[Drbd-dev] drbd 2.6.19 crypto changes

Ard van Breemen ard at kwaak.net
Wed Jan 10 13:31:16 CET 2007


This is a preliminary patch as in: as far as I can see it
*should* work.
Biggest change in the crypto api is that calls are more
encapsulated.
Instead of a hmac, we talk about hash only. We allocate and free
hash structures, independent what kind of hash.
To calculate the digest there are now 2 calls necessary: a call
to setkey (if you want to use a key), and a call to generate the
digest itself.
This patch tries to keep the changes contained at a single point.
This means we set the hash_key 2 times instead of being clever
and setting it once in a more central point, and use that later
on a few times.
Anyway: it compiles without warning, it loads, what more do we
want.

Index: drbd-latest/drbd/drbd_receiver.c
===================================================================
--- drbd-latest/drbd/drbd_receiver.c	(revision 2678)
+++ drbd-latest/drbd/drbd_receiver.c	(working copy)
@@ -2754,7 +2754,11 @@ STATIC void drbd_disconnect(drbd_dev *md
 			mdev->tl_hash_s = 0;
 		}
 		if(mdev->cram_hmac_tfm) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 			crypto_free_tfm(mdev->cram_hmac_tfm);
+#else
+			crypto_free_hash(mdev->cram_hmac_tfm);
+#endif
 			mdev->cram_hmac_tfm = NULL;
 		}
 		kfree(mdev->net_conf);
@@ -2951,7 +2955,11 @@ STATIC int drbd_do_auth(drbd_dev *mdev)
 		goto fail;
 	}
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 	resp_size = crypto_tfm_alg_digestsize(mdev->cram_hmac_tfm);
+#else
+	resp_size = crypto_hash_digestsize(mdev->cram_hmac_tfm);
+#endif
 	response = kmalloc(resp_size,GFP_KERNEL);
 	if(response == NULL) {
 		ERR("kmalloc of response failed\n");
@@ -2962,8 +2970,22 @@ STATIC int drbd_do_auth(drbd_dev *mdev)
 	sg.page   = virt_to_page(peers_ch);
 	sg.offset = offset_in_page(peers_ch);
 	sg.length = p.length;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 	crypto_hmac(mdev->cram_hmac_tfm, (u8*)mdev->net_conf->shared_secret,
 		    &key_len, &sg, 1, response);
+#else
+	{
+		struct hash_desc desc;
+		int ret;
+		desc.tfm=mdev->cram_hmac_tfm;
+		desc.flags=0;
+		ret=crypto_hash_setkey(mdev->cram_hmac_tfm,
+			(u8*)mdev->net_conf->shared_secret, key_len);
+		if(ret) printk("crypto_has_setkey()@" __FILE__":%d failed ret=%d\n",__LINE__,ret);
+		ret=crypto_hash_digest(&desc, &sg, sg.length, response);
+		if(ret) printk("crypto_has_digest()@" __FILE__":%d failed ret=%d\n",__LINE__,ret);
+	}
+#endif
 
 	rv = drbd_send_cmd2(mdev,AuthResponse,response,resp_size);
 	if (!rv) goto fail;
@@ -3002,8 +3024,22 @@ STATIC int drbd_do_auth(drbd_dev *mdev)
 	sg.page   = virt_to_page(my_challenge);
 	sg.offset = offset_in_page(my_challenge);
 	sg.length = CHALLENGE_LEN;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 	crypto_hmac(mdev->cram_hmac_tfm, (u8*)mdev->net_conf->shared_secret,
 		    &key_len, &sg, 1, right_response);
+#else
+	{
+		struct hash_desc desc;
+		int ret;
+		desc.tfm=mdev->cram_hmac_tfm;
+		desc.flags=0;
+		ret=crypto_hash_setkey(mdev->cram_hmac_tfm,
+			(u8*)mdev->net_conf->shared_secret, key_len);
+		if(ret) printk("crypto_has_setkey()@" __FILE__":%d failed ret=%d\n",__LINE__,ret);
+		ret=crypto_hash_digest(&desc, &sg, sg.length, right_response);
+		if(ret) printk("crypto_has_digest()@" __FILE__":%d failed ret=%d\n",__LINE__,ret);
+	}
+#endif
 
 	rv = ! memcmp(response,right_response,resp_size);
 
