1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2017-2018 Chelsio Communications, Inc. 5 * All rights reserved. 6 * Written by: John Baldwin <jhb@FreeBSD.org> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30 #include "opt_inet.h" 31 #include "opt_kern_tls.h" 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <sys/param.h> 37 #include <sys/ktr.h> 38 #ifdef KERN_TLS 39 #include <sys/ktls.h> 40 #endif 41 #include <sys/sglist.h> 42 #include <sys/socket.h> 43 #include <sys/socketvar.h> 44 #include <sys/systm.h> 45 #include <netinet/in.h> 46 #include <netinet/in_pcb.h> 47 #include <netinet/tcp_var.h> 48 #include <netinet/toecore.h> 49 #ifdef KERN_TLS 50 #include <opencrypto/cryptodev.h> 51 #include <opencrypto/xform.h> 52 #endif 53 54 #ifdef TCP_OFFLOAD 55 #include "common/common.h" 56 #include "common/t4_tcb.h" 57 #include "crypto/t4_crypto.h" 58 #include "tom/t4_tom_l2t.h" 59 #include "tom/t4_tom.h" 60 61 /* 62 * The TCP sequence number of a CPL_TLS_DATA mbuf is saved here while 63 * the mbuf is in the ulp_pdu_reclaimq. 64 */ 65 #define tls_tcp_seq PH_loc.thirtytwo[0] 66 67 /* 68 * Handshake lock used for the handshake timer. Having a global lock 69 * is perhaps not ideal, but it avoids having to use callout_drain() 70 * in tls_uninit_toep() which can't block. Also, the timer shouldn't 71 * actually fire for most connections. 72 */ 73 static struct mtx tls_handshake_lock; 74 75 static void 76 t4_set_tls_tcb_field(struct toepcb *toep, uint16_t word, uint64_t mask, 77 uint64_t val) 78 { 79 struct adapter *sc = td_adapter(toep->td); 80 81 t4_set_tcb_field(sc, toep->ofld_txq, toep, word, mask, val, 0, 0); 82 } 83 84 /* TLS and DTLS common routines */ 85 bool 86 can_tls_offload(struct adapter *sc) 87 { 88 89 return (sc->tt.tls && sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS); 90 } 91 92 int 93 tls_tx_key(struct toepcb *toep) 94 { 95 struct tls_ofld_info *tls_ofld = &toep->tls; 96 97 return (tls_ofld->tx_key_addr >= 0); 98 } 99 100 int 101 tls_rx_key(struct toepcb *toep) 102 { 103 struct tls_ofld_info *tls_ofld = &toep->tls; 104 105 return (tls_ofld->rx_key_addr >= 0); 106 } 107 108 static int 109 key_size(struct toepcb *toep) 110 { 111 struct tls_ofld_info *tls_ofld = &toep->tls; 112 113 return ((tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) ? 114 tls_ofld->k_ctx.tx_key_info_size : KEY_IN_DDR_SIZE); 115 } 116 117 /* Set TLS Key-Id in TCB */ 118 static void 119 t4_set_tls_keyid(struct toepcb *toep, unsigned int key_id) 120 { 121 122 t4_set_tls_tcb_field(toep, W_TCB_RX_TLS_KEY_TAG, 123 V_TCB_RX_TLS_KEY_TAG(M_TCB_RX_TLS_BUF_TAG), 124 V_TCB_RX_TLS_KEY_TAG(key_id)); 125 } 126 127 /* Clear TF_RX_QUIESCE to re-enable receive. */ 128 static void 129 t4_clear_rx_quiesce(struct toepcb *toep) 130 { 131 132 t4_set_tls_tcb_field(toep, W_TCB_T_FLAGS, V_TF_RX_QUIESCE(1), 0); 133 } 134 135 static void 136 tls_clr_ofld_mode(struct toepcb *toep) 137 { 138 139 tls_stop_handshake_timer(toep); 140 141 /* Operate in PDU extraction mode only. */ 142 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, 143 V_TCB_ULP_RAW(M_TCB_ULP_RAW), 144 V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1))); 145 t4_clear_rx_quiesce(toep); 146 } 147 148 static void 149 tls_clr_quiesce(struct toepcb *toep) 150 { 151 152 tls_stop_handshake_timer(toep); 153 t4_clear_rx_quiesce(toep); 154 } 155 156 /* 157 * Calculate the TLS data expansion size 158 */ 159 static int 160 tls_expansion_size(struct toepcb *toep, int data_len, int full_pdus_only, 161 unsigned short *pdus_per_ulp) 162 { 163 struct tls_ofld_info *tls_ofld = &toep->tls; 164 struct tls_scmd *scmd = &tls_ofld->scmd0; 165 int expn_size = 0, frag_count = 0, pad_per_pdu = 0, 166 pad_last_pdu = 0, last_frag_size = 0, max_frag_size = 0; 167 int exp_per_pdu = 0; 168 int hdr_len = TLS_HEADER_LENGTH; 169 170 do { 171 max_frag_size = tls_ofld->k_ctx.frag_size; 172 if (G_SCMD_CIPH_MODE(scmd->seqno_numivs) == 173 SCMD_CIPH_MODE_AES_GCM) { 174 frag_count = (data_len / max_frag_size); 175 exp_per_pdu = GCM_TAG_SIZE + AEAD_EXPLICIT_DATA_SIZE + 176 hdr_len; 177 expn_size = frag_count * exp_per_pdu; 178 if (full_pdus_only) { 179 *pdus_per_ulp = data_len / (exp_per_pdu + 180 max_frag_size); 181 if (*pdus_per_ulp > 32) 182 *pdus_per_ulp = 32; 183 else if(!*pdus_per_ulp) 184 *pdus_per_ulp = 1; 185 expn_size = (*pdus_per_ulp) * exp_per_pdu; 186 break; 187 } 188 if ((last_frag_size = data_len % max_frag_size) > 0) { 189 frag_count += 1; 190 expn_size += exp_per_pdu; 191 } 192 break; 193 } else if (G_SCMD_CIPH_MODE(scmd->seqno_numivs) != 194 SCMD_CIPH_MODE_NOP) { 195 /* Calculate the number of fragments we can make */ 196 frag_count = (data_len / max_frag_size); 197 if (frag_count > 0) { 198 pad_per_pdu = (((howmany((max_frag_size + 199 tls_ofld->mac_length), 200 CIPHER_BLOCK_SIZE)) * 201 CIPHER_BLOCK_SIZE) - 202 (max_frag_size + 203 tls_ofld->mac_length)); 204 if (!pad_per_pdu) 205 pad_per_pdu = CIPHER_BLOCK_SIZE; 206 exp_per_pdu = pad_per_pdu + 207 tls_ofld->mac_length + 208 hdr_len + CIPHER_BLOCK_SIZE; 209 expn_size = frag_count * exp_per_pdu; 210 } 211 if (full_pdus_only) { 212 *pdus_per_ulp = data_len / (exp_per_pdu + 213 max_frag_size); 214 if (*pdus_per_ulp > 32) 215 *pdus_per_ulp = 32; 216 else if (!*pdus_per_ulp) 217 *pdus_per_ulp = 1; 218 expn_size = (*pdus_per_ulp) * exp_per_pdu; 219 break; 220 } 221 /* Consider the last fragment */ 222 if ((last_frag_size = data_len % max_frag_size) > 0) { 223 pad_last_pdu = (((howmany((last_frag_size + 224 tls_ofld->mac_length), 225 CIPHER_BLOCK_SIZE)) * 226 CIPHER_BLOCK_SIZE) - 227 (last_frag_size + 228 tls_ofld->mac_length)); 229 if (!pad_last_pdu) 230 pad_last_pdu = CIPHER_BLOCK_SIZE; 231 expn_size += (pad_last_pdu + 232 tls_ofld->mac_length + hdr_len + 233 CIPHER_BLOCK_SIZE); 234 } 235 } 236 } while (0); 237 238 return (expn_size); 239 } 240 241 /* Copy Key to WR */ 242 static void 243 tls_copy_tx_key(struct toepcb *toep, void *dst) 244 { 245 struct tls_ofld_info *tls_ofld = &toep->tls; 246 struct ulptx_sc_memrd *sc_memrd; 247 struct ulptx_idata *sc; 248 249 if (tls_ofld->k_ctx.tx_key_info_size <= 0) 250 return; 251 252 if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_DDR) { 253 sc = dst; 254 sc->cmd_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_NOOP)); 255 sc->len = htobe32(0); 256 sc_memrd = (struct ulptx_sc_memrd *)(sc + 1); 257 sc_memrd->cmd_to_len = htobe32(V_ULPTX_CMD(ULP_TX_SC_MEMRD) | 258 V_ULP_TX_SC_MORE(1) | 259 V_ULPTX_LEN16(tls_ofld->k_ctx.tx_key_info_size >> 4)); 260 sc_memrd->addr = htobe32(tls_ofld->tx_key_addr >> 5); 261 } else if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) { 262 memcpy(dst, &tls_ofld->k_ctx.tx, 263 tls_ofld->k_ctx.tx_key_info_size); 264 } 265 } 266 267 /* TLS/DTLS content type for CPL SFO */ 268 static inline unsigned char 269 tls_content_type(unsigned char content_type) 270 { 271 /* 272 * XXX: Shouldn't this map CONTENT_TYPE_APP_DATA to DATA and 273 * default to "CUSTOM" for all other types including 274 * heartbeat? 275 */ 276 switch (content_type) { 277 case CONTENT_TYPE_CCS: 278 return CPL_TX_TLS_SFO_TYPE_CCS; 279 case CONTENT_TYPE_ALERT: 280 return CPL_TX_TLS_SFO_TYPE_ALERT; 281 case CONTENT_TYPE_HANDSHAKE: 282 return CPL_TX_TLS_SFO_TYPE_HANDSHAKE; 283 case CONTENT_TYPE_HEARTBEAT: 284 return CPL_TX_TLS_SFO_TYPE_HEARTBEAT; 285 } 286 return CPL_TX_TLS_SFO_TYPE_DATA; 287 } 288 289 static unsigned char 290 get_cipher_key_size(unsigned int ck_size) 291 { 292 switch (ck_size) { 293 case AES_NOP: /* NOP */ 294 return 15; 295 case AES_128: /* AES128 */ 296 return CH_CK_SIZE_128; 297 case AES_192: /* AES192 */ 298 return CH_CK_SIZE_192; 299 case AES_256: /* AES256 */ 300 return CH_CK_SIZE_256; 301 default: 302 return CH_CK_SIZE_256; 303 } 304 } 305 306 static unsigned char 307 get_mac_key_size(unsigned int mk_size) 308 { 309 switch (mk_size) { 310 case SHA_NOP: /* NOP */ 311 return CH_MK_SIZE_128; 312 case SHA_GHASH: /* GHASH */ 313 case SHA_512: /* SHA512 */ 314 return CH_MK_SIZE_512; 315 case SHA_224: /* SHA2-224 */ 316 return CH_MK_SIZE_192; 317 case SHA_256: /* SHA2-256*/ 318 return CH_MK_SIZE_256; 319 case SHA_384: /* SHA384 */ 320 return CH_MK_SIZE_512; 321 case SHA1: /* SHA1 */ 322 default: 323 return CH_MK_SIZE_160; 324 } 325 } 326 327 static unsigned int 328 get_proto_ver(int proto_ver) 329 { 330 switch (proto_ver) { 331 case TLS1_2_VERSION: 332 return TLS_1_2_VERSION; 333 case TLS1_1_VERSION: 334 return TLS_1_1_VERSION; 335 case DTLS1_2_VERSION: 336 return DTLS_1_2_VERSION; 337 default: 338 return TLS_VERSION_MAX; 339 } 340 } 341 342 static void 343 tls_rxkey_flit1(struct tls_keyctx *kwr, struct tls_key_context *kctx) 344 { 345 346 if (kctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) { 347 