2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2017-2018 Chelsio Communications, Inc.
6 * Written by: John Baldwin <jhb@FreeBSD.org>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include "opt_kern_tls.h"
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <sys/param.h>
41 #include <sys/sglist.h>
42 #include <sys/socket.h>
43 #include <sys/socketvar.h>
44 #include <sys/systm.h>
45 #include <netinet/in.h>
46 #include <netinet/in_pcb.h>
47 #include <netinet/tcp_var.h>
48 #include <netinet/toecore.h>
50 #include <opencrypto/cryptodev.h>
51 #include <opencrypto/xform.h>
55 #include "common/common.h"
56 #include "common/t4_tcb.h"
57 #include "crypto/t4_crypto.h"
58 #include "tom/t4_tom_l2t.h"
59 #include "tom/t4_tom.h"
62 * The TCP sequence number of a CPL_TLS_DATA mbuf is saved here while
63 * the mbuf is in the ulp_pdu_reclaimq.
65 #define tls_tcp_seq PH_loc.thirtytwo[0]
68 * Handshake lock used for the handshake timer. Having a global lock
69 * is perhaps not ideal, but it avoids having to use callout_drain()
70 * in tls_uninit_toep() which can't block. Also, the timer shouldn't
71 * actually fire for most connections.
73 static struct mtx tls_handshake_lock;
76 t4_set_tls_tcb_field(struct toepcb *toep, uint16_t word, uint64_t mask,
79 struct adapter *sc = td_adapter(toep->td);
81 t4_set_tcb_field(sc, toep->ofld_txq, toep, word, mask, val, 0, 0);
84 /* TLS and DTLS common routines */
86 can_tls_offload(struct adapter *sc)
89 return (sc->tt.tls && sc->cryptocaps & FW_CAPS_CONFIG_TLSKEYS);
93 tls_tx_key(struct toepcb *toep)
95 struct tls_ofld_info *tls_ofld = &toep->tls;
97 return (tls_ofld->tx_key_addr >= 0);
101 tls_rx_key(struct toepcb *toep)
103 struct tls_ofld_info *tls_ofld = &toep->tls;
105 return (tls_ofld->rx_key_addr >= 0);
109 key_size(struct toepcb *toep)
111 struct tls_ofld_info *tls_ofld = &toep->tls;
113 return ((tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) ?
114 tls_ofld->k_ctx.tx_key_info_size : KEY_IN_DDR_SIZE);
117 /* Set TLS Key-Id in TCB */
119 t4_set_tls_keyid(struct toepcb *toep, unsigned int key_id)
122 t4_set_tls_tcb_field(toep, W_TCB_RX_TLS_KEY_TAG,
123 V_TCB_RX_TLS_KEY_TAG(M_TCB_RX_TLS_BUF_TAG),
124 V_TCB_RX_TLS_KEY_TAG(key_id));
127 /* Clear TF_RX_QUIESCE to re-enable receive. */
129 t4_clear_rx_quiesce(struct toepcb *toep)
132 t4_set_tls_tcb_field(toep, W_TCB_T_FLAGS, V_TF_RX_QUIESCE(1), 0);
136 tls_clr_ofld_mode(struct toepcb *toep)
139 tls_stop_handshake_timer(toep);
141 /* Operate in PDU extraction mode only. */
142 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW,
143 V_TCB_ULP_RAW(M_TCB_ULP_RAW),
144 V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1)));
145 t4_clear_rx_quiesce(toep);
149 tls_clr_quiesce(struct toepcb *toep)
152 tls_stop_handshake_timer(toep);
153 t4_clear_rx_quiesce(toep);
157 * Calculate the TLS data expansion size
160 tls_expansion_size(struct toepcb *toep, int data_len, int full_pdus_only,
161 unsigned short *pdus_per_ulp)
163 struct tls_ofld_info *tls_ofld = &toep->tls;
164 struct tls_scmd *scmd = &tls_ofld->scmd0;
165 int expn_size = 0, frag_count = 0, pad_per_pdu = 0,
166 pad_last_pdu = 0, last_frag_size = 0, max_frag_size = 0;
168 int hdr_len = TLS_HEADER_LENGTH;
171 max_frag_size = tls_ofld->k_ctx.frag_size;
172 if (G_SCMD_CIPH_MODE(scmd->seqno_numivs) ==
173 SCMD_CIPH_MODE_AES_GCM) {
174 frag_count = (data_len / max_frag_size);
175 exp_per_pdu = GCM_TAG_SIZE + AEAD_EXPLICIT_DATA_SIZE +
177 expn_size = frag_count * exp_per_pdu;
178 if (full_pdus_only) {
179 *pdus_per_ulp = data_len / (exp_per_pdu +
181 if (*pdus_per_ulp > 32)
183 else if(!*pdus_per_ulp)
185 expn_size = (*pdus_per_ulp) * exp_per_pdu;
188 if ((last_frag_size = data_len % max_frag_size) > 0) {
190 expn_size += exp_per_pdu;
193 } else if (G_SCMD_CIPH_MODE(scmd->seqno_numivs) !=
194 SCMD_CIPH_MODE_NOP) {
195 /* Calculate the number of fragments we can make */
196 frag_count = (data_len / max_frag_size);
197 if (frag_count > 0) {
198 pad_per_pdu = (((howmany((max_frag_size +
199 tls_ofld->mac_length),
200 CIPHER_BLOCK_SIZE)) *
203 tls_ofld->mac_length));
205 pad_per_pdu = CIPHER_BLOCK_SIZE;
206 exp_per_pdu = pad_per_pdu +
207 tls_ofld->mac_length +
208 hdr_len + CIPHER_BLOCK_SIZE;
209 expn_size = frag_count * exp_per_pdu;
211 if (full_pdus_only) {
212 *pdus_per_ulp = data_len / (exp_per_pdu +
214 if (*pdus_per_ulp > 32)
216 else if (!*pdus_per_ulp)
218 expn_size = (*pdus_per_ulp) * exp_per_pdu;
221 /* Consider the last fragment */
222 if ((last_frag_size = data_len % max_frag_size) > 0) {
223 pad_last_pdu = (((howmany((last_frag_size +
224 tls_ofld->mac_length),
225 CIPHER_BLOCK_SIZE)) *
228 tls_ofld->mac_length));
230 pad_last_pdu = CIPHER_BLOCK_SIZE;
231 expn_size += (pad_last_pdu +
232 tls_ofld->mac_length + hdr_len +
243 tls_copy_tx_key(struct toepcb *toep, void *dst)
245 struct tls_ofld_info *tls_ofld = &toep->tls;
246 struct ulptx_sc_memrd *sc_memrd;
247 struct ulptx_idata *sc;
249 if (tls_ofld->k_ctx.tx_key_info_size <= 0)
252 if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_DDR) {
254 sc->cmd_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_NOOP));
255 sc->len = htobe32(0);
256 sc_memrd = (struct ulptx_sc_memrd *)(sc + 1);
257 sc_memrd->cmd_to_len = htobe32(V_ULPTX_CMD(ULP_TX_SC_MEMRD) |
258 V_ULP_TX_SC_MORE(1) |
259 V_ULPTX_LEN16(tls_ofld->k_ctx.tx_key_info_size >> 4));
260 sc_memrd->addr = htobe32(tls_ofld->tx_key_addr >> 5);
261 } else if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE) {
262 memcpy(dst, &tls_ofld->k_ctx.tx,
263 tls_ofld->k_ctx.tx_key_info_size);
267 /* TLS/DTLS content type for CPL SFO */
268 static inline unsigned char
269 tls_content_type(unsigned char content_type)
272 * XXX: Shouldn't this map CONTENT_TYPE_APP_DATA to DATA and
273 * default to "CUSTOM" for all other types including
276 switch (content_type) {
277 case CONTENT_TYPE_CCS:
278 return CPL_TX_TLS_SFO_TYPE_CCS;
279 case CONTENT_TYPE_ALERT:
280 return CPL_TX_TLS_SFO_TYPE_ALERT;
281 case CONTENT_TYPE_HANDSHAKE:
282 return CPL_TX_TLS_SFO_TYPE_HANDSHAKE;
283 case CONTENT_TYPE_HEARTBEAT:
284 return CPL_TX_TLS_SFO_TYPE_HEARTBEAT;
286 return CPL_TX_TLS_SFO_TYPE_DATA;
290 get_cipher_key_size(unsigned int ck_size)
293 case AES_NOP: /* NOP */
295 case AES_128: /* AES128 */
296 return CH_CK_SIZE_128;
297 case AES_192: /* AES192 */
298 return CH_CK_SIZE_192;
299 case AES_256: /* AES256 */
300 return CH_CK_SIZE_256;
302 return CH_CK_SIZE_256;
307 get_mac_key_size(unsigned int mk_size)
310 case SHA_NOP: /* NOP */
311 return CH_MK_SIZE_128;
312 case SHA_GHASH: /* GHASH */
313 case SHA_512: /* SHA512 */
314 return CH_MK_SIZE_512;
315 case SHA_224: /* SHA2-224 */
316 return CH_MK_SIZE_192;
317 case SHA_256: /* SHA2-256*/
318 return CH_MK_SIZE_256;
319 case SHA_384: /* SHA384 */
320 return CH_MK_SIZE_512;
321 case SHA1: /* SHA1 */
323 return CH_MK_SIZE_160;
328 get_proto_ver(int proto_ver)
332 return TLS_1_2_VERSION;
334 return TLS_1_1_VERSION;
335 case DTLS1_2_VERSION:
336 return DTLS_1_2_VERSION;
338 return TLS_VERSION_MAX;
343 tls_rxkey_flit1(struct tls_keyctx *kwr, struct tls_key_context *kctx)
