From patchwork Tue Jun 6 17:02:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Watson X-Patchwork-Id: 9769293 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5AACA60364 for ; Tue, 6 Jun 2017 17:02:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5600225223 for ; Tue, 6 Jun 2017 17:02:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4A7CE27C05; Tue, 6 Jun 2017 17:02:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 868D125223 for ; Tue, 6 Jun 2017 17:02:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751576AbdFFRCn (ORCPT ); Tue, 6 Jun 2017 13:02:43 -0400 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:33277 "EHLO mx0b-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751704AbdFFRCl (ORCPT ); Tue, 6 Jun 2017 13:02:41 -0400 Received: from pps.filterd (m0109332.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v56GxOmx010718; Tue, 6 Jun 2017 10:02:19 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=facebook; bh=f7zhJaA425FBJhfVBcYSEhHAwekpE4AT6ai4G2+wkyk=; b=qMhtFYIT5il7okFca/hxd8M0eBwhr+m08+PELSaQzRLgdEB/XI/KxWMJxyJYEgCYNM2V xx9Z/VJDo5av9PY1CwLbdLWpHByRoooGGK/Jwzj01TJQB9n/h1nT9SHEuDlcyQDFghLm l2WQq8BZEK/IOP8v3U5lP9G6qIV2L+3cWtw= Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2awwrs0nnx-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 06 Jun 2017 10:02:19 -0700 Received: from PRN-CHUB02.TheFacebook.com (192.168.16.12) by PRN-CHUB10.TheFacebook.com (192.168.16.20) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 6 Jun 2017 10:02:18 -0700 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.12) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 6 Jun 2017 10:02:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=f7zhJaA425FBJhfVBcYSEhHAwekpE4AT6ai4G2+wkyk=; b=ZXCPm71Udh6/7rRDKgq6DUojc2rKxZwYCQE8+w41SP5wdTzf2j0dn4Exp9XVh861gSFsAVIu3TrPo2DXPQneJ3EwUXg069B4MVVii8s8NdBPdDc7aw2vF5Bhbye3jO1ACrQJz5z41zbjxJE9IB26YV8qcFo+2SPOUNuHuRUIuSA= Authentication-Results: mellanox.com; dkim=none (message not signed) header.d=none; mellanox.com; dmarc=none action=none header.from=fb.com; Received: from localhost (2620:10d:c090:200::6:701f) by DM5PR15MB1755.namprd15.prod.outlook.com (10.174.246.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1143.10; Tue, 6 Jun 2017 17:02:13 +0000 Date: Tue, 6 Jun 2017 10:02:02 -0700 From: Dave Watson To: Ilya Lesokhin , Aviad Yehezkel , Boris Pismenny , Liran Liss , "Matan Barak" , David Miller , , Tom Herbert , , , "Hannes Frederic Sowa" , Eric Dumazet CC: Alexei Starovoitov , , Subject: [PATCH v2 net-next 4/4] tls: Documentation Message-ID: <20170606170202.GA19459@davejwatson-mba.local> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.0 (2016-04-01) X-Originating-IP: [2620:10d:c090:200::6:701f] X-ClientProxiedBy: