ktls: define struct xktls_session and converter from ktls_session into external representation

Reviewed by:	jhb (previous version), markj
Sponsored by:	NVidia networking
Differential revision:	https://reviews.freebsd.org/D50653
This commit is contained in:
Konstantin Belousov
2025-05-20 11:06:23 +03:00
parent b471d23a6a
commit c9e9a0fe5b
3 changed files with 104 additions and 0 deletions
+53
View File
@@ -3447,3 +3447,56 @@ ktls_disable_ifnet(void *arg)
TASK_INIT(&tls->disable_ifnet_task, 0, ktls_disable_ifnet_help, tls);
(void)taskqueue_enqueue(taskqueue_thread, &tls->disable_ifnet_task);
}
void
ktls_session_to_xktls_onedir(const struct ktls_session *ktls, bool export_keys,
struct xktls_session_onedir *xk)
{
if_t ifp;
struct m_snd_tag *st;
xk->gen = ktls->gen;
#define A(m) xk->m = ktls->params.m
A(cipher_algorithm);
A(auth_algorithm);
A(cipher_key_len);
A(auth_key_len);
A(max_frame_len);
A(tls_vmajor);
A(tls_vminor);
A(tls_hlen);
A(tls_tlen);
A(tls_bs);
A(flags);
if (export_keys) {
memcpy(&xk->iv, &ktls->params.iv, XKTLS_SESSION_IV_BUF_LEN);
A(iv_len);
} else {
memset(&xk->iv, 0, XKTLS_SESSION_IV_BUF_LEN);
xk->iv_len = 0;
}
#undef A
if ((st = ktls->snd_tag) != NULL &&
(ifp = ktls->snd_tag->ifp) != NULL)
strncpy(xk->ifnet, if_name(ifp), sizeof(xk->ifnet));
}
void
ktls_session_copy_keys(const struct ktls_session *ktls,
uint8_t *data, size_t *sz)
{
size_t t, ta, tc;
if (ktls == NULL) {
*sz = 0;
return;
}
t = *sz;
tc = MIN(t, ktls->params.cipher_key_len);
if (data != NULL)
memcpy(data, ktls->params.cipher_key, tc);
ta = MIN(t - tc, ktls->params.auth_key_len);
if (data != NULL)
memcpy(data + tc, ktls->params.auth_key, ta);
*sz = ta + tc;
}
+24
View File
@@ -303,6 +303,30 @@ struct sockopt_parameters {
char sop_optval[];
};
#ifdef _SYS_KTLS_H_
struct xktls_session {
uint32_t tsz; /* total sz of elm, next elm is at this+tsz */
uint32_t fsz; /* size of the struct up to keys */
uint64_t inp_gencnt;
kvaddr_t so_pcb;
struct in_conninfo coninf;
u_short rx_vlan_id;
struct xktls_session_onedir rcv;
struct xktls_session_onedir snd;
/*
* Next are
* - keydata for rcv, first cipher of length rcv.cipher_key_len, then
* authentication of length rcv.auth_key_len;
* - driver data (string) of length rcv.drv_st_len, if the rcv session is
* offloaded to ifnet rcv.ifnet;
* - keydata for snd, first cipher of length snd.cipher_key_len, then
* authentication of length snd.auth_key_len;
* - driver data (string) of length snd.drv_st_len, if the snd session is
* offloaded to ifnet snd.ifnet;
*/
};
#endif /* _SYS_KTLS_H_ */
#ifdef _KERNEL
int sysctl_setsockopt(SYSCTL_HANDLER_ARGS, struct inpcbinfo *pcbinfo,
int (*ctloutput_set)(struct inpcb *, struct sockopt *));
+27
View File
@@ -145,6 +145,28 @@ struct tls_get_record {
uint16_t tls_length;
};
#define XKTLS_SESSION_IV_BUF_LEN 32
struct xktls_session_onedir {
uint64_t gen;
uint64_t rsrv1[8];
uint32_t rsrv2[8];
uint8_t iv[XKTLS_SESSION_IV_BUF_LEN];
int cipher_algorithm;
int auth_algorithm;
uint16_t cipher_key_len;
uint16_t iv_len;
uint16_t auth_key_len;
uint16_t max_frame_len;
uint8_t tls_vmajor;
uint8_t tls_vminor;
uint8_t tls_hlen;
uint8_t tls_tlen;
uint8_t tls_bs;
uint8_t flags;
uint16_t drv_st_len;
char ifnet[16]; /* IFNAMSIZ */
};
#ifdef _KERNEL
struct tls_session_params {
@@ -267,5 +289,10 @@ ktls_session_genvis(const struct ktls_session *ks, uint64_t gen)
return (ks != NULL && ks->gen <= gen);
}
void ktls_session_to_xktls_onedir(const struct ktls_session *ks,
bool export_keys, struct xktls_session_onedir *xktls_od);
void ktls_session_copy_keys(const struct ktls_session *ktls,
uint8_t *data, size_t *sz);
#endif /* !_KERNEL */
#endif /* !_SYS_KTLS_H_ */