346 if (kctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) {
347 kwr->u.rxhdr.ivinsert_to_authinsrt =
348 htobe64(V_TLS_KEYCTX_TX_WR_IVINSERT(6ULL) |
349 V_TLS_KEYCTX_TX_WR_AADSTRTOFST(1ULL) |
350 V_TLS_KEYCTX_TX_WR_AADSTOPOFST(5ULL) |
351 V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(14ULL) |
352 V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(16ULL) |
353 V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(14ULL) |
354 V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(0ULL) |
355 V_TLS_KEYCTX_TX_WR_AUTHINSRT(16ULL));
356 kwr->u.rxhdr.ivpresent_to_rxmk_size &=
357 ~(V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1));
358 kwr->u.rxhdr.authmode_to_rxvalid &=
359 ~(V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1));
361 kwr->u.rxhdr.ivinsert_to_authinsrt =
362 htobe64(V_TLS_KEYCTX_TX_WR_IVINSERT(6ULL) |
363 V_TLS_KEYCTX_TX_WR_AADSTRTOFST(1ULL) |
364 V_TLS_KEYCTX_TX_WR_AADSTOPOFST(5ULL) |
365 V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(22ULL) |
366 V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(0ULL) |
367 V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(22ULL) |
368 V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(0ULL) |
369 V_TLS_KEYCTX_TX_WR_AUTHINSRT(0ULL));
375 prepare_rxkey_wr(struct tls_keyctx *kwr, struct tls_key_context *kctx)
377 unsigned int ck_size = kctx->cipher_secret_size;
378 unsigned int mk_size = kctx->mac_secret_size;
379 int proto_ver = kctx->proto_ver;
381 kwr->u.rxhdr.flitcnt_hmacctrl =
382 ((kctx->rx_key_info_size >> 4) << 3) | kctx->hmac_ctrl;
384 kwr->u.rxhdr.protover_ciphmode =
385 V_TLS_KEYCTX_TX_WR_PROTOVER(get_proto_ver(proto_ver)) |
386 V_TLS_KEYCTX_TX_WR_CIPHMODE(kctx->state.enc_mode);
388 kwr->u.rxhdr.authmode_to_rxvalid =
389 V_TLS_KEYCTX_TX_WR_AUTHMODE(kctx->state.auth_mode) |
390 V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1) |
391 V_TLS_KEYCTX_TX_WR_SEQNUMCTRL(3) |
392 V_TLS_KEYCTX_TX_WR_RXVALID(1);
394 kwr->u.rxhdr.ivpresent_to_rxmk_size =
395 V_TLS_KEYCTX_TX_WR_IVPRESENT(0) |
396 V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1) |
397 V_TLS_KEYCTX_TX_WR_RXCK_SIZE(get_cipher_key_size(ck_size)) |
398 V_TLS_KEYCTX_TX_WR_RXMK_SIZE(get_mac_key_size(mk_size));
400 tls_rxkey_flit1(kwr, kctx);
402 /* No key reversal for GCM */
403 if (kctx->state.enc_mode != CH_EVP_CIPH_GCM_MODE) {
404 t4_aes_getdeckey(kwr->keys.edkey, kctx->rx.key,
405 (kctx->cipher_secret_size << 3));
406 memcpy(kwr->keys.edkey + kctx->cipher_secret_size,
407 kctx->rx.key + kctx->cipher_secret_size,
408 (IPAD_SIZE + OPAD_SIZE));
410 memcpy(kwr->keys.edkey, kctx->rx.key,
411 (kctx->rx_key_info_size - SALT_SIZE));
412 memcpy(kwr->u.rxhdr.rxsalt, kctx->rx.salt, SALT_SIZE);
418 prepare_txkey_wr(struct tls_keyctx *kwr, struct tls_key_context *kctx)
420 unsigned int ck_size = kctx->cipher_secret_size;
421 unsigned int mk_size = kctx->mac_secret_size;
423 kwr->u.txhdr.ctxlen =
424 (kctx->tx_key_info_size >> 4);
425 kwr->u.txhdr.dualck_to_txvalid =
426 V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1) |
427 V_TLS_KEYCTX_TX_WR_SALT_PRESENT(1) |
428 V_TLS_KEYCTX_TX_WR_TXCK_SIZE(get_cipher_key_size(ck_size)) |
429 V_TLS_KEYCTX_TX_WR_TXMK_SIZE(get_mac_key_size(mk_size)) |
430 V_TLS_KEYCTX_TX_WR_TXVALID(1);
432 memcpy(kwr->keys.edkey, kctx->tx.key, HDR_KCTX_SIZE);
433 if (kctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) {
434 memcpy(kwr->u.txhdr.txsalt, kctx->tx.salt, SALT_SIZE);
435 kwr->u.txhdr.dualck_to_txvalid &=
436 ~(V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1));
438 kwr->u.txhdr.dualck_to_txvalid = htons(kwr->u.txhdr.dualck_to_txvalid);
441 /* TLS Key memory management */
443 get_new_keyid(struct toepcb *toep)
445 struct adapter *sc = td_adapter(toep->td);
448 if (vmem_alloc(sc->key_map, TLS_KEY_CONTEXT_SZ, M_NOWAIT | M_FIRSTFIT,
456 free_keyid(struct toepcb *toep, int keyid)
458 struct adapter *sc = td_adapter(toep->td);
460 vmem_free(sc->key_map, keyid, TLS_KEY_CONTEXT_SZ);
464 clear_tls_keyid(struct toepcb *toep)
466 struct tls_ofld_info *tls_ofld = &toep->tls;
468 if (tls_ofld->rx_key_addr >= 0) {
469 free_keyid(toep, tls_ofld->rx_key_addr);
470 tls_ofld->rx_key_addr = -1;
472 if (tls_ofld->tx_key_addr >= 0) {
473 free_keyid(toep, tls_ofld->tx_key_addr);
474 tls_ofld->tx_key_addr = -1;
479 get_keyid(struct tls_ofld_info *tls_ofld, unsigned int ops)
481 return (ops & KEY_WRITE_RX ? tls_ofld->rx_key_addr :
482 ((ops & KEY_WRITE_TX) ? tls_ofld->tx_key_addr : -1));
486 get_tp_plen_max(struct tls_ofld_info *tls_ofld)
488 int plen = ((min(3*4096, TP_TX_PG_SZ))/1448) * 1448;
490 return (tls_ofld->k_ctx.frag_size <= 8192 ? plen : FC_TP_PLEN_MAX);
493 /* Send request to get the key-id */
495 tls_program_key_id(struct toepcb *toep, struct tls_key_context *k_ctx)
497 struct tls_ofld_info *tls_ofld = &toep->tls;
498 struct adapter *sc = td_adapter(toep->td);
499 struct ofld_tx_sdesc *txsd;
500 int kwrlen, kctxlen, keyid, len;
502 struct tls_key_req *kwr;
503 struct tls_keyctx *kctx;
505 kwrlen = sizeof(*kwr);
506 kctxlen = roundup2(sizeof(*kctx), 32);
507 len = roundup2(kwrlen + kctxlen, 16);
509 if (toep->txsd_avail == 0)
512 /* Dont initialize key for re-neg */
513 if (!G_KEY_CLR_LOC(k_ctx->l_p_key)) {
514 if ((keyid = get_new_keyid(toep)) < 0) {
518 keyid = get_keyid(tls_ofld, k_ctx->l_p_key);
521 wr = alloc_wrqe(len, toep->ofld_txq);
523 free_keyid(toep, keyid);
527 memset(kwr, 0, kwrlen);
529 kwr->wr_hi = htobe32(V_FW_WR_OP(FW_ULPTX_WR) | F_FW_WR_COMPL |
531 kwr->wr_mid = htobe32(V_FW_WR_LEN16(DIV_ROUND_UP(len, 16)) |
532 V_FW_WR_FLOWID(toep->tid));
533 kwr->protocol = get_proto_ver(k_ctx->proto_ver);
534 kwr->mfs = htons(k_ctx->frag_size);
535 kwr->reneg_to_write_rx = k_ctx->l_p_key;
538 kwr->cmd = htobe32(V_ULPTX_CMD(ULP_TX_MEM_WRITE) |
539 V_T5_ULP_MEMIO_ORDER(1) | V_T5_ULP_MEMIO_IMM(1));
540 kwr->dlen = htobe32(V_ULP_MEMIO_DATA_LEN(kctxlen >> 5));
541 kwr->len16 = htobe32((toep->tid << 8) |
542 DIV_ROUND_UP(len - sizeof(struct work_request_hdr), 16));
543 kwr->kaddr = htobe32(V_ULP_MEMIO_ADDR(keyid >> 5));
546 kwr->sc_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_IMM));
547 kwr->sc_len = htobe32(kctxlen);
549 kctx = (struct tls_keyctx *)(kwr + 1);
550 memset(kctx, 0, kctxlen);
552 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_TX) {
553 tls_ofld->tx_key_addr = keyid;
554 prepare_txkey_wr(kctx, k_ctx);
555 } else if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) {
556 tls_ofld->rx_key_addr = keyid;
557 prepare_rxkey_wr(kctx, k_ctx);
560 txsd = &toep->txsd[toep->txsd_pidx];
561 txsd->tx_credits = DIV_ROUND_UP(len, 16);
563 toep->tx_credits -= txsd->tx_credits;
564 if (__predict_false(++toep->txsd_pidx == toep->txsd_total))
573 /* Store a key received from SSL in DDR. */
575 program_key_context(struct tcpcb *tp, struct toepcb *toep,
576 struct tls_key_context *uk_ctx)
578 struct adapter *sc = td_adapter(toep->td);
579 struct tls_ofld_info *tls_ofld = &toep->tls;
580 struct tls_key_context *k_ctx;
581 int error, key_offset;
583 if (tp->t_state != TCPS_ESTABLISHED) {
585 * XXX: Matches Linux driver, but not sure this is a
586 * very appropriate error.
