[Pvfs2-cvs] commit by nlmills in pvfs2/src/common/security:
pint-security.c pint-security.h rsa_security.h
CVS commit program
cvs at parl.clemson.edu
Wed May 21 15:04:07 EDT 2008
Update of /anoncvs/pvfs2/src/common/security
In directory parlweb1:/tmp/cvs-serv9133/src/common/security
Modified Files:
Tag: cu-security-branch
pint-security.c pint-security.h
Removed Files:
Tag: cu-security-branch
rsa_security.h
Log Message:
reverted prev changes, removed separate rsa header, general cleanup
Index: pint-security.c
===================================================================
RCS file: /anoncvs/pvfs2/src/common/security/Attic/pint-security.c,v
diff -p -u -r1.1.2.18 -r1.1.2.19
--- pint-security.c 21 May 2008 18:06:16 -0000 1.1.2.18
+++ pint-security.c 21 May 2008 19:04:07 -0000 1.1.2.19
@@ -31,10 +31,9 @@
/* TODO: move to global configuration */
-#define SECURITY_DEFAULT_KEYSTORE "/tmp/keystore"
+#define SECURITY_DEFAULT_KEYSTORE "/tmp/keystore"
#define SECURITY_DEFAULT_PRIVKEYFILE "/tmp/privkey.pem"
-#define SECURITY_DEFAULT_TIMEOUT 3600
-#define SECURITY_ENCRYPTION EVP_sha1()
+#define SECURITY_DEFAULT_TIMEOUT 3600 /* 1 hour */
/* the private key used for signing */
@@ -134,6 +133,7 @@ int PINT_security_finalize(void)
int PINT_sign_capability(PVFS_capability *cap)
{
EVP_MD_CTX mdctx;
+ unsigned siglen;
char buf[256];
int ret;
@@ -144,7 +144,7 @@ int PINT_sign_capability(PVFS_capability
EVP_MD_CTX_init(&mdctx);
- ret = EVP_SignInit_ex(&mdctx, SECURITY_ENCRYPTION, NULL);
+ ret = EVP_SignInit_ex(&mdctx, EVP_sha1(), NULL);
if (!ret)
{
gossip_debug(GOSSIP_SECURITY_DEBUG, "Error signing capability: "
@@ -152,8 +152,6 @@ int PINT_sign_capability(PVFS_capability
EVP_MD_CTX_cleanup(&mdctx);
return -1;
}
- cap->signature = (PVFS_sig)malloc(sizeof(EVP_PKEY_size(
- security_privkey)));
ret = EVP_SignUpdate(&mdctx, &cap->owner, sizeof(PVFS_handle));
ret &= EVP_SignUpdate(&mdctx, &cap->fsid, sizeof(PVFS_fs_id));
@@ -171,8 +169,7 @@ int PINT_sign_capability(PVFS_capability
return -1;
}
- ret = EVP_SignFinal(&mdctx, cap->signature, &cap->sig_size,
- security_privkey);
+ ret = EVP_SignFinal(&mdctx, cap->signature, &siglen, security_privkey);
if (!ret)
{
gossip_debug(GOSSIP_SECURITY_DEBUG, "Error signing capability: "
@@ -197,6 +194,7 @@ int PINT_sign_capability(PVFS_capability
int PINT_verify_capability(PVFS_capability *data)
{
EVP_MD_CTX mdctx;
+ const EVP_MD *md;
int ret;
char *buf;
EVP_PKEY *pubkey;
@@ -233,8 +231,10 @@ int PINT_verify_capability(PVFS_capabili
}
free(buf);
+ md = EVP_sha1();
+
EVP_MD_CTX_init(&mdctx);
- ret = EVP_VerifyInit_ex(&mdctx, SECURITY_ENCRYPTION, NULL);
+ ret = EVP_VerifyInit_ex(&mdctx, md, NULL);
if (ret)
{
ret = EVP_VerifyUpdate(&mdctx, &(data->owner), sizeof(PVFS_handle));
@@ -247,8 +247,7 @@ int PINT_verify_capability(PVFS_capabili
sizeof(PVFS_handle) * data->num_handles);
if (ret)
{
- ret = EVP_VerifyFinal(&mdctx, data->signature, data->sig_size,
- pubkey);
+ ret = EVP_VerifyFinal(&mdctx, data->signature, 128, pubkey);
}
else
{
Index: pint-security.h
===================================================================
RCS file: /anoncvs/pvfs2/src/common/security/Attic/pint-security.h,v
diff -p -u -r1.1.2.9 -r1.1.2.10
--- pint-security.h 21 May 2008 18:06:16 -0000 1.1.2.9
+++ pint-security.h 21 May 2008 19:04:07 -0000 1.1.2.10
@@ -6,13 +6,15 @@
#ifndef PINT_SECURITY_H
#define PINT_SECURITY_H
+
#include "pvfs2-config.h"
#include "pvfs2-types.h"
-/* NOTE: add signer ID to each structure */
-
typedef unsigned char *PVFS_sig;
+
+/* TODO: encode and decode PVFS_sig */
+
typedef struct PVFS_capability PVFS_capability;
struct PVFS_capability {
PVFS_handle owner;
More information about the Pvfs2-cvs
mailing list