From nobody Tue May 07 07:40:45 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VYVZ63H76z5KG4k; Tue, 07 May 2024 07:40:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VYVZ61NTXz4Mrf; Tue, 7 May 2024 07:40:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1715067646; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oBqWSaNl+V+HF/s2fzZ5VvyKj9Pl6A0HZANDf0gJiys=; b=IlMflrB4eAFmnxjI1cmTGTkGnaNuCgdqPM1mzuXD6Snd4tEQMrIFH4isFHOKFZOTcDMEYS Hun/fHos7rkitE2xt3ghkRBYd1S9lXILFMRM26kHdome5gaNi3qERqCBUHEfPpjNMpiC9+ H0hP1xw1ZNn9D2Gnr6K3wdJnDpFeEIln7gZ0muaKFxsCX3Ps7UMO4XQBWrL6KWF+iP7rcp REzcD2lnfpSzS+6XFqh89RT91utAc80qz95FhVMRSsdS+s049KH2NK+M6q8gQD4faPLZ/o MEeL6CbJ6nYIbpT5UJjkIRyYwVvkTQL2mA/yz3Qo48Q4WKCtSZwXjbiisWGzww== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715067646; a=rsa-sha256; cv=none; b=mIiZqahl5ivoTIrB3EOGSEgD7VeZNGpRf17NarxAdT8aoQ2nKslt05MxVvx+42lQ3GV2Ed tlDk8HhAW3f7804yI84+RJpMtMQdF2Dfs4v6BMgcc3T2VLaa3TdsaCCZpUGomlk/E7MzB0 sefbqkOYjqazUArF63AMx8Id6au7QNDEiay63wka2F1zJ5L0C62TLvtijMQ7TC3pHopDEy BdRUNZeo7LT3n6EKTrQ/g+m8oN5LhcONc4SMJA1rDsg23C5Y+Hp1V5VSH/8PcnLCn53SO1 qkq1gS85y1wYx+bfMjuBAxd54gZGaAFaulzXIFSTOmLRpDp1h0MTey9IV9gSxA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1715067646; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oBqWSaNl+V+HF/s2fzZ5VvyKj9Pl6A0HZANDf0gJiys=; b=uZTG6ZVAqqcSQdNpytv/7TdSdlUruxNIyXtIEgIRvfwmeaMpLTdD+dpAsf2p99s7rBW3Tk Va06uKslE5nQnLLYqLxbqwZCyNY1lBYFpkV78a41WBHCEL7BSC6qqDn40FoQU+0bhlHP3t gPZNjR+fDXH+EfrFpqTtnZfqdV9TIXbrRhwo100XYA3TZo5pOIsnmHmj8ymkbOnErBfbqv cjAaJm95hlzoweJ6XASlMkCyMS9MOPbzv/DhOCDQRt1wVFzo+1jWeuMm2YwSolcPjE/720 xaDy+LoZdN3v52CoF/nNdCni4tyV9vCkEoRXw9Z6YXZ0jEYKpqnZVSOzx58/pA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VYVZ6104CzYMf; Tue, 7 May 2024 07:40:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 4477ektY094935; Tue, 7 May 2024 07:40:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 4477ejuI094932; Tue, 7 May 2024 07:40:45 GMT (envelope-from git) Date: Tue, 7 May 2024 07:40:45 GMT Message-Id: <202405070740.4477ejuI094932@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Poul-Henning Kamp Subject: git: 8d2d1d651678 - main - Remove GBDE source files List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: phk X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8d2d1d651678178aa7f24f0530347f860423fd9e Auto-Submitted: auto-generated The branch main has been updated by phk: URL: https://cgit.FreeBSD.org/src/commit/?id=8d2d1d651678178aa7f24f0530347f860423fd9e commit 8d2d1d651678178aa7f24f0530347f860423fd9e Author: Poul-Henning Kamp AuthorDate: 2024-05-07 07:31:09 +0000 Commit: Poul-Henning Kamp CommitDate: 2024-05-07 07:31:09 +0000 Remove GBDE source files --- sbin/gbde/Makefile | 31 - sbin/gbde/Makefile.depend | 18 - sbin/gbde/gbde.8 | 271 ---- sbin/gbde/gbde.c | 895 ------------ sbin/gbde/image.uu | 3304 -------------------------------------------- sbin/gbde/template.txt | 31 - sbin/gbde/test.sh | 66 - sys/geom/bde/g_bde.c | 296 ---- sys/geom/bde/g_bde.h | 215 --- sys/geom/bde/g_bde_crypt.c | 358 ----- sys/geom/bde/g_bde_lock.c | 478 ------- sys/geom/bde/g_bde_work.c | 778 ----------- 12 files changed, 6741 deletions(-) diff --git a/sbin/gbde/Makefile b/sbin/gbde/Makefile deleted file mode 100644 index 8c84781fc4ed..000000000000 --- a/sbin/gbde/Makefile +++ /dev/null @@ -1,31 +0,0 @@ - -PACKAGE=geom -PROG= gbde -SRCS= gbde.c template.c -SRCS+= rijndael-alg-fst.c -SRCS+= rijndael-api-fst.c -SRCS+= g_bde_lock.c - -# rijndael-fst.c does evil casting things which can results in warnings, -# the test-vectors check out however, so it works right. -NO_WCAST_ALIGN= -NO_WMISSING_VARIABLE_DECLARATIONS= - -CFLAGS+= -I${SRCTOP}/sys -.PATH: ${SRCTOP}/sys/geom/bde \ - ${SRCTOP}/sys/crypto/rijndael \ - ${SRCTOP}/sys/crypto/sha2 - -CLEANFILES+= template.c - -MAN= gbde.8 -LIBADD= md util geom - -template.c: template.txt - file2c 'const char template[] = {' ',0};' \ - < ${.CURDIR}/template.txt > template.c - -test: ${PROG} - sh ${.CURDIR}/test.sh ${.CURDIR} - -.include diff --git a/sbin/gbde/Makefile.depend b/sbin/gbde/Makefile.depend deleted file mode 100644 index 2edf986e595a..000000000000 --- a/sbin/gbde/Makefile.depend +++ /dev/null @@ -1,18 +0,0 @@ -# Autogenerated - do NOT edit! - -DIRDEPS = \ - include \ - include/xlocale \ - lib/${CSU_DIR} \ - lib/libc \ - lib/libcompiler_rt \ - lib/libgeom \ - lib/libmd \ - lib/libutil \ - - -.include - -.if ${DEP_RELDIR} == ${_DEP_RELDIR} -# local dependencies - needed for -jN in clean tree -.endif diff --git a/sbin/gbde/gbde.8 b/sbin/gbde/gbde.8 deleted file mode 100644 index 1f3d41017307..000000000000 --- a/sbin/gbde/gbde.8 +++ /dev/null @@ -1,271 +0,0 @@ -.\" -.\" Copyright (c) 2002 Poul-Henning Kamp -.\" Copyright (c) 2002 Networks Associates Technology, Inc. -.\" All rights reserved. -.\" -.\" This software was developed for the FreeBSD Project by Poul-Henning Kamp -.\" and NAI Labs, the Security Research Division of Network Associates, Inc. -.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the -.\" DARPA CHATS research program. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.Dd October 3, 2016 -.Dt GBDE 8 -.Os -.Sh NAME -.Nm gbde -.Nd operation and management utility for Geom Based Disk Encryption -.Sh SYNOPSIS -.Nm -.Cm attach -.Ar destination -.Op Fl k Ar keyfile -.Op Fl l Ar lockfile -.Op Fl p Ar pass-phrase -.Nm -.Cm detach -.Ar destination -.Nm -.Cm init -.Ar destination -.Op Fl i -.Op Fl f Ar filename -.Op Fl K Ar new-keyfile -.Op Fl L Ar new-lockfile -.Op Fl P Ar new-pass-phrase -.Nm -.Cm setkey -.Ar destination -.Op Fl n Ar key -.Op Fl k Ar keyfile -.Op Fl l Ar lockfile -.Op Fl p Ar pass-phrase -.Op Fl K Ar new-keyfile -.Op Fl L Ar new-lockfile -.Op Fl P Ar new-pass-phrase -.Nm -.Cm nuke -.Ar destination -.Op Fl n Ar key -.Op Fl k Ar keyfile -.Op Fl l Ar lockfile -.Op Fl p Ar pass-phrase -.Nm -.Cm destroy -.Ar destination -.Op Fl k Ar keyfile -.Op Fl l Ar lockfile -.Op Fl p Ar pass-phrase -.Sh DESCRIPTION -.Bf -symbolic -NOTICE: -Please be aware that this code has not yet received much review -and analysis by qualified cryptographers and therefore should be considered -a slightly suspect experimental facility. -.Pp -We cannot at this point guarantee that the on-disk format will not change -in response to reviews or bug-fixes, so potential users are advised to -be prepared that -.Xr