From: Hannes Reinecke <hare@suse.de>
To: Alistair Francis <alistair23@gmail.com>
Cc: chuck.lever@oracle.com, hare@kernel.org,
kernel-tls-handshake@lists.linux.dev, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-nvme@lists.infradead.org, linux-nfs@vger.kernel.org,
kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me,
kch@nvidia.com, Alistair Francis <alistair.francis@wdc.com>
Subject: Re: [PATCH v4 4/7] net/handshake: Support KeyUpdate message types
Date: Wed, 22 Oct 2025 09:03:06 +0200 [thread overview]
Message-ID: <7afb2fc0-0da5-4539-a1a4-87360186cf65@suse.de> (raw)
In-Reply-To: <CAKmqyKNSV1GdipOrOs3csyoTMKX1+mxTgxnOq9xnb3vmRN0RgA@mail.gmail.com>
On 10/22/25 06:40, Alistair Francis wrote:
> On Tue, Oct 21, 2025 at 1:19 PM Alistair Francis <alistair23@gmail.com> wrote:
>>
>> On Mon, Oct 20, 2025 at 4:09 PM Hannes Reinecke <hare@suse.de> wrote:
>>>
>>> On 10/17/25 06:23, alistair23@gmail.com wrote:
>>>> From: Alistair Francis <alistair.francis@wdc.com>
>>>>
[ .. ]>>>> @@ -372,6 +384,44 @@ int tls_client_hello_psk(const struct
tls_handshake_args *args, gfp_t flags)
>>>> }
>>>> EXPORT_SYMBOL(tls_client_hello_psk);
>>>>
>>>> +/**
>>>> + * tls_client_keyupdate_psk - request a PSK-based TLS handshake on a socket
>>>> + * @args: socket and handshake parameters for this request
>>>> + * @flags: memory allocation control flags
>>>> + * @keyupdate: specifies the type of KeyUpdate operation
>>>> + *
>>>> + * Return values:
>>>> + * %0: Handshake request enqueue; ->done will be called when complete
>>>> + * %-EINVAL: Wrong number of local peer IDs
>>>> + * %-ESRCH: No user agent is available
>>>> + * %-ENOMEM: Memory allocation failed
>>>> + */
>>>> +int tls_client_keyupdate_psk(const struct tls_handshake_args *args, gfp_t flags,
>>>> + handshake_key_update_type keyupdate)
>>>> +{
>>>> + struct tls_handshake_req *treq;
>>>> + struct handshake_req *req;
>>>> + unsigned int i;
>>>> +
>>>> + if (!args->ta_num_peerids ||
>>>> + args->ta_num_peerids > ARRAY_SIZE(treq->th_peerid))
>>>> + return -EINVAL;
>>>> +
>>>> + req = handshake_req_alloc(&tls_handshake_proto, flags);
>>>> + if (!req)
>>>> + return -ENOMEM;
>>>> + treq = tls_handshake_req_init(req, args);
>>>> + treq->th_type = HANDSHAKE_MSG_TYPE_CLIENTKEYUPDATE;
>>>> + treq->th_key_update_request = keyupdate;
>>>> + treq->th_auth_mode = HANDSHAKE_AUTH_PSK;
>>>> + treq->th_num_peerids = args->ta_num_peerids;
>>>> + for (i = 0; i < args->ta_num_peerids; i++)
>>>> + treq->th_peerid[i] = args->ta_my_peerids[i];
>>> Hmm?
>>> Do we use the 'peerids'?
>>
>> We don't, this is just copied from the
>> tls_client_hello_psk()/tls_server_hello_psk() to provide the same
>> information to keep things more consistent.
>>
>> I can remove setting these
>
> Actually, ktls-utils (tlshd) expects these to be set, so I think we
> should leave them as is
>
Can't we rather fix up tlshd?
It feels really pointless, erroring out on values which are completely
irrelevant for the operation...
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
next prev parent reply other threads:[~2025-10-22 7:03 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-17 4:23 [PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests alistair23
2025-10-17 4:23 ` [PATCH v4 1/7] net/handshake: Store the key serial number on completion alistair23
2025-10-17 14:37 ` Chuck Lever
2025-10-17 4:23 ` [PATCH v4 2/7] net/handshake: Define handshake_sk_destruct_req alistair23
2025-10-17 4:23 ` [PATCH v4 3/7] net/handshake: Ensure the request is destructed on completion alistair23
2025-10-17 4:23 ` [PATCH v4 4/7] net/handshake: Support KeyUpdate message types alistair23
2025-10-20 6:09 ` Hannes Reinecke
2025-10-21 3:19 ` Alistair Francis
2025-10-22 4:40 ` Alistair Francis
2025-10-22 7:03 ` Hannes Reinecke [this message]
2025-10-22 23:47 ` Alistair Francis
2025-10-17 4:23 ` [PATCH v4 5/7] nvme-tcp: Support KeyUpdate alistair23
2025-10-17 4:29 ` Christoph Hellwig
2025-10-20 6:22 ` Hannes Reinecke
2025-10-22 4:35 ` Alistair Francis
2025-10-22 6:56 ` Hannes Reinecke
2025-10-22 11:16 ` Alistair Francis
2025-10-17 4:23 ` [PATCH v4 6/7] nvme-tcp: Allow userspace to trigger a KeyUpdate with debugfs alistair23
2025-10-17 4:31 ` Christoph Hellwig
2025-10-20 6:33 ` Hannes Reinecke
2025-10-17 4:23 ` [PATCH v4 7/7] nvmet-tcp: Support KeyUpdate alistair23
2025-10-20 6:26 ` Hannes Reinecke
2025-10-20 17:46 ` [PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests Hannes Reinecke
2025-10-21 1:01 ` Alistair Francis
2025-10-21 6:40 ` Hannes Reinecke
2025-10-22 4:39 ` Alistair Francis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7afb2fc0-0da5-4539-a1a4-87360186cf65@suse.de \
--to=hare@suse.de \
--cc=alistair.francis@wdc.com \
--cc=alistair23@gmail.com \
--cc=axboe@kernel.dk \
--cc=chuck.lever@oracle.com \
--cc=hare@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=kch@nvidia.com \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=netdev@vger.kernel.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox