Merge ^/head r351317 through r351731.

[FreeBSD/FreeBSD.git] / sys / opencrypto / ktls_ocf.c

/*-
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Copyright (c) 2019 Netflix Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/counter.h>
#include <sys/endian.h>
#include <sys/kernel.h>
#include <sys/ktls.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/mutex.h>
#include <sys/sysctl.h>
#include <sys/uio.h>
#include <opencrypto/cryptodev.h>

struct ocf_session {
        crypto_session_t sid;
        int crda_alg;
        struct mtx lock;
};

struct ocf_operation {
        struct ocf_session *os;
        bool done;
        struct iovec iov[0];
};

static MALLOC_DEFINE(M_KTLS_OCF, "ktls_ocf", "OCF KTLS");

SYSCTL_DECL(_kern_ipc_tls);
SYSCTL_DECL(_kern_ipc_tls_stats);

static counter_u64_t ocf_gcm_crypts;
SYSCTL_COUNTER_U64(_kern_ipc_tls_stats, OID_AUTO, ocf_gcm_crypts, CTLFLAG_RD,
    &ocf_gcm_crypts,
    "Total number of OCF GCM encryption operations");

static counter_u64_t ocf_retries;
SYSCTL_COUNTER_U64(_kern_ipc_tls_stats, OID_AUTO, ocf_retries, CTLFLAG_RD,
    &ocf_retries,
    "Number of OCF encryption operation retries");

static int
ktls_ocf_callback(struct cryptop *crp)
{
        struct ocf_operation *oo;

        oo = crp->crp_opaque;
        mtx_lock(&oo->os->lock);
        oo->done = true;
        mtx_unlock(&oo->os->lock);
        wakeup(oo);
        return (0);
}

static int
ktls_ocf_encrypt(struct ktls_session *tls, const struct tls_record_layer *hdr,
    uint8_t *trailer, struct iovec *iniov, struct iovec *outiov, int iovcnt,
    uint64_t seqno)
{
        struct uio uio;
        struct tls_aead_data ad;
        struct tls_nonce_data nd;
        struct cryptodesc *crde, *crda;
        struct cryptop *crp;
        struct ocf_session *os;
        struct ocf_operation *oo;
        struct iovec *iov;
        int i, error;
        uint16_t tls_comp_len;

        os = tls->cipher;

        oo = malloc(sizeof(*oo) + (iovcnt + 2) * sizeof(*iov), M_KTLS_OCF,
            M_WAITOK | M_ZERO);
        oo->os = os;
        iov = oo->iov;

        crp = crypto_getreq(2);
        if (crp == NULL) {
                free(oo, M_KTLS_OCF);
                return (ENOMEM);
        }

        /* Setup the IV. */
        memcpy(nd.fixed, tls->params.iv, TLS_AEAD_GCM_LEN);
        memcpy(&nd.seq, hdr + 1, sizeof(nd.seq));

        /* Setup the AAD. */
        tls_comp_len = ntohs(hdr->tls_length) -
            (AES_GMAC_HASH_LEN + sizeof(nd.seq));
        ad.seq = htobe64(seqno);
        ad.type = hdr->tls_type;
        ad.tls_vmajor = hdr->tls_vmajor;
        ad.tls_vminor = hdr->tls_vminor;
        ad.tls_length = htons(tls_comp_len);
        iov[0].iov_base = &ad;
        iov[0].iov_len = sizeof(ad);
        uio.uio_resid = sizeof(ad);
        
        /*
         * OCF always does encryption in place, so copy the data if
         * needed.  Ugh.
         */
        for (i = 0; i < iovcnt; i++) {
                iov[i + 1] = outiov[i];
                if (iniov[i].iov_base != outiov[i].iov_base)
                        memcpy(outiov[i].iov_base, iniov[i].iov_base,
                            outiov[i].iov_len);
                uio.uio_resid += outiov[i].iov_len;
        }

        iov[iovcnt + 1].iov_base = trailer;
        iov[iovcnt + 1].iov_len = AES_GMAC_HASH_LEN;
        uio.uio_resid += AES_GMAC_HASH_LEN;

        uio.uio_iov = iov;
        uio.uio_iovcnt = iovcnt + 2;
        uio.uio_offset = 0;
        uio.uio_segflg = UIO_SYSSPACE;
        uio.uio_td = curthread;

        crp->crp_session = os->sid;
        crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM;
        crp->crp_uio = &uio;
        crp->crp_ilen = uio.uio_resid;
        crp->crp_opaque = oo;
        crp->crp_callback = ktls_ocf_callback;

        crde = crp->crp_desc;
        crda = crde->crd_next;

        crda->crd_alg = os->crda_alg;
        crda->crd_skip = 0;
        crda->crd_len = sizeof(ad);
        crda->crd_inject = crp->crp_ilen - AES_GMAC_HASH_LEN;

