18c2ecf20Sopenharmony_ci/* 28c2ecf20Sopenharmony_ci * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved. 38c2ecf20Sopenharmony_ci * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved. 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * This software is available to you under a choice of one of two 68c2ecf20Sopenharmony_ci * licenses. You may choose to be licensed under the terms of the GNU 78c2ecf20Sopenharmony_ci * General Public License (GPL) Version 2, available from the file 88c2ecf20Sopenharmony_ci * COPYING in the main directory of this source tree, or the 98c2ecf20Sopenharmony_ci * OpenIB.org BSD license below: 108c2ecf20Sopenharmony_ci * 118c2ecf20Sopenharmony_ci * Redistribution and use in source and binary forms, with or 128c2ecf20Sopenharmony_ci * without modification, are permitted provided that the following 138c2ecf20Sopenharmony_ci * conditions are met: 148c2ecf20Sopenharmony_ci * 158c2ecf20Sopenharmony_ci * - Redistributions of source code must retain the above 168c2ecf20Sopenharmony_ci * copyright notice, this list of conditions and the following 178c2ecf20Sopenharmony_ci * disclaimer. 188c2ecf20Sopenharmony_ci * 198c2ecf20Sopenharmony_ci * - Redistributions in binary form must reproduce the above 208c2ecf20Sopenharmony_ci * copyright notice, this list of conditions and the following 218c2ecf20Sopenharmony_ci * disclaimer in the documentation and/or other materials 228c2ecf20Sopenharmony_ci * provided with the distribution. 238c2ecf20Sopenharmony_ci * 248c2ecf20Sopenharmony_ci * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 258c2ecf20Sopenharmony_ci * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 268c2ecf20Sopenharmony_ci * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 278c2ecf20Sopenharmony_ci * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 288c2ecf20Sopenharmony_ci * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 298c2ecf20Sopenharmony_ci * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 308c2ecf20Sopenharmony_ci * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 318c2ecf20Sopenharmony_ci * SOFTWARE. 328c2ecf20Sopenharmony_ci */ 338c2ecf20Sopenharmony_ci 348c2ecf20Sopenharmony_ci#include <linux/module.h> 358c2ecf20Sopenharmony_ci 368c2ecf20Sopenharmony_ci#include <net/tcp.h> 378c2ecf20Sopenharmony_ci#include <net/inet_common.h> 388c2ecf20Sopenharmony_ci#include <linux/highmem.h> 398c2ecf20Sopenharmony_ci#include <linux/netdevice.h> 408c2ecf20Sopenharmony_ci#include <linux/sched/signal.h> 418c2ecf20Sopenharmony_ci#include <linux/inetdevice.h> 428c2ecf20Sopenharmony_ci#include <linux/inet_diag.h> 438c2ecf20Sopenharmony_ci 448c2ecf20Sopenharmony_ci#include <net/snmp.h> 458c2ecf20Sopenharmony_ci#include <net/tls.h> 468c2ecf20Sopenharmony_ci#include <net/tls_toe.h> 478c2ecf20Sopenharmony_ci 488c2ecf20Sopenharmony_ciMODULE_AUTHOR("Mellanox Technologies"); 498c2ecf20Sopenharmony_ciMODULE_DESCRIPTION("Transport Layer Security Support"); 508c2ecf20Sopenharmony_ciMODULE_LICENSE("Dual BSD/GPL"); 518c2ecf20Sopenharmony_ciMODULE_ALIAS_TCP_ULP("tls"); 528c2ecf20Sopenharmony_ci 538c2ecf20Sopenharmony_cienum { 548c2ecf20Sopenharmony_ci TLSV4, 558c2ecf20Sopenharmony_ci TLSV6, 568c2ecf20Sopenharmony_ci TLS_NUM_PROTS, 578c2ecf20Sopenharmony_ci}; 588c2ecf20Sopenharmony_ci 598c2ecf20Sopenharmony_cistatic const struct proto *saved_tcpv6_prot; 608c2ecf20Sopenharmony_cistatic DEFINE_MUTEX(tcpv6_prot_mutex); 618c2ecf20Sopenharmony_cistatic const struct proto *saved_tcpv4_prot; 628c2ecf20Sopenharmony_cistatic DEFINE_MUTEX(tcpv4_prot_mutex); 638c2ecf20Sopenharmony_cistatic struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG]; 648c2ecf20Sopenharmony_cistatic struct proto_ops tls_proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG]; 658c2ecf20Sopenharmony_cistatic void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], 668c2ecf20Sopenharmony_ci const struct proto *base); 678c2ecf20Sopenharmony_ci 688c2ecf20Sopenharmony_civoid update_sk_prot(struct sock *sk, struct tls_context *ctx) 698c2ecf20Sopenharmony_ci{ 708c2ecf20Sopenharmony_ci int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4; 718c2ecf20Sopenharmony_ci 728c2ecf20Sopenharmony_ci WRITE_ONCE(sk->sk_prot, 738c2ecf20Sopenharmony_ci &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf]); 748c2ecf20Sopenharmony_ci WRITE_ONCE(sk->sk_socket->ops, 758c2ecf20Sopenharmony_ci &tls_proto_ops[ip_ver][ctx->tx_conf][ctx->rx_conf]); 768c2ecf20Sopenharmony_ci} 778c2ecf20Sopenharmony_ci 788c2ecf20Sopenharmony_ciint wait_on_pending_writer(struct sock *sk, long *timeo) 798c2ecf20Sopenharmony_ci{ 808c2ecf20Sopenharmony_ci int rc = 0; 818c2ecf20Sopenharmony_ci DEFINE_WAIT_FUNC(wait, woken_wake_function); 828c2ecf20Sopenharmony_ci 838c2ecf20Sopenharmony_ci add_wait_queue(sk_sleep(sk), &wait); 848c2ecf20Sopenharmony_ci while (1) { 858c2ecf20Sopenharmony_ci if (!*timeo) { 868c2ecf20Sopenharmony_ci rc = -EAGAIN; 878c2ecf20Sopenharmony_ci break; 888c2ecf20Sopenharmony_ci } 898c2ecf20Sopenharmony_ci 908c2ecf20Sopenharmony_ci if (signal_pending(current)) { 918c2ecf20Sopenharmony_ci rc = sock_intr_errno(*timeo); 928c2ecf20Sopenharmony_ci break; 938c2ecf20Sopenharmony_ci } 948c2ecf20Sopenharmony_ci 958c2ecf20Sopenharmony_ci if (sk_wait_event(sk, timeo, 968c2ecf20Sopenharmony_ci !READ_ONCE(sk->sk_write_pending), &wait)) 978c2ecf20Sopenharmony_ci break; 988c2ecf20Sopenharmony_ci } 998c2ecf20Sopenharmony_ci remove_wait_queue(sk_sleep(sk), &wait); 1008c2ecf20Sopenharmony_ci return rc; 1018c2ecf20Sopenharmony_ci} 1028c2ecf20Sopenharmony_ci 1038c2ecf20Sopenharmony_ciint tls_push_sg(struct sock *sk, 1048c2ecf20Sopenharmony_ci struct tls_context *ctx, 1058c2ecf20Sopenharmony_ci struct scatterlist *sg, 1068c2ecf20Sopenharmony_ci u16 first_offset, 1078c2ecf20Sopenharmony_ci int flags) 1088c2ecf20Sopenharmony_ci{ 1098c2ecf20Sopenharmony_ci int sendpage_flags = flags | MSG_SENDPAGE_NOTLAST; 1108c2ecf20Sopenharmony_ci int ret = 0; 1118c2ecf20Sopenharmony_ci struct page *p; 1128c2ecf20Sopenharmony_ci size_t size; 1138c2ecf20Sopenharmony_ci int offset = first_offset; 1148c2ecf20Sopenharmony_ci 1158c2ecf20Sopenharmony_ci size = sg->length - offset; 1168c2ecf20Sopenharmony_ci offset += sg->offset; 1178c2ecf20Sopenharmony_ci 1188c2ecf20Sopenharmony_ci ctx->in_tcp_sendpages = true; 1198c2ecf20Sopenharmony_ci while (1) { 1208c2ecf20Sopenharmony_ci if (sg_is_last(sg)) 1218c2ecf20Sopenharmony_ci sendpage_flags = flags; 1228c2ecf20Sopenharmony_ci 1238c2ecf20Sopenharmony_ci /* is sending application-limited? */ 1248c2ecf20Sopenharmony_ci tcp_rate_check_app_limited(sk); 1258c2ecf20Sopenharmony_ci p = sg_page(sg); 1268c2ecf20Sopenharmony_ciretry: 1278c2ecf20Sopenharmony_ci ret = do_tcp_sendpages(sk, p, offset, size, sendpage_flags); 1288c2ecf20Sopenharmony_ci 1298c2ecf20Sopenharmony_ci if (ret != size) { 1308c2ecf20Sopenharmony_ci if (ret > 0) { 1318c2ecf20Sopenharmony_ci offset += ret; 1328c2ecf20Sopenharmony_ci size -= ret; 1338c2ecf20Sopenharmony_ci goto retry; 1348c2ecf20Sopenharmony_ci } 1358c2ecf20Sopenharmony_ci 1368c2ecf20Sopenharmony_ci offset -= sg->offset; 1378c2ecf20Sopenharmony_ci ctx->partially_sent_offset = offset; 1388c2ecf20Sopenharmony_ci ctx->partially_sent_record = (void *)sg; 1398c2ecf20Sopenharmony_ci ctx->in_tcp_sendpages = false; 1408c2ecf20Sopenharmony_ci return ret; 1418c2ecf20Sopenharmony_ci } 1428c2ecf20Sopenharmony_ci 1438c2ecf20Sopenharmony_ci put_page(p); 1448c2ecf20Sopenharmony_ci sk_mem_uncharge(sk, sg->length); 1458c2ecf20Sopenharmony_ci sg = sg_next(sg); 1468c2ecf20Sopenharmony_ci if (!sg) 1478c2ecf20Sopenharmony_ci break; 1488c2ecf20Sopenharmony_ci 1498c2ecf20Sopenharmony_ci offset = sg->offset; 1508c2ecf20Sopenharmony_ci size = sg->length; 1518c2ecf20Sopenharmony_ci } 1528c2ecf20Sopenharmony_ci 1538c2ecf20Sopenharmony_ci ctx->in_tcp_sendpages = false; 1548c2ecf20Sopenharmony_ci 1558c2ecf20Sopenharmony_ci return 0; 1568c2ecf20Sopenharmony_ci} 1578c2ecf20Sopenharmony_ci 1588c2ecf20Sopenharmony_cistatic int tls_handle_open_record(struct sock *sk, int flags) 1598c2ecf20Sopenharmony_ci{ 1608c2ecf20Sopenharmony_ci struct tls_context *ctx = tls_get_ctx(sk); 1618c2ecf20Sopenharmony_ci 1628c2ecf20Sopenharmony_ci if (tls_is_pending_open_record(ctx)) 1638c2ecf20Sopenharmony_ci return ctx->push_pending_record(sk, flags); 1648c2ecf20Sopenharmony_ci 1658c2ecf20Sopenharmony_ci return 0; 1668c2ecf20Sopenharmony_ci} 1678c2ecf20Sopenharmony_ci 1688c2ecf20Sopenharmony_ciint tls_proccess_cmsg(struct sock *sk, struct msghdr *msg, 1698c2ecf20Sopenharmony_ci unsigned char *record_type) 1708c2ecf20Sopenharmony_ci{ 1718c2ecf20Sopenharmony_ci struct cmsghdr *cmsg; 1728c2ecf20Sopenharmony_ci int rc = -EINVAL; 1738c2ecf20Sopenharmony_ci 1748c2ecf20Sopenharmony_ci for_each_cmsghdr(cmsg, msg) { 1758c2ecf20Sopenharmony_ci if (!CMSG_OK(msg, cmsg)) 1768c2ecf20Sopenharmony_ci return -EINVAL; 1778c2ecf20Sopenharmony_ci if (cmsg->cmsg_level != SOL_TLS) 1788c2ecf20Sopenharmony_ci continue; 1798c2ecf20Sopenharmony_ci 1808c2ecf20Sopenharmony_ci switch (cmsg->cmsg_type) { 1818c2ecf20Sopenharmony_ci case TLS_SET_RECORD_TYPE: 1828c2ecf20Sopenharmony_ci if (cmsg->cmsg_len < CMSG_LEN(sizeof(*record_type))) 1838c2ecf20Sopenharmony_ci return -EINVAL; 1848c2ecf20Sopenharmony_ci 1858c2ecf20Sopenharmony_ci if (msg->msg_flags & MSG_MORE) 1868c2ecf20Sopenharmony_ci return -EINVAL; 1878c2ecf20Sopenharmony_ci 1888c2ecf20Sopenharmony_ci rc = tls_handle_open_record(sk, msg->msg_flags); 1898c2ecf20Sopenharmony_ci if (rc) 1908c2ecf20Sopenharmony_ci return rc; 1918c2ecf20Sopenharmony_ci 1928c2ecf20Sopenharmony_ci *record_type = *(unsigned char *)CMSG_DATA(cmsg); 1938c2ecf20Sopenharmony_ci rc = 0; 1948c2ecf20Sopenharmony_ci break; 1958c2ecf20Sopenharmony_ci default: 1968c2ecf20Sopenharmony_ci return -EINVAL; 1978c2ecf20Sopenharmony_ci } 1988c2ecf20Sopenharmony_ci } 1998c2ecf20Sopenharmony_ci 2008c2ecf20Sopenharmony_ci return rc; 2018c2ecf20Sopenharmony_ci} 2028c2ecf20Sopenharmony_ci 2038c2ecf20Sopenharmony_ciint tls_push_partial_record(struct sock *sk, struct tls_context *ctx, 2048c2ecf20Sopenharmony_ci int flags) 2058c2ecf20Sopenharmony_ci{ 2068c2ecf20Sopenharmony_ci struct scatterlist *sg; 2078c2ecf20Sopenharmony_ci u16 offset; 2088c2ecf20Sopenharmony_ci 2098c2ecf20Sopenharmony_ci sg = ctx->partially_sent_record; 2108c2ecf20Sopenharmony_ci offset = ctx->partially_sent_offset; 2118c2ecf20Sopenharmony_ci 2128c2ecf20Sopenharmony_ci ctx->partially_sent_record = NULL; 2138c2ecf20Sopenharmony_ci return tls_push_sg(sk, ctx, sg, offset, flags); 2148c2ecf20Sopenharmony_ci} 2158c2ecf20Sopenharmony_ci 2168c2ecf20Sopenharmony_civoid tls_free_partial_record(struct sock *sk, struct tls_context *ctx) 2178c2ecf20Sopenharmony_ci{ 2188c2ecf20Sopenharmony_ci struct scatterlist *sg; 2198c2ecf20Sopenharmony_ci 2208c2ecf20Sopenharmony_ci for (sg = ctx->partially_sent_record; sg; sg = sg_next(sg)) { 2218c2ecf20Sopenharmony_ci put_page(sg_page(sg)); 2228c2ecf20Sopenharmony_ci sk_mem_uncharge(sk, sg->length); 2238c2ecf20Sopenharmony_ci } 2248c2ecf20Sopenharmony_ci ctx->partially_sent_record = NULL; 2258c2ecf20Sopenharmony_ci} 2268c2ecf20Sopenharmony_ci 2278c2ecf20Sopenharmony_cistatic void tls_write_space(struct sock *sk) 2288c2ecf20Sopenharmony_ci{ 2298c2ecf20Sopenharmony_ci struct tls_context *ctx = tls_get_ctx(sk); 2308c2ecf20Sopenharmony_ci 2318c2ecf20Sopenharmony_ci /* If in_tcp_sendpages call lower protocol write space handler 2328c2ecf20Sopenharmony_ci * to ensure we wake up any waiting operations there. For example 2338c2ecf20Sopenharmony_ci * if do_tcp_sendpages where to call sk_wait_event. 