| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250815050210.1518439-8-alistair.francis@wdc.com>
Date: Fri, 15 Aug 2025 15:02:09 +1000
From: alistair23@...il.com
To: chuck.lever@...cle.com,
hare@...nel.org,
kernel-tls-handshake@...ts.linux.dev,
netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org,
linux-nvme@...ts.infradead.org,
linux-nfs@...r.kernel.org
Cc: kbusch@...nel.org,
axboe@...nel.dk,
hch@....de,
sagi@...mberg.me,
kch@...dia.com,
alistair23@...il.com,
Alistair Francis <alistair.francis@....com>
Subject: [PATCH 7/8] net/handshake: Support decoding the HandshakeType
From: Alistair Francis <alistair.francis@....com>
Support decoding the HandshakeType as part of the TLS handshake
protocol.
Link: https://datatracker.ietf.org/doc/html/rfc8446#section-4
Signed-off-by: Alistair Francis <alistair.francis@....com>
---
include/net/handshake.h | 1 +
include/net/tls_prot.h | 17 +++++++++++++++++
net/handshake/alert.c | 26 ++++++++++++++++++++++++++
3 files changed, 44 insertions(+)
diff --git a/include/net/handshake.h b/include/net/handshake.h
index 8f791c55edc9..d13dc6299c37 100644
--- a/include/net/handshake.h
+++ b/include/net/handshake.h
@@ -54,6 +54,7 @@ void handshake_sk_destruct_req(struct sock *sk);
bool handshake_req_cancel(struct sock *sk);
u8 tls_get_record_type(const struct sock *sk, const struct cmsghdr *msg);
+u8 tls_get_handshake_type(const struct sock *sk, const struct cmsghdr *cmsg);
void tls_alert_recv(const struct sock *sk, const struct msghdr *msg,
u8 *level, u8 *description);
diff --git a/include/net/tls_prot.h b/include/net/tls_prot.h
index 68a40756440b..5125e7c22cb3 100644
--- a/include/net/tls_prot.h
+++ b/include/net/tls_prot.h
@@ -23,6 +23,23 @@ enum {
TLS_RECORD_TYPE_ACK = 26,
};
+/*
+ * TLS Record protocol: HandshakeType
+ */
+enum {
+ TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1,
+ TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2,
+ TLS_HANDSHAKE_TYPE_NEW_SESSION_TICKET = 4,
+ TLS_HANDSHAKE_TYPE_END_OF_EARLY_DATA = 5,
+ TLS_HANDSHAKE_TYPE_ENCRYPTED_EXTENSIONS = 8,
+ TLS_HANDSHAKE_TYPE_CERTIFICATE = 11,
+ TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13,
+ TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15,
+ TLS_HANDSHAKE_TYPE_FINISHED = 20,
+ TLS_HANDSHAKE_TYPE_KEY_UPDATE = 24,
+ TLS_HANDSHAKE_TYPE_MESSAGE_HASH = 254,
+};
+
/*
* TLS Alert protocol: AlertLevel
*/
diff --git a/net/handshake/alert.c b/net/handshake/alert.c
index 329d91984683..7e16ef5ed913 100644
--- a/net/handshake/alert.c
+++ b/net/handshake/alert.c
@@ -86,6 +86,32 @@ u8 tls_get_record_type(const struct sock *sk, const struct cmsghdr *cmsg)
}
EXPORT_SYMBOL(tls_get_record_type);
+/**
+ * tls_get_handshake_type - Look for TLS HANDSHAKE_TYPE information
+ * @sk: socket (for IP address information)
+ * @cmsg: incoming message to be parsed
+ *
+ * Returns zero or a TLS_HANDSHAKE_TYPE value.
+ */
+u8 tls_get_handshake_type(const struct sock *sk, const struct cmsghdr *cmsg)
+{
+ u8 record_type, msg_type;
+
+ if (cmsg->cmsg_level != SOL_TLS)
+ return 0;
+ if (cmsg->cmsg_type != TLS_GET_RECORD_TYPE)
+ return 0;
+
+ record_type = *((u8 *)CMSG_DATA(cmsg));
+
+ if (record_type != TLS_RECORD_TYPE_HANDSHAKE)
+ return 0;
+
+ msg_type = *((u8 *)CMSG_DATA(cmsg) + 4);
+ return msg_type;
+}
+EXPORT_SYMBOL(tls_get_handshake_type);
+
/**
* tls_alert_recv - Parse TLS Alert messages
* @sk: socket (for IP address information)
--
2.50.1
Powered by blists - more mailing lists