geom_eli.c (284250) | geom_eli.c (286444) |
---|---|
1/*- 2 * Copyright (c) 2004-2010 Pawel Jakub Dawidek <pjd@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2004-2010 Pawel Jakub Dawidek <pjd@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> |
28__FBSDID("$FreeBSD: head/sbin/geom/class/eli/geom_eli.c 284250 2015-06-11 00:24:33Z brueffer $"); | 28__FBSDID("$FreeBSD: head/sbin/geom/class/eli/geom_eli.c 286444 2015-08-08 09:51:38Z pjd $"); |
29 30#include <sys/param.h> 31#include <sys/mman.h> 32#include <sys/sysctl.h> 33#include <sys/resource.h> 34#include <opencrypto/cryptodev.h> 35 36#include <assert.h> --- 72 unchanged lines hidden (view full) --- 109 { 'B', "backupfile", "", G_TYPE_STRING }, 110 { 'e', "ealgo", "", G_TYPE_STRING }, 111 { 'i', "iterations", "-1", G_TYPE_NUMBER }, 112 { 'J', "newpassfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, 113 { 'K', "newkeyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, 114 { 'l', "keylen", "0", G_TYPE_NUMBER }, 115 { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL }, 116 { 's', "sectorsize", "0", G_TYPE_NUMBER }, | 29 30#include <sys/param.h> 31#include <sys/mman.h> 32#include <sys/sysctl.h> 33#include <sys/resource.h> 34#include <opencrypto/cryptodev.h> 35 36#include <assert.h> --- 72 unchanged lines hidden (view full) --- 109 { 'B', "backupfile", "", G_TYPE_STRING }, 110 { 'e', "ealgo", "", G_TYPE_STRING }, 111 { 'i', "iterations", "-1", G_TYPE_NUMBER }, 112 { 'J', "newpassfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, 113 { 'K', "newkeyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, 114 { 'l', "keylen", "0", G_TYPE_NUMBER }, 115 { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL }, 116 { 's', "sectorsize", "0", G_TYPE_NUMBER }, |
117 { 'T', "notrim", NULL, G_TYPE_BOOL }, |
|
117 { 'V', "mdversion", "-1", G_TYPE_NUMBER }, 118 G_OPT_SENTINEL 119 }, | 118 { 'V', "mdversion", "-1", G_TYPE_NUMBER }, 119 G_OPT_SENTINEL 120 }, |
120 "[-bPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov" | 121 "[-bPTv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov" |
121 }, 122 { "label", G_FLAG_VERBOSE, eli_main, 123 { 124 { 'a', "aalgo", "", G_TYPE_STRING }, 125 { 'b', "boot", NULL, G_TYPE_BOOL }, 126 { 'B', "backupfile", "", G_TYPE_STRING }, 127 { 'e', "ealgo", "", G_TYPE_STRING }, 128 { 'i', "iterations", "-1", G_TYPE_NUMBER }, --- 36 unchanged lines hidden (view full) --- 165 }, 166 { "onetime", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL, 167 { 168 { 'a', "aalgo", "", G_TYPE_STRING }, 169 { 'd', "detach", NULL, G_TYPE_BOOL }, 170 { 'e', "ealgo", GELI_ENC_ALGO, G_TYPE_STRING }, 171 { 'l', "keylen", "0", G_TYPE_NUMBER }, 172 { 's', "sectorsize", "0", G_TYPE_NUMBER }, | 122 }, 123 { "label", G_FLAG_VERBOSE, eli_main, 124 { 125 { 'a', "aalgo", "", G_TYPE_STRING }, 126 { 'b', "boot", NULL, G_TYPE_BOOL }, 127 { 'B', "backupfile", "", G_TYPE_STRING }, 128 { 'e', "ealgo", "", G_TYPE_STRING }, 129 { 'i', "iterations", "-1", G_TYPE_NUMBER }, --- 36 unchanged lines hidden (view full) --- 166 }, 167 { "onetime", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL, 168 { 169 { 'a', "aalgo", "", G_TYPE_STRING }, 170 { 'd', "detach", NULL, G_TYPE_BOOL }, 171 { 'e', "ealgo", GELI_ENC_ALGO, G_TYPE_STRING }, 172 { 'l', "keylen", "0", G_TYPE_NUMBER }, 173 { 's', "sectorsize", "0", G_TYPE_NUMBER }, |
174 { 'T', "notrim", NULL, G_TYPE_BOOL }, |
|
173 G_OPT_SENTINEL 174 }, | 175 G_OPT_SENTINEL 176 }, |
175 "[-d] [-a aalgo] [-e ealgo] [-l keylen] [-s sectorsize] prov" | 177 "[-dT] [-a aalgo] [-e ealgo] [-l keylen] [-s sectorsize] prov" |
176 }, 177 { "configure", G_FLAG_VERBOSE, eli_main, 178 { 179 { 'b', "boot", NULL, G_TYPE_BOOL }, 180 { 'B', "noboot", NULL, G_TYPE_BOOL }, | 178 }, 179 { "configure", G_FLAG_VERBOSE, eli_main, 180 { 181 { 'b', "boot", NULL, G_TYPE_BOOL }, 182 { 'B', "noboot", NULL, G_TYPE_BOOL }, |
183 { 't', "trim", NULL, G_TYPE_BOOL }, 184 { 'T', "notrim", NULL, G_TYPE_BOOL }, |
|
181 G_OPT_SENTINEL 182 }, | 185 G_OPT_SENTINEL 186 }, |
183 "[-bB] prov ..." | 187 "[-bBtT] prov ..." |
