search for: psk

Displaying 20 results from an estimated 598 matches for "psk".

Did you mean: ps
2018 Jun 25
1
[PATCH v2 nbdkit] tls: Implement Pre-Shared Keys (PSK)
v2: * Improved documentation. * Added a test (interop with qemu client).
2019 Jul 30
1
[nbdkit PATCH v2] tests: Accommodate qemu-img 4.1 output change
...mber without worrying about what comes after the number. Signed-off-by: Eric Blake <eblake@redhat.com> --- We could still use jq if desired, but it was easy enough to let these tests pass instead of skip when jq is not present. tests/test-ip.sh | 10 ++++++---- tests/test-nbd-tls-psk.sh | 6 +++--- tests/test-nbd-tls.sh | 6 +++--- tests/test-tls-psk.sh | 7 +++---- tests/test-tls.sh | 7 +++---- tests/test-truncate3.sh | 4 ++-- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/test-ip.sh b/tests/test-ip.sh index 636d3d3f..5a00a2ec 1...
2020 Mar 26
2
[nbdkit PATCH] tests: Swap nbdkit process order in test-nbd-tls-psk.sh
...76bc7. Signed-off-by: Eric Blake <eblake@redhat.com> --- My current setup does not seem to be hitting the testsuite hang/failure as frequently as Rich's setup, so for now I'm posting this in the hopes that we can see if it reduces the rate of testsuite failures. tests/test-nbd-tls-psk.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/test-nbd-tls-psk.sh b/tests/test-nbd-tls-psk.sh index 7a477da9..547064ab 100755 --- a/tests/test-nbd-tls-psk.sh +++ b/tests/test-nbd-tls-psk.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # nbdkit -# Copyright (C) 201...
2019 Jul 30
1
[nbdkit PATCH] tests: Accommodate qemu-img 4.1 output change
...we already depend on jq elsewhere in the testsuite. But since I'd already got this written up, I'm at least posting it (if nothing else, to have a list archive to point to when someone else complains about qemu-img changing output). tests/test-ip.sh | 4 ++-- tests/test-nbd-tls-psk.sh | 2 +- tests/test-nbd-tls.sh | 2 +- tests/test-tls-psk.sh | 2 +- tests/test-tls.sh | 2 +- tests/test-truncate3.sh | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/test-ip.sh b/tests/test-ip.sh index 636d3d3f..60f2e066 100755 --- a/tests/test-ip.s...
2020 Mar 26
0
Re: [nbdkit PATCH] tests: Swap nbdkit process order in test-nbd-tls-psk.sh
...lake@redhat.com> > --- > > My current setup does not seem to be hitting the testsuite > hang/failure as frequently as Rich's setup, so for now I'm posting > this in the hopes that we can see if it reduces the rate of testsuite > failures. > > tests/test-nbd-tls-psk.sh | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/tests/test-nbd-tls-psk.sh b/tests/test-nbd-tls-psk.sh > index 7a477da9..547064ab 100755 > --- a/tests/test-nbd-tls-psk.sh > +++ b/tests/test-nbd-tls-psk.sh > @@ -1,6 +1,6 @@ > #!/usr/bin...
2018 Jun 25
2
[PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
This is ready for review but needs a bit more real-world testing before I'd be happy about it going upstream. It also needs tests. It does interoperate with qemu, at least in my limited tests. Rich.
2018 Jun 25
0
[PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
...+11,7 @@ nbdkit - A toolkit for creating NBD servers [--newstyle] [--oldstyle] [-P PIDFILE] [-p PORT] [-r] [--run CMD] [-s] [--selinux-label LABEL] [-t THREADS] [--tls=off|on|require] [--tls-certificates /path/to/certificates] - [--tls-verify-peer] + [--tls-psk /path/to/pskfile] [--tls-verify-peer] [-U SOCKET] [-u USER] [-v] [-V] PLUGIN [key=value [key=value [...]]] @@ -288,6 +288,12 @@ support). See L</TLS> below. Set the path to the TLS certificates directory. If not specified, some built-in paths are checked. See L</TL...
2019 Sep 17
7
[PATCH libnbd 0/5] interop: Check that LIBNBD_TLS_ALLOW works against nbdkit.
