summaryrefslogtreecommitdiffstats
path: root/sys/geom/eli/g_eli_ctl.c
diff options
context:
space:
mode:
authorpjd <pjd@FreeBSD.org>2006-06-05 21:38:54 +0000
committerpjd <pjd@FreeBSD.org>2006-06-05 21:38:54 +0000
commit3af66839d055bd726b45212e94f3c92606f3e7d8 (patch)
treeb1352efa0d8f7422e30192f24f7c57d6f1635386 /sys/geom/eli/g_eli_ctl.c
parentc7f4418287d976dea4735bd1459becbe46c8d515 (diff)
downloadFreeBSD-src-3af66839d055bd726b45212e94f3c92606f3e7d8.zip
FreeBSD-src-3af66839d055bd726b45212e94f3c92606f3e7d8.tar.gz
Implement data integrity verification (data authentication) for geli(8).
Supported by: Wheel Sp. z o.o. (http://www.wheel.pl)
Diffstat (limited to 'sys/geom/eli/g_eli_ctl.c')
-rw-r--r--sys/geom/eli/g_eli_ctl.c35
1 files changed, 24 insertions, 11 deletions
diff --git a/sys/geom/eli/g_eli_ctl.c b/sys/geom/eli/g_eli_ctl.c
index e8297d3..a7b6b45 100644
--- a/sys/geom/eli/g_eli_ctl.c
+++ b/sys/geom/eli/g_eli_ctl.c
@@ -250,15 +250,30 @@ g_eli_ctl_onetime(struct gctl_req *req, struct g_class *mp)
if (*detach)
md.md_flags |= G_ELI_FLAG_WO_DETACH;
- name = gctl_get_asciiparam(req, "algo");
+ name = gctl_get_asciiparam(req, "aalgo");
if (name == NULL) {
- gctl_error(req, "No '%s' argument.", "algo");
+ gctl_error(req, "No '%s' argument.", "aalgo");
return;
}
- md.md_algo = g_eli_str2algo(name);
- if (md.md_algo < CRYPTO_ALGORITHM_MIN ||
- md.md_algo > CRYPTO_ALGORITHM_MAX) {
- gctl_error(req, "Invalid '%s' argument.", "algo");
+ if (strcmp(name, "none") != 0) {
+ md.md_aalgo = g_eli_str2aalgo(name);
+ if (md.md_aalgo < CRYPTO_ALGORITHM_MIN ||
+ md.md_aalgo > CRYPTO_ALGORITHM_MAX) {
+ gctl_error(req, "Invalid authentication algorithm.");
+ return;
+ }
+ md.md_flags |= G_ELI_FLAG_AUTH;
+ }
+
+ name = gctl_get_asciiparam(req, "ealgo");
+ if (name == NULL) {
+ gctl_error(req, "No '%s' argument.", "ealgo");
+ return;
+ }
+ md.md_ealgo = g_eli_str2ealgo(name);
+ if (md.md_ealgo < CRYPTO_ALGORITHM_MIN ||
+ md.md_ealgo > CRYPTO_ALGORITHM_MAX) {
+ gctl_error(req, "Invalid encryption algorithm.");
return;
}
@@ -267,7 +282,7 @@ g_eli_ctl_onetime(struct gctl_req *req, struct g_class *mp)
gctl_error(req, "No '%s' argument.", "keylen");
return;
}
- md.md_keylen = g_eli_keylen(md.md_algo, *keylen);
+ md.md_keylen = g_eli_keylen(md.md_ealgo, *keylen);
if (md.md_keylen == 0) {
gctl_error(req, "Invalid '%s' argument.", "keylen");
return;
@@ -395,12 +410,10 @@ g_eli_ctl_setkey(struct gctl_req *req, struct g_class *mp)
mkeydst = md.md_mkeys + nkey * G_ELI_MKEYLEN;
md.md_keys |= (1 << nkey);
- bcopy(sc->sc_ivkey, mkeydst, sizeof(sc->sc_ivkey));
- bcopy(sc->sc_datakey, mkeydst + sizeof(sc->sc_ivkey),
- sizeof(sc->sc_datakey));
+ bcopy(sc->sc_mkey, mkeydst, sizeof(sc->sc_mkey));
/* Encrypt Master Key with the new key. */
- error = g_eli_mkey_encrypt(md.md_algo, key, md.md_keylen, mkeydst);
+ error = g_eli_mkey_encrypt(md.md_ealgo, key, md.md_keylen, mkeydst);
bzero(key, sizeof(key));
if (error != 0) {
bzero(&md, sizeof(md));
OpenPOWER on IntegriCloud