ktls.h 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410
  1. /*
  2. * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #if defined(OPENSSL_SYS_LINUX)
  10. # ifndef OPENSSL_NO_KTLS
  11. # include <linux/version.h>
  12. # if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)
  13. # define OPENSSL_NO_KTLS
  14. # ifndef PEDANTIC
  15. # warning "KTLS requires Kernel Headers >= 4.13.0"
  16. # warning "Skipping Compilation of KTLS"
  17. # endif
  18. # endif
  19. # endif
  20. #endif
  21. #ifndef HEADER_INTERNAL_KTLS
  22. # define HEADER_INTERNAL_KTLS
  23. # pragma once
  24. # ifndef OPENSSL_NO_KTLS
  25. # if defined(__FreeBSD__)
  26. # include <sys/types.h>
  27. # include <sys/socket.h>
  28. # include <sys/ktls.h>
  29. # include <netinet/in.h>
  30. # include <netinet/tcp.h>
  31. # include <openssl/ssl3.h>
  32. # ifndef TCP_RXTLS_ENABLE
  33. # define OPENSSL_NO_KTLS_RX
  34. # endif
  35. # define OPENSSL_KTLS_AES_GCM_128
  36. # define OPENSSL_KTLS_AES_GCM_256
  37. # define OPENSSL_KTLS_TLS13
  38. /*
  39. * Only used by the tests in sslapitest.c.
  40. */
  41. # define TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE 8
  42. # define TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE 8
  43. typedef struct tls_enable ktls_crypto_info_t;
  44. /*
  45. * FreeBSD does not require any additional steps to enable KTLS before
  46. * setting keys.
  47. */
  48. static ossl_inline int ktls_enable(int fd)
  49. {
  50. return 1;
  51. }
  52. /*
  53. * The TCP_TXTLS_ENABLE socket option marks the outgoing socket buffer
  54. * as using TLS. If successful, then data sent using this socket will
  55. * be encrypted and encapsulated in TLS records using the tls_en
  56. * provided here.
  57. *
  58. * The TCP_RXTLS_ENABLE socket option marks the incoming socket buffer
  59. * as using TLS. If successful, then data received for this socket will
  60. * be authenticated and decrypted using the tls_en provided here.
  61. */
  62. static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *tls_en, int is_tx)
  63. {
  64. if (is_tx)
  65. return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE,
  66. tls_en, sizeof(*tls_en)) ? 0 : 1;
  67. # ifndef OPENSSL_NO_KTLS_RX
  68. return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en,
  69. sizeof(*tls_en)) ? 0 : 1;
  70. # else
  71. return 0;
  72. # endif
  73. }
  74. /*
  75. * Send a TLS record using the tls_en provided in ktls_start and use
  76. * record_type instead of the default SSL3_RT_APPLICATION_DATA.
  77. * When the socket is non-blocking, then this call either returns EAGAIN or
  78. * the entire record is pushed to TCP. It is impossible to send a partial
  79. * record using this control message.
  80. */
  81. static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type,
  82. const void *data, size_t length)
  83. {
  84. struct msghdr msg = { 0 };
  85. int cmsg_len = sizeof(record_type);
  86. struct cmsghdr *cmsg;
  87. char buf[CMSG_SPACE(cmsg_len)];
  88. struct iovec msg_iov; /* Vector of data to send/receive into */
  89. msg.msg_control = buf;
  90. msg.msg_controllen = sizeof(buf);
  91. cmsg = CMSG_FIRSTHDR(&msg);
  92. cmsg->cmsg_level = IPPROTO_TCP;
  93. cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
  94. cmsg->cmsg_len = CMSG_LEN(cmsg_len);
  95. *((unsigned char *)CMSG_DATA(cmsg)) = record_type;
  96. msg.msg_controllen = cmsg->cmsg_len;
  97. msg_iov.iov_base = (void *)data;
  98. msg_iov.iov_len = length;
  99. msg.msg_iov = &msg_iov;
  100. msg.msg_iovlen = 1;
  101. return sendmsg(fd, &msg, 0);
  102. }
  103. # ifdef OPENSSL_NO_KTLS_RX
  104. static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
  105. {
  106. return -1;
  107. }
  108. # else /* !defined(OPENSSL_NO_KTLS_RX) */
  109. /*
  110. * Receive a TLS record using the tls_en provided in ktls_start. The
  111. * kernel strips any explicit IV and authentication tag, but provides
  112. * the TLS record header via a control message. If there is an error
  113. * with the TLS record such as an invalid header, invalid padding, or
  114. * authentication failure recvmsg() will fail with an error.