kwr->u.rxhdr.ivinsert_to_authinsrt = 348 htobe64(V_TLS_KEYCTX_TX_WR_IVINSERT(6ULL) | 349 V_TLS_KEYCTX_TX_WR_AADSTRTOFST(1ULL) | 350 V_TLS_KEYCTX_TX_WR_AADSTOPOFST(5ULL) | 351 V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(14ULL) | 352 V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(16ULL) | 353 V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(14ULL) | 354 V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(0ULL) | 355 V_TLS_KEYCTX_TX_WR_AUTHINSRT(16ULL)); 356 kwr->u.rxhdr.ivpresent_to_rxmk_size &= 357 ~(V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1)); 358 kwr->u.rxhdr.authmode_to_rxvalid &= 359 ~(V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1)); 360 } else { 361 kwr->u.rxhdr.ivinsert_to_authinsrt = 362 htobe64(V_TLS_KEYCTX_TX_WR_IVINSERT(6ULL) | 363 V_TLS_KEYCTX_TX_WR_AADSTRTOFST(1ULL) | 364 V_TLS_KEYCTX_TX_WR_AADSTOPOFST(5ULL) | 365 V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(22ULL) | 366 V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(0ULL) | 367 V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(22ULL) | 368 V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(0ULL) | 369 V_TLS_KEYCTX_TX_WR_AUTHINSRT(0ULL)); 370 } 371 } 372 373 /* Rx key */ 374 static void 375 prepare_rxkey_wr(struct tls_keyctx *kwr, struct tls_key_context *kctx) 376 { 377 unsigned int ck_size = kctx->cipher_secret_size; 378 unsigned int mk_size = kctx->mac_secret_size; 379 int proto_ver = kctx->proto_ver; 380 381 kwr->u.rxhdr.flitcnt_hmacctrl = 382 ((kctx->rx_key_info_size >> 4) << 3) | kctx->hmac_ctrl; 383 384 kwr->u.rxhdr.protover_ciphmode = 385 V_TLS_KEYCTX_TX_WR_PROTOVER(get_proto_ver(proto_ver)) | 386 V_TLS_KEYCTX_TX_WR_CIPHMODE(kctx->state.enc_mode); 387 388 kwr->u.rxhdr.authmode_to_rxvalid = 389 V_TLS_KEYCTX_TX_WR_AUTHMODE(kctx->state.auth_mode) | 390 V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1) | 391 V_TLS_KEYCTX_TX_WR_SEQNUMCTRL(3) | 392 V_TLS_KEYCTX_TX_WR_RXVALID(1); 393 394 kwr->u.rxhdr.ivpresent_to_rxmk_size = 395 V_TLS_KEYCTX_TX_WR_IVPRESENT(0) | 396 V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1) | 397 V_TLS_KEYCTX_TX_WR_RXCK_SIZE(get_cipher_key_size(ck_size)) | 398 V_TLS_KEYCTX_TX_WR_RXMK_SIZE(get_mac_key_size(mk_size)); 399 400 tls_rxkey_flit1(kwr, kctx); 401 402 /* No key reversal for GCM */ 403 if (kctx->state.enc_mode != CH_EVP_CIPH_GCM_MODE) { 404 t4_aes_getdeckey(kwr->keys.edkey, kctx->rx.key, 405 (kctx->cipher_secret_size << 3)); 406 memcpy(kwr->keys.edkey + kctx->cipher_secret_size, 407 kctx->rx.key + kctx->cipher_secret_size, 408 (IPAD_SIZE + OPAD_SIZE)); 409 } else { 410 memcpy(kwr->keys.edkey, kctx->rx.key, 411 (kctx->rx_key_info_size - SALT_SIZE)); 412 memcpy(kwr->u.rxhdr.rxsalt, kctx->rx.salt, SALT_SIZE); 413 } 414 } 415 416 /* Tx key */ 417 static void 418 prepare_txkey_wr(struct tls_keyctx *kwr, struct tls_key_context *kctx) 419 { 420 unsigned int ck_size = kctx->cipher_secret_size; 421 unsigned int mk_size = kctx->mac_secret_size; 422 423 kwr->u.txhdr.ctxlen = 424 (kctx->tx_key_info_size >> 4); 425 kwr->u.txhdr.dualck_to_txvalid = 426 V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1) | 427 V_TLS_KEYCTX_TX_WR_SALT_PRESENT(1) | 428 V_TLS_KEYCTX_TX_WR_TXCK_SIZE(get_cipher_key_size(ck_size)) | 429 V_TLS_KEYCTX_TX_WR_TXMK_SIZE(get_mac_key_size(mk_size)) | 430 V_TLS_KEYCTX_TX_WR_TXVALID(1); 431 432 memcpy(kwr->keys.edkey, kctx->tx.key, HDR_KCTX_SIZE); 433 if (kctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) { 434 memcpy(kwr->u.txhdr.txsalt, kctx->tx.salt, SALT_SIZE); 435 kwr->u.txhdr.dualck_to_txvalid &= 436 ~(V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1)); 437 } 438 kwr->u.txhdr.dualck_to_txvalid = htons(kwr->u.txhdr.dualck_to_txvalid); 439 } 440 441 /* TLS Key memory management */ 442 static int 443 get_new_keyid(struct toepcb *toep) 444 { 445 struct adapter *sc = td_adapter(toep->td); 446 vmem_addr_t addr; 447 448 if (vmem_alloc(sc->key_map, TLS_KEY_CONTEXT_SZ, M_NOWAIT | M_FIRSTFIT, 449 &addr) != 0) 450 return (-1); 451 452 return (addr); 453 } 454 455 static void 456 free_keyid(struct toepcb *toep, int keyid) 457 { 458 struct adapter *sc = td_adapter(toep->td); 459 460 vmem_free(sc->key_map, keyid, TLS_KEY_CONTEXT_SZ); 461 } 462 463 static void 464 clear_tls_keyid(struct toepcb *toep) 465 { 466 struct tls_ofld_info *tls_ofld = &toep->tls; 467 468 if (tls_ofld->rx_key_addr >= 0) { 469 free_keyid(toep, tls_ofld->rx_key_addr); 470 tls_ofld->rx_key_addr = -1; 471 } 472 if (tls_ofld->tx_key_addr >= 0) { 473 free_keyid(toep, tls_ofld->tx_key_addr); 474 tls_ofld->tx_key_addr = -1; 475 } 476 } 477 478 static int 479 get_keyid(struct tls_ofld_info *tls_ofld, unsigned int ops) 480 { 481 return (ops & KEY_WRITE_RX ? tls_ofld->rx_key_addr : 482 ((ops & KEY_WRITE_TX) ? tls_ofld->tx_key_addr : -1)); 483 } 484 485 static int 486 get_tp_plen_max(struct tls_ofld_info *tls_ofld) 487 { 488 int plen = ((min(3*4096, TP_TX_PG_SZ))/1448) * 1448; 489 490 return (tls_ofld->k_ctx.frag_size <= 8192 ? plen : FC_TP_PLEN_MAX); 491 } 492 493 /* Send request to get the key-id */ 494 static int 495 tls_program_key_id(struct toepcb *toep, struct tls_key_context *k_ctx) 496 { 497 struct tls_ofld_info *tls_ofld = &toep->tls; 498 struct adapter *sc = td_adapter(toep->td); 499 struct ofld_tx_sdesc *txsd; 500 int kwrlen, kctxlen, keyid, len; 501 struct wrqe *wr; 502 struct tls_key_req *kwr; 503 struct tls_keyctx *kctx; 504 505 kwrlen = sizeof(*kwr); 506 kctxlen = roundup2(sizeof(*kctx), 32); 507 len = roundup2(kwrlen + kctxlen, 16); 508 509 if (toep->txsd_avail == 0) 510 return (EAGAIN); 511 512 /* Dont initialize key for re-neg */ 513 if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) { 514 if ((keyid = get_new_keyid(toep)) < 0) { 515 return (ENOSPC); 516 } 517 } else { 518 keyid = get_keyid(tls_ofld, k_ctx->l_p_key); 519 } 520 521 wr = alloc_wrqe(len, toep->ofld_txq); 522 if (wr == NULL) { 523 free_keyid(toep, keyid); 524 return (ENOMEM); 525 } 526 kwr = wrtod(wr); 527 memset(kwr, 0, kwrlen); 528 529 kwr->wr_hi = htobe32(V_FW_WR_OP(FW_ULPTX_WR) | F_FW_WR_COMPL | 530 F_FW_WR_ATOMIC); 531 kwr->wr_mid = htobe32(V_FW_WR_LEN16(DIV_ROUND_UP(len, 16)) | 532 V_FW_WR_FLOWID(toep->tid)); 533 kwr->protocol = get_proto_ver(k_ctx->proto_ver); 534 kwr->mfs = htons(k_ctx->frag_size); 535 kwr->reneg_to_write_rx = k_ctx->l_p_key; 536 537 /* master command */ 538 kwr->cmd = htobe32(V_ULPTX_CMD(ULP_TX_MEM_WRITE) | 539 V_T5_ULP_MEMIO_ORDER(1) | V_T5_ULP_MEMIO_IMM(1)); 540 kwr->dlen = htobe32(V_ULP_MEMIO_DATA_LEN(kctxlen >> 5)); 541 kwr->len16 = htobe32((toep->tid << 8) | 542 DIV_ROUND_UP(len - sizeof(struct work_request_hdr), 16)); 543 kwr->kaddr = htobe32(V_ULP_MEMIO_ADDR(keyid >> 5)); 544 545 /* sub command */ 546 kwr->sc_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_IMM)); 547 kwr->sc_len = htobe32(kctxlen); 548 549 kctx = (struct tls_keyctx *)(kwr + 1); 550 memset(kctx, 0, kctxlen); 551 552 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_TX) { 553 tls_ofld->tx_key_addr = keyid; 554 prepare_txkey_wr(kctx, k_ctx); 555 } else if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 556 tls_ofld->rx_key_addr = keyid; 557 prepare_rxkey_wr(kctx, k_ctx); 558 } 559 560 txsd = &toep->txsd[toep->txsd_pidx]; 561 txsd->tx_credits = DIV_ROUND_UP(len, 16); 562 txsd->plen = 0; 563 toep->tx_credits -= txsd->tx_credits; 564 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) 565 toep->txsd_pidx = 0; 566 toep->txsd_avail--; 567 568 t4_wrq_tx(sc, wr); 569 570 return (0); 571 } 572 573 /* Store a key received from SSL in DDR. */ 574 static int 575 program_key_context(struct tcpcb *tp, struct toepcb *toep, 576 struct tls_key_context *uk_ctx) 577 { 578 struct adapter *sc = td_adapter(toep->td); 579 struct tls_ofld_info *tls_ofld = &toep->tls; 580 struct tls_key_context *k_ctx; 581 int error, key_offset; 582 583 if (tp->t_state != TCPS_ESTABLISHED) { 584 /* 585 * XXX: Matches Linux driver, but not sure this is a 586 * very appropriate error. 