* kernel tls interface with user space modification proposal
@ 2019-03-05 8:56 Vakul Garg
2019-03-21 16:46 ` Boris Pismenny
0 siblings, 1 reply; 2+ messages in thread
From: Vakul Garg @ 2019-03-05 8:56 UTC (permalink / raw)
To: netdev
Hi
The present interface of kernel tls with user space has few shortcomings.
The biggest one is that when we need to add a ciphersuite in kernel tls, then we need to define new structures for passing cryptographic parameters required by record layer.
And the user space ssl stack also has to be modified because it tries to use kernel tls only for a given set of ciphers implemented it it.
A better schema could be that if kernel tls support is compiled/enabled in user space SSL stack, it tries to use it for all record layer ciphers.
If kernel tls does not support a given cipher, then setsockopt fails and SSL stack can fallback to non-ktls mode for the session and subsequent ones using same cipher type.
This would require passing the crypto material in a generic form which is same for all cipher types.
My proposal is that at the sestsockopt interface, instead of passing discrete keys/salt/IV etc of certain lengths (which are different for each cipher), we pass the cipher type and the full keyblock (128 bytes).
Thereafter, kernel tls chops the keyblock into keys/iv/salt which are defined by the given cipher type.
(The keyblock is derived by SSL stack from master secret and then segmented in to keys/IV/salt).
This would keep the interface between ktls and user space software independent of cipher types supported by kernel tls.
Further, it is redundant to pass same TLS version, cipher type info in both Rx and Tx direction.
I propose that we define an additional setsockopt interface for passing crypto params in both directions.
This setsockopt() would be invoked by SSL stack after handshake is deemed completed to start record protocol offload in both directions.
struct tls_rec_prot_info {
unsigned short version;
unsigned short cipher_type;
unsigned char keyblock[128];
unsigned char tx_seq[8];
unsigned char rx_seq[8];
};
setsockopt(sock, SOL_TLS, TLS_INFO, &rec_prot_info, sizeof(rec_prot_info));
Kindly advise.
Regards
Vakul
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: kernel tls interface with user space modification proposal
2019-03-05 8:56 kernel tls interface with user space modification proposal Vakul Garg
@ 2019-03-21 16:46 ` Boris Pismenny
0 siblings, 0 replies; 2+ messages in thread
From: Boris Pismenny @ 2019-03-21 16:46 UTC (permalink / raw)
To: Vakul Garg, netdev, Dave Watson, John Fastabend, Daniel Borkmann,
Aviad Yehezkel
Hi Vakul,
+TLS maintainers
I suggest you send this to TLS maintainers if you want to get more
feedback, and it would be best to tag this as RFC.
On 3/5/2019 9:56 AM, Vakul Garg wrote:
> Hi
>
> The present interface of kernel tls with user space has few shortcomings.
>
> The biggest one is that when we need to add a ciphersuite in kernel tls, then we need to define new structures for passing cryptographic parameters required by record layer.
> And the user space ssl stack also has to be modified because it tries to use kernel tls only for a given set of ciphers implemented it it.
>
As all TLS versions below 1.2 are being deprecated, and with TLS1.3
supporting only 5 ciphersuites based on AES-GCM, AES-CCM and
Chacha-Poly. I think that it is safe to go forward based on the existing
model for these ciphers, while not supporting any other (older ciphers).
If we were to try and support all the available ciphers, then it might
make sense to have a generic infrastructure for this.
> A better schema could be that if kernel tls support is compiled/enabled in user space SSL stack, it tries to use it for all record layer ciphers.
> If kernel tls does not support a given cipher, then setsockopt fails and SSL stack can fallback to non-ktls mode for the session and subsequent ones using same cipher type.
> > This would require passing the crypto material in a generic form
which is same for all cipher types.
>
> My proposal is that at the sestsockopt interface, instead of passing discrete keys/salt/IV etc of certain lengths (which are different for each cipher), we pass the cipher type and the full keyblock (128 bytes).
> Thereafter, kernel tls chops the keyblock into keys/iv/salt which are defined by the given cipher type.
>
> (The keyblock is derived by SSL stack from master secret and then segmented in to keys/IV/salt).
>
Does this work for TLS1.3?
> This would keep the interface between ktls and user space software independent of cipher types supported by kernel tls.
>
> Further, it is redundant to pass same TLS version, cipher type info in both Rx and Tx direction.
>
> I propose that we define an additional setsockopt interface for passing crypto params in both directions.
Additional interfaces double the maintenance effort, and I'm not sure it
is interesting to support any of the ciphers besides the once used by
TLS1.3.
> This setsockopt() would be invoked by SSL stack after handshake is deemed completed to start record protocol offload in both directions.
>
> struct tls_rec_prot_info {
> unsigned short version;
> unsigned short cipher_type;
> unsigned char keyblock[128];
> unsigned char tx_seq[8];
> unsigned char rx_seq[8];
> };
>
> setsockopt(sock, SOL_TLS, TLS_INFO, &rec_prot_info, sizeof(rec_prot_info));
>
> Kindly advise.
>
> Regards
>
> Vakul
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-03-21 16:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-05 8:56 kernel tls interface with user space modification proposal Vakul Garg
2019-03-21 16:46 ` Boris Pismenny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).