2348c2ecf20Sopenharmony_ci */ 2358c2ecf20Sopenharmony_ci if (ctx->in_tcp_sendpages) { 2368c2ecf20Sopenharmony_ci ctx->sk_write_space(sk); 2378c2ecf20Sopenharmony_ci return; 2388c2ecf20Sopenharmony_ci } 2398c2ecf20Sopenharmony_ci 2408c2ecf20Sopenharmony_ci#ifdef CONFIG_TLS_DEVICE 2418c2ecf20Sopenharmony_ci if (ctx->tx_conf == TLS_HW) 2428c2ecf20Sopenharmony_ci tls_device_write_space(sk, ctx); 2438c2ecf20Sopenharmony_ci else 2448c2ecf20Sopenharmony_ci#endif 2458c2ecf20Sopenharmony_ci tls_sw_write_space(sk, ctx); 2468c2ecf20Sopenharmony_ci 2478c2ecf20Sopenharmony_ci ctx->sk_write_space(sk); 2488c2ecf20Sopenharmony_ci} 2498c2ecf20Sopenharmony_ci 2508c2ecf20Sopenharmony_ci/** 2518c2ecf20Sopenharmony_ci * tls_ctx_free() - free TLS ULP context 2528c2ecf20Sopenharmony_ci * @sk: socket to with @ctx is attached 2538c2ecf20Sopenharmony_ci * @ctx: TLS context structure 2548c2ecf20Sopenharmony_ci * 2558c2ecf20Sopenharmony_ci * Free TLS context. If @sk is %NULL caller guarantees that the socket 2568c2ecf20Sopenharmony_ci * to which @ctx was attached has no outstanding references. 2578c2ecf20Sopenharmony_ci */ 2588c2ecf20Sopenharmony_civoid tls_ctx_free(struct sock *sk, struct tls_context *ctx) 2598c2ecf20Sopenharmony_ci{ 2608c2ecf20Sopenharmony_ci if (!ctx) 2618c2ecf20Sopenharmony_ci return; 2628c2ecf20Sopenharmony_ci 2638c2ecf20Sopenharmony_ci memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send)); 2648c2ecf20Sopenharmony_ci memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv)); 2658c2ecf20Sopenharmony_ci mutex_destroy(&ctx->tx_lock); 2668c2ecf20Sopenharmony_ci 2678c2ecf20Sopenharmony_ci if (sk) 2688c2ecf20Sopenharmony_ci kfree_rcu(ctx, rcu); 2698c2ecf20Sopenharmony_ci else 2708c2ecf20Sopenharmony_ci kfree(ctx); 2718c2ecf20Sopenharmony_ci} 2728c2ecf20Sopenharmony_ci 2738c2ecf20Sopenharmony_cistatic void tls_sk_proto_cleanup(struct sock *sk, 2748c2ecf20Sopenharmony_ci struct tls_context *ctx, long timeo) 2758c2ecf20Sopenharmony_ci{ 2768c2ecf20Sopenharmony_ci if (unlikely(sk->sk_write_pending) && 2778c2ecf20Sopenharmony_ci !wait_on_pending_writer(sk, &timeo)) 2788c2ecf20Sopenharmony_ci tls_handle_open_record(sk, 0); 2798c2ecf20Sopenharmony_ci 2808c2ecf20Sopenharmony_ci /* We need these for tls_sw_fallback handling of other packets */ 2818c2ecf20Sopenharmony_ci if (ctx->tx_conf == TLS_SW) { 2828c2ecf20Sopenharmony_ci kfree(ctx->tx.rec_seq); 2838c2ecf20Sopenharmony_ci kfree(ctx->tx.iv); 2848c2ecf20Sopenharmony_ci tls_sw_release_resources_tx(sk); 2858c2ecf20Sopenharmony_ci TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW); 2868c2ecf20Sopenharmony_ci } else if (ctx->tx_conf == TLS_HW) { 2878c2ecf20Sopenharmony_ci tls_device_free_resources_tx(sk); 2888c2ecf20Sopenharmony_ci TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXDEVICE); 2898c2ecf20Sopenharmony_ci } 2908c2ecf20Sopenharmony_ci 2918c2ecf20Sopenharmony_ci if (ctx->rx_conf == TLS_SW) { 2928c2ecf20Sopenharmony_ci tls_sw_release_resources_rx(sk); 2938c2ecf20Sopenharmony_ci TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW); 2948c2ecf20Sopenharmony_ci } else if (ctx->rx_conf == TLS_HW) { 2958c2ecf20Sopenharmony_ci tls_device_offload_cleanup_rx(sk); 2968c2ecf20Sopenharmony_ci TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXDEVICE); 2978c2ecf20Sopenharmony_ci } 2988c2ecf20Sopenharmony_ci} 2998c2ecf20Sopenharmony_ci 3008c2ecf20Sopenharmony_cistatic void tls_sk_proto_close(struct sock *sk, long timeout) 3018c2ecf20Sopenharmony_ci{ 3028c2ecf20Sopenharmony_ci struct inet_connection_sock *icsk = inet_csk(sk); 3038c2ecf20Sopenharmony_ci struct tls_context *ctx = tls_get_ctx(sk); 3048c2ecf20Sopenharmony_ci long timeo = sock_sndtimeo(sk, 0); 3058c2ecf20Sopenharmony_ci bool free_ctx; 3068c2ecf20Sopenharmony_ci 3078c2ecf20Sopenharmony_ci if (ctx->tx_conf == TLS_SW) 3088c2ecf20Sopenharmony_ci tls_sw_cancel_work_tx(ctx); 3098c2ecf20Sopenharmony_ci 3108c2ecf20Sopenharmony_ci lock_sock(sk); 3118c2ecf20Sopenharmony_ci free_ctx = ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW; 3128c2ecf20Sopenharmony_ci 3138c2ecf20Sopenharmony_ci if (ctx->tx_conf != TLS_BASE || ctx->rx_conf != TLS_BASE) 3148c2ecf20Sopenharmony_ci tls_sk_proto_cleanup(sk, ctx, timeo); 3158c2ecf20Sopenharmony_ci 3168c2ecf20Sopenharmony_ci write_lock_bh(&sk->sk_callback_lock); 3178c2ecf20Sopenharmony_ci if (free_ctx) 3188c2ecf20Sopenharmony_ci rcu_assign_pointer(icsk->icsk_ulp_data, NULL); 3198c2ecf20Sopenharmony_ci WRITE_ONCE(sk->sk_prot, ctx->sk_proto); 3208c2ecf20Sopenharmony_ci if (sk->sk_write_space == tls_write_space) 3218c2ecf20Sopenharmony_ci sk->sk_write_space = ctx->sk_write_space; 3228c2ecf20Sopenharmony_ci write_unlock_bh(&sk->sk_callback_lock); 3238c2ecf20Sopenharmony_ci release_sock(sk); 3248c2ecf20Sopenharmony_ci if (ctx->tx_conf == TLS_SW) 3258c2ecf20Sopenharmony_ci tls_sw_free_ctx_tx(ctx); 3268c2ecf20Sopenharmony_ci if (ctx->rx_conf == TLS_SW || ctx->rx_conf == TLS_HW) 3278c2ecf20Sopenharmony_ci tls_sw_strparser_done(ctx); 3288c2ecf20Sopenharmony_ci if (ctx->rx_conf == TLS_SW) 3298c2ecf20Sopenharmony_ci tls_sw_free_ctx_rx(ctx); 3308c2ecf20Sopenharmony_ci ctx->sk_proto->close(sk, timeout); 3318c2ecf20Sopenharmony_ci 3328c2ecf20Sopenharmony_ci if (free_ctx) 3338c2ecf20Sopenharmony_ci tls_ctx_free(sk, ctx); 3348c2ecf20Sopenharmony_ci} 3358c2ecf20Sopenharmony_ci 3368c2ecf20Sopenharmony_cistatic int do_tls_getsockopt_conf(struct sock *sk, char __user *optval, 3378c2ecf20Sopenharmony_ci int __user *optlen, int tx) 3388c2ecf20Sopenharmony_ci{ 3398c2ecf20Sopenharmony_ci int rc = 0; 3408c2ecf20Sopenharmony_ci struct tls_context *ctx = tls_get_ctx(sk); 3418c2ecf20Sopenharmony_ci struct tls_crypto_info *crypto_info; 3428c2ecf20Sopenharmony_ci struct cipher_context *cctx; 3438c2ecf20Sopenharmony_ci int len; 3448c2ecf20Sopenharmony_ci 3458c2ecf20Sopenharmony_ci if (get_user(len, optlen)) 3468c2ecf20Sopenharmony_ci return -EFAULT; 3478c2ecf20Sopenharmony_ci 3488c2ecf20Sopenharmony_ci if (!optval || (len < sizeof(*crypto_info))) { 3498c2ecf20Sopenharmony_ci rc = -EINVAL; 