TLS, Crypto, & ULP’s

Exploring the world of secure communication technologies including TLS, Crypto, ULPs, and key aspects such as transport layer security, zero-copy mechanisms, protocol operations, and challenges in crypto implementations. Learn about the evolution of TLS protocols and common issues faced in cryptographic interfaces.

• Secure Communication
• TLS
• Crypto
• ULPs
• Technology

ker_gri Follow

Uploaded on Mar 03, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. TLS, Crypto, & ULPs Dave Watson davejwatson@fb.com

2. TLS Transport Layer Security sw RX/TX, mellanox hw TX, chelsio hw TX/RX/TCP Handshake in uspace, symmetric only

3. TLS Transport Layer Security Zerocopy No need for splice / sendfile Recv needs 16k buffer No need to hold buffers on send, or mtu for recv No async crypto

4. TLS Transport Layer Security Using with NBD Vs. proxy Buffer sizes need to be larger to get zerocopy Using directly with openSSL

5. TLS TODO Support key sizes != 128 TLS 1.3 final draft requires minor crypto AAD data changes mostly handshake changes Removed renegotiation Removed all ciphers except gcm, ccm, chacha

6. TLS strparser Generic framing decoder vs. custom Calls skb_clone, interacts badly with skb_cow_data Run in workqueue / not in workqueue confusing

7. Crypto TLS, IPSec, Macsec Almost everywhere uses GCM ~10 years old C any key size, scatter/gather, slow SSE any key size, recent scatter/gather support AVX 128bit only, no scatter/gather

8. Crypto Problems Crypto interface can t store state across calls Pre-compute key blocks needs fpu Enc/Dec skb s as they come in, before full message No way to detect if async before calling crypto routine

9. ULPs Upper layer protocols Allow arbitrary modification to proto ops & sock ops Require replacing all ops at same time Used by bpf & tls

10. ULPs Problems stacking Lots of indirection Can t unload maybe allow unloading topmost ulp? Have to somewhat know what you are replacing ip v4 vs. v6 Proto ops already locked do_tcp_sendpages

11. ULPs struct sock kcm_sendpage tls_sendpage do_tcp_sendpages Proto ops chaining is easy, replace in a stack

12. ULPs struct sock kcm_data_ready tls_data_ready sock_def_readable sk_data_ready, sk_state_change, sk_write_space Need head/tail, one to chain callbacks, one for calling

13. ULPs Full chaining Sort out sharing of user_data or ulp_data Linked list of sk_callbacks Unlocked proto ops Implement .read_sock, .peek_len