From: Ard van Breemen <ard@kwaak.net>
To: drbd-dev@lists.linbit.com
Subject: [Drbd-dev] drbd 2.6.19 crypto changes
Date: Wed, 10 Jan 2007 13:31:16 +0100 [thread overview]
Message-ID: <20070110123116.GX15730@kwaak.net> (raw)
This is a preliminary patch as in: as far as I can see it
*should* work.
Biggest change in the crypto api is that calls are more
encapsulated.
Instead of a hmac, we talk about hash only. We allocate and free
hash structures, independent what kind of hash.
To calculate the digest there are now 2 calls necessary: a call
to setkey (if you want to use a key), and a call to generate the
digest itself.
This patch tries to keep the changes contained at a single point.
This means we set the hash_key 2 times instead of being clever
and setting it once in a more central point, and use that later
on a few times.
Anyway: it compiles without warning, it loads, what more do we
want.
Index: drbd-latest/drbd/drbd_receiver.c
===================================================================
--- drbd-latest/drbd/drbd_receiver.c (revision 2678)
+++ drbd-latest/drbd/drbd_receiver.c (working copy)
@@ -2754,7 +2754,11 @@ STATIC void drbd_disconnect(drbd_dev *md
mdev->tl_hash_s = 0;
}
if(mdev->cram_hmac_tfm) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
crypto_free_tfm(mdev->cram_hmac_tfm);
+#else
+ crypto_free_hash(mdev->cram_hmac_tfm);
+#endif
mdev->cram_hmac_tfm = NULL;
}
kfree(mdev->net_conf);
@@ -2951,7 +2955,11 @@ STATIC int drbd_do_auth(drbd_dev *mdev)
goto fail;
}
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
resp_size = crypto_tfm_alg_digestsize(mdev->cram_hmac_tfm);
+#else
+ resp_size = crypto_hash_digestsize(mdev->cram_hmac_tfm);
+#endif
response = kmalloc(resp_size,GFP_KERNEL);
if(response == NULL) {
ERR("kmalloc of response failed\n");
@@ -2962,8 +2970,22 @@ STATIC int drbd_do_auth(drbd_dev *mdev)
sg.page = virt_to_page(peers_ch);
sg.offset = offset_in_page(peers_ch);
sg.length = p.length;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
crypto_hmac(mdev->cram_hmac_tfm, (u8*)mdev->net_conf->shared_secret,
&key_len, &sg, 1, response);
+#else
+ {
+ struct hash_desc desc;
+ int ret;
+ desc.tfm=mdev->cram_hmac_tfm;
+ desc.flags=0;
+ ret=crypto_hash_setkey(mdev->cram_hmac_tfm,
+ (u8*)mdev->net_conf->shared_secret, key_len);
+ if(ret) printk("crypto_has_setkey()@" __FILE__":%d failed ret=%d\n",__LINE__,ret);
+ ret=crypto_hash_digest(&desc, &sg, sg.length, response);
+ if(ret) printk("crypto_has_digest()@" __FILE__":%d failed ret=%d\n",__LINE__,ret);
+ }
+#endif
rv = drbd_send_cmd2(mdev,AuthResponse,response,resp_size);
if (!rv) goto fail;
@@ -3002,8 +3024,22 @@ STATIC int drbd_do_auth(drbd_dev *mdev)
sg.page = virt_to_page(my_challenge);
sg.offset = offset_in_page(my_challenge);
sg.length = CHALLENGE_LEN;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
crypto_hmac(mdev->cram_hmac_tfm, (u8*)mdev->net_conf->shared_secret,
&key_len, &sg, 1, right_response);
+#else
+ {
+ struct hash_desc desc;
+ int ret;
+ desc.tfm=mdev->cram_hmac_tfm;
+ desc.flags=0;
+ ret=crypto_hash_setkey(mdev->cram_hmac_tfm,
+ (u8*)mdev->net_conf->shared_secret, key_len);
+ if(ret) printk("crypto_has_setkey()@" __FILE__":%d failed ret=%d\n",__LINE__,ret);
+ ret=crypto_hash_digest(&desc, &sg, sg.length, right_response);
+ if(ret) printk("crypto_has_digest()@" __FILE__":%d failed ret=%d\n",__LINE__,ret);
+ }
+#endif
rv = ! memcmp(response,right_response,resp_size);
Index: drbd-latest/drbd/drbd_nl.c
===================================================================
--- drbd-latest/drbd/drbd_nl.c (revision 2678)
+++ drbd-latest/drbd/drbd_nl.c (working copy)
