Re: [PATCH net-next v11 12/15] quic: add crypto packet encryption and decryption

public inbox for quic@lists.linux.dev 
 help / color / mirror / Atom feed

From: Xin Long <lucien.xin@gmail.com>
To: network dev <netdev@vger.kernel.org>, quic@lists.linux.dev
Cc: davem@davemloft.net, kuba@kernel.org,
	Eric Dumazet <edumazet@google.com>,
	 Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
	 Stefan Metzmacher <metze@samba.org>,
	Moritz Buhl <mbuhl@openbsd.org>,
	Tyler Fanelli <tfanelli@redhat.com>,
	 Pengtao He <hepengtao@xiaomi.com>,
	Thomas Dreibholz <dreibh@simula.no>,
	linux-cifs@vger.kernel.org,  Steve French <smfrench@gmail.com>,
	Namjae Jeon <linkinjeon@kernel.org>,
	 Paulo Alcantara <pc@manguebit.com>, Tom Talpey <tom@talpey.com>,
	kernel-tls-handshake@lists.linux.dev,
	 Chuck Lever <chuck.lever@oracle.com>,
	Jeff Layton <jlayton@kernel.org>,
	 Steve Dickson <steved@redhat.com>,
	Hannes Reinecke <hare@suse.de>,
	Alexander Aring <aahringo@redhat.com>,
	 David Howells <dhowells@redhat.com>,
	Matthieu Baerts <matttbe@kernel.org>,
	 John Ericson <mail@johnericson.me>,
	Cong Wang <xiyou.wangcong@gmail.com>,
	 "D . Wythe" <alibuda@linux.alibaba.com>,
	Jason Baron <jbaron@akamai.com>,
	 illiliti <illiliti@protonmail.com>,
	Sabrina Dubroca <sd@queasysnail.net>,
	 Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
	Daniel Stenberg <daniel@haxx.se>,
	 Andy Gospodarek <andrew.gospodarek@broadcom.com>,
	 "Marc E . Fiuczynski" <marc@fiuczynski.com>
Subject: Re: [PATCH net-next v11 12/15] quic: add crypto packet encryption and decryption
Date: Thu, 26 Mar 2026 11:10:25 -0400	[thread overview]
Message-ID: <CADvbK_d+oVgMNWQ3fT_Rz9WGkU6i6m+Z=3J34_-QiCjEABoCpg@mail.gmail.com> (raw)
In-Reply-To: <d86910330339da257534ad93db71949176961522.1774410440.git.lucien.xin@gmail.com>

On Tue, Mar 24, 2026 at 11:49 PM Xin Long <lucien.xin@gmail.com> wrote:
>
> This patch adds core support for packet-level encryption and decryption
> using AEAD, including both payload protection and QUIC header protection.
> It introduces helpers to encrypt packets before transmission and to
> remove header protection and decrypt payloads upon reception, in line
> with QUIC's cryptographic requirements.
>
> - quic_crypto_encrypt(): Perform header protection and payload
>   encryption (TX).
>
> - quic_crypto_decrypt(): Perform header protection removal and
>   payload decryption (RX).
>
> The patch also includes support for Retry token handling. It provides
> helpers to compute the Retry integrity tag, generate tokens for address
> validation, and verify tokens received from clients during the
> handshake phase.
>
> - quic_crypto_get_retry_tag(): Compute tag for Retry packets.
>
> - quic_crypto_generate_token(): Generate retry token.
>
> - quic_crypto_verify_token(): Verify retry token.
>
> These additions establish the cryptographic primitives necessary for
> secure QUIC packet exchange and address validation.
>
> Signed-off-by: Xin Long <lucien.xin@gmail.com>
> ---
> v3:
>   - quic_crypto_decrypt(): return -EKEYREVOKED to defer key updates to
>     the workqueue when the packet is not marked backlog, since
>     quic_crypto_key_update()/crypto_aead_setkey() must run in process
>     context.
>   - Only perform header decryption if !cb->number_len to avoid double
>     decryption when a key-update packet (with flipped key_phase)
>     re-enters quic_crypto_decrypt() from the workqueue.
> v4:
>   - skb_dst_force() is already called in in quic_udp_rcv() on recv path,
>     so remove its call from quic_crypto_payload_decrypt(), which may be
>     called without RCU protection.
>   - Remove the incorrect (void *) cast to quic_crypto_done.
> v5:
>   - Use skb_cb->crypto_ctx for async crypto context freeing, which is
>     safer than using skb_shinfo(skb)->destructor_arg.
>   - skb_cb->number_max is removed and number is reused as the largest
>     previously seen and update quic_crypto_get_header() accordingly.
>   - Change timestamp variables from u32 to u64 and use quic_ktime_get_us()
>     for current timestamps, as jiffies_to_usecs() is not accurate enough.
> v6:
>   - Rename quic_crypto_get_header() to quic_crypto_get_number(), move
>     key_phase parsing out of it, check cb->length when parsing packet
>     number, and update all callers.
>   - Use hdr->pnl + 1 instead of (*p & QUIC_PN_LEN_BITS_MASK) + 1 to get
>     packet number length, and remove the unnecessary the len variable
>     and QUIC_PN_LEN_BITS_MASK macro from quic_crypto_header_decrypt().
> v8:
>   - Move skb_cow_data() from quic_crypto_payload_decrypt() to
>     quic_crypto_header_decrypt(), as header decryption also writes to
>     the skb and is invoked earlier than payload decryption on RX path.
> v10:
>   - Fix double period at end of the comment for quic_crypto_encrypt().
> v11:
>   - Note for AI review: call quic_crypto_aead_mem_alloc() after
>     skb_cow_data() as it uses the return value for nsg. If the allocation
>     fails, skb is dropped, so no rollback of prior skb modifications is
>     needed.
The AI report on

