lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20190611044010.29161-1-jakub.kicinski@netronome.com>
Date:   Mon, 10 Jun 2019 21:39:58 -0700
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     davem@...emloft.net
Cc:     netdev@...r.kernel.org, oss-drivers@...ronome.com,
        alexei.starovoitov@...il.com, davejwatson@...com,
        borisp@...lanox.com, Jakub Kicinski <jakub.kicinski@...ronome.com>
Subject: [PATCH net-next 00/12] tls: add support for kernel-driven resync and nfp RX offload

Hi!

This series adds TLS RX offload for NFP and completes the offload
by providing resync strategies.  When TLS data stream looses segments
or experiences reorder NIC can no longer perform in line offload.
Resyncs provide information about placement of records in the
stream so that offload can resume.

Existing TLS resync mechanisms are not a great fit for the NFP.
In particular the TX resync is hard to implement for packet-centric
NICs.  This patchset adds an ability to perform TX resync in a way
similar to the way initial sync is done - by calling down to the
driver when new record is created after driver indicated sync had
been lost.

Similarly on the RX side, we try to wait for a gap in the stream
and send record information for the next record.  This works very
well for RPC workloads which are the primary focus at this time.

Dirk van der Merwe (2):
  nfp: tls: set skb decrypted flag
  nfp: tls: implement RX TLS resync

Jakub Kicinski (10):
  net/tls: simplify seq calculation in handle_device_resync()
  net/tls: pass record number as a byte array
  net/tls: rename handle_device_resync()
  net/tls: add kernel-driven TLS RX resync
  nfp: rename nfp_ccm_mbox_alloc()
  nfp: add async version of mailbox communication
  nfp: tls: enable TLS RX offload
  net/tls: generalize the resync callback
  net/tls: add kernel-driven resync mechanism for TX
  nfp: tls: make use of kernel-driven TX resync

 Documentation/networking/tls-offload.rst      |  54 +++++-
 .../mellanox/mlx5/core/en_accel/tls.c         |  10 +-
 drivers/net/ethernet/netronome/nfp/ccm.h      |  10 +-
 drivers/net/ethernet/netronome/nfp/ccm_mbox.c | 179 ++++++++++++++++--
 .../ethernet/netronome/nfp/crypto/crypto.h    |   6 +-
 .../net/ethernet/netronome/nfp/crypto/tls.c   |  73 ++++++-
 drivers/net/ethernet/netronome/nfp/nfp_net.h  |  20 +-
 .../ethernet/netronome/nfp/nfp_net_common.c   |  57 +++++-
 .../ethernet/netronome/nfp/nfp_net_ethtool.c  |  18 +-
 include/net/tls.h                             |  63 +++++-
 net/tls/tls_device.c                          | 140 ++++++++++++--
 net/tls/tls_sw.c                              |   9 +-
 12 files changed, 566 insertions(+), 73 deletions(-)

-- 
2.21.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