Commit e22da468 authored Jul 01, 2025 by Hannes Reinecke Committed by Paolo Abeni Jul 08, 2025

net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'



Add a new netlink parameter 'HANDSHAKE_A_ACCEPT_KEYRING' to provide
the serial number of the keyring to use.

Signed-off-by: Hannes Reinecke <hare@kernel.org>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Link: https://patch.msgid.link/20250701144657.104401-1-hare@kernel.org


Signed-off-by: Paolo Abeni <pabeni@redhat.com>

parent 5d288658

Documentation/netlink/specs/handshake.yaml

+4 −0

Original line number	Diff line number	Diff line
		@@ -71,6 +71,9 @@ attribute-sets:
		-
		name: peername
		type: string
		-
		name: keyring
		type: u32
		-
		name: done
		attributes:
		@@ -109,6 +112,7 @@ operations:
		- peer-identity
		- certificate
		- peername
		- keyring
		-
		name: done
		doc: Handler reports handshake completion

include/uapi/linux/handshake.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -45,6 +45,7 @@ enum {
		HANDSHAKE_A_ACCEPT_PEER_IDENTITY,
		HANDSHAKE_A_ACCEPT_CERTIFICATE,
		HANDSHAKE_A_ACCEPT_PEERNAME,
		HANDSHAKE_A_ACCEPT_KEYRING,

		__HANDSHAKE_A_ACCEPT_MAX,
		HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1)

net/handshake/tlshd.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -230,6 +230,12 @@ static int tls_handshake_accept(struct handshake_req *req,
		if (ret < 0)
		goto out_cancel;
		}
		if (treq->th_keyring) {
		ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_KEYRING,
		treq->th_keyring);
		if (ret < 0)
		goto out_cancel;
		}

		ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_AUTH_MODE,
		treq->th_auth_mode);