Scribd
Upload
16 views59 pages

Linux TLS

The document discusses the integration of Transport Layer Security (TLS) within the Linux Kernel, focusing on its architecture, supported algorithms, and cryptographic operations. It also highlights vulnerabilities identified in the TLS implementation, including specific CVEs. The content is structured to provide an overview of TLS's functionality in the kernel, detailing how encryption and decryption of packets occur over TCP connections.

Uploaded by

Елена О
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views59 pages

Linux TLS

The document discusses the integration of Transport Layer Security (TLS) within the Linux Kernel, focusing on its architecture, supported algorithms, and cryptographic operations. It also highlights vulnerabilities identified in the TLS implementation, including specific CVEs. The content is structured to provide an overview of TLS's functionality in the kernel, detailing how encryption and decryption of packets occur over TCP connections.

Uploaded by

Елена О
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 59

Linux Kernel Network Security -

Transport Layer Security (TLS)


Deep Hacking

2025/01/19 Pumpkin 🎃

1
Outline

• Overview
• Vulnerability

2
Overview

3
Overview

4
https://blog.salrashid.dev/articles/2022/kernel_tls/
Overview

tcp_prot
IPPROTO_TCP Protocol
(struct proto)

inet_stream_ops
SOCK_STREAM Type
(struct proto_ops)

inet_family_ops
AF_INET Family
(struct net_proto_family)

5
Overview

TLS ULP (Upper Level Protocol)

tcp_prot
IPPROTO_TCP Protocol
(struct proto)

inet_stream_ops
SOCK_STREAM Type
(struct proto_ops)

inet_family_ops
AF_INET Family
(struct net_proto_family)

6
Overview

TLS ULP (Upper Level Protocol)

tls_prots
tcp_prot
IPPROTO_TCP Protocol
(struct proto)

inet_stream_ops
tls_proto_ops
SOCK_STREAM Type
(struct proto_ops)

inet_family_ops
AF_INET Family
(struct net_proto_family)

7
sk_proto tcp_prot

tx_lock

sk

struct tls_context
(ULP) tls_prots [TLS_NUM_PROTS] [TLS_NUM_CONFIG] [TLS_NUM_CONFIG]

icsk->icsk_ulp_data TX RX
TLS_BASE TLS_BASE
sk_prot
IPv4
sk_socket
X TLS_SW X TLS_SW
struct sock
(Protocol) IPv6
TLS_HW TLS_HW

sk

ops tls_proto_ops [TLS_NUM_PROTS] [TLS_NUM_CONFIG] [TLS_NUM_CONFIG]

struct socket
(Type)
8
Overview
cipher type AES_GCM_128
TLS vers. TLS_1_2
struct KEY 0123…DEF
tls_sw_context_tx IV 12345678
SALT SALT
… …

struct tls_context
cipher type …
TLS vers. …
KEY …
struct
IV …
tls_sw_context_rx
SALT …
… …

9
Overview

10
Overview

Send packets
Encrypt packets
on TCP

TLS socket

Receive packets
Decrypt packets
on TCP

11
Overview

Send packets
Encrypt packets
on TCP

TLS socket

Receive packets
Decrypt packets
on TCP

12
Overview

• Supported TLS algorithms


• gcm(aes)
• ccm(aes)
• gcm(sm4)
• …

13
Overview

• Supported TLS algorithms


• gcm(aes)
• ccm(aes)
• gcm(sm4)
• … Template name

14
Overview

• Supported TLS algorithms


• gcm(aes)
• ccm(aes)
• gcm(sm4)
• … Cipher name

15
Overview

• Algorithm
• Implementation of a speci c cryptographic operation, such as AES,
SHA-256, or HMAC

• Template
• Constructing more complex cryptographic transformations by combining or
layering simpler algorithms

16
fi
Overview

• Instance
• Instantiation of a cryptographic template, where speci c algorithms and
parameters have been con gured

• Spawn
• Create a linkage or dependency between cryptographic instances and
algorithms

17
fi
fi
Built-in Created

Algorithm aes md5 sha256 … ctr(aes) gcm(aes)

Template ctr ecb cbc …

A created algorithm is a part of instance


ctr templ gcm templ
Instance instance instance

Spawn
Built-in Created

Algorithm aes md5 sha256 … ctr(aes) gcm(aes)

Template ctr ecb cbc …

A
ctr templ gcm templ
Instance instance instance

Spawn the instance if a dependency exists



inst.alg
(struct aead_alg)
inst.alg.base
(struct crypto_alg)

cra_name[ ] “gcm(aes)”

cra_driver_name[ ] “gcm_base(ctr(aes-
generic),ghash-generic)”
cra_list

instances
cra_ ags

crypto_gcm_tmpls
(struct crypto_template)
list

aead_crypto_instance(inst) struct aead_instance crypto_alg_list


(struct crypto_instance) (struct list_head)

20
fl
Overview

• For example, if we con gure “gcm(aes)” as the crypto algorithm of TX…

21
fi
Thread-A Thread-B

Find “gcm(aes)”

aes

md5

Global variable

22
Thread-A Thread-B
Not found

Find “gcm(aes)”

aes

md5

Global variable

23
Thread-A Thread-B

Find “gcm(aes)”

aes

md5 Setup probe

Global variable

24
Thread-A Thread-B

Find “gcm(aes)”

aes

md5 Setup probe

Dispatch probing

Global variable

25
Thread-A Thread-B

Find “gcm(aes)”

aes

md5 Setup probe


1. Template name = “gcm”
2. Cipher name = “aes” “cryptomgr_probe”

Dispatch probing Find template


seqiv
Global variable
gcm

26 Global variable
Thread-A Thread-B

Find “gcm(aes)”

aes

md5 Setup probe


1. Template name = “gcm”
2. Cipher name = “aes” “cryptomgr_probe”
gcm(aes)
Dispatch probing Find template
seqiv
Global variable
gcm