3508c2ecf20Sopenharmony_ci goto out; 3518c2ecf20Sopenharmony_ci } 3528c2ecf20Sopenharmony_ci 3538c2ecf20Sopenharmony_ci if (!ctx) { 3548c2ecf20Sopenharmony_ci rc = -EBUSY; 3558c2ecf20Sopenharmony_ci goto out; 3568c2ecf20Sopenharmony_ci } 3578c2ecf20Sopenharmony_ci 3588c2ecf20Sopenharmony_ci /* get user crypto info */ 3598c2ecf20Sopenharmony_ci if (tx) { 3608c2ecf20Sopenharmony_ci crypto_info = &ctx->crypto_send.info; 3618c2ecf20Sopenharmony_ci cctx = &ctx->tx; 3628c2ecf20Sopenharmony_ci } else { 3638c2ecf20Sopenharmony_ci crypto_info = &ctx->crypto_recv.info; 3648c2ecf20Sopenharmony_ci cctx = &ctx->rx; 3658c2ecf20Sopenharmony_ci } 3668c2ecf20Sopenharmony_ci 3678c2ecf20Sopenharmony_ci if (!TLS_CRYPTO_INFO_READY(crypto_info)) { 3688c2ecf20Sopenharmony_ci rc = -EBUSY; 3698c2ecf20Sopenharmony_ci goto out; 3708c2ecf20Sopenharmony_ci } 3718c2ecf20Sopenharmony_ci 3728c2ecf20Sopenharmony_ci if (len == sizeof(*crypto_info)) { 3738c2ecf20Sopenharmony_ci if (copy_to_user(optval, crypto_info, sizeof(*crypto_info))) 3748c2ecf20Sopenharmony_ci rc = -EFAULT; 3758c2ecf20Sopenharmony_ci goto out; 3768c2ecf20Sopenharmony_ci } 3778c2ecf20Sopenharmony_ci 3788c2ecf20Sopenharmony_ci switch (crypto_info->cipher_type) { 3798c2ecf20Sopenharmony_ci case TLS_CIPHER_AES_GCM_128: { 3808c2ecf20Sopenharmony_ci struct tls12_crypto_info_aes_gcm_128 * 3818c2ecf20Sopenharmony_ci crypto_info_aes_gcm_128 = 3828c2ecf20Sopenharmony_ci container_of(crypto_info, 3838c2ecf20Sopenharmony_ci struct tls12_crypto_info_aes_gcm_128, 3848c2ecf20Sopenharmony_ci info); 3858c2ecf20Sopenharmony_ci 3868c2ecf20Sopenharmony_ci if (len != sizeof(*crypto_info_aes_gcm_128)) { 3878c2ecf20Sopenharmony_ci rc = -EINVAL; 3888c2ecf20Sopenharmony_ci goto out; 3898c2ecf20Sopenharmony_ci } 3908c2ecf20Sopenharmony_ci memcpy(crypto_info_aes_gcm_128->iv, 3918c2ecf20Sopenharmony_ci cctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, 3928c2ecf20Sopenharmony_ci TLS_CIPHER_AES_GCM_128_IV_SIZE); 3938c2ecf20Sopenharmony_ci memcpy(crypto_info_aes_gcm_128->rec_seq, cctx->rec_seq, 3948c2ecf20Sopenharmony_ci TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); 3958c2ecf20Sopenharmony_ci if (copy_to_user(optval, 3968c2ecf20Sopenharmony_ci crypto_info_aes_gcm_128, 3978c2ecf20Sopenharmony_ci sizeof(*crypto_info_aes_gcm_128))) 3988c2ecf20Sopenharmony_ci rc = -EFAULT; 3998c2ecf20Sopenharmony_ci break; 4008c2ecf20Sopenharmony_ci } 4018c2ecf20Sopenharmony_ci case TLS_CIPHER_AES_GCM_256: { 4028c2ecf20Sopenharmony_ci struct tls12_crypto_info_aes_gcm_256 * 4038c2ecf20Sopenharmony_ci crypto_info_aes_gcm_256 = 4048c2ecf20Sopenharmony_ci container_of(crypto_info, 4058c2ecf20Sopenharmony_ci struct tls12_crypto_info_aes_gcm_256, 4068c2ecf20Sopenharmony_ci info); 4078c2ecf20Sopenharmony_ci 4088c2ecf20Sopenharmony_ci if (len != sizeof(*crypto_info_aes_gcm_256)) { 4098c2ecf20Sopenharmony_ci rc = -EINVAL; 4108c2ecf20Sopenharmony_ci goto out; 4118c2ecf20Sopenharmony_ci } 4128c2ecf20Sopenharmony_ci memcpy(crypto_info_aes_gcm_256->iv, 4138c2ecf20Sopenharmony_ci cctx->iv + TLS_CIPHER_AES_GCM_256_SALT_SIZE, 4148c2ecf20Sopenharmony_ci TLS_CIPHER_AES_GCM_256_IV_SIZE); 4158c2ecf20Sopenharmony_ci memcpy(crypto_info_aes_gcm_256->rec_seq, cctx->rec_seq, 4168c2ecf20Sopenharmony_ci TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); 4178c2ecf20Sopenharmony_ci if (copy_to_user(optval, 4188c2ecf20Sopenharmony_ci crypto_info_aes_gcm_256, 4198c2ecf20Sopenharmony_ci sizeof(*crypto_info_aes_gcm_256))) 4208c2ecf20Sopenharmony_ci rc = -EFAULT; 4218c2ecf20Sopenharmony_ci break; 4228c2ecf20Sopenharmony_ci } 4238c2ecf20Sopenharmony_ci default: 4248c2ecf20Sopenharmony_ci rc = -EINVAL; 4258c2ecf20Sopenharmony_ci } 4268c2ecf20Sopenharmony_ci 4278c2ecf20Sopenharmony_ciout: 4288c2ecf20Sopenharmony_ci return rc; 4298c2ecf20Sopenharmony_ci} 4308c2ecf20Sopenharmony_ci 4318c2ecf20Sopenharmony_cistatic int do_tls_getsockopt(struct sock *sk, int optname, 4328c2ecf20Sopenharmony_ci char __user *optval, int __user *optlen) 4338c2ecf20Sopenharmony_ci{ 4348c2ecf20Sopenharmony_ci int rc = 0; 4358c2ecf20Sopenharmony_ci 4368c2ecf20Sopenharmony_ci lock_sock(sk); 4378c2ecf20Sopenharmony_ci 4388c2ecf20Sopenharmony_ci switch (optname) { 4398c2ecf20Sopenharmony_ci case TLS_TX: 4408c2ecf20Sopenharmony_ci case TLS_RX: 4418c2ecf20Sopenharmony_ci rc = do_tls_getsockopt_conf(sk, optval, optlen, 4428c2ecf20Sopenharmony_ci optname == TLS_TX); 4438c2ecf20Sopenharmony_ci break; 4448c2ecf20Sopenharmony_ci default: 4458c2ecf20Sopenharmony_ci rc = -ENOPROTOOPT; 4468c2ecf20Sopenharmony_ci break; 4478c2ecf20Sopenharmony_ci } 4488c2ecf20Sopenharmony_ci 4498c2ecf20Sopenharmony_ci release_sock(sk); 4508c2ecf20Sopenharmony_ci 4518c2ecf20Sopenharmony_ci return rc; 4528c2ecf20Sopenharmony_ci} 4538c2ecf20Sopenharmony_ci 4548c2ecf20Sopenharmony_cistatic int tls_getsockopt(struct sock *sk, int level, int optname, 4558c2ecf20Sopenharmony_ci char __user *optval, int __user *optlen) 4568c2ecf20Sopenharmony_ci{ 4578c2ecf20Sopenharmony_ci struct tls_context *ctx = tls_get_ctx(sk); 4588c2ecf20Sopenharmony_ci 4598c2ecf20Sopenharmony_ci if (level != SOL_TLS) 4608c2ecf20Sopenharmony_ci return ctx->sk_proto->getsockopt(sk, level, 4618c2ecf20Sopenharmony_ci optname, optval, optlen); 4628c2ecf20Sopenharmony_ci 4638c2ecf20Sopenharmony_ci return do_tls_getsockopt(sk, optname, optval, optlen); 4648c2ecf20Sopenharmony_ci} 4658c2ecf20Sopenharmony_ci 4668c2ecf20Sopenharmony_cistatic int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval, 4678c2ecf20Sopenharmony_ci unsigned int optlen, int tx) 4688c2ecf20Sopenharmony_ci{ 4698c2ecf20Sopenharmony_ci struct tls_crypto_info *crypto_info; 4708c2ecf20Sopenharmony_ci struct tls_crypto_info *alt_crypto_info; 4718c2ecf20Sopenharmony_ci struct tls_context *ctx = tls_get_ctx(sk); 4728c2ecf20Sopenharmony_ci size_t optsize; 4738c2ecf20Sopenharmony_ci int rc = 0; 