dump 8 Ns / Ns -.Xr restore 8 -based migrations may be called for in the future. -.Ef -.Pp -The -.Nm -utility is the only official operation and management interface for the -.Xr gbde 4 -.Tn GEOM -based disk encryption kernel facility. -The interaction between the -.Nm -utility and the kernel part is not a published interface. -.Pp -The operational aspect consists of two subcommands: -one to open and attach -a device to the in-kernel cryptographic -.Nm -module -.Pq Cm attach , -and one to close and detach a device -.Pq Cm detach . -.Pp -The management part allows initialization of the master key and lock sectors -on a device -.Pq Cm init , -initialization and replacement of pass-phrases -.Pq Cm setkey , -and key invalidation -.Pq Cm nuke -and blackening -.Pq Cm destroy -functions. -.Pp -The -.Fl l Ar lockfile -argument is used to supply the lock selector data. -If no -.Fl l -option is specified, the first sector is used for this purpose. -.Pp -The -.Fl L Ar new-lockfile -argument -specifies the lock selector file for the key -initialized with the -.Cm init -subcommand -or modified with the -.Cm setkey -subcommand. -.Pp -The -.Fl n Ar key -argument can be used to specify to which of the four keys -the operation applies. -A value of 1 to 4 selects the specified key, a value of 0 (the default) -means -.Dq "this key" -(i.e., the key used to gain access to the device) -and a value of \-1 means -.Dq "all keys" . -.Pp -The -.Fl f Ar filename -specifies an optional parameter file for use under initialization. -.Pp -Alternatively, the -.Fl i -option toggles an interactive mode where a template file with descriptions -of the parameters can be interactively edited. -.Pp -The -.Fl p Ar pass-phrase -argument -specifies the pass-phrase used for opening the device. -If not specified, the controlling terminal will be used to prompt the user -for the pass-phrase. -Be aware that using this option may expose the pass-phrase to other -users who happen to run -.Xr ps 1 -or similar while the command is running. -.Pp -The -.Fl P Ar new-pass-phrase -argument -can be used to specify the new pass-phrase to the -.Cm init -and -.Cm setkey -subcommands. -If not specified, the user is prompted for the new pass-phrase on the -controlling terminal. -Be aware that using this option may expose the pass-phrase to other -users who happen to run -.Xr ps 1 -or similar while the command is running. -.Pp -The -.Fl k Ar keyfile -argument specifies a key file to be used in combination with the -pass-phrase (whether the pass-phrase is specified on the command line -or entered from the terminal) for opening the device. -The device will only be opened if the contents of the key file and the -pass-phrase are both correct. -.Pp -The -.Fl K Ar new-keyfile -argument can be used to specify a new key file to the -.Cm init -and -.Cm setkey -subcommands. -If not specified, no key file will be used (even if one was previously -used). -.Sh EXAMPLES -To initialize a device, using default parameters: -.Pp -.Dl "gbde init /dev/ada0s1f -L /etc/ada0s1f.lock" -.Pp -To attach an encrypted device: -.Pp -.Dl "gbde attach ada0s1f -l /etc/ada0s1f.lock" -.Pp -The encrypted device has