1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2017-2018 Chelsio Communications, Inc. 5 * All rights reserved. 6 * Written by: John Baldwin <jhb@FreeBSD.org> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30 #include "opt_inet.h" 31 #include "opt_kern_tls.h" 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <sys/param.h> 37 #include <sys/ktr.h> 38 #ifdef KERN_TLS 39 #include <sys/ktls.h> 40 #endif 41 #include <sys/sglist.h> 42 #include <sys/socket.h> 43 #include <sys/socketvar.h> 44 #include <sys/systm.h> 45 #include <netinet/in.h> 46 #include <netinet/in_pcb.h> 47 #include <netinet/tcp_var.h> 48 #include <netinet/toecore.h> 49 #ifdef KERN_TLS 50 #include <opencrypto/cryptodev.h> 51 #include <opencrypto/xform.h> 52 #endif 53 54 #ifdef TCP_OFFLOAD 55 #include "common/common.h" 56 #include "common/t4_tcb.h" 57 #include "crypto/t4_crypto.h" 58 #include "tom/t4_tom_l2t.h" 59 #include "tom/t4_tom.h" 60 61 /* 62 * The TCP sequence number of a CPL_TLS_DATA mbuf is saved here while 63 * the mbuf is in the ulp_pdu_reclaimq. 64 */ 65 #define tls_tcp_seq PH_loc.thirtytwo[0] 66 67 static void 68 t4_set_tls_tcb_field(struct toepcb *toep, uint16_t word, uint64_t mask, 69 uint64_t val) 70 { 71 struct adapter *sc = td_adapter(toep->td); 72 73 t4_set_tcb_field(sc, toep->ofld_txq, toep, word, mask, val, 0, 0); 74 } 75 76 /* TLS and DTLS common routines */ 77 bool 78 can_tls_offload(struct adapter *sc) 79 { 80 81 return (sc->tt.tls && sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS); 82 } 83 84 int 85 tls_tx_key(struct toepcb *toep) 86 { 87 struct tls_ofld_info *tls_ofld = &toep->tls; 88 89 return (tls_ofld->tx_key_addr >= 0); 90 } 91 92 int 93 tls_rx_key(struct toepcb *toep) 94 { 95 struct tls_ofld_info *tls_ofld = &toep->tls; 96 97 return (tls_ofld->rx_key_addr >= 0); 98 } 99 100 static int 101 key_size(struct toepcb *toep) 102 { 103 struct tls_ofld_info *tls_ofld = &toep->tls; 104 105 return ((tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) ? 106 tls_ofld->k_ctx.tx_key_info_size : KEY_IN_DDR_SIZE); 107 } 108 109 /* Set TLS Key-Id in TCB */ 110 static void 111 t4_set_tls_keyid(struct toepcb *toep, unsigned int key_id) 112 { 113 114 t4_set_tls_tcb_field(toep, W_TCB_RX_TLS_KEY_TAG, 115 V_TCB_RX_TLS_KEY_TAG(M_TCB_RX_TLS_BUF_TAG), 116 V_TCB_RX_TLS_KEY_TAG(key_id)); 117 } 118 119 /* Clear TF_RX_QUIESCE to re-enable receive. */ 120 static void 121 t4_clear_rx_quiesce(struct toepcb *toep) 122 { 123 124 t4_set_tls_tcb_field(toep, W_TCB_T_FLAGS, V_TF_RX_QUIESCE(1), 0); 125 } 126 127 static void 128 tls_clr_ofld_mode(struct toepcb *toep) 129 { 130 131 tls_stop_handshake_timer(toep); 132 133 KASSERT(toep->tls.rx_key_addr == -1, 134 ("%s: tid %d has RX key", __func__, toep->tid)); 135 136 /* Switch to plain TOE mode. */ 137 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, 138 V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1)), 139 V_TCB_ULP_RAW(V_TF_TLS_ENABLE(0))); 140 t4_set_tls_tcb_field(toep, W_TCB_ULP_TYPE, 141 V_TCB_ULP_TYPE(M_TCB_ULP_TYPE), V_TCB_ULP_TYPE(ULP_MODE_NONE)); 142 t4_clear_rx_quiesce(toep); 143 144 toep->flags &= ~(TPF_FORCE_CREDITS | TPF_TLS_ESTABLISHED); 145 toep->params.ulp_mode = ULP_MODE_NONE; 146 } 147 148 static void 149 tls_clr_quiesce(struct toepcb *toep) 150 { 151 152 tls_stop_handshake_timer(toep); 153 t4_clear_rx_quiesce(toep); 154 } 155 156 /* 157 * Calculate the TLS data expansion size 158 */ 159 static int 160 tls_expansion_size(struct toepcb *toep, int data_len, int full_pdus_only, 161 unsigned short *pdus_per_ulp) 162 { 163 struct tls_ofld_info *tls_ofld = &toep->tls; 164 struct tls_scmd *scmd = &tls_ofld->scmd0; 165 int expn_size = 0, frag_count = 0, pad_per_pdu = 0, 166 pad_last_pdu = 0, last_frag_size = 0, max_frag_size = 0; 167 int exp_per_pdu = 0; 168 int hdr_len = TLS_HEADER_LENGTH; 169 170 do { 171 max_frag_size = tls_ofld->k_ctx.frag_size; 172 if (G_SCMD_CIPH_MODE(scmd->seqno_numivs) == 173 SCMD_CIPH_MODE_AES_GCM) { 174 frag_count = (data_len / max_frag_size); 175 exp_per_pdu = GCM_TAG_SIZE + AEAD_EXPLICIT_DATA_SIZE + 176 hdr_len; 177 expn_size = frag_count * exp_per_pdu; 178 if (full_pdus_only) { 179 *pdus_per_ulp = data_len / (exp_per_pdu + 180 max_frag_size); 181 if (*pdus_per_ulp > 32) 182 *pdus_per_ulp = 32; 183 else if(!*pdus_per_ulp) 184 *pdus_per_ulp = 1; 185 expn_size = (*pdus_per_ulp) * exp_per_pdu; 186 break; 187 } 188 if ((last_frag_size = data_len % max_frag_size) > 0) { 189 frag_count += 1; 190 expn_size += exp_per_pdu; 191 } 192 break; 193 } else if (G_SCMD_CIPH_MODE(scmd->seqno_numivs) != 194 SCMD_CIPH_MODE_NOP) { 195 /* Calculate the number of fragments we can make */ 196 frag_count = (data_len / max_frag_size); 197 if (frag_count > 0) { 198 pad_per_pdu = (((howmany((max_frag_size + 199 tls_ofld->mac_length), 200 CIPHER_BLOCK_SIZE)) * 201 CIPHER_BLOCK_SIZE) - 202 (max_frag_size + 203 tls_ofld->mac_length)); 204 if (!pad_per_pdu) 205 pad_per_pdu = CIPHER_BLOCK_SIZE; 206 exp_per_pdu = pad_per_pdu + 207 tls_ofld->mac_length + 208 hdr_len + CIPHER_BLOCK_SIZE; 209 expn_size = frag_count * exp_per_pdu; 210 } 211 if (full_pdus_only) { 212 *pdus_per_ulp = data_len / (exp_per_pdu + 213 max_frag_size); 214 if (*pdus_per_ulp > 32) 215 *pdus_per_ulp = 32; 216 else if (!*pdus_per_ulp) 217 *pdus_per_ulp = 1; 218 expn_size = (*pdus_per_ulp) * exp_per_pdu; 219 break; 220 } 221 /* Consider the last fragment */ 222 if ((last_frag_size = data_len % max_frag_size) > 0) { 223 pad_last_pdu = (((howmany((last_frag_size + 224 tls_ofld->mac_length), 225 CIPHER_BLOCK_SIZE)) * 226 CIPHER_BLOCK_SIZE) - 227 (last_frag_size + 228 tls_ofld->mac_length)); 229 if (!pad_last_pdu) 230 pad_last_pdu = CIPHER_BLOCK_SIZE; 231 expn_size += (pad_last_pdu + 232 tls_ofld->mac_length + hdr_len + 233 CIPHER_BLOCK_SIZE); 234 } 235 } 236 } while (0); 237 238 return (expn_size); 239 } 240 241 /* Copy Key to WR */ 242 static void 243 tls_copy_tx_key(struct toepcb *toep, void *dst) 244 { 245 struct tls_ofld_info *tls_ofld = &toep->tls; 246 struct ulptx_sc_memrd *sc_memrd; 247 struct ulptx_idata *sc; 248 249 if (tls_ofld->k_ctx.tx_key_info_size <= 0) 250 return; 251 252 if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_DDR) { 253 sc = dst; 254 sc->cmd_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_NOOP)); 255 sc->len = htobe32(0); 256 sc_memrd = (struct ulptx_sc_memrd *)(sc + 1); 257 sc_memrd->cmd_to_len = htobe32(V_ULPTX_CMD(ULP_TX_SC_MEMRD) | 258 V_ULP_TX_SC_MORE(1) | 259 V_ULPTX_LEN16(tls_ofld->k_ctx.tx_key_info_size >> 4)); 260 sc_memrd->addr = htobe32(tls_ofld->tx_key_addr >> 5); 261 } else if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) { 262 memcpy(dst, &tls_ofld->k_ctx.tx, 263 tls_ofld->k_ctx.tx_key_info_size); 264 } 265 } 266 267 /* TLS/DTLS content type for CPL SFO */ 268 static inline unsigned char 269 tls_content_type(unsigned char content_type) 270 { 271 /* 272 * XXX: Shouldn't this map CONTENT_TYPE_APP_DATA to DATA and 273 * default to "CUSTOM" for all other types including 274 * heartbeat? 275 */ 276 switch (content_type) { 277 case CONTENT_TYPE_CCS: 278 return CPL_TX_TLS_SFO_TYPE_CCS; 279 case CONTENT_TYPE_ALERT: 280 return CPL_TX_TLS_SFO_TYPE_ALERT; 281 case CONTENT_TYPE_HANDSHAKE: 282 return CPL_TX_TLS_SFO_TYPE_HANDSHAKE; 283 case CONTENT_TYPE_HEARTBEAT: 284 return CPL_TX_TLS_SFO_TYPE_HEARTBEAT; 285 } 286 return CPL_TX_TLS_SFO_TYPE_DATA; 287 } 288 289 static unsigned char 290 get_cipher_key_size(unsigned int ck_size) 291 { 292 switch (ck_size) { 293 case AES_NOP: /* NOP */ 294 return 15; 295 case AES_128: /* AES128 */ 296 return CH_CK_SIZE_128; 297 case AES_192: /* AES192 */ 298 return CH_CK_SIZE_192; 299 case AES_256: /* AES256 */ 300 return CH_CK_SIZE_256; 301 default: 302 return CH_CK_SIZE_256; 303 } 304 } 305 306 static unsigned char 307 get_mac_key_size(unsigned int mk_size) 308 { 309 switch (mk_size) { 310 case SHA_NOP: /* NOP */ 311 return CH_MK_SIZE_128; 312 case SHA_GHASH: /* GHASH */ 313 case SHA_512: /* SHA512 */ 314 return CH_MK_SIZE_512; 315 case SHA_224: /* SHA2-224 */ 316 return CH_MK_SIZE_192; 317 case SHA_256: /* SHA2-256*/ 318 return CH_MK_SIZE_256; 319 case SHA_384: /* SHA384 */ 320 return CH_MK_SIZE_512; 321 case SHA1: /* SHA1 */ 322 default: 323 return CH_MK_SIZE_160; 324 } 325 } 326 327 static unsigned int 328 get_proto_ver(int proto_ver) 329 { 330 switch (proto_ver) { 331 case TLS1_2_VERSION: 332 return TLS_1_2_VERSION; 333 case TLS1_1_VERSION: 334 return TLS_1_1_VERSION; 335 case DTLS1_2_VERSION: 336 return DTLS_1_2_VERSION; 337 default: 338 return TLS_VERSION_MAX; 339 } 340 } 341 342 static void 343 tls_rxkey_flit1(struct tls_keyctx *kwr, struct tls_key_context *kctx) 344 { 345 346 if (kctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) { 347 kwr->u.rxhdr.ivinsert_to_authinsrt = 348 htobe64(V_TLS_KEYCTX_TX_WR_IVINSERT(6ULL) | 349 