Startsida Utforska Hjälp
Registrera dig Logga in
GfA
/
linux_kernel
5
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: e455b69ddf
Grenar Taggar
linux_kernel
/
include
/
net
/
tls.h

tls.h 7.1 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258 
  1. /*
    2. 

  2.  * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
    3. 

  3.  * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
    4. 

  4.  *
    5. 

  5.  * This software is available to you under a choice of one of two
    6. 

  6.  * licenses.  You may choose to be licensed under the terms of the GNU
    7. 

  7.  * General Public License (GPL) Version 2, available from the file
    8. 

  8.  * COPYING in the main directory of this source tree, or the
    9. 

  9.  * OpenIB.org BSD license below:
    10. 

  10.  *
    11. 

  11.  *     Redistribution and use in source and binary forms, with or
    12. 

  12.  *     without modification, are permitted provided that the following
    13. 

  13.  *     conditions are met:
    14. 

  14.  *
    15. 

  15.  *      - Redistributions of source code must retain the above
    16. 

  16.  *        copyright notice, this list of conditions and the following
    17. 

  17.  *        disclaimer.
    18. 

  18.  *
    19. 

  19.  *      - Redistributions in binary form must reproduce the above
    20. 

  20.  *        copyright notice, this list of conditions and the following
    21. 

  21.  *        disclaimer in the documentation and/or other materials
    22. 

  22.  *        provided with the distribution.
    23. 

  23.  *
    24. 

  24.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
    25. 

  25.  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
    26. 

  26.  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
    27. 

  27.  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
    28. 

  28.  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
    29. 

  29.  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
    30. 

  30.  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
    31. 

  31.  * SOFTWARE.
    32. 

  32.  */
    33. 

  33. 

  34. #ifndef _TLS_OFFLOAD_H
    35. 

  35. #define _TLS_OFFLOAD_H
    36. 

  36. 

  37. #include <linux/types.h>
    38. 

  38. #include <asm/byteorder.h>
    39. 

  39. #include <linux/socket.h>
    40. 

  40. #include <linux/tcp.h>
    41. 

  41. #include <net/tcp.h>
    42. 

  42. 

  43. #include <uapi/linux/tls.h>
    44. 

  44. 

  45. 

  46. /* Maximum data size carried in a TLS record */
    47. 

  47. #define TLS_MAX_PAYLOAD_SIZE		((size_t)1 << 14)
    48. 

  48. 

  49. #define TLS_HEADER_SIZE			5
    50. 

  50. #define TLS_NONCE_OFFSET		TLS_HEADER_SIZE
    51. 

  51. 

  52. #define TLS_CRYPTO_INFO_READY(info)	((info)->cipher_type)
    53. 

  53. 

  54. #define TLS_RECORD_TYPE_DATA		0x17
    55. 

  55. 

  56. #define TLS_AAD_SPACE_SIZE		13
    57. 

  57. 

  58. struct tls_sw_context {
    59. 

  59. 	struct crypto_aead *aead_send;
    60. 

  60. 

  61. 	/* Sending context */
    62. 

  62. 	char aad_space[TLS_AAD_SPACE_SIZE];
    63. 

  63. 

  64. 	unsigned int sg_plaintext_size;
    65. 

  65. 	int sg_plaintext_num_elem;
    66. 

  66. 	struct scatterlist sg_plaintext_data[MAX_SKB_FRAGS];
    67. 

  67. 

  68. 	unsigned int sg_encrypted_size;
    69. 

  69. 	int sg_encrypted_num_elem;
    70. 

  70. 	struct scatterlist sg_encrypted_data[MAX_SKB_FRAGS];
    71. 

  71. 

  72. 	/* AAD | sg_plaintext_data | sg_tag */
    73. 

  73. 	struct scatterlist sg_aead_in[2];
    74. 

  74. 	/* AAD | sg_encrypted_data (data contain overhead for hdr&iv&tag) */
    75. 

  75. 	struct scatterlist sg_aead_out[2];
    76. 

  76. };
    77. 

  77. 

  78. enum {
    79. 

  79. 	TLS_PENDING_CLOSED_RECORD
    80. 

  80. };
    81. 

  81. 

  82. struct tls_context {
    83. 

  83. 	union {
    84. 

  84. 		struct tls_crypto_info crypto_send;
    85. 

  85. 		struct tls12_crypto_info_aes_gcm_128 crypto_send_aes_gcm_128;
    86. 