        crde->crd_alg = CRYPTO_AES_NIST_GCM_16;
        crde->crd_skip = sizeof(ad);
        crde->crd_len = crp->crp_ilen - (sizeof(ad) + AES_GMAC_HASH_LEN);
        crde->crd_flags = CRD_F_ENCRYPT | CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
        memcpy(crde->crd_iv, &nd, sizeof(nd));

        counter_u64_add(ocf_gcm_crypts, 1);
        for (;;) {
                error = crypto_dispatch(crp);
                if (error)
                        break;

                mtx_lock(&os->lock);
                while (!oo->done)
                        mtx_sleep(oo, &os->lock, 0, "ocfktls", 0);
                mtx_unlock(&os->lock);

                if (crp->crp_etype != EAGAIN) {
                        error = crp->crp_etype;
                        break;
                }

                crp->crp_etype = 0;
                crp->crp_flags &= ~CRYPTO_F_DONE;
                oo->done = false;
                counter_u64_add(ocf_retries, 1);
        }

        crypto_freereq(crp);
        free(oo, M_KTLS_OCF);
        return (error);
}

static void
ktls_ocf_free(struct ktls_session *tls)
{
        struct ocf_session *os;

        os = tls->cipher;
        mtx_destroy(&os->lock);
        explicit_bzero(os, sizeof(*os));
        free(os, M_KTLS_OCF);
}

static int
ktls_ocf_try(struct socket *so, struct ktls_session *tls)
{
        struct cryptoini cria, crie;
        struct ocf_session *os;
        int error;

        memset(&cria, 0, sizeof(cria));
        memset(&crie, 0, sizeof(crie));

        switch (tls->params.cipher_algorithm) {
        case CRYPTO_AES_NIST_GCM_16:
                if (tls->params.iv_len != TLS_AEAD_GCM_LEN)
                        return (EINVAL);
                switch (tls->params.cipher_key_len) {
                case 128 / 8:
                        cria.cri_alg = CRYPTO_AES_128_NIST_GMAC;
                        break;
                case 256 / 8:
                        cria.cri_alg = CRYPTO_AES_256_NIST_GMAC;
                        break;
                default:
                        return (EINVAL);
                }
                cria.cri_key = tls->params.cipher_key;
                cria.cri_klen = tls->params.cipher_key_len * 8;
                break;
        default:
                return (EPROTONOSUPPORT);
        }

        /* Only TLS 1.1 and TLS 1.2 are currently supported. */
        if (tls->params.tls_vmajor != TLS_MAJOR_VER_ONE ||
            tls->params.tls_vminor < TLS_MINOR_VER_ONE ||
            tls->params.tls_vminor > TLS_MINOR_VER_TWO)
                return (EPROTONOSUPPORT);

        os = malloc(sizeof(*os), M_KTLS_OCF, M_NOWAIT | M_ZERO);
        if (os == NULL)
                return (ENOMEM);

        crie.cri_alg = tls->params.cipher_algorithm;
        crie.cri_key = tls->params.cipher_key;
        crie.cri_klen = tls->params.cipher_key_len * 8;

        crie.cri_next = &cria;
        error = crypto_newsession(&os->sid, &crie,
            CRYPTO_FLAG_HARDWARE | CRYPTO_FLAG_SOFTWARE);
        if (error) {
                free(os, M_KTLS_OCF);
                return (error);
        }

        os->crda_alg = cria.cri_alg;
        mtx_init(&os->lock, "ktls_ocf", NULL, MTX_DEF);
        tls->cipher = os;
        tls->sw_encrypt = ktls_ocf_encrypt;
        tls->free = ktls_ocf_free;
        return (0);
}

struct ktls_crypto_backend ocf_backend = {
        .name = "OCF",
        .prio = 5,
        .api_version = KTLS_API_VERSION,
        .try = ktls_ocf_try,
};

static int
ktls_ocf_modevent(module_t mod, int what, void *arg)
{
        int error;

        switch (what) {
        case MOD_LOAD:
                ocf_gcm_crypts = counter_u64_alloc(M_WAITOK);
                ocf_retries = counter_u64_alloc(M_WAITOK);
                return (ktls_crypto_backend_register(&ocf_backend));
        case MOD_UNLOAD:
                error = ktls_crypto_backend_deregister(&ocf_backend);
                if (error)
                        return (error);
                counter_u64_free(ocf_gcm_crypts);
                counter_u64_free(ocf_retries);
                return (0);
        default:
                return (EOPNOTSUPP);
        }
}

static moduledata_t ktls_ocf_moduledata = {
        "ktls_ocf",
        ktls_ocf_modevent,
        NULL
};

DECLARE_MODULE(ktls_ocf, ktls_ocf_moduledata, SI_SUB_PROTO_END, SI_ORDER_ANY);