591 /* Stop timer on handshake completion */
592 tls_stop_handshake_timer(toep);
594 toep->flags &= ~TPF_FORCE_CREDITS;
596 CTR4(KTR_CXGBE, "%s: tid %d %s proto_ver %#x", __func__, toep->tid,
597 G_KEY_GET_LOC(uk_ctx->l_p_key) == KEY_WRITE_RX ? "KEY_WRITE_RX" :
598 "KEY_WRITE_TX", uk_ctx->proto_ver);
600 if (G_KEY_GET_LOC(uk_ctx->l_p_key) == KEY_WRITE_RX &&
601 ulp_mode(toep) != ULP_MODE_TLS)
604 /* Don't copy the 'tx' and 'rx' fields. */
605 k_ctx = &tls_ofld->k_ctx;
606 memcpy(&k_ctx->l_p_key, &uk_ctx->l_p_key,
607 sizeof(*k_ctx) - offsetof(struct tls_key_context, l_p_key));
609 /* TLS version != 1.1 and !1.2 OR DTLS != 1.2 */
610 if (get_proto_ver(k_ctx->proto_ver) > DTLS_1_2_VERSION) {
611 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) {
612 tls_ofld->rx_key_addr = -1;
613 t4_clear_rx_quiesce(toep);
615 tls_ofld->tx_key_addr = -1;
620 if (k_ctx->state.enc_mode == CH_EVP_CIPH_GCM_MODE) {
622 k_ctx->mac_first = 0;
623 k_ctx->hmac_ctrl = 0;
625 k_ctx->iv_size = 8; /* for CBC, iv is 16B, unit of 2B */
626 k_ctx->mac_first = 1;
629 tls_ofld->scmd0.seqno_numivs =
630 (V_SCMD_SEQ_NO_CTRL(3) |
631 V_SCMD_PROTO_VERSION(get_proto_ver(k_ctx->proto_ver)) |
632 V_SCMD_ENC_DEC_CTRL(SCMD_ENCDECCTRL_ENCRYPT) |
633 V_SCMD_CIPH_AUTH_SEQ_CTRL((k_ctx->mac_first == 0)) |
634 V_SCMD_CIPH_MODE(k_ctx->state.enc_mode) |
635 V_SCMD_AUTH_MODE(k_ctx->state.auth_mode) |
636 V_SCMD_HMAC_CTRL(k_ctx->hmac_ctrl) |
637 V_SCMD_IV_SIZE(k_ctx->iv_size));
639 tls_ofld->scmd0.ivgen_hdrlen =
640 (V_SCMD_IV_GEN_CTRL(k_ctx->iv_ctrl) |
641 V_SCMD_KEY_CTX_INLINE(0) |
642 V_SCMD_TLS_FRAG_ENABLE(1));
644 tls_ofld->mac_length = k_ctx->mac_secret_size;
646 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) {
647 k_ctx->rx = uk_ctx->rx;
648 /* Dont initialize key for re-neg */
649 if (!G_KEY_CLR_LOC(k_ctx->l_p_key))
650 tls_ofld->rx_key_addr = -1;
652 k_ctx->tx = uk_ctx->tx;
653 /* Dont initialize key for re-neg */
654 if (!G_KEY_CLR_LOC(k_ctx->l_p_key))
655 tls_ofld->tx_key_addr = -1;
658 /* Flush pending data before new Tx key becomes active */
659 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_TX) {
662 /* XXX: This might not drain everything. */
663 t4_push_frames(sc, toep, 0);
664 sb = &toep->inp->inp_socket->so_snd;
667 /* XXX: This asserts that everything has been pushed. */
668 MPASS(sb->sb_sndptr == NULL || sb->sb_sndptr->m_next == NULL);
669 sb->sb_sndptr = NULL;
670 tls_ofld->sb_off = sbavail(sb);
672 tls_ofld->tx_seq_no = 0;
675 if ((G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) ||
676 (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_DDR)) {
679 * XXX: The userland library sets tx_key_info_size, not
682 k_ctx->rx_key_info_size = k_ctx->tx_key_info_size;
684 error = tls_program_key_id(toep, k_ctx);
686 /* XXX: Only clear quiesce for KEY_WRITE_RX? */
687 t4_clear_rx_quiesce(toep);
692 if (G_KEY_GET_LOC(k_ctx->l_p_key) == KEY_WRITE_RX) {
694 * RX key tags are an index into the key portion of MA
695 * memory stored as an offset from the base address in
698 key_offset = tls_ofld->rx_key_addr - sc->vres.key.start;
699 t4_set_tls_keyid(toep, key_offset / 64);
700 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW,
701 V_TCB_ULP_RAW(M_TCB_ULP_RAW),
702 V_TCB_ULP_RAW((V_TF_TLS_KEY_SIZE(3) |
703 V_TF_TLS_CONTROL(1) |
705 V_TF_TLS_ENABLE(1))));
706 t4_set_tls_tcb_field(toep, W_TCB_TLS_SEQ,
707 V_TCB_TLS_SEQ(M_TCB_TLS_SEQ),
709 t4_clear_rx_quiesce(toep);
711 unsigned short pdus_per_ulp;
713 if (tls_ofld->key_location == TLS_SFO_WR_CONTEXTLOC_IMMEDIATE)
714 tls_ofld->tx_key_addr = 1;
716 tls_ofld->fcplenmax = get_tp_plen_max(tls_ofld);
717 tls_ofld->expn_per_ulp = tls_expansion_size(toep,
718 tls_ofld->fcplenmax, 1, &pdus_per_ulp);
719 tls_ofld->pdus_per_ulp = pdus_per_ulp;
720 tls_ofld->adjusted_plen = tls_ofld->pdus_per_ulp *
721 ((tls_ofld->expn_per_ulp/tls_ofld->pdus_per_ulp) +
722 tls_ofld->k_ctx.frag_size);
729 * In some cases a client connection can hang without sending the
730 * ServerHelloDone message from the NIC to the host. Send a dummy
731 * RX_DATA_ACK with RX_MODULATE to unstick the connection.
734 tls_send_handshake_ack(void *arg)
736 struct toepcb *toep = arg;
737 struct tls_ofld_info *tls_ofld = &toep->tls;
738 struct adapter *sc = td_adapter(toep->td);
741 * XXX: Does not have the t4_get_tcb() checks to refine the
744 callout_schedule(&tls_ofld->handshake_timer, TLS_SRV_HELLO_RD_TM * hz);
746 CTR2(KTR_CXGBE, "%s: tid %d sending RX_DATA_ACK", __func__, toep->tid);
747 send_rx_modulate(sc, toep);
751 tls_start_handshake_timer(struct toepcb *toep)
753 struct tls_ofld_info *tls_ofld = &toep->tls;
755 mtx_lock(&tls_handshake_lock);
756 callout_reset(&tls_ofld->handshake_timer, TLS_SRV_HELLO_BKOFF_TM * hz,
757 tls_send_handshake_ack, toep);
758 mtx_unlock(&tls_handshake_lock);
762 tls_stop_handshake_timer(struct toepcb *toep)
764 struct tls_ofld_info *tls_ofld = &toep->tls;
766 mtx_lock(&tls_handshake_lock);
767 callout_stop(&tls_ofld->handshake_timer);
768 mtx_unlock(&tls_handshake_lock);
772 t4_ctloutput_tls(struct socket *so, struct sockopt *sopt)
774 struct tls_key_context uk_ctx;
781 if (sopt->sopt_dir == SOPT_SET &&
782 sopt->sopt_name == TCP_TLSOM_SET_TLS_CONTEXT) {
783 error = sooptcopyin(sopt, &uk_ctx, sizeof(uk_ctx),
790 KASSERT(inp != NULL, ("tcp_ctloutput: inp == NULL"));
792 if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
798 switch (sopt->sopt_dir) {
800 switch (sopt->sopt_name) {
801 case TCP_TLSOM_SET_TLS_CONTEXT:
802 if (toep->tls.mode == TLS_MODE_KTLS)
805 error = program_key_context(tp, toep, &uk_ctx);
807 toep->tls.mode = TLS_MODE_TLSOM;
811 case TCP_TLSOM_CLR_TLS_TOM:
812 if (toep->tls.mode == TLS_MODE_KTLS)
814 else if (ulp_mode(toep) == ULP_MODE_TLS) {
815 CTR2(KTR_CXGBE, "%s: tid %d CLR_TLS_TOM",
816 __func__, toep->tid);
817 tls_clr_ofld_mode(toep);
822 case TCP_TLSOM_CLR_QUIES:
823 if (toep->tls.mode == TLS_MODE_KTLS)
825 else if (ulp_mode(toep) == ULP_MODE_TLS) {
826 CTR2(KTR_CXGBE, "%s: tid %d CLR_QUIES",
827 __func__, toep->tid);
828 tls_clr_quiesce(toep);
840 switch (sopt->sopt_name) {
841 case TCP_TLSOM_GET_TLS_TOM:
843 * TLS TX is permitted on any TOE socket, but
844 * TLS RX requires a TLS ULP mode.
