Reviewed-by: Steven Dake <sdake@xxxxxxxxxx>
On 03/13/2012 10:25 AM, Fabio M. Di Nitto wrote:
> From: "Fabio M. Di Nitto" <fdinitto@xxxxxxxxxx>
>
> keep totem.secauth config key for compatibility
>
> if the key is NOT set, crypto will default to aes256/sha1
> if the key is set to "off", crypto is disabled.
> this reflects pretty much old behavior
>
> keywords totem.crypto_cipher and totem.crypto_hash can
> override secauth individually.
>
> it is not yet possible to enable encryption without hashing
> (totemcrypt will fail) but it is planned in the next patchset.
>
> this one will restore basic operations for developers.
>
> Signed-off-by: Fabio M. Di Nitto <fdinitto@xxxxxxxxxx>
> ---
> exec/totemconfig.c | 9 +---
> exec/totemcrypto.c | 106 +++++++++++++++++++++++++---------------
> exec/totemudp.c | 90 +++++++++++++++-------------------
> exec/totemudpu.c | 90 +++++++++++++++-------------------
> include/corosync/totem/totem.h | 2 -
> 5 files changed, 148 insertions(+), 149 deletions(-)
>
> diff --git a/exec/totemconfig.c b/exec/totemconfig.c
> index 931bd7a..1138963 100644
> --- a/exec/totemconfig.c
> +++ b/exec/totemconfig.c
> @@ -129,11 +129,9 @@ static void totem_get_crypto(struct totem_config *totem_config)
>
> tmp_hash = "sha1";
> tmp_cipher = "aes256";
> - totem_config->secauth = 1;
>
> if (icmap_get_string("totem.secauth", &str) == CS_OK) {
> if (strcmp (str, "off") == 0) {
> - totem_config->secauth = 0;
> tmp_hash = "none";
> tmp_cipher = "none";
> }
> @@ -160,10 +158,6 @@ static void totem_get_crypto(struct totem_config *totem_config)
> free(str);
> }
>
> - if (strcmp(tmp_hash, "none") == 0 && strcmp(tmp_cipher, "none") == 0) {
> - totem_config->secauth = 0;
> - }
> -
> free(totem_config->crypto_cipher_type);
> free(totem_config->crypto_hash_type);
>
> @@ -1019,7 +1013,8 @@ int totem_config_keyread (
> memset (totem_config->private_key, 0, 128);
> totem_config->private_key_len = 128;
>
> - if (totem_config->secauth == 0) {
> + if (strcmp(totem_config->crypto_cipher_type, "none") == 0 &&
> + strcmp(totem_config->crypto_hash_type, "none") == 0) {
> return (0);
> }
>
> diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c
> index 8c0ec91..b2141a8 100644
> --- a/exec/totemcrypto.c
> +++ b/exec/totemcrypto.c
> @@ -145,39 +145,27 @@ do { \
>
> static void init_nss_crypto(struct crypto_instance *instance)
> {
> - PK11SlotInfo* aes_slot = NULL;
> - PK11SlotInfo* sha1_slot = NULL;
> + PK11SlotInfo* crypt_slot = NULL;
> + PK11SlotInfo* hash_slot = NULL;
> SECItem key_item;
> - SECStatus rv;
> +
> + if ((!cipher_to_nss[instance->crypto_cipher_type]) &&
> + (!hash_to_nss[instance->crypto_hash_type])) {
> + log_printf(instance->log_level_notice,
> + "Initializing transmit/receive security: NONE");
> + return;
> + }
>
> log_printf(instance->log_level_notice,
> "Initializing transmit/receive security: NSS AES256CBC/SHA1HMAC (mode %u).", 0);
> - rv = NSS_NoDB_Init(".");
> - if (rv != SECSuccess)
> - {
> - log_printf(instance->log_level_security, "NSS initialization failed (err %d)",
> - PR_GetError());
> - goto out;
> - }
>
> - /*
> - * TODO: use instance info!