the suffix -.Pa .bde -so a typical -command to create and mount a file system would be: -.Pp -.Dl "newfs /dev/ada0s1f.bde" -.Dl "mount /dev/ada0s1f.bde /secret" -.Pp -To detach an encrypted device: -.Pp -.Dl "gbde detach ada0s1f" -.Pp -Please notice that detaching an encrypted device corresponds to -physically removing it, do not forget to unmount the file system first. -.Pp -To initialize the second key using a detached lockfile and a trivial -pass-phrase: -.Pp -.Dl "gbde setkey ada0s1f -n 2 -P foo -L key2.lockfile" -.Pp -To invalidate your own masterkey: -.Pp -.Dl "gbde nuke ada0s1f" -.Pp -This will overwrite your masterkey sector with zeros, and results in -a diagnostic if you try to use the key again. -You can also destroy the other three copies of the masterkey with the --n argument. -.Pp -You can also invalidate your masterkey without leaving a tell-tale sector -full of zeros: -.Pp -.Dl "gbde destroy ada0s1f" -.Pp -This will overwrite the information fields in your masterkey sector, -encrypt it and write it back. -You get a (different) diagnostic if you try to use it. -.Sh SEE ALSO -.Xr gbde 4 , -.Xr geom 4 -.Sh HISTORY -This software was developed for the -.Fx -Project by -.An Poul-Henning Kamp -and NAI Labs, the Security Research Division of Network Associates, Inc.\& -under DARPA/SPAWAR contract N66001-01-C-8035 -.Pq Dq CBOSS , -as part of the -DARPA CHATS research program. -.Nm -first appeared in -.Fx 5.0 . -.Sh AUTHORS -.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org -.Sh BUGS -The cryptographic algorithms and the overall design have not been -attacked mercilessly for over 10 years by a gang of cryptoanalysts. diff --git a/sbin/gbde/gbde.c b/sbin/gbde/gbde.c deleted file mode 100644 index e173bb78ad90..000000000000 --- a/sbin/gbde/gbde.c +++ /dev/null @@ -1,895 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause - * - * Copyright (c) 2002 Poul-Henning Kamp - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * This software was developed for the FreeBSD Project by Poul-Henning Kamp - * and NAI Labs, the Security Research Division of Network Associates, Inc. - * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the - * DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * XXX: Future stuff - * - * Replace the template file options (-i & -f) with command-line variables - * "-v property=foo" - * - * Introduce -e, extra entropy source (XOR with /dev/random) - * - * Introduce -E, alternate entropy source (instead of /dev/random) - * - * Introduce -i take IV from keyboard or - * - * Introduce -I take IV from file/cmd - * - * Introduce -m/-M store encrypted+encoded masterkey in file - * - * Introduce -k/-K get pass-phrase part from file/cmd - * - * Introduce -d add more dest-devices to worklist. - * - * Add key-option: selfdestruct bit. - * - * New/changed verbs: - * "onetime" attach with onetime nonstored locksector - * "key"/"unkey" to blast memory copy of key without orphaning - * "nuke" blow away everything attached, crash/halt/power-off if possible. - * "blast" destroy all copies of the masterkey - * "destroy" destroy one copy of the masterkey - * "backup"/"restore" of masterkey sectors. - * - * Make all verbs work on both attached/detached devices. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define GBDEMOD "geom_bde" -#define KASSERT(foo, bar) do { if(!(foo)) { warn bar ; exit (1); } } while (0) - -#include -#include - -extern const char template[]; - - -#if 0 -static void -g_hexdump(void *ptr, int length) -{ - int i, j, k; - unsigned char *cp; - - cp = ptr; - for (i = 0; i < length; i+= 16) { - printf("%04x ", i); - for (j = 0; j < 16; j++) { - k = i + j; - if (k < length) - printf(" %02x", cp[k]); - else - printf(" "); - } - printf(" |"); - for (j = 0; j < 16; j++) { - k = i + j; - if (k >= length) - printf(" "); - else if (cp[k] >= ' ' && cp[k] <= '~') - printf("%c", cp[k]); - else - printf("."); - } - printf("|\n"); - } -} -#endif - -static void __dead2 -usage(void) -{ - - (void)fprintf(stderr, -"usage: gbde attach destination [-k keyfile] [-l lockfile] [-p pass-phrase]\n" -" gbde detach destination\n" -" gbde init destination [-i] [-f filename] [-K new-keyfile]\n" -" [-L new-lockfile] [-P new-pass-phrase]\n" -" gbde setkey destination [-n key]\n" -" [-k keyfile] [-l lockfile] [-p pass-phrase]\n" -" [-K new-keyfile] [-L new-lockfile] [-P new-pass-phrase]\n" -" gbde nuke destination [-n key]\n" -" [-k keyfile] [-l lockfile] [-p pass-phrase]\n" -" gbde destroy destination [-k keyfile] [-l lockfile] [-p pass-phrase]\n"); - exit(1); -} - -void * -g_read_data(struct g_consumer *cp, off_t offset, off_t length, int *error) -{ - void *p; - int fd, i; - off_t o2; - - p = malloc(length); - if (p == NULL) - err(1, "malloc"); - fd = *(int *)cp; - o2 = lseek(fd, offset, SEEK_SET); - if (o2 != offset) - err(1, "lseek"); - i = read(fd, p, length); - if (i != length) - err(1, "read"); - if (error != NULL) - error = 0; - return (p); -} - -static void -random_bits(void *p, u_int len) -{ - arc4random_buf(p, len); -} - -/* XXX: not nice */ -static u_char sha2[SHA512_DIGEST_LENGTH]; - -static void -reset_passphrase(struct g_bde_softc *sc) -{ - - memcpy(sc->sha2, sha2, SHA512_DIGEST_LENGTH); -} - -static void -setup_passphrase(struct g_bde_softc *sc, int sure, const char *input, - const char *keyfile) -{ - char buf1[BUFSIZ + SHA512_DIGEST_LENGTH]; - char buf2[BUFSIZ + SHA512_DIGEST_LENGTH]; - char *p; - int kfd, klen, bpos = 0; - - if (keyfile != NULL) { - /* Read up to BUFSIZ bytes from keyfile */ - kfd = open(keyfile, O_RDONLY, 0); - if (kfd < 0) - err(1, "%s", keyfile); - klen = read(kfd, buf1, BUFSIZ); - if (klen == -1) - err(1, "%s", keyfile); - close(kfd); - - /* Prepend the passphrase with the hash of the key read */ - g_bde_hash_pass(sc, buf1, klen); - memcpy(buf1, sc->sha2, SHA512_DIGEST_LENGTH); - memcpy(buf2, sc->sha2, SHA512_DIGEST_LENGTH); - bpos = SHA512_DIGEST_LENGTH; - } - - if (input != NULL) { - if (strlen(input) >= BUFSIZ) - errx(1, "Passphrase too long"); - strcpy(buf1 + bpos, input); - - g_bde_hash_pass(sc, buf1, strlen(buf1 + bpos) + bpos); - memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH); - return; - } - for (;;) { - p = readpassphrase( - sure ? "Enter new passphrase:" : "Enter passphrase: ", - buf1 + bpos, sizeof buf1 - bpos, - RPP_ECHO_OFF | RPP_REQUIRE_TTY); - if (p == NULL) - err(1, "readpassphrase"); - - if (sure) { - p = readpassphrase("Reenter new passphrase: ", - buf2 + bpos, sizeof buf2 - bpos, - RPP_ECHO_OFF | RPP_REQUIRE_TTY); - if (p == NULL) - err(1, "readpassphrase"); - - if (strcmp(buf1 + bpos, buf2 + bpos)) { - printf("They didn't match.