587 */ 588 return (ENOENT); 589 } 590 591 /* Stop timer on handshake completion */ 592 tls_stop_handshake_timer(toep); 593 594 toep->flags &= ~TPF_FORCE_CREDITS; 595 596 CTR4(KTR_CXGBE, "%s: tid %d %s proto_ver %#x", __func__, toep->tid, 597 G_KEY_GET_LOC(uk_ctx->l_p_key) == KEY_WRITE_RX ? "KEY_WRITE_RX" : 598 "KEY_WRITE_TX", uk_ctx->proto_ver); 599 600 if (G_KEY_GET_LOC(uk_ctx->l_p_key) == KEY_WRITE_RX && 601 ulp_mode(toep) != ULP_MODE_TLS) 602 return (EOPNOTSUPP); 603 604 /* Don't copy the 'tx' and 'rx' fields. */ 605 k_ctx = &tls_ofld->k_ctx; 606 memcpy(&k_ctx->l_p_key, &uk_ctx->l_p_key, 607 sizeof(*k_ctx) - offsetof(struct tls_key_context, l_p_key)); 608 609 /* TLS version != 1.1 and !1.2 OR DTLS != 1.2 */ 610 if (get_proto_ver(k_ctx->proto_ver) > DTLS_1_2_VERSION) { 611 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 612 tls_ofld->rx_key_addr = -1; 613 t4_clear_rx_quiesce(toep); 614 } else { 615 tls_ofld->tx_key_addr = -1; 616 } 617 return (0); 618 } 619 620 if (k_ctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) { 621 k_ctx->iv_size = 4; 622 k_ctx->mac_first = 0; 623 k_ctx->hmac_ctrl = 0; 624 } else { 625 k_ctx->iv_size = 8; /* for CBC, iv is 16B, unit of 2B */ 626 k_ctx->mac_first = 1; 627 } 628 629 tls_ofld->scmd0.seqno_numivs = 630 (V_SCMD_SEQ_NO_CTRL(3) | 631 V_SCMD_PROTO_VERSION(get_proto_ver(k_ctx->proto_ver)) | 632 V_SCMD_ENC_DEC_CTRL(SCMD_ENCDECCTRL_ENCRYPT) | 633 V_SCMD_CIPH_AUTH_SEQ_CTRL((k_ctx->mac_first == 0)) | 634 V_SCMD_CIPH_MODE(k_ctx->state.enc_mode) | 635 V_SCMD_AUTH_MODE(k_ctx->state.auth_mode) | 636 V_SCMD_HMAC_CTRL(k_ctx->hmac_ctrl) | 637 V_SCMD_IV_SIZE(k_ctx->iv_size)); 638 639 tls_ofld->scmd0.ivgen_hdrlen = 640 (V_SCMD_IV_GEN_CTRL(k_ctx->iv_ctrl) | 641 V_SCMD_KEY_CTX_INLINE(0) | 642 V_SCMD_TLS_FRAG_ENABLE(1)); 643 644 tls_ofld->mac_length = k_ctx->mac_secret_size; 645 646 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 647 k_ctx->rx = uk_ctx->rx; 648 /* Dont initialize key for re-neg */ 649 if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) 650 tls_ofld->rx_key_addr = -1; 651 } else { 652 k_ctx->tx = uk_ctx->tx; 653 /* Dont initialize key for re-neg */ 654 if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) 655 tls_ofld->tx_key_addr = -1; 656 } 657 658 /* Flush pending data before new Tx key becomes active */ 659 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_TX) { 660 struct sockbuf *sb; 661 662 /* XXX: This might not drain everything. */ 663 t4_push_frames(sc, toep, 0); 664 sb = &toep->inp->inp_socket->so_snd; 665 SOCKBUF_LOCK(sb); 666 667 /* XXX: This asserts that everything has been pushed. */ 668 MPASS(sb->sb_sndptr == NULL || sb->sb_sndptr->m_next == NULL); 669 sb->sb_sndptr = NULL; 670 tls_ofld->sb_off = sbavail(sb); 671 SOCKBUF_UNLOCK(sb); 672 tls_ofld->tx_seq_no = 0; 673 } 674 675 if ((G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) || 676 (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_DDR)) { 677 678 /* 679 * XXX: The userland library sets tx_key_info_size, not 680 * rx_key_info_size. 681 */ 682 k_ctx->rx_key_info_size = k_ctx->tx_key_info_size; 683 684 error = tls_program_key_id(toep, k_ctx); 685 if (error) { 686 /* XXX: Only clear quiesce for KEY_WRITE_RX? */ 687 t4_clear_rx_quiesce(toep); 688 return (error); 689 } 690 } 691 692 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 693 /* 694 * RX key tags are an index into the key portion of MA 695 * memory stored as an offset from the base address in 696 * units of 64 bytes. 697 */ 698 key_offset = tls_ofld->rx_key_addr - sc->vres.key.start; 699 t4_set_tls_keyid(toep, key_offset / 64); 700 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, 701 V_TCB_ULP_RAW(M_TCB_ULP_RAW), 702 V_TCB_ULP_RAW((V_TF_TLS_KEY_SIZE(3) | 703 V_TF_TLS_CONTROL(1) | 704 V_TF_TLS_ACTIVE(1) | 705 V_TF_TLS_ENABLE(1)))); 706 t4_set_tls_tcb_field(toep, W_TCB_TLS_SEQ, 707 V_TCB_TLS_SEQ(M_TCB_TLS_SEQ), 708 V_TCB_TLS_SEQ(0)); 709 t4_clear_rx_quiesce(toep); 710 711 toep->flags |= TPF_TLS_RECEIVE; 712 } else { 713 unsigned short pdus_per_ulp; 714 715 if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) 716 tls_ofld->tx_key_addr = 1; 717 718 tls_ofld->fcplenmax = get_tp_plen_max(tls_ofld); 719 tls_ofld->expn_per_ulp = tls_expansion_size(toep, 720 tls_ofld->fcplenmax, 1, &pdus_per_ulp); 721 tls_ofld->pdus_per_ulp = pdus_per_ulp; 722 tls_ofld->adjusted_plen = tls_ofld->pdus_per_ulp * 723 ((tls_ofld->expn_per_ulp/tls_ofld->pdus_per_ulp) + 724 tls_ofld->k_ctx.frag_size); 725 } 726 727 return (0); 728 } 729 730 /* 731 * In some cases a client connection can hang without sending the 732 * ServerHelloDone message from the NIC to the host. Send a dummy 733 * RX_DATA_ACK with RX_MODULATE to unstick the connection. 734 */ 735 static void 736 tls_send_handshake_ack(void *arg) 737 { 738 struct toepcb *toep = arg; 739 struct tls_ofld_info *tls_ofld = &toep->tls; 740 struct adapter *sc = td_adapter(toep->td); 741 742 /* 743 * XXX: Does not have the t4_get_tcb() checks to refine the 744 * workaround. 745 */ 746 callout_schedule(&tls_ofld->handshake_timer, TLS_SRV_HELLO_RD_TM * hz); 747 748 CTR2(KTR_CXGBE, "%s: tid %d sending RX_DATA_ACK", __func__, toep->tid); 749 send_rx_modulate(sc, toep); 750 } 751 752 static void 753 tls_start_handshake_timer(struct toepcb *toep) 754 { 755 struct tls_ofld_info *tls_ofld = &toep->tls; 756 757 mtx_lock(&tls_handshake_lock); 758 callout_reset(&tls_ofld->handshake_timer, TLS_SRV_HELLO_BKOFF_TM * hz, 759 tls_send_handshake_ack, toep); 760 mtx_unlock(&tls_handshake_lock); 761 } 762 763 void 764 tls_stop_handshake_timer(struct toepcb *toep) 765 { 766 struct tls_ofld_info *tls_ofld = &toep->tls; 767 768 mtx_lock(&tls_handshake_lock); 769 callout_stop(&tls_ofld->handshake_timer); 770 mtx_unlock(&tls_handshake_lock); 771 } 772 773 int 774 t4_ctloutput_tls(struct socket *so, struct sockopt *sopt) 775 { 776 struct tls_key_context uk_ctx; 777 struct inpcb *inp; 778 struct tcpcb *tp; 779 struct toepcb *toep; 780 int error, optval; 781 782 error = 0; 783 if (sopt->sopt_dir == SOPT_SET && 784 sopt->sopt_name == TCP_TLSOM_SET_TLS_CONTEXT) { 785 error = sooptcopyin(sopt, &uk_ctx, sizeof(uk_ctx), 786 sizeof(uk_ctx)); 787 if (error) 788 return (error); 789 } 790 791 inp = sotoinpcb(so); 792 KASSERT(inp != NULL, ("tcp_ctloutput: inp == NULL")); 793 INP_WLOCK(inp); 794 if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { 795 INP_WUNLOCK(inp); 796 return (ECONNRESET); 797 } 798 tp = intotcpcb(inp); 799 toep = tp->t_toe; 800 switch (sopt->sopt_dir) { 801 case SOPT_SET: 802 switch (sopt->sopt_name) { 803 case TCP_TLSOM_SET_TLS_CONTEXT: 804 if (toep->tls.mode == TLS_MODE_KTLS) 805 error = EINVAL; 806 else { 807 error = program_key_context(tp, toep, &uk_ctx); 808 if (error == 0) 809 toep->tls.mode = TLS_MODE_TLSOM; 810 } 811 INP_WUNLOCK(inp); 812 break; 813 case TCP_TLSOM_CLR_TLS_TOM: 814 if (toep->tls.mode == TLS_MODE_KTLS) 815 error = EINVAL; 816 else if (ulp_mode(toep) == ULP_MODE_TLS) { 817 CTR2(KTR_CXGBE, "%s: tid %d CLR_TLS_TOM", 818 __func__, toep->tid); 819 tls_clr_ofld_mode(toep); 820 } else 821 error = EOPNOTSUPP; 822 INP_WUNLOCK(inp); 823 break; 824 case TCP_TLSOM_CLR_QUIES: 825 if (toep->tls.mode == TLS_MODE_KTLS) 826 error = EINVAL; 827 else if (ulp_mode(toep) == ULP_MODE_TLS) { 828 CTR2(KTR_CXGBE, "%s: tid %d CLR_QUIES", 829 __func__, toep->tid); 830 tls_clr_quiesce(toep); 831 } else 832 error = EOPNOTSUPP; 833 INP_WUNLOCK(inp); 834 break; 835 default: 836 INP_WUNLOCK(inp); 837 error = EOPNOTSUPP; 838 break; 839 } 840 break; 841 case SOPT_GET: 842 switch (sopt->sopt_name) { 843 case TCP_TLSOM_GET_TLS_TOM: 844 /* 845 * TLS TX is permitted on any TOE socket, but 846 * TLS RX requires a TLS ULP mode. 847 */ 848 optval = TLS_TOM_NONE; 849 if (can_tls_offload(td_adapter(toep->td)) && 850 toep->tls.mode != TLS_MODE_KTLS) { 851 switch (ulp_mode(toep)) { 852 case ULP_MODE_NONE: 853 case ULP_MODE_TCPDDP: 854 optval = TLS_TOM_TXONLY; 855 break; 856 case ULP_MODE_TLS: 857 optval = TLS_TOM_BOTH; 858 break; 859 } 860 } 861 CTR3(KTR_CXGBE, "%s: tid %d GET_TLS_TOM = %d", 862 __func__, toep->tid, optval); 863 INP_WUNLOCK(inp); 864 error = sooptcopyout(sopt, &optval, sizeof(optval)); 865 break; 866 default: 867 INP_WUNLOCK(inp); 868 error = EOPNOTSUPP; 869 break; 870 } 871 break; 872 } 873 return (error); 874 } 875 876 #ifdef KERN_TLS 877 static void 878 init_ktls_key_context(struct ktls_session *tls, struct tls_key_context *k_ctx, 879 int direction) 880 { 881 struct auth_hash *axf; 882 u_int key_info_size, mac_key_size; 883 char *hash, *key; 884 885 k_ctx->l_p_key = V_KEY_GET_LOC(direction == KTLS_TX ? KEY_WRITE_TX : 886 KEY_WRITE_RX); 887 k_ctx->proto_ver = tls->params.tls_vmajor << 8 | tls->params.tls_vminor; 888 k_ctx->cipher_secret_size = tls->params.cipher_key_len; 889 key_info_size = sizeof(struct tx_keyctx_hdr) + 890 k_ctx->cipher_secret_size; 891 if (direction == KTLS_TX) 892 key = k_ctx->tx.key; 893 else 894 key = k_ctx->rx.key; 895 memcpy(key, tls->params.cipher_key, tls->params.cipher_key_len); 896 hash = key + tls->params.cipher_key_len; 897 if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) { 898 k_ctx->state.auth_mode = SCMD_AUTH_MODE_GHASH; 899 k_ctx->state.enc_mode = SCMD_CIPH_MODE_AES_GCM; 900 k_ctx->iv_size = 4; 901 k_ctx->mac_first = 0; 902 k_ctx->hmac_ctrl = SCMD_HMAC_CTRL_NOP; 903 key_info_size += GMAC_BLOCK_LEN; 904 k_ctx->mac_secret_size = 0; 905 if (direction == KTLS_TX) 906 memcpy(k_ctx->tx.salt, tls->params.iv, SALT_SIZE); 907 else 908 