lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1490707592-1430-1-git-send-email-aviadye@mellanox.com>
Date:   Tue, 28 Mar 2017 16:26:17 +0300
From:   Aviad Yehezkel <aviadye@...lanox.com>
To:     davem@...emloft.net, aviadye@...lanox.com, ilyal@...lanox.com,
        borisp@...lanox.com, davejwatson@...com, netdev@...r.kernel.org
Cc:     matanb@...lanox.com, liranl@...lanox.com, haggaie@...lanox.com,
        tom@...bertland.com, herbert@...dor.apana.org.au, nmav@...lts.org,
        fridolin.pokorny@...il.com, ilant@...lanox.com,
        kliteyn@...lanox.com, linux-crypto@...r.kernel.org,
        saeedm@...lanox.com, aviadye@....mellanox.co.il
Subject: [RFC TLS Offload Support 00/15] cover letter

Overview
========
A kernel TLS Tx only socket option for TCP sockets.
Similarly to the kernel TLS socket(https://lwn.net/Articles/665602),
only symmetric crypto is done in the kernel, as well as TLS record framing.
The handshake remains in userspace, and the negotiated cipher keys/iv are provided to the TCP socket.

Today, userspace TLS must perform 2 passes over the data. First, it has to encrypt the data. Second, the data is copied to the TCP socket in the kernel.
Kernel TLS avoids one pass over the data by encrypting the data from userspace pages into kernelspace buffers.

Non application-data TLS records must be encrypted using the latest crypto state available in the kernel. It is possible to get the crypto context from the kernel and encrypt such recrods in user-space. But we choose to encrypt such TLS records in the kernel by setting the MSG_OOB flag and providing the record type with the data.

TLS Tx crypto offload is a new feature of network devices. It enables the kernel TLS socket to skip encryption and authentication operations on the transmit side of the data path, delegating those to the NIC. In turn, the NIC encrypts packets that belong to an offloaded TLS socket on the fly. The NIC does not modify any packet headers. It expects to receive fully framed TCP packets with TLS records as payload. The NIC replaces plaintext with ciphertext and fills the authentication tag. The NIC does not hold any state beyond the context needed to encrypt the next expected packet, i.e. expected TCP sequence number and crypto state.

There are 2 flows for TLS Tx offload, a fast path and a slow path.
Fast path: packet matches the expected TCP sequence number in the context.
Slow path: packet does not match the expected TCP sequence number in the context. For example: TCP retransmissions. For a packet in the slow path, we need to resynchronize the crypto context of the NIC by providing the TLS record data for that packet before it could be encrypted and transmitted by the NIC.

Motivation
==========
1) Performance: The CPU overhead of encryption in the data path is high, at least 4x for netperf over TLS between 2 machines connected back-to-back.
Our single stream performance tests show that using crypto offload for TLS sockets achieves the same throughput as plain TCP traffic while increasing CPU utilization by only
 x1.4.

2) Flexibility: The protocol stack is implemented entirely on the host CPU.
Compared to solutions based on TCP offload, this approach offloads only encryption. Keeping memory management, congestion control, etc. in the host CPU.

Notes
=====
1) New paths:
    o net/tls - TLS layer in kernel
    o drivers/net/ethernet/mellanox/accelerator/* - NIC driver support, currently implemented as seperated modules.
      In the future this code will go into the mlx5 driver. We attached to this patch only the module that integrated with TLS layer.
      The complete NIC sample driver is available at https://github.com/Mellanox/tls-offload/tree/tx_rfc_v5

2) We implemented support for this API in OpenSSL 1.1.0, the code is available at https://github.com/Mellanox/tls-openssl/tree/master

3) TLS crypto offload was presented during netdevconf1.2, more details could be found in the presentation and paper:
   https://netdevconf.org/1.2/session.html?boris-pismenny

4) These RFC patches are based on kernel 4.9-rc7.

