X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Futils%2Fgss%2Flgss_sk.c;h=d6d9959cf59215cb25ae565874f2963bee2f3567;hb=b0797d7ed4e6551d229620b45295d9387b3202bd;hp=fffa011ee6a0c053a857f0528b551a7c21c5797c;hpb=a598df837b946711407ec93eed08f144dae6d35a;p=fs%2Flustre-release.git diff --git a/lustre/utils/gss/lgss_sk.c b/lustre/utils/gss/lgss_sk.c index fffa011..d6d9959 100644 --- a/lustre/utils/gss/lgss_sk.c +++ b/lustre/utils/gss/lgss_sk.c @@ -22,9 +22,12 @@ /* * Copyright (C) 2015, Trustees of Indiana University * + * Copyright (c) 2016, Intel Corporation. + * * Author: Jeremy Filizetti */ +#include #include #include #include @@ -37,8 +40,7 @@ #include #include #include -#include -#include +#include #include "sk_utils.h" #include "err_util.h" @@ -53,42 +55,6 @@ #define SK_DEFAULT_PRIME_BITS 2048 #define SK_DEFAULT_NODEMAP "default" -/* Names match up with openssl enc and dgst commands */ -char *sk_crypt2name[] = { - [SK_CRYPT_EMPTY] = "NONE", - [SK_CRYPT_AES256_CTR] = "AES-256-CTR", -}; - -char *sk_hmac2name[] = { - [SK_HMAC_EMPTY] = "NONE", - [SK_HMAC_SHA256] = "SHA256", - [SK_HMAC_SHA512] = "SHA512", -}; - -static int sk_name2crypt(char *name) -{ - int i; - - for (i = 0; i < SK_CRYPT_MAX; i++) { - if (strcasecmp(name, sk_crypt2name[i]) == 0) - return i; - } - - return SK_CRYPT_INVALID; -} - -static int sk_name2hmac(char *name) -{ - int i; - - for (i = 0; i < SK_HMAC_MAX; i++) { - if (strcasecmp(name, sk_hmac2name[i]) == 0) - return i; - } - - return SK_HMAC_INVALID; -} - static void usage(FILE *fp, char *program) { int i; @@ -102,14 +68,14 @@ static void usage(FILE *fp, char *program) fprintf(fp, "Modify/Write Options:\n"); fprintf(fp, "-c|--crypt Cipher for encryption " "(Default: AES Counter mode)\n"); - for (i = 1; i < SK_CRYPT_MAX; i++) - fprintf(fp, " %s\n", sk_crypt2name[i]); - + for (i = 1; i < ARRAY_SIZE(sk_crypt_algs); i++) + fprintf(fp, " %s\n", + sk_crypt_algs[i].sct_name); fprintf(fp, "-i|--hmac Hash algorithm for integrity " "(Default: SHA256)\n"); - for (i = 1; i < SK_HMAC_MAX; i++) - fprintf(fp, " %s\n", sk_hmac2name[i]); - + for (i = 1; i < ARRAY_SIZE(sk_hmac_algs); i++) + fprintf(fp, " %s\n", + sk_hmac_algs[i].sht_name); fprintf(fp, "-e|--expire Seconds before contexts from " "key expire (Default: %d seconds (%.3g days))\n", SK_DEFAULT_EXPIRE, (double)SK_DEFAULT_EXPIRE / 3600 / 24); @@ -124,8 +90,10 @@ static void usage(FILE *fp, char *program) "client)\n"); fprintf(fp, "-k|--key-bits Shared key length in bits " "(Default: %d)\n", SK_DEFAULT_SK_KEYLEN); - fprintf(fp, "-d|--data Key random data source " - "(Default: /dev/random)\n\n"); + fprintf(fp, "-d|--data Key data source for new keys " + "(Default: /dev/random)\n"); + fprintf(fp, " Not a seed value. " + "This is the actual key value.\n\n"); fprintf(fp, "Other Options:\n"); fprintf(fp, "-v|--verbose Increase verbosity for errors\n"); exit(EXIT_FAILURE); @@ -236,8 +204,8 @@ static int print_config(char *filename) if (config->skc_type & SK_TYPE_CLIENT) printf(" client"); printf("\n"); - printf("HMAC alg: %s\n", sk_hmac2name[config->skc_hmac_alg]); - printf("Crypto alg: %s\n", sk_crypt2name[config->skc_crypt_alg]); + printf("HMAC alg: %s\n", sk_hmac2name(config->skc_hmac_alg)); + printf("Crypto alg: %s\n", sk_crypt2name(config->skc_crypt_alg)); printf("Ctx Expiration: %u seconds\n", config->skc_expire); printf("Shared keylen: %u bits\n", config->skc_shared_keylen); printf("Prime length: %u bits\n", config->skc_prime_bits); @@ -328,34 +296,33 @@ int main(int argc, char **argv) int verbose = 0; int i; int opt; - enum sk_key_type type = SK_TYPE_INVALID; + enum sk_key_type type = SK_TYPE_INVALID; bool generate_prime = false; - DH *dh; - - static struct option long_opt[] = { - {"crypt", 1, 0, 'c'}, - {"data", 1, 0, 'd'}, - {"expire", 1, 0, 'e'}, - {"fsname", 1, 0, 'f'}, - {"mgsnids", 1, 0, 'g'}, - {"help", 0, 0, 'h'}, - {"hmac", 1, 0, 'i'}, - {"integrity", 1, 0, 'i'}, - {"key-bits", 1, 0, 'k'}, - {"shared", 1, 0, 'k'}, - {"load", 1, 0, 'l'}, - {"modify", 1, 0, 