[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gluster-devel] [PATCH BUG:393 00/10] Add transport encryption translato
From: |
Corentin Chary |
Subject: |
[Gluster-devel] [PATCH BUG:393 00/10] Add transport encryption translators |
Date: |
Wed, 18 Nov 2009 12:13:52 +0100 |
Hi,
These patchs add a transport encryption mechanism and two transport
encryption translators. It is hooked in the core transport code, and
need some modification of transports (socket, ipverb) to conserve the
data structure. This may be cleaned later.
There also some modification in protocol to add crypto xlator private data
(crytpo type + private data in fact). For example the way NaCl work make
us add the nonce and some data in gf_hdr_common_t (inside gf_ndr_nacl_t)
A "transport.crypto.type" option is added in protocol/client and
protocol/server to choose the crypto xlator.
The nacl transport have been used in production, and can be considered
as stable. nacl adds an "transport.crypto.passphrase" option to setup
the passphrase wich is shared between each servers and clients.
NaCl
Here is a small howto to install and build nacl so it can be linked
to a shared library:
Before building the glusterfs package, you need to install nacl correctly.
wget http://hyperelliptic.org/nacl/nacl-20090405.tar.bz2
bunzip2 < nacl-20090405.tar.bz2 | tar -xf -
cd nacl-20090405
* On x86:
emacs okcompilers/c
gcc -m32 -O2 -fPIC -march=i686
* On amd64:
emacs okcompilers/c
gcc -m64 -O2 -fPIC
mv crypto_onetimeauth/poly1305/amd64/constants.s
crypto_onetimeauth/poly1305/amd64/constants.s.bak
mv crypto_onetimeauth/poly1305/amd64/auth.s
crypto_onetimeauth/poly1305/amd64/auth.s.bak
cat crypto_onetimeauth/poly1305/amd64/constants.s.bak | grep -v globl >
crypto_onetimeauth/poly1305/amd64/auth.s
cat crypto_onetimeauth/poly1305/amd64/auth.s.bak >>
crypto_onetimeauth/poly1305/amd64/auth.s
Then
./do
sudo cp -r build/localhost/lib/* /usr/lib/
sudo cp -r build/localhost/include/* /usr/include/
Now, ./configure should detect nacl and enable it.
You can still explicitly disable it using --disable-nacl
Corentin Chary (10):
transport/encryption: add infrastructure
transport/encryption: add directory and base Makefile.am
transport/encryption: add rot-13 demo
transport/encryption: keep xlator reference
transport/encryption: pass transport_crypto_t instead of transport_t
libglusterfs: add iov_load function
transport/encryption: add NaCl encryptor
transport/ib-verbs: add missing buflen_p parameter
libglusterfs: add iov_link
transport/encryption: fix encryption when used with afr
configure.ac | 69 ++++++-
libglusterfs/src/Makefile.am | 2 +-
libglusterfs/src/common-utils.h | 24 ++-
libglusterfs/src/protocol.h | 10 +
libglusterfs/src/transport.c | 293 +++++++++++++++++++------
libglusterfs/src/transport.h | 25 ++-
transport/Makefile.am | 4 +-
transport/encryption/Makefile.am | 3 +
transport/encryption/nacl/Makefile.am | 1 +
transport/encryption/nacl/src/Makefile.am | 16 ++
transport/encryption/nacl/src/nacl.c | 275 +++++++++++++++++++++++
transport/encryption/nacl/src/nacl.h | 39 ++++
transport/encryption/rot-13c/Makefile.am | 1 +
transport/encryption/rot-13c/src/Makefile.am | 14 ++
transport/encryption/rot-13c/src/rot-13c.c | 106 +++++++++
transport/encryption/rot-13c/src/rot-13c.h | 30 +++
transport/ib-verbs/src/ib-verbs.c | 5 +-
transport/socket/src/socket.c | 6 +-
xlators/protocol/client/src/client-protocol.c | 3 +
xlators/protocol/server/src/server-protocol.c | 3 +
20 files changed, 849 insertions(+), 80 deletions(-)
create mode 100644 transport/encryption/Makefile.am
create mode 100644 transport/encryption/nacl/Makefile.am
create mode 100644 transport/encryption/nacl/src/Makefile.am
create mode 100644 transport/encryption/nacl/src/nacl.c
create mode 100644 transport/encryption/nacl/src/nacl.h
create mode 100644 transport/encryption/rot-13c/Makefile.am
create mode 100644 transport/encryption/rot-13c/src/Makefile.am
create mode 100644 transport/encryption/rot-13c/src/rot-13c.c
create mode 100644 transport/encryption/rot-13c/src/rot-13c.h
- [Gluster-devel] [PATCH BUG:393 00/10] Add transport encryption translators,
Corentin Chary <=
- [Gluster-devel] [PATCH BUG:393 01/10] transport/encryption: add infrastructure, Corentin Chary, 2009/11/18
- [Gluster-devel] [PATCH BUG:393 02/10] transport/encryption: add directory and base Makefile.am, Corentin Chary, 2009/11/18
- [Gluster-devel] [PATCH BUG:393 03/10] transport/encryption: add rot-13 demo, Corentin Chary, 2009/11/18
- [Gluster-devel] [PATCH BUG:393 04/10] transport/encryption: keep xlator reference, Corentin Chary, 2009/11/18
- [Gluster-devel] [PATCH BUG:393 05/10] transport/encryption: pass transport_crypto_t instead of transport_t, Corentin Chary, 2009/11/18
- [Gluster-devel] [PATCH BUG:393 06/10] libglusterfs: add iov_load function, Corentin Chary, 2009/11/18
- [Gluster-devel] [PATCH BUG:393 07/10] transport/encryption: add NaCl encryptor, Corentin Chary, 2009/11/18
- [Gluster-devel] [PATCH BUG:393 08/10] transport/ib-verbs: add missing buflen_p parameter, Corentin Chary, 2009/11/18
- [Gluster-devel] [PATCH BUG:393 09/10] libglusterfs: add iov_link, Corentin Chary, 2009/11/18
- [Gluster-devel] [PATCH BUG:393 10/10] transport/encryption: fix encryption when used with afr, Corentin Chary, 2009/11/18