> - */
> - aes_slot = PK11_GetBestSlot(cipher_to_nss[instance->crypto_cipher_type], NULL);
> - if (aes_slot == NULL)
> + if (NSS_NoDB_Init(".") != SECSuccess)
> {
> - log_printf(instance->log_level_security, "Unable to find security slot (err %d)",
> + log_printf(instance->log_level_security, "NSS initialization failed (err %d)",
> PR_GetError());
> goto out;
> }
>
> - sha1_slot = PK11_GetBestSlot(hash_to_nss[instance->crypto_hash_type], NULL);
> - if (sha1_slot == NULL)
> - {
> - log_printf(instance->log_level_security, "Unable to find security slot (err %d)",
> - PR_GetError());
> - goto out;
> - }
> /*
> * Make the private key into a SymKey that we can use
> */
> @@ -185,26 +173,46 @@ static void init_nss_crypto(struct crypto_instance *instance)
> key_item.data = instance->private_key;
> key_item.len = cipher_key_len[instance->crypto_cipher_type];
>
> - instance->nss_sym_key = PK11_ImportSymKey(aes_slot,
> - cipher_to_nss[instance->crypto_cipher_type],
> - PK11_OriginUnwrap, CKA_ENCRYPT|CKA_DECRYPT,
> - &key_item, NULL);
> - if (instance->nss_sym_key == NULL)
> - {
> - log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)",
> - PR_GetError());
> - goto out;
> + if (cipher_to_nss[instance->crypto_cipher_type]) {
> + crypt_slot = PK11_GetBestSlot(cipher_to_nss[instance->crypto_cipher_type], NULL);
> + if (crypt_slot == NULL)
> + {
> + log_printf(instance->log_level_security, "Unable to find security slot (err %d)",
> + PR_GetError());
> + goto out;
> + }
> + instance->nss_sym_key = PK11_ImportSymKey(crypt_slot,
> + cipher_to_nss[instance->crypto_cipher_type],
> + PK11_OriginUnwrap, CKA_ENCRYPT|CKA_DECRYPT,
> + &key_item, NULL);
> + if (instance->nss_sym_key == NULL)
> + {
> + log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)",
> + PR_GetError());
> + goto out;
> + }
> }
>
> - instance->nss_sym_key_sign = PK11_ImportSymKey(sha1_slot,
> - hash_to_nss[instance->crypto_hash_type],
> - PK11_OriginUnwrap, CKA_SIGN,
> - &key_item, NULL);
> - if (instance->nss_sym_key_sign == NULL) {
> - log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)",
> - PR_GetError());
> - goto out;
> + if (hash_to_nss[instance->crypto_hash_type]) {
> + hash_slot = PK11_GetBestSlot(hash_to_nss[instance->crypto_hash_type], NULL);
> + if (hash_slot == NULL)
> + {
> + log_printf(instance->log_level_security, "Unable to find security slot (err %d)",
> + PR_GetError());
> + goto out;
> + }
> +
> + instance->nss_sym_key_sign = PK11_ImportSymKey(hash_slot,
> + hash_to_nss[instance->crypto_hash_type],
> + PK11_OriginUnwrap, CKA_SIGN,
> + &key_item, NULL);
> + if (instance->nss_sym_key_sign == NULL) {
> + log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)",
> + PR_GetError());
> + goto out;
> + }
> }
> +
> out:
> return;
> }
> @@ -447,6 +455,16 @@ int crypto_encrypt_and_sign (
> unsigned char *buf_out,
> size_t *buf_out_len)
> {
> + /*
> + * if crypto is totally disabled, let's skip complex parsing
> + */
> + if ((!cipher_to_nss[instance->crypto_cipher_type]) &&
> + (!hash_to_nss[instance->crypto_hash_type])) {
> + memcpy(buf_out, buf_in, buf_in_len);
> + *buf_out_len = buf_in_len;
> + return 0;
> + }
> +
> return (encrypt_and_sign_nss(instance, buf_in, buf_in_len, buf_out, buf_out_len));
> }
>
> @@ -454,6 +472,14 @@ int crypto_authenticate_and_decrypt (struct crypto_instance *instance,
> unsigned char *buf,
> int *buf_len)
> {
> + /*
> + * if crypto is totally disabled, there is no work for us
> + */
> + if ((!cipher_to_nss[instance->crypto_cipher_type]) &&
> + (!hash_to_nss[instance->crypto_hash_type])) {
> + return 0;
> + }
> +
> return (authenticate_and_decrypt_nss(instance, buf, buf_len));
> }
>
> diff --git a/exec/totemudp.c b/exec/totemudp.c
> index 21a6122..0ccc55b 100644
> --- a/exec/totemudp.c
> +++ b/exec/totemudp.c
> @@ -259,26 +259,24 @@ static inline void ucast_sendmsg (
> struct iovec iovec;
> int addrlen;
>
> - if (instance->totem_config->secauth == 1) {
