Reviewed-by: Steven Dake <sdake@xxxxxxxxxx>
On 03/09/2012 05:54 AM, Fabio M. Di Nitto wrote:
> From: "Fabio M. Di Nitto" <fdinitto@xxxxxxxxxx>
>
> this was another old onwire compat mode that is not useful anylonger.
>
> we can safely move the new model by default.
>
> According to Honza (real hardware 1 node testing) there are no
> performance impact.
>
> My tests (8 nodes VM cluster), there is up to 10/12% performance
> improvements up to 1M packet size where old and new models are equal.
>
> As a side note, nss still shows to be a performance loss on both
> real and virtual hw (without any kind of nss hw acceleration).
>
> Signed-off-by: Fabio M. Di Nitto <fdinitto@xxxxxxxxxx>
> ---
> SECURITY | 23 ++---------
> conf/lenses/corosync.aug | 1 -
> conf/lenses/tests/test_corosync.aug | 2 -
> cts/corotests.py | 1 -
> exec/totemconfig.c | 13 +-----
> exec/totemudp.c | 74 +++++++++++------------------------
> exec/totemudpu.c | 74 +++++++++++------------------------
> include/corosync/totem/totem.h | 1 -
> 8 files changed, 52 insertions(+), 137 deletions(-)
>
> diff --git a/SECURITY b/SECURITY
> index 340910e..09fb894 100644
> --- a/SECURITY
> +++ b/SECURITY
> @@ -155,33 +155,18 @@ When a message is received (decrypt_and_authenticate):
> Compatibility
> -------------
>
> -The default mode of operation is to allow for wire-compatibility with existing
> -openais systems. That means that the internal encryption system is used
> -and all received packets are expected to use that system. This allows a rolling
> -upgrade from openais to corosync.
> -
> -Once all nodes in the cluster are running corosync they can be changed to allow
> -the newer libnss-based encryption by setting the
> -totem {
> - crypto_accept: new
> -}
> -option in corosync.conf.
> -
> -This enables the new encryption system but does not switch it on. It simply
> -adds a byte to the end of the packets to indicate the encryption type.
> -
> -Once all nodes have been upgraded and 'crypto_accept: new' has been set,
> -the encryption type can be set using a single command:
> +The encryption type can be changed at runtime with a single command:
>
> # corosync-cfgtool -c1
>
> +(0 for sober, 1 for nss)
> +
> This will tell all cluster nodes to start using libnss encryption. Note that
> -it is possible to upgrade node individially by seetting the encryption type in
> +it is possible to upgrade node individially by setting the encryption type in
> corosync.conf. The last byte of the packet indicates the decryption algorithm
> that the receiver should use.
>
> Once all nodes are using libnss encryption, the option should be set in
> in corosync.conf so that it takes effect at the next system reboot.
>
> -
> Comments welcome mailto:discuss@xxxxxxxxxxxx
> diff --git a/conf/lenses/corosync.aug b/conf/lenses/corosync.aug
> index 67abfb9..4a8317b 100644
> --- a/conf/lenses/corosync.aug
> +++ b/conf/lenses/corosync.aug
> @@ -51,7 +51,6 @@ let totem =
> |kv "vsftype" /none|ykd/
> |kv "secauth" /on|off/
> |kv "crypto_type" /nss|sober/
> - |kv "crypto_accept" /new|old/
> |kv "transport" /udp|iba/
> |kv "version" Rx.integer
> |kv "nodeid" Rx.integer
> diff --git a/conf/lenses/tests/test_corosync.aug b/conf/lenses/tests/test_corosync.aug
> index 78c87cc..f67782f 100644
> --- a/conf/lenses/tests/test_corosync.aug
> +++ b/conf/lenses/tests/test_corosync.aug
> @@ -6,7 +6,6 @@ totem {
> version: 2
> secauth: off
> crypto_type: nss
> - crypto_accept: new
> threads: 0
> clear_node_high_bit: no
> rrp_mode: none
> @@ -81,7 +80,6 @@ test Corosync.lns get conf =
> { "version" = "2" }
> { "secauth" = "off" }
> { "crypto_type" = "nss" }
> - { "crypto_accept" = "new" }
> { "threads" = "0" }
> { "clear_node_high_bit" = "no" }
> { "rrp_mode" = "none" }
> diff --git a/cts/corotests.py b/cts/corotests.py
> index e355ac2..f52ca3d 100644
> --- a/cts/corotests.py
> +++ b/cts/corotests.py
> @@ -1556,7 +1556,6 @@ def CoroTestList(cm, audits):
>
> c = ConfigContainer('pcmk_sec_nss')
> c['totem/secauth'] = 'on'
> - c['totem/crypto_accept'] = 'new'
> c['totem/crypto_type'] = 'nss'
> c['totem/token'] = 5000
> c['totem/token_retransmits_before_loss_const'] = 10
> diff --git a/exec/totemconfig.c b/exec/totemconfig.c
> index 9434673..e53163f 100644
> --- a/exec/totemconfig.c
> +++ b/exec/totemconfig.c
> @@ -127,14 +127,6 @@ static void totem_get_crypto_type(struct totem_config *totem_config)
> {
> char *str;
>