I was a little surprised to find that LIBNBD_TLS_ALLOW worked out of the box, so I had to examine the logs whereupon I saw the magic message ... libnbd: debug: nbd1: nbd_connect_command: server refused TLS (policy), continuing with unencrypted connection I don't believe this path has ever been tested before. It's possible the tests could be improved if they actually checked for this
2018 Jun 28
3
Re: [PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
...nes wrote: > --- > docs/nbdkit.pod.in | 45 +++++++++-- > src/crypto.c | 234 +++++++++++++++++++++++++++++++++++++---------------- > src/internal.h | 1 + > src/main.c | 8 +- > 4 files changed, 210 insertions(+), 78 deletions(-) > > +Create a PSK file containing one or more C<username:key> pairs. It is > +easiest to use L<psktool(1)> for this: > + > + psktool -u rich -p /tmp/psk > + > +The PSK file contains the hex-encoded random keys in plaintext. Any > +client which can read this file will be able to connec...
2018 Jun 28
1
Re: [PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
...> src/crypto.c | 234 > +++++++++++++++++++++++++++++++++++++---------------- > > > src/internal.h | 1 + > > > src/main.c | 8 +- > > > 4 files changed, 210 insertions(+), 78 deletions(-) > > > > > > > > +Create a PSK file containing one or more C<username:key> pairs. It is > > > +easiest to use L<psktool(1)> for this: > > > + > > > + psktool -u rich -p /tmp/psk > > > + > > > +The PSK file contains the hex-encoded random keys in plaintext. Any > >...
2019 Sep 17
0
[PATCH libnbd 5/5] interop: Add tests of nbdkit + LIBNBD_TLS_ALLOW.
...ab47370..dd8a052 100644 --- a/.gitignore +++ b/.gitignore @@ -62,7 +62,11 @@ Makefile.in /interop/dirty-bitmap /interop/interop-nbdkit /interop/interop-nbdkit-tls-certs +/interop/interop-nbdkit-tls-certs-allow-enabled +/interop/interop-nbdkit-tls-certs-allow-fallback /interop/interop-nbdkit-tls-psk +/interop/interop-nbdkit-tls-psk-allow-enabled +/interop/interop-nbdkit-tls-psk-allow-fallback /interop/interop-nbd-server /interop/interop-qemu-nbd /interop/interop-qemu-nbd-tls-certs diff --git a/TODO b/TODO index 21feb2f..642d39f 100644 --- a/TODO +++ b/TODO @@ -17,9 +17,6 @@ NBD_INFO_BLOCK_S...
2018 Jun 28
0
Re: [PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
...kit.pod.in | 45 +++++++++-- > > src/crypto.c | 234 +++++++++++++++++++++++++++++++++++++---------------- > > src/internal.h | 1 + > > src/main.c | 8 +- > > 4 files changed, 210 insertions(+), 78 deletions(-) > > > > > +Create a PSK file containing one or more C<username:key> pairs. It is > > +easiest to use L<psktool(1)> for this: > > + > > + psktool -u rich -p /tmp/psk > > + > > +The PSK file contains the hex-encoded random keys in plaintext. Any > > +client which can read th...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...> Secure Renegotiation IS NOT supported >> Compression: NONE >> Expansion: NONE >> No ALPN negotiated >> SSL-Session: >> ??? Protocol? : TLSv1.2 >> ??? Cipher??? : 0000 >> ??? Session-ID: >> ??? Session-ID-ctx: >> ??? Master-Key: >> ??? PSK identity: None >> ??? PSK identity hint: None >> ??? SRP username: None >> ??? Start Time: 1532969474 >> ??? Timeout?? : 7200 (sec) >> ??? Verify return code: 0 (ok) >> ??? Extended master secret: no >> >> --- >> >> and this for the certif...
2019 Oct 20
2
[PATCH libnbd] api: Allow NBD URIs to be restricted.
