2 * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
3 * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
5 * This software is available to you under a choice of one of two
6 * licenses. You may choose to be licensed under the terms of the GNU
7 * General Public License (GPL) Version 2, available from the file
8 * COPYING in the main directory of this source tree, or the
9 * OpenIB.org BSD license below:
11 * Redistribution and use in source and binary forms, with or
12 * without modification, are permitted provided that the following
15 * - Redistributions of source code must retain the above
16 * copyright notice, this list of conditions and the following
19 * - Redistributions in binary form must reproduce the above
20 * copyright notice, this list of conditions and the following
21 * disclaimer in the documentation and/or other materials
22 * provided with the distribution.
24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
34 #ifndef _TLS_OFFLOAD_H
35 #define _TLS_OFFLOAD_H
37 #include <linux/types.h>
39 #include <uapi/linux/tls.h>
42 /* Maximum data size carried in a TLS record */
43 #define TLS_MAX_PAYLOAD_SIZE ((size_t)1 << 14)
45 #define TLS_HEADER_SIZE 5
46 #define TLS_NONCE_OFFSET TLS_HEADER_SIZE
48 #define TLS_CRYPTO_INFO_READY(info) ((info)->cipher_type)
50 #define TLS_RECORD_TYPE_DATA 0x17
52 #define TLS_AAD_SPACE_SIZE 13
54 struct tls_sw_context
{
55 struct crypto_aead
*aead_send
;
58 char aad_space
[TLS_AAD_SPACE_SIZE
];
60 unsigned int sg_plaintext_size
;
61 int sg_plaintext_num_elem
;
62 struct scatterlist sg_plaintext_data
[MAX_SKB_FRAGS
];
64 unsigned int sg_encrypted_size
;
65 int sg_encrypted_num_elem
;
66 struct scatterlist sg_encrypted_data
[MAX_SKB_FRAGS
];
68 /* AAD | sg_plaintext_data | sg_tag */
69 struct scatterlist sg_aead_in
[2];
70 /* AAD | sg_encrypted_data (data contain overhead for hdr&iv&tag) */
71 struct scatterlist sg_aead_out
[2];
75 TLS_PENDING_CLOSED_RECORD
80 struct tls_crypto_info crypto_send
;
81 struct tls12_crypto_info_aes_gcm_128 crypto_send_aes_gcm_128
;
94 struct scatterlist
*partially_sent_record
;
95 u16 partially_sent_offset
;
98 u16 pending_open_record_frags
;
99 int (*push_pending_record
)(struct sock
*sk
, int flags
);
100 void (*free_resources
)(struct sock
*sk
);
102 void (*sk_write_space
)(struct sock
*sk
);
103 void (*sk_proto_close
)(struct sock
*sk
, long timeout
);
105 int (*setsockopt
)(struct sock
*sk
, int level
,
106 int optname
, char __user
*optval
,
107 unsigned int optlen
);
108 int (*getsockopt
)(struct sock
*sk
, int level
,
109 int optname
, char __user
*optval
,
113 int wait_on_pending_writer(struct sock
*sk
, long *timeo
);
114 int tls_sk_query(struct sock
*sk
, int optname
, char __user
*optval
,
116 int tls_sk_attach(struct sock
*sk
, int optname
, char __user
*optval
,
117 unsigned int optlen
);
120 int tls_set_sw_offload(struct sock
*sk
, struct tls_context
*ctx
);
121 int tls_sw_sendmsg(struct sock
*sk
, struct msghdr
*msg
, size_t size
);
122 int tls_sw_sendpage(struct sock
*sk
, struct page
*page
,
123 int offset
, size_t size
, int flags
);
124 void tls_sw_close(struct sock
*sk
, long timeout
);
126 void tls_sk_destruct(struct sock
*sk
, struct tls_context
*ctx
);
127 void tls_icsk_clean_acked(struct sock
*sk
);
129 int tls_push_sg(struct sock
*sk
, struct tls_context
*ctx
,
130 struct scatterlist
*sg
, u16 first_offset
,
132 int tls_push_pending_closed_record(struct sock
*sk
, struct tls_context
*ctx
,
133 int flags
, long *timeo
);
135 static inline bool tls_is_pending_closed_record(struct tls_context
*ctx
)
137 return test_bit(TLS_PENDING_CLOSED_RECORD
, &ctx
->flags
);
140 static inline int tls_complete_pending_work(struct sock
*sk
,
141 struct tls_context
*ctx
,
142 int flags
, long *timeo
)
146 if (unlikely(sk
->sk_write_pending
))
147 rc
= wait_on_pending_writer(sk
, timeo
);
149 if (!rc
&& tls_is_pending_closed_record(ctx
))
150 rc
= tls_push_pending_closed_record(sk
, ctx
, flags
, timeo
);
155 static inline bool tls_is_partially_sent_record(struct tls_context
*ctx
)
157 return !!ctx
->partially_sent_record
;
160 static inline bool tls_is_pending_open_record(struct tls_context
*tls_ctx
)
162 return tls_ctx
->pending_open_record_frags
;
165 static inline void tls_err_abort(struct sock
*sk
)
167 sk
->sk_err
= -EBADMSG
;
168 sk
->sk_error_report(sk
);
171 static inline bool tls_bigint_increment(unsigned char *seq
, int len
)
175 for (i
= len
- 1; i
>= 0; i
--) {
184 static inline void tls_advance_record_sn(struct sock
*sk
,
185 struct tls_context
*ctx
)
187 if (tls_bigint_increment(ctx
->rec_seq
, ctx
->rec_seq_size
))
189 tls_bigint_increment(ctx
->iv
+ TLS_CIPHER_AES_GCM_128_SALT_SIZE
,
193 static inline void tls_fill_prepend(struct tls_context
*ctx
,
195 size_t plaintext_len
,
196 unsigned char record_type
)
198 size_t pkt_len
, iv_size
= ctx
->iv_size
;
200 pkt_len
= plaintext_len
+ iv_size
+ ctx
->tag_size
;
202 /* we cover nonce explicit here as well, so buf should be of
203 * size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE
205 buf
[0] = record_type
;
206 buf
[1] = TLS_VERSION_MINOR(ctx
->crypto_send
.version
);
207 buf
[2] = TLS_VERSION_MAJOR(ctx
->crypto_send
.version
);
208 /* we can use IV for nonce explicit according to spec */
209 buf
[3] = pkt_len
>> 8;
210 buf
[4] = pkt_len
& 0xFF;
211 memcpy(buf
+ TLS_NONCE_OFFSET
,
212 ctx
->iv
+ TLS_CIPHER_AES_GCM_128_SALT_SIZE
, iv_size
);
215 static inline struct tls_context
*tls_get_ctx(const struct sock
*sk
)
217 struct inet_connection_sock
*icsk
= inet_csk(sk
);
219 return icsk
->icsk_ulp_data
;
222 static inline struct tls_sw_context
*tls_sw_ctx(
223 const struct tls_context
*tls_ctx
)
225 return (struct tls_sw_context
*)tls_ctx
->priv_ctx
;
228 static inline struct tls_offload_context
*tls_offload_ctx(
229 const struct tls_context
*tls_ctx
)
231 return (struct tls_offload_context
*)tls_ctx
->priv_ctx
;
234 int tls_proccess_cmsg(struct sock
*sk
, struct msghdr
*msg
,
235 unsigned char *record_type
);
237 #endif /* _TLS_OFFLOAD_H */