  https://netdev-ai.bots.linux.dev/ai-review.html?id=1624d906-c0b6-4e12-a63f-5cbfc51b660e#patch-11

is already explained by this "Note for AI review", not an issue.

next prev parent reply	other threads:[~2026-03-26 15:10 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-25  3:47 [PATCH net-next v11 00/15] net: introduce QUIC infrastructure and core subcomponents Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 01/15] net: define IPPROTO_QUIC and SOL_QUIC constants Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 02/15] net: build socket infrastructure for QUIC protocol Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 03/15] quic: provide common utilities and data structures Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 04/15] quic: provide family ops for address and protocol Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 05/15] quic: provide quic.h header files for kernel and userspace Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 06/15] quic: add stream management Xin Long
2026-03-26 15:06   ` Xin Long
2026-03-26 20:07     ` Jakub Kicinski
2026-03-26 21:48       ` Xin Long
2026-03-27  1:00         ` Jakub Kicinski
2026-03-25  3:47 ` [PATCH net-next v11 07/15] quic: add connection id management Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 08/15] quic: add path management Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 09/15] quic: add congestion control Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 10/15] quic: add packet number space Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 11/15] quic: add crypto key derivation and installation Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 12/15] quic: add crypto packet encryption and decryption Xin Long
2026-03-26 15:10   ` Xin Long [this message]
2026-03-25  3:47 ` [PATCH net-next v11 13/15] quic: add timer management Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 14/15] quic: add packet builder base Xin Long
2026-03-25  3:47 ` [PATCH net-next v11 15/15] quic: add packet parser base Xin Long

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CADvbK_d+oVgMNWQ3fT_Rz9WGkU6i6m+Z=3J34_-QiCjEABoCpg@mail.gmail.com' \
    --to=lucien.xin@gmail.com \
    --cc=aahringo@redhat.com \
    --cc=alibuda@linux.alibaba.com \
    --cc=andrew.gospodarek@broadcom.com \
    --cc=chuck.lever@oracle.com \
    --cc=daniel@haxx.se \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=dreibh@simula.no \
    --cc=edumazet@google.com \
    --cc=hare@suse.de \
    --cc=hepengtao@xiaomi.com \
    --cc=horms@kernel.org \
    --cc=illiliti@protonmail.com \
    --cc=jbaron@akamai.com \
    --cc=jlayton@kernel.org \
    --cc=kernel-tls-handshake@lists.linux.dev \
    --cc=kuba@kernel.org \
    --cc=linkinjeon@kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=mail@johnericson.me \
    --cc=marc@fiuczynski.com \
    --cc=marcelo.leitner@gmail.com \
    --cc=matttbe@kernel.org \
    --cc=mbuhl@openbsd.org \
    --cc=metze@samba.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=pc@manguebit.com \
    --cc=quic@lists.linux.dev \
    --cc=sd@queasysnail.net \
    --cc=smfrench@gmail.com \
    --cc=steved@redhat.com \
    --cc=tfanelli@redhat.com \
    --cc=tom@talpey.com \
    --cc=xiyou.wangcong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox