Date: Mon, 9 Jun 2025 23:47:59 GMT From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: c9e9a0fe5b0f - main - ktls: define struct xktls_session and converter from ktls_session into external representation Message-ID: <202506092347.559NlxQ5088673@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=c9e9a0fe5b0f88561f55fb2f6f5354fbbd96dd5d commit c9e9a0fe5b0f88561f55fb2f6f5354fbbd96dd5d Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2025-05-20 08:06:23 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2025-06-09 23:47:12 +0000 ktls: define struct xktls_session and converter from ktls_session into external representation Reviewed by: jhb (previous version), markj Sponsored by: NVidia networking Differential revision: https://reviews.freebsd.org/D50653 --- sys/kern/uipc_ktls.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ sys/netinet/in_pcb.h | 24 ++++++++++++++++++++++++ sys/sys/ktls.h | 27 ++++++++++++++++++++++++++ 3 files changed, 104 insertions(+) diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index b479ca9c3ed7..1cbaa7db2e84 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -3447,3 +3447,56 @@ ktls_disable_ifnet(void *arg) TASK_INIT(&tls->disable_ifnet_task, 0, ktls_disable_ifnet_help, tls); (void)taskqueue_enqueue(taskqueue_thread, &tls->disable_ifnet_task); } + +void +ktls_session_to_xktls_onedir(const struct ktls_session *ktls, bool export_keys, + struct xktls_session_onedir *xk) +{ + if_t ifp; + struct m_snd_tag *st; + + xk->gen = ktls->gen; +#define A(m) xk->m = ktls->params.m + A(cipher_algorithm); + A(auth_algorithm); + A(cipher_key_len); + A(auth_key_len); + A(max_frame_len); + A(tls_vmajor); + A(tls_vminor); + A(tls_hlen); + A(tls_tlen); + A(tls_bs); + A(flags); + if (export_keys) { + memcpy(&xk->iv, &ktls->params.iv, XKTLS_SESSION_IV_BUF_LEN); + A(iv_len); + } else { + memset(&xk->iv, 0, XKTLS_SESSION_IV_BUF_LEN); + xk->iv_len = 0; + } +#undef A + if ((st = ktls->snd_tag) != NULL && + (ifp = ktls->snd_tag->ifp) != NULL) + strncpy(xk->ifnet, if_name(ifp), sizeof(xk->ifnet)); +} + +void +ktls_session_copy_keys(const struct ktls_session *ktls, + uint8_t *data, size_t *sz) +{ + size_t t, ta, tc; + + if (ktls == NULL) { + *sz = 0; + return; + } + t = *sz; + tc = MIN(t, ktls->params.cipher_key_len); + if (data != NULL) + memcpy(data, ktls->params.cipher_key, tc); + ta = MIN(t - tc, ktls->params.auth_key_len); + if (data != NULL) + memcpy(data + tc, ktls->params.auth_key, ta); + *sz = ta + tc; +} diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 5fe12c4f1e76..57cf15ca37fc 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -303,6 +303,30 @@ struct sockopt_parameters { char sop_optval[]; }; +#ifdef _SYS_KTLS_H_ +struct xktls_session { + uint32_t tsz; /* total sz of elm, next elm is at this+tsz */ + uint32_t fsz; /* size of the struct up to keys */ + uint64_t inp_gencnt; + kvaddr_t so_pcb; + struct in_conninfo coninf; + u_short rx_vlan_id; + struct xktls_session_onedir rcv; + struct xktls_session_onedir snd; +/* + * Next are + * - keydata for rcv, first cipher of length rcv.cipher_key_len, then + * authentication of length rcv.auth_key_len; + * - driver data (string) of length rcv.drv_st_len, if the rcv session is + * offloaded to ifnet rcv.ifnet; + * - keydata for snd, first cipher of length snd.cipher_key_len, then + * authentication of length snd.auth_key_len; + * - driver data (string) of length snd.drv_st_len, if the snd session is + * offloaded to ifnet snd.ifnet; + */ +}; +#endif /* _SYS_KTLS_H_ */ + #ifdef _KERNEL int sysctl_setsockopt(SYSCTL_HANDLER_ARGS, struct inpcbinfo *pcbinfo, int (*ctloutput_set)(struct inpcb *, struct sockopt *)); diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h index 8dad53868686..0f9e5c5ed87b 100644 --- a/sys/sys/ktls.h +++ b/sys/sys/ktls.h @@ -145,6 +145,28 @@ struct tls_get_record { uint16_t tls_length; }; +#define XKTLS_SESSION_IV_BUF_LEN 32 +struct xktls_session_onedir { + uint64_t gen; + uint64_t rsrv1[8]; + uint32_t rsrv2[8]; + uint8_t iv[XKTLS_SESSION_IV_BUF_LEN]; + int cipher_algorithm; + int auth_algorithm; + uint16_t cipher_key_len; + uint16_t iv_len; + uint16_t auth_key_len; + uint16_t max_frame_len; + uint8_t tls_vmajor; + uint8_t tls_vminor; + uint8_t tls_hlen; + uint8_t tls_tlen; + uint8_t tls_bs; + uint8_t flags; + uint16_t drv_st_len; + char ifnet[16]; /* IFNAMSIZ */ +}; + #ifdef _KERNEL struct tls_session_params { @@ -267,5 +289,10 @@ ktls_session_genvis(const struct ktls_session *ks, uint64_t gen) return (ks != NULL && ks->gen <= gen); } +void ktls_session_to_xktls_onedir(const struct ktls_session *ks, + bool export_keys, struct xktls_session_onedir *xktls_od); +void ktls_session_copy_keys(const struct ktls_session *ktls, + uint8_t *data, size_t *sz); + #endif /* !_KERNEL */ #endif /* !_SYS_KTLS_H_ */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506092347.559NlxQ5088673>