[RFC PATCH 0/2] Crypto kernel TLS socket

2015-11-23 Thread Dave Watson
/Articles/657999/ 3) NIC offload. To support running aesni routines on the NIC instead of the processor, we would probably need enough of the framing interface put in kernel. Dave Watson (2): Crypto support aesni rfc5288 Crypto kernel tls socket arch/x86/crypto/aesni-intel_asm.S

[RFC PATCH 2/2] Crypto kernel tls socket

2015-11-23 Thread Dave Watson
t a/crypto/algif_tls.c b/crypto/algif_tls.c new file mode 100644 index 000..123ade3 --- /dev/null +++ b/crypto/algif_tls.c @@ -0,0 +1,1233 @@ +/* + * algif_tls: User-space interface for TLS + * + * Copyright (C) 2015, Dave Watson <davejwat...@fb.com> + * + * This file provides the user-sp

[RFC PATCH 1/2] Crypto support aesni rfc5288

2015-11-23 Thread Dave Watson
Support rfc5288 using intel aesni routines. See also rfc5246. AAD length is 13 bytes padded out to 16. Padding bytes have to be passed in in scatterlist currently, which probably isn't quite the right fix. The assoclen checks were moved to the individual rfc stubs, and the common routines

Re: [RFC PATCH 2/2] Crypto kernel tls socket

2015-11-23 Thread Dave Watson
On 11/23/15 02:27 PM, Sowmini Varadhan wrote: > On (11/23/15 09:43), Dave Watson wrote: > > Currently gcm(aes) represents ~80% of our SSL connections. > > > > Userspace interface: > > > > 1) A transform and op socket are created using the userspace crypto

[PATCH net-next] net: strparser: fix strparser sk_user_data check

2016-08-22 Thread Dave Watson
sk_user_data mismatch between what kcm expects (psock) and what strparser expects (strparser). Queued rx_work, for example calling strp_check_rcv after socket buffer changes, will never complete. sk_user_data is unused in strparser, so just remove the check. Signed-off-by: Dave Watson

Re: [PATCH v2 net-next 3/4] tcp: Adjust TCP ULP to defer to sockets ULP

2017-08-02 Thread Dave Watson
well. I ran this through some ktls tests with no issues. Thanks Tested-by: Dave Watson <davejwat...@fb.com>

Re: [PATCH v2 net-next 3/4] tcp: Adjust TCP ULP to defer to sockets ULP

2017-08-02 Thread Dave Watson
On 08/01/17 08:18 PM, Tom Herbert wrote: > > -static int tls_init(struct sock *sk) > +static int tls_init(struct sock *sk, char __user *optval, int len) > { > - struct inet_connection_sock *icsk = inet_csk(sk); > struct tls_context *ctx; > int rc = 0; > > @@ -450,7 +449,7 @@

Re: BUG_ON(sg->sg_magic != SG_MAGIC) on tls socket.

2017-08-11 Thread Dave Watson
Hi Dave, On 08/11/17 02:52 PM, Dave Jones wrote: > kernel BUG at ./include/linux/scatterlist.h:189! > invalid opcode: [#1] SMP KASAN ... > Call Trace: > ? copy_page_to_iter+0x6c0/0x6c0 > tls_sw_sendmsg+0x6d8/0x9c0 > ? alloc_sg+0x510/0x510 > ? cyc2ns_read_end+0x10/0x10 > ?

Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-07-11 Thread Dave Watson
On 07/11/17 08:29 AM, Steffen Klassert wrote: > Sorry for replying to old mail... > > +int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) > > +{ > > ... > > > + > > + if (!sw_ctx->aead_send) { > > + sw_ctx->aead_send = crypto_alloc_aead("gcm(aes)", 0, 0); > > +

Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-07-12 Thread Dave Watson
On 07/12/17 09:20 AM, Steffen Klassert wrote: > On Tue, Jul 11, 2017 at 11:53:11AM -0700, Dave Watson wrote: > > On 07/11/17 08:29 AM, Steffen Klassert wrote: > > > Sorry for replying to old mail... > > > > +int tls_set_sw_offload(struct soc

Re: Kernel TLS in 4.13-rc1

2017-07-24 Thread Dave Watson
On 07/23/17 09:39 PM, David Oberhollenzer wrote: > After fixing the benchmark/test tool that the patch description > linked to (https://github.com/Mellanox/tls-af_ktls_tool) to make > sure that the server and client actually *agree* on AES-128-GCM, > I simply ran the client program with the

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-07-06 Thread Dave Watson
Hi Richard, On 07/06/17 04:30 PM, Richard Weinberger wrote: > Dave, > > On Wed, Jun 14, 2017 at 8:36 PM, Dave Watson <davejwat...@fb.com> wrote: > > Documentation/networking/tls.txt | 135 +++ > > MAINTAINERS| 10 + > > include

