lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <685cac7163d82_2a5da429488@willemb.c.googlers.com.notmuch>
Date: Wed, 25 Jun 2025 22:12:01 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Daniel Zahka <daniel.zahka@...il.com>, 
 Donald Hunter <donald.hunter@...il.com>, 
 Jakub Kicinski <kuba@...nel.org>, 
 "David S. Miller" <davem@...emloft.net>, 
 Eric Dumazet <edumazet@...gle.com>, 
 Paolo Abeni <pabeni@...hat.com>, 
 Simon Horman <horms@...nel.org>, 
 Jonathan Corbet <corbet@....net>, 
 Andrew Lunn <andrew+netdev@...n.ch>
Cc: Saeed Mahameed <saeedm@...dia.com>, 
 Leon Romanovsky <leon@...nel.org>, 
 Tariq Toukan <tariqt@...dia.com>, 
 Boris Pismenny <borisp@...dia.com>, 
 Kuniyuki Iwashima <kuniyu@...gle.com>, 
 Willem de Bruijn <willemb@...gle.com>, 
 David Ahern <dsahern@...nel.org>, 
 Neal Cardwell <ncardwell@...gle.com>, 
 Patrisious Haddad <phaddad@...dia.com>, 
 Raed Salem <raeds@...dia.com>, 
 Jianbo Liu <jianbol@...dia.com>, 
 Dragos Tatulea <dtatulea@...dia.com>, 
 Rahul Rameshbabu <rrameshbabu@...dia.com>, 
 Stanislav Fomichev <sdf@...ichev.me>, 
 Toke Høiland-Jørgensen <toke@...hat.com>, 
 Alexander Lobakin <aleksander.lobakin@...el.com>, 
 Jacob Keller <jacob.e.keller@...el.com>, 
 netdev@...r.kernel.org
Subject: Re: [PATCH v2 08/17] net: psp: add socket security association code

Daniel Zahka wrote:
> From: Jakub Kicinski <kuba@...nel.org>
> 
> Add the ability to install PSP Rx and Tx crypto keys on TCP
> connections. Netlink ops are provided for both operations.
> Rx side combines allocating a new Rx key and installing it
> on the socket. Theoretically these are separate actions,
> but in practice they will always be used one after the
> other. We can add distinct "alloc" and "install" ops later.
> 
> Signed-off-by: Jakub Kicinski <kuba@...nel.org>
> Signed-off-by: Daniel Zahka <daniel.zahka@...il.com>
> Co-developed-by: Daniel Zahka <daniel.zahka@...il.com>

>  /**
>   * struct psp_dev_ops - netdev driver facing PSP callbacks
>   */
> @@ -109,6 +145,28 @@ struct psp_dev_ops {
>  	 * @key_rotate: rotate the device key
>  	 */
>  	int (*key_rotate)(struct psp_dev *psd, struct netlink_ext_ack *extack);
> +
> +	/**
> +	 * @rx_spi_alloc: allocate an Rx SPI+key pair
> +	 * Allocate an Rx SPI and resulting derived key.
> +	 * This key should remain valid until key rotation.
> +	 */
> +	int (*rx_spi_alloc)(struct psp_dev *psd, u32 version,
> +			    struct psp_key_parsed *assoc,
> +			    struct netlink_ext_ack *extack);
> +
> +	/**
> +	 * @tx_key_add: add a Tx key to the device
> +	 * Install an association in the device. Core will allocate space
> +	 * for the driver to use at drv_data.
> +	 */
> +	int (*tx_key_add)(struct psp_dev *psd, struct psp_assoc *pas,
> +			  struct netlink_ext_ack *extack);
> +	/**
> +	 * @tx_key_del: remove a Tx key from the device
> +	 * Remove an association from the device.
> +	 */
> +	void (*tx_key_del)(struct psp_dev *psd, struct psp_assoc *pas);
>  };

This Tx driver API is necessary for devices that store keys in an
on-device key database.

The preferred device model for PSP is keys-in-descriptor, in line with
the protocol design goal of O(1) device state. 

In that case, can the driver leave these callbacks NULL? And, in the
driver tx datapath, access the tx key from psp_sk_assoc().

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