net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'

Add a new netlink parameter 'HANDSHAKE_A_ACCEPT_KEYRING' to provide the serial number of the keyring to use. Signed-off-by: Hannes Reinecke <hare@kernel.org> Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Acked-by: Jakub Kicinski <kuba@kernel.org> Link: https://patch.msgid.link/20250701144657.104401-1-hare@kernel.org Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2025-08-15 06:01:56 +02:00 · 2025-07-01 16:46:57 +02:00 · 2025-07-01 16:46:57 +02:00 · e22da46850
commit e22da46850
parent 5d288658ee
3 changed files with 11 additions and 0 deletions
--- a/Documentation/netlink/specs/handshake.yaml
+++ b/Documentation/netlink/specs/handshake.yaml
@ -71,6 +71,9 @@ attribute-sets:
      -
        name: peername
        type: string
+      -
+        name: keyring
+        type: u32
  -
    name: done
    attributes:
@ -109,6 +112,7 @@ operations:
            - peer-identity
            - certificate
            - peername
+            - keyring
    -
      name: done
      doc: Handler reports handshake completion
--- a/include/uapi/linux/handshake.h
+++ b/include/uapi/linux/handshake.h
@ -45,6 +45,7 @@ enum {
 	HANDSHAKE_A_ACCEPT_PEER_IDENTITY,
 	HANDSHAKE_A_ACCEPT_CERTIFICATE,
 	HANDSHAKE_A_ACCEPT_PEERNAME,
+	HANDSHAKE_A_ACCEPT_KEYRING,

 	__HANDSHAKE_A_ACCEPT_MAX,
 	HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1)
--- a/net/handshake/tlshd.c
+++ b/net/handshake/tlshd.c
@ -230,6 +230,12 @@ static int tls_handshake_accept(struct handshake_req *req,
 		if (ret < 0)
 			goto out_cancel;
 	}
+	if (treq->th_keyring) {
+		ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_KEYRING,
+				  treq->th_keyring);
+		if (ret < 0)
+			goto out_cancel;
+	}

 	ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_AUTH_MODE,
 			  treq->th_auth_mode);