From: Tuong Lien <tuong.t.lien@dektech.com.au>
To: dsahern@gmail.com, jmaloy@redhat.com, maloy@donjonn.com,
ying.xue@windriver.com, netdev@vger.kernel.org
Cc: tipc-discussion@lists.sourceforge.net
Subject: [iproute2-next 1/2] tipc: add option to set master key for encryption
Date: Fri, 16 Oct 2020 23:02:00 +0700 [thread overview]
Message-ID: <20201016160201.7290-2-tuong.t.lien@dektech.com.au> (raw)
In-Reply-To: <20201016160201.7290-1-tuong.t.lien@dektech.com.au>
In addition to the support of master key in kernel, we add the 'master'
option to the 'tipc node set key' command for user to be able to
specify a key as master key during the key setting. This is carried out
by turning on the new netlink flag - 'TIPC_NLA_NODE_KEY_MASTER'.
For example:
$ tipc node set key "this_is_a_master_key" master
The command's help menu is also updated to give a better description of
all the available options.
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
---
tipc/node.c | 46 +++++++++++++++++++++++++++++-----------------
1 file changed, 29 insertions(+), 17 deletions(-)
diff --git a/tipc/node.c b/tipc/node.c
index ffdaeaea..1ff0baa4 100644
--- a/tipc/node.c
+++ b/tipc/node.c
@@ -160,19 +160,21 @@ static int cmd_node_set_nodeid(struct nlmsghdr *nlh, const struct cmd *cmd,
static void cmd_node_set_key_help(struct cmdl *cmdl)
{
fprintf(stderr,
- "Usage: %s node set key KEY [algname ALGNAME] [nodeid NODEID]\n\n"
+ "Usage: %s node set key KEY [algname ALGNAME] [PROPERTIES]\n\n"
+ "KEY\n"
+ " Symmetric KEY & SALT as a composite ASCII or hex string (0x...) in form:\n"
+ " [KEY: 16, 24 or 32 octets][SALT: 4 octets]\n\n"
+ "ALGNAME\n"
+ " Cipher algorithm [default: \"gcm(aes)\"]\n\n"
"PROPERTIES\n"
- " KEY - Symmetric KEY & SALT as a normal or hex string\n"
- " that consists of two parts:\n"
- " [KEY: 16, 24 or 32 octets][SALT: 4 octets]\n\n"
- " algname ALGNAME - Default: \"gcm(aes)\"\n\n"
- " nodeid NODEID - Own or peer node identity to which the key will\n"
- " be attached. If not present, the key is a cluster\n"
- " key!\n\n"
+ " master - Set KEY as a cluster master key\n"
+ " <empty> - Set KEY as a cluster key\n"
+ " nodeid NODEID - Set KEY as a per-node key for own or peer\n\n"
"EXAMPLES\n"
- " %s node set key this_is_a_key16_salt algname \"gcm(aes)\" nodeid node1\n"
- " %s node set key 0x746869735F69735F615F6B657931365F73616C74 nodeid node2\n\n",
- cmdl->argv[0], cmdl->argv[0], cmdl->argv[0]);
+ " %s node set key this_is_a_master_key master\n"
+ " %s node set key 0x746869735F69735F615F6B657931365F73616C74\n"
+ " %s node set key this_is_a_key16_salt algname \"gcm(aes)\" nodeid 1001002\n\n",
+ cmdl->argv[0], cmdl->argv[0], cmdl->argv[0], cmdl->argv[0]);
}
static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
@@ -187,24 +189,21 @@ static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
struct opt opts[] = {
{ "algname", OPT_KEYVAL, NULL },
{ "nodeid", OPT_KEYVAL, NULL },
+ { "master", OPT_KEY, NULL },
{ NULL }
};
struct nlattr *nest;
- struct opt *opt_algname, *opt_nodeid;
+ struct opt *opt_algname, *opt_nodeid, *opt_master;
char buf[MNL_SOCKET_BUFFER_SIZE];
uint8_t id[TIPC_NODEID_LEN] = {0,};
int keysize;
char *str;
- if (help_flag) {
+ if (help_flag || cmdl->optind >= cmdl->argc) {
(cmd->help)(cmdl);
return -EINVAL;
}
- if (cmdl->optind >= cmdl->argc) {
- fprintf(stderr, "error, missing key\n");
- return -EINVAL;
- }
/* Get user key */
str = shift_cmdl(cmdl);
@@ -230,17 +229,30 @@ static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
return -EINVAL;
}
+ /* Get master key indication */
+ opt_master = get_opt(opts, "master");
+
+ /* Sanity check if wrong option */
+ if (opt_nodeid && opt_master) {
+ fprintf(stderr, "error, per-node key cannot be master\n");
+ return -EINVAL;
+ }
+
/* Init & do the command */
nlh = msg_init(buf, TIPC_NL_KEY_SET);
if (!nlh) {
fprintf(stderr, "error, message initialisation failed\n");
return -1;
}
+
nest = mnl_attr_nest_start(nlh, TIPC_NLA_NODE);
keysize = tipc_aead_key_size(&input.key);
mnl_attr_put(nlh, TIPC_NLA_NODE_KEY, keysize, &input.key);
if (opt_nodeid)
mnl_attr_put(nlh, TIPC_NLA_NODE_ID, TIPC_NODEID_LEN, id);
+ if (opt_master)
+ mnl_attr_put(nlh, TIPC_NLA_NODE_KEY_MASTER, 0, NULL);
+
mnl_attr_nest_end(nlh, nest);
return msg_doit(nlh, NULL, NULL);
}
--
2.26.2
next prev parent reply other threads:[~2020-10-18 5:21 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-16 16:01 [iproute2-next 0/2] tipc: add new options for TIPC encryption Tuong Lien
2020-10-16 16:02 ` Tuong Lien [this message]
2020-10-16 16:02 ` [iproute2-next 2/2] tipc: add option to set rekeying for encryption Tuong Lien
2020-10-20 15:06 ` [iproute2-next 0/2] tipc: add new options for TIPC encryption David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201016160201.7290-2-tuong.t.lien@dektech.com.au \
--to=tuong.t.lien@dektech.com.au \
--cc=dsahern@gmail.com \
--cc=jmaloy@redhat.com \
--cc=maloy@donjonn.com \
--cc=netdev@vger.kernel.org \
--cc=tipc-discussion@lists.sourceforge.net \
--cc=ying.xue@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).