V_TLS_KEYCTX_TX_WR_AADSTRTOFST(1ULL) | 350 V_TLS_KEYCTX_TX_WR_AADSTOPOFST(5ULL) | 351 V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(14ULL) | 352 V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(16ULL) | 353 V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(14ULL) | 354 V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(0ULL) | 355 V_TLS_KEYCTX_TX_WR_AUTHINSRT(16ULL)); 356 kwr->u.rxhdr.ivpresent_to_rxmk_size &= 357 ~(V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1)); 358 kwr->u.rxhdr.authmode_to_rxvalid &= 359 ~(V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1)); 360 } else { 361 kwr->u.rxhdr.ivinsert_to_authinsrt = 362 htobe64(V_TLS_KEYCTX_TX_WR_IVINSERT(6ULL) | 363 V_TLS_KEYCTX_TX_WR_AADSTRTOFST(1ULL) | 364 V_TLS_KEYCTX_TX_WR_AADSTOPOFST(5ULL) | 365 V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(22ULL) | 366 V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(0ULL) | 367 V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(22ULL) | 368 V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(0ULL) | 369 V_TLS_KEYCTX_TX_WR_AUTHINSRT(0ULL)); 370 } 371 } 372 373 /* Rx key */ 374 static void 375 prepare_rxkey_wr(struct tls_keyctx *kwr, struct tls_key_context *kctx) 376 { 377 unsigned int ck_size = kctx->cipher_secret_size; 378 unsigned int mk_size = kctx->mac_secret_size; 379 int proto_ver = kctx->proto_ver; 380 381 kwr->u.rxhdr.flitcnt_hmacctrl = 382 ((kctx->rx_key_info_size >> 4) << 3) | kctx->hmac_ctrl; 383 384 kwr->u.rxhdr.protover_ciphmode = 385 V_TLS_KEYCTX_TX_WR_PROTOVER(get_proto_ver(proto_ver)) | 386 V_TLS_KEYCTX_TX_WR_CIPHMODE(kctx->state.enc_mode); 387 388 kwr->u.rxhdr.authmode_to_rxvalid = 389 V_TLS_KEYCTX_TX_WR_AUTHMODE(kctx->state.auth_mode) | 390 V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1) | 391 V_TLS_KEYCTX_TX_WR_SEQNUMCTRL(3) | 392 V_TLS_KEYCTX_TX_WR_RXVALID(1); 393 394 kwr->u.rxhdr.ivpresent_to_rxmk_size = 395 V_TLS_KEYCTX_TX_WR_IVPRESENT(0) | 396 V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1) | 397 V_TLS_KEYCTX_TX_WR_RXCK_SIZE(get_cipher_key_size(ck_size)) | 398 V_TLS_KEYCTX_TX_WR_RXMK_SIZE(get_mac_key_size(mk_size)); 399 400 tls_rxkey_flit1(kwr, kctx); 401 402 /* No key reversal for GCM */ 403 if (kctx->state.enc_mode != CH_EVP_CIPH_GCM_MODE) { 404 t4_aes_getdeckey(kwr->keys.edkey, kctx->rx.key, 405 (kctx->cipher_secret_size << 3)); 406 memcpy(kwr->keys.edkey + kctx->cipher_secret_size, 407 kctx->rx.key + kctx->cipher_secret_size, 408 (IPAD_SIZE + OPAD_SIZE)); 409 } else { 410 memcpy(kwr->keys.edkey, kctx->rx.key, 411 (kctx->rx_key_info_size - SALT_SIZE)); 412 memcpy(kwr->u.rxhdr.rxsalt, kctx->rx.salt, SALT_SIZE); 413 } 414 } 415 416 /* Tx key */ 417 static void 418 prepare_txkey_wr(struct tls_keyctx *kwr, struct tls_key_context *kctx) 419 { 420 unsigned int ck_size = kctx->cipher_secret_size; 421 unsigned int mk_size = kctx->mac_secret_size; 422 423 kwr->u.txhdr.ctxlen = 424 (kctx->tx_key_info_size >> 4); 425 kwr->u.txhdr.dualck_to_txvalid = 426 V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1) | 427 V_TLS_KEYCTX_TX_WR_SALT_PRESENT(1) | 428 V_TLS_KEYCTX_TX_WR_TXCK_SIZE(get_cipher_key_size(ck_size)) | 429 V_TLS_KEYCTX_TX_WR_TXMK_SIZE(get_mac_key_size(mk_size)) | 430 V_TLS_KEYCTX_TX_WR_TXVALID(1); 431 432 memcpy(kwr->keys.edkey, kctx->tx.key, HDR_KCTX_SIZE); 433 if (kctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) { 434 memcpy(kwr->u.txhdr.txsalt, kctx->tx.salt, SALT_SIZE); 435 kwr->u.txhdr.dualck_to_txvalid &= 436 ~(V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1)); 437 } 438 kwr->u.txhdr.dualck_to_txvalid = htons(kwr->u.txhdr.dualck_to_txvalid); 439 } 440 441 /* TLS Key memory management */ 442 static int 443 get_new_keyid(struct toepcb *toep) 444 { 445 struct adapter *sc = td_adapter(toep->td); 446 vmem_addr_t addr; 447 448 if (vmem_alloc(sc->key_map, TLS_KEY_CONTEXT_SZ, M_NOWAIT | M_FIRSTFIT, 449 &addr) != 0) 450 return (-1); 451 452 return (addr); 453 } 454 455 static void 456 free_keyid(struct toepcb *toep, int keyid) 457 { 458 struct adapter *sc = td_adapter(toep->td); 459 460 vmem_free(sc->key_map, keyid, TLS_KEY_CONTEXT_SZ); 461 } 462 463 static void 464 clear_tls_keyid(struct toepcb *toep) 465 { 466 struct tls_ofld_info *tls_ofld = &toep->tls; 467 468 if (tls_ofld->rx_key_addr >= 0) { 469 free_keyid(toep, tls_ofld->rx_key_addr); 470 tls_ofld->rx_key_addr = -1; 471 } 472 if (tls_ofld->tx_key_addr >= 0) { 473 free_keyid(toep, tls_ofld->tx_key_addr); 474 tls_ofld->tx_key_addr = -1; 475 } 476 } 477 478 static int 479 get_keyid(struct tls_ofld_info *tls_ofld, unsigned int ops) 480 { 481 return (ops & KEY_WRITE_RX ? tls_ofld->rx_key_addr : 482 ((ops & KEY_WRITE_TX) ? tls_ofld->tx_key_addr : -1)); 483 } 484 485 static int 486 get_tp_plen_max(struct tls_ofld_info *tls_ofld) 487 { 488 int plen = ((min(3*4096, TP_TX_PG_SZ))/1448) * 1448; 489 490 return (tls_ofld->k_ctx.frag_size <= 8192 ? plen : FC_TP_PLEN_MAX); 491 } 492 493 /* Send request to get the key-id */ 494 static int 495 tls_program_key_id(struct toepcb *toep, struct tls_key_context *k_ctx) 496 { 497 struct tls_ofld_info *tls_ofld = &toep->tls; 498 struct adapter *sc = td_adapter(toep->td); 499 struct ofld_tx_sdesc *txsd; 500 int kwrlen, kctxlen, keyid, len; 501 struct wrqe *wr; 502 struct tls_key_req *kwr; 503 struct tls_keyctx *kctx; 504 505 kwrlen = sizeof(*kwr); 506 kctxlen = roundup2(sizeof(*kctx), 32); 507 len = roundup2(kwrlen + kctxlen, 16); 508 509 if (toep->txsd_avail == 0) 510 return (EAGAIN); 511 512 /* Dont initialize key for re-neg */ 513 if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) { 514 if ((keyid = get_new_keyid(toep)) < 0) { 515 return (ENOSPC); 516 } 517 } else { 518 keyid = get_keyid(tls_ofld, k_ctx->l_p_key); 519 } 520 521 wr = alloc_wrqe(len, toep->ofld_txq); 522 if (wr == NULL) { 523 free_keyid(toep, keyid); 524 return (ENOMEM); 525 } 526 kwr = wrtod(wr); 527 memset(kwr, 0, kwrlen); 528 529 kwr->wr_hi = htobe32(V_FW_WR_OP(FW_ULPTX_WR) | F_FW_WR_COMPL | 530 F_FW_WR_ATOMIC); 531 kwr->wr_mid = htobe32(V_FW_WR_LEN16(DIV_ROUND_UP(len, 16)) | 532 V_FW_WR_FLOWID(toep->tid)); 533 kwr->protocol = get_proto_ver(k_ctx->proto_ver); 534 kwr->mfs = htons(k_ctx->frag_size); 535 kwr->reneg_to_write_rx = k_ctx->l_p_key; 536 537 /* master command */ 538 kwr->cmd = htobe32(V_ULPTX_CMD(ULP_TX_MEM_WRITE) | 539 V_T5_ULP_MEMIO_ORDER(1) | V_T5_ULP_MEMIO_IMM(1)); 540 kwr->dlen = htobe32(V_ULP_MEMIO_DATA_LEN(kctxlen >> 5)); 541 kwr->len16 = htobe32((toep->tid << 8) | 542 DIV_ROUND_UP(len - sizeof(struct work_request_hdr), 16)); 543 kwr->kaddr = htobe32(V_ULP_MEMIO_ADDR(keyid >> 5)); 544 545 /* sub command */ 546 kwr->sc_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_IMM)); 547 kwr->sc_len = htobe32(kctxlen); 548 549 kctx = (struct tls_keyctx *)(kwr + 1); 550 memset(kctx, 0, kctxlen); 551 552 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_TX) { 553 tls_ofld->tx_key_addr = keyid; 554 prepare_txkey_wr(kctx, k_ctx); 555 } else if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 556 tls_ofld->rx_key_addr = keyid; 557 prepare_rxkey_wr(kctx, k_ctx); 558 } 559 560 txsd = &toep->txsd[toep->txsd_pidx]; 561 txsd->tx_credits = DIV_ROUND_UP(len, 16); 562 txsd->plen = 0; 563 toep->tx_credits -= txsd->tx_credits; 564 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) 565 toep->txsd_pidx = 0; 566 toep->txsd_avail--; 567 568 t4_wrq_tx(sc, wr); 569 570 return (0); 571 } 572 573 /* Store a key received from SSL in DDR. */ 574 static int 575 program_key_context(struct tcpcb *tp, struct toepcb *toep, 576 struct tls_key_context *uk_ctx) 577 { 578 struct adapter *sc = td_adapter(toep->td); 579 struct tls_ofld_info *tls_ofld = &toep->tls; 580 struct tls_key_context *k_ctx; 581 int error, key_offset; 582 583 if (tp->t_state != TCPS_ESTABLISHED) { 584 /* 585 * XXX: Matches Linux driver, but not sure this is a 586 * very appropriate error. 