« Previous 1 2
Let the hardware do the heavy lifting
Iron Power
Inline TLS in Linux
Support for inline TLS was introduced in Linux kernel 4.13 [3]. The setsockopt
utility is called from a user application to register the TLS as ULP on the TCP/IP stack and program the crypto keys. The handshake is executed in the TLS library, and record processing is offloaded using sendmsg
/sendfile
calls of sk->sk_prot
. Currently, the Tx (encryption) path is proposed for inline processing, but hardware vendors can add support for inline Rx (decryption). The solution I refer to supports inline Tx/Rx (i.e., inline encryption and decryption of a record in hardware).
The steps to using inline TLS are:
1. Create the TCP socket:
fd = socket (AF_INET, SOCK_STREAM, 0);
2. Set the TLS ULP and initialize the sk->sk_prot
required for inline TLS support. The hardware driver can have custom definitions for some of the struct proto
routines associated with the socket.
setsockopt(fd, SOL_TCP, TCP_ULP, "tls", sizeof("tls"));
3. Exchange TLS library handshake messages. The new keys are ready at the CCS stage and made available to the driver with another sockopt
option (the crypto_info
format is shown in Listing 1).
setsockopt(fd, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info));
Once the keys are programmed and the inline TLS driver is ready to process send and receive messages, the TLS library should skip record encryption/decryption/authentication, to be done in hardware.
Listing 1
crypto_info Format
struct tls12_crypto_info_aes_gcm_128 { struct tls_crypto_info info; unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE]; unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE]; unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE]; unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; };
Conclusion
Implementing hardware-assisted TLS in an inline fashion reduces latency and saves host CPU cycles. This solution finds good application for media servers streaming encrypted data to several thousand clients. Inline TLS offloading ensures a single pass over PCIe, thereby enabling more throughput.
Work still remaining for the future includes:
- Leveraging TLS crypto offload capabilities to secure a wider range of applications.
- Consideration for implementing hardware-assisted UDP-based Datagram Transport Layer Security (DTLS).
- Assessing TLS 1.3, the newer version of TLS enhanced to reduce handshake time by half and make web pages load faster.
Infos
- Crypto Kernel TLS socket, Dave Watson. Accessed September 22, 2016: https://lwn.net/Articles/665602
- Inline TLS performance: https://www.chelsio.com/wp-content/uploads/resources/t6-100g-inline-linux.pdf
- Kernel documentation: https://www.kernel.org/doc/Documentation/networking/tls.txt
« Previous 1 2
Buy this article as PDF
(incl. VAT)