From: Wilfred Mallawa <wilfred.mallawa@wdc.com>
To: "kuba@kernel.org" <kuba@kernel.org>
Cc: "corbet@lwn.net" <corbet@lwn.net>,
"dlemoal@kernel.org" <dlemoal@kernel.org>,
"davem@davemloft.net" <davem@davemloft.net>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
"john.fastabend@gmail.com" <john.fastabend@gmail.com>,
"sd@queasysnail.net" <sd@queasysnail.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Alistair Francis <Alistair.Francis@wdc.com>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"skhan@linuxfoundation.org" <skhan@linuxfoundation.org>,
"horms@kernel.org" <horms@kernel.org>,
"edumazet@google.com" <edumazet@google.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: [RFC net-next 1/3] net/tls_sw: support randomized zero padding
Date: Tue, 17 Mar 2026 00:53:07 +0000 [thread overview]
Message-ID: <9e9f6eb89ba95e9fbb764e2807420e98b566bf37.camel@wdc.com> (raw)
In-Reply-To: <20260314073919.2f92b966@kernel.org>
On Sat, 2026-03-14 at 07:39 -0700, Jakub Kicinski wrote:
> On Fri, 13 Mar 2026 14:16:10 +0100 Sabrina Dubroca wrote:
> > 2026-03-09, 15:48:36 +1000, Wilfred Mallawa wrote:
> > > From: Wilfred Mallawa <wilfred.mallawa@wdc.com>
> > >
> > > Currently, for TLS 1.3, ktls does not support record zero padding
> > > [1].
> > > Record zero padding is used to allow the sender to hide the size
> > > of the
> > > traffic patterns from an observer. TLS is susceptible to a
> > > variety of traffic
> > > analysis attacks based on observing the length and timing of
> > > encrypted
> > > packets [2]. Upcoming Western Digital NVMe-TCP hardware
> > > controllers
> > > implement TLS 1.3. Which from a security perspective, can benefit
> > > from having
> > > record zero padding enabled to mitigate against traffic analysis
> > > attacks [2].
> > >
> > > Thus, for TX, add support to appending a randomized number of
> > > zero padding
> > > bytes to end-of-record (EOR) records that are not full. The
> > > number of zero
> >
> > I don't think this is the right behavior. I expect that a user that
> > enables zero-padding would want _every_ record they send to be
> > padded,
> > and their payload is going to be split into however many records
> > that
> > requires. This could mean that data that would just fit in a record
> > will get split into one full + one very small record.
> >
> > As it is, if I repeatedly call send with MSG_MORE to let ktls chunk
> > this for me, zero-padding has no effect. That doesn't seem right.
> >
> > Does that make sense?
>
> Or maybe you could refer to existing implementations of this feature
> in user space libs? The padding feature seems slightly nebulous,
> I wasn't aware of anyone actually using it. Maybe I should ask...
> are you actually planning to use it, or are you checking a box?
For upcoming WD hardware, we were planning on informing users to use
this feature if an extra layer of security can benefit their particular
configuration. But to answer your question, I think this falls more
into the "checking a box"...
I'm happy to drop this series if there's not much added value from
having this as an available option for users.
>
> Second question - do we also need to support zero-byte records
> (entire
> record is padding) to prevent timing attacks?
That's a good point, although it is not needed, having it could benefit
in timing attacks. As RFC8446 [1] puts it,
"This permits generation of plausibly sized cover traffic in contexts
where the presence or absence of activity may be sensitive."
I can look into that if we are going ahead with this series...
Regards,
Wilfred
[1] https://datatracker.ietf.org/doc/html/rfc8446#section-5.4
next prev parent reply other threads:[~2026-03-17 0:53 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 5:48 [RFC net-next 0/3] tls_sw: add tx record zero padding Wilfred Mallawa
2026-03-09 5:48 ` [RFC net-next 1/3] net/tls_sw: support randomized " Wilfred Mallawa
2026-03-13 13:16 ` Sabrina Dubroca
2026-03-14 14:39 ` Jakub Kicinski
2026-03-17 0:53 ` Wilfred Mallawa [this message]
2026-03-17 1:03 ` Jakub Kicinski
2026-03-17 1:21 ` Wilfred Mallawa
2026-03-17 1:30 ` Jakub Kicinski
2026-03-17 1:53 ` Wilfred Mallawa
2026-03-19 1:35 ` Alistair Francis
2026-03-17 9:19 ` Sabrina Dubroca
2026-03-17 0:20 ` Wilfred Mallawa
2026-03-09 5:48 ` [RFC net-next 2/3] net/tls: add randomized zero padding socket option Wilfred Mallawa
2026-03-09 5:48 ` [RFC net-next 3/3] selftest: tls: add tls record zero pad test Wilfred Mallawa
2026-03-13 12:13 ` [RFC net-next 0/3] tls_sw: add tx record zero padding Sabrina Dubroca
2026-03-17 0:59 ` Wilfred Mallawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9e9f6eb89ba95e9fbb764e2807420e98b566bf37.camel@wdc.com \
--to=wilfred.mallawa@wdc.com \
--cc=Alistair.Francis@wdc.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=dlemoal@kernel.org \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sd@queasysnail.net \
--cc=skhan@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox