1/*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2014-2019 Netflix Inc. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27#ifndef _SYS_KTLS_H_ 28#define _SYS_KTLS_H_ 29 30#ifdef _KERNEL 31#include <sys/refcount.h> 32#include <sys/_task.h> 33#endif 34 35struct tls_record_layer { 36 uint8_t tls_type; 37 uint8_t tls_vmajor; 38 uint8_t tls_vminor; 39 uint16_t tls_length; 40 uint8_t tls_data[0]; 41} __attribute__ ((packed)); 42 43#define TLS_MAX_MSG_SIZE_V10_2 16384 44#define TLS_MAX_PARAM_SIZE 1024 /* Max key/mac/iv in sockopt */ 45#define TLS_AEAD_GCM_LEN 4 46#define TLS_1_3_GCM_IV_LEN 12 47#define TLS_CHACHA20_IV_LEN 12 48#define TLS_CBC_IMPLICIT_IV_LEN 16 49 50/* Type values for the record layer */ 51#define TLS_RLTYPE_ALERT 21 52#define TLS_RLTYPE_HANDSHAKE 22 53#define TLS_RLTYPE_APP 23 54 55/* 56 * Nonce for GCM for TLS 1.2 per RFC 5288. 57 */ 58struct tls_nonce_data { 59 uint8_t fixed[TLS_AEAD_GCM_LEN]; 60 uint64_t seq; 61} __packed; 62 63/* 64 * AEAD additional data format for TLS 1.2 per RFC 5246. 65 */ 66struct tls_aead_data { 67 uint64_t seq; /* In network order */ 68 uint8_t type; 69 uint8_t tls_vmajor; 70 uint8_t tls_vminor; 71 uint16_t tls_length; 72} __packed; 73 74/* 75 * AEAD additional data format for TLS 1.3 per RFC 8446. 76 */ 77struct tls_aead_data_13 { 78 uint8_t type; 79 uint8_t tls_vmajor; 80 uint8_t tls_vminor; 81 uint16_t tls_length; 82} __packed; 83 84/* 85 * Stream Cipher MAC additional data input. This does not match the 86 * exact data on the wire (the sequence number is not placed on the 87 * wire, and any explicit IV after the record header is not covered by 88 * the MAC). 89 */ 90struct tls_mac_data { 91 uint64_t seq; 92 uint8_t type; 93 uint8_t tls_vmajor; 94 uint8_t tls_vminor; 95 uint16_t tls_length; 96} __packed; 97 98#define TLS_MAJOR_VER_ONE 3 99#define TLS_MINOR_VER_ZERO 1 /* 3, 1 */ 100#define TLS_MINOR_VER_ONE 2 /* 3, 2 */ 101#define TLS_MINOR_VER_TWO 3 /* 3, 3 */ 102#define TLS_MINOR_VER_THREE 4 /* 3, 4 */ 103 104/* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */ 105#ifdef _KERNEL 106struct tls_enable_v0 { 107 const uint8_t *cipher_key; 108 const uint8_t *iv; /* Implicit IV. */ 109 const uint8_t *auth_key; 110 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */ 111 int cipher_key_len; 112 int iv_len; 113 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */ 114 int auth_key_len; 115 int flags; 116 uint8_t tls_vmajor; 117 uint8_t tls_vminor; 118}; 119#endif 120 121struct tls_enable { 122 const uint8_t *cipher_key; 123 const uint8_t *iv; /* Implicit IV. */ 124 const uint8_t *auth_key; 125 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */ 126 int cipher_key_len; 127 int iv_len; 128 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */ 129 int auth_key_len; 130 int flags; 131 uint8_t tls_vmajor; 132 uint8_t tls_vminor; 133 uint8_t rec_seq[8]; 134}; 135 136/* Structure for TLS_GET_RECORD. */ 137struct tls_get_record { 138 /* TLS record header. */ 139 uint8_t tls_type; 140 uint8_t tls_vmajor; 141 uint8_t tls_vminor; 142 uint16_t tls_length; 143}; 144 145#ifdef _KERNEL 146 147struct tls_session_params { 148 uint8_t *cipher_key; 149 uint8_t *auth_key; 150 uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN]; 151 int cipher_algorithm; 