totem: drop crypt_accept: concept/option

this was another old onwire compat mode that is not useful anylonger.

we can safely move the new model by default.

According to Honza (real hardware 1 node testing) there are no
performance impact.

My tests (8 nodes VM cluster), there is up to 10/12% performance
improvements up to 1M packet size where old and new models are equal.

As a side note, nss still shows to be a performance loss on both
real and virtual hw (without any kind of nss hw acceleration).

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
Reviewed-by: Steven Dake <sdake@redhat.com>

SECURITY

@@ -155,33 +155,18 @@ When a message is received (decrypt_and_authenticate):
 Compatibility
 -------------
 
-The default mode of operation is to allow for wire-compatibility with existing
-openais systems. That means that the internal encryption system is used
-and all received packets are expected to use that system. This allows a rolling
-upgrade from openais to corosync.
-
-Once all nodes in the cluster are running corosync they can be changed to allow
-the newer libnss-based encryption by setting the
-totem {
-    crypto_accept: new
-}
-option in corosync.conf.
-
-This enables the new encryption system but does not switch it on. It simply
-adds a byte to the end of the packets to indicate the encryption type.
-
-Once all nodes have been upgraded and 'crypto_accept: new' has been set,
-the encryption type can be set using a single command:
+The encryption type can be changed at runtime with a single command:
 
 # corosync-cfgtool -c1
 
+(0 for sober, 1 for nss)
+
 This will tell all cluster nodes to start using libnss encryption. Note that
-it is possible to upgrade node individially by seetting the encryption type in
+it is possible to upgrade node individially by setting the encryption type in
 corosync.conf. The last byte of the packet indicates the decryption algorithm
 that the receiver should use.
 
 Once all nodes are using libnss encryption, the option should be set in
 in corosync.conf so that it takes effect at the next system reboot.
 
-
 Comments welcome mailto:discuss@corosync.org

conf/lenses/corosync.aug

@@ -51,7 +51,6 @@ let totem =
     |kv "vsftype" /none|ykd/
     |kv "secauth" /on|off/
     |kv "crypto_type" /nss|sober/
-    |kv "crypto_accept" /new|old/
     |kv "transport" /udp|iba/
     |kv "version" Rx.integer
     |kv "nodeid" Rx.integer

conf/lenses/tests/test_corosync.aug

@@ -6,7 +6,6 @@ totem {
 	version: 2
 	secauth: off
 	crypto_type: nss
-	crypto_accept: new
 	threads: 0
 	clear_node_high_bit: no
 	rrp_mode: none
@@ -81,7 +80,6 @@ test Corosync.lns get conf =
 	{ "version" = "2" }
 	{ "secauth" = "off" }
 	{ "crypto_type" = "nss" }
-	{ "crypto_accept" = "new" }
 	{ "threads" = "0" }
     { "clear_node_high_bit" = "no" }
     { "rrp_mode" = "none" }

cts/corotests.py

@@ -1556,7 +1556,6 @@ def CoroTestList(cm, audits):
 
     c = ConfigContainer('pcmk_sec_nss')
     c['totem/secauth'] = 'on'
-    c['totem/crypto_accept'] = 'new'
     c['totem/crypto_type'] = 'nss'
     c['totem/token'] = 5000
     c['totem/token_retransmits_before_loss_const'] = 10

exec/totemconfig.c

@@ -127,14 +127,6 @@ static void totem_get_crypto_type(struct totem_config *totem_config)
 {
 	char *str;
 
-	totem_config->crypto_accept = TOTEM_CRYPTO_ACCEPT_OLD;
-	if (icmap_get_string("totem.crypto_accept", &str) == CS_OK) {
-		if (strcmp(str, "new") == 0) {
-			totem_config->crypto_accept = TOTEM_CRYPTO_ACCEPT_NEW;
-		}
-		free(str);
-	}
-
 	totem_config->crypto_type = TOTEM_CRYPTO_SOBER;
 
