| 9e269eaf | 29-Sep-2025 |
John Baldwin <jhb@FreeBSD.org> |
cxgbe: Use partial GCM mode for partial TLS records on T7
T7's crypto co-processor adds a new partial GCM mode. This permits an
AES-GCM operation to be split into multiple requests. After each
req
cxgbe: Use partial GCM mode for partial TLS records on T7
T7's crypto co-processor adds a new partial GCM mode. This permits an
AES-GCM operation to be split into multiple requests. After each
request, the partial GHASH state is returned to the host and must be
included in the subsequent request to continue the GHASH computation.
Make use of this when sending a TLS record that spans multiple TCP
"request" (where a request can use TSO to span multiple segments).
This permits computing the final GHASH value across multiple requests
without having to re-send the entire TLS record for the final request.
To ensure that intermediate GHASH results are available when needed,
mbuf chains are queued in the TLS pcb and only dispatched one at a
time to the NIC TXQ. Packets which do not request a GHASH result
queue the next mbuf from the connection as soon as they are written
into the TXQ. Packets which do request a GHASH result queue the next
mbuf after the the GHASH result is returned by a message on a NIC RXQ.
Note that partial GCM mode is only used for the in-order data at the
"tip" of a connection and not for retransmits of earlier data.
Retransmits will not request a GHASH result so will enqueue the next
mbuf from the connection to the NIC TXQ after being written.
Partial GCM mode is also not TLS-aware and only supports "plain"
AES-GCM. Thus, TLS AAD must be explicitly constructed and sent as
part of the work request in the TXQ at the start of each TLS record.
However, by avoiding the need to retransmit the entire TLS record's
contents for the last mbuf spanning a TLS record, the overall amount
of "wasted" DMA is reduced by a factor of about 30.
MFC after: 3 days
Sponsored by: Chelsio Communications
show more ...
|
| 96469647 | 29-Sep-2025 |
John Baldwin <jhb@FreeBSD.org> |
cxgbe: Permit multiple handlers for CPL6_FW_PLD
Currently this CPL is only used to handle replies from lookaside
crypto requests submitted by ccr(4). However, in the future this
request will be ret
cxgbe: Permit multiple handlers for CPL6_FW_PLD
Currently this CPL is only used to handle replies from lookaside
crypto requests submitted by ccr(4). However, in the future this
request will be returned for other requests. Use the low bit in the
cookie field as a way to identify replies to ccr(4) vs other use
cases. This should be safe as 'struct cryptop' pointers should be
word-aligned.
MFC after: 3 days
Sponsored by: Chelsio Communications
show more ...
|
| 5b9dc22c | 29-Sep-2025 |
John Baldwin <jhb@FreeBSD.org> |
cxgbe: Extend NIC TLS to support TLS 1.3.
One unusual quirk is that the crypto engine requires the driver to
provide an 8 byte placeholder as input before the AAD that is replaced
with the middle 8
cxgbe: Extend NIC TLS to support TLS 1.3.
One unusual quirk is that the crypto engine requires the driver to
provide an 8 byte placeholder as input before the AAD that is replaced
with the middle 8 bytes of the nonce generated from the sequence
number and key context.
MFC after: 3 days
Sponsored by: Chelsio Communications
show more ...
|
| 4f272a5e | 29-Sep-2025 |
John Baldwin <jhb@FreeBSD.org> |
cxgbe: Support for NIC KTLS transmit on T7 adapters.
Unlike NIC KTLS support on T6, T7 is able to reuse the existing TSO
functionality directly, including trimming the output of the crypto
engine be
cxgbe: Support for NIC KTLS transmit on T7 adapters.
Unlike NIC KTLS support on T6, T7 is able to reuse the existing TSO
functionality directly, including trimming the output of the crypto
engine before it is passed on to TSO. This is much simpler and does
not require the use of bypass pseudo-connections in the TOE engine.
Among other things this permits arbitrary TCP options (including the
full range of possible TCP timestamp values) while also avoiding
various edge cases where parts of a requested TCP packet could not
always be transmitted (e.g. partial trailers). This implementation
also permits NIC KTLS to be used in parallel with TOE.
This version does not yet support connections over a VF (specifically
the ktls_tunnel_packet function needs to handle the VF work request),
nor does it support VxLAN offload.
MFC after: 3 days
Sponsored by: Chelsio Communications
show more ...
|