Re: Kernel TLS in 4.13-rc1

2017-07-31 Thread Dave Watson
On 07/30/17 11:14 PM, David Oberhollenzer wrote: > On 07/24/2017 11:10 PM, Dave Watson wrote: > > On 07/23/17 09:39 PM, David Oberhollenzer wrote: > >> After fixing the benchmark/test tool that the patch description > >> linked to (https://github.com/Mellanox/tls-af_k

Re: [PATCH v3 net-next 1/4] tcp: ULP infrastructure

2017-07-31 Thread Dave Watson
On 07/29/17 01:12 PM, Tom Herbert wrote: > On Wed, Jun 14, 2017 at 11:37 AM, Dave Watson <davejwat...@fb.com> wrote: > > Add the infrustructure for attaching Upper Layer Protocols (ULPs) over TCP > > sockets. Based on a similar infrastructure in tcp_cong. The idea is that &g

Re: [PATCH -net] tls: return -EFAULT if copy_to_user() fails

2017-06-23 Thread Dave Watson
On 06/23/17 01:15 PM, Dan Carpenter wrote: > The copy_to_user() function returns the number of bytes remaining but we > want to return -EFAULT here. > > Fixes: 3c4d7559159b ("tls: kernel TLS support") > Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>

Re: [PATCH v3 net-next 1/4] tcp: ULP infrastructure

2017-06-26 Thread Dave Watson
On 06/25/17 02:42 AM, Levin, Alexander (Sasha Levin) wrote: > On Wed, Jun 14, 2017 at 11:37:14AM -0700, Dave Watson wrote: > >Add the infrustructure for attaching Upper Layer Protocols (ULPs) over TCP > >sockets. Based on a similar infrastructure in tcp_cong. The idea is that any

[PATCH net-next] tcp: fix null ptr deref in getsockopt(..., TCP_ULP, ...)

2017-06-26 Thread Dave Watson
-executor1/15452 Signed-off-by: Dave Watson <davejwat...@fb.com> Reported-by: "Levin, Alexander (Sasha Levin)" <alexander.le...@verizon.com> --- net/ipv4/tcp.c | 5 + 1 file changed, 5 insertions(+) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 058f509..4c88d20

[PATCH net-next 1/4] tcp: ULP infrastructure

2017-05-24 Thread Dave Watson
cp_available_ulp tls There is currently no functionality to remove or chain ULPs, but it should be possible to add these in the future if needed. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/inet_connection_so

[PATCH net-next 0/4] kernel TLS

2017-05-24 Thread Dave Watson
This series adds support for kernel TLS encryption over TCP sockets. A standard TCP socket is converted to a TLS socket using a setsockopt. Only symmetric crypto is done in the kernel, as well as TLS record framing. The handshake remains in userspace, and the negotiated cipher keys/iv are

[PATCH net-next 3/4] tls: kernel TLS support

2017-05-24 Thread Dave Watson
bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- MAINTAINERS | 10 + include/linux/socket.h | 1 + include/net/tls.h| 223 ++

[PATCH net-next 4/4] tls: Documentation

2017-05-24 Thread Dave Watson
Add documentation for the tcp ULP tls interface. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- Documentation/networking/tls.txt | 120 +++ 1 file changed, 120 insertions(+) create

[PATCH net-next 2/4] tcp: export do_tcp_sendpages and tcp_rate_check_app_limited functions

2017-05-24 Thread Dave Watson
in <il...@mellanox.com> Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tcp.h | 2 ++ net/ipv4/tcp.c | 5 +++-- net/ipv4/tcp_rate.c | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include

Re: [PATCH v3 net-next 3/4] tls: kernel TLS support

2017-06-16 Thread Dave Watson
On 06/16/17 01:58 PM, Stephen Hemminger wrote: > On Wed, 14 Jun 2017 11:37:39 -0700 > Dave Watson <davejwat...@fb.com> wrote: > > > --- /dev/null > > +++ b/net/tls/Kconfig > > @@ -0,0 +1,12 @@ > > +# > > +# TLS configuration > > +# > &g

[PATCH net-next] tls: update Kconfig

2017-06-17 Thread Dave Watson
ze' Reported-by: kbuild test robot <fengguang...@intel.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- net/tls/Kconfig | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/tls/Kconfig b/net/tls/Kconfig index b13541f..eb58303 100644 --- a/net/tls/Kconfig

[PATCH v3 net-next 1/4] tcp: ULP infrastructure

2017-06-14 Thread Dave Watson
cp_available_ulp tls There is currently no functionality to remove or chain ULPs, but it should be possible to add these in the future if needed. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/inet_connection_so

[PATCH v3 net-next 2/4] tcp: export do_tcp_sendpages and tcp_rate_check_app_limited functions

2017-06-14 Thread Dave Watson
in <il...@mellanox.com> Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tcp.h | 2 ++ net/ipv4/tcp.c | 5 +++-- net/ipv4/tcp_rate.c | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include