152 int auth_algorithm; 153 uint16_t cipher_key_len; 154 uint16_t iv_len; 155 uint16_t auth_key_len; 156 uint16_t max_frame_len; 157 uint8_t tls_vmajor; 158 uint8_t tls_vminor; 159 uint8_t tls_hlen; 160 uint8_t tls_tlen; 161 uint8_t tls_bs; 162 uint8_t flags; 163}; 164 165/* Used in APIs to request RX vs TX sessions. */ 166#define KTLS_TX 1 167#define KTLS_RX 2 168 169struct iovec; 170struct ktls_ocf_encrypt_state; 171struct ktls_ocf_session; 172struct ktls_session; 173struct m_snd_tag; 174struct mbuf; 175struct sockbuf; 176struct socket; 177struct sockopt; 178 179struct ktls_session { 180 struct ktls_ocf_session *ocf_session; 181 struct m_snd_tag *snd_tag; 182 struct tls_session_params params; 183 u_int wq_index; 184 volatile u_int refcount; 185 int mode; 186 187 struct task reset_tag_task; 188 struct task disable_ifnet_task; 189 union { 190 struct inpcb *inp; /* Used by transmit tasks. */ 191 struct socket *so; /* Used by receive task. */ 192 }; 193 struct ifnet *rx_ifp; 194 u_short rx_vlan_id; 195 bool reset_pending; 196 bool tx; 197 bool sync_dispatch; 198 bool sequential_records; 199 200 /* Only used for TLS 1.0. */ 201 uint64_t next_seqno; 202 STAILQ_HEAD(, mbuf) pending_records; 203 204 /* Used to destroy any kTLS session */ 205 struct task destroy_task; 206} __aligned(CACHE_LINE_SIZE); 207 208extern unsigned int ktls_ifnet_max_rexmit_pct; 209 210typedef enum { 211 KTLS_MBUF_CRYPTO_ST_MIXED = 0, 212 KTLS_MBUF_CRYPTO_ST_ENCRYPTED = 1, 213 KTLS_MBUF_CRYPTO_ST_DECRYPTED = -1, 214} ktls_mbuf_crypto_st_t; 215 216void ktls_check_rx(struct sockbuf *sb); 217void ktls_cleanup_tls_enable(struct tls_enable *tls); 218int ktls_copyin_tls_enable(struct sockopt *sopt, struct tls_enable *tls); 219void ktls_disable_ifnet(void *arg); 220int ktls_enable_rx(struct socket *so, struct tls_enable *en); 221int ktls_enable_tx(struct socket *so, struct tls_enable *en); 222void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count); 223void ktls_enqueue_to_free(struct mbuf *m); 224void ktls_destroy(struct ktls_session *tls); 225void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt, 226 uint8_t record_type); 227int ktls_get_rx_mode(struct socket *so, int *modep); 228int ktls_get_tx_mode(struct socket *so, int *modep); 229int ktls_get_rx_sequence(struct inpcb *inp, uint32_t *tcpseq, uint64_t *tlsseq); 230void ktls_input_ifp_mismatch(struct sockbuf *sb, struct ifnet *ifp); 231ktls_mbuf_crypto_st_t ktls_mbuf_crypto_state(struct mbuf *mb, int offset, int len); 232#ifdef RATELIMIT 233int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate); 234#endif 235int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls); 236bool ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp); 237bool ktls_permit_empty_frames(struct ktls_session *tls); 238void ktls_seq(struct sockbuf *sb, struct mbuf *m); 239int ktls_set_tx_mode(struct socket *so, int mode); 240 241static inline struct ktls_session * 242ktls_hold(struct ktls_session *tls) 243{ 244 245 if (tls != NULL) 246 refcount_acquire(&tls->refcount); 247 return (tls); 248} 249 250static inline void 251ktls_free(struct ktls_session *tls) 252{ 253 254 if (refcount_release(&tls->refcount)) 255 ktls_destroy(tls); 256} 257 258#endif /* !_KERNEL */ 259#endif /* !_SYS_KTLS_H_ */ 260