lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 16 Oct 2020 23:02:00 +0700
From:   Tuong Lien <tuong.t.lien@...tech.com.au>
To:     dsahern@...il.com, jmaloy@...hat.com, maloy@...jonn.com,
        ying.xue@...driver.com, netdev@...r.kernel.org
Cc:     tipc-discussion@...ts.sourceforge.net
Subject: [iproute2-next 1/2] tipc: add option to set master key for encryption

In addition to the support of master key in kernel, we add the 'master'
option to the 'tipc node set key' command for user to be able to
specify a key as master key during the key setting. This is carried out
by turning on the new netlink flag - 'TIPC_NLA_NODE_KEY_MASTER'.
For example:

$ tipc node set key "this_is_a_master_key" master

The command's help menu is also updated to give a better description of
all the available options.

Acked-by: Jon Maloy <jmaloy@...hat.com>
Signed-off-by: Tuong Lien <tuong.t.lien@...tech.com.au>
---
 tipc/node.c | 46 +++++++++++++++++++++++++++++-----------------
 1 file changed, 29 insertions(+), 17 deletions(-)

diff --git a/tipc/node.c b/tipc/node.c
index ffdaeaea..1ff0baa4 100644
--- a/tipc/node.c
+++ b/tipc/node.c
@@ -160,19 +160,21 @@ static int cmd_node_set_nodeid(struct nlmsghdr *nlh, const struct cmd *cmd,
 static void cmd_node_set_key_help(struct cmdl *cmdl)
 {
 	fprintf(stderr,
-		"Usage: %s node set key KEY [algname ALGNAME] [nodeid NODEID]\n\n"
+		"Usage: %s node set key KEY [algname ALGNAME] [PROPERTIES]\n\n"
+		"KEY\n"
+		"  Symmetric KEY & SALT as a composite ASCII or hex string (0x...) in form:\n"
+		"  [KEY: 16, 24 or 32 octets][SALT: 4 octets]\n\n"
+		"ALGNAME\n"
+		"  Cipher algorithm [default: \"gcm(aes)\"]\n\n"
 		"PROPERTIES\n"
-		" KEY                   - Symmetric KEY & SALT as a normal or hex string\n"
-		"                         that consists of two parts:\n"
-		"                         [KEY: 16, 24 or 32 octets][SALT: 4 octets]\n\n"
-		" algname ALGNAME       - Default: \"gcm(aes)\"\n\n"
-		" nodeid NODEID         - Own or peer node identity to which the key will\n"
-		"                         be attached. If not present, the key is a cluster\n"
-		"                         key!\n\n"
+		"  master                - Set KEY as a cluster master key\n"
+		"  <empty>               - Set KEY as a cluster key\n"
+		"  nodeid NODEID         - Set KEY as a per-node key for own or peer\n\n"
 		"EXAMPLES\n"
-		"  %s node set key this_is_a_key16_salt algname \"gcm(aes)\" nodeid node1\n"
-		"  %s node set key 0x746869735F69735F615F6B657931365F73616C74 nodeid node2\n\n",
-		cmdl->argv[0], cmdl->argv[0], cmdl->argv[0]);
+		"  %s node set key this_is_a_master_key master\n"
+		"  %s node set key 0x746869735F69735F615F6B657931365F73616C74\n"
+		"  %s node set key this_is_a_key16_salt algname \"gcm(aes)\" nodeid 1001002\n\n",
+		cmdl->argv[0], cmdl->argv[0], cmdl->argv[0], cmdl->argv[0]);
 }
 
 static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
@@ -187,24 +189,21 @@ static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
 	struct opt opts[] = {
 		{ "algname",	OPT_KEYVAL,	NULL },
 		{ "nodeid",	OPT_KEYVAL,	NULL },
+		{ "master",	OPT_KEY,	NULL },
 		{ NULL }
 	};
 	struct nlattr *nest;
-	struct opt *opt_algname, *opt_nodeid;
+	struct opt *opt_algname, *opt_nodeid, *opt_master;
 	char buf[MNL_SOCKET_BUFFER_SIZE];
 	uint8_t id[TIPC_NODEID_LEN] = {0,};
 	int keysize;
 	char *str;
 
-	if (help_flag) {
+	if (help_flag || cmdl->optind >= cmdl->argc) {
 		(cmd->help)(cmdl);
 		return -EINVAL;
 	}
 
-	if (cmdl->optind >= cmdl->argc) {
-		fprintf(stderr, "error, missing key\n");
-		return -EINVAL;
-	}
 
 	/* Get user key */
 	str = shift_cmdl(cmdl);
@@ -230,17 +229,30 @@ static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
 		return -EINVAL;
 	}
 
+	/* Get master key indication */
+	opt_master = get_opt(opts, "master");
+
+	/* Sanity check if wrong option */
+	if (opt_nodeid && opt_master) {
+		fprintf(stderr, "error, per-node key cannot be master\n");
+		return -EINVAL;
+	}
+
 	/* Init & do the command */
 	nlh = msg_init(buf, TIPC_NL_KEY_SET);
 	if (!nlh) {
 		fprintf(stderr, "error, message initialisation failed\n");
 		return -1;
 	}
+
 	nest = mnl_attr_nest_start(nlh, TIPC_NLA_NODE);
 	keysize = tipc_aead_key_size(&input.key);
 	mnl_attr_put(nlh, TIPC_NLA_NODE_KEY, keysize, &input.key);
 	if (opt_nodeid)
 		mnl_attr_put(nlh, TIPC_NLA_NODE_ID, TIPC_NODEID_LEN, id);
+	if (opt_master)
+		mnl_attr_put(nlh, TIPC_NLA_NODE_KEY_MASTER, 0, NULL);
+
 	mnl_attr_nest_end(nlh, nest);
 	return msg_doit(nlh, NULL, NULL);
 }
-- 
2.26.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