Re: [PATCH net-next v4 1/6] tls: block decryption when a rekey is pending

All of lore.kernel.org
 help / color / mirror / Atom feed

From: <Parthiban.Veerasooran@microchip.com>
To: <sd@queasysnail.net>
Cc: <vfedorenko@novek.ru>, <fkrenzel@redhat.com>, <kuba@kernel.org>,
	<kuniyu@amazon.com>, <apoorvko@amazon.com>, <borisp@nvidia.com>,
	<john.fastabend@gmail.com>, <shuah@kernel.org>,
	<linux-kselftest@vger.kernel.org>, <gal@nvidia.com>,
	<marcel@holtmann.org>, <horms@kernel.org>,
	<netdev@vger.kernel.org>
Subject: Re: [PATCH net-next v4 1/6] tls: block decryption when a rekey is pending
Date: Thu, 5 Dec 2024 12:30:49 +0000	[thread overview]
Message-ID: <fd808dab-1fbe-4530-970a-2b02fb27fc1e@microchip.com> (raw)
In-Reply-To: <327cb575d15fa5c5379f9c38a5132d78953fb648.1731597571.git.sd@queasysnail.net>

Hi,

On 14/11/24 9:20 pm, Sabrina Dubroca wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> 
> When a TLS handshake record carrying a KeyUpdate message is received,
> all subsequent records will be encrypted with a new key. We need to
> stop decrypting incoming records with the old key, and wait until
> userspace provides a new key.
> 
> Make a note of this in the RX context just after decrypting that
> record, and stop recvmsg/splice calls with EKEYEXPIRED until the new
> key is available.
> 
> key_update_pending can't be combined with the existing bitfield,
> because we will read it locklessly in ->poll.
> 
> v3:
>   - move key_update_pending check into tls_rx_rec_wait (Jakub)
>   - TLS_RECORD_TYPE_HANDSHAKE was added to include/net/tls_prot.h by
>     the tls handshake series, drop that from this patch
>   - move key_update_pending into an existing hole
> 
> v4:
>   - flip TLS_RECORD_TYPE_HANDSHAKE test and use likely() (Jakub)
>   - pass ctx rather than sk to tls_check_pending_rekey (Jakub)
>   - use WRITE_ONCE to set key_update_pending to pair with ->poll's
>     lockless read
> 
> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
> ---
>   include/net/tls.h |  3 +++
>   net/tls/tls_sw.c  | 35 +++++++++++++++++++++++++++++++++++
>   2 files changed, 38 insertions(+)
> 
> diff --git a/include/net/tls.h b/include/net/tls.h
> index 3a33924db2bc..870e4421c599 100644
> --- a/include/net/tls.h
> +++ b/include/net/tls.h
> @@ -59,6 +59,8 @@ struct tls_rec;
> 
>   #define TLS_CRYPTO_INFO_READY(info)    ((info)->cipher_type)
> 
> +#define TLS_HANDSHAKE_KEYUPDATE                24      /* rfc8446 B.3: Key update */
> +
>   #define TLS_AAD_SPACE_SIZE             13
> 
>   #define TLS_MAX_IV_SIZE                        16
> @@ -130,6 +132,7 @@ struct tls_sw_context_rx {
>          u8 async_capable:1;
>          u8 zc_capable:1;
>          u8 reader_contended:1;
> +       bool key_update_pending;
> 
>          struct tls_strparser strp;
> 
> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
> index bbf26cc4f6ee..db98710c4810 100644
> --- a/net/tls/tls_sw.c
> +++ b/net/tls/tls_sw.c
> @@ -1314,6 +1314,10 @@ tls_rx_rec_wait(struct sock *sk, struct sk_psock *psock, bool nonblock,
>          int ret = 0;
>          long timeo;
> 
> +       /* a rekey is pending, let userspace deal with it */
> +       if (unlikely(ctx->key_update_pending))
> +               return -EKEYEXPIRED;
> +
>          timeo = sock_rcvtimeo(sk, nonblock);
> 
>          while (!tls_strp_msg_ready(ctx)) {
> @@ -1720,6 +1724,32 @@ tls_decrypt_device(struct sock *sk, struct msghdr *msg,
>          return 1;
>   }
> 
> +static int tls_check_pending_rekey(struct tls_context *ctx, struct sk_buff *skb)
> +{
> +       const struct tls_msg *tlm = tls_msg(skb);
> +       const struct strp_msg *rxm = strp_msg(skb);
Missing reverse xmas tree format.
> +       char hs_type;
> +       int err;
> +
> +       if (likely(tlm->control != TLS_RECORD_TYPE_HANDSHAKE))
> +               return 0;
> +
> +       if (rxm->full_len < 1)
> +               return -EINVAL;
> +
> +       err = skb_copy_bits(skb, rxm->offset, &hs_type, 1);
> +       if (err < 0)
> +               return err;
> +
> +       if (hs_type == TLS_HANDSHAKE_KEYUPDATE) {
> +               struct tls_sw_context_rx *rx_ctx = ctx->priv_ctx_rx;
> +
> +               WRITE_ONCE(rx_ctx->key_update_pending, true);
> +       }
> +
> +       return 0;
> +}
> +
>   static int tls_rx_one_record(struct sock *sk, struct msghdr *msg,
>                               struct tls_decrypt_arg *darg)
>   {
> @@ -1739,6 +1769,10 @@ static int tls_rx_one_record(struct sock *sk, struct msghdr *msg,
>          rxm->full_len -= prot->overhead_size;
>          tls_advance_record_sn(sk, prot, &tls_ctx->rx);
> 
> +       err = tls_check_pending_rekey(tls_ctx, darg->skb);
I think you can directly return from here.

