diff options
| author | Mark Johnston <markjdb@gmail.com> | 2021-04-26 11:42:05 -0400 |
|---|---|---|
| committer | Mark Johnston <markjdb@gmail.com> | 2021-05-11 14:31:10 -0400 |
| commit | 9a77696de7e2f6acde8199ec1b7460a4ad5ecd0f (patch) | |
| tree | 6016ed87b7718d0fb5ed657be3e2d31f6fb5f7c7 /sys | |
| parent | ca87309166a794a26d53a5720659e762c35f2253 (diff) | |
sys/freebsd: add definitions for KTLS
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/freebsd/socket_inet_tcp.txt | 29 | ||||
| -rw-r--r-- | sys/freebsd/socket_inet_tcp.txt.const | 15 |
2 files changed, 44 insertions, 0 deletions
diff --git a/sys/freebsd/socket_inet_tcp.txt b/sys/freebsd/socket_inet_tcp.txt index 27fc0fc3a..56968f354 100644 --- a/sys/freebsd/socket_inet_tcp.txt +++ b/sys/freebsd/socket_inet_tcp.txt @@ -4,9 +4,12 @@ # AF_INET and AF_INET6: TCP support include <sys/types.h> +include <sys/ktls.h> include <sys/socket.h> +include <sys/time.h> include <netinet/in.h> include <netinet/tcp.h> +include <opencrypto/cryptodev.h> resource sock_tcp[sock_in] @@ -56,3 +59,29 @@ tcp_fastopen { enable int32 psk array[int8, TCP_FASTOPEN_PSK_LEN] } + +getsockopt$inet_tcp_TCP_RXTLS_MODE(fd sock_tcp, level const[IPPROTO_TCP], optname const[TCP_RXTLS_MODE], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]]) +getsockopt$inet_tcp_TCP_TXTLS_MODE(fd sock_tcp, level const[IPPROTO_TCP], optname const[TCP_TXTLS_MODE], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]]) +setsockopt$inet_tcp_TCP_TXTLS_MODE(fd sock_tcp, level const[IPPROTO_TCP], optname const[TCP_TXTLS_MODE], optval ptr[in, int32], optlen len[optval]) +setsockopt$inet_tcp_TCP_TXTLS_ENABLE(fd sock_tcp, level const[IPPROTO_TCP], optname const[TCP_TXTLS_ENABLE], optval ptr[in, tls_enable], optlen bytesize[optval]) +setsockopt$inet_tcp_TCP_RXTLS_ENABLE(fd sock_tcp, level const[IPPROTO_TCP], optname const[TCP_RXTLS_ENABLE], optval ptr[in, tls_enable], optlen bytesize[optval]) + +tls_enable { + cipher_key ptr[in, array[int8]] + iv ptr[in, array[int8]] + auth_key ptr[in, array[int8]] + cipher_algorithm flags[ktls_cipher_algo, int32] + cipher_key_len bytesize[cipher_key, int32] + iv_len bytesize[iv, int32] + auth_algorithm flags[ktls_auth_algo, int32] + auth_key_len bytesize[auth_key, int32] + flags const[0, int32] + tls_vmajor flags[ktls_vmajor, int8] + tls_vminor flags[ktls_vminor, int8] + rec_seq array[int8, 8] +} + +ktls_cipher_algo = CRYPTO_AES_NIST_GCM_16, CRYPTO_AES_CBC, CRYPTO_CHACHA20_POLY1305 +ktls_auth_algo = 0, CRYPTO_AES_128_NIST_GMAC, CRYPTO_AES_192_NIST_GMAC, CRYPTO_AES_256_NIST_GMAC +ktls_vmajor = TLS_MAJOR_VER_ONE +ktls_vminor = TLS_MINOR_VER_ZERO, TLS_MINOR_VER_ONE, TLS_MINOR_VER_TWO, TLS_MINOR_VER_THREE diff --git a/sys/freebsd/socket_inet_tcp.txt.const b/sys/freebsd/socket_inet_tcp.txt.const index b10fe468c..ab0884eda 100644 --- a/sys/freebsd/socket_inet_tcp.txt.const +++ b/sys/freebsd/socket_inet_tcp.txt.const @@ -2,6 +2,12 @@ arches = 386, amd64 AF_INET = 2 AF_INET6 = 28 +CRYPTO_AES_128_NIST_GMAC = 26 +CRYPTO_AES_192_NIST_GMAC = 27 +CRYPTO_AES_256_NIST_GMAC = 28 +CRYPTO_AES_CBC = 11 +CRYPTO_AES_NIST_GCM_16 = 25 +CRYPTO_CHACHA20_POLY1305 = 41 IPPROTO_TCP = 6 SOCK_STREAM = 1 SYS_getsockopt = 118 @@ -32,3 +38,12 @@ TCP_NOPUSH = 4 TCP_PCAP_IN = 4096 TCP_PCAP_OUT = 2048 TCP_REMOTE_UDP_ENCAPS_PORT = 71 +TCP_RXTLS_ENABLE = 41 +TCP_RXTLS_MODE = 42 +TCP_TXTLS_ENABLE = 39 +TCP_TXTLS_MODE = 40 +TLS_MAJOR_VER_ONE = 3 +TLS_MINOR_VER_ONE = 2 +TLS_MINOR_VER_THREE = 4 +TLS_MINOR_VER_TWO = 3 +TLS_MINOR_VER_ZERO = 1 |