587 */ 588 return (ENOENT); 589 } 590 591 /* Stop timer on handshake completion */ 592 tls_stop_handshake_timer(toep); 593 594 toep->flags &= ~TPF_FORCE_CREDITS; 595 596 CTR4(KTR_CXGBE, "%s: tid %d %s proto_ver %#x", __func__, toep->tid, 597 G_KEY_GET_LOC(uk_ctx->l_p_key) == KEY_WRITE_RX ? "KEY_WRITE_RX" : 598 "KEY_WRITE_TX", uk_ctx->proto_ver); 599 600 if (G_KEY_GET_LOC(uk_ctx->l_p_key) == KEY_WRITE_RX && 601 ulp_mode(toep) != ULP_MODE_TLS) 602 return (EOPNOTSUPP); 603 604 /* Don't copy the 'tx' and 'rx' fields. */ 605 k_ctx = &tls_ofld->k_ctx; 606 memcpy(&k_ctx->l_p_key, &uk_ctx->l_p_key, 607 sizeof(*k_ctx) - offsetof(struct tls_key_context, l_p_key)); 608 609 /* TLS version != 1.1 and !1.2 OR DTLS != 1.2 */ 610 if (get_proto_ver(k_ctx->proto_ver) > DTLS_1_2_VERSION) { 611 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 612 tls_ofld->rx_key_addr = -1; 613 t4_clear_rx_quiesce(toep); 614 } else { 615 tls_ofld->tx_key_addr = -1; 616 } 617 return (0); 618 } 619 620 if (k_ctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) { 621 k_ctx->iv_size = 4; 622 k_ctx->mac_first = 0; 623 k_ctx->hmac_ctrl = 0; 624 } else { 625 k_ctx->iv_size = 8; /* for CBC, iv is 16B, unit of 2B */ 626 k_ctx->mac_first = 1; 627 } 628 629 tls_ofld->scmd0.seqno_numivs = 630 (V_SCMD_SEQ_NO_CTRL(3) | 631 V_SCMD_PROTO_VERSION(get_proto_ver(k_ctx->proto_ver)) | 632 V_SCMD_ENC_DEC_CTRL(SCMD_ENCDECCTRL_ENCRYPT) | 633 V_SCMD_CIPH_AUTH_SEQ_CTRL((k_ctx->mac_first == 0)) | 634 V_SCMD_CIPH_MODE(k_ctx->state.enc_mode) | 635 V_SCMD_AUTH_MODE(k_ctx->state.auth_mode) | 636 V_SCMD_HMAC_CTRL(k_ctx->hmac_ctrl) | 637 V_SCMD_IV_SIZE(k_ctx->iv_size)); 638 639 tls_ofld->scmd0.ivgen_hdrlen = 640 (V_SCMD_IV_GEN_CTRL(k_ctx->iv_ctrl) | 641 V_SCMD_KEY_CTX_INLINE(0) | 642 V_SCMD_TLS_FRAG_ENABLE(1)); 643 644 tls_ofld->mac_length = k_ctx->mac_secret_size; 645 646 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 647 k_ctx->rx = uk_ctx->rx; 648 /* Dont initialize key for re-neg */ 649 if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) 650 tls_ofld->rx_key_addr = -1; 651 } else { 652 k_ctx->tx = uk_ctx->tx; 653 /* Dont initialize key for re-neg */ 654 if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) 655 tls_ofld->tx_key_addr = -1; 656 } 657 658 /* Flush pending data before new Tx key becomes active */ 659 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_TX) { 660 struct sockbuf *sb; 661 662 /* XXX: This might not drain everything. */ 663 t4_push_frames(sc, toep, 0); 664 sb = &toep->inp->inp_socket->so_snd; 665 SOCKBUF_LOCK(sb); 666 667 /* XXX: This asserts that everything has been pushed. */ 668 MPASS(sb->sb_sndptr == NULL || sb->sb_sndptr->m_next == NULL); 669 sb->sb_sndptr = NULL; 670 tls_ofld->sb_off = sbavail(sb); 671 SOCKBUF_UNLOCK(sb); 672 tls_ofld->tx_seq_no = 0; 673 } 674 675 if ((G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) || 676 (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_DDR)) { 677 678 /* 679 * XXX: The userland library sets tx_key_info_size, not 680 * rx_key_info_size. 681 */ 682 k_ctx->rx_key_info_size = k_ctx->tx_key_info_size; 683 684 error = tls_program_key_id(toep, k_ctx); 685 if (error) { 686 /* XXX: Only clear quiesce for KEY_WRITE_RX? */ 687 t4_clear_rx_quiesce(toep); 688 return (error); 689 } 690 } 691 692 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 693 /* 694 * RX key tags are an index into the key portion of MA 695 * memory stored as an offset from the base address in 696 * units of 64 bytes. 697 */ 698 key_offset = tls_ofld->rx_key_addr - sc->vres.key.start; 699 t4_set_tls_keyid(toep, key_offset / 64); 700 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, 701 V_TCB_ULP_RAW(M_TCB_ULP_RAW), 702 V_TCB_ULP_RAW((V_TF_TLS_KEY_SIZE(3) | 703 V_TF_TLS_CONTROL(1) | 704 V_TF_TLS_ACTIVE(1) | 705 V_TF_TLS_ENABLE(1)))); 706 t4_set_tls_tcb_field(toep, W_TCB_TLS_SEQ, 707 V_TCB_TLS_SEQ(M_TCB_TLS_SEQ), 708 V_TCB_TLS_SEQ(0)); 709 t4_clear_rx_quiesce(toep); 710 711 toep->flags |= TPF_TLS_RECEIVE; 712 } else { 713 unsigned short pdus_per_ulp; 714 715 if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) 716 tls_ofld->tx_key_addr = 1; 717 718 tls_ofld->fcplenmax = get_tp_plen_max(tls_ofld); 719 tls_ofld->expn_per_ulp = tls_expansion_size(toep, 720 tls_ofld->fcplenmax, 1, &pdus_per_ulp); 721 tls_ofld->pdus_per_ulp = pdus_per_ulp; 722 tls_ofld->adjusted_plen = tls_ofld->pdus_per_ulp * 723 ((tls_ofld->expn_per_ulp/tls_ofld->pdus_per_ulp) + 724 tls_ofld->k_ctx.frag_size); 725 } 726 727 return (0); 728 } 729 730 /* 731 * In some cases a client connection can hang without sending the 732 * ServerHelloDone message from the NIC to the host. Send a dummy 733 * RX_DATA_ACK with RX_MODULATE to unstick the connection. 734 */ 735 static void 736 tls_send_handshake_ack(void *arg) 737 { 738 struct toepcb *toep = arg; 739 struct tls_ofld_info *tls_ofld = &toep->tls; 740 struct adapter *sc = td_adapter(toep->td); 741 742 /* 743 * If this connection has timed out without receiving more 744 * data, downgrade to plain TOE mode and don't re-arm the 745 * timer. 746 */ 747 if (sc->tt.tls_rx_timeout != 0) { 748 struct inpcb *inp; 749 struct tcpcb *tp; 750 751 inp = toep->inp; 752 tp = intotcpcb(inp); 753 if ((ticks - tp->t_rcvtime) >= sc->tt.tls_rx_timeout) { 754 CTR2(KTR_CXGBE, "%s: tid %d clr_ofld_mode", __func__, 755 toep->tid); 756 tls_clr_ofld_mode(toep); 757 return; 758 } 759 } 760 761 /* 762 * XXX: Does not have the t4_get_tcb() checks to refine the 763 * workaround. 764 */ 765 callout_schedule(&tls_ofld->handshake_timer, TLS_SRV_HELLO_RD_TM * hz); 766 767 CTR2(KTR_CXGBE, "%s: tid %d sending RX_DATA_ACK", __func__, toep->tid); 768 send_rx_modulate(sc, toep); 769 } 770 771 static void 772 tls_start_handshake_timer(struct toepcb *toep) 773 { 774 struct tls_ofld_info *tls_ofld = &toep->tls; 775 776 INP_WLOCK_ASSERT(toep->inp); 777 callout_reset(&tls_ofld->handshake_timer, TLS_SRV_HELLO_BKOFF_TM * hz, 778 tls_send_handshake_ack, toep); 779 } 780 781 void 782 tls_stop_handshake_timer(struct toepcb *toep) 783 { 784 struct tls_ofld_info *tls_ofld = &toep->tls; 785 786 INP_WLOCK_ASSERT(toep->inp); 787 callout_stop(&tls_ofld->handshake_timer); 788 } 789 790 int 791 t4_ctloutput_tls(struct socket *so, struct sockopt *sopt) 792 { 793 struct tls_key_context uk_ctx; 794 struct inpcb *inp; 795 struct tcpcb *tp; 796 struct toepcb *toep; 797 int error, optval; 798 799 error = 0; 800 if (sopt->sopt_dir == SOPT_SET && 801 sopt->sopt_name == TCP_TLSOM_SET_TLS_CONTEXT) { 802 error = sooptcopyin(sopt, &uk_ctx, sizeof(uk_ctx), 803 sizeof(uk_ctx)); 804 if (error) 805 return (error); 806 } 807 808 inp = sotoinpcb(so); 809 KASSERT(inp != NULL, ("tcp_ctloutput: inp == NULL")); 810 INP_WLOCK(inp); 811 if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { 812 INP_WUNLOCK(inp); 813 return (ECONNRESET); 814 } 815 tp = intotcpcb(inp); 816 toep = tp->t_toe; 817 switch (sopt->sopt_dir) { 818 case SOPT_SET: 819 switch (sopt->sopt_name) { 820 case TCP_TLSOM_SET_TLS_CONTEXT: 821 if (toep->tls.mode == TLS_MODE_KTLS) 822 error = EINVAL; 823 else { 824 error = program_key_context(tp, toep, &uk_ctx); 825 if (error == 0) 826 toep->tls.mode = TLS_MODE_TLSOM; 827 } 828 INP_WUNLOCK(inp); 829 break; 830 case TCP_TLSOM_CLR_TLS_TOM: 831 if (toep->tls.mode == TLS_MODE_KTLS) 832 error = EINVAL; 833 else if (ulp_mode(toep) == ULP_MODE_TLS) { 834 CTR2(KTR_CXGBE, "%s: tid %d CLR_TLS_TOM", 835 __func__, toep->tid); 836 tls_clr_ofld_mode(toep); 837 } else 838 error = EOPNOTSUPP; 839 INP_WUNLOCK(inp); 840 break; 841 case TCP_TLSOM_CLR_QUIES: 842 if (toep->tls.mode == TLS_MODE_KTLS) 843 error = EINVAL; 844 else if (ulp_mode(toep) == ULP_MODE_TLS) { 845 CTR2(KTR_CXGBE, "%s: tid %d CLR_QUIES", 846 __func__, toep->tid); 847 tls_clr_quiesce(toep); 848 } else 849 error = EOPNOTSUPP; 850 INP_WUNLOCK(inp); 851 break; 852 default: 853 INP_WUNLOCK(inp); 854 error = EOPNOTSUPP; 855 break; 856 } 857 break; 858 case SOPT_GET: 859 switch (sopt->sopt_name) { 860 case TCP_TLSOM_GET_TLS_TOM: 861 /* 862 * TLS TX is permitted on any TOE socket, but 863 * TLS RX requires a TLS ULP mode. 864 */ 865 optval = TLS_TOM_NONE; 866 if (can_tls_offload(td_adapter(toep->td)) && 867 toep->tls.mode != TLS_MODE_KTLS) { 868 switch (ulp_mode(toep)) { 869 case ULP_MODE_NONE: 870 case ULP_MODE_TCPDDP: 871 optval = TLS_TOM_TXONLY; 872 break; 873 case ULP_MODE_TLS: 874 optval = TLS_TOM_BOTH; 875 break; 876 } 877 } 878 CTR3(KTR_CXGBE, "%s: tid %d GET_TLS_TOM = %d", 879 __func__, toep->tid, optval); 880 INP_WUNLOCK(inp); 881 error = sooptcopyout(sopt, &optval, sizeof(optval)); 882 break; 883 default: 884 INP_WUNLOCK(inp); 885 error = EOPNOTSUPP; 886 break; 887 } 888 break; 889 } 890 return (error); 891 } 892 893 #ifdef KERN_TLS 894 static void 895 init_ktls_key_context(struct ktls_session *tls, struct tls_key_context *k_ctx, 896 int direction) 897 { 898 struct auth_hash *axf; 899 u_int key_info_size, mac_key_size; 900 char *hash, *key; 901 902 k_ctx->l_p_key = V_KEY_GET_LOC(direction == KTLS_TX ? KEY_WRITE_TX : 903 KEY_WRITE_RX); 904 k_ctx->proto_ver = tls->params.tls_vmajor << 8 | tls->params.tls_vminor; 905 k_ctx->cipher_secret_size = tls->params.cipher_key_len; 906 key_info_size = sizeof(struct tx_keyctx_hdr) + 907 k_ctx->cipher_secret_size; 908 if (direction == KTLS_TX) 909 key = k_ctx->tx.key; 910 else 911 key = k_ctx->rx.key; 912 memcpy(key, tls->params.cipher_key, tls->params.cipher_key_len); 913 hash = key + tls->params.cipher_key_len; 914 if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) { 915 k_ctx->state.auth_mode = SCMD_AUTH_MODE_GHASH; 916 k_ctx->state.enc_mode = SCMD_CIPH_MODE_AES_GCM; 917 k_ctx->iv_size = 4; 918 k_ctx->mac_first = 0; 919 k_ctx->hmac_ctrl = SCMD_HMAC_CTRL_NOP; 920 key_info_size += GMAC_BLOCK_LEN; 921 k_ctx->mac_secret_size = 0; 922 if (direction == KTLS_TX) 923 memcpy(k_ctx->tx.salt, tls->params.iv, SALT_SIZE); 924 else 925 memcpy(k_ctx->rx.salt, tls->params.iv, SALT_SIZE); 926 t4_init_gmac_hash(tls->params.cipher_key, 927 tls->params.cipher_key_len, hash); 928 } else { 929 switch (tls->params.auth_algorithm) { 930 case CRYPTO_SHA1_HMAC: 931 axf = &auth_hash_hmac_sha1; 932 mac_key_size = SHA1_HASH_LEN; 933 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA1; 934 break; 935 case CRYPTO_SHA2_256_HMAC: 936 axf = &auth_hash_hmac_sha2_256; 937 mac_key_size = SHA2_256_HASH_LEN; 938 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA256; 939 break; 940 case CRYPTO_SHA2_384_HMAC: 941 axf = &auth_hash_hmac_sha2_384; 942 mac_key_size = SHA2_512_HASH_LEN; 943 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA512_384; 944 break; 945 default: 946 panic("bad auth mode"); 947 } 948 k_ctx->state.enc_mode = SCMD_CIPH_MODE_AES_CBC; 949 k_ctx->iv_size = 8; /* for CBC, iv is 16B, unit of 2B */ 950 k_ctx->mac_first = 1; 951 k_ctx->hmac_ctrl = SCMD_HMAC_CTRL_NO_TRUNC; 952 key_info_size += roundup2(mac_key_size, 16) * 2; 953 k_ctx->mac_secret_size = mac_key_size; 954 t4_init_hmac_digest(axf, mac_key_size, tls->params.auth_key, 955 tls->params.auth_key_len, hash); 956 } 957 958 if (direction == KTLS_TX) 959 k_ctx->tx_key_info_size = key_info_size; 960 else 961 k_ctx->rx_key_info_size = key_info_size; 962 k_ctx->frag_size = tls->params.max_frame_len; 963 k_ctx->iv_ctrl = 1; 964 } 965 966 int 967 tls_alloc_ktls(struct toepcb *toep, struct ktls_session *tls, int direction) 968 { 969 struct adapter *sc = td_adapter(toep->td); 970 struct tls_key_context *k_ctx; 971 int error, key_offset; 972 973 if (toep->tls.mode == TLS_MODE_TLSOM) 974 return (EINVAL); 975 if (!can_tls_offload(td_adapter(toep->td))) 976 return (EINVAL); 977 switch (ulp_mode(toep)) { 978 case ULP_MODE_TLS: 979 break; 980 case ULP_MODE_NONE: 981 case ULP_MODE_TCPDDP: 982 if (direction != KTLS_TX) 983 return (EINVAL); 984 break; 985 default: 986 return (EINVAL); 987 } 988 989 switch (tls->params.cipher_algorithm) { 990 case CRYPTO_AES_CBC: 991 /* XXX: Explicitly ignore any provided IV. */ 992 switch (tls->params.cipher_key_len) { 993 case 128 / 8: 994 case 192 / 8: 995 case 256 / 8: 996 break; 997 default: 998 error = EINVAL; 999 goto clr_ofld; 1000 } 1001 switch (tls->params.auth_algorithm) { 1002 case CRYPTO_SHA1_HMAC: 1003 case CRYPTO_SHA2_256_HMAC: 1004 case CRYPTO_SHA2_384_HMAC: 1005 break; 1006 default: 1007 error = EPROTONOSUPPORT; 1008 goto clr_ofld; 1009 } 1010 break; 1011 case CRYPTO_AES_NIST_GCM_16: 1012 if (tls->params.iv_len != SALT_SIZE) { 1013 error = EINVAL; 1014 goto clr_ofld; 1015 } 1016 switch (tls->params.cipher_key_len) { 1017 case 128 / 8: 1018 case 192 / 8: 1019 case 256 / 8: 1020 break; 1021 default: 1022 error = EINVAL; 1023 goto clr_ofld; 1024 } 1025 break; 1026 default: 1027 error = EPROTONOSUPPORT; 1028 goto clr_ofld; 1029 } 1030 1031 /* Only TLS 1.1 and TLS 1.2 are currently supported. */ 1032 if (tls->params.tls_vmajor != TLS_MAJOR_VER_ONE || 1033 tls->params.tls_vminor < TLS_MINOR_VER_ONE || 1034 tls->params.tls_vminor > TLS_MINOR_VER_TWO) { 1035 error = EPROTONOSUPPORT; 1036 goto clr_ofld; 1037 } 1038 1039 /* Bail if we already have a key. */ 1040 if (direction == KTLS_TX) { 1041 if (toep->tls.tx_key_addr != -1) 1042 return (EOPNOTSUPP); 1043 } else { 1044 if (toep->tls.rx_key_addr != -1) 1045 return (EOPNOTSUPP); 1046 } 1047 1048 /* 1049 * XXX: This assumes no key renegotation. If KTLS ever supports 1050 * that we will want to allocate TLS sessions dynamically rather 1051 * than as a static member of toep. 1052 */ 1053 k_ctx = &toep->tls.k_ctx; 1054 init_ktls_key_context(tls, k_ctx, direction); 1055 1056 error = tls_program_key_id(toep, k_ctx); 1057 if (error) { 1058 if (direction == KTLS_RX) 1059 goto clr_ofld; 1060 return (error); 1061 } 1062 1063 if (direction == KTLS_TX) { 1064 toep->tls.scmd0.seqno_numivs = 1065 (V_SCMD_SEQ_NO_CTRL(3) | 1066 V_SCMD_PROTO_VERSION(get_proto_ver(k_ctx->proto_ver)) | 1067 V_SCMD_ENC_DEC_CTRL(SCMD_ENCDECCTRL_ENCRYPT) | 1068 V_SCMD_CIPH_AUTH_SEQ_CTRL((k_ctx->mac_first == 0)) | 1069 V_SCMD_CIPH_MODE(k_ctx->state.enc_mode) | 1070 V_SCMD_AUTH_MODE(k_ctx->state.auth_mode) | 1071 V_SCMD_HMAC_CTRL(k_ctx->hmac_ctrl) | 1072 V_SCMD_IV_SIZE(k_ctx->iv_size)); 1073 1074 toep->tls.scmd0.ivgen_hdrlen = 1075 (V_SCMD_IV_GEN_CTRL(k_ctx->iv_ctrl) | 1076 V_SCMD_KEY_CTX_INLINE(0) | 1077 V_SCMD_TLS_FRAG_ENABLE(1)); 1078 1079 if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) 1080 toep->tls.iv_len = 8; 1081 else 1082 toep->tls.iv_len = AES_BLOCK_LEN; 1083 1084 toep->tls.mac_length = k_ctx->mac_secret_size; 1085 1086 toep->tls.fcplenmax = get_tp_plen_max(&toep->tls); 1087 toep->tls.expn_per_ulp = tls->params.tls_hlen + 1088 tls->params.tls_tlen; 1089 toep->tls.pdus_per_ulp = 1; 1090 toep->tls.adjusted_plen = toep->tls.expn_per_ulp + 1091 toep->tls.k_ctx.frag_size; 1092 } else { 1093 /* Stop timer on handshake completion */ 1094 tls_stop_handshake_timer(toep); 1095 1096 toep->flags &= ~TPF_FORCE_CREDITS; 1097 toep->flags |= TPF_TLS_RECEIVE; 1098 1099 /* 1100 * RX key tags are an index into the key portion of MA 1101 * memory stored as an offset from the base address in 1102 * units of 64 bytes. 1103 */ 1104 key_offset = toep->tls.rx_key_addr - sc->vres.key.start; 1105 t4_set_tls_keyid(toep, key_offset / 64); 1106 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, 1107 V_TCB_ULP_RAW(M_TCB_ULP_RAW), 1108 V_TCB_ULP_RAW((V_TF_TLS_KEY_SIZE(3) | 1109 V_TF_TLS_CONTROL(1) | 1110 V_TF_TLS_ACTIVE(1) | 1111 V_TF_TLS_ENABLE(1)))); 1112 t4_set_tls_tcb_field(toep, W_TCB_TLS_SEQ, 1113 V_TCB_TLS_SEQ(M_TCB_TLS_SEQ), 1114 V_TCB_TLS_SEQ(0)); 1115 t4_clear_rx_quiesce(toep); 1116 } 1117 1118 toep->tls.mode = TLS_MODE_KTLS; 1119 1120 return (0); 1121 1122 clr_ofld: 1123 if (ulp_mode(toep) == ULP_MODE_TLS) { 1124 CTR2(KTR_CXGBE, "%s: tid %d clr_ofld_mode", __func__, 1125 toep->tid); 1126 tls_clr_ofld_mode(toep); 1127 } 1128 return (error); 1129 } 1130 #endif 1131 1132 void 1133 tls_init_toep(struct toepcb *toep) 1134 { 1135 struct tls_ofld_info *tls_ofld = &toep->tls; 1136 1137 tls_ofld->mode = TLS_MODE_OFF; 1138 tls_ofld->key_location = TLS_SFO_WR_CONTEXTLOC_DDR; 1139 tls_ofld->rx_key_addr = -1; 1140 tls_ofld->tx_key_addr = -1; 1141 } 1142 1143 void 1144 tls_establish(struct toepcb *toep) 1145 { 1146 1147 /* 1148 * Enable PDU extraction. 1149 * 1150 * XXX: Supposedly this should be done by the firmware when 1151 * the ULP_MODE FLOWC parameter is set in send_flowc_wr(), but 1152 * in practice this seems to be required. 1153 */ 1154 CTR2(KTR_CXGBE, "%s: tid %d setting TLS_ENABLE", __func__, toep->tid); 1155 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, V_TCB_ULP_RAW(M_TCB_ULP_RAW), 1156 V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1))); 1157 1158 toep->flags |= TPF_FORCE_CREDITS | TPF_TLS_ESTABLISHED; 1159 1160 callout_init_rw(&toep->tls.handshake_timer, &toep->inp->inp_lock, 0); 1161 tls_start_handshake_timer(toep); 1162 } 1163 1164 void 1165 tls_detach(struct toepcb *toep) 1166 { 1167 1168 if (toep->flags & TPF_TLS_ESTABLISHED) { 1169 tls_stop_handshake_timer(toep); 1170 toep->flags &= ~TPF_TLS_ESTABLISHED; 1171 } 1172 } 1173 1174 void 1175 tls_uninit_toep(struct toepcb *toep) 1176 { 1177 1178 MPASS((toep->flags & TPF_TLS_ESTABLISHED) == 0); 1179 clear_tls_keyid(toep); 1180 } 1181 1182 #define MAX_OFLD_TX_CREDITS (SGE_MAX_WR_LEN / 16) 1183 #define MIN_OFLD_TLSTX_CREDITS(toep) \ 1184 (howmany(sizeof(struct fw_tlstx_data_wr) + \ 1185 sizeof(struct cpl_tx_tls_sfo) + key_size((toep)) + \ 1186 CIPHER_BLOCK_SIZE + 1, 16)) 1187 1188 static inline u_int 1189 max_imm_tls_space(int tx_credits) 1190 { 1191 const int n = 2; /* Use only up to 2 desc for imm. data WR */ 1192 int space; 1193 1194 KASSERT(tx_credits >= 0 && 1195 tx_credits <= MAX_OFLD_TX_CREDITS, 1196 ("%s: %d credits", __func__, tx_credits)); 1197 1198 if (tx_credits >= (n * EQ_ESIZE) / 16) 1199 space = (n * EQ_ESIZE); 1200 else 1201 space = tx_credits * 16; 1202 return (space); 1203 } 1204 1205 static int 1206 count_mbuf_segs(struct mbuf *m, int skip, int len, int *max_nsegs_1mbufp) 1207 { 1208 int max_nsegs_1mbuf, n, nsegs; 1209 1210 while (skip >= m->m_len) { 1211 skip -= m->m_len; 1212 m = m->m_next; 1213 } 1214 1215 nsegs = 0; 1216 max_nsegs_1mbuf = 0; 1217 while (len > 0) { 1218 n = sglist_count(mtod(m, char *) + skip, m->m_len - skip); 1219 if (n > max_nsegs_1mbuf) 1220 max_nsegs_1mbuf = n; 1221 nsegs += n; 1222 len -= m->m_len - skip; 1223 skip = 0; 1224 m = m->m_next; 1225 } 1226 *max_nsegs_1mbufp = max_nsegs_1mbuf; 1227 return (nsegs); 1228 } 1229 1230 static void 1231 write_tlstx_wr(struct fw_tlstx_data_wr *txwr, struct toepcb *toep, 1232 unsigned int immdlen, unsigned int plen, unsigned int expn, 1233 unsigned int pdus, uint8_t