• Tuong Lien's avatar
    tipc: add automatic session key exchange · 1ef6f7c9
    Tuong Lien authored
    With support from the master key option in the previous commit, it
    becomes easy to make frequent updates/exchanges of session keys between
    authenticated cluster nodes.
    Basically, there are two situations where the key exchange will take in
    place:
    
    - When a new node joins the cluster (with the master key), it will need
      to get its peer's TX key, so that be able to decrypt further messages
      from that peer.
    
    - When a new session key is generated (by either user manual setting or
      later automatic rekeying feature), the key will be distributed to all
      peer nodes in the cluster.
    
    A key to be exchanged is encapsulated in the data part of a 'MSG_CRYPTO
    /KEY_DISTR_MSG' TIPC v2 message, then xmit-ed as usual and encrypted by
    using the master key before sending out. Upon receipt of the message it
    will be decrypted in the same way as regular messages, then attached as
    the sender's RX key in the receiver node.
    
    In this way, the key exchange is reliable by the link layer, as well as
    security, integrity and authenticity by the crypto layer.
    
    Also, the forward security will be easily achieved by user changing the
    master key actively but this should not be required very frequently.
    
    The key exchange feature is independent on the presence of a master key
    Note however that the master key still is needed for new nodes to be
    able to join the cluster. It is also optional, and can be turned off/on
    via the sysfs: 'net/tipc/key_exchange_enabled' [default 1: enabled].
    
    Backward compatibility is guaranteed because for nodes that do not have
    master key support, key exchange using master key ie. tx_key = 0 if any
    will be shortly discarded at the message validation step. In other
    words, the key exchange feature will be automatically disabled to those
    nodes.
    
    v2: fix the "implicit declaration of function 'tipc_crypto_key_flush'"
    error in node.c. The function only exists when built with the TIPC
    "CONFIG_TIPC_CRYPTO" option.
    
    v3: use 'info->extack' for a message emitted due to netlink operations
    instead (- David's comment).
    Reported-by: default avatarkernel test robot <lkp@intel.com>
    Acked-by: default avatarJon Maloy <jmaloy@redhat.com>
    Signed-off-by: default avatarTuong Lien <tuong.t.lien@dektech.com.au>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    1ef6f7c9
crypto.c 62.4 KB