From nobody Mon Jun  9 23:47:59 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bGTBS0Gsmz5yhF2;
	Mon, 09 Jun 2025 23:48:00 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bGTBR505Lz3Dpb;
	Mon, 09 Jun 2025 23:47:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1749512879;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2fzW485NqcEC9sB8YEk+m8K+5IR8uTcg87JNwoAxv8I=;
	b=IV/tCD9ISjIlPK7JJ9bvzWvA35+dvy0Mhac+149qGy5iATh5KpSXOyVuPqrh5NrIp27Vwx
	B0XjNmJs00oxckQQuVK3OER/ilMR5sPncv6KBkpT2fSIEno6Dk9h0Z5xf4KpowCp1lBWE7
	5d042qBCh0Oggt2bL2148VrVtzbScf14cHZ/tKTvn/Zb+MGpC454VrkQaUt4Jjbz1icpkN
	urhMF+evLJG2pjAd1C+SZL6X4fE9o821eZe0KyITJWbqSxG8s6Waei6aBVaJ1u1u7caGW8
	spCiCQ/RMZjyeuRRR1awuRAZ4EGocuDnGtgH6OLYbfJtTn8vIrIUlKWyyY5PAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1749512879;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2fzW485NqcEC9sB8YEk+m8K+5IR8uTcg87JNwoAxv8I=;
	b=aVJxiTOuCW5lHHQSdmItHrFRt7r0LNwzHk/PlvHOD35wa6o2y6z0bSixGexYfAx+S3Jvd+
	W2XHGW5aOH7Qyv1dPX2Yv9wjaFr4/llE1Qy4X+kXx5e/qVeQxSDinrt/jkNvsjtEd/3CHf
	TNl/kzJuh39WzpaVKECOfGnzRriAhFtm/ewYMc27+RA8i8M6RxZhbBnKrGg6QKvjcLyv6T
	w2HHevL60h38zHQUm3taFA3DOQ9MacQeURn689rGaHmv+cHAIj6M2ozHmyJAnQSRCMBMOx
	aeD0fAeskDdbfZj7zM+Omwm4y5/Z7RMGIjwJWJxjhmoa0LjLuWKt2VkwBAsgPQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1749512879; a=rsa-sha256; cv=none;
	b=ONQGFPN6ZEB6inhh1z4WBgdojtfnQVXgH7vpRnFXqg8WDaZBPG+JaNqnmVpPs60D4S7nPn
	kDznsfXLAE2Gppk5BzP4cWNl4xeRYImh4rnhRpmFxK2PD/zmRC9hNqfvLlO/BvN3FlIDoE
	Uo3I+edhWLvtUi73Xky1q0PHplRwec1SMrMHDeLEvCDNuQDjfkXjDAyjyE3rK7O7FHWw8p
	2XFn4fOy9Ru4CPzJl+86o0HRx2ogBLa+GaJd8nnSe2yE1S+rl67+8uTZ+rA5AblkxuvF7P
	CAUhu1NRB1EkI5ADwJf1iLypf/pAqDLtynxtetbd5SK7rCEOAcEwVd1fj+SM2g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bGTBR4ZwTz1yq;
	Mon, 09 Jun 2025 23:47:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 559Nlxkm088676;
	Mon, 9 Jun 2025 23:47:59 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 559NlxQ5088673;
	Mon, 9 Jun 2025 23:47:59 GMT
	(envelope-from git)
Date: Mon, 9 Jun 2025 23:47:59 GMT
Message-Id: <202506092347.559NlxQ5088673@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: c9e9a0fe5b0f - main - ktls: define struct xktls_session
  and converter from ktls_session into external representation
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: c9e9a0fe5b0f88561f55fb2f6f5354fbbd96dd5d
Auto-Submitted: auto-generated

The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=c9e9a0fe5b0f88561f55fb2f6f5354fbbd96dd5d

commit c9e9a0fe5b0f88561f55fb2f6f5354fbbd96dd5d
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-05-20 08:06:23 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-06-09 23:47:12 +0000

    ktls: define struct xktls_session and converter from ktls_session into external representation
    
    Reviewed by:    jhb (previous version), markj
    Sponsored by:   NVidia networking
    Differential revision:  https://reviews.freebsd.org/D50653
---
 sys/kern/uipc_ktls.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 sys/netinet/in_pcb.h | 24 ++++++++++++++++++++++++
 sys/sys/ktls.h       | 27 ++++++++++++++++++++++++++
 3 files changed, 104 insertions(+)

diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index b479ca9c3ed7..1cbaa7db2e84 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -3447,3 +3447,56 @@ ktls_disable_ifnet(void *arg)
 	TASK_INIT(&tls->disable_ifnet_task, 0, ktls_disable_ifnet_help, tls);
 	(void)taskqueue_enqueue(taskqueue_thread, &tls->disable_ifnet_task);
 }
+
+void
+ktls_session_to_xktls_onedir(const struct ktls_session *ktls, bool export_keys,
+    struct xktls_session_onedir *xk)
+{
+	if_t ifp;
+	struct m_snd_tag *st;
+
+	xk->gen = ktls->gen;
+#define	A(m) xk->m = ktls->params.m
+	A(cipher_algorithm);
+	A(auth_algorithm);
+	A(cipher_key_len);
+	A(auth_key_len);
+	A(max_frame_len);
+	A(tls_vmajor);
+	A(tls_vminor);
+	A(tls_hlen);
+	A(tls_tlen);
+	A(tls_bs);
+	A(flags);
+	if (export_keys) {
+		memcpy(&xk->iv, &ktls->params.iv, XKTLS_SESSION_IV_BUF_LEN);
+		A(iv_len);
+	} else {
+		memset(&xk->iv, 0, XKTLS_SESSION_IV_BUF_LEN);
+		xk->iv_len = 0;
+	}
+#undef A
+	if ((st = ktls->snd_tag) != NULL &&
+	    (ifp = ktls->snd_tag->ifp) != NULL)
+		strncpy(xk->ifnet, if_name(ifp), sizeof(xk->ifnet));
+}
+
+void
+ktls_session_copy_keys(const struct ktls_session *ktls,
+    uint8_t *data, size_t *sz)
+{
+	size_t t, ta, tc;
+
+	if (ktls == NULL) {
+		*sz = 0;
+		return;
+	}
+	t = *sz;
+	tc = MIN(t, ktls->params.cipher_key_len);
+	if (data != NULL)
+		memcpy(data, ktls->params.cipher_key, tc);
+	ta = MIN(t - tc, ktls->params.auth_key_len);
+	if (data != NULL)
+		memcpy(data + tc, ktls->params.auth_key, ta);
+	*sz = ta + tc;
+}
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index 5fe12c4f1e76..57cf15ca37fc 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -303,6 +303,30 @@ struct sockopt_parameters {
 	char sop_optval[];
 };
 
+#ifdef _SYS_KTLS_H_
+struct xktls_session {
+	uint32_t tsz;	/* total sz of elm, next elm is at this+tsz */
+	uint32_t fsz;	/* size of the struct up to keys */
+	uint64_t inp_gencnt;
+	kvaddr_t so_pcb;
+	struct in_conninfo coninf;
+	u_short rx_vlan_id;
+	struct xktls_session_onedir rcv;
+	struct xktls_session_onedir snd;
+/*
+ * Next are
+ * - keydata for rcv, first cipher of length rcv.cipher_key_len, then
+ *    authentication of length rcv.auth_key_len;
+ * - driver data (string) of length rcv.drv_st_len, if the rcv session is
+ *    offloaded to ifnet rcv.ifnet;
+ * - keydata for snd, first cipher of length snd.cipher_key_len, then
+ *    authentication of length snd.auth_key_len;
+ * - driver data (string) of length snd.drv_st_len, if the snd session is
+ *    offloaded to ifnet snd.ifnet;
+ */
+};
+#endif /* _SYS_KTLS_H_ */
+
 #ifdef	_KERNEL
 int	sysctl_setsockopt(SYSCTL_HANDLER_ARGS, struct inpcbinfo *pcbinfo,
 	    int (*ctloutput_set)(struct inpcb *, struct sockopt *));
diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h
index 8dad53868686..0f9e5c5ed87b 100644
--- a/sys/sys/ktls.h
+++ b/sys/sys/ktls.h
@@ -145,6 +145,28 @@ struct tls_get_record {
 	uint16_t tls_length;
 };
 
+#define	XKTLS_SESSION_IV_BUF_LEN	32
+struct xktls_session_onedir {
+	uint64_t gen;
+	uint64_t rsrv1[8];
+	uint32_t rsrv2[8];
+	uint8_t iv[XKTLS_SESSION_IV_BUF_LEN];
+	int	cipher_algorithm;
+	int	auth_algorithm;
+	uint16_t cipher_key_len;
+	uint16_t iv_len;
+	uint16_t auth_key_len;
+	uint16_t max_frame_len;
+	uint8_t tls_vmajor;
+	uint8_t tls_vminor;
+	uint8_t tls_hlen;
+	uint8_t tls_tlen;
+	uint8_t tls_bs;
+	uint8_t flags;
+	uint16_t drv_st_len;
+	char ifnet[16];	/* IFNAMSIZ */
+};
+
 #ifdef _KERNEL
 
 struct tls_session_params {
@@ -267,5 +289,10 @@ ktls_session_genvis(const struct ktls_session *ks, uint64_t gen)
 	return (ks != NULL && ks->gen <= gen);
 }
 
+void ktls_session_to_xktls_onedir(const struct ktls_session *ks,
+    bool export_keys, struct xktls_session_onedir *xktls_od);
+void ktls_session_copy_keys(const struct ktls_session *ktls,
+    uint8_t *data, size_t *sz);
+
 #endif /* !_KERNEL */
 #endif /* !_SYS_KTLS_H_ */