From patchwork Wed Jun 14 18:37:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Watson X-Patchwork-Id: 9787241 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CE3B3602C9 for ; Wed, 14 Jun 2017 18:38:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C0E5326785 for ; Wed, 14 Jun 2017 18:38:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B422A2851F; Wed, 14 Jun 2017 18:38:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DEFB026785 for ; Wed, 14 Jun 2017 18:38:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752035AbdFNSiR (ORCPT ); Wed, 14 Jun 2017 14:38:17 -0400 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:49634 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751735AbdFNSiP (ORCPT ); Wed, 14 Jun 2017 14:38:15 -0400 Received: from pps.filterd (m0044008.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5EIYPC6012372; Wed, 14 Jun 2017 11:38:02 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=facebook; bh=f7zhJaA425FBJhfVBcYSEhHAwekpE4AT6ai4G2+wkyk=; b=Dqhw/mjvlHVu0DM9FZdQSQjJZGH5rs/o5TtwH//7zNOHyJvImbWp5RuAQ6xSNaJYrXm/ pw0+Krp4FYR410DC3M5Ed/rMX0ksVVCdAyqcvIq8uKR865cuMRMebMWs/lADkgJuRZfz G3z8ddxQxP/FKdn1+Yx764aDBa66yWxv4n8= Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2b38w70eqg-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 14 Jun 2017 11:38:02 -0700 Received: from PRN-CHUB02.TheFacebook.com (192.168.16.12) by PRN-CHUB15.TheFacebook.com (192.168.16.65) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 14 Jun 2017 11:38:00 -0700 Received: from NAM03-CO1-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.12) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 14 Jun 2017 11:37:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=f7zhJaA425FBJhfVBcYSEhHAwekpE4AT6ai4G2+wkyk=; b=Vew9BwGLjKHiNLce+51rrIBz1pd3D+XZnjFRiojzwEZCSuqi+IhL0O9e1FqnnfNnZym17k1zZd7ZYLFsaP56QfysR3ThxT52K4vXMmPvBe2IO6/budryM0cU4v5u3QnU+5W+cxw4gAJm347dzwrbICWm16aLcB/QJoOcRKp6Tkc= Authentication-Results: mellanox.com; dkim=none (message not signed) header.d=none; mellanox.com; dmarc=none action=none header.from=fb.com; Received: from localhost (2620:10d:c090:180::1:fa02) by CY4PR15MB1749.namprd15.prod.outlook.com (10.174.53.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1157.12; Wed, 14 Jun 2017 18:37:57 +0000 Date: Wed, 14 Jun 2017 11:37:51 -0700 From: Dave Watson To: Ilya Lesokhin , Aviad Yehezkel , Boris Pismenny , Liran Liss , "Matan Barak" , David Miller , , Tom Herbert , , , "Hannes Frederic Sowa" , Eric Dumazet CC: Alexei Starovoitov , , Subject: [PATCH v3 net-next 4/4] tls: Documentation Message-ID: <20170614183751.GA80390@davejwatson-mba.dhcp.thefacebook.