credits, int shove, int imm_ivs) 1234 { 1235 struct tls_ofld_info *tls_ofld = &toep->tls; 1236 unsigned int len = plen + expn; 1237 1238 txwr->op_to_immdlen = htobe32(V_WR_OP(FW_TLSTX_DATA_WR) | 1239 V_FW_TLSTX_DATA_WR_COMPL(1) | 1240 V_FW_TLSTX_DATA_WR_IMMDLEN(immdlen)); 1241 txwr->flowid_len16 = htobe32(V_FW_TLSTX_DATA_WR_FLOWID(toep->tid) | 1242 V_FW_TLSTX_DATA_WR_LEN16(credits)); 1243 txwr->plen = htobe32(len); 1244 txwr->lsodisable_to_flags = htobe32(V_TX_ULP_MODE(ULP_MODE_TLS) | 1245 V_TX_URG(0) | /* F_T6_TX_FORCE | */ V_TX_SHOVE(shove)); 1246 txwr->ctxloc_to_exp = htobe32(V_FW_TLSTX_DATA_WR_NUMIVS(pdus) | 1247 V_FW_TLSTX_DATA_WR_EXP(expn) | 1248 V_FW_TLSTX_DATA_WR_CTXLOC(tls_ofld->key_location) | 1249 V_FW_TLSTX_DATA_WR_IVDSGL(!imm_ivs) | 1250 V_FW_TLSTX_DATA_WR_KEYSIZE(tls_ofld->k_ctx.tx_key_info_size >> 4)); 1251 txwr->mfs = htobe16(tls_ofld->k_ctx.frag_size); 1252 txwr->adjustedplen_pkd = htobe16( 1253 V_FW_TLSTX_DATA_WR_ADJUSTEDPLEN(tls_ofld->adjusted_plen)); 1254 txwr->expinplenmax_pkd = htobe16( 1255 V_FW_TLSTX_DATA_WR_EXPINPLENMAX(tls_ofld->expn_per_ulp)); 1256 txwr->pdusinplenmax_pkd = 1257 V_FW_TLSTX_DATA_WR_PDUSINPLENMAX(tls_ofld->pdus_per_ulp); 1258 } 1259 1260 static void 1261 write_tlstx_cpl(struct cpl_tx_tls_sfo *cpl, struct toepcb *toep, 1262 struct tls_hdr *tls_hdr, unsigned int plen, unsigned int pdus) 1263 { 1264 struct tls_ofld_info *tls_ofld = &toep->tls; 1265 int data_type, seglen; 1266 1267 if (plen < tls_ofld->k_ctx.frag_size) 1268 seglen = plen; 1269 else 1270 seglen = tls_ofld->k_ctx.frag_size; 1271 data_type = tls_content_type(tls_hdr->type); 1272 cpl->op_to_seg_len = htobe32(V_CPL_TX_TLS_SFO_OPCODE(CPL_TX_TLS_SFO) | 1273 V_CPL_TX_TLS_SFO_DATA_TYPE(data_type) | 1274 V_CPL_TX_TLS_SFO_CPL_LEN(2) | V_CPL_TX_TLS_SFO_SEG_LEN(seglen)); 1275 cpl->pld_len = htobe32(plen); 1276 if (data_type == CPL_TX_TLS_SFO_TYPE_HEARTBEAT) 1277 cpl->type_protover = htobe32( 1278 V_CPL_TX_TLS_SFO_TYPE(tls_hdr->type)); 1279 cpl->seqno_numivs = htobe32(tls_ofld->scmd0.seqno_numivs | 1280 V_SCMD_NUM_IVS(pdus)); 1281 cpl->ivgen_hdrlen = htobe32(tls_ofld->scmd0.ivgen_hdrlen); 1282 cpl->scmd1 = htobe64(tls_ofld->tx_seq_no); 1283 tls_ofld->tx_seq_no += pdus; 1284 } 1285 1286 /* 1287 * Similar to write_tx_sgl() except that it accepts an optional 1288 * trailer buffer for IVs. 1289 */ 1290 static void 1291 write_tlstx_sgl(void *dst, struct mbuf *start, int skip, int plen, 1292 void *iv_buffer, int iv_len, int nsegs, int n) 1293 { 1294 struct mbuf *m; 1295 struct ulptx_sgl *usgl = dst; 1296 int i, j, rc; 1297 struct sglist sg; 1298 struct sglist_seg segs[n]; 1299 1300 KASSERT(nsegs > 0, ("%s: nsegs 0", __func__)); 1301 1302 sglist_init(&sg, n, segs); 1303 usgl->cmd_nsge = htobe32(V_ULPTX_CMD(ULP_TX_SC_DSGL) | 1304 V_ULPTX_NSGE(nsegs)); 1305 1306 for (m = start; skip >= m->m_len; m = m->m_next) 1307 skip -= m->m_len; 1308 1309 i = -1; 1310 for (m = start; plen > 0; m = m->m_next) { 1311 rc = sglist_append(&sg, mtod(m, char *) + skip, 1312 m->m_len - skip); 1313 if (__predict_false(rc != 0)) 1314 panic("%s: sglist_append %d", __func__, rc); 1315 plen -= m->m_len - skip; 1316 skip = 0; 1317 1318 for (j = 0; j < sg.sg_nseg; i++, j++) { 1319 if (i < 0) { 1320 usgl->len0 = htobe32(segs[j].ss_len); 1321 usgl->addr0 = htobe64(segs[j].ss_paddr); 1322 } else { 1323 usgl->sge[i / 2].len[i & 1] = 1324 htobe32(segs[j].ss_len); 1325 usgl->sge[i / 2].addr[i & 1] = 1326 htobe64(segs[j].ss_paddr); 1327 } 1328 #ifdef INVARIANTS 1329 nsegs--; 1330 #endif 1331 } 1332 sglist_reset(&sg); 1333 } 1334 if (iv_buffer != NULL) { 1335 rc = sglist_append(&sg, iv_buffer, iv_len); 1336 if (__predict_false(rc != 0)) 1337 panic("%s: sglist_append %d", __func__, rc); 1338 1339 for (j = 0; j < sg.sg_nseg; i++, j++) { 1340 if (i < 0) { 1341 usgl->len0 = htobe32(segs[j].ss_len); 1342 usgl->addr0 = htobe64(segs[j].ss_paddr); 1343 } else { 1344 usgl->sge[i / 2].len[i & 1] = 1345 htobe32(segs[j].ss_len); 1346 usgl->sge[i / 2].addr[i & 1] = 1347 htobe64(segs[j].ss_paddr); 1348 } 1349 #ifdef INVARIANTS 1350 nsegs--; 1351 #endif 1352 } 1353 } 1354 if (i & 1) 1355 usgl->sge[i / 2].len[1] = htobe32(0); 1356 KASSERT(nsegs == 0, ("%s: nsegs %d, start %p, iv_buffer %p", 1357 __func__, nsegs, start, iv_buffer)); 1358 } 1359 1360 /* 1361 * Similar to t4_push_frames() but handles TLS sockets when TLS offload 1362 * is enabled. Rather than transmitting bulk data, the socket buffer 1363 * contains TLS records. The work request requires a full TLS record, 1364 * so batch mbufs up until a full TLS record is seen. This requires 1365 * reading the TLS header out of the start of each record to determine 1366 * its length. 1367 */ 1368 void 1369 t4_push_tls_records(struct adapter *sc, struct toepcb *toep, int drop) 1370 { 1371 struct tls_hdr thdr; 1372 struct mbuf *sndptr; 1373 struct fw_tlstx_data_wr *txwr; 1374 struct cpl_tx_tls_sfo *cpl; 1375 struct wrqe *wr; 1376 u_int plen, nsegs, credits, space, max_nsegs_1mbuf, wr_len; 1377 u_int expn_size, iv_len, pdus, sndptroff; 1378 struct tls_ofld_info *tls_ofld = &toep->tls; 1379 struct inpcb *inp = toep->inp; 1380 struct tcpcb *tp = intotcpcb(inp); 1381 struct socket *so = inp->inp_socket; 1382 struct sockbuf *sb = &so->so_snd; 1383 int tls_size, tx_credits, shove, /* compl,*/ sowwakeup; 1384 struct ofld_tx_sdesc *txsd; 1385 bool imm_ivs, imm_payload; 1386 void *iv_buffer, *iv_dst, *buf; 1387 1388 INP_WLOCK_ASSERT(inp); 1389 KASSERT(toep->flags & TPF_FLOWC_WR_SENT, 1390 ("%s: flowc_wr not sent for tid %u.", __func__, toep->tid)); 1391 1392 KASSERT(ulp_mode(toep) == ULP_MODE_NONE || 1393 ulp_mode(toep) == ULP_MODE_TCPDDP || ulp_mode(toep) == ULP_MODE_TLS, 1394 ("%s: ulp_mode %u for toep %p", __func__, ulp_mode(toep), toep)); 1395 KASSERT(tls_tx_key(toep), 1396 ("%s: TX key not set for toep %p", __func__, toep)); 1397 1398 #ifdef VERBOSE_TRACES 1399 CTR4(KTR_CXGBE, "%s: tid %d toep flags %#x tp flags %#x drop %d", 1400 __func__, toep->tid, toep->flags, tp->t_flags); 1401 #endif 1402 if (__predict_false(toep->flags & TPF_ABORT_SHUTDOWN)) 1403 return; 1404 1405 #ifdef RATELIMIT 1406 if (__predict_false(inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) && 1407 (update_tx_rate_limit(sc, toep, so->so_max_pacing_rate) == 0)) { 1408 inp->inp_flags2 &= ~INP_RATE_LIMIT_CHANGED; 1409 } 1410 #endif 1411 1412 /* 1413 * This function doesn't resume by itself. Someone else must clear the 1414 * flag and call this function. 1415 */ 1416 if (__predict_false(toep->flags & TPF_TX_SUSPENDED)) { 1417 KASSERT(drop == 0, 1418 ("%s: drop (%d) != 0 but tx is suspended", __func__, drop)); 1419 return; 1420 } 1421 1422 txsd = &toep->txsd[toep->txsd_pidx]; 1423 for (;;) { 1424 tx_credits = min(toep->tx_credits, MAX_OFLD_TX_CREDITS); 1425 space = max_imm_tls_space(tx_credits); 1426 wr_len = sizeof(struct fw_tlstx_data_wr) + 1427 sizeof(struct cpl_tx_tls_sfo) + key_size(toep); 1428 if (wr_len + CIPHER_BLOCK_SIZE + 1 > space) { 1429 #ifdef VERBOSE_TRACES 1430 CTR5(KTR_CXGBE, 1431 "%s: tid %d tx_credits %d min_wr %d space %d", 1432 __func__, toep->tid, tx_credits, wr_len + 1433 CIPHER_BLOCK_SIZE + 1, space); 1434 #endif 1435 return; 1436 } 1437 1438 SOCKBUF_LOCK(sb); 1439 sowwakeup = drop; 1440 if (drop) { 1441 sbdrop_locked(sb, drop); 1442 MPASS(tls_ofld->sb_off >= drop); 1443 tls_ofld->sb_off -= drop; 1444 drop = 0; 1445 } 1446 1447 /* 1448 * Send a FIN if requested, but only if there's no 1449 * more data to send. 1450 */ 1451 if (sbavail(sb) == tls_ofld->sb_off && 1452 toep->flags & TPF_SEND_FIN) { 1453 if (sowwakeup) 1454 sowwakeup_locked(so); 1455 else 1456 SOCKBUF_UNLOCK(sb); 1457 SOCKBUF_UNLOCK_ASSERT(sb); 1458 t4_close_conn(sc, toep); 1459 return; 1460 } 1461 1462 if (sbavail(sb) < tls_ofld->sb_off + TLS_HEADER_LENGTH) { 1463 /* 1464 * A full TLS header is not yet queued, stop 1465 * for now until more data is added to the 1466 * socket buffer. However, if the connection 1467 * has been closed, we will never get the rest 1468 * of the header so just discard the partial 1469 * header and close the connection. 1470 */ 1471 #ifdef VERBOSE_TRACES 1472 CTR5(KTR_CXGBE, "%s: tid %d sbavail %d sb_off %d%s", 1473 __func__, toep->tid, sbavail(sb), tls_ofld->sb_off, 1474 toep->flags & TPF_SEND_FIN ? "" : " SEND_FIN"); 1475 #endif 1476 if (sowwakeup) 1477 sowwakeup_locked(so); 1478 else 1479 SOCKBUF_UNLOCK(sb); 1480 SOCKBUF_UNLOCK_ASSERT(sb); 1481 if (toep->flags & TPF_SEND_FIN) 1482 t4_close_conn(sc, toep); 1483 return; 1484 } 1485 1486 /* Read the header of the next TLS record. */ 1487 sndptr = sbsndmbuf(sb, tls_ofld->sb_off, &sndptroff); 1488 m_copydata(sndptr, sndptroff, sizeof(thdr), (caddr_t)&thdr); 1489 tls_size = htons(thdr.length); 1490 plen = TLS_HEADER_LENGTH + tls_size; 1491 pdus = howmany(tls_size, tls_ofld->k_ctx.frag_size); 1492 iv_len = pdus * CIPHER_BLOCK_SIZE; 1493 1494 if (sbavail(sb) < tls_ofld->sb_off + plen) { 1495 /* 1496 * The full TLS record is not yet queued, stop 1497 * for now until more data is added to the 1498 * socket buffer. However, if the connection 1499 * has been closed, we will never get the rest 1500 * of the record so just discard the partial 1501 * record and close the connection. 