1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2014-2019 Netflix Inc. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 * 27 * $FreeBSD$ 28 */ 29 #ifndef _SYS_KTLS_H_ 30 #define _SYS_KTLS_H_ 31 32 #ifdef _KERNEL 33 #include <sys/refcount.h> 34 #include <sys/_task.h> 35 #endif 36 37 struct tls_record_layer { 38 uint8_t tls_type; 39 uint8_t tls_vmajor; 40 uint8_t tls_vminor; 41 uint16_t tls_length; 42 uint8_t tls_data[0]; 43 } __attribute__ ((packed)); 44 45 #define TLS_MAX_MSG_SIZE_V10_2 16384 46 #define TLS_MAX_PARAM_SIZE 1024 /* Max key/mac/iv in sockopt */ 47 #define TLS_AEAD_GCM_LEN 4 48 #define TLS_1_3_GCM_IV_LEN 12 49 #define TLS_CHACHA20_IV_LEN 12 50 #define TLS_CBC_IMPLICIT_IV_LEN 16 51 52 /* Type values for the record layer */ 53 #define TLS_RLTYPE_ALERT 21 54 #define TLS_RLTYPE_HANDSHAKE 22 55 #define TLS_RLTYPE_APP 23 56 57 /* 58 * Nonce for GCM for TLS 1.2 per RFC 5288. 59 */ 60 struct tls_nonce_data { 61 uint8_t fixed[TLS_AEAD_GCM_LEN]; 62 uint64_t seq; 63 } __packed; 64 65 /* 66 * AEAD additional data format for TLS 1.2 per RFC 5246. 67 */ 68 struct tls_aead_data { 69 uint64_t seq; /* In network order */ 70 uint8_t type; 71 uint8_t tls_vmajor; 72 uint8_t tls_vminor; 73 uint16_t tls_length; 74 } __packed; 75 76 /* 77 * AEAD additional data format for TLS 1.3 per RFC 8446. 78 */ 79 struct tls_aead_data_13 { 80 uint8_t type; 81 uint8_t tls_vmajor; 82 uint8_t tls_vminor; 83 uint16_t tls_length; 84 } __packed; 85 86 /* 87 * Stream Cipher MAC additional data input. This does not match the 88 * exact data on the wire (the sequence number is not placed on the 89 * wire, and any explicit IV after the record header is not covered by 90 * the MAC). 91 */ 92 struct tls_mac_data { 93 uint64_t seq; 94 uint8_t type; 95 uint8_t tls_vmajor; 96 uint8_t tls_vminor; 97 uint16_t tls_length; 98 } __packed; 99 100 #define TLS_MAJOR_VER_ONE 3 101 #define TLS_MINOR_VER_ZERO 1 /* 3, 1 */ 102 #define TLS_MINOR_VER_ONE 2 /* 3, 2 */ 103 #define TLS_MINOR_VER_TWO 3 /* 3, 3 */ 104 #define TLS_MINOR_VER_THREE 4 /* 3, 4 */ 105 106 /* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */ 107 #ifdef _KERNEL 108 struct tls_enable_v0 { 109 const uint8_t *cipher_key; 110 const uint8_t *iv; /* Implicit IV. */ 111 const uint8_t *auth_key; 112 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */ 113 int cipher_key_len; 114 int iv_len; 115 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */ 116 int auth_key_len; 117 int flags; 118 uint8_t tls_vmajor; 119 uint8_t tls_vminor; 120 }; 121 #endif 122 123 struct tls_enable { 124 const uint8_t *cipher_key; 125 const uint8_t *iv; /* Implicit IV. */ 126 const uint8_t *auth_key; 127 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */ 128 int cipher_key_len; 129 int iv_len; 130 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */ 131 int auth_key_len; 132 int flags; 133 uint8_t tls_vmajor; 134 uint8_t tls_vminor; 135 uint8_t rec_seq[8]; 136 }; 137 138 /* Structure for TLS_GET_RECORD. */ 139 struct tls_get_record { 140 /* TLS record header. */ 141 uint8_t tls_type; 142 uint8_t tls_vmajor; 143 uint8_t tls_vminor; 144 uint16_t tls_length; 145 }; 146 147 #ifdef _KERNEL 148 149 struct tls_session_params { 150 uint8_t *cipher_key; 151 uint8_t *auth_key; 