lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed,  5 Jun 2019 14:11:30 -0700
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     davem@...emloft.net
Cc:     netdev@...r.kernel.org, oss-drivers@...ronome.com,
        alexei.starovoitov@...il.com,
        Jakub Kicinski <jakub.kicinski@...ronome.com>
Subject: [PATCH net-next 00/13] nfp: tls: add basic TX offload

Hi!

This series adds initial TLS offload support to the nfp driver.
Only TX side is added for now.  We need minor adjustments to
the core tls code:
 - expose the per-skb fallback helper;
 - grow the driver context slightly;
 - add a helper to get to the driver state more easily.
We only support TX offload for now, and only if all packets
keep coming in order.  For retransmissions we use the
aforementioned software fallback, and in case there are
local drops we completely give up on given TCP stream.

This will obviously be improved soon, this patch set is the
minimal, functional yet easily reviewable chunk.

Dirk van der Merwe (3):
  net/tls: export TLS per skb encryption
  nfp: tls: add datapath support for TLS TX
  nfp: tls: add/delete TLS TX connections

Jakub Kicinski (10):
  nfp: count all failed TX attempts as errors
  nfp: make bar_lock a semaphore
  nfp: parse the mailbox cmsg TLV
  nfp: add support for sending control messages via mailbox
  nfp: parse crypto opcode TLV
  nfp: add tls init code
  nfp: prepare for more TX metadata prepend
  net/tls: split the TLS_DRIVER_STATE_SIZE and bump TX to 16 bytes
  net/tls: simplify driver context retrieval
  nfp: tls: add basic statistics

 drivers/net/ethernet/netronome/Kconfig        |   1 +
 drivers/net/ethernet/netronome/nfp/Makefile   |   6 +
 drivers/net/ethernet/netronome/nfp/ccm.c      |   3 -
 drivers/net/ethernet/netronome/nfp/ccm.h      |  48 +-
 drivers/net/ethernet/netronome/nfp/ccm_mbox.c | 591 ++++++++++++++++++
 .../ethernet/netronome/nfp/crypto/crypto.h    |  23 +
 .../net/ethernet/netronome/nfp/crypto/fw.h    |  82 +++
 .../net/ethernet/netronome/nfp/crypto/tls.c   | 429 +++++++++++++
 drivers/net/ethernet/netronome/nfp/nfp_net.h  |  48 +-
 .../ethernet/netronome/nfp/nfp_net_common.c   | 147 ++++-
 .../net/ethernet/netronome/nfp/nfp_net_ctrl.c |  15 +
 .../net/ethernet/netronome/nfp/nfp_net_ctrl.h |  21 +
 .../ethernet/netronome/nfp/nfp_net_ethtool.c  |  16 +-
 include/net/tls.h                             |  32 +-
 net/tls/tls_device_fallback.c                 |   6 +
 15 files changed, 1421 insertions(+), 47 deletions(-)
 create mode 100644 drivers/net/ethernet/netronome/nfp/ccm_mbox.c
 create mode 100644 drivers/net/ethernet/netronome/nfp/crypto/crypto.h
 create mode 100644 drivers/net/ethernet/netronome/nfp/crypto/fw.h
 create mode 100644 drivers/net/ethernet/netronome/nfp/crypto/tls.c

-- 
2.21.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