summaryrefslogtreecommitdiff
path: root/Documentation/netlink/specs/handshake.yaml
blob: a49b46b80e1650385e17d6c5ab382dd0f5f67301 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
#
# Author: Chuck Lever <chuck.lever@oracle.com>
#
# Copyright (c) 2023, Oracle and/or its affiliates.
#

name: handshake

protocol: genetlink

doc: Netlink protocol to request a transport layer security handshake.

definitions:
  -
    type: enum
    name: handler-class
    value-start: 0
    entries: [ none, tlshd, max ]
  -
    type: enum
    name: msg-type
    value-start: 0
    entries: [ unspec, clienthello, serverhello ]
  -
    type: enum
    name: auth
    value-start: 0
    entries: [ unspec, unauth, psk, x509 ]

attribute-sets:
  -
    name: x509
    attributes:
      -
        name: cert
        type: u32
      -
        name: privkey
        type: u32
  -
    name: accept
    attributes:
      -
        name: sockfd
        type: s32
      -
        name: handler-class
        type: u32
        enum: handler-class
      -
        name: message-type
        type: u32
        enum: msg-type
      -
        name: timeout
        type: u32
      -
        name: auth-mode
        type: u32
        enum: auth
      -
        name: peer-identity
        type: u32
        multi-attr: true
      -
        name: certificate
        type: nest
        nested-attributes: x509
        multi-attr: true
      -
        name: peername
        type: string
  -
    name: done
    attributes:
      -
        name: status
        type: u32
      -
        name: sockfd
        type: s32
      -
        name: remote-auth
        type: u32
        multi-attr: true

operations:
  list:
    -
      name: ready
      doc: Notify handlers that a new handshake request is waiting
      notify: accept
    -
      name: accept
      doc: Handler retrieves next queued handshake request
      attribute-set: accept
      flags: [ admin-perm ]
      do:
        request:
          attributes:
            - handler-class
        reply:
          attributes:
            - sockfd
            - message-type
            - timeout
            - auth-mode
            - peer-identity
            - certificate
            - peername
    -
      name: done
      doc: Handler reports handshake completion
      attribute-set: done
      do:
        request:
          attributes:
            - status
            - sockfd
            - remote-auth

mcast-groups:
  list:
    -
      name: none
    -
      name: tlshd