  115. */
  116. static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
  117. {
  118. struct msghdr msg = { 0 };
  119. int cmsg_len = sizeof(struct tls_get_record);
  120. struct tls_get_record *tgr;
  121. struct cmsghdr *cmsg;
  122. char buf[CMSG_SPACE(cmsg_len)];
  123. struct iovec msg_iov; /* Vector of data to send/receive into */
  124. int ret;
  125. unsigned char *p = data;
  126. const size_t prepend_length = SSL3_RT_HEADER_LENGTH;
  127. if (length <= prepend_length) {
  128. errno = EINVAL;
  129. return -1;
  130. }
  131. msg.msg_control = buf;
  132. msg.msg_controllen = sizeof(buf);
  133. msg_iov.iov_base = p + prepend_length;
  134. msg_iov.iov_len = length - prepend_length;
  135. msg.msg_iov = &msg_iov;
  136. msg.msg_iovlen = 1;
  137. ret = recvmsg(fd, &msg, 0);
  138. if (ret <= 0)
  139. return ret;
  140. if ((msg.msg_flags & (MSG_EOR | MSG_CTRUNC)) != MSG_EOR) {
  141. errno = EMSGSIZE;
  142. return -1;
  143. }
  144. if (msg.msg_controllen == 0) {
  145. errno = EBADMSG;
  146. return -1;
  147. }
  148. cmsg = CMSG_FIRSTHDR(&msg);
  149. if (cmsg->cmsg_level != IPPROTO_TCP || cmsg->cmsg_type != TLS_GET_RECORD
  150. || cmsg->cmsg_len != CMSG_LEN(cmsg_len)) {
  151. errno = EBADMSG;
  152. return -1;
  153. }
  154. tgr = (struct tls_get_record *)CMSG_DATA(cmsg);
  155. p[0] = tgr->tls_type;
  156. p[1] = tgr->tls_vmajor;
  157. p[2] = tgr->tls_vminor;
  158. *(uint16_t *)(p + 3) = htons(ret);
  159. return ret + prepend_length;
  160. }
  161. # endif /* OPENSSL_NO_KTLS_RX */
  162. /*
  163. * KTLS enables the sendfile system call to send data from a file over
  164. * TLS.
  165. */
  166. static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off,
  167. size_t size, int flags)
  168. {
  169. off_t sbytes = 0;
  170. int ret;
  171. ret = sendfile(fd, s, off, size, NULL, &sbytes, flags);
  172. if (ret == -1 && sbytes == 0)
  173. return -1;
  174. return sbytes;
  175. }
  176. # endif /* __FreeBSD__ */
  177. # if defined(OPENSSL_SYS_LINUX)
  178. # include <linux/tls.h>
  179. # if LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0)
  180. # define OPENSSL_NO_KTLS_RX
  181. # ifndef PEDANTIC
  182. # warning "KTLS requires Kernel Headers >= 4.17.0 for receiving"
  183. # warning "Skipping Compilation of KTLS receive data path"
  184. # endif
  185. # endif
  186. # define OPENSSL_KTLS_AES_GCM_128
  187. # if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
  188. # define OPENSSL_KTLS_AES_GCM_256
  189. # define OPENSSL_KTLS_TLS13
  190. # if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0)
  191. # define OPENSSL_KTLS_AES_CCM_128
  192. # if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 11, 0)
  193. # ifndef OPENSSL_NO_CHACHA
  194. # define OPENSSL_KTLS_CHACHA20_POLY1305
  195. # endif
  196. # endif
  197. # endif
  198. # endif
  199. # include <sys/sendfile.h>
  200. # include <netinet/tcp.h>
  201. # include <linux/socket.h>
  202. # include <openssl/ssl3.h>
  203. # include <openssl/tls1.h>
  204. # include <openssl/evp.h>
  205. # ifndef SOL_TLS
  206. # define SOL_TLS 282
  207. # endif
  208. # ifndef TCP_ULP
  209. # define TCP_ULP 31
  210. # endif
  211. # ifndef TLS_RX
  212. # define TLS_RX 2
  213. # endif
  214. struct tls_crypto_info_all {
  215. union {
  216. # ifdef OPENSSL_KTLS_AES_GCM_128
  217. struct tls12_crypto_info_aes_gcm_128 gcm128;
  218. # endif
  219. # ifdef OPENSSL_KTLS_AES_GCM_256
  220. struct tls12_crypto_info_aes_gcm_256 gcm256;
  221. # endif
  222. # ifdef OPENSSL_KTLS_AES_CCM_128
  223. struct tls12_crypto_info_aes_ccm_128 ccm128;
  224. # endif
  225. # ifdef OPENSSL_KTLS_CHACHA20_POLY1305
  226. struct tls12_crypto_info_chacha20_poly1305 chacha20poly1305;
  227. # endif
  228. };
  229. size_t tls_crypto_info_len;
  230. };
  231. typedef struct tls_crypto_info_all ktls_crypto_info_t;
  232. /*
  233. * When successful, this socket option doesn't change the behaviour of the
  234. * TCP socket, except changing the TCP setsockopt handler to enable the
  235. * processing of SOL_TLS socket options. All other functionality remains the
  236. * same.
  237. */
  238. static ossl_inline int ktls_enable(int fd)
  239. {
  240. return setsockopt(fd, SOL_TCP, TCP_ULP, "tls", sizeof("tls")) ? 0 : 1;
  241. }
  242. /*
  243. * The TLS_TX socket option changes the send/sendmsg handlers of the TCP socket.
