1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2017-2018 Chelsio Communications, Inc. 5 * All rights reserved. 6 * Written by: John Baldwin <jhb@FreeBSD.org> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30 #include "opt_inet.h" 31 #include "opt_kern_tls.h" 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <sys/param.h> 37 #include <sys/ktr.h> 38 #ifdef KERN_TLS 39 #include <sys/ktls.h> 40 #endif 41 #include <sys/sglist.h> 42 #include <sys/socket.h> 43 #include <sys/socketvar.h> 44 #include <sys/systm.h> 45 #include <netinet/in.h> 46 #include <netinet/in_pcb.h> 47 #include <netinet/tcp_var.h> 48 #include <netinet/toecore.h> 49 #ifdef KERN_TLS 50 #include <opencrypto/cryptodev.h> 51 #include <opencrypto/xform.h> 52 #endif 53 54 #ifdef TCP_OFFLOAD 55 #include "common/common.h" 56 #include "common/t4_tcb.h" 57 #include "crypto/t4_crypto.h" 58 #include "tom/t4_tom_l2t.h" 59 #include "tom/t4_tom.h" 60 61 /* 62 * The TCP sequence number of a CPL_TLS_DATA mbuf is saved here while 63 * the mbuf is in the ulp_pdu_reclaimq. 64 */ 65 #define tls_tcp_seq PH_loc.thirtytwo[0] 66 67 /* 68 * Handshake lock used for the handshake timer. Having a global lock 69 * is perhaps not ideal, but it avoids having to use callout_drain() 70 * in tls_uninit_toep() which can't block. Also, the timer shouldn't 71 * actually fire for most connections. 72 */ 73 static struct mtx tls_handshake_lock; 74 75 static void 76 t4_set_tls_tcb_field(struct toepcb *toep, uint16_t word, uint64_t mask, 77 uint64_t val) 78 { 79 struct adapter *sc = td_adapter(toep->td); 80 81 t4_set_tcb_field(sc, toep->ofld_txq, toep, word, mask, val, 0, 0); 82 } 83 84 /* TLS and DTLS common routines */ 85 bool 86 can_tls_offload(struct adapter *sc) 87 { 88 89 return (sc->tt.tls && sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS); 90 } 91 92 int 93 tls_tx_key(struct toepcb *toep) 94 { 95 struct tls_ofld_info *tls_ofld = &toep->tls; 96 97 return (tls_ofld->tx_key_addr >= 0); 98 } 99 100 int 101 tls_rx_key(struct toepcb *toep) 102 { 103 struct tls_ofld_info *tls_ofld = &toep->tls; 104 105 return (tls_ofld->rx_key_addr >= 0); 106 } 107 108 static int 109 key_size(struct toepcb *toep) 110 { 111 struct tls_ofld_info *tls_ofld = &toep->tls; 112 113 return ((tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) ? 114 tls_ofld->k_ctx.tx_key_info_size : KEY_IN_DDR_SIZE); 115 } 116 117 /* Set TLS Key-Id in TCB */ 118 static void 119 t4_set_tls_keyid(struct toepcb *toep, unsigned int key_id) 120 { 121 122 t4_set_tls_tcb_field(toep, W_TCB_RX_TLS_KEY_TAG, 123 V_TCB_RX_TLS_KEY_TAG(M_TCB_RX_TLS_BUF_TAG), 124 V_TCB_RX_TLS_KEY_TAG(key_id)); 125 } 126 127 /* Clear TF_RX_QUIESCE to re-enable receive. */ 128 static void 129 t4_clear_rx_quiesce(struct toepcb *toep) 130 { 131 132 t4_set_tls_tcb_field(toep, W_TCB_T_FLAGS, V_TF_RX_QUIESCE(1), 0); 133 } 134 135 static void 136 tls_clr_ofld_mode(struct toepcb *toep) 137 { 138 139 tls_stop_handshake_timer(toep); 140 141 /* Operate in PDU extraction mode only. */ 142 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, 143 V_TCB_ULP_RAW(M_TCB_ULP_RAW), 144 V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1))); 145 t4_clear_rx_quiesce(toep); 146 } 147 148 static void 149 tls_clr_quiesce(struct toepcb *toep) 150 { 151 152 tls_stop_handshake_timer(toep); 153 t4_clear_rx_quiesce(toep); 154 } 155 156 /* 157 * Calculate the TLS data expansion size 158 */ 159 static int 160 tls_expansion_size(struct toepcb *toep, int data_len, int full_pdus_only, 161 unsigned short *pdus_per_ulp) 162 { 163 struct tls_ofld_info *tls_ofld = &toep->tls; 164 struct tls_scmd *scmd = &tls_ofld->scmd0; 165 int expn_size = 0, frag_count = 0, pad_per_pdu = 0, 166 pad_last_pdu = 0, last_frag_size = 0, max_frag_size = 0; 167 int exp_per_pdu = 0; 168 int hdr_len = TLS_HEADER_LENGTH; 169 170 do { 171 max_frag_size = tls_ofld->k_ctx.frag_size; 172 if (G_SCMD_CIPH_MODE(scmd->seqno_numivs) == 173 SCMD_CIPH_MODE_AES_GCM) { 174 frag_count = (data_len / max_frag_size); 175 exp_per_pdu = GCM_TAG_SIZE + AEAD_EXPLICIT_DATA_SIZE + 176 hdr_len; 177 expn_size = frag_count * exp_per_pdu; 178 if (full_pdus_only) { 179 *pdus_per_ulp = data_len / (exp_per_pdu + 180 max_frag_size); 181 if (*pdus_per_ulp > 32) 182 *pdus_per_ulp = 32; 183 else if(!*pdus_per_ulp) 184 *pdus_per_ulp = 1; 185 expn_size = (*pdus_per_ulp) * exp_per_pdu; 186 break; 187 } 188 if ((last_frag_size = data_len % max_frag_size) > 0) { 189 frag_count += 1; 190 expn_size += exp_per_pdu; 191 } 192 break; 193 } else if (G_SCMD_CIPH_MODE(scmd->seqno_numivs) != 194 SCMD_CIPH_MODE_NOP) { 195 /* Calculate the number of fragments we can make */ 196 frag_count = (data_len / max_frag_size); 197 if (frag_count > 0) { 198 pad_per_pdu = (((howmany((max_frag_size + 199 tls_ofld->mac_length), 200 CIPHER_BLOCK_SIZE)) * 201 CIPHER_BLOCK_SIZE) - 202 (max_frag_size + 203 tls_ofld->mac_length)); 204 if (!pad_per_pdu) 205 pad_per_pdu = CIPHER_BLOCK_SIZE; 206 exp_per_pdu = pad_per_pdu + 207 tls_ofld->mac_length + 208 hdr_len + CIPHER_BLOCK_SIZE; 209 expn_size = frag_count * exp_per_pdu; 210 } 211 if (full_pdus_only) { 212 *pdus_per_ulp = data_len / (exp_per_pdu + 213 max_frag_size); 214 if (*pdus_per_ulp > 32) 215 *pdus_per_ulp = 32; 216 else if (!*pdus_per_ulp) 217 *pdus_per_ulp = 1; 218 expn_size = (*pdus_per_ulp) * exp_per_pdu; 219 break; 220 } 221 /* Consider the last fragment */ 222 if ((last_frag_size = data_len % max_frag_size) > 0) { 223 pad_last_pdu = (((howmany((last_frag_size + 224 tls_ofld->mac_length), 225 CIPHER_BLOCK_SIZE)) * 226 CIPHER_BLOCK_SIZE) - 227 (last_frag_size + 228 tls_ofld->mac_length)); 229 if (!pad_last_pdu) 230 pad_last_pdu = CIPHER_BLOCK_SIZE; 231 expn_size += (pad_last_pdu + 232 tls_ofld->mac_length + hdr_len + 233 CIPHER_BLOCK_SIZE); 234 } 235 } 236 } while (0); 237 238 return (expn_size); 239 } 240 241 /* Copy Key to WR */ 242 static void 243 tls_copy_tx_key(struct toepcb *toep, void *dst) 244 { 245 struct tls_ofld_info *tls_ofld = &toep->tls; 246 struct ulptx_sc_memrd *sc_memrd; 247 struct ulptx_idata *sc; 248 249 if (tls_ofld->k_ctx.tx_key_info_size <= 0) 250 return; 251 252 if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_DDR) { 253 sc = dst; 254 sc->cmd_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_NOOP)); 255 sc->len = htobe32(0); 256 sc_memrd = (struct ulptx_sc_memrd *)(sc + 1); 257 sc_memrd->cmd_to_len = htobe32(V_ULPTX_CMD(ULP_TX_SC_MEMRD) | 258 V_ULP_TX_SC_MORE(1) | 259 V_ULPTX_LEN16(tls_ofld->k_ctx.tx_key_info_size >> 4)); 260 sc_memrd->addr = htobe32(tls_ofld->tx_key_addr >> 5); 261 } else if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) { 262 memcpy(dst, &tls_ofld->k_ctx.tx, 263 tls_ofld->k_ctx.tx_key_info_size); 264 } 265 } 266 267 /* TLS/DTLS content type for CPL SFO */ 268 static inline unsigned char 269 tls_content_type(unsigned char content_type) 270 { 271 /* 272 * XXX: Shouldn't this map CONTENT_TYPE_APP_DATA to DATA and 273 * default to "CUSTOM" for all other types including 274 * heartbeat? 