846 optval = TLS_TOM_NONE;
847 if (can_tls_offload(td_adapter(toep->td)) &&
848 toep->tls.mode != TLS_MODE_KTLS) {
849 switch (ulp_mode(toep)) {
851 case ULP_MODE_TCPDDP:
852 optval = TLS_TOM_TXONLY;
855 optval = TLS_TOM_BOTH;
859 CTR3(KTR_CXGBE, "%s: tid %d GET_TLS_TOM = %d",
860 __func__, toep->tid, optval);
862 error = sooptcopyout(sopt, &optval, sizeof(optval));
876 init_ktls_key_context(struct ktls_session *tls, struct tls_key_context *k_ctx,
879 struct auth_hash *axf;
880 u_int key_info_size, mac_key_size;
883 k_ctx->l_p_key = V_KEY_GET_LOC(direction == KTLS_TX ? KEY_WRITE_TX :
885 k_ctx->proto_ver = tls->params.tls_vmajor << 8 | tls->params.tls_vminor;
886 k_ctx->cipher_secret_size = tls->params.cipher_key_len;
887 key_info_size = sizeof(struct tx_keyctx_hdr) +
888 k_ctx->cipher_secret_size;
889 if (direction == KTLS_TX)
893 memcpy(key, tls->params.cipher_key, tls->params.cipher_key_len);
894 hash = key + tls->params.cipher_key_len;
895 if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) {
896 k_ctx->state.auth_mode = SCMD_AUTH_MODE_GHASH;
897 k_ctx->state.enc_mode = SCMD_CIPH_MODE_AES_GCM;
899 k_ctx->mac_first = 0;
900 k_ctx->hmac_ctrl = SCMD_HMAC_CTRL_NOP;
901 key_info_size += GMAC_BLOCK_LEN;
902 k_ctx->mac_secret_size = 0;
903 if (direction == KTLS_TX)
904 memcpy(k_ctx->tx.salt, tls->params.iv, SALT_SIZE);
906 memcpy(k_ctx->rx.salt, tls->params.iv, SALT_SIZE);
907 t4_init_gmac_hash(tls->params.cipher_key,
908 tls->params.cipher_key_len, hash);
910 switch (tls->params.auth_algorithm) {
911 case CRYPTO_SHA1_HMAC:
912 axf = &auth_hash_hmac_sha1;
913 mac_key_size = SHA1_HASH_LEN;
914 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA1;
916 case CRYPTO_SHA2_256_HMAC:
917 axf = &auth_hash_hmac_sha2_256;
918 mac_key_size = SHA2_256_HASH_LEN;
919 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA256;
921 case CRYPTO_SHA2_384_HMAC:
922 axf = &auth_hash_hmac_sha2_384;
923 mac_key_size = SHA2_512_HASH_LEN;
924 k_ctx->state.auth_mode = SCMD_AUTH_MODE_SHA512_384;
927 panic("bad auth mode");
929 k_ctx->state.enc_mode = SCMD_CIPH_MODE_AES_CBC;
930 k_ctx->iv_size = 8; /* for CBC, iv is 16B, unit of 2B */
931 k_ctx->mac_first = 1;
932 k_ctx->hmac_ctrl = SCMD_HMAC_CTRL_NO_TRUNC;
933 key_info_size += roundup2(mac_key_size, 16) * 2;
934 k_ctx->mac_secret_size = mac_key_size;
935 t4_init_hmac_digest(axf, mac_key_size, tls->params.auth_key,
936 tls->params.auth_key_len, hash);
939 if (direction == KTLS_TX)
940 k_ctx->tx_key_info_size = key_info_size;
942 k_ctx->rx_key_info_size = key_info_size;
943 k_ctx->frag_size = tls->params.max_frame_len;
948 tls_alloc_ktls(struct toepcb *toep, struct ktls_session *tls, int direction)
950 struct adapter *sc = td_adapter(toep->td);
951 struct tls_key_context *k_ctx;
952 int error, key_offset;
954 if (toep->tls.mode == TLS_MODE_TLSOM)
956 if (!can_tls_offload(td_adapter(toep->td)))
958 switch (ulp_mode(toep)) {
962 case ULP_MODE_TCPDDP:
963 if (direction != KTLS_TX)
970 switch (tls->params.cipher_algorithm) {
972 /* XXX: Explicitly ignore any provided IV. */
973 switch (tls->params.cipher_key_len) {
981 switch (tls->params.auth_algorithm) {
982 case CRYPTO_SHA1_HMAC:
983 case CRYPTO_SHA2_256_HMAC:
984 case CRYPTO_SHA2_384_HMAC:
987 return (EPROTONOSUPPORT);
990 case CRYPTO_AES_NIST_GCM_16:
991 if (tls->params.iv_len != SALT_SIZE)
993 switch (tls->params.cipher_key_len) {
1003 return (EPROTONOSUPPORT);
1006 /* Only TLS 1.1 and TLS 1.2 are currently supported. */
1007 if (tls->params.tls_vmajor != TLS_MAJOR_VER_ONE ||
1008 tls->params.tls_vminor < TLS_MINOR_VER_ONE ||
1009 tls->params.tls_vminor > TLS_MINOR_VER_TWO)
1010 return (EPROTONOSUPPORT);
1012 /* Bail if we already have a key. */
1013 if (direction == KTLS_TX) {
1014 if (toep->tls.tx_key_addr != -1)
1015 return (EOPNOTSUPP);
1017 if (toep->tls.rx_key_addr != -1)
1018 return (EOPNOTSUPP);
1022 * XXX: This assumes no key renegotation. If KTLS ever supports
1023 * that we will want to allocate TLS sessions dynamically rather
1024 * than as a static member of toep.
1026 k_ctx = &toep->tls.k_ctx;
1027 init_ktls_key_context(tls, k_ctx, direction);
1029 error = tls_program_key_id(toep, k_ctx);
1033 if (direction == KTLS_TX) {
1034 toep->tls.scmd0.seqno_numivs =
1035 (V_SCMD_SEQ_NO_CTRL(3) |
1036 V_SCMD_PROTO_VERSION(get_proto_ver(k_ctx->proto_ver)) |
1037 V_SCMD_ENC_DEC_CTRL(SCMD_ENCDECCTRL_ENCRYPT) |
1038 V_SCMD_CIPH_AUTH_SEQ_CTRL((k_ctx->mac_first == 0)) |
1039 V_SCMD_CIPH_MODE(k_ctx->state.enc_mode) |
1040 V_SCMD_AUTH_MODE(k_ctx->state.auth_mode) |
1041 V_SCMD_HMAC_CTRL(k_ctx->hmac_ctrl) |
1042 V_SCMD_IV_SIZE(k_ctx->iv_size));
1044 toep->tls.scmd0.ivgen_hdrlen =
1045 (V_SCMD_IV_GEN_CTRL(k_ctx->iv_ctrl) |
1046 V_SCMD_KEY_CTX_INLINE(0) |
1047 V_SCMD_TLS_FRAG_ENABLE(1));
1049 if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16)
1050 toep->tls.iv_len = 8;
1052 toep->tls.iv_len = AES_BLOCK_LEN;
1054 toep->tls.mac_length = k_ctx->mac_secret_size;
1056 toep->tls.fcplenmax = get_tp_plen_max(&toep->tls);
1057 toep->tls.expn_per_ulp = tls->params.tls_hlen +
1058 tls->params.tls_tlen;
1059 toep->tls.pdus_per_ulp = 1;
1060 toep->tls.adjusted_plen = toep->tls.expn_per_ulp +
1061 toep->tls.k_ctx.frag_size;
1063 /* Stop timer on handshake completion */
1064 tls_stop_handshake_timer(toep);
1066 toep->flags &= ~TPF_FORCE_CREDITS;
1069 * RX key tags are an index into the key portion of MA
1070 * memory stored as an offset from the base address in
1071 * units of 64 bytes.
1073 key_offset = toep->tls.rx_key_addr - sc->vres.key.start;
1074 t4_set_tls_keyid(toep, key_offset / 64);
1075 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW,
1076 V_TCB_ULP_RAW(M_TCB_ULP_RAW),
1077 V_TCB_ULP_RAW((V_TF_TLS_KEY_SIZE(3) |
1078 V_TF_TLS_CONTROL(1) |
1079 V_TF_TLS_ACTIVE(1) |
1080 V_TF_TLS_ENABLE(1))));
1081 t4_set_tls_tcb_field(toep, W_TCB_TLS_SEQ,
1082 V_TCB_TLS_SEQ(M_TCB_TLS_SEQ),
1084 t4_clear_rx_quiesce(toep);
1087 toep->tls.mode = TLS_MODE_KTLS;
1094 tls_init_toep(struct toepcb *toep)
1096 struct tls_ofld_info *tls_ofld = &toep->tls;
1098 tls_ofld->mode = TLS_MODE_OFF;
1099 tls_ofld->key_location = TLS_SFO_WR_CONTEXTLOC_DDR;
1100 tls_ofld->rx_key_addr = -1;
1101 tls_ofld->tx_key_addr = -1;
1102 if (ulp_mode(toep) == ULP_MODE_TLS)
1103 callout_init_mtx(&tls_ofld->handshake_timer,
1104 &tls_handshake_lock, 0);
1108 tls_establish(struct toepcb *toep)
1112 * Enable PDU extraction.
1114 * XXX: Supposedly this should be done by the firmware when
1115 * the ULP_MODE FLOWC parameter is set in send_flowc_wr(), but
1116 * in practice this seems to be required.