> + /*
> + * Encrypt and digest the message
> + */
> + if (crypto_encrypt_and_sign (
> + instance->crypto_inst,
> + (const unsigned char *)msg,
> + msg_len,
> + buf_out,
> + &buf_out_len) != 0) {
> /*
> - * Encrypt and digest the message
> + * TODO: how to handle error here
> */
> - if (crypto_encrypt_and_sign (
> - instance->crypto_inst,
> - (const unsigned char *)msg,
> - msg_len,
> - buf_out,
> - &buf_out_len) != 0) {
> - log_printf(LOGSYS_LEVEL_CRIT, "Unable to crypt? now what?");
> - }
> -
> - iovec.iov_base = (void *)buf_out;
> - iovec.iov_len = buf_out_len;
> - } else {
> - iovec.iov_base = (void *)msg;
> - iovec.iov_len = msg_len;
> + log_printf(LOGSYS_LEVEL_CRIT, "Unable to crypt? now what?");
> }
>
> + iovec.iov_base = (void *)buf_out;
> + iovec.iov_len = buf_out_len;
> +
> /*
> * Build unicast message
> */
> @@ -323,26 +321,24 @@ static inline void mcast_sendmsg (
> struct sockaddr_storage sockaddr;
> int addrlen;
>
> - if (instance->totem_config->secauth == 1) {
> + /*
> + * Encrypt and digest the message
> + */
> + if (crypto_encrypt_and_sign (
> + instance->crypto_inst,
> + (const unsigned char *)msg,
> + msg_len,
> + buf_out,
> + &buf_out_len) != 0) {
> /*
> - * Encrypt and digest the message
> + * TODO: how to handle error here
> */
> - if (crypto_encrypt_and_sign (
> - instance->crypto_inst,
> - (const unsigned char *)msg,
> - msg_len,
> - buf_out,
> - &buf_out_len) != 0) {
> - log_printf(LOGSYS_LEVEL_CRIT, "unable to crypt? now what?");
> - }
> -
> - iovec.iov_base = (void *)&buf_out;
> - iovec.iov_len = buf_out_len;
> - } else {
> - iovec.iov_base = (void *)msg;
> - iovec.iov_len = msg_len;
> + log_printf(LOGSYS_LEVEL_CRIT, "unable to crypt? now what?");
> }
>
> + iovec.iov_base = (void *)&buf_out;
> + iovec.iov_len = buf_out_len;
> +
> /*
> * Build multicast message
> */
> @@ -443,18 +439,16 @@ static int net_deliver_fn (
> instance->stats_recv += bytes_received;
> }
>
> - if (instance->totem_config->secauth == 1) {
> - /*
> - * Authenticate and if authenticated, decrypt datagram
> - */
> - res = crypto_authenticate_and_decrypt (instance->crypto_inst, iovec->iov_base, &bytes_received);
> - if (res == -1) {
> - log_printf (instance->totemudp_log_level_security, "Received message has invalid digest... ignoring.");
> - log_printf (instance->totemudp_log_level_security,
> - "Invalid packet data");
> - iovec->iov_len = FRAME_SIZE_MAX;
> - return 0;
> - }
> + /*
> + * Authenticate and if authenticated, decrypt datagram
> + */
> + res = crypto_authenticate_and_decrypt (instance->crypto_inst, iovec->iov_base, &bytes_received);
> + if (res == -1) {
> + log_printf (instance->totemudp_log_level_security, "Received message has invalid digest... ignoring.");
> + log_printf (instance->totemudp_log_level_security,
> + "Invalid packet data");
> + iovec->iov_len = FRAME_SIZE_MAX;
> + return 0;
> }
> iovec->iov_len = bytes_received;
>
> @@ -1179,12 +1173,8 @@ extern int totemudp_iface_check (void *udp_context)
> extern void totemudp_net_mtu_adjust (void *udp_context, struct totem_config *totem_config)
> {
> #define UDPIP_HEADER_SIZE (20 + 8) /* 20 bytes for ip 8 bytes for udp */
> - if (totem_config->secauth == 1) {
> - totem_config->net_mtu -= crypto_sec_header_size(totem_config->crypto_hash_type) +
> - UDPIP_HEADER_SIZE;
> - } else {
> - totem_config->net_mtu -= UDPIP_HEADER_SIZE;
> - }
> + totem_config->net_mtu -= crypto_sec_header_size(totem_config->crypto_hash_type) +
> + UDPIP_HEADER_SIZE;
> }
>
> const char *totemudp_iface_print (void *udp_context) {
> diff --git a/exec/totemudpu.c b/exec/totemudpu.c
> index be4ca50..7d1d31c 100644
> --- a/exec/totemudpu.c
> +++ b/exec/totemudpu.c
> @@ -247,26 +247,24 @@ static inline void ucast_sendmsg (
> struct iovec iovec;
> int addrlen;
>
> - if (instance->totem_config->secauth == 1) {
> + /*
> + * Encrypt and digest the message
> + */
> + if (crypto_encrypt_and_sign (