275 */ 276 switch (content_type) { 277 case CONTENT_TYPE_CCS: 278 return CPL_TX_TLS_SFO_TYPE_CCS; 279 case CONTENT_TYPE_ALERT: 280 return CPL_TX_TLS_SFO_TYPE_ALERT; 281 case CONTENT_TYPE_HANDSHAKE: 282 return CPL_TX_TLS_SFO_TYPE_HANDSHAKE; 283 case CONTENT_TYPE_HEARTBEAT: 284 return CPL_TX_TLS_SFO_TYPE_HEARTBEAT; 285 } 286 return CPL_TX_TLS_SFO_TYPE_DATA; 287 } 288 289 static unsigned char 290 get_cipher_key_size(unsigned int ck_size) 291 { 292 switch (ck_size) { 293 case AES_NOP: /* NOP */ 294 return 15; 295 case AES_128: /* AES128 */ 296 return CH_CK_SIZE_128; 297 case AES_192: /* AES192 */ 298 return CH_CK_SIZE_192; 299 case AES_256: /* AES256 */ 300 return CH_CK_SIZE_256; 301 default: 302 return CH_CK_SIZE_256; 303 } 304 } 305 306 static unsigned char 307 get_mac_key_size(unsigned int mk_size) 308 { 309 switch (mk_size) { 310 case SHA_NOP: /* NOP */ 311 return CH_MK_SIZE_128; 312 case SHA_GHASH: /* GHASH */ 313 case SHA_512: /* SHA512 */ 314 return CH_MK_SIZE_512; 315 case SHA_224: /* SHA2-224 */ 316 return CH_MK_SIZE_192; 317 case SHA_256: /* SHA2-256*/ 318 return CH_MK_SIZE_256; 319 case SHA_384: /* SHA384 */ 320 return CH_MK_SIZE_512; 321 case SHA1: /* SHA1 */ 322 default: 323 return CH_MK_SIZE_160; 324 } 325 } 326 327 static unsigned int 328 get_proto_ver(int proto_ver) 329 { 330 switch (proto_ver) { 331 case TLS1_2_VERSION: 332 return TLS_1_2_VERSION; 333 case TLS1_1_VERSION: 334 return TLS_1_1_VERSION; 335 case DTLS1_2_VERSION: 336 return DTLS_1_2_VERSION; 337 default: 338 return TLS_VERSION_MAX; 339 } 340 } 341 342 static void 343 tls_rxkey_flit1(struct tls_keyctx *kwr, struct tls_key_context *kctx) 344 { 345 346 if (kctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) { 347 kwr->u.rxhdr.ivinsert_to_authinsrt = 348 htobe64(V_TLS_KEYCTX_TX_WR_IVINSERT(6ULL) | 349 V_TLS_KEYCTX_TX_WR_AADSTRTOFST(1ULL) | 350 V_TLS_KEYCTX_TX_WR_AADSTOPOFST(5ULL) | 351 V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(14ULL) | 352 V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(16ULL) | 353 V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(14ULL) | 354 V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(0ULL) | 355 V_TLS_KEYCTX_TX_WR_AUTHINSRT(16ULL)); 356 kwr->u.rxhdr.ivpresent_to_rxmk_size &= 357 ~(V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1)); 358 kwr->u.rxhdr.authmode_to_rxvalid &= 359 ~(V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1)); 360 } else { 361 kwr->u.rxhdr.ivinsert_to_authinsrt = 362 htobe64(V_TLS_KEYCTX_TX_WR_IVINSERT(6ULL) | 363 V_TLS_KEYCTX_TX_WR_AADSTRTOFST(1ULL) | 364 V_TLS_KEYCTX_TX_WR_AADSTOPOFST(5ULL) | 365 V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(22ULL) | 366 V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(0ULL) | 367 V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(22ULL) | 368 V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(0ULL) | 369 V_TLS_KEYCTX_TX_WR_AUTHINSRT(0ULL)); 370 } 371 } 372 373 /* Rx key */ 374 static void 375 prepare_rxkey_wr(struct tls_keyctx *kwr, struct tls_key_context *kctx) 376 { 377 unsigned int ck_size = kctx->cipher_secret_size; 378 unsigned int mk_size = kctx->mac_secret_size; 379 int proto_ver = kctx->proto_ver; 380 381 kwr->u.rxhdr.flitcnt_hmacctrl = 382 ((kctx->tx_key_info_size >> 4) << 3) | kctx->hmac_ctrl; 383 384 kwr->u.rxhdr.protover_ciphmode = 385 V_TLS_KEYCTX_TX_WR_PROTOVER(get_proto_ver(proto_ver)) | 386 V_TLS_KEYCTX_TX_WR_CIPHMODE(kctx->state.enc_mode); 387 388 kwr->u.rxhdr.authmode_to_rxvalid = 389 V_TLS_KEYCTX_TX_WR_AUTHMODE(kctx->state.auth_mode) | 390 V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1) | 391 V_TLS_KEYCTX_TX_WR_SEQNUMCTRL(3) | 392 V_TLS_KEYCTX_TX_WR_RXVALID(1); 393 394 kwr->u.rxhdr.ivpresent_to_rxmk_size = 395 V_TLS_KEYCTX_TX_WR_IVPRESENT(0) | 396 V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1) | 397 V_TLS_KEYCTX_TX_WR_RXCK_SIZE(get_cipher_key_size(ck_size)) | 398 V_TLS_KEYCTX_TX_WR_RXMK_SIZE(get_mac_key_size(mk_size)); 399 400 tls_rxkey_flit1(kwr, kctx); 401 402 /* No key reversal for GCM */ 403 if (kctx->state.enc_mode != CH_EVP_CIPH_GCM_MODE) { 404 t4_aes_getdeckey(kwr->keys.edkey, kctx->rx.key, 405 (kctx->cipher_secret_size << 3)); 406 memcpy(kwr->keys.edkey + kctx->cipher_secret_size, 407 kctx->rx.key + kctx->cipher_secret_size, 408 (IPAD_SIZE + OPAD_SIZE)); 409 } else { 410 memcpy(kwr->keys.edkey, kctx->rx.key, 411 (kctx->tx_key_info_size - SALT_SIZE)); 412 memcpy(kwr->u.rxhdr.rxsalt, kctx->rx.salt, SALT_SIZE); 413 } 414 } 415 416 /* Tx key */ 417 static void 418 prepare_txkey_wr(struct tls_keyctx *kwr, struct tls_key_context *kctx) 419 { 420 unsigned int ck_size = kctx->cipher_secret_size; 421 unsigned int mk_size = kctx->mac_secret_size; 422 423 kwr->u.txhdr.ctxlen = 424 (kctx->tx_key_info_size >> 4); 425 kwr->u.txhdr.dualck_to_txvalid = 426 V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1) | 427 V_TLS_KEYCTX_TX_WR_SALT_PRESENT(1) | 428 V_TLS_KEYCTX_TX_WR_TXCK_SIZE(get_cipher_key_size(ck_size)) | 429 V_TLS_KEYCTX_TX_WR_TXMK_SIZE(get_mac_key_size(mk_size)) | 430 V_TLS_KEYCTX_TX_WR_TXVALID(1); 431 432 memcpy(kwr->keys.edkey, kctx->tx.key, HDR_KCTX_SIZE); 433 if (kctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) { 434 memcpy(kwr->u.txhdr.txsalt, kctx->tx.salt, SALT_SIZE); 435 kwr->u.txhdr.dualck_to_txvalid &= 436 ~(V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1)); 437 } 438 kwr->u.txhdr.dualck_to_txvalid = htons(kwr->u.txhdr.dualck_to_txvalid); 439 } 440 441 /* TLS Key memory management */ 442 static int 443 get_new_keyid(struct toepcb *toep) 444 { 445 struct adapter *sc = td_adapter(toep->td); 446 vmem_addr_t addr; 447 448 if (vmem_alloc(sc->key_map, TLS_KEY_CONTEXT_SZ, M_NOWAIT | M_FIRSTFIT, 449 &addr) != 0) 450 return (-1); 451 452 return (addr); 453 } 454 455 static void 456 free_keyid(struct toepcb *toep, int keyid) 457 { 458 struct adapter *sc = td_adapter(toep->td); 459 460 vmem_free(sc->key_map, keyid, TLS_KEY_CONTEXT_SZ); 461 } 462 463 static void 464 clear_tls_keyid(struct toepcb *toep) 465 { 466 struct tls_ofld_info *tls_ofld = &toep->tls; 467 468 if (tls_ofld->rx_key_addr >= 0) { 469 free_keyid(toep, tls_ofld->rx_key_addr); 470 tls_ofld->rx_key_addr = -1; 471 } 472 if (tls_ofld->tx_key_addr >= 0) { 473 free_keyid(toep, tls_ofld->tx_key_addr); 474 tls_ofld->tx_key_addr = -1; 475 } 476 } 477 478 static int 479 get_keyid(struct tls_ofld_info *tls_ofld, unsigned int ops) 480 { 481 return (ops & KEY_WRITE_RX ? tls_ofld->rx_key_addr : 482 ((ops & KEY_WRITE_TX) ? tls_ofld->tx_key_addr : -1)); 483 } 484 485 static int 486 get_tp_plen_max(struct tls_ofld_info *tls_ofld) 487 { 488 int plen = ((min(3*4096, TP_TX_PG_SZ))/1448) * 1448; 489 490 return (tls_ofld->k_ctx.frag_size <= 8192 ? plen : FC_TP_PLEN_MAX); 491 } 492 493 /* Send request to get the key-id */ 494 static int 495 tls_program_key_id(struct toepcb *toep, struct tls_key_context *k_ctx) 496 { 497 struct tls_ofld_info *tls_ofld = &toep->tls; 498 struct adapter *sc = td_adapter(toep->td); 499 struct ofld_tx_sdesc *txsd; 500 int kwrlen, kctxlen, keyid, len; 501 struct wrqe *wr; 502 struct tls_key_req *kwr; 503 struct tls_keyctx *kctx; 504 505 kwrlen = sizeof(*kwr); 506 kctxlen = roundup2(sizeof(*kctx), 32); 507 len = roundup2(kwrlen + kctxlen, 16); 508 509 if (toep->txsd_avail == 0) 510 return (EAGAIN); 511 512 /* Dont initialize key for re-neg */ 513 if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) { 514 if ((keyid = get_new_keyid(toep)) < 0) { 515 return (ENOSPC); 516 } 517 } else { 518 keyid = get_keyid(tls_ofld, k_ctx->l_p_key); 519 } 520 521 wr = alloc_wrqe(len, toep->ofld_txq); 522 if (wr == NULL) { 523 free_keyid(toep, keyid); 524 return (ENOMEM); 525 } 526 kwr = wrtod(wr); 527 memset(kwr, 0, kwrlen); 528 529 kwr->wr_hi = htobe32(V_FW_WR_OP(FW_ULPTX_WR) | F_FW_WR_COMPL | 530 F_FW_WR_ATOMIC); 531 kwr->wr_mid = htobe32(V_FW_WR_LEN16(DIV_ROUND_UP(len, 16)) | 532 V_FW_WR_FLOWID(toep->tid)); 533 kwr->protocol = get_proto_ver(k_ctx->proto_ver); 534 kwr->mfs = htons(k_ctx->frag_size); 535 kwr->reneg_to_write_rx = k_ctx->l_p_key; 536 537 /* master command */ 538 kwr->cmd = htobe32(V_ULPTX_CMD(ULP_TX_MEM_WRITE) | 539 V_T5_ULP_MEMIO_ORDER(1) | V_T5_ULP_MEMIO_IMM(1)); 540 kwr->dlen = htobe32(V_ULP_MEMIO_DATA_LEN(kctxlen >> 5)); 541 kwr->len16 = htobe32((toep->tid << 8) | 542 DIV_ROUND_UP(len - sizeof(struct work_request_hdr), 16)); 543 kwr->kaddr = htobe32(V_ULP_MEMIO_ADDR(keyid >> 5)); 544 545 /* sub command */ 546 kwr->sc_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_IMM)); 547 kwr->sc_len = htobe32(kctxlen); 548 549 kctx = (struct tls_keyctx *)(kwr + 1); 550 memset(kctx, 0, kctxlen); 551 552 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_TX) { 553 tls_ofld->tx_key_addr = keyid; 554 prepare_txkey_wr(kctx, k_ctx); 555 } else if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 556 tls_ofld->rx_key_addr = keyid; 557 prepare_rxkey_wr(kctx, k_ctx); 558 } 559 560 txsd = &toep->txsd[toep->txsd_pidx]; 561 txsd->tx_credits = DIV_ROUND_UP(len, 16); 562 txsd->plen = 0; 563 toep->tx_credits -= txsd->tx_credits; 564 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) 565 toep->txsd_pidx = 0; 566 toep->txsd_avail--; 567 568 t4_wrq_tx(sc, wr); 569 570 return (0); 571 } 572 573 /* Store a key received from SSL in DDR. */ 574 static int 575 program_key_context(struct tcpcb *tp, struct toepcb *toep, 576 struct tls_key_context *uk_ctx) 577 { 578 struct adapter *sc = td_adapter(toep->td); 579 struct tls_ofld_info *tls_ofld = &toep->tls; 580 struct tls_key_context *k_ctx; 581 int error, key_offset; 582 583 if (tp->t_state != TCPS_ESTABLISHED) { 584 /* 585 * XXX: Matches Linux driver, but not sure this is a 586 * very appropriate error. 