Re: [PATCH] totem: drop crypt_accept: concept/option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewed-by: Steven Dake <sdake@xxxxxxxxxx>

On 03/09/2012 05:54 AM, Fabio M. Di Nitto wrote:
> From: "Fabio M. Di Nitto" <fdinitto@xxxxxxxxxx>
> 
> this was another old onwire compat mode that is not useful anylonger.
> 
> we can safely move the new model by default.
> 
> According to Honza (real hardware 1 node testing) there are no
> performance impact.
> 
> My tests (8 nodes VM cluster), there is up to 10/12% performance
> improvements up to 1M packet size where old and new models are equal.
> 
> As a side note, nss still shows to be a performance loss on both
> real and virtual hw (without any kind of nss hw acceleration).
> 
> Signed-off-by: Fabio M. Di Nitto <fdinitto@xxxxxxxxxx>
> ---
>  SECURITY                            |   23 ++---------
>  conf/lenses/corosync.aug            |    1 -
>  conf/lenses/tests/test_corosync.aug |    2 -
>  cts/corotests.py                    |    1 -
>  exec/totemconfig.c                  |   13 +-----
>  exec/totemudp.c                     |   74 +++++++++++------------------------
>  exec/totemudpu.c                    |   74 +++++++++++------------------------
>  include/corosync/totem/totem.h      |    1 -
>  8 files changed, 52 insertions(+), 137 deletions(-)
> 
> diff --git a/SECURITY b/SECURITY
> index 340910e..09fb894 100644
> --- a/SECURITY
> +++ b/SECURITY
> @@ -155,33 +155,18 @@ When a message is received (decrypt_and_authenticate):
>  Compatibility
>  -------------
>  
> -The default mode of operation is to allow for wire-compatibility with existing
> -openais systems. That means that the internal encryption system is used
> -and all received packets are expected to use that system. This allows a rolling
> -upgrade from openais to corosync.
> -
> -Once all nodes in the cluster are running corosync they can be changed to allow
> -the newer libnss-based encryption by setting the
> -totem {
> -    crypto_accept: new
> -}
> -option in corosync.conf.
> -
> -This enables the new encryption system but does not switch it on. It simply
> -adds a byte to the end of the packets to indicate the encryption type.
> -
> -Once all nodes have been upgraded and 'crypto_accept: new' has been set,
> -the encryption type can be set using a single command:
> +The encryption type can be changed at runtime with a single command:
>  
>  # corosync-cfgtool -c1
>  
> +(0 for sober, 1 for nss)
> +
>  This will tell all cluster nodes to start using libnss encryption. Note that
> -it is possible to upgrade node individially by seetting the encryption type in
> +it is possible to upgrade node individially by setting the encryption type in
>  corosync.conf. The last byte of the packet indicates the decryption algorithm
>  that the receiver should use.
>  
>  Once all nodes are using libnss encryption, the option should be set in
>  in corosync.conf so that it takes effect at the next system reboot.
