git.openafs.org Git - openafs.git/commit

author	Benjamin Kaduk <kaduk@mit.edu>
	Wed, 26 Mar 2014 10:24:02 +0000 (06:24 -0400)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Sun, 24 Mar 2019 09:49:40 +0000 (05:49 -0400)
commit	83eec9093c8a3f177268a9164182e8ba3958dbc8
tree	fe8ad51ac2a17dbd50a040cd5a014140cc80feef	tree \| snapshot
parent	4091b9271b1bfbf27f9d6871aa884df81220861a	commit \| diff

Implement afsconf_GetRXGKKey

Also afsconf_GetLatestRXGKKey, as a side effect, since we want to have
a single getkey function both for getting encrypting and decrypting keys;
a kvno/enctype pair of 0/0 indicates that the "get latest" behavior is
desired.

Implement both functions in terms of an internal helper that takes
as an argument the type of key to look for in the KeyFileExt. We
can reuse these helpers wholesale for per-fileserver keys, later.

This also requires implementing an ordering on the quality of the
different RFC 3961 enctypes (which are stored as the subtype of keys
of type afsconf_rxgk). This is subject to debate on the actual
ordering, but since the IANA enctype registry changes rarely, just
assign a full ordering on the standardized (symmetric!) enctypes.
Implement this via a new function, rxgk_enctype_better, in
rxgk_crypto_rfc3961.c.

Introduce a new header file, rxgk_types.h, so we can avoid including
the entire rxgk.h header in cellconfig.p.h.

Change-Id: I81389b21238fd6588cc4381b026816005f81a30c
Reviewed-on: https://gerrit.openafs.org/11099
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

src/auth/cellconfig.p.h		diff \| blob \| history
src/auth/keys.c		diff \| blob \| history
src/auth/liboafs_auth.la.sym		diff \| blob \| history
src/rxgk/Makefile.in		diff \| blob \| history
src/rxgk/liboafs_rxgk.la.sym		diff \| blob \| history
src/rxgk/rxgk.h		diff \| blob \| history
src/rxgk/rxgk_crypto_rfc3961.c		diff \| blob \| history
src/rxgk/rxgk_types.h	[new file with mode: 0644]	blob