2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2014-2019 Netflix Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include <sys/refcount.h>
32 #include <sys/_task.h>
35 struct tls_record_layer {
41 } __attribute__ ((packed));
43 #define TLS_MAX_MSG_SIZE_V10_2 16384
44 #define TLS_MAX_PARAM_SIZE 1024 /* Max key/mac/iv in sockopt */
45 #define TLS_AEAD_GCM_LEN 4
46 #define TLS_1_3_GCM_IV_LEN 12
47 #define TLS_CHACHA20_IV_LEN 12
48 #define TLS_CBC_IMPLICIT_IV_LEN 16
50 /* Type values for the record layer */
51 #define TLS_RLTYPE_ALERT 21
52 #define TLS_RLTYPE_HANDSHAKE 22
53 #define TLS_RLTYPE_APP 23
56 * Nonce for GCM for TLS 1.2 per RFC 5288.
58 struct tls_nonce_data {
59 uint8_t fixed[TLS_AEAD_GCM_LEN];
64 * AEAD additional data format for TLS 1.2 per RFC 5246.
66 struct tls_aead_data {
67 uint64_t seq; /* In network order */
75 * AEAD additional data format for TLS 1.3 per RFC 8446.
77 struct tls_aead_data_13 {
85 * Stream Cipher MAC additional data input. This does not match the
86 * exact data on the wire (the sequence number is not placed on the
87 * wire, and any explicit IV after the record header is not covered by
98 #define TLS_MAJOR_VER_ONE 3
99 #define TLS_MINOR_VER_ZERO 1 /* 3, 1 */
100 #define TLS_MINOR_VER_ONE 2 /* 3, 2 */
101 #define TLS_MINOR_VER_TWO 3 /* 3, 3 */
102 #define TLS_MINOR_VER_THREE 4 /* 3, 4 */
104 /* For TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE. */
106 struct tls_enable_v0 {
107 const uint8_t *cipher_key;
108 const uint8_t *iv; /* Implicit IV. */
109 const uint8_t *auth_key;
110 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
113 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
122 const uint8_t *cipher_key;
123 const uint8_t *iv; /* Implicit IV. */
124 const uint8_t *auth_key;
125 int cipher_algorithm; /* e.g. CRYPTO_AES_CBC */
128 int auth_algorithm; /* e.g. CRYPTO_SHA2_256_HMAC */
136 /* Structure for TLS_GET_RECORD. */
137 struct tls_get_record {
138 /* TLS record header. */
147 struct tls_session_params {
150 uint8_t iv[TLS_CBC_IMPLICIT_IV_LEN];
151 int cipher_algorithm;
153 uint16_t cipher_key_len;
155 uint16_t auth_key_len;
156 uint16_t max_frame_len;
165 /* Used in APIs to request RX vs TX sessions. */
169 #define KTLS_API_VERSION 7
178 struct ktls_crypto_backend {
179 LIST_ENTRY(ktls_crypto_backend) next;
180 int (*try)(struct socket *so, struct ktls_session *tls, int direction);
187 struct ktls_session {
189 int (*sw_encrypt)(struct ktls_session *tls,
190 const struct tls_record_layer *hdr, uint8_t *trailer,
191 struct iovec *src, struct iovec *dst, int iovcnt,
192 uint64_t seqno, uint8_t record_type);
193 int (*sw_decrypt)(struct ktls_session *tls,
194 const struct tls_record_layer *hdr, struct mbuf *m,
195 uint64_t seqno, int *trailer_len);
199 struct m_snd_tag *snd_tag;
201 struct ktls_crypto_backend *be;
202 void (*free)(struct ktls_session *tls);
203 struct tls_session_params params;
205 volatile u_int refcount;
208 struct task reset_tag_task;
211 bool sequential_records;
213 /* Only used for TLS 1.0. */
215 STAILQ_HEAD(, mbuf) pending_records;
216 } __aligned(CACHE_LINE_SIZE);
218 void ktls_check_rx(struct sockbuf *sb);
219 int ktls_crypto_backend_register(struct ktls_crypto_backend *be);
220 int ktls_crypto_backend_deregister(struct ktls_crypto_backend *be);
221 int ktls_enable_rx(struct socket *so, struct tls_enable *en);
222 int ktls_enable_tx(struct socket *so, struct tls_enable *en);
223 void ktls_destroy(struct ktls_session *tls);
224 void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt,
225 uint8_t record_type);
226 bool ktls_permit_empty_frames(struct ktls_session *tls);
227 void ktls_seq(struct sockbuf *sb, struct mbuf *m);
228 void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count);
229 void ktls_enqueue_to_free(struct mbuf *m);
230 int ktls_get_rx_mode(struct socket *so);
231 int ktls_set_tx_mode(struct socket *so, int mode);
232 int ktls_get_tx_mode(struct socket *so);
233 int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls);
235 int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate);
238 static inline struct ktls_session *
239 ktls_hold(struct ktls_session *tls)
243 refcount_acquire(&tls->refcount);
248 ktls_free(struct ktls_session *tls)
251 if (refcount_release(&tls->refcount))
255 #endif /* !_KERNEL */
256 #endif /* !_SYS_KTLS_H_ */