From 9a77696de7e2f6acde8199ec1b7460a4ad5ecd0f Mon Sep 17 00:00:00 2001
From: Mark Johnston <markjdb@gmail.com>
Date: Mon, 26 Apr 2021 11:42:05 -0400
Subject: sys/freebsd: add definitions for KTLS

---
 sys/freebsd/socket_inet_tcp.txt       | 29 +++++++++++++++++++++++++++++
 sys/freebsd/socket_inet_tcp.txt.const | 15 +++++++++++++++
 2 files changed, 44 insertions(+)

(limited to 'sys')

diff --git a/sys/freebsd/socket_inet_tcp.txt b/sys/freebsd/socket_inet_tcp.txt
index 27fc0fc3a..56968f354 100644
--- a/sys/freebsd/socket_inet_tcp.txt
+++ b/sys/freebsd/socket_inet_tcp.txt
@@ -4,9 +4,12 @@
 # AF_INET and AF_INET6: TCP support
 
 include <sys/types.h>
+include <sys/ktls.h>
 include <sys/socket.h>
+include <sys/time.h>
 include <netinet/in.h>
 include <netinet/tcp.h>
+include <opencrypto/cryptodev.h>
 
 resource sock_tcp[sock_in]
 
@@ -56,3 +59,29 @@ tcp_fastopen {
 	enable	int32
 	psk	array[int8, TCP_FASTOPEN_PSK_LEN]
 }
+
+getsockopt$inet_tcp_TCP_RXTLS_MODE(fd sock_tcp, level const[IPPROTO_TCP], optname const[TCP_RXTLS_MODE], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]])
+getsockopt$inet_tcp_TCP_TXTLS_MODE(fd sock_tcp, level const[IPPROTO_TCP], optname const[TCP_TXTLS_MODE], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_tcp_TCP_TXTLS_MODE(fd sock_tcp, level const[IPPROTO_TCP], optname const[TCP_TXTLS_MODE], optval ptr[in, int32], optlen len[optval])
+setsockopt$inet_tcp_TCP_TXTLS_ENABLE(fd sock_tcp, level const[IPPROTO_TCP], optname const[TCP_TXTLS_ENABLE], optval ptr[in, tls_enable], optlen bytesize[optval])
+setsockopt$inet_tcp_TCP_RXTLS_ENABLE(fd sock_tcp, level const[IPPROTO_TCP], optname const[TCP_RXTLS_ENABLE], optval ptr[in, tls_enable], optlen bytesize[optval])
+
+tls_enable {
+	cipher_key		ptr[in, array[int8]]
+	iv			ptr[in, array[int8]]
+	auth_key		ptr[in, array[int8]]
+	cipher_algorithm	flags[ktls_cipher_algo, int32]
+	cipher_key_len		bytesize[cipher_key, int32]
+	iv_len			bytesize[iv, int32]
+	auth_algorithm		flags[ktls_auth_algo, int32]
+	auth_key_len		bytesize[auth_key, int32]
+	flags			const[0, int32]
+	tls_vmajor		flags[ktls_vmajor, int8]
+	tls_vminor		flags[ktls_vminor, int8]
+	rec_seq			array[int8, 8]
+}
+
+ktls_cipher_algo = CRYPTO_AES_NIST_GCM_16, CRYPTO_AES_CBC, CRYPTO_CHACHA20_POLY1305
+ktls_auth_algo = 0, CRYPTO_AES_128_NIST_GMAC, CRYPTO_AES_192_NIST_GMAC, CRYPTO_AES_256_NIST_GMAC
+ktls_vmajor = TLS_MAJOR_VER_ONE
+ktls_vminor = TLS_MINOR_VER_ZERO, TLS_MINOR_VER_ONE, TLS_MINOR_VER_TWO, TLS_MINOR_VER_THREE
diff --git a/sys/freebsd/socket_inet_tcp.txt.const b/sys/freebsd/socket_inet_tcp.txt.const
index b10fe468c..ab0884eda 100644
--- a/sys/freebsd/socket_inet_tcp.txt.const
+++ b/sys/freebsd/socket_inet_tcp.txt.const
@@ -2,6 +2,12 @@
 arches = 386, amd64
 AF_INET = 2
 AF_INET6 = 28
+CRYPTO_AES_128_NIST_GMAC = 26
+CRYPTO_AES_192_NIST_GMAC = 27
+CRYPTO_AES_256_NIST_GMAC = 28
+CRYPTO_AES_CBC = 11
+CRYPTO_AES_NIST_GCM_16 = 25
+CRYPTO_CHACHA20_POLY1305 = 41
 IPPROTO_TCP = 6
 SOCK_STREAM = 1
 SYS_getsockopt = 118
@@ -32,3 +38,12 @@ TCP_NOPUSH = 4
 TCP_PCAP_IN = 4096
 TCP_PCAP_OUT = 2048
 TCP_REMOTE_UDP_ENCAPS_PORT = 71
+TCP_RXTLS_ENABLE = 41
+TCP_RXTLS_MODE = 42
+TCP_TXTLS_ENABLE = 39
+TCP_TXTLS_MODE = 40
+TLS_MAJOR_VER_ONE = 3
+TLS_MINOR_VER_ONE = 2
+TLS_MINOR_VER_THREE = 4
+TLS_MINOR_VER_TWO = 3
+TLS_MINOR_VER_ZERO = 1
-- 
cgit mrf-deployment