Best regards,
Parthiban V
> +       if (err < 0)
> +               return err;
> +
>          return 0;
>   }
> 
> @@ -2719,6 +2753,7 @@ int tls_set_sw_offload(struct sock *sk, int tx)
>                  crypto_info = &ctx->crypto_recv.info;
>                  cctx = &ctx->rx;
>                  aead = &sw_ctx_rx->aead_recv;
> +               sw_ctx_rx->key_update_pending = false;
>          }
> 
>          cipher_desc = get_cipher_desc(crypto_info->cipher_type);
> --
> 2.47.0
> 
>

next prev parent reply	other threads:[~2024-12-05 12:30 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-14 15:50 [PATCH net-next v4 0/6] tls: implement key updates for TLS1.3 Sabrina Dubroca
2024-11-14 15:50 ` [PATCH net-next v4 1/6] tls: block decryption when a rekey is pending Sabrina Dubroca
2024-12-04  3:47   ` Jakub Kicinski
2024-12-10 16:16     ` Sabrina Dubroca
2024-12-10 23:33       ` Jakub Kicinski
2024-12-05 12:30   ` Parthiban.Veerasooran [this message]
2024-11-14 15:50 ` [PATCH net-next v4 2/6] tls: implement rekey for TLS1.3 Sabrina Dubroca
2024-12-04  3:58   ` Jakub Kicinski
2024-11-14 15:50 ` [PATCH net-next v4 3/6] tls: add counters for rekey Sabrina Dubroca
2024-12-04  3:54   ` Jakub Kicinski
2024-12-05 11:29     ` Sabrina Dubroca
2024-11-14 15:50 ` [PATCH net-next v4 4/6] docs: tls: document TLS1.3 key updates Sabrina Dubroca
2024-12-04  3:51   ` Jakub Kicinski
2024-12-05 11:06     ` Sabrina Dubroca
2024-12-06  0:34       ` Jakub Kicinski
2024-11-14 15:50 ` [PATCH net-next v4 5/6] selftests: tls: add key_generation argument to tls_crypto_info_init Sabrina Dubroca
2024-11-14 15:50 ` [PATCH net-next v4 6/6] selftests: tls: add rekey tests Sabrina Dubroca
2024-11-19  3:41 ` [PATCH net-next v4 0/6] tls: implement key updates for TLS1.3 Jakub Kicinski
2024-12-03 16:16   ` Sabrina Dubroca
2024-12-04  4:02     ` Jakub Kicinski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fd808dab-1fbe-4530-970a-2b02fb27fc1e@microchip.com \
    --to=parthiban.veerasooran@microchip.com \
    --cc=apoorvko@amazon.com \
    --cc=borisp@nvidia.com \
    --cc=fkrenzel@redhat.com \
    --cc=gal@nvidia.com \
    --cc=horms@kernel.org \
    --cc=john.fastabend@gmail.com \
    --cc=kuba@kernel.org \
    --cc=kuniyu@amazon.com \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=marcel@holtmann.org \
    --cc=netdev@vger.kernel.org \
    --cc=sd@queasysnail.net \
    --cc=shuah@kernel.org \
    --cc=vfedorenko@novek.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.