Create & initialize …


instance

27 Global variable
Overview

1 packet

Send packets
Encrypt packets
on TCP

TLS socket

28
Overview

2 packets

Send packets
Encrypt packets
on TCP

TLS socket Send packets


Encrypt packets
on TCP

29
Overview

N packets

Send packets
Encrypt packets
on TCP

TLS socket Send packets


Encrypt packets
on TCP

Send packets
Encrypt packets
on TCP

30
Overview

CR
YP
TO
_A
LG
_AS
YN
C

31
Overview

N packets (asynchronous mode)

Send packets
Encrypt packets
on TCP

TLS socket Send packets


Encrypt packets
on TCP

Send packets
Encrypt packets
on TCP

32
Overview
Vendor speci c drivers

33
fi
Overview

• Cryptd
• Enabled when the CONFIG_CRYPTO_CRYPTD compile option is set
• A crypto daemon which converts an arbitrary synchronous crypto algorithm
into an asynchronous algorithm that runs in a kthread

34
Overview

• Cryptd
• Enabled when the CONFIG_CRYPTO_CRYPTD compile option is set
• A crypto daemon which converts an arbitrary synchronous crypto algorithm
into an asynchronous algorithm that runs in a kthread

• Used as a template

35
Thread-A Thread-B

Find “cryptd(XXX)”

aes

md5 Setup probe


1. Template name = “cryptd”
2. Cipher name = “XXX” “cryptomgr_probe”

Dispatch probing Find template


seqiv
Global variable
gcm

Create & initialize …


instance

cryptd

36 Global variable
Thread-A Thread-B

Find “cryptd(XXX)”

aes

md5 Setup probe


1. Template name = “cryptd”
2. Cipher name = “XXX” “cryptomgr_probe”

Dispatch probing Find template


seqiv
Global variable
gcm

Create & initialize …


instance

cryptd

37 Global variable
Thread-A Thread-B

Find “cryptd(XXX)”

aes

md5 Setup probe


1. Template name = “cryptd”
2. Cipher name = “XXX” “cryptomgr_probe”
cryptd(XXX)
Dispatch probing Find template
seqiv
Global variable
gcm

Create & initialize …


instance

cryptd
Same as the original algorithm (XXX in here) but with asynchronous mode enabled

38 Global variable
Overview

• But how?

39
Overview

• AF_ALG
• Interface to kernel crypto API
• Algorithm probing with user-provided algorithm name

40
Thread-B
Thread-A
(cryptd_queue_worker)

Encrypt a packet

Pending queue

41
Thread-B
Thread-A
(cryptd_queue_worker)

Encrypt a packet

Encqueue request
(Cryptd)

Pending queue

42
Thread-B
Thread-A
(cryptd_queue_worker)

Encrypt a packet

Encqueue request
(Cryptd)

Wakeup worker !!

Pending queue

43
Thread-B
Thread-A
(cryptd_queue_worker)

Encrypt a packet

Encqueue request
(Cryptd)

Wakeup worker Dequeue request

Return

Pending queue

44
Thread-B
Thread-A
(cryptd_queue_worker)

Encrypt a packet

Encqueue request
(Cryptd)

Wakeup worker Dequeue request

Return Handle request

Pending queue

45
Vulnerability

46
Vulnerability

CVE-2024-26800

CVE-2024-26582
CVE-2024-26584
CVE-2024-26585
CVE-2024-26583

47
Vulnerability

CVE-2024-26800

CVE-2024-26582
CVE-2024-26584
CVE-2024-26585
CVE-2024-26583

48
Vulnerability
CVE-2024-26583

49
Thread-B
Thread-A
(cryptd_queue_worker)

Dispatch packet Dequeue request

Waiting Handle request

50
Thread-B
Thread-A
(cryptd_queue_worker)

Dispatch packet Dequeue request

Waiting Handle request

notify
Finish

51
Thread-B
Thread-A
(cryptd_queue_worker)

Dispatch packet Dequeue request

Waiting Handle request

Continue Finish

Exit

52
Thread-B
Thread-A
(cryptd_queue_worker)

Dispatch packet Dequeue request

Waiting Handle request

wait_for_completion()
Continue complete()
Finish

Exit

53
Thread-B
Thread-A
(cryptd_queue_worker)

Dispatch packet Dequeue request

Waiting Handle request

Continue Finish

Timer or something

Exit

54
Thread-B
Thread-A
(cryptd_queue_worker)

Dispatch packet Dequeue request

Waiting Handle request

Continue Finish

Timer or something

Exit

55
Thread-B
Thread-A
(cryptd_queue_worker)

Dispatch packet Dequeue request

Waiting Handle request

Continue Finish

Timer or something

Exit Exit

Free TX/RX context …

56
Thread-B
Thread-A
(cryptd_queue_worker)

Dispatch packet Dequeue request

Waiting Handle request

Continue Finish

Timer or something

Exit Exit

57
Thread-B
Thread-A
(cryptd_queue_worker)

Dispatch packet Dequeue request

Waiting Handle request

Continue Finish

Exit Exit

58
Thread-B
Thread-A
(cryptd_queue_worker)

Dispatch packet Dequeue request

Waiting Handle request

Continue Finish

Exit Exit

UAF when accessing TX/RX context object

59

You might also like