[net-next,v2,1/7] net/tls: Move TLS protocol elements to a separate header

Commit Message

Chuck Lever July 25, 2023, 8:35 p.m. UTC

From: Chuck Lever <chuck.lever@oracle.com>

Kernel TLS consumers will need definitions of various parts of the
TLS protocol, but often do not need the function declarations and
other infrastructure provided in <net/tls.h>.

Break out existing standardized protocol elements into a separate
header, and make room for a few more elements in subsequent patches.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 include/net/tls.h      |    5 +----
 include/net/tls_prot.h |   26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 include/net/tls_prot.h

Comments

Jakub Kicinski July 27, 2023, 4:36 a.m. UTC | #1

On Tue, 25 Jul 2023 16:35:51 -0400 Chuck Lever wrote:
> --- a/include/net/tls.h
> +++ b/include/net/tls.h
> @@ -45,6 +45,7 @@
>  
>  #include <net/net_namespace.h>
>  #include <net/tcp.h>
> +#include <net/tls_prot.h>

I'd be tempted to push this only to places that need it:

net/tls/tls.h
net/sunrpc/svcsock.c
net/sunrpc/xprtsock.c
drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c

to make rebuilds smaller. Bunch of ethernet drivers will get rebuilt
every time we touch this header, and they don't care about the proto
details.

But I'm probably overly sensitive to build times so up to you.

Chuck Lever July 27, 2023, 1:05 p.m. UTC | #2

> On Jul 27, 2023, at 12:36 AM, Jakub Kicinski <kuba@kernel.org> wrote:
> 
> On Tue, 25 Jul 2023 16:35:51 -0400 Chuck Lever wrote:
>> --- a/include/net/tls.h
>> +++ b/include/net/tls.h
>> @@ -45,6 +45,7 @@
>> 
>> #include <net/net_namespace.h>
>> #include <net/tcp.h>
>> +#include <net/tls_prot.h>
> 
> I'd be tempted to push this only to places that need it:
> 
> net/tls/tls.h
> net/sunrpc/svcsock.c
> net/sunrpc/xprtsock.c
> drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c
> 
> to make rebuilds smaller. Bunch of ethernet drivers will get rebuilt
> every time we touch this header, and they don't care about the proto
> details.

That's sensible -- actually that's the whole point of this patch.

I will respin.


> But I'm probably overly sensitive to build times so up to you.

--
Chuck Lever

Patch

diff --git a/include/net/tls.h b/include/net/tls.h
index 5e71dd3df8ca..10141be02b5e 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -45,6 +45,7 @@ 
 
 #include <net/net_namespace.h>
 #include <net/tcp.h>
+#include <net/tls_prot.h>
 #include <net/strparser.h>
 #include <crypto/aead.h>
 #include <uapi/linux/tls.h>
@@ -69,10 +70,6 @@  extern const struct tls_cipher_size_desc tls_cipher_size_desc[];
 
 #define TLS_CRYPTO_INFO_READY(info)	((info)->cipher_type)
 
-#define TLS_RECORD_TYPE_ALERT		0x15
-#define TLS_RECORD_TYPE_HANDSHAKE	0x16
-#define TLS_RECORD_TYPE_DATA		0x17
-
 #define TLS_AAD_SPACE_SIZE		13
 
 #define MAX_IV_SIZE			16
diff --git a/include/net/tls_prot.h b/include/net/tls_prot.h
new file mode 100644
index 000000000000..47d6cfd1619e
--- /dev/null
+++ b/include/net/tls_prot.h
@@ -0,0 +1,26 @@ 
+/* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */
+/*
+ * Copyright (c) 2023, Oracle and/or its affiliates.
+ *
+ * TLS Protocol definitions
+ *
+ * From https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
+ */
+
+#ifndef _TLS_PROT_H
+#define _TLS_PROT_H
+
+/*
+ * TLS Record protocol: ContentType
+ */
+enum {
+	TLS_RECORD_TYPE_CHANGE_CIPHER_SPEC = 20,
+	TLS_RECORD_TYPE_ALERT = 21,
+	TLS_RECORD_TYPE_HANDSHAKE = 22,
+	TLS_RECORD_TYPE_DATA = 23,
+	TLS_RECORD_TYPE_HEARTBEAT = 24,
+	TLS_RECORD_TYPE_TLS12_CID = 25,
+	TLS_RECORD_TYPE_ACK = 26,
+};
+
+#endif /* _TLS_PROT_H */