Aviad Yehezkel (5):
  tcp: export do_tcp_sendpages function
  tcp: export tcp_rate_check_app_limited function
  tcp: Add TLS socket options for TCP sockets
  tls: tls offload support
  mlx/tls: Enable MLX5_CORE_QP_SIM mode for tls

Dave Watson (2):
  crypto: Add gcm template for rfc5288
  crypto: rfc5288 aesni optimized intel routines

Ilya Lesokhin (8):
  tcp: Add clean acked data hook
  net: Add TLS offload netdevice and socket support
  mlx/mlx5_core: Allow sending multiple packets
  mlx/tls: Hardware interface
  mlx/tls: Sysfs configuration interface Configure the driver/hardware
    interface via sysfs.
  mlx/tls: Add mlx_accel offload driver for TLS
  mlx/tls: TLS offload driver Add the main module entrypoints and tie
    the module into the build system
  net/tls: Add software offload

 MAINTAINERS                                        |  14 +
 arch/x86/crypto/aesni-intel_asm.S                  |   6 +
 arch/x86/crypto/aesni-intel_avx-x86_64.S           |   4 +
 arch/x86/crypto/aesni-intel_glue.c                 | 105 ++-
 crypto/gcm.c                                       | 122 ++++
 crypto/tcrypt.c                                    |  14 +-
 crypto/testmgr.c                                   |  16 +
 crypto/testmgr.h                                   |  47 ++
 drivers/net/ethernet/mellanox/Kconfig              |   1 +
 drivers/net/ethernet/mellanox/Makefile             |   1 +
 .../net/ethernet/mellanox/accelerator/tls/Kconfig  |  11 +
 .../net/ethernet/mellanox/accelerator/tls/Makefile |   4 +
 .../net/ethernet/mellanox/accelerator/tls/tls.c    | 658 +++++++++++++++++++
 .../net/ethernet/mellanox/accelerator/tls/tls.h    | 100 +++
 .../ethernet/mellanox/accelerator/tls/tls_cmds.h   | 112 ++++
 .../net/ethernet/mellanox/accelerator/tls/tls_hw.c | 429 ++++++++++++
 .../net/ethernet/mellanox/accelerator/tls/tls_hw.h |  49 ++
 .../ethernet/mellanox/accelerator/tls/tls_main.c   |  77 +++
 .../ethernet/mellanox/accelerator/tls/tls_sysfs.c  | 196 ++++++
 .../ethernet/mellanox/accelerator/tls/tls_sysfs.h  |  47 ++
 drivers/net/ethernet/mellanox/mlx5/core/en_tx.c    |  11 +-
 include/linux/netdevice.h                          |  23 +
 include/net/inet_connection_sock.h                 |   2 +
 include/net/tcp.h                                  |   2 +
 include/net/tls.h                                  | 228 +++++++
 include/uapi/linux/Kbuild                          |   1 +
 include/uapi/linux/tcp.h                           |   2 +
 include/uapi/linux/tls.h                           |  84 +++
 net/Kconfig                                        |   1 +
 net/Makefile                                       |   1 +
 net/ipv4/tcp.c                                     |  37 +-
 net/ipv4/tcp_input.c                               |   3 +
 net/ipv4/tcp_rate.c                                |   1 +
 net/tls/Kconfig                                    |  12 +
 net/tls/Makefile                                   |   7 +
 net/tls/tls_device.c                               | 594 +++++++++++++++++
 net/tls/tls_main.c                                 | 352 ++++++++++
 net/tls/tls_sw.c                                   | 729 +++++++++++++++++++++
 38 files changed, 4078 insertions(+), 25 deletions(-)
 create mode 100644 drivers/net/ethernet/mellanox/accelerator/tls/Kconfig
 create mode 100644 drivers/net/ethernet/mellanox/accelerator/tls/Makefile
 create mode 100644 drivers/net/ethernet/mellanox/accelerator/tls/tls.c
 create mode 100644 drivers/net/ethernet/mellanox/accelerator/tls/tls.h
 create mode 100644 drivers/net/ethernet/mellanox/accelerator/tls/tls_cmds.h
 create mode 100644 drivers/net/ethernet/mellanox/accelerator/tls/tls_hw.c
 create mode 100644 drivers/net/ethernet/mellanox/accelerator/tls/tls_hw.h
 create mode 100644 drivers/net/ethernet/mellanox/accelerator/tls/tls_main.c
 create mode 100644 drivers/net/ethernet/mellanox/accelerator/tls/tls_sysfs.c
 create mode 100644 drivers/net/ethernet/mellanox/accelerator/tls/tls_sysfs.h
 create mode 100644 include/net/tls.h
 create mode 100644 include/uapi/linux/tls.h
 create mode 100644 net/tls/Kconfig
 create mode 100644 net/tls/Makefile
 create mode 100644 net/tls/tls_device.c
 create mode 100644 net/tls/tls_main.c
 create mode 100644 net/tls/tls_sw.c

-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