On Wed, Aug 09, 2023 at 02:58:52PM +0200, Sabrina Dubroca wrote:
> This adds the possibility to change the key and IV when using
> TLS1.3. Changing the cipher or TLS version is not supported.
>
> Once we have updated the RX key, we can unblock the receive side. If
> the rekey fails, the context is unmodified and userspace is free to
> retry the update or close the socket.
>
> This change only affects tls_sw, since 1.3 offload isn't supported.
>
> v2:
> - reverse xmas tree
> - turn the alt_crypto_info into an else if
> - don't modify the context when rekey fails
>
> v3:
> - only call tls_sw_strparser_arm when setting the initial RX key, not
> on rekeys
> - update tls_sk_poll to not say the socket is readable when we're
> waiting for a rekey, and wake up poll() when the new key is installed
> - use unsafe_memcpy to make FORTIFY_SOURCE happy
>
> Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
...
> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
...
> @@ -2873,14 +2911,24 @@ int tls_set_sw_offload(struct sock *sk, int tx)
>
> ctx->push_pending_record = tls_sw_push_pending_record;
>
> + /* setkey is the last operation that could fail during a
> + * rekey. if it succeeds, we can start modifying the
> + * context.
> + */
> rc = crypto_aead_setkey(*aead, key, keysize);
> + if (rc) {
> + if (new_crypto_info)
> + goto out;
> + else
> + goto free_aead;
> + }
>
> - if (rc)
> - goto free_aead;
> -
> - rc = crypto_aead_setauthsize(*aead, prot->tag_size);
> - if (rc)
> - goto free_aead;
> + if (!new_crypto_info) {
> + rc = crypto_aead_setauthsize(*aead, prot->tag_size);
> + if (rc) {
> + goto free_aead;
> + }
nit: no need for {} here.
> + }
>
> if (sw_ctx_rx) {
> tfm = crypto_aead_tfm(sw_ctx_rx->aead_recv);
...
