xref: /openbmc/linux/net/tls/tls.h (revision 5879031423089b2e19b769f30fc618af742264c3) 
1*58790314SJakub Kicinski /*
2*58790314SJakub Kicinski  * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
3*58790314SJakub Kicinski  * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
4*58790314SJakub Kicinski  *
5*58790314SJakub Kicinski  * This software is available to you under a choice of one of two
6*58790314SJakub Kicinski  * licenses.  You may choose to be licensed under the terms of the GNU
7*58790314SJakub Kicinski  * General Public License (GPL) Version 2, available from the file
8*58790314SJakub Kicinski  * COPYING in the main directory of this source tree, or the
9*58790314SJakub Kicinski  * OpenIB.org BSD license below:
10*58790314SJakub Kicinski  *
11*58790314SJakub Kicinski  *     Redistribution and use in source and binary forms, with or
12*58790314SJakub Kicinski  *     without modification, are permitted provided that the following
13*58790314SJakub Kicinski  *     conditions are met:
14*58790314SJakub Kicinski  *
15*58790314SJakub Kicinski  *      - Redistributions of source code must retain the above
16*58790314SJakub Kicinski  *        copyright notice, this list of conditions and the following
17*58790314SJakub Kicinski  *        disclaimer.
18*58790314SJakub Kicinski  *
19*58790314SJakub Kicinski  *      - Redistributions in binary form must reproduce the above
20*58790314SJakub Kicinski  *        copyright notice, this list of conditions and the following
21*58790314SJakub Kicinski  *        disclaimer in the documentation and/or other materials
22*58790314SJakub Kicinski  *        provided with the distribution.
23*58790314SJakub Kicinski  *
24*58790314SJakub Kicinski  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25*58790314SJakub Kicinski  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26*58790314SJakub Kicinski  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27*58790314SJakub Kicinski  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
28*58790314SJakub Kicinski  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
29*58790314SJakub Kicinski  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
30*58790314SJakub Kicinski  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31*58790314SJakub Kicinski  * SOFTWARE.
32*58790314SJakub Kicinski  */
33*58790314SJakub Kicinski 
34*58790314SJakub Kicinski #ifndef _TLS_INT_H
35*58790314SJakub Kicinski #define _TLS_INT_H
36*58790314SJakub Kicinski 
37*58790314SJakub Kicinski #include <asm/byteorder.h>
38*58790314SJakub Kicinski #include <linux/types.h>
39*58790314SJakub Kicinski #include <linux/skmsg.h>
40*58790314SJakub Kicinski #include <net/tls.h>
41*58790314SJakub Kicinski 
42*58790314SJakub Kicinski #define __TLS_INC_STATS(net, field)				\
43*58790314SJakub Kicinski 	__SNMP_INC_STATS((net)->mib.tls_statistics, field)
44*58790314SJakub Kicinski #define TLS_INC_STATS(net, field)				\
45*58790314SJakub Kicinski 	SNMP_INC_STATS((net)->mib.tls_statistics, field)
46*58790314SJakub Kicinski #define TLS_DEC_STATS(net, field)				\
47*58790314SJakub Kicinski 	SNMP_DEC_STATS((net)->mib.tls_statistics, field)
48*58790314SJakub Kicinski 
49*58790314SJakub Kicinski /* TLS records are maintained in 'struct tls_rec'. It stores the memory pages
50*58790314SJakub Kicinski  * allocated or mapped for each TLS record. After encryption, the records are
51*58790314SJakub Kicinski  * stores in a linked list.
