diff options
Diffstat (limited to 'lib/system/ktls.c')
-rw-r--r-- | lib/system/ktls.c | 420 |
1 files changed, 420 insertions, 0 deletions
diff --git a/lib/system/ktls.c b/lib/system/ktls.c new file mode 100644 index 0000000000..7ab1d3215d --- /dev/null +++ b/lib/system/ktls.c @@ -0,0 +1,420 @@ +/* + * Copyright (C) 2021 Free Software Foundation, Inc. + * + * Author: Fratnišek Krenželok + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + * + */ + +#include "config.h" +#include "system/ktls.h" + +#ifdef ENABLE_KTLS + +#include <linux/tls.h> +#include <record.h> +#include <sys/socket.h> +#include <netinet/tcp.h> +#include <unistd.h> +#include <errno.h> +#include "ext/session_ticket.h" + +/** + * gnutls_transport_set_ktls: + * @session: is a #gnutls_session_t type. + * @sockin: is a socket descriptor. + * @sockout: is a socket descriptor. + * + * Enables Kernel TLS for the @session + * Requieres `tls` kernel module and + * gnutls configuration with `--enable-ktls` + * + * Returns: 0 on success error otherwise + * + * Since: 3.7.2 + **/ +int _gnutls_ktls_enable(gnutls_session_t session, int sockin, int sockout) +{ + if (setsockopt(sockin, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) < 0) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + + session->internals.recv_fd = sockin; + session->internals.send_fd = sockin; + + if (sockin != sockout){ + if (setsockopt(sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) < 0) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + session->internals.send_fd = sockout; + } + + session->internals.ktls_enabled = 1; + return 0; +} + +int _gnutls_ktls_set_keys(gnutls_session_t session) +{ + gnutls_cipher_algorithm_t cipher = gnutls_cipher_get(session); + gnutls_datum_t mac_key; + gnutls_datum_t iv; + gnutls_datum_t cipher_key; + unsigned char seq_number[8]; + int ret; + + session->internals.ktls_enabled = 0; + + /* check whether or not cipher suite supports ktls + */ + int version = gnutls_protocol_get_version(session); + if ((version != GNUTLS_TLS1_3 && version != GNUTLS_TLS1_2) || + (gnutls_cipher_get(session) != GNUTLS_CIPHER_AES_128_GCM && + gnutls_cipher_get(session) != GNUTLS_CIPHER_AES_256_GCM)) { + return GNUTLS_E_UNIMPLEMENTED_FEATURE; + } + + version = (version == GNUTLS_TLS1_2) ? TLS_1_2_VERSION : TLS_1_3_VERSION; + + ret = gnutls_record_get_state(session, 1, &mac_key, &iv, &cipher_key, + seq_number); + if (ret < 0) { + return ret; + } + + switch (cipher) { + case GNUTLS_CIPHER_AES_128_GCM: + { + struct tls12_crypto_info_aes_gcm_128 crypto_info; + + crypto_info.info.version = version; + crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; + + assert(cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE); + + /* for TLS 1.2 IV is generated in kernel */ + if (version == TLS_1_2_VERSION) { + assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE); + } else { + assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE + + TLS_CIPHER_AES_GCM_128_IV_SIZE); + + memcpy(crypto_info.iv, iv.data + + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + TLS_CIPHER_AES_GCM_128_IV_SIZE); + } + + memcpy(crypto_info.salt, iv.data, + TLS_CIPHER_AES_GCM_128_SALT_SIZE); + memcpy(crypto_info.rec_seq, seq_number, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(crypto_info.key, cipher_key.data, + TLS_CIPHER_AES_GCM_128_KEY_SIZE); + + if (setsockopt(session->internals.recv_fd, SOL_TLS, TLS_RX, + &crypto_info, sizeof (crypto_info))) { + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } + } + break; + case GNUTLS_CIPHER_AES_256_GCM: + { + struct tls12_crypto_info_aes_gcm_256 crypto_info; + + crypto_info.info.version = version; + crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256; + + assert(cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE); + + /* for TLS 1.2 IV is generated in kernel */ + if (version == TLS_1_2_VERSION) { + assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE); + } else { + assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE + + TLS_CIPHER_AES_GCM_256_IV_SIZE); + + memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE, + TLS_CIPHER_AES_GCM_256_IV_SIZE); + } + + memcpy(crypto_info.salt, iv.data, + TLS_CIPHER_AES_GCM_256_SALT_SIZE); + memcpy(crypto_info.rec_seq, seq_number, + TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); + memcpy(crypto_info.key, cipher_key.data, + TLS_CIPHER_AES_GCM_256_KEY_SIZE); + + if (setsockopt(session->internals.recv_fd, SOL_TLS, TLS_RX, + &crypto_info, sizeof(crypto_info))) { + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } + } + break; + default: + assert(0); + } + + ret = gnutls_record_get_state(session, 0, &mac_key, &iv, &cipher_key, + seq_number); + if (ret < 0) { + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } + + switch (cipher) { + case GNUTLS_CIPHER_AES_128_GCM: + { + struct tls12_crypto_info_aes_gcm_128 crypto_info; + + crypto_info.info.version = version; + crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; + + assert(cipher_key.size == TLS_CIPHER_AES_GCM_128_KEY_SIZE); + + /* for TLS 1.2 IV is generated in kernel */ + if (version == TLS_1_2_VERSION) { + assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE); + } else { + assert(iv.size == TLS_CIPHER_AES_GCM_128_SALT_SIZE + + TLS_CIPHER_AES_GCM_128_IV_SIZE); + + memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_128_SALT_SIZE, + TLS_CIPHER_AES_GCM_128_IV_SIZE); + } + + memcpy(crypto_info.salt, iv.data, + TLS_CIPHER_AES_GCM_128_SALT_SIZE); + memcpy(crypto_info.rec_seq, seq_number, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(crypto_info.key, cipher_key.data, + TLS_CIPHER_AES_GCM_128_KEY_SIZE); + + if (setsockopt(session->internals.send_fd, SOL_TLS, TLS_TX, + &crypto_info, sizeof(crypto_info))) { + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } + } + break; + case GNUTLS_CIPHER_AES_256_GCM: + { + struct tls12_crypto_info_aes_gcm_256 crypto_info; + + crypto_info.info.version = version; + crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_256; + assert(cipher_key.size == TLS_CIPHER_AES_GCM_256_KEY_SIZE); + + /* for TLS 1.2 IV is generated in kernel */ + if (version == TLS_1_2_VERSION) { + assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE); + } else { + assert(iv.size == TLS_CIPHER_AES_GCM_256_SALT_SIZE + + TLS_CIPHER_AES_GCM_256_IV_SIZE); + + memcpy(crypto_info.iv, iv.data + TLS_CIPHER_AES_GCM_256_SALT_SIZE, + TLS_CIPHER_AES_GCM_256_IV_SIZE); + } + + memcpy(crypto_info.salt, iv.data, + TLS_CIPHER_AES_GCM_256_SALT_SIZE); + memcpy(crypto_info.rec_seq, seq_number, + TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); + memcpy(crypto_info.key, cipher_key.data, + TLS_CIPHER_AES_GCM_256_KEY_SIZE); + + if (setsockopt(session->internals.send_fd, SOL_TLS, TLS_TX, + &crypto_info, sizeof(crypto_info))) { + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } + } + break; + default: + assert(0); + + } + + session->internals.ktls_enabled = 1; + return 0; +} + +int _gnutls_ktls_send_control_msg(gnutls_session_t session, + unsigned char record_type, const void *data, size_t data_size) +{ + const char *buf = data; + ssize_t ret; + + assert(session != NULL); + + while (data_size > 0) { + char cmsg[CMSG_SPACE(sizeof (unsigned char))]; + struct msghdr msg = { 0 }; + struct iovec msg_iov; /* Vector of data to send/receive into. */ + struct cmsghdr *hdr; + + msg.msg_control = cmsg; + msg.msg_controllen = sizeof cmsg; + + hdr = CMSG_FIRSTHDR(&msg); + hdr->cmsg_level = SOL_TLS; + hdr->cmsg_type = TLS_SET_RECORD_TYPE; + hdr->cmsg_len = CMSG_LEN(sizeof (unsigned char)); + + // construct record header + *CMSG_DATA(hdr) = record_type; + msg.msg_controllen = hdr->cmsg_len; + + msg_iov.iov_base = (void *)buf; + msg_iov.iov_len = data_size; + + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + ret = sendmsg(session->internals.send_fd, &msg, MSG_DONTWAIT); + + if (ret == -1) { + switch (errno) { + case EINTR: + return GNUTLS_E_INTERRUPTED; + case EAGAIN: + return GNUTLS_E_AGAIN; + default: + return GNUTLS_E_PUSH_ERROR; + } + } + + buf += ret; + data_size -= ret; + } + + return 0; +} + +int _gnutls_ktls_recv_control_msg(gnutls_session_t session, + unsigned char *record_type, void *data, size_t data_size) +{ + char *buf = data; + ssize_t ret; + + char cmsg[CMSG_SPACE(sizeof (unsigned char))]; + struct msghdr msg = { 0 }; + struct iovec msg_iov; + struct cmsghdr *hdr; + + assert(session != NULL); + + if (session->internals.read_eof != 0) { + return 0; + } else if (session->internals.invalid_connection != 0 || + session->internals.may_not_read != 0) + return GNUTLS_E_INVALID_SESSION; + + /* receive message */ + msg.msg_control = cmsg; + msg.msg_controllen = sizeof cmsg; + + msg_iov.iov_base = buf; + msg_iov.iov_len = data_size; + + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + ret = recvmsg(session->internals.recv_fd, &msg, MSG_DONTWAIT); + + if (ret == -1){ + switch(errno){ + case EAGAIN: + return GNUTLS_E_AGAIN; + case EINVAL: + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; + case EMSGSIZE: + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + case EBADMSG: + return GNUTLS_E_DECRYPTION_FAILED; + default: + return GNUTLS_E_PULL_ERROR; + } + } + + /* connection closed */ + if (ret == 0) + return 0; + + /* get record type from header */ + hdr = CMSG_FIRSTHDR(&msg); + if (hdr == NULL){ + return GNUTLS_E_PULL_ERROR; + } + if (hdr->cmsg_level == SOL_TLS && hdr->cmsg_type == TLS_GET_RECORD_TYPE) + *record_type = *(unsigned char *)CMSG_DATA(hdr); + else + *record_type = GNUTLS_APPLICATION_DATA; + + return ret; +} + +int _gnutls_ktls_recv_int(gnutls_session_t session, content_type_t type, + void *data, size_t data_size) +{ + unsigned char record_type; + int ret; + + ret = _gnutls_ktls_recv_control_msg(session, + &record_type, data, data_size); + + if (ret > 0) { + switch (record_type){ + case GNUTLS_CHANGE_CIPHER_SPEC: + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + break; + case GNUTLS_ALERT: + session_invalidate(session); + ret = 0; + break; + case GNUTLS_HANDSHAKE: + // ignore post-handshake messages + if (type != record_type) + return GNUTLS_E_AGAIN; + break; + case GNUTLS_APPLICATION_DATA: + if (type != record_type) + ret = GNUTLS_E_GOT_APPLICATION_DATA; + break; + case GNUTLS_HEARTBEAT: + break; + default: + gnutls_assert(); + return GNUTLS_E_UNEXPECTED_PACKET; + } + } + return ret; +} + +#else //ENABLE_KTLS + +int _gnutls_ktls_enable(gnutls_session_t session, int sockin, int sockout){ + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); +} + +int _gnutls_ktls_set_keys(gnutls_session_t session) { + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); +} + +int _gnutls_ktls_send_control_msg(gnutls_session_t session, + unsigned char record_type, const void *data, size_t data_size) { + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); +} + +int _gnutls_ktls_recv_int(gnutls_session_t session, content_type_t type, void *data, size_t data_size) { + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); +} + +#endif //ENABLE_KTLS |