> + instance->crypto_inst,
> + (const unsigned char *)msg,
> + msg_len,
> + buf_out,
> + &buf_out_len) != 0) {
> /*
> - * Encrypt and digest the message
> + * TODO: how to handle error here
> */
> - if (crypto_encrypt_and_sign (
> - instance->crypto_inst,
> - (const unsigned char *)msg,
> - msg_len,
> - buf_out,
> - &buf_out_len) != 0) {
> - log_printf(LOGSYS_LEVEL_CRIT, "unable to crypt? now what?");
> - }
> -
> - iovec.iov_base = (void *)buf_out;
> - iovec.iov_len = buf_out_len;
> - } else {
> - iovec.iov_base = (void *)msg;
> - iovec.iov_len = msg_len;
> + log_printf(LOGSYS_LEVEL_CRIT, "unable to crypt? now what?");
> }
>
> + iovec.iov_base = (void *)buf_out;
> + iovec.iov_len = buf_out_len;
> +
> /*
> * Build unicast message
> */
> @@ -312,26 +310,24 @@ static inline void mcast_sendmsg (
> struct list_head *list;
> struct totemudpu_member *member;
>
> - if (instance->totem_config->secauth == 1) {
> + /*
> + * Encrypt and digest the message
> + */
> + if (crypto_encrypt_and_sign (
> + instance->crypto_inst,
> + (const unsigned char *)msg,
> + msg_len,
> + buf_out,
> + &buf_out_len) != 0) {
> /*
> - * Encrypt and digest the message
> + * TODO: how to handle error here
> */
> - if(crypto_encrypt_and_sign (
> - instance->crypto_inst,
> - (const unsigned char *)msg,
> - msg_len,
> - buf_out,
> - &buf_out_len) != 0) {
> - log_printf(LOGSYS_LEVEL_CRIT, "Unable to crypt? now what?");
> - }
> -
> - iovec.iov_base = (void *)buf_out;
> - iovec.iov_len = buf_out_len;
> - } else {
> - iovec.iov_base = (void *)msg;
> - iovec.iov_len = msg_len;
> + log_printf(LOGSYS_LEVEL_CRIT, "Unable to crypt? now what?");
> }
>
> + iovec.iov_base = (void *)buf_out;
> + iovec.iov_len = buf_out_len;
> +
> /*
> * Build multicast message
> */
> @@ -422,19 +418,17 @@ static int net_deliver_fn (
> instance->stats_recv += bytes_received;
> }
>
> - if (instance->totem_config->secauth == 1) {
> - /*
> - * Authenticate and if authenticated, decrypt datagram
> - */
> + /*
> + * Authenticate and if authenticated, decrypt datagram
> + */
>
> - res = crypto_authenticate_and_decrypt (instance->crypto_inst, iovec->iov_base, &bytes_received);
> - if (res == -1) {
> - log_printf (instance->totemudpu_log_level_security, "Received message has invalid digest... ignoring.");
> - log_printf (instance->totemudpu_log_level_security,
> - "Invalid packet data");
> - iovec->iov_len = FRAME_SIZE_MAX;
> - return 0;
> - }
> + res = crypto_authenticate_and_decrypt (instance->crypto_inst, iovec->iov_base, &bytes_received);
> + if (res == -1) {
> + log_printf (instance->totemudpu_log_level_security, "Received message has invalid digest... ignoring.");
> + log_printf (instance->totemudpu_log_level_security,
> + "Invalid packet data");
> + iovec->iov_len = FRAME_SIZE_MAX;
> + return 0;
> }
> iovec->iov_len = bytes_received;
>
> @@ -884,12 +878,8 @@ extern int totemudpu_iface_check (void *udpu_context)
> extern void totemudpu_net_mtu_adjust (void *udpu_context, struct totem_config *totem_config)
> {
> #define UDPIP_HEADER_SIZE (20 + 8) /* 20 bytes for ip 8 bytes for udp */
> - if (totem_config->secauth == 1) {
> - totem_config->net_mtu -= crypto_sec_header_size(totem_config->crypto_hash_type) +
> - UDPIP_HEADER_SIZE;
> - } else {
> - totem_config->net_mtu -= UDPIP_HEADER_SIZE;
> - }
> + totem_config->net_mtu -= crypto_sec_header_size(totem_config->crypto_hash_type) +
> + UDPIP_HEADER_SIZE;
> }
>
> const char *totemudpu_iface_print (void *udpu_context) {
> diff --git a/include/corosync/totem/totem.h b/include/corosync/totem/totem.h
> index eba3850..08a459e 100644
> --- a/include/corosync/totem/totem.h
> +++ b/include/corosync/totem/totem.h
> @@ -151,8 +151,6 @@ struct totem_config {
>
> struct totem_logging_configuration totem_logging_configuration;
>
> - unsigned int secauth;
> -
> unsigned int net_mtu;
>
> unsigned int threads;
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
