geom_eli.c (149047) | geom_eli.c (149304) |
---|---|
1/*- 2 * Copyright (c) 2004 Pawel Jakub Dawidek <pjd@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2004 Pawel Jakub Dawidek <pjd@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> |
28__FBSDID("$FreeBSD: head/sbin/geom/class/eli/geom_eli.c 149047 2005-08-14 14:13:07Z pjd $"); | 28__FBSDID("$FreeBSD: head/sbin/geom/class/eli/geom_eli.c 149304 2005-08-19 22:19:25Z pjd $"); |
29 30#include <stdio.h> 31#include <stdint.h> 32#include <stdlib.h> 33#include <unistd.h> 34#include <fcntl.h> 35#include <readpassphrase.h> 36#include <string.h> --- 111 unchanged lines hidden (view full) --- 148 { 'l', "keylen", &keylen, G_TYPE_NUMBER }, 149 { 's', "sectorsize", §orsize, G_TYPE_NUMBER }, 150 G_OPT_SENTINEL 151 }, 152 "[-d] [-a algo] [-l keylen] [-s sectorsize] prov ..." 153 }, 154 { "setkey", G_FLAG_VERBOSE, eli_main, 155 { | 29 30#include <stdio.h> 31#include <stdint.h> 32#include <stdlib.h> 33#include <unistd.h> 34#include <fcntl.h> 35#include <readpassphrase.h> 36#include <string.h> --- 111 unchanged lines hidden (view full) --- 148 { 'l', "keylen", &keylen, G_TYPE_NUMBER }, 149 { 's', "sectorsize", §orsize, G_TYPE_NUMBER }, 150 G_OPT_SENTINEL 151 }, 152 "[-d] [-a algo] [-l keylen] [-s sectorsize] prov ..." 153 }, 154 { "setkey", G_FLAG_VERBOSE, eli_main, 155 { |
156 { 'i', "iterations", &iterations, G_TYPE_NUMBER }, |
|
156 { 'k', "keyfile", keyfile, G_TYPE_STRING }, 157 { 'K', "newkeyfile", newkeyfile, G_TYPE_STRING }, 158 { 'n', "keyno", &keyno, G_TYPE_NUMBER }, 159 { 'p', "nopassphrase", NULL, G_TYPE_NONE }, 160 { 'P', "nonewpassphrase", NULL, G_TYPE_NONE }, 161 G_OPT_SENTINEL 162 }, | 157 { 'k', "keyfile", keyfile, G_TYPE_STRING }, 158 { 'K', "newkeyfile", newkeyfile, G_TYPE_STRING }, 159 { 'n', "keyno", &keyno, G_TYPE_NUMBER }, 160 { 'p', "nopassphrase", NULL, G_TYPE_NONE }, 161 { 'P', "nonewpassphrase", NULL, G_TYPE_NONE }, 162 G_OPT_SENTINEL 163 }, |
163 "[-pPv] [-n keyno] [-k keyfile] [-K newkeyfile] prov" | 164 "[-pPv] [-n keyno] [-i iterations] [-k keyfile] [-K newkeyfile] prov" |
164 }, 165 { "delkey", G_FLAG_VERBOSE, eli_main, 166 { 167 { 'a', "all", NULL, G_TYPE_NONE }, 168 { 'f', "force", NULL, G_TYPE_NONE }, 169 { 'n', "keyno", &keyno, G_TYPE_NUMBER }, 170 G_OPT_SENTINEL 171 }, --- 513 unchanged lines hidden (view full) --- 685 if (gctl_issue(req) == NULL) { 686 if (verbose) 687 printf("Attched to %s.\n", prov); 688 } 689 bzero(key, sizeof(key)); 690} 691 692static void | 165 }, 166 { "delkey", G_FLAG_VERBOSE, eli_main, 167 { 168 { 'a', "all", NULL, G_TYPE_NONE }, 169 { 'f', "force", NULL, G_TYPE_NONE }, 170 { 'n', "keyno", &keyno, G_TYPE_NUMBER }, 171 G_OPT_SENTINEL 172 }, --- 513 unchanged lines hidden (view full) --- 686 if (gctl_issue(req) == NULL) { 687 if (verbose) 688 printf("Attched to %s.\n", prov); 689 } 690 bzero(key, sizeof(key)); 691} 692 693static void |
693eli_setkey_attached(struct gctl_req *req, const char *prov) | 694eli_setkey_attached(struct gctl_req *req, const char *prov, 695 struct g_eli_metadata *md) |
694{ | 696{ |
695 struct g_eli_metadata md; | |
696 unsigned char key[G_ELI_USERKEYLEN]; | 697 unsigned char key[G_ELI_USERKEYLEN]; |
698 intmax_t *valp; |
|
697 | 699 |
698 if (eli_metadata_read(req, prov, &md) == -1) | 700 valp = gctl_get_paraml(req, "iterations", sizeof(*valp)); 701 if (valp == NULL) { 702 gctl_error(req, "No '%s' argument.", "iterations"); |