AM5PR0402CA0008.eurprd04.prod.outlook.com (10.175.37.18) To DM5PR15MB1755.namprd15.prod.outlook.com (10.174.246.137) X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM5PR15MB1755: X-MS-Office365-Filtering-Correlation-Id: 9d1177df-5b6c-4bc4-d028-08d4acfdc781 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201703131423075)(201703031133081); SRVR:DM5PR15MB1755; X-Microsoft-Exchange-Diagnostics: 1; DM5PR15MB1755; 3:F4RYGa580k9snFDSLOVibt4aB9M8vSvHb9ifHRVjSj08kkoYeBf+0pgD/2Bndyr1I+K0knOtcFuyJfYa3rGAVfiDTmjWSFy1UC3jtWxZDNLDQ4wD39BoYYq4GyDFN8aG95epgqweHNh93gC5/HOBIUewwR9UEyGa1RGQ3IAL3mrz1wvMCIMfD43TPlTxfLgjkEVYQt1zlNTsG+PkNuvkpRHKHcX1vyF7zHqJISL3O66Twvi3FhAivUf4fWJ4H1WcTaYkxwKUeoub/B1kI7F9OnOJ4WBHAxsyv7DpFM+pw23aAqELB3JKeXTIv0q7MfhZBiUlkHUIVBmzbpfFQjIVlg==; 25:dJoUF60c0r2ZNgJEqw1IDsnHwyTfHxCU7FNndatAPApb10svvZ0CCiraHuLKBP6IigTHtZSupszA8yB90+xlSuQ82YFEdHKslo3iwOh6c0gbjG/T1vCGV8XjGcN4WgwMav+Bn/g8iYEEt6CVEJ/OnSsJsgHq5jOGG4d8hLd9wo7Vgthkeaip5VOsmT+o6gsoEqV5v4JBJQmUIs1GcyEb7KWUDmtywi55k9HiwvWOMYRuIDYaKIFLXOIe7H3+sx+LmH1uRh7uSL6IOPIRCnD1Nq7S0PZ5yzjLAYaGj1QBGeIA43QxPZKs9PWt5nEfvLQVX7izVCU91WKKBoLW1lwIr7Ix4+cBh+xIWzys3GgduYUVrARMto02pwy98U/KY4Xbj1ce0ih8sZcq9Y38d0rUnGJLH+KQdL4b7bVSQugS1e5mBCM/k/5urIufwCez3RoRm+EdUtKq0A3/Ep+O/s8+ND4D9K1Z3yjDXeQaTpwnEB0= X-Microsoft-Exchange-Diagnostics: 1; DM5PR15MB1755; 31:jWtOHQd5xf1/MmldGYW/+gBY602zywk/ZqeE1SzavOKA7TCAl5rNxO3NblwfR2nNPgO7MF+j5Ga5f/n3BBfJiZ2F+UNcI/mvszEF0jOLdGYzok26GbiinEUcDKwKGpS5qPjc4ynmuLmF94vf7GMZFatX+953wZvcrjGR1Blm2SIgMSQxbkf+WRjdcQ0imNUzuWmZH/nFYJpUdERSITznNHiAGqskMfSY5yp6RK+E9iBNLk+LY4jBqYMcwOAoRxNK2x3auImeN7gTR6GaX8oOug==; 20:DuvQDWqv6C6w8thLIogq/eZHGJvLtXnnDU4dTpnd9J9Xv8Te6E/zC5fiYA96dkgGdiSOOYNghSvkSG7ZSHhQ+EL7J5+a1/hj4y2vY38/cMrRJiFTpt/W6kiNOG5+BQm3bdLDJOc4unbp4VO6g833QyS0h9DxwwYExKsaVXMvZjefukiqBCVmne2urXK0PsJk2M9lxttMb1z5vjQ+TzpbiaJZnrJBjM9nkznta/cNuvcs91OH/PXht8Slt5SEnzvYPGALVzVqnhGV2Bbqnpre9VOflIqkmBT9kPUHiJOSNZjtIhjbCBsZAR2NHrp5cFnwx1+VHlQL8sSv9EV28mUyaGw6XbhzLnDW05oajBTC5JTLpC3oXjqGW9O2unYajak3p4xA2aEeCbko2r8ffuEJr4Ly2FeR34OVSntfTpiuVn00LpMuUlddww+XAxVgQ4lnxjCqzSydd3nsyiYDGtohRTnMJtFaBJ+vECYnxqv23chWvcZB+oOGBTsujiNxV1oc X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(166708455590820)(192374486261705)(67672495146484)(266576461109395); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(6041248)(20161123564025)(20161123562025)(20161123558100)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR15MB1755; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR15MB1755; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR15MB1755; 4:v54AYJOwEHJaUDybuD+KP/OCOCeQcGuXSxTEa9Hdzq?= =?us-ascii?Q?pYZJ9Cu8XebGOD4D7758NbhOOwvIaN2c7NENuvDgG9vRSGYzSw0XafLavDhe?= =?us-ascii?Q?UKOKpJiLqnXTyQARYm+uO2QPtHZMBZ/Wd9STGdtLfBBaA4ZZJiyc8VFELPlN?