handshake.yaml 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
  2. #
  3. # Author: Chuck Lever <chuck.lever@oracle.com>
  4. #
  5. # Copyright (c) 2023, Oracle and/or its affiliates.
  6. #
  7. ---
  8. name: handshake
  9. protocol: genetlink
  10. doc: Netlink protocol to request a transport layer security handshake.
  11. definitions:
  12. -
  13. type: enum
  14. name: handler-class
  15. value-start: 0
  16. entries: [none, tlshd, max]
  17. -
  18. type: enum
  19. name: msg-type
  20. value-start: 0
  21. entries: [unspec, clienthello, serverhello]
  22. -
  23. type: enum
  24. name: auth
  25. value-start: 0
  26. entries: [unspec, unauth, psk, x509]
  27. attribute-sets:
  28. -
  29. name: x509
  30. attributes:
  31. -
  32. name: cert
  33. type: s32
  34. -
  35. name: privkey
  36. type: s32
  37. -
  38. name: accept
  39. attributes:
  40. -
  41. name: sockfd
  42. type: s32
  43. -
  44. name: handler-class
  45. type: u32
  46. enum: handler-class
  47. -
  48. name: message-type
  49. type: u32
  50. enum: msg-type
  51. -
  52. name: timeout
  53. type: u32
  54. -
  55. name: auth-mode
  56. type: u32
  57. enum: auth
  58. -
  59. name: peer-identity
  60. type: u32
  61. multi-attr: true
  62. -
  63. name: certificate
  64. type: nest
  65. nested-attributes: x509
  66. multi-attr: true
  67. -
  68. name: peername
  69. type: string
  70. -
  71. name: keyring
  72. type: u32
  73. -
  74. name: done
  75. attributes:
  76. -
  77. name: status
  78. type: u32
  79. -
  80. name: sockfd
  81. type: s32
  82. -
  83. name: remote-auth
  84. type: u32
  85. multi-attr: true
  86. operations:
  87. list:
  88. -
  89. name: ready
  90. doc: Notify handlers that a new handshake request is waiting
  91. notify: accept
  92. -
  93. name: accept
  94. doc: Handler retrieves next queued handshake request
  95. attribute-set: accept
  96. flags: [admin-perm]
  97. do:
  98. request:
  99. attributes:
  100. - handler-class
  101. reply:
  102. attributes:
  103. - sockfd
  104. - message-type
  105. - timeout
  106. - auth-mode
  107. - peer-identity
  108. - certificate
  109. - peername
  110. - keyring
  111. -
  112. name: done
  113. doc: Handler reports handshake completion
  114. attribute-set: done
  115. do:
  116. request:
  117. attributes:
  118. - status
  119. - sockfd
  120. - remote-auth
  121. mcast-groups:
  122. list:
  123. -
  124. name: none
  125. -
  126. name: tlshd