lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1490707592-1430-6-git-send-email-aviadye@mellanox.com>
Date:   Tue, 28 Mar 2017 16:26:22 +0300
From:   Aviad Yehezkel <aviadye@...lanox.com>
To:     davem@...emloft.net, aviadye@...lanox.com, ilyal@...lanox.com,
        borisp@...lanox.com, davejwatson@...com, netdev@...r.kernel.org
Cc:     matanb@...lanox.com, liranl@...lanox.com, haggaie@...lanox.com,
        tom@...bertland.com, herbert@...dor.apana.org.au, nmav@...lts.org,
        fridolin.pokorny@...il.com, ilant@...lanox.com,
        kliteyn@...lanox.com, linux-crypto@...r.kernel.org,
        saeedm@...lanox.com, aviadye@....mellanox.co.il
Subject: [RFC TLS Offload Support 05/15] tcp: Add TLS socket options for TCP sockets

This patch adds TLS_TX and TLS_RX TCP socket options.

Setting these socket options will change the sk->sk_prot
operations of the TCP socket. The user is responsible to
prevent races between calls to the previous operations
and the new operations. After successful return, data
sent on this socket will be encapsulated in TLS.

Signed-off-by: Aviad Yehezkel <aviadye@...lanox.com>
Signed-off-by: Boris Pismenny <borisp@...lanox.com>
Signed-off-by: Ilya Lesokhin <ilyal@...lanox.com>
---
 include/uapi/linux/tcp.h |  2 ++
 net/ipv4/tcp.c           | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h
index c53de26..f9f0e29 100644
--- a/include/uapi/linux/tcp.h
+++ b/include/uapi/linux/tcp.h
@@ -116,6 +116,8 @@ enum {
 #define TCP_SAVE_SYN		27	/* Record SYN headers for new connections */
 #define TCP_SAVED_SYN		28	/* Get SYN headers recorded for connection */
 #define TCP_REPAIR_WINDOW	29	/* Get/set window parameters */
+#define TCP_TLS_TX		30
+#define TCP_TLS_RX		31
 
 struct tcp_repair_opt {
 	__u32	opt_code;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 302fee9..2d190e3 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -273,6 +273,7 @@
 #include <net/icmp.h>
 #include <net/inet_common.h>
 #include <net/tcp.h>
+#include <net/tls.h>
 #include <net/xfrm.h>
 #include <net/ip.h>
 #include <net/sock.h>
@@ -2676,6 +2677,21 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
 		tp->notsent_lowat = val;
 		sk->sk_write_space(sk);
 		break;
+	case TCP_TLS_TX:
+	case TCP_TLS_RX: {
+		int (*fn)(struct sock *sk, int optname,
+			  char __user *optval, unsigned int optlen);
+
+		fn = symbol_get(tls_sk_attach);
+		if (!fn) {
+			err = -EINVAL;
+			break;
+		}
+
+		err = fn(sk, optname, optval, optlen);
+		symbol_put(tls_sk_attach);
+		break;
+	}
 	default:
 		err = -ENOPROTOOPT;
 		break;
@@ -3064,6 +3080,22 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
 		}
 		return 0;
 	}
+	case TCP_TLS_TX:
+	case TCP_TLS_RX: {
+		int err;
+		int (*fn)(struct sock *sk, int optname,
+			  char __user *optval, int __user *optlen);
+
+		fn = symbol_get(tls_sk_query);
+		if (!fn) {
+			err = -EINVAL;
+			break;
+		}
+
+		err = fn(sk, optname, optval, optlen);
+		symbol_put(tls_sk_query);
+		return err;
+	}
 	default:
 		return -ENOPROTOOPT;
 	}
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