Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-9073

SSK: lgss_sk generates keys with invalid HMAC and Crypto algorithms

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • Lustre 2.10.0
    • Lustre 2.10.0
    • None
    • 3
    • 9223372036854775807

    Description

      With the landing of commit c6f5e8121366be05765dabe0008165166d3f431c for LU-8602, lgss_sk now generates keys with invalid HMAC and Crypto algorithms. The HMAC and Crypto algorithms are being swapped.

      == Master HEAD at c6f5e8121366be05765dabe0008165166d3f431c ==

      1. lgss_sk -t server -f testfs -w testfs_test_with_LU-8602.key -d /dev/urandom
        Reading random data for shared key from '/dev/urandom'
      1. lgss_sk -r testfs_test_with_LU-8602.key
        warning: secret key 'testfs_test_with_LU-8602.key' has insecure file mode 0100400
        Version: 1
        Type: server
        HMAC alg: AES-256-CTR
        Crypto alg: sha256
        Ctx Expiration: 604800 seconds
        Shared keylen: 256 bits
        Prime length: 2048 bits
        File system: testfs
        MGS NIDs:
        Nodemap name: default

      == LU-8602 reverted ==

      1. lgss_sk -t server -f testfs -w testfs_test_without_LU-8602.key -d /dev/urandom
        Reading random data for shared key from '/dev/urandom'
      1. lgss_sk -r testfs_test_without_LU-8602.key
        warning: secret key 'testfs_test_without_LU-8602.key' has insecure file mode 0100400
        Version: 1
        Type: server
        HMAC alg: SHA256
        Crypto alg: AES-256-CTR
        Ctx Expiration: 604800 seconds
        Shared keylen: 256 bits
        Prime length: 2048 bits
        File system: testfs
        MGS NIDs:
        Nodemap name: default
      1. lgss_sk -r testfs_test_with_LU-8602.key
        warning: secret key 'testfs_test_with_LU-8602.key' has insecure file mode 0100400
        Invalid HMAC algorithm
        error: key configuration failed validation

      The problem manifests itself by logging the following when secure contexts are being instantiated:

      kernel: LustreError: 2559:0:(gss_sk_mech.c:172:sk_fill_context()) Invalid hmac type: 65541
      kernel: LustreError: 2559:0:(gss_sk_mech.c:172:sk_fill_context()) Skipped 1 previous similar message
      kernel: LustreError: 2559:0:(gss_svc_upcall.c:668:rsc_parse()) parse rsc error -22
      kernel: LustreError: 2559:0:(gss_svc_upcall.c:668:rsc_parse()) Skipped 1 previous similar message
      kernel: LustreError: 2450:0:(gss_svc_upcall.c:1018:gss_svc_upcall_handle_init()) authentication failed

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-9582 gssnull instability

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. LU-9086 obd_config.c:1258:class_process_config()) no device for:

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. LU-9430 logic errors in lgss_sk code

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-9567 sptlrpc rules are not being updated

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. LU-8602 Support GSS crypto code with linux 4.6 kernels

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            [LU-9073] SSK: lgss_sk generates keys with invalid HMAC and Crypto algorithms
            pjones Peter Jones made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
            pjones Peter Jones made changes -
            Priority Original: Critical [ 2 ] New: Blocker [ 1 ]
            adilger Andreas Dilger made changes -
            Link New: This issue is related to LU-9567 [ LU-9567 ]
            simmonsja James A Simmons made changes -
            Link New: This issue is related to LU-9582 [ LU-9582 ]
            adilger Andreas Dilger made changes -
            Priority Original: Minor [ 4 ] New: Critical [ 2 ]
            simmonsja James A Simmons made changes -
            Status Original: Open [ 1 ] New: In Progress [ 3 ]
            adilger Andreas Dilger made changes -
            Link New: This issue is related to LU-9430 [ LU-9430 ]
            pjones Peter Jones made changes -
            Fix Version/s New: Lustre 2.10.0 [ 12204 ]
            simmonsja James A Simmons made changes -
            Link New: This issue is related to LU-9086 [ LU-9086 ]
            adilger Andreas Dilger made changes -
            Link New: This issue is related to LU-8602 [ LU-8602 ]

            People

              simmonsja James A Simmons
              nblavend Nathan Lavender (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: