All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH net-next v2 0/5] net: tls: TLS 1.3 support
@ 2019-01-30 21:57 Dave Watson
  2019-02-01 23:01 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Dave Watson @ 2019-01-30 21:57 UTC (permalink / raw)
  To: netdev, Dave Miller
  Cc: Vakul Garg, Boris Pismenny, Aviad Yehezkel, John Fastabend,
	Daniel Borkmann

This patchset adds 256bit keys and TLS1.3 support to the kernel TLS
socket.  

TLS 1.3 is requested by passing TLS_1_3_VERSION in the setsockopt
call, which changes the framing as required for TLS1.3.  

256bit keys are requested by passing TLS_CIPHER_AES_GCM_256 in the
sockopt.  This is a fairly straightforward passthrough to the crypto
framework.  

256bit keys work with both TLS 1.2 and TLS 1.3

TLS 1.3 requires a different AAD layout, necessitating some minor
refactoring.  It also moves the message type byte to the encrypted
portion of the message, instead of the cleartext header as it was in
TLS1.2.  This requires moving the control message handling to after
decryption, but is otherwise similar.

V1 -> V2

The first two patches were dropped, and sent separately, one as a
bugfix to the net tree.

Dave Watson (5):
  net: tls: Support 256 bit keys
  net: tls: Refactor tls aad space size calculation
  net: tls: Refactor control message handling on recv
  net: tls: Add tls 1.3 support
  net: tls: Add tests for TLS 1.3

 include/net/tls.h                 |  72 ++++++---
 include/uapi/linux/tls.h          |  19 +++
 net/tls/tls_device.c              |   5 +-
 net/tls/tls_device_fallback.c     |   3 +-
 net/tls/tls_main.c                |  36 ++++-
 net/tls/tls_sw.c                  | 244 +++++++++++++++++++++---------
 tools/testing/selftests/net/tls.c | 138 ++++++++++++++++-
 7 files changed, 417 insertions(+), 100 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [PATCH net-next v2 0/5] net: tls: TLS 1.3 support
  2019-01-30 21:57 [PATCH net-next v2 0/5] net: tls: TLS 1.3 support Dave Watson
@ 2019-02-01 23:01 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2019-02-01 23:01 UTC (permalink / raw)
  To: davejwatson; +Cc: netdev, vakul.garg, borisp, aviadye, john.fastabend, daniel

From: Dave Watson <davejwatson@fb.com>
Date: Wed, 30 Jan 2019 21:57:58 +0000

> This patchset adds 256bit keys and TLS1.3 support to the kernel TLS
> socket.  
> 
> TLS 1.3 is requested by passing TLS_1_3_VERSION in the setsockopt
> call, which changes the framing as required for TLS1.3.  
> 
> 256bit keys are requested by passing TLS_CIPHER_AES_GCM_256 in the
> sockopt.  This is a fairly straightforward passthrough to the crypto
> framework.  
> 
> 256bit keys work with both TLS 1.2 and TLS 1.3
> 
> TLS 1.3 requires a different AAD layout, necessitating some minor
> refactoring.  It also moves the message type byte to the encrypted
> portion of the message, instead of the cleartext header as it was in
> TLS1.2.  This requires moving the control message handling to after
> decryption, but is otherwise similar.
> 
> V1 -> V2
> 
> The first two patches were dropped, and sent separately, one as a
> bugfix to the net tree.

Series applied, thanks Dave.

I'll push this out to net-next once my build testing completes.

Thanks again.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-02-01 23:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-30 21:57 [PATCH net-next v2 0/5] net: tls: TLS 1.3 support Dave Watson
2019-02-01 23:01 ` David Miller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.