master
1/*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2014-2019 Netflix Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27#ifndef _SYS_KTLS_H_
28#define _SYS_KTLS_H_
29
30#ifdef _KERNEL
31#include <sys/refcount.h>
32#include <sys/_task.h>
33#endif
34
35struct tls_record_layer {
36 uint8_t tls_type;
37 uint8_t tls_vmajor;
38 uint8_t tls_vminor;
39 uint16_t tls_length;
40 uint8_t tls_data[0];
41} __attribute__ ((packed));
42
43#define TLS_MAX_MSG_SIZE_V10_2 16384
44#define TLS_MAX_PARAM_SIZE 1024 /* Max key/mac/iv in sockopt */
45#define TLS_AEAD_GCM_LEN 4
46#define TLS_1_3_GCM_IV_LEN 12
47#define TLS_CHACHA20_IV_LEN 12
48#define TLS_CBC_IMPLICIT_IV_LEN 16
49
50/* Type values for the record layer */
51#define TLS_RLTYPE_ALERT 21
52#define TLS_RLTYPE_HANDSHAKE 22
53#define TLS_RLTYPE_APP 23
54
55/*
56 * Nonce for GCM for TLS 1.2 per RFC 5288.
57 */
58struct tls_nonce_data {
59 uint8_t fixed[TLS_AEAD_GCM_LEN];
60 uint64_t seq;
61} __packed;
62
63/*
64 * AEAD additional data format for TLS 1.2 per RFC 5246.
65 */
66struct tls_aead_data {
67 uint64_t seq; /* In network order */
68 uint8_t type;
69 uint8_t tls_vmajor;
70 uint8_t tls_vminor;
71 uint16_t tls_length;
72} __packed;
73
74/*
75 * AEAD additional data format for TLS 1.3 per RFC 8446.
76 */
77struct tls_aead_data_13 {
78 uint8_t type;
79 uint8_t tls_vmajor;
80 uint8_t tls_vminor;
81 uint16_t tls_length;
82} __packed;
83
84/*
85 * Stream Cipher MAC additional data input. This does not match the
86 * exact data on the wire (the sequence number is not placed on the
87 * wire, and any explicit IV after the record header is not covered by
88 * the MAC).
89 */
90struct tls_mac_data {
91 uint64_t seq;
92 uint8_t type;
93 uint8_t tls_vmajor;
94 uint8_t tls_vminor;
95 uint16_t tls_length;
96} __packed;
97
98#define TLS_MAJOR_VER_ONE 3
99#define TLS_MINOR_VER_ZERO 1 /* 3, 1 */
100#define TLS_MINOR_VER_ONE 2 /* 3, 2 */
101#define TLS_MINOR_VER_TWO 3 /* 3, 3 */
102#define TLS_MINOR_VER_THREE 4 /* 3, 4 */
103
104/* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */
105#ifdef _KERNEL
106struct tls_enable_v0 {
107 const uint8_t *cipher_key;
108 const uint8_t *iv; /* Implicit IV. */
109 const uint8_t *auth_key;
110 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
111 int cipher_key_len;
112 int iv_len;
113 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
114 int auth_key_len;
115 int flags;
116 uint8_t tls_vmajor;
117 uint8_t tls_vminor;
118};
119#endif
120
121struct tls_enable {
122 const uint8_t *cipher_key;
123 const uint8_t *iv; /* Implicit IV. */
124 const uint8_t *auth_key;
125 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
126 int cipher_key_len;
127 int iv_len;
128 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
129 int auth_key_len;
130 int flags;
131 uint8_t tls_vmajor;
132 uint8_t tls_vminor;
133 uint8_t rec_seq[8];
134};
135
136/* Structure for TLS_GET_RECORD. */
137struct tls_get_record {
138 /* TLS record header. */
139 uint8_t tls_type;
140 uint8_t tls_vmajor;
141 uint8_t tls_vminor;
142 uint16_t tls_length;
143};
144
145#ifdef _KERNEL
146
147struct tls_session_params {
148 uint8_t *cipher_key;
149 uint8_t *auth_key;
