Hi, I’m building a DPDK application that supports TLS encryption with NIC HW offloading. I modified MLX5 driver code in DPDK by referring to the kernel code for TLS offloading and successfully offload TLS encryption on HW using DPDK.
But, I have a problem with TLS retransmission with HW offloading. The problem is that when the retransmission payload size is less than 13B, NIC HW does not encrypt data and it just sends plain-text data. I`m using TLS 1.2 and AES256-GCM-SHA384 as cipher suite. I properly resync TLS record for retransmission.
For example, let’s say TLS record size is 16408B (8 bytes for iv, 16 bytes for TAG, 16384 bytes for payload). When I try to retransmit the first 12 bytes payload (out of 16384 bytes payload), I prepared 5B record header and 8B iv, and 12 bytes payload for encryption. In this case, the payload is not encrypted. But, when the payload size is larger than 12B, the payload is successfully encrypted. Is there any requirements about minimum length for encryption?
If you need more information, please let me know.