tipc: add option to set rekeying for encryption

As supported in kernel, the TIPC encryption rekeying can be tuned using the netlink attribute - 'TIPC_NLA_NODE_REKEYING'. Now we add the 'rekeying' option correspondingly to the 'tipc node set key' command so that user will be able to perform that tuning: tipc node set key rekeying REKEYING where the 'REKEYING' value can be: INTERVAL - Set rekeying interval (in minutes) [0: disable] now - Trigger one (first) rekeying immediately For example: $ tipc node set key rekeying 60 $ tipc node set key rekeying now The command's help menu is also updated with these descriptions for the new command option. Acked-by: Jon Maloy <jmaloy@redhat.com> Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au> Signed-off-by: David Ahern <dsahern@gmail.com>
2025-10-04 08:02:17 +00:00 · 2020-10-16 23:02:01 +07:00 · 2020-10-16 23:02:01 +07:00 · 2bf1ba5a5c
commit 2bf1ba5a5c
parent 5fb3681885
3 changed files with 39 additions and 11 deletions
--- a/tipc/cmdl.c
+++ b/tipc/cmdl.c
@ -33,7 +33,7 @@ static const struct cmd *find_cmd(const struct cmd *cmds, char *str)
 	return match;
 }

-static struct opt *find_opt(struct opt *opts, char *str)
+struct opt *find_opt(struct opt *opts, char *str)
 {
 	struct opt *o;
 	struct opt *match = NULL;
--- a/tipc/cmdl.h
+++ b/tipc/cmdl.h
@ -46,6 +46,7 @@ struct opt {
 	char *val;
 };

+struct opt *find_opt(struct opt *opts, char *str);
 struct opt *get_opt(struct opt *opts, char *key);
 bool has_opt(struct opt *opts, char *key);
 int parse_opts(struct opt *opts, struct cmdl *cmdl);
--- a/tipc/node.c
+++ b/tipc/node.c
@ -160,7 +160,8 @@ static int cmd_node_set_nodeid(struct nlmsghdr *nlh, const struct cmd *cmd,
 static void cmd_node_set_key_help(struct cmdl *cmdl)
 {
 	fprintf(stderr,
-		"Usage: %s node set key KEY [algname ALGNAME] [PROPERTIES]\n\n"
+		"Usage: %s node set key KEY [algname ALGNAME] [PROPERTIES]\n"
+		"       %s node set key rekeying REKEYING\n\n"
 		"KEY\n"
 		"  Symmetric KEY & SALT as a composite ASCII or hex string (0x...) in form:\n"
 		"  [KEY: 16, 24 or 32 octets][SALT: 4 octets]\n\n"
@ -170,11 +171,16 @@ static void cmd_node_set_key_help(struct cmdl *cmdl)
 		"  master                - Set KEY as a cluster master key\n"
 		"  <empty>               - Set KEY as a cluster key\n"
 		"  nodeid NODEID         - Set KEY as a per-node key for own or peer\n\n"
+		"REKEYING\n"
+		"  INTERVAL              - Set rekeying interval (in minutes) [0: disable]\n"
+		"  now                   - Trigger one (first) rekeying immediately\n\n"
 		"EXAMPLES\n"
 		"  %s node set key this_is_a_master_key master\n"
 		"  %s node set key 0x746869735F69735F615F6B657931365F73616C74\n"
-		"  %s node set key this_is_a_key16_salt algname \"gcm(aes)\" nodeid 1001002\n\n",
-		cmdl->argv[0], cmdl->argv[0], cmdl->argv[0], cmdl->argv[0]);
+		"  %s node set key this_is_a_key16_salt algname \"gcm(aes)\" nodeid 1001002\n"
+		"  %s node set key rekeying 600\n\n",
+		cmdl->argv[0], cmdl->argv[0], cmdl->argv[0], cmdl->argv[0],
+		cmdl->argv[0], cmdl->argv[0]);
 }

 static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
@ -190,12 +196,15 @@ static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
 		{ "algname",	OPT_KEYVAL,	NULL },
 		{ "nodeid",	OPT_KEYVAL,	NULL },
 		{ "master",	OPT_KEY,	NULL },
+		{ "rekeying",	OPT_KEYVAL,	NULL },
 		{ NULL }
 	};
 	struct nlattr *nest;
-	struct opt *opt_algname, *opt_nodeid, *opt_master;
+	struct opt *opt_algname, *opt_nodeid, *opt_master, *opt_rekeying;
 	char buf[MNL_SOCKET_BUFFER_SIZE];
 	uint8_t id[TIPC_NODEID_LEN] = {0,};
+	uint32_t rekeying = 0;
+	bool has_key = false;
 	int keysize;
 	char *str;

@ -204,17 +213,31 @@ static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
 		return -EINVAL;
 	}

+	/* Check if command starts with opts i.e. "rekeying" opt without key */
+	if (find_opt(opts, cmdl->argv[cmdl->optind]))
+		goto get_ops;

 	/* Get user key */
+	has_key = true;
 	str = shift_cmdl(cmdl);
 	if (str2key(str, &input.key)) {
 		fprintf(stderr, "error, invalid key input\n");
 		return -EINVAL;
 	}

+get_ops:
 	if (parse_opts(opts, cmdl) < 0)
 		return -EINVAL;

+	/* Get rekeying time */
+	opt_rekeying = get_opt(opts, "rekeying");
+	if (opt_rekeying) {
+		if (!strcmp(opt_rekeying->val, "now"))
+			rekeying = TIPC_REKEYING_NOW;
+		else
+			rekeying = atoi(opt_rekeying->val);
+	}
+
 	/* Get algorithm name, default: "gcm(aes)" */
 	opt_algname = get_opt(opts, "algname");
 	if (!opt_algname)
@ -246,12 +269,16 @@ static int cmd_node_set_key(struct nlmsghdr *nlh, const struct cmd *cmd,
 	}

 	nest = mnl_attr_nest_start(nlh, TIPC_NLA_NODE);
-	keysize = tipc_aead_key_size(&input.key);
-	mnl_attr_put(nlh, TIPC_NLA_NODE_KEY, keysize, &input.key);
-	if (opt_nodeid)
-		mnl_attr_put(nlh, TIPC_NLA_NODE_ID, TIPC_NODEID_LEN, id);
-	if (opt_master)
-		mnl_attr_put(nlh, TIPC_NLA_NODE_KEY_MASTER, 0, NULL);
+	if (has_key) {
+		keysize = tipc_aead_key_size(&input.key);
+		mnl_attr_put(nlh, TIPC_NLA_NODE_KEY, keysize, &input.key);
+		if (opt_nodeid)
+			mnl_attr_put(nlh, TIPC_NLA_NODE_ID, TIPC_NODEID_LEN, id);
+		if (opt_master)
+			mnl_attr_put(nlh, TIPC_NLA_NODE_KEY_MASTER, 0, NULL);
+	}
+	if (opt_rekeying)
+		mnl_attr_put_u32(nlh, TIPC_NLA_NODE_REKEYING, rekeying);

 	mnl_attr_nest_end(nlh, nest);
 	return msg_doit(nlh, NULL, NULL);