[newlib 22/65] Initial support for kernel offload of TLS receive.

Thu, 07 Jul 2022 05:01:13 -0700 

From: John Baldwin <j...@freebsd.org>

- Add a new TCP_RXTLS_ENABLE socket option to set the encryption and
  authentication algorithms and keys as well as the initial sequence
  number.

- When reading from a socket using KTLS receive, applications must use
  recvmsg().  Each successful call to recvmsg() will return a single
  TLS record.  A new TCP control message, TLS_GET_RECORD, will contain
  the TLS record header of the decrypted record.  The regular message
  buffer passed to recvmsg() will receive the decrypted payload.  This
  is similar to the interface used by Linux's KTLS RX except that
  Linux does not return the full TLS header in the control message.

- Add plumbing to the TOE KTLS interface to request either transmit
  or receive KTLS sessions.

- When a socket is using receive KTLS, redirect reads from
  soreceive_stream() into soreceive_generic().

- Note that this interface is currently only defined for TLS 1.1 and
  1.2, though I believe we will be able to reuse the same interface
  and structures for 1.3.
---
 newlib/libc/sys/rtems/include/netinet/tcp.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/newlib/libc/sys/rtems/include/netinet/tcp.h 
b/newlib/libc/sys/rtems/include/netinet/tcp.h
index b5f01b3bc..5dc13eca2 100644
--- a/newlib/libc/sys/rtems/include/netinet/tcp.h
+++ b/newlib/libc/sys/rtems/include/netinet/tcp.h
@@ -178,6 +178,8 @@ struct tcphdr {
                                   device */
 #define        TCP_TXTLS_ENABLE 39     /* TLS framing and encryption for 
transmit */
 #define        TCP_TXTLS_MODE  40      /* Transmit TLS mode */
+#define        TCP_RXTLS_ENABLE 41     /* TLS framing and encryption for 
receive */
+#define        TCP_RXTLS_MODE  42      /* Receive TLS mode */
 #define        TCP_CONGESTION  64      /* get/set congestion control algorithm 
*/
 #define        TCP_CCALGOOPT   65      /* get/set cc algorithm specific 
options */
 #define TCP_DELACK     72      /* socket option for delayed ack */
@@ -388,6 +390,7 @@ struct tcp_function_set {
  * TCP Control message types
  */
 #define        TLS_SET_RECORD_TYPE     1
+#define        TLS_GET_RECORD          2
 
 /*
  * TCP specific variables of interest for tp->t_stats stats(9) accounting.
-- 
2.35.3

_______________________________________________
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel

Reply via email to