memcpy(k_ctx->rx.salt, tls->params.iv, SALT_SIZE); 909 t4_init_gmac_hash(tls->params.cipher_key, 910 tls->params.cipher_key_len, hash); 911 } else { 912 switch (tls->params.auth_algorithm) { 913 case CRYPTO_SHA1_HMAC: 914 axf = &auth_hash_hmac_sha1; 915 mac_key_size = SHA1_HASH_LEN; 916 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA1; 917 break; 918 case CRYPTO_SHA2_256_HMAC: 919 axf = &auth_hash_hmac_sha2_256; 920 mac_key_size = SHA2_256_HASH_LEN; 921 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA256; 922 break; 923 case CRYPTO_SHA2_384_HMAC: 924 axf = &auth_hash_hmac_sha2_384; 925 mac_key_size = SHA2_512_HASH_LEN; 926 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA512_384; 927 break; 928 default: 929 panic("bad auth mode"); 930 } 931 k_ctx->state.enc_mode = SCMD_CIPH_MODE_AES_CBC; 932 k_ctx->iv_size = 8; /* for CBC, iv is 16B, unit of 2B */ 933 k_ctx->mac_first = 1; 934 k_ctx->hmac_ctrl = SCMD_HMAC_CTRL_NO_TRUNC; 935 key_info_size += roundup2(mac_key_size, 16) * 2; 936 k_ctx->mac_secret_size = mac_key_size; 937 t4_init_hmac_digest(axf, mac_key_size, tls->params.auth_key, 938 tls->params.auth_key_len, hash); 939 } 940 941 if (direction == KTLS_TX) 942 k_ctx->tx_key_info_size = key_info_size; 943 else 944 k_ctx->rx_key_info_size = key_info_size; 945 k_ctx->frag_size = tls->params.max_frame_len; 946 k_ctx->iv_ctrl = 1; 947 } 948 949 int 950 tls_alloc_ktls(struct toepcb *toep, struct ktls_session *tls, int direction) 951 { 952 struct adapter *sc = td_adapter(toep->td); 953 struct tls_key_context *k_ctx; 954 int error, key_offset; 955 956 if (toep->tls.mode == TLS_MODE_TLSOM) 957 return (EINVAL); 958 if (!can_tls_offload(td_adapter(toep->td))) 959 return (EINVAL); 960 switch (ulp_mode(toep)) { 961 case ULP_MODE_TLS: 962 break; 963 case ULP_MODE_NONE: 964 case ULP_MODE_TCPDDP: 965 if (direction != KTLS_TX) 966 return (EINVAL); 967 break; 968 default: 969 return (EINVAL); 970 } 971 972 switch (tls->params.cipher_algorithm) { 973 case CRYPTO_AES_CBC: 974 /* XXX: Explicitly ignore any provided IV. */ 975 switch (tls->params.cipher_key_len) { 976 case 128 / 8: 977 case 192 / 8: 978 case 256 / 8: 979 break; 980 default: 981 return (EINVAL); 982 } 983 switch (tls->params.auth_algorithm) { 984 case CRYPTO_SHA1_HMAC: 985 case CRYPTO_SHA2_256_HMAC: 986 case CRYPTO_SHA2_384_HMAC: 987 break; 988 default: 989 return (EPROTONOSUPPORT); 990 } 991 break; 992 case CRYPTO_AES_NIST_GCM_16: 993 if (tls->params.iv_len != SALT_SIZE) 994 return (EINVAL); 995 switch (tls->params.cipher_key_len) { 996 case 128 / 8: 997 case 192 / 8: 998 case 256 / 8: 999 break; 1000 default: 1001 return (EINVAL); 1002 } 1003 break; 1004 default: 1005 return (EPROTONOSUPPORT); 1006 } 1007 1008 /* Only TLS 1.1 and TLS 1.2 are currently supported. */ 1009 if (tls->params.tls_vmajor != TLS_MAJOR_VER_ONE || 1010 tls->params.tls_vminor < TLS_MINOR_VER_ONE || 1011 tls->params.tls_vminor > TLS_MINOR_VER_TWO) 1012 return (EPROTONOSUPPORT); 1013 1014 /* Bail if we already have a key. */ 1015 if (direction == KTLS_TX) { 1016 if (toep->tls.tx_key_addr != -1) 1017 return (EOPNOTSUPP); 1018 } else { 1019 if (toep->tls.rx_key_addr != -1) 1020 return (EOPNOTSUPP); 1021 } 1022 1023 /* 1024 * XXX: This assumes no key renegotation. If KTLS ever supports 1025 * that we will want to allocate TLS sessions dynamically rather 1026 * than as a static member of toep. 1027 */ 1028 k_ctx = &toep->tls.k_ctx; 1029 init_ktls_key_context(tls, k_ctx, direction); 1030 1031 error = tls_program_key_id(toep, k_ctx); 1032 if (error) 1033 return (error); 1034 1035 if (direction == KTLS_TX) { 1036 toep->tls.scmd0.seqno_numivs = 1037 (V_SCMD_SEQ_NO_CTRL(3) | 1038 V_SCMD_PROTO_VERSION(get_proto_ver(k_ctx->proto_ver)) | 1039 V_SCMD_ENC_DEC_CTRL(SCMD_ENCDECCTRL_ENCRYPT) | 1040 V_SCMD_CIPH_AUTH_SEQ_CTRL((k_ctx->mac_first == 0)) | 1041 V_SCMD_CIPH_MODE(k_ctx->state.enc_mode) | 1042 V_SCMD_AUTH_MODE(k_ctx->state.auth_mode) | 1043 V_SCMD_HMAC_CTRL(k_ctx->hmac_ctrl) | 1044 V_SCMD_IV_SIZE(k_ctx->iv_size)); 1045 1046 toep->tls.scmd0.ivgen_hdrlen = 1047 (V_SCMD_IV_GEN_CTRL(k_ctx->iv_ctrl) | 1048 V_SCMD_KEY_CTX_INLINE(0) | 1049 V_SCMD_TLS_FRAG_ENABLE(1)); 1050 1051 if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) 1052 toep->tls.iv_len = 8; 1053 else 1054 toep->tls.iv_len = AES_BLOCK_LEN; 1055 1056 toep->tls.mac_length = k_ctx->mac_secret_size; 1057 1058 toep->tls.fcplenmax = get_tp_plen_max(&toep->tls); 1059 toep->tls.expn_per_ulp = tls->params.tls_hlen + 1060 tls->params.tls_tlen; 1061 toep->tls.pdus_per_ulp = 1; 1062 toep->tls.adjusted_plen = toep->tls.expn_per_ulp + 1063 toep->tls.k_ctx.frag_size; 1064 } else { 1065 /* Stop timer on handshake completion */ 1066 tls_stop_handshake_timer(toep); 1067 1068 toep->flags &= ~TPF_FORCE_CREDITS; 1069 toep->flags |= TPF_TLS_RECEIVE; 1070 1071 /* 1072 * RX key tags are an index into the key portion of MA 1073 * memory stored as an offset from the base address in 1074 * units of 64 bytes. 1075 */ 1076 key_offset = toep->tls.rx_key_addr - sc->vres.key.start; 1077 t4_set_tls_keyid(toep, key_offset / 64); 1078 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, 1079 V_TCB_ULP_RAW(M_TCB_ULP_RAW), 1080 V_TCB_ULP_RAW((V_TF_TLS_KEY_SIZE(3) | 1081 V_TF_TLS_CONTROL(1) | 1082 V_TF_TLS_ACTIVE(1) | 1083 V_TF_TLS_ENABLE(1)))); 1084 t4_set_tls_tcb_field(toep, W_TCB_TLS_SEQ, 1085 V_TCB_TLS_SEQ(M_TCB_TLS_SEQ), 1086 V_TCB_TLS_SEQ(0)); 1087 t4_clear_rx_quiesce(toep); 1088 } 1089 1090 toep->tls.mode = TLS_MODE_KTLS; 1091 1092 return (0); 1093 } 1094 #endif 1095 1096 void 1097 tls_init_toep(struct toepcb *toep) 1098 { 1099 struct tls_ofld_info *tls_ofld = &toep->tls; 1100 1101 tls_ofld->mode = TLS_MODE_OFF; 1102 tls_ofld->key_location = TLS_SFO_WR_CONTEXTLOC_DDR; 1103 tls_ofld->rx_key_addr = -1; 1104 tls_ofld->tx_key_addr = -1; 1105 if (ulp_mode(toep) == ULP_MODE_TLS) 1106 callout_init_mtx(&tls_ofld->handshake_timer, 1107 &tls_handshake_lock, 0); 1108 } 1109 1110 void 1111 tls_establish(struct toepcb *toep) 1112 { 1113 1114 /* 1115 * Enable PDU extraction. 1116 * 1117 * XXX: Supposedly this should be done by the firmware when 1118 * the ULP_MODE FLOWC parameter is set in send_flowc_wr(), but 1119 * in practice this seems to be required. 1120 */ 1121 CTR2(KTR_CXGBE, "%s: tid %d setting TLS_ENABLE", __func__, toep->tid); 1122 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, V_TCB_ULP_RAW(M_TCB_ULP_RAW), 1123 V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1))); 1124 1125 toep->flags |= TPF_FORCE_CREDITS; 1126 1127 tls_start_handshake_timer(toep); 1128 } 1129 1130 void 1131 tls_uninit_toep(struct toepcb *toep) 1132 { 1133 1134 if (ulp_mode(toep) == ULP_MODE_TLS) 1135 tls_stop_handshake_timer(toep); 1136 clear_tls_keyid(toep); 1137 } 1138 1139 #define MAX_OFLD_TX_CREDITS (SGE_MAX_WR_LEN / 16) 1140 #define MIN_OFLD_TLSTX_CREDITS(toep) \ 1141 (howmany(sizeof(struct fw_tlstx_data_wr) + \ 1142 sizeof(struct cpl_tx_tls_sfo) + key_size((toep)) + \ 1143 CIPHER_BLOCK_SIZE + 1, 16)) 1144 1145 static inline u_int 1146 max_imm_tls_space(int tx_credits) 1147 { 1148 const int n = 2; /* Use only up to 2 desc for imm. data WR */ 1149 int space; 1150 1151 KASSERT(tx_credits >= 0 && 1152 tx_credits <= MAX_OFLD_TX_CREDITS, 1153 ("%s: %d credits", __func__, tx_credits)); 1154 1155 if (tx_credits >= (n * EQ_ESIZE) / 16) 1156 space = (n * EQ_ESIZE); 1157 else 1158 space = tx_credits * 16; 1159 return (space); 1160 } 1161 1162 static int 1163 count_mbuf_segs(struct mbuf *m, int skip, int len, int *max_nsegs_1mbufp) 1164 { 1165 int max_nsegs_1mbuf, n, nsegs; 1166 1167 while (skip >= m->m_len) { 1168 skip -= m->m_len; 1169 m = m->m_next; 1170 } 1171 1172 nsegs = 0; 1173 max_nsegs_1mbuf = 0; 1174 while (len > 0) { 1175 n = sglist_count(mtod(m, char *) + skip, m->m_len - skip); 1176 if (n > max_nsegs_1mbuf) 1177 max_nsegs_1mbuf = n; 1178 nsegs += n; 1179 len -= m->m_len - skip; 1180 skip = 0; 1181 m = m->m_next; 1182 } 1183 *max_nsegs_1mbufp = max_nsegs_1mbuf; 1184 return (nsegs); 1185 } 1186 1187 static void 1188 write_tlstx_wr(struct fw_tlstx_data_wr *txwr, struct toepcb *toep, 1189 unsigned int immdlen, unsigned int plen, unsigned int expn, 1190 unsigned int pdus, uint8_t credits, int shove, int imm_ivs) 1191 { 1192 struct tls_ofld_info *tls_ofld = &toep->tls; 1193 unsigned int len = plen + expn; 1194 1195 txwr->op_to_immdlen = htobe32(V_WR_OP(FW_TLSTX_DATA_WR) | 1196 V_FW_TLSTX_DATA_WR_COMPL(1) | 1197 V_FW_TLSTX_DATA_WR_IMMDLEN(immdlen)); 1198 txwr->flowid_len16 = htobe32(V_FW_TLSTX_DATA_WR_FLOWID(toep->tid) | 1199 V_FW_TLSTX_DATA_WR_LEN16(credits)); 1200 txwr->plen = htobe32(len); 1201 txwr->lsodisable_to_flags = htobe32(V_TX_ULP_MODE(ULP_MODE_TLS) | 1202 V_TX_URG(0) | /* F_T6_TX_FORCE | */ V_TX_SHOVE(shove)); 1203 txwr->ctxloc_to_exp = htobe32(V_FW_TLSTX_DATA_WR_NUMIVS(pdus) | 1204 V_FW_TLSTX_DATA_WR_EXP(expn) | 1205 V_FW_TLSTX_DATA_WR_CTXLOC(tls_ofld->key_location) | 1206 V_FW_TLSTX_DATA_WR_IVDSGL(!imm_ivs) | 1207 V_FW_TLSTX_DATA_WR_KEYSIZE(tls_ofld->k_ctx.tx_key_info_size >> 4)); 1208 txwr->mfs = htobe16(tls_ofld->k_ctx.frag_size); 1209 txwr->adjustedplen_pkd = htobe16( 1210 V_FW_TLSTX_DATA_WR_ADJUSTEDPLEN(tls_ofld->adjusted_plen)); 1211 txwr->expinplenmax_pkd = htobe16( 1212 V_FW_TLSTX_DATA_WR_EXPINPLENMAX(tls_ofld->expn_per_ulp)); 1213 txwr->pdusinplenmax_pkd = 1214 V_FW_TLSTX_DATA_WR_PDUSINPLENMAX(tls_ofld->pdus_per_ulp); 1215 } 1216 1217 static void 1218 write_tlstx_cpl(struct cpl_tx_tls_sfo *cpl, struct toepcb *toep, 1219 struct tls_hdr *tls_hdr, unsigned int plen, unsigned int pdus) 1220 { 1221 struct tls_ofld_info *tls_ofld = &toep->tls; 1222 int data_type, seglen; 1223 1224 if (plen < tls_ofld->k_ctx.frag_size) 1225 seglen = plen; 1226 else 1227 seglen = tls_ofld->k_ctx.frag_size; 1228 data_type = tls_content_type(tls_hdr->type); 1229 cpl->op_to_seg_len = htobe32(V_CPL_TX_TLS_SFO_OPCODE(CPL_TX_TLS_SFO) | 1230 V_CPL_TX_TLS_SFO_DATA_TYPE(data_type) | 1231 V_CPL_TX_TLS_SFO_CPL_LEN(2) | V_CPL_TX_TLS_SFO_SEG_LEN(seglen)); 1232 cpl->pld_len = htobe32(plen); 1233 if (data_type == CPL_TX_TLS_SFO_TYPE_HEARTBEAT) 1234 cpl->type_protover = htobe32( 1235 V_CPL_TX_TLS_SFO_TYPE(tls_hdr->type)); 1236 cpl->seqno_numivs = htobe32(tls_ofld->scmd0.seqno_numivs | 1237 V_SCMD_NUM_IVS(pdus)); 1238 cpl->ivgen_hdrlen = htobe32(tls_ofld->scmd0.ivgen_hdrlen); 1239 cpl->scmd1 = htobe64(tls_ofld->tx_seq_no); 1240 tls_ofld->tx_seq_no += pdus; 1241 } 1242 1243 /* 1244 * Similar to write_tx_sgl() except that it accepts an optional 1245 * trailer buffer for IVs. 1246 */ 1247 static void 1248 write_tlstx_sgl(void *dst, struct mbuf *start, int skip, int plen, 1249 void *iv_buffer, int iv_len, int nsegs, int n) 1250 { 1251 struct mbuf *m; 1252 struct ulptx_sgl *usgl = dst; 1253 int i, j, rc; 1254 struct sglist sg; 1255 struct sglist_seg segs[n]; 1256 1257 KASSERT(nsegs > 0, ("%s: nsegs 0", __func__)); 1258 1259 sglist_init(&sg, n, segs); 1260 usgl->cmd_nsge = htobe32(V_ULPTX_CMD(ULP_TX_SC_DSGL) | 1261 V_ULPTX_NSGE(nsegs)); 1262 1263 for (m = start; skip >= m->m_len; m = m->m_next) 1264 skip -= m->m_len; 1265 1266 i = -1; 1267 for (m = start; plen > 0; m = m->m_next) { 1268 rc = sglist_append(&sg, mtod(m, char *) + skip, 1269 m->m_len - skip); 1270 if (__predict_false(rc != 0)) 1271 panic("%s: sglist_append %d", __func__, rc); 1272 plen -= m->m_len - skip; 1273 skip = 0; 1274 1275 for (j = 0; j < sg.sg_nseg; i++, j++) { 1276 if (i < 0) { 1277 usgl->len0 = htobe32(segs[j].ss_len); 1278 usgl->addr0 = htobe64(segs[j].ss_paddr); 1279 } else { 1280 usgl->sge[i / 2].len[i & 1] = 1281 htobe32(segs[j].ss_len); 1282 usgl->sge[i / 2].addr[i & 1] = 1283 htobe64(segs[j].ss_paddr); 1284 } 1285 #ifdef INVARIANTS 1286 nsegs--; 1287 #endif 1288 } 1289 sglist_reset(&sg); 1290 } 1291 if (iv_buffer != NULL) { 1292 rc = sglist_append(&sg, iv_buffer, iv_len); 1293 if (__predict_false(rc != 0)) 1294 panic("%s: sglist_append %d", __func__, rc); 1295 1296 for (j = 0; j < sg.sg_nseg; i++, j++) { 1297 if (i < 0) { 1298 usgl->len0 = htobe32(segs[j].ss_len); 1299 usgl->addr0 = htobe64(segs[j].ss_paddr); 1300 } else { 1301 usgl->sge[i / 2].len[i & 1] = 1302 htobe32(segs[j].ss_len); 1303 usgl->sge[i / 2].addr[i & 1] = 1304 htobe64(segs[j].ss_paddr); 1305 } 1306 #ifdef INVARIANTS 1307 nsegs--; 1308 #endif 1309 } 1310 } 1311 if (i & 1) 1312 usgl->sge[i / 2].len[1] = htobe32(0); 1313 KASSERT(nsegs == 0, ("%s: nsegs %d, start %p, iv_buffer %p", 1314 __func__, nsegs, start, iv_buffer)); 1315 } 1316 1317 /* 1318 * Similar to t4_push_frames() but handles TLS sockets when TLS offload 1319 * is enabled. Rather than transmitting bulk data, the socket buffer 1320 * contains TLS records. The work request requires a full TLS record, 1321 * so batch mbufs up until a full TLS record is seen. This requires 1322 * reading the TLS header out of the start of each record to determine 1323 * its length. 1324 */ 1325 void 1326 t4_push_tls_records(struct adapter *sc, struct toepcb *toep, int drop) 1327 { 1328 struct tls_hdr thdr; 1329 struct mbuf *sndptr; 1330 struct fw_tlstx_data_wr *txwr; 1331 struct cpl_tx_tls_sfo *cpl; 1332 struct wrqe *wr; 1333 u_int plen, nsegs, credits, space, max_nsegs_1mbuf, wr_len; 1334 u_int expn_size, iv_len, pdus, sndptroff; 1335 struct tls_ofld_info *tls_ofld = &toep->tls; 1336 struct inpcb *inp = toep->inp; 1337 struct tcpcb *tp = intotcpcb(inp); 1338 struct socket *so = inp->inp_socket; 1339 struct sockbuf *sb = &so->so_snd; 1340 int tls_size, tx_credits, shove, /* compl,*/ sowwakeup; 1341 struct ofld_tx_sdesc *txsd; 1342 bool imm_ivs, imm_payload; 1343 void *iv_buffer, *iv_dst, *buf; 1344 1345 INP_WLOCK_ASSERT(inp); 1346 KASSERT(toep->flags & TPF_FLOWC_WR_SENT, 1347 ("%s: flowc_wr not sent for tid %u.", __func__, toep->tid)); 1348 1349 KASSERT(ulp_mode(toep) == ULP_MODE_NONE || 1350 ulp_mode(toep) == ULP_MODE_TCPDDP || ulp_mode(toep) == ULP_MODE_TLS, 1351 ("%s: ulp_mode %u for toep %p", __func__, ulp_mode(toep), toep)); 1352 KASSERT(tls_tx_key(toep), 1353 ("%s: TX key not set for toep %p", __func__, toep)); 1354 1355 #ifdef VERBOSE_TRACES 1356 CTR4(KTR_CXGBE, "%s: tid %d toep flags %#x tp flags %#x drop %d", 1357 __func__, toep->tid, toep->flags, tp->t_flags); 1358 #endif 1359 if (__predict_false(toep->flags & TPF_ABORT_SHUTDOWN)) 1360 return; 1361 1362 #ifdef RATELIMIT 1363 if (__predict_false(inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) && 1364 (update_tx_rate_limit(sc, toep, so->so_max_pacing_rate) == 0)) { 1365 inp->inp_flags2 &= ~INP_RATE_LIMIT_CHANGED; 1366 } 1367 #endif 1368 1369 /* 1370 * This function doesn't resume by itself. Someone else must clear the 1371 * flag and call this function. 1372 */ 1373 if (__predict_false(toep->flags & TPF_TX_SUSPENDED)) { 1374 KASSERT(drop == 0, 1375 ("%s: drop (%d) != 0 but tx is suspended", __func__, drop)); 1376 return; 1377 } 1378 1379 txsd = &toep->txsd[toep->txsd_pidx]; 1380 for (;;) { 1381 tx_credits = min(toep->tx_credits, MAX_OFLD_TX_CREDITS); 1382 space = max_imm_tls_space(tx_credits); 1383 wr_len = sizeof(struct fw_tlstx_data_wr) + 1384 sizeof(struct cpl_tx_tls_sfo) + key_size(toep); 1385 if (wr_len + CIPHER_BLOCK_SIZE + 1 > space) { 1386 #ifdef VERBOSE_TRACES 1387 CTR5(KTR_CXGBE, 1388 "%s: tid %d tx_credits %d min_wr %d space %d", 1389 __func__, toep->tid, tx_credits, wr_len + 1390 CIPHER_BLOCK_SIZE + 1, space); 1391 #endif 1392 return; 1393 } 1394 1395 SOCKBUF_LOCK(sb); 1396 sowwakeup = drop; 1397 if (drop) { 1398 sbdrop_locked(sb, drop); 1399 MPASS(tls_ofld->sb_off >= drop); 1400 tls_ofld->sb_off -= drop; 1401 drop = 0; 1402 } 1403 1404 /* 1405 * Send a FIN if requested, but only if there's no 1406 * more data to send. 1407 */ 1408 if (sbavail(sb) == tls_ofld->sb_off && 1409 toep->flags & TPF_SEND_FIN) { 1410 if (sowwakeup) 1411 sowwakeup_locked(so); 1412 else 1413 SOCKBUF_UNLOCK(sb); 1414 SOCKBUF_UNLOCK_ASSERT(sb); 1415 t4_close_conn(sc, toep); 1416 return; 1417 } 1418 1419 if (sbavail(sb) < tls_ofld->sb_off + TLS_HEADER_LENGTH) { 1420 /* 1421 * A full TLS header is not yet queued, stop 1422 * for now until more data is added to the 1423 * socket buffer. However, if the connection 1424 * has been closed, we will never get the rest 1425 * of the header so just discard the partial 1426 * header and close the connection. 1427 */ 1428 #ifdef VERBOSE_TRACES 1429 CTR5(KTR_CXGBE, "%s: tid %d sbavail %d sb_off %d%s", 1430 __func__, toep->tid, sbavail(sb), tls_ofld->sb_off, 1431 toep->flags & TPF_SEND_FIN ? "" : " SEND_FIN"); 1432 #endif 1433 if (sowwakeup) 1434 sowwakeup_locked(so); 1435 else 1436 SOCKBUF_UNLOCK(sb); 1437 SOCKBUF_UNLOCK_ASSERT(sb); 1438 if (toep->flags & TPF_SEND_FIN) 1439 t4_close_conn(sc, toep); 1440 return; 1441 } 1442 1443 /* Read the header of the next TLS record. */ 1444 sndptr = sbsndmbuf(sb, tls_ofld->sb_off, &sndptroff); 1445 m_copydata(sndptr, sndptroff, sizeof(thdr), (caddr_t)&thdr); 1446 tls_size = htons(thdr.length); 1447 plen = TLS_HEADER_LENGTH + tls_size; 1448 pdus = howmany(tls_size, tls_ofld->k_ctx.frag_size); 1449 iv_len = pdus * CIPHER_BLOCK_SIZE; 1450 1451 if (sbavail(sb) < tls_ofld->sb_off + plen) { 1452 /* 1453 * The full TLS record is not yet queued, stop 1454 * for now until more data is added to the 1455 * socket buffer. However, if the connection 1456 * has been closed, we will never get the rest 1457 * of the record so just discard the partial 1458 * record and close the connection. 