4748c2ecf20Sopenharmony_ci int conf; 4758c2ecf20Sopenharmony_ci 4768c2ecf20Sopenharmony_ci if (sockptr_is_null(optval) || (optlen < sizeof(*crypto_info))) { 4778c2ecf20Sopenharmony_ci rc = -EINVAL; 4788c2ecf20Sopenharmony_ci goto out; 4798c2ecf20Sopenharmony_ci } 4808c2ecf20Sopenharmony_ci 4818c2ecf20Sopenharmony_ci if (tx) { 4828c2ecf20Sopenharmony_ci crypto_info = &ctx->crypto_send.info; 4838c2ecf20Sopenharmony_ci alt_crypto_info = &ctx->crypto_recv.info; 4848c2ecf20Sopenharmony_ci } else { 4858c2ecf20Sopenharmony_ci crypto_info = &ctx->crypto_recv.info; 4868c2ecf20Sopenharmony_ci alt_crypto_info = &ctx->crypto_send.info; 4878c2ecf20Sopenharmony_ci } 4888c2ecf20Sopenharmony_ci 4898c2ecf20Sopenharmony_ci /* Currently we don't support set crypto info more than one time */ 4908c2ecf20Sopenharmony_ci if (TLS_CRYPTO_INFO_READY(crypto_info)) { 4918c2ecf20Sopenharmony_ci rc = -EBUSY; 4928c2ecf20Sopenharmony_ci goto out; 4938c2ecf20Sopenharmony_ci } 4948c2ecf20Sopenharmony_ci 4958c2ecf20Sopenharmony_ci rc = copy_from_sockptr(crypto_info, optval, sizeof(*crypto_info)); 4968c2ecf20Sopenharmony_ci if (rc) { 4978c2ecf20Sopenharmony_ci rc = -EFAULT; 4988c2ecf20Sopenharmony_ci goto err_crypto_info; 4998c2ecf20Sopenharmony_ci } 5008c2ecf20Sopenharmony_ci 5018c2ecf20Sopenharmony_ci /* check version */ 5028c2ecf20Sopenharmony_ci if (crypto_info->version != TLS_1_2_VERSION && 5038c2ecf20Sopenharmony_ci crypto_info->version != TLS_1_3_VERSION) { 5048c2ecf20Sopenharmony_ci rc = -EINVAL; 5058c2ecf20Sopenharmony_ci goto err_crypto_info; 5068c2ecf20Sopenharmony_ci } 5078c2ecf20Sopenharmony_ci 5088c2ecf20Sopenharmony_ci /* Ensure that TLS version and ciphers are same in both directions */ 5098c2ecf20Sopenharmony_ci if (TLS_CRYPTO_INFO_READY(alt_crypto_info)) { 5108c2ecf20Sopenharmony_ci if (alt_crypto_info->version != crypto_info->version || 5118c2ecf20Sopenharmony_ci alt_crypto_info->cipher_type != crypto_info->cipher_type) { 5128c2ecf20Sopenharmony_ci rc = -EINVAL; 5138c2ecf20Sopenharmony_ci goto err_crypto_info; 5148c2ecf20Sopenharmony_ci } 5158c2ecf20Sopenharmony_ci } 5168c2ecf20Sopenharmony_ci 5178c2ecf20Sopenharmony_ci switch (crypto_info->cipher_type) { 5188c2ecf20Sopenharmony_ci case TLS_CIPHER_AES_GCM_128: 5198c2ecf20Sopenharmony_ci optsize = sizeof(struct tls12_crypto_info_aes_gcm_128); 5208c2ecf20Sopenharmony_ci break; 5218c2ecf20Sopenharmony_ci case TLS_CIPHER_AES_GCM_256: { 5228c2ecf20Sopenharmony_ci optsize = sizeof(struct tls12_crypto_info_aes_gcm_256); 5238c2ecf20Sopenharmony_ci break; 5248c2ecf20Sopenharmony_ci } 5258c2ecf20Sopenharmony_ci case TLS_CIPHER_AES_CCM_128: 5268c2ecf20Sopenharmony_ci optsize = sizeof(struct tls12_crypto_info_aes_ccm_128); 5278c2ecf20Sopenharmony_ci break; 5288c2ecf20Sopenharmony_ci default: 5298c2ecf20Sopenharmony_ci rc = -EINVAL; 5308c2ecf20Sopenharmony_ci goto err_crypto_info; 5318c2ecf20Sopenharmony_ci } 5328c2ecf20Sopenharmony_ci 5338c2ecf20Sopenharmony_ci if (optlen != optsize) { 5348c2ecf20Sopenharmony_ci rc = -EINVAL; 5358c2ecf20Sopenharmony_ci goto err_crypto_info; 5368c2ecf20Sopenharmony_ci } 5378c2ecf20Sopenharmony_ci 5388c2ecf20Sopenharmony_ci rc = copy_from_sockptr_offset(crypto_info + 1, optval, 5398c2ecf20Sopenharmony_ci sizeof(*crypto_info), 5408c2ecf20Sopenharmony_ci optlen - sizeof(*crypto_info)); 5418c2ecf20Sopenharmony_ci if (rc) { 5428c2ecf20Sopenharmony_ci rc = -EFAULT; 5438c2ecf20Sopenharmony_ci goto err_crypto_info; 5448c2ecf20Sopenharmony_ci } 5458c2ecf20Sopenharmony_ci 5468c2ecf20Sopenharmony_ci if (tx) { 5478c2ecf20Sopenharmony_ci rc = tls_set_device_offload(sk, ctx); 5488c2ecf20Sopenharmony_ci conf = TLS_HW; 5498c2ecf20Sopenharmony_ci if (!rc) { 5508c2ecf20Sopenharmony_ci TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSTXDEVICE); 5518c2ecf20Sopenharmony_ci TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXDEVICE); 5528c2ecf20Sopenharmony_ci } else { 5538c2ecf20Sopenharmony_ci rc = tls_set_sw_offload(sk, ctx, 1); 5548c2ecf20Sopenharmony_ci if (rc) 5558c2ecf20Sopenharmony_ci goto err_crypto_info; 5568c2ecf20Sopenharmony_ci TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSTXSW); 5578c2ecf20Sopenharmony_ci TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW); 5588c2ecf20Sopenharmony_ci conf = TLS_SW; 5598c2ecf20Sopenharmony_ci } 5608c2ecf20Sopenharmony_ci } else { 5618c2ecf20Sopenharmony_ci rc = tls_set_device_offload_rx(sk, ctx); 5628c2ecf20Sopenharmony_ci conf = TLS_HW; 5638c2ecf20Sopenharmony_ci if (!rc) { 5648c2ecf20Sopenharmony_ci TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXDEVICE); 5658c2ecf20Sopenharmony_ci TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXDEVICE); 5668c2ecf20Sopenharmony_ci } else { 5678c2ecf20Sopenharmony_ci rc = tls_set_sw_offload(sk, ctx, 0); 5688c2ecf20Sopenharmony_ci if (rc) 5698c2ecf20Sopenharmony_ci goto err_crypto_info; 5708c2ecf20Sopenharmony_ci TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXSW); 5718c2ecf20Sopenharmony_ci TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW); 5728c2ecf20Sopenharmony_ci conf = TLS_SW; 5738c2ecf20Sopenharmony_ci } 5748c2ecf20Sopenharmony_ci tls_sw_strparser_arm(sk, ctx); 5758c2ecf20Sopenharmony_ci } 5768c2ecf20Sopenharmony_ci 5778c2ecf20Sopenharmony_ci if (tx) 5788c2ecf20Sopenharmony_ci ctx->tx_conf = conf; 5798c2ecf20Sopenharmony_ci else 5808c2ecf20Sopenharmony_ci ctx->rx_conf = conf; 5818c2ecf20Sopenharmony_ci update_sk_prot(sk, ctx); 5828c2ecf20Sopenharmony_ci if (tx) { 5838c2ecf20Sopenharmony_ci ctx->sk_write_space = sk->sk_write_space; 5848c2ecf20Sopenharmony_ci sk->sk_write_space = tls_write_space; 5858c2ecf20Sopenharmony_ci } 5868c2ecf20Sopenharmony_ci goto out; 5878c2ecf20Sopenharmony_ci 5888c2ecf20Sopenharmony_cierr_crypto_info: 5898c2ecf20Sopenharmony_ci memzero_explicit(crypto_info, sizeof(union tls_crypto_context)); 5908c2ecf20Sopenharmony_ciout: 5918c2ecf20Sopenharmony_ci return rc; 