/zfs

Permalink
Browse files

Illumos Crypto Port module added to enable native encryption in zfs 

A port of the Illumos Crypto Framework to a Linux kernel module (found
in module/icp). This is needed to do the actual encryption work. We cannot
use the Linux kernel's built in crypto api because it is only exported to
GPL-licensed modules. Having the ICP also means the crypto code can run on
any of the other kernels under OpenZFS. I ended up porting over most of the
internals of the framework, which means that porting over other API calls (if
we need them) should be fairly easy. Specifically, I have ported over the API
functions related to encryption, digests, macs, and crypto templates. The ICP
is able to use assembly-accelerated encryption on amd64 machines and AES-NI
instructions on Intel chips that support it. There are place-holder
directories for similar assembly optimizations for other architectures
(although they have not been written).

Signed-off-by: Tom Caputi <tcaputi@datto.com>
Signed-off-by: Tony Hutter <hutter2@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Issue #4329
  • Loading branch information...
@tcaputi @behlendorf
tcaputi authored and behlendorf committed May 12, 2016
1 parent be88e73 commit 0b04990a5de594659d2cf20458965277dd6efeb1
Unified Split
Showing with 35,834 additions and 80 deletions.
  1. +1 −0 .gitignore
  2. +22 −0 config/always-arch.m4
  3. +0 −19 config/user-arch.m4
  4. +0 −1 config/user.m4
  5. +1 −3 config/zfs-build.m4
  6. +4 −1 configure.ac
  7. +0 −19 copy-builtin
  8. +1 −1 include/sys/Makefile.am
  9. +20 −0 include/sys/crypto/Makefile.am
  10. +425 −0 include/sys/crypto/api.h
  11. +583 −0 include/sys/crypto/common.h
  12. +41 −0 include/sys/crypto/icp.h
  13. +27 −1 include/sys/zfs_context.h
  14. +3 −3 lib/Makefile.am
  15. +78 −0 lib/libicp/Makefile.am
  16. +22 −0 lib/libspl/include/sys/byteorder.h
  17. +1 −1 lib/libspl/include/sys/file.h
  18. +1 −0 lib/libspl/include/sys/types.h
  19. +2 −1 lib/libzpool/Makefile.am
  20. +93 −7 lib/libzpool/kernel.c
  21. +0 −20 lib/libzpool/taskq.c
  22. +8 −2 module/Makefile.in
  23. +82 −0 module/icp/Makefile.in
  24. +1,618 −0 module/icp/algs/aes/aes_impl.c
  25. +135 −0 module/icp/algs/aes/aes_modes.c
  26. +305 −0 module/icp/algs/modes/cbc.c
  27. +920 −0 module/icp/algs/modes/ccm.c
  28. +238 −0 module/icp/algs/modes/ctr.c
  29. +143 −0 module/icp/algs/modes/ecb.c
  30. +748 −0 module/icp/algs/modes/gcm.c
  31. +159 −0 module/icp/algs/modes/modes.c
  32. +663 −0 module/icp/algs/sha1/sha1.c
  33. +495 −0 module/icp/algs/sha2/sha2.c
  34. +935 −0 module/icp/api/kcf_cipher.c
  35. +151 −0 module/icp/api/kcf_ctxops.c
  36. +494 −0 module/icp/api/kcf_digest.c
  37. +648 −0 module/icp/api/kcf_mac.c
  38. +127 −0 module/icp/api/kcf_miscapi.c
  39. +23 −0 module/icp/asm-x86_64/aes/THIRDPARTYLICENSE.gladman
  40. +1 −0 module/icp/asm-x86_64/aes/THIRDPARTYLICENSE.gladman.descrip
  41. +127 −0 module/icp/asm-x86_64/aes/THIRDPARTYLICENSE.openssl
  42. +1 −0 module/icp/asm-x86_64/aes/THIRDPARTYLICENSE.openssl.descrip