52*58790314SJakub Kicinski  */
53*58790314SJakub Kicinski struct tls_rec {
54*58790314SJakub Kicinski 	struct list_head list;
55*58790314SJakub Kicinski 	int tx_ready;
56*58790314SJakub Kicinski 	int tx_flags;
57*58790314SJakub Kicinski 
58*58790314SJakub Kicinski 	struct sk_msg msg_plaintext;
59*58790314SJakub Kicinski 	struct sk_msg msg_encrypted;
60*58790314SJakub Kicinski 
61*58790314SJakub Kicinski 	/* AAD | msg_plaintext.sg.data | sg_tag */
62*58790314SJakub Kicinski 	struct scatterlist sg_aead_in[2];
63*58790314SJakub Kicinski 	/* AAD | msg_encrypted.sg.data (data contains overhead for hdr & iv & tag) */
64*58790314SJakub Kicinski 	struct scatterlist sg_aead_out[2];
65*58790314SJakub Kicinski 
66*58790314SJakub Kicinski 	char content_type;
67*58790314SJakub Kicinski 	struct scatterlist sg_content_type;
68*58790314SJakub Kicinski 
69*58790314SJakub Kicinski 	char aad_space[TLS_AAD_SPACE_SIZE];
70*58790314SJakub Kicinski 	u8 iv_data[MAX_IV_SIZE];
71*58790314SJakub Kicinski 	struct aead_request aead_req;
72*58790314SJakub Kicinski 	u8 aead_req_ctx[];
73*58790314SJakub Kicinski };
74*58790314SJakub Kicinski 
75*58790314SJakub Kicinski int __net_init tls_proc_init(struct net *net);
76*58790314SJakub Kicinski void __net_exit tls_proc_fini(struct net *net);
77*58790314SJakub Kicinski 
78*58790314SJakub Kicinski struct tls_context *tls_ctx_create(struct sock *sk);
79*58790314SJakub Kicinski void tls_ctx_free(struct sock *sk, struct tls_context *ctx);
80*58790314SJakub Kicinski void update_sk_prot(struct sock *sk, struct tls_context *ctx);
81*58790314SJakub Kicinski 
82*58790314SJakub Kicinski int wait_on_pending_writer(struct sock *sk, long *timeo);
83*58790314SJakub Kicinski int tls_sk_query(struct sock *sk, int optname, char __user *optval,
84*58790314SJakub Kicinski 		 int __user *optlen);
85*58790314SJakub Kicinski int tls_sk_attach(struct sock *sk, int optname, char __user *optval,
86*58790314SJakub Kicinski 		  unsigned int optlen);
87*58790314SJakub Kicinski void tls_err_abort(struct sock *sk, int err);
88*58790314SJakub Kicinski 
89*58790314SJakub Kicinski int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx);
90*58790314SJakub Kicinski void tls_update_rx_zc_capable(struct tls_context *tls_ctx);
91*58790314SJakub Kicinski void tls_sw_strparser_arm(struct sock *sk, struct tls_context *ctx);
92*58790314SJakub Kicinski void tls_sw_strparser_done(struct tls_context *tls_ctx);
93*58790314SJakub Kicinski int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size);
94*58790314SJakub Kicinski int tls_sw_sendpage_locked(struct sock *sk, struct page *page,
95*58790314SJakub Kicinski 			   int offset, size_t size, int flags);
96*58790314SJakub Kicinski int tls_sw_sendpage(struct sock *sk, struct page *page,
97*58790314SJakub Kicinski 		    int offset, size_t size, int flags);
98*58790314SJakub Kicinski void tls_sw_cancel_work_tx(struct tls_context *tls_ctx);
99*58790314SJakub Kicinski void tls_sw_release_resources_tx(struct sock *sk);
100*58790314SJakub Kicinski void tls_sw_free_ctx_tx(struct tls_context *tls_ctx);
101*58790314SJakub Kicinski void tls_sw_free_resources_rx(struct sock *sk);
102*58790314SJakub Kicinski void tls_sw_release_resources_rx(struct sock *sk);
103*58790314SJakub Kicinski void tls_sw_free_ctx_rx(struct tls_context *tls_ctx);
104*58790314SJakub Kicinski int tls_sw_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
105*58790314SJakub Kicinski 		   int flags, int *addr_len);