>  
> -
>  Comments welcome mailto:discuss@xxxxxxxxxxxx
> diff --git a/conf/lenses/corosync.aug b/conf/lenses/corosync.aug
> index 67abfb9..4a8317b 100644
> --- a/conf/lenses/corosync.aug
> +++ b/conf/lenses/corosync.aug
> @@ -51,7 +51,6 @@ let totem =
>      |kv "vsftype" /none|ykd/
>      |kv "secauth" /on|off/
>      |kv "crypto_type" /nss|sober/
> -    |kv "crypto_accept" /new|old/
>      |kv "transport" /udp|iba/
>      |kv "version" Rx.integer
>      |kv "nodeid" Rx.integer
> diff --git a/conf/lenses/tests/test_corosync.aug b/conf/lenses/tests/test_corosync.aug
> index 78c87cc..f67782f 100644
> --- a/conf/lenses/tests/test_corosync.aug
> +++ b/conf/lenses/tests/test_corosync.aug
> @@ -6,7 +6,6 @@ totem {
>  	version: 2
>  	secauth: off
>  	crypto_type: nss
> -	crypto_accept: new
>  	threads: 0
>  	clear_node_high_bit: no
>  	rrp_mode: none
> @@ -81,7 +80,6 @@ test Corosync.lns get conf =
>  	{ "version" = "2" }
>  	{ "secauth" = "off" }
>  	{ "crypto_type" = "nss" }
> -	{ "crypto_accept" = "new" }
>  	{ "threads" = "0" }
>      { "clear_node_high_bit" = "no" }
>      { "rrp_mode" = "none" }
> diff --git a/cts/corotests.py b/cts/corotests.py
> index e355ac2..f52ca3d 100644
> --- a/cts/corotests.py
> +++ b/cts/corotests.py
> @@ -1556,7 +1556,6 @@ def CoroTestList(cm, audits):
>  
>      c = ConfigContainer('pcmk_sec_nss')
>      c['totem/secauth'] = 'on'
> -    c['totem/crypto_accept'] = 'new'
>      c['totem/crypto_type'] = 'nss'
>      c['totem/token'] = 5000
>      c['totem/token_retransmits_before_loss_const'] = 10
> diff --git a/exec/totemconfig.c b/exec/totemconfig.c
> index 9434673..e53163f 100644
> --- a/exec/totemconfig.c
> +++ b/exec/totemconfig.c
> @@ -127,14 +127,6 @@ static void totem_get_crypto_type(struct totem_config *totem_config)
>  {
>  	char *str;
>  
> -	totem_config->crypto_accept = TOTEM_CRYPTO_ACCEPT_OLD;
> -	if (icmap_get_string("totem.crypto_accept", &str) == CS_OK) {
> -		if (strcmp(str, "new") == 0) {
> -			totem_config->crypto_accept = TOTEM_CRYPTO_ACCEPT_NEW;
> -		}
> -		free(str);
> -	}
> -
>  	totem_config->crypto_type = TOTEM_CRYPTO_SOBER;
>  
>  #ifdef HAVE_LIBNSS
> @@ -148,15 +140,14 @@ static void totem_get_crypto_type(struct totem_config *totem_config)
>  
>  	if (icmap_get_string("totem.crypto_type", &str) == CS_OK) {
>  		if (strcmp(str, "sober") == 0) {
> -			free(str);
> -			return;
> +			totem_config->crypto_type = TOTEM_CRYPTO_SOBER;
>  		}
>  #ifdef HAVE_LIBNSS
>  		if (strcmp(str, "nss") == 0) {
>  			totem_config->crypto_type = TOTEM_CRYPTO_NSS;
>  		}
> -		free(str);
>  #endif
> +		free(str);
>  	}
>  }
>  
> diff --git a/exec/totemudp.c b/exec/totemudp.c
> index a4649e5..0fe52aa 100644
> --- a/exec/totemudp.c
> +++ b/exec/totemudp.c
> @@ -789,12 +789,13 @@ static int encrypt_and_sign_worker (
>  	const struct iovec *iovec,
>  	unsigned int iov_len)
>  {
> -	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER ||
> -	    instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
> +	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER) {
>  		return encrypt_and_sign_sober(instance, buf, buf_len, iovec, iov_len);
> +	}
>  #ifdef HAVE_LIBNSS
> -	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS)
> +	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS) {
>  		return encrypt_and_sign_nss(instance, buf, buf_len, iovec, iov_len);
> +	}
>  #endif
>  	return -1;
>  }
> @@ -814,18 +815,15 @@ static int authenticate_and_decrypt (
>  	type = endbuf[iov[iov_len-1].iov_len-1];
>  	iov[iov_len-1].iov_len -= 1;
>  
> -	if (type == TOTEM_CRYPTO_SOBER)
> +	if (type == TOTEM_CRYPTO_SOBER) {
>  		res = authenticate_and_decrypt_sober(instance, iov, iov_len);
> +	}
>  
> -	/*
> -	 * Only try higher crypto options if NEW has been requested
> -	 */
> -	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
>  #ifdef HAVE_LIBNSS
> -		if (type == TOTEM_CRYPTO_NSS)
> +	if (type == TOTEM_CRYPTO_NSS) {
>  		    res = authenticate_and_decrypt_nss(instance, iov, iov_len);
> -#endif
>  	}
> +#endif
>  
>  	/*
>  	 * If it failed, then try decrypting the whole packet
> @@ -841,16 +839,7 @@ static int authenticate_and_decrypt (
>  static void init_crypto(
>  	struct totemudp_instance *instance)
>  {
> -	/*
> -	 * If we are expecting NEW crypto type then initialise all available
> -	 * crypto options. For OLD then we only need SOBER128.