  43. +900 −0 module/icp/asm-x86_64/aes/aes_amd64.S
  44. +851 −0 module/icp/asm-x86_64/aes/aes_intel.S
  45. +580 −0 module/icp/asm-x86_64/aes/aeskey.c
  46. +770 −0 module/icp/asm-x86_64/aes/aesopt.h
  47. +165 −0 module/icp/asm-x86_64/aes/aestab.h
  48. +594 −0 module/icp/asm-x86_64/aes/aestab2.h
  49. +334 −0 module/icp/asm-x86_64/modes/gcm_intel.S
  50. +1,346 −0 module/icp/asm-x86_64/sha1/sha1-x86_64.S
  51. +2,060 −0 module/icp/asm-x86_64/sha2/sha256_impl.S
  52. +1,567 −0 module/icp/core/kcf_callprov.c
  53. +775 −0 module/icp/core/kcf_mech_tabs.c
  54. +229 −0 module/icp/core/kcf_prov_lib.c
  55. +638 −0 module/icp/core/kcf_prov_tabs.c
  56. +1,763 −0 module/icp/core/kcf_sched.c
  57. +152 −0 module/icp/illumos-crypto.c
  58. +170 −0 module/icp/include/aes/aes_impl.h
  59. +385 −0 module/icp/include/modes/modes.h
  60. +61 −0 module/icp/include/sha1/sha1.h
  61. +65 −0 module/icp/include/sha1/sha1_consts.h
  62. +73 −0 module/icp/include/sha1/sha1_impl.h
  63. +116 −0 module/icp/include/sha2/sha2.h
  64. +219 −0 module/icp/include/sha2/sha2_consts.h
  65. +62 −0 module/icp/include/sha2/sha2_impl.h
  66. +36 −0 module/icp/include/sys/asm_linkage.h
  67. +183 −0 module/icp/include/sys/bitmap.h
  68. +137 −0 module/icp/include/sys/crypto/elfsign.h
  69. +1,370 −0 module/icp/include/sys/crypto/impl.h
  70. +1,483 −0 module/icp/include/sys/crypto/ioctl.h
  71. +136 −0 module/icp/include/sys/crypto/ioctladmin.h
  72. +630 −0 module/icp/include/sys/crypto/ops_impl.h
  73. +531 −0 module/icp/include/sys/crypto/sched_impl.h
  74. +721 −0 module/icp/include/sys/crypto/spi.h
  75. +307 −0 module/icp/include/sys/ia32/asm_linkage.h
  76. +160 −0 module/icp/include/sys/ia32/stack.h
  77. +107 −0 module/icp/include/sys/ia32/trap.h
  78. +477 −0 module/icp/include/sys/modctl.h
  79. +147 −0 module/icp/include/sys/modhash.h
  80. +108 −0 module/icp/include/sys/modhash_impl.h
  81. +36 −0 module/icp/include/sys/stack.h
  82. +36 −0 module/icp/include/sys/trap.h
  83. +1,437 −0 module/icp/io/aes.c
  84. +1,239 −0 module/icp/io/sha1_mod.c
  85. +1,307 −0 module/icp/io/sha2_mod.c
  86. +171 −0 module/icp/os/modconf.c
  87. +925 −0 module/icp/os/modhash.c
  88. +927 −0 module/icp/spi/kcf_spi.c
  89. +1 −1 scripts/common.sh.in
  90. +1 −0 zfs-script-config.sh.in
View
1 .gitignore
@@ -21,6 +21,7 @@
*.swp
.deps
.libs
.dirstamp
.DS_Store
modules.order
Makefile
View
22 config/always-arch.m4
@@ -0,0 +1,22 @@
dnl #
dnl # Set the target arch for libspl atomic implementation and the icp
dnl #
AC_DEFUN([ZFS_AC_CONFIG_ALWAYS_ARCH], [
AC_MSG_CHECKING(for target asm dir)
TARGET_ARCH=`echo ${target_cpu} | sed -e s/i.86/i386/`
case $TARGET_ARCH in
i386|x86_64)
TARGET_ASM_DIR=asm-${TARGET_ARCH}
;;
*)
TARGET_ASM_DIR=asm-generic
;;
esac
AC_SUBST([TARGET_ASM_DIR])
AM_CONDITIONAL([TARGET_ASM_X86_64], test $TARGET_ASM_DIR = asm-x86_64)
AM_CONDITIONAL([TARGET_ASM_I386], test $TARGET_ASM_DIR = asm-i386)
AM_CONDITIONAL([TARGET_ASM_GENERIC], test $TARGET_ASM_DIR = asm-generic)
AC_MSG_RESULT([$TARGET_ASM_DIR])
])
View
19 config/user-arch.m4

This file was deleted.

