1/*
  2 * Copyright (c) 2016 Tom Herbert <tom@herbertland.com>
  3 * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
  4 * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
  5 *
  6 * This software is available to you under a choice of one of two
  7 * licenses.  You may choose to be licensed under the terms of the GNU
  8 * General Public License (GPL) Version 2, available from the file
  9 * COPYING in the main directory of this source tree, or the
 10 * OpenIB.org BSD license below:
 11 *
 12 *     Redistribution and use in source and binary forms, with or
 13 *     without modification, are permitted provided that the following
 14 *     conditions are met:
 15 *
 16 *      - Redistributions of source code must retain the above
 17 *        copyright notice, this list of conditions and the following
 18 *        disclaimer.
 19 *
 20 *      - Redistributions in binary form must reproduce the above
 21 *        copyright notice, this list of conditions and the following
 22 *        disclaimer in the documentation and/or other materials
 23 *        provided with the distribution.
 24 *
 25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 26 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 27 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 28 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
 29 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 30 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 31 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 32 * SOFTWARE.
 33 */
 34
 35#ifndef _TLS_INT_H
 36#define _TLS_INT_H
 37
 38#include <asm/byteorder.h>
 39#include <linux/types.h>
 40#include <linux/skmsg.h>
 41#include <net/tls.h>
 42
 43#define TLS_PAGE_ORDER	(min_t(unsigned int, PAGE_ALLOC_COSTLY_ORDER,	\
 44			       TLS_MAX_PAYLOAD_SIZE >> PAGE_SHIFT))
 45
 46#define __TLS_INC_STATS(net, field)				\
 47	__SNMP_INC_STATS((net)->mib.tls_statistics, field)
 48#define TLS_INC_STATS(net, field)				\
 49	SNMP_INC_STATS((net)->mib.tls_statistics, field)
 50#define TLS_DEC_STATS(net, field)				\
 51	SNMP_DEC_STATS((net)->mib.tls_statistics, field)
 52
 53/* TLS records are maintained in 'struct tls_rec'. It stores the memory pages
 54 * allocated or mapped for each TLS record. After encryption, the records are
 55 * stores in a linked list.
 56 */
 57struct tls_rec {
 58	struct list_head list;
 59	int tx_ready;
 60	int tx_flags;
 61
 62	struct sk_msg msg_plaintext;
 63	struct sk_msg msg_encrypted;
 64
 65	/* AAD | msg_plaintext.sg.data | sg_tag */
 66	struct scatterlist sg_aead_in[2];
 67	/* AAD | msg_encrypted.sg.data (data contains overhead for hdr & iv & tag) */
 68	struct scatterlist sg_aead_out[2];
 69
 70	char content_type;
 71	struct scatterlist sg_content_type;
 72
 73	char aad_space[TLS_AAD_SPACE_SIZE];
 74	u8 iv_data[MAX_IV_SIZE];
 75	struct aead_request aead_req;
 76	u8 aead_req_ctx[];
 77};
 78
 79int __net_init tls_proc_init(struct net *net);
 80void __net_exit tls_proc_fini(struct net *net);
 81
 82struct tls_context *tls_ctx_create(struct sock *sk);
 83void tls_ctx_free(struct sock *sk, struct tls_context *ctx);
 84void update_sk_prot(struct sock *sk, struct tls_context *ctx);
 85
 86int wait_on_pending_writer(struct sock *sk, long *timeo);
 87int tls_sk_query(struct sock *sk, int optname, char __user *optval,
 88		 int __user *optlen);
 89int tls_sk_attach(struct sock *sk, int optname, char __user *optval,
 90		  unsigned int optlen);
 91void tls_err_abort(struct sock *sk, int err);
 92
 93int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx);
 94void tls_update_rx_zc_capable(struct tls_context *tls_ctx);
 95void tls_sw_strparser_arm(struct sock *sk, struct tls_context *ctx);
 96void tls_sw_strparser_done(struct tls_context *tls_ctx);