[PATCH v3 net-next 0/4] kernel TLS

2017-06-14 Thread Dave Watson
This series adds support for kernel TLS encryption over TCP sockets. A standard TCP socket is converted to a TLS socket using a setsockopt. Only symmetric crypto is done in the kernel, as well as TLS record framing. The handshake remains in userspace, and the negotiated cipher keys/iv are

[PATCH v3 net-next 3/4] tls: kernel TLS support

2017-06-14 Thread Dave Watson
bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- MAINTAINERS | 10 + include/linux/socket.h | 1 + include/net/tls.h| 237 +++

[PATCH v3 net-next 4/4] tls: Documentation

2017-06-14 Thread Dave Watson
Add documentation for the tcp ULP tls interface. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- Documentation/networking/tls.txt | 135 +++ 1 file changed, 135 insertions(+) create

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-06-14 Thread Dave Watson
On 06/14/17 01:54 PM, Tom Herbert wrote: > On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson <davejwat...@fb.com> wrote: > > This series adds support for kernel TLS encryption over TCP sockets. > > A standard TCP socket is converted to a TLS socket using a setsockopt. > > On

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-06-14 Thread Dave Watson
Hi Hannes, On 06/14/17 10:15 PM, Hannes Frederic Sowa wrote: > one question for this patch set: > > What is the reason for not allowing key updates for the TX path? I was > always loud pointing out the problems with TLSv1.2 renegotiation and > TLSv1.3 key update alerts. This patch set uses

[PATCH v2 net-next 0/4] kernel TLS

2017-06-06 Thread Dave Watson
This series adds support for kernel TLS encryption over TCP sockets. A standard TCP socket is converted to a TLS socket using a setsockopt. Only symmetric crypto is done in the kernel, as well as TLS record framing. The handshake remains in userspace, and the negotiated cipher keys/iv are

[PATCH v2 net-next 3/4] tls: kernel TLS support

2017-06-06 Thread Dave Watson
bor...@mellanox.com> Signed-off-by: Ilya Lesokhin <il...@mellanox.com> Signed-off-by: Aviad Yehezkel <avia...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- MAINTAINERS | 10 + include/linux/socket.h | 1 + include/net/tls.h| 222 +

[PATCH v2 net-next 1/4] tcp: ULP infrastructure

2017-06-06 Thread Dave Watson
cp_available_ulp tls There is currently no functionality to remove or chain ULPs, but it should be possible to add these in the future if needed. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/inet_connection_so

[PATCH v2 net-next 2/4] tcp: export do_tcp_sendpages and tcp_rate_check_app_limited functions

2017-06-06 Thread Dave Watson
in <il...@mellanox.com> Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tcp.h | 2 ++ net/ipv4/tcp.c | 5 +++-- net/ipv4/tcp_rate.c | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include

[PATCH v2 net-next 4/4] tls: Documentation

2017-06-06 Thread Dave Watson
Add documentation for the tcp ULP tls interface. Signed-off-by: Boris Pismenny <bor...@mellanox.com> Signed-off-by: Dave Watson <davejwat...@fb.com> --- Documentation/networking/tls.txt | 135 +++ 1 file changed, 135 insertions(+) create

Re: [PATCH net] tls: fix NULL pointer dereference on poll

2018-06-11 Thread Dave Watson
NULL. > > Convert kTLS over to use ->poll_mask instead. Also instead of POLLIN | > POLLRDNORM use the proper EPOLLIN | EPOLLRDNORM bits as the case in > tcp_poll_mask() as well that is mangled here. Thanks, was just trying to bisect this myself. Works for me. Tested-by: Dave Wa

[PATCH net] net/tls: Don't recursively call push_record during tls_write_space callbacks

2018-05-01 Thread Dave Watson
Tomt <an...@tomt.net> Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tls.h | 1 + net/tls/tls_main.c | 7 +++ 2 files changed, 8 insertions(+) diff --git a/include/net/tls.h b/include/net/tls.h index 3da8e13..b400d0bb 100644 --- a/include/net/tls.h +++ b/inclu

Re: kTLS in combination with mlx4 is very unstable

2018-05-01 Thread Dave Watson
Hi Andre, On 04/24/18 10:01 AM, Dave Watson wrote: > On 04/22/18 11:21 PM, Andre Tomt wrote: > > The kernel seems to get increasingly unstable as I load it up with client > > connections. At about 9Gbps and 700 connections, it is okay at least for a > > while - it migh

[PATCH net] tls: Correct length of scatterlist in tls_sw_sendpage

2018-01-19 Thread Dave Watson
already calls sg_unmark_end correctly when it allocates memory in alloc_sg, or in zerocopy_from_iter. Signed-off-by: Dave Watson <davejwat...@fb.com> --- net/tls/tls_sw.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 61f394d..0a9b72f 100644 --- a/n