1118 CTR2(KTR_CXGBE, "%s: tid %d setting TLS_ENABLE", __func__, toep->tid);
1119 t4_set_tls_tcb_field(toep, W_TCB_ULP_RAW, V_TCB_ULP_RAW(M_TCB_ULP_RAW),
1120 V_TCB_ULP_RAW(V_TF_TLS_ENABLE(1)));
1122 toep->flags |= TPF_FORCE_CREDITS;
1124 tls_start_handshake_timer(toep);
1128 tls_uninit_toep(struct toepcb *toep)
1131 if (ulp_mode(toep) == ULP_MODE_TLS)
1132 tls_stop_handshake_timer(toep);
1133 clear_tls_keyid(toep);
1136 #define MAX_OFLD_TX_CREDITS (SGE_MAX_WR_LEN / 16)
1137 #define MIN_OFLD_TLSTX_CREDITS(toep) \
1138 (howmany(sizeof(struct fw_tlstx_data_wr) + \
1139 sizeof(struct cpl_tx_tls_sfo) + key_size((toep)) + \
1140 CIPHER_BLOCK_SIZE + 1, 16))
1143 max_imm_tls_space(int tx_credits)
1145 const int n = 2; /* Use only up to 2 desc for imm. data WR */
1148 KASSERT(tx_credits >= 0 &&
1149 tx_credits <= MAX_OFLD_TX_CREDITS,
1150 ("%s: %d credits", __func__, tx_credits));
1152 if (tx_credits >= (n * EQ_ESIZE) / 16)
1153 space = (n * EQ_ESIZE);
1155 space = tx_credits * 16;
1160 count_mbuf_segs(struct mbuf *m, int skip, int len, int *max_nsegs_1mbufp)
1162 int max_nsegs_1mbuf, n, nsegs;
1164 while (skip >= m->m_len) {
1170 max_nsegs_1mbuf = 0;
1172 n = sglist_count(mtod(m, char *) + skip, m->m_len - skip);
1173 if (n > max_nsegs_1mbuf)
1174 max_nsegs_1mbuf = n;
1176 len -= m->m_len - skip;
1180 *max_nsegs_1mbufp = max_nsegs_1mbuf;
1185 write_tlstx_wr(struct fw_tlstx_data_wr *txwr, struct toepcb *toep,
1186 unsigned int immdlen, unsigned int plen, unsigned int expn,
1187 unsigned int pdus, uint8_t credits, int shove, int imm_ivs)
1189 struct tls_ofld_info *tls_ofld = &toep->tls;
1190 unsigned int len = plen + expn;
1192 txwr->op_to_immdlen = htobe32(V_WR_OP(FW_TLSTX_DATA_WR) |
1193 V_FW_TLSTX_DATA_WR_COMPL(1) |
1194 V_FW_TLSTX_DATA_WR_IMMDLEN(immdlen));
1195 txwr->flowid_len16 = htobe32(V_FW_TLSTX_DATA_WR_FLOWID(toep->tid) |
1196 V_FW_TLSTX_DATA_WR_LEN16(credits));
1197 txwr->plen = htobe32(len);
1198 txwr->lsodisable_to_flags = htobe32(V_TX_ULP_MODE(ULP_MODE_TLS) |
1199 V_TX_URG(0) | /* F_T6_TX_FORCE | */ V_TX_SHOVE(shove));
1200 txwr->ctxloc_to_exp = htobe32(V_FW_TLSTX_DATA_WR_NUMIVS(pdus) |
1201 V_FW_TLSTX_DATA_WR_EXP(expn) |
1202 V_FW_TLSTX_DATA_WR_CTXLOC(tls_ofld->key_location) |
1203 V_FW_TLSTX_DATA_WR_IVDSGL(!imm_ivs) |
1204 V_FW_TLSTX_DATA_WR_KEYSIZE(tls_ofld->k_ctx.tx_key_info_size >> 4));
1205 txwr->mfs = htobe16(tls_ofld->k_ctx.frag_size);
1206 txwr->adjustedplen_pkd = htobe16(
1207 V_FW_TLSTX_DATA_WR_ADJUSTEDPLEN(tls_ofld->adjusted_plen));
1208 txwr->expinplenmax_pkd = htobe16(
1209 V_FW_TLSTX_DATA_WR_EXPINPLENMAX(tls_ofld->expn_per_ulp));
1210 txwr->pdusinplenmax_pkd =
1211 V_FW_TLSTX_DATA_WR_PDUSINPLENMAX(tls_ofld->pdus_per_ulp);
1215 write_tlstx_cpl(struct cpl_tx_tls_sfo *cpl, struct toepcb *toep,
1216 struct tls_hdr *tls_hdr, unsigned int plen, unsigned int pdus)
1218 struct tls_ofld_info *tls_ofld = &toep->tls;
1219 int data_type, seglen;
1221 if (plen < tls_ofld->k_ctx.frag_size)
1224 seglen = tls_ofld->k_ctx.frag_size;
1225 data_type = tls_content_type(tls_hdr->type);
1226 cpl->op_to_seg_len = htobe32(V_CPL_TX_TLS_SFO_OPCODE(CPL_TX_TLS_SFO) |
1227 V_CPL_TX_TLS_SFO_DATA_TYPE(data_type) |
1228 V_CPL_TX_TLS_SFO_CPL_LEN(2) | V_CPL_TX_TLS_SFO_SEG_LEN(seglen));
1229 cpl->pld_len = htobe32(plen);
1230 if (data_type == CPL_TX_TLS_SFO_TYPE_HEARTBEAT)
1231 cpl->type_protover = htobe32(
1232 V_CPL_TX_TLS_SFO_TYPE(tls_hdr->type));
1233 cpl->seqno_numivs = htobe32(tls_ofld->scmd0.seqno_numivs |
1234 V_SCMD_NUM_IVS(pdus));
1235 cpl->ivgen_hdrlen = htobe32(tls_ofld->scmd0.ivgen_hdrlen);
1236 cpl->scmd1 = htobe64(tls_ofld->tx_seq_no);
1237 tls_ofld->tx_seq_no += pdus;
1241 * Similar to write_tx_sgl() except that it accepts an optional
1242 * trailer buffer for IVs.
1245 write_tlstx_sgl(void *dst, struct mbuf *start, int skip, int plen,
1246 void *iv_buffer, int iv_len, int nsegs, int n)
1249 struct ulptx_sgl *usgl = dst;
1252 struct sglist_seg segs[n];
1254 KASSERT(nsegs > 0, ("%s: nsegs 0", __func__));
1256 sglist_init(&sg, n, segs);
1257 usgl->cmd_nsge = htobe32(V_ULPTX_CMD(ULP_TX_SC_DSGL) |
1258 V_ULPTX_NSGE(nsegs));
1260 for (m = start; skip >= m->m_len; m = m->m_next)
1264 for (m = start; plen > 0; m = m->m_next) {
1265 rc = sglist_append(&sg, mtod(m, char *) + skip,
1267 if (__predict_false(rc != 0))
1268 panic("%s: sglist_append %d", __func__, rc);
1269 plen -= m->m_len - skip;
1272 for (j = 0; j < sg.sg_nseg; i++, j++) {
1274 usgl->len0 = htobe32(segs[j].ss_len);
1275 usgl->addr0 = htobe64(segs[j].ss_paddr);
1277 usgl->sge[i / 2].len[i & 1] =
1278 htobe32(segs[j].ss_len);
1279 usgl->sge[i / 2].addr[i & 1] =
1280 htobe64(segs[j].ss_paddr);
1288 if (iv_buffer != NULL) {
1289 rc = sglist_append(&sg, iv_buffer, iv_len);
1290 if (__predict_false(rc != 0))
1291 panic("%s: sglist_append %d", __func__, rc);
1293 for (j = 0; j < sg.sg_nseg; i++, j++) {
1295 usgl->len0 = htobe32(segs[j].ss_len);
1296 usgl->addr0 = htobe64(segs[j].ss_paddr);
1298 usgl->sge[i / 2].len[i & 1] =
1299 htobe32(segs[j].ss_len);
1300 usgl->sge[i / 2].addr[i & 1] =
1301 htobe64(segs[j].ss_paddr);
1309 usgl->sge[i / 2].len[1] = htobe32(0);
1310 KASSERT(nsegs == 0, ("%s: nsegs %d, start %p, iv_buffer %p",
1311 __func__, nsegs, start, iv_buffer));
1315 * Similar to t4_push_frames() but handles TLS sockets when TLS offload
1316 * is enabled. Rather than transmitting bulk data, the socket buffer
1317 * contains TLS records. The work request requires a full TLS record,
1318 * so batch mbufs up until a full TLS record is seen. This requires
1319 * reading the TLS header out of the start of each record to determine
1323 t4_push_tls_records(struct adapter *sc, struct toepcb *toep, int drop)
1325 struct tls_hdr thdr;
1326 struct mbuf *sndptr;
1327 struct fw_tlstx_data_wr *txwr;
1328 struct cpl_tx_tls_sfo *cpl;
1330 u_int plen, nsegs, credits, space, max_nsegs_1mbuf, wr_len;
1331 u_int expn_size, iv_len, pdus, sndptroff;
1332 struct tls_ofld_info *tls_ofld = &toep->tls;
1333 struct inpcb *inp = toep->inp;
1334 struct tcpcb *tp = intotcpcb(inp);
1335 struct socket *so = inp->inp_socket;
1336 struct sockbuf *sb = &so->so_snd;
1337 int tls_size, tx_credits, shove, /* compl,*/ sowwakeup;
1338 struct ofld_tx_sdesc *txsd;
1339 bool imm_ivs, imm_payload;
1340 void *iv_buffer, *iv_dst, *buf;
1342 INP_WLOCK_ASSERT(inp);
1343 KASSERT(toep->flags & TPF_FLOWC_WR_SENT,
1344 ("%s: flowc_wr not sent for tid %u.", __func__, toep->tid));
1346 KASSERT(ulp_mode(toep) == ULP_MODE_NONE ||
1347 ulp_mode(toep) == ULP_MODE_TCPDDP || ulp_mode(toep) == ULP_MODE_TLS,
1348 ("%s: ulp_mode %u for toep %p", __func__, ulp_mode(toep), toep));
1349 KASSERT(tls_tx_key(toep),
1350 ("%s: TX key not set for toep %p", __func__, toep));
1352 #ifdef VERBOSE_TRACES
1353 CTR4(KTR_CXGBE, "%s: tid %d toep flags %#x tp flags %#x drop %d",
1354 __func__, toep->tid, toep->flags, tp->t_flags);
1356 if (__predict_false(toep->flags & TPF_ABORT_SHUTDOWN))
1360 if (__predict_false(inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) &&
1361 (update_tx_rate_limit(sc, toep, so->so_max_pacing_rate) == 0)) {
1362 inp->inp_flags2 &= ~INP_RATE_LIMIT_CHANGED;
1367 * This function doesn't resume by itself. Someone else must clear the
1368 * flag and call this function.
