Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-07-12 Thread Dave Watson
On 07/12/17 09:20 AM, Steffen Klassert wrote: > On Tue, Jul 11, 2017 at 11:53:11AM -0700, Dave Watson wrote: > > On 07/11/17 08:29 AM, Steffen Klassert wrote: > > > Sorry for replying to old mail... > > > > +int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) > > > > +{ > > > > > >

Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-07-12 Thread Steffen Klassert
On Tue, Jul 11, 2017 at 11:53:11AM -0700, Dave Watson wrote: > On 07/11/17 08:29 AM, Steffen Klassert wrote: > > Sorry for replying to old mail... > > > +int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) > > > +{ > > > > ... > > > > > + > > > + if (!sw_ctx->aead_send) { > > > +

Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-07-11 Thread Eric Biggers
On Tue, Jul 11, 2017 at 11:53:11AM -0700, Dave Watson wrote: > On 07/11/17 08:29 AM, Steffen Klassert wrote: > > Sorry for replying to old mail... > > > +int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) > > > +{ > > > > ... > > > > > + > > > + if (!sw_ctx->aead_send) { > > > +

Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-07-11 Thread Dave Watson
On 07/11/17 08:29 AM, Steffen Klassert wrote: > Sorry for replying to old mail... > > +int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) > > +{ > > ... > > > + > > + if (!sw_ctx->aead_send) { > > + sw_ctx->aead_send = crypto_alloc_aead("gcm(aes)", 0, 0); > > +

Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-07-11 Thread Steffen Klassert
Sorry for replying to old mail... On Wed, Jun 14, 2017 at 11:37:39AM -0700, Dave Watson wrote: > +static int tls_do_encryption(struct tls_context *tls_ctx, > + struct tls_sw_context *ctx, size_t data_len, > + gfp_t flags) > +{ > + unsigned int

Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-06-16 Thread Dave Watson
On 06/16/17 01:58 PM, Stephen Hemminger wrote: > On Wed, 14 Jun 2017 11:37:39 -0700 > Dave Watson wrote: > > > --- /dev/null > > +++ b/net/tls/Kconfig > > @@ -0,0 +1,12 @@ > > +# > > +# TLS configuration > > +# > > +config TLS > > + tristate "Transport Layer Security

Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-06-16 Thread Stephen Hemminger
On Wed, 14 Jun 2017 11:37:39 -0700 Dave Watson wrote: > --- /dev/null > +++ b/net/tls/Kconfig > @@ -0,0 +1,12 @@ > +# > +# TLS configuration > +# > +config TLS > + tristate "Transport Layer Security support" > + depends on NET > + default m > + ---help--- > +

Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-06-16 Thread Stephen Hemminger
On Wed, 14 Jun 2017 11:37:39 -0700 Dave Watson wrote: > + > +static inline struct tls_context *tls_get_ctx(const struct sock *sk) > +{ > + struct inet_connection_sock *icsk = inet_csk(sk); > + > + return icsk->icsk_ulp_data; > +} > + > +static inline struct

[PATCH v3 net-next 3/4] tls: kernel TLS support

2017-06-14 Thread Dave Watson
Software implementation of transport layer security, implemented using ULP infrastructure. tcp proto_ops are replaced with tls equivalents of sendmsg and sendpage. Only symmetric crypto is done in the kernel, keys are passed by setsockopt after the handshake is complete. All control messages