1/*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2014-2019 Netflix Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 *
27 * $FreeBSD$
28 */
29#ifndef _SYS_KTLS_H_
30#define	_SYS_KTLS_H_
31
32#ifdef _KERNEL
33#include <sys/refcount.h>
34#include <sys/_task.h>
35#endif
36
37struct tls_record_layer {
38	uint8_t  tls_type;
39	uint8_t  tls_vmajor;
40	uint8_t  tls_vminor;
41	uint16_t tls_length;
42	uint8_t  tls_data[0];
43} __attribute__ ((packed));
44
45#define	TLS_MAX_MSG_SIZE_V10_2	16384
46#define	TLS_MAX_PARAM_SIZE	1024	/* Max key/mac/iv in sockopt */
47#define	TLS_AEAD_GCM_LEN	4
48#define	TLS_1_3_GCM_IV_LEN	12
49#define	TLS_CBC_IMPLICIT_IV_LEN	16
50
51/* Type values for the record layer */
52#define	TLS_RLTYPE_APP		23
53
54/*
55 * Nonce for GCM for TLS 1.2 per RFC 5288.
56 */
57struct tls_nonce_data {
58	uint8_t fixed[TLS_AEAD_GCM_LEN];
59	uint64_t seq;
60} __packed;
61
62/*
63 * AEAD additional data format for TLS 1.2 per RFC 5246.
64 */
65struct tls_aead_data {
66	uint64_t seq;	/* In network order */
67	uint8_t	type;
68	uint8_t tls_vmajor;
69	uint8_t tls_vminor;
70	uint16_t tls_length;
71} __packed;
72
73/*
74 * AEAD additional data format for TLS 1.3 per RFC 8446.
75 */
76struct tls_aead_data_13 {
77	uint8_t	type;
78	uint8_t tls_vmajor;
79	uint8_t tls_vminor;
80	uint16_t tls_length;
81} __packed;
82
83/*
84 * Stream Cipher MAC additional data input.  This does not match the
85 * exact data on the wire (the sequence number is not placed on the
86 * wire, and any explicit IV after the record header is not covered by
87 * the MAC).
88 */
89struct tls_mac_data {
90	uint64_t seq;
91	uint8_t type;
92	uint8_t tls_vmajor;
93	uint8_t tls_vminor;
94	uint16_t tls_length;
95} __packed;
96
97#define	TLS_MAJOR_VER_ONE	3
98#define	TLS_MINOR_VER_ZERO	1	/* 3, 1 */
99#define	TLS_MINOR_VER_ONE	2	/* 3, 2 */
100#define	TLS_MINOR_VER_TWO	3	/* 3, 3 */
101#define	TLS_MINOR_VER_THREE	4	/* 3, 4 */
102
103/* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */
104#ifdef _KERNEL
105struct tls_enable_v0 {
106	const uint8_t *cipher_key;
107	const uint8_t *iv;		/* Implicit IV. */
108	const uint8_t *auth_key;
109	int	cipher_algorithm;	/* e.g. CRYPTO_AES_CBC */
110	int	cipher_key_len;
111	int	iv_len;
112	int	auth_algorithm;		/* e.g. CRYPTO_SHA2_256_HMAC */
113	int	auth_key_len;
114	int	flags;
115	uint8_t tls_vmajor;
116	uint8_t tls_vminor;
117};
118#endif
119
120struct tls_enable {
121	const uint8_t *cipher_key;
122	const uint8_t *iv;		/* Implicit IV. */
123	const uint8_t *auth_key;
124	int	cipher_algorithm;	/* e.g. CRYPTO_AES_CBC */
125	int	cipher_key_len;
126	int	iv_len;
127	int	auth_algorithm;		/* e.g. CRYPTO_SHA2_256_HMAC */
128	int	auth_key_len;
129	int	flags;
130	uint8_t tls_vmajor;
131	uint8_t tls_vminor;
132	uint8_t rec_seq[8];
133};
134
135/* Structure for TLS_GET_RECORD. */
136struct tls_get_record {
137	/* TLS record header. */
138	uint8_t  tls_type;
139	uint8_t  tls_vmajor;
140	uint8_t  tls_vminor;
141	uint16_t tls_length;
142};
143
144#ifdef _KERNEL
145