 97int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size);
 98int tls_sw_sendpage_locked(struct sock *sk, struct page *page,
 99			   int offset, size_t size, int flags);
100int tls_sw_sendpage(struct sock *sk, struct page *page,
101		    int offset, size_t size, int flags);
102void tls_sw_cancel_work_tx(struct tls_context *tls_ctx);
103void tls_sw_release_resources_tx(struct sock *sk);
104void tls_sw_free_ctx_tx(struct tls_context *tls_ctx);
105void tls_sw_free_resources_rx(struct sock *sk);
106void tls_sw_release_resources_rx(struct sock *sk);
107void tls_sw_free_ctx_rx(struct tls_context *tls_ctx);
108int tls_sw_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
109		   int flags, int *addr_len);
110bool tls_sw_sock_is_readable(struct sock *sk);
111ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos,
112			   struct pipe_inode_info *pipe,
113			   size_t len, unsigned int flags);
114
115int tls_device_sendmsg(struct sock *sk, struct msghdr *msg, size_t size);
116int tls_device_sendpage(struct sock *sk, struct page *page,
117			int offset, size_t size, int flags);
118int tls_tx_records(struct sock *sk, int flags);
119
120void tls_sw_write_space(struct sock *sk, struct tls_context *ctx);
121void tls_device_write_space(struct sock *sk, struct tls_context *ctx);
122
123int tls_process_cmsg(struct sock *sk, struct msghdr *msg,
124		     unsigned char *record_type);
125int decrypt_skb(struct sock *sk, struct scatterlist *sgout);
126
127int tls_sw_fallback_init(struct sock *sk,
128			 struct tls_offload_context_tx *offload_ctx,
129			 struct tls_crypto_info *crypto_info);
130
131int tls_strp_dev_init(void);
132void tls_strp_dev_exit(void);
133
134void tls_strp_done(struct tls_strparser *strp);
135void tls_strp_stop(struct tls_strparser *strp);
136int tls_strp_init(struct tls_strparser *strp, struct sock *sk);
137void tls_strp_data_ready(struct tls_strparser *strp);
138
139void tls_strp_check_rcv(struct tls_strparser *strp);
140void tls_strp_msg_done(struct tls_strparser *strp);
141
142int tls_rx_msg_size(struct tls_strparser *strp, struct sk_buff *skb);
143void tls_rx_msg_ready(struct tls_strparser *strp);
144
145void tls_strp_msg_load(struct tls_strparser *strp, bool force_refresh);
146int tls_strp_msg_cow(struct tls_sw_context_rx *ctx);
147struct sk_buff *tls_strp_msg_detach(struct tls_sw_context_rx *ctx);
148int tls_strp_msg_hold(struct tls_strparser *strp, struct sk_buff_head *dst);
149
150static inline struct tls_msg *tls_msg(struct sk_buff *skb)
151{
152	struct sk_skb_cb *scb = (struct sk_skb_cb *)skb->cb;
153
154	return &scb->tls;
155}
156
157static inline struct sk_buff *tls_strp_msg(struct tls_sw_context_rx *ctx)
158{
159	DEBUG_NET_WARN_ON_ONCE(!ctx->strp.msg_ready || !ctx->strp.anchor->len);
160	return ctx->strp.anchor;
161}
162
163static inline bool tls_strp_msg_ready(struct tls_sw_context_rx *ctx)
164{
165	return ctx->strp.msg_ready;
166}
167
168#ifdef CONFIG_TLS_DEVICE
169int tls_device_init(void);
170void tls_device_cleanup(void);
171int tls_set_device_offload(struct sock *sk, struct tls_context *ctx);
172void tls_device_free_resources_tx(struct sock *sk);
173int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx);
174void tls_device_offload_cleanup_rx(struct sock *sk);
175void tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq);
176int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx);
177#else
178static inline int tls_device_init(void) { return 0; }
179static inline void tls_device_cleanup(void) {}
180
181static inline int
182tls_set_device_offload(struct sock *sk, struct tls_context *ctx)
183{
184	return -EOPNOTSUPP;
185}
186
187static inline void tls_device_free_resources_tx(struct sock *sk) {}
188
