Date: Sat, 04 Aug 2012 17:40:10 +0000 From: gpf@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r240072 - in soc2012/gpf/pefs_kmod: sbin/pefs sys/fs/pefs Message-ID: <20120804174010.719B7106566C@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gpf Date: Sat Aug 4 17:40:09 2012 New Revision: 240072 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=240072 Log: instead of generating DSA keys, ask them from user instead Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_checksum.c Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Sat Aug 4 16:56:22 2012 (r240071) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Sat Aug 4 17:40:09 2012 (r240072) @@ -1210,7 +1210,6 @@ return (error); } - static int pefs_write_checksum_file_header(int fdout, struct checksum_file_header *cfhp) { @@ -1438,27 +1437,17 @@ cfhp->offset_to_hash_table = PEFS_CFH_SIZE; } -/* generate dsa keys & write public key to a file */ +/* read dsa pubkey from file */ static EVP_PKEY * -pefs_generate_dsa(FILE *pkfp) +pefs_read_dsa_privkey(FILE *pk_fp) { - unsigned char seed[PEFS_SEED_LEN]; DSA *dsa; EVP_PKEY *pkey; int rval; - RAND_bytes(seed, sizeof(seed)); - dsa = DSA_generate_parameters(PEFS_PLEN, seed, sizeof(seed), NULL, - NULL, NULL, NULL); + dsa = PEM_read_DSAPrivateKey(pk_fp, NULL, NULL, NULL); if (dsa == NULL) { - pefs_warn("error generating dsa parameters"); - return (NULL); - } - - rval = DSA_generate_key(dsa); - if (rval != 1) { - pefs_warn("error generating dsa key"); - DSA_free(dsa); + pefs_warn("error reading dsa pubkey"); return (NULL); } @@ -1468,6 +1457,7 @@ DSA_free(dsa); return (NULL); } + rval = EVP_PKEY_assign_DSA(pkey, dsa); if (rval != 1) { pefs_warn("error assigning dsa key"); @@ -1476,14 +1466,6 @@ return (NULL); } - rval = PEM_write_DSA_PUBKEY(pkfp, dsa); - if (rval != 1) { - pefs_warn("error writing dsa pubkey"); - EVP_PKEY_free(pkey); - DSA_free(dsa); - return (NULL); - } - return (pkey); } @@ -1501,7 +1483,7 @@ /* XXXgpf: [TODO] offer option of DSA/RSA & appropriate digests */ /* generate keys */ - pkey = pefs_generate_dsa(pkfp); + pkey = pefs_read_dsa_privkey(pkfp); if (pkey == NULL) return (PEFS_ERR_SYS); @@ -1569,7 +1551,7 @@ /* read dsa pubkey from file */ static EVP_PKEY * -pefs_read_dsa(FILE *pk_fp) +pefs_read_dsa_pubkey(FILE *pk_fp) { DSA *dsa; EVP_PKEY *pkey; @@ -1611,7 +1593,7 @@ int bytes, error, rval, sign_len; /* read public key from .pefs.pkey */ - pkey = pefs_read_dsa(pk_fp); + pkey = pefs_read_dsa_pubkey(pk_fp); if (pkey == NULL) return (PEFS_ERR_SYS); @@ -1690,19 +1672,14 @@ * If .pefs.checksum is created inside pefs mounted fs, then it will obtain an * encrypted filename & encrypted data, which is unacceptable. User should * create checksum file outside of filesystem and then copy it by hand. - * Alongside with the checksum file, we will create two additional files as - * placeholders for the public key and the file's digital signature. */ static int -pefs_open_checksum_files(int *fdp, char *fsroot, char *csm_path, FILE **pkfpp, - char *pk_path) +pefs_open_checksum_file(int *fdp, char *fsroot, char *csm_path) { struct statfs pefs_fs, checksum_fs; - FILE *pkfp; int fd; *fdp = -1; - *pkfpp = NULL; /* create checksum file */ fd = open(csm_path, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); @@ -1730,15 +1707,6 @@ return (PEFS_ERR_INVALID); } - /* create files for the public key and .pefs.checksum's signature */ - pkfp = fopen(pk_path, "wx"); - if (pkfp == NULL) { - warn("cannot open %s", pk_path); - return (PEFS_ERR_SYS); - } - - *pkfpp = pkfp; - return (0); } @@ -1752,12 +1720,11 @@ */ int pefs_create_checksum_file(FILE *fpin, char *fsroot, char *csm_path, - char *pk_path, const char *algo, int flags) + FILE *pk_fp, const char *algo, int flags) { struct cuckoo_hash_table checksum_hash_table; struct checksum_file_header cfh; const EVP_MD *md; - FILE *pkfp; int error, fdout; uint8_t hash_len; @@ -1772,7 +1739,7 @@ pefs_init_hash_table(&checksum_hash_table); - error = pefs_open_checksum_files(&fdout, fsroot, csm_path, &pkfp, pk_path); + error = pefs_open_checksum_file(&fdout, fsroot, csm_path); if (error != 0) goto out; @@ -1787,7 +1754,7 @@ if (error != 0) goto out; - error = pefs_sign_file(fdout, pkfp); + error = pefs_sign_file(fdout, pk_fp); out: