Re: [PATCH v4 4/7] net/handshake: Support KeyUpdate message types
From: Hannes Reinecke <hare@suse.de>
Date: 2025-10-22 07:03:21
Also in:
linux-doc, linux-nfs, linux-nvme, lkml
On 10/22/25 06:40, Alistair Francis wrote:
On Tue, Oct 21, 2025 at 1:19 PM Alistair Francis [off-list ref] wrote:quoted
On Mon, Oct 20, 2025 at 4:09 PM Hannes Reinecke [off-list ref] wrote:quoted
On 10/17/25 06:23, alistair23@gmail.com wrote:quoted
From: Alistair Francis <redacted>
[ .. ]>>>> @@ -372,6 +384,44 @@ int tls_client_hello_psk(const struct tls_handshake_args *args, gfp_t flags)
quoted
quoted
quoted
} EXPORT_SYMBOL(tls_client_hello_psk); +/** + * tls_client_keyupdate_psk - request a PSK-based TLS handshake on a socket + * @args: socket and handshake parameters for this request + * @flags: memory allocation control flags + * @keyupdate: specifies the type of KeyUpdate operation + * + * Return values: + * %0: Handshake request enqueue; ->done will be called when complete + * %-EINVAL: Wrong number of local peer IDs + * %-ESRCH: No user agent is available + * %-ENOMEM: Memory allocation failed + */ +int tls_client_keyupdate_psk(const struct tls_handshake_args *args, gfp_t flags, + handshake_key_update_type keyupdate) +{ + struct tls_handshake_req *treq; + struct handshake_req *req; + unsigned int i; + + if (!args->ta_num_peerids || + args->ta_num_peerids > ARRAY_SIZE(treq->th_peerid)) + return -EINVAL; + + req = handshake_req_alloc(&tls_handshake_proto, flags); + if (!req) + return -ENOMEM; + treq = tls_handshake_req_init(req, args); + treq->th_type = HANDSHAKE_MSG_TYPE_CLIENTKEYUPDATE; + treq->th_key_update_request = keyupdate; + treq->th_auth_mode = HANDSHAKE_AUTH_PSK; + treq->th_num_peerids = args->ta_num_peerids; + for (i = 0; i < args->ta_num_peerids; i++) + treq->th_peerid[i] = args->ta_my_peerids[i];Hmm? Do we use the 'peerids'?We don't, this is just copied from the tls_client_hello_psk()/tls_server_hello_psk() to provide the same information to keep things more consistent. I can remove setting theseActually, ktls-utils (tlshd) expects these to be set, so I think we should leave them as is
Can't we rather fix up tlshd? It feels really pointless, erroring out on values which are completely irrelevant for the operation... Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@suse.de +49 911 74053 688 SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich