[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <165030051838.5073.8699008789153780301.stgit@oracle-102.nfsv4.dev>
Date: Mon, 18 Apr 2022 12:49:22 -0400
From: Chuck Lever <chuck.lever@...cle.com>
To: netdev@...r.kernel.org, linux-nfs@...r.kernel.org,
linux-nvme@...ts.infradead.org, linux-cifs@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Cc: ak@...pesta-tech.com, borisp@...dia.com, simo@...hat.com
Subject: [PATCH RFC 0/5] Implement a TLS handshake upcall
There are a few upper-layer (storage) protocols that want to have a
full TLS implementation available in the Linux kernel.
The Linux kernel currently has an implementation of the TLS record
protocol, known as kTLS. However it does not have a complete TLS
implementation because it has no implementation of the TLS handshake
protocol. In-kernel storage protocols need both to use TLS properly.
In the long run, our preference is to have a TLS handshake
implementation in the kernel. However, it appears that would take a
long time and there is some desire to avoid adding to the Linux
kernel's "attack surface" without good reasons. So in the meantime
we've created a prototype handshake implementation that calls out to
user space where the actual handshake can be done by an existing
library implementation of TLS.
The prototype serves several purposes, including:
- Proof of concept: can a handshake upcall actually be implemented?
- Scaffold to enable prototyping upper-layer protocol support for TLS:
Is there any demand for in-kernel TLS?
- Performance impact of always-on encryption with both software and
hardware kTLS
- Understanding what features, if any, an upcall handshake cannot
provide
The prototype currently supports client-side PSK and anonymous
x.509 ClientHello. We would like some feedback on the approach
before proceeding with ServerHello and mutual x.509 authentication.
User agent: https://github.com/oracle/ktls-utils
Who will use this implementation?
--------------------------------
This series implements only the upcall. I plan to post a second
series that shows how it can be used to implement the RPC-with-TlS
standard: https://datatracker.ietf.org/doc/draft-ietf-nfsv4-rpc-tls/
https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git topic-rpc-with-tls
Dr. Hannes Reinecke has a series that implements NVMe-TLS here:
https://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel.git tls-upcall.v4
We are also working with a few developers in the CIFS community
who are interested in SMB-over-QUIC. QUICv1 (RFC 9000) uses the
TLSv1.3 handshake protocol, and we hope they can leverage this
prototype capability when QUIC comes to the Linux kernel.
---
Chuck Lever (4):
net: Add distinct sk_psock field
net/tls: Add an AF_TLSH address family
net/tls: Add support for PF_TLSH (a TLS handshake listener)
net/tls: Add observability for AF_TLSH sockets
Hannes Reinecke (1):
tls: build proto after context has been initialized
.../networking/tls-in-kernel-handshake.rst | 103 ++
include/linux/skmsg.h | 2 +-
include/linux/socket.h | 5 +-
include/net/sock.h | 7 +-
include/net/tls.h | 15 +
include/net/tlsh.h | 22 +
include/uapi/linux/tls.h | 16 +
net/core/skmsg.c | 6 +-
net/core/sock.c | 4 +-
net/socket.c | 1 +
net/tls/Makefile | 2 +-
net/tls/af_tlsh.c | 1078 +++++++++++++++++
net/tls/tls_main.c | 13 +-
net/tls/trace.c | 3 +
net/tls/trace.h | 355 ++++++
security/selinux/hooks.c | 4 +-
security/selinux/include/classmap.h | 4 +-
.../perf/trace/beauty/include/linux/socket.h | 4 +-
18 files changed, 1631 insertions(+), 13 deletions(-)
create mode 100644 Documentation/networking/tls-in-kernel-handshake.rst
create mode 100644 include/net/tlsh.h
create mode 100644 net/tls/af_tlsh.c
--
Chuck Lever
Powered by blists - more mailing lists