1459 */ 1460 #ifdef VERBOSE_TRACES 1461 CTR6(KTR_CXGBE, 1462 "%s: tid %d sbavail %d sb_off %d plen %d%s", 1463 __func__, toep->tid, sbavail(sb), tls_ofld->sb_off, 1464 plen, toep->flags & TPF_SEND_FIN ? "" : 1465 " SEND_FIN"); 1466 #endif 1467 if (sowwakeup) 1468 sowwakeup_locked(so); 1469 else 1470 SOCKBUF_UNLOCK(sb); 1471 SOCKBUF_UNLOCK_ASSERT(sb); 1472 if (toep->flags & TPF_SEND_FIN) 1473 t4_close_conn(sc, toep); 1474 return; 1475 } 1476 1477 /* Shove if there is no additional data pending. */ 1478 shove = (sbavail(sb) == tls_ofld->sb_off + plen) && 1479 !(tp->t_flags & TF_MORETOCOME); 1480 1481 if (sb->sb_flags & SB_AUTOSIZE && 1482 V_tcp_do_autosndbuf && 1483 sb->sb_hiwat < V_tcp_autosndbuf_max && 1484 sbused(sb) >= sb->sb_hiwat * 7 / 8) { 1485 int newsize = min(sb->sb_hiwat + V_tcp_autosndbuf_inc, 1486 V_tcp_autosndbuf_max); 1487 1488 if (!sbreserve_locked(sb, newsize, so, NULL)) 1489 sb->sb_flags &= ~SB_AUTOSIZE; 1490 else 1491 sowwakeup = 1; /* room available */ 1492 } 1493 if (sowwakeup) 1494 sowwakeup_locked(so); 1495 else 1496 SOCKBUF_UNLOCK(sb); 1497 SOCKBUF_UNLOCK_ASSERT(sb); 1498 1499 if (__predict_false(toep->flags & TPF_FIN_SENT)) 1500 panic("%s: excess tx.", __func__); 1501 1502 /* Determine whether to use immediate vs SGL. */ 1503 imm_payload = false; 1504 imm_ivs = false; 1505 if (wr_len + iv_len <= space) { 1506 imm_ivs = true; 1507 wr_len += iv_len; 1508 if (wr_len + tls_size <= space) { 1509 wr_len += tls_size; 1510 imm_payload = true; 1511 } 1512 } 1513 1514 /* Allocate space for IVs if needed. */ 1515 if (!imm_ivs) { 1516 iv_buffer = malloc(iv_len, M_CXGBE, M_NOWAIT); 1517 if (iv_buffer == NULL) { 1518 /* 1519 * XXX: How to restart this? 1520 */ 1521 if (sowwakeup) 1522 sowwakeup_locked(so); 1523 else 1524 SOCKBUF_UNLOCK(sb); 1525 SOCKBUF_UNLOCK_ASSERT(sb); 1526 CTR3(KTR_CXGBE, 1527 "%s: tid %d failed to alloc IV space len %d", 1528 __func__, toep->tid, iv_len); 1529 return; 1530 } 1531 } else 1532 iv_buffer = NULL; 1533 1534 /* Determine size of SGL. */ 1535 nsegs = 0; 1536 max_nsegs_1mbuf = 0; /* max # of SGL segments in any one mbuf */ 1537 if (!imm_payload) { 1538 nsegs = count_mbuf_segs(sndptr, sndptroff + 1539 TLS_HEADER_LENGTH, tls_size, &max_nsegs_1mbuf); 1540 if (!imm_ivs) { 1541 int n = sglist_count(iv_buffer, iv_len); 1542 nsegs += n; 1543 if (n > max_nsegs_1mbuf) 1544 max_nsegs_1mbuf = n; 1545 } 1546 1547 /* Account for SGL in work request length. */ 1548 wr_len += sizeof(struct ulptx_sgl) + 1549 ((3 * (nsegs - 1)) / 2 + ((nsegs - 1) & 1)) * 8; 1550 } 1551 1552 wr = alloc_wrqe(roundup2(wr_len, 16), toep->ofld_txq); 1553 if (wr == NULL) { 1554 /* XXX: how will we recover from this? */ 1555 toep->flags |= TPF_TX_SUSPENDED; 1556 return; 1557 } 1558 1559 #ifdef VERBOSE_TRACES 1560 CTR5(KTR_CXGBE, "%s: tid %d TLS record %d len %#x pdus %d", 1561 __func__, toep->tid, thdr.type, tls_size, pdus); 1562 #endif 1563 txwr = wrtod(wr); 1564 cpl = (struct cpl_tx_tls_sfo *)(txwr + 1); 1565 memset(txwr, 0, roundup2(wr_len, 16)); 1566 credits = howmany(wr_len, 16); 1567 expn_size = tls_expansion_size(toep, tls_size, 0, NULL); 1568 write_tlstx_wr(txwr, toep, imm_payload ? tls_size : 0, 1569 tls_size, expn_size, pdus, credits, shove, imm_ivs ? 1 : 0); 1570 write_tlstx_cpl(cpl, toep, &thdr, tls_size, pdus); 1571 tls_copy_tx_key(toep, cpl + 1); 1572 1573 /* Generate random IVs */ 1574 buf = (char *)(cpl + 1) + key_size(toep); 1575 if (imm_ivs) { 1576 MPASS(iv_buffer == NULL); 1577 iv_dst = buf; 1578 buf = (char *)iv_dst + iv_len; 1579 } else 1580 iv_dst = iv_buffer; 1581 arc4rand(iv_dst, iv_len, 0); 1582 1583 if (imm_payload) { 1584 m_copydata(sndptr, sndptroff + TLS_HEADER_LENGTH, 1585 tls_size, buf); 1586 } else { 1587 write_tlstx_sgl(buf, sndptr, 1588 sndptroff + TLS_HEADER_LENGTH, tls_size, iv_buffer, 1589 iv_len, nsegs, max_nsegs_1mbuf); 1590 } 1591 1592 KASSERT(toep->tx_credits >= credits, 1593 ("%s: not enough credits", __func__)); 1594 1595 toep->tx_credits -= credits; 1596 1597 tp->snd_nxt += plen; 1598 tp->snd_max += plen; 1599 1600 SOCKBUF_LOCK(sb); 1601 sbsndptr_adv(sb, sb->sb_sndptr, plen); 1602 tls_ofld->sb_off += plen; 1603 SOCKBUF_UNLOCK(sb); 1604 1605 toep->flags |= TPF_TX_DATA_SENT; 1606 if (toep->tx_credits < MIN_OFLD_TLSTX_CREDITS(toep)) 1607 toep->flags |= TPF_TX_SUSPENDED; 1608 1609 KASSERT(toep->txsd_avail > 0, ("%s: no txsd", __func__)); 1610 txsd->plen = plen; 1611 txsd->tx_credits = credits; 1612 txsd->iv_buffer = iv_buffer; 1613 txsd++; 1614 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) { 1615 toep->txsd_pidx = 0; 1616 txsd = &toep->txsd[0]; 1617 } 1618 toep->txsd_avail--; 1619 1620 atomic_add_long(&toep->vi->pi->tx_toe_tls_records, 1); 1621 atomic_add_long(&toep->vi->pi->tx_toe_tls_octets, plen); 1622 1623 t4_l2t_send(sc, wr, toep->l2te); 1624 } 1625 } 1626 1627 #ifdef KERN_TLS 1628 static int 1629 count_ext_pgs_segs(struct mbuf *m) 1630 { 1631 vm_paddr_t nextpa; 1632 u_int i, nsegs; 1633 1634 MPASS(m->m_epg_npgs > 0); 1635 nsegs = 1; 1636 nextpa = m->m_epg_pa[0] + PAGE_SIZE; 1637 for (i = 1; i < m->m_epg_npgs; i++) { 1638 if (nextpa != m->m_epg_pa[i]) 1639 nsegs++; 1640 nextpa = m->m_epg_pa[i] + PAGE_SIZE; 1641 } 1642 return (nsegs); 1643 } 1644 1645 static void 1646 write_ktlstx_sgl(void *dst, struct mbuf *m, int nsegs) 1647 { 1648 struct ulptx_sgl *usgl = dst; 1649 vm_paddr_t pa; 1650 uint32_t len; 1651 int i, j; 1652 1653 KASSERT(nsegs > 0, ("%s: nsegs 0", __func__)); 1654 1655 usgl->cmd_nsge = htobe32(V_ULPTX_CMD(ULP_TX_SC_DSGL) | 1656 V_ULPTX_NSGE(nsegs)); 1657 1658 /* Figure out the first S/G length. */ 1659 pa = m->m_epg_pa[0] + m->m_epg_1st_off; 1660 usgl->addr0 = htobe64(pa); 1661 len = m_epg_pagelen(m, 0, m->m_epg_1st_off); 1662 pa += len; 1663 for (i = 1; i < m->m_epg_npgs; i++) { 1664 if (m->m_epg_pa[i] != pa) 1665 break; 1666 len += m_epg_pagelen(m, i, 0); 1667 pa += m_epg_pagelen(m, i, 0); 1668 } 1669 usgl->len0 = htobe32(len); 1670 #ifdef INVARIANTS 1671 nsegs--; 1672 #endif 1673 1674 j = -1; 1675 for (; i < m->m_epg_npgs; i++) { 1676 if (j == -1 || m->m_epg_pa[i] != pa) { 1677 if (j >= 0) 1678 usgl->sge[j / 2].len[j & 1] = htobe32(len); 1679 j++; 1680 #ifdef INVARIANTS 1681 nsegs--; 1682 #endif 1683 pa = m->m_epg_pa[i]; 1684 usgl->sge[j / 2].addr[j & 1] = htobe64(pa); 1685 len = m_epg_pagelen(m, i, 0); 1686 pa += len; 1687 } else { 1688 len += m_epg_pagelen(m, i, 0); 1689 pa += m_epg_pagelen(m, i, 0); 1690 } 1691 } 1692 if (j >= 0) { 1693 usgl->sge[j / 2].len[j & 1] = htobe32(len); 1694 1695 if ((j & 1) == 0) 1696 usgl->sge[j / 2].len[1] = htobe32(0); 1697 } 1698 KASSERT(nsegs == 0, ("%s: nsegs %d, m %p", __func__, nsegs, m)); 1699 } 1700 1701 /* 1702 * Similar to t4_push_frames() but handles sockets that contain TLS 1703 * record mbufs. Unlike TLSOM, each mbuf is a complete TLS record and 1704 * corresponds to a single work request. 1705 */ 1706 void 1707 t4_push_ktls(struct adapter *sc, struct toepcb *toep, int drop) 1708 { 1709 struct tls_hdr *thdr; 1710 struct fw_tlstx_data_wr *txwr; 1711 struct cpl_tx_tls_sfo *cpl; 1712 struct wrqe *wr; 1713 struct mbuf *m; 1714 u_int nsegs, credits, wr_len; 1715 u_int expn_size; 1716 struct inpcb *inp = toep->inp; 1717 struct tcpcb *tp = intotcpcb(inp); 1718 struct socket *so = inp->inp_socket; 1719 struct sockbuf *sb = &so->so_snd; 1720 int tls_size, tx_credits, shove, sowwakeup; 1721 struct ofld_tx_sdesc *txsd; 1722 char *buf; 1723 1724 INP_WLOCK_ASSERT(inp); 1725 KASSERT(toep->flags & TPF_FLOWC_WR_SENT, 1726 ("%s: flowc_wr not sent for tid %u.", __func__, toep->tid)); 1727 1728 KASSERT(ulp_mode(toep) == ULP_MODE_NONE || 1729 ulp_mode(toep) == ULP_MODE_TCPDDP || ulp_mode(toep) == ULP_MODE_TLS, 1730 ("%s: ulp_mode %u for toep %p", __func__, ulp_mode(toep), toep)); 1731 KASSERT(tls_tx_key(toep), 1732 ("%s: TX key not set for toep %p", __func__, toep)); 1733 1734 #ifdef VERBOSE_TRACES 1735 CTR4(KTR_CXGBE, "%s: tid %d toep flags %#x tp flags %#x drop %d", 1736 __func__, toep->tid, toep->flags, tp->t_flags); 1737 #endif 1738 if (__predict_false(toep->flags & TPF_ABORT_SHUTDOWN)) 1739 return; 1740 1741 #ifdef RATELIMIT 1742 if (__predict_false(inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) && 1743 (update_tx_rate_limit(sc, toep, so->so_max_pacing_rate) == 0)) { 1744 inp->inp_flags2 &= ~INP_RATE_LIMIT_CHANGED; 1745 } 1746 #endif 1747 1748 /* 1749 * This function doesn't resume by itself. Someone else must clear the 1750 * flag and call this function. 