[v2,2/3] btrfs-progs: add build support for ktls feature

Message ID	20210102034957.2825531-2-shngmao@gmail.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-btrfs-owner@kernel.org> Sender: Sheng Mao <ks8xntk9mds5i@gmail.com> From: shngmao@gmail.com To: wangyugui@e16-tech.com Cc: linux-btrfs@vger.kernel.org, Sheng Mao <shngmao@gmail.com> Subject: [PATCH v2 2/3] btrfs-progs: add build support for ktls feature Date: Fri, 1 Jan 2021 20:49:56 -0700 Message-Id: <20210102034957.2825531-2-shngmao@gmail.com> In-Reply-To: <20210102034957.2825531-1-shngmao@gmail.com> References: <20210101135350.AD49.409509F4@e16-tech.com> <20210102034957.2825531-1-shngmao@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[v2,1/3] btrfs-progs: add Kernel TLS to btrfs send/receive \| expand [v2,1/3] btrfs-progs: add Kernel TLS to btrfs send/receive [v2,2/3] btrfs-progs: add build support for ktls feature [v2,3/3] btrfs-progs: add TLS arguments to send/receive

Message ID

20210102034957.2825531-2-shngmao@gmail.com (mailing list archive)

State

New, archived

Headers

Sender: Sheng Mao <ks8xntk9mds5i@gmail.com>
From: shngmao@gmail.com
To: wangyugui@e16-tech.com
Cc: linux-btrfs@vger.kernel.org, Sheng Mao <shngmao@gmail.com>
Subject: [PATCH v2 2/3] btrfs-progs: add build support for ktls feature
Date: Fri,  1 Jan 2021 20:49:56 -0700
Message-Id: <20210102034957.2825531-2-shngmao@gmail.com>
In-Reply-To: <20210102034957.2825531-1-shngmao@gmail.com>
References: <20210101135350.AD49.409509F4@e16-tech.com>
 <20210102034957.2825531-1-shngmao@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[v2,1/3] btrfs-progs: add Kernel TLS to btrfs send/receive | expand

Commit Message

Sheng Mao Jan. 2, 2021, 3:49 a.m. UTC

From: Sheng Mao <shngmao@gmail.com>

Enable building ktls by default. Require GnuTLS 3.4.0
for handshake process.

Issue: #326
Signed-off-by: Sheng Mao <shngmao@gmail.com>
---
 INSTALL         |  5 +++++
 Makefile        |  6 ++++++
 Makefile.inc.in |  6 ++++--
 configure.ac    | 15 +++++++++++++++
 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/INSTALL b/INSTALL
index 470ceebd..ae244616 100644
--- a/INSTALL
+++ b/INSTALL
@@ -22,6 +22,11 @@  dependencies are not desired.
 - libsodium
 - libkcapi
 
+GnuTLS 3.4.0 is needed to enable kernel TLS in btrfs send/receive. OpenSSL
+does not have a similar feature like gnutls_record_get_state (issue #8844).
+GnuTLS handles TLS 1.2/1.3 handshake and passes encryption parameters to
+kernel TLS.
+
 Generating documentation:
 
