X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Futils%2Fgss%2Fsk_utils.h;h=e20d12d00aa5d8b1253e0b65a11cc2ae52d9676f;hb=b0797d7ed4e6551d229620b45295d9387b3202bd;hp=c7dbe7710709cc89ae88a77390a8469120e35e3c;hpb=2de43286f95281648881033062abf9503bd60541;p=fs%2Flustre-release.git

diff --git a/lustre/utils/gss/sk_utils.h b/lustre/utils/gss/sk_utils.h
index c7dbe77..e20d12d 100644
--- a/lustre/utils/gss/sk_utils.h
+++ b/lustre/utils/gss/sk_utils.h
@@ -30,13 +30,96 @@
 
 #include <gssapi/gssapi.h>
 #include <keyutils.h>
-#include <lustre/lustre_idl.h>
+#include <linux/lustre/lustre_idl.h>
 #include <openssl/dh.h>
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 #include <sys/types.h>
 
+#include <libcfs/libcfs_crypto.h>
 #include "lsupport.h"
 
+#ifndef ARRAY_SIZE
+# define ARRAY_SIZE(a) ((sizeof(a)) / (sizeof((a)[0])))
+#endif /* !ARRAY_SIZE */
+
+/* LL_CRYPTO_MAX_NAME value must match value of
+ * CRYPTO_MAX_ALG_NAME in include/linux/crypto.h
+ */
+#ifdef HAVE_CRYPTO_MAX_ALG_NAME_128
+#define LL_CRYPTO_MAX_NAME 128
+#else
+#define LL_CRYPTO_MAX_NAME 64
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static inline HMAC_CTX *HMAC_CTX_new(void)
+{
+	HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+
+	if (ctx != NULL)
+		HMAC_CTX_init(ctx);
+	return ctx;
+}
+
+static inline void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+	if (ctx != NULL) {
+		HMAC_CTX_cleanup(ctx);
+		OPENSSL_cleanse(ctx, sizeof(*ctx));
+		OPENSSL_free(ctx);
+	}
+}
+static inline void DH_get0_pqg(const DH *dh,
+			       const BIGNUM **p, const BIGNUM **q,
+			       const BIGNUM **g)
+{
+	if (p != NULL)
+		*p = dh->p;
+	if (q != NULL)
+		*q = dh->q;
+	if (g != NULL)
+		*g = dh->g;
+}
+
+static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+	/* If the fields p and g in dh are NULL, the corresponding input
+	 * parameters MUST be non-NULL.  q may remain NULL.
+	 */
+	if ((dh->p == NULL && p == NULL)
+	    || (dh->g == NULL && g == NULL))
+		return 0;
+
+	if (p != NULL) {
+		BN_free(dh->p);
+		dh->p = p;
+	}
+	if (q != NULL) {
+		BN_free(dh->q);
+		dh->q = q;
+	}
+	if (g != NULL) {
+		BN_free(dh->g);
+		dh->g = g;
+	}
+
+	if (q != NULL)
+		dh->length = BN_num_bits(q);
+
+	return 1;
+}
+
+static inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key,
+			       const BIGNUM **priv_key)
+{
+	if (pub_key != NULL)
+		*pub_key = dh->pub_key;
+	if (priv_key != NULL)
+		*priv_key = dh->priv_key;
+}
+#endif
+
 /* Some limits and defaults */
 #define SK_CONF_VERSION 1
 #define SK_MSG_VERSION 1
@@ -113,8 +196,8 @@ struct sk_keyfile_config {
 /* Format passed to the kernel from userspace */
 struct sk_kernel_ctx {
 	uint32_t	skc_version;
-	uint16_t	skc_hmac_alg;
-	uint16_t	skc_crypt_alg;
+	char		skc_hmac_alg[LL_CRYPTO_MAX_NAME];
+	char		skc_crypt_alg[LL_CRYPTO_MAX_NAME];
 	uint32_t	skc_expire;
 	uint32_t	skc_host_random;
 	uint32_t	skc_peer_random;
@@ -137,6 +220,103 @@ struct sk_cred {
 	DH			*sc_params;
 };
 
+/* Names match up with openssl enc and dgst commands */
+/* When adding new alg types, make sure first occurrence's name
+ * matches cht_name in hash_types array.
+ */
+static const struct sk_crypt_type sk_crypt_algs[] = {
+	{
+		.sct_name = "null",
+		.sct_type = SK_CRYPT_EMPTY
+	},
+	{
+		.sct_name = "NONE",
+		.sct_type = SK_CRYPT_EMPTY
+	},
+	{
+		.sct_name = "ctr(aes)",
+		.sct_type = SK_CRYPT_AES256_CTR
+	},
+	{
+		.sct_name = "AES-256-CTR",
+		.sct_type = SK_CRYPT_AES256_CTR
+	}
+};
+static const struct sk_hmac_type sk_hmac_algs[] = {
+	{
+		.sht_name = "null",
+		.sht_type = SK_HMAC_EMPTY
+	},
+	{
+		.sht_name = "NONE",
+		.sht_type = SK_HMAC_EMPTY
+	},
+	{
+		.sht_name = "sha256",
+		.sht_type = SK_HMAC_SHA256
+	},
+	{
+		.sht_name = "SHA256",
+		.sht_type = SK_HMAC_SHA256
+	},
+	{
+		.sht_name = "sha512",
+		.sht_type = SK_HMAC_SHA512
+	},
+	{
+		.sht_name = "SHA512",
+		.sht_type = SK_HMAC_SHA512
+	}
+};
+
+static inline int sk_name2crypt(char *name)
+{
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(sk_crypt_algs); i++) {
+		if (strcasecmp(name, sk_crypt_algs[i].sct_name) == 0)
+			return sk_crypt_algs[i].sct_type;
+	}
+
+	return SK_CRYPT_INVALID;
+}
+
+static inline int sk_name2hmac(char *name)
+{
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(sk_hmac_algs); i++) {
+		if (strcasecmp(name, sk_hmac_algs[i].sht_name) == 0)
+			return sk_hmac_algs[i].sht_type;
+	}
+
+	return SK_HMAC_INVALID;
+}
+
+static inline const char *sk_crypt2name(enum sk_crypt_alg type)
+{
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(sk_crypt_algs); i++) {
+		if (type == sk_crypt_algs[i].sct_type)
+			return sk_crypt_algs[i].sct_name;
+	}
+
+	return NULL;
+}
+
+static inline const char *sk_hmac2name(enum sk_hmac_alg type)
+{
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(sk_hmac_algs); i++) {
+		if (type == sk_hmac_algs[i].sht_type)
+			return sk_hmac_algs[i].sht_name;
+	}
+
+	return NULL;
+}
+
 void sk_init_logging(char *program, int verbose, int fg);
 struct sk_keyfile_config *sk_read_file(char *filename);
 int sk_load_keyfile(char *path);