Received: by 2002:a05:6a10:8a4d:0:0:0:0 with SMTP id dn13csp177850pxb; Thu, 12 Aug 2021 13:42:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzSq0w+onxaqDFlU4Nl7qQc+FF7k0cGW4BPZ7XctG7g8NQqTyjfOerjXaIUfymKBckXKgnt X-Received: by 2002:a17:906:9747:: with SMTP id o7mr5332993ejy.486.1628800966879; Thu, 12 Aug 2021 13:42:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628800966; cv=none; d=google.com; s=arc-20160816; b=rbgQU4DTsmEz6LPf0n1uw59Rdh67hVVLhS0N9vE6MppjyAomrqJdQrwWFBiYN3qPsQ hBbIXn5GdMEkb6cNn/dNmiyuWcIzKkogE7u2RYxyeagffVGU28ibbkaoaQ1ArtRfw4ZL F7YHPLcMgUYmn2I2W4Zpt5TQ/AzK+PrARxgmC9kYvkn8156focRwqY4jxV54IE9jzSjc tuSZbR0Lj5SIzqMrKekSzJh5CVU1pBYqy61iQggz3tEh8Evqvu58QJq4PTOMAaZM3P5f bngnyhAIaz8mbqBaIkRssuyDHIfKUoXXyNQCsjjAklUH/AzkTz4o5P+E7lRYXG3Zghhh fi5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:from:subject:dkim-signature; bh=6XdIleat91/MzDpJVOaU1YmXdU4k0zkjMEY+D2f+xKw=; b=ET5RG7wKfYzJsL4ucWAU5Xa6S4qIha4gxKAZOn+Q1eD/e9XI5xOXH7+FpZ4D1+HPlX D0MoXWpraCAbkphQniEHX3nUGC8ZnEaQzU4lyqtSguAnwgjBkck5IKCqwoQtnk/5IM4Z p0x/3DfHkSdEJEcNx/h2eTOXl8DxzcYJsYfdSJCVVyfat35rKQ9J+84a9gqf/2AmgP1N YfMi0w6D2l4RHbDwfOnmDCP5ewnZPoILuwSUiXO55c2Hb4bDpmE2fmF5TUbmCizjhzqC innxddJte52Ist7RCxhvi1wMJgcztckyl0KgMN8ScHyP33/zNFDJjxRuyaDNpmoo2VrH TH9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=dahg+GkW; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r26si3677012edw.396.2021.08.12.13.42.22; Thu, 12 Aug 2021 13:42:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=dahg+GkW; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235277AbhHLTrT (ORCPT + 99 others); Thu, 12 Aug 2021 15:47:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37418 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235552AbhHLTrS (ORCPT ); Thu, 12 Aug 2021 15:47:18 -0400 Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 50888C061756; Thu, 12 Aug 2021 12:46:52 -0700 (PDT) Received: by mail-ej1-x632.google.com with SMTP id o23so13757381ejc.3; Thu, 12 Aug 2021 12:46:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=6XdIleat91/MzDpJVOaU1YmXdU4k0zkjMEY+D2f+xKw=; b=dahg+GkWwhEV28eqPZ3i2PFQsLbWgFaJdtqZjD2IGS0L+hxOi48mD6O8LrKZ4fveXk P0olEAvOB8dyDFW5cQ//s5ei9wn/SATCD9RP3/bmnjI/4YnBnjV4jkKuoBHVg7iX4ghw lbdkP2JUVT2P4FanbFg7f8oeySrP1jJ5gC+D9N34z4l7350VvZWn018q1s5bdHYm3WkD v5AqJwYVJKsK8IWjZmhScMQJAOd7zQQLeo2ZwDy9dG/87bvflKNO8V3dlcObb7Dv89er lqHlKBkiQoqijhT0RLs17rDrCqsWsIYT8vM1hAa5FuaLKHfHbjRIENer+4qTPTrYv92J /8Jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=6XdIleat91/MzDpJVOaU1YmXdU4k0zkjMEY+D2f+xKw=; b=diSFbtlfg+4y8lynNCXrhHLhoSNrqMqPHYoSPLomaxJ/BUZ1A/Z8Y1G+i7ck3KSkqj CofE7o4Zc32hrJAmRO3W4n1nggr4dFR7OepBGZLkan3dKteDWIIANHWXsGm8fzATeKx6 YRyfmWUQ9Efyf5hAnXoAEB/pR/RkMD6zkm8MpB/8TiHsCp2h30EfyxO76trJ8x+zvrHE 5BbG0zGzEASIicnt1OkbhZeCjR1PhVedn2ih8PnQ++I0s+ZzPII1+tPeXYqnIJvnO5Ku s2lpFLhl69OOBMTHTQ1TvF5kBEN4/Ve+XVMTycE+wyP+fH++zLqkPCTloGk0lfKR3do9 9x7g== X-Gm-Message-State: AOAM532nP0ynfaqPj8MbX9qqCo+bgLyE0Bg8zsKQPWasZCXhLLY0DBGH 6H+cABXgJL2E2MZdPe8ulqQ= X-Received: by 2002:a17:907:9602:: with SMTP id gb2mr5335995ejc.119.1628797610905; Thu, 12 Aug 2021 12:46:50 -0700 (PDT) Received: from ?IPv6:2a04:241e:502:1d80:f865:21f3:80af:d6db? ([2a04:241e:502:1d80:f865:21f3:80af:d6db]) by smtp.gmail.com with ESMTPSA id b11sm1174848eja.104.2021.08.12.12.46.