From: Sabrina Dubroca <sd@queasysnail.net>
To: Apoorv Kothari <apoorvko@amazon.com>
Cc: fkrenzel@redhat.com, kuniyu@amazon.com, netdev@vger.kernel.org
Subject: Re: [PATCH net-next 3/5] tls: implement rekey for TLS1.3
Date: Thu, 19 Jan 2023 16:16:47 +0100 [thread overview]
Message-ID: <Y8le3yLjpEGSm5gH@hog> (raw)
In-Reply-To: <20230119012546.36951-1-apoorvko@amazon.com>
2023-01-18, 17:25:46 -0800, Apoorv Kothari wrote:
> > 2023-01-17, 15:16:33 -0800, Kuniyuki Iwashima wrote:
> > > Hi,
> > >
> > > Thanks for posting this series!
> > > We were working on the same feature.
> > > CC Apoorv from s2n team.
> >
> > Ah, cool. Does the behavior in those patches match what your
> > implementation?
>
> Thanks for submitting this, it looks great! We are working on testing this now.
>
> >
> > [...]
> > > > diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> > > > index fb1da1780f50..9be82aecd13e 100644
> > > > --- a/net/tls/tls_main.c
> > > > +++ b/net/tls/tls_main.c
> > > > @@ -669,9 +669,12 @@ static int tls_getsockopt(struct sock *sk, int level, int optname,
> > > > static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
> > > > unsigned int optlen, int tx)
> > > > {
> > > > + union tls_crypto_context tmp = {};
> > > > + struct tls_crypto_info *old_crypto_info = NULL;
> > > > struct tls_crypto_info *crypto_info;
> > > > struct tls_crypto_info *alt_crypto_info;
> > > > struct tls_context *ctx = tls_get_ctx(sk);
> > > > + bool update = false;
> > > > size_t optsize;
> > > > int rc = 0;
> > > > int conf;
> > > > @@ -687,9 +690,17 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
> > > > alt_crypto_info = &ctx->crypto_send.info;
> > > > }
> > > >
> > > > - /* Currently we don't support set crypto info more than one time */
> > > > - if (TLS_CRYPTO_INFO_READY(crypto_info))
> > > > - return -EBUSY;
> > > > + if (TLS_CRYPTO_INFO_READY(crypto_info)) {
> > > > + /* Currently we only support setting crypto info more
> > > > + * than one time for TLS 1.3
> > > > + */
> > > > + if (crypto_info->version != TLS_1_3_VERSION)
> > > > + return -EBUSY;
> > > > +
> > >
> > > Should we check this ?
> > >
> > > if (!tx && !key_update_pending)
> > > return -EBUSY;
> > >
> > > Otherwise we can set a new RX key even if the other end has not sent
> > > KeyUpdateRequest.
> >
> > Maybe. My thinking was "let userspace shoot itself in the foot if it
> > wants".
>
> I feel avoiding foot-guns is probably the correct thing to do. The RFC also has
> a requirement that re-key(process messages with new key) should only happen after
> a KeyUpdate is received so it would be nice if the kTLS implemention can help
> enforce this.
>
> Based on the RFC https://www.rfc-editor.org/rfc/rfc8446#section-4.6.3:
> Additionally, both sides MUST enforce that a KeyUpdate
> with the old key is received before accepting any messages encrypted
> with the new key. Failure to do so may allow message truncation
> attacks.
Ok. I'll add that in v2, unless someone is strongly against it.
Thanks.
--
Sabrina
next prev parent reply other threads:[~2023-01-19 15:18 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-17 13:45 [PATCH net-next 0/5] tls: implement key updates for TLS1.3 Sabrina Dubroca
2023-01-17 13:45 ` [PATCH net-next 1/5] tls: remove tls_context argument from tls_set_sw_offload Sabrina Dubroca
2023-01-18 23:12 ` Vadim Fedorenko
2023-01-17 13:45 ` [PATCH net-next 2/5] tls: block decryption when a rekey is pending Sabrina Dubroca
2023-01-19 2:10 ` [PATCH net-next 0/5] tls: implement key updates for TLS1.3 Apoorv Kothari
2023-01-17 13:45 ` [PATCH net-next 3/5] tls: implement rekey " Sabrina Dubroca
2023-01-17 23:16 ` Kuniyuki Iwashima
2023-01-18 10:38 ` Sabrina Dubroca
2023-01-19 1:25 ` Apoorv Kothari
2023-01-19 15:16 ` Sabrina Dubroca [this message]
2023-01-18 23:10 ` Vadim Fedorenko
2023-01-19 15:14 ` Sabrina Dubroca
2023-01-17 13:45 ` [PATCH net-next 4/5] selftests: tls: add key_generation argument to tls_crypto_info_init Sabrina Dubroca
2023-01-17 13:45 ` [PATCH net-next 5/5] selftests: tls: add rekey tests Sabrina Dubroca
2023-01-20 6:51 ` Apoorv Kothari
2023-01-18 2:03 ` [PATCH net-next 0/5] tls: implement key updates for TLS1.3 Jakub Kicinski
2023-01-18 10:06 ` Sabrina Dubroca
2023-01-19 2:55 ` Jakub Kicinski
2023-01-19 9:27 ` Gal Pressman
2023-01-23 10:13 ` Boris Pismenny
2023-01-24 15:56 ` Sabrina Dubroca
2023-01-25 18:47 ` Apoorv Kothari
2023-01-25 18:57 ` Jakub Kicinski
2023-01-25 21:17 ` Simo Sorce
2023-01-25 22:43 ` Jakub Kicinski
2023-01-25 23:05 ` Simo Sorce
2023-01-25 23:08 ` Jakub Kicinski
2023-01-25 23:52 ` Simo Sorce
2023-01-19 15:40 ` Sabrina Dubroca
2023-01-19 17:00 ` Jakub Kicinski
2023-01-19 20:51 ` Apoorv Kothari
2023-01-20 1:37 ` Vadim Fedorenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y8le3yLjpEGSm5gH@hog \
--to=sd@queasysnail.net \
--cc=apoorvko@amazon.com \
--cc=fkrenzel@redhat.com \
--cc=kuniyu@amazon.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.