5928c2ecf20Sopenharmony_ci} 5938c2ecf20Sopenharmony_ci 5948c2ecf20Sopenharmony_cistatic int do_tls_setsockopt(struct sock *sk, int optname, sockptr_t optval, 5958c2ecf20Sopenharmony_ci unsigned int optlen) 5968c2ecf20Sopenharmony_ci{ 5978c2ecf20Sopenharmony_ci int rc = 0; 5988c2ecf20Sopenharmony_ci 5998c2ecf20Sopenharmony_ci switch (optname) { 6008c2ecf20Sopenharmony_ci case TLS_TX: 6018c2ecf20Sopenharmony_ci case TLS_RX: 6028c2ecf20Sopenharmony_ci lock_sock(sk); 6038c2ecf20Sopenharmony_ci rc = do_tls_setsockopt_conf(sk, optval, optlen, 6048c2ecf20Sopenharmony_ci optname == TLS_TX); 6058c2ecf20Sopenharmony_ci release_sock(sk); 6068c2ecf20Sopenharmony_ci break; 6078c2ecf20Sopenharmony_ci default: 6088c2ecf20Sopenharmony_ci rc = -ENOPROTOOPT; 6098c2ecf20Sopenharmony_ci break; 6108c2ecf20Sopenharmony_ci } 6118c2ecf20Sopenharmony_ci return rc; 6128c2ecf20Sopenharmony_ci} 6138c2ecf20Sopenharmony_ci 6148c2ecf20Sopenharmony_cistatic int tls_setsockopt(struct sock *sk, int level, int optname, 6158c2ecf20Sopenharmony_ci sockptr_t optval, unsigned int optlen) 6168c2ecf20Sopenharmony_ci{ 6178c2ecf20Sopenharmony_ci struct tls_context *ctx = tls_get_ctx(sk); 6188c2ecf20Sopenharmony_ci 6198c2ecf20Sopenharmony_ci if (level != SOL_TLS) 6208c2ecf20Sopenharmony_ci return ctx->sk_proto->setsockopt(sk, level, optname, optval, 6218c2ecf20Sopenharmony_ci optlen); 6228c2ecf20Sopenharmony_ci 6238c2ecf20Sopenharmony_ci return do_tls_setsockopt(sk, optname, optval, optlen); 6248c2ecf20Sopenharmony_ci} 6258c2ecf20Sopenharmony_ci 6268c2ecf20Sopenharmony_cistruct tls_context *tls_ctx_create(struct sock *sk) 6278c2ecf20Sopenharmony_ci{ 6288c2ecf20Sopenharmony_ci struct inet_connection_sock *icsk = inet_csk(sk); 6298c2ecf20Sopenharmony_ci struct tls_context *ctx; 6308c2ecf20Sopenharmony_ci 6318c2ecf20Sopenharmony_ci ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC); 6328c2ecf20Sopenharmony_ci if (!ctx) 6338c2ecf20Sopenharmony_ci return NULL; 6348c2ecf20Sopenharmony_ci 6358c2ecf20Sopenharmony_ci mutex_init(&ctx->tx_lock); 6368c2ecf20Sopenharmony_ci ctx->sk_proto = READ_ONCE(sk->sk_prot); 6378c2ecf20Sopenharmony_ci ctx->sk = sk; 6388c2ecf20Sopenharmony_ci /* Release semantic of rcu_assign_pointer() ensures that 6398c2ecf20Sopenharmony_ci * ctx->sk_proto is visible before changing sk->sk_prot in 6408c2ecf20Sopenharmony_ci * update_sk_prot(), and prevents reading uninitialized value in 6418c2ecf20Sopenharmony_ci * tls_{getsockopt, setsockopt}. Note that we do not need a 6428c2ecf20Sopenharmony_ci * read barrier in tls_{getsockopt,setsockopt} as there is an 6438c2ecf20Sopenharmony_ci * address dependency between sk->sk_proto->{getsockopt,setsockopt} 6448c2ecf20Sopenharmony_ci * and ctx->sk_proto. 6458c2ecf20Sopenharmony_ci */ 6468c2ecf20Sopenharmony_ci rcu_assign_pointer(icsk->icsk_ulp_data, ctx); 6478c2ecf20Sopenharmony_ci return ctx; 6488c2ecf20Sopenharmony_ci} 6498c2ecf20Sopenharmony_ci 6508c2ecf20Sopenharmony_cistatic void build_proto_ops(struct proto_ops ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG], 6518c2ecf20Sopenharmony_ci const struct proto_ops *base) 6528c2ecf20Sopenharmony_ci{ 6538c2ecf20Sopenharmony_ci ops[TLS_BASE][TLS_BASE] = *base; 6548c2ecf20Sopenharmony_ci 6558c2ecf20Sopenharmony_ci ops[TLS_SW ][TLS_BASE] = ops[TLS_BASE][TLS_BASE]; 6568c2ecf20Sopenharmony_ci ops[TLS_SW ][TLS_BASE].sendpage_locked = tls_sw_sendpage_locked; 6578c2ecf20Sopenharmony_ci 6588c2ecf20Sopenharmony_ci ops[TLS_BASE][TLS_SW ] = ops[TLS_BASE][TLS_BASE]; 6598c2ecf20Sopenharmony_ci ops[TLS_BASE][TLS_SW ].splice_read = tls_sw_splice_read; 6608c2ecf20Sopenharmony_ci 6618c2ecf20Sopenharmony_ci ops[TLS_SW ][TLS_SW ] = ops[TLS_SW ][TLS_BASE]; 6628c2ecf20Sopenharmony_ci ops[TLS_SW ][TLS_SW ].splice_read = tls_sw_splice_read; 6638c2ecf20Sopenharmony_ci 6648c2ecf20Sopenharmony_ci#ifdef CONFIG_TLS_DEVICE 6658c2ecf20Sopenharmony_ci ops[TLS_HW ][TLS_BASE] = ops[TLS_BASE][TLS_BASE]; 6668c2ecf20Sopenharmony_ci ops[TLS_HW ][TLS_BASE].sendpage_locked = NULL; 6678c2ecf20Sopenharmony_ci 6688c2ecf20Sopenharmony_ci ops[TLS_HW ][TLS_SW ] = ops[TLS_BASE][TLS_SW ]; 6698c2ecf20Sopenharmony_ci ops[TLS_HW ][TLS_SW ].sendpage_locked = NULL; 6708c2ecf20Sopenharmony_ci 6718c2ecf20Sopenharmony_ci ops[TLS_BASE][TLS_HW ] = ops[TLS_BASE][TLS_SW ]; 6728c2ecf20Sopenharmony_ci 6738c2ecf20Sopenharmony_ci ops[TLS_SW ][TLS_HW ] = ops[TLS_SW ][TLS_SW ]; 6748c2ecf20Sopenharmony_ci 6758c2ecf20Sopenharmony_ci ops[TLS_HW ][TLS_HW ] = ops[TLS_HW ][TLS_SW ]; 6768c2ecf20Sopenharmony_ci ops[TLS_HW ][TLS_HW ].sendpage_locked = NULL; 6778c2ecf20Sopenharmony_ci#endif 6788c2ecf20Sopenharmony_ci#ifdef CONFIG_TLS_TOE 6798c2ecf20Sopenharmony_ci ops[TLS_HW_RECORD][TLS_HW_RECORD] = *base; 6808c2ecf20Sopenharmony_ci#endif 6818c2ecf20Sopenharmony_ci} 6828c2ecf20Sopenharmony_ci 6838c2ecf20Sopenharmony_cistatic void tls_build_proto(struct sock *sk) 6848c2ecf20Sopenharmony_ci{ 6858c2ecf20Sopenharmony_ci int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4; 6868c2ecf20Sopenharmony_ci struct proto *prot = READ_ONCE(sk->sk_prot); 6878c2ecf20Sopenharmony_ci 6888c2ecf20Sopenharmony_ci /* Build IPv6 TLS whenever the address of tcpv6 _prot changes */ 6898c2ecf20Sopenharmony_ci if (ip_ver == TLSV6 && 6908c2ecf20Sopenharmony_ci unlikely(prot != smp_load_acquire(&saved_tcpv6_prot))) { 6918c2ecf20Sopenharmony_ci mutex_lock(&tcpv6_prot_mutex); 6928c2ecf20Sopenharmony_ci if (likely(prot != saved_tcpv6_prot)) { 6938c2ecf20Sopenharmony_ci build_protos(tls_prots[TLSV6], prot); 6948c2ecf20Sopenharmony_ci build_proto_ops(tls_proto_ops[TLSV6], 6958c2ecf20Sopenharmony_ci sk->sk_socket->ops); 6968c2ecf20Sopenharmony_ci smp_store_release(&saved_tcpv6_prot, prot); 6978c2ecf20Sopenharmony_ci } 6988c2ecf20Sopenharmony_ci mutex_unlock(&tcpv6_prot_mutex); 6998c2ecf20Sopenharmony_ci } 7008c2ecf20Sopenharmony_ci 7018c2ecf20Sopenharmony_ci if (ip_ver == TLSV4 && 