Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-9073

SSK: lgss_sk generates keys with invalid HMAC and Crypto algorithms

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • Lustre 2.10.0
    • Lustre 2.10.0
    • None
    • 3
    • 9223372036854775807

    Description

      With the landing of commit c6f5e8121366be05765dabe0008165166d3f431c for LU-8602, lgss_sk now generates keys with invalid HMAC and Crypto algorithms. The HMAC and Crypto algorithms are being swapped.

      == Master HEAD at c6f5e8121366be05765dabe0008165166d3f431c ==

      1. lgss_sk -t server -f testfs -w testfs_test_with_LU-8602.key -d /dev/urandom
        Reading random data for shared key from '/dev/urandom'
      1. lgss_sk -r testfs_test_with_LU-8602.key
        warning: secret key 'testfs_test_with_LU-8602.key' has insecure file mode 0100400
        Version: 1
        Type: server
        HMAC alg: AES-256-CTR
        Crypto alg: sha256
        Ctx Expiration: 604800 seconds
        Shared keylen: 256 bits
        Prime length: 2048 bits
        File system: testfs
        MGS NIDs:
        Nodemap name: default

      == LU-8602 reverted ==

      1. lgss_sk -t server -f testfs -w testfs_test_without_LU-8602.key -d /dev/urandom
        Reading random data for shared key from '/dev/urandom'
      1. lgss_sk -r testfs_test_without_LU-8602.key
        warning: secret key 'testfs_test_without_LU-8602.key' has insecure file mode 0100400
        Version: 1
        Type: server
        HMAC alg: SHA256
        Crypto alg: AES-256-CTR
        Ctx Expiration: 604800 seconds
        Shared keylen: 256 bits
        Prime length: 2048 bits
        File system: testfs
        MGS NIDs:
        Nodemap name: default
      1. lgss_sk -r testfs_test_with_LU-8602.key
        warning: secret key 'testfs_test_with_LU-8602.key' has insecure file mode 0100400
        Invalid HMAC algorithm
        error: key configuration failed validation

      The problem manifests itself by logging the following when secure contexts are being instantiated:

      kernel: LustreError: 2559:0:(gss_sk_mech.c:172:sk_fill_context()) Invalid hmac type: 65541
      kernel: LustreError: 2559:0:(gss_sk_mech.c:172:sk_fill_context()) Skipped 1 previous similar message
      kernel: LustreError: 2559:0:(gss_svc_upcall.c:668:rsc_parse()) parse rsc error -22
      kernel: LustreError: 2559:0:(gss_svc_upcall.c:668:rsc_parse()) Skipped 1 previous similar message
      kernel: LustreError: 2450:0:(gss_svc_upcall.c:1018:gss_svc_upcall_handle_init()) authentication failed

      Attachments

        Issue Links

          Activity

            People

              simmonsja James A Simmons
              nblavend Nathan Lavender (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: