Status GBDE attach at boot [PATCH]

Allan Fields bsd at afields.ca
Wed Jan 21 07:43:57 PST 2004 

On Wed, Jan 21, 2004 at 04:26:09PM +0100, Poul-Henning Kamp wrote:
> 
> Hi Allan,
> 
> Can you please redo the diff -with '-u' ?

Sure, attached.

> Poul-Henning
> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk at FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe    
> Never attribute to malice what can adequately be explained by incompetence.

-- 
 Allan Fields                  _.^.  ,_ ,. ._ .
 AFRSL - http://afields.ca    <,'/-\/- /\'_| /_
 Ottawa, Canada                `'|'====-=--- -- -
                                 `---- -- -
 BSDCan 2004: May 2004, Ottawa
 See http://www.bsdcan.org for details.
-------------- next part --------------
diff -ru src-5_2/sbin/gbde/gbde.c src-5_2-afields/sbin/gbde/gbde.c
--- src-5_2/sbin/gbde/gbde.c	Mon Oct 13 16:14:02 2003
+++ src-5_2-afields/sbin/gbde/gbde.c	Wed Jan 21 10:03:20 2004
@@ -40,14 +40,16 @@
  *
  * Introduce -E, alternate entropy source (instead of /dev/random)
  *
+ * Introduce -c, cipher specification
+ *
+ * Introduce -o, one-time-pad source
+ *
  * Introduce -i take IV from keyboard or 
  *
  * Introduce -I take IV from file/cmd
  *
  * Introduce -m/-M store encrypted+encoded masterkey in file
  *
- * Introduce -k/-K get pass-phrase part from file/cmd
- *
  * Introduce -d add more dest-devices to worklist.
  *
  * Add key-option: selfdestruct bit.
@@ -62,6 +64,8 @@
  *
  * Make all verbs work on both attached/detached devices.
  *
+ * Investigate process memory scrubbing and file caching issues further
+ *
  */
 
 #include <sys/types.h>
@@ -142,6 +146,10 @@
 	fprintf(stderr, "\t%s init /dev/dest [-i] [-f filename] [-L lockfile]\n", p);
 	fprintf(stderr, "\t%s setkey dest [-n key] [-l lockfile] [-L lockfile]\n", p);
 	fprintf(stderr, "\t%s destroy dest [-n key] [-l lockfile] [-L lockfile]\n", p);
+	fprintf(stderr, "Key entry:\n");
+	fprintf(stderr, "\tBy default the user is prompted on the tty.  From the command line:\n");
+	fprintf(stderr, "\t-p/-P <passphrase>\t\t-k/-K <keyfile>\n");
+	fprintf(stderr, "\t-k-/-K- for input on stdin\t-r toggles 'raw' mode\n");
 	exit (1);
 }
 
@@ -234,6 +242,35 @@
 	memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH);
 }
 
+static const char *
+read_keyfile(const char *keyf, int raw)
+{ /* XXX: to be reviewed by authors */
+	static FILE * kf;
+	char kbuf[BUFSIZ];
+	char c; int i;
+
+	if (strchr(&keyf[0],'-')&&
+	    strchr(&keyf[1],'\0'))
+		kf = fdopen(STDIN_FILENO,"r");
+	else	kf = fopen(keyf,"r");
+	if (kf == NULL)
+		errx(errno,"Error opening keyfile: %s\n",strerror(errno));
+
+	bzero(kbuf, sizeof(kbuf));
+	for (i = 0; (c = getc(kf)) != EOF && (i < BUFSIZ-1); i++) {
+		if (raw == 0 && (c=='\n' || c=='\r')) break;
+		kbuf[i] = c;
+	}   /*  kbuf[BUFSIZ] = '\0'; */
+
+	if (ferror(kf) != 0)
+		errx(errno, "Error reading keyfile: %s",strerror(errno));
+	else if (strlen(kbuf) < 3)
+		errx(1,"Too short passphrase from keyfile\n");
+		
+	(void)fclose(kf);
+	return strdup(kbuf); /* XXX: No way to scrub buf before return? */
+}
+
 static void
 encrypt_sector(void *d, int len, int klen, void *key)
 {
@@ -692,9 +729,10 @@
 	const char *opts;
 	const char *l_opt, *L_opt;
 	const char *p_opt, *P_opt;
-	const char *f_opt;
+	const char *k_opt, *K_opt;
+	const char *f_opt, *pbuf;
 	char *dest;
-	int i_opt, n_opt, ch, dfd, doopen;
+	int i_opt, n_opt, r_opt, ch, dfd, doopen;
 	u_int nkey;
 	int i;
 	char *q, buf[BUFSIZ];
@@ -713,26 +751,26 @@
 	doopen = 0;
 	if (!strcmp(argv[1], "attach")) {
 		action = ACT_ATTACH;
-		opts = "l:p:";
+		opts = "l:p:k:r";
 	} else if (!strcmp(argv[1], "detach")) {
 		action = ACT_DETACH;
 		opts = "";
 	} else if (!strcmp(argv[1], "init")) {
 		action = ACT_INIT;
 		doopen = 1;
-		opts = "f:iL:P:";
+		opts = "f:iL:P:K:r";
 	} else if (!strcmp(argv[1], "setkey")) {
 		action = ACT_SETKEY;
 		doopen = 1;
-		opts = "n:l:L:p:P:";
+		opts = "n:l:L:p:k:P:K:r";
 	} else if (!strcmp(argv[1], "destroy")) {
 		action = ACT_DESTROY;
 		doopen = 1;
-		opts = "l:p:";
+		opts = "l:p:k:r";
 	} else if (!strcmp(argv[1], "nuke")) {
 		action = ACT_NUKE;
 		doopen = 1;
-		opts = "l:p:n:";
+		opts = "n:l:p:k:r";
 	} else {
 		usage("Unknown sub command\n");
 	}
@@ -743,10 +781,14 @@
 	argc--;
 	argv++;
 