1502 */ 1503 #ifdef VERBOSE_TRACES 1504 CTR6(KTR_CXGBE, 1505 "%s: tid %d sbavail %d sb_off %d plen %d%s", 1506 __func__, toep->tid, sbavail(sb), tls_ofld->sb_off, 1507 plen, toep->flags & TPF_SEND_FIN ? "" : 1508 " SEND_FIN"); 1509 #endif 1510 if (sowwakeup) 1511 sowwakeup_locked(so); 1512 else 1513 SOCKBUF_UNLOCK(sb); 1514 SOCKBUF_UNLOCK_ASSERT(sb); 1515 if (toep->flags & TPF_SEND_FIN) 1516 t4_close_conn(sc, toep); 1517 return; 1518 } 1519 1520 /* Shove if there is no additional data pending. */ 1521 shove = (sbavail(sb) == tls_ofld->sb_off + plen) && 1522 !(tp->t_flags & TF_MORETOCOME); 1523 1524 if (sb->sb_flags & SB_AUTOSIZE && 1525 V_tcp_do_autosndbuf && 1526 sb->sb_hiwat < V_tcp_autosndbuf_max && 1527 sbused(sb) >= sb->sb_hiwat * 7 / 8) { 1528 int newsize = min(sb->sb_hiwat + V_tcp_autosndbuf_inc, 1529 V_tcp_autosndbuf_max); 1530 1531 if (!sbreserve_locked(sb, newsize, so, NULL)) 1532 sb->sb_flags &= ~SB_AUTOSIZE; 1533 else 1534 sowwakeup = 1; /* room available */ 1535 } 1536 if (sowwakeup) 1537 sowwakeup_locked(so); 1538 else 1539 SOCKBUF_UNLOCK(sb); 1540 SOCKBUF_UNLOCK_ASSERT(sb); 1541 1542 if (__predict_false(toep->flags & TPF_FIN_SENT)) 1543 panic("%s: excess tx.", __func__); 1544 1545 /* Determine whether to use immediate vs SGL. */ 1546 imm_payload = false; 1547 imm_ivs = false; 1548 if (wr_len + iv_len <= space) { 1549 imm_ivs = true; 1550 wr_len += iv_len; 1551 if (wr_len + tls_size <= space) { 1552 wr_len += tls_size; 1553 imm_payload = true; 1554 } 1555 } 1556 1557 /* Allocate space for IVs if needed. */ 1558 if (!imm_ivs) { 1559 iv_buffer = malloc(iv_len, M_CXGBE, M_NOWAIT); 1560 if (iv_buffer == NULL) { 1561 /* 1562 * XXX: How to restart this? 1563 */ 1564 if (sowwakeup) 1565 sowwakeup_locked(so); 1566 else 1567 SOCKBUF_UNLOCK(sb); 1568 SOCKBUF_UNLOCK_ASSERT(sb); 1569 CTR3(KTR_CXGBE, 1570 "%s: tid %d failed to alloc IV space len %d", 1571 __func__, toep->tid, iv_len); 1572 return; 1573 } 1574 } else 1575 iv_buffer = NULL; 1576 1577 /* Determine size of SGL. */ 1578 nsegs = 0; 1579 max_nsegs_1mbuf = 0; /* max # of SGL segments in any one mbuf */ 1580 if (!imm_payload) { 1581 nsegs = count_mbuf_segs(sndptr, sndptroff + 1582 TLS_HEADER_LENGTH, tls_size, &max_nsegs_1mbuf); 1583 if (!imm_ivs) { 1584 int n = sglist_count(iv_buffer, iv_len); 1585 nsegs += n; 1586 if (n > max_nsegs_1mbuf) 1587 max_nsegs_1mbuf = n; 1588 } 1589 1590 /* Account for SGL in work request length. */ 1591 wr_len += sizeof(struct ulptx_sgl) + 1592 ((3 * (nsegs - 1)) / 2 + ((nsegs - 1) & 1)) * 8; 1593 } 1594 1595 wr = alloc_wrqe(roundup2(wr_len, 16), toep->ofld_txq); 1596 if (wr == NULL) { 1597 /* XXX: how will we recover from this? */ 1598 toep->flags |= TPF_TX_SUSPENDED; 1599 return; 1600 } 1601 1602 #ifdef VERBOSE_TRACES 1603 CTR5(KTR_CXGBE, "%s: tid %d TLS record %d len %#x pdus %d", 1604 __func__, toep->tid, thdr.type, tls_size, pdus); 1605 #endif 1606 txwr = wrtod(wr); 1607 cpl = (struct cpl_tx_tls_sfo *)(txwr + 1); 1608 memset(txwr, 0, roundup2(wr_len, 16)); 1609 credits = howmany(wr_len, 16); 1610 expn_size = tls_expansion_size(toep, tls_size, 0, NULL); 1611 write_tlstx_wr(txwr, toep, imm_payload ? tls_size : 0, 1612 tls_size, expn_size, pdus, credits, shove, imm_ivs ? 1 : 0); 1613 write_tlstx_cpl(cpl, toep, &thdr, tls_size, pdus); 1614 tls_copy_tx_key(toep, cpl + 1); 1615 1616 /* Generate random IVs */ 1617 buf = (char *)(cpl + 1) + key_size(toep); 1618 if (imm_ivs) { 1619 MPASS(iv_buffer == NULL); 1620 iv_dst = buf; 1621 buf = (char *)iv_dst + iv_len; 1622 } else 1623 iv_dst = iv_buffer; 1624 arc4rand(iv_dst, iv_len, 0); 1625 1626 if (imm_payload) { 1627 m_copydata(sndptr, sndptroff + TLS_HEADER_LENGTH, 1628 tls_size, buf); 1629 } else { 1630 write_tlstx_sgl(buf, sndptr, 1631 sndptroff + TLS_HEADER_LENGTH, tls_size, iv_buffer, 1632 iv_len, nsegs, max_nsegs_1mbuf); 1633 } 1634 1635 KASSERT(toep->tx_credits >= credits, 1636 ("%s: not enough credits", __func__)); 1637 1638 toep->tx_credits -= credits; 1639 1640 tp->snd_nxt += plen; 1641 tp->snd_max += plen; 1642 1643 SOCKBUF_LOCK(sb); 1644 sbsndptr_adv(sb, sb->sb_sndptr, plen); 1645 tls_ofld->sb_off += plen; 1646 SOCKBUF_UNLOCK(sb); 1647 1648 toep->flags |= TPF_TX_DATA_SENT; 1649 if (toep->tx_credits < MIN_OFLD_TLSTX_CREDITS(toep)) 1650 toep->flags |= TPF_TX_SUSPENDED; 1651 1652 KASSERT(toep->txsd_avail > 0, ("%s: no txsd", __func__)); 1653 txsd->plen = plen; 1654 txsd->tx_credits = credits; 1655 txsd->iv_buffer = iv_buffer; 1656 txsd++; 1657 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) { 1658 toep->txsd_pidx = 0; 1659 txsd = &toep->txsd[0]; 1660 } 1661 toep->txsd_avail--; 1662 1663 atomic_add_long(&toep->vi->pi->tx_toe_tls_records, 1); 1664 atomic_add_long(&toep->vi->pi->tx_toe_tls_octets, plen); 1665 1666 t4_l2t_send(sc, wr, toep->l2te); 1667 } 1668 } 1669 1670 #ifdef KERN_TLS 1671 static int 1672 count_ext_pgs_segs(struct mbuf *m) 1673 { 1674 vm_paddr_t nextpa; 1675 u_int i, nsegs; 1676 1677 MPASS(m->m_epg_npgs > 0); 1678 nsegs = 1; 1679 nextpa = m->m_epg_pa[0] + PAGE_SIZE; 1680 for (i = 1; i < m->m_epg_npgs; i++) { 1681 if (nextpa != m->m_epg_pa[i]) 1682 nsegs++; 1683 nextpa = m->m_epg_pa[i] + PAGE_SIZE; 1684 } 1685 return (nsegs); 1686 } 1687 1688 static void 1689 write_ktlstx_sgl(void *dst, struct mbuf *m, int nsegs) 1690 { 1691 struct ulptx_sgl *usgl = dst; 1692 vm_paddr_t pa; 1693 uint32_t len; 1694 int i, j; 1695 1696 KASSERT(nsegs > 0, ("%s: nsegs 0", __func__)); 1697 1698 usgl->cmd_nsge = htobe32(V_ULPTX_CMD(ULP_TX_SC_DSGL) | 1699 V_ULPTX_NSGE(nsegs)); 1700 1701 /* Figure out the first S/G length. */ 1702 pa = m->m_epg_pa[0] + m->m_epg_1st_off; 1703 usgl->addr0 = htobe64(pa); 1704 len = m_epg_pagelen(m, 0, m->m_epg_1st_off); 1705 pa += len; 1706 for (i = 1; i < m->m_epg_npgs; i++) { 1707 if (m->m_epg_pa[i] != pa) 1708 break; 1709 len += m_epg_pagelen(m, i, 0); 1710 pa += m_epg_pagelen(m, i, 0); 1711 } 1712 usgl->len0 = htobe32(len); 1713 #ifdef INVARIANTS 1714 nsegs--; 1715 #endif 1716 1717 j = -1; 1718 for (; i < m->m_epg_npgs; i++) { 1719 if (j == -1 || m->m_epg_pa[i] != pa) { 1720 if (j >= 0) 1721 usgl->sge[j / 2].len[j & 1] = htobe32(len); 1722 j++; 1723 #ifdef INVARIANTS 1724 nsegs--; 1725 #endif 1726 pa = m->m_epg_pa[i]; 1727 usgl->sge[j / 2].addr[j & 1] = htobe64(pa); 1728 len = m_epg_pagelen(m, i, 0); 1729 pa += len; 1730 } else { 1731 len += m_epg_pagelen(m, i, 0); 1732 pa += m_epg_pagelen(m, i, 0); 1733 } 1734 } 1735 if (j >= 0) { 1736 usgl->sge[j / 2].len[j & 1] = htobe32(len); 1737 1738 if ((j & 1) == 0) 1739 usgl->sge[j / 2].len[1] = htobe32(0); 1740 } 1741 KASSERT(nsegs == 0, ("%s: nsegs %d, m %p", __func__, nsegs, m)); 1742 } 1743 1744 /* 1745 * Similar to t4_push_frames() but handles sockets that contain TLS 1746 * record mbufs. Unlike TLSOM, each mbuf is a complete TLS record and 1747 * corresponds to a single work request. 1748 */ 1749 void 1750 t4_push_ktls(struct adapter *sc, struct toepcb *toep, int drop) 1751 { 1752 struct tls_hdr *thdr; 1753 struct fw_tlstx_data_wr *txwr; 1754 struct cpl_tx_tls_sfo *cpl; 1755 struct wrqe *wr; 1756 struct mbuf *m; 1757 u_int nsegs, credits, wr_len; 1758 u_int expn_size; 1759 struct inpcb *inp = toep->inp; 1760 struct tcpcb *tp = intotcpcb(inp); 1761 struct socket *so = inp->inp_socket; 1762 struct sockbuf *sb = &so->so_snd; 1763 int tls_size, tx_credits, shove, sowwakeup; 1764 struct ofld_tx_sdesc *txsd; 1765 char *buf; 1766 1767 INP_WLOCK_ASSERT(inp); 1768 KASSERT(toep->flags & TPF_FLOWC_WR_SENT, 1769 ("%s: flowc_wr not sent for tid %u.", __func__, toep->tid)); 1770 1771 KASSERT(ulp_mode(toep) == ULP_MODE_NONE || 1772 ulp_mode(toep) == ULP_MODE_TCPDDP || ulp_mode(toep) == ULP_MODE_TLS, 1773 ("%s: ulp_mode %u for toep %p", __func__, ulp_mode(toep), toep)); 1774 KASSERT(tls_tx_key(toep), 1775 ("%s: TX key not set for toep %p", __func__, toep)); 1776 1777 #ifdef VERBOSE_TRACES 1778 CTR4(KTR_CXGBE, "%s: tid %d toep flags %#x tp flags %#x drop %d", 1779 __func__, toep->tid, toep->flags, tp->t_flags); 1780 #endif 1781 if (__predict_false(toep->flags & TPF_ABORT_SHUTDOWN)) 1782 return; 1783 1784 #ifdef RATELIMIT 1785 if (__predict_false(inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) && 1786 (update_tx_rate_limit(sc, toep, so->so_max_pacing_rate) == 0)) { 1787 inp->inp_flags2 &= ~INP_RATE_LIMIT_CHANGED; 1788 } 1789 #endif 1790 1791 /* 1792 * This function doesn't resume by itself. Someone else must clear the 1793 * flag and call this function. 