146struct tls_session_params {
147	uint8_t *cipher_key;
148	uint8_t *auth_key;
149	uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN];
150	int	cipher_algorithm;
151	int	auth_algorithm;
152	uint16_t cipher_key_len;
153	uint16_t iv_len;
154	uint16_t auth_key_len;
155	uint16_t max_frame_len;
156	uint8_t tls_vmajor;
157	uint8_t tls_vminor;
158	uint8_t tls_hlen;
159	uint8_t tls_tlen;
160	uint8_t tls_bs;
161	uint8_t flags;
162};
163
164/* Used in APIs to request RX vs TX sessions. */
165#define	KTLS_TX		1
166#define	KTLS_RX		2
167
168#define	KTLS_API_VERSION 7
169
170struct iovec;
171struct ktls_session;
172struct m_snd_tag;
173struct mbuf;
174struct sockbuf;
175struct socket;
176
177struct ktls_crypto_backend {
178	LIST_ENTRY(ktls_crypto_backend) next;
179	int (*try)(struct socket *so, struct ktls_session *tls, int direction);
180	int prio;
181	int api_version;
182	int use_count;
183	const char *name;
184};
185
186struct ktls_session {
187	union {
188		int	(*sw_encrypt)(struct ktls_session *tls,
189		    const struct tls_record_layer *hdr, uint8_t *trailer,
190		    struct iovec *src, struct iovec *dst, int iovcnt,
191		    uint64_t seqno, uint8_t record_type);
192		int	(*sw_decrypt)(struct ktls_session *tls,
193		    const struct tls_record_layer *hdr, struct mbuf *m,
194		    uint64_t seqno, int *trailer_len);
195	};
196	union {
197		void *cipher;
198		struct m_snd_tag *snd_tag;
199	};
200	struct ktls_crypto_backend *be;
201	void (*free)(struct ktls_session *tls);
202	struct tls_session_params params;
203	u_int	wq_index;
204	volatile u_int refcount;
205	int mode;
206
207	struct task reset_tag_task;
208	struct inpcb *inp;
209	bool reset_pending;
210} __aligned(CACHE_LINE_SIZE);
211
212void ktls_check_rx(struct sockbuf *sb);
213int ktls_crypto_backend_register(struct ktls_crypto_backend *be);
214int ktls_crypto_backend_deregister(struct ktls_crypto_backend *be);
215int ktls_enable_rx(struct socket *so, struct tls_enable *en);
216int ktls_enable_tx(struct socket *so, struct tls_enable *en);
217void ktls_destroy(struct ktls_session *tls);
218void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt,
219    uint8_t record_type);
220void ktls_seq(struct sockbuf *sb, struct mbuf *m);
221void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count);
222void ktls_enqueue_to_free(struct mbuf *m);
223int ktls_get_rx_mode(struct socket *so);
224int ktls_set_tx_mode(struct socket *so, int mode);
225int ktls_get_tx_mode(struct socket *so);
226int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls);
227#ifdef RATELIMIT
228int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate);
229#endif
230
231static inline struct ktls_session *
232ktls_hold(struct ktls_session *tls)
233{
234
235	if (tls != NULL)
236		refcount_acquire(&tls->refcount);
237	return (tls);
238}
239
240static inline void
241ktls_free(struct ktls_session *tls)
242{
243
244	if (refcount_release(&tls->refcount))
245		ktls_destroy(tls);
246}
247
248#endif /* !_KERNEL */
249#endif /* !_SYS_KTLS_H_ */
250