Rust in-kernel TLS handshake

Rust in-kernel TLS handshake

[FUJITA Tomonori]

Hi,

I've started in-kernel TLS handshake implementation in Rust.
https://github.com/fujita/rust-tls

There is some debate over in-kernel TLS handshake mainly because of
the complexity. I'd like to see if Rust could help with auditing such
complicated security-relevant code in the kernel.

I worked on QUIC as a consumer of TLS. This can establish a QUIC connection
with Quinn's example client, Rust QUIC implementation. Only minimum
server side functionality and connection establishment are supported.

From the perspective of Rust-for-Linux, the main work is implementing
APIs for crypto subsystem. Also libraries such as working with buffers
(like Tokio's bytes) would be helpful, I think (should be useful for
other projects). I'll work for mainline. Meanwhile you can compile
this kernel module
with my fork.

Opinions?

Resend due to a delivery issue. Sorry if you got this twice.

Re: Rust in-kernel TLS handshake

[Alex Gaynor]

Very cool! I'm excited to see demos like this!

There's many reasons to be leery of complexity in the kernel, but
security vulnerabilities due to memory unsafety is definitely a big
one, so I think you're completely correct that Rust can significantly
change the equation on that risk.

On Tue, Dec 27, 2022 at 8:49 PM FUJITA Tomonori
<fujita.tomonori@gmail.com> wrote:
>
> Hi,
>
> I've started in-kernel TLS handshake implementation in Rust.
> https://github.com/fujita/rust-tls
>
> There is some debate over in-kernel TLS handshake mainly because of
> the complexity. I'd like to see if Rust could help with auditing such
> complicated security-relevant code in the kernel.
>
> I worked on QUIC as a consumer of TLS. This can establish a QUIC connection
> with Quinn's example client, Rust QUIC implementation. Only minimum
> server side functionality and connection establishment are supported.
>
> From the perspective of Rust-for-Linux, the main work is implementing
> APIs for crypto subsystem. Also libraries such as working with buffers
> (like Tokio's bytes) would be helpful, I think (should be useful for
> other projects). I'll work for mainline. Meanwhile you can compile
> this kernel module
> with my fork.
>

I think a Rust API for the crypto subsystem would be great, I'd be
happy to help review patches for that.

When you say Tokio's bytes, what parts of it are you interested -- the
lifetime management (e.g. refcounting), or the APIs that are useful
for handling network protocols (e.g. put_u16)?

> Opinions?
>
> Resend due to a delivery issue. Sorry if you got this twice.

Cheers,
Alex

-- 
All that is necessary for evil to succeed is for good people to do nothing.

Re: Rust in-kernel TLS handshake

[FUJITA Tomonori]

Hi,
Thanks for the comments!

On Wed, Dec 28, 2022 at 10:50 PM Alex Gaynor <alex.gaynor@gmail.com> wrote:

> There's many reasons to be leery of complexity in the kernel, but
> security vulnerabilities due to memory unsafety is definitely a big
> one, so I think you're completely correct that Rust can significantly
> change the equation on that risk.

Surely, I'll work on it to see how things work.

> > I worked on QUIC as a consumer of TLS. This can establish a QUIC connection
> > with Quinn's example client, Rust QUIC implementation. Only minimum
> > server side functionality and connection establishment are supported.
> >
> > From the perspective of Rust-for-Linux, the main work is implementing
> > APIs for crypto subsystem. Also libraries such as working with buffers
> > (like Tokio's bytes) would be helpful, I think (should be useful for
> > other projects). I'll work for mainline. Meanwhile you can compile
> > this kernel module
> > with my fork.
> >
>
> I think a Rust API for the crypto subsystem would be great, I'd be
> happy to help review patches for that.

Thanks, I'll try.

> When you say Tokio's bytes, what parts of it are you interested -- the
> lifetime management (e.g. refcounting), or the APIs that are useful
> for handling network protocols (e.g. put_u16)?

Probably, both.
For now I use something simple like the latter for playing with TLS
and QUIC messages.
I guess that a Rust API for the crypto might need the former; passing
buffers to the crypto subsystem via scatterlist.

Re: Rust in-kernel TLS handshake

[Vincenzo Palazzo]

This sounds pretty exciting, and I think to play with it a little 
the bit will help to see what the future looks like, also this 
seems a really good use case of rust in the Kernel.     

Let me know if there is a need for help, I had some free time in  
the next coming months.                                                                                                                                                                        
Cheers!
                                                                                                                                                                                               
Vincent.

On Wed Dec 28, 2022 at 2:33 AM CET, FUJITA Tomonori wrote:
> Hi,
>
> I've started in-kernel TLS handshake implementation in Rust.
> https://github.com/fujita/rust-tls
>
> There is some debate over in-kernel TLS handshake mainly because of
> the complexity. I'd like to see if Rust could help with auditing such
> complicated security-relevant code in the kernel.
>
> I worked on QUIC as a consumer of TLS. This can establish a QUIC connection
> with Quinn's example client, Rust QUIC implementation. Only minimum
> server side functionality and connection establishment are supported.
>
> From the perspective of Rust-for-Linux, the main work is implementing
> APIs for crypto subsystem. Also libraries such as working with buffers
> (like Tokio's bytes) would be helpful, I think (should be useful for
> other projects). I'll work for mainline. Meanwhile you can compile
> this kernel module
> with my fork.
>
> Opinions?
>
> Resend due to a delivery issue. Sorry if you got this twice.