Thread (26 messages) 26 messages, 4 authors, 2025-10-22

Re: [PATCH v4 4/7] net/handshake: Support KeyUpdate message types

From: Hannes Reinecke <hare@suse.de>
Date: 2025-10-22 07:03:21
Also in: linux-doc, linux-nfs, linux-nvme, lkml

On 10/22/25 06:40, Alistair Francis wrote:
On Tue, Oct 21, 2025 at 1:19 PM Alistair Francis [off-list ref] wrote:
quoted
On Mon, Oct 20, 2025 at 4:09 PM Hannes Reinecke [off-list ref] wrote:
quoted
On 10/17/25 06:23, alistair23@gmail.com wrote:
quoted
From: Alistair Francis <redacted>
[ .. ]>>>> @@ -372,6 +384,44 @@ int tls_client_hello_psk(const struct 
tls_handshake_args *args, gfp_t flags)
quoted
quoted
quoted
   }
   EXPORT_SYMBOL(tls_client_hello_psk);

+/**
+ * tls_client_keyupdate_psk - request a PSK-based TLS handshake on a socket
+ * @args: socket and handshake parameters for this request
+ * @flags: memory allocation control flags
+ * @keyupdate: specifies the type of KeyUpdate operation
+ *
+ * Return values:
+ *   %0: Handshake request enqueue; ->done will be called when complete
+ *   %-EINVAL: Wrong number of local peer IDs
+ *   %-ESRCH: No user agent is available
+ *   %-ENOMEM: Memory allocation failed
+ */
+int tls_client_keyupdate_psk(const struct tls_handshake_args *args, gfp_t flags,
+                          handshake_key_update_type keyupdate)
+{
+     struct tls_handshake_req *treq;
+     struct handshake_req *req;
+     unsigned int i;
+
+     if (!args->ta_num_peerids ||
+         args->ta_num_peerids > ARRAY_SIZE(treq->th_peerid))
+             return -EINVAL;
+
+     req = handshake_req_alloc(&tls_handshake_proto, flags);
+     if (!req)
+             return -ENOMEM;
+     treq = tls_handshake_req_init(req, args);
+     treq->th_type = HANDSHAKE_MSG_TYPE_CLIENTKEYUPDATE;
+     treq->th_key_update_request = keyupdate;
+     treq->th_auth_mode = HANDSHAKE_AUTH_PSK;
+     treq->th_num_peerids = args->ta_num_peerids;
+     for (i = 0; i < args->ta_num_peerids; i++)
+             treq->th_peerid[i] = args->ta_my_peerids[i];
Hmm?
Do we use the 'peerids'?
We don't, this is just copied from the
tls_client_hello_psk()/tls_server_hello_psk() to provide the same
information to keep things more consistent.

I can remove setting these
Actually, ktls-utils (tlshd) expects these to be set, so I think we
should leave them as is
Can't we rather fix up tlshd?
It feels really pointless, erroring out on values which are completely
irrelevant for the operation...

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help