1/*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2014-2019 Netflix Inc. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 * 27 * $FreeBSD$ 28 */ 29#ifndef _SYS_KTLS_H_ 30#define _SYS_KTLS_H_ 31 32#ifdef _KERNEL 33#include <sys/refcount.h> 34#include <sys/_task.h> 35#endif 36 37struct tls_record_layer { 38 uint8_t tls_type; 39 uint8_t tls_vmajor; 40 uint8_t tls_vminor; 41 uint16_t tls_length; 42 uint8_t tls_data[0]; 43} __attribute__ ((packed)); 44 45#define TLS_MAX_MSG_SIZE_V10_2 16384 46#define TLS_MAX_PARAM_SIZE 1024 /* Max key/mac/iv in sockopt */ 47#define TLS_AEAD_GCM_LEN 4 48#define TLS_1_3_GCM_IV_LEN 12 49#define TLS_CBC_IMPLICIT_IV_LEN 16 50 51/* Type values for the record layer */ 52#define TLS_RLTYPE_APP 23 53 54/* 55 * Nonce for GCM for TLS 1.2 per RFC 5288. 56 */ 57struct tls_nonce_data { 58 uint8_t fixed[TLS_AEAD_GCM_LEN]; 59 uint64_t seq; 60} __packed; 61 62/* 63 * AEAD additional data format for TLS 1.2 per RFC 5246. 64 */ 65struct tls_aead_data { 66 uint64_t seq; /* In network order */ 67 uint8_t type; 68 uint8_t tls_vmajor; 69 uint8_t tls_vminor; 70 uint16_t tls_length; 71} __packed; 72 73/* 74 * AEAD additional data format for TLS 1.3 per RFC 8446. 75 */ 76struct tls_aead_data_13 { 77 uint8_t type; 78 uint8_t tls_vmajor; 79 uint8_t tls_vminor; 80 uint16_t tls_length; 81} __packed; 82 83/* 84 * Stream Cipher MAC additional data input. This does not match the 85 * exact data on the wire (the sequence number is not placed on the 86 * wire, and any explicit IV after the record header is not covered by 87 * the MAC). 88 */ 89struct tls_mac_data { 90 uint64_t seq; 91 uint8_t type; 92 uint8_t tls_vmajor; 93 uint8_t tls_vminor; 94 uint16_t tls_length; 95} __packed; 96 97#define TLS_MAJOR_VER_ONE 3 98#define TLS_MINOR_VER_ZERO 1 /* 3, 1 */ 99#define TLS_MINOR_VER_ONE 2 /* 3, 2 */ 100#define TLS_MINOR_VER_TWO 3 /* 3, 3 */ 101#define TLS_MINOR_VER_THREE 4 /* 3, 4 */ 102 103/* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */ 104#ifdef _KERNEL 105struct tls_enable_v0 { 106 const uint8_t *cipher_key; 107 const uint8_t *iv; /* Implicit IV. */ 108 const uint8_t *auth_key; 109 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */ 110 int cipher_key_len; 111 int iv_len; 112 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */ 113 int auth_key_len; 114 int flags; 115 uint8_t tls_vmajor; 116 uint8_t tls_vminor; 117}; 118#endif 119 120struct tls_enable { 121 const uint8_t *cipher_key; 122 const uint8_t *iv; /* Implicit IV. */ 123 const uint8_t *auth_key; 124 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */ 125 int cipher_key_len; 126 int iv_len; 127 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */ 128 int auth_key_len; 129 int flags; 130 uint8_t tls_vmajor; 131 uint8_t tls_vminor; 132 uint8_t rec_seq[8]; 133}; 134 135/* Structure for TLS_GET_RECORD. */ 136struct tls_get_record { 137 /* TLS record header. */ 138 uint8_t tls_type; 139 uint8_t tls_vmajor; 140 uint8_t tls_vminor; 141 uint16_t tls_length; 142}; 143 144#ifdef _KERNEL 145 146struct tls_session_params { 147 uint8_t *cipher_key; 148 uint8_t *auth_key; 149 uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN]; 150 int cipher_algorithm; 151 int auth_algorithm; 152 uint16_t cipher_key_len; 153 uint16_t iv_len; 154 uint16_t auth_key_len; 155 uint16_t max_frame_len; 156 uint8_t tls_vmajor; 157 uint8_t tls_vminor; 158 uint8_t tls_hlen; 159 uint8_t tls_tlen; 160 uint8_t tls_bs; 161 uint8_t flags; 162}; 163 164/* Used in APIs to request RX vs TX sessions. */ 165#define KTLS_TX 1 166#define KTLS_RX 2 167 168#define KTLS_API_VERSION 7 169 170struct iovec; 171struct ktls_session; 172struct m_snd_tag; 173struct mbuf; 174struct sockbuf; 175struct socket; 176 177struct ktls_crypto_backend { 178 LIST_ENTRY(ktls_crypto_backend) next; 179 int (*try)(struct socket *so, struct ktls_session *tls, int direction); 180 int prio; 181 int api_version; 182 int use_count; 183 const char *name; 184}; 185 186struct ktls_session { 187 union { 188 int (*sw_encrypt)(struct ktls_session *tls, 189 const struct tls_record_layer *hdr, uint8_t *trailer, 190 struct iovec *src, struct iovec *dst, int iovcnt, 191 uint64_t seqno, uint8_t record_type); 192 int (*sw_decrypt)(struct ktls_session *tls, 193 const struct tls_record_layer *hdr, struct mbuf *m, 194 uint64_t seqno, int *trailer_len); 195 }; 196 union { 197 void *cipher; 198 struct m_snd_tag *snd_tag; 199 }; 200 struct ktls_crypto_backend *be; 201 void (*free)(struct ktls_session *tls); 202 struct tls_session_params params; 203 u_int wq_index; 204 volatile u_int refcount; 205 int mode; 206 207 struct task reset_tag_task; 208 struct inpcb *inp; 209 bool reset_pending; 210} __aligned(CACHE_LINE_SIZE); 211 212void ktls_check_rx(struct sockbuf *sb); 213int ktls_crypto_backend_register(struct ktls_crypto_backend *be); 214int ktls_crypto_backend_deregister(struct ktls_crypto_backend *be); 215int ktls_enable_rx(struct socket *so, struct tls_enable *en); 216int ktls_enable_tx(struct socket *so, struct tls_enable *en); 217void ktls_destroy(struct ktls_session *tls); 218void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt, 219 uint8_t record_type); 220void ktls_seq(struct sockbuf *sb, struct mbuf *m); 221void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count); 222void ktls_enqueue_to_free(struct mbuf *m); 223int ktls_get_rx_mode(struct socket *so); 224int ktls_set_tx_mode(struct socket *so, int mode); 225int ktls_get_tx_mode(struct socket *so); 226int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls); 227#ifdef RATELIMIT 228int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate); 229#endif 230 231static inline struct ktls_session * 232ktls_hold(struct ktls_session *tls) 233{ 234 235 if (tls != NULL) 236 refcount_acquire(&tls->refcount); 237 return (tls); 238} 239 240static inline void 241ktls_free(struct ktls_session *tls) 242{ 243 244 if (refcount_release(&tls->refcount)) 245 ktls_destroy(tls); 246} 247 248#endif /* !_KERNEL */ 249#endif /* !_SYS_KTLS_H_ */ 250