net/tls: Add TLS Alert definitions · tjh.dev/kernel@0257427

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

net/tls: Add TLS Alert definitions

I'm about to add support for kernel handshake API consumers to send
TLS Alerts, so introduce the needed protocol definitions in the new
header tls_prot.h.

This presages support for Closure alerts. Also, support for alerts
is a pre-requite for handling session re-keying, where one peer will
signal the need for a re-key by sending a TLS Alert.

Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Link: https://lore.kernel.org/r/169047934064.5241.8377890858495063518.stgit@oracle-102.nfsv4bat.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Chuck Lever and committed by

Jakub Kicinski 2 years ago 02574271 6a7eccef

+42

1 changed file

expand all

include

net

tls_prot.h

+42

include/net/tls_prot.h

··· 23 23 TLS_RECORD_TYPE_ACK = 26, 24 24 }; 25 25 26 + /* 27 + * TLS Alert protocol: AlertLevel 28 + */ 29 + enum { 30 + TLS_ALERT_LEVEL_WARNING = 1, 31 + TLS_ALERT_LEVEL_FATAL = 2, 32 + }; 33 + 34 + /* 35 + * TLS Alert protocol: AlertDescription 36 + */ 37 + enum { 38 + TLS_ALERT_DESC_CLOSE_NOTIFY = 0, 39 + TLS_ALERT_DESC_UNEXPECTED_MESSAGE = 10, 40 + TLS_ALERT_DESC_BAD_RECORD_MAC = 20, 41 + TLS_ALERT_DESC_RECORD_OVERFLOW = 22, 42 + TLS_ALERT_DESC_HANDSHAKE_FAILURE = 40, 43 + TLS_ALERT_DESC_BAD_CERTIFICATE = 42, 44 + TLS_ALERT_DESC_UNSUPPORTED_CERTIFICATE = 43, 45 + TLS_ALERT_DESC_CERTIFICATE_REVOKED = 44, 46 + TLS_ALERT_DESC_CERTIFICATE_EXPIRED = 45, 47 + TLS_ALERT_DESC_CERTIFICATE_UNKNOWN = 46, 48 + TLS_ALERT_DESC_ILLEGAL_PARAMETER = 47, 49 + TLS_ALERT_DESC_UNKNOWN_CA = 48, 50 + TLS_ALERT_DESC_ACCESS_DENIED = 49, 51 + TLS_ALERT_DESC_DECODE_ERROR = 50, 52 + TLS_ALERT_DESC_DECRYPT_ERROR = 51, 53 + TLS_ALERT_DESC_TOO_MANY_CIDS_REQUESTED = 52, 54 + TLS_ALERT_DESC_PROTOCOL_VERSION = 70, 55 + TLS_ALERT_DESC_INSUFFICIENT_SECURITY = 71, 56 + TLS_ALERT_DESC_INTERNAL_ERROR = 80, 57 + TLS_ALERT_DESC_INAPPROPRIATE_FALLBACK = 86, 58 + TLS_ALERT_DESC_USER_CANCELED = 90, 59 + TLS_ALERT_DESC_MISSING_EXTENSION = 109, 60 + TLS_ALERT_DESC_UNSUPPORTED_EXTENSION = 110, 61 + TLS_ALERT_DESC_UNRECOGNIZED_NAME = 112, 62 + TLS_ALERT_DESC_BAD_CERTIFICATE_STATUS_RESPONSE = 113, 63 + TLS_ALERT_DESC_UNKNOWN_PSK_IDENTITY = 115, 64 + TLS_ALERT_DESC_CERTIFICATE_REQUIRED = 116, 65 + TLS_ALERT_DESC_NO_APPLICATION_PROTOCOL = 120, 66 + }; 67 + 26 68 #endif /* _TLS_PROT_H */