#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
-#include <lnet/nidstr.h>
-#include <lustre/lustre_idl.h>
+#include <linux/lustre/lustre_user.h>
#include "sk_utils.h"
#include "err_util.h"
#define SK_DEFAULT_PRIME_BITS 2048
#define SK_DEFAULT_NODEMAP "default"
-/* Names match up with openssl enc and dgst commands */
-char *sk_crypt2name[] = {
- [SK_CRYPT_EMPTY] = "NONE",
- [SK_CRYPT_AES256_CTR] = "AES-256-CTR",
-};
-
-const char *sk_hmac2name[] = { "NONE", "SHA256", "SHA512" };
-
-static int sk_name2crypt(char *name)
-{
- int i;
-
- for (i = 0; i < SK_CRYPT_MAX; i++) {
- if (strcasecmp(name, sk_crypt2name[i]) == 0)
- return i;
- }
-
- return SK_CRYPT_INVALID;
-}
-
-enum cfs_crypto_hash_alg sk_name2hmac(char *name)
-{
- enum cfs_crypto_hash_alg algo;
- int i = 0;
-
- /* convert to lower case */
- while (name[i]) {
- putchar(tolower(name[i]));
- i++;
- }
-
- if (strcmp(name, "none"))
- return CFS_HASH_ALG_NULL;
-
- algo = cfs_crypto_hash_alg(name);
- if ((algo != CFS_HASH_ALG_SHA256) ||
- (algo != CFS_HASH_ALG_SHA512))
- return SK_HMAC_INVALID;
-
- return algo;
-}
-
static void usage(FILE *fp, char *program)
{
int i;
fprintf(fp, "Modify/Write Options:\n");
fprintf(fp, "-c|--crypt <num> Cipher for encryption "
"(Default: AES Counter mode)\n");
- for (i = 1; i < SK_CRYPT_MAX; i++)
- fprintf(fp, " %s\n", sk_crypt2name[i]);
-
+ for (i = 1; i < ARRAY_SIZE(sk_crypt_algs); i++)
+ fprintf(fp, " %s\n",
+ sk_crypt_algs[i].sct_name);
fprintf(fp, "-i|--hmac <num> Hash algorithm for integrity "
"(Default: SHA256)\n");
- for (i = 1; i < sizeof(sk_hmac2name) / sizeof(sk_hmac2name[0]); i++)
- fprintf(fp, " %s\n", sk_hmac2name[i]);
-
+ for (i = 1; i < ARRAY_SIZE(sk_hmac_algs); i++)
+ fprintf(fp, " %s\n",
+ sk_hmac_algs[i].sht_name);
fprintf(fp, "-e|--expire <num> Seconds before contexts from "
"key expire (Default: %d seconds (%.3g days))\n",
SK_DEFAULT_EXPIRE, (double)SK_DEFAULT_EXPIRE / 3600 / 24);
"(Default: %d)\n", SK_DEFAULT_SK_KEYLEN);
fprintf(fp, "-d|--data <file> Key data source for new keys "
"(Default: /dev/random)\n");
- fprintf(fp, " Not a seed value. This is the actual key value.\n\n");
+ fprintf(fp, " Not a seed value. "
+ "This is the actual key value.\n\n");
fprintf(fp, "Other Options:\n");
fprintf(fp, "-v|--verbose Increase verbosity for errors\n");
exit(EXIT_FAILURE);
if (config->skc_type & SK_TYPE_CLIENT)
printf(" client");
printf("\n");
- printf("HMAC alg: %s\n", sk_hmac2name[config->skc_hmac_alg]);
- printf("Crypto alg: %s\n", cfs_crypto_hash_name(config->skc_hmac_alg));
+ printf("HMAC alg: %s\n", sk_hmac2name(config->skc_hmac_alg));
+ printf("Crypto alg: %s\n", sk_crypt2name(config->skc_crypt_alg));
printf("Ctx Expiration: %u seconds\n", config->skc_expire);
printf("Shared keylen: %u bits\n", config->skc_shared_keylen);
printf("Prime length: %u bits\n", config->skc_prime_bits);
char *tmp;
char *tmp2;
int crypt = SK_CRYPT_EMPTY;
- enum cfs_crypto_hash_alg hmac = CFS_HASH_ALG_NULL;
+ int hmac = SK_HMAC_EMPTY;
int expire = -1;
int shared_keylen = -1;
int prime_bits = -1;