150 uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN];
151 int cipher_algorithm;
152 int auth_algorithm;
153 uint16_t cipher_key_len;
154 uint16_t iv_len;
155 uint16_t auth_key_len;
156 uint16_t max_frame_len;
157 uint8_t tls_vmajor;
158 uint8_t tls_vminor;
159 uint8_t tls_hlen;
160 uint8_t tls_tlen;
161 uint8_t tls_bs;
162 uint8_t flags;
163};
164
165/* Used in APIs to request RX vs TX sessions. */
166#define KTLS_TX 1
167#define KTLS_RX 2
168
169struct iovec;
170struct ktls_ocf_encrypt_state;
171struct ktls_ocf_session;
172struct ktls_session;
173struct m_snd_tag;
174struct mbuf;
175struct sockbuf;
176struct socket;
177
178struct ktls_session {
179 struct ktls_ocf_session *ocf_session;
180 struct m_snd_tag *snd_tag;
181 struct tls_session_params params;
182 u_int wq_index;
183 volatile u_int refcount;
184 int mode;
185
186 struct task reset_tag_task;
187 struct task disable_ifnet_task;
188 union {
189 struct inpcb *inp; /* Used by transmit tasks. */
190 struct socket *so; /* Used by receive task. */
191 };
192 struct ifnet *rx_ifp;
193 u_short rx_vlan_id;
194 bool reset_pending;
195 bool tx;
196 bool sync_dispatch;
197 bool sequential_records;
198
199 /* Only used for TLS 1.0. */
200 uint64_t next_seqno;
201 STAILQ_HEAD(, mbuf) pending_records;
202
203 /* Used to destroy any kTLS session */
204 struct task destroy_task;
205} __aligned(CACHE_LINE_SIZE);
206
207extern unsigned int ktls_ifnet_max_rexmit_pct;
208
209typedef enum {
210 KTLS_MBUF_CRYPTO_ST_MIXED = 0,
211 KTLS_MBUF_CRYPTO_ST_ENCRYPTED = 1,
212 KTLS_MBUF_CRYPTO_ST_DECRYPTED = -1,
213} ktls_mbuf_crypto_st_t;
214
215void ktls_check_rx(struct sockbuf *sb);
216ktls_mbuf_crypto_st_t ktls_mbuf_crypto_state(struct mbuf *mb, int offset, int len);
217void ktls_disable_ifnet(void *arg);
218int ktls_enable_rx(struct socket *so, struct tls_enable *en);
219int ktls_enable_tx(struct socket *so, struct tls_enable *en);
220void ktls_destroy(struct ktls_session *tls);
221void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt,
222 uint8_t record_type);
223bool ktls_permit_empty_frames(struct ktls_session *tls);
224void ktls_seq(struct sockbuf *sb, struct mbuf *m);
225void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count);
226void ktls_enqueue_to_free(struct mbuf *m);
227int ktls_get_rx_mode(struct socket *so, int *modep);
228int ktls_set_tx_mode(struct socket *so, int mode);
229int ktls_get_tx_mode(struct socket *so, int *modep);
230int ktls_get_rx_sequence(struct inpcb *inp, uint32_t *tcpseq, uint64_t *tlsseq);
231void ktls_input_ifp_mismatch(struct sockbuf *sb, struct ifnet *ifp);
232int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls);
233#ifdef RATELIMIT
234int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate);
235#endif
236bool ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp);
237
238static inline struct ktls_session *
239ktls_hold(struct ktls_session *tls)
240{
241
242 if (tls != NULL)
243 refcount_acquire(&tls->refcount);
244 return (tls);
245}
246
247static inline void
248ktls_free(struct ktls_session *tls)
249{
250
251 if (refcount_release(&tls->refcount))
252 ktls_destroy(tls);
253}
254
255#endif /* !_KERNEL */
256#endif /* !_SYS_KTLS_H_ */