587 */ 588 return (ENOENT); 589 } 590 591 /* Stop timer on handshake completion */ 592 tls_stop_handshake_timer(toep); 593 594 toep->flags &= ~TPF_FORCE_CREDITS; 595 596 CTR4(KTR_CXGBE, "%s: tid %d %s proto_ver %#x", __func__, toep->tid, 597 G_KEY_GET_LOC(uk_ctx->l_p_key) == KEY_WRITE_RX ? "KEY_WRITE_RX" : 598 "KEY_WRITE_TX", uk_ctx->proto_ver); 599 600 if (G_KEY_GET_LOC(uk_ctx->l_p_key) == KEY_WRITE_RX && 601 ulp_mode(toep) != ULP_MODE_TLS) 602 return (EOPNOTSUPP); 603 604 /* Don't copy the 'tx' and 'rx' fields. */ 605 k_ctx = &tls_ofld->k_ctx; 606 memcpy(&k_ctx->l_p_key, &uk_ctx->l_p_key, 607 sizeof(*k_ctx) - offsetof(struct tls_key_context, l_p_key)); 608 609 /* TLS version != 1.1 and !1.2 OR DTLS != 1.2 */ 610 if (get_proto_ver(k_ctx->proto_ver) > DTLS_1_2_VERSION) { 611 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 612 tls_ofld->rx_key_addr = -1; 613 t4_clear_rx_quiesce(toep); 614 } else { 615 tls_ofld->tx_key_addr = -1; 616 } 617 return (0); 618 } 619 620 if (k_ctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) { 621 k_ctx->iv_size = 4; 622 k_ctx->mac_first = 0; 623 k_ctx->hmac_ctrl = 0; 624 } else { 625 k_ctx->iv_size = 8; /* for CBC, iv is 16B, unit of 2B */ 626 k_ctx->mac_first = 1; 627 } 628 629 tls_ofld->scmd0.seqno_numivs = 630 (V_SCMD_SEQ_NO_CTRL(3) | 631 V_SCMD_PROTO_VERSION(get_proto_ver(k_ctx->proto_ver)) | 632 V_SCMD_ENC_DEC_CTRL(SCMD_ENCDECCTRL_ENCRYPT) | 633 V_SCMD_CIPH_AUTH_SEQ_CTRL((k_ctx->mac_first == 0)) | 634 V_SCMD_CIPH_MODE(k_ctx->state.enc_mode) | 635 V_SCMD_AUTH_MODE(k_ctx->state.auth_mode) | 636 V_SCMD_HMAC_CTRL(k_ctx->hmac_ctrl) | 637 V_SCMD_IV_SIZE(k_ctx->iv_size)); 638 639 tls_ofld->scmd0.ivgen_hdrlen = 640 (V_SCMD_IV_GEN_CTRL(k_ctx->iv_ctrl) | 641 V_SCMD_KEY_CTX_INLINE(0) | 642 V_SCMD_TLS_FRAG_ENABLE(1)); 643 644 tls_ofld->mac_length = k_ctx->mac_secret_size; 645 646 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 647 k_ctx->rx = uk_ctx->rx; 648 /* Dont initialize key for re-neg */ 649 if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) 650 tls_ofld->rx_key_addr = -1; 651 } else { 652 k_ctx->tx = uk_ctx->tx; 653 /* Dont initialize key for re-neg */ 654 if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) 655 tls_ofld->tx_key_addr = -1; 656 } 657 658 /* Flush pending data before new Tx key becomes active */ 659 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_TX) { 660 struct sockbuf *sb; 661 662 /* XXX: This might not drain everything. */ 663 t4_push_frames(sc, toep, 0); 664 sb = &toep->inp->inp_socket->so_snd; 665 SOCKBUF_LOCK(sb); 666 667 /* XXX: This asserts that everything has been pushed. */ 668 MPASS(sb->sb_sndptr == NULL || sb->sb_sndptr->m_next == NULL); 669 sb->sb_sndptr = NULL; 670 tls_ofld->sb_off = sbavail(sb); 671 SOCKBUF_UNLOCK(sb); 672 tls_ofld->tx_seq_no = 0; 673 } 674 675 if ((G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) || 676 (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_DDR)) { 677 error = tls_program_key_id(toep, k_ctx); 678 if (error) { 679 /* XXX: Only clear quiesce for KEY_WRITE_RX? */ 680 t4_clear_rx_quiesce(toep); 681 return (error); 682 } 683 } 684 685 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) { 686 /* 687 * RX key tags are an index into the key portion of MA 688 * memory stored as an offset from the base address in 689 * units of 64 bytes. 690 */ 691 key_offset = tls_ofld->rx_key_addr - sc->vres.key.start; 692 t4_set_tls_keyid(toep, key_offset / 64); 693 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, 694 V_TCB_ULP_RAW(M_TCB_ULP_RAW), 695 V_TCB_ULP_RAW((V_TF_TLS_KEY_SIZE(3) | 696 V_TF_TLS_CONTROL(1) | 697 V_TF_TLS_ACTIVE(1) | 698 V_TF_TLS_ENABLE(1)))); 699 t4_set_tls_tcb_field(toep, W_TCB_TLS_SEQ, 700 V_TCB_TLS_SEQ(M_TCB_TLS_SEQ), 701 V_TCB_TLS_SEQ(0)); 702 t4_clear_rx_quiesce(toep); 703 } else { 704 unsigned short pdus_per_ulp; 705 706 if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) 707 tls_ofld->tx_key_addr = 1; 708 709 tls_ofld->fcplenmax = get_tp_plen_max(tls_ofld); 710 tls_ofld->expn_per_ulp = tls_expansion_size(toep, 711 tls_ofld->fcplenmax, 1, &pdus_per_ulp); 712 tls_ofld->pdus_per_ulp = pdus_per_ulp; 713 tls_ofld->adjusted_plen = tls_ofld->pdus_per_ulp * 714 ((tls_ofld->expn_per_ulp/tls_ofld->pdus_per_ulp) + 715 tls_ofld->k_ctx.frag_size); 716 } 717 718 return (0); 719 } 720 721 /* 722 * In some cases a client connection can hang without sending the 723 * ServerHelloDone message from the NIC to the host. Send a dummy 724 * RX_DATA_ACK with RX_MODULATE to unstick the connection. 725 */ 726 static void 727 tls_send_handshake_ack(void *arg) 728 { 729 struct toepcb *toep = arg; 730 struct tls_ofld_info *tls_ofld = &toep->tls; 731 struct adapter *sc = td_adapter(toep->td); 732 733 /* 734 * XXX: Does not have the t4_get_tcb() checks to refine the 735 * workaround. 736 */ 737 callout_schedule(&tls_ofld->handshake_timer, TLS_SRV_HELLO_RD_TM * hz); 738 739 CTR2(KTR_CXGBE, "%s: tid %d sending RX_DATA_ACK", __func__, toep->tid); 740 send_rx_modulate(sc, toep); 741 } 742 743 static void 744 tls_start_handshake_timer(struct toepcb *toep) 745 { 746 struct tls_ofld_info *tls_ofld = &toep->tls; 747 748 mtx_lock(&tls_handshake_lock); 749 callout_reset(&tls_ofld->handshake_timer, TLS_SRV_HELLO_BKOFF_TM * hz, 750 tls_send_handshake_ack, toep); 751 mtx_unlock(&tls_handshake_lock); 752 } 753 754 void 755 tls_stop_handshake_timer(struct toepcb *toep) 756 { 757 struct tls_ofld_info *tls_ofld = &toep->tls; 758 759 mtx_lock(&tls_handshake_lock); 760 callout_stop(&tls_ofld->handshake_timer); 761 mtx_unlock(&tls_handshake_lock); 762 } 763 764 int 765 t4_ctloutput_tls(struct socket *so, struct sockopt *sopt) 766 { 767 struct tls_key_context uk_ctx; 768 struct inpcb *inp; 769 struct tcpcb *tp; 770 struct toepcb *toep; 771 int error, optval; 772 773 error = 0; 774 if (sopt->sopt_dir == SOPT_SET && 775 sopt->sopt_name == TCP_TLSOM_SET_TLS_CONTEXT) { 776 error = sooptcopyin(sopt, &uk_ctx, sizeof(uk_ctx), 777 sizeof(uk_ctx)); 778 if (error) 779 return (error); 780 } 781 782 inp = sotoinpcb(so); 783 KASSERT(inp != NULL, ("tcp_ctloutput: inp == NULL")); 784 INP_WLOCK(inp); 785 if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) { 786 INP_WUNLOCK(inp); 787 return (ECONNRESET); 788 } 789 tp = intotcpcb(inp); 790 toep = tp->t_toe; 791 switch (sopt->sopt_dir) { 792 case SOPT_SET: 793 switch (sopt->sopt_name) { 794 case TCP_TLSOM_SET_TLS_CONTEXT: 795 if (toep->tls.mode == TLS_MODE_KTLS) 796 error = EINVAL; 797 else { 798 error = program_key_context(tp, toep, &uk_ctx); 799 if (error == 0) 800 toep->tls.mode = TLS_MODE_TLSOM; 801 } 802 INP_WUNLOCK(inp); 803 break; 804 case TCP_TLSOM_CLR_TLS_TOM: 805 if (toep->tls.mode == TLS_MODE_KTLS) 806 error = EINVAL; 807 else if (ulp_mode(toep) == ULP_MODE_TLS) { 808 CTR2(KTR_CXGBE, "%s: tid %d CLR_TLS_TOM", 809 __func__, toep->tid); 810 tls_clr_ofld_mode(toep); 811 } else 812 error = EOPNOTSUPP; 813 INP_WUNLOCK(inp); 