lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <686c6f073133f_266852946c@willemb.c.googlers.com.notmuch>
Date: Mon, 07 Jul 2025 21:06:15 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Jakub Kicinski <kuba@...nel.org>, 
 Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc: Daniel Zahka <daniel.zahka@...il.com>, 
 Donald Hunter <donald.hunter@...il.com>, 
 "David S. Miller" <davem@...emloft.net>, 
 Eric Dumazet <edumazet@...gle.com>, 
 Paolo Abeni <pabeni@...hat.com>, 
 Simon Horman <horms@...nel.org>, 
 Jonathan Corbet <corbet@....net>, 
 Andrew Lunn <andrew+netdev@...n.ch>, 
 Saeed Mahameed <saeedm@...dia.com>, 
 Leon Romanovsky <leon@...nel.org>, 
 Tariq Toukan <tariqt@...dia.com>, 
 Boris Pismenny <borisp@...dia.com>, 
 Kuniyuki Iwashima <kuniyu@...gle.com>, 
 Willem de Bruijn <willemb@...gle.com>, 
 David Ahern <dsahern@...nel.org>, 
 Neal Cardwell <ncardwell@...gle.com>, 
 Patrisious Haddad <phaddad@...dia.com>, 
 Raed Salem <raeds@...dia.com>, 
 Jianbo Liu <jianbol@...dia.com>, 
 Dragos Tatulea <dtatulea@...dia.com>, 
 Rahul Rameshbabu <rrameshbabu@...dia.com>, 
 Stanislav Fomichev <sdf@...ichev.me>, 
 Toke Høiland-Jørgensen <toke@...hat.com>, 
 Alexander Lobakin <aleksander.lobakin@...el.com>, 
 Jacob Keller <jacob.e.keller@...el.com>, 
 netdev@...r.kernel.org
Subject: Re: [PATCH v3 10/19] psp: track generations of device key

Jakub Kicinski wrote:
> On Sun, 06 Jul 2025 12:56:37 -0400 Willem de Bruijn wrote:
> > > There is a (somewhat theoretical in absence of multi-host support)
> > > possibility that another entity will rotate the key and we won't
> > > know. This may lead to accepting packets with matching SPI but
> > > which used different crypto keys than we expected.   
> > 
> > The device would not have decrypted those? As it only has two keys,
> > one for each MSB of the SPI.
> > 
> > Except for a narrow window during rotation, where a key for generation
> > N is decrypted and queued to the host, then a rotation happens, so that
> > the host updates its valid keys to { N+1, N+2 }. These will now get
> > dropped. That is not strictly necessary.
> 
> Yes, it's optional to avoid any races.

Ok. I think on respin the commit can be revised a bit to make
clearer that it is an optional good, no packets will
accidentally be accepted with matching SPI but wrong key.

> > > Maintain and compare "key generation" per PSP spec.  
> > 
> > Where does the spec state this?
> > 
> > I know this generation bit is present in the Google PSP
> > implementation, I'm just right now drawing a blank as to its exact
> > purpose -- and whether the above explanation matches that.
> 
> I think this:
> 
>   Cryptography and key management status:
>    ● Key generation (a counter incremented each time a master key
>      rotation occurs), when master keys are managed on the NIC.

Ack. I saw that too. Unfortunately it has explanation why it's there.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