PERFORCE change 171215 for review

Tue Dec 1 00:03:40 UTC 2009

http://p4web.freebsd.org/chv.cgi?CH=171215

Change 171215 by gk at gk_h1 on 2009/12/01 00:03:14

	sync sources before moving to github: http://github.com/glk/pefs
	it's likely to be last commit to this branch.
	
	implement pefs getkey command

Affected files ...

.. //depot/projects/soc2009/gk_pefs/sbin/pefs/pefs.8#2 edit
.. //depot/projects/soc2009/gk_pefs/sbin/pefs/pefs_ctl.c#14 edit
.. //depot/projects/soc2009/gk_pefs/sys/fs/pefs/pefs.h#17 edit
.. //depot/projects/soc2009/gk_pefs/sys/fs/pefs/pefs_vnops.c#28 edit

Differences ...

==== //depot/projects/soc2009/gk_pefs/sbin/pefs/pefs.8#2 (text+ko) ====

@@ -49,13 +49,6 @@
 .Op Fl k Ar keyfile
 .Ar filesystem
 .Nm
-.Cm setkey
-.Op Fl cCpvx
-.Op Fl a Ar alg
-.Op Fl i Ar iterations
-.Op Fl k Ar keyfile
-.Ar directory
-.Nm
 .Cm delkey
 .Op Fl cCpv
 .Op Fl i Ar iterations
@@ -65,6 +58,17 @@
 .Cm flushkeys
 .Ar filesystem
 .Nm
+.Cm getkey
+.Op Fl t
+.Ar file
+.Nm
+.Cm setkey
+.Op Fl cCpvx
+.Op Fl a Ar alg
+.Op Fl i Ar iterations
+.Op Fl k Ar keyfile
+.Ar directory
+.Nm
 .Cm showkeys
 .Op Fl t
 .Ar filesystem
@@ -154,6 +158,20 @@
 .It Cm addkey Ar filesystem
 Add key to the
 .Ar filesystem
+.It Cm delkey Ar filesystem
+Delete key from
+.Ar filesystem .
+Command doesn't accept
+.Fl a Ar alg
+argument because the key fingerprint generated from the key doesn't depend on
+encryption algorithm.
+.It Cm getkey Ar file
+Print fingerprint of the key used by
+.Ar file .
+.It Cm flushkeys Ar filesystem
+Delete all keys from
+.Ar filesystem .
+After the command all opened files would become unavailable.
 .It Cm setkey Ar directory
 Change default key for the
 .Ar directory .
@@ -165,17 +183,6 @@
 are not changed and no data is re-encrypted with new key.
 .Fl x
 option can be used to add a new key to file system if it isn't found.
-.It Cm delkey Ar filesystem
-Delete key from
-.Ar filesystem .
-Command doesn't accept
-.Fl a Ar alg
-argument because the key fingerprint generated from the key doesn't depend on
-encryption algorithm.
-.It Cm flushkeys Ar filesystem
-Delete all keys from
-.Ar filesystem .
-After the command all opened files would become unavailable.
 .It Cm showkeys Ar filesystem
 Print fingerprints if all active keys.
 .It Cm addchain Ar filesystem

==== //depot/projects/soc2009/gk_pefs/sbin/pefs/pefs_ctl.c#14 (text+ko) ====

@@ -36,6 +36,7 @@
 #include <assert.h>
 #include <ctype.h>
 #include <inttypes.h>
+#include <libgen.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -65,6 +66,7 @@
 static int	pefs_delchain(int argc, char *argv[]);
 static int	pefs_randomchain(int argc, char *argv[]);
 static int	pefs_showkeys(int argc, char *argv[]);
+static int	pefs_getkey(int argc, char *argv[]);
 static int	pefs_showchains(int argc, char *argv[]);
 static int	pefs_showalgs(int argc, char *argv[]);
 
@@ -88,6 +90,7 @@
 	{ "delkey", pefs_delkey },
 	{ "flushkeys", pefs_flushkeys },
 	{ "showkeys", pefs_showkeys },
+	{ "getkey", pefs_getkey },
 	{ "status", pefs_showkeys },
 	{ "randomchain", pefs_randomchain },
 	{ "addchain", pefs_addchain },
@@ -174,12 +177,25 @@
 }
 
 static inline void
-pefs_key_show(struct pefs_xkey *xk, int ind)
+pefs_key_showind(struct pefs_xkey *xk, int ind)
 {
 	printf("\t%-4d %016jx %s\n", ind, pefs_keyid_as_int(xk->pxk_keyid),
 	    pefs_alg_name(xk));
 }
 
+static inline void
+pefs_key_shownode(struct pefs_xkey *xk, const char *path)
+{
+	const char *basepath;
+
+	basepath = basename(path);
+	if (xk == NULL)
+		printf("Key(%s): <NOT SPECIFIED>\n", basepath);
+	else
+		printf("Key(%s): %016jx %s\n", basepath,
+		    pefs_keyid_as_int(xk->pxk_keyid), pefs_alg_name(xk));
+}
+
 static int
 pefs_keyop(keyop_func_t func, int argc, char *argv[])
 {
@@ -385,7 +401,7 @@
 		warn("cannot set key");
 		error = EX_OSERR;
 	} else if (verbose) {
-		printf("New key: %016jx\n", pefs_keyid_as_int(k.pxk_keyid));
+		pefs_key_shownode(&k, argv[0]);
 	}
 