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.0 (2016-04-01) X-Originating-IP: [2620:10d:c090:180::1:fa02] X-ClientProxiedBy: BN6PR13CA0004.namprd13.prod.outlook.com (10.175.123.14) To CY4PR15MB1749.namprd15.prod.outlook.com (10.174.53.139) X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PR15MB1749: X-MS-Office365-Filtering-Correlation-Id: 79ea812c-be55-4513-9f60-08d4b3547a34 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201703131423075)(201703031133081); SRVR:CY4PR15MB1749; X-Microsoft-Exchange-Diagnostics: 1; CY4PR15MB1749; 3:dSJ3IN8npXdospUkNgZ2icKEczzwefWFjs3G3aOhstKnn8XSyFJ0N/xHlpL4VsulmZa9/VkvUJBvzIDNGg4DzpQJ2FL6a1T2Y0qVU9SdiNvgtUiD4vXfp417u9LQjgRngpJFOPbTVZfoIOZjvi218qaj+s34u50c/5ewWDSHXucwW023b/eYn74z4ohVTu+P6XTnKhzIBKZjrQOBEwlnQshmEpfeS4QTW5LLnY2crGSY+DUoFNLYNN0o5NvJp2gmaAOcIKVK8sgyaBht2YCYgs7KS75/VaF6p3X7QGOBjgcYwGrtcUiALM6aBDUjfA7uzzEzIKspahH1yC3UrP60jg==; 25:vxwsOY2JGi8LgO55HRR8AYotfXj1+1BCQXGdonSHZPrjoRPsDFgJI4bm7FZ5aVDXSEyI5otN+zIgAnpZ3e5peUgJyqZnCKJ0gtuXv1yBnbgXC/e2KZfUnLQJqSgcXDT8zNeN4EfwwI1pLsa0hHeqBF9f4y61DQ0iXlQWCBFzOJ+JKrO6CxlvDgj/CO6Akj+rT0l1kn5gw30g56WDFpBcl1aNFuTmR5cpUOEkV9e5rgWzN3/Ch+vggEX9yLzr46cP6RPzuSMccKgTg0YT9RT7DZ3x4i6VnPV5Q1DPxWc2Z4e0/n32UU5g2rl+MUFQnrezrkWa48/2s2l7U2Qvqsoqh1q/dgTE3GReNhQ91Tw5po0M8ETeqxVKvpgObI8Yfrpi3SeFJwgrtLLKu42TIPfSrVE/+GvzeXlbS7uYFjoCZh94Mak2Cyg4oHvXoaLw662GeCbKJwEbKNv5Q+dXp1w6EobVNeQhim3zyXeVqa1OYak= X-Microsoft-Exchange-Diagnostics: 1; CY4PR15MB1749; 31:gAmYpMmdH59MJBBTtg/dhkPZpF1J/0Fg9h3U0/qm8Mlp02D1c7vYE+xFfCvI7H2VIWCv/sIF+asgqPySaY83Lc8mt/3BdcoFh+OcEbzcETf0weE3rlJO3r+nMQhKyQeJU1O5W/XK1MAoFrZfGqAa33UNkrtEd5N3BNZlZ0FMzy84IU2aqeykETDr9fP5Sux0zX2PBsyOipAUjDOgN4VIc9nQoUOCua7ksgL8QC5HiGxpDAg2Rm/Suja3lbgtyFm7lnQRokqj9uI28Q5m9iZJXg==; 20:6flCN8HjrQyPtRMGUAH0tuZ4VORaoG8ufOPMYdqBCZ6S5m7hkYFBDB/CVYBI0I3RbJYl+0OMckKP9zLy2KJRgZfvCeebHC2cTKZsQaBF+uYGU9CwhDUtzWKZaUzMp5fco7reHqFy19tqsRGa0eF1AlcHCnY6LcUg5O/VsOCd/iReN/oJABMyFoxwaFS3bXfH3lHPellXPDIFk7/VAvYaGFQlcM/gzkPyRjZM1QEsDL/9DihQDruQ/njDfnI3jSF5C8vsRkb8EYzFX2epn8gwIWXGGFAwSA2h+Rm0nKvVh/u2knBrdNxBiBLKJz2Il9Q/ZAeVQPxo+ir3nRB662kkFEJzgPx/BYczsoDIZzJd+ScZJMSNU+qLRz4b5jxAcdQo0FAcbAy0pOZRVu4FGepyBtxO7+KDPhEiTh0bFpAaYmKZQuC6zh7I0SYt1nz0lxIm9qKs0fiUi9MFVthKHTaYmttcxEUfAoAQmDSIR/EQrbxNeoM/a0GwS+RgMPfTyzhY X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(166708455590820)(192374486261705)(67672495146484)(266576461109395); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(3002001)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(20161123555025)(20161123562025)(20161123560025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR15MB1749; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR15MB1749; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY4PR15MB1749; 4:w4uRIkbetOMajI6BhX1sbeAAo3oAX8j2D0aF5Cs6Le?= =?us-ascii?Q?PVQvuI7hJL66BvQMoV0Z2PNMIn6CEWZ2Btt8z6gUtQ5rD+5oBFnWQA98OycX?= =?us-ascii?Q?hN/Otj8w71jORQ6YCd9ox43xYuerKESYj5hWrqDHmScSRo7A1ee1s291nDKA?= =?us-ascii?Q?zqgzfFeoBcQsqm/GT2XMb0qOJJCutQ8Kge87y0ogllt/h7NV2oPzCDm2LaDF?= =?us-ascii?Q?JA0LOs40GSOzMZL3mml7dBzF50Z33jfla71pKGWqUhgktv5dvIt4BjRP6tHW?= =?us-ascii?Q?bBxvdHiujE7kd61SNGKaAU+7WvluzCzGGuxsTkb2vhKTZLaXUNPFTrMm7aqG?= =?us-ascii?Q?znJgzOPYQQzIcNXtEPixK4I8Sm6g6oZ4t64dtHJuYdsxvsyVzg6x91Id9gA9?= =?us-ascii?Q?dLQxG6xTYw6enTGKKJN4A3Aa91PfXoHS4V6ZC/h7F4LkoN8D9W67fwOecM/U?= =?us-ascii?Q?oSC9FtQwM7YUu/Q4dD+FrsYktgc/1oqcncq6G2Ol5NXV3Tpp2pUzC7X9wVGW?= =?us-ascii?Q?83mOf7wvcV88N72y+nQdXSkCS8++G36fYik18yxByVYmikfq5f8gEEVBAQN4?= =?us-ascii?Q?+4NYUcyzJxEIibjxioKSWVFqTL/JbWnp/+jhRmHZwetT0ywE0RWzbyniE1gU?= =?us-ascii?Q?TEjecHwtsb6jkfPDh2ZiP+2iMS493QSY5XFrBpmSlGkKI/BR0JIz7vx1Cm/t?= =?us-ascii?Q?4S/G14uPZ6G8cakHToxxdv2k6kxa0/J7OLLVZR3V6XorGbxz/aZnkUYEGxFv?= =?us-ascii?Q?x6uYeAujIH3SGYduQQsGirIYw2SaOlZiLyuzLr++z/7dWVgHupwq6/zlM5Ym?= =?us-ascii?Q?AAaSz8cWJgMOdFTPjjvr4MMGtlloVA1DF8Fxxv8Zw6/Yx67JkKmoK/t84SR5?= =?us-ascii?Q?UhEJshVxUeLrXoecPZAZb+TiGuLanH0o16TxhuPWk58v7uHRNpUtLplA2UOM?= =?us-ascii?Q?sQ6w3ta1p9v5cGzhEa9yqEGkczN1QXKAxhukGaERxq1O07aswCUaJwTDZ9Td?= =?us-ascii?Q?akDGPhqVXNX+MJV/9sawIgS2Cu01Sje144PU8asLqTwfDTaOIk4Pxu7V+che?= =?us-ascii?Q?91fw0lBb8Z7XKj5lR2KfoYC2nMS6yxYKxhP38dsj7LMrwhcphHcHuvW0/rGw?= =?us-ascii?Q?xnaxGRIZ8jUt2+POSbOKF7xjHKX4GfRRzcAi3BEnKFnnq36O/yVu4fwOpwVG?= =?us-ascii?Q?bKM0fHyb0alrazheiNW/Eb2EXJIO0HYhmK0cWsUO/DKUII7QNiglz7G9rwQ+?= =?us-ascii?Q?Q52dVDvS7AK+pwnczxVffTGQXQDL7zh9OxP5lL9gT7RULgzHaf3XheqEq0aw?= =?us-ascii?Q?=3D=3D?= X-Forefront-PRVS: 033857D0BD X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6069001)(6009001)(39850400002)(39860400002)(39840400002)(39450400003)(39400400002)(39410400002)(478600001)(25786009)(5660300001)(50466002)(54356999)(8676002)(50986999)(76176999)(4326008)(6306002)(81166006)(7736002)(7416002)(76506005)(47776003)(42186005)(2950100002)(6666003)(305945005)(53936002)(9686003)(1076002)(33656002)(4001350100001)(189998001)(83506001)(6486002)(23726003)(6116002)(86362001)(2906002)(38730400002)(6496005)(18370500001)(921003)(1121003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR15MB1749; H:localhost; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY4PR15MB1749; 23:+mxenPnGg7DS0Pd74XZRcJ9dqC7R6veDVcv+uIub8?= =?us-ascii?Q?Ia2zW5sXGbD+RuN6NOmxvmcRbwtbp9LtPpQBu+f/kS+c/tpmGnhfupVqGmZd?= =?us-ascii?Q?3/u0cT2zBgvsBbe2DfZzwkrRY2DM+jpISpBpPoiezBmKcFUN54jne0waFsp0?= =?us-ascii?Q?I1BW/qxzs1fOYghHAYtGNobuq3ZUUQelJp9iF9HglVoBfoIKGi0HPj23s5D+?= =?us-ascii?Q?plHx8JHyM55aM9uS5/3XMeReZS74S12F9vuo+pYeEgXLfRrZABpP5r/71q4C?= =?us-ascii?Q?VbdOaWr3jnUeb9uoPBl8YMpmQ28JwOfUjzhYe30zIR526+P60cLnp9auUBAj?= =?us-ascii?Q?YfU4NqcSbKfyOxDiPvd/nVOzgqwhTsQwDDlpCY4zJDioAouNymf/0kd60PfF?= =?us-ascii?Q?rbRG/vqcmUG0TzFeYkv7cJL7yumuds/TkHlDA1C/HPLIuOqYnIvSoNQ/pVLI?