814 break; 815 case TCP_TLSOM_CLR_QUIES: 816 if (toep->tls.mode == TLS_MODE_KTLS) 817 error = EINVAL; 818 else if (ulp_mode(toep) == ULP_MODE_TLS) { 819 CTR2(KTR_CXGBE, "%s: tid %d CLR_QUIES", 820 __func__, toep->tid); 821 tls_clr_quiesce(toep); 822 } else 823 error = EOPNOTSUPP; 824 INP_WUNLOCK(inp); 825 break; 826 default: 827 INP_WUNLOCK(inp); 828 error = EOPNOTSUPP; 829 break; 830 } 831 break; 832 case SOPT_GET: 833 switch (sopt->sopt_name) { 834 case TCP_TLSOM_GET_TLS_TOM: 835 /* 836 * TLS TX is permitted on any TOE socket, but 837 * TLS RX requires a TLS ULP mode. 838 */ 839 optval = TLS_TOM_NONE; 840 if (can_tls_offload(td_adapter(toep->td)) && 841 toep->tls.mode != TLS_MODE_KTLS) { 842 switch (ulp_mode(toep)) { 843 case ULP_MODE_NONE: 844 case ULP_MODE_TCPDDP: 845 optval = TLS_TOM_TXONLY; 846 break; 847 case ULP_MODE_TLS: 848 optval = TLS_TOM_BOTH; 849 break; 850 } 851 } 852 CTR3(KTR_CXGBE, "%s: tid %d GET_TLS_TOM = %d", 853 __func__, toep->tid, optval); 854 INP_WUNLOCK(inp); 855 error = sooptcopyout(sopt, &optval, sizeof(optval)); 856 break; 857 default: 858 INP_WUNLOCK(inp); 859 error = EOPNOTSUPP; 860 break; 861 } 862 break; 863 } 864 return (error); 865 } 866 867 #ifdef KERN_TLS 868 static void 869 init_ktls_key_context(struct ktls_session *tls, struct tls_key_context *k_ctx) 870 { 871 struct auth_hash *axf; 872 u_int mac_key_size; 873 char *hash; 874 875 k_ctx->l_p_key = V_KEY_GET_LOC(KEY_WRITE_TX); 876 if (tls->params.tls_vminor == TLS_MINOR_VER_ONE) 877 k_ctx->proto_ver = SCMD_PROTO_VERSION_TLS_1_1; 878 else 879 k_ctx->proto_ver = SCMD_PROTO_VERSION_TLS_1_2; 880 k_ctx->cipher_secret_size = tls->params.cipher_key_len; 881 k_ctx->tx_key_info_size = sizeof(struct tx_keyctx_hdr) + 882 k_ctx->cipher_secret_size; 883 memcpy(k_ctx->tx.key, tls->params.cipher_key, 884 tls->params.cipher_key_len); 885 hash = k_ctx->tx.key + tls->params.cipher_key_len; 886 if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) { 887 k_ctx->state.auth_mode = SCMD_AUTH_MODE_GHASH; 888 k_ctx->state.enc_mode = SCMD_CIPH_MODE_AES_GCM; 889 k_ctx->iv_size = 4; 890 k_ctx->mac_first = 0; 891 k_ctx->hmac_ctrl = SCMD_HMAC_CTRL_NOP; 892 k_ctx->tx_key_info_size += GMAC_BLOCK_LEN; 893 memcpy(k_ctx->tx.salt, tls->params.iv, SALT_SIZE); 894 t4_init_gmac_hash(tls->params.cipher_key, 895 tls->params.cipher_key_len * 8, hash); 896 } else { 897 switch (tls->params.auth_algorithm) { 898 case CRYPTO_SHA1_HMAC: 899 axf = &auth_hash_hmac_sha1; 900 mac_key_size = SHA1_HASH_LEN; 901 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA1; 902 break; 903 case CRYPTO_SHA2_256_HMAC: 904 axf = &auth_hash_hmac_sha2_256; 905 mac_key_size = SHA2_256_HASH_LEN; 906 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA256; 907 break; 908 case CRYPTO_SHA2_384_HMAC: 909 axf = &auth_hash_hmac_sha2_384; 910 mac_key_size = SHA2_512_HASH_LEN; 911 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA512_384; 912 break; 913 default: 914 panic("bad auth mode"); 915 } 916 k_ctx->state.enc_mode = SCMD_CIPH_MODE_AES_CBC; 917 k_ctx->iv_size = 8; /* for CBC, iv is 16B, unit of 2B */ 918 k_ctx->mac_first = 1; 919 k_ctx->hmac_ctrl = SCMD_HMAC_CTRL_NO_TRUNC; 920 k_ctx->tx_key_info_size += roundup2(mac_key_size, 16) * 2; 921 k_ctx->mac_secret_size = mac_key_size; 922 t4_init_hmac_digest(axf, mac_key_size, tls->params.auth_key, 923 tls->params.auth_key_len * 8, hash); 924 } 925 926 k_ctx->frag_size = tls->params.max_frame_len; 927 k_ctx->iv_ctrl = 1; 928 } 929 930 int 931 tls_alloc_ktls(struct toepcb *toep, struct ktls_session *tls) 932 { 933 struct tls_key_context *k_ctx; 934 int error; 935 936 if (toep->tls.mode == TLS_MODE_TLSOM) 937 return (EINVAL); 938 if (!can_tls_offload(td_adapter(toep->td))) 939 return (EINVAL); 940 switch (ulp_mode(toep)) { 941 case ULP_MODE_NONE: 942 case ULP_MODE_TCPDDP: 943 break; 944 default: 945 return (EINVAL); 946 } 947 948 switch (tls->params.cipher_algorithm) { 949 case CRYPTO_AES_CBC: 950 /* XXX: Explicitly ignore any provided IV. */ 951 switch (tls->params.cipher_key_len) { 952 case 128 / 8: 953 case 192 / 8: 954 case 256 / 8: 955 break; 956 default: 957 return (EINVAL); 958 } 959 switch (tls->params.auth_algorithm) { 960 case CRYPTO_SHA1_HMAC: 961 case CRYPTO_SHA2_256_HMAC: 962 case CRYPTO_SHA2_384_HMAC: 963 break; 964 default: 965 return (EPROTONOSUPPORT); 966 } 967 break; 968 case CRYPTO_AES_NIST_GCM_16: 969 if (tls->params.iv_len != SALT_SIZE) 970 return (EINVAL); 971 switch (tls->params.cipher_key_len) { 972 case 128 / 8: 973 case 192 / 8: 974 case 256 / 8: 975 break; 976 default: 977 return (EINVAL); 978 } 979 break; 980 default: 981 return (EPROTONOSUPPORT); 982 } 983 984 /* Only TLS 1.1 and TLS 1.2 are currently supported. */ 985 if (tls->params.tls_vmajor != TLS_MAJOR_VER_ONE || 986 tls->params.tls_vminor < TLS_MINOR_VER_ONE || 987 tls->params.tls_vminor > TLS_MINOR_VER_TWO) 988 return (EPROTONOSUPPORT); 989 990 /* 991 * XXX: This assumes no key renegotation. If KTLS ever supports 992 * that we will want to allocate TLS sessions dynamically rather 993 * than as a static member of toep. 994 */ 995 k_ctx = &toep->tls.k_ctx; 996 init_ktls_key_context(tls, k_ctx); 997 998 toep->tls.scmd0.seqno_numivs = 999 (V_SCMD_SEQ_NO_CTRL(3) | 1000 V_SCMD_PROTO_VERSION(k_ctx->proto_ver) | 1001 V_SCMD_ENC_DEC_CTRL(SCMD_ENCDECCTRL_ENCRYPT) | 1002 V_SCMD_CIPH_AUTH_SEQ_CTRL((k_ctx->mac_first == 0)) | 1003 V_SCMD_CIPH_MODE(k_ctx->state.enc_mode) | 1004 V_SCMD_AUTH_MODE(k_ctx->state.auth_mode) | 1005 V_SCMD_HMAC_CTRL(k_ctx->hmac_ctrl) | 1006 V_SCMD_IV_SIZE(k_ctx->iv_size)); 1007 1008 toep->tls.scmd0.ivgen_hdrlen = 1009 (V_SCMD_IV_GEN_CTRL(k_ctx->iv_ctrl) | 1010 V_SCMD_KEY_CTX_INLINE(0) | 1011 V_SCMD_TLS_FRAG_ENABLE(1)); 1012 1013 if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) 1014 toep->tls.iv_len = 8; 1015 else 1016 toep->tls.iv_len = AES_BLOCK_LEN; 1017 1018 toep->tls.mac_length = k_ctx->mac_secret_size; 1019 1020 toep->tls.tx_key_addr = -1; 1021 1022 error = tls_program_key_id(toep, k_ctx); 1023 if (error) 1024 return (error); 1025 1026 toep->tls.fcplenmax = get_tp_plen_max(&toep->tls); 1027 toep->tls.expn_per_ulp = tls->params.tls_hlen + tls->params.tls_tlen; 1028 toep->tls.pdus_per_ulp = 1; 1029 toep->tls.adjusted_plen = toep->tls.expn_per_ulp + 1030 toep->tls.k_ctx.frag_size; 1031 1032 toep->tls.mode = TLS_MODE_KTLS; 1033 1034 return (0); 1035 } 1036 #endif 1037 1038 void 1039 tls_init_toep(struct toepcb *toep) 1040 { 1041 struct tls_ofld_info *tls_ofld = &toep->tls; 1042 1043 tls_ofld->mode = TLS_MODE_OFF; 1044 tls_ofld->key_location = TLS_SFO_WR_CONTEXTLOC_DDR; 1045 tls_ofld->rx_key_addr = -1; 1046 tls_ofld->tx_key_addr = -1; 1047 if (ulp_mode(toep) == ULP_MODE_TLS) 1048 callout_init_mtx(&tls_ofld->handshake_timer, 1049 &tls_handshake_lock, 0); 1050 } 1051 1052 void 1053 tls_establish(struct toepcb *toep) 1054 { 1055 1056 /* 1057 * Enable PDU extraction. 1058 * 1059 * XXX: Supposedly this should be done by the firmware when 1060 * the ULP_MODE FLOWC parameter is set in send_flowc_wr(), but 1061 * in practice this seems to be required. 