int verbose = 0;
int i;
int opt;
- enum sk_key_type type = SK_TYPE_INVALID;
+ enum sk_key_type type = SK_TYPE_INVALID;
bool generate_prime = false;
- DH *dh;
+ DH *dh = NULL;
static struct option long_opts[] = {
{ .name = "crypt", .has_arg = required_argument, .val = 'c'},
fprintf(stderr, "error: invalid HMAC algorithm specified\n");
return EXIT_FAILURE;
}
+
if (modify && datafile) {
- fprintf(stderr, "error: data file option not valid in key modify\n");
+ fprintf(stderr,
+ "error: data file option not valid in key modify\n");
return EXIT_FAILURE;
}
config->skc_shared_keylen = SK_DEFAULT_SK_KEYLEN;
config->skc_prime_bits = SK_DEFAULT_PRIME_BITS;
config->skc_crypt_alg = SK_CRYPT_AES256_CTR;
- config->skc_hmac_alg = CFS_HASH_ALG_SHA256;
+ config->skc_hmac_alg = SK_HMAC_SHA256;
for (i = 0; i < MAX_MGSNIDS; i++)
config->skc_mgsnids[i] = LNET_NID_ANY;
config->skc_type = type;
generate_prime = type & SK_TYPE_CLIENT;
- strncpy(config->skc_nodemap, SK_DEFAULT_NODEMAP,
- sizeof(config->skc_nodemap) - 1);
+ /* SK_DEFAULT_NODEMAP is made to fit in skc_nodemap */
+ strcpy(config->skc_nodemap, SK_DEFAULT_NODEMAP);
if (!datafile)
datafile = "/dev/random";
if (crypt != SK_CRYPT_EMPTY)
config->skc_crypt_alg = crypt;
- if (hmac != CFS_HASH_ALG_NULL)
+ if (hmac != SK_HMAC_EMPTY)
config->skc_hmac_alg = hmac;
if (expire != -1)
config->skc_expire = expire;
if (prime_bits != -1)
config->skc_prime_bits = prime_bits;
if (fsname)
- strncpy(config->skc_fsname, fsname,
- sizeof(config->skc_fsname) - 1);
+ /* fsname string length was checked when parsing
+ * command-line options
+ */
+ strcpy(config->skc_fsname, fsname);
if (nodemap)
- strncpy(config->skc_nodemap, nodemap,
- sizeof(config->skc_nodemap) - 1);
+ /* nodemap string length was checked when parsing
+ * command-line options
+ */
+ strcpy(config->skc_nodemap, nodemap);
if (mgsnids && parse_mgsnids(mgsnids, config))
goto error;
if (sk_validate_config(config)) {
}
if (generate_prime) {
+ const BIGNUM *p;
+ int rc;
+
printf("Generating DH parameters, this can take a while...\n");
- dh = DH_generate_parameters(config->skc_prime_bits,
- SK_GENERATOR, NULL, NULL);
- if (BN_num_bytes(dh->p) > SK_MAX_P_BYTES) {
+ dh = DH_new();
+ if (!dh) {
+ fprintf(stderr, "error: dh cannot be allocated\n");
+ goto error;
+ }
+
+ rc = DH_generate_parameters_ex(dh, config->skc_prime_bits,
+ SK_GENERATOR, NULL);
+ if (rc != 1) {
+ fprintf(stderr, "error generating DH parameters\n");
+ goto error;
+ }
+
+ DH_get0_pqg(dh, &p, NULL, NULL);
+
+ if (BN_num_bytes(p) > SK_MAX_P_BYTES) {
fprintf(stderr, "error: cannot generate DH parameters: "
"requested length %d exceeds maximum %d\n",
config->skc_prime_bits, SK_MAX_P_BYTES * 8);
goto error;
}
- if (BN_bn2bin(dh->p, config->skc_p) != BN_num_bytes(dh->p)) {
+ if (BN_bn2bin(p, config->skc_p) != BN_num_bytes(p)) {
fprintf(stderr,
"error: convert BIGNUM p to binary failed\n");
goto error;
}
+
+ DH_free(dh);
}
if (write_config_file(modify ?: output, config, modify))
return EXIT_SUCCESS;
error:
+ DH_free(dh);
free(config);
return EXIT_FAILURE;
}