lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 1 Apr 2018 15:57:50 +0300
From:   Boris Pismenny <borisp@...lanox.com>
To:     David Miller <davem@...emloft.net>, atul.gupta@...lsio.com
Cc:     herbert@...dor.apana.org.au, davejwatson@...com,
        sd@...asysnail.net, sbrivio@...hat.com,
        linux-crypto@...r.kernel.org, netdev@...r.kernel.org,
        werner@...lsio.com, leedom@...lsio.com,
        swise@...ngridcomputing.com, indranil@...lsio.com,
        ganeshgr@...lsio.com
Subject: Re: [PATCH v15 net-next 00/12] Chelsio Inline TLS

Hi,

On 4/1/2018 6:37 AM, David Miller wrote:
> From: Atul Gupta <atul.gupta@...lsio.com>
> Date: Sat, 31 Mar 2018 21:41:51 +0530
> 
>> Series for Chelsio Inline TLS driver (chtls)
> 
> Series applied, thank you.
> 

Sorry for being late to the party, could you please help answer a few 
questions to help me understand better.

1. What happens if someone attempts to set a TCP socket option for a 
socket whose TCP stack resides in the TCP offload engine(TOE)? Do you 
emulate all Linux socket options? What about IP socket options?

If I follow the code correctly, then the original TCP/IP setsockopt is 
called. But, it doesn't change any of the parameters of the TCP/IP 
offload engine in hardware.

2. I can't find where is the TLS record sequence number pushed to 
hardware. Is that on purpose?

FYI, ignoring this parameter might cause a record sequence number reuse 
which breaks the integrity of the AES-GCM TLS ciphersuite.

3. How does a TOE handle Tx only or Rx only?

4. What happens when there is a routing change that redirects traffic to 
a different netdev? Is there a software fallback?

5. The TLS socket option is set in the middle of a TCP connection. What 
happens to the existing TCP connection and the data that is currently 
queued in the TCP write queue?

Thanks,
Boris.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