1062 */ 1063 CTR2(KTR_CXGBE, "%s: tid %d setting TLS_ENABLE", __func__, toep->tid); 1064 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, V_TCB_ULP_RAW(M_TCB_ULP_RAW), 1065 V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1))); 1066 1067 toep->flags |= TPF_FORCE_CREDITS; 1068 1069 tls_start_handshake_timer(toep); 1070 } 1071 1072 void 1073 tls_uninit_toep(struct toepcb *toep) 1074 { 1075 1076 if (ulp_mode(toep) == ULP_MODE_TLS) 1077 tls_stop_handshake_timer(toep); 1078 clear_tls_keyid(toep); 1079 } 1080 1081 #define MAX_OFLD_TX_CREDITS (SGE_MAX_WR_LEN / 16) 1082 #define MIN_OFLD_TLSTX_CREDITS(toep) \ 1083 (howmany(sizeof(struct fw_tlstx_data_wr) + \ 1084 sizeof(struct cpl_tx_tls_sfo) + key_size((toep)) + \ 1085 CIPHER_BLOCK_SIZE + 1, 16)) 1086 1087 static inline u_int 1088 max_imm_tls_space(int tx_credits) 1089 { 1090 const int n = 2; /* Use only up to 2 desc for imm. data WR */ 1091 int space; 1092 1093 KASSERT(tx_credits >= 0 && 1094 tx_credits <= MAX_OFLD_TX_CREDITS, 1095 ("%s: %d credits", __func__, tx_credits)); 1096 1097 if (tx_credits >= (n * EQ_ESIZE) / 16) 1098 space = (n * EQ_ESIZE); 1099 else 1100 space = tx_credits * 16; 1101 return (space); 1102 } 1103 1104 static int 1105 count_mbuf_segs(struct mbuf *m, int skip, int len, int *max_nsegs_1mbufp) 1106 { 1107 int max_nsegs_1mbuf, n, nsegs; 1108 1109 while (skip >= m->m_len) { 1110 skip -= m->m_len; 1111 m = m->m_next; 1112 } 1113 1114 nsegs = 0; 1115 max_nsegs_1mbuf = 0; 1116 while (len > 0) { 1117 n = sglist_count(mtod(m, char *) + skip, m->m_len - skip); 1118 if (n > max_nsegs_1mbuf) 1119 max_nsegs_1mbuf = n; 1120 nsegs += n; 1121 len -= m->m_len - skip; 1122 skip = 0; 1123 m = m->m_next; 1124 } 1125 *max_nsegs_1mbufp = max_nsegs_1mbuf; 1126 return (nsegs); 1127 } 1128 1129 static void 1130 write_tlstx_wr(struct fw_tlstx_data_wr *txwr, struct toepcb *toep, 1131 unsigned int immdlen, unsigned int plen, unsigned int expn, 1132 unsigned int pdus, uint8_t credits, int shove, int imm_ivs) 1133 { 1134 struct tls_ofld_info *tls_ofld = &toep->tls; 1135 unsigned int len = plen + expn; 1136 1137 txwr->op_to_immdlen = htobe32(V_WR_OP(FW_TLSTX_DATA_WR) | 1138 V_FW_TLSTX_DATA_WR_COMPL(1) | 1139 V_FW_TLSTX_DATA_WR_IMMDLEN(immdlen)); 1140 txwr->flowid_len16 = htobe32(V_FW_TLSTX_DATA_WR_FLOWID(toep->tid) | 1141 V_FW_TLSTX_DATA_WR_LEN16(credits)); 1142 txwr->plen = htobe32(len); 1143 txwr->lsodisable_to_flags = htobe32(V_TX_ULP_MODE(ULP_MODE_TLS) | 1144 V_TX_URG(0) | /* F_T6_TX_FORCE | */ V_TX_SHOVE(shove)); 1145 txwr->ctxloc_to_exp = htobe32(V_FW_TLSTX_DATA_WR_NUMIVS(pdus) | 1146 V_FW_TLSTX_DATA_WR_EXP(expn) | 1147 V_FW_TLSTX_DATA_WR_CTXLOC(tls_ofld->key_location) | 1148 V_FW_TLSTX_DATA_WR_IVDSGL(!imm_ivs) | 1149 V_FW_TLSTX_DATA_WR_KEYSIZE(tls_ofld->k_ctx.tx_key_info_size >> 4)); 1150 txwr->mfs = htobe16(tls_ofld->k_ctx.frag_size); 1151 txwr->adjustedplen_pkd = htobe16( 1152 V_FW_TLSTX_DATA_WR_ADJUSTEDPLEN(tls_ofld->adjusted_plen)); 1153 txwr->expinplenmax_pkd = htobe16( 1154 V_FW_TLSTX_DATA_WR_EXPINPLENMAX(tls_ofld->expn_per_ulp)); 1155 txwr->pdusinplenmax_pkd = 1156 V_FW_TLSTX_DATA_WR_PDUSINPLENMAX(tls_ofld->pdus_per_ulp); 1157 } 1158 1159 static void 1160 write_tlstx_cpl(struct cpl_tx_tls_sfo *cpl, struct toepcb *toep, 1161 struct tls_hdr *tls_hdr, unsigned int plen, unsigned int pdus) 1162 { 1163 struct tls_ofld_info *tls_ofld = &toep->tls; 1164 int data_type, seglen; 1165 1166 if (plen < tls_ofld->k_ctx.frag_size) 1167 seglen = plen; 1168 else 1169 seglen = tls_ofld->k_ctx.frag_size; 1170 data_type = tls_content_type(tls_hdr->type); 1171 cpl->op_to_seg_len = htobe32(V_CPL_TX_TLS_SFO_OPCODE(CPL_TX_TLS_SFO) | 1172 V_CPL_TX_TLS_SFO_DATA_TYPE(data_type) | 1173 V_CPL_TX_TLS_SFO_CPL_LEN(2) | V_CPL_TX_TLS_SFO_SEG_LEN(seglen)); 1174 cpl->pld_len = htobe32(plen); 1175 if (data_type == CPL_TX_TLS_SFO_TYPE_HEARTBEAT) 1176 cpl->type_protover = htobe32( 1177 V_CPL_TX_TLS_SFO_TYPE(tls_hdr->type)); 1178 cpl->seqno_numivs = htobe32(tls_ofld->scmd0.seqno_numivs | 1179 V_SCMD_NUM_IVS(pdus)); 1180 cpl->ivgen_hdrlen = htobe32(tls_ofld->scmd0.ivgen_hdrlen); 1181 cpl->scmd1 = htobe64(tls_ofld->tx_seq_no); 1182 tls_ofld->tx_seq_no += pdus; 1183 } 1184 1185 /* 1186 * Similar to write_tx_sgl() except that it accepts an optional 1187 * trailer buffer for IVs. 1188 */ 1189 static void 1190 write_tlstx_sgl(void *dst, struct mbuf *start, int skip, int plen, 1191 void *iv_buffer, int iv_len, int nsegs, int n) 1192 { 1193 struct mbuf *m; 1194 struct ulptx_sgl *usgl = dst; 1195 int i, j, rc; 1196 struct sglist sg; 1197 struct sglist_seg segs[n]; 1198 1199 KASSERT(nsegs > 0, ("%s: nsegs 0", __func__)); 1200 1201 sglist_init(&sg, n, segs); 1202 usgl->cmd_nsge = htobe32(V_ULPTX_CMD(ULP_TX_SC_DSGL) | 1203 V_ULPTX_NSGE(nsegs)); 1204 1205 for (m = start; skip >= m->m_len; m = m->m_next) 1206 skip -= m->m_len; 1207 1208 i = -1; 1209 for (m = start; plen > 0; m = m->m_next) { 1210 rc = sglist_append(&sg, mtod(m, char *) + skip, 1211 m->m_len - skip); 1212 if (__predict_false(rc != 0)) 1213 panic("%s: sglist_append %d", __func__, rc); 1214 plen -= m->m_len - skip; 1215 skip = 0; 1216 1217 for (j = 0; j < sg.sg_nseg; i++, j++) { 1218 if (i < 0) { 1219 usgl->len0 = htobe32(segs[j].ss_len); 1220 usgl->addr0 = htobe64(segs[j].ss_paddr); 1221 } else { 1222 usgl->sge[i / 2].len[i & 1] = 1223 htobe32(segs[j].ss_len); 1224 usgl->sge[i / 2].addr[i & 1] = 1225 htobe64(segs[j].ss_paddr); 1226 } 1227 #ifdef INVARIANTS 1228 nsegs--; 1229 #endif 1230 } 1231 sglist_reset(&sg); 1232 } 1233 if (iv_buffer != NULL) { 1234 rc = sglist_append(&sg, iv_buffer, iv_len); 1235 if (__predict_false(rc != 0)) 1236 panic("%s: sglist_append %d", __func__, rc); 1237 1238 for (j = 0; j < sg.sg_nseg; i++, j++) { 1239 if (i < 0) { 1240 usgl->len0 = htobe32(segs[j].ss_len); 1241 usgl->addr0 = htobe64(segs[j].ss_paddr); 1242 } else { 1243 usgl->sge[i / 2].len[i & 1] = 1244 htobe32(segs[j].ss_len); 1245 usgl->sge[i / 2].addr[i & 1] = 1246 htobe64(segs[j].ss_paddr); 1247 } 1248 #ifdef INVARIANTS 1249 nsegs--; 1250 #endif 1251 } 1252 } 1253 if (i & 1) 1254 usgl->sge[i / 2].len[1] = htobe32(0); 1255 KASSERT(nsegs == 0, ("%s: nsegs %d, start %p, iv_buffer %p", 1256 __func__, nsegs, start, iv_buffer)); 1257 } 1258 1259 /* 1260 * Similar to t4_push_frames() but handles TLS sockets when TLS offload 1261 * is enabled. Rather than transmitting bulk data, the socket buffer 1262 * contains TLS records. The work request requires a full TLS record, 1263 * so batch mbufs up until a full TLS record is seen. This requires 1264 * reading the TLS header out of the start of each record to determine 1265 * its length. 1266 */ 1267 void 1268 t4_push_tls_records(struct adapter *sc, struct toepcb *toep, int drop) 1269 { 1270 struct tls_hdr thdr; 1271 struct mbuf *sndptr; 1272 struct fw_tlstx_data_wr *txwr; 1273 struct cpl_tx_tls_sfo *cpl; 1274 struct wrqe *wr; 1275 u_int plen, nsegs, credits, space, max_nsegs_1mbuf, wr_len; 1276 u_int expn_size, iv_len, pdus, sndptroff; 1277 struct tls_ofld_info *tls_ofld = &toep->tls; 1278 struct inpcb *inp = toep->inp; 1279 struct tcpcb *tp = intotcpcb(inp); 1280 struct socket *so = inp->inp_socket; 1281 struct sockbuf *sb = &so->so_snd; 1282 int tls_size, tx_credits, shove, /* compl,*/ sowwakeup; 1283 struct ofld_tx_sdesc *txsd; 1284 bool imm_ivs, imm_payload; 1285 void *iv_buffer, *iv_dst, *buf; 1286 1287 INP_WLOCK_ASSERT(inp); 1288 KASSERT(toep->flags & TPF_FLOWC_WR_SENT, 1289 ("%s: flowc_wr not sent for tid %u.", __func__, toep->tid)); 1290 1291 KASSERT(ulp_mode(toep) == ULP_MODE_NONE || 1292 ulp_mode(toep) == ULP_MODE_TCPDDP || ulp_mode(toep) == ULP_MODE_TLS, 1293 ("%s: ulp_mode %u for toep %p", __func__, ulp_mode(toep), toep)); 1294 KASSERT(tls_tx_key(toep), 1295 ("%s: TX key not set for toep %p", __func__, toep)); 1296 1297 #ifdef VERBOSE_TRACES 1298 CTR4(KTR_CXGBE, "%s: tid %d toep flags %#x tp flags %#x drop %d", 1299 __func__, toep->tid, toep->flags, tp->t_flags); 1300 #endif 1301 if (__predict_false(toep->flags & TPF_ABORT_SHUTDOWN)) 1302 return; 1303 1304 #ifdef RATELIMIT 1305 if (__predict_false(inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) && 1306 (update_tx_rate_limit(sc, toep, so->so_max_pacing_rate) == 0)) { 1307 inp->inp_flags2 &= ~INP_RATE_LIMIT_CHANGED; 1308 } 1309 #endif 1310 1311 /* 1312 * This function doesn't resume by itself. Someone else must clear the 1313 * flag and call this function. 