From: shngmao@gmail.com
To: linux-btrfs@vger.kernel.org
Cc: Sheng Mao <shngmao@gmail.com>
Subject: [PATCH 2/3] btrfs-progs: add build support for ktls feature
Date: Thu, 24 Dec 2020 21:50:36 -0700 [thread overview]
Message-ID: <20201225045037.185537-2-shngmao@gmail.com> (raw)
In-Reply-To: <20201225045037.185537-1-shngmao@gmail.com>
From: Sheng Mao <shngmao@gmail.com>
Enable building ktls by default. Require GnuTLS 3.4.0
for handshake process.
Issue: #326
Signed-off-by: Sheng Mao <shngmao@gmail.com>
---
INSTALL | 5 +++++
Makefile | 6 ++++++
Makefile.inc.in | 6 ++++--
configure.ac | 15 +++++++++++++++
4 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/INSTALL b/INSTALL
index 470ceebd..ae244616 100644
--- a/INSTALL
+++ b/INSTALL
@@ -22,6 +22,11 @@ dependencies are not desired.
- libsodium
- libkcapi
+GnuTLS 3.4.0 is needed to enable kernel TLS in btrfs send/receive. OpenSSL
+does not have a similar feature like gnutls_record_get_state (issue #8844).
+GnuTLS handles TLS 1.2/1.3 handshake and passes encryption parameters to
+kernel TLS.
+
Generating documentation:
- asciidoc - text document format tool
diff --git a/Makefile b/Makefile
index 381b630d..2a3212a5 100644
--- a/Makefile
+++ b/Makefile
@@ -96,6 +96,7 @@ CFLAGS = $(SUBST_CFLAGS) \
-I$(TOPDIR) \
-I$(TOPDIR)/libbtrfsutil \
$(CRYPTO_CFLAGS) \
+ $(KTLS_SEND_RECV_FLAGS) \
$(DISABLE_WARNING_FLAGS) \
$(ENABLE_WARNING_FLAGS) \
$(EXTRAWARN_CFLAGS) \
@@ -159,6 +160,11 @@ cmds_objects = cmds/subvolume.o cmds/filesystem.o cmds/device.o cmds/scrub.o \
cmds/property.o cmds/filesystem-usage.o cmds/inspect-dump-tree.o \
cmds/inspect-dump-super.o cmds/inspect-tree-stats.o cmds/filesystem-du.o \
mkfs/common.o check/mode-common.o check/mode-lowmem.o
+
+ifeq ($(KTLS_SEND_RECV),1)
+cmds_objects += common/ktls.o
+endif
+
libbtrfs_objects = common/send-stream.o common/send-utils.o kernel-lib/rbtree.o btrfs-list.o \
kernel-lib/radix-tree.o common/extent-cache.o kernel-shared/extent_io.o \
crypto/crc32c.o common/messages.o \
diff --git a/Makefile.inc.in b/Makefile.inc.in
index 9f493371..aede2edd 100644
--- a/Makefile.inc.in
+++ b/Makefile.inc.in
@@ -18,6 +18,8 @@ BUILD_STATIC_LIBRARIES = @BUILD_STATIC_LIBRARIES@
BTRFSCONVERT_EXT2 = @BTRFSCONVERT_EXT2@
BTRFSCONVERT_REISERFS = @BTRFSCONVERT_REISERFS@
BTRFSRESTORE_ZSTD = @BTRFSRESTORE_ZSTD@
+KTLS_SEND_RECV = @KTLS_SEND_RECV@
+KTLS_SEND_RECV_FLAGS = -DKTLS_SEND_RECV=@KTLS_SEND_RECV@
PYTHON_BINDINGS = @PYTHON_BINDINGS@
PYTHON = @PYTHON@
PYTHON_CFLAGS = @PYTHON_CFLAGS@
@@ -28,11 +30,11 @@ SUBST_CFLAGS = @CFLAGS@
SUBST_LDFLAGS = @LDFLAGS@
LIBS_BASE = @UUID_LIBS@ @BLKID_LIBS@ -L. -pthread