+	pbuf  = NULL;
 	p_opt = NULL;
 	P_opt = NULL;
 	l_opt = NULL;
 	L_opt = NULL;
+	k_opt = NULL;
+	K_opt = NULL;
+	r_opt = 0;
 	f_opt = NULL;
 	n_opt = 0;
 	i_opt = 0;
@@ -770,6 +812,15 @@
 		case 'P':
 			P_opt = optarg;
 			break;
+		case 'k':
+			k_opt = optarg;
+			break;
+		case 'K':
+			K_opt = optarg;
+			break;
+		case 'r':
+			r_opt = 1;
+			break;
 		case 'n':
 			n_opt = strtoul(optarg, &q, 0);
 			if (!*optarg || *q)
@@ -780,6 +831,9 @@
 			usage("Invalid option\n");
 		}
 
+	if (p_opt && k_opt) usage("Duplicate key spec: -p and -k\n");
+	if (P_opt && K_opt) usage("Duplicate key spec: -P and -K\n");
+
 	if (doopen) {
 		dfd = open(dest, O_RDWR | O_CREAT, 0644);
 		if (dfd < 0) {
@@ -803,7 +857,10 @@
 	gl = &sc.key;
 	switch(action) {
 	case ACT_ATTACH:
-		setup_passphrase(&sc, 0, p_opt);
+		if (k_opt)	pbuf = read_keyfile(k_opt, r_opt);
+		else if (p_opt) pbuf = strdup(p_opt);
+		setup_passphrase(&sc, 0, pbuf);
+
 		cmd_attach(&sc, dest, l_opt);
 		break;
 	case ACT_DETACH:
@@ -811,26 +868,43 @@
 		break;
 	case ACT_INIT:
 		cmd_init(gl, dfd, f_opt, i_opt, L_opt);
-		setup_passphrase(&sc, 1, P_opt);
+
+		if (K_opt)	pbuf = read_keyfile(K_opt, r_opt);
+		else if (P_opt) pbuf = strdup(P_opt);
+		setup_passphrase(&sc, 1, pbuf);
+
 		cmd_write(gl, &sc, dfd, 0, L_opt);
 		break;
 	case ACT_SETKEY:
-		setup_passphrase(&sc, 0, p_opt);
+		if (k_opt)	pbuf = read_keyfile(k_opt, r_opt);
+		else if (p_opt) pbuf = strdup(p_opt);
+		setup_passphrase(&sc, 0, pbuf);
+
 		cmd_open(&sc, dfd, l_opt, &nkey);
 		if (n_opt == 0)
 			n_opt = nkey + 1;
-		setup_passphrase(&sc, 1, P_opt);
+
+		if (K_opt)	pbuf = read_keyfile(K_opt, r_opt);
+		else if (P_opt) pbuf = strdup(P_opt);
+		setup_passphrase(&sc, 1, pbuf);
+
 		cmd_write(gl, &sc, dfd, n_opt - 1, L_opt);
 		break;
 	case ACT_DESTROY:
-		setup_passphrase(&sc, 0, p_opt);
+		if (k_opt)	pbuf = read_keyfile(k_opt, r_opt);
+		else if (p_opt) pbuf = strdup(p_opt);
+		setup_passphrase(&sc, 0, pbuf);
+
 		cmd_open(&sc, dfd, l_opt, &nkey);
 		cmd_destroy(gl, nkey);
 		reset_passphrase(&sc);
 		cmd_write(gl, &sc, dfd, nkey, l_opt);
 		break;
 	case ACT_NUKE:
-		setup_passphrase(&sc, 0, p_opt);
+		if (k_opt)	pbuf = read_keyfile(k_opt, r_opt);
+		else if (p_opt) pbuf = strdup(p_opt);
+		setup_passphrase(&sc, 0, pbuf);
+
 		cmd_open(&sc, dfd, l_opt, &nkey);
 		if (n_opt == 0)
 			n_opt = nkey + 1;
diff -ru src-5_2/sbin/gbde/test.sh src-5_2-afields/sbin/gbde/test.sh
--- src-5_2/sbin/gbde/test.sh	Fri Oct 17 15:52:07 2003
+++ src-5_2-afields/sbin/gbde/test.sh	Wed Jan 21 05:57:16 2004
@@ -2,42 +2,42 @@
 # $FreeBSD: src/sbin/gbde/test.sh,v 1.3 2003/10/17 19:52:07 phk Exp $
 
 set -e
+GBDE=./gbde
 
 MD=99
 mdconfig -d -u $MD > /dev/null 2>&1 || true
-
 mdconfig -a -t malloc -s 1m -u $MD
 
