ktls: define struct xktls_session and converter from ktls_session into external representation
Reviewed by: jhb (previous version), markj Sponsored by: NVidia networking Differential revision: https://reviews.freebsd.org/D50653
This commit is contained in:
@@ -3447,3 +3447,56 @@ ktls_disable_ifnet(void *arg)
|
||||
TASK_INIT(&tls->disable_ifnet_task, 0, ktls_disable_ifnet_help, tls);
|
||||
(void)taskqueue_enqueue(taskqueue_thread, &tls->disable_ifnet_task);
|
||||
}
|
||||
|
||||
void
|
||||
ktls_session_to_xktls_onedir(const struct ktls_session *ktls, bool export_keys,
|
||||
struct xktls_session_onedir *xk)
|
||||
{
|
||||
if_t ifp;
|
||||
struct m_snd_tag *st;
|
||||
|
||||
xk->gen = ktls->gen;
|
||||
#define A(m) xk->m = ktls->params.m
|
||||
A(cipher_algorithm);
|
||||
A(auth_algorithm);
|
||||
A(cipher_key_len);
|
||||
A(auth_key_len);
|
||||
A(max_frame_len);
|
||||
A(tls_vmajor);
|
||||
A(tls_vminor);
|
||||
A(tls_hlen);
|
||||
A(tls_tlen);
|
||||
A(tls_bs);
|
||||
A(flags);
|
||||
if (export_keys) {
|
||||
memcpy(&xk->iv, &ktls->params.iv, XKTLS_SESSION_IV_BUF_LEN);
|
||||
A(iv_len);
|
||||
} else {
|
||||
memset(&xk->iv, 0, XKTLS_SESSION_IV_BUF_LEN);
|
||||
xk->iv_len = 0;
|
||||
}
|
||||
#undef A
|
||||
if ((st = ktls->snd_tag) != NULL &&
|
||||
(ifp = ktls->snd_tag->ifp) != NULL)
|
||||
strncpy(xk->ifnet, if_name(ifp), sizeof(xk->ifnet));
|
||||
}
|
||||
|
||||
void
|
||||
ktls_session_copy_keys(const struct ktls_session *ktls,
|
||||
uint8_t *data, size_t *sz)
|
||||
{
|
||||
size_t t, ta, tc;
|
||||
|
||||
if (ktls == NULL) {
|
||||
*sz = 0;
|
||||
return;
|
||||
}
|
||||
t = *sz;
|
||||
tc = MIN(t, ktls->params.cipher_key_len);
|
||||
if (data != NULL)
|
||||
memcpy(data, ktls->params.cipher_key, tc);
|
||||
ta = MIN(t - tc, ktls->params.auth_key_len);
|
||||
if (data != NULL)
|
||||
memcpy(data + tc, ktls->params.auth_key, ta);
|
||||
*sz = ta + tc;
|
||||
}
|
||||
|
||||
@@ -303,6 +303,30 @@ struct sockopt_parameters {
|
||||
char sop_optval[];
|
||||
};
|
||||
|
||||
#ifdef _SYS_KTLS_H_
|
||||
struct xktls_session {
|
||||
uint32_t tsz; /* total sz of elm, next elm is at this+tsz */
|
||||
uint32_t fsz; /* size of the struct up to keys */
|
||||
uint64_t inp_gencnt;
|
||||
kvaddr_t so_pcb;
|
||||
struct in_conninfo coninf;
|
||||
u_short rx_vlan_id;
|
||||
struct xktls_session_onedir rcv;
|
||||
struct xktls_session_onedir snd;
|
||||
/*
|
||||
* Next are
|
||||
* - keydata for rcv, first cipher of length rcv.cipher_key_len, then
|
||||
* authentication of length rcv.auth_key_len;
|
||||
* - driver data (string) of length rcv.drv_st_len, if the rcv session is
|
||||
* offloaded to ifnet rcv.ifnet;
|
||||
* - keydata for snd, first cipher of length snd.cipher_key_len, then
|
||||
* authentication of length snd.auth_key_len;
|
||||
* - driver data (string) of length snd.drv_st_len, if the snd session is
|
||||
* offloaded to ifnet snd.ifnet;
|
||||
*/
|
||||
};
|
||||
#endif /* _SYS_KTLS_H_ */
|
||||
|
||||
#ifdef _KERNEL
|
||||
int sysctl_setsockopt(SYSCTL_HANDLER_ARGS, struct inpcbinfo *pcbinfo,
|
||||
int (*ctloutput_set)(struct inpcb *, struct sockopt *));
|
||||
|
||||
@@ -145,6 +145,28 @@ struct tls_get_record {
|
||||
uint16_t tls_length;
|
||||
};
|
||||
|
||||
#define XKTLS_SESSION_IV_BUF_LEN 32
|
||||
struct xktls_session_onedir {
|
||||
uint64_t gen;
|
||||
uint64_t rsrv1[8];
|
||||
uint32_t rsrv2[8];
|
||||
uint8_t iv[XKTLS_SESSION_IV_BUF_LEN];
|
||||
int cipher_algorithm;
|
||||
int auth_algorithm;
|
||||
uint16_t cipher_key_len;
|
||||
uint16_t iv_len;
|
||||
uint16_t auth_key_len;
|
||||
uint16_t max_frame_len;
|
||||
uint8_t tls_vmajor;
|
||||
uint8_t tls_vminor;
|
||||
uint8_t tls_hlen;
|
||||
uint8_t tls_tlen;
|
||||
uint8_t tls_bs;
|
||||
uint8_t flags;
|
||||
uint16_t drv_st_len;
|
||||
char ifnet[16]; /* IFNAMSIZ */
|
||||
};
|
||||
|
||||
#ifdef _KERNEL
|
||||
|
||||
struct tls_session_params {
|
||||
@@ -267,5 +289,10 @@ ktls_session_genvis(const struct ktls_session *ks, uint64_t gen)
|
||||
return (ks != NULL && ks->gen <= gen);
|
||||
}
|
||||
|
||||
void ktls_session_to_xktls_onedir(const struct ktls_session *ks,
|
||||
bool export_keys, struct xktls_session_onedir *xktls_od);
|
||||
void ktls_session_copy_keys(const struct ktls_session *ktls,
|
||||
uint8_t *data, size_t *sz);
|
||||
|
||||
#endif /* !_KERNEL */
|
||||
#endif /* !_SYS_KTLS_H_ */
|
||||
|
||||
Reference in New Issue
Block a user