7028c2ecf20Sopenharmony_ci unlikely(prot != smp_load_acquire(&saved_tcpv4_prot))) { 7038c2ecf20Sopenharmony_ci mutex_lock(&tcpv4_prot_mutex); 7048c2ecf20Sopenharmony_ci if (likely(prot != saved_tcpv4_prot)) { 7058c2ecf20Sopenharmony_ci build_protos(tls_prots[TLSV4], prot); 7068c2ecf20Sopenharmony_ci build_proto_ops(tls_proto_ops[TLSV4], 7078c2ecf20Sopenharmony_ci sk->sk_socket->ops); 7088c2ecf20Sopenharmony_ci smp_store_release(&saved_tcpv4_prot, prot); 7098c2ecf20Sopenharmony_ci } 7108c2ecf20Sopenharmony_ci mutex_unlock(&tcpv4_prot_mutex); 7118c2ecf20Sopenharmony_ci } 7128c2ecf20Sopenharmony_ci} 7138c2ecf20Sopenharmony_ci 7148c2ecf20Sopenharmony_cistatic void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], 7158c2ecf20Sopenharmony_ci const struct proto *base) 7168c2ecf20Sopenharmony_ci{ 7178c2ecf20Sopenharmony_ci prot[TLS_BASE][TLS_BASE] = *base; 7188c2ecf20Sopenharmony_ci prot[TLS_BASE][TLS_BASE].setsockopt = tls_setsockopt; 7198c2ecf20Sopenharmony_ci prot[TLS_BASE][TLS_BASE].getsockopt = tls_getsockopt; 7208c2ecf20Sopenharmony_ci prot[TLS_BASE][TLS_BASE].close = tls_sk_proto_close; 7218c2ecf20Sopenharmony_ci 7228c2ecf20Sopenharmony_ci prot[TLS_SW][TLS_BASE] = prot[TLS_BASE][TLS_BASE]; 7238c2ecf20Sopenharmony_ci prot[TLS_SW][TLS_BASE].sendmsg = tls_sw_sendmsg; 7248c2ecf20Sopenharmony_ci prot[TLS_SW][TLS_BASE].sendpage = tls_sw_sendpage; 7258c2ecf20Sopenharmony_ci 7268c2ecf20Sopenharmony_ci prot[TLS_BASE][TLS_SW] = prot[TLS_BASE][TLS_BASE]; 7278c2ecf20Sopenharmony_ci prot[TLS_BASE][TLS_SW].recvmsg = tls_sw_recvmsg; 7288c2ecf20Sopenharmony_ci prot[TLS_BASE][TLS_SW].stream_memory_read = tls_sw_stream_read; 7298c2ecf20Sopenharmony_ci prot[TLS_BASE][TLS_SW].close = tls_sk_proto_close; 7308c2ecf20Sopenharmony_ci 7318c2ecf20Sopenharmony_ci prot[TLS_SW][TLS_SW] = prot[TLS_SW][TLS_BASE]; 7328c2ecf20Sopenharmony_ci prot[TLS_SW][TLS_SW].recvmsg = tls_sw_recvmsg; 7338c2ecf20Sopenharmony_ci prot[TLS_SW][TLS_SW].stream_memory_read = tls_sw_stream_read; 7348c2ecf20Sopenharmony_ci prot[TLS_SW][TLS_SW].close = tls_sk_proto_close; 7358c2ecf20Sopenharmony_ci 7368c2ecf20Sopenharmony_ci#ifdef CONFIG_TLS_DEVICE 7378c2ecf20Sopenharmony_ci prot[TLS_HW][TLS_BASE] = prot[TLS_BASE][TLS_BASE]; 7388c2ecf20Sopenharmony_ci prot[TLS_HW][TLS_BASE].sendmsg = tls_device_sendmsg; 7398c2ecf20Sopenharmony_ci prot[TLS_HW][TLS_BASE].sendpage = tls_device_sendpage; 7408c2ecf20Sopenharmony_ci 7418c2ecf20Sopenharmony_ci prot[TLS_HW][TLS_SW] = prot[TLS_BASE][TLS_SW]; 7428c2ecf20Sopenharmony_ci prot[TLS_HW][TLS_SW].sendmsg = tls_device_sendmsg; 7438c2ecf20Sopenharmony_ci prot[TLS_HW][TLS_SW].sendpage = tls_device_sendpage; 7448c2ecf20Sopenharmony_ci 7458c2ecf20Sopenharmony_ci prot[TLS_BASE][TLS_HW] = prot[TLS_BASE][TLS_SW]; 7468c2ecf20Sopenharmony_ci 7478c2ecf20Sopenharmony_ci prot[TLS_SW][TLS_HW] = prot[TLS_SW][TLS_SW]; 7488c2ecf20Sopenharmony_ci 7498c2ecf20Sopenharmony_ci prot[TLS_HW][TLS_HW] = prot[TLS_HW][TLS_SW]; 7508c2ecf20Sopenharmony_ci#endif 7518c2ecf20Sopenharmony_ci#ifdef CONFIG_TLS_TOE 7528c2ecf20Sopenharmony_ci prot[TLS_HW_RECORD][TLS_HW_RECORD] = *base; 7538c2ecf20Sopenharmony_ci prot[TLS_HW_RECORD][TLS_HW_RECORD].hash = tls_toe_hash; 7548c2ecf20Sopenharmony_ci prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash = tls_toe_unhash; 7558c2ecf20Sopenharmony_ci#endif 7568c2ecf20Sopenharmony_ci} 7578c2ecf20Sopenharmony_ci 7588c2ecf20Sopenharmony_cistatic int tls_init(struct sock *sk) 7598c2ecf20Sopenharmony_ci{ 7608c2ecf20Sopenharmony_ci struct tls_context *ctx; 7618c2ecf20Sopenharmony_ci int rc = 0; 7628c2ecf20Sopenharmony_ci 7638c2ecf20Sopenharmony_ci tls_build_proto(sk); 7648c2ecf20Sopenharmony_ci 7658c2ecf20Sopenharmony_ci#ifdef CONFIG_TLS_TOE 7668c2ecf20Sopenharmony_ci if (tls_toe_bypass(sk)) 7678c2ecf20Sopenharmony_ci return 0; 7688c2ecf20Sopenharmony_ci#endif 7698c2ecf20Sopenharmony_ci 7708c2ecf20Sopenharmony_ci /* The TLS ulp is currently supported only for TCP sockets 7718c2ecf20Sopenharmony_ci * in ESTABLISHED state. 7728c2ecf20Sopenharmony_ci * Supporting sockets in LISTEN state will require us 7738c2ecf20Sopenharmony_ci * to modify the accept implementation to clone rather then 7748c2ecf20Sopenharmony_ci * share the ulp context. 7758c2ecf20Sopenharmony_ci */ 7768c2ecf20Sopenharmony_ci if (sk->sk_state != TCP_ESTABLISHED) 7778c2ecf20Sopenharmony_ci return -ENOTCONN; 7788c2ecf20Sopenharmony_ci 7798c2ecf20Sopenharmony_ci /* allocate tls context */ 7808c2ecf20Sopenharmony_ci write_lock_bh(&sk->sk_callback_lock); 7818c2ecf20Sopenharmony_ci ctx = tls_ctx_create(sk); 7828c2ecf20Sopenharmony_ci if (!ctx) { 7838c2ecf20Sopenharmony_ci rc = -ENOMEM; 7848c2ecf20Sopenharmony_ci goto out; 7858c2ecf20Sopenharmony_ci } 7868c2ecf20Sopenharmony_ci 7878c2ecf20Sopenharmony_ci ctx->tx_conf = TLS_BASE; 7888c2ecf20Sopenharmony_ci ctx->rx_conf = TLS_BASE; 7898c2ecf20Sopenharmony_ci update_sk_prot(sk, ctx); 7908c2ecf20Sopenharmony_ciout: 7918c2ecf20Sopenharmony_ci write_unlock_bh(&sk->sk_callback_lock); 7928c2ecf20Sopenharmony_ci return rc; 7938c2ecf20Sopenharmony_ci} 7948c2ecf20Sopenharmony_ci 7958c2ecf20Sopenharmony_cistatic void tls_update(struct sock *sk, struct proto *p, 7968c2ecf20Sopenharmony_ci void (*write_space)(struct sock *sk)) 7978c2ecf20Sopenharmony_ci{ 7988c2ecf20Sopenharmony_ci struct tls_context *ctx; 7998c2ecf20Sopenharmony_ci 8008c2ecf20Sopenharmony_ci ctx = tls_get_ctx(sk); 8018c2ecf20Sopenharmony_ci if (likely(ctx)) { 8028c2ecf20Sopenharmony_ci ctx->sk_write_space = write_space; 8038c2ecf20Sopenharmony_ci ctx->sk_proto = p; 8048c2ecf20Sopenharmony_ci } else { 8058c2ecf20Sopenharmony_ci /* Pairs with lockless read in sk_clone_lock(). */ 8068c2ecf20Sopenharmony_ci WRITE_ONCE(sk->sk_prot, p); 8078c2ecf20Sopenharmony_ci sk->sk_write_space = write_space; 8088c2ecf20Sopenharmony_ci } 8098c2ecf20Sopenharmony_ci} 8108c2ecf20Sopenharmony_ci 8118c2ecf20Sopenharmony_cistatic