lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 08 Mar 2020 21:16:41 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     rohitm@...lsio.com
Cc:     borisp@...lanox.com, netdev@...r.kernel.org,
        herbert@...dor.apana.org.au, kuba@...nel.org, secdev@...lsio.com,
        varun@...lsio.com
Subject: Re: [PATCH net-next v4 0/6] cxgb4/chcr: ktls tx ofld support on T6
 adapter

From: Rohit Maheshwari <rohitm@...lsio.com>
Date: Sat,  7 Mar 2020 20:06:02 +0530

> This series of patches add support for kernel tls offload in Tx direction,
> over Chelsio T6 NICs. SKBs marked as decrypted will be treated as tls plain
> text packets and then offloaded to encrypt using network device (chelsio T6
> adapter).
> 
> This series is broken down as follows:
> 
> Patch 1 defines a new macro and registers tls_dev_add and tls_dev_del
> callbacks. When tls_dev_add gets called we send a connection request to
> our hardware and to make HW understand about tls offload. Its a partial
> connection setup and only ipv4 part is done.
> 
> Patch 2 handles the HW response of the connection request and then we
> request to update TCB and handle it's HW response as well. Also we save
> crypto key locally. Only supporting TLS_CIPHER_AES_GCM_128_KEY_SIZE.
> 
> Patch 3 handles tls marked skbs (decrypted bit set) and sends it to ULD for
> crypto handling. This code has a minimal portion of tx handler, to handle
> only one complete record per skb.
> 
> Patch 4 hanldes partial end part of records. Also added logic to handle
> multiple records in one single skb. It also adds support to send out tcp
> option(/s) if exists in skb. If a record is partial but has end part of a
> record, we'll fetch complete record and then only send it to HW to generate
> HASH on complete record.
> 
> Patch 5 handles partial first or middle part of record, it uses AES_CTR to
> encrypt the partial record. If we are trying to send middle record, it's
> start should be 16 byte aligned, so we'll fetch few earlier bytes from the
> record and then send it to HW for encryption.
> 
> Patch 6 enables ipv6 support and also includes ktls startistics.
> 
> v1->v2:
> - mark tcb state to close in tls_dev_del.
> - u_ctx is now picked from adapter structure.
> - clear atid in case of failure.
> - corrected ULP_CRYPTO_KTLS_INLINE value.
> - optimized tcb update using control queue.
> - state machine handling when earlier states received.
> - chcr_write_cpl_set_tcb_ulp  function is shifted to patch3.
> - un-necessary updating left variable.
> 
> v2->v3:
> - add empty line after variable declaration.
> - local variable declaration in reverse christmas tree ordering.
> 
> v3->v4:
> - replaced kfree_skb with dev_kfree_skb_any.
> - corrected error message reported by kbuild test robot <lkp@...el.com>
> - mss calculation logic.
> - correct place for Alloc skb check.
> - Replaced atomic_t with atomic64_t
> - added few more statistics counters.

Series applied, thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