1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2014-2019 Netflix Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 *
27 * $FreeBSD$
28 */
29 #ifndef _SYS_KTLS_H_
30 #define _SYS_KTLS_H_
31
32 #include <sys/refcount.h>
33 #include <sys/_task.h>
34
35 struct tls_record_layer {
36 uint8_t tls_type;
37 uint8_t tls_vmajor;
38 uint8_t tls_vminor;
39 uint16_t tls_length;
40 uint8_t tls_data[0];
41 } __attribute__ ((packed));
42
43 #define TLS_MAX_MSG_SIZE_V10_2 16384
44 #define TLS_MAX_PARAM_SIZE 1024 /* Max key/mac/iv in sockopt */
45 #define TLS_AEAD_GCM_LEN 4
46 #define TLS_1_3_GCM_IV_LEN 12
47 #define TLS_CBC_IMPLICIT_IV_LEN 16
48
49 /* Type values for the record layer */
50 #define TLS_RLTYPE_APP 23
51
52 /*
53 * Nonce for GCM for TLS 1.2 per RFC 5288.
54 */
55 struct tls_nonce_data {
56 uint8_t fixed[TLS_AEAD_GCM_LEN];
57 uint64_t seq;
58 } __packed;
59
60 /*
61 * AEAD additional data format for TLS 1.2 per RFC 5246.
62 */
63 struct tls_aead_data {
64 uint64_t seq; /* In network order */
65 uint8_t type;
66 uint8_t tls_vmajor;
67 uint8_t tls_vminor;
68 uint16_t tls_length;
69 } __packed;
70
71 /*
72 * AEAD additional data format for TLS 1.3 per RFC 8446.
73 */
74 struct tls_aead_data_13 {
75 uint8_t type;
76 uint8_t tls_vmajor;
77 uint8_t tls_vminor;
78 uint16_t tls_length;
79 } __packed;
80
81 /*
82 * Stream Cipher MAC additional data input. This does not match the
83 * exact data on the wire (the sequence number is not placed on the
84 * wire, and any explicit IV after the record header is not covered by
85 * the MAC).
86 */
87 struct tls_mac_data {
88 uint64_t seq;
89 uint8_t type;
90 uint8_t tls_vmajor;
91 uint8_t tls_vminor;
92 uint16_t tls_length;
93 } __packed;
94
95 #define TLS_MAJOR_VER_ONE 3
96 #define TLS_MINOR_VER_ZERO 1 /* 3, 1 */
97 #define TLS_MINOR_VER_ONE 2 /* 3, 2 */
98 #define TLS_MINOR_VER_TWO 3 /* 3, 3 */
99 #define TLS_MINOR_VER_THREE 4 /* 3, 4 */
100
101 /* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */
102 #ifdef _KERNEL
103 struct tls_enable_v0 {
104 const uint8_t *cipher_key;
105 const uint8_t *iv; /* Implicit IV. */
106 const uint8_t *auth_key;
107 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
108 int cipher_key_len;
109 int iv_len;
110 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
111 int auth_key_len;
112 int flags;
113 uint8_t tls_vmajor;
114 uint8_t tls_vminor;
115 };
116 #endif
117
118 struct tls_enable {
119 const uint8_t *cipher_key;
120 const uint8_t *iv; /* Implicit IV. */
121 const uint8_t *auth_key;
122 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
123 int cipher_key_len;
124 int iv_len;
125 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
126 int auth_key_len;
127 int flags;
128 uint8_t tls_vmajor;
129 uint8_t tls_vminor;
130 uint8_t rec_seq[8];
131 };
132
133 /* Structure for TLS_GET_RECORD. */
134 struct tls_get_record {
135 /* TLS record header. */
136 uint8_t tls_type;
137 uint8_t tls_vmajor;
138 uint8_t tls_vminor;
139 uint16_t tls_length;
140 };
141
142 #ifdef _KERNEL
143
144 struct tls_session_params {
145 uint8_t *cipher_key;
146 uint8_t *auth_key;
147 uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN];
148 int cipher_algorithm;
149 int auth_algorithm;
150 uint16_t cipher_key_len;
151 uint16_t iv_len;
152 uint16_t auth_key_len;
153 uint16_t max_frame_len;
154 uint8_t tls_vmajor;
155 uint8_t tls_vminor;
156 uint8_t tls_hlen;
157 uint8_t tls_tlen;
158 uint8_t tls_bs;
159 uint8_t flags;
160 };
161
162 /* Used in APIs to request RX vs TX sessions. */
163 #define KTLS_TX 1
164 #define KTLS_RX 2
165
166 #define KTLS_API_VERSION 7
167
168 struct iovec;
169 struct ktls_session;
170 struct m_snd_tag;
171 struct mbuf;
172 struct sockbuf;
173 struct socket;
174
175 struct ktls_crypto_backend {
176 LIST_ENTRY(ktls_crypto_backend) next;
177 int (*try)(struct socket *so, struct ktls_session *tls, int direction);
178 int prio;
179 int api_version;
180 int use_count;
181 const char *name;
182 };
183
184 struct ktls_session {
185 union {
186 int (*sw_encrypt)(struct ktls_session *tls,
187 const struct tls_record_layer *hdr, uint8_t *trailer,
188 struct iovec *src, struct iovec *dst, int iovcnt,
189 uint64_t seqno, uint8_t record_type);
190 int (*sw_decrypt)(struct ktls_session *tls,
191 const struct tls_record_layer *hdr, struct mbuf *m,
192 uint64_t seqno, int *trailer_len);
193 };
194 union {
195 void *cipher;
196 struct m_snd_tag *snd_tag;
197 };
198 struct ktls_crypto_backend *be;
199 void (*free)(struct ktls_session *tls);
200 struct tls_session_params params;
201 u_int wq_index;
202 volatile u_int refcount;
203 int mode;
204
205 struct task reset_tag_task;
206 struct inpcb *inp;
207 bool reset_pending;
208 } __aligned(CACHE_LINE_SIZE);
209
210 void ktls_check_rx(struct sockbuf *sb);
211 int ktls_crypto_backend_register(struct ktls_crypto_backend *be);
212 int ktls_crypto_backend_deregister(struct ktls_crypto_backend *be);
213 int ktls_enable_rx(struct socket *so, struct tls_enable *en);
214 int ktls_enable_tx(struct socket *so, struct tls_enable *en);
215 void ktls_destroy(struct ktls_session *tls);
216 void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt,
217 uint8_t record_type);
218 void ktls_seq(struct sockbuf *sb, struct mbuf *m);
219 void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count);
220 void ktls_enqueue_to_free(struct mbuf *m);
221 int ktls_get_rx_mode(struct socket *so);
222 int ktls_set_tx_mode(struct socket *so, int mode);
223 int ktls_get_tx_mode(struct socket *so);
224 int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls);
225 #ifdef RATELIMIT
226 int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate);
227 #endif
228
229 static inline struct ktls_session *
ktls_hold(struct ktls_session * tls)230 ktls_hold(struct ktls_session *tls)
231 {
232
233 if (tls != NULL)
234 refcount_acquire(&tls->refcount);
235 return (tls);
236 }
237
238 static inline void
ktls_free(struct ktls_session * tls)239 ktls_free(struct ktls_session *tls)
240 {
241
242 if (refcount_release(&tls->refcount))
243 ktls_destroy(tls);
244 }
245
246 #endif /* !_KERNEL */
247 #endif /* !_SYS_KTLS_H_ */
248