Re: [bpf PATCH 1/3] net: add a UID to use for ULP socket assignment

2018-01-26 Thread Dave Watson
e). > @Dave Watson can you take a quick look to verify the changes are > good on TLS ULP side. Looks reasonable, and passes my test suite. One comment below Tested-by: Dave Watson <davejwat...@fb.com> > Signed-off-by: John Fastabend <john.fastab...@gmail.com> > --- >

Re: [RFC crypto v3 8/9] chtls: Register the ULP

2018-01-25 Thread Dave Watson
<1513769897-26945-1-git-send-email-atul.gu...@chelsio.com> On 12/20/17 05:08 PM, Atul Gupta wrote: > +static void __init chtls_init_ulp_ops(void) > +{ > + chtls_base_prot = tcp_prot; > + chtls_base_prot.hash= chtls_hash; > + chtls_base_prot.unhash

Re: [RFC crypto v3 8/9] chtls: Register the ULP

2018-01-30 Thread Dave Watson
On 01/30/18 06:51 AM, Atul Gupta wrote: > What I was referring is that passing "tls" ulp type in setsockopt > may be insufficient to make the decision when multi HW assist Inline > TLS solution exists. Setting the ULP doesn't choose HW or SW implementation, I think that should be done later when

Re: [RFC crypto v3 8/9] chtls: Register the ULP

2018-01-31 Thread Dave Watson
On 01/31/18 04:14 PM, Atul Gupta wrote: > > > On Tuesday 30 January 2018 10:41 PM, Dave Watson wrote: > > On 01/30/18 06:51 AM, Atul Gupta wrote: > > > > > What I was referring is that passing "tls" ulp type in setsockopt > > > may be insuf

Re: [PATCHv2] tls: Add support for encryption using async offload accelerator

2018-01-31 Thread Dave Watson
On 01/31/18 05:22 PM, Vakul Garg wrote: > > > On second though in stable we should probably just disable async tfm > > > allocations. > > > It's simpler. But this approach is still good for -next > > > > > > > > > Gilad > > > > I agree with Gilad, just disable async for now. > > > > How to do

Re: [PATCHv2] tls: Add support for encryption using async offload accelerator

2018-01-31 Thread Dave Watson
On 01/31/18 09:34 PM, Vakul Garg wrote: > Async crypto accelerators (e.g. drivers/crypto/caam) support offloading > GCM operation. If they are enabled, crypto_aead_encrypt() return error > code -EINPROGRESS. In this case tls_do_encryption() needs to wait on a > completion till the time the

Re: [Crypto v5 03/12] support for inline tls

2018-02-15 Thread Dave Watson
On 02/15/18 12:24 PM, Atul Gupta wrote: > @@ -401,6 +430,15 @@ static int do_tls_setsockopt_tx(struct sock *sk, char > __user *optval, > goto out; > } > > + rc = get_tls_offload_dev(sk); > + if (rc) { > + goto out; > + } else { > + /*

Re: [Crypto v5 03/12] support for inline tls

2018-02-15 Thread Dave Watson
On 02/15/18 04:10 PM, Atul Gupta wrote: > > -Original Message- > > From: Dave Watson [mailto:davejwat...@fb.com] > > Sent: Thursday, February 15, 2018 9:22 PM > > To: Atul Gupta <atul.gu...@chelsio.com> > > Cc: da...@davemloft.net; herb...@gondo

Re: [Crypto v7 03/12] tls: support for inline tls

2018-02-23 Thread Dave Watson
On 02/23/18 04:58 PM, Atul Gupta wrote: > > On 02/22/18 11:21 PM, Atul Gupta wrote: > > > @@ -403,6 +431,15 @@ static int do_tls_setsockopt_tx(struct sock *sk, > > > char __user *optval, > > > goto err_crypto_info; > > > } > > > > > > + rc = tls_offload_dev_absent(sk); > > > + if

Re: [Crypto v7 03/12] tls: support for inline tls

2018-02-23 Thread Dave Watson
On 02/22/18 11:21 PM, Atul Gupta wrote: > @@ -403,6 +431,15 @@ static int do_tls_setsockopt_tx(struct sock *sk, char > __user *optval, > goto err_crypto_info; > } > > + rc = tls_offload_dev_absent(sk); > + if (rc == -EINVAL) { > + goto out; > + } else

Re: [PATCH net-next] net/tls: Mark the end in scatterlist table

2018-08-02 Thread Dave Watson
On 08/02/18 05:05 PM, Vakul Garg wrote: > In case zerocopy_from_iter() fails, 'end' won't get marked. > So fallback path is fine. > > > Which codepath is calling sg_nents()? > > While testing my WIP implementation of combined dynamic memory allocation for > (aead_req || sgin || sgout || aad ||

Re: [PATCH net-next] net/tls: Mark the end in scatterlist table

2018-08-02 Thread Dave Watson
nction needs to mark the 'end' in the last entry it > adds. > > Signed-off-by: Vakul Garg Looks good to me, it looks like the fallback path should unmark the end appropriately. Which codepath is calling sg_nents()? Acked-by: Dave Watson

Re: [PATCH net-next] net/tls: Always get number of sg entries for skb to be decrypted

2018-08-02 Thread Dave Watson
On 08/02/18 09:50 PM, Vakul Garg wrote: > Function decrypt_skb() made a bad assumption that number of sg entries > required for mapping skb to be decrypted would always be less than > MAX_SKB_FRAGS. The required count of sg entries for skb should always be > calculated. If they cannot fit in local

Re: Security enhancement proposal for kernel TLS

2018-08-03 Thread Dave Watson
On 08/02/18 05:23 PM, Vakul Garg wrote: > > I agree that Boris' patch does what you say it does - it sets keys > > immediately > > after CCS instead of after FINISHED message. I disagree that the kernel tls > > implementation currently requires that specific ordering, nor do I think > > that it

Re: Security enhancement proposal for kernel TLS

2018-07-30 Thread Dave Watson
On 07/30/18 06:31 AM, Vakul Garg wrote: > > It's not entirely clear how your TLS handshake daemon works - Why is > > it necessary to set the keys in the kernel tls socket before the handshake > > is > > completed? > > IIUC, with the upstream implementation of tls record layer in kernel, the >

Re: [PATCH net-next] net/tls: Removed redundant checks for non-NULL

2018-07-25 Thread Dave Watson
On 07/24/18 04:54 PM, Vakul Garg wrote: > Removed checks against non-NULL before calling kfree_skb() and > crypto_free_aead(). These functions are safe to be called with NULL > as an argument. > > Signed-off-by: Vakul Garg Acked-by: Dave Watson

Re: [net-next v5 3/3] net/tls: Remove redundant array allocation.

2018-07-27 Thread Dave Watson
On 07/27/18 09:34 AM, Vakul Garg wrote: > > > > -Original Message- > > From: Dave Watson [mailto:davejwat...@fb.com] > > Sent: Thursday, July 26, 2018 2:31 AM > > To: Vakul Garg > > Cc: David Miller ; netdev@vger.kernel.org; > > bor...@mellano

Re: [net-next v5 3/3] net/tls: Remove redundant array allocation.

2018-08-01 Thread Dave Watson
On 08/01/18 01:49 PM, Vakul Garg wrote: > > I don't think this patch is safe as-is. sgin_arr is a stack array of size > > MAX_SKB_FRAGS (+ overhead), while my read of skb_cow_data is that it > > walks the whole chain of skbs from skb->next, and can return any number of > > segments. Therefore we

Re: Security enhancement proposal for kernel TLS

2018-08-01 Thread Dave Watson
On 07/31/18 10:45 AM, Vakul Garg wrote: > > > IIUC, with the upstream implementation of tls record layer in kernel, > > > the decryption of tls FINISHED message happens in kernel. Therefore > > > the keys are already being sent to kernel tls socket before handshake is > > completed. > > > > This

Re: [PATCH net-next v1 1/1] net/tls: Combined memory allocation for decryption request

2018-08-08 Thread Dave Watson
On 08/08/18 06:36 PM, Vakul Garg wrote: > For preparing decryption request, several memory chunks are required > (aead_req, sgin, sgout, iv, aad). For submitting the decrypt request to > an accelerator, it is required that the buffers which are read by the > accelerator must be dma-able and not

Re: [PATCH net-next][RFC] net/tls: Add support for async decryption of tls records

2018-08-15 Thread Dave Watson
On 08/14/18 07:47 PM, Vakul Garg wrote: > Incoming TLS records which are directly decrypted into user space > application buffer i.e. records which are decrypted in zero-copy mode > are submitted for async decryption. When the decryption cryptoapi > returns -EINPROGRESS, the next tls record is

Re: [PATCH RFC net-next 1/1] net/tls: Combined memory allocation for decryption request

2018-08-07 Thread Dave Watson
Hi Vakul, Only minor comments, mostly looks good to me. Thanks > +/* This function decrypts the input skb into either out_iov or in out_sg > + * or in skb buffers itself. The input parameter 'zc' indicates if > + * zero-copy mode needs to be tried or not. With zero-copy mode, either > + *

Re: [PATCH net-next v2 1/1] net/tls: Combined memory allocation for decryption request

2018-08-09 Thread Dave Watson
be dma-able and not come from stack. The buffers for > aad and iv can be separately kmalloced each, but it is inefficient. > This patch does a combined allocation for preparing decryption request > and then segments into aead_req || sgin || sgout || iv || aad. > > Signed-off-by: Vakul Garg