= =?us-ascii?Q?CqZJOrhYFTtzX3GwZraHX1b+5P9PTCkPpYkCOng00gxq68tRsC+4DB0s2/ZB?= =?us-ascii?Q?aChtsucX2YVZP+dlBSaO6X+zo2bRwlXgKSCW/5HCndZ7Am45pcM1kz4lFDM2?= =?us-ascii?Q?CkjK1bvKCTWM/Mz7lz6TQ4uzUDDsozzZQh3Lrg7vLmnGZXYHc08856NNuMQ8?= =?us-ascii?Q?LggpTpQzrsmCFzA0fWUb/xoaHsF2Nl5B9aTfCubvAKPRSgoUPsuQors1cJ9T?= =?us-ascii?Q?JgobmKrknxmA2gbEYgVyci19sp3sR73kLr/dTUsmQSQjwqkkkTdTo/serjVZ?= =?us-ascii?Q?5S4z+vSMc7tG++MsW+i9el4jPxbJ67GadoO8bnk/L80Pucrk+zCc9I+IKHxo?= =?us-ascii?Q?yvvKCdVOnVKw5Cyt0Jbois74dBU+WD2vi4ApOVMiYqqEd9HyfqTQaqK3OPvK?= =?us-ascii?Q?BE5svM4/LcDolfh8HSbr15DzVLZz4c16CVxYMuxV7YRq+VrXTkeXPYOKDh2e?= =?us-ascii?Q?wrY2qYNjGZP36gt46AYTomF6YCVntCPbV5cayMiEMrRdWZP8JoB2RvWZNYT6?= =?us-ascii?Q?hJrbNBpsbS69XlpO2g9rmtJh/YGZX3wGOvRTjD7EdvEb9pKdr+Mh32EOu2cX?= =?us-ascii?Q?byPVxsePh6IAe+bonsMFBbtOe9RjeS60VNtjIse6Lw6/zfN3eegHjsdaMcx9?= =?us-ascii?Q?D/V4o7S2WF7l389J7ffs/DXF86W/aGfrJVQzl8XkDE9G4oVOdeEX5xJmswXB?= =?us-ascii?Q?70heMWQlGzWi1vy8I1ZlkBkeZWl4+A0tqOvZJdR6U+WkUzJ4lE7CSEs7pUlV?= =?us-ascii?Q?u8rvfEgFtpWJIZvqIolYyEPpXkuHvo2QFepY6Rsi3JGWjymv7bbtvYycGtZt?= =?us-ascii?Q?zalDiMD9gowsw0yQNUXOJ6lrCTktkW9I6cNkxC26jT8wucS+drJZXGqG/XfT?= =?us-ascii?Q?XEdMrVuqffZQJnuqhwEY2sNrxEWEPqCGm5Bj3X86obF+ii/ue9w1m4ZQI8at?= =?us-ascii?Q?SZrzXWoHXQM93L9HJ+LBbGy0EYEmNAqWg+P+fuzQbIBjHX2HKyUCPhMPzu9g?= =?us-ascii?Q?w47Tu40NvkE+Z7FUTjzU/mk2v6o/FMVnwkT5SpQxY/TJrn5XIntZffbOqj+G?= =?us-ascii?Q?YhFTFtqBhWB5J2ftAlCABetuVqpngSouNptaT2KEBzPcfIgsq0vIqE09gkLQ?= =?us-ascii?Q?=3D=3D?= X-Forefront-PRVS: 033054F29A X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(6069001)(39410400002)(39450400003)(39840400002)(39400400002)(39850400002)(4001350100001)(9686003)(4326008)(6486002)(83506001)(86362001)(2950100002)(7416002)(76176999)(7736002)(38730400002)(50986999)(6496005)(53936002)(54356999)(5660300001)(305945005)(25786009)(6666003)(478600001)(47776003)(42186005)(8676002)(81166006)(23726003)(98436002)(6306002)(189998001)(33656002)(76506005)(2906002)(1076002)(6116002)(18370500001)(921003)(1121003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR15MB1755; H:localhost; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR15MB1755; 23:/G9GgE12OiUoyBh8UaXrt/DDRihA9gpz2nD4it7WJ?= =?us-ascii?Q?u/OVNg+MD9Y1TW/F506/xzvIZnmzvaWLxCdLRJCO+28/6KVT/2U2OM0i5s+u?= =?us-ascii?Q?AFhzTs+QvTQpae60A0Epypim1vAqjgGHV8O+lnkYhmPQ4zXc8XVUmrc8DP+Z?= =?us-ascii?Q?96COkHLd9dyDc3C0OTVP6wtuGo4sl3Y2qKQFfOGH+GejFUd417vGHtTLDuR3?= =?us-ascii?Q?JONTCL9Mle8F58+C2Iw+dKdS3Z/sTfZUCRWo2FLBvC2aMeFH7KXNcLggy47D?= =?us-ascii?Q?CCiADafa9xc5pea5iimNsxPfCDlBxeFX3JgllomnCdfvNy5hCjRao3QR3igJ?= =?us-ascii?Q?gOKSsPyFbyrvJPIwN1WTqD9nYaXFUiq11zroUOyDMTy+53Kbimi0fTd4VFIA?= =?us-ascii?Q?cnPMkOu4be1jvub04RMX/NJbCXOywiy18LeFBQbMGatIS9iicg+LPohQ99SH?