1/*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2014-2019 Netflix Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27#ifndef _SYS_KTLS_H_
28#define	_SYS_KTLS_H_
29
30#ifdef _KERNEL
31#include <sys/refcount.h>
32#include <sys/_task.h>
33#endif
34
35struct tls_record_layer {
36	uint8_t  tls_type;
37	uint8_t  tls_vmajor;
38	uint8_t  tls_vminor;
39	uint16_t tls_length;
40	uint8_t  tls_data[0];
41} __attribute__ ((packed));
42
43#define	TLS_MAX_MSG_SIZE_V10_2	16384
44#define	TLS_MAX_PARAM_SIZE	1024	/* Max key/mac/iv in sockopt */
45#define	TLS_AEAD_GCM_LEN	4
46#define	TLS_1_3_GCM_IV_LEN	12
47#define	TLS_CHACHA20_IV_LEN	12
48#define	TLS_CBC_IMPLICIT_IV_LEN	16
49
50/* Type values for the record layer */
51#define	TLS_RLTYPE_ALERT	21
52#define	TLS_RLTYPE_HANDSHAKE	22
53#define	TLS_RLTYPE_APP		23
54
55/*
56 * Nonce for GCM for TLS 1.2 per RFC 5288.
57 */
58struct tls_nonce_data {
59	uint8_t fixed[TLS_AEAD_GCM_LEN];
60	uint64_t seq;
61} __packed;
62
63/*
64 * AEAD additional data format for TLS 1.2 per RFC 5246.
65 */
66struct tls_aead_data {
67	uint64_t seq;	/* In network order */
68	uint8_t	type;
69	uint8_t tls_vmajor;
70	uint8_t tls_vminor;
71	uint16_t tls_length;
72} __packed;
73
74/*
75 * AEAD additional data format for TLS 1.3 per RFC 8446.
76 */
77struct tls_aead_data_13 {
78	uint8_t	type;
79	uint8_t tls_vmajor;
80	uint8_t tls_vminor;
81	uint16_t tls_length;
82} __packed;
83
84/*
85 * Stream Cipher MAC additional data input.  This does not match the
86 * exact data on the wire (the sequence number is not placed on the
87 * wire, and any explicit IV after the record header is not covered by
88 * the MAC).
89 */
90struct tls_mac_data {
91	uint64_t seq;
92	uint8_t type;
93	uint8_t tls_vmajor;
94	uint8_t tls_vminor;
95	uint16_t tls_length;
96} __packed;
97
98#define	TLS_MAJOR_VER_ONE	3
99#define	TLS_MINOR_VER_ZERO	1	/* 3, 1 */
100#define	TLS_MINOR_VER_ONE	2	/* 3, 2 */
101#define	TLS_MINOR_VER_TWO	3	/* 3, 3 */
102#define	TLS_MINOR_VER_THREE	4	/* 3, 4 */
103
104/* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */
105#ifdef _KERNEL
106struct tls_enable_v0 {
107	const uint8_t *cipher_key;
108	const uint8_t *iv;		/* Implicit IV. */
109	const uint8_t *auth_key;
110	int	cipher_algorithm;	/* e.g. CRYPTO_AES_CBC */
111	int	cipher_key_len;
112	int	iv_len;
113	int	auth_algorithm;		/* e.g. CRYPTO_SHA2_256_HMAC */
114	int	auth_key_len;
115	int	flags;
116	uint8_t tls_vmajor;
117	uint8_t tls_vminor;
118};
119#endif
120
121struct tls_enable {
122	const uint8_t *cipher_key;
123	const uint8_t *iv;		/* Implicit IV. */
124	const uint8_t *auth_key;
125	int	cipher_algorithm;	/* e.g. CRYPTO_AES_CBC */
126	int	cipher_key_len;
127	int	iv_len;
128	int	auth_algorithm;		/* e.g. CRYPTO_SHA2_256_HMAC */
129	int	auth_key_len;
130	int	flags;
131	uint8_t tls_vmajor;
132	uint8_t tls_vminor;
133	uint8_t rec_seq[8];
134};
135
136/* Structure for TLS_GET_RECORD. */
137struct tls_get_record {
138	/* TLS record header. */
139	uint8_t  tls_type;
140	uint8_t  tls_vmajor;
141	uint8_t  tls_vminor;
142	uint16_t tls_length;
143};
144
145#ifdef _KERNEL
146
147struct tls_session_params {
148	uint8_t *cipher_key;
149	uint8_t *auth_key;
150	uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN];
151	int	cipher_algorithm;
152	int	auth_algorithm;