= =?us-ascii?Q?QNCzUYYS/A/j2grymnV6axrNzaUXABmSgX9csGce3ZQYOF2OoWgBb0lRw33f?= =?us-ascii?Q?4pw0d3SxiaAevqbeoFq2kjJ8KrS/sjOkVmCxZdJLM26xLm42XA2BQqoIl9IP?= =?us-ascii?Q?b7068ksRe+N0rLwUnleQuH299L+HKyPY1bs0g8tr2oayNjitTqnSZlLax7Js?= =?us-ascii?Q?K6H0SAzTYGbHkk3c0lGnJVWyvCdYCmY1YHT3FvjeBBddvW7kiyGw0oYUzBtc?= =?us-ascii?Q?7YCWJRTzZUy92KFczgWyf0WxsJuj+xeX+ojsX+eN70inlDFfziUR56XsuOGL?= =?us-ascii?Q?wASZvlKjXO+hXjb6dc/mUL2eZDhXpXTiNUF+mcNqlPwgDeGHJXD79nyY+4Bc?= =?us-ascii?Q?4gPP2D5zWJfz7AWK9X898Xvg3ueuDLDIPpNf1Jgehe++SIr6AK/EJioS+Imb?= =?us-ascii?Q?gz1FTEe4+t+FAJ+uM9BfKdqzImbzLoYOEekzKJ2pyqGHqXxbh5qlm1EVSNB5?= =?us-ascii?Q?deEVba4hVOXNQ7Vo7h2uvnJeenWjRLRGSmJSjSBQaJdkuspDFvZrLkeGqXuG?= =?us-ascii?Q?ZCw5GJOBhzSwn9tF2FwCgssBgm2mn4z7NZdRvXN518W8CaGrYFeZ5NriIIV+?= =?us-ascii?Q?V96hHshmpmKR3yXslGPUsxFa2v9gvSRsY4M7P8bf5HQ1u3OpozDeJkXc4046?= =?us-ascii?Q?ZWBDoQF0IT/5FHimNZA1pH1Ixmz6dT2?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR15MB1749; 6:zUWS0HeBZzK7/0wBZltlAd/Y4UlwgJLaYJJ1Y3xErjG4pri+KpqGbcpaOjlAIfdXcKi6CPqpaeE+ItAFRJLzRLk5wpjpufjZk5AD4B/8Rbkzs7X9aFUekm0/4kcDILTagiqj5vA3hGHLgbaOzhEyl579Sq92h9QNDIWN1SW8Je5bO0Zlr1iMKahh40WFTBHeIH4r635WW8hHe8v3pevtT3XGXR5QCjyubh/Mq4CbNQNmbUECBf9jDEZPUAndCAwkqKmiFVxc2U5l7YPzk14TYEN9rLlE2UBfIL8XxADTfs0uzNrPal6trBtTsIrHei+iQFI0yQA4tsCiChY4Ntro0OboD/yDsCbrnD3cop4rS006LnFH7GAZbbR97o2qRs9TahYQQHpwtJ30ybnbf+VqAbBrLlsGmYCiifmKGYw9n8ETBlKI8bWqj152izAyclNrdmjf7mbkgnNvdyzmVNsSSIK7Sf32heekV4xaFPyRSiAQwBQEnhad1oicFvOqipBu5hVqQJusKB/lWAsGG7ZN+Q== X-Microsoft-Exchange-Diagnostics: 1; CY4PR15MB1749; 5:8O8m/p5AMdQkw9xJP/H1C0XFaKRwz0Hi33chH0tIVi1gi/7SHtAVeXZ3JRISz+mt/PbWoymsQgPqo8C/eKgg31uPo/jkXjjPUNnNPtJg+6+pKGmKMj47YBUO/1EomZvHJ8POdDRbIcyVIkFY/vhBZW4LWm9rrdGVirNocCiJf3Ii7o267npZPZBK+Q3yKDuzLns3avGKvIN8CylM2mjPnBMHAh2LqumcC5VCFnLFHLzU65Lo+jZ0krWgfz8/h5eo6ZW/rbaSuuZPufthRn4qBeTwoG1x+JdiqlgDkUsolslym/jQeFTLFcIK09TQ2JsLA+6yVYshmqy0CKmUt+aWTAfkPUrrCgk01MpgyZzXUY5BrCRIMKBsk19/lnWf7SACsJRRogEfDiTesmh0cSwdzXGWLoUHCrlevttzuKNG6VrDClq47fkg9FrXA5i8F2h+cgyPFMK88f+oenOmrH4Kcp4DdtVX9oWNMHBY4eCLxhzBzYo6VOUem4z2x0WzYWzU; 24:fhZrggTyjRzqIsYblu9SO4Op4P9riHSs5wowdm0ubRg2SrS0U4ldUC/vT51pYr33FcBd8Dw0VwyuqwxhJNrBC+cLzqv62No03uhK2Y4OP8A= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR15MB1749; 7:t6CJKIj1sUwr3dwac31SJAwzV9aqpiDxAayekFKinq794qUJRHMXBwxPWICaVofQwdFt9bWT/GBgtw5cjw0OaVUIDSWz2GelZcMeIUmI6S+RoftlmAJthBULnMNFHCvSFkHttIZK0u1wnq3jlJsUQtDxYvSP2DAaMX5c9brFpdQ4XI9SP0zALbM3D++RedGY3KPnUBp7Jk7uQ+dKtd3AieZDm/1y5E6sWX1QmeK1CR9Q9EDWEKLh3Zz6MT7thLCmsgen4be3SnrS/tICQHP6mK1Z+ozzMLODjaBHKYsS5+ffXIPP7j8HZBKw3BUhG4LVoX4HhtqCjYQpNQS1quDIsw==; 20:B2c1xbCjt8cBoIkMDYhuaRcCBQTwt+tAUTkHMar8SZ61KBsTvcCMWg99Izer8/GaF/pvxg0uBBQ0YRkHF/gun/zsRFg4AFLCdwvb+IJtoM6YyM7t0N09nMCWAXK0VI0dkHWPMioYJvw0y9RXrbEF1D7GsUapNyb60mGU4gBZ5V4= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jun 