1751 */ 1752 if (__predict_false(toep->flags & TPF_TX_SUSPENDED)) { 1753 KASSERT(drop == 0, 1754 ("%s: drop (%d) != 0 but tx is suspended", __func__, drop)); 1755 return; 1756 } 1757 1758 txsd = &toep->txsd[toep->txsd_pidx]; 1759 for (;;) { 1760 tx_credits = min(toep->tx_credits, MAX_OFLD_TX_CREDITS); 1761 1762 SOCKBUF_LOCK(sb); 1763 sowwakeup = drop; 1764 if (drop) { 1765 sbdrop_locked(sb, drop); 1766 drop = 0; 1767 } 1768 1769 m = sb->sb_sndptr != NULL ? sb->sb_sndptr->m_next : sb->sb_mb; 1770 1771 /* 1772 * Send a FIN if requested, but only if there's no 1773 * more data to send. 1774 */ 1775 if (m == NULL && toep->flags & TPF_SEND_FIN) { 1776 if (sowwakeup) 1777 sowwakeup_locked(so); 1778 else 1779 SOCKBUF_UNLOCK(sb); 1780 SOCKBUF_UNLOCK_ASSERT(sb); 1781 t4_close_conn(sc, toep); 1782 return; 1783 } 1784 1785 /* 1786 * If there is no ready data to send, wait until more 1787 * data arrives. 1788 */ 1789 if (m == NULL || (m->m_flags & M_NOTAVAIL) != 0) { 1790 if (sowwakeup) 1791 sowwakeup_locked(so); 1792 else 1793 SOCKBUF_UNLOCK(sb); 1794 SOCKBUF_UNLOCK_ASSERT(sb); 1795 #ifdef VERBOSE_TRACES 1796 CTR2(KTR_CXGBE, "%s: tid %d no ready data to send", 1797 __func__, toep->tid); 1798 #endif 1799 return; 1800 } 1801 1802 KASSERT(m->m_flags & M_EXTPG, ("%s: mbuf %p is not NOMAP", 1803 __func__, m)); 1804 KASSERT(m->m_epg_tls != NULL, 1805 ("%s: mbuf %p doesn't have TLS session", __func__, m)); 1806 1807 /* Calculate WR length. */ 1808 wr_len = sizeof(struct fw_tlstx_data_wr) + 1809 sizeof(struct cpl_tx_tls_sfo) + key_size(toep); 1810 1811 /* Explicit IVs for AES-CBC and AES-GCM are <= 16. */ 1812 MPASS(toep->tls.iv_len <= AES_BLOCK_LEN); 1813 wr_len += AES_BLOCK_LEN; 1814 1815 /* Account for SGL in work request length. */ 1816 nsegs = count_ext_pgs_segs(m); 1817 wr_len += sizeof(struct ulptx_sgl) + 1818 ((3 * (nsegs - 1)) / 2 + ((nsegs - 1) & 1)) * 8; 1819 1820 /* Not enough credits for this work request. */ 1821 if (howmany(wr_len, 16) > tx_credits) { 1822 if (sowwakeup) 1823 sowwakeup_locked(so); 1824 else 1825 SOCKBUF_UNLOCK(sb); 1826 SOCKBUF_UNLOCK_ASSERT(sb); 1827 #ifdef VERBOSE_TRACES 1828 CTR5(KTR_CXGBE, 1829 "%s: tid %d mbuf %p requires %d credits, but only %d available", 1830 __func__, toep->tid, m, howmany(wr_len, 16), 1831 tx_credits); 1832 #endif 1833 toep->flags |= TPF_TX_SUSPENDED; 1834 return; 1835 } 1836 1837 /* Shove if there is no additional data pending. */ 1838 shove = ((m->m_next == NULL || 1839 (m->m_next->m_flags & M_NOTAVAIL) != 0)) && 1840 (tp->t_flags & TF_MORETOCOME) == 0; 1841 1842 if (sb->sb_flags & SB_AUTOSIZE && 1843 V_tcp_do_autosndbuf && 1844 sb->sb_hiwat < V_tcp_autosndbuf_max && 1845 sbused(sb) >= sb->sb_hiwat * 7 / 8) { 1846 int newsize = min(sb->sb_hiwat + V_tcp_autosndbuf_inc, 1847 V_tcp_autosndbuf_max); 1848 1849 if (!sbreserve_locked(sb, newsize, so, NULL)) 1850 sb->sb_flags &= ~SB_AUTOSIZE; 1851 else 1852 sowwakeup = 1; /* room available */ 1853 } 1854 if (sowwakeup) 1855 sowwakeup_locked(so); 1856 else 1857 SOCKBUF_UNLOCK(sb); 1858 SOCKBUF_UNLOCK_ASSERT(sb); 1859 1860 if (__predict_false(toep->flags & TPF_FIN_SENT)) 1861 panic("%s: excess tx.", __func__); 1862 1863 wr = alloc_wrqe(roundup2(wr_len, 16), toep->ofld_txq); 1864 if (wr == NULL) { 1865 /* XXX: how will we recover from this? */ 1866 toep->flags |= TPF_TX_SUSPENDED; 1867 return; 1868 } 1869 1870 thdr = (struct tls_hdr *)&m->m_epg_hdr; 1871 #ifdef VERBOSE_TRACES 1872 CTR5(KTR_CXGBE, "%s: tid %d TLS record %ju type %d len %#x", 1873 __func__, toep->tid, m->m_epg_seqno, thdr->type, 1874 m->m_len); 1875 #endif 1876 txwr = wrtod(wr); 1877 cpl = (struct cpl_tx_tls_sfo *)(txwr + 1); 1878 memset(txwr, 0, roundup2(wr_len, 16)); 1879 credits = howmany(wr_len, 16); 1880 expn_size = m->m_epg_hdrlen + 1881 m->m_epg_trllen; 1882 tls_size = m->m_len - expn_size; 1883 write_tlstx_wr(txwr, toep, 0, 1884 tls_size, expn_size, 1, credits, shove, 1); 1885 toep->tls.tx_seq_no = m->m_epg_seqno; 1886 write_tlstx_cpl(cpl, toep, thdr, tls_size, 1); 1887 tls_copy_tx_key(toep, cpl + 1); 1888 1889 /* Copy IV. */ 1890 buf = (char *)(cpl + 1) + key_size(toep); 1891 memcpy(buf, thdr + 1, toep->tls.iv_len); 1892 buf += AES_BLOCK_LEN; 1893 1894 write_ktlstx_sgl(buf, m, nsegs); 1895 1896 KASSERT(toep->tx_credits >= credits, 1897 ("%s: not enough credits", __func__)); 1898 1899 toep->tx_credits -= credits; 1900 1901 tp->snd_nxt += m->m_len; 1902 tp->snd_max += m->m_len; 1903 1904 SOCKBUF_LOCK(sb); 1905 sb->sb_sndptr = m; 1906 SOCKBUF_UNLOCK(sb); 1907 1908 toep->flags |= TPF_TX_DATA_SENT; 1909 if (toep->tx_credits < MIN_OFLD_TLSTX_CREDITS(toep)) 1910 toep->flags |= TPF_TX_SUSPENDED; 1911 1912 KASSERT(toep->txsd_avail > 0, ("%s: no txsd", __func__)); 1913 txsd->plen = m->m_len; 1914 txsd->tx_credits = credits; 1915 txsd++; 1916 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) { 1917 toep->txsd_pidx = 0; 1918 txsd = &toep->txsd[0]; 1919 } 1920 toep->txsd_avail--; 1921 1922 atomic_add_long(&toep->vi->pi->tx_toe_tls_records, 1); 1923 atomic_add_long(&toep->vi->pi->tx_toe_tls_octets, m->m_len); 1924 1925 t4_l2t_send(sc, wr, toep->l2te); 1926 } 1927 } 1928 #endif 1929 1930 /* 1931 * For TLS data we place received mbufs received via CPL_TLS_DATA into 1932 * an mbufq in the TLS offload state. When CPL_RX_TLS_CMP is 1933 * received, the completed PDUs are placed into the socket receive 1934 * buffer. 1935 * 1936 * The TLS code reuses the ulp_pdu_reclaimq to hold the pending mbufs. 1937 */ 1938 static int 1939 do_tls_data(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m) 1940 { 1941 struct adapter *sc = iq->adapter; 1942 const struct cpl_tls_data *cpl = mtod(m, const void *); 1943 unsigned int tid = GET_TID(cpl); 1944 struct toepcb *toep = lookup_tid(sc, tid); 1945 struct inpcb *inp = toep->inp; 1946 struct tcpcb *tp; 1947 int len; 1948 1949 /* XXX: Should this match do_rx_data instead? */ 1950 KASSERT(!(toep->flags & TPF_SYNQE), 1951 ("%s: toep %p claims to be a synq entry", __func__, toep)); 1952 1953 KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__)); 1954 1955 /* strip off CPL header */ 1956 m_adj(m, sizeof(*cpl)); 1957 len = m->m_pkthdr.len; 1958 1959 atomic_add_long(&toep->vi->pi->rx_toe_tls_octets, len); 1960 1961 KASSERT(len == G_CPL_TLS_DATA_LENGTH(be32toh(cpl->length_pkd)), 1962 ("%s: payload length mismatch", __func__)); 1963 1964 INP_WLOCK(inp); 1965 if (inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT)) { 1966 CTR4(KTR_CXGBE, "%s: tid %u, rx (%d bytes), inp_flags 0x%x", 1967 __func__, tid, len, inp->inp_flags); 1968 INP_WUNLOCK(inp); 1969 m_freem(m); 1970 return (0); 1971 } 1972 1973 /* Save TCP sequence number. */ 1974 m->m_pkthdr.tls_tcp_seq = be32toh(cpl->seq); 1975 1976 if (mbufq_enqueue(&toep->ulp_pdu_reclaimq, m)) { 1977 #ifdef INVARIANTS 1978 panic("Failed to queue TLS data packet"); 1979 #else 1980 printf("%s: Failed to queue TLS data packet\n", __func__); 1981 INP_WUNLOCK(inp); 1982 m_freem(m); 1983 return (0); 1984 #endif 1985 } 1986 1987 tp = intotcpcb(inp); 1988 tp->t_rcvtime = ticks; 1989 1990 #ifdef VERBOSE_TRACES 1991 CTR4(KTR_CXGBE, "%s: tid %u len %d seq %u", __func__, tid, len, 1992 be32toh(cpl->seq)); 1993 #endif 1994 1995 INP_WUNLOCK(inp); 1996 return (0); 1997 } 1998 1999 static int 2000 do_rx_tls_cmp(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m) 2001 { 2002 struct adapter *sc = iq->adapter; 2003 const struct cpl_rx_tls_cmp *cpl = mtod(m, const void *); 2004 struct tlsrx_hdr_pkt *tls_hdr_pkt; 2005 unsigned int tid = GET_TID(cpl); 2006 struct toepcb *toep = lookup_tid(sc, tid); 2007 struct inpcb *inp = toep->inp; 2008 struct tcpcb *tp; 2009 struct socket *so; 2010 struct sockbuf *sb; 2011 struct mbuf *tls_data; 2012 #ifdef KERN_TLS 2013 struct tls_get_record *tgr; 2014 struct mbuf *control; 2015 #endif 2016 int len, pdu_length, rx_credits; 2017 2018 KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__)); 2019 KASSERT(!(toep->flags & TPF_SYNQE), 2020 ("%s: toep %p claims to be a synq entry", __func__, toep)); 2021 2022 /* strip off CPL header */ 2023 m_adj(m, sizeof(*cpl)); 2024 len = m->m_pkthdr.len; 2025 2026 atomic_add_long(&toep->vi->pi->rx_toe_tls_records, 1); 2027 2028 KASSERT(len == G_CPL_RX_TLS_CMP_LENGTH(be32toh(cpl->pdulength_length)), 2029 ("%s: payload length mismatch", __func__)); 2030 2031 INP_WLOCK(inp); 2032 if (inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT)) { 2033 CTR4(KTR_CXGBE, "%s: tid %u, rx (%d bytes), inp_flags 0x%x", 2034 __func__, tid, len, inp->inp_flags); 2035 INP_WUNLOCK(inp); 2036 m_freem(m); 2037 return (0); 2038 } 2039 2040 pdu_length = G_CPL_RX_TLS_CMP_PDULENGTH(be32toh(cpl->pdulength_length)); 2041 2042 so = inp_inpcbtosocket(inp); 2043 tp = intotcpcb(inp); 2044 2045 #ifdef VERBOSE_TRACES 2046 CTR6(KTR_CXGBE, "%s: tid %u PDU len %d len %d seq %u, rcv_nxt %u", 2047 __func__, tid, pdu_length, len, be32toh(cpl->seq), tp->rcv_nxt); 2048 #endif 2049 2050 tp->rcv_nxt += pdu_length; 2051 KASSERT(tp->rcv_wnd >= pdu_length, 2052 ("%s: negative window size", __func__)); 2053 tp->rcv_wnd -= pdu_length; 2054 2055 /* XXX: Not sure what to do about urgent data. */ 2056 2057 /* 2058 * The payload of this CPL is the TLS header followed by 2059 * additional fields. 