Index: drbd-latest/drbd/drbd_nl.c
===================================================================
--- drbd-latest/drbd/drbd_nl.c	(revision 2678)
+++ drbd-latest/drbd/drbd_nl.c	(working copy)
@@ -966,7 +966,11 @@ STATIC int drbd_nl_net_conf(drbd_dev *md
 	int i,ns;
 	enum ret_codes retcode;
 	struct net_conf *new_conf = NULL;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 	struct crypto_tfm* tfm = NULL;
+#else
+	struct crypto_hash *tfm = NULL;
+#endif
 	struct hlist_head *new_tl_hash = NULL;
 	struct hlist_head *new_ee_hash = NULL;
 	drbd_dev *odev;
@@ -1047,13 +1051,17 @@ STATIC int drbd_nl_net_conf(drbd_dev *md
 #undef O_PORT
 
 	if( new_conf->cram_hmac_alg[0] != 0) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 		tfm = crypto_alloc_tfm(new_conf->cram_hmac_alg, 0);
+#else
+		tfm = crypto_alloc_hash(new_conf->cram_hmac_alg, 0, CRYPTO_ALG_ASYNC);
+#endif
 		if (tfm == NULL) {
 			retcode=CRAMAlgNotAvail;
 			goto fail;
 		}
 
-		if (crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_DIGEST) {
+		if (crypto_tfm_alg_type(crypto_hash_tfm(tfm)) != CRYPTO_ALG_TYPE_DIGEST) {
 			retcode=CRAMAlgNotDigest;
 			goto fail;
 		}
@@ -1126,7 +1134,11 @@ FIXME LGE
 	}
 
 	if ( mdev->cram_hmac_tfm ) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 		crypto_free_tfm(mdev->cram_hmac_tfm);
+#else
+		crypto_free_hash(mdev->cram_hmac_tfm);
+#endif
 	}
 	mdev->cram_hmac_tfm = tfm;
 
@@ -1136,7 +1148,11 @@ FIXME LGE
 	return 0;
 
   fail:
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 	if (tfm) crypto_free_tfm(tfm);
+#else
+	if (tfm) crypto_free_hash(tfm);
+#endif
 	if (new_tl_hash) kfree(new_tl_hash);
 	if (new_ee_hash) kfree(new_ee_hash);
 	if (new_conf) kfree(new_conf);
Index: drbd-latest/drbd/drbd_main.c
===================================================================
--- drbd-latest/drbd/drbd_main.c	(revision 2678)
+++ drbd-latest/drbd/drbd_main.c	(working copy)
@@ -2490,7 +2490,11 @@ void drbd_free_sock(drbd_dev *mdev)
 void drbd_free_resources(drbd_dev *mdev)
 {
 	if ( mdev->cram_hmac_tfm ) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 		crypto_free_tfm(mdev->cram_hmac_tfm);
+#else
+		crypto_free_hash(mdev->cram_hmac_tfm);
+#endif
 		mdev->cram_hmac_tfm = NULL;
 	}
 	drbd_free_sock(mdev);
Index: drbd-latest/drbd/drbd_int.h
===================================================================
--- drbd-latest/drbd/drbd_int.h	(revision 2678)
+++ drbd-latest/drbd/drbd_int.h	(working copy)
@@ -851,7 +851,11 @@ struct Drbd_Conf {
 	unsigned int al_tr_number;
 	int al_tr_cycle;
 	int al_tr_pos;     // position of the next transaction in the journal
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 	struct crypto_tfm* cram_hmac_tfm;
+#else
+	struct crypto_hash* cram_hmac_tfm;
+#endif
 	wait_queue_head_t seq_wait;
 	atomic_t packet_seq;
 	unsigned int peer_seq;


More information about the drbd-dev mailing list