From: Fridolin Pokorny <fpokorny@redhat.com>
To: Tadeusz Struk <tadeusz.struk@intel.com>
Cc: Tom Herbert <tom@herbertland.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
linux-crypto@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Linux Kernel Network Developers <netdev@vger.kernel.org>,
davejwatson@fb.com, nmav@gnutls.org, fridolin.pokorny@gmail.com
Subject: Re: [PATCH 0/3] crypto: af_alg - add TLS type encryption
Date: Tue, 12 Apr 2016 13:13:22 +0200 [thread overview]
Message-ID: <570CD852.7060003@redhat.com> (raw)
In-Reply-To: <CALx6S37m_ayZJ4nth0SPNr2Km2+uBZUCtK4iqPKHTARv2eB4aA@mail.gmail.com>
On 08.04.2016 04:58, Tom Herbert wrote:
> On Thu, Apr 7, 2016 at 11:52 PM, Herbert Xu <herbert@gondor.apana.org.au> wrote:
>> On Wed, Apr 06, 2016 at 10:56:12AM -0700, Tadeusz Struk wrote:
>>>
>>> The intend is to enable HW acceleration of the TLS protocol.
>>> The way it will work is that the user space will send a packet of data
>>> via AF_ALG and HW will authenticate and encrypt it in one go.
>>
>> There have been suggestions to implement TLS data-path within
>> the kernel. So we should decide whether we pursue that or go
>> with your approach before we start adding algorithms.
>>
> Yes, please see Dave Watson's patches on this.
>
Hi Tadeusz,
we were experimenting with this. We have a prove of concept of a kernel
TLS type socket, so called AF_KTLS, which is based on Dave Watson's
RFC5288 patch. It handles both TLS and DTLS, unfortunately it is not
ready now to be proposed here. There are still issues which should be
solved (but mostly user space API design) [1]. If you are interested, we
could combine efforts.
Regards,
Fridolin Pokorny
[1] https://github.com/fridex/af_ktls
next prev parent reply other threads:[~2016-04-12 11:13 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20160306012044.6369.63924.stgit@tstruk-mobl1>
[not found] ` <20160405112940.GB11852@gondor.apana.org.au>
[not found] ` <57054DBC.8010507@intel.com>
2016-04-08 2:52 ` [PATCH 0/3] crypto: af_alg - add TLS type encryption Herbert Xu
2016-04-08 2:58 ` Tom Herbert
2016-04-12 11:13 ` Fridolin Pokorny [this message]
2016-04-13 22:46 ` Tadeusz Struk
2016-04-14 6:47 ` Nikos Mavrogiannopoulos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=570CD852.7060003@redhat.com \
--to=fpokorny@redhat.com \
--cc=davejwatson@fb.com \
--cc=davem@davemloft.net \
--cc=fridolin.pokorny@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nmav@gnutls.org \
--cc=tadeusz.struk@intel.com \
--cc=tom@herbertland.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).