| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <167474840929.5189.15539668431467077918.stgit@91.116.238.104.host.secureserver.net>
Date: Thu, 26 Jan 2023 11:02:08 -0500
From: Chuck Lever <chuck.lever@...cle.com>
To: kuba@...nel.org
Cc: netdev@...r.kernel.org, hare@...e.com, dhowells@...hat.com,
kolga@...app.com, jmeneghi@...hat.com, bcodding@...hat.com,
jlayton@...hat.com
Subject: [PATCH v2 0/3] Another crack at a handshake upcall mechanism
Hello Jakub-
Second version of a hybrid listen/accept/netlink upcall mechanism.
This one tries to address a few more of your requests from last
year, and it introduces support for basic server-side upcalls.
These patches are the netdev piece only. The full series, which adds
client and server RPC-with-TLS implementations, can be found in the
topic-rpc-with-tls-upcall branch here:
https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git
The third patch below demonstrates how to set up handshake support
for a kernel transport security layer protocol by adding handshake
support to kTLS.
A sample user space handshake daemon is available here:
https://github.com/oracle/ktls-utils
The "main" branch contains the latest changes that are required to
operate with the kernel patches presented in this email.
---
Changes since RFC:
- Documentation temporarily removed while code churns
- Split the handshake mechanism away from kTLS
- Added a default TLS priorities string
- Added support for ServerHello
Chuck Lever (3):
net: Add an AF_HANDSHAKE address family
net/handshake: Add support for PF_HANDSHAKE
net/tls: Support AF_HANDSHAKE in kTLS
include/linux/socket.h | 4 +-
include/net/handshake.h | 31 +
include/net/sock.h | 2 +
include/net/tls.h | 16 +
include/trace/events/handshake.h | 328 +++++++
include/uapi/linux/handshake.h | 73 ++
net/Makefile | 1 +
net/core/sock.c | 2 +-
net/handshake/Makefile | 7 +
net/handshake/af_handshake.c | 838 ++++++++++++++++++
net/handshake/handshake.h | 33 +
net/handshake/netlink.c | 187 ++++
net/handshake/trace.c | 20 +
net/socket.c | 1 +
net/tls/Makefile | 2 +-
net/tls/tls_handshake.c | 385 ++++++++
security/selinux/hooks.c | 4 +-
security/selinux/include/classmap.h | 4 +-
.../perf/trace/beauty/include/linux/socket.h | 4 +-
19 files changed, 1936 insertions(+), 6 deletions(-)
create mode 100644 include/net/handshake.h
create mode 100644 include/trace/events/handshake.h
create mode 100644 include/uapi/linux/handshake.h
create mode 100644 net/handshake/Makefile
create mode 100644 net/handshake/af_handshake.c
create mode 100644 net/handshake/handshake.h
create mode 100644 net/handshake/netlink.c
create mode 100644 net/handshake/trace.c
create mode 100644 net/tls/tls_handshake.c
--
Chuck Lever
Powered by blists - more mailing lists