int tls_get_info(const struct sock *sk, struct sk_buff *skb) 8128c2ecf20Sopenharmony_ci{ 8138c2ecf20Sopenharmony_ci u16 version, cipher_type; 8148c2ecf20Sopenharmony_ci struct tls_context *ctx; 8158c2ecf20Sopenharmony_ci struct nlattr *start; 8168c2ecf20Sopenharmony_ci int err; 8178c2ecf20Sopenharmony_ci 8188c2ecf20Sopenharmony_ci start = nla_nest_start_noflag(skb, INET_ULP_INFO_TLS); 8198c2ecf20Sopenharmony_ci if (!start) 8208c2ecf20Sopenharmony_ci return -EMSGSIZE; 8218c2ecf20Sopenharmony_ci 8228c2ecf20Sopenharmony_ci rcu_read_lock(); 8238c2ecf20Sopenharmony_ci ctx = rcu_dereference(inet_csk(sk)->icsk_ulp_data); 8248c2ecf20Sopenharmony_ci if (!ctx) { 8258c2ecf20Sopenharmony_ci err = 0; 8268c2ecf20Sopenharmony_ci goto nla_failure; 8278c2ecf20Sopenharmony_ci } 8288c2ecf20Sopenharmony_ci version = ctx->prot_info.version; 8298c2ecf20Sopenharmony_ci if (version) { 8308c2ecf20Sopenharmony_ci err = nla_put_u16(skb, TLS_INFO_VERSION, version); 8318c2ecf20Sopenharmony_ci if (err) 8328c2ecf20Sopenharmony_ci goto nla_failure; 8338c2ecf20Sopenharmony_ci } 8348c2ecf20Sopenharmony_ci cipher_type = ctx->prot_info.cipher_type; 8358c2ecf20Sopenharmony_ci if (cipher_type) { 8368c2ecf20Sopenharmony_ci err = nla_put_u16(skb, TLS_INFO_CIPHER, cipher_type); 8378c2ecf20Sopenharmony_ci if (err) 8388c2ecf20Sopenharmony_ci goto nla_failure; 8398c2ecf20Sopenharmony_ci } 8408c2ecf20Sopenharmony_ci err = nla_put_u16(skb, TLS_INFO_TXCONF, tls_user_config(ctx, true)); 8418c2ecf20Sopenharmony_ci if (err) 8428c2ecf20Sopenharmony_ci goto nla_failure; 8438c2ecf20Sopenharmony_ci 8448c2ecf20Sopenharmony_ci err = nla_put_u16(skb, TLS_INFO_RXCONF, tls_user_config(ctx, false)); 8458c2ecf20Sopenharmony_ci if (err) 8468c2ecf20Sopenharmony_ci goto nla_failure; 8478c2ecf20Sopenharmony_ci 8488c2ecf20Sopenharmony_ci rcu_read_unlock(); 8498c2ecf20Sopenharmony_ci nla_nest_end(skb, start); 8508c2ecf20Sopenharmony_ci return 0; 8518c2ecf20Sopenharmony_ci 8528c2ecf20Sopenharmony_cinla_failure: 8538c2ecf20Sopenharmony_ci rcu_read_unlock(); 8548c2ecf20Sopenharmony_ci nla_nest_cancel(skb, start); 8558c2ecf20Sopenharmony_ci return err; 8568c2ecf20Sopenharmony_ci} 8578c2ecf20Sopenharmony_ci 8588c2ecf20Sopenharmony_cistatic size_t tls_get_info_size(const struct sock *sk) 8598c2ecf20Sopenharmony_ci{ 8608c2ecf20Sopenharmony_ci size_t size = 0; 8618c2ecf20Sopenharmony_ci 8628c2ecf20Sopenharmony_ci size += nla_total_size(0) + /* INET_ULP_INFO_TLS */ 8638c2ecf20Sopenharmony_ci nla_total_size(sizeof(u16)) + /* TLS_INFO_VERSION */ 8648c2ecf20Sopenharmony_ci nla_total_size(sizeof(u16)) + /* TLS_INFO_CIPHER */ 8658c2ecf20Sopenharmony_ci nla_total_size(sizeof(u16)) + /* TLS_INFO_RXCONF */ 8668c2ecf20Sopenharmony_ci nla_total_size(sizeof(u16)) + /* TLS_INFO_TXCONF */ 8678c2ecf20Sopenharmony_ci 0; 8688c2ecf20Sopenharmony_ci 8698c2ecf20Sopenharmony_ci return size; 8708c2ecf20Sopenharmony_ci} 8718c2ecf20Sopenharmony_ci 8728c2ecf20Sopenharmony_cistatic int __net_init tls_init_net(struct net *net) 8738c2ecf20Sopenharmony_ci{ 8748c2ecf20Sopenharmony_ci int err; 8758c2ecf20Sopenharmony_ci 8768c2ecf20Sopenharmony_ci net->mib.tls_statistics = alloc_percpu(struct linux_tls_mib); 8778c2ecf20Sopenharmony_ci if (!net->mib.tls_statistics) 8788c2ecf20Sopenharmony_ci return -ENOMEM; 8798c2ecf20Sopenharmony_ci 8808c2ecf20Sopenharmony_ci err = tls_proc_init(net); 8818c2ecf20Sopenharmony_ci if (err) 8828c2ecf20Sopenharmony_ci goto err_free_stats; 8838c2ecf20Sopenharmony_ci 8848c2ecf20Sopenharmony_ci return 0; 8858c2ecf20Sopenharmony_cierr_free_stats: 8868c2ecf20Sopenharmony_ci free_percpu(net->mib.tls_statistics); 8878c2ecf20Sopenharmony_ci return err; 8888c2ecf20Sopenharmony_ci} 8898c2ecf20Sopenharmony_ci 8908c2ecf20Sopenharmony_cistatic void __net_exit tls_exit_net(struct net *net) 8918c2ecf20Sopenharmony_ci{ 8928c2ecf20Sopenharmony_ci tls_proc_fini(net); 8938c2ecf20Sopenharmony_ci free_percpu(net->mib.tls_statistics); 8948c2ecf20Sopenharmony_ci} 8958c2ecf20Sopenharmony_ci 8968c2ecf20Sopenharmony_cistatic struct pernet_operations tls_proc_ops = { 8978c2ecf20Sopenharmony_ci .init = tls_init_net, 8988c2ecf20Sopenharmony_ci .exit = tls_exit_net, 8998c2ecf20Sopenharmony_ci}; 9008c2ecf20Sopenharmony_ci 9018c2ecf20Sopenharmony_cistatic struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = { 9028c2ecf20Sopenharmony_ci .name = "tls", 9038c2ecf20Sopenharmony_ci .owner = THIS_MODULE, 9048c2ecf20Sopenharmony_ci .init = tls_init, 9058c2ecf20Sopenharmony_ci .update = tls_update, 9068c2ecf20Sopenharmony_ci .get_info = tls_get_info, 9078c2ecf20Sopenharmony_ci .get_info_size = tls_get_info_size, 9088c2ecf20Sopenharmony_ci}; 9098c2ecf20Sopenharmony_ci 9108c2ecf20Sopenharmony_cistatic int __init tls_register(void) 9118c2ecf20Sopenharmony_ci{ 9128c2ecf20Sopenharmony_ci int err; 9138c2ecf20Sopenharmony_ci 9148c2ecf20Sopenharmony_ci err = register_pernet_subsys(&tls_proc_ops); 9158c2ecf20Sopenharmony_ci if (err) 9168c2ecf20Sopenharmony_ci return err; 9178c2ecf20Sopenharmony_ci 9188c2ecf20Sopenharmony_ci err = tls_device_init(); 9198c2ecf20Sopenharmony_ci if (err) { 9208c2ecf20Sopenharmony_ci unregister_pernet_subsys(&tls_proc_ops); 9218c2ecf20Sopenharmony_ci return err; 9228c2ecf20Sopenharmony_ci } 9238c2ecf20Sopenharmony_ci 9248c2ecf20Sopenharmony_ci tcp_register_ulp(&tcp_tls_ulp_ops); 9258c2ecf20Sopenharmony_ci 9268c2ecf20Sopenharmony_ci return 0; 9278c2ecf20Sopenharmony_ci} 9288c2ecf20Sopenharmony_ci 9298c2ecf20Sopenharmony_cistatic void __exit tls_unregister(void) 9308c2ecf20Sopenharmony_ci{ 9318c2ecf20Sopenharmony_ci tcp_unregister_ulp(&tcp_tls_ulp_ops); 9328c2ecf20Sopenharmony_ci tls_device_cleanup(); 9338c2ecf20Sopenharmony_ci unregister_pernet_subsys(&tls_proc_ops); 9348c2ecf20Sopenharmony_ci} 9358c2ecf20Sopenharmony_ci 9368c2ecf20Sopenharmony_cimodule_init(tls_register); 9378c2ecf20Sopenharmony_cimodule_exit(tls_unregister); 938