xref: /linux/Documentation/netlink/specs/handshake.yaml (revision a67c554dbc0fdd7e3c5909cb9f0fff41c51b2e9d) 
1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
2#
3# Author: Chuck Lever <chuck.lever@oracle.com>
4#
5# Copyright (c) 2023, Oracle and/or its affiliates.
6#
7---
8name: handshake
9
10protocol: genetlink
11
12doc: Netlink protocol to request a transport layer security handshake.
13
14definitions:
15  -
16    type: const
17    name: max-errno
18    value: 4095
19    header: linux/err.h
20    scope: kernel
21  -
22    type: enum
23    name: handler-class
24    value-start: 0
25    entries: [none, tlshd, max]
26  -
27    type: enum
28    name: msg-type
29    value-start: 0
30    entries: [unspec, clienthello, serverhello]
31  -
32    type: enum
33    name: auth
34    value-start: 0
35    entries: [unspec, unauth, psk, x509]
36
37attribute-sets:
38  -
39    name: x509
40    attributes:
41      -
42        name: cert
43        type: s32
44      -
45        name: privkey
46        type: s32
47  -
48    name: accept
49    attributes:
50      -
51        name: sockfd
52        type: s32
53      -
54        name: handler-class
55        type: u32
56        enum: handler-class
57      -
58        name: message-type
59        type: u32
60        enum: msg-type
61      -
62        name: timeout
63        type: u32
64      -
65        name: auth-mode
66        type: u32
67        enum: auth
68      -
69        name: peer-identity
70        type: u32
71        multi-attr: true
72      -
73        name: certificate
74        type: nest
75        nested-attributes: x509
76        multi-attr: true
77      -
78        name: peername
79        type: string
80      -
81        name: keyring
82        type: u32
83  -
84    name: done
85    attributes:
86      -
87        name: status
88        type: u32
89        checks:
90          max: max-errno
91      -
92        name: sockfd
93        type: s32
94      -
95        name: remote-auth
96        type: u32
97        multi-attr: true
98
99operations:
100  list:
101    -
102      name: ready
103      doc: Notify handlers that a new handshake request is waiting
104      notify: accept
105    -
106      name: accept
107      doc: Handler retrieves next queued handshake request
108      attribute-set: accept
109      flags: [admin-perm]
110      do:
111        request:
112          attributes:
113            - handler-class
114        reply:
115          attributes:
116            - sockfd
117            - message-type
118            - timeout
119            - auth-mode
120            - peer-identity
121            - certificate
122            - peername
123            - keyring
124    -
125      name: done
126      doc: Handler reports handshake completion
127      attribute-set: done
128      do:
129        request:
130          attributes:
131            - status
132            - sockfd
133            - remote-auth
134
135mcast-groups:
136  list:
137    -
138      name: none
139    -
140      name: tlshd
141