| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180803154632.GA34510@macbook-pro-81.local.dhcp.thefacebook.com>
Date: Fri, 3 Aug 2018 08:46:32 -0700
From: Dave Watson <davejwatson@...com>
To: Vakul Garg <vakul.garg@....com>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Peter Doliwa <peter.doliwa@....com>,
Boris Pismenny <borisp@...lanox.com>
Subject: Re: Security enhancement proposal for kernel TLS
On 08/02/18 05:23 PM, Vakul Garg wrote:
> > I agree that Boris' patch does what you say it does - it sets keys immediately
> > after CCS instead of after FINISHED message. I disagree that the kernel tls
> > implementation currently requires that specific ordering, nor do I think that it
> > should require that ordering.
>
> The current kernel implementation assumes record sequence number to start from '0'.
> If keys have to be set after FINISHED message, then record sequence number need to
> be communicated from user space TLS stack to kernel. IIRC, sequence number is not
> part of the interface through which key is transferred.
The setsockopt call struct takes the key, iv, salt, and seqno:
struct tls12_crypto_info_aes_gcm_128 {
struct tls_crypto_info info;
unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
};
Powered by blists - more mailing lists