docs: tls: document TLS1.3 key updates · tjh.dev/kernel@5aa97a4

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

docs: tls: document TLS1.3 key updates

Document the kernel's behavior and userspace expectations.

Suggested-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Sabrina Dubroca and committed by

David S. Miller 1 year ago 5aa97a43 510128b3

+36

1 changed file

expand all

Documentation

networking

tls.rst

+36

Documentation/networking/tls.rst

··· 200 200 201 201 recv will never return data from mixed types of TLS records. 202 202 203 + TLS 1.3 Key Updates 204 + ------------------- 205 + 206 + In TLS 1.3, KeyUpdate handshake messages signal that the sender is 207 + updating its TX key. Any message sent after a KeyUpdate will be 208 + encrypted using the new key. The userspace library can pass the new 209 + key to the kernel using the TLS_TX and TLS_RX socket options, as for 210 + the initial keys. TLS version and cipher cannot be changed. 211 + 212 + To prevent attempting to decrypt incoming records using the wrong key, 213 + decryption will be paused when a KeyUpdate message is received by the 214 + kernel, until the new key has been provided using the TLS_RX socket 215 + option. Any read occurring after the KeyUpdate has been read and 216 + before the new key is provided will fail with EKEYEXPIRED. poll() will 217 + not report any read events from the socket until the new key is 218 + provided. There is no pausing on the transmit side. 219 + 220 + Userspace should make sure that the crypto_info provided has been set 221 + properly. In particular, the kernel will not check for key/nonce 222 + reuse. 223 + 224 + The number of successful and failed key updates is tracked in the 225 + ``TlsTxRekeyOk``, ``TlsRxRekeyOk``, ``TlsTxRekeyError``, 226 + ``TlsRxRekeyError`` statistics. The ``TlsRxRekeyReceived`` statistic 227 + counts KeyUpdate handshake messages that have been received. 228 + 203 229 Integrating in to userspace TLS library 204 230 --------------------------------------- 205 231 ··· 312 286 - ``TlsRxNoPadViolation`` - 313 287 number of data RX records which had to be re-decrypted due to 314 288 ``TLS_RX_EXPECT_NO_PAD`` mis-prediction. 289 + 290 + - ``TlsTxRekeyOk``, ``TlsRxRekeyOk`` - 291 + number of successful rekeys on existing sessions for TX and RX 292 + 293 + - ``TlsTxRekeyError``, ``TlsRxRekeyError`` - 294 + number of failed rekeys on existing sessions for TX and RX 295 + 296 + - ``TlsRxRekeyReceived`` - 297 + number of received KeyUpdate handshake messages, requiring userspace 298 + to provide a new RX key