106*58790314SJakub Kicinski bool tls_sw_sock_is_readable(struct sock *sk);
107*58790314SJakub Kicinski ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos,
108*58790314SJakub Kicinski 			   struct pipe_inode_info *pipe,
109*58790314SJakub Kicinski 			   size_t len, unsigned int flags);
110*58790314SJakub Kicinski 
111*58790314SJakub Kicinski int tls_device_sendmsg(struct sock *sk, struct msghdr *msg, size_t size);
112*58790314SJakub Kicinski int tls_device_sendpage(struct sock *sk, struct page *page,
113*58790314SJakub Kicinski 			int offset, size_t size, int flags);
114*58790314SJakub Kicinski int tls_tx_records(struct sock *sk, int flags);
115*58790314SJakub Kicinski 
116*58790314SJakub Kicinski void tls_sw_write_space(struct sock *sk, struct tls_context *ctx);
117*58790314SJakub Kicinski void tls_device_write_space(struct sock *sk, struct tls_context *ctx);
118*58790314SJakub Kicinski 
119*58790314SJakub Kicinski int tls_process_cmsg(struct sock *sk, struct msghdr *msg,
120*58790314SJakub Kicinski 		     unsigned char *record_type);
121*58790314SJakub Kicinski int decrypt_skb(struct sock *sk, struct sk_buff *skb,
122*58790314SJakub Kicinski 		struct scatterlist *sgout);
123*58790314SJakub Kicinski 
124*58790314SJakub Kicinski int tls_sw_fallback_init(struct sock *sk,
125*58790314SJakub Kicinski 			 struct tls_offload_context_tx *offload_ctx,
126*58790314SJakub Kicinski 			 struct tls_crypto_info *crypto_info);
127*58790314SJakub Kicinski 
128*58790314SJakub Kicinski static inline struct tls_msg *tls_msg(struct sk_buff *skb)
129*58790314SJakub Kicinski {
130*58790314SJakub Kicinski 	struct sk_skb_cb *scb = (struct sk_skb_cb *)skb->cb;
131*58790314SJakub Kicinski 
132*58790314SJakub Kicinski 	return &scb->tls;
133*58790314SJakub Kicinski }
134*58790314SJakub Kicinski 
135*58790314SJakub Kicinski #ifdef CONFIG_TLS_DEVICE
136*58790314SJakub Kicinski void tls_device_init(void);
137*58790314SJakub Kicinski void tls_device_cleanup(void);
138*58790314SJakub Kicinski int tls_set_device_offload(struct sock *sk, struct tls_context *ctx);
139*58790314SJakub Kicinski void tls_device_free_resources_tx(struct sock *sk);
140*58790314SJakub Kicinski int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx);
141*58790314SJakub Kicinski void tls_device_offload_cleanup_rx(struct sock *sk);
142*58790314SJakub Kicinski void tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq);
143*58790314SJakub Kicinski int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx,
144*58790314SJakub Kicinski 			 struct sk_buff *skb, struct strp_msg *rxm);
145*58790314SJakub Kicinski #else
146*58790314SJakub Kicinski static inline void tls_device_init(void) {}
147*58790314SJakub Kicinski static inline void tls_device_cleanup(void) {}
148*58790314SJakub Kicinski 
149*58790314SJakub Kicinski static inline int
150*58790314SJakub Kicinski tls_set_device_offload(struct sock *sk, struct tls_context *ctx)
151*58790314SJakub Kicinski {
152*58790314SJakub Kicinski 	return -EOPNOTSUPP;
153*58790314SJakub Kicinski }
154*58790314SJakub Kicinski 
155*58790314SJakub Kicinski static inline void tls_device_free_resources_tx(struct sock *sk) {}
156*58790314SJakub Kicinski 
157*58790314SJakub Kicinski static inline int
158*58790314SJakub Kicinski tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx)
159*58790314SJakub Kicinski {
160*58790314SJakub Kicinski 	return -EOPNOTSUPP;
161*58790314SJakub Kicinski }
