| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <9916d6a35c659d639f6f52488ceea227a523ab63.1691584074.git.sd@queasysnail.net> Date: Wed, 9 Aug 2023 14:58:53 +0200 From: Sabrina Dubroca <sd@...asysnail.net> To: netdev@...r.kernel.org Cc: Sabrina Dubroca <sd@...asysnail.net>, Vadim Fedorenko <vfedorenko@...ek.ru>, Frantisek Krenzelok <fkrenzel@...hat.com>, Jakub Kicinski <kuba@...nel.org>, Kuniyuki Iwashima <kuniyu@...zon.com>, Apoorv Kothari <apoorvko@...zon.com>, Boris Pismenny <borisp@...dia.com>, John Fastabend <john.fastabend@...il.com>, Shuah Khan <shuah@...nel.org>, linux-kselftest@...r.kernel.org, Gal Pressman <gal@...dia.com>, Marcel Holtmann <marcel@...tmann.org>, Jonathan Corbet <corbet@....net>, linux-doc@...r.kernel.org Subject: [PATCH net-next v3 4/6] docs: tls: document TLS1.3 key updates v3: added following Jakub's comment Signed-off-by: Sabrina Dubroca <sd@...asysnail.net> --- Documentation/networking/tls.rst | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/Documentation/networking/tls.rst b/Documentation/networking/tls.rst index 658ed3a71e1b..ea6a22eafe2b 100644 --- a/Documentation/networking/tls.rst +++ b/Documentation/networking/tls.rst @@ -200,6 +200,27 @@ received without a cmsg buffer set. recv will never return data from mixed types of TLS records. +TLS 1.3 Key Updates +------------------- + +In TLS 1.3, KeyUpdate handshake messages signal that the sender is +updating its TX key. Any message sent after a KeyUpdate will be +encrypted using the new key. The userspace library can pass the new +key to the kernel using the TLS_TX and TLS_RX socket options, as for +the initial keys. TLS version and cipher cannot be changed. + +To prevent attempting to decrypt incoming records using the wrong key, +decryption will be paused when a KeyUpdate message is received by the +kernel, until the new key has been provided using the TLS_RX socket +option. Any read occurring after the KeyUpdate has been read and +before the new key is provided will fail with EKEYEXPIRED. Poll()'ing +the socket will also sleep until the new key is provided. There is no +pausing on the transmit side. + +Userspace should make sure that the crypto_info provided has been set +properly. In particular, the kernel will not check for key/nonce +reuse. + Integrating in to userspace TLS library --------------------------------------- -- 2.40.1
Powered by blists - more mailing lists