lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <cover.1692977948.git.sd@queasysnail.net>
Date: Fri, 25 Aug 2023 23:35:05 +0200
From: Sabrina Dubroca <sd@...asysnail.net>
To: netdev@...r.kernel.org
Cc: borisp@...dia.com,
	john.fastabend@...il.com,
	kuba@...nel.org,
	Sabrina Dubroca <sd@...asysnail.net>
Subject: [PATCH net-next 00/17] tls: expand tls_cipher_size_desc to simplify getsockopt/setsockopt

Commit 2d2c5ea24243 ("net/tls: Describe ciphers sizes by const
structs") introduced tls_cipher_size_desc to describe the size of the
fields of the per-cipher crypto_info structs, and commit ea7a9d88ba21
("net/tls: Use cipher sizes structs") used it, but only in
tls_device.c and tls_device_fallback.c, and skipped converting similar
code in tls_main.c and tls_sw.c.

This series expands tls_cipher_size_desc (renamed to tls_cipher_desc
to better fit this expansion) to fully describe a cipher:
 - offset of the fields within the per-cipher crypto_info
 - size of the full struct (for copies to/from userspace)
 - offload flag
 - algorithm name used by SW crypto

With these additions, we can remove ~350L of
     switch (crypto_info->cipher_type) { ... }
from tls_set_device_offload, tls_sw_fallback_init,
do_tls_getsockopt_conf, do_tls_setsockopt_conf, tls_set_sw_offload
(mainly do_tls_getsockopt_conf and tls_set_sw_offload).

This series also adds the ARIA ciphers to the tls selftests, and some
more getsockopt/setsockopt tests to cover more of the code changed by
this series.

Sabrina Dubroca (17):
  selftests: tls: add test variants for aria-gcm
  selftests: tls: add getsockopt test
  selftests: tls: test some invalid inputs for setsockopt
  tls: move tls_cipher_size_desc to net/tls/tls.h
  tls: add TLS_CIPHER_ARIA_GCM_* to tls_cipher_size_desc
  tls: reduce size of tls_cipher_size_desc
  tls: rename tls_cipher_size_desc to tls_cipher_desc
  tls: extend tls_cipher_desc to fully describe the ciphers
  tls: validate cipher descriptions at compile time
  tls: expand use of tls_cipher_desc in tls_set_device_offload
  tls: allocate the fallback aead after checking that the cipher is
    valid
  tls: expand use of tls_cipher_desc in tls_sw_fallback_init
  tls: get crypto_info size from tls_cipher_desc in
    do_tls_setsockopt_conf
  tls: use tls_cipher_desc to simplify do_tls_getsockopt_conf
  tls: use tls_cipher_desc to get per-cipher sizes in tls_set_sw_offload
  tls: use tls_cipher_desc to access per-cipher crypto_info in
    tls_set_sw_offload
  tls: get cipher_name from cipher_desc in tls_set_sw_offload

 include/net/tls.h                  |  10 --
 net/tls/tls.h                      |  53 ++++++
 net/tls/tls_device.c               |  52 ++----
 net/tls/tls_device_fallback.c      |  62 +++----
 net/tls/tls_main.c                 | 272 ++++++++---------------------
 net/tls/tls_sw.c                   | 179 +++----------------
 tools/testing/selftests/net/config |   1 +
 tools/testing/selftests/net/tls.c  |  84 +++++++++
 8 files changed, 278 insertions(+), 435 deletions(-)

-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