'm'}, - {"nodemap", 1, 0, 'n'}, - {"prime-bits", 1, 0, 'p'}, - {"read", 1, 0, 'r'}, - {"type", 1, 0, 't'}, - {"verbose", 0, 0, 'v'}, - {"write", 1, 0, 'w'}, - {0, 0, 0, 0}, - }; + DH *dh = NULL; + + static struct option long_opts[] = { + { .name = "crypt", .has_arg = required_argument, .val = 'c'}, + { .name = "data", .has_arg = required_argument, .val = 'd'}, + { .name = "expire", .has_arg = required_argument, .val = 'e'}, + { .name = "fsname", .has_arg = required_argument, .val = 'f'}, + { .name = "mgsnids", .has_arg = required_argument, .val = 'g'}, + { .name = "help", .has_arg = no_argument, .val = 'h'}, + { .name = "hmac", .has_arg = required_argument, .val = 'i'}, + { .name = "integrity", .has_arg = required_argument, .val = 'i'}, + { .name = "key-bits", .has_arg = required_argument, .val = 'k'}, + { .name = "shared", .has_arg = required_argument, .val = 'k'}, + { .name = "load", .has_arg = required_argument, .val = 'l'}, + { .name = "modify", .has_arg = required_argument, .val = 'm'}, + { .name = "nodemap", .has_arg = required_argument, .val = 'n'}, + { .name = "prime-bits", .has_arg = required_argument, .val = 'p'}, + { .name = "read", .has_arg = required_argument, .val = 'r'}, + { .name = "type", .has_arg = required_argument, .val = 't'}, + { .name = "verbose", .has_arg = no_argument, .val = 'v'}, + { .name = "write", .has_arg = required_argument, .val = 'w'}, + { .name = NULL, } }; while ((opt = getopt_long(argc, argv, - "c:d:e:f:g:hi:l:m:n:p:r:s:k:t:w:v", long_opt, + "c:d:e:f:g:hi:l:m:n:p:r:s:k:t:w:v", long_opts, NULL)) != EOF) { switch (opt) { case 'c': @@ -491,6 +458,12 @@ int main(int argc, char **argv) return EXIT_FAILURE; } + if (modify && datafile) { + fprintf(stderr, + "error: data file option not valid in key modify\n"); + return EXIT_FAILURE; + } + if (modify) { config = sk_read_file(modify); if (!config) @@ -541,8 +514,8 @@ int main(int argc, char **argv) config->skc_type = type; generate_prime = type & SK_TYPE_CLIENT; - strncpy(config->skc_nodemap, SK_DEFAULT_NODEMAP, - strlen(SK_DEFAULT_NODEMAP)); + /* SK_DEFAULT_NODEMAP is made to fit in skc_nodemap */ + strcpy(config->skc_nodemap, SK_DEFAULT_NODEMAP); if (!datafile) datafile = "/dev/random"; @@ -559,9 +532,15 @@ int main(int argc, char **argv) if (prime_bits != -1) config->skc_prime_bits = prime_bits; if (fsname) - strncpy(config->skc_fsname, fsname, strlen(fsname)); + /* fsname string length was checked when parsing + * command-line options + */ + strcpy(config->skc_fsname, fsname); if (nodemap) - strncpy(config->skc_nodemap, nodemap, strlen(nodemap)); + /* nodemap string length was checked when parsing + * command-line options + */ + strcpy(config->skc_nodemap, nodemap); if (mgsnids && parse_mgsnids(mgsnids, config)) goto error; if (sk_validate_config(config)) { @@ -577,20 +556,38 @@ int main(int argc, char **argv) } if (generate_prime) { + const BIGNUM *p; + int rc; + printf("Generating DH parameters, this can take a while...\n"); - dh = DH_generate_parameters(config->skc_prime_bits, - SK_GENERATOR, NULL, NULL); - if (BN_num_bytes(dh->p) > SK_MAX_P_BYTES) { + dh = DH_new(); + if (!dh) { + fprintf(stderr, "error: dh cannot be allocated\n"); + goto error; + } + + rc = DH_generate_parameters_ex(dh, config->skc_prime_bits, + SK_GENERATOR, NULL); + if (rc != 1) { + fprintf(stderr, "error generating DH parameters\n"); + goto error; + } + + DH_get0_pqg(dh, &p, NULL, NULL); + + if (BN_num_bytes(p) > SK_MAX_P_BYTES) { fprintf(stderr, "error: cannot generate DH parameters: " "requested length %d exceeds maximum %d\n", config->skc_prime_bits, SK_MAX_P_BYTES * 8); goto error; } - if (BN_bn2bin(dh->p, config->skc_p) != BN_num_bytes(dh->p)) { + if (BN_bn2bin(p, config->skc_p) != BN_num_bytes(p)) { fprintf(stderr, "error: convert BIGNUM p to binary failed\n"); goto error; } + + DH_free(dh); } if (write_config_file(modify ?: output, config, modify)) @@ -599,6 +596,7 @@ int main(int argc, char **argv) return EXIT_SUCCESS; error: + DH_free(dh); free(config); return EXIT_FAILURE; }