KTLS: set key on specific interfaces

It is now possible to set key on specific interface.
If interface given is not ktls enabled then it will be ignored.

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

3 files changed, 14 insertions, 7 deletions

diff --git a/lib/handshake.c b/lib/handshake.c
index 21edc5ece9..cb2bc3ae9c 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -2924,7 +2924,7 @@ int gnutls_handshake(gnutls_session_t session)
 
 #ifdef ENABLE_KTLS
 	if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_DUPLEX)) {
-		_gnutls_ktls_set_keys(session);
+		_gnutls_ktls_set_keys(session, GNUTLS_KTLS_DUPLEX);
 	}
 #endif
 
diff --git a/lib/system/ktls.c b/lib/system/ktls.c
index ddf27fac76..70b9b9b3ac 100644
--- a/lib/system/ktls.c
+++ b/lib/system/ktls.c
@@ -80,7 +80,7 @@ void _gnutls_ktls_enable(gnutls_session_t session)
 	}
 }
 
-int _gnutls_ktls_set_keys(gnutls_session_t session)
+int _gnutls_ktls_set_keys(gnutls_session_t session, gnutls_transport_ktls_enable_flags_t in)
 {
 	gnutls_cipher_algorithm_t cipher = gnutls_cipher_get(session);
 	gnutls_datum_t mac_key;
@@ -107,7 +107,9 @@ int _gnutls_ktls_set_keys(gnutls_session_t session)
 		return ret;
 	}
 
-	if(session->internals.ktls_enabled & GNUTLS_KTLS_RECV){
+	in &= session->internals.ktls_enabled;
+
+	if(in & GNUTLS_KTLS_RECV){
 		switch (cipher) {
 			case GNUTLS_CIPHER_AES_128_GCM:
 			{
@@ -191,7 +193,7 @@ int _gnutls_ktls_set_keys(gnutls_session_t session)
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 	}
 
-	if(session->internals.ktls_enabled & GNUTLS_KTLS_SEND){
+	if(in & GNUTLS_KTLS_SEND){
 		switch (cipher) {
 			case GNUTLS_CIPHER_AES_128_GCM:
 			{
@@ -269,7 +271,7 @@ int _gnutls_ktls_set_keys(gnutls_session_t session)
 		}
 	}
 
-	return 0;
+	return in;
 }
 
 ssize_t _gnutls_ktls_send_file(gnutls_session_t session, int fd,
@@ -465,7 +467,7 @@ gnutls_transport_is_ktls_enabled(gnutls_session_t session) {
 void _gnutls_ktls_enable(gnutls_session_t session) {
 }
 
-int _gnutls_ktls_set_keys(gnutls_session_t session) {
+int _gnutls_ktls_set_keys(gnutls_session_t sessioni, gnutls_transport_ktls_enable_flags_t in) {
 	return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
 }
 
diff --git a/lib/system/ktls.h b/lib/system/ktls.h
index 8a98a8eb8f..c8059092d0 100644
--- a/lib/system/ktls.h
+++ b/lib/system/ktls.h
@@ -4,14 +4,19 @@
 #include "gnutls_int.h"
 
 void _gnutls_ktls_enable(gnutls_session_t session);
-int _gnutls_ktls_set_keys(gnutls_session_t session);
+
+int _gnutls_ktls_set_keys(gnutls_session_t session, gnutls_transport_ktls_enable_flags_t in);
+
 ssize_t _gnutls_ktls_send_file(gnutls_session_t session, int fd,
 		off_t *offset, size_t count);
+
 int _gnutls_ktls_send_control_msg(gnutls_session_t session, unsigned char record_type,
 		const void *data, size_t data_size);
 #define _gnutls_ktls_send(x, y, z) _gnutls_ktls_send_control_msg(x, GNUTLS_APPLICATION_DATA, y, z);
+
 int _gnutls_ktls_recv_control_msg(gnutls_session_t session, unsigned char *record_type,
 		void *data, size_t data_size);
+
 int _gnutls_ktls_recv_int(gnutls_session_t session, content_type_t type, void *data, size_t data_size);
 #define _gnutls_ktls_recv(x, y, z) _gnutls_ktls_recv_int(x, GNUTLS_APPLICATION_DATA, y, z)