net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add a new netlink parameter 'HANDSHAKE_A_ACCEPT_KEYRING' to provide
the serial number of the keyring to use.

Signed-off-by: Hannes Reinecke <hare@kernel.org>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Link: https://patch.msgid.link/20250701144657.104401-1-hare@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

authored by

Hannes Reinecke and committed by

Paolo Abeni 8 months ago e22da468 5d288658

+11

3 changed files

expand all

Documentation

netlink

specs

handshake.yaml

include

uapi

linux

handshake.h

net

handshake

tlshd.c

Documentation/netlink/specs/handshake.yaml

··· 71 71 - 72 72 name: peername 73 73 type: string 74 + - 75 + name: keyring 76 + type: u32 74 77 - 75 78 name: done 76 79 attributes: ··· 112 109 - peer-identity 113 110 - certificate 114 111 - peername 112 + - keyring 115 113 - 116 114 name: done 117 115 doc: Handler reports handshake completion

include/uapi/linux/handshake.h

··· 45 45 HANDSHAKE_A_ACCEPT_PEER_IDENTITY, 46 46 HANDSHAKE_A_ACCEPT_CERTIFICATE, 47 47 HANDSHAKE_A_ACCEPT_PEERNAME, 48 + HANDSHAKE_A_ACCEPT_KEYRING, 48 49 49 50 __HANDSHAKE_A_ACCEPT_MAX, 50 51 HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1)

net/handshake/tlshd.c

··· 230 230 if (ret < 0) 231 231 goto out_cancel; 232 232 } 233 + if (treq->th_keyring) { 234 + ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_KEYRING, 235 + treq->th_keyring); 236 + if (ret < 0) 237 + goto out_cancel; 238 + } 233 239 234 240 ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_AUTH_MODE, 235 241 treq->th_auth_mode);