tipc: add option to set master key for encryption

In addition to the support of master key in kernel, we add the 'master'
option to the 'tipc node set key' command for user to be able to
specify a key as master key during the key setting. This is carried out
by turning on the new netlink flag - 'TIPC_NLA_NODE_KEY_MASTER'.
For example:

$ tipc node set key "this_is_a_master_key" master

The command's help menu is also updated to give a better description of
all the available options.

Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
Signed-off-by: David Ahern <dsahern@gmail.com>

diff --git a/tipc/node.c b/tipc/node.c
index ffdaeaeabfbd059266aecdedba101613b632f85e..1ff0baa4ead9190526fbb56ac3eb97caff622215 100644 (file)
--- a/tipc/node.c
+++ b/tipc/node.c
@@ -160,19 +160,21 @@ static int cmd_node_set_nodeid(struct nlmsghdr *nlh, const struct cmd *cmd,
 static void cmd_node_set_key_help(struct cmdl *cmdl)
 {
        fprintf(stderr,
-               "Usage: %s node set key KEY [algname ALGNAME] [nodeid NODEID]\n\n"
+               "Usage: %s node set key KEY [algname ALGNAME] [PROPERTIES]\n\n"
+               "KEY\n"
+               "  Symmetric KEY & SALT as a composite ASCII or hex string (0x...) in form:\n"
+               "  [KEY: 16, 24 or 32 octets][SALT: 4 octets]\n\n"
+               "ALGNAME\n"
+               "  Cipher algorithm [default: \"gcm(aes)\"]\n\n"
                "PROPERTIES\n"
-               " KEY                   - Symmetric KEY & SALT as a normal or hex string\n"
-               "                         that consists of two parts:\n"
-               "                         [KEY: 16, 24 or 32 octets][SALT: 4 octets]\n\n"
-               " algname ALGNAME       - Default: \"gcm(aes)\"\n\n"
-               " nodeid NODEID         - Own or peer node identity to which the key will\n"
-               "                         be attached. If not present, the key is a cluster\n"
-               "                         key!\n\n"
+               "  master                - Set KEY as a cluster master key\n"
+               "  <empty>               - Set KEY as a cluster key\n"
+               "  nodeid NODEID         - Set KEY as a per-node key for own or peer\n\n"
                "EXAMPLES\n"
-               "  %s node set key this_is_a_key16_salt algname \"gcm(aes)\" nodeid node1\n"
-               "  %s node set key 0x746869735F69735F615F6B657931365F73616C74 nodeid node2\n\n",
-               cmdl->argv[0], cmdl->argv[0], cmdl->argv[0]);
+               "  %s node set key this_is_a_master_key master\n"
+               "  %s node set key 0x746869735F69735F615F6B657931365F73616C74\n"
+               "  %s node set key this_is_a_key16_salt algname \"gcm(aes)\" nodeid 1001002\n\n",
+               cmdl->argv[0], cmdl->argv[0], cmdl->argv[0], cmdl->argv[0]);
 }
 
 static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
@@ -187,24 +189,21 @@ static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
        struct opt opts[] = {
                { "algname",    OPT_KEYVAL,     NULL },
                { "nodeid",     OPT_KEYVAL,     NULL },
+               { "master",     OPT_KEY,        NULL },
                { NULL }
        };
        struct nlattr *nest;
-       struct opt *opt_algname, *opt_nodeid;
+       struct opt *opt_algname, *opt_nodeid, *opt_master;
        char buf[MNL_SOCKET_BUFFER_SIZE];
        uint8_t id[TIPC_NODEID_LEN] = {0,};
        int keysize;
        char *str;
 
-       if (help_flag) {
+       if (help_flag || cmdl->optind >= cmdl->argc) {
                (cmd->help)(cmdl);
                return -EINVAL;
        }
 
-       if (cmdl->optind >= cmdl->argc) {
-               fprintf(stderr, "error, missing key\n");
-               return -EINVAL;
-       }
 
        /* Get user key */
        str = shift_cmdl(cmdl);
@@ -230,17 +229,30 @@ static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
                return -EINVAL;
        }
 
+       /* Get master key indication */
+       opt_master = get_opt(opts, "master");
+
+       /* Sanity check if wrong option */
+       if (opt_nodeid && opt_master) {
+               fprintf(stderr, "error, per-node key cannot be master\n");
+               return -EINVAL;
+       }
+
        /* Init & do the command */
        nlh = msg_init(buf, TIPC_NL_KEY_SET);
        if (!nlh) {
                fprintf(stderr, "error, message initialisation failed\n");
                return -1;
        }
+
        nest = mnl_attr_nest_start(nlh, TIPC_NLA_NODE);
        keysize = tipc_aead_key_size(&input.key);
        mnl_attr_put(nlh, TIPC_NLA_NODE_KEY, keysize, &input.key);
        if (opt_nodeid)
                mnl_attr_put(nlh, TIPC_NLA_NODE_ID, TIPC_NODEID_LEN, id);
+       if (opt_master)
+               mnl_attr_put(nlh, TIPC_NLA_NODE_KEY_MASTER, 0, NULL);
+
        mnl_attr_nest_end(nlh, nest);
        return msg_doit(nlh, NULL, NULL);
 }