1794 */ 1795 if (__predict_false(toep->flags & TPF_TX_SUSPENDED)) { 1796 KASSERT(drop == 0, 1797 ("%s: drop (%d) != 0 but tx is suspended", __func__, drop)); 1798 return; 1799 } 1800 1801 txsd = &toep->txsd[toep->txsd_pidx]; 1802 for (;;) { 1803 tx_credits = min(toep->tx_credits, MAX_OFLD_TX_CREDITS); 1804 1805 SOCKBUF_LOCK(sb); 1806 sowwakeup = drop; 1807 if (drop) { 1808 sbdrop_locked(sb, drop); 1809 drop = 0; 1810 } 1811 1812 m = sb->sb_sndptr != NULL ? sb->sb_sndptr->m_next : sb->sb_mb; 1813 1814 /* 1815 * Send a FIN if requested, but only if there's no 1816 * more data to send. 1817 */ 1818 if (m == NULL && toep->flags & TPF_SEND_FIN) { 1819 if (sowwakeup) 1820 sowwakeup_locked(so); 1821 else 1822 SOCKBUF_UNLOCK(sb); 1823 SOCKBUF_UNLOCK_ASSERT(sb); 1824 t4_close_conn(sc, toep); 1825 return; 1826 } 1827 1828 /* 1829 * If there is no ready data to send, wait until more 1830 * data arrives. 1831 */ 1832 if (m == NULL || (m->m_flags & M_NOTAVAIL) != 0) { 1833 if (sowwakeup) 1834 sowwakeup_locked(so); 1835 else 1836 SOCKBUF_UNLOCK(sb); 1837 SOCKBUF_UNLOCK_ASSERT(sb); 1838 #ifdef VERBOSE_TRACES 1839 CTR2(KTR_CXGBE, "%s: tid %d no ready data to send", 1840 __func__, toep->tid); 1841 #endif 1842 return; 1843 } 1844 1845 KASSERT(m->m_flags & M_EXTPG, ("%s: mbuf %p is not NOMAP", 1846 __func__, m)); 1847 KASSERT(m->m_epg_tls != NULL, 1848 ("%s: mbuf %p doesn't have TLS session", __func__, m)); 1849 1850 /* Calculate WR length. */ 1851 wr_len = sizeof(struct fw_tlstx_data_wr) + 1852 sizeof(struct cpl_tx_tls_sfo) + key_size(toep); 1853 1854 /* Explicit IVs for AES-CBC and AES-GCM are <= 16. */ 1855 MPASS(toep->tls.iv_len <= AES_BLOCK_LEN); 1856 wr_len += AES_BLOCK_LEN; 1857 1858 /* Account for SGL in work request length. */ 1859 nsegs = count_ext_pgs_segs(m); 1860 wr_len += sizeof(struct ulptx_sgl) + 1861 ((3 * (nsegs - 1)) / 2 + ((nsegs - 1) & 1)) * 8; 1862 1863 /* Not enough credits for this work request. */ 1864 if (howmany(wr_len, 16) > tx_credits) { 1865 if (sowwakeup) 1866 sowwakeup_locked(so); 1867 else 1868 SOCKBUF_UNLOCK(sb); 1869 SOCKBUF_UNLOCK_ASSERT(sb); 1870 #ifdef VERBOSE_TRACES 1871 CTR5(KTR_CXGBE, 1872 "%s: tid %d mbuf %p requires %d credits, but only %d available", 1873 __func__, toep->tid, m, howmany(wr_len, 16), 1874 tx_credits); 1875 #endif 1876 toep->flags |= TPF_TX_SUSPENDED; 1877 return; 1878 } 1879 1880 /* Shove if there is no additional data pending. */ 1881 shove = ((m->m_next == NULL || 1882 (m->m_next->m_flags & M_NOTAVAIL) != 0)) && 1883 (tp->t_flags & TF_MORETOCOME) == 0; 1884 1885 if (sb->sb_flags & SB_AUTOSIZE && 1886 V_tcp_do_autosndbuf && 1887 sb->sb_hiwat < V_tcp_autosndbuf_max && 1888 sbused(sb) >= sb->sb_hiwat * 7 / 8) { 1889 int newsize = min(sb->sb_hiwat + V_tcp_autosndbuf_inc, 1890 V_tcp_autosndbuf_max); 1891 1892 if (!sbreserve_locked(sb, newsize, so, NULL)) 1893 sb->sb_flags &= ~SB_AUTOSIZE; 1894 else 1895 sowwakeup = 1; /* room available */ 1896 } 1897 if (sowwakeup) 1898 sowwakeup_locked(so); 1899 else 1900 SOCKBUF_UNLOCK(sb); 1901 SOCKBUF_UNLOCK_ASSERT(sb); 1902 1903 if (__predict_false(toep->flags & TPF_FIN_SENT)) 1904 panic("%s: excess tx.", __func__); 1905 1906 wr = alloc_wrqe(roundup2(wr_len, 16), toep->ofld_txq); 1907 if (wr == NULL) { 1908 /* XXX: how will we recover from this? */ 1909 toep->flags |= TPF_TX_SUSPENDED; 1910 return; 1911 } 1912 1913 thdr = (struct tls_hdr *)&m->m_epg_hdr; 1914 #ifdef VERBOSE_TRACES 1915 CTR5(KTR_CXGBE, "%s: tid %d TLS record %ju type %d len %#x", 1916 __func__, toep->tid, m->m_epg_seqno, thdr->type, 1917 m->m_len); 1918 #endif 1919 txwr = wrtod(wr); 1920 cpl = (struct cpl_tx_tls_sfo *)(txwr + 1); 1921 memset(txwr, 0, roundup2(wr_len, 16)); 1922 credits = howmany(wr_len, 16); 1923 expn_size = m->m_epg_hdrlen + 1924 m->m_epg_trllen; 1925 tls_size = m->m_len - expn_size; 1926 write_tlstx_wr(txwr, toep, 0, 1927 tls_size, expn_size, 1, credits, shove, 1); 1928 toep->tls.tx_seq_no = m->m_epg_seqno; 1929 write_tlstx_cpl(cpl, toep, thdr, tls_size, 1); 1930 tls_copy_tx_key(toep, cpl + 1); 1931 1932 /* Copy IV. */ 1933 buf = (char *)(cpl + 1) + key_size(toep); 1934 memcpy(buf, thdr + 1, toep->tls.iv_len); 1935 buf += AES_BLOCK_LEN; 1936 1937 write_ktlstx_sgl(buf, m, nsegs); 1938 1939 KASSERT(toep->tx_credits >= credits, 1940 ("%s: not enough credits", __func__)); 1941 1942 toep->tx_credits -= credits; 1943 1944 tp->snd_nxt += m->m_len; 1945 tp->snd_max += m->m_len; 1946 1947 SOCKBUF_LOCK(sb); 1948 sb->sb_sndptr = m; 1949 SOCKBUF_UNLOCK(sb); 1950 1951 toep->flags |= TPF_TX_DATA_SENT; 1952 if (toep->tx_credits < MIN_OFLD_TLSTX_CREDITS(toep)) 1953 toep->flags |= TPF_TX_SUSPENDED; 1954 1955 KASSERT(toep->txsd_avail > 0, ("%s: no txsd", __func__)); 1956 txsd->plen = m->m_len; 1957 txsd->tx_credits = credits; 1958 txsd++; 1959 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) { 1960 toep->txsd_pidx = 0; 1961 txsd = &toep->txsd[0]; 1962 } 1963 toep->txsd_avail--; 1964 1965 atomic_add_long(&toep->vi->pi->tx_toe_tls_records, 1); 1966 atomic_add_long(&toep->vi->pi->tx_toe_tls_octets, m->m_len); 1967 1968 t4_l2t_send(sc, wr, toep->l2te); 1969 } 1970 } 1971 #endif 1972 1973 /* 1974 * For TLS data we place received mbufs received via CPL_TLS_DATA into 1975 * an mbufq in the TLS offload state. When CPL_RX_TLS_CMP is 1976 * received, the completed PDUs are placed into the socket receive 1977 * buffer. 1978 * 1979 * The TLS code reuses the ulp_pdu_reclaimq to hold the pending mbufs. 1980 */ 1981 static int 1982 do_tls_data(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m) 1983 { 1984 struct adapter *sc = iq->adapter; 1985 const struct cpl_tls_data *cpl = mtod(m, const void *); 1986 unsigned int tid = GET_TID(cpl); 1987 struct toepcb *toep = lookup_tid(sc, tid); 1988 struct inpcb *inp = toep->inp; 1989 struct tcpcb *tp; 1990 int len; 1991 1992 /* XXX: Should this match do_rx_data instead? */ 1993 KASSERT(!(toep->flags & TPF_SYNQE), 1994 ("%s: toep %p claims to be a synq entry", __func__, toep)); 1995 1996 KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__)); 1997 1998 /* strip off CPL header */ 1999 m_adj(m, sizeof(*cpl)); 2000 len = m->m_pkthdr.len; 2001 2002 atomic_add_long(&toep->vi->pi->rx_toe_tls_octets, len); 2003 2004 KASSERT(len == G_CPL_TLS_DATA_LENGTH(be32toh(cpl->length_pkd)), 2005 ("%s: payload length mismatch", __func__)); 2006 2007 INP_WLOCK(inp); 2008 if (inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT)) { 2009 CTR4(KTR_CXGBE, "%s: tid %u, rx (%d bytes), inp_flags 0x%x", 2010 __func__, tid, len, inp->inp_flags); 2011 INP_WUNLOCK(inp); 2012 m_freem(m); 2013 return (0); 2014 } 2015 2016 /* Save TCP sequence number. */ 2017 m->m_pkthdr.tls_tcp_seq = be32toh(cpl->seq); 2018 2019 if (mbufq_enqueue(&toep->ulp_pdu_reclaimq, m)) { 2020 #ifdef INVARIANTS 2021 panic("Failed to queue TLS data packet"); 2022 #else 2023 printf("%s: Failed to queue TLS data packet\n", __func__); 2024 INP_WUNLOCK(inp); 2025 m_freem(m); 2026 return (0); 2027 #endif 2028 } 2029 2030 tp = intotcpcb(inp); 2031 tp->t_rcvtime = ticks; 2032 2033 #ifdef VERBOSE_TRACES 2034 CTR4(KTR_CXGBE, "%s: tid %u len %d seq %u", __func__, tid, len, 2035 be32toh(cpl->seq)); 2036 #endif 2037 2038 INP_WUNLOCK(inp); 2039 return (0); 2040 } 2041 2042 static int 2043 do_rx_tls_cmp(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m) 2044 { 2045 struct adapter *sc = iq->adapter; 2046 const struct cpl_rx_tls_cmp *cpl = mtod(m, const void *); 2047 struct tlsrx_hdr_pkt *tls_hdr_pkt; 2048 unsigned int tid = GET_TID(cpl); 2049 struct toepcb *toep = lookup_tid(sc, tid); 2050 struct inpcb *inp = toep->inp; 2051 struct tcpcb *tp; 2052 struct socket *so; 2053 struct sockbuf *sb; 2054 struct mbuf *tls_data; 2055 #ifdef KERN_TLS 2056 struct tls_get_record *tgr; 2057 struct mbuf *control; 2058 #endif 2059 int len, pdu_length, rx_credits; 2060 2061 KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__)); 2062 KASSERT(!(toep->flags & TPF_SYNQE), 2063 ("%s: toep %p claims to be a synq entry", __func__, toep)); 2064 2065 /* strip off CPL header */ 2066 m_adj(m, sizeof(*cpl)); 2067 len = m->m_pkthdr.len; 2068 2069 atomic_add_long(&toep->vi->pi->rx_toe_tls_records, 1); 2070 2071 KASSERT(len == G_CPL_RX_TLS_CMP_LENGTH(be32toh(cpl->pdulength_length)), 2072 ("%s: payload length mismatch", __func__)); 2073 2074 INP_WLOCK(inp); 2075 if (inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT)) { 2076 CTR4(KTR_CXGBE, "%s: tid %u, rx (%d bytes), inp_flags 0x%x", 2077 __func__, tid, len, inp->inp_flags); 2078 INP_WUNLOCK(inp); 2079 m_freem(m); 2080 return (0); 2081 } 2082 2083 pdu_length = G_CPL_RX_TLS_CMP_PDULENGTH(be32toh(cpl->pdulength_length)); 2084 2085 so = inp_inpcbtosocket(inp); 2086 tp = intotcpcb(inp); 2087 2088 #ifdef VERBOSE_TRACES 2089 CTR6(KTR_CXGBE, "%s: tid %u PDU len %d len %d seq %u, rcv_nxt %u", 2090 __func__, tid, pdu_length, len, be32toh(cpl->seq), tp->rcv_nxt); 2091 #endif 2092 2093 tp->rcv_nxt += pdu_length; 2094 KASSERT(tp->rcv_wnd >= pdu_length, 2095 ("%s: negative window size", __func__)); 2096 tp->rcv_wnd -= pdu_length; 2097 2098 /* XXX: Not sure what to do about urgent data. */ 2099 2100 /* 2101 * The payload of this CPL is the TLS header followed by 2102 * additional fields. 