Re: [PATCH net-next v1] net/tls: Add support for async decryption of tls records

2018-08-17 Thread Dave Watson
On 08/16/18 08:49 PM, Vakul Garg wrote: > Changes since RFC version: > 1) Improved commit message. > 2) Fixed dequeued record offset handling because of which few of > tls selftests 'recv_partial, recv_peek, recv_peek_multiple' were > failing. Thanks! Commit message much

Re: [bpf PATCH 1/2] tls: possible hang when do_tcp_sendpages hits sndbuf is full case

2018-08-22 Thread Dave Watson
ce this reduce the sndbuf size and stress > the tls layer by sending many 1B sends. This results in every byte > needing a header and each byte individually being sent to the crypto > layer. > > Signed-off-by: John Fastabend Super, thanks! Acked-by: Dave Watson

Re: [net-next v5 3/3] net/tls: Remove redundant array allocation.

2018-07-23 Thread Dave Watson
On 07/21/18 07:25 PM, David Miller wrote: > From: Vakul Garg > Date: Thu, 19 Jul 2018 21:56:13 +0530 > > > In function decrypt_skb(), array allocation in case when sgout is NULL > > is unnecessary. Instead, local variable sgin_arr[] can be used. > > > > Signed-off-by: Vakul Garg > > Hmmm... >

Re: Security enhancement proposal for kernel TLS

2018-07-25 Thread Dave Watson
You would probably get more responses if you cc the relevant people. Comments inline On 07/22/18 12:49 PM, Vakul Garg wrote: > The kernel based TLS record layer allows the user space world to use a > decoupled TLS implementation. > The applications need not be linked with TLS stack. > The TLS

Re: [net-next v5 3/3] net/tls: Remove redundant array allocation.

2018-07-25 Thread Dave Watson
On 07/24/18 08:22 AM, Vakul Garg wrote: > > I don't think this patch is safe as-is. sgin_arr is a stack array of size > > MAX_SKB_FRAGS (+ overhead), while my read of skb_cow_data is that it > > walks the whole chain of skbs from skb->next, and can return any number of > > segments. Therefore we

[PATCH net-next] selftests: tls: add selftests for TLS sockets

2018-07-12 Thread Dave Watson
-by: Dave Watson --- tools/testing/selftests/net/Makefile | 2 +- tools/testing/selftests/net/tls.c| 692 +++ 2 files changed, 693 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/net/tls.c diff --git a/tools/testing/selftests/net/Makefile b/tools

Re: [PATCH net-next] net/tls: Removed redundant variable from 'struct tls_sw_context_rx'

2018-07-12 Thread Dave Watson
On 07/12/18 11:14 AM, Vakul Garg wrote: > Hi Boris > > Thanks for explaining. > Few questions/observations. > > 1. Isn't ' ctx->decrypted = true' a redundant statement in > tls_do_decryption()? > The same has been repeated in tls_recvmsg() after calling decrypt_skb()? > > 2. Similarly,

[PATCH net] tls: Stricter error checking in zerocopy sendmsg path

2018-07-12 Thread Dave Watson
f7b3126c5e...@syzkaller.appspotmail.com Reported-by: syzbot+709f2810a6a05f11d...@syzkaller.appspotmail.com Signed-off-by: Dave Watson Fixes: 3c4d7559159b ("tls: kernel TLS support") --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.

Re: [PATCH v3 net-next 10/19] tls: Fix zerocopy_from_iter iov handling

2018-07-12 Thread Dave Watson
On 07/11/18 10:54 PM, Boris Pismenny wrote: > zerocopy_from_iter iterates over the message, but it doesn't revert the > updates made by the iov iteration. This patch fixes it. Now, the iov can > be used after calling zerocopy_from_iter. This breaks tests (which I will send up as selftests

Re: [PATCH v3 net-next 00/19] TLS offload rx, netdev & mlx5

2018-07-12 Thread Dave Watson
On 07/11/18 10:54 PM, Boris Pismenny wrote: > Hi, > > The following series provides TLS RX inline crypto offload. All the tls patches look good to me except #10 "tls: Fix zerocopy_from_iter iov handling" which seems to break the non-device zerocopy flow. The integration is very clean,

[PATCH RFC 4/5] tls: RX path for ktls

2018-03-08 Thread Dave Watson
are provided to decrypt in to. sk_poll is overridden, and only returns POLLIN if a full TLS message is received. Otherwise we wait for strparser to finish reading a full frame. Actual decryption is only done during recvmsg or splice_read calls. Signed-off-by: Dave Watson <davejwat...@fb.