2017 18:37:57.0552 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR15MB1749 X-OriginatorOrg: fb.com X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-14_04:, , signatures=0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Add documentation for the tcp ULP tls interface. Signed-off-by: Boris Pismenny Signed-off-by: Dave Watson --- Documentation/networking/tls.txt | 135 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 Documentation/networking/tls.txt diff --git a/Documentation/networking/tls.txt b/Documentation/networking/tls.txt new file mode 100644 index 0000000..77ed006 --- /dev/null +++ b/Documentation/networking/tls.txt @@ -0,0 +1,135 @@ +Overview +======== + +Transport Layer Security (TLS) is a Upper Layer Protocol (ULP) that runs over +TCP. TLS provides end-to-end data integrity and confidentiality. + +User interface +============== + +Creating a TLS connection +------------------------- + +First create a new TCP socket and set the TLS ULP. + + sock = socket(AF_INET, SOCK_STREAM, 0); + setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")); + +Setting the TLS ULP allows us to set/get TLS socket options. Currently +only the symmetric encryption is handled in the kernel. After the TLS +handshake is complete, we have all the parameters required to move the +data-path to the kernel. There is a separate socket option for moving +the transmit and the receive into the kernel. + + /* From linux/tls.h */ + struct tls_crypto_info { + unsigned short version; + unsigned short cipher_type; + }; + + struct tls12_crypto_info_aes_gcm_128 { + struct tls_crypto_info info; + unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE]; + unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE]; + unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE]; + unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + }; + + + struct tls12_crypto_info_aes_gcm_128 crypto_info; + + crypto_info.info.version = TLS_1_2_VERSION; + crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; + memcpy(crypto_info.iv, iv_write, TLS_CIPHER_AES_GCM_128_IV_SIZE); + memcpy(crypto_info.rec_seq, seq_number_write, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(crypto_info.key, cipher_key_write, TLS_CIPHER_AES_GCM_128_KEY_SIZE); + memcpy(crypto_info.salt, implicit_iv_write, TLS_CIPHER_AES_GCM_128_SALT_SIZE); + + setsockopt(sock, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info)); + +Sending TLS application data +---------------------------- + +After setting the TLS_TX socket option all application data sent over this +socket is encrypted using TLS and the parameters provided in the socket option. +For example, we can send an encrypted hello world record