162*58790314SJakub Kicinski 
163*58790314SJakub Kicinski static inline void tls_device_offload_cleanup_rx(struct sock *sk) {}
164*58790314SJakub Kicinski static inline void
165*58790314SJakub Kicinski tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq) {}
166*58790314SJakub Kicinski 
167*58790314SJakub Kicinski static inline int
168*58790314SJakub Kicinski tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx,
169*58790314SJakub Kicinski 		     struct sk_buff *skb, struct strp_msg *rxm)
170*58790314SJakub Kicinski {
171*58790314SJakub Kicinski 	return 0;
172*58790314SJakub Kicinski }
173*58790314SJakub Kicinski #endif
174*58790314SJakub Kicinski 
175*58790314SJakub Kicinski int tls_push_sg(struct sock *sk, struct tls_context *ctx,
176*58790314SJakub Kicinski 		struct scatterlist *sg, u16 first_offset,
177*58790314SJakub Kicinski 		int flags);
178*58790314SJakub Kicinski int tls_push_partial_record(struct sock *sk, struct tls_context *ctx,
179*58790314SJakub Kicinski 			    int flags);
180*58790314SJakub Kicinski void tls_free_partial_record(struct sock *sk, struct tls_context *ctx);
181*58790314SJakub Kicinski 
182*58790314SJakub Kicinski static inline bool tls_is_partially_sent_record(struct tls_context *ctx)
183*58790314SJakub Kicinski {
184*58790314SJakub Kicinski 	return !!ctx->partially_sent_record;
185*58790314SJakub Kicinski }
186*58790314SJakub Kicinski 
187*58790314SJakub Kicinski static inline bool tls_is_pending_open_record(struct tls_context *tls_ctx)
188*58790314SJakub Kicinski {
189*58790314SJakub Kicinski 	return tls_ctx->pending_open_record_frags;
190*58790314SJakub Kicinski }
191*58790314SJakub Kicinski 
192*58790314SJakub Kicinski static inline bool tls_bigint_increment(unsigned char *seq, int len)
193*58790314SJakub Kicinski {
194*58790314SJakub Kicinski 	int i;
195*58790314SJakub Kicinski 
196*58790314SJakub Kicinski 	for (i = len - 1; i >= 0; i--) {
197*58790314SJakub Kicinski 		++seq[i];
198*58790314SJakub Kicinski 		if (seq[i] != 0)
199*58790314SJakub Kicinski 			break;
200*58790314SJakub Kicinski 	}
201*58790314SJakub Kicinski 
202*58790314SJakub Kicinski 	return (i == -1);
203*58790314SJakub Kicinski }
204*58790314SJakub Kicinski 
205*58790314SJakub Kicinski static inline void tls_bigint_subtract(unsigned char *seq, int  n)
206*58790314SJakub Kicinski {
207*58790314SJakub Kicinski 	u64 rcd_sn;
208*58790314SJakub Kicinski 	__be64 *p;
209*58790314SJakub Kicinski 
210*58790314SJakub Kicinski 	BUILD_BUG_ON(TLS_MAX_REC_SEQ_SIZE != 8);
211*58790314SJakub Kicinski 
212*58790314SJakub Kicinski 	p = (__be64 *)seq;
213*58790314SJakub Kicinski 	rcd_sn = be64_to_cpu(*p);
214*58790314SJakub Kicinski 	*p = cpu_to_be64(rcd_sn - n);
215*58790314SJakub Kicinski }
216*58790314SJakub Kicinski 
217*58790314SJakub Kicinski static inline void
218*58790314SJakub Kicinski tls_advance_record_sn(struct sock *sk, struct tls_prot_info *prot,
219*58790314SJakub Kicinski 		      struct cipher_context *ctx)
220*58790314SJakub Kicinski {
221*58790314SJakub Kicinski 	if (tls_bigint_increment(ctx->rec_seq, prot->rec_seq_size))
222*58790314SJakub Kicinski 		tls_err_abort(sk, -EBADMSG);
223*58790314SJakub Kicinski 
224*58790314SJakub Kicinski 	if (prot->version != TLS_1_3_VERSION &&
225*58790314SJakub Kicinski 	    prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305)
226*58790314SJakub Kicinski 		tls_bigint_increment(ctx->iv + prot->salt_size,
227*58790314SJakub Kicinski 				     prot->iv_size);
