git: c9e9a0fe5b0f - main - ktls: define struct xktls_session and converter from ktls_session into external representation

Konstantin Belousov Mon, 09 Jun 2025 16:48:17 -0700

The branch main has been updated by kib:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=c9e9a0fe5b0f88561f55fb2f6f5354fbbd96dd5d


commit c9e9a0fe5b0f88561f55fb2f6f5354fbbd96dd5d
Author:     Konstantin Belousov <k...@freebsd.org>
AuthorDate: 2025-05-20 08:06:23 +0000
Commit:     Konstantin Belousov <k...@freebsd.org>
CommitDate: 2025-06-09 23:47:12 +0000

    ktls: define struct xktls_session and converter from ktls_session into 
external representation
    
    Reviewed by:    jhb (previous version), markj
    Sponsored by:   NVidia networking
    Differential revision:  https://reviews.freebsd.org/D50653
---
 sys/kern/uipc_ktls.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 sys/netinet/in_pcb.h | 24 ++++++++++++++++++++++++
 sys/sys/ktls.h       | 27 ++++++++++++++++++++++++++
 3 files changed, 104 insertions(+)

diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index b479ca9c3ed7..1cbaa7db2e84 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -3447,3 +3447,56 @@ ktls_disable_ifnet(void *arg)
        TASK_INIT(&tls->disable_ifnet_task, 0, ktls_disable_ifnet_help, tls);
        (void)taskqueue_enqueue(taskqueue_thread, &tls->disable_ifnet_task);
 }
+
+void
+ktls_session_to_xktls_onedir(const struct ktls_session *ktls, bool export_keys,
+    struct xktls_session_onedir *xk)
+{
+       if_t ifp;
+       struct m_snd_tag *st;
+
+       xk->gen = ktls->gen;
+#define        A(m) xk->m = ktls->params.m
+       A(cipher_algorithm);
+       A(auth_algorithm);
+       A(cipher_key_len);
+       A(auth_key_len);
+       A(max_frame_len);
+       A(tls_vmajor);
+       A(tls_vminor);
+       A(tls_hlen);
+       A(tls_tlen);
+       A(tls_bs);
+       A(flags);
+       if (export_keys) {
+               memcpy(&xk->iv, &ktls->params.iv, XKTLS_SESSION_IV_BUF_LEN);
+               A(iv_len);
+       } else {
+               memset(&xk->iv, 0, XKTLS_SESSION_IV_BUF_LEN);
+               xk->iv_len = 0;
+       }
+#undef A
+       if ((st = ktls->snd_tag) != NULL &&
+           (ifp = ktls->snd_tag->ifp) != NULL)
+               strncpy(xk->ifnet, if_name(ifp), sizeof(xk->ifnet));
+}
+
+void
+ktls_session_copy_keys(const struct ktls_session *ktls,
+    uint8_t *data, size_t *sz)
+{
+       size_t t, ta, tc;
+
+       if (ktls == NULL) {
+               *sz = 0;
+               return;
+       }
+       t = *sz;
+       tc = MIN(t, ktls->params.cipher_key_len);
+       if (data != NULL)
+               memcpy(data, ktls->params.cipher_key, tc);
+       ta = MIN(t - tc, ktls->params.auth_key_len);
+       if (data != NULL)
+               memcpy(data + tc, ktls->params.auth_key, ta);
+       *sz = ta + tc;
+}
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index 5fe12c4f1e76..57cf15ca37fc 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -303,6 +303,30 @@ struct sockopt_parameters {
        char sop_optval[];
 };
 
+#ifdef _SYS_KTLS_H_
+struct xktls_session {
+       uint32_t tsz;   /* total sz of elm, next elm is at this+tsz */
+       uint32_t fsz;   /* size of the struct up to keys */
+       uint64_t inp_gencnt;
+       kvaddr_t so_pcb;
+       struct in_conninfo coninf;
+       u_short rx_vlan_id;
+       struct xktls_session_onedir rcv;
+       struct xktls_session_onedir snd;
+/*
+ * Next are
+ * - keydata for rcv, first cipher of length rcv.cipher_key_len, then
+ *    authentication of length rcv.auth_key_len;
+ * - driver data (string) of length rcv.drv_st_len, if the rcv session is
+ *    offloaded to ifnet rcv.ifnet;
+ * - keydata for snd, first cipher of length snd.cipher_key_len, then
+ *    authentication of length snd.auth_key_len;
+ * - driver data (string) of length snd.drv_st_len, if the snd session is
+ *    offloaded to ifnet snd.ifnet;
+ */
+};
+#endif /* _SYS_KTLS_H_ */
+
 #ifdef _KERNEL
 int    sysctl_setsockopt(SYSCTL_HANDLER_ARGS, struct inpcbinfo *pcbinfo,
            int (*ctloutput_set)(struct inpcb *, struct sockopt *));
diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h
index 8dad53868686..0f9e5c5ed87b 100644
--- a/sys/sys/ktls.h
+++ b/sys/sys/ktls.h
@@ -145,6 +145,28 @@ struct tls_get_record {
        uint16_t tls_length;
 };
 
+#define        XKTLS_SESSION_IV_BUF_LEN        32
+struct xktls_session_onedir {
+       uint64_t gen;
+       uint64_t rsrv1[8];
+       uint32_t rsrv2[8];
+       uint8_t iv[XKTLS_SESSION_IV_BUF_LEN];
+       int     cipher_algorithm;
+       int     auth_algorithm;
+       uint16_t cipher_key_len;
+       uint16_t iv_len;
+       uint16_t auth_key_len;
+       uint16_t max_frame_len;
+       uint8_t tls_vmajor;
+       uint8_t tls_vminor;
+       uint8_t tls_hlen;
+       uint8_t tls_tlen;
+       uint8_t tls_bs;
+       uint8_t flags;
+       uint16_t drv_st_len;
+       char ifnet[16]; /* IFNAMSIZ */
+};
+
 #ifdef _KERNEL
 
 struct tls_session_params {
@@ -267,5 +289,10 @@ ktls_session_genvis(const struct ktls_session *ks, 
uint64_t gen)
        return (ks != NULL && ks->gen <= gen);
 }
 
+void ktls_session_to_xktls_onedir(const struct ktls_session *ks,
+    bool export_keys, struct xktls_session_onedir *xktls_od);
+void ktls_session_copy_keys(const struct ktls_session *ktls,
+    uint8_t *data, size_t *sz);
+
 #endif /* !_KERNEL */
 #endif /* !_SYS_KTLS_H_ */

git: c9e9a0fe5b0f - main - ktls: define struct xktls_session and converter from ktls_session into external representation

Reply via email to