> -	 */
> -
>  	init_sober_crypto(instance);
> -
> -	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
> -		return;
> -
>  #ifdef HAVE_LIBNSS
>  	init_nss_crypto(instance);
>  #endif
> @@ -864,27 +853,20 @@ int totemudp_crypto_set (
>  	int res = 0;
>  
>  	/*
> -	 * Can't set crypto type if OLD is selected
> +	 * Validate crypto algorithm
>  	 */
> -	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD) {
> -		res = -1;
> -	} else {
> -		/*
> -		 * Validate crypto algorithm
> -		 */
> -		switch (type) {
> -			case TOTEM_CRYPTO_SOBER:
> -				log_printf(instance->totemudp_log_level_security,
> -					"Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
> -				break;
> -			case TOTEM_CRYPTO_NSS:
> -				log_printf(instance->totemudp_log_level_security,
> -					"Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
> -				break;
> -			default:
> -				res = -1;
> -				break;
> -		}
> +	switch (type) {
> +		case TOTEM_CRYPTO_SOBER:
> +			log_printf(instance->totemudp_log_level_security,
> +				"Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
> +			break;
> +		case TOTEM_CRYPTO_NSS:
> +			log_printf(instance->totemudp_log_level_security,
> +				"Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
> +			break;
> +		default:
> +			res = -1;
> +			break;
>  	}
>  
>  	return (res);
> @@ -925,12 +907,7 @@ static inline void ucast_sendmsg (
>  			iovec_encrypt,
>  			2);
>  
> -		if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
> -			encrypt_data[buf_len++] = instance->totem_config->crypto_type;
> -		}
> -		else {
> -			encrypt_data[buf_len++] = 0;
> -		}
> +		encrypt_data[buf_len++] = instance->totem_config->crypto_type;
>  
>  		iovec_encrypt[0].iov_base = (void *)encrypt_data;
>  		iovec_encrypt[0].iov_len = buf_len;
> @@ -1008,12 +985,7 @@ static inline void mcast_sendmsg (
>  			iovec_encrypt,
>  			2);
>  
> -		if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
> -			encrypt_data[buf_len++] = instance->totem_config->crypto_type;
> -		}
> -		else {
> -			encrypt_data[buf_len++] = 0;
> -		}
> +		encrypt_data[buf_len++] = instance->totem_config->crypto_type;
>  
>  		iovec_encrypt[0].iov_base = (void *)encrypt_data;
>  		iovec_encrypt[0].iov_len = buf_len;
> diff --git a/exec/totemudpu.c b/exec/totemudpu.c
> index 37028fb..250921e 100644
> --- a/exec/totemudpu.c
> +++ b/exec/totemudpu.c
> @@ -771,12 +771,13 @@ static int encrypt_and_sign_worker (
>  	const struct iovec *iovec,
>  	unsigned int iov_len)
>  {
> -	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER ||
> -	    instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
> +	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER) {
>  		return encrypt_and_sign_sober(instance, buf, buf_len, iovec, iov_len);
> +	}
>  #ifdef HAVE_LIBNSS
> -	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS)
> +	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS) {
>  		return encrypt_and_sign_nss(instance, buf, buf_len, iovec, iov_len);
> +	}
>  #endif
>  	return -1;
>  }
> @@ -796,18 +797,15 @@ static int authenticate_and_decrypt (
>  	type = endbuf[iov[iov_len-1].iov_len-1];
>  	iov[iov_len-1].iov_len -= 1;
>  
> -	if (type == TOTEM_CRYPTO_SOBER)
> +	if (type == TOTEM_CRYPTO_SOBER) {
>  		res = authenticate_and_decrypt_sober(instance, iov, iov_len);
> +	}
>  
> -	/*
> -	 * Only try higher crypto options if NEW has been requested
> -	 */
> -	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
>  #ifdef HAVE_LIBNSS
> -		if (type == TOTEM_CRYPTO_NSS)
> +	if (type == TOTEM_CRYPTO_NSS) {
>  		    res = authenticate_and_decrypt_nss(instance, iov, iov_len);
> -#endif
>  	}
> +#endif
>  
>  	/*
>  	 * If it failed, then try decrypting the whole packet
> @@ -823,16 +821,7 @@ static int authenticate_and_decrypt (
>  static void init_crypto(
>  	struct totemudpu_instance *instance)
>  {
> -	/*
> -	 * If we are expecting NEW crypto type then initialise all available
> -	 * crypto options. For OLD then we only need SOBER128.