 #ifdef HAVE_LIBNSS
@@ -148,15 +140,14 @@ static void totem_get_crypto_type(struct totem_config *totem_config)
 
 	if (icmap_get_string("totem.crypto_type", &str) == CS_OK) {
 		if (strcmp(str, "sober") == 0) {
-			free(str);
-			return;
+			totem_config->crypto_type = TOTEM_CRYPTO_SOBER;
 		}
 #ifdef HAVE_LIBNSS
 		if (strcmp(str, "nss") == 0) {
 			totem_config->crypto_type = TOTEM_CRYPTO_NSS;
 		}
-		free(str);
 #endif
+		free(str);
 	}
 }
 

exec/totemudp.c

@@ -789,12 +789,13 @@ static int encrypt_and_sign_worker (
 	const struct iovec *iovec,
 	unsigned int iov_len)
 {
-	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER ||
-	    instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
+	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER) {
 		return encrypt_and_sign_sober(instance, buf, buf_len, iovec, iov_len);
+	}
 #ifdef HAVE_LIBNSS
-	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS)
+	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS) {
 		return encrypt_and_sign_nss(instance, buf, buf_len, iovec, iov_len);
+	}
 #endif
 	return -1;
 }
@@ -814,18 +815,15 @@ static int authenticate_and_decrypt (
 	type = endbuf[iov[iov_len-1].iov_len-1];
 	iov[iov_len-1].iov_len -= 1;
 
-	if (type == TOTEM_CRYPTO_SOBER)
+	if (type == TOTEM_CRYPTO_SOBER) {
 		res = authenticate_and_decrypt_sober(instance, iov, iov_len);
+	}
 
-	/*
-	 * Only try higher crypto options if NEW has been requested
-	 */
-	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
 #ifdef HAVE_LIBNSS
-		if (type == TOTEM_CRYPTO_NSS)
+	if (type == TOTEM_CRYPTO_NSS) {
 		    res = authenticate_and_decrypt_nss(instance, iov, iov_len);
-#endif
 	}
+#endif
 
 	/*
 	 * If it failed, then try decrypting the whole packet
@@ -841,16 +839,7 @@ static int authenticate_and_decrypt (
 static void init_crypto(
 	struct totemudp_instance *instance)
 {
-	/*
-	 * If we are expecting NEW crypto type then initialise all available
-	 * crypto options. For OLD then we only need SOBER128.
-	 */
-
 	init_sober_crypto(instance);
-
-	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
-		return;
-
 #ifdef HAVE_LIBNSS
 	init_nss_crypto(instance);
 #endif
@@ -864,27 +853,20 @@ int totemudp_crypto_set (
 	int res = 0;
 
 	/*
-	 * Can't set crypto type if OLD is selected
+	 * Validate crypto algorithm
 	 */
-	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD) {
-		res = -1;
-	} else {
-		/*
-		 * Validate crypto algorithm
-		 */
-		switch (type) {
-			case TOTEM_CRYPTO_SOBER:
-				log_printf(instance->totemudp_log_level_security,
-					"Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
-				break;
-			case TOTEM_CRYPTO_NSS:
-				log_printf(instance->totemudp_log_level_security,
-					"Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
-				break;
-			default:
-				res = -1;
-				break;
-		}
+	switch (type) {
+		case TOTEM_CRYPTO_SOBER:
+			log_printf(instance->totemudp_log_level_security,
+				"Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
+			break;
+		case TOTEM_CRYPTO_NSS:
+			log_printf(instance->totemudp_log_level_security,
+				"Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
+			break;
+		default:
+			res = -1;
+			break;
 	}
 
 	return (res);
@@ -925,12 +907,7 @@ static inline void ucast_sendmsg (
 			iovec_encrypt,
 			2);
 
-		if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
-			encrypt_data[buf_len++] = instance->totem_config->crypto_type;
-		}
-		else {
-			encrypt_data[buf_len++] = 0;
-		}
+		encrypt_data[buf_len++] = instance->totem_config->crypto_type;
 
 		iovec_encrypt[0].iov_base = (void *)encrypt_data;
 		iovec_encrypt[0].iov_len = buf_len;
@@ -1008,12 +985,7 @@ static inline void mcast_sendmsg (
 			iovec_encrypt,
 			2);
 
-		if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
-			encrypt_data[buf_len++] = instance->totem_config->crypto_type;
-		}
-		else {
-			encrypt_data[buf_len++] = 0;
-		}
+		encrypt_data[buf_len++] = instance->totem_config->crypto_type;
 
 		iovec_encrypt[0].iov_base = (void *)encrypt_data;
 		iovec_encrypt[0].iov_len = buf_len;

exec/totemudpu.c

@@ -771,12 +771,13 @@ static int encrypt_and_sign_worker (
 	const struct iovec *iovec,
 	unsigned int iov_len)
 {
-	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER ||
-	    instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
+	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_SOBER) {
 		return encrypt_and_sign_sober(instance, buf, buf_len, iovec, iov_len);
+	}
 #ifdef HAVE_LIBNSS
-	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS)
+	if (instance->totem_config->crypto_type == TOTEM_CRYPTO_NSS) {
 		return encrypt_and_sign_nss(instance, buf, buf_len, iovec, iov_len);
+	}
 #endif
 	return -1;
 }
@@ -796,18 +797,15 @@ static int authenticate_and_decrypt (
 	type = endbuf[iov[iov_len-1].iov_len-1];
 	iov[iov_len-1].iov_len -= 1;
 