[PATCH RFC 1/5] tls: Generalize zerocopy_from_iter

2018-03-08 Thread Dave Watson
Refactor zerocopy_from_iter to take arguments for pages and size, such that it can be used for both tx and rx. RX will also support zerocopy direct to output iter, as long as the full message can be copied at once (a large enough userspace buffer was provided). Signed-off-by: Dave Watson

[PATCH RFC 2/5] tls: Move cipher info to a separate struct

2018-03-08 Thread Dave Watson
Separate tx crypto parameters to a separate cipher_context struct. The same parameters will be used for rx using the same struct. tls_advance_record_sn is modified to only take the cipher info. Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tls.h

[PATCH RFC 3/5] tls: Pass error code explicitly to tls_err_abort

2018-03-08 Thread Dave Watson
Pass EBADMSG explicitly to tls_err_abort. Receive path will pass additional codes - E2BIG if framing is larger than max TLS record size. Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tls.h | 6 +++--- net/tls/tls_sw.c | 2 +- 2 files changed, 4 insertions(+), 4 del

[PATCH RFC 0/5] TLX Rx

2018-03-08 Thread Dave Watson
copies vs. userspace's one, vs. previous kernel's two. https://marc.info/?l=linux-crypto-vger=151931242406416=2 [2] https://github.com/Mellanox/openssl/commits/tls_rx [3] https://github.com/ktls/af_ktls-tool/tree/RX Dave Watson (5): tls: Generalize zerocopy_from_iter tls: Move cipher i

[PATCH RFC 5/5] tls: Add receive path documentation

2018-03-08 Thread Dave Watson
Add documentation on rx path setup and cmsg interface. Signed-off-by: Dave Watson <davejwat...@fb.com> --- Documentation/networking/tls.txt | 59 ++-- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/Documentation/networking/tls

Re: [PATCH RFC 4/5] tls: RX path for ktls

2018-03-08 Thread Dave Watson
On 03/08/18 09:48 PM, Boris Pismenny wrote: > Hi Dave, > > On 03/08/18 18:50, Dave Watson wrote: > > Add rx path for tls software implementation. > > > > recvmsg, splice_read, and poll implemented. > > > > An additional sockopt TLS_RX is added, with th

Re: [PATCH] net/tls: Remove VLA usage

2018-04-11 Thread Dave Watson
4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com > > Signed-off-by: Kees Cook <keesc...@chromium.org> Thanks Acked-by: Dave Watson <davejwat...@fb.com> > --- > net/tls/tls_sw.c | 10 +- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/net/t

Re: kTLS in combination with mlx4 is very unstable

2018-04-24 Thread Dave Watson
On 04/22/18 11:21 PM, Andre Tomt wrote: > kTLS looks fun, so I decided to play with it. It is quite spiffy - however > with mlx4 I get kernel crashes I'm not seeing when testing on ixgbe. > > For testing I'm using a git build of the "stream reflector" cubemap[1] > configured with kTLS and 8

Re: [PATCH V4 net-next 06/14] net/tls: Add generic NIC offload infrastructure

2018-03-27 Thread Dave Watson
Thanks for doing the merge, it looks good to me. One issue below, otherwise all my SW tests still pass. On 03/27/18 02:51 PM, Saeed Mahameed wrote: > - if (ctx->conf == TLS_SW_TX || > - ctx->conf == TLS_SW_RX || > - ctx->conf == TLS_SW_RXTX) { > -

Re: [PATCH net] strparser: Fix sign of err codes

2018-03-27 Thread Dave Watson
On 03/26/18 01:44 PM, Tom Herbert wrote: > On Mon, Mar 26, 2018 at 12:31 PM, Dave Watson <davejwat...@fb.com> wrote: > > strp_parser_err is called with a negative code everywhere, which then > > calls abort_parser with a negative code. strp_msg_timeout calls >

[PATCH v2 net] strparser: Fix sign of err codes

2018-03-27 Thread Dave Watson
xes: 43a0c6751a322847 ("strparser: Stream parser for messages") Signed-off-by: Dave Watson <davejwat...@fb.com> --- Documentation/networking/strparser.txt | 5 +++-- net/strparser/strparser.c | 8 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Docum

[PATCH net] strparser: Fix sign of err codes

2018-03-26 Thread Dave Watson
xes: 43a0c6751a322847 ("strparser: Stream parser for messages") Signed-off-by: Dave Watson <davejwat...@fb.com> --- net/strparser/strparser.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/strparser/strparser.c b/net/strparser/strparser.c index 1fdab5c..b9283

[PATCH v2 net-next 5/6] tls: RX path for ktls

2018-03-22 Thread Dave Watson
to finish reading a full frame. Actual decryption is only done during recvmsg or splice_read calls. Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tls.h| 27 ++- include/uapi/linux/tls.h | 2 + net/tls/Kconfig | 1 + net/tls/tls_main.c | 62 - n

[PATCH v2 net-next 1/6] tls: Generalize zerocopy_from_iter

2018-03-22 Thread Dave Watson
Refactor zerocopy_from_iter to take arguments for pages and size, such that it can be used for both tx and rx. RX will also support zerocopy direct to output iter, as long as the full message can be copied at once (a large enough userspace buffer was provided). Signed-off-by: Dave Watson