1370 if (__predict_false(toep->flags & TPF_TX_SUSPENDED)) {
1372 ("%s: drop (%d) != 0 but tx is suspended", __func__, drop));
1376 txsd = &toep->txsd[toep->txsd_pidx];
1378 tx_credits = min(toep->tx_credits, MAX_OFLD_TX_CREDITS);
1379 space = max_imm_tls_space(tx_credits);
1380 wr_len = sizeof(struct fw_tlstx_data_wr) +
1381 sizeof(struct cpl_tx_tls_sfo) + key_size(toep);
1382 if (wr_len + CIPHER_BLOCK_SIZE + 1 > space) {
1383 #ifdef VERBOSE_TRACES
1385 "%s: tid %d tx_credits %d min_wr %d space %d",
1386 __func__, toep->tid, tx_credits, wr_len +
1387 CIPHER_BLOCK_SIZE + 1, space);
1395 sbdrop_locked(sb, drop);
1396 MPASS(tls_ofld->sb_off >= drop);
1397 tls_ofld->sb_off -= drop;
1402 * Send a FIN if requested, but only if there's no
1403 * more data to send.
1405 if (sbavail(sb) == tls_ofld->sb_off &&
1406 toep->flags & TPF_SEND_FIN) {
1408 sowwakeup_locked(so);
1411 SOCKBUF_UNLOCK_ASSERT(sb);
1412 t4_close_conn(sc, toep);
1416 if (sbavail(sb) < tls_ofld->sb_off + TLS_HEADER_LENGTH) {
1418 * A full TLS header is not yet queued, stop
1419 * for now until more data is added to the
1420 * socket buffer. However, if the connection
1421 * has been closed, we will never get the rest
1422 * of the header so just discard the partial
1423 * header and close the connection.
1425 #ifdef VERBOSE_TRACES
1426 CTR5(KTR_CXGBE, "%s: tid %d sbavail %d sb_off %d%s",
1427 __func__, toep->tid, sbavail(sb), tls_ofld->sb_off,
1428 toep->flags & TPF_SEND_FIN ? "" : " SEND_FIN");
1431 sowwakeup_locked(so);
1434 SOCKBUF_UNLOCK_ASSERT(sb);
1435 if (toep->flags & TPF_SEND_FIN)
1436 t4_close_conn(sc, toep);
1440 /* Read the header of the next TLS record. */
1441 sndptr = sbsndmbuf(sb, tls_ofld->sb_off, &sndptroff);
1442 m_copydata(sndptr, sndptroff, sizeof(thdr), (caddr_t)&thdr);
1443 tls_size = htons(thdr.length);
1444 plen = TLS_HEADER_LENGTH + tls_size;
1445 pdus = howmany(tls_size, tls_ofld->k_ctx.frag_size);
1446 iv_len = pdus * CIPHER_BLOCK_SIZE;
1448 if (sbavail(sb) < tls_ofld->sb_off + plen) {
1450 * The full TLS record is not yet queued, stop
1451 * for now until more data is added to the
1452 * socket buffer. However, if the connection
1453 * has been closed, we will never get the rest
1454 * of the record so just discard the partial
1455 * record and close the connection.
1457 #ifdef VERBOSE_TRACES
1459 "%s: tid %d sbavail %d sb_off %d plen %d%s",
1460 __func__, toep->tid, sbavail(sb), tls_ofld->sb_off,
1461 plen, toep->flags & TPF_SEND_FIN ? "" :
1465 sowwakeup_locked(so);
1468 SOCKBUF_UNLOCK_ASSERT(sb);
1469 if (toep->flags & TPF_SEND_FIN)
1470 t4_close_conn(sc, toep);
1474 /* Shove if there is no additional data pending. */
1475 shove = (sbavail(sb) == tls_ofld->sb_off + plen) &&
1476 !(tp->t_flags & TF_MORETOCOME);
1478 if (sb->sb_flags & SB_AUTOSIZE &&
1479 V_tcp_do_autosndbuf &&
1480 sb->sb_hiwat < V_tcp_autosndbuf_max &&
1481 sbused(sb) >= sb->sb_hiwat * 7 / 8) {
1482 int newsize = min(sb->sb_hiwat + V_tcp_autosndbuf_inc,
1483 V_tcp_autosndbuf_max);
1485 if (!sbreserve_locked(sb, newsize, so, NULL))
1486 sb->sb_flags &= ~SB_AUTOSIZE;
1488 sowwakeup = 1; /* room available */
1491 sowwakeup_locked(so);
1494 SOCKBUF_UNLOCK_ASSERT(sb);
1496 if (__predict_false(toep->flags & TPF_FIN_SENT))
1497 panic("%s: excess tx.", __func__);
1499 /* Determine whether to use immediate vs SGL. */
1500 imm_payload = false;
1502 if (wr_len + iv_len <= space) {
1505 if (wr_len + tls_size <= space) {
1511 /* Allocate space for IVs if needed. */
1513 iv_buffer = malloc(iv_len, M_CXGBE, M_NOWAIT);
1514 if (iv_buffer == NULL) {
1516 * XXX: How to restart this?
1519 sowwakeup_locked(so);
1522 SOCKBUF_UNLOCK_ASSERT(sb);
1524 "%s: tid %d failed to alloc IV space len %d",
1525 __func__, toep->tid, iv_len);
1531 /* Determine size of SGL. */
1533 max_nsegs_1mbuf = 0; /* max # of SGL segments in any one mbuf */
1535 nsegs = count_mbuf_segs(sndptr, sndptroff +
1536 TLS_HEADER_LENGTH, tls_size, &max_nsegs_1mbuf);
1538 int n = sglist_count(iv_buffer, iv_len);
1540 if (n > max_nsegs_1mbuf)
1541 max_nsegs_1mbuf = n;
1544 /* Account for SGL in work request length. */
1545 wr_len += sizeof(struct ulptx_sgl) +
1546 ((3 * (nsegs - 1)) / 2 + ((nsegs - 1) & 1)) * 8;
1549 wr = alloc_wrqe(roundup2(wr_len, 16), toep->ofld_txq);
1551 /* XXX: how will we recover from this? */
1552 toep->flags |= TPF_TX_SUSPENDED;
1556 #ifdef VERBOSE_TRACES
1557 CTR5(KTR_CXGBE, "%s: tid %d TLS record %d len %#x pdus %d",
1558 __func__, toep->tid, thdr.type, tls_size, pdus);
1561 cpl = (struct cpl_tx_tls_sfo *)(txwr + 1);
1562 memset(txwr, 0, roundup2(wr_len, 16));
1563 credits = howmany(wr_len, 16);
1564 expn_size = tls_expansion_size(toep, tls_size, 0, NULL);
1565 write_tlstx_wr(txwr, toep, imm_payload ? tls_size : 0,
1566 tls_size, expn_size, pdus, credits, shove, imm_ivs ? 1 : 0);
1567 write_tlstx_cpl(cpl, toep, &thdr, tls_size, pdus);
1568 tls_copy_tx_key(toep, cpl + 1);
1570 /* Generate random IVs */
1571 buf = (char *)(cpl + 1) + key_size(toep);
1573 MPASS(iv_buffer == NULL);
1575 buf = (char *)iv_dst + iv_len;
1578 arc4rand(iv_dst, iv_len, 0);
1581 m_copydata(sndptr, sndptroff + TLS_HEADER_LENGTH,
1584 write_tlstx_sgl(buf, sndptr,
1585 sndptroff + TLS_HEADER_LENGTH, tls_size, iv_buffer,
1586 iv_len, nsegs, max_nsegs_1mbuf);
1589 KASSERT(toep->tx_credits >= credits,
1590 ("%s: not enough credits", __func__));
1592 toep->tx_credits -= credits;
1594 tp->snd_nxt += plen;
1595 tp->snd_max += plen;
1598 sbsndptr_adv(sb, sb->sb_sndptr, plen);
1599 tls_ofld->sb_off += plen;
1602 toep->flags |= TPF_TX_DATA_SENT;
1603 if (toep->tx_credits < MIN_OFLD_TLSTX_CREDITS(toep))
1604 toep->flags |= TPF_TX_SUSPENDED;
1606 KASSERT(toep->txsd_avail > 0, ("%s: no txsd", __func__));
1608 txsd->tx_credits = credits;
1609 txsd->iv_buffer = iv_buffer;
1611 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) {
1612 toep->txsd_pidx = 0;
1613 txsd = &toep->txsd[0];
1617 atomic_add_long(&toep->vi->pi->tx_toe_tls_records, 1);
1618 atomic_add_long(&toep->vi->pi->tx_toe_tls_octets, plen);
1620 t4_l2t_send(sc, wr, toep->l2te);
1626 count_ext_pgs_segs(struct mbuf *m)
1631 MPASS(m->m_ext_pgs.npgs > 0);
1633 nextpa = m->m_epg_pa[0] + PAGE_SIZE;
1634 for (i = 1; i < m->m_ext_pgs.npgs; i++) {
1635 if (nextpa != m->m_epg_pa[i])
1637 nextpa = m->m_epg_pa[i] + PAGE_SIZE;
1643 write_ktlstx_sgl(void *dst, struct mbuf *m, int nsegs)
1645 struct ulptx_sgl *usgl = dst;
1650 KASSERT(nsegs > 0, ("%s: nsegs 0", __func__));
1652 usgl->cmd_nsge = htobe32(V_ULPTX_CMD(ULP_TX_SC_DSGL) |
1653 V_ULPTX_NSGE(nsegs));
1655 /* Figure out the first S/G length. */
1656 pa = m->m_epg_pa[0] + m->m_ext_pgs.first_pg_off;
1657 usgl->addr0 = htobe64(pa);
1658 len = m_epg_pagelen(m, 0, m->m_ext_pgs.first_pg_off);
1660 for (i = 1; i < m->m_ext_pgs.npgs; i++) {
1661 if (m->m_epg_pa[i] != pa)
1663 len += m_epg_pagelen(m, i, 0);
1664 pa += m_epg_pagelen(m, i, 0);
1666 usgl->len0 = htobe32(len);
1672 for (; i < m->m_ext_pgs.npgs; i++) {
1673 if (j == -1 || m->m_epg_pa[i] != pa) {
1675 usgl->sge[j / 2].len[j & 1] = htobe32(len);
1680 pa = m->m_epg_pa[i];
1681 usgl->sge[j / 2].addr[j & 1] = htobe64(pa);
1682 len = m_epg_pagelen(m, i, 0);
1685 len += m_epg_pagelen(m, i, 0);
1686 pa += m_epg_pagelen(m, i, 0);
1690 usgl->sge[j / 2].len[j & 1] = htobe32(len);
1693 usgl->sge[j / 2].len[1] = htobe32(0);
1695 KASSERT(nsegs == 0, ("%s: nsegs %d, m %p", __func__, nsegs, m));
1699 * Similar to t4_push_frames() but handles sockets that contain TLS
1700 * record mbufs. Unlike TLSOM, each mbuf is a complete TLS record and
1701 * corresponds to a single work request.