 - asciidoc - text document format tool
diff --git a/Makefile b/Makefile
index 381b630d..2a3212a5 100644
--- a/Makefile
+++ b/Makefile
@@ -96,6 +96,7 @@  CFLAGS = $(SUBST_CFLAGS) \
 	 -I$(TOPDIR) \
 	 -I$(TOPDIR)/libbtrfsutil \
 	 $(CRYPTO_CFLAGS) \
+	 $(KTLS_SEND_RECV_FLAGS) \
 	 $(DISABLE_WARNING_FLAGS) \
 	 $(ENABLE_WARNING_FLAGS) \
 	 $(EXTRAWARN_CFLAGS) \
@@ -159,6 +160,11 @@  cmds_objects = cmds/subvolume.o cmds/filesystem.o cmds/device.o cmds/scrub.o \
 	       cmds/property.o cmds/filesystem-usage.o cmds/inspect-dump-tree.o \
 	       cmds/inspect-dump-super.o cmds/inspect-tree-stats.o cmds/filesystem-du.o \
 	       mkfs/common.o check/mode-common.o check/mode-lowmem.o
+
+ifeq ($(KTLS_SEND_RECV),1)
+cmds_objects += common/ktls.o
+endif
+
 libbtrfs_objects = common/send-stream.o common/send-utils.o kernel-lib/rbtree.o btrfs-list.o \
 		   kernel-lib/radix-tree.o common/extent-cache.o kernel-shared/extent_io.o \
 		   crypto/crc32c.o common/messages.o \
diff --git a/Makefile.inc.in b/Makefile.inc.in
index 9f493371..aede2edd 100644
--- a/Makefile.inc.in
+++ b/Makefile.inc.in
@@ -18,6 +18,8 @@  BUILD_STATIC_LIBRARIES = @BUILD_STATIC_LIBRARIES@
 BTRFSCONVERT_EXT2 = @BTRFSCONVERT_EXT2@
 BTRFSCONVERT_REISERFS = @BTRFSCONVERT_REISERFS@
 BTRFSRESTORE_ZSTD = @BTRFSRESTORE_ZSTD@
+KTLS_SEND_RECV = @KTLS_SEND_RECV@
+KTLS_SEND_RECV_FLAGS = -DKTLS_SEND_RECV=@KTLS_SEND_RECV@
 PYTHON_BINDINGS = @PYTHON_BINDINGS@
 PYTHON = @PYTHON@
 PYTHON_CFLAGS = @PYTHON_CFLAGS@
@@ -28,11 +30,11 @@  SUBST_CFLAGS = @CFLAGS@
 SUBST_LDFLAGS = @LDFLAGS@
 
 LIBS_BASE = @UUID_LIBS@ @BLKID_LIBS@ -L. -pthread
-LIBS_COMP = @ZLIB_LIBS@ @LZO2_LIBS@ @ZSTD_LIBS@
+LIBS_COMP = @ZLIB_LIBS@ @LZO2_LIBS@ @ZSTD_LIBS@ @KTLS_LIBS@
 LIBS_PYTHON = @PYTHON_LIBS@
 LIBS_CRYPTO = @GCRYPT_LIBS@ @SODIUM_LIBS@ @KCAPI_LIBS@
 STATIC_LIBS_BASE = @UUID_LIBS_STATIC@ @BLKID_LIBS_STATIC@ -L. -pthread
-STATIC_LIBS_COMP = @ZLIB_LIBS_STATIC@ @LZO2_LIBS_STATIC@ @ZSTD_LIBS_STATIC@
+STATIC_LIBS_COMP = @ZLIB_LIBS_STATIC@ @LZO2_LIBS_STATIC@ @ZSTD_LIBS_STATIC@ @KTLS_LIBS_STATIC@
 
 prefix ?= @prefix@
 exec_prefix = @exec_prefix@
diff --git a/configure.ac b/configure.ac
index dd4adedf..f87b24ae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -278,6 +278,21 @@  fi
 AS_IF([test "x$enable_zstd" = xyes], [BTRFSRESTORE_ZSTD=1], [BTRFSRESTORE_ZSTD=0])
 AC_SUBST(BTRFSRESTORE_ZSTD)
 
+dnl Use GnuTLS to handle TLS handshake. OpenSSL cannot provide record state
+dnl to caller and thus cannot handle handshake
+AC_ARG_ENABLE([ktls],
+	AS_HELP_STRING([--disable-ktls], [build without ktls support]),
+	[], [enable_ktls=yes]
+)
+
+if test "x$enable_ktls" = xyes; then
+	PKG_CHECK_MODULES(KTLS, [gnutls >= 3.4.0])
+	PKG_STATIC(KTLS_LIBS_STATIC, [gnutls])
+fi
+
+AS_IF([test "x$enable_ktls" = xyes], [KTLS_SEND_RECV=1], [KTLS_SEND_RECV=0])
+AC_SUBST(KTLS_SEND_RECV)
+
 AC_ARG_ENABLE([python],
 	AS_HELP_STRING([--disable-python], [do not build libbtrfsutil Python bindings]),
 	[], [enable_python=$enable_shared]

[v2,2/3] btrfs-progs: add build support for ktls feature

Commit Message

Patch