| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251003043140.1341958-1-alistair.francis@wdc.com> Date: Fri, 3 Oct 2025 14:31:31 +1000 From: alistair23@...il.com To: chuck.lever@...cle.com, hare@...nel.org, kernel-tls-handshake@...ts.linux.dev, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org, linux-nvme@...ts.infradead.org, linux-nfs@...r.kernel.org Cc: kbusch@...nel.org, axboe@...nel.dk, hch@....de, sagi@...mberg.me, kch@...dia.com, hare@...e.de, alistair23@...il.com, Alistair Francis <alistair.francis@....com> Subject: [PATCH v3 0/8] nvme-tcp: Support receiving KeyUpdate requests From: Alistair Francis <alistair.francis@....com> The TLS 1.3 specification allows the TLS client or server to send a KeyUpdate. This is generally used when the sequence is about to overflow or after a certain amount of bytes have been encrypted. The TLS spec doesn't mandate the conditions though, so a KeyUpdate can be sent by the TLS client or server at any time. This includes when running NVMe-OF over a TLS 1.3 connection. As such Linux should be able to handle a KeyUpdate event, as the other NVMe side could initiate a KeyUpdate. Upcoming WD NVMe-TCP hardware controllers implement TLS support and send KeyUpdate requests. This series builds on top of the existing TLS EKEYEXPIRED work, which already detects a KeyUpdate request. We can now pass that information up to the NVMe layer (target and host) and then pass it up to userspace. Userspace (ktls-utils) will need to save the connection state in the keyring during the initial handshake. The kernel then provides the key serial back to userspace when handling a KeyUpdate. Userspace can use this to restore the connection information and then update the keys, this final process is similar to the initial handshake. This series depends on the recvmsg() kernel patch: https://lore.kernel.org/linux-nvme/2cbe1350-0bf5-4487-be33-1d317cb73acf@suse.de/T/#mf56283228ae6c93e37dfbf1c0f6263910217cd80 ktls-utils (tlshd) userspace patches are available at: https://lore.kernel.org/kernel-tls-handshake/CAKmqyKNpFhPtM8HAkgRMKQA8_N7AgoeqaSTe2=0spPnb+Oz2ng@mail.gmail.com/T/#mb277f5c998282666d0f41cc02f4abf516fcc4e9c Link: https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.3 Based-on: 2cbe1350-0bf5-4487-be33-1d317cb73acf@...e.de v3: - Rebase on the recvmsg() workflow patch - Add debugfs support for the host - Don't cancel an ongoing request - Ensure a request is destructed on completion v2: - Change "key-serial" to "session-id" - Fix reported build failures - Drop tls_clear_err() function - Stop keep alive timer during KeyUpdate - Drop handshake message decoding in the NVMe layer Alistair Francis (8): net/handshake: Store the key serial number on completion net/handshake: Define handshake_sk_destruct_req net/handshake: Ensure the request is destructed on completion nvmet: Expose nvmet_stop_keep_alive_timer publically net/handshake: Support KeyUpdate message types nvme-tcp: Support KeyUpdate nvmet-tcp: Support KeyUpdate nvme-tcp: Allow userspace to trigger a KeyUpdate with debugfs Documentation/netlink/specs/handshake.yaml | 20 ++- Documentation/networking/tls-handshake.rst | 6 +- drivers/nvme/host/tcp.c | 147 +++++++++++++++++++-- drivers/nvme/target/core.c | 1 + drivers/nvme/target/tcp.c | 104 +++++++++++++-- include/net/handshake.h | 14 +- include/uapi/linux/handshake.h | 14 ++ net/handshake/genl.c | 5 +- net/handshake/request.c | 18 +++ net/handshake/tlshd.c | 47 ++++++- net/sunrpc/svcsock.c | 4 +- net/sunrpc/xprtsock.c | 4 +- 12 files changed, 349 insertions(+), 35 deletions(-) -- 2.51.0
Powered by blists - more mailing lists