summaryrefslogtreecommitdiffstats
path: root/sbin/geom
diff options
context:
space:
mode:
authorpjd <pjd@FreeBSD.org>2006-06-05 21:40:54 +0000
committerpjd <pjd@FreeBSD.org>2006-06-05 21:40:54 +0000
commitf75bb255dcbcba07e793a434309c47e03645561f (patch)
treee1c263827d670cacf014ec136a345bfa2173c00c /sbin/geom
parent3af66839d055bd726b45212e94f3c92606f3e7d8 (diff)
downloadFreeBSD-src-f75bb255dcbcba07e793a434309c47e03645561f.zip
FreeBSD-src-f75bb255dcbcba07e793a434309c47e03645561f.tar.gz
Userland bits of geli(8) data authentication.
Now, encryption algorithm is given using '-e' option, not '-a'. The '-a' option is now used to specify authentication algorithm. Supported by: Wheel Sp. z o.o. (http://www.wheel.pl)
Diffstat (limited to 'sbin/geom')
-rw-r--r--sbin/geom/class/eli/geom_eli.c44
1 files changed, 29 insertions, 15 deletions
diff --git a/sbin/geom/class/eli/geom_eli.c b/sbin/geom/class/eli/geom_eli.c
index e71adc9..90df179 100644
--- a/sbin/geom/class/eli/geom_eli.c
+++ b/sbin/geom/class/eli/geom_eli.c
@@ -54,7 +54,8 @@ __FBSDID("$FreeBSD$");
uint32_t lib_version = G_LIB_VERSION;
uint32_t version = G_ELI_VERSION;
-static char algo[] = "aes";
+static char aalgo[] = "none";
+static char ealgo[] = "aes";
static intmax_t keylen = 0;
static intmax_t keyno = -1;
static intmax_t iterations = -1;
@@ -75,12 +76,12 @@ static void eli_dump(struct gctl_req *req);
/*
* Available commands:
*
- * init [-bhPv] [-a algo] [-i iterations] [-l keylen] [-K newkeyfile] prov
+ * init [-bhPv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] prov
* label - alias for 'init'
* attach [-dpv] [-k keyfile] prov
* detach [-fl] prov ...
* stop - alias for 'detach'
- * onetime [-d] [-a algo] [-l keylen] prov ...
+ * onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] prov ...
* setkey [-pPv] [-n keyno] [-k keyfile] [-K newkeyfile] prov
* delkey [-afv] [-n keyno] prov
* kill [-av] [prov ...]
@@ -92,8 +93,9 @@ static void eli_dump(struct gctl_req *req);
struct g_command class_commands[] = {
{ "init", G_FLAG_VERBOSE, eli_main,
{
- { 'a', "algo", algo, G_TYPE_STRING },
+ { 'a', "aalgo", aalgo, G_TYPE_STRING },
{ 'b', "boot", NULL, G_TYPE_NONE },
+ { 'e', "ealgo", ealgo, G_TYPE_STRING },
{ 'i', "iterations", &iterations, G_TYPE_NUMBER },
{ 'K', "newkeyfile", newkeyfile, G_TYPE_STRING },
{ 'l', "keylen", &keylen, G_TYPE_NUMBER },
@@ -101,12 +103,13 @@ struct g_command class_commands[] = {
{ 's', "sectorsize", &sectorsize, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-bPv] [-a algo] [-i iterations] [-l keylen] [-K newkeyfile] [-s sectorsize] prov"
+ "[-bPv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] [-s sectorsize] prov"
},
{ "label", G_FLAG_VERBOSE, eli_main,
{
- { 'a', "algo", algo, G_TYPE_STRING },
+ { 'a', "aalgo", aalgo, G_TYPE_STRING },
{ 'b', "boot", NULL, G_TYPE_NONE },
+ { 'e', "ealgo", ealgo, G_TYPE_STRING },
{ 'i', "iterations", &iterations, G_TYPE_NUMBER },
{ 'K', "newkeyfile", newkeyfile, G_TYPE_STRING },
{ 'l', "keylen", &keylen, G_TYPE_NUMBER },
@@ -143,13 +146,14 @@ struct g_command class_commands[] = {
},
{ "onetime", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL,
{
- { 'a', "algo", algo, G_TYPE_STRING },
+ { 'a', "aalgo", aalgo, G_TYPE_STRING },
{ 'd', "detach", NULL, G_TYPE_NONE },
+ { 'e', "ealgo", ealgo, G_TYPE_STRING },
{ 'l', "keylen", &keylen, G_TYPE_NUMBER },
{ 's', "sectorsize", &sectorsize, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-d] [-a algo] [-l keylen] [-s sectorsize] prov ..."
+ "[-d] [-a aalgo] [-e ealgo] [-l keylen] [-s sectorsize] prov ..."
},
{ "setkey", G_FLAG_VERBOSE, eli_main,
{
@@ -523,16 +527,26 @@ eli_init(struct gctl_req *req)
md.md_flags = 0;
if (gctl_get_int(req, "boot"))
md.md_flags |= G_ELI_FLAG_BOOT;
- str = gctl_get_ascii(req, "algo");
- md.md_algo = g_eli_str2algo(str);
- if (md.md_algo < CRYPTO_ALGORITHM_MIN ||
- md.md_algo > CRYPTO_ALGORITHM_MAX) {
+ str = gctl_get_ascii(req, "aalgo");
+ if (strcmp(str, "none") != 0) {
+ md.md_aalgo = g_eli_str2aalgo(str);
+ if (md.md_aalgo < CRYPTO_ALGORITHM_MIN ||
+ md.md_aalgo > CRYPTO_ALGORITHM_MAX) {
+ gctl_error(req, "Invalid authentication algorithm.");
+ return;
+ }
+ md.md_flags |= G_ELI_FLAG_AUTH;
+ }
+ str = gctl_get_ascii(req, "ealgo");
+ md.md_ealgo = g_eli_str2ealgo(str);
+ if (md.md_ealgo < CRYPTO_ALGORITHM_MIN ||
+ md.md_ealgo > CRYPTO_ALGORITHM_MAX) {
gctl_error(req, "Invalid encryption algorithm.");
return;
}
val = gctl_get_intmax(req, "keylen");
md.md_keylen = val;
- md.md_keylen = g_eli_keylen(md.md_algo, md.md_keylen);
+ md.md_keylen = g_eli_keylen(md.md_ealgo, md.md_keylen);
if (md.md_keylen == 0) {
gctl_error(req, "Invalid key length.");
return;
@@ -579,7 +593,7 @@ eli_init(struct gctl_req *req)
}
/* Encrypt the first and the only Master Key. */
- error = g_eli_mkey_encrypt(md.md_algo, key, md.md_keylen, md.md_mkeys);
+ error = g_eli_mkey_encrypt(md.md_ealgo, key, md.md_keylen, md.md_mkeys);
bzero(key, sizeof(key));
if (error != 0) {
bzero(&md, sizeof(md));
@@ -733,7 +747,7 @@ eli_setkey_detached(struct gctl_req *req, const char *prov,
}
/* Encrypt the Master-Key with the new key. */
- error = g_eli_mkey_encrypt(md->md_algo, key, md->md_keylen, mkeydst);
+ error = g_eli_mkey_encrypt(md->md_ealgo, key, md->md_keylen, mkeydst);
bzero(key, sizeof(key));
if (error != 0) {
bzero(md, sizeof(*md));
OpenPOWER on IntegriCloud