tls: block decryption when a rekey is pending

When a TLS handshake record carrying a KeyUpdate message is received, all subsequent records will be encrypted with a new key. We need to stop decrypting incoming records with the old key, and wait until userspace provides a new key. Make a note of this in the RX context just after decrypting that record, and stop recvmsg/splice calls with EKEYEXPIRED until the new key is available. key_update_pending can't be combined with the existing bitfield, because we will read it locklessly in ->poll. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Sabrina Dubroca <sd@queasysnail.net> 2024-12-12 16:36:04 +0100
committer: David S. Miller <davem@davemloft.net> 2024-12-16 12:47:29 +0000
commit: 0471b1093e3a5d702ba2bf5987c35ee0e2336855 (patch)
tree: a4b7b39ebd281e81bccc51a0cd3f455fb94133d9 /include
parent: 92c932b9946c1e082406aa0515916adb3e662e24 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/tls.h b/include/net/tls.h
index 61fef2880114..857340338b69 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -59,6 +59,8 @@ struct tls_rec;
 
 #define TLS_CRYPTO_INFO_READY(info)	((info)->cipher_type)
 
+#define TLS_HANDSHAKE_KEYUPDATE		24	/* rfc8446 B.3: Key update */
+
 #define TLS_AAD_SPACE_SIZE		13
 
 #define TLS_MAX_IV_SIZE			16
@@ -130,6 +132,7 @@ struct tls_sw_context_rx {
 	u8 async_capable:1;
 	u8 zc_capable:1;
 	u8 reader_contended:1;
+	bool key_update_pending;
 
 	struct tls_strparser strp;
author	Sabrina Dubroca <sd@queasysnail.net>	2024-12-12 16:36:04 +0100
committer	David S. Miller <davem@davemloft.net>	2024-12-16 12:47:29 +0000
commit	0471b1093e3a5d702ba2bf5987c35ee0e2336855 (patch)
tree	a4b7b39ebd281e81bccc51a0cd3f455fb94133d9 /include
parent	92c932b9946c1e082406aa0515916adb3e662e24 (diff)