Skip to content

Commit cfc3d5a

Browse files
hreineckechucklever
hreinecke
authored and
chucklever
committed
tlshd: add 'keyring' handshake accept parameter
Add a new handshake parameter 'keyring' which holds the id of the keyring to use for looking up keys. This avoids having to hard-code the expected keyring in the configuration file. Signed-off-by: Hannes Reinecke <[email protected]>
1 parent 0cf7fe2 commit cfc3d5a

File tree

4 files changed

+16
-0
lines changed

4 files changed

+16
-0
lines changed

src/tlshd/handshake.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,9 @@ void tlshd_service_socket(void)
181181
out:
182182
tlshd_genl_done(&parms);
183183

184+
if (parms.keyring)
185+
keyctl_unlink(parms.keyring, KEY_SPEC_SESSION_KEYRING);
186+
184187
free(parms.peerids);
185188

186189
if (parms.session_status) {

src/tlshd/netlink.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ tlshd_accept_nl_policy[HANDSHAKE_A_ACCEPT_MAX + 1] = {
101101
[HANDSHAKE_A_ACCEPT_PEER_IDENTITY] = { .type = NLA_U32, },
102102
[HANDSHAKE_A_ACCEPT_CERTIFICATE] = { .type = NLA_NESTED, },
103103
[HANDSHAKE_A_ACCEPT_PEERNAME] = { .type = NLA_STRING, },
104+
[HANDSHAKE_A_ACCEPT_KEYRING] = { .type = NLA_U32, },
104105
};
105106

106107
static int tlshd_genl_event_handler(struct nl_msg *msg,
@@ -267,11 +268,21 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
267268
parms->handshake_type = nla_get_u32(tb[HANDSHAKE_A_ACCEPT_MESSAGE_TYPE]);
268269
if (tb[HANDSHAKE_A_ACCEPT_PEERNAME])
269270
peername = nla_get_string(tb[HANDSHAKE_A_ACCEPT_PEERNAME]);
271+
if (tb[HANDSHAKE_A_ACCEPT_KEYRING])
272+
parms->keyring = nla_get_u32(tb[HANDSHAKE_A_ACCEPT_KEYRING]);
270273
if (tb[HANDSHAKE_A_ACCEPT_TIMEOUT])
271274
parms->timeout_ms = nla_get_u32(tb[HANDSHAKE_A_ACCEPT_TIMEOUT]);
272275
if (tb[HANDSHAKE_A_ACCEPT_AUTH_MODE])
273276
parms->auth_mode = nla_get_u32(tb[HANDSHAKE_A_ACCEPT_AUTH_MODE]);
274277

278+
if (parms->keyring) {
279+
err = keyctl_link(parms->keyring, KEY_SPEC_SESSION_KEYRING);
280+
if (err < 0) {
281+
tlshd_log_debug("Failed to link keyring %lx error %d\n",
282+
parms->keyring, errno);
283+
}
284+
}
285+
275286
tlshd_parse_peer_identity(parms, tb[HANDSHAKE_A_ACCEPT_PEER_IDENTITY]);
276287
tlshd_parse_certificate(parms, tb[HANDSHAKE_A_ACCEPT_CERTIFICATE]);
277288

src/tlshd/netlink.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ enum {
4545
HANDSHAKE_A_ACCEPT_PEER_IDENTITY,
4646
HANDSHAKE_A_ACCEPT_CERTIFICATE,
4747
HANDSHAKE_A_ACCEPT_PEERNAME,
48+
HANDSHAKE_A_ACCEPT_KEYRING,
4849

4950
__HANDSHAKE_A_ACCEPT_MAX,
5051
HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1)

src/tlshd/tlshd.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ struct tlshd_handshake_parms {
3636
uint32_t handshake_type;
3737
unsigned int timeout_ms;
3838
uint32_t auth_mode;
39+
key_serial_t keyring;
3940
key_serial_t x509_cert;
4041
key_serial_t x509_privkey;
4142
key_serial_t *peerids;

0 commit comments

Comments
 (0)