| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Aug 2021 22:46:48 +0300
From: Leonard Crestez <cdleonard@...il.com>
To: Dmitry Safonov <0x7f454c46@...il.com>
Cc: Eric Dumazet <edumazet@...gle.com>,
"David S. Miller" <davem@...emloft.net>,
Herbert Xu <herbert@...dor.apana.org.au>,
Kuniyuki Iwashima <kuniyu@...zon.co.jp>,
David Ahern <dsahern@...nel.org>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
Jakub Kicinski <kuba@...nel.org>,
Yuchung Cheng <ycheng@...gle.com>,
Francesco Ruggeri <fruggeri@...sta.com>,
Mat Martineau <mathew.j.martineau@...ux.intel.com>,
Christoph Paasch <cpaasch@...le.com>,
Ivan Delalande <colona@...sta.com>,
Priyaranjan Jha <priyarjha@...gle.com>,
Menglong Dong <dong.menglong@....com.cn>,
open list <linux-kernel@...r.kernel.org>,
linux-crypto@...r.kernel.org,
Network Development <netdev@...r.kernel.org>,
Dmitry Safonov <dima@...sta.com>
Subject: Re: [RFCv2 1/9] tcp: authopt: Initial support and key management
On 8/11/21 11:29 AM, Leonard Crestez wrote:
> On 8/10/21 11:41 PM, Dmitry Safonov wrote:
>> On Tue, 10 Aug 2021 at 02:50, Leonard Crestez <cdleonard@...il.com>
>>> + /* If an old value exists for same local_id it is deleted */
>>> + key_info = __tcp_authopt_key_info_lookup(sk, info,
>>> opt.local_id);
>>> + if (key_info)
>>> + tcp_authopt_key_del(sk, info, key_info);
>>> + key_info = sock_kmalloc(sk, sizeof(*key_info), GFP_KERNEL |
>>> __GFP_ZERO);
>>> + if (!key_info)
>>> + return -ENOMEM;
>>
>> 1. You don't need sock_kmalloc() together with tcp_authopt_key_del().
>> It just frees the memory and allocates it back straight away - no
>> sense in doing that.
>
> The list is scanned in multiple places in later commits using nothing
> but an rcu_read_lock, this means that keys can't be updated in-place.
>
>> 2. I think RFC says you must not allow a user to change an existing key:
>>> MKT parameters are not changed. Instead, new MKTs can be installed,
>>> and a connection
>>> can change which MKT it uses.
>>
>> IIUC, it means that one can't just change an existing MKT, but one can
>> remove and later
>> add MKT with the same (send_id, recv_id, src_addr/port, dst_addr/port).
>>
>> So, a reasonable thing to do:
>> if (key_info)
>> return -EEXIST.
>
> You're right, making the user delete keys explicitly is better.
On a second thought this might be required to mark keys as "send-only"
and "recv-only" atomically.
Separately from RFC5925 some vendors implement a "keychain" model based
on RFC8177 where each key has a distinct "accept-lifetime" and a
"send-lifetime". This could be implemented by adding flags
"expired_for_send" and "expired_for_recv" but requires the ability to
set an expiration mark without the key ever being deleted.
--
Regards,
Leonard
Powered by blists - more mailing lists