af_ktls
af_ktls copied to clipboard
ktls
Linux Kernel TLS/DTLS Module
As stated in [1], DTLS sliding window should always advance not to drop 'too new' records. This also conforms to RFCs [2. 3]. A patch for this by David Woodhouse...
Currently only AES-GCM is supported from the TLS 1.2 ciphersuites. A new ciphersuite is defined in RFC7905 the chacha20-poly1305 which is used in several places where the AES-GCM performance is...
I wrote up a framework for what I think could be a good foundation for testing the AF_KTLS module. Check it out here. https://github.com/lancerchao/af_ktls-test
There are needed multiple `setsockopt(2)` calls for passing key material to kernel. It would be nice to consider to introduce one `setsockopt(2)` call, which would pass needed key material at...
While in af_ktls-tool you have a testing tool, it may be better to automate the test suite on a simple make check command, that includes the unit tests, as well...
I like the approach with fixed values (that's a type-safe userspace API), however it may cause upstream opposition. Be prepared to be asked to use directly the "rfc5288(gcm(aes))" string from...