2060 */ 2061 KASSERT(m->m_len >= sizeof(*tls_hdr_pkt), 2062 ("%s: payload too small", __func__)); 2063 tls_hdr_pkt = mtod(m, void *); 2064 2065 tls_data = mbufq_dequeue(&toep->ulp_pdu_reclaimq); 2066 if (tls_data != NULL) { 2067 KASSERT(be32toh(cpl->seq) == tls_data->m_pkthdr.tls_tcp_seq, 2068 ("%s: sequence mismatch", __func__)); 2069 } 2070 2071 #ifdef KERN_TLS 2072 if (toep->tls.mode == TLS_MODE_KTLS) { 2073 /* Report decryption errors as EBADMSG. */ 2074 if ((tls_hdr_pkt->res_to_mac_error & M_TLSRX_HDR_PKT_ERROR) != 2075 0) { 2076 m_freem(m); 2077 m_freem(tls_data); 2078 2079 CURVNET_SET(toep->vnet); 2080 so->so_error = EBADMSG; 2081 sorwakeup(so); 2082 2083 INP_WUNLOCK(inp); 2084 CURVNET_RESTORE(); 2085 2086 return (0); 2087 } 2088 2089 /* Allocate the control message mbuf. */ 2090 control = sbcreatecontrol(NULL, sizeof(*tgr), TLS_GET_RECORD, 2091 IPPROTO_TCP); 2092 if (control == NULL) { 2093 m_freem(m); 2094 m_freem(tls_data); 2095 2096 CURVNET_SET(toep->vnet); 2097 so->so_error = ENOBUFS; 2098 sorwakeup(so); 2099 2100 INP_WUNLOCK(inp); 2101 CURVNET_RESTORE(); 2102 2103 return (0); 2104 } 2105 2106 tgr = (struct tls_get_record *) 2107 CMSG_DATA(mtod(control, struct cmsghdr *)); 2108 tgr->tls_type = tls_hdr_pkt->type; 2109 tgr->tls_vmajor = be16toh(tls_hdr_pkt->version) >> 8; 2110 tgr->tls_vminor = be16toh(tls_hdr_pkt->version) & 0xff; 2111 2112 m_freem(m); 2113 2114 if (tls_data != NULL) { 2115 m_last(tls_data)->m_flags |= M_EOR; 2116 tgr->tls_length = htobe16(tls_data->m_pkthdr.len); 2117 } else 2118 tgr->tls_length = 0; 2119 m = tls_data; 2120 } else 2121 #endif 2122 { 2123 /* 2124 * Only the TLS header is sent to OpenSSL, so report 2125 * errors by altering the record type. 2126 */ 2127 if ((tls_hdr_pkt->res_to_mac_error & M_TLSRX_HDR_PKT_ERROR) != 2128 0) 2129 tls_hdr_pkt->type = CONTENT_TYPE_ERROR; 2130 2131 /* Trim this CPL's mbuf to only include the TLS header. */ 2132 KASSERT(m->m_len == len && m->m_next == NULL, 2133 ("%s: CPL spans multiple mbufs", __func__)); 2134 m->m_len = TLS_HEADER_LENGTH; 2135 m->m_pkthdr.len = TLS_HEADER_LENGTH; 2136 2137 if (tls_data != NULL) { 2138 /* 2139 * Update the TLS header length to be the length of 2140 * the payload data. 2141 */ 2142 tls_hdr_pkt->length = htobe16(tls_data->m_pkthdr.len); 2143 2144 m->m_next = tls_data; 2145 m->m_pkthdr.len += tls_data->m_len; 2146 } 2147 2148 #ifdef KERN_TLS 2149 control = NULL; 2150 #endif 2151 } 2152 2153 sb = &so->so_rcv; 2154 SOCKBUF_LOCK(sb); 2155 2156 if (__predict_false(sb->sb_state & SBS_CANTRCVMORE)) { 2157 struct epoch_tracker et; 2158 2159 CTR3(KTR_CXGBE, "%s: tid %u, excess rx (%d bytes)", 2160 __func__, tid, pdu_length); 2161 m_freem(m); 2162 #ifdef KERN_TLS 2163 m_freem(control); 2164 #endif 2165 SOCKBUF_UNLOCK(sb); 2166 INP_WUNLOCK(inp); 2167 2168 CURVNET_SET(toep->vnet); 2169 NET_EPOCH_ENTER(et); 2170 INP_WLOCK(inp); 2171 tp = tcp_drop(tp, ECONNRESET); 2172 if (tp) 2173 INP_WUNLOCK(inp); 2174 NET_EPOCH_EXIT(et); 2175 CURVNET_RESTORE(); 2176 2177 return (0); 2178 } 2179 2180 /* 2181 * Not all of the bytes on the wire are included in the socket buffer 2182 * (e.g. the MAC of the TLS record). However, those bytes are included 2183 * in the TCP sequence space. 2184 */ 2185 2186 /* receive buffer autosize */ 2187 MPASS(toep->vnet == so->so_vnet); 2188 CURVNET_SET(toep->vnet); 2189 if (sb->sb_flags & SB_AUTOSIZE && 2190 V_tcp_do_autorcvbuf && 2191 sb->sb_hiwat < V_tcp_autorcvbuf_max && 2192 m->m_pkthdr.len > (sbspace(sb) / 8 * 7)) { 2193 unsigned int hiwat = sb->sb_hiwat; 2194 unsigned int newsize = min(hiwat + sc->tt.autorcvbuf_inc, 2195 V_tcp_autorcvbuf_max); 2196 2197 if (!sbreserve_locked(sb, newsize, so, NULL)) 2198 sb->sb_flags &= ~SB_AUTOSIZE; 2199 } 2200 2201 #ifdef KERN_TLS 2202 if (control != NULL) 2203 sbappendcontrol_locked(sb, m, control, 0); 2204 else 2205 #endif 2206 sbappendstream_locked(sb, m, 0); 2207 rx_credits = sbspace(sb) > tp->rcv_wnd ? sbspace(sb) - tp->rcv_wnd : 0; 2208 #ifdef VERBOSE_TRACES 2209 CTR4(KTR_CXGBE, "%s: tid %u rx_credits %u rcv_wnd %u", 2210 __func__, tid, rx_credits, tp->rcv_wnd); 2211 #endif 2212 if (rx_credits > 0 && sbused(sb) + tp->rcv_wnd < sb->sb_lowat) { 2213 rx_credits = send_rx_credits(sc, toep, rx_credits); 2214 tp->rcv_wnd += rx_credits; 2215 tp->rcv_adv += rx_credits; 2216 } 2217 2218 sorwakeup_locked(so); 2219 SOCKBUF_UNLOCK_ASSERT(sb); 2220 2221 INP_WUNLOCK(inp); 2222 CURVNET_RESTORE(); 2223 return (0); 2224 } 2225 2226 void 2227 do_rx_data_tls(const struct cpl_rx_data *cpl, struct toepcb *toep, 2228 struct mbuf *m) 2229 { 2230 struct inpcb *inp = toep->inp; 2231 struct tls_ofld_info *tls_ofld = &toep->tls; 2232 struct tls_hdr *hdr; 2233 struct tcpcb *tp; 2234 struct socket *so; 2235 struct sockbuf *sb; 2236 int error, len, rx_credits; 2237 2238 len = m->m_pkthdr.len; 2239 2240 INP_WLOCK_ASSERT(inp); 2241 2242 so = inp_inpcbtosocket(inp); 2243 tp = intotcpcb(inp); 2244 sb = &so->so_rcv; 2245 SOCKBUF_LOCK(sb); 2246 CURVNET_SET(toep->vnet); 2247 2248 tp->rcv_nxt += len; 2249 KASSERT(tp->rcv_wnd >= len, ("%s: negative window size", __func__)); 2250 tp->rcv_wnd -= len; 2251 2252 /* Do we have a full TLS header? */ 2253 if (len < sizeof(*hdr)) { 2254 CTR3(KTR_CXGBE, "%s: tid %u len %d: too short for a TLS header", 2255 __func__, toep->tid, len); 2256 so->so_error = EMSGSIZE; 2257 goto out; 2258 } 2259 hdr = mtod(m, struct tls_hdr *); 2260 2261 /* Is the header valid? */ 2262 if (be16toh(hdr->version) != tls_ofld->k_ctx.proto_ver) { 2263 CTR3(KTR_CXGBE, "%s: tid %u invalid version %04x", 2264 __func__, toep->tid, be16toh(hdr->version)); 2265 error = EINVAL; 2266 goto report_error; 2267 } 2268 if (be16toh(hdr->length) < sizeof(*hdr)) { 2269 CTR3(KTR_CXGBE, "%s: tid %u invalid length %u", 2270 __func__, toep->tid, be16toh(hdr->length)); 2271 error = EBADMSG; 2272 goto report_error; 2273 } 2274 2275 /* Did we get a truncated record? */ 2276 if (len < be16toh(hdr->length)) { 2277 CTR4(KTR_CXGBE, "%s: tid %u truncated TLS record (%d vs %u)", 2278 __func__, toep->tid, len, be16toh(hdr->length)); 2279 2280 error = EMSGSIZE; 2281 goto report_error; 2282 } 2283 2284 /* Is the header type unknown? */ 2285 switch (hdr->type) { 2286 case CONTENT_TYPE_CCS: 2287 case CONTENT_TYPE_ALERT: 2288 case CONTENT_TYPE_APP_DATA: 2289 case CONTENT_TYPE_HANDSHAKE: 2290 break; 2291 default: 2292 CTR3(KTR_CXGBE, "%s: tid %u invalid TLS record type %u", 2293 __func__, toep->tid, hdr->type); 2294 error = EBADMSG; 2295 goto report_error; 2296 } 2297 2298 /* 2299 * Just punt. Although this could fall back to software 2300 * decryption, this case should never really happen. 2301 */ 2302 CTR4(KTR_CXGBE, "%s: tid %u dropping TLS record type %u, length %u", 2303 __func__, toep->tid, hdr->type, be16toh(hdr->length)); 2304 error = EBADMSG; 2305 2306 report_error: 2307 #ifdef KERN_TLS 2308 if (toep->tls.mode == TLS_MODE_KTLS) 2309 so->so_error = error; 2310 else 2311 #endif 2312 { 2313 /* 2314 * Report errors by sending an empty TLS record 2315 * with an error record type. 2316 */ 2317 hdr->type = CONTENT_TYPE_ERROR; 2318 2319 /* Trim this CPL's mbuf to only include the TLS header. */ 2320 KASSERT(m->m_len == len && m->m_next == NULL, 2321 ("%s: CPL spans multiple mbufs", __func__)); 2322 m->m_len = TLS_HEADER_LENGTH; 2323 m->m_pkthdr.len = TLS_HEADER_LENGTH; 2324 2325 sbappendstream_locked(sb, m, 0); 2326 m = NULL; 2327 } 2328 2329 out: 2330 /* 2331 * This connection is going to die anyway, so probably don't 2332 * need to bother with returning credits. 2333 */ 2334 rx_credits = sbspace(sb) > tp->rcv_wnd ? sbspace(sb) - tp->rcv_wnd : 0; 2335 #ifdef VERBOSE_TRACES 2336 CTR4(KTR_CXGBE, "%s: tid %u rx_credits %u rcv_wnd %u", 2337 __func__, toep->tid, rx_credits, tp->rcv_wnd); 2338 #endif 2339 if (rx_credits > 0 && sbused(sb) + tp->rcv_wnd < sb->sb_lowat) { 2340 rx_credits = send_rx_credits(toep->vi->adapter, toep, 2341 rx_credits); 2342 tp->rcv_wnd += rx_credits; 2343 tp->rcv_adv += rx_credits; 2344 } 2345 2346 sorwakeup_locked(so); 2347 SOCKBUF_UNLOCK_ASSERT(sb); 2348 2349 INP_WUNLOCK(inp); 2350 CURVNET_RESTORE(); 2351 2352 m_freem(m); 2353 } 2354 2355 void 2356 t4_tls_mod_load(void) 2357 { 2358 2359 mtx_init(&tls_handshake_lock, "t4tls handshake", NULL, MTX_DEF); 2360 t4_register_cpl_handler(CPL_TLS_DATA, do_tls_data); 2361 t4_register_cpl_handler(CPL_RX_TLS_CMP, do_rx_tls_cmp); 2362 } 2363 2364 void 2365 t4_tls_mod_unload(void) 2366 { 2367 2368 t4_register_cpl_handler(CPL_TLS_DATA, NULL); 2369 t4_register_cpl_handler(CPL_RX_TLS_CMP, NULL); 2370 mtx_destroy(&tls_handshake_lock); 2371 } 2372 #endif /* TCP_OFFLOAD */ 2373