= =?us-ascii?Q?Ru2FpYGl3xfZxyClBU2snnzrglUYyBMoOYHmdDd97/9CqILV943WuoUdXI9D?= =?us-ascii?Q?cjU3MuezqbPOxpZtXLLRJlmDTmcWy/GQIIKA1NY2sNjAEuDynYx2dEJUftJ6?= =?us-ascii?Q?+U+wM0JqiBCgE4EWjC+HHn2B1WGoKuDfDHoJbCicvubnqystLG2jL6awQ72l?= =?us-ascii?Q?F7ME4j1WxEZ74lrkEnZlDbKlKaKgeFTg22ES/hQuwTCFOl4xRrexd00Euf3y?= =?us-ascii?Q?Qqvnwb6uN2P3s2i+levW9uRKIhKbiEMuP5uQKzH8SXfbeHtjA77ICoPjS6oy?= =?us-ascii?Q?dEPWcChIOtZcGk93rGgRikldz6svrCqSjI8HsnYtnEhPUQYLPCSkJ5mHdmGl?= =?us-ascii?Q?DKoMIUFoz+51IJ70J76iVwBpV6sORxAAryZfCdLNj+5jef+Ylb/UKSj7p/Ac?= =?us-ascii?Q?3jDQm1B3WiHgJnwcDc8oUHn6gvvWEnjzjhihsnFtOtRz6z00K9aSFhdhs2nS?= =?us-ascii?Q?JFmhhtbh5SeKqMJPzfqXdLOOe8ezMeBjkMMgJGx1aSLWcBOS2zAUpMMVzDJA?= =?us-ascii?Q?yo7Gayn26ZJGLKW0wS8+VeUQqpBmhqyirdbYlM/wikEjcJdsvtc2dzl7zW4d?= =?us-ascii?Q?D1f9JvoRhoS9lTUq4fJLJd19wmhAH2Wai66W0MlHFNdFJICZw=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR15MB1755; 6:Jxmy6l5pbpmhq9g2C8Crx/uTGIqmO3313DsQlYO0qfgjRg4yVdr57ddShyHp7UsjJhOOrE1vRoG6qDrD9tqtFzdvnIGJmhKZRPF8s7K/P4AmkMkz0aa1hFWRK/9mY8Rb2y55hoKKMMwOpL2RsVnAmUMEcOI6zNFuJJkMlTY6zFM36T5cM+uNXtrE3N/dV7pYIl4N37sc4ttgl1MtkN0Mhjxa9OnYXQw04wT65pbYmVqvglx9fPUJoGO3cl2nX+m8olvIM1zZOEK2Y2lfjBDh5mKk0gPyoXBsx+Zl5yi6zv2JwSiwVFRPmPVoq3KdSpFgmWb/31SYLXLBq8UBTmmTi7xlv6v+6Sp4bapGrkxLE6jf6eAM5ymsfBREwXifK4qr5H7BatLSJE1YW9ds8fvygHCpFeOh/5uobHROpnNHD1rVc8YeeO5zbc32lvn3wGXUk+GpQwEzTX4rJanu8RpeQiifU7je6d9rZbvAsnHdRWnpuOYkt8B/lK8cvkZWfzalKIEf90NJ8IJ4UoRsc0+t4g== X-Microsoft-Exchange-Diagnostics: 1; DM5PR15MB1755; 5:fQDruRBpFBx5NTC5x7Cr/Ezue7jzMx5pcM9LEeHiTvWtTowVFVYHLIIM+qHKzAdmpeCVzm9mT63XvqJEGGo6QKZY/GzHD+PINfkO2QnLImTwqdelcDNpnlqqqaXmKVi8Z6tx32NGg7qCAEQg0qLy6Psl3YPNR5TpdDE6IDU8mA1xSxP1Neyvf9y9fxEzbfWPDfRUySUpBxF26vFOK25IA8kpydkKLYEszEqoljtdbkREHcFODtZQ42VSft68NTs96nlBXOhVAtNw8ar0GHqQmWNy74j9VSHz1wEPwpcRcEMFbOzGe3zVewvnBowcg53lfxXt58ZT3dbjaPa3lxoaCVnyGqxZcjSI9e9x5y/d3KmT0gaFfTI5pxf7D61sGn1LSwf0vYM4WGoIdQC228Ge5fgGmXl8AJ2+CSKbj6DfvzOHNl/pBqiGyfm6w148+C44L2R7Zdi7oMX47jFRog4JIRxrfOlIs+2UAXmJxB0dztrHgTo7uBY5VbAIaqNt0ENG; 24:0JU6/WFTr4Xkbo+v8WVOxvfJng6Pf6I8u+0XooYeTHgmwUMyQmsO1YQVNDjrtme1bgVwMDoRVWFjLUVzSkl/NUOIdWSr+JbhcktFNSeXkHI= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR15MB1755; 7:4WFx5Ba4UFF3yeaOyBgNBTlAa4h4UxFDgkHI28C8f009PvZz/tuzydlHw4b6xTr7tOu0htgdx1LjKbfOWoFn1nY0+jS9f8q+E/mW3XwU1FS1JjuLAvvKwehHFEGn9sx+fi61PL+IMjfdVlSV/Y00KPM+D4OJ6AQgTfPAOk+valAHqeQGsn7UWLg55oYNlf/1pnd4fLjgSf+slPH+euF0FhYh52pEyrIr044mQXwBa+wnaXVMCjnegIw+LfV1KsBrYur3vsyw39fT7xXLm7WCOyDTKHE5dVQvicy38lrSS3n1BY986rnZUGDWU+sbQl44SMczHGAf62PKDzBYfC9tBw==; 20:yfzP/G2eVEkRx7LUrTqxBLClVgx/InOmXwCp5Rgv0e4vYHuwdqsN+5iWK39d+ErcjKkhIHBGi5EPWcu+GH6dvoWhgfMWqVY+Jmk3bodbZW/tfOHa6a259ItJMjUPukTQoajcLDqESB3J9i/zqms1lYbXEH7eajBY2aCXWnr/mc0= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jun 