Difference between revisions of "VPP/HostStack/TLS"

From fd.io
< VPP‎ | HostStack
Jump to: navigation, search
(TLS App)
Line 1: Line 1:
 
== TLS App ==
 
== TLS App ==
  
TLS service is offered by the stack to other client applications via a custom builtin application. The TLS application implements a special transport type that allows it to behave as an application, from the underlying TCP transport perspective, but also as a transport, from the client application perspective. The app does not directly implement the TLS protocol, i.e., the record layer, handshaking protocols and the cryptographic computations and suites [1], instead it relies on the mbedtls library [2]. A high level view of the architecture can be seen lower
+
TLS service is offered by the stack to other client applications via a custom builtin application. The TLS application implements a special transport type that allows it to behave as an application, from the underlying TCP transport perspective, but also as a transport, from the client application perspective. We refer to this shim layer as a TLS context. The app does not directly implement the TLS protocol, i.e., the record layer, handshaking protocols and the cryptographic computations and suites [1], instead it relies on the mbedtls library [2]. A high level view of the architecture can be seen lower:
  
 
[[File:TLS App Architecture.png|450px|center|TLS App Architecture]]
 
[[File:TLS App Architecture.png|450px|center|TLS App Architecture]]
  
As it may be seen,  
+
Because encryption and decryption operation result in the increase and decrease of number of bytes, respectively, a single client session requires four fifos.
  
 
== Example Usage ==
 
== Example Usage ==

Revision as of 06:24, 7 March 2018

TLS App

TLS service is offered by the stack to other client applications via a custom builtin application. The TLS application implements a special transport type that allows it to behave as an application, from the underlying TCP transport perspective, but also as a transport, from the client application perspective. We refer to this shim layer as a TLS context. The app does not directly implement the TLS protocol, i.e., the record layer, handshaking protocols and the cryptographic computations and suites [1], instead it relies on the mbedtls library [2]. A high level view of the architecture can be seen lower:

TLS App Architecture

Because encryption and decryption operation result in the increase and decrease of number of bytes, respectively, a single client session requires four fifos.

Example Usage

References

[1] RFC5246 The Transport Layer Security (TLS) Protocol Version 1.2

[2] mbedtls library