Previous discussion: https://www.redhat.com/archives/libguestfs/2019-August/msg00102.html Last night I experimentally added support for URIs that contain the query parameter tls-psk-file, as part of rewriting the tests to cover more of the URI code. So you can now have a URI like: nbds://alice@localhost/?tls-psk-file=keys.psk However there's an obvious security problem here because now any libnbd program which takes URIs from less trusted sources will open a local fil...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...ke has read 309 bytes and written 202 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: ??? Protocol? : TLSv1.2 ??? Cipher??? : 0000 ??? Session-ID: ??? Session-ID-ctx: ??? Master-Key: ??? PSK identity: None ??? PSK identity hint: None ??? SRP username: None ??? Start Time: 1532969474 ??? Timeout?? : 7200 (sec) ??? Verify return code: 0 (ok) ??? Extended master secret: no --- and this for the certificate where the csr is generated with a RSA private key: CONNECTED(00000003) depth=0 C...
2019 Sep 17
0
[PATCH libnbd 4/5] interop: Add -DTLS_MODE to the test.
...t;-p", port_str, tmpfile' \ -DEXPORT_NAME='"/"' \ -DCERTS=1 \ + -DTLS_MODE=LIBNBD_TLS_REQUIRE \ $(NULL) interop_qemu_nbd_tls_certs_CFLAGS = $(WARNINGS_CFLAGS) interop_qemu_nbd_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la @@ -113,6 +114,7 @@ interop_qemu_nbd_tls_psk_CPPFLAGS = \ -DSERVER_PARAMS='"--object", "tls-creds-psk,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests", "--tls-creds", "tls0", "-f", "raw", "-x", "/", "-p", port_str, tmpfile' \ -DEXPORT_N...
2013 Nov 25
2
mcp ping return no responses
...Q_HOME}/conf/jetty.xml for more details --> <import resource="jetty.xml"/> </beans> ---------- client.cfg main_collective = mcollective collectives = mcollective libdir = /usr/libexec/mcollective logger_type = console loglevel = debug # Plugins securityprovider = psk plugin.psk = mcopwd connector = activemq direct_addressing = 1 plugin.activemq.pool.size = 1 plugin.activemq.pool.1.host = puppet.test.italy.cloudlabcsi.local plugin.activemq.pool.1.port = 61613 plugin.activemq.pool.1.user = mcollective plugin.activemq.pool.1.password = mcopwd # Facts factsource...
2019 Oct 30
1
[PATCH net-next 07/14] vsock: handle buffer_size sockopts in the core
...buf_size_min; > - u32 buf_size_max; > - > spinlock_t tx_lock; > spinlock_t rx_lock; > > @@ -93,12 +85,6 @@ s64 virtio_transport_stream_has_space(struct > vsock_sock *vsk); > > int virtio_transport_do_socket_init(struct vsock_sock *vsk, > struct vsock_sock *psk); > -u64 virtio_transport_get_buffer_size(struct vsock_sock *vsk); > -u64 virtio_transport_get_min_buffer_size(struct vsock_sock *vsk); > -u64 virtio_transport_get_max_buffer_size(struct vsock_sock *vsk); -void > virtio_transport_set_buffer_size(struct vsock_sock *vsk, u64 val); -void &...
2019 Sep 27
0
[RFC PATCH 07/13] vsock: handle buffer_size sockopts in the core
..._vsock(trans->vsk)) */ - u32 buf_size; - u32 buf_size_min; - u32 buf_size_max; - spinlock_t tx_lock; spinlock_t rx_lock; @@ -93,12 +85,6 @@ s64 virtio_transport_stream_has_space(struct vsock_sock *vsk); int virtio_transport_do_socket_init(struct vsock_sock *vsk, struct vsock_sock *psk); -u64 virtio_transport_get_buffer_size(struct vsock_sock *vsk); -u64 virtio_transport_get_min_buffer_size(struct vsock_sock *vsk); -u64 virtio_transport_get_max_buffer_size(struct vsock_sock *vsk); -void virtio_transport_set_buffer_size(struct vsock_sock *vsk, u64 val); -void virtio_transport_set_...
2019 Oct 20
0
[PATCH libnbd] api: Allow NBD URIs to be restricted.
New APIs are added which let you enable or disable features of NBD URIs, mainly for security reasons. tls-psk-file is *disabled* by default for obvious security reasons. All other features are enabled by default. --- generator/generator | 127 +++++++++++++++++++++++++++++++++++++++++++- lib/handle.c | 26 +++++++++ lib/internal.h | 5 ++ lib/uri.c | 31 +++++++++-- tests/connect...