lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 25 Jan 2023 15:41:31 -0500
From:   Chuck Lever <chuck.lever@...cle.com>
To:     kuba@...nel.org
Cc:     netdev@...r.kernel.org, hare@...e.com, dhowells@...hat.com,
        bcodding@...hat.com, kolga@...app.com, jmeneghi@...hat.com
Subject: [PATCH v2 0/3] Another crack at a handshake upcall mechanism

An update to a potential upcall mechanism to handle transport layer
security handshakes for kernel consumers. The third patch below
demonstrates how to extend this mechanism to support a new security
protocol.

The full patch set to support SunRPC with TLSv1.3 is available in
the topic-rpc-with-tls-upcall branch here, against v6.1.8:

   https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git

A sample user space handshake daemon is available here:

   https://github.com/oracle/ktls-utils

---

Changes since RFC:
- Generic upcall support split away from kTLS
- Added support for TLS ServerHello
- Documentation has been temporarily removed while API churns

Chuck Lever (3):
      net: Add an AF_HANDSHAKE address family
      net/handshake: Add support for PF_HANDSHAKE
      net/tls: Support AF_HANDSHAKE in kTLS


 include/linux/socket.h                        |   4 +-
 include/net/handshake.h                       |  31 +
 include/net/sock.h                            |   2 +
 include/net/tls.h                             |  16 +
 include/trace/events/handshake.h              | 328 +++++++
 include/uapi/linux/handshake.h                |  73 ++
 net/Makefile                                  |   1 +
 net/core/sock.c                               |   2 +-
 net/handshake/Makefile                        |   7 +
 net/handshake/af_handshake.c                  | 831 ++++++++++++++++++
 net/handshake/handshake.h                     |  33 +
 net/handshake/netlink.c                       | 187 ++++
 net/handshake/trace.c                         |  20 +
 net/socket.c                                  |   1 +
 net/tls/Makefile                              |   2 +-
 net/tls/tls_handshake.c                       | 385 ++++++++
 security/selinux/hooks.c                      |   4 +-
 security/selinux/include/classmap.h           |   4 +-
 .../perf/trace/beauty/include/linux/socket.h  |   4 +-
 19 files changed, 1929 insertions(+), 6 deletions(-)
 create mode 100644 include/net/handshake.h
 create mode 100644 include/trace/events/handshake.h
 create mode 100644 include/uapi/linux/handshake.h
 create mode 100644 net/handshake/Makefile
 create mode 100644 net/handshake/af_handshake.c
 create mode 100644 net/handshake/handshake.h
 create mode 100644 net/handshake/netlink.c
 create mode 100644 net/handshake/trace.c
 create mode 100644 net/tls/tls_handshake.c

--
Chuck Lever

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