699 return; | 703 return; |
704 } 705 /* Check if iterations number should be changed. */ 706 if (*valp != -1) 707 md->md_iterations = *valp; |
|
700 701 /* Generate key for Master Key encryption. */ | 708 709 /* Generate key for Master Key encryption. */ |
702 if (eli_genkey(req, &md, key, 1) == NULL) { | 710 if (eli_genkey(req, md, key, 1) == NULL) { |
703 bzero(key, sizeof(key)); 704 return; 705 } 706 707 gctl_ro_param(req, "key", sizeof(key), key); 708 gctl_issue(req); 709 bzero(key, sizeof(key)); 710} 711 712static void | 711 bzero(key, sizeof(key)); 712 return; 713 } 714 715 gctl_ro_param(req, "key", sizeof(key), key); 716 gctl_issue(req); 717 bzero(key, sizeof(key)); 718} 719 720static void |
713eli_setkey_detached(struct gctl_req *req, const char *prov) | 721eli_setkey_detached(struct gctl_req *req, const char *prov, 722 struct g_eli_metadata *md) |
714{ | 723{ |
715 struct g_eli_metadata md; | |
716 unsigned char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN]; 717 unsigned char *mkeydst; 718 intmax_t *valp; 719 unsigned nkey; 720 int error; 721 | 724 unsigned char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN]; 725 unsigned char *mkeydst; 726 intmax_t *valp; 727 unsigned nkey; 728 int error; 729 |
722 if (eli_metadata_read(req, prov, &md) == -1) 723 return; 724 | |
725 /* Generate key for Master Key decryption. */ | 730 /* Generate key for Master Key decryption. */ |
726 if (eli_genkey(req, &md, key, 0) == NULL) { | 731 if (eli_genkey(req, md, key, 0) == NULL) { |
727 bzero(key, sizeof(key)); 728 return; 729 } 730 731 /* Decrypt Master Key. */ | 732 bzero(key, sizeof(key)); 733 return; 734 } 735 736 /* Decrypt Master Key. */ |
732 error = g_eli_mkey_decrypt(&md, key, mkey, &nkey); | 737 error = g_eli_mkey_decrypt(md, key, mkey, &nkey); |
733 bzero(key, sizeof(key)); 734 if (error != 0) { | 738 bzero(key, sizeof(key)); 739 if (error != 0) { |
735 bzero(&md, sizeof(md)); | 740 bzero(md, sizeof(*md)); |
736 if (error == -1) 737 gctl_error(req, "Wrong key for %s.", prov); 738 else /* if (error > 0) */ { 739 gctl_error(req, "Cannot decrypt Master Key: %s.", 740 strerror(error)); 741 } 742 return; 743 } --- 11 unchanged lines hidden (view full) --- 755 else 756 ; /* Use the key number which was found during decryption. */ 757#endif 758 if (nkey >= G_ELI_MAXMKEYS) { 759 gctl_error(req, "Invalid '%s' argument.", "keyno"); 760 return; 761 } 762 | 741 if (error == -1) 742 gctl_error(req, "Wrong key for %s.", prov); 743 else /* if (error > 0) */ { 744 gctl_error(req, "Cannot decrypt Master Key: %s.", 745 strerror(error)); 746 } 747 return; 748 } --- 11 unchanged lines hidden (view full) --- 760 else 761 ; /* Use the key number which was found during decryption. */ 762#endif 763 if (nkey >= G_ELI_MAXMKEYS) { 764 gctl_error(req, "Invalid '%s' argument.", "keyno"); 765 return; 766 } 767 |
763 mkeydst = md.md_mkeys + nkey * G_ELI_MKEYLEN; 764 md.md_keys |= (1 << nkey); | 768 valp = gctl_get_paraml(req, "iterations", sizeof(*valp)); 769 if (valp == NULL) { 770 gctl_error(req, "No '%s' argument.", "iterations"); 771 return; 772 } 773 /* Check if iterations number should and can be changed. */ 774 if (*valp != -1) { 775 if (bitcount32(md->md_keys) != 1) { 776 gctl_error(req, "To be able to use '-i' option, only " 777 "one key can be defined."); 778 return; 779 } 780 if (md->md_keys != (1 << nkey)) { 781 gctl_error(req, "Only already defined key can be " 782 "changed when '-i' option is used."); 783 return; 784 } 785 md->md_iterations = *valp; 786 } |
