Re: [RFCv2 1/9] tcp: authopt: Initial support and key management

From: Leonard Crestez
Date: Thu Aug 12 2021 - 15:46:57 EST


On 8/11/21 11:29 AM, Leonard Crestez wrote:
On 8/10/21 11:41 PM, Dmitry Safonov wrote:
On Tue, 10 Aug 2021 at 02:50, Leonard Crestez <cdleonard@xxxxxxxxx>
+       /* If an old value exists for same local_id it is deleted */
+       key_info = __tcp_authopt_key_info_lookup(sk, info, opt.local_id);
+       if (key_info)
+               tcp_authopt_key_del(sk, info, key_info);
+       key_info = sock_kmalloc(sk, sizeof(*key_info), GFP_KERNEL | __GFP_ZERO);
+       if (!key_info)
+               return -ENOMEM;

1. You don't need sock_kmalloc() together with tcp_authopt_key_del().
     It just frees the memory and allocates it back straight away - no
sense in doing that.

The list is scanned in multiple places in later commits using nothing but an rcu_read_lock, this means that keys can't be updated in-place.

2. I think RFC says you must not allow a user to change an existing key:
MKT parameters are not changed. Instead, new MKTs can be installed, and a connection
can change which MKT it uses.

IIUC, it means that one can't just change an existing MKT, but one can
remove and later
add MKT with the same (send_id, recv_id, src_addr/port, dst_addr/port).

So, a reasonable thing to do:
if (key_info)
     return -EEXIST.

You're right, making the user delete keys explicitly is better.

On a second thought this might be required to mark keys as "send-only" and "recv-only" atomically.

Separately from RFC5925 some vendors implement a "keychain" model based on RFC8177 where each key has a distinct "accept-lifetime" and a "send-lifetime". This could be implemented by adding flags "expired_for_send" and "expired_for_recv" but requires the ability to set an expiration mark without the key ever being deleted.

--
Regards,
Leonard