1704 t4_push_ktls(struct adapter *sc, struct toepcb *toep, int drop)
1706 struct tls_hdr *thdr;
1707 struct fw_tlstx_data_wr *txwr;
1708 struct cpl_tx_tls_sfo *cpl;
1711 u_int nsegs, credits, wr_len;
1713 struct inpcb *inp = toep->inp;
1714 struct tcpcb *tp = intotcpcb(inp);
1715 struct socket *so = inp->inp_socket;
1716 struct sockbuf *sb = &so->so_snd;
1717 int tls_size, tx_credits, shove, sowwakeup;
1718 struct ofld_tx_sdesc *txsd;
1721 INP_WLOCK_ASSERT(inp);
1722 KASSERT(toep->flags & TPF_FLOWC_WR_SENT,
1723 ("%s: flowc_wr not sent for tid %u.", __func__, toep->tid));
1725 KASSERT(ulp_mode(toep) == ULP_MODE_NONE ||
1726 ulp_mode(toep) == ULP_MODE_TCPDDP || ulp_mode(toep) == ULP_MODE_TLS,
1727 ("%s: ulp_mode %u for toep %p", __func__, ulp_mode(toep), toep));
1728 KASSERT(tls_tx_key(toep),
1729 ("%s: TX key not set for toep %p", __func__, toep));
1731 #ifdef VERBOSE_TRACES
1732 CTR4(KTR_CXGBE, "%s: tid %d toep flags %#x tp flags %#x drop %d",
1733 __func__, toep->tid, toep->flags, tp->t_flags);
1735 if (__predict_false(toep->flags & TPF_ABORT_SHUTDOWN))
1739 if (__predict_false(inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) &&
1740 (update_tx_rate_limit(sc, toep, so->so_max_pacing_rate) == 0)) {
1741 inp->inp_flags2 &= ~INP_RATE_LIMIT_CHANGED;
1746 * This function doesn't resume by itself. Someone else must clear the
1747 * flag and call this function.
1749 if (__predict_false(toep->flags & TPF_TX_SUSPENDED)) {
1751 ("%s: drop (%d) != 0 but tx is suspended", __func__, drop));
1755 txsd = &toep->txsd[toep->txsd_pidx];
1757 tx_credits = min(toep->tx_credits, MAX_OFLD_TX_CREDITS);
1762 sbdrop_locked(sb, drop);
1766 m = sb->sb_sndptr != NULL ? sb->sb_sndptr->m_next : sb->sb_mb;
1769 * Send a FIN if requested, but only if there's no
1770 * more data to send.
1772 if (m == NULL && toep->flags & TPF_SEND_FIN) {
1774 sowwakeup_locked(so);
1777 SOCKBUF_UNLOCK_ASSERT(sb);
1778 t4_close_conn(sc, toep);
1783 * If there is no ready data to send, wait until more
1786 if (m == NULL || (m->m_flags & M_NOTAVAIL) != 0) {
1788 sowwakeup_locked(so);
1791 SOCKBUF_UNLOCK_ASSERT(sb);
1792 #ifdef VERBOSE_TRACES
1793 CTR2(KTR_CXGBE, "%s: tid %d no ready data to send",
1794 __func__, toep->tid);
1799 KASSERT(m->m_flags & M_NOMAP, ("%s: mbuf %p is not NOMAP",
1801 KASSERT(m->m_ext_pgs.tls != NULL,
1802 ("%s: mbuf %p doesn't have TLS session", __func__, m));
1804 /* Calculate WR length. */
1805 wr_len = sizeof(struct fw_tlstx_data_wr) +
1806 sizeof(struct cpl_tx_tls_sfo) + key_size(toep);
1808 /* Explicit IVs for AES-CBC and AES-GCM are <= 16. */
1809 MPASS(toep->tls.iv_len <= AES_BLOCK_LEN);
1810 wr_len += AES_BLOCK_LEN;
1812 /* Account for SGL in work request length. */
1813 nsegs = count_ext_pgs_segs(m);
1814 wr_len += sizeof(struct ulptx_sgl) +
1815 ((3 * (nsegs - 1)) / 2 + ((nsegs - 1) & 1)) * 8;
1817 /* Not enough credits for this work request. */
1818 if (howmany(wr_len, 16) > tx_credits) {
1820 sowwakeup_locked(so);
1823 SOCKBUF_UNLOCK_ASSERT(sb);
1824 #ifdef VERBOSE_TRACES
1826 "%s: tid %d mbuf %p requires %d credits, but only %d available",
1827 __func__, toep->tid, m, howmany(wr_len, 16),
1830 toep->flags |= TPF_TX_SUSPENDED;
1834 /* Shove if there is no additional data pending. */
1835 shove = ((m->m_next == NULL ||
1836 (m->m_next->m_flags & M_NOTAVAIL) != 0)) &&
1837 (tp->t_flags & TF_MORETOCOME) == 0;
1839 if (sb->sb_flags & SB_AUTOSIZE &&
1840 V_tcp_do_autosndbuf &&
1841 sb->sb_hiwat < V_tcp_autosndbuf_max &&
1842 sbused(sb) >= sb->sb_hiwat * 7 / 8) {
1843 int newsize = min(sb->sb_hiwat + V_tcp_autosndbuf_inc,
1844 V_tcp_autosndbuf_max);
1846 if (!sbreserve_locked(sb, newsize, so, NULL))
1847 sb->sb_flags &= ~SB_AUTOSIZE;
1849 sowwakeup = 1; /* room available */
1852 sowwakeup_locked(so);
1855 SOCKBUF_UNLOCK_ASSERT(sb);
1857 if (__predict_false(toep->flags & TPF_FIN_SENT))
1858 panic("%s: excess tx.", __func__);
1860 wr = alloc_wrqe(roundup2(wr_len, 16), toep->ofld_txq);
1862 /* XXX: how will we recover from this? */
1863 toep->flags |= TPF_TX_SUSPENDED;
1867 thdr = (struct tls_hdr *)&m->m_epg_hdr;
1868 #ifdef VERBOSE_TRACES
1869 CTR5(KTR_CXGBE, "%s: tid %d TLS record %ju type %d len %#x",
1870 __func__, toep->tid, m->m_ext_pgs.seqno, thdr->type,
1874 cpl = (struct cpl_tx_tls_sfo *)(txwr + 1);
1875 memset(txwr, 0, roundup2(wr_len, 16));
1876 credits = howmany(wr_len, 16);
1877 expn_size = m->m_ext_pgs.hdr_len +
1878 m->m_ext_pgs.trail_len;
1879 tls_size = m->m_len - expn_size;
1880 write_tlstx_wr(txwr, toep, 0,
1881 tls_size, expn_size, 1, credits, shove, 1);
1882 toep->tls.tx_seq_no = m->m_ext_pgs.seqno;
1883 write_tlstx_cpl(cpl, toep, thdr, tls_size, 1);
1884 tls_copy_tx_key(toep, cpl + 1);
1887 buf = (char *)(cpl + 1) + key_size(toep);
1888 memcpy(buf, thdr + 1, toep->tls.iv_len);
1889 buf += AES_BLOCK_LEN;
1891 write_ktlstx_sgl(buf, m, nsegs);
1893 KASSERT(toep->tx_credits >= credits,
1894 ("%s: not enough credits", __func__));
1896 toep->tx_credits -= credits;
1898 tp->snd_nxt += m->m_len;
1899 tp->snd_max += m->m_len;
1905 toep->flags |= TPF_TX_DATA_SENT;
1906 if (toep->tx_credits < MIN_OFLD_TLSTX_CREDITS(toep))
1907 toep->flags |= TPF_TX_SUSPENDED;
1909 KASSERT(toep->txsd_avail > 0, ("%s: no txsd", __func__));
1910 txsd->plen = m->m_len;
1911 txsd->tx_credits = credits;
1913 if (__predict_false(++toep->txsd_pidx == toep->txsd_total)) {
1914 toep->txsd_pidx = 0;
1915 txsd = &toep->txsd[0];
1919 atomic_add_long(&toep->vi->pi->tx_toe_tls_records, 1);
1920 atomic_add_long(&toep->vi->pi->tx_toe_tls_octets, m->m_len);
1922 t4_l2t_send(sc, wr, toep->l2te);
1928 * For TLS data we place received mbufs received via CPL_TLS_DATA into
1929 * an mbufq in the TLS offload state. When CPL_RX_TLS_CMP is
1930 * received, the completed PDUs are placed into the socket receive
1933 * The TLS code reuses the ulp_pdu_reclaimq to hold the pending mbufs.