  86. 	};
    87. 

  87. 

  88. 	void *priv_ctx;
    89. 

  89. 

  90. 	u8 tx_conf:2;
    91. 

  91. 

  92. 	u16 prepend_size;
    93. 

  93. 	u16 tag_size;
    94. 

  94. 	u16 overhead_size;
    95. 

  95. 	u16 iv_size;
    96. 

  96. 	char *iv;
    97. 

  97. 	u16 rec_seq_size;
    98. 

  98. 	char *rec_seq;
    99. 

  99. 

  100. 	struct scatterlist *partially_sent_record;
    101. 

  101. 	u16 partially_sent_offset;
    102. 

  102. 	unsigned long flags;
    103. 

  103. 

  104. 	u16 pending_open_record_frags;
    105. 

  105. 	int (*push_pending_record)(struct sock *sk, int flags);
    106. 

  106. 

  107. 	void (*sk_write_space)(struct sock *sk);
    108. 

  108. 	void (*sk_proto_close)(struct sock *sk, long timeout);
    109. 

  109. 

  110. 	int  (*setsockopt)(struct sock *sk, int level,
    111. 

  111. 			   int optname, char __user *optval,
    112. 

  112. 			   unsigned int optlen);
    113. 

  113. 	int  (*getsockopt)(struct sock *sk, int level,
    114. 

  114. 			   int optname, char __user *optval,
    115. 

  115. 			   int __user *optlen);
    116. 

  116. };
    117. 

  117. 

  118. int wait_on_pending_writer(struct sock *sk, long *timeo);
    119. 

  119. int tls_sk_query(struct sock *sk, int optname, char __user *optval,
    120. 

  120. 		int __user *optlen);
    121. 

  121. int tls_sk_attach(struct sock *sk, int optname, char __user *optval,
    122. 

  122. 		  unsigned int optlen);
    123. 

  123. 

  124. 

  125. int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx);
    126. 

  126. int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size);
    127. 

  127. int tls_sw_sendpage(struct sock *sk, struct page *page,
    128. 

  128. 		    int offset, size_t size, int flags);
    129. 

  129. void tls_sw_close(struct sock *sk, long timeout);
    130. 

  130. void tls_sw_free_tx_resources(struct sock *sk);
    131. 

  131. 

  132. void tls_sk_destruct(struct sock *sk, struct tls_context *ctx);
    133. 

  133. void tls_icsk_clean_acked(struct sock *sk);
    134. 

  134. 

  135. int tls_push_sg(struct sock *sk, struct tls_context *ctx,
    136. 

  136. 		struct scatterlist *sg, u16 first_offset,
    137. 

  137. 		int flags);
    138. 

  138. int tls_push_pending_closed_record(struct sock *sk, struct tls_context *ctx,
    139. 

  139. 				   int flags, long *timeo);
    140. 

  140. 

  141. static inline bool tls_is_pending_closed_record(struct tls_context *ctx)
    142. 

  142. {
    143. 

  143. 	return test_bit(TLS_PENDING_CLOSED_RECORD, &ctx->flags);
    144. 

  144. }
    145. 

  145. 

  146. static inline int tls_complete_pending_work(struct sock *sk,
    147. 

  147. 					    struct tls_context *ctx,
    148. 

  148. 					    int flags, long *timeo)
    149. 

  149. {
    150. 

  150. 	int rc = 0;
    151. 

  151. 

  152. 	if (unlikely(sk->sk_write_pending))
    153. 

  153. 		rc = wait_on_pending_writer(sk, timeo);
    154. 

  154. 

  155. 	if (!rc && tls_is_pending_closed_record(ctx))
    156. 

  156. 		rc = tls_push_pending_closed_record(sk, ctx, flags, timeo);
    157. 

  157. 

  158. 	return rc;
    159. 

  159. }
    160. 

  160. 

  161. static inline bool tls_is_partially_sent_record(struct tls_context *ctx)
    162. 

  162. {
    163. 

  163. 	return !!ctx->partially_sent_record;
    164. 

  164. }
    165. 

  165. 

  166. static inline bool tls_is_pending_open_record(struct tls_context *tls_ctx)
    167. 

  167. {
    168. 

  168. 	return tls_ctx->pending_open_record_frags;
    169. 

  169. }
    170. 

  170. 

  171. static inline void tls_err_abort(struct sock *sk)
    172. 