2103 */ 2104 KASSERT(m->m_len >= sizeof(*tls_hdr_pkt), 2105 ("%s: payload too small", __func__)); 2106 tls_hdr_pkt = mtod(m, void *); 2107 2108 tls_data = mbufq_dequeue(&toep->ulp_pdu_reclaimq); 2109 if (tls_data != NULL) { 2110 KASSERT(be32toh(cpl->seq) == tls_data->m_pkthdr.tls_tcp_seq, 2111 ("%s: sequence mismatch", __func__)); 2112 } 2113 2114 #ifdef KERN_TLS 2115 if (toep->tls.mode == TLS_MODE_KTLS) { 2116 /* Report decryption errors as EBADMSG. */ 2117 if ((tls_hdr_pkt->res_to_mac_error & M_TLSRX_HDR_PKT_ERROR) != 2118 0) { 2119 m_freem(m); 2120 m_freem(tls_data); 2121 2122 CURVNET_SET(toep->vnet); 2123 so->so_error = EBADMSG; 2124 sorwakeup(so); 2125 2126 INP_WUNLOCK(inp); 2127 CURVNET_RESTORE(); 2128 2129 return (0); 2130 } 2131 2132 /* Allocate the control message mbuf. */ 2133 control = sbcreatecontrol(NULL, sizeof(*tgr), TLS_GET_RECORD, 2134 IPPROTO_TCP); 2135 if (control == NULL) { 2136 m_freem(m); 2137 m_freem(tls_data); 2138 2139 CURVNET_SET(toep->vnet); 2140 so->so_error = ENOBUFS; 2141 sorwakeup(so); 2142 2143 INP_WUNLOCK(inp); 2144 CURVNET_RESTORE(); 2145 2146 return (0); 2147 } 2148 2149 tgr = (struct tls_get_record *) 2150 CMSG_DATA(mtod(control, struct cmsghdr *)); 2151 tgr->tls_type = tls_hdr_pkt->type; 2152 tgr->tls_vmajor = be16toh(tls_hdr_pkt->version) >> 8; 2153 tgr->tls_vminor = be16toh(tls_hdr_pkt->version) & 0xff; 2154 2155 m_freem(m); 2156 2157 if (tls_data != NULL) { 2158 m_last(tls_data)->m_flags |= M_EOR; 2159 tgr->tls_length = htobe16(tls_data->m_pkthdr.len); 2160 } else 2161 tgr->tls_length = 0; 2162 m = tls_data; 2163 } else 2164 #endif 2165 { 2166 /* 2167 * Only the TLS header is sent to OpenSSL, so report 2168 * errors by altering the record type. 2169 */ 2170 if ((tls_hdr_pkt->res_to_mac_error & M_TLSRX_HDR_PKT_ERROR) != 2171 0) 2172 tls_hdr_pkt->type = CONTENT_TYPE_ERROR; 2173 2174 /* Trim this CPL's mbuf to only include the TLS header. */ 2175 KASSERT(m->m_len == len && m->m_next == NULL, 2176 ("%s: CPL spans multiple mbufs", __func__)); 2177 m->m_len = TLS_HEADER_LENGTH; 2178 m->m_pkthdr.len = TLS_HEADER_LENGTH; 2179 2180 if (tls_data != NULL) { 2181 /* 2182 * Update the TLS header length to be the length of 2183 * the payload data. 2184 */ 2185 tls_hdr_pkt->length = htobe16(tls_data->m_pkthdr.len); 2186 2187 m->m_next = tls_data; 2188 m->m_pkthdr.len += tls_data->m_len; 2189 } 2190 2191 #ifdef KERN_TLS 2192 control = NULL; 2193 #endif 2194 } 2195 2196 sb = &so->so_rcv; 2197 SOCKBUF_LOCK(sb); 2198 2199 if (__predict_false(sb->sb_state & SBS_CANTRCVMORE)) { 2200 struct epoch_tracker et; 2201 2202 CTR3(KTR_CXGBE, "%s: tid %u, excess rx (%d bytes)", 2203 __func__, tid, pdu_length); 2204 m_freem(m); 2205 #ifdef KERN_TLS 2206 m_freem(control); 2207 #endif 2208 SOCKBUF_UNLOCK(sb); 2209 INP_WUNLOCK(inp); 2210 2211 CURVNET_SET(toep->vnet); 2212 NET_EPOCH_ENTER(et); 2213 INP_WLOCK(inp); 2214 tp = tcp_drop(tp, ECONNRESET); 2215 if (tp) 2216 INP_WUNLOCK(inp); 2217 NET_EPOCH_EXIT(et); 2218 CURVNET_RESTORE(); 2219 2220 return (0); 2221 } 2222 2223 /* 2224 * Not all of the bytes on the wire are included in the socket buffer 2225 * (e.g. the MAC of the TLS record). However, those bytes are included 2226 * in the TCP sequence space. 2227 */ 2228 2229 /* receive buffer autosize */ 2230 MPASS(toep->vnet == so->so_vnet); 2231 CURVNET_SET(toep->vnet); 2232 if (sb->sb_flags & SB_AUTOSIZE && 2233 V_tcp_do_autorcvbuf && 2234 sb->sb_hiwat < V_tcp_autorcvbuf_max && 2235 m->m_pkthdr.len > (sbspace(sb) / 8 * 7)) { 2236 unsigned int hiwat = sb->sb_hiwat; 2237 unsigned int newsize = min(hiwat + sc->tt.autorcvbuf_inc, 2238 V_tcp_autorcvbuf_max); 2239 2240 if (!sbreserve_locked(sb, newsize, so, NULL)) 2241 sb->sb_flags &= ~SB_AUTOSIZE; 2242 } 2243 2244 #ifdef KERN_TLS 2245 if (control != NULL) 2246 sbappendcontrol_locked(sb, m, control, 0); 2247 else 2248 #endif 2249 sbappendstream_locked(sb, m, 0); 2250 rx_credits = sbspace(sb) > tp->rcv_wnd ? sbspace(sb) - tp->rcv_wnd : 0; 2251 #ifdef VERBOSE_TRACES 2252 CTR4(KTR_CXGBE, "%s: tid %u rx_credits %u rcv_wnd %u", 2253 __func__, tid, rx_credits, tp->rcv_wnd); 2254 #endif 2255 if (rx_credits > 0 && sbused(sb) + tp->rcv_wnd < sb->sb_lowat) { 2256 rx_credits = send_rx_credits(sc, toep, rx_credits); 2257 tp->rcv_wnd += rx_credits; 2258 tp->rcv_adv += rx_credits; 2259 } 2260 2261 sorwakeup_locked(so); 2262 SOCKBUF_UNLOCK_ASSERT(sb); 2263 2264 INP_WUNLOCK(inp); 2265 CURVNET_RESTORE(); 2266 return (0); 2267 } 2268 2269 void 2270 do_rx_data_tls(const struct cpl_rx_data *cpl, struct toepcb *toep, 2271 struct mbuf *m) 2272 { 2273 struct inpcb *inp = toep->inp; 2274 struct tls_ofld_info *tls_ofld = &toep->tls; 2275 struct tls_hdr *hdr; 2276 struct tcpcb *tp; 2277 struct socket *so; 2278 struct sockbuf *sb; 2279 int error, len, rx_credits; 2280 2281 len = m->m_pkthdr.len; 2282 2283 INP_WLOCK_ASSERT(inp); 2284 2285 so = inp_inpcbtosocket(inp); 2286 tp = intotcpcb(inp); 2287 sb = &so->so_rcv; 2288 SOCKBUF_LOCK(sb); 2289 CURVNET_SET(toep->vnet); 2290 2291 tp->rcv_nxt += len; 2292 KASSERT(tp->rcv_wnd >= len, ("%s: negative window size", __func__)); 2293 tp->rcv_wnd -= len; 2294 2295 /* Do we have a full TLS header? */ 2296 if (len < sizeof(*hdr)) { 2297 CTR3(KTR_CXGBE, "%s: tid %u len %d: too short for a TLS header", 2298 __func__, toep->tid, len); 2299 so->so_error = EMSGSIZE; 2300 goto out; 2301 } 2302 hdr = mtod(m, struct tls_hdr *); 2303 2304 /* Is the header valid? */ 2305 if (be16toh(hdr->version) != tls_ofld->k_ctx.proto_ver) { 2306 CTR3(KTR_CXGBE, "%s: tid %u invalid version %04x", 2307 __func__, toep->tid, be16toh(hdr->version)); 2308 error = EINVAL; 2309 goto report_error; 2310 } 2311 if (be16toh(hdr->length) < sizeof(*hdr)) { 2312 CTR3(KTR_CXGBE, "%s: tid %u invalid length %u", 2313 __func__, toep->tid, be16toh(hdr->length)); 2314 error = EBADMSG; 2315 goto report_error; 2316 } 2317 2318 /* Did we get a truncated record? */ 2319 if (len < be16toh(hdr->length)) { 2320 CTR4(KTR_CXGBE, "%s: tid %u truncated TLS record (%d vs %u)", 2321 __func__, toep->tid, len, be16toh(hdr->length)); 2322 2323 error = EMSGSIZE; 2324 goto report_error; 2325 } 2326 2327 /* Is the header type unknown? */ 2328 switch (hdr->type) { 2329 case CONTENT_TYPE_CCS: 2330 case CONTENT_TYPE_ALERT: 2331 case CONTENT_TYPE_APP_DATA: 2332 case CONTENT_TYPE_HANDSHAKE: 2333 break; 2334 default: 2335 CTR3(KTR_CXGBE, "%s: tid %u invalid TLS record type %u", 2336 __func__, toep->tid, hdr->type); 2337 error = EBADMSG; 2338 goto report_error; 2339 } 2340 2341 /* 2342 * Just punt. Although this could fall back to software 2343 * decryption, this case should never really happen. 2344 */ 2345 CTR4(KTR_CXGBE, "%s: tid %u dropping TLS record type %u, length %u", 2346 __func__, toep->tid, hdr->type, be16toh(hdr->length)); 2347 error = EBADMSG; 2348 2349 report_error: 2350 #ifdef KERN_TLS 2351 if (toep->tls.mode == TLS_MODE_KTLS) 2352 so->so_error = error; 2353 else 2354 #endif 2355 { 2356 /* 2357 * Report errors by sending an empty TLS record 2358 * with an error record type. 2359 */ 2360 hdr->type = CONTENT_TYPE_ERROR; 2361 2362 /* Trim this CPL's mbuf to only include the TLS header. */ 2363 KASSERT(m->m_len == len && m->m_next == NULL, 2364 ("%s: CPL spans multiple mbufs", __func__)); 2365 m->m_len = TLS_HEADER_LENGTH; 2366 m->m_pkthdr.len = TLS_HEADER_LENGTH; 2367 2368 sbappendstream_locked(sb, m, 0); 2369 m = NULL; 2370 } 2371 2372 out: 2373 /* 2374 * This connection is going to die anyway, so probably don't 2375 * need to bother with returning credits. 2376 */ 2377 rx_credits = sbspace(sb) > tp->rcv_wnd ? sbspace(sb) - tp->rcv_wnd : 0; 2378 #ifdef VERBOSE_TRACES 2379 CTR4(KTR_CXGBE, "%s: tid %u rx_credits %u rcv_wnd %u", 2380 __func__, toep->tid, rx_credits, tp->rcv_wnd); 2381 #endif 2382 if (rx_credits > 0 && sbused(sb) + tp->rcv_wnd < sb->sb_lowat) { 2383 rx_credits = send_rx_credits(toep->vi->adapter, toep, 2384 rx_credits); 2385 tp->rcv_wnd += rx_credits; 2386 tp->rcv_adv += rx_credits; 2387 } 2388 2389 sorwakeup_locked(so); 2390 SOCKBUF_UNLOCK_ASSERT(sb); 2391 2392 INP_WUNLOCK(inp); 2393 CURVNET_RESTORE(); 2394 2395 m_freem(m); 2396 } 2397 2398 void 2399 t4_tls_mod_load(void) 2400 { 2401 2402 t4_register_cpl_handler(CPL_TLS_DATA, do_tls_data); 2403 t4_register_cpl_handler(CPL_RX_TLS_CMP, do_rx_tls_cmp); 2404 } 2405 2406 void 2407 t4_tls_mod_unload(void) 2408 { 2409 2410 t4_register_cpl_handler(CPL_TLS_DATA, NULL); 2411 t4_register_cpl_handler(CPL_RX_TLS_CMP, NULL); 2412 } 2413 #endif /* TCP_OFFLOAD */ 2414