Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-9073

SSK: lgss_sk generates keys with invalid HMAC and Crypto algorithms

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: Lustre 2.10.0
    • Fix Version/s: Lustre 2.10.0
    • Labels:
      None
    • Severity:
      3
    • Rank (Obsolete):
      9223372036854775807

      Description

      With the landing of commit c6f5e8121366be05765dabe0008165166d3f431c for LU-8602, lgss_sk now generates keys with invalid HMAC and Crypto algorithms. The HMAC and Crypto algorithms are being swapped.

      == Master HEAD at c6f5e8121366be05765dabe0008165166d3f431c ==

      1. lgss_sk -t server -f testfs -w testfs_test_with_LU-8602.key -d /dev/urandom
        Reading random data for shared key from '/dev/urandom'
      1. lgss_sk -r testfs_test_with_LU-8602.key
        warning: secret key 'testfs_test_with_LU-8602.key' has insecure file mode 0100400
        Version: 1
        Type: server
        HMAC alg: AES-256-CTR
        Crypto alg: sha256
        Ctx Expiration: 604800 seconds
        Shared keylen: 256 bits
        Prime length: 2048 bits
        File system: testfs
        MGS NIDs:
        Nodemap name: default

      == LU-8602 reverted ==

      1. lgss_sk -t server -f testfs -w testfs_test_without_LU-8602.key -d /dev/urandom
        Reading random data for shared key from '/dev/urandom'
      1. lgss_sk -r testfs_test_without_LU-8602.key
        warning: secret key 'testfs_test_without_LU-8602.key' has insecure file mode 0100400
        Version: 1
        Type: server
        HMAC alg: SHA256
        Crypto alg: AES-256-CTR
        Ctx Expiration: 604800 seconds
        Shared keylen: 256 bits
        Prime length: 2048 bits
        File system: testfs
        MGS NIDs:
        Nodemap name: default
      1. lgss_sk -r testfs_test_with_LU-8602.key
        warning: secret key 'testfs_test_with_LU-8602.key' has insecure file mode 0100400
        Invalid HMAC algorithm
        error: key configuration failed validation

      The problem manifests itself by logging the following when secure contexts are being instantiated:

      kernel: LustreError: 2559:0:(gss_sk_mech.c:172:sk_fill_context()) Invalid hmac type: 65541
      kernel: LustreError: 2559:0:(gss_sk_mech.c:172:sk_fill_context()) Skipped 1 previous similar message
      kernel: LustreError: 2559:0:(gss_svc_upcall.c:668:rsc_parse()) parse rsc error -22
      kernel: LustreError: 2559:0:(gss_svc_upcall.c:668:rsc_parse()) Skipped 1 previous similar message
      kernel: LustreError: 2450:0:(gss_svc_upcall.c:1018:gss_svc_upcall_handle_init()) authentication failed

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                simmonsja James A Simmons
                Reporter:
                nblavend Nathan Lavender
              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: