« Previous 1 2
Let the hardware do the heavy lifting
Iron Power
Inline TLS in Linux
Support for inline TLS was introduced in Linux kernel 4.13 [3]. The setsockopt utility is called from a user application to register the TLS as ULP on the TCP/IP stack and program the crypto keys. The handshake is executed in the TLS library, and record processing is offloaded using sendmsg/sendfile calls of sk->sk_prot. Currently, the Tx (encryption) path is proposed for inline processing, but hardware vendors can add support for inline Rx (decryption). The solution I refer to supports inline Tx/Rx (i.e., inline encryption and decryption of a record in hardware).
The steps to using inline TLS are:
1. Create the TCP socket:
fd = socket (AF_INET, SOCK_STREAM, 0);
2. Set the TLS ULP and initialize the sk->sk_prot required for inline TLS support. The hardware driver can have custom definitions for some of the struct proto routines associated with the socket.
setsockopt(fd, SOL_TCP, TCP_ULP, "tls", sizeof("tls"));3. Exchange TLS library handshake messages. The new keys are ready at the CCS stage and made available to the driver with another sockopt option (the crypto_info format is shown in Listing 1).
setsockopt(fd, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info));
Once the keys are programmed and the inline TLS driver is ready to process send and receive messages, the TLS library should skip record encryption/decryption/authentication, to be done in hardware.
Listing 1
crypto_info Format
struct tls12_crypto_info_aes_gcm_128 {
struct tls_crypto_info info;
unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
};
Conclusion
Implementing hardware-assisted TLS in an inline fashion reduces latency and saves host CPU cycles. This solution finds good application for media servers streaming encrypted data to several thousand clients. Inline TLS offloading ensures a single pass over PCIe, thereby enabling more throughput.
Work still remaining for the future includes:
- Leveraging TLS crypto offload capabilities to secure a wider range of applications.
- Consideration for implementing hardware-assisted UDP-based Datagram Transport Layer Security (DTLS).
- Assessing TLS 1.3, the newer version of TLS enhanced to reduce handshake time by half and make web pages load faster.
Infos
- Crypto Kernel TLS socket, Dave Watson. Accessed September 22, 2016: https://lwn.net/Articles/665602
- Inline TLS performance: https://www.chelsio.com/wp-content/uploads/resources/t6-100g-inline-linux.pdf
- Kernel documentation: https://www.kernel.org/doc/Documentation/networking/tls.txt
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
TLS 1.3 and the return of common sense
After a decade in service, TLS 1.2 is showing many signs of aging. Its immediate successor, TLS 1.3, has earned the approval of the IETF. Some major changes are on the way. - SSH Communications Launches CryptoAuditor
-
Safe Files
Encrypting your data is becoming increasingly important, but you don’t always have to use an encrypted filesystem. Sometimes just encrypting files is enough.
-
Filesystem Encryption
The revelation of wide-spread government snooping has sparked a renewed interest in data storage security via encryption. In this article, we review some options for encrypting files, directories, and filesystems on Linux.
-
Setting up SSL connections on Apache 2
To spoil the day for lurking data thieves, Apache administrators only need three additional directives – and a handful of commands.