  244. * If successful, then data sent using this socket will be encrypted and
  245. * encapsulated in TLS records using the crypto_info provided here.
  246. * The TLS_RX socket option changes the recv/recvmsg handlers of the TCP socket.
  247. * If successful, then data received using this socket will be decrypted,
  248. * authenticated and decapsulated using the crypto_info provided here.
  249. */
  250. static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info,
  251. int is_tx)
  252. {
  253. return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX,
  254. crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1;
  255. }
  256. /*
  257. * Send a TLS record using the crypto_info provided in ktls_start and use
  258. * record_type instead of the default SSL3_RT_APPLICATION_DATA.
  259. * When the socket is non-blocking, then this call either returns EAGAIN or
  260. * the entire record is pushed to TCP. It is impossible to send a partial
  261. * record using this control message.
  262. */
  263. static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type,
  264. const void *data, size_t length)
  265. {
  266. struct msghdr msg;
  267. int cmsg_len = sizeof(record_type);
  268. struct cmsghdr *cmsg;
  269. union {
  270. struct cmsghdr hdr;
  271. char buf[CMSG_SPACE(sizeof(unsigned char))];
  272. } cmsgbuf;
  273. struct iovec msg_iov; /* Vector of data to send/receive into */
  274. memset(&msg, 0, sizeof(msg));
  275. msg.msg_control = cmsgbuf.buf;
  276. msg.msg_controllen = sizeof(cmsgbuf.buf);
  277. cmsg = CMSG_FIRSTHDR(&msg);
  278. cmsg->cmsg_level = SOL_TLS;
  279. cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
  280. cmsg->cmsg_len = CMSG_LEN(cmsg_len);
  281. *((unsigned char *)CMSG_DATA(cmsg)) = record_type;
  282. msg.msg_controllen = cmsg->cmsg_len;
  283. msg_iov.iov_base = (void *)data;
  284. msg_iov.iov_len = length;
  285. msg.msg_iov = &msg_iov;
  286. msg.msg_iovlen = 1;
  287. return sendmsg(fd, &msg, 0);
  288. }
  289. /*
  290. * KTLS enables the sendfile system call to send data from a file over TLS.
  291. * @flags are ignored on Linux. (placeholder for FreeBSD sendfile)
  292. * */
  293. static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, size_t size, int flags)
  294. {
  295. return sendfile(s, fd, &off, size);
  296. }
  297. # ifdef OPENSSL_NO_KTLS_RX
  298. static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
  299. {
  300. return -1;
  301. }
  302. # else /* !defined(OPENSSL_NO_KTLS_RX) */
  303. /*
  304. * Receive a TLS record using the crypto_info provided in ktls_start.
  305. * The kernel strips the TLS record header, IV and authentication tag,
  306. * returning only the plaintext data or an error on failure.
  307. * We add the TLS record header here to satisfy routines in rec_layer_s3.c
  308. */
  309. static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
  310. {
  311. struct msghdr msg;
  312. struct cmsghdr *cmsg;
  313. union {
  314. struct cmsghdr hdr;
  315. char buf[CMSG_SPACE(sizeof(unsigned char))];
  316. } cmsgbuf;
  317. struct iovec msg_iov;
  318. int ret;
  319. unsigned char *p = data;
  320. const size_t prepend_length = SSL3_RT_HEADER_LENGTH;
  321. if (length < prepend_length + EVP_GCM_TLS_TAG_LEN) {
  322. errno = EINVAL;
  323. return -1;
  324. }
  325. memset(&msg, 0, sizeof(msg));
  326. msg.msg_control = cmsgbuf.buf;
  327. msg.msg_controllen = sizeof(cmsgbuf.buf);
  328. msg_iov.iov_base = p + prepend_length;
  329. msg_iov.iov_len = length - prepend_length - EVP_GCM_TLS_TAG_LEN;
  330. msg.msg_iov = &msg_iov;
  331. msg.msg_iovlen = 1;
  332. ret = recvmsg(fd, &msg, 0);
  333. if (ret < 0)
  334. return ret;
  335. if (msg.msg_controllen > 0) {
  336. cmsg = CMSG_FIRSTHDR(&msg);
  337. if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
  338. p[0] = *((unsigned char *)CMSG_DATA(cmsg));
  339. p[1] = TLS1_2_VERSION_MAJOR;
  340. p[2] = TLS1_2_VERSION_MINOR;
  341. /* returned length is limited to msg_iov.iov_len above */
  342. p[3] = (ret >> 8) & 0xff;
  343. p[4] = ret & 0xff;
  344. ret += prepend_length;
  345. }
  346. }
  347. return ret;
  348. }
  349. # endif /* OPENSSL_NO_KTLS_RX */
  350. # endif /* OPENSSL_SYS_LINUX */
  351. # endif /* OPENSSL_NO_KTLS */
  352. #endif /* HEADER_INTERNAL_KTLS */