189static inline int
190tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx)
191{
192	return -EOPNOTSUPP;
193}
194
195static inline void tls_device_offload_cleanup_rx(struct sock *sk) {}
196static inline void
197tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq) {}
198
199static inline int
200tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx)
201{
202	return 0;
203}
204#endif
205
206int tls_push_sg(struct sock *sk, struct tls_context *ctx,
207		struct scatterlist *sg, u16 first_offset,
208		int flags);
209int tls_push_partial_record(struct sock *sk, struct tls_context *ctx,
210			    int flags);
211void tls_free_partial_record(struct sock *sk, struct tls_context *ctx);
212
213static inline bool tls_is_partially_sent_record(struct tls_context *ctx)
214{
215	return !!ctx->partially_sent_record;
216}
217
218static inline bool tls_is_pending_open_record(struct tls_context *tls_ctx)
219{
220	return tls_ctx->pending_open_record_frags;
221}
222
223static inline bool tls_bigint_increment(unsigned char *seq, int len)
224{
225	int i;
226
227	for (i = len - 1; i >= 0; i--) {
228		++seq[i];
229		if (seq[i] != 0)
230			break;
231	}
232
233	return (i == -1);
234}
235
236static inline void tls_bigint_subtract(unsigned char *seq, int  n)
237{
238	u64 rcd_sn;
239	__be64 *p;
240
241	BUILD_BUG_ON(TLS_MAX_REC_SEQ_SIZE != 8);
242
243	p = (__be64 *)seq;
244	rcd_sn = be64_to_cpu(*p);
245	*p = cpu_to_be64(rcd_sn - n);
246}
247
248static inline void
249tls_advance_record_sn(struct sock *sk, struct tls_prot_info *prot,
250		      struct cipher_context *ctx)
251{
252	if (tls_bigint_increment(ctx->rec_seq, prot->rec_seq_size))
253		tls_err_abort(sk, -EBADMSG);
254
255	if (prot->version != TLS_1_3_VERSION &&
256	    prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305)
257		tls_bigint_increment(ctx->iv + prot->salt_size,
258				     prot->iv_size);
259}
260
261static inline void
262tls_xor_iv_with_seq(struct tls_prot_info *prot, char *iv, char *seq)
263{
264	int i;
265
266	if (prot->version == TLS_1_3_VERSION ||
267	    prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305) {
268		for (i = 0; i < 8; i++)
269			iv[i + 4] ^= seq[i];
270	}
271}
272
273static inline void
274tls_fill_prepend(struct tls_context *ctx, char *buf, size_t plaintext_len,
275		 unsigned char record_type)
276{
277	struct tls_prot_info *prot = &ctx->prot_info;
278	size_t pkt_len, iv_size = prot->iv_size;
279
280	pkt_len = plaintext_len + prot->tag_size;
281	if (prot->version != TLS_1_3_VERSION &&
282	    prot->cipher_type != TLS_CIPHER_CHACHA20_POLY1305) {
283		pkt_len += iv_size;
284
285		memcpy(buf + TLS_NONCE_OFFSET,
286		       ctx->tx.iv + prot->salt_size, iv_size);
287	}
288
289	/* we cover nonce explicit here as well, so buf should be of
290	 * size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE
291	 */
292	buf[0] = prot->version == TLS_1_3_VERSION ?
293		   TLS_RECORD_TYPE_DATA : record_type;
294	/* Note that VERSION must be TLS_1_2 for both TLS1.2 and TLS1.3 */
295	buf[1] = TLS_1_2_VERSION_MINOR;
296	buf[2] = TLS_1_2_VERSION_MAJOR;
297	/* we can use IV for nonce explicit according to spec */
298	buf[3] = pkt_len >> 8;
299	buf[4] = pkt_len & 0xFF;
300}
301
302static inline
303void tls_make_aad(char *buf, size_t size, char *record_sequence,
304		  unsigned char record_type, struct tls_prot_info *prot)
305{
306	if (prot->version != TLS_1_3_VERSION) {
307		memcpy(buf, record_sequence, prot->rec_seq_size);
308		buf += 8;
309	} else {
310		size += prot->tag_size;
311	}
312
313	buf[0] = prot->version == TLS_1_3_VERSION ?
314		  TLS_RECORD_TYPE_DATA : record_type;
315	buf[1] = TLS_1_2_VERSION_MAJOR;
316	buf[2] = TLS_1_2_VERSION_MINOR;
317	buf[3] = size >> 8;
318	buf[4] = size & 0xFF;
319}
320
321#endif