-LIBS_COMP = @ZLIB_LIBS@ @LZO2_LIBS@ @ZSTD_LIBS@
+LIBS_COMP = @ZLIB_LIBS@ @LZO2_LIBS@ @ZSTD_LIBS@ @KTLS_LIBS@
LIBS_PYTHON = @PYTHON_LIBS@
LIBS_CRYPTO = @GCRYPT_LIBS@ @SODIUM_LIBS@ @KCAPI_LIBS@
STATIC_LIBS_BASE = @UUID_LIBS_STATIC@ @BLKID_LIBS_STATIC@ -L. -pthread
-STATIC_LIBS_COMP = @ZLIB_LIBS_STATIC@ @LZO2_LIBS_STATIC@ @ZSTD_LIBS_STATIC@
+STATIC_LIBS_COMP = @ZLIB_LIBS_STATIC@ @LZO2_LIBS_STATIC@ @ZSTD_LIBS_STATIC@ @KTLS_LIBS_STATIC@
prefix ?= @prefix@
exec_prefix = @exec_prefix@
diff --git a/configure.ac b/configure.ac
index dd4adedf..f87b24ae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -278,6 +278,21 @@ fi
AS_IF([test "x$enable_zstd" = xyes], [BTRFSRESTORE_ZSTD=1], [BTRFSRESTORE_ZSTD=0])
AC_SUBST(BTRFSRESTORE_ZSTD)
+dnl Use GnuTLS to handle TLS handshake. OpenSSL cannot provide record state
+dnl to caller and thus cannot handle handshake
+AC_ARG_ENABLE([ktls],
+ AS_HELP_STRING([--disable-ktls], [build without ktls support]),
+ [], [enable_ktls=yes]
+)
+
+if test "x$enable_ktls" = xyes; then
+ PKG_CHECK_MODULES(KTLS, [gnutls >= 3.4.0])
+ PKG_STATIC(KTLS_LIBS_STATIC, [gnutls])
+fi
+
+AS_IF([test "x$enable_ktls" = xyes], [KTLS_SEND_RECV=1], [KTLS_SEND_RECV=0])
+AC_SUBST(KTLS_SEND_RECV)
+
AC_ARG_ENABLE([python],
AS_HELP_STRING([--disable-python], [do not build libbtrfsutil Python bindings]),
[], [enable_python=$enable_shared]
--
2.29.2
next prev parent reply other threads:[~2020-12-25 4:53 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-25 4:50 [PATCH 1/3] btrfs-progs: add Kernel TLS to btrfs send/receive shngmao
2020-12-25 4:50 ` shngmao [this message]
2020-12-25 4:50 ` [PATCH 3/3] btrfs-progs: add TLS arguments to send/receive shngmao
2020-12-31 11:16 ` Wang Yugui
2020-12-31 18:33 ` Sheng Mao
2021-01-01 5:53 ` Wang Yugui
2021-01-02 3:49 ` [PATCH v2 1/3] btrfs-progs: add Kernel TLS to btrfs send/receive shngmao
2021-01-02 3:49 ` [PATCH v2 2/3] btrfs-progs: add build support for ktls feature shngmao
2021-01-02 3:49 ` [PATCH v2 3/3] btrfs-progs: add TLS arguments to send/receive shngmao
2021-01-02 10:45 ` [PATCH v2 1/3] btrfs-progs: add Kernel TLS to btrfs send/receive Wang Yugui
2021-01-02 15:47 ` Sheng Mao
2021-01-03 4:45 ` Wang Yugui
2021-01-03 5:57 ` Sheng Mao
2021-01-03 11:19 ` Wang Yugui
2021-01-04 3:52 ` Sheng Mao
2021-01-04 4:59 ` Wang Yugui
2021-01-04 6:25 ` Sheng Mao
2021-01-07 3:06 ` Sheng Mao
2021-01-02 4:08 ` [PATCH 3/3] btrfs-progs: add TLS arguments to send/receive Sheng Mao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201225045037.185537-2-shngmao@gmail.com \
--to=shngmao@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox