net: tls: export protocol version, cipher, tx_conf/rx_conf to socket diag

author Davide Caratti <dcaratti@redhat.com>

Fri, 30 Aug 2019 10:25:49 +0000 (12:25 +0200)

committer David S. Miller <davem@davemloft.net>

Sun, 1 Sep 2019 06:44:28 +0000 (23:44 -0700)
author Davide Caratti <dcaratti@redhat.com>
Fri, 30 Aug 2019 10:25:49 +0000 (12:25 +0200)
committer David S. Miller <davem@davemloft.net>
Sun, 1 Sep 2019 06:44:28 +0000 (23:44 -0700)
diff --git a/include/net/tls.h b/include/net/tls.h

index 4997742475cd08d5b6e66a242073fd5c69040f51..ec3c3ed2c6c314fb8e91d898ca05c43e689718cf 100644 (file)
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -431,6 +431,23 @@ static inline bool is_tx_ready(struct tls_sw_context_tx *ctx)
         return READ_ONCE(rec->tx_ready);
  }
  
+static inline u16 tls_user_config(struct tls_context *ctx, bool tx)
+{
+       u16 config = tx ? ctx->tx_conf : ctx->rx_conf;
+
+       switch (config) {
+       case TLS_BASE:
+               return TLS_CONF_BASE;
+       case TLS_SW:
+               return TLS_CONF_SW;
+       case TLS_HW:
+               return TLS_CONF_HW;
+       case TLS_HW_RECORD:
+               return TLS_CONF_HW_RECORD;
+       }
+       return 0;
+}
+
  struct sk_buff *
  tls_validate_xmit_skb(struct sock *sk, struct net_device *dev,
                       struct sk_buff *skb);
diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h

index e2c6273274f3aad7269be98bce21ba82d991ebd9..a1ff345b3f3372b6195d5fca8695d8abe898ffcc 100644 (file)
--- a/include/uapi/linux/inet_diag.h
+++ b/include/uapi/linux/inet_diag.h
@@ -162,6 +162,7 @@ enum {
  enum {
         INET_ULP_INFO_UNSPEC,
         INET_ULP_INFO_NAME,
+       INET_ULP_INFO_TLS,
         __INET_ULP_INFO_MAX,
  };
  #define INET_ULP_INFO_MAX (__INET_ULP_INFO_MAX - 1)
diff --git a/include/uapi/linux/tls.h b/include/uapi/linux/tls.h

index 5b9c26753e465aaf5ea40e0b346f60196e6e443a..bcd2869ed472f8ddff64c9c584de44ff4cf90826 100644 (file)
--- a/include/uapi/linux/tls.h
+++ b/include/uapi/linux/tls.h
@@ -109,4 +109,19 @@ struct tls12_crypto_info_aes_ccm_128 {
         unsigned char rec_seq[TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE];
  };
  
+enum {
+       TLS_INFO_UNSPEC,
+       TLS_INFO_VERSION,
+       TLS_INFO_CIPHER,
+       TLS_INFO_TXCONF,
+       TLS_INFO_RXCONF,
+       __TLS_INFO_MAX,
+};
+#define TLS_INFO_MAX (__TLS_INFO_MAX - 1)
+
+#define TLS_CONF_BASE 1
+#define TLS_CONF_SW 2
+#define TLS_CONF_HW 3
+#define TLS_CONF_HW_RECORD 4
+
  #endif /* _UAPI_LINUX_TLS_H */
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c

index f8f2d2c3d627ce50171eec6db2e1f28053875323..277f7c209fed1b57505bc3474cffcd40a9ae4475 100644 (file)
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -39,6 +39,7 @@
  #include <linux/netdevice.h>
  #include <linux/sched/signal.h>
  #include <linux/inetdevice.h>
+#include <linux/inet_diag.h>
  
  #include <net/tls.h>
  
@@ -835,6 +836,67 @@ static void tls_update(struct sock *sk, struct proto *p)
         }
  }
  
+static int tls_get_info(const struct sock *sk, struct sk_buff *skb)
+{
+       u16 version, cipher_type;
+       struct tls_context *ctx;
+       struct nlattr *start;
+       int err;
+
+       start = nla_nest_start_noflag(skb, INET_ULP_INFO_TLS);
+       if (!start)
+               return -EMSGSIZE;
+
+       rcu_read_lock();
+       ctx = rcu_dereference(inet_csk(sk)->icsk_ulp_data);
+       if (!ctx) {
+               err = 0;
+               goto nla_failure;
+       }
+       version = ctx->prot_info.version;
+       if (version) {
+               err = nla_put_u16(skb, TLS_INFO_VERSION, version);
+               if (err)
+                       goto nla_failure;
+       }
+       cipher_type = ctx->prot_info.cipher_type;
+       if (cipher_type) {
+               err = nla_put_u16(skb, TLS_INFO_CIPHER, cipher_type);
+               if (err)
+                       goto nla_failure;
+       }
+       err = nla_put_u16(skb, TLS_INFO_TXCONF, tls_user_config(ctx, true));
+       if (err)
+               goto nla_failure;
+
+       err = nla_put_u16(skb, TLS_INFO_RXCONF, tls_user_config(ctx, false));
+       if (err)
+               goto nla_failure;
+
+       rcu_read_unlock();
+       nla_nest_end(skb, start);
+       return 0;
+
+nla_failure:
+       rcu_read_unlock();
+       nla_nest_cancel(skb, start);
+       return err;
+}
+
+static size_t tls_get_info_size(const struct sock *sk)
+{
+       size_t size = 0;
+
+       size += nla_total_size(0) +             /* INET_ULP_INFO_TLS */
+               nla_total_size(sizeof(u16)) +   /* TLS_INFO_VERSION */
+               nla_total_size(sizeof(u16)) +   /* TLS_INFO_CIPHER */
+               nla_total_size(sizeof(u16)) +   /* TLS_INFO_RXCONF */
+               nla_total_size(sizeof(u16)) +   /* TLS_INFO_TXCONF */
+               0;
+
+       return size;
+}
+
  void tls_register_device(struct tls_device *device)
  {
         spin_lock_bh(&device_spinlock);
@@ -856,6 +918,8 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = {
         .owner                  = THIS_MODULE,
         .init                   = tls_init,
         .update                 = tls_update,
+       .get_info               = tls_get_info,
+       .get_info_size          = tls_get_info_size,
  };
  
  static int __init tls_register(void)
author	Davide Caratti <dcaratti@redhat.com>
	Fri, 30 Aug 2019 10:25:49 +0000 (12:25 +0200)
committer	David S. Miller <davem@davemloft.net>
	Sun, 1 Sep 2019 06:44:28 +0000 (23:44 -0700)
include/net/tls.h		patch \| blob \| history
include/uapi/linux/inet_diag.h		patch \| blob \| history
include/uapi/linux/tls.h		patch \| blob \| history
net/tls/tls_main.c		patch \| blob \| history