diff mbox series

[net-next,v1,2/7] net/tls: Add TLS Alert definitions

Message ID 168970677480.5330.16194452237553219882.stgit@oracle-102.nfsv4bat.org (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series In-kernel support for the TLS Alert protocol | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net-next, async
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1399 this patch: 1399
netdev/cc_maintainers success CCed 5 of 5 maintainers
netdev/build_clang success Errors and warnings before: 1371 this patch: 1371
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 1422 this patch: 1422
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 46 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Chuck Lever July 18, 2023, 6:59 p.m. UTC 
From: Chuck Lever <chuck.lever@oracle.com>

I'm about to add support for kernel handshake API consumers to send
TLS Alerts, so introduce the needed protocol definitions in the new
header tls_prot.h.

This presages support for Closure alerts. Also, support for alerts
is a pre-requite for handling session re-keying, where one peer will
signal the need for a re-key by sending a TLS Alert.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 include/net/tls_prot.h |   42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

Comments

Hannes Reinecke July 19, 2023, 7:40 a.m. UTC | #1 
On 7/18/23 20:59, Chuck Lever wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> I'm about to add support for kernel handshake API consumers to send
> TLS Alerts, so introduce the needed protocol definitions in the new
> header tls_prot.h.
> 
> This presages support for Closure alerts. Also, support for alerts
> is a pre-requite for handling session re-keying, where one peer will
> signal the need for a re-key by sending a TLS Alert.
> 
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>   include/net/tls_prot.h |   42 ++++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 42 insertions(+)
> 
> diff --git a/include/net/tls_prot.h b/include/net/tls_prot.h
> index 47d6cfd1619e..68a40756440b 100644
> --- a/include/net/tls_prot.h
> +++ b/include/net/tls_prot.h
> @@ -23,4 +23,46 @@ enum {
>   	TLS_RECORD_TYPE_ACK = 26,
>   };
>   
> +/*
> + * TLS Alert protocol: AlertLevel
> + */
> +enum {
> +	TLS_ALERT_LEVEL_WARNING = 1,
> +	TLS_ALERT_LEVEL_FATAL = 2,
> +};
> +
> +/*
> + * TLS Alert protocol: AlertDescription
> + */
> +enum {
> +	TLS_ALERT_DESC_CLOSE_NOTIFY = 0,
> +	TLS_ALERT_DESC_UNEXPECTED_MESSAGE = 10,
> +	TLS_ALERT_DESC_BAD_RECORD_MAC = 20,
> +	TLS_ALERT_DESC_RECORD_OVERFLOW = 22,
> +	TLS_ALERT_DESC_HANDSHAKE_FAILURE = 40,
> +	TLS_ALERT_DESC_BAD_CERTIFICATE = 42,
> +	TLS_ALERT_DESC_UNSUPPORTED_CERTIFICATE = 43,
> +	TLS_ALERT_DESC_CERTIFICATE_REVOKED = 44,
> +	TLS_ALERT_DESC_CERTIFICATE_EXPIRED = 45,
> +	TLS_ALERT_DESC_CERTIFICATE_UNKNOWN = 46,
> +	TLS_ALERT_DESC_ILLEGAL_PARAMETER = 47,
> +	TLS_ALERT_DESC_UNKNOWN_CA = 48,
> +	TLS_ALERT_DESC_ACCESS_DENIED = 49,
> +	TLS_ALERT_DESC_DECODE_ERROR = 50,
> +	TLS_ALERT_DESC_DECRYPT_ERROR = 51,
> +	TLS_ALERT_DESC_TOO_MANY_CIDS_REQUESTED	= 52,
> +	TLS_ALERT_DESC_PROTOCOL_VERSION = 70,
> +	TLS_ALERT_DESC_INSUFFICIENT_SECURITY = 71,
> +	TLS_ALERT_DESC_INTERNAL_ERROR = 80,
> +	TLS_ALERT_DESC_INAPPROPRIATE_FALLBACK = 86,
> +	TLS_ALERT_DESC_USER_CANCELED = 90,
> +	TLS_ALERT_DESC_MISSING_EXTENSION = 109,
> +	TLS_ALERT_DESC_UNSUPPORTED_EXTENSION = 110,
> +	TLS_ALERT_DESC_UNRECOGNIZED_NAME = 112,
> +	TLS_ALERT_DESC_BAD_CERTIFICATE_STATUS_RESPONSE = 113,
> +	TLS_ALERT_DESC_UNKNOWN_PSK_IDENTITY = 115,
> +	TLS_ALERT_DESC_CERTIFICATE_REQUIRED = 116,
> +	TLS_ALERT_DESC_NO_APPLICATION_PROTOCOL = 120,
> +};
> +
>   #endif /* _TLS_PROT_H */
> 
> 
> 
Reviewed-by: Hannes Reinecke <hare@suse.de>