1936 do_tls_data(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m)
1938 struct adapter *sc = iq->adapter;
1939 const struct cpl_tls_data *cpl = mtod(m, const void *);
1940 unsigned int tid = GET_TID(cpl);
1941 struct toepcb *toep = lookup_tid(sc, tid);
1942 struct inpcb *inp = toep->inp;
1946 /* XXX: Should this match do_rx_data instead? */
1947 KASSERT(!(toep->flags & TPF_SYNQE),
1948 ("%s: toep %p claims to be a synq entry", __func__, toep));
1950 KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__));
1952 /* strip off CPL header */
1953 m_adj(m, sizeof(*cpl));
1954 len = m->m_pkthdr.len;
1956 atomic_add_long(&toep->vi->pi->rx_toe_tls_octets, len);
1958 KASSERT(len == G_CPL_TLS_DATA_LENGTH(be32toh(cpl->length_pkd)),
1959 ("%s: payload length mismatch", __func__));
1962 if (inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT)) {
1963 CTR4(KTR_CXGBE, "%s: tid %u, rx (%d bytes), inp_flags 0x%x",
1964 __func__, tid, len, inp->inp_flags);
1970 /* Save TCP sequence number. */
1971 m->m_pkthdr.tls_tcp_seq = be32toh(cpl->seq);
1973 if (mbufq_enqueue(&toep->ulp_pdu_reclaimq, m)) {
1975 panic("Failed to queue TLS data packet");
1977 printf("%s: Failed to queue TLS data packet\n", __func__);
1984 tp = intotcpcb(inp);
1985 tp->t_rcvtime = ticks;
1987 #ifdef VERBOSE_TRACES
1988 CTR4(KTR_CXGBE, "%s: tid %u len %d seq %u", __func__, tid, len,
1997 do_rx_tls_cmp(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m)
1999 struct adapter *sc = iq->adapter;
2000 const struct cpl_rx_tls_cmp *cpl = mtod(m, const void *);
2001 struct tlsrx_hdr_pkt *tls_hdr_pkt;
2002 unsigned int tid = GET_TID(cpl);
2003 struct toepcb *toep = lookup_tid(sc, tid);
2004 struct inpcb *inp = toep->inp;
2008 struct mbuf *tls_data;
2010 struct tls_get_record *tgr;
2011 struct mbuf *control;
2013 int len, pdu_length, rx_credits;
2015 KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__));
2016 KASSERT(!(toep->flags & TPF_SYNQE),
2017 ("%s: toep %p claims to be a synq entry", __func__, toep));
2019 /* strip off CPL header */
2020 m_adj(m, sizeof(*cpl));
2021 len = m->m_pkthdr.len;
2023 atomic_add_long(&toep->vi->pi->rx_toe_tls_records, 1);
2025 KASSERT(len == G_CPL_RX_TLS_CMP_LENGTH(be32toh(cpl->pdulength_length)),
2026 ("%s: payload length mismatch", __func__));
2029 if (inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT)) {
2030 CTR4(KTR_CXGBE, "%s: tid %u, rx (%d bytes), inp_flags 0x%x",
2031 __func__, tid, len, inp->inp_flags);
2037 pdu_length = G_CPL_RX_TLS_CMP_PDULENGTH(be32toh(cpl->pdulength_length));
2039 so = inp_inpcbtosocket(inp);
2040 tp = intotcpcb(inp);
2042 #ifdef VERBOSE_TRACES
2043 CTR6(KTR_CXGBE, "%s: tid %u PDU len %d len %d seq %u, rcv_nxt %u",
2044 __func__, tid, pdu_length, len, be32toh(cpl->seq), tp->rcv_nxt);
2047 tp->rcv_nxt += pdu_length;
2048 if (tp->rcv_wnd < pdu_length) {
2049 toep->tls.rcv_over += pdu_length - tp->rcv_wnd;
2052 tp->rcv_wnd -= pdu_length;
2054 /* XXX: Not sure what to do about urgent data. */
2057 * The payload of this CPL is the TLS header followed by
2058 * additional fields.
2060 KASSERT(m->m_len >= sizeof(*tls_hdr_pkt),
2061 ("%s: payload too small", __func__));
2062 tls_hdr_pkt = mtod(m, void *);
2064 tls_data = mbufq_dequeue(&toep->ulp_pdu_reclaimq);
2065 if (tls_data != NULL) {
2066 KASSERT(be32toh(cpl->seq) == tls_data->m_pkthdr.tls_tcp_seq,
2067 ("%s: sequence mismatch", __func__));
2071 if (toep->tls.mode == TLS_MODE_KTLS) {
2072 /* Report decryption errors as EBADMSG. */
2073 if ((tls_hdr_pkt->res_to_mac_error & M_TLSRX_HDR_PKT_ERROR) !=
2078 CURVNET_SET(toep->vnet);
2079 so->so_error = EBADMSG;
2088 /* Allocate the control message mbuf. */
2089 control = sbcreatecontrol(NULL, sizeof(*tgr), TLS_GET_RECORD,
2091 if (control == NULL) {
2095 CURVNET_SET(toep->vnet);
2096 so->so_error = ENOBUFS;
2105 tgr = (struct tls_get_record *)
2106 CMSG_DATA(mtod(control, struct cmsghdr *));
2107 tgr->tls_type = tls_hdr_pkt->type;
2108 tgr->tls_vmajor = be16toh(tls_hdr_pkt->version) >> 8;
2109 tgr->tls_vminor = be16toh(tls_hdr_pkt->version) & 0xff;
2113 if (tls_data != NULL) {
2114 m_last(tls_data)->m_flags |= M_EOR;
2115 tgr->tls_length = htobe16(tls_data->m_pkthdr.len);
2117 tgr->tls_length = 0;
2123 * Only the TLS header is sent to OpenSSL, so report
2124 * errors by altering the record type.
2126 if ((tls_hdr_pkt->res_to_mac_error & M_TLSRX_HDR_PKT_ERROR) !=
2128 tls_hdr_pkt->type = CONTENT_TYPE_ERROR;
2130 /* Trim this CPL's mbuf to only include the TLS header. */
2131 KASSERT(m->m_len == len && m->m_next == NULL,
2132 ("%s: CPL spans multiple mbufs", __func__));
2133 m->m_len = TLS_HEADER_LENGTH;
2134 m->m_pkthdr.len = TLS_HEADER_LENGTH;
2136 if (tls_data != NULL) {
2138 * Update the TLS header length to be the length of
2141 tls_hdr_pkt->length = htobe16(tls_data->m_pkthdr.len);
2143 m->m_next = tls_data;
2144 m->m_pkthdr.len += tls_data->m_len;
2155 if (__predict_false(sb->sb_state & SBS_CANTRCVMORE)) {
2156 struct epoch_tracker et;
2158 CTR3(KTR_CXGBE, "%s: tid %u, excess rx (%d bytes)",
2159 __func__, tid, pdu_length);
2167 CURVNET_SET(toep->vnet);
2168 NET_EPOCH_ENTER(et);
2170 tp = tcp_drop(tp, ECONNRESET);
2180 * Not all of the bytes on the wire are included in the socket buffer
2181 * (e.g. the MAC of the TLS record). However, those bytes are included
2182 * in the TCP sequence space.
2185 /* receive buffer autosize */
2186 MPASS(toep->vnet == so->so_vnet);
2187 CURVNET_SET(toep->vnet);
2188 if (sb->sb_flags & SB_AUTOSIZE &&
2189 V_tcp_do_autorcvbuf &&
2190 sb->sb_hiwat < V_tcp_autorcvbuf_max &&
2191 m->m_pkthdr.len > (sbspace(sb) / 8 * 7)) {
2192 unsigned int hiwat = sb->sb_hiwat;
2193 unsigned int newsize = min(hiwat + sc->tt.autorcvbuf_inc,
2194 V_tcp_autorcvbuf_max);
2196 if (!sbreserve_locked(sb, newsize, so, NULL))
2197 sb->sb_flags &= ~SB_AUTOSIZE;
2201 if (control != NULL)
2202 sbappendcontrol_locked(sb, m, control, 0);
2205 sbappendstream_locked(sb, m, 0);
2206 rx_credits = sbspace(sb) > tp->rcv_wnd ? sbspace(sb) - tp->rcv_wnd : 0;
2207 #ifdef VERBOSE_TRACES
2208 CTR4(KTR_CXGBE, "%s: tid %u rx_credits %u rcv_wnd %u",
2209 __func__, tid, rx_credits, tp->rcv_wnd);
2211 if (rx_credits > 0 && sbused(sb) + tp->rcv_wnd < sb->sb_lowat) {
2212 rx_credits = send_rx_credits(sc, toep, rx_credits);
2213 tp->rcv_wnd += rx_credits;
2214 tp->rcv_adv += rx_credits;
2217 sorwakeup_locked(so);
2218 SOCKBUF_UNLOCK_ASSERT(sb);
2226 t4_tls_mod_load(void)
2229 mtx_init(&tls_handshake_lock, "t4tls handshake", NULL, MTX_DEF);
2230 t4_register_cpl_handler(CPL_TLS_DATA, do_tls_data);
2231 t4_register_cpl_handler(CPL_RX_TLS_CMP, do_rx_tls_cmp);
2235 t4_tls_mod_unload(void)
2238 t4_register_cpl_handler(CPL_TLS_DATA, NULL);
2239 t4_register_cpl_handler(CPL_RX_TLS_CMP, NULL);
2240 mtx_destroy(&tls_handshake_lock);
2242 #endif /* TCP_OFFLOAD */