an error
127  * with the TLS record such as an invalid header, invalid padding, or
128  * authentication failure recvmsg() will fail with an error.
129  */
130 static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
131 {
132     struct msghdr msg = { 0 };
133     int cmsg_len = sizeof(struct tls_get_record);
134     struct tls_get_record *tgr;
135     struct cmsghdr *cmsg;
136     char buf[CMSG_SPACE(cmsg_len)];
137     struct iovec msg_iov;   /* Vector of data to send/receive into */
138     int ret;
139     unsigned char *p = data;
140     const size_t prepend_length = SSL3_RT_HEADER_LENGTH;
141 
142     if (length <= prepend_length) {
143         errno = EINVAL;
144         return -1;
145     }
146 
147     msg.msg_control = buf;
148     msg.msg_controllen = sizeof(buf);
149 
150     msg_iov.iov_base = p + prepend_length;
151     msg_iov.iov_len = length - prepend_length;
152     msg.msg_iov = &msg_iov;
153     msg.msg_iovlen = 1;
154 
155     ret = recvmsg(fd, &msg, 0);
156     if (ret <= 0)
157         return ret;
158 
159     if ((msg.msg_flags & (MSG_EOR | MSG_CTRUNC)) != MSG_EOR) {
160         errno = EMSGSIZE;
161         return -1;
162     }
163 
164     if (msg.msg_controllen == 0) {
165         errno = EBADMSG;
166         return -1;
167     }
168 
169     cmsg = CMSG_FIRSTHDR(&msg);
170     if (cmsg->cmsg_level != IPPROTO_TCP || cmsg->cmsg_type != TLS_GET_RECORD
171         || cmsg->cmsg_len != CMSG_LEN(cmsg_len)) {
172         errno = EBADMSG;
173         return -1;
174     }
175 
176     tgr = (struct tls_get_record *)CMSG_DATA(cmsg);
177     p[0] = tgr->tls_type;
178     p[1] = tgr->tls_vmajor;
179     p[2] = tgr->tls_vminor;
180     *(uint16_t *)(p + 3) = htons(ret);
181 
182     return ret + prepend_length;
183 }
184 
185 #   endif /* OPENSSL_NO_KTLS_RX */
186 
187 /*
188  * KTLS enables the sendfile system call to send data from a file over
189  * TLS.
190  */
191 static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off,
192                                               size_t size, int flags)
193 {
194     off_t sbytes = 0;
195     int ret;
196 
197     ret = sendfile(fd, s, off, size, NULL, &sbytes, flags);
198     if (ret == -1 && sbytes == 0)
199         return -1;
200     return sbytes;
201 }
202 
203 #  endif                         /* __FreeBSD__ */
204 
205 #  if defined(OPENSSL_SYS_LINUX)
206 
207 #   include <linux/tls.h>
208 #   if LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0)
209 #    define OPENSSL_NO_KTLS_RX
210 #    ifndef PEDANTIC
211 #     warning "KTLS requires Kernel Headers >= 4.17.0 for receiving"
212 #     warning "Skipping Compilation of KTLS receive data path"
213 #    endif
214 #   endif
215 #   define OPENSSL_KTLS_AES_GCM_128
216 #   if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
217 #    define OPENSSL_KTLS_AES_GCM_256
218 #    define OPENSSL_KTLS_TLS13
219 #    if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0)
220 #     define OPENSSL_KTLS_AES_CCM_128
221 #     if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 11, 0)
222 #      ifndef OPENSSL_NO_CHACHA
223 #       define OPENSSL_KTLS_CHACHA20_POLY1305
224 #      endif
225 #     endif
226 #    endif
227 #   endif
228 
229 #   include <sys/sendfile.h>
230 #   include <netinet/tcp.h>
231 #   include <linux/socket.h>
232 #   include "openssl/ssl3.h"
233 #   include "openssl/tls1.h"
234 #   include "openssl/evp.h"
235 
236 #   ifndef SOL_TLS
237 #    define SOL_TLS 282
238 #   endif
239 
240 #   ifndef TCP_ULP
241 #    define TCP_ULP 31
242 #   endif
243 
244 #   ifndef TLS_RX
245 #    define TLS_RX                  2
246 #   endif
247 
248 struct tls_crypto_info_all {
249     union {
250 #   ifdef OPENSSL_KTLS_AES_GCM_128
251         struct tls12_crypto_info_aes_gcm_128 gcm128;
252 #   endif
253 #   ifdef OPENSSL_KTLS_AES_GCM_256
254         struct tls12_crypto_info_aes_gcm_256 gcm256;
255 #   endif
256 #   ifdef OPENSSL_KTLS_AES_CCM_128
257         struct tls12_crypto_info_aes_ccm_128 ccm128;
258 #   endif
259 #   ifdef OPENSSL_KTLS_CHACHA20_POLY1305
260         struct tls12_crypto_info_chacha20_poly1305 chacha20poly1305;
261 #   endif
262     };
263     size_t tls_crypto_info_len;
264 };
265 
266 typedef struct tls_crypto_info_all ktls_crypto_info_t;
267 
268 /*
269  * When successful, this socket option doesn't change the behaviour of the
270  * TCP socket, except changing the TCP setsockopt handler to enable the
271  * processing of SOL_TLS socket options. All other functionality remains the
272  * same.