[PATCH v2 net-next 4/6] tls: Refactor variable names

2018-03-22 Thread Dave Watson
Several config variables are prefixed with tx, drop the prefix since these will be used for both tx and rx. Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tls.h | 2 +- net/tls/tls_main.c | 26 +- 2 files changed, 14 insertions(+), 14 deletions(-)

[PATCH v2 net-next 2/6] tls: Move cipher info to a separate struct

2018-03-22 Thread Dave Watson
Separate tx crypto parameters to a separate cipher_context struct. The same parameters will be used for rx using the same struct. tls_advance_record_sn is modified to only take the cipher info. Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tls.h

[PATCH v2 net-next 0/6] TLS Rx

2018-03-22 Thread Dave Watson
emove copies, resulting in optimally zero copies vs. userspace's one, vs. previous kernel's two. https://marc.info/?l=linux-crypto-vger=151931242406416=2 [2] https://github.com/Mellanox/openssl/commits/tls_rx2 [3] https://github.com/ktls/af_ktls-tool/tree/RX Dave Watson (6): tls: Gener

[PATCH v2 net-next 6/6] tls: Add receive path documentation

2018-03-22 Thread Dave Watson
Add documentation on rx path setup and cmsg interface. Signed-off-by: Dave Watson <davejwat...@fb.com> --- Documentation/networking/tls.txt | 66 ++-- 1 file changed, 64 insertions(+), 2 deletions(-) diff --git a/Documentation/networking/tls

[PATCH v2 net-next 3/6] tls: Pass error code explicitly to tls_err_abort

2018-03-22 Thread Dave Watson
Pass EBADMSG explicitly to tls_err_abort. Receive path will pass additional codes - EMSGSIZE if framing is larger than max TLS record size, EINVAL if TLS version mismatch. Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tls.h | 6 +++--- net/tls/tls_sw.c | 2 +- 2 files c

Re: [PATCH net-next 06/14] net/tls: Add generic NIC offload infrastructure

2018-03-21 Thread Dave Watson
On 03/19/18 07:45 PM, Saeed Mahameed wrote: > +#define TLS_OFFLOAD_CONTEXT_SIZE > \ > + (ALIGN(sizeof(struct tls_offload_context), sizeof(void *)) + \ > + TLS_DRIVER_STATE_SIZE) > + > + pfrag = sk_page_frag(sk); > + > + /*

Re: [PATCH net-next 5/6] tls: RX path for ktls

2018-03-21 Thread Dave Watson
On 03/21/18 07:20 AM, Boris Pismenny wrote: > > > On 3/20/2018 7:54 PM, Dave Watson wrote: > > + ctx->control = header[0]; > > + > > + data_len = ((header[4] & 0xFF) | (header[3] << 8)); > > + > > + cipher_overhead = tls_ctx->rx.tag

[PATCH net-next 0/6] TLS Rx

2018-03-20 Thread Dave Watson
vger=151931242406416=2 [2] https://github.com/Mellanox/openssl/commits/tls_rx2 [3] https://github.com/ktls/af_ktls-tool/tree/RX Dave Watson (6): tls: Generalize zerocopy_from_iter tls: Move cipher info to a separate struct tls: Pass error code explicitly to tls_err_abort tls: Refactor variable na

[PATCH net-next 2/6] tls: Move cipher info to a separate struct

2018-03-20 Thread Dave Watson
Separate tx crypto parameters to a separate cipher_context struct. The same parameters will be used for rx using the same struct. tls_advance_record_sn is modified to only take the cipher info. Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tls.h

[PATCH net-next 1/6] tls: Generalize zerocopy_from_iter

2018-03-20 Thread Dave Watson
Refactor zerocopy_from_iter to take arguments for pages and size, such that it can be used for both tx and rx. RX will also support zerocopy direct to output iter, as long as the full message can be copied at once (a large enough userspace buffer was provided). Signed-off-by: Dave Watson

[PATCH net-next 3/6] tls: Pass error code explicitly to tls_err_abort

2018-03-20 Thread Dave Watson
Pass EBADMSG explicitly to tls_err_abort. Receive path will pass additional codes - EMSGSIZE if framing is larger than max TLS record size, EINVAL if TLS version mismatch. Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tls.h | 6 +++--- net/tls/tls_sw.c | 2 +- 2 files c

[PATCH net-next 5/6] tls: RX path for ktls

2018-03-20 Thread Dave Watson
to finish reading a full frame. Actual decryption is only done during recvmsg or splice_read calls. Signed-off-by: Dave Watson <davejwat...@fb.com> --- include/net/tls.h| 27 ++- include/uapi/linux/tls.h | 2 + net/tls/Kconfig | 1 + net/tls/tls_main.c | 62 - n

  1   2   >