 	close(fd);
@@ -414,6 +430,64 @@
 }
 
 static int
+pefs_getkey(int argc, char *argv[])
+{
+	struct pefs_xkey k;
+	int testonly = 0;
+	int error = 0;
+	int fd, i;
+
+	while ((i = getopt(argc, argv, "t")) != -1)
+		switch(i) {
+		case 't':
+			testonly = 1;
+			break;
+		case '?':
+		default:
+			pefs_usage();
+		}
+	argc -= optind;
+	argv += optind;
+
+	if (argc != 1) {
+		if (argc == 0)
+			warnx("missing file argument");
+		else
+			warnx("too many arguments");
+		pefs_usage();
+	}
+
+	/* only check filesystem type */
+	if (pefs_getfsroot(argv[0], NULL, 0) != 0)
+		return (EX_DATAERR);
+
+	fd = open(argv[0], O_RDONLY);
+	if (fd == -1) {
+		warn("cannot open %s", argv[0]);
+		return (EX_IOERR);
+	}
+
+	bzero(&k, sizeof(k));
+	if (ioctl(fd, PEFS_GETNODEKEY, &k) == -1) {
+		if (errno == ENOENT) {
+			if (testonly == 0)
+				pefs_key_shownode(NULL, argv[0]);
+			else
+				error = 1;
+		} else {
+			warn("cannot get key");
+			error = EX_OSERR;
+		}
+	} else if (testonly == 0) {
+		pefs_key_shownode(&k, argv[0]);
+	}
+
+	close(fd);
+
+	return (error);
+}
+
+static int
 pefs_showkeys(int argc, char *argv[])
 {
 	struct pefs_xkey k;
@@ -457,7 +531,7 @@
 		}
 		printf("Keys:\n");
 		while (1) {
-			pefs_key_show(&k, k.pxk_index);
+			pefs_key_showind(&k, k.pxk_index);
 			k.pxk_index++;
 			if (ioctl(fd, PEFS_GETKEY, &k) == -1)
 				break;
@@ -802,7 +876,7 @@
 	printf("Key chain:\n");
 	i = 1;
 	TAILQ_FOREACH(kc, &kch, kc_entry) {
-		pefs_key_show(&kc->kc_key, i++);
+		pefs_key_showind(&kc->kc_key, i++);
 	}
 	pefs_keychain_free(&kch);
 
@@ -899,9 +973,10 @@
 "usage:	pefs mount [-o options] [from filesystem]\n"
 "	pefs unmount [-fv] filesystem\n"
 "	pefs addkey [-cCpv] [-a alg] [-i iterations] [-k keyfile] filesystem\n"
-"	pefs setkey [-cCpvx] [-a alg] [-i iterations] [-k keyfile] directory\n"
 "	pefs delkey [-cCpv] [-i iterations] [-k keyfile] filesystem\n"
 "	pefs flushkeys filesystem\n"
+"	pefs getkey [-t] file\n"
+"	pefs setkey [-cCpvx] [-a alg] [-i iterations] [-k keyfile] directory\n"
 "	pefs showkeys [-t] filesystem\n"
 "	pefs addchain [-fpPvZ] [-a alg] [-i iterations] [-k keyfile]\n"
 "		[-A alg] [-I iterations] [-K keyfile] filesystem\n"

==== //depot/projects/soc2009/gk_pefs/sys/fs/pefs/pefs.h#17 (text+ko) ====

@@ -52,6 +52,7 @@
 #define PEFS_SETKEY			_IOWR('p', 2, struct pefs_xkey)
 #define PEFS_DELKEY			_IOWR('p', 3, struct pefs_xkey)
 #define PEFS_FLUSHKEYS			_IO('p', 4)
+#define PEFS_GETNODEKEY			_IOWR('p', 5, struct pefs_xkey)
 #endif
 
 #ifdef _KERNEL

==== //depot/projects/soc2009/gk_pefs/sys/fs/pefs/pefs_vnops.c#28 (text+ko) ====

@@ -2115,6 +2115,7 @@
 	struct thread *td = ap->a_td;
 	struct mount *mp = vp->v_mount;
 	struct pefs_mount *pm = VFS_TO_PEFS(mp);
+	struct pefs_node *pn;
 	struct pefs_key *pk;
 	int error = 0, i;
 
@@ -2152,6 +2153,21 @@
 		if (pk == NULL)
 			error = ENOENT;
 		break;
+	case PEFS_GETNODEKEY:
+		PEFSDEBUG("pefs_ioctl: set key: %8D\n", xk->pxk_keyid, "");
+		pn = VP_TO_PN(vp);
+		if ((pn->pn_flags & PN_HASKEY) != 0) {
+			mtx_lock(&pm->pm_keys_lock);
+			pk = pn->pn_tkey.ptk_key;
+			memcpy(xk->pxk_keyid, pk->pk_keyid, PEFS_KEYID_SIZE);
+			xk->pxk_alg = pk->pk_algid;
+			xk->pxk_keybits = pk->pk_keybits;
+			mtx_unlock(&pm->pm_keys_lock);
+		} else {
+			PEFSDEBUG("pefs_ioctl: key not found\n");
+			error = ENOENT;
+		}
+		break;
 	case PEFS_SETKEY:
 		PEFSDEBUG("pefs_ioctl: set key: %8D\n", xk->pxk_keyid, "");
 		mtx_lock(&pm->pm_keys_lock);