765 | 787 |
788 mkeydst = md->md_mkeys + nkey * G_ELI_MKEYLEN; 789 md->md_keys |= (1 << nkey); 790 |
|
766 bcopy(mkey, mkeydst, sizeof(mkey)); 767 bzero(mkey, sizeof(mkey)); 768 769 /* Generate key for Master Key encryption. */ | 791 bcopy(mkey, mkeydst, sizeof(mkey)); 792 bzero(mkey, sizeof(mkey)); 793 794 /* Generate key for Master Key encryption. */ |
770 if (eli_genkey(req, &md, key, 1) == NULL) { | 795 if (eli_genkey(req, md, key, 1) == NULL) { |
771 bzero(key, sizeof(key)); | 796 bzero(key, sizeof(key)); |
772 bzero(&md, sizeof(md)); | 797 bzero(md, sizeof(*md)); |
773 return; 774 } 775 776 /* Encrypt the Master-Key with the new key. */ | 798 return; 799 } 800 801 /* Encrypt the Master-Key with the new key. */ |
777 error = g_eli_mkey_encrypt(md.md_algo, key, md.md_keylen, mkeydst); | 802 error = g_eli_mkey_encrypt(md->md_algo, key, md->md_keylen, mkeydst); |
778 bzero(key, sizeof(key)); 779 if (error != 0) { | 803 bzero(key, sizeof(key)); 804 if (error != 0) { |
780 bzero(&md, sizeof(md)); | 805 bzero(md, sizeof(*md)); |
781 gctl_error(req, "Cannot encrypt Master Key: %s.", 782 strerror(error)); 783 return; 784 } 785 786 /* Store metadata with fresh key. */ | 806 gctl_error(req, "Cannot encrypt Master Key: %s.", 807 strerror(error)); 808 return; 809 } 810 811 /* Store metadata with fresh key. */ |
787 eli_metadata_store(req, prov, &md); 788 bzero(&md, sizeof(md)); | 812 eli_metadata_store(req, prov, md); 813 bzero(md, sizeof(*md)); |
789} 790 791static void 792eli_setkey(struct gctl_req *req) 793{ | 814} 815 816static void 817eli_setkey(struct gctl_req *req) 818{ |
819 struct g_eli_metadata md; |
|
794 const char *prov; 795 int *nargs; 796 797 nargs = gctl_get_paraml(req, "nargs", sizeof(*nargs)); 798 if (nargs == NULL) { 799 gctl_error(req, "No '%s' argument.", "nargs"); 800 return; 801 } 802 if (*nargs != 1) { 803 gctl_error(req, "Too few arguments."); 804 return; 805 } 806 prov = gctl_get_asciiparam(req, "arg0"); 807 if (prov == NULL) { 808 gctl_error(req, "No 'arg%u' argument.", 0); 809 return; 810 } 811 | 820 const char *prov; 821 int *nargs; 822 823 nargs = gctl_get_paraml(req, "nargs", sizeof(*nargs)); 824 if (nargs == NULL) { 825 gctl_error(req, "No '%s' argument.", "nargs"); 826 return; 827 } 828 if (*nargs != 1) { 829 gctl_error(req, "Too few arguments."); 830 return; 831 } 832 prov = gctl_get_asciiparam(req, "arg0"); 833 if (prov == NULL) { 834 gctl_error(req, "No 'arg%u' argument.", 0); 835 return; 836 } 837 |
838 if (eli_metadata_read(req, prov, &md) == -1) 839 return; 840 841 if (md.md_keys == 0) { 842 gctl_error(req, "No valid keys on %s.", prov); 843 return; 844 } 845 |
|
812 if (eli_is_attached(prov)) | 846 if (eli_is_attached(prov)) |
813 eli_setkey_attached(req, prov); | 847 eli_setkey_attached(req, prov, &md); |
814 else | 848 else |
815 eli_setkey_detached(req, prov); | 849 eli_setkey_detached(req, prov, &md); |
816} 817 818static void 819eli_delkey_attached(struct gctl_req *req, const char *prov __unused) 820{ 821 822 gctl_issue(req); 823} --- 427 unchanged lines hidden --- | 850} 851 852static void 853eli_delkey_attached(struct gctl_req *req, const char *prov __unused) 854{ 855 856 gctl_issue(req); 857} --- 427 unchanged lines hidden --- |