Thread (7 messages) 7 messages, 3 authors, 2023-02-16
STALE1213d
Revisions (5)
  1. rfc [diff vs current]
  2. v2 [diff vs current]
  3. v2 [diff vs current]
  4. v3 [diff vs current]
  5. v4 current

[PATCH v4 0/2] Another crack at a handshake upcall mechanism

From: Chuck Lever <chuck.lever@oracle.com>
Date: 2023-02-15 19:23:16 

Hi-

Here is v4 of a series to add generic support for transport layer
security handshake on behalf of kernel socket consumers (user space
consumers use a security library directly, of course).

A summary of the purpose of these patches is archived here:

https://lore.kernel.org/netdev/1DE06BB1-6BA9-4DB4-B2AA-07DE532963D6@oracle.com/ (local)

This version of the series replaces Classic Netlink infrastructure
with Generic Netlink, as requested. It is again a signficant rewrite
of the previous version of the series. There are several more tasks
to complete, including the creation of a YAML protocol
specification and the ability to return multiple remote peer
identities upon handshake completion.

The full patch set to support SunRPC with TLSv1.3 is available in
the topic-rpc-with-tls-upcall branch here, based on v6.1.12:

   https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git

A sample user space handshake agent with netlink support is
available in the "netlink" branch here:

   https://github.com/oracle/ktls-utils

---

Changes since v3:
- Converted all netlink code to use Generic Netlink
- Reworked handshake request lifetime logic throughout
- Global pending list is now per-net
- On completion, return the remote's identity to the consumer

Changes since v2:
- PF_HANDSHAKE replaced with NETLINK_HANDSHAKE
- Replaced listen(2) / poll(2) with a multicast notification service
- Replaced accept(2) with a netlink operation that can return an
  open fd and handshake parameters
- Replaced close(2) with a netlink operation that can take arguments

Changes since RFC:
- Generic upcall support split away from kTLS
- Added support for TLS ServerHello
- Documentation has been temporarily removed while API churns

Chuck Lever (2):
      net/handshake: Create a NETLINK service for handling handshake requests
      net/tls: Add kernel APIs for requesting a TLSv1.3 handshake


 Documentation/networking/index.rst         |   1 +
 Documentation/networking/tls-handshake.rst | 146 ++++++++
 include/net/handshake.h                    |  46 +++
 include/net/net_namespace.h                |   5 +
 include/net/sock.h                         |   1 +
 include/net/tls.h                          |  23 ++
 include/uapi/linux/handshake.h             | 100 ++++++
 net/Makefile                               |   1 +
 net/handshake/Makefile                     |  11 +
 net/handshake/handshake.h                  |  43 +++
 net/handshake/netlink.c                    | 373 ++++++++++++++++++++
 net/handshake/request.c                    | 160 +++++++++
 net/tls/Makefile                           |   2 +-
 net/tls/tls_handshake.c                    | 388 +++++++++++++++++++++
 14 files changed, 1299 insertions(+), 1 deletion(-)
 create mode 100644 Documentation/networking/tls-handshake.rst
 create mode 100644 include/net/handshake.h
 create mode 100644 include/uapi/linux/handshake.h
 create mode 100644 net/handshake/Makefile
 create mode 100644 net/handshake/handshake.h
 create mode 100644 net/handshake/netlink.c
 create mode 100644 net/handshake/request.c
 create mode 100644 net/tls/tls_handshake.c

--
Chuck Lever
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help