[fabbione/kronosnet] 977e2c: [crypto] align crypto_authenticate_and_decrypt API...

GitHub noreply at github.com
Wed Nov 25 20:20:35 CET 2015


  Branch: refs/heads/master
  Home:   https://github.com/fabbione/kronosnet
  Commit: 977e2cbc62d371fd5b243e0dddcd0364fba07842
      https://github.com/fabbione/kronosnet/commit/977e2cbc62d371fd5b243e0dddcd0364fba07842
  Author: Fabio M. Di Nitto <fdinitto at redhat.com>
  Date:   2015-11-25 (Wed, 25 Nov 2015)

  Changed paths:
    M libknet/crypto.c
    M libknet/crypto.h
    M libknet/handle.c
    M libknet/internals.h
    M libknet/nsscrypto.c
    M libknet/nsscrypto.h
    M libknet/threads_send_recv.c

  Log Message:
  -----------
  [crypto] align crypto_authenticate_and_decrypt API to crypto_encrypt_and_sign

2 issues solved by this change:

1) API were different and crypto_authenticate_and_decrypt would trash the
   incoming packet, that we might want to keep for later usage
   (re-switch for example)

2) By using an extre pre-allocated buffer while decrypting incoming packets
   we save a whole memcpy and that reduces latency on crypto communications:

pre-patch:

[root at kronosnet-node1-br0 ~]# ping 192.168.12.2 -f -c 1000 -s 65000
PING 192.168.12.2 (192.168.12.2) 65000(65028) bytes of data.

--- 192.168.12.2 ping statistics ---
1000 packets transmitted, 1000 received, 0% packet loss, time 5302ms
rtt min/avg/max/mdev = 5.102/5.283/22.679/0.947 ms, pipe 3, ipg/ewma 5.307/5.223 ms

post-patch:

[root at kronosnet-node1-br0 ~]# ping 192.168.12.2 -f -c 1000 -s 65000
PING 192.168.12.2 (192.168.12.2) 65000(65028) bytes of data.

--- 192.168.12.2 ping statistics ---
1000 packets transmitted, 1000 received, 0% packet loss, time 5196ms
rtt min/avg/max/mdev = 4.997/5.154/6.661/0.129 ms, ipg/ewma 5.201/5.173 ms

(using aes256 and sha1)

Signed-off-by: Fabio M. Di Nitto <fdinitto at redhat.com>




More information about the Commits mailing list