@@ -966,7 +966,11 @@ STATIC int drbd_nl_net_conf(drbd_dev *md
int i,ns;
enum ret_codes retcode;
struct net_conf *new_conf = NULL;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
struct crypto_tfm* tfm = NULL;
+#else
+ struct crypto_hash *tfm = NULL;
+#endif
struct hlist_head *new_tl_hash = NULL;
struct hlist_head *new_ee_hash = NULL;
drbd_dev *odev;
@@ -1047,13 +1051,17 @@ STATIC int drbd_nl_net_conf(drbd_dev *md
#undef O_PORT
if( new_conf->cram_hmac_alg[0] != 0) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
tfm = crypto_alloc_tfm(new_conf->cram_hmac_alg, 0);
+#else
+ tfm = crypto_alloc_hash(new_conf->cram_hmac_alg, 0, CRYPTO_ALG_ASYNC);
+#endif
if (tfm == NULL) {
retcode=CRAMAlgNotAvail;
goto fail;
}
- if (crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_DIGEST) {
+ if (crypto_tfm_alg_type(crypto_hash_tfm(tfm)) != CRYPTO_ALG_TYPE_DIGEST) {
retcode=CRAMAlgNotDigest;
goto fail;
}
@@ -1126,7 +1134,11 @@ FIXME LGE
}
if ( mdev->cram_hmac_tfm ) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
crypto_free_tfm(mdev->cram_hmac_tfm);
+#else
+ crypto_free_hash(mdev->cram_hmac_tfm);
+#endif
}
mdev->cram_hmac_tfm = tfm;
@@ -1136,7 +1148,11 @@ FIXME LGE
return 0;
fail:
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
if (tfm) crypto_free_tfm(tfm);
+#else
+ if (tfm) crypto_free_hash(tfm);
+#endif
if (new_tl_hash) kfree(new_tl_hash);
if (new_ee_hash) kfree(new_ee_hash);
if (new_conf) kfree(new_conf);
Index: drbd-latest/drbd/drbd_main.c
===================================================================
--- drbd-latest/drbd/drbd_main.c (revision 2678)
+++ drbd-latest/drbd/drbd_main.c (working copy)
@@ -2490,7 +2490,11 @@ void drbd_free_sock(drbd_dev *mdev)
void drbd_free_resources(drbd_dev *mdev)
{
if ( mdev->cram_hmac_tfm ) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
crypto_free_tfm(mdev->cram_hmac_tfm);
+#else
+ crypto_free_hash(mdev->cram_hmac_tfm);
+#endif
mdev->cram_hmac_tfm = NULL;
}
drbd_free_sock(mdev);
Index: drbd-latest/drbd/drbd_int.h
===================================================================
--- drbd-latest/drbd/drbd_int.h (revision 2678)
+++ drbd-latest/drbd/drbd_int.h (working copy)
@@ -851,7 +851,11 @@ struct Drbd_Conf {
unsigned int al_tr_number;
int al_tr_cycle;
int al_tr_pos; // position of the next transaction in the journal
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
struct crypto_tfm* cram_hmac_tfm;
+#else
+ struct crypto_hash* cram_hmac_tfm;
+#endif
wait_queue_head_t seq_wait;
atomic_t packet_seq;
unsigned int peer_seq;
next reply other threads:[~2007-01-10 12:31 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-10 12:31 Ard van Breemen [this message]
2007-01-10 13:48 ` [Drbd-dev] drbd 2.6.19 crypto changes Lars Ellenberg
2007-01-10 16:09 ` Ard van Breemen
2007-01-10 19:33 ` Ard van Breemen
2007-01-10 16:23 ` Philipp Reisner
2007-01-10 20:17 ` Ard van Breemen
2007-01-11 14:38 ` Ard van Breemen
2007-01-11 17:12 ` Ard van Breemen
2007-01-11 18:03 ` [Drbd-dev] oopses in 2.6.19.1 Ard van Breemen
2007-01-12 13:53 ` Philipp Reisner
2007-01-15 17:06 ` Philipp Reisner
2007-01-16 10:37 ` Ard van Breemen
2007-01-25 17:45 ` Ard van Breemen
2007-01-25 21:32 ` Lars Ellenberg
2007-01-25 22:26 ` Lars Ellenberg
2007-01-28 10:59 ` Ard van Breemen
2007-01-28 11:38 ` Ard van Breemen
[not found] ` <20070126142857.GE9639@kwaak.net>
2007-01-26 14:34 ` Ard van Breemen
2007-02-11 21:55 ` Ard van Breemen
2007-01-12 13:50 ` [Drbd-dev] drbd 2.6.19 crypto changes Philipp Reisner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070110123116.GX15730@kwaak.net \
--to=ard@kwaak.net \
--cc=drbd-dev@lists.linbit.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.