> - totem_config->crypto_accept = TOTEM_CRYPTO_ACCEPT_OLD;
> - if (icmap_get_string("totem.crypto_accept", &str) == CS_OK) {
> - if (strcmp(str, "new") == 0) {
> - totem_config->crypto_accept = TOTEM_CRYPTO_ACCEPT_NEW;
> - }
> - free(str);
> - }
> -
> totem_config->crypto_type = TOTEM_CRYPTO_SOBER;
>
> #ifdef HAVE_LIBNSS
> @@ -148,15 +140,14 @@ static void totem_get_crypto_type(struct totem_config *totem_config)
>
> if (icmap_get_string("totem.crypto_type", &str) == CS_OK) {
> if (strcmp(str, "sober") == 0) {
> - free(str);
> - return;
> + totem_config->crypto_type = TOTEM_CRYPTO_SOBER;
> }
> #ifdef HAVE_LIBNSS
> if (strcmp(str, "nss") == 0) {
> totem_config->crypto_type = TOTEM_CRYPTO_NSS;
> }
> - free(str);
> #endif
> + free(str);
> }
> }
>
> diff --git a/exec/totemudp.c b/exec/totemudp.c
> index a4649e5..0fe52aa 100644
> --- a/exec/totemudp.c
> +++ b/exec/totemudp.c
> @@ -789,12 +789,13 @@ static int encrypt_and_sign_worker (
> const struct iovec *iovec,
> unsigned int iov_len)
> {
> - if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER ||
> - instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
> + if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER) {
> return encrypt_and_sign_sober(instance, buf, buf_len, iovec, iov_len);
> + }
> #ifdef HAVE_LIBNSS
> - if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS)
> + if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS) {
> return encrypt_and_sign_nss(instance, buf, buf_len, iovec, iov_len);
> + }
> #endif
> return -1;
> }
> @@ -814,18 +815,15 @@ static int authenticate_and_decrypt (
> type = endbuf[iov[iov_len-1].iov_len-1];
> iov[iov_len-1].iov_len -= 1;
>
> - if (type == TOTEM_CRYPTO_SOBER)
> + if (type == TOTEM_CRYPTO_SOBER) {
> res = authenticate_and_decrypt_sober(instance, iov, iov_len);
> + }
>
> - /*
> - * Only try higher crypto options if NEW has been requested
> - */
> - if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
> #ifdef HAVE_LIBNSS
> - if (type == TOTEM_CRYPTO_NSS)
> + if (type == TOTEM_CRYPTO_NSS) {
> res = authenticate_and_decrypt_nss(instance, iov, iov_len);
> -#endif
> }
> +#endif
>
> /*
> * If it failed, then try decrypting the whole packet
> @@ -841,16 +839,7 @@ static int authenticate_and_decrypt (
> static void init_crypto(
> struct totemudp_instance *instance)
> {
> - /*
> - * If we are expecting NEW crypto type then initialise all available
> - * crypto options. For OLD then we only need SOBER128.
> - */
> -
> init_sober_crypto(instance);
> -
> - if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
> - return;
> -
> #ifdef HAVE_LIBNSS
> init_nss_crypto(instance);
> #endif
> @@ -864,27 +853,20 @@ int totemudp_crypto_set (
> int res = 0;
>
> /*
> - * Can't set crypto type if OLD is selected
> + * Validate crypto algorithm
> */
> - if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD) {
> - res = -1;
> - } else {
> - /*
> - * Validate crypto algorithm
> - */
> - switch (type) {
> - case TOTEM_CRYPTO_SOBER:
> - log_printf(instance->totemudp_log_level_security,
> - "Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
> - break;
> - case TOTEM_CRYPTO_NSS:
> - log_printf(instance->totemudp_log_level_security,
> - "Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
> - break;
> - default:
> - res = -1;
> - break;
> - }
> + switch (type) {
> + case TOTEM_CRYPTO_SOBER:
> + log_printf(instance->totemudp_log_level_security,
> + "Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
> + break;
> + case TOTEM_CRYPTO_NSS:
> + log_printf(instance->totemudp_log_level_security,
> + "Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
> + break;
> + default:
> + res = -1;
> + break;
> }
>
> return (res);
> @@ -925,12 +907,7 @@ static inline void ucast_sendmsg (
> iovec_encrypt,
> 2);
>
> - if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
> - encrypt_data[buf_len++] = instance->totem_config->crypto_type;
> - }
> - else {
> - encrypt_data[buf_len++] = 0;
> - }
> + encrypt_data[buf_len++] = instance->totem_config->crypto_type;
>
> iovec_encrypt[0].iov_base = (void *)encrypt_data;
> iovec_encrypt[0].iov_len = buf_len;
> @@ -1008,12 +985,7 @@ static inline void mcast_sendmsg (
> iovec_encrypt,
> 2);
>
> - if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
> - encrypt_data[buf_len++] = instance->totem_config->crypto_type;
> - }
> - else {
> - encrypt_data[buf_len++] = 0;
> - }
> + encrypt_data[buf_len++] = instance->totem_config->crypto_type;