Cheers,

Hannes
diff mbox series

Patch

diff --git a/include/net/tls_prot.h b/include/net/tls_prot.h
index 47d6cfd1619e..68a40756440b 100644
--- a/include/net/tls_prot.h
+++ b/include/net/tls_prot.h
@@ -23,4 +23,46 @@  enum {
 	TLS_RECORD_TYPE_ACK = 26,
 };
 
+/*
+ * TLS Alert protocol: AlertLevel
+ */
+enum {
+	TLS_ALERT_LEVEL_WARNING = 1,
+	TLS_ALERT_LEVEL_FATAL = 2,
+};
+
+/*
+ * TLS Alert protocol: AlertDescription
+ */
+enum {
+	TLS_ALERT_DESC_CLOSE_NOTIFY = 0,
+	TLS_ALERT_DESC_UNEXPECTED_MESSAGE = 10,
+	TLS_ALERT_DESC_BAD_RECORD_MAC = 20,
+	TLS_ALERT_DESC_RECORD_OVERFLOW = 22,
+	TLS_ALERT_DESC_HANDSHAKE_FAILURE = 40,
+	TLS_ALERT_DESC_BAD_CERTIFICATE = 42,
+	TLS_ALERT_DESC_UNSUPPORTED_CERTIFICATE = 43,
+	TLS_ALERT_DESC_CERTIFICATE_REVOKED = 44,
+	TLS_ALERT_DESC_CERTIFICATE_EXPIRED = 45,
+	TLS_ALERT_DESC_CERTIFICATE_UNKNOWN = 46,
+	TLS_ALERT_DESC_ILLEGAL_PARAMETER = 47,
+	TLS_ALERT_DESC_UNKNOWN_CA = 48,
+	TLS_ALERT_DESC_ACCESS_DENIED = 49,
+	TLS_ALERT_DESC_DECODE_ERROR = 50,
+	TLS_ALERT_DESC_DECRYPT_ERROR = 51,
+	TLS_ALERT_DESC_TOO_MANY_CIDS_REQUESTED	= 52,
+	TLS_ALERT_DESC_PROTOCOL_VERSION = 70,
+	TLS_ALERT_DESC_INSUFFICIENT_SECURITY = 71,
+	TLS_ALERT_DESC_INTERNAL_ERROR = 80,
+	TLS_ALERT_DESC_INAPPROPRIATE_FALLBACK = 86,
+	TLS_ALERT_DESC_USER_CANCELED = 90,
+	TLS_ALERT_DESC_MISSING_EXTENSION = 109,
+	TLS_ALERT_DESC_UNSUPPORTED_EXTENSION = 110,
+	TLS_ALERT_DESC_UNRECOGNIZED_NAME = 112,
+	TLS_ALERT_DESC_BAD_CERTIFICATE_STATUS_RESPONSE = 113,
+	TLS_ALERT_DESC_UNKNOWN_PSK_IDENTITY = 115,
+	TLS_ALERT_DESC_CERTIFICATE_REQUIRED = 116,
+	TLS_ALERT_DESC_NO_APPLICATION_PROTOCOL = 120,
+};
+
 #endif /* _TLS_PROT_H */