273  */
274 static ossl_inline int ktls_enable(int fd)
275 {
276     return setsockopt(fd, SOL_TCP, TCP_ULP, "tls", sizeof("tls")) ? 0 : 1;
277 }
278 
279 /*
280  * The TLS_TX socket option changes the send/sendmsg handlers of the TCP socket.
281  * If successful, then data sent using this socket will be encrypted and
282  * encapsulated in TLS records using the crypto_info provided here.
283  * The TLS_RX socket option changes the recv/recvmsg handlers of the TCP socket.
284  * If successful, then data received using this socket will be decrypted,
285  * authenticated and decapsulated using the crypto_info provided here.
286  */
287 static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info,
288                                   int is_tx)
289 {
290     return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX,
291                       crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1;
292 }
293 
294 /*
295  * Send a TLS record using the crypto_info provided in ktls_start and use
296  * record_type instead of the default SSL3_RT_APPLICATION_DATA.
297  * When the socket is non-blocking, then this call either returns EAGAIN or
298  * the entire record is pushed to TCP. It is impossible to send a partial
299  * record using this control message.
300  */
301 static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type,
302                                               const void *data, size_t length)
303 {
304     struct msghdr msg;
305     int cmsg_len = sizeof(record_type);
306     struct cmsghdr *cmsg;
307     union {
308         struct cmsghdr hdr;
309         char buf[CMSG_SPACE(sizeof(unsigned char))];
310     } cmsgbuf;
311     struct iovec msg_iov;       /* Vector of data to send/receive into */
312 
313     memset(&msg, 0, sizeof(msg));
314     msg.msg_control = cmsgbuf.buf;
315     msg.msg_controllen = sizeof(cmsgbuf.buf);
316     cmsg = CMSG_FIRSTHDR(&msg);
317     cmsg->cmsg_level = SOL_TLS;
318     cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
319     cmsg->cmsg_len = CMSG_LEN(cmsg_len);
320     *((unsigned char *)CMSG_DATA(cmsg)) = record_type;
321     msg.msg_controllen = cmsg->cmsg_len;
322 
323     msg_iov.iov_base = (void *)data;
324     msg_iov.iov_len = length;
325     msg.msg_iov = &msg_iov;
326     msg.msg_iovlen = 1;
327 
328     return sendmsg(fd, &msg, 0);
329 }
330 
331 /*
332  * KTLS enables the sendfile system call to send data from a file over TLS.
333  * @flags are ignored on Linux. (placeholder for FreeBSD sendfile)
334  * */
335 static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, size_t size, int flags)
336 {
337     return sendfile(s, fd, &off, size);
338 }
339 
340 #   ifdef OPENSSL_NO_KTLS_RX
341 
342 
343 static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
344 {
345     return -1;
346 }
347 
348 #   else /* !defined(OPENSSL_NO_KTLS_RX) */
349 
350 /*
351  * Receive a TLS record using the crypto_info provided in ktls_start.
352  * The kernel strips the TLS record header, IV and authentication tag,
353  * returning only the plaintext data or an error on failure.
354  * We add the TLS record header here to satisfy routines in rec_layer_s3.c
355  */
356 static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
357 {
358     struct msghdr msg;
359     struct cmsghdr *cmsg;
360     union {
361         struct cmsghdr hdr;
362         char buf[CMSG_SPACE(sizeof(unsigned char))];
363     } cmsgbuf;
364     struct iovec msg_iov;
365     int ret;
366     unsigned char *p = data;
367     const size_t prepend_length = SSL3_RT_HEADER_LENGTH;
368 
369     if (length < prepend_length + EVP_GCM_TLS_TAG_LEN) {
370         errno = EINVAL;
371         return -1;
372     }
373 
374     memset(&msg, 0, sizeof(msg));
375     msg.msg_control = cmsgbuf.buf;
376     msg.msg_controllen = sizeof(cmsgbuf.buf);
377 
378     msg_iov.iov_base = p + prepend_length;
379     msg_iov.iov_len = length - prepend_length - EVP_GCM_TLS_TAG_LEN;
380     msg.msg_iov = &msg_iov;
381     msg.msg_iovlen = 1;
382 
383     ret = recvmsg(fd, &msg, 0);
384     if (ret < 0)
385         return ret;
386 
387     if (msg.msg_controllen > 0) {
388         cmsg = CMSG_FIRSTHDR(&msg);
389         if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
390             p[0] = *((unsigned char *)CMSG_DATA(cmsg));
391             p[1] = TLS1_2_VERSION_MAJOR;
392             p[2] = TLS1_2_VERSION_MINOR;
393             /* returned length is limited to msg_iov.iov_len above */
394             p[3] = (ret >> 8) & 0xff;
395             p[4] = ret & 0xff;
396             ret += prepend_length;
397         }
398     }
399 
400     return ret;
401 }
402 
403 #   endif /* OPENSSL_NO_KTLS_RX */
404 
405 #  endif /* OPENSSL_SYS_LINUX */
406 # endif /* OPENSSL_NO_KTLS */
407 #endif /* HEADER_INTERNAL_KTLS */
408