153	uint16_t cipher_key_len;
154	uint16_t iv_len;
155	uint16_t auth_key_len;
156	uint16_t max_frame_len;
157	uint8_t tls_vmajor;
158	uint8_t tls_vminor;
159	uint8_t tls_hlen;
160	uint8_t tls_tlen;
161	uint8_t tls_bs;
162	uint8_t flags;
163};
164
165/* Used in APIs to request RX vs TX sessions. */
166#define	KTLS_TX		1
167#define	KTLS_RX		2
168
169struct iovec;
170struct ktls_ocf_encrypt_state;
171struct ktls_ocf_session;
172struct ktls_session;
173struct m_snd_tag;
174struct mbuf;
175struct sockbuf;
176struct socket;
177struct sockopt;
178
179struct ktls_session {
180	struct ktls_ocf_session *ocf_session;
181	struct m_snd_tag *snd_tag;
182	struct tls_session_params params;
183	u_int	wq_index;
184	volatile u_int refcount;
185	int mode;
186
187	struct task reset_tag_task;
188	struct task disable_ifnet_task;
189	union {
190		struct inpcb *inp;	/* Used by transmit tasks. */
191		struct socket *so;	/* Used by receive task. */
192	};
193	struct ifnet *rx_ifp;
194	u_short rx_vlan_id;
195	bool reset_pending;
196	bool tx;
197	bool sync_dispatch;
198	bool sequential_records;
199
200	/* Only used for TLS 1.0. */
201	uint64_t next_seqno;
202	STAILQ_HEAD(, mbuf) pending_records;
203
204	/* Used to destroy any kTLS session */
205	struct task destroy_task;
206} __aligned(CACHE_LINE_SIZE);
207
208extern unsigned int ktls_ifnet_max_rexmit_pct;
209
210typedef enum {
211	KTLS_MBUF_CRYPTO_ST_MIXED = 0,
212	KTLS_MBUF_CRYPTO_ST_ENCRYPTED = 1,
213	KTLS_MBUF_CRYPTO_ST_DECRYPTED = -1,
214} ktls_mbuf_crypto_st_t;
215
216void ktls_check_rx(struct sockbuf *sb);
217void ktls_cleanup_tls_enable(struct tls_enable *tls);
218int ktls_copyin_tls_enable(struct sockopt *sopt, struct tls_enable *tls);
219void ktls_disable_ifnet(void *arg);
220int ktls_enable_rx(struct socket *so, struct tls_enable *en);
221int ktls_enable_tx(struct socket *so, struct tls_enable *en);
222void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count);
223void ktls_enqueue_to_free(struct mbuf *m);
224void ktls_destroy(struct ktls_session *tls);
225void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt,
226    uint8_t record_type);
227int ktls_get_rx_mode(struct socket *so, int *modep);
228int ktls_get_tx_mode(struct socket *so, int *modep);
229int ktls_get_rx_sequence(struct inpcb *inp, uint32_t *tcpseq, uint64_t *tlsseq);
230void ktls_input_ifp_mismatch(struct sockbuf *sb, struct ifnet *ifp);
231ktls_mbuf_crypto_st_t ktls_mbuf_crypto_state(struct mbuf *mb, int offset, int len);
232#ifdef RATELIMIT
233int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate);
234#endif
235int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls);
236bool ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp);
237bool ktls_permit_empty_frames(struct ktls_session *tls);
238void ktls_seq(struct sockbuf *sb, struct mbuf *m);
239int ktls_set_tx_mode(struct socket *so, int mode);
240
241static inline struct ktls_session *
242ktls_hold(struct ktls_session *tls)
243{
244
245	if (tls != NULL)
246		refcount_acquire(&tls->refcount);
247	return (tls);
248}
249
250static inline void
251ktls_free(struct ktls_session *tls)
252{
253
254	if (refcount_release(&tls->refcount))
255		ktls_destroy(tls);
256}
257
258#endif /* !_KERNEL */
259#endif /* !_SYS_KTLS_H_ */
260