From: Alistair Francis <alistair.francis@xxxxxxx> Support decoding the HandshakeType as part of the TLS handshake protocol. Link: https://datatracker.ietf.org/doc/html/rfc8446#section-4 Signed-off-by: Alistair Francis <alistair.francis@xxxxxxx> --- include/net/handshake.h | 1 + include/net/tls_prot.h | 17 +++++++++++++++++ net/handshake/alert.c | 26 ++++++++++++++++++++++++++ 3 files changed, 44 insertions(+) diff --git a/include/net/handshake.h b/include/net/handshake.h index 8f791c55edc9..d13dc6299c37 100644 --- a/include/net/handshake.h +++ b/include/net/handshake.h @@ -54,6 +54,7 @@ void handshake_sk_destruct_req(struct sock *sk); bool handshake_req_cancel(struct sock *sk); u8 tls_get_record_type(const struct sock *sk, const struct cmsghdr *msg); +u8 tls_get_handshake_type(const struct sock *sk, const struct cmsghdr *cmsg); void tls_alert_recv(const struct sock *sk, const struct msghdr *msg, u8 *level, u8 *description); diff --git a/include/net/tls_prot.h b/include/net/tls_prot.h index 68a40756440b..5125e7c22cb3 100644 --- a/include/net/tls_prot.h +++ b/include/net/tls_prot.h @@ -23,6 +23,23 @@ enum { TLS_RECORD_TYPE_ACK = 26, }; +/* + * TLS Record protocol: HandshakeType + */ +enum { + TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1, + TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2, + TLS_HANDSHAKE_TYPE_NEW_SESSION_TICKET = 4, + TLS_HANDSHAKE_TYPE_END_OF_EARLY_DATA = 5, + TLS_HANDSHAKE_TYPE_ENCRYPTED_EXTENSIONS = 8, + TLS_HANDSHAKE_TYPE_CERTIFICATE = 11, + TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13, + TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15, + TLS_HANDSHAKE_TYPE_FINISHED = 20, + TLS_HANDSHAKE_TYPE_KEY_UPDATE = 24, + TLS_HANDSHAKE_TYPE_MESSAGE_HASH = 254, +}; + /* * TLS Alert protocol: AlertLevel */ diff --git a/net/handshake/alert.c b/net/handshake/alert.c index 329d91984683..7e16ef5ed913 100644 --- a/net/handshake/alert.c +++ b/net/handshake/alert.c @@ -86,6 +86,32 @@ u8 tls_get_record_type(const struct sock *sk, const struct cmsghdr *cmsg) } EXPORT_SYMBOL(tls_get_record_type); +/** + * tls_get_handshake_type - Look for TLS HANDSHAKE_TYPE information + * @sk: socket (for IP address information) + * @cmsg: incoming message to be parsed + * + * Returns zero or a TLS_HANDSHAKE_TYPE value. + */ +u8 tls_get_handshake_type(const struct sock *sk, const struct cmsghdr *cmsg) +{ + u8 record_type, msg_type; + + if (cmsg->cmsg_level != SOL_TLS) + return 0; + if (cmsg->cmsg_type != TLS_GET_RECORD_TYPE) + return 0; + + record_type = *((u8 *)CMSG_DATA(cmsg)); + + if (record_type != TLS_RECORD_TYPE_HANDSHAKE) + return 0; + + msg_type = *((u8 *)CMSG_DATA(cmsg) + 4); + return msg_type; +} +EXPORT_SYMBOL(tls_get_handshake_type); + /** * tls_alert_recv - Parse TLS Alert messages * @sk: socket (for IP address information) -- 2.50.1