\n"); - continue; - } - } - if (strlen(buf1 + bpos) < 3) { - printf("Too short passphrase.\n"); - continue; - } - break; - } - g_bde_hash_pass(sc, buf1, strlen(buf1 + bpos) + bpos); - memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH); -} - -static void -encrypt_sector(void *d, int len, int klen, void *key) -{ - keyInstance ki; - cipherInstance ci; - int error; - - error = rijndael_cipherInit(&ci, MODE_CBC, NULL); - if (error <= 0) - errx(1, "rijndael_cipherInit=%d", error); - error = rijndael_makeKey(&ki, DIR_ENCRYPT, klen, key); - if (error <= 0) - errx(1, "rijndael_makeKeY=%d", error); - error = rijndael_blockEncrypt(&ci, &ki, d, len * 8, d); - if (error <= 0) - errx(1, "rijndael_blockEncrypt=%d", error); -} - -static void -cmd_attach(const struct g_bde_softc *sc, const char *dest, const char *lfile) -{ - int ffd; - u_char buf[16]; - struct gctl_req *r; - const char *errstr; - - r = gctl_get_handle(); - gctl_ro_param(r, "verb", -1, "create geom"); - gctl_ro_param(r, "class", -1, "BDE"); - gctl_ro_param(r, "provider", -1, dest); - gctl_ro_param(r, "pass", SHA512_DIGEST_LENGTH, sc->sha2); - if (lfile != NULL) { - ffd = open(lfile, O_RDONLY, 0); - if (ffd < 0) - err(1, "%s", lfile); - read(ffd, buf, 16); - gctl_ro_param(r, "key", 16, buf); - close(ffd); - } - errstr = gctl_issue(r); - if (errstr != NULL) - errx(1, "Attach to %s failed: %s", dest, errstr); - - exit (0); -} - -static void -cmd_detach(const char *dest) -{ - struct gctl_req *r; - const char *errstr; - char buf[BUFSIZ]; - - r = gctl_get_handle(); - gctl_ro_param(r, "verb", -1, "destroy geom"); - gctl_ro_param(r, "class", -1, "BDE"); - sprintf(buf, "%s.bde", dest); - gctl_ro_param(r, "geom", -1, buf); - /* gctl_dump(r, stdout); */ - errstr = gctl_issue(r); - if (errstr != NULL) - errx(1, "Detach of %s failed: %s", dest, errstr); - exit (0); -} - -static void -cmd_open(struct g_bde_softc *sc, int dfd , const char *l_opt, u_int *nkey) -{ - int error; - int ffd; - u_char keyloc[16]; - u_int sectorsize; - off_t mediasize; - struct stat st; - - error = ioctl(dfd, DIOCGSECTORSIZE, §orsize); - if (error) - sectorsize = 512; - error = ioctl(dfd, DIOCGMEDIASIZE, &mediasize); - if (error) { - error = fstat(dfd, &st); - if (error == 0 && S_ISREG(st.st_mode)) - mediasize = st.st_size; - else - error = ENOENT; - } - if (error) - mediasize = (off_t)-1; - if (l_opt != NULL) { - ffd = open(l_opt, O_RDONLY, 0); - if (ffd < 0) - err(1, "%s", l_opt); - read(ffd, keyloc, sizeof keyloc); - close(ffd); - } else { - memset(keyloc, 0, sizeof keyloc); - } - - error = g_bde_decrypt_lock(sc, sc->sha2, keyloc, mediasize, - sectorsize, nkey); - if (error == ENOENT) - errx(1, "Lock was destroyed."); - if (error == ESRCH) - errx(1, "Lock was nuked."); - if (error == ENOTDIR) - errx(1, "Lock not found"); - if (error != 0) - errx(1, "Error %d decrypting lock", error); - if (nkey) - printf("Opened with