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 12 Aug 2021 12:46:50 -0700 (PDT) Subject: Re: [RFCv2 1/9] tcp: authopt: Initial support and key management From: Leonard Crestez To: Dmitry Safonov <0x7f454c46@gmail.com> Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , David Ahern , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , open list , linux-crypto@vger.kernel.org, Network Development , Dmitry Safonov References: <67c1471683200188b96a3f712dd2e8def7978462.1628544649.git.cdleonard@gmail.com> <1e2848fb-1538-94aa-0431-636fa314a36d@gmail.com> Message-ID: <785d945e-c0d2-fee5-39d8-99dc06a074f1@gmail.com> Date: Thu, 12 Aug 2021 22:46:48 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <1e2848fb-1538-94aa-0431-636fa314a36d@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 8/11/21 11:29 AM, Leonard Crestez wrote: > On 8/10/21 11:41 PM, Dmitry Safonov wrote: >> On Tue, 10 Aug 2021 at 02:50, Leonard Crestez >>> +       /* If an old value exists for same local_id it is deleted */ >>> +       key_info = __tcp_authopt_key_info_lookup(sk, info, >>> opt.local_id); >>> +       if (key_info) >>> +               tcp_authopt_key_del(sk, info, key_info); >>> +       key_info = sock_kmalloc(sk, sizeof(*key_info), GFP_KERNEL | >>> __GFP_ZERO); >>> +       if (!key_info) >>> +               return -ENOMEM; >> >> 1. You don't need sock_kmalloc() together with tcp_authopt_key_del(). >>      It just frees the memory and allocates it back straight away - no >> sense in doing that. > > The list is scanned in multiple places in later commits using nothing > but an rcu_read_lock, this means that keys can't be updated in-place. > >> 2. I think RFC says you must not allow a user to change an existing key: >>> MKT parameters are not changed. Instead, new MKTs can be installed, >>> and a connection >>> can change which MKT it uses. >> >> IIUC, it means that one can't just change an existing MKT, but one can >> remove and later >> add MKT with the same (send_id, recv_id, src_addr/port, dst_addr/port). >> >> So, a reasonable thing to do: >> if (key_info) >>      return -EEXIST. > > You're right, making the user delete keys explicitly is better. On a second thought this might be required to mark keys as "send-only" and "recv-only" atomically. Separately from RFC5925 some vendors implement a "keychain" model based on RFC8177 where each key has a distinct "accept-lifetime" and a "send-lifetime". This could be implemented by adding flags "expired_for_send" and "expired_for_recv" but requires the ability to set an expiration mark without the key ever being deleted. -- Regards, Leonard