2017 17:02:13.3396 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR15MB1755 X-OriginatorOrg: fb.com X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-06_12:, , signatures=0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Add documentation for the tcp ULP tls interface. Signed-off-by: Boris Pismenny Signed-off-by: Dave Watson --- Documentation/networking/tls.txt | 135 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 Documentation/networking/tls.txt diff --git a/Documentation/networking/tls.txt b/Documentation/networking/tls.txt new file mode 100644 index 0000000..77ed006 --- /dev/null +++ b/Documentation/networking/tls.txt @@ -0,0 +1,135 @@ +Overview +======== + +Transport Layer Security (TLS) is a Upper Layer Protocol (ULP) that runs over +TCP. TLS provides end-to-end data integrity and confidentiality. + +User interface +============== + +Creating a TLS connection +------------------------- + +First create a new TCP socket and set the TLS ULP. + + sock = socket(AF_INET, SOCK_STREAM, 0); + setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")); + +Setting the TLS ULP allows us to set/get TLS socket options. Currently +only the symmetric encryption is handled in the kernel. After the TLS +handshake is complete, we have all the parameters required to move the +data-path to the kernel. There is a separate socket option for moving +the transmit and the receive into the kernel. + + /* From linux/tls.h */ + struct tls_crypto_info { + unsigned short version; + unsigned short cipher_type; + }; + + struct tls12_crypto_info_aes_gcm_128 { + struct tls_crypto_info info; + unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE]; + unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE]; + unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE]; + unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + }; + + + struct tls12_crypto_info_aes_gcm_128 crypto_info; + + crypto_info.info.version = TLS_1_2_VERSION; + crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; + memcpy(crypto_info.iv, iv_write, TLS_CIPHER_AES_GCM_128_IV_SIZE); + memcpy(crypto_info.rec_seq, seq_number_write, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(crypto_info.key, cipher_key_write, TLS_CIPHER_AES_GCM_128_KEY_SIZE); + memcpy(crypto_info.salt, implicit_iv_write, TLS_CIPHER_AES_GCM_128_SALT_SIZE); + + setsockopt(sock, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info)); + +Sending TLS application data +---------------------------- + +After setting the TLS_TX socket option all application data sent over this +socket is encrypted using TLS and the parameters provided in the socket option. +For example, we can send an encrypted hello world record as follows: + + const char *msg = "hello world\n"; + send(sock, msg, strlen(msg)); + +send() data is directly encrypted from the userspace buffer provided +to the encrypted kernel send buffer if possible. + +The sendfile system call will send the file's data over TLS records of maximum +length (2^14). + + file = open(filename, O_RDONLY); + fstat(file, &stat); + sendfile(sock, file, &offset, stat.st_size); + +TLS records are created and sent after each send() call, unless +MSG_MORE is passed. MSG_MORE will delay creation of a record until +MSG_MORE is not passed, or the maximum record size is reached. + +The kernel will need to allocate a buffer for the encrypted data. +This buffer is allocated at the time send() is called, such that +either the entire send() call will return -ENOMEM (or block waiting +for memory), or the encryption will always succeed. If send() returns +-ENOMEM and some data was left on the socket buffer from a previous +call using MSG_MORE, the MSG_MORE data is left on the socket buffer. + +Send TLS control messages +------------------------- + +Other than application data, TLS has control messages such as alert +messages (record type 21) and handshake messages (record type 22), etc. +These messages can be sent over the socket by providing the TLS record type +via a CMSG. For example the following function sends @data of @length bytes +using a record of type @record_type. + +/* send TLS control message using record_type */ + static int klts_send_ctrl_message(int sock, unsigned char record_type, + void *data, size_t length) + { + struct msghdr msg = {0}; + int cmsg_len = sizeof(record_type); + struct cmsghdr *cmsg; + char buf[CMSG_SPACE(cmsg_len)]; + struct iovec msg_iov; /* Vector of data to send/receive into. */ + + msg.msg_control = buf; + msg.msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = SOL_TLS; + cmsg->cmsg_type = TLS_SET_RECORD_TYPE; + cmsg->cmsg_len = CMSG_LEN(cmsg_len); + *CMSG_DATA(cmsg) = record_type; + msg.msg_controllen = cmsg->cmsg_len; + + msg_iov.iov_base = data; + msg_iov.iov_len = length; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + return sendmsg(sock, &msg, 0); + } + +Control message data should be provided unencrypted, and will be +encrypted by the kernel. + +Integrating in to userspace TLS library +--------------------------------------- + +At a high level, the kernel TLS ULP is a replacement for the record +layer of a userspace TLS library. + +A patchset to OpenSSL to use ktls as the record layer is here: + +https://github.com/Mellanox/tls-openssl + +An example of calling send directly after a handshake using +gnutls. Since it doesn't implement a full record layer, control +messages are not supported: + +https://github.com/Mellanox/tls-af_ktls_tool