1314 */ 1315 if (__predict_false(toep->flags & TPF_TX_SUSPENDED)) { 1316 KASSERT(drop == 0, 1317 ("%s: drop (%d) != 0 but tx is suspended", __func__, drop)); 1318 return; 1319 } 1320 1321 txsd = &toep->txsd[toep->txsd_pidx]; 1322 for (;;) { 1323 tx_credits = min(toep->tx_credits, MAX_OFLD_TX_CREDITS); 1324 space = max_imm_tls_space(tx_credits); 1325 wr_len = sizeof(struct fw_tlstx_data_wr) + 1326 sizeof(struct cpl_tx_tls_sfo) + key_size(toep); 1327 if (wr_len + CIPHER_BLOCK_SIZE + 1 > space) { 1328 #ifdef VERBOSE_TRACES 1329 CTR5(KTR_CXGBE, 1330 "%s: tid %d tx_credits %d min_wr %d space %d", 1331 __func__, toep->tid, tx_credits, wr_len + 1332 CIPHER_BLOCK_SIZE + 1, space); 1333 #endif 1334 return; 1335 } 1336 1337 SOCKBUF_LOCK(sb); 1338 sowwakeup = drop; 1339 if (drop) { 1340 sbdrop_locked(sb, drop); 1341 MPASS(tls_ofld->sb_off >= drop); 1342 tls_ofld->sb_off -= drop; 1343 drop = 0; 1344 } 1345 1346 /* 1347 * Send a FIN if requested, but only if there's no 1348 * more data to send. 1349 */ 1350 if (sbavail(sb) == tls_ofld->sb_off && 1351 toep->flags & TPF_SEND_FIN) { 1352 if (sowwakeup) 1353 sowwakeup_locked(so); 1354 else 1355 SOCKBUF_UNLOCK(sb); 1356 SOCKBUF_UNLOCK_ASSERT(sb); 1357 t4_close_conn(sc, toep); 1358 return; 1359 } 1360 1361 if (sbavail(sb) < tls_ofld->sb_off + TLS_HEADER_LENGTH) { 1362 /* 1363 * A full TLS header is not yet queued, stop 1364 * for now until more data is added to the 1365 * socket buffer. However, if the connection 1366 * has been closed, we will never get the rest 1367 * of the header so just discard the partial 1368 * header and close the connection. 1369 */ 1370 #ifdef VERBOSE_TRACES 1371 CTR5(KTR_CXGBE, "%s: tid %d sbavail %d sb_off %d%s", 1372 __func__, toep->tid, sbavail(sb), tls_ofld->sb_off, 1373 toep->flags & TPF_SEND_FIN ? "" : " SEND_FIN"); 1374 #endif 1375 if (sowwakeup) 1376 sowwakeup_locked(so); 1377 else 1378 SOCKBUF_UNLOCK(sb); 1379 SOCKBUF_UNLOCK_ASSERT(sb); 1380 if (toep->flags & TPF_SEND_FIN) 1381 t4_close_conn(sc, toep); 1382 return; 1383 } 1384 1385 /* Read the header of the next TLS record. */ 1386 sndptr = sbsndmbuf(sb, tls_ofld->sb_off, &sndptroff); 1387 m_copydata(sndptr, sndptroff, sizeof(thdr), (caddr_t)&thdr); 1388 tls_size = htons(thdr.length); 1389 plen = TLS_HEADER_LENGTH + tls_size; 1390 pdus = howmany(tls_size, tls_ofld->k_ctx.frag_size); 1391 iv_len = pdus * CIPHER_BLOCK_SIZE; 1392 1393 if (sbavail(sb) < tls_ofld->sb_off + plen) { 1394 /* 1395 * The full TLS record is not yet queued, stop 1396 * for now until more data is added to the 1397 * socket buffer. However, if the connection 1398 * has been closed, we will never get the rest 1399 * of the record so just discard the partial 1400 * record and close the connection. 1401 */ 1402 #ifdef VERBOSE_TRACES 1403 CTR6(KTR_CXGBE, 1404 "%s: tid %d sbavail %d sb_off %d plen %d%s", 1405 __func__, toep->tid, sbavail(sb), tls_ofld->sb_off, 1406 plen, toep->flags & TPF_SEND_FIN ? "" : 1407 " SEND_FIN"); 1408 #endif 1409 if (sowwakeup) 1410 sowwakeup_locked(so); 1411 else 1412 SOCKBUF_UNLOCK(sb); 1413 SOCKBUF_UNLOCK_ASSERT(sb); 1414 if (toep->flags & TPF_SEND_FIN) 1415 t4_close_conn(sc, toep); 1416 return; 1417 } 1418 1419 /* Shove if there is no additional data pending. */ 1420 shove = (sbavail(sb) == tls_ofld->sb_off + plen) && 1421 !(tp->t_flags & TF_MORETOCOME); 1422 1423 if (sb->sb_flags & SB_AUTOSIZE && 1424 V_tcp_do_autosndbuf && 1425 sb->sb_hiwat < V_tcp_autosndbuf_max && 1426 sbused(sb) >= sb->sb_hiwat * 7 / 8) { 1427 int newsize = min(sb->sb_hiwat + V_tcp_autosndbuf_inc, 1428 V_tcp_autosndbuf_max); 1429 1430 if (!sbreserve_locked(sb, newsize, so, NULL)) 1431 sb->sb_flags &= ~SB_AUTOSIZE; 1432 else 1433 sowwakeup = 1; /* room available */ 1434 } 1435 if (sowwakeup) 1436 sowwakeup_locked(so); 1437 else 1438 SOCKBUF_UNLOCK(sb); 1439 SOCKBUF_UNLOCK_ASSERT(sb); 1440 1441 if (__predict_false(toep->flags & TPF_FIN_SENT)) 1442 panic("%s: excess tx.", __func__); 1443 1444 /* Determine whether to use immediate vs SGL. */ 1445 imm_payload = false; 1446 imm_ivs = false; 1447 if (wr_len + iv_len <= space) { 1448 imm_ivs = true; 1449 wr_len += iv_len; 1450 if (wr_len + tls_size <= space) { 1451 wr_len += tls_size; 1452 imm_payload = true; 1453 } 1454 } 1455 1456 /* Allocate space for IVs if needed. */ 1457 if (!imm_ivs) { 1458 iv_buffer = malloc(iv_len, M_CXGBE, M_NOWAIT); 1459 if (iv_buffer == NULL) { 1460 /* 1461 * XXX: How to restart this? 1462 */ 1463 if (sowwakeup) 1464 sowwakeup_locked(so); 1465 else 1466 SOCKBUF_UNLOCK(sb); 1467 SOCKBUF_UNLOCK_ASSERT(sb); 1468 CTR3(KTR_CXGBE, 1469 "%s: tid %d failed to alloc IV space len %d", 1470 __func__, toep->tid, iv_len); 1471 return; 1472 } 1473 } else 1474 iv_buffer = NULL; 1475 1476 /* Determine size of SGL. */ 1477 nsegs = 0; 1478 max_nsegs_1mbuf = 0; /* max # of SGL segments in any one mbuf */ 1479 if (!imm_payload) { 1480 nsegs = count_mbuf_segs(sndptr, sndptroff + 1481 TLS_HEADER_LENGTH, tls_size, &max_nsegs_1mbuf); 1482 if (!imm_ivs) { 1483 int n = sglist_count(iv_buffer, iv_len); 1484 nsegs += n; 1485 if (n > max_nsegs_1mbuf) 1486 max_nsegs_1mbuf = n; 1487 } 1488 1489 /* Account for SGL in work request length. */ 1490 wr_len += sizeof(struct ulptx_sgl) + 1491 ((3 * (nsegs - 1)) / 2 + ((nsegs - 1) & 1)) * 8; 1492 } 1493 1494 wr = alloc_wrqe(roundup2(wr_len, 16), toep->ofld_txq); 1495 if (wr == NULL) { 1496 /* XXX: how will we recover from this? */ 1497 toep->flags |= TPF_TX_SUSPENDED; 1498 return; 1499 } 1500 1501 #ifdef VERBOSE_TRACES 1502 CTR5(KTR_CXGBE, "%s: tid %d TLS record %d len %#x pdus %d", 1503 __func__, toep->tid, thdr.type, tls_size, pdus); 1504 #endif 1505 txwr = wrtod(wr); 1506 cpl = (struct cpl_tx_tls_sfo *)(txwr + 1); 1507 memset(txwr, 0, roundup2(wr_len, 16)); 1508 credits = howmany(wr_len, 16); 1509 expn_size = tls_expansion_size(toep, tls_size, 0, NULL); 1510 write_tlstx_wr(txwr, toep, imm_payload ? tls_size : 0, 1511 tls_size, expn_size, pdus, credits, shove, imm_ivs ? 1 : 0); 1512 write_tlstx_cpl(cpl, toep, &thdr, tls_size, pdus); 1513 tls_copy_tx_key(toep, cpl + 1); 1514 1515 /* Generate random IVs */ 1516 buf = (char *)(cpl + 1) + key_size(toep); 1517 if (imm_ivs) { 1518 MPASS(iv_buffer == NULL); 1519 iv_dst = buf; 1520 buf = (char *)iv_dst + iv_len; 1521 } else 1522 iv_dst = iv_buffer; 1523 arc4rand(iv_dst, iv_len, 0); 1524 1525 if (imm_payload) { 1526 m_copydata(sndptr, sndptroff + TLS_HEADER_LENGTH, 1527 tls_size, buf); 1528 } else { 1529 write_tlstx_sgl(buf, sndptr, 1530 sndptroff + TLS_HEADER_LENGTH, tls_size, iv_buffer, 1531 iv_len, nsegs, max_nsegs_1mbuf); 1532 } 1533 1534 KASSERT(toep->tx_credits >= credits, 1535 ("%s: not enough credits", __func__)); 1536 1537 toep->tx_credits -= credits; 1538 1539 tp->snd_nxt += plen; 1540 tp->snd_max += plen; 1541 1542 SOCKBUF_LOCK(sb); 1543 sbsndptr_adv(sb, sb->sb_sndptr, plen); 1544 tls_ofld->sb_off += plen; 1545 SOCKBUF_UNLOCK(sb); 1546 1547 toep->flags |= TPF_TX_DATA_SENT; 1548 if (toep->tx_credits < MIN_OFLD_TLSTX_CREDITS(toep)) 1549 toep->flags |= TPF_TX_SUSPENDED; 1550 1551 KASSERT(toep->txsd_avail > 0, ("%s: no txsd", __func__)); 1552 txsd->plen = plen; 1553 txsd->tx_credits = credits; 1554 txsd->iv_buffer = iv_buffer; 1555 txsd++; 1556 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) { 1557 toep->txsd_pidx = 0; 1558 txsd = &toep->txsd[0]; 1559 } 1560 toep->txsd_avail--; 1561 1562 atomic_add_long(&toep->vi->pi->tx_toe_tls_records, 1); 1563 atomic_add_long(&toep->vi->pi->tx_toe_tls_octets, plen); 1564 1565 t4_l2t_send(sc, wr, toep->l2te); 1566 } 1567 } 1568 1569 #ifdef KERN_TLS 1570 static int 1571 count_ext_pgs_segs(struct mbuf_ext_pgs *ext_pgs) 1572 { 1573 vm_paddr_t nextpa; 1574 u_int i, nsegs; 1575 1576 MPASS(ext_pgs->npgs > 0); 1577 nsegs = 1; 1578 nextpa = ext_pgs->pa[0] + PAGE_SIZE; 1579 for (i = 1; i < ext_pgs->npgs; i++) { 1580 if (nextpa != ext_pgs->pa[i]) 1581 nsegs++; 1582 nextpa = ext_pgs->pa[i] + PAGE_SIZE; 1583 } 1584 return (nsegs); 1585 } 1586 1587 static void 1588 write_ktlstx_sgl(void *dst, struct mbuf_ext_pgs *ext_pgs, int nsegs) 1589 { 1590 struct ulptx_sgl *usgl = dst; 1591 vm_paddr_t pa; 1592 uint32_t len; 1593 int i, j; 