key %u\n", 1 + *nkey); - return; -} - -static void -cmd_nuke(struct g_bde_key *gl, int dfd , int key) -{ - int i; - u_char *sbuf; - off_t offset, offset2; - - sbuf = malloc(gl->sectorsize); - memset(sbuf, 0, gl->sectorsize); - offset = (gl->lsector[key] & ~(gl->sectorsize - 1)); - offset2 = lseek(dfd, offset, SEEK_SET); - if (offset2 != offset) - err(1, "lseek"); - i = write(dfd, sbuf, gl->sectorsize); - free(sbuf); - if (i != (int)gl->sectorsize) - err(1, "write"); - printf("Nuked key %d\n", 1 + key); -} - -static void -cmd_write(struct g_bde_key *gl, struct g_bde_softc *sc, int dfd , int key, const char *l_opt) -{ - int i, ffd; - uint64_t off[2]; - u_char keyloc[16]; - u_char *sbuf, *q; - off_t offset, offset2; - - sbuf = malloc(gl->sectorsize); - /* - * Find the byte-offset in the lock sector where we will put the lock - * data structure. We can put it any random place as long as the - * structure fits. - */ - for(;;) { - random_bits(off, sizeof off); - off[0] &= (gl->sectorsize - 1); - if (off[0] + G_BDE_LOCKSIZE > gl->sectorsize) - continue; - break; - } - - /* Add the sector offset in bytes */ - off[0] += (gl->lsector[key] & ~(gl->sectorsize - 1)); - gl->lsector[key] = off[0]; - - i = g_bde_keyloc_encrypt(sc->sha2, off[0], off[1], keyloc); - if (i) - errx(1, "g_bde_keyloc_encrypt()"); - if (l_opt != NULL) { - ffd = open(l_opt, O_WRONLY | O_CREAT | O_TRUNC, 0600); - if (ffd < 0) - err(1, "%s", l_opt); - write(ffd, keyloc, sizeof keyloc); - close(ffd); - } else if (gl->flags & GBDE_F_SECT0) { - offset2 = lseek(dfd, 0, SEEK_SET); - if (offset2 != 0) - err(1, "lseek"); - i = read(dfd, sbuf, gl->sectorsize); - if (i != (int)gl->sectorsize) - err(1, "read"); - memcpy(sbuf + key * 16, keyloc, sizeof keyloc); - offset2 = lseek(dfd, 0, SEEK_SET); - if (offset2 != 0) - err(1, "lseek"); - i = write(dfd, sbuf, gl->sectorsize); - if (i != (int)gl->sectorsize) - err(1, "write"); - } else { - errx(1, "No -L option and no space in sector 0 for lockfile"); - } - - /* Allocate a sectorbuffer and fill it with random junk */ - if (sbuf == NULL) - err(1, "malloc"); - random_bits(sbuf, gl->sectorsize); - - /* Fill random bits in the spare field */ - random_bits(gl->spare, sizeof(gl->spare)); - - /* Encode the structure where we want it */ - q = sbuf + (off[0] % gl->sectorsize); - i = g_bde_encode_lock(sc->sha2, gl, q); - if (i < 0) - errx(1, "programming error encoding lock"); - - encrypt_sector(q, G_BDE_LOCKSIZE, 256, sc->sha2 + 16); - offset = gl->lsector[key] & ~(gl->sectorsize - 1); - offset2 = lseek(dfd, offset, SEEK_SET); - if (offset2 != offset) - err(1, "lseek"); - i = write(dfd, sbuf, gl->sectorsize); - if (i != (int)gl->sectorsize) - err(1, "write"); - free(sbuf); -#if 0 - printf("Wrote key %d at %jd\n", key, (intmax_t)offset); - printf("s0 = %jd\n", (intmax_t)gl->sector0); - printf("sN = %jd\n", (intmax_t)gl->sectorN); - printf("l[0] = %jd\n", (intmax_t)gl->lsector[0]); - printf("l[1] = %jd\n", (intmax_t)gl->lsector[1]); - printf("l[2] = %jd\n", (intmax_t)gl->lsector[2]); - printf("l[3] = %jd\n", (intmax_t)gl->lsector[3]); - printf("k = %jd\n", (intmax_t)gl->keyoffset); - printf("ss = %jd\n", (intmax_t)gl->sectorsize); -#endif -} - -static void -cmd_destroy(struct g_bde_key *gl, int nkey) -{ - int i; - - bzero(&gl->sector0, sizeof gl->sector0); - bzero(&gl->sectorN, sizeof gl->sectorN); - bzero(&gl->keyoffset, sizeof gl->keyoffset); - gl->flags &= GBDE_F_SECT0; - bzero(gl->mkey, sizeof gl->mkey); - for (i = 0; i < G_BDE_MAXKEYS; i++) - if (i != nkey) - gl->lsector[i] = ~0; -} - -static int -sorthelp(const void *a, const void *b) -{ - const uint64_t *oa, *ob; - - oa = a; - ob = b; - if (*oa > *ob) - return 1; - if (*oa < *ob) - return -1; - return 0; -} - -static void -cmd_init(struct g_bde_key *gl, int dfd, const char *f_opt, int i_opt, const char *l_opt) -{ - int i; - u_char *buf; - unsigned sector_size; - uint64_t first_sector; - uint64_t last_sector; - uint64_t total_sectors; - off_t off, off2; - unsigned nkeys; - const char *p; - char *q, cbuf[BUFSIZ]; - unsigned u, u2; - uint64_t o; - properties params; - - bzero(gl, sizeof *gl); - if (f_opt != NULL) { - i = open(f_opt, O_RDONLY); - if (i < 0) - err(1, "%s", f_opt); - params = properties_read(i); - close (i); - } else if (i_opt) { - /* XXX: Polish */ - asprintf(&q, "%stemp.XXXXXXXXXX", _PATH_TMP); - if (q == NULL) - err(1, "asprintf"); - i = mkstemp(q); - if (i < 0) - err(1, "%s", q); - write(i, template, strlen(template)); - close (i); - p = getenv("EDITOR"); - if (p == NULL) - p = "vi"; - if (snprintf(cbuf, sizeof(cbuf), "%s %s\n", p, q) >= - (ssize_t)sizeof(cbuf)) { - unlink(q); - errx(1, "EDITOR is too long"); - } - system(cbuf); - i = open(q, O_RDONLY); - if (i < 0) - err(1, "%s", f_opt); - params = properties_read(i); - close (i); - unlink(q); - free(q); - } else { - /* XXX: Hack */ - i = open(_PATH_DEVNULL, O_RDONLY); - if (i < 0) - err(1, "%s", _PATH_DEVNULL); - params = properties_read(i); - close (i); - } - - /* */ - p = property_find(params, "sector_size"); - i = ioctl(dfd, DIOCGSECTORSIZE, &u); - if (p != NULL) { - sector_size = strtoul(p, &q, 0); - if (!*p || *q) - errx(1, "sector_size not a proper number"); - } else if (i == 0) { - sector_size = u; - } else { - errx(1, "Missing sector_size property"); - } - if (sector_size & (sector_size - 1)) - errx(1, "sector_size not a power of 2"); - if (sector_size < 512) - errx(1, "sector_size is smaller than 512"); - buf = malloc(sector_size); - if (buf == NULL) - err(1, "Failed to malloc sector buffer"); - gl->sectorsize = sector_size; - - i = ioctl(dfd, DIOCGMEDIASIZE, &off); - if (i == 0) { - first_sector = 0; - total_sectors = off / sector_size; - last_sector = total_sectors - 1; - } else { - first_sector = 0; - last_sector = 0; - total_sectors = 0; - } - - /* */ - p = property_find(params, "first_sector"); - if (p != NULL) { - first_sector = strtoul(p, &q, 0); - if (!*p || *q) - errx(1, "first_sector not a proper number"); - } - - /* */ - p = property_find(params, "last_sector"); - if (p != NULL) { - last_sector = strtoul(p, &q, 0); - if (!*p || *q) - errx(1, "last_sector not a proper number"); - if (last_sector <= first_sector) - errx(1, "last_sector not larger than first_sector"); - total_sectors = last_sector + 1; - } - - /* */ - p = property_find(params, "total_sectors"); - if (p != NULL) { *** 5852 LINES SKIPPED ***