-	if (type == TOTEM_CRYPTO_SOBER)
+	if (type == TOTEM_CRYPTO_SOBER) {
 		res = authenticate_and_decrypt_sober(instance, iov, iov_len);
+	}
 
-	/*
-	 * Only try higher crypto options if NEW has been requested
-	 */
-	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
 #ifdef HAVE_LIBNSS
-		if (type == TOTEM_CRYPTO_NSS)
+	if (type == TOTEM_CRYPTO_NSS) {
 		    res = authenticate_and_decrypt_nss(instance, iov, iov_len);
-#endif
 	}
+#endif
 
 	/*
 	 * If it failed, then try decrypting the whole packet
@@ -823,16 +821,7 @@ static int authenticate_and_decrypt (
 static void init_crypto(
 	struct totemudpu_instance *instance)
 {
-	/*
-	 * If we are expecting NEW crypto type then initialise all available
-	 * crypto options. For OLD then we only need SOBER128.
-	 */
-
 	init_sober_crypto(instance);
-
-	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD)
-		return;
-
 #ifdef HAVE_LIBNSS
 	init_nss_crypto(instance);
 #endif
@@ -846,27 +835,20 @@ int totemudpu_crypto_set (
 	int res = 0;
 
 	/*
-	 * Can't set crypto type if OLD is selected
+	 * Validate crypto algorithm
 	 */
-	if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_OLD) {
-		res = -1;
-	} else {
-		/*
-		 * Validate crypto algorithm
-		 */
-		switch (type) {
-			case TOTEM_CRYPTO_SOBER:
-				log_printf(instance->totemudpu_log_level_security,
-					"Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
-				break;
-			case TOTEM_CRYPTO_NSS:
-				log_printf(instance->totemudpu_log_level_security,
-					"Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
-				break;
-			default:
-				res = -1;
-				break;
-		}
+	switch (type) {
+		case TOTEM_CRYPTO_SOBER:
+			log_printf(instance->totemudpu_log_level_security,
+				"Transmit security set to: libtomcrypt SOBER128/SHA1HMAC (mode 0)");
+			break;
+		case TOTEM_CRYPTO_NSS:
+			log_printf(instance->totemudpu_log_level_security,
+				"Transmit security set to: NSS AES128CBC/SHA1HMAC (mode 1)");
+			break;
+		default:
+			res = -1;
+			break;
 	}
 
 	return (res);
@@ -907,12 +889,7 @@ static inline void ucast_sendmsg (
 			iovec_encrypt,
 			2);
 
-		if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
-			encrypt_data[buf_len++] = instance->totem_config->crypto_type;
-		}
-		else {
-			encrypt_data[buf_len++] = 0;
-		}
+		encrypt_data[buf_len++] = instance->totem_config->crypto_type;
 
 		iovec_encrypt[0].iov_base = (void *)encrypt_data;
 		iovec_encrypt[0].iov_len = buf_len;
@@ -990,12 +967,7 @@ static inline void mcast_sendmsg (
 			iovec_encrypt,
 			2);
 
-		if (instance->totem_config->crypto_accept == TOTEM_CRYPTO_ACCEPT_NEW) {
-			encrypt_data[buf_len++] = instance->totem_config->crypto_type;
-		}
-		else {
-			encrypt_data[buf_len++] = 0;
-		}
+		encrypt_data[buf_len++] = instance->totem_config->crypto_type;
 
 		iovec_encrypt[0].iov_base = (void *)encrypt_data;
 		iovec_encrypt[0].iov_len = buf_len;

include/corosync/totem/totem.h

@@ -170,7 +170,6 @@ struct totem_config {
 	unsigned int broadcast_use;
 
 	enum { TOTEM_CRYPTO_SOBER=0, TOTEM_CRYPTO_NSS } crypto_type;
-	enum { TOTEM_CRYPTO_ACCEPT_OLD=0, TOTEM_CRYPTO_ACCEPT_NEW } crypto_accept;
 
 	int crypto_crypt_type;
 	int crypto_sign_type;