Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
Lustre 2.10.0
-
None
-
3
-
9223372036854775807
Description
With the landing of commit c6f5e8121366be05765dabe0008165166d3f431c for LU-8602, lgss_sk now generates keys with invalid HMAC and Crypto algorithms. The HMAC and Crypto algorithms are being swapped.
== Master HEAD at c6f5e8121366be05765dabe0008165166d3f431c ==
- lgss_sk -t server -f testfs -w testfs_test_with_
LU-8602.key -d /dev/urandom
Reading random data for shared key from '/dev/urandom'
- lgss_sk -r testfs_test_with_
LU-8602.key
warning: secret key 'testfs_test_with_LU-8602.key' has insecure file mode 0100400
Version: 1
Type: server
HMAC alg: AES-256-CTR
Crypto alg: sha256
Ctx Expiration: 604800 seconds
Shared keylen: 256 bits
Prime length: 2048 bits
File system: testfs
MGS NIDs:
Nodemap name: default
== LU-8602 reverted ==
- lgss_sk -t server -f testfs -w testfs_test_without_
LU-8602.key -d /dev/urandom
Reading random data for shared key from '/dev/urandom'
- lgss_sk -r testfs_test_without_
LU-8602.key
warning: secret key 'testfs_test_without_LU-8602.key' has insecure file mode 0100400
Version: 1
Type: server
HMAC alg: SHA256
Crypto alg: AES-256-CTR
Ctx Expiration: 604800 seconds
Shared keylen: 256 bits
Prime length: 2048 bits
File system: testfs
MGS NIDs:
Nodemap name: default
- lgss_sk -r testfs_test_with_
LU-8602.key
warning: secret key 'testfs_test_with_LU-8602.key' has insecure file mode 0100400
Invalid HMAC algorithm
error: key configuration failed validation
The problem manifests itself by logging the following when secure contexts are being instantiated:
kernel: LustreError: 2559:0:(gss_sk_mech.c:172:sk_fill_context()) Invalid hmac type: 65541
kernel: LustreError: 2559:0:(gss_sk_mech.c:172:sk_fill_context()) Skipped 1 previous similar message
kernel: LustreError: 2559:0:(gss_svc_upcall.c:668:rsc_parse()) parse rsc error -22
kernel: LustreError: 2559:0:(gss_svc_upcall.c:668:rsc_parse()) Skipped 1 previous similar message
kernel: LustreError: 2450:0:(gss_svc_upcall.c:1018:gss_svc_upcall_handle_init()) authentication failed