On 8/11/21 11:29 AM, Leonard Crestez wrote:
On 8/10/21 11:41 PM, Dmitry Safonov wrote:
On Tue, 10 Aug 2021 at 02:50, Leonard Crestez <cdleonard@xxxxxxxxx>
+ /* If an old value exists for same local_id it is deleted */
+ key_info = __tcp_authopt_key_info_lookup(sk, info,
opt.local_id);
+ if (key_info)
+ tcp_authopt_key_del(sk, info, key_info);
+ key_info = sock_kmalloc(sk, sizeof(*key_info), GFP_KERNEL |
__GFP_ZERO);
+ if (!key_info)
+ return -ENOMEM;
1. You don't need sock_kmalloc() together with tcp_authopt_key_del().
It just frees the memory and allocates it back straight away - no
sense in doing that.
The list is scanned in multiple places in later commits using nothing
but an rcu_read_lock, this means that keys can't be updated in-place.
2. I think RFC says you must not allow a user to change an existing key:
MKT parameters are not changed. Instead, new MKTs can be installed,
and a connection
can change which MKT it uses.
IIUC, it means that one can't just change an existing MKT, but one can
remove and later
add MKT with the same (send_id, recv_id, src_addr/port, dst_addr/port).
So, a reasonable thing to do:
if (key_info)
return -EEXIST.
You're right, making the user delete keys explicitly is better.
On a second thought this might be required to mark keys as "send-only"
and "recv-only" atomically.
Separately from RFC5925 some vendors implement a "keychain" model based
on RFC8177 where each key has a distinct "accept-lifetime" and a
"send-lifetime". This could be implemented by adding flags
"expired_for_send" and "expired_for_recv" but requires the ability to
set an expiration mark without the key ever being deleted.
--
Regards,
Leonard