  172. {
    173. 

  173. 	sk->sk_err = -EBADMSG;
    174. 

  174. 	sk->sk_error_report(sk);
    175. 

  175. }
    176. 

  176. 

  177. static inline bool tls_bigint_increment(unsigned char *seq, int len)
    178. 

  178. {
    179. 

  179. 	int i;
    180. 

  180. 

  181. 	for (i = len - 1; i >= 0; i--) {
    182. 

  182. 		++seq[i];
    183. 

  183. 		if (seq[i] != 0)
    184. 

  184. 			break;
    185. 

  185. 	}
    186. 

  186. 

  187. 	return (i == -1);
    188. 

  188. }
    189. 

  189. 

  190. static inline void tls_advance_record_sn(struct sock *sk,
    191. 

  191. 					 struct tls_context *ctx)
    192. 

  192. {
    193. 

  193. 	if (tls_bigint_increment(ctx->rec_seq, ctx->rec_seq_size))
    194. 

  194. 		tls_err_abort(sk);
    195. 

  195. 	tls_bigint_increment(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
    196. 

  196. 			     ctx->iv_size);
    197. 

  197. }
    198. 

  198. 

  199. static inline void tls_fill_prepend(struct tls_context *ctx,
    200. 

  200. 			     char *buf,
    201. 

  201. 			     size_t plaintext_len,
    202. 

  202. 			     unsigned char record_type)
    203. 

  203. {
    204. 

  204. 	size_t pkt_len, iv_size = ctx->iv_size;
    205. 

  205. 

  206. 	pkt_len = plaintext_len + iv_size + ctx->tag_size;
    207. 

  207. 

  208. 	/* we cover nonce explicit here as well, so buf should be of
    209. 

  209. 	 * size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE
    210. 

  210. 	 */
    211. 

  211. 	buf[0] = record_type;
    212. 

  212. 	buf[1] = TLS_VERSION_MINOR(ctx->crypto_send.version);
    213. 

  213. 	buf[2] = TLS_VERSION_MAJOR(ctx->crypto_send.version);
    214. 

  214. 	/* we can use IV for nonce explicit according to spec */
    215. 

  215. 	buf[3] = pkt_len >> 8;
    216. 

  216. 	buf[4] = pkt_len & 0xFF;
    217. 

  217. 	memcpy(buf + TLS_NONCE_OFFSET,
    218. 

  218. 	       ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv_size);
    219. 

  219. }
    220. 

  220. 

  221. static inline void tls_make_aad(char *buf,
    222. 

  222. 				size_t size,
    223. 

  223. 				char *record_sequence,
    224. 

  224. 				int record_sequence_size,
    225. 

  225. 				unsigned char record_type)
    226. 

  226. {
    227. 

  227. 	memcpy(buf, record_sequence, record_sequence_size);
    228. 

  228. 

  229. 	buf[8] = record_type;
    230. 

  230. 	buf[9] = TLS_1_2_VERSION_MAJOR;
    231. 

  231. 	buf[10] = TLS_1_2_VERSION_MINOR;
    232. 

  232. 	buf[11] = size >> 8;
    233. 

  233. 	buf[12] = size & 0xFF;
    234. 

  234. }
    235. 

  235. 

  236. static inline struct tls_context *tls_get_ctx(const struct sock *sk)
    237. 

  237. {
    238. 

  238. 	struct inet_connection_sock *icsk = inet_csk(sk);
    239. 

  239. 

  240. 	return icsk->icsk_ulp_data;
    241. 

  241. }
    242. 

  242. 

  243. static inline struct tls_sw_context *tls_sw_ctx(
    244. 

  244. 		const struct tls_context *tls_ctx)
    245. 

  245. {
    246. 

  246. 	return (struct tls_sw_context *)tls_ctx->priv_ctx;
    247. 

  247. }
    248. 

  248. 

  249. static inline struct tls_offload_context *tls_offload_ctx(
    250. 

  250. 		const struct tls_context *tls_ctx)
    251. 

  251. {
    252. 

  252. 	return (struct tls_offload_context *)tls_ctx->priv_ctx;
    253. 

  253. }
    254. 

  254. 

  255. int tls_proccess_cmsg(struct sock *sk, struct msghdr *msg,
    256. 

  256. 		      unsigned char *record_type);
    257. 

  257. 

  258. #endif /* _TLS_OFFLOAD_H */
    259.