 D=/dev/md$MD
 
-./gbde init $D -P foo -L /tmp/_l1
-./gbde setkey $D -p foo -l /tmp/_l1 -P bar -L /tmp/_l1
-./gbde setkey $D -p bar -l /tmp/_l1 -P foo -L /tmp/_l1
-
-./gbde setkey $D -p foo  -l /tmp/_l1 -n 2 -P foo2 -L /tmp/_l2
-./gbde setkey $D -p foo2 -l /tmp/_l2 -n 3 -P foo3 -L /tmp/_l3
-./gbde setkey $D -p foo3 -l /tmp/_l3 -n 4 -P foo4 -L /tmp/_l4
-./gbde setkey $D -p foo4 -l /tmp/_l4 -n 1 -P foo1 -L /tmp/_l1
-
-./gbde nuke $D -p foo1 -l /tmp/_l1 -n 4
-if ./gbde nuke $D -p foo4 -l /tmp/_l4 -n 3 ; then false ; fi
-./gbde destroy $D -p foo2 -l /tmp/_l2
-if ./gbde destroy $D -p foo2 -l /tmp/_l2 ; then false ; fi
-
-./gbde nuke $D -p foo1 -l /tmp/_l1 -n -1
-if ./gbde nuke $D -p foo1 -l /tmp/_l1 -n -1 ; then false ; fi
-if ./gbde nuke $D -p foo2 -l /tmp/_l2 -n -1 ; then false ; fi
-if ./gbde nuke $D -p foo3 -l /tmp/_l3 -n -1 ; then false ; fi
-if ./gbde nuke $D -p foo4 -l /tmp/_l4 -n -1 ; then false ; fi
-
-./gbde init $D -P foo 
-./gbde setkey $D -p foo -P bar
-./gbde setkey $D -p bar -P foo
-
-./gbde setkey $D -p foo  -n 2 -P foo2
-./gbde setkey $D -p foo2 -n 3 -P foo3
-./gbde setkey $D -p foo3 -n 4 -P foo4
-./gbde setkey $D -p foo4 -n 1 -P foo1
+${GBDE} init $D -P foo -L /tmp/_l1
+${GBDE} setkey $D -p foo -l /tmp/_l1 -P bar -L /tmp/_l1
+${GBDE} setkey $D -p bar -l /tmp/_l1 -P foo -L /tmp/_l1
+
+${GBDE} setkey $D -p foo  -l /tmp/_l1 -n 2 -P foo2 -L /tmp/_l2
+${GBDE} setkey $D -p foo2 -l /tmp/_l2 -n 3 -P foo3 -L /tmp/_l3
+${GBDE} setkey $D -p foo3 -l /tmp/_l3 -n 4 -P foo4 -L /tmp/_l4
+${GBDE} setkey $D -p foo4 -l /tmp/_l4 -n 1 -P foo1 -L /tmp/_l1
+
+${GBDE} nuke $D -p foo1 -l /tmp/_l1 -n 4
+if ${GBDE} nuke $D -p foo4 -l /tmp/_l4 -n 3 ; then false ; fi
+${GBDE} destroy $D -p foo2 -l /tmp/_l2
+if ${GBDE} destroy $D -p foo2 -l /tmp/_l2 ; then false ; fi
+
+${GBDE} nuke $D -p foo1 -l /tmp/_l1 -n -1
+if ${GBDE} nuke $D -p foo1 -l /tmp/_l1 -n -1 ; then false ; fi
+if ${GBDE} nuke $D -p foo2 -l /tmp/_l2 -n -1 ; then false ; fi
+if ${GBDE} nuke $D -p foo3 -l /tmp/_l3 -n -1 ; then false ; fi
+if ${GBDE} nuke $D -p foo4 -l /tmp/_l4 -n -1 ; then false ; fi
+
+${GBDE} init $D -P foo 
+${GBDE} setkey $D -p foo -P bar
+${GBDE} setkey $D -p bar -P foo
+
+${GBDE} setkey $D -p foo  -n 2 -P foo2
+${GBDE} setkey $D -p foo2 -n 3 -P foo3
+${GBDE} setkey $D -p foo3 -n 4 -P foo4
+${GBDE} setkey $D -p foo4 -n 1 -P foo1
 
 mdconfig -d -u $MD
 
@@ -47,9 +47,9 @@
 else
 	uudecode -p ${1}/image.uu | bzcat > $D
 fi
-gbde attach $D -p foo
+${GBDE} attach $D -p foo
 fsck_ffs ${D}.bde
-gbde detach $D
+${GBDE} detach $D
 mdconfig -d -u $MD

More information about the freebsd-hackers mailing list