Oops, something went wrong.
View
1 config/user.m4
@@ -7,7 +7,6 @@ AC_DEFUN([ZFS_AC_CONFIG_USER], [
ZFS_AC_CONFIG_USER_SYSTEMD
ZFS_AC_CONFIG_USER_SYSVINIT
ZFS_AC_CONFIG_USER_DRACUT
ZFS_AC_CONFIG_USER_ARCH
ZFS_AC_CONFIG_USER_ZLIB
ZFS_AC_CONFIG_USER_LIBUUID
ZFS_AC_CONFIG_USER_LIBTIRPC
View
4 config/zfs-build.m4
@@ -64,12 +64,10 @@ AC_DEFUN([ZFS_AC_CONFIG_ALWAYS], [
ZFS_AC_CONFIG_ALWAYS_NO_UNUSED_BUT_SET_VARIABLE
ZFS_AC_CONFIG_ALWAYS_NO_BOOL_COMPARE
ZFS_AC_CONFIG_ALWAYS_TOOLCHAIN_SIMD
ZFS_AC_CONFIG_ALWAYS_ARCH
])
AC_DEFUN([ZFS_AC_CONFIG], [
TARGET_ASM_DIR=asm-generic
AC_SUBST(TARGET_ASM_DIR)
ZFS_CONFIG=all
AC_ARG_WITH([config],
AS_HELP_STRING([--with-config=CONFIG],
View
5 configure.ac
@@ -39,7 +39,7 @@ AC_CONFIG_MACRO_DIR([config])
AC_CANONICAL_SYSTEM
AM_MAINTAINER_MODE
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AM_INIT_AUTOMAKE
AM_INIT_AUTOMAKE([subdir-objects])
AC_CONFIG_HEADERS([zfs_config.h], [
(mv zfs_config.h zfs_config.h.tmp &&
awk -f ${ac_srcdir}/config/config.awk zfs_config.h.tmp >zfs_config.h &&
@@ -85,6 +85,7 @@ AC_CONFIG_FILES([
lib/libspl/include/util/Makefile
lib/libavl/Makefile
lib/libefi/Makefile
lib/libicp/Makefile
lib/libnvpair/Makefile
lib/libunicode/Makefile
lib/libuutil/Makefile
@@ -125,12 +126,14 @@ AC_CONFIG_FILES([
module/zcommon/Makefile
module/zfs/Makefile
module/zpios/Makefile
module/icp/Makefile
include/Makefile
include/linux/Makefile
include/sys/Makefile
include/sys/fs/Makefile
include/sys/fm/Makefile
include/sys/fm/fs/Makefile
include/sys/crypto/Makefile
scripts/Makefile
scripts/zpios-profile/Makefile
scripts/zpios-test/Makefile
View
19 copy-builtin
@@ -34,27 +34,8 @@ cp --recursive include "$KERNEL_DIR/include/zfs"
cp --recursive module "$KERNEL_DIR/fs/zfs"
cp zfs_config.h "$KERNEL_DIR/"
adjust_obj_paths()
{
local FILE="$1"
local LINE OBJPATH
while IFS='' read -r LINE
do
OBJPATH="${LINE#\$(MODULE)-objs += }"
if [ "$OBJPATH" = "$LINE" ]
then
echo "$LINE"
else
echo "\$(MODULE)-objs += ${OBJPATH##*/}"
fi
done < "$FILE" > "$FILE.new"
mv "$FILE.new" "$FILE"
}
for MODULE in "${MODULES[@]}"
do
adjust_obj_paths "$KERNEL_DIR/fs/zfs/$MODULE/Makefile"
sed -i.bak '/obj =/d' "$KERNEL_DIR/fs/zfs/$MODULE/Makefile"
sed -i.bak '/src =/d' "$KERNEL_DIR/fs/zfs/$MODULE/Makefile"
done
View
2 include/sys/Makefile.am
@@ -1,4 +1,4 @@
SUBDIRS = fm fs
SUBDIRS = fm fs crypto
COMMON_H = \
$(top_srcdir)/include/sys/arc.h \
View
20 include/sys/crypto/Makefile.am
@@ -0,0 +1,20 @@
COMMON_H = \
$(top_srcdir)/include/sys/crypto/api.h \
$(top_srcdir)/include/sys/crypto/common.h \
$(top_srcdir)/include/sys/crypto/icp.h
KERNEL_H =
USER_H =
EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H)
if CONFIG_USER
libzfsdir = $(includedir)/libzfs/sys/crypto
libzfs_HEADERS = $(COMMON_H) $(USER_H)
endif
if CONFIG_KERNEL
kerneldir = @prefix@/src/zfs-$(VERSION)/include/sys/crypto
kernel_HEADERS = $(COMMON_H) $(KERNEL_H)
endif
Oops, something went wrong.

0 comments on commit 0b04990

Please sign in to comment.