tls: rx: add sockopt for enabling optimistic decrypt with TLS 1.3 (88527790) · Commits · EulixOS / Software / Kernel

Documentation/networking/tls.rst

+18 −0

Original line number	Diff line number	Diff line
		@@ -239,6 +239,19 @@ for the original TCP transmission and TCP retransmissions. To the receiver
		this will look like TLS records had been tampered with and will result
		in record authentication failures.

		TLS_RX_EXPECT_NO_PAD
		~~~~~~~~~~~~~~~~~~~~

		TLS 1.3 only. Expect the sender to not pad records. This allows the data
		to be decrypted directly into user space buffers with TLS 1.3.

		This optimization is safe to enable only if the remote end is trusted,
		otherwise it is an attack vector to doubling the TLS processing cost.

		If the record decrypted turns out to had been padded or is not a data
		record it will be decrypted again into a kernel buffer without zero copy.
		Such events are counted in the ``TlsDecryptRetry`` statistic.

		Statistics
		==========

		@@ -264,3 +277,8 @@ TLS implementation exposes the following per-namespace statistics

		- ``TlsDeviceRxResync`` -
		number of RX resyncs sent to NICs handling cryptography

		- ``TlsDecryptRetry`` -
		number of RX records which had to be re-decrypted due to
		``TLS_RX_EXPECT_NO_PAD`` mis-prediction. Note that this counter will
		also increment for non-data records.

+8 −0

Original line number	Diff line number	Diff line
		@@ -102,4 +102,12 @@ static inline long strncpy_from_sockptr(char *dst, sockptr_t src, size_t count)
		return strncpy_from_user(dst, src.user, count);
		}

		static inline int check_zeroed_sockptr(sockptr_t src, size_t offset,
		size_t size)
		{
		if (!sockptr_is_kernel(src))
		return check_zeroed_user(src.user + offset, size);
		return memchr_inv(src.kernel + offset, 0, size) == NULL;
		}

		#endif /* _LINUX_SOCKPTR_H */

+3 −0

Original line number	Diff line number	Diff line
		@@ -149,6 +149,7 @@ struct tls_sw_context_rx {

		struct sk_buff *recv_pkt;
		u8 async_capable:1;
		u8 zc_capable:1;
		atomic_t decrypt_pending;
		/* protect crypto_wait with decrypt_pending*/
		spinlock_t decrypt_compl_lock;
		@@ -239,6 +240,7 @@ struct tls_context {
		u8 tx_conf:3;
		u8 rx_conf:3;
		u8 zerocopy_sendfile:1;
		u8 rx_no_pad:1;

		int (push_pending_record)(struct sock sk, int flags);
		void (sk_write_space)(struct sock sk);
		@@ -358,6 +360,7 @@ int tls_sk_attach(struct sock sk, int optname, char __user optval,
		void tls_err_abort(struct sock *sk, int err);

		int tls_set_sw_offload(struct sock sk, struct tls_context ctx, int tx);
		void tls_update_rx_zc_capable(struct tls_context *tls_ctx);
		void tls_sw_strparser_arm(struct sock sk, struct tls_context ctx);
		void tls_sw_strparser_done(struct tls_context *tls_ctx);
		int tls_sw_sendmsg(struct sock sk, struct msghdr msg, size_t size);

+1 −0

Original line number	Diff line number	Diff line
		@@ -344,6 +344,7 @@ enum
		LINUX_MIB_TLSRXDEVICE, /* TlsRxDevice */
		LINUX_MIB_TLSDECRYPTERROR, /* TlsDecryptError */
		LINUX_MIB_TLSRXDEVICERESYNC, /* TlsRxDeviceResync */
		LINUX_MIN_TLSDECRYPTRETRY, /* TlsDecryptRetry */
		__LINUX_MIB_TLSMAX
		};

+2 −0

Original line number	Diff line number	Diff line
		@@ -40,6 +40,7 @@
		#define TLS_TX 1 /* Set transmit parameters */
		#define TLS_RX 2 /* Set receive parameters */
		#define TLS_TX_ZEROCOPY_RO 3 /* TX zerocopy (only sendfile now) */
		#define TLS_RX_EXPECT_NO_PAD 4 /* Attempt opportunistic zero-copy */

		/* Supported versions */
		#define TLS_VERSION_MINOR(ver) ((ver) & 0xFF)
		@@ -162,6 +163,7 @@ enum {
		TLS_INFO_TXCONF,
		TLS_INFO_RXCONF,
		TLS_INFO_ZC_RO_TX,
		TLS_INFO_RX_NO_PAD,
		__TLS_INFO_MAX,
		};
		#define TLS_INFO_MAX (__TLS_INFO_MAX - 1)