152 uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN]; 153 int cipher_algorithm; 154 int auth_algorithm; 155 uint16_t cipher_key_len; 156 uint16_t iv_len; 157 uint16_t auth_key_len; 158 uint16_t max_frame_len; 159 uint8_t tls_vmajor; 160 uint8_t tls_vminor; 161 uint8_t tls_hlen; 162 uint8_t tls_tlen; 163 uint8_t tls_bs; 164 uint8_t flags; 165 }; 166 167 /* Used in APIs to request RX vs TX sessions. */ 168 #define KTLS_TX 1 169 #define KTLS_RX 2 170 171 struct iovec; 172 struct ktls_ocf_encrypt_state; 173 struct ktls_ocf_session; 174 struct ktls_session; 175 struct m_snd_tag; 176 struct mbuf; 177 struct sockbuf; 178 struct socket; 179 180 struct ktls_session { 181 struct ktls_ocf_session *ocf_session; 182 struct m_snd_tag *snd_tag; 183 struct tls_session_params params; 184 u_int wq_index; 185 volatile u_int refcount; 186 int mode; 187 188 struct task reset_tag_task; 189 struct task disable_ifnet_task; 190 union { 191 struct inpcb *inp; /* Used by transmit tasks. */ 192 struct socket *so; /* Used by receive task. */ 193 }; 194 struct ifnet *rx_ifp; 195 u_short rx_vlan_id; 196 bool reset_pending; 197 bool tx; 198 bool sync_dispatch; 199 bool sequential_records; 200 201 /* Only used for TLS 1.0. */ 202 uint64_t next_seqno; 203 STAILQ_HEAD(, mbuf) pending_records; 204 205 /* Used to destroy any kTLS session */ 206 struct task destroy_task; 207 } __aligned(CACHE_LINE_SIZE); 208 209 extern unsigned int ktls_ifnet_max_rexmit_pct; 210 211 typedef enum { 212 KTLS_MBUF_CRYPTO_ST_MIXED = 0, 213 KTLS_MBUF_CRYPTO_ST_ENCRYPTED = 1, 214 KTLS_MBUF_CRYPTO_ST_DECRYPTED = -1, 215 } ktls_mbuf_crypto_st_t; 216 217 void ktls_check_rx(struct sockbuf *sb); 218 ktls_mbuf_crypto_st_t ktls_mbuf_crypto_state(struct mbuf *mb, int offset, int len); 219 void ktls_disable_ifnet(void *arg); 220 int ktls_enable_rx(struct socket *so, struct tls_enable *en); 221 int ktls_enable_tx(struct socket *so, struct tls_enable *en); 222 void ktls_destroy(struct ktls_session *tls); 223 void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt, 224 uint8_t record_type); 225 bool ktls_permit_empty_frames(struct ktls_session *tls); 226 void ktls_seq(struct sockbuf *sb, struct mbuf *m); 227 void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count); 228 void ktls_enqueue_to_free(struct mbuf *m); 229 int ktls_get_rx_mode(struct socket *so, int *modep); 230 int ktls_set_tx_mode(struct socket *so, int mode); 231 int ktls_get_tx_mode(struct socket *so, int *modep); 232 int ktls_get_rx_sequence(struct inpcb *inp, uint32_t *tcpseq, uint64_t *tlsseq); 233 void ktls_input_ifp_mismatch(struct sockbuf *sb, struct ifnet *ifp); 234 int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls); 235 #ifdef RATELIMIT 236 int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate); 237 #endif 238 bool ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp); 239 240 static inline struct ktls_session * 241 ktls_hold(struct ktls_session *tls) 242 { 243 244 if (tls != NULL) 245 refcount_acquire(&tls->refcount); 246 return (tls); 247 } 248 249 static inline void 250 ktls_free(struct ktls_session *tls) 251 { 252 253 if (refcount_release(&tls->refcount)) 254 ktls_destroy(tls); 255 } 256 257 #endif /* !_KERNEL */ 258 #endif /* !_SYS_KTLS_H_ */ 259