Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754803AbcDMWvr (ORCPT ); Wed, 13 Apr 2016 18:51:47 -0400 Received: from mga03.intel.com ([134.134.136.65]:57165 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752614AbcDMWvo (ORCPT ); Wed, 13 Apr 2016 18:51:44 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.24,481,1455004800"; d="scan'208";a="944640292" Subject: Re: [PATCH 0/3] crypto: af_alg - add TLS type encryption To: Fridolin Pokorny References: <20160306012044.6369.63924.stgit@tstruk-mobl1> <20160405112940.GB11852@gondor.apana.org.au> <57054DBC.8010507@intel.com> <20160408025250.GA7596@gondor.apana.org.au> <570CD852.7060003@redhat.com> Cc: Tom Herbert , Herbert Xu , linux-crypto@vger.kernel.org, LKML , "David S. Miller" , Linux Kernel Network Developers , davejwatson@fb.com, nmav@gnutls.org, fridolin.pokorny@gmail.com From: Tadeusz Struk Message-ID: <570ECC28.3030008@intel.com> Date: Wed, 13 Apr 2016 15:46:00 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <570CD852.7060003@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 874 Lines: 22 Hi Fridolin, On 04/12/2016 04:13 AM, Fridolin Pokorny wrote: > we were experimenting with this. We have a prove of concept of a kernel > TLS type socket, so called AF_KTLS, which is based on Dave Watson's > RFC5288 patch. It handles both TLS and DTLS, unfortunately it is not > ready now to be proposed here. There are still issues which should be > solved (but mostly user space API design) [1]. If you are interested, we > could combine efforts. > > Regards, > Fridolin Pokorny > > [1] https://github.com/fridex/af_ktls I had a quick look and it looks like is limited only to gcm(aes). I would be more interested to have a generic interface that could do generic algorithm suits like aes-cbc-hmac-sha1 also. This also seems to work in a synchronous (send one and wait) mode, which is a not good solution for HW accelerators, which I'm trying to enable. Thanks, -- TS