mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-11-01 00:48:50 +00:00
39d0e38dcc
Kernel TLS consumers can replace common TLS Alert parsing code with these helpers. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Link: https://lore.kernel.org/r/169047942074.5241.13791647439480672048.stgit@oracle-102.nfsv4bat.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
49 lines
1.4 KiB
C
49 lines
1.4 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Generic netlink HANDSHAKE service.
|
|
*
|
|
* Author: Chuck Lever <chuck.lever@oracle.com>
|
|
*
|
|
* Copyright (c) 2023, Oracle and/or its affiliates.
|
|
*/
|
|
|
|
#ifndef _NET_HANDSHAKE_H
|
|
#define _NET_HANDSHAKE_H
|
|
|
|
enum {
|
|
TLS_NO_KEYRING = 0,
|
|
TLS_NO_PEERID = 0,
|
|
TLS_NO_CERT = 0,
|
|
TLS_NO_PRIVKEY = 0,
|
|
};
|
|
|
|
typedef void (*tls_done_func_t)(void *data, int status,
|
|
key_serial_t peerid);
|
|
|
|
struct tls_handshake_args {
|
|
struct socket *ta_sock;
|
|
tls_done_func_t ta_done;
|
|
void *ta_data;
|
|
const char *ta_peername;
|
|
unsigned int ta_timeout_ms;
|
|
key_serial_t ta_keyring;
|
|
key_serial_t ta_my_cert;
|
|
key_serial_t ta_my_privkey;
|
|
unsigned int ta_num_peerids;
|
|
key_serial_t ta_my_peerids[5];
|
|
};
|
|
|
|
int tls_client_hello_anon(const struct tls_handshake_args *args, gfp_t flags);
|
|
int tls_client_hello_x509(const struct tls_handshake_args *args, gfp_t flags);
|
|
int tls_client_hello_psk(const struct tls_handshake_args *args, gfp_t flags);
|
|
int tls_server_hello_x509(const struct tls_handshake_args *args, gfp_t flags);
|
|
int tls_server_hello_psk(const struct tls_handshake_args *args, gfp_t flags);
|
|
|
|
bool tls_handshake_cancel(struct sock *sk);
|
|
void tls_handshake_close(struct socket *sock);
|
|
|
|
u8 tls_get_record_type(const struct sock *sk, const struct cmsghdr *msg);
|
|
void tls_alert_recv(const struct sock *sk, const struct msghdr *msg,
|
|
u8 *level, u8 *description);
|
|
|
|
#endif /* _NET_HANDSHAKE_H */
|