>
> iovec_encrypt[0].iov_base = (void *)encrypt_data;
> iovec_encrypt[0].iov_len = buf_len;
> diff --git a/exec/totemudpu.c b/exec/totemudpu.c
> index 37028fb..250921e 100644
> --- a/exec/totemudpu.c
> +++ b/exec/totemudpu.c
> @@ -771,12 +771,13 @@ static int encrypt_and_sign_worker (
> const struct iovec *iovec,
> unsigned int iov_len)
> {
> - if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER ||
> - instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
> + if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER) {
> return encrypt_and_sign_sober(instance, buf, buf_len, iovec, iov_len);
> + }
> #ifdef HAVE_LIBNSS
> - if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS)
> + if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS) {
> return encrypt_and_sign_nss(instance, buf, buf_len, iovec, iov_len);
> + }
> #endif
> return -1;
> }
> @@ -796,18 +797,15 @@ static int authenticate_and_decrypt (
> type = endbuf[iov[iov_len-1].iov_len-1];
> iov[iov_len-1].iov_len -= 1;
>
> - if (type == TOTEM_CRYPTO_SOBER)
> + if (type == TOTEM_CRYPTO_SOBER) {
> res = authenticate_and_decrypt_sober(instance, iov, iov_len);
> + }
>
> - /*
> - * Only try higher crypto options if NEW has been requested
> - */
> - if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
> #ifdef HAVE_LIBNSS
> - if (type == TOTEM_CRYPTO_NSS)
> + if (type == TOTEM_CRYPTO_NSS) {
> res = authenticate_and_decrypt_nss(instance, iov, iov_len);
> -#endif
> }
> +#endif
>
> /*
> * If it failed, then try decrypting the whole packet
> @@ -823,16 +821,7 @@ static int authenticate_and_decrypt (
> static void init_crypto(
> struct totemudpu_instance *instance)
> {
> - /*
> - * If we are expecting NEW crypto type then initialise all available
> - * crypto options. For OLD then we only need SOBER128.
> - */
> -
> init_sober_crypto(instance);
> -
> - if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
> - return;
> -
> #ifdef HAVE_LIBNSS
> init_nss_crypto(instance);
> #endif
> @@ -846,27 +835,20 @@ int totemudpu_crypto_set (
> int res = 0;
>
> /*
> - * Can't set crypto type if OLD is selected
> + * Validate crypto algorithm
> */
> - if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD) {
> - res = -1;
> - } else {
> - /*
> - * Validate crypto algorithm
> - */
> - switch (type) {
> - case TOTEM_CRYPTO_SOBER:
> - log_printf(instance->totemudpu_log_level_security,
> - "Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
> - break;
> - case TOTEM_CRYPTO_NSS:
> - log_printf(instance->totemudpu_log_level_security,
> - "Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
> - break;
> - default:
> - res = -1;
> - break;
> - }
> + switch (type) {
> + case TOTEM_CRYPTO_SOBER:
> + log_printf(instance->totemudpu_log_level_security,
> + "Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
> + break;
> + case TOTEM_CRYPTO_NSS:
> + log_printf(instance->totemudpu_log_level_security,
> + "Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
> + break;
> + default:
> + res = -1;
> + break;
> }
>
> return (res);
> @@ -907,12 +889,7 @@ static inline void ucast_sendmsg (
> iovec_encrypt,
> 2);
>
> - if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
> - encrypt_data[buf_len++] = instance->totem_config->crypto_type;
> - }
> - else {
> - encrypt_data[buf_len++] = 0;
> - }
> + encrypt_data[buf_len++] = instance->totem_config->crypto_type;
>
> iovec_encrypt[0].iov_base = (void *)encrypt_data;
> iovec_encrypt[0].iov_len = buf_len;
> @@ -990,12 +967,7 @@ static inline void mcast_sendmsg (
> iovec_encrypt,
> 2);
>
> - if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
> - encrypt_data[buf_len++] = instance->totem_config->crypto_type;
> - }
> - else {
> - encrypt_data[buf_len++] = 0;
> - }
> + encrypt_data[buf_len++] = instance->totem_config->crypto_type;
>
> iovec_encrypt[0].iov_base = (void *)encrypt_data;
> iovec_encrypt[0].iov_len = buf_len;
> diff --git a/include/corosync/totem/totem.h b/include/corosync/totem/totem.h
> index 343b2c3..a9cb1f3 100644
> --- a/include/corosync/totem/totem.h
> +++ b/include/corosync/totem/totem.h
> @@ -170,7 +170,6 @@ struct totem_config {
> unsigned int broadcast_use;
>
> enum { TOTEM_CRYPTO_SOBER=0, TOTEM_CRYPTO_NSS } crypto_type;
> - enum { TOTEM_CRYPTO_ACCEPT_OLD=0, TOTEM_CRYPTO_ACCEPT_NEW } crypto_accept;
>
> int crypto_crypt_type;
> int crypto_sign_type;
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