> -	 */
> -
>  	init_sober_crypto(instance);
> -
> -	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
> -		return;
> -
>  #ifdef HAVE_LIBNSS
>  	init_nss_crypto(instance);
>  #endif
> @@ -846,27 +835,20 @@ int totemudpu_crypto_set (
>  	int res = 0;
>  
>  	/*
> -	 * Can't set crypto type if OLD is selected
> +	 * Validate crypto algorithm
>  	 */
> -	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD) {
> -		res = -1;
> -	} else {
> -		/*
> -		 * Validate crypto algorithm
> -		 */
> -		switch (type) {
> -			case TOTEM_CRYPTO_SOBER:
> -				log_printf(instance->totemudpu_log_level_security,
> -					"Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
> -				break;
> -			case TOTEM_CRYPTO_NSS:
> -				log_printf(instance->totemudpu_log_level_security,
> -					"Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
> -				break;
> -			default:
> -				res = -1;
> -				break;
> -		}
> +	switch (type) {
> +		case TOTEM_CRYPTO_SOBER:
> +			log_printf(instance->totemudpu_log_level_security,
> +				"Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
> +			break;
> +		case TOTEM_CRYPTO_NSS:
> +			log_printf(instance->totemudpu_log_level_security,
> +				"Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
> +			break;
> +		default:
> +			res = -1;
> +			break;
>  	}
>  
>  	return (res);
> @@ -907,12 +889,7 @@ static inline void ucast_sendmsg (
>  			iovec_encrypt,
>  			2);
>  
> -		if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
> -			encrypt_data[buf_len++] = instance->totem_config->crypto_type;
> -		}
> -		else {
> -			encrypt_data[buf_len++] = 0;
> -		}
> +		encrypt_data[buf_len++] = instance->totem_config->crypto_type;
>  
>  		iovec_encrypt[0].iov_base = (void *)encrypt_data;
>  		iovec_encrypt[0].iov_len = buf_len;
> @@ -990,12 +967,7 @@ static inline void mcast_sendmsg (
>  			iovec_encrypt,
>  			2);
>  
> -		if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
> -			encrypt_data[buf_len++] = instance->totem_config->crypto_type;
> -		}
> -		else {
> -			encrypt_data[buf_len++] = 0;
> -		}
> +		encrypt_data[buf_len++] = instance->totem_config->crypto_type;
>  
>  		iovec_encrypt[0].iov_base = (void *)encrypt_data;
>  		iovec_encrypt[0].iov_len = buf_len;
> diff --git a/include/corosync/totem/totem.h b/include/corosync/totem/totem.h
> index 343b2c3..a9cb1f3 100644
> --- a/include/corosync/totem/totem.h
> +++ b/include/corosync/totem/totem.h
> @@ -170,7 +170,6 @@ struct totem_config {
>  	unsigned int broadcast_use;
>  
>  	enum { TOTEM_CRYPTO_SOBER=0, TOTEM_CRYPTO_NSS } crypto_type;
> -	enum { TOTEM_CRYPTO_ACCEPT_OLD=0, TOTEM_CRYPTO_ACCEPT_NEW } crypto_accept;
>  
>  	int crypto_crypt_type;
>  	int crypto_sign_type;

_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss


[Index of Archives]     [Linux Clusters]     [Corosync Project]     [Linux USB Devel]     [Linux Audio Users]     [Photo]     [Yosemite News]    [Yosemite Photos]    [Linux Kernel]     [Linux SCSI]     [X.Org]

  Powered by Linux