228*58790314SJakub Kicinski }
229*58790314SJakub Kicinski 
230*58790314SJakub Kicinski static inline void
231*58790314SJakub Kicinski tls_xor_iv_with_seq(struct tls_prot_info *prot, char *iv, char *seq)
232*58790314SJakub Kicinski {
233*58790314SJakub Kicinski 	int i;
234*58790314SJakub Kicinski 
235*58790314SJakub Kicinski 	if (prot->version == TLS_1_3_VERSION ||
236*58790314SJakub Kicinski 	    prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) {
237*58790314SJakub Kicinski 		for (i = 0; i < 8; i++)
238*58790314SJakub Kicinski 			iv[i + 4] ^= seq[i];
239*58790314SJakub Kicinski 	}
240*58790314SJakub Kicinski }
241*58790314SJakub Kicinski 
242*58790314SJakub Kicinski static inline void
243*58790314SJakub Kicinski tls_fill_prepend(struct tls_context *ctx, char *buf, size_t plaintext_len,
244*58790314SJakub Kicinski 		 unsigned char record_type)
245*58790314SJakub Kicinski {
246*58790314SJakub Kicinski 	struct tls_prot_info *prot = &ctx->prot_info;
247*58790314SJakub Kicinski 	size_t pkt_len, iv_size = prot->iv_size;
248*58790314SJakub Kicinski 
249*58790314SJakub Kicinski 	pkt_len = plaintext_len + prot->tag_size;
250*58790314SJakub Kicinski 	if (prot->version != TLS_1_3_VERSION &&
251*58790314SJakub Kicinski 	    prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) {
252*58790314SJakub Kicinski 		pkt_len += iv_size;
253*58790314SJakub Kicinski 
254*58790314SJakub Kicinski 		memcpy(buf + TLS_NONCE_OFFSET,
255*58790314SJakub Kicinski 		       ctx->tx.iv + prot->salt_size, iv_size);
256*58790314SJakub Kicinski 	}
257*58790314SJakub Kicinski 
258*58790314SJakub Kicinski 	/* we cover nonce explicit here as well, so buf should be of
259*58790314SJakub Kicinski 	 * size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE
260*58790314SJakub Kicinski 	 */
261*58790314SJakub Kicinski 	buf[0] = prot->version == TLS_1_3_VERSION ?
262*58790314SJakub Kicinski 		   TLS_RECORD_TYPE_DATA : record_type;
263*58790314SJakub Kicinski 	/* Note that VERSION must be TLS_1_2 for both TLS1.2 and TLS1.3 */
264*58790314SJakub Kicinski 	buf[1] = TLS_1_2_VERSION_MINOR;
265*58790314SJakub Kicinski 	buf[2] = TLS_1_2_VERSION_MAJOR;
266*58790314SJakub Kicinski 	/* we can use IV for nonce explicit according to spec */
267*58790314SJakub Kicinski 	buf[3] = pkt_len >> 8;
268*58790314SJakub Kicinski 	buf[4] = pkt_len & 0xFF;
269*58790314SJakub Kicinski }
270*58790314SJakub Kicinski 
271*58790314SJakub Kicinski static inline
272*58790314SJakub Kicinski void tls_make_aad(char *buf, size_t size, char *record_sequence,
273*58790314SJakub Kicinski 		  unsigned char record_type, struct tls_prot_info *prot)
274*58790314SJakub Kicinski {
275*58790314SJakub Kicinski 	if (prot->version != TLS_1_3_VERSION) {
276*58790314SJakub Kicinski 		memcpy(buf, record_sequence, prot->rec_seq_size);
277*58790314SJakub Kicinski 		buf += 8;
278*58790314SJakub Kicinski 	} else {
279*58790314SJakub Kicinski 		size += prot->tag_size;
280*58790314SJakub Kicinski 	}
281*58790314SJakub Kicinski 
282*58790314SJakub Kicinski 	buf[0] = prot->version == TLS_1_3_VERSION ?
283*58790314SJakub Kicinski 		  TLS_RECORD_TYPE_DATA : record_type;
284*58790314SJakub Kicinski 	buf[1] = TLS_1_2_VERSION_MAJOR;
285*58790314SJakub Kicinski 	buf[2] = TLS_1_2_VERSION_MINOR;
286*58790314SJakub Kicinski 	buf[3] = size >> 8;
287*58790314SJakub Kicinski 	buf[4] = size & 0xFF;
288*58790314SJakub Kicinski }
289*58790314SJakub Kicinski 
290*58790314SJakub Kicinski #endif
291