1594 1595 KASSERT(nsegs > 0, ("%s: nsegs 0", __func__)); 1596 1597 usgl->cmd_nsge = htobe32(V_ULPTX_CMD(ULP_TX_SC_DSGL) | 1598 V_ULPTX_NSGE(nsegs)); 1599 1600 /* Figure out the first S/G length. */ 1601 pa = ext_pgs->pa[0] + ext_pgs->first_pg_off; 1602 usgl->addr0 = htobe64(pa); 1603 len = mbuf_ext_pg_len(ext_pgs, 0, ext_pgs->first_pg_off); 1604 pa += len; 1605 for (i = 1; i < ext_pgs->npgs; i++) { 1606 if (ext_pgs->pa[i] != pa) 1607 break; 1608 len += mbuf_ext_pg_len(ext_pgs, i, 0); 1609 pa += mbuf_ext_pg_len(ext_pgs, i, 0); 1610 } 1611 usgl->len0 = htobe32(len); 1612 #ifdef INVARIANTS 1613 nsegs--; 1614 #endif 1615 1616 j = -1; 1617 for (; i < ext_pgs->npgs; i++) { 1618 if (j == -1 || ext_pgs->pa[i] != pa) { 1619 if (j >= 0) 1620 usgl->sge[j / 2].len[j & 1] = htobe32(len); 1621 j++; 1622 #ifdef INVARIANTS 1623 nsegs--; 1624 #endif 1625 pa = ext_pgs->pa[i]; 1626 usgl->sge[j / 2].addr[j & 1] = htobe64(pa); 1627 len = mbuf_ext_pg_len(ext_pgs, i, 0); 1628 pa += len; 1629 } else { 1630 len += mbuf_ext_pg_len(ext_pgs, i, 0); 1631 pa += mbuf_ext_pg_len(ext_pgs, i, 0); 1632 } 1633 } 1634 if (j >= 0) { 1635 usgl->sge[j / 2].len[j & 1] = htobe32(len); 1636 1637 if ((j & 1) == 0) 1638 usgl->sge[j / 2].len[1] = htobe32(0); 1639 } 1640 KASSERT(nsegs == 0, ("%s: nsegs %d, ext_pgs %p", __func__, nsegs, 1641 ext_pgs)); 1642 } 1643 1644 /* 1645 * Similar to t4_push_frames() but handles sockets that contain TLS 1646 * record mbufs. Unlike TLSOM, each mbuf is a complete TLS record and 1647 * corresponds to a single work request. 1648 */ 1649 void 1650 t4_push_ktls(struct adapter *sc, struct toepcb *toep, int drop) 1651 { 1652 struct tls_hdr *thdr; 1653 struct fw_tlstx_data_wr *txwr; 1654 struct cpl_tx_tls_sfo *cpl; 1655 struct wrqe *wr; 1656 struct mbuf *m; 1657 u_int nsegs, credits, wr_len; 1658 u_int expn_size; 1659 struct inpcb *inp = toep->inp; 1660 struct tcpcb *tp = intotcpcb(inp); 1661 struct socket *so = inp->inp_socket; 1662 struct sockbuf *sb = &so->so_snd; 1663 int tls_size, tx_credits, shove, sowwakeup; 1664 struct ofld_tx_sdesc *txsd; 1665 char *buf; 1666 1667 INP_WLOCK_ASSERT(inp); 1668 KASSERT(toep->flags & TPF_FLOWC_WR_SENT, 1669 ("%s: flowc_wr not sent for tid %u.", __func__, toep->tid)); 1670 1671 KASSERT(ulp_mode(toep) == ULP_MODE_NONE || 1672 ulp_mode(toep) == ULP_MODE_TCPDDP, 1673 ("%s: ulp_mode %u for toep %p", __func__, ulp_mode(toep), toep)); 1674 KASSERT(tls_tx_key(toep), 1675 ("%s: TX key not set for toep %p", __func__, toep)); 1676 1677 #ifdef VERBOSE_TRACES 1678 CTR4(KTR_CXGBE, "%s: tid %d toep flags %#x tp flags %#x drop %d", 1679 __func__, toep->tid, toep->flags, tp->t_flags); 1680 #endif 1681 if (__predict_false(toep->flags & TPF_ABORT_SHUTDOWN)) 1682 return; 1683 1684 #ifdef RATELIMIT 1685 if (__predict_false(inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) && 1686 (update_tx_rate_limit(sc, toep, so->so_max_pacing_rate) == 0)) { 1687 inp->inp_flags2 &= ~INP_RATE_LIMIT_CHANGED; 1688 } 1689 #endif 1690 1691 /* 1692 * This function doesn't resume by itself. Someone else must clear the 1693 * flag and call this function. 1694 */ 1695 if (__predict_false(toep->flags & TPF_TX_SUSPENDED)) { 1696 KASSERT(drop == 0, 1697 ("%s: drop (%d) != 0 but tx is suspended", __func__, drop)); 1698 return; 1699 } 1700 1701 txsd = &toep->txsd[toep->txsd_pidx]; 1702 for (;;) { 1703 tx_credits = min(toep->tx_credits, MAX_OFLD_TX_CREDITS); 1704 1705 SOCKBUF_LOCK(sb); 1706 sowwakeup = drop; 1707 if (drop) { 1708 sbdrop_locked(sb, drop); 1709 drop = 0; 1710 } 1711 1712 m = sb->sb_sndptr != NULL ? sb->sb_sndptr->m_next : sb->sb_mb; 1713 1714 /* 1715 * Send a FIN if requested, but only if there's no 1716 * more data to send. 1717 */ 1718 if (m == NULL && toep->flags & TPF_SEND_FIN) { 1719 if (sowwakeup) 1720 sowwakeup_locked(so); 1721 else 1722 SOCKBUF_UNLOCK(sb); 1723 SOCKBUF_UNLOCK_ASSERT(sb); 1724 t4_close_conn(sc, toep); 1725 return; 1726 } 1727 1728 /* 1729 * If there is no ready data to send, wait until more 1730 * data arrives. 1731 */ 1732 if (m == NULL || (m->m_flags & M_NOTAVAIL) != 0) { 1733 if (sowwakeup) 1734 sowwakeup_locked(so); 1735 else 1736 SOCKBUF_UNLOCK(sb); 1737 SOCKBUF_UNLOCK_ASSERT(sb); 1738 #ifdef VERBOSE_TRACES 1739 CTR2(KTR_CXGBE, "%s: tid %d no ready data to send", 1740 __func__, toep->tid); 1741 #endif 1742 return; 1743 } 1744 1745 KASSERT(m->m_flags & M_NOMAP, ("%s: mbuf %p is not NOMAP", 1746 __func__, m)); 1747 KASSERT(m->m_ext.ext_pgs->tls != NULL, 1748 ("%s: mbuf %p doesn't have TLS session", __func__, m)); 1749 1750 /* Calculate WR length. */ 1751 wr_len = sizeof(struct fw_tlstx_data_wr) + 1752 sizeof(struct cpl_tx_tls_sfo) + key_size(toep); 1753 1754 /* Explicit IVs for AES-CBC and AES-GCM are <= 16. */ 1755 MPASS(toep->tls.iv_len <= AES_BLOCK_LEN); 1756 wr_len += AES_BLOCK_LEN; 1757 1758 /* Account for SGL in work request length. */ 1759 nsegs = count_ext_pgs_segs(m->m_ext.ext_pgs); 1760 wr_len += sizeof(struct ulptx_sgl) + 1761 ((3 * (nsegs - 1)) / 2 + ((nsegs - 1) & 1)) * 8; 1762 1763 /* Not enough credits for this work request. */ 1764 if (howmany(wr_len, 16) > tx_credits) { 1765 if (sowwakeup) 1766 sowwakeup_locked(so); 1767 else 1768 SOCKBUF_UNLOCK(sb); 1769 SOCKBUF_UNLOCK_ASSERT(sb); 1770 #ifdef VERBOSE_TRACES 1771 CTR5(KTR_CXGBE, 1772 "%s: tid %d mbuf %p requires %d credits, but only %d available", 1773 __func__, toep->tid, m, howmany(wr_len, 16), 1774 tx_credits); 1775 #endif 1776 toep->flags |= TPF_TX_SUSPENDED; 1777 return; 1778 } 1779 1780 /* Shove if there is no additional data pending. */ 1781 shove = ((m->m_next == NULL || 1782 (m->m_next->m_flags & M_NOTAVAIL) != 0)) && 1783 (tp->t_flags & TF_MORETOCOME) == 0; 1784 1785 if (sb->sb_flags & SB_AUTOSIZE && 1786 V_tcp_do_autosndbuf && 1787 sb->sb_hiwat < V_tcp_autosndbuf_max && 1788 sbused(sb) >= sb->sb_hiwat * 7 / 8) { 1789 int newsize = min(sb->sb_hiwat + V_tcp_autosndbuf_inc, 1790 V_tcp_autosndbuf_max); 1791 1792 if (!sbreserve_locked(sb, newsize, so, NULL)) 1793 sb->sb_flags &= ~SB_AUTOSIZE; 1794 else 1795 sowwakeup = 1; /* room available */ 1796 } 1797 if (sowwakeup) 1798 sowwakeup_locked(so); 1799 else 1800 SOCKBUF_UNLOCK(sb); 1801 SOCKBUF_UNLOCK_ASSERT(sb); 1802 1803 if (__predict_false(toep->flags & TPF_FIN_SENT)) 1804 panic("%s: excess tx.", __func__); 1805 1806 wr = alloc_wrqe(roundup2(wr_len, 16), toep->ofld_txq); 1807 if (wr == NULL) { 1808 /* XXX: how will we recover from this? */ 1809 toep->flags |= TPF_TX_SUSPENDED; 1810 return; 1811 } 1812 1813 thdr = (struct tls_hdr *)m->m_ext.ext_pgs->hdr; 1814 #ifdef VERBOSE_TRACES 1815 CTR5(KTR_CXGBE, "%s: tid %d TLS record %ju type %d len %#x", 1816 __func__, toep->tid, m->m_ext.ext_pgs->seqno, thdr->type, 1817 m->m_len); 1818 #endif 1819 txwr = wrtod(wr); 1820 cpl = (struct cpl_tx_tls_sfo *)(txwr + 1); 1821 memset(txwr, 0, roundup2(wr_len, 16)); 1822 credits = howmany(wr_len, 16); 1823 expn_size = m->m_ext.ext_pgs->hdr_len + 1824 m->m_ext.ext_pgs->trail_len; 1825 tls_size = m->m_len - expn_size; 1826 write_tlstx_wr(txwr, toep, 0, 1827 tls_size, expn_size, 1, credits, shove, 1); 1828 toep->tls.tx_seq_no = m->m_ext.ext_pgs->seqno; 1829 write_tlstx_cpl(cpl, toep, thdr, tls_size, 1); 1830 tls_copy_tx_key(toep, cpl + 1); 1831 1832 /* Copy IV. */ 1833 buf = (char *)(cpl + 1) + key_size(toep); 1834 memcpy(buf, thdr + 1, toep->tls.iv_len); 1835 buf += AES_BLOCK_LEN; 1836 1837 write_ktlstx_sgl(buf, m->m_ext.ext_pgs, nsegs); 1838 1839 KASSERT(toep->tx_credits >= credits, 1840 ("%s: not enough credits", __func__)); 1841 1842 toep->tx_credits -= credits; 1843 1844 tp->snd_nxt += m->m_len; 1845 tp->snd_max += m->m_len; 1846 1847 SOCKBUF_LOCK(sb); 1848 sb->sb_sndptr = m; 1849 SOCKBUF_UNLOCK(sb); 1850 1851 toep->flags |= TPF_TX_DATA_SENT; 1852 if (toep->tx_credits < MIN_OFLD_TLSTX_CREDITS(toep)) 1853 toep->flags |= TPF_TX_SUSPENDED; 1854 1855 KASSERT(toep->txsd_avail > 0, ("%s: no txsd", __func__)); 1856 txsd->plen = m->m_len; 1857 txsd->tx_credits = credits; 1858 txsd++; 1859 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) { 1860 toep->txsd_pidx = 0; 1861 txsd = &toep->txsd[0]; 1862 } 1863 toep->txsd_avail--; 1864 1865 atomic_add_long(&toep->vi->pi->tx_toe_tls_records, 1); 1866 atomic_add_long(&toep->vi->pi->tx_toe_tls_octets, m->m_len); 1867 1868 t4_l2t_send(sc, wr, toep->l2te); 1869 } 1870 } 1871 #endif 1872 1873 /* 1874 * For TLS data we place received mbufs received via CPL_TLS_DATA into 1875 * an mbufq in the TLS offload state. When CPL_RX_TLS_CMP is 1876 * received, the completed PDUs are placed into the socket receive 1877 * buffer. 