as follows: + + const char *msg = "hello world\n"; + send(sock, msg, strlen(msg)); + +send() data is directly encrypted from the userspace buffer provided +to the encrypted kernel send buffer if possible. + +The sendfile system call will send the file's data over TLS records of maximum +length (2^14). + + file = open(filename, O_RDONLY); + fstat(file, &stat); + sendfile(sock, file, &offset, stat.st_size); + +TLS records are created and sent after each send() call, unless +MSG_MORE is passed. MSG_MORE will delay creation of a record until +MSG_MORE is not passed, or the maximum record size is reached. + +The kernel will need to allocate a buffer for the encrypted data. +This buffer is allocated at the time send() is called, such that +either the entire send() call will return -ENOMEM (or block waiting +for memory), or the encryption will always succeed. If send() returns +-ENOMEM and some data was left on the socket buffer from a previous +call using MSG_MORE, the MSG_MORE data is left on the socket buffer. + +Send TLS control messages +------------------------- + +Other than application data, TLS has control messages such as alert +messages (record type 21) and handshake messages (record type 22), etc. +These messages can be sent over the socket by providing the TLS record type +via a CMSG. For example the following function sends @data of @length bytes +using a record of type @record_type. + +/* send TLS control message using record_type */ + static int klts_send_ctrl_message(int sock, unsigned char record_type, + void *data, size_t length) + { + struct msghdr msg = {0}; + int cmsg_len = sizeof(record_type); + struct cmsghdr *cmsg; + char buf[CMSG_SPACE(cmsg_len)]; + struct iovec msg_iov; /* Vector of data to send/receive into. */ + + msg.msg_control = buf; + msg.msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = SOL_TLS; + cmsg->cmsg_type = TLS_SET_RECORD_TYPE; + cmsg->cmsg_len = CMSG_LEN(cmsg_len); + *CMSG_DATA(cmsg) = record_type; + msg.msg_controllen = cmsg->cmsg_len; + + msg_iov.iov_base = data; + msg_iov.iov_len = length; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + return sendmsg(sock, &msg, 0); + } + +Control message data should be provided unencrypted, and will be +encrypted by the kernel. + +Integrating in to userspace TLS library +--------------------------------------- + +At a high level, the kernel TLS ULP is a replacement for the record +layer of a userspace TLS library. + +A patchset to OpenSSL to use ktls as the record layer is here: + +https://github.com/Mellanox/tls-openssl + +An example of calling send directly after a handshake using +gnutls. Since it doesn't implement a full record layer, control +messages are not supported: + +https://github.com/Mellanox/tls-af_ktls_tool