lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 26 Jan 2023 11:02:08 -0500
From:   Chuck Lever <chuck.lever@...cle.com>
To:     kuba@...nel.org
Cc:     netdev@...r.kernel.org, hare@...e.com, dhowells@...hat.com,
        kolga@...app.com, jmeneghi@...hat.com, bcodding@...hat.com,
        jlayton@...hat.com
Subject: [PATCH v2 0/3] Another crack at a handshake upcall mechanism

Hello Jakub-

Second version of a hybrid listen/accept/netlink upcall mechanism.
This one tries to address a few more of your requests from last
year, and it introduces support for basic server-side upcalls.

These patches are the netdev piece only. The full series, which adds
client and server RPC-with-TLS implementations, can be found in the
topic-rpc-with-tls-upcall branch here:

https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git

The third patch below demonstrates how to set up handshake support
for a kernel transport security layer protocol by adding handshake
support to kTLS.

A sample user space handshake daemon is available here:

   https://github.com/oracle/ktls-utils

The "main" branch contains the latest changes that are required to
operate with the kernel patches presented in this email.

---

Changes since RFC:
- Documentation temporarily removed while code churns
- Split the handshake mechanism away from kTLS
- Added a default TLS priorities string
- Added support for ServerHello

Chuck Lever (3):
      net: Add an AF_HANDSHAKE address family
      net/handshake: Add support for PF_HANDSHAKE
      net/tls: Support AF_HANDSHAKE in kTLS


 include/linux/socket.h                        |   4 +-
 include/net/handshake.h                       |  31 +
 include/net/sock.h                            |   2 +
 include/net/tls.h                             |  16 +
 include/trace/events/handshake.h              | 328 +++++++
 include/uapi/linux/handshake.h                |  73 ++
 net/Makefile                                  |   1 +
 net/core/sock.c                               |   2 +-
 net/handshake/Makefile                        |   7 +
 net/handshake/af_handshake.c                  | 838 ++++++++++++++++++
 net/handshake/handshake.h                     |  33 +
 net/handshake/netlink.c                       | 187 ++++
 net/handshake/trace.c                         |  20 +
 net/socket.c                                  |   1 +
 net/tls/Makefile                              |   2 +-
 net/tls/tls_handshake.c                       | 385 ++++++++
 security/selinux/hooks.c                      |   4 +-
 security/selinux/include/classmap.h           |   4 +-
 .../perf/trace/beauty/include/linux/socket.h  |   4 +-
 19 files changed, 1936 insertions(+), 6 deletions(-)
 create mode 100644 include/net/handshake.h
 create mode 100644 include/trace/events/handshake.h
 create mode 100644 include/uapi/linux/handshake.h
 create mode 100644 net/handshake/Makefile
 create mode 100644 net/handshake/af_handshake.c
 create mode 100644 net/handshake/handshake.h
 create mode 100644 net/handshake/netlink.c
 create mode 100644 net/handshake/trace.c
 create mode 100644 net/tls/tls_handshake.c

--
Chuck Lever

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