1878 * 1879 * The TLS code reuses the ulp_pdu_reclaimq to hold the pending mbufs. 1880 */ 1881 static int 1882 do_tls_data(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m) 1883 { 1884 struct adapter *sc = iq->adapter; 1885 const struct cpl_tls_data *cpl = mtod(m, const void *); 1886 unsigned int tid = GET_TID(cpl); 1887 struct toepcb *toep = lookup_tid(sc, tid); 1888 struct inpcb *inp = toep->inp; 1889 struct tcpcb *tp; 1890 int len; 1891 1892 /* XXX: Should this match do_rx_data instead? */ 1893 KASSERT(!(toep->flags & TPF_SYNQE), 1894 ("%s: toep %p claims to be a synq entry", __func__, toep)); 1895 1896 KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__)); 1897 1898 /* strip off CPL header */ 1899 m_adj(m, sizeof(*cpl)); 1900 len = m->m_pkthdr.len; 1901 1902 atomic_add_long(&toep->vi->pi->rx_toe_tls_octets, len); 1903 1904 KASSERT(len == G_CPL_TLS_DATA_LENGTH(be32toh(cpl->length_pkd)), 1905 ("%s: payload length mismatch", __func__)); 1906 1907 INP_WLOCK(inp); 1908 if (inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT)) { 1909 CTR4(KTR_CXGBE, "%s: tid %u, rx (%d bytes), inp_flags 0x%x", 1910 __func__, tid, len, inp->inp_flags); 1911 INP_WUNLOCK(inp); 1912 m_freem(m); 1913 return (0); 1914 } 1915 1916 /* Save TCP sequence number. */ 1917 m->m_pkthdr.tls_tcp_seq = be32toh(cpl->seq); 1918 1919 if (mbufq_enqueue(&toep->ulp_pdu_reclaimq, m)) { 1920 #ifdef INVARIANTS 1921 panic("Failed to queue TLS data packet"); 1922 #else 1923 printf("%s: Failed to queue TLS data packet\n", __func__); 1924 INP_WUNLOCK(inp); 1925 m_freem(m); 1926 return (0); 1927 #endif 1928 } 1929 1930 tp = intotcpcb(inp); 1931 tp->t_rcvtime = ticks; 1932 1933 #ifdef VERBOSE_TRACES 1934 CTR4(KTR_CXGBE, "%s: tid %u len %d seq %u", __func__, tid, len, 1935 be32toh(cpl->seq)); 1936 #endif 1937 1938 INP_WUNLOCK(inp); 1939 return (0); 1940 } 1941 1942 static int 1943 do_rx_tls_cmp(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m) 1944 { 1945 struct adapter *sc = iq->adapter; 1946 const struct cpl_rx_tls_cmp *cpl = mtod(m, const void *); 1947 struct tlsrx_hdr_pkt *tls_hdr_pkt; 1948 unsigned int tid = GET_TID(cpl); 1949 struct toepcb *toep = lookup_tid(sc, tid); 1950 struct inpcb *inp = toep->inp; 1951 struct tcpcb *tp; 1952 struct socket *so; 1953 struct sockbuf *sb; 1954 struct mbuf *tls_data; 1955 int len, pdu_length, rx_credits; 1956 1957 KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__)); 1958 KASSERT(!(toep->flags & TPF_SYNQE), 1959 ("%s: toep %p claims to be a synq entry", __func__, toep)); 1960 1961 /* strip off CPL header */ 1962 m_adj(m, sizeof(*cpl)); 1963 len = m->m_pkthdr.len; 1964 1965 atomic_add_long(&toep->vi->pi->rx_toe_tls_records, 1); 1966 1967 KASSERT(len == G_CPL_RX_TLS_CMP_LENGTH(be32toh(cpl->pdulength_length)), 1968 ("%s: payload length mismatch", __func__)); 1969 1970 INP_WLOCK(inp); 1971 if (inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT)) { 1972 CTR4(KTR_CXGBE, "%s: tid %u, rx (%d bytes), inp_flags 0x%x", 1973 __func__, tid, len, inp->inp_flags); 1974 INP_WUNLOCK(inp); 1975 m_freem(m); 1976 return (0); 1977 } 1978 1979 pdu_length = G_CPL_RX_TLS_CMP_PDULENGTH(be32toh(cpl->pdulength_length)); 1980 1981 tp = intotcpcb(inp); 1982 1983 #ifdef VERBOSE_TRACES 1984 CTR6(KTR_CXGBE, "%s: tid %u PDU len %d len %d seq %u, rcv_nxt %u", 1985 __func__, tid, pdu_length, len, be32toh(cpl->seq), tp->rcv_nxt); 1986 #endif 1987 1988 tp->rcv_nxt += pdu_length; 1989 if (tp->rcv_wnd < pdu_length) { 1990 toep->tls.rcv_over += pdu_length - tp->rcv_wnd; 1991 tp->rcv_wnd = 0; 1992 } else 1993 tp->rcv_wnd -= pdu_length; 1994 1995 /* XXX: Not sure what to do about urgent data. */ 1996 1997 /* 1998 * The payload of this CPL is the TLS header followed by 1999 * additional fields. 2000 */ 2001 KASSERT(m->m_len >= sizeof(*tls_hdr_pkt), 2002 ("%s: payload too small", __func__)); 2003 tls_hdr_pkt = mtod(m, void *); 2004 2005 /* 2006 * Only the TLS header is sent to OpenSSL, so report errors by 2007 * altering the record type. 2008 */ 2009 if ((tls_hdr_pkt->res_to_mac_error & M_TLSRX_HDR_PKT_ERROR) != 0) 2010 tls_hdr_pkt->type = CONTENT_TYPE_ERROR; 2011 2012 /* Trim this CPL's mbuf to only include the TLS header. */ 2013 KASSERT(m->m_len == len && m->m_next == NULL, 2014 ("%s: CPL spans multiple mbufs", __func__)); 2015 m->m_len = TLS_HEADER_LENGTH; 2016 m->m_pkthdr.len = TLS_HEADER_LENGTH; 2017 2018 tls_data = mbufq_dequeue(&toep->ulp_pdu_reclaimq); 2019 if (tls_data != NULL) { 2020 KASSERT(be32toh(cpl->seq) == tls_data->m_pkthdr.tls_tcp_seq, 2021 ("%s: sequence mismatch", __func__)); 2022 2023 /* 2024 * Update the TLS header length to be the length of 2025 * the payload data. 2026 */ 2027 tls_hdr_pkt->length = htobe16(tls_data->m_pkthdr.len); 2028 2029 m->m_next = tls_data; 2030 m->m_pkthdr.len += tls_data->m_len; 2031 } 2032 2033 so = inp_inpcbtosocket(inp); 2034 sb = &so->so_rcv; 2035 SOCKBUF_LOCK(sb); 2036 2037 if (__predict_false(sb->sb_state & SBS_CANTRCVMORE)) { 2038 struct epoch_tracker et; 2039 2040 CTR3(KTR_CXGBE, "%s: tid %u, excess rx (%d bytes)", 2041 __func__, tid, pdu_length); 2042 m_freem(m); 2043 SOCKBUF_UNLOCK(sb); 2044 INP_WUNLOCK(inp); 2045 2046 CURVNET_SET(toep->vnet); 2047 NET_EPOCH_ENTER(et); 2048 INP_WLOCK(inp); 2049 tp = tcp_drop(tp, ECONNRESET); 2050 if (tp) 2051 INP_WUNLOCK(inp); 2052 NET_EPOCH_EXIT(et); 2053 CURVNET_RESTORE(); 2054 2055 return (0); 2056 } 2057 2058 /* 2059 * Not all of the bytes on the wire are included in the socket buffer 2060 * (e.g. the MAC of the TLS record). However, those bytes are included 2061 * in the TCP sequence space. 2062 */ 2063 2064 /* receive buffer autosize */ 2065 MPASS(toep->vnet == so->so_vnet); 2066 CURVNET_SET(toep->vnet); 2067 if (sb->sb_flags & SB_AUTOSIZE && 2068 V_tcp_do_autorcvbuf && 2069 sb->sb_hiwat < V_tcp_autorcvbuf_max && 2070 m->m_pkthdr.len > (sbspace(sb) / 8 * 7)) { 2071 unsigned int hiwat = sb->sb_hiwat; 2072 unsigned int newsize = min(hiwat + sc->tt.autorcvbuf_inc, 2073 V_tcp_autorcvbuf_max); 2074 2075 if (!sbreserve_locked(sb, newsize, so, NULL)) 2076 sb->sb_flags &= ~SB_AUTOSIZE; 2077 } 2078 2079 sbappendstream_locked(sb, m, 0); 2080 rx_credits = sbspace(sb) > tp->rcv_wnd ? sbspace(sb) - tp->rcv_wnd : 0; 2081 #ifdef VERBOSE_TRACES 2082 CTR4(KTR_CXGBE, "%s: tid %u rx_credits %u rcv_wnd %u", 2083 __func__, tid, rx_credits, tp->rcv_wnd); 2084 #endif 2085 if (rx_credits > 0 && sbused(sb) + tp->rcv_wnd < sb->sb_lowat) { 2086 rx_credits = send_rx_credits(sc, toep, rx_credits); 2087 tp->rcv_wnd += rx_credits; 2088 tp->rcv_adv += rx_credits; 2089 } 2090 2091 sorwakeup_locked(so); 2092 SOCKBUF_UNLOCK_ASSERT(sb); 2093 2094 INP_WUNLOCK(inp); 2095 CURVNET_RESTORE(); 2096 return (0); 2097 } 2098 2099 void 2100 t4_tls_mod_load(void) 2101 { 2102 2103 mtx_init(&tls_handshake_lock, "t4tls handshake", NULL, MTX_DEF); 2104 t4_register_cpl_handler(CPL_TLS_DATA, do_tls_data); 2105 t4_register_cpl_handler(CPL_RX_TLS_CMP, do_rx_tls_cmp); 2106 } 2107 2108 void 2109 t4_tls_mod_unload(void) 2110 { 2111 2112 t4_register_cpl_handler(CPL_TLS_DATA, NULL); 2113 t4_register_cpl_handler(CPL_RX_TLS_CMP, NULL); 2114 mtx_destroy(&tls_handshake_lock); 2115 } 2116 #endif /* TCP_OFFLOAD */ 2117