if (fdout >= 0) { @@ -1795,11 +1762,6 @@ if (error != 0) unlink(csm_path); } - if (pkfp != NULL) { - fclose(pkfp); - if (error != 0) - unlink(pk_path); - } pefs_free_hash_table(&checksum_hash_table); return (error); @@ -2338,7 +2300,6 @@ return (error); } - /* retrieve and then print the name checksum ID for a given filename */ int pefs_filename_to_id(char *file_path, int flags) Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Sat Aug 4 16:56:22 2012 (r240071) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Sat Aug 4 17:40:09 2012 (r240072) @@ -1041,19 +1041,20 @@ char fsroot[MAXPATHLEN + 1]; char csm_path[MAXPATHLEN + 1], pk_path[MAXPATHLEN + 1]; struct stat sb; - FILE *fpin; + FILE *fpin, *pk_fp; int error, flags, i, j; const char *algo; flags = 0; fpin = stdin; + pk_fp = NULL; /* by default use sha256 */ algo = supported_digests[0]; /* by default create checksum files under $PWD */ snprintf(csm_path, sizeof(csm_path), "./%s", PEFS_FILE_CHECKSUM); snprintf(pk_path, sizeof(pk_path), "./%s", PEFS_FILE_PKEY); - while ((i = getopt(argc, argv, "fa:i:p:")) != -1) + while ((i = getopt(argc, argv, "fa:i:k:p:")) != -1) switch(i) { case 'a': for (j=0; j < PEFS_SUPPORTED_DIGESTS; j++) @@ -1079,6 +1080,14 @@ goto out; } break; + case 'k': + pk_fp = fopen(optarg, "r"); + if (pk_fp == NULL) { + warn("error opening privkey file %s", optarg); + error = PEFS_ERR_SYS; + goto out; + } + break; case 'p': if (stat(optarg, &sb) != 0) { warn("cannot stat file %s", optarg); @@ -1105,14 +1114,21 @@ argc -= optind; argv += optind; + if (pk_fp == NULL) { + pefs_warn("user must provide a file containing the public key"); + return (PEFS_ERR_INVALID); + } + initfsroot(argc, argv, 0, fsroot, sizeof(fsroot)); - error = pefs_create_checksum_file(fpin, fsroot, csm_path, pk_path, + error = pefs_create_checksum_file(fpin, fsroot, csm_path, pk_fp, algo, flags); out: if (fpin != NULL) fclose(fpin); + if (pk_fp != NULL) + fclose(pk_fp); return (error); } @@ -1152,8 +1168,7 @@ pefs_verify(int argc, char *argv[]) { struct stat sb; - char fsroot[MAXPATHLEN + 1], pk_path[MAXPATHLEN + 1]; - char *dirnamep; + char fsroot[MAXPATHLEN + 1]; FILE *pk_fp; int error, fdin, flags, i; @@ -1165,7 +1180,7 @@ case 'k': pk_fp = fopen(optarg, "r"); if (pk_fp == NULL) { - warn("error opening pkey file %s", optarg); + warn("error opening pubkey file %s", optarg); error = PEFS_ERR_SYS; goto out; } @@ -1190,6 +1205,11 @@ argc -= optind; argv += optind; + if (pk_fp == NULL) { + pefs_warn("user must provide a file containing the public key"); + return (PEFS_ERR_INVALID); + } + if (argc != 2) { if (argc < 2) warnx("too few arguments"); @@ -1204,16 +1224,6 @@ error = PEFS_ERR_INVALID; goto out; } - dirnamep = dirname(argv[0]); - if (pk_fp == NULL) { - snprintf(pk_path, sizeof(pk_path), "%s/%s", dirnamep, PEFS_FILE_PKEY); - pk_fp = fopen(pk_path, "r"); - if (pk_fp == NULL) { - warn("error opening pkey file %s", pk_path); - error = PEFS_ERR_SYS; - goto out; - } - } argc -=1; argv +=1; Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h Sat Aug 4 16:56:22 2012 (r240071) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h Sat Aug 4 17:40:09 2012 (r240072) @@ -104,7 +104,7 @@ const struct pefs_xkey *xk_parent); uintmax_t pefs_keyid_as_int(char *keyid); int pefs_create_checksum_file(FILE *fpin, char *fsroot, char *csm_path, - char *pk_path, const char *algo, int flags); + FILE *pk_fp, const char *algo, int flags); int pefs_verify_checksum(int fdin, FILE *pk_fp, char *fsroot, int flags); int pefs_filename_to_id(char *file_path, int flags); Modified: soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_checksum.c ============================================================================== --- soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_checksum.c Sat Aug 4 16:56:22 2012 (r240071) +++ soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_checksum.c Sat Aug 4 17:40:09 2012 (r240072) @@ -406,7 +406,7 @@ long *p; int error; - printf("integrity checking!\noffset %llu\n", offset); + dprintf(("integrity checking!\noffset %llu\n", offset)); /* * XXXgpf: For the moment, this flag's only purpose is to deny read access
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120804174010.719B7106566C>