Skip to content

fridex/af_ktls

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

97 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Linux Kernel TLS/DTLS Socket

Note that the implementation is under heavy development. Use on your own risk!

This kernel module introduces an AF_KTLS socket. AF_KTLS socket can be used to transmit data over TLS 1.2 using TCP or DTLS 1.2 using UDP. Currently, there is supported only AES GCM cipher.

The socket does data transmission, the handshake, re-handshaking and other control messages have to be served by user space using appropriate libs such as OpenSSL or Gnu TLS. AF_KTLS socket appears to be faster especially for transmitting files without user space (buffered-copy) interaction (using sendfile(2) or splice(2)).

The socket uses RFC5288 implementation proposed on Linux crypto mailing list by Dave Watson from Facebook. Changes made by this patch were not merged, so you need to apply this patch in order to test AF_KTLS socket implementation. If you want to look at benchmarking scenarios or test your use case speed impact, visit AF_KTLS tool.

You can find precompiled kernel for Fedora 23 with RFC 5288 patch applied here.

See issues for awaiting enhancements or bugs.

See also AF_KTLS tool, AF_KTLS visualize.

About

Linux Kernel TLS/DTLS Module

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 98.8%
  • Makefile 1.2%