socsvn commit: r240072 - in soc2012/gpf/pefs_kmod: sbin/pefs
sys/fs/pefs
gpf at FreeBSD.org
gpf at FreeBSD.org
Sat Aug 4 17:40:12 UTC 2012
Author: gpf
Date: Sat Aug 4 17:40:09 2012
New Revision: 240072
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=240072
Log:
instead of generating DSA keys, ask them from user instead
Modified:
soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c
soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c
soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h
soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_checksum.c
Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Sat Aug 4 16:56:22 2012 (r240071)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Sat Aug 4 17:40:09 2012 (r240072)
@@ -1210,7 +1210,6 @@
return (error);
}
-
static int
pefs_write_checksum_file_header(int fdout, struct checksum_file_header *cfhp)
{
@@ -1438,27 +1437,17 @@
cfhp->offset_to_hash_table = PEFS_CFH_SIZE;
}
-/* generate dsa keys & write public key to a file */
+/* read dsa pubkey from file */
static EVP_PKEY *
-pefs_generate_dsa(FILE *pkfp)
+pefs_read_dsa_privkey(FILE *pk_fp)
{
- unsigned char seed[PEFS_SEED_LEN];
DSA *dsa;
EVP_PKEY *pkey;
int rval;
- RAND_bytes(seed, sizeof(seed));
- dsa = DSA_generate_parameters(PEFS_PLEN, seed, sizeof(seed), NULL,
- NULL, NULL, NULL);
+ dsa = PEM_read_DSAPrivateKey(pk_fp, NULL, NULL, NULL);
if (dsa == NULL) {
- pefs_warn("error generating dsa parameters");
- return (NULL);
- }
-
- rval = DSA_generate_key(dsa);
- if (rval != 1) {
- pefs_warn("error generating dsa key");
- DSA_free(dsa);
+ pefs_warn("error reading dsa pubkey");
return (NULL);
}
@@ -1468,6 +1457,7 @@
DSA_free(dsa);
return (NULL);
}
+
rval = EVP_PKEY_assign_DSA(pkey, dsa);
if (rval != 1) {
pefs_warn("error assigning dsa key");
@@ -1476,14 +1466,6 @@
return (NULL);
}
- rval = PEM_write_DSA_PUBKEY(pkfp, dsa);
- if (rval != 1) {
- pefs_warn("error writing dsa pubkey");
- EVP_PKEY_free(pkey);
- DSA_free(dsa);
- return (NULL);
- }
-
return (pkey);
}
@@ -1501,7 +1483,7 @@
/* XXXgpf: [TODO] offer option of DSA/RSA & appropriate digests */
/* generate keys */
- pkey = pefs_generate_dsa(pkfp);
+ pkey = pefs_read_dsa_privkey(pkfp);
if (pkey == NULL)
return (PEFS_ERR_SYS);
@@ -1569,7 +1551,7 @@
/* read dsa pubkey from file */
static EVP_PKEY *
-pefs_read_dsa(FILE *pk_fp)
+pefs_read_dsa_pubkey(FILE *pk_fp)
{
DSA *dsa;
EVP_PKEY *pkey;
@@ -1611,7 +1593,7 @@
int bytes, error, rval, sign_len;
/* read public key from .pefs.pkey */
- pkey = pefs_read_dsa(pk_fp);
+ pkey = pefs_read_dsa_pubkey(pk_fp);
if (pkey == NULL)
return (PEFS_ERR_SYS);
@@ -1690,19 +1672,14 @@
* If .pefs.checksum is created inside pefs mounted fs, then it will obtain an
* encrypted filename & encrypted data, which is unacceptable. User should
* create checksum file outside of filesystem and then copy it by hand.
- * Alongside with the checksum file, we will create two additional files as
- * placeholders for the public key and the file's digital signature.
*/
static int
-pefs_open_checksum_files(int *fdp, char *fsroot, char *csm_path, FILE **pkfpp,
- char *pk_path)
+pefs_open_checksum_file(int *fdp, char *fsroot, char *csm_path)
{
struct statfs pefs_fs, checksum_fs;
- FILE *pkfp;
int fd;
*fdp = -1;
- *pkfpp = NULL;
/* create checksum file */
fd = open(csm_path, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
@@ -1730,15 +1707,6 @@
return (PEFS_ERR_INVALID);
}
- /* create files for the public key and .pefs.checksum's signature */
- pkfp = fopen(pk_path, "wx");
- if (pkfp == NULL) {
- warn("cannot open %s", pk_path);
- return (PEFS_ERR_SYS);
- }
-
- *pkfpp = pkfp;
-
return (0);
}
@@ -1752,12 +1720,11 @@
*/
int
pefs_create_checksum_file(FILE *fpin, char *fsroot, char *csm_path,
- char *pk_path, const char *algo, int flags)
+ FILE *pk_fp, const char *algo, int flags)
{
struct cuckoo_hash_table checksum_hash_table;
struct checksum_file_header cfh;
const EVP_MD *md;
- FILE *pkfp;
int error, fdout;
uint8_t hash_len;
@@ -1772,7 +1739,7 @@
pefs_init_hash_table(&checksum_hash_table);
- error = pefs_open_checksum_files(&fdout, fsroot, csm_path, &pkfp, pk_path);
+ error = pefs_open_checksum_file(&fdout, fsroot, csm_path);
if (error != 0)
goto out;
@@ -1787,7 +1754,7 @@
if (error != 0)
goto out;
- error = pefs_sign_file(fdout, pkfp);
+ error = pefs_sign_file(fdout, pk_fp);
out:
if (fdout >= 0) {
@@ -1795,11 +1762,6 @@
if (error != 0)
unlink(csm_path);
}
- if (pkfp != NULL) {
- fclose(pkfp);
- if (error != 0)
- unlink(pk_path);
- }
pefs_free_hash_table(&checksum_hash_table);
return (error);
@@ -2338,7 +2300,6 @@
return (error);
}
-
/* retrieve and then print the name checksum ID for a given filename */
int
pefs_filename_to_id(char *file_path, int flags)
Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Sat Aug 4 16:56:22 2012 (r240071)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Sat Aug 4 17:40:09 2012 (r240072)
@@ -1041,19 +1041,20 @@
char fsroot[MAXPATHLEN + 1];
char csm_path[MAXPATHLEN + 1], pk_path[MAXPATHLEN + 1];
struct stat sb;
- FILE *fpin;
+ FILE *fpin, *pk_fp;
int error, flags, i, j;
const char *algo;
flags = 0;
fpin = stdin;
+ pk_fp = NULL;
/* by default use sha256 */
algo = supported_digests[0];
/* by default create checksum files under $PWD */
snprintf(csm_path, sizeof(csm_path), "./%s", PEFS_FILE_CHECKSUM);
snprintf(pk_path, sizeof(pk_path), "./%s", PEFS_FILE_PKEY);
- while ((i = getopt(argc, argv, "fa:i:p:")) != -1)
+ while ((i = getopt(argc, argv, "fa:i:k:p:")) != -1)
switch(i) {
case 'a':
for (j=0; j < PEFS_SUPPORTED_DIGESTS; j++)
@@ -1079,6 +1080,14 @@
goto out;
}
break;
+ case 'k':
+ pk_fp = fopen(optarg, "r");
+ if (pk_fp == NULL) {
+ warn("error opening privkey file %s", optarg);
+ error = PEFS_ERR_SYS;
+ goto out;
+ }
+ break;
case 'p':
if (stat(optarg, &sb) != 0) {
warn("cannot stat file %s", optarg);
@@ -1105,14 +1114,21 @@
argc -= optind;
argv += optind;
+ if (pk_fp == NULL) {
+ pefs_warn("user must provide a file containing the public key");
+ return (PEFS_ERR_INVALID);
+ }
+
initfsroot(argc, argv, 0, fsroot, sizeof(fsroot));
- error = pefs_create_checksum_file(fpin, fsroot, csm_path, pk_path,
+ error = pefs_create_checksum_file(fpin, fsroot, csm_path, pk_fp,
algo, flags);
out:
if (fpin != NULL)
fclose(fpin);
+ if (pk_fp != NULL)
+ fclose(pk_fp);
return (error);
}
@@ -1152,8 +1168,7 @@
pefs_verify(int argc, char *argv[])
{
struct stat sb;
- char fsroot[MAXPATHLEN + 1], pk_path[MAXPATHLEN + 1];
- char *dirnamep;
+ char fsroot[MAXPATHLEN + 1];
FILE *pk_fp;
int error, fdin, flags, i;
@@ -1165,7 +1180,7 @@
case 'k':
pk_fp = fopen(optarg, "r");
if (pk_fp == NULL) {
- warn("error opening pkey file %s", optarg);
+ warn("error opening pubkey file %s", optarg);
error = PEFS_ERR_SYS;
goto out;
}
@@ -1190,6 +1205,11 @@
argc -= optind;
argv += optind;
+ if (pk_fp == NULL) {
+ pefs_warn("user must provide a file containing the public key");
+ return (PEFS_ERR_INVALID);
+ }
+
if (argc != 2) {
if (argc < 2)
warnx("too few arguments");
@@ -1204,16 +1224,6 @@
error = PEFS_ERR_INVALID;
goto out;
}
- dirnamep = dirname(argv[0]);
- if (pk_fp == NULL) {
- snprintf(pk_path, sizeof(pk_path), "%s/%s", dirnamep, PEFS_FILE_PKEY);
- pk_fp = fopen(pk_path, "r");
- if (pk_fp == NULL) {
- warn("error opening pkey file %s", pk_path);
- error = PEFS_ERR_SYS;
- goto out;
- }
- }
argc -=1;
argv +=1;
Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h Sat Aug 4 16:56:22 2012 (r240071)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.h Sat Aug 4 17:40:09 2012 (r240072)
@@ -104,7 +104,7 @@
const struct pefs_xkey *xk_parent);
uintmax_t pefs_keyid_as_int(char *keyid);
int pefs_create_checksum_file(FILE *fpin, char *fsroot, char *csm_path,
- char *pk_path, const char *algo, int flags);
+ FILE *pk_fp, const char *algo, int flags);
int pefs_verify_checksum(int fdin, FILE *pk_fp, char *fsroot, int flags);
int pefs_filename_to_id(char *file_path, int flags);
Modified: soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_checksum.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_checksum.c Sat Aug 4 16:56:22 2012 (r240071)
+++ soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_checksum.c Sat Aug 4 17:40:09 2012 (r240072)
@@ -406,7 +406,7 @@
long *p;
int error;
- printf("integrity checking!\noffset %llu\n", offset);
+ dprintf(("integrity checking!\noffset %llu\n", offset));
/*
* XXXgpf: For the moment, this flag's only purpose is to deny read access
More information about the svn-soc-all
mailing list