git: c9e9a0fe5b0f - main - ktls: define struct xktls_session and converter from ktls_session into external representation

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Mon, 09 Jun 2025 23:47:59 UTC
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=c9e9a0fe5b0f88561f55fb2f6f5354fbbd96dd5d

commit c9e9a0fe5b0f88561f55fb2f6f5354fbbd96dd5d
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-05-20 08:06:23 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-06-09 23:47:12 +0000

    ktls: define struct xktls_session and converter from ktls_session into external representation
    
    Reviewed by:    jhb (previous version), markj
    Sponsored by:   NVidia networking
    Differential revision:  https://reviews.freebsd.org/D50653
---
 sys/kern/uipc_ktls.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 sys/netinet/in_pcb.h | 24 ++++++++++++++++++++++++
 sys/sys/ktls.h       | 27 ++++++++++++++++++++++++++
 3 files changed, 104 insertions(+)

diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index b479ca9c3ed7..1cbaa7db2e84 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -3447,3 +3447,56 @@ ktls_disable_ifnet(void *arg)
 	TASK_INIT(&tls->disable_ifnet_task, 0, ktls_disable_ifnet_help, tls);
 	(void)taskqueue_enqueue(taskqueue_thread, &tls->disable_ifnet_task);
 }
+
+void
+ktls_session_to_xktls_onedir(const struct ktls_session *ktls, bool export_keys,
+    struct xktls_session_onedir *xk)
+{
+	if_t ifp;
+	struct m_snd_tag *st;
+
+	xk->gen = ktls->gen;
+#define	A(m) xk->m = ktls->params.m
+	A(cipher_algorithm);
+	A(auth_algorithm);
+	A(cipher_key_len);
+	A(auth_key_len);
+	A(max_frame_len);
+	A(tls_vmajor);
+	A(tls_vminor);
+	A(tls_hlen);
+	A(tls_tlen);
+	A(tls_bs);
+	A(flags);
+	if (export_keys) {
+		memcpy(&xk->iv, &ktls->params.iv, XKTLS_SESSION_IV_BUF_LEN);
+		A(iv_len);
+	} else {
+		memset(&xk->iv, 0, XKTLS_SESSION_IV_BUF_LEN);
+		xk->iv_len = 0;
+	}
+#undef A
+	if ((st = ktls->snd_tag) != NULL &&
+	    (ifp = ktls->snd_tag->ifp) != NULL)
+		strncpy(xk->ifnet, if_name(ifp), sizeof(xk->ifnet));
+}
+
+void
+ktls_session_copy_keys(const struct ktls_session *ktls,
+    uint8_t *data, size_t *sz)
+{
+	size_t t, ta, tc;
+
+	if (ktls == NULL) {
+		*sz = 0;
+		return;
+	}
+	t = *sz;
+	tc = MIN(t, ktls->params.cipher_key_len);
+	if (data != NULL)
+		memcpy(data, ktls->params.cipher_key, tc);
+	ta = MIN(t - tc, ktls->params.auth_key_len);
+	if (data != NULL)
+		memcpy(data + tc, ktls->params.auth_key, ta);
+	*sz = ta + tc;
+}
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index 5fe12c4f1e76..57cf15ca37fc 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -303,6 +303,30 @@ struct sockopt_parameters {
 	char sop_optval[];
 };
 
+#ifdef _SYS_KTLS_H_
+struct xktls_session {
+	uint32_t tsz;	/* total sz of elm, next elm is at this+tsz */
+	uint32_t fsz;	/* size of the struct up to keys */
+	uint64_t inp_gencnt;
+	kvaddr_t so_pcb;
+	struct in_conninfo coninf;
+	u_short rx_vlan_id;
+	struct xktls_session_onedir rcv;
+	struct xktls_session_onedir snd;
+/*
+ * Next are
+ * - keydata for rcv, first cipher of length rcv.cipher_key_len, then
+ *    authentication of length rcv.auth_key_len;
+ * - driver data (string) of length rcv.drv_st_len, if the rcv session is
+ *    offloaded to ifnet rcv.ifnet;
+ * - keydata for snd, first cipher of length snd.cipher_key_len, then
+ *    authentication of length snd.auth_key_len;
+ * - driver data (string) of length snd.drv_st_len, if the snd session is
+ *    offloaded to ifnet snd.ifnet;
+ */
+};
+#endif /* _SYS_KTLS_H_ */
+
 #ifdef	_KERNEL
 int	sysctl_setsockopt(SYSCTL_HANDLER_ARGS, struct inpcbinfo *pcbinfo,
 	    int (*ctloutput_set)(struct inpcb *, struct sockopt *));
diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h
index 8dad53868686..0f9e5c5ed87b 100644
--- a/sys/sys/ktls.h
+++ b/sys/sys/ktls.h
@@ -145,6 +145,28 @@ struct tls_get_record {
 	uint16_t tls_length;
 };
 
+#define	XKTLS_SESSION_IV_BUF_LEN	32
+struct xktls_session_onedir {
+	uint64_t gen;
+	uint64_t rsrv1[8];
+	uint32_t rsrv2[8];
+	uint8_t iv[XKTLS_SESSION_IV_BUF_LEN];
+	int	cipher_algorithm;
+	int	auth_algorithm;
+	uint16_t cipher_key_len;
+	uint16_t iv_len;
+	uint16_t auth_key_len;
+	uint16_t max_frame_len;
+	uint8_t tls_vmajor;
+	uint8_t tls_vminor;
+	uint8_t tls_hlen;
+	uint8_t tls_tlen;
+	uint8_t tls_bs;
+	uint8_t flags;
+	uint16_t drv_st_len;
+	char ifnet[16];	/* IFNAMSIZ */
+};
+
 #ifdef _KERNEL
 
 struct tls_session_params {
@@ -267,5 +289,10 @@ ktls_session_genvis(const struct ktls_session *ks, uint64_t gen)
 	return (ks != NULL && ks->gen <= gen);
 }
 
+void ktls_session_to_xktls_onedir(const struct ktls_session *ks,
+    bool export_keys, struct xktls_session_onedir *xktls_od);
+void ktls_session_copy_keys(const struct ktls_session *ktls,
+    uint8_t *data, size_t *sz);
+
 #endif /* !_KERNEL */
 #endif /* !_SYS_KTLS_H_ */