Netdev 0x18 venue
California, USA
Previous editions
Fosstodon
NETDEV VIDEOS
Session
PSP Crypto Protocol and HW Offload
Speakers
Anjali Singhai Jain
Arun Acharya
Willem de Bruijn
Phani R Burra
Deb Chatterjee
Label
Nuts and Bolts
Session Type
Talk
Contents
Description
PSP is a security protocol developed by Google for encrypting data in transit. It shares many concepts with IPSEC such as a security association (SA) to identify data traffic, an SA is always unidirectional, etc. It incorporates lessons from experience with currently deployed L2, L3 and L4 crypto protocols. For example, PSP encapsulates in UDP to avoid network issues with less common IP protocols.
PSP is purposely built to scale. It does not store an explicit SA in the ingress direction, but generates the ingress key on NIC from a device master key, combined with the SA SPI embedded in the packet. The full PSP Crypto Protocol Specification can be found at https://github.com/google/psp/doc
Software encryption is expensive. Modern NICs can ideally offload this operation.
This session combines two topics.
Part 1. PSP protocol introduction: by Google
Part 2. PSP NIC hardware offload: by Intel
Part two covers
1. Prerequisites
2. IDPF device interfaces for generic crypto offload: IPSEC, DTLS and PSP
1. Virtchannel based control API
2. Dedicated config queue for high-rate SA programming
3. Keys in descriptor SA programming
3. Data plane: connection establishment and line rate encryption
4. Control plane: key management, key rotation, etc.
The device implementation is based on the draft device API available at https://github.com/kuba-moo/linux/tree/psp
Recent News
Bronze Sponsor, NVIDIA
[Tue, 09, Jul. 2024]
Bronze Sponsor, Fastly
[Tue, 25, Jun. 2024]
Fireside Chat with Martin Casado
[Wed, 19, Jun. 2024]
Bronze Sponsor, Viasat
[Wed, 05, Jun. 2024]
Bronze Sponsor, secunet
[Mon, 03, Jun. 2024]
Important Dates
Closing of CFS | April 22nd |
Notification by | May 21st |
Conference dates | July 15th-19th |