[Pvfs2-cvs] commit by nlmills in pvfs2/src/common/security: pint-security.c pint-security.h security-hash.c

CVS commit program cvs at parl.clemson.edu
Tue May 20 15:28:37 EDT 2008


Update of /anoncvs/pvfs2/src/common/security
In directory parlweb1:/tmp/cvs-serv28830/src/common/security

Modified Files:
      Tag: cu-security-branch
	pint-security.c pint-security.h security-hash.c 
Log Message:
implemented private key loading and capability signatures


Index: pint-security.c
===================================================================
RCS file: /anoncvs/pvfs2/src/common/security/Attic/pint-security.c,v
diff -p -u -r1.1.2.13 -r1.1.2.14
--- pint-security.c	20 May 2008 19:05:23 -0000	1.1.2.13
+++ pint-security.c	20 May 2008 19:28:37 -0000	1.1.2.14
@@ -31,12 +31,17 @@
 
 /* TODO: move to global configuration */
 #define SECURITY_DEFAULT_KEYSTORE "/tmp/keystore"
+#define SECURITY_DEFAULT_PRIVKEYFILE  "/tmp/privkey.pem"
 
 
+/* the private key used for signing */
+static EVP_PKEY *security_privkey = NULL;
+
 static gen_mutex_t security_init_mutex = GEN_MUTEX_INITIALIZER;
 static int security_init_status = 0;
 
 
+static int load_private_key(const char*);
 static int load_public_keys(const char*);
 
 
@@ -67,6 +72,12 @@ int PINT_security_initialize(void)
     {
         return ret;
     }
+
+    ret = load_private_key(SECURITY_DEFAULT_PRIVKEYFILE);
+    if (ret < 0)
+    {
+        return -PVFS_EIO;
+    }
     
     /* TODO: better error handling */
     ret = load_public_keys(SECURITY_DEFAULT_KEYSTORE);
@@ -97,6 +108,8 @@ int PINT_security_finalize(void)
         return -PVFS_EALREADY;
     }
 
+    EVP_PKEY_free(security_privkey);
+
     EVP_cleanup();
     ERR_free_strings();
     SECURITY_hash_finalize();
@@ -107,6 +120,56 @@ int PINT_security_finalize(void)
     return 0;
 }
 
+int PINT_sign_capability(PVFS_capability *cap)
+{
+    EVP_MD_CTX mdctx;
+    unsigned siglen;
+    char buf[256];
+    int ret;
+
+    assert(security_privkey);
+
+    EVP_MD_CTX_init(&mdctx);
+
+    ret = EVP_SignInit_ex(&mdctx, EVP_sha1(), NULL);
+    if (!ret)
+    {
+        gossip_debug(GOSSIP_SECURITY_DEBUG, "Error signing capability: "
+                         "%s\n", ERR_error_string(ERR_get_error(), buf));
+        EVP_MD_CTX_cleanup(&mdctx);
+        return -1;
+    }
+
+    ret = EVP_SignUpdate(&mdctx, &cap->owner, sizeof(PVFS_handle));
+    ret &= EVP_SignUpdate(&mdctx, &cap->fsid, sizeof(PVFS_fs_id));
+    ret &= EVP_SignUpdate(&mdctx, &cap->timeout, sizeof(PVFS_time));
+    ret &= EVP_SignUpdate(&mdctx, &cap->op_mask, sizeof(uint32_t));
+    ret &= EVP_SignUpdate(&mdctx, &cap->num_handles, sizeof(uint32_t));
+    ret &= EVP_SignUpdate(&mdctx, cap->handle_array, cap->num_handles * 
+                          sizeof(PVFS_handle));
+
+    if (!ret)
+    {
+        gossip_debug(GOSSIP_SECURITY_DEBUG, "Error signing capability: "
+                         "%s\n", ERR_error_string(ERR_get_error(), buf));
+        EVP_MD_CTX_cleanup(&mdctx);
+        return -1;
+    }
+
+    ret = EVP_SignFinal(&mdctx, cap->signature, &siglen, security_privkey);
+    if (!ret)
+    {
+        gossip_debug(GOSSIP_SECURITY_DEBUG, "Error signing capability: "
+                         "%s\n", ERR_error_string(ERR_get_error(), buf));
+        EVP_MD_CTX_cleanup(&mdctx);
+        return -1;
+    }
+
+    EVP_MD_CTX_cleanup(&mdctx);        
+
+    return 0;
+}
+
 /*  PINT_verify_capability
  *
  *  Takes in a PVFS_capability structere and checks to see if the
@@ -175,6 +238,38 @@ int PINT_verify_capability(PVFS_capabili
     return ret;
 }
 
+/* load_private_key
+ *
+ * Reads the private key from a file in PEM format.
+ *
+ * returns -1 on error
+ * returns 0 on success
+ */
+static int load_private_key(const char *path)
+{
+    FILE *keyfile;
+    char buf[256];
+
+    keyfile = fopen(path, "r");
+    if (keyfile == NULL)
+    {
+        gossip_err("%s: %s\n", path, strerror(errno));
+        return -1;
+    }
+
+    security_privkey = PEM_read_PrivateKey(keyfile, NULL, NULL, NULL);
+    if (security_privkey == NULL)
+    {
+        gossip_debug(GOSSIP_SECURITY_DEBUG, "Error loading private key: "
+                         "%s\n", ERR_error_string(ERR_get_error(), buf));
+        fclose(keyfile);
+    }
+
+    fclose(keyfile);
+
+    return 0;
+}
+
 /*  load_public_keys
  *
  *  Internal function to load keys from a file.
@@ -262,7 +357,7 @@ static int load_public_keys(const char *
             {
                 PVFS_strerror_r(ret, buf, 1024);
                 gossip_debug(GOSSIP_SECURITY_DEBUG, "Error inserting public "
-                             "key: %s", buf);
+                             "key: %s\n", buf);
                 fclose(keyfile);
                 return -1;
             }

Index: pint-security.h
===================================================================
RCS file: /anoncvs/pvfs2/src/common/security/Attic/pint-security.h,v
diff -p -u -r1.1.2.7 -r1.1.2.8
--- pint-security.h	19 May 2008 19:21:34 -0000	1.1.2.7
+++ pint-security.h	20 May 2008 19:28:37 -0000	1.1.2.8
@@ -74,7 +74,7 @@ int PINT_security_finalize(void);
 /* creates a signature from the remaining fields
  * any existing signature is overwritten
  */
-void PINT_sign_capability(PVFS_capability *);
+int PINT_sign_capability(PVFS_capability *);
 
 /* computes a signature from the fields and compares 
  * to the existing signature returns non-zero if equal

Index: security-hash.c
===================================================================
RCS file: /anoncvs/pvfs2/src/common/security/Attic/security-hash.c,v
diff -p -u -r1.1.2.15 -r1.1.2.16
--- security-hash.c	20 May 2008 18:14:00 -0000	1.1.2.15
+++ security-hash.c	20 May 2008 19:28:37 -0000	1.1.2.16
@@ -196,7 +196,7 @@ static void free_pubkey_entry(void *to_f
     pubkey_entry_t *temp = (pubkey_entry_t *)to_free;
     if (temp != NULL)
     {
-        free(temp->pubkey);
+        EVP_PKEY_free(temp->pubkey);
         free(temp->host);
     }
 }



More information about the Pvfs2-cvs mailing list