On 08/02/18 05:23 PM, Vakul Garg wrote:
> > I agree that Boris' patch does what you say it does - it sets keys
> > immediately
> > after CCS instead of after FINISHED message. I disagree that the kernel tls
> > implementation currently requires that specific ordering, nor do I think
> > that it
> > should require that ordering.
>
> The current kernel implementation assumes record sequence number to start
> from '0'.
> If keys have to be set after FINISHED message, then record sequence number
> need to
> be communicated from user space TLS stack to kernel. IIRC, sequence number is
> not
> part of the interface through which key is transferred.
The setsockopt call struct takes the key, iv, salt, and seqno:
struct tls12_crypto_info_aes_gcm_128 {
struct tls_crypto_info info;
unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
};