184 }, 185 { "setkey", G_FLAG_VERBOSE, eli_main, 186 { 187 { 'i', "iterations", "-1", G_TYPE_NUMBER }, 188 { 'j', "passfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, 189 { 'J', "newpassfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, 190 { 'k', "keyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, 191 { 'K', "newkeyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, --- 501 unchanged lines hidden (view full) --- 693 return; 694 } else { 695 version = val; 696 } 697 md.md_version = version; 698 md.md_flags = 0; 699 if (gctl_get_int(req, "boot")) 700 md.md_flags |= G_ELI_FLAG_BOOT; | 188 }, 189 { "setkey", G_FLAG_VERBOSE, eli_main, 190 { 191 { 'i', "iterations", "-1", G_TYPE_NUMBER }, 192 { 'j', "passfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, 193 { 'J', "newpassfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, 194 { 'k', "keyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, 195 { 'K', "newkeyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI }, --- 501 unchanged lines hidden (view full) --- 697 return; 698 } else { 699 version = val; 700 } 701 md.md_version = version; 702 md.md_flags = 0; 703 if (gctl_get_int(req, "boot")) 704 md.md_flags |= G_ELI_FLAG_BOOT; |
705 if (gctl_get_int(req, "notrim")) 706 md.md_flags |= G_ELI_FLAG_NODELETE; |
|
701 md.md_ealgo = CRYPTO_ALGORITHM_MIN - 1; 702 str = gctl_get_ascii(req, "aalgo"); 703 if (*str != '\0') { 704 if (version < G_ELI_VERSION_01) { 705 gctl_error(req, 706 "Data authentication is supported starting from version %u.", 707 G_ELI_VERSION_01); 708 return; --- 185 unchanged lines hidden (view full) --- 894 if (gctl_issue(req) == NULL) { 895 if (verbose) 896 printf("Attached to %s.\n", prov); 897 } 898 bzero(key, sizeof(key)); 899} 900 901static void | 707 md.md_ealgo = CRYPTO_ALGORITHM_MIN - 1; 708 str = gctl_get_ascii(req, "aalgo"); 709 if (*str != '\0') { 710 if (version < G_ELI_VERSION_01) { 711 gctl_error(req, 712 "Data authentication is supported starting from version %u.", 713 G_ELI_VERSION_01); 714 return; --- 185 unchanged lines hidden (view full) --- 900 if (gctl_issue(req) == NULL) { 901 if (verbose) 902 printf("Attached to %s.\n", prov); 903 } 904 bzero(key, sizeof(key)); 905} 906 907static void |
902eli_configure_detached(struct gctl_req *req, const char *prov, bool boot) | 908eli_configure_detached(struct gctl_req *req, const char *prov, int boot, 909 int trim) |
903{ 904 struct g_eli_metadata md; | 910{ 911 struct g_eli_metadata md; |
912 bool changed = 0; |
|
905 906 if (eli_metadata_read(req, prov, &md) == -1) 907 return; 908 | 913 914 if (eli_metadata_read(req, prov, &md) == -1) 915 return; 916 |
909 if (boot && (md.md_flags & G_ELI_FLAG_BOOT)) { | 917 if (boot == 1 && (md.md_flags & G_ELI_FLAG_BOOT)) { |
910 if (verbose) 911 printf("BOOT flag already configured for %s.\n", prov); | 918 if (verbose) 919 printf("BOOT flag already configured for %s.\n", prov); |
912 } else if (!boot && !(md.md_flags & G_ELI_FLAG_BOOT)) { | 920 } else if (boot == 0 && !(md.md_flags & G_ELI_FLAG_BOOT)) { |
913 if (verbose) 914 printf("BOOT flag not configured for %s.\n", prov); | 921 if (verbose) 922 printf("BOOT flag not configured for %s.\n", prov); |
915 } else { | 923 } else if (boot >= 0) { |
916 if (boot) 917 md.md_flags |= G_ELI_FLAG_BOOT; 918 else 919 md.md_flags &= ~G_ELI_FLAG_BOOT; | 924 if (boot) 925 md.md_flags |= G_ELI_FLAG_BOOT; 926 else 927 md.md_flags &= ~G_ELI_FLAG_BOOT; |
920 eli_metadata_store(req, prov, &md); | 928 changed = 1; |
921 } | 929 } |
930 931 if (trim == 0 && (md.md_flags & G_ELI_FLAG_NODELETE)) { 932 if (verbose) 933 printf("TRIM disable flag already configured for %s.\n", prov); 934 } else if (trim == 1 && !(md.md_flags & G_ELI_FLAG_NODELETE)) { 935 if (verbose) 936 printf("TRIM disable flag not configured for %s.\n", prov); 937 } else if (trim >= 0) { 938 if (trim) 939 md.md_flags &= ~G_ELI_FLAG_NODELETE; 940 else 941 md.md_flags |= G_ELI_FLAG_NODELETE; 942 changed = 1; 943 } 944 945 if (changed) 946 eli_metadata_store(req, prov, &md); |
|
922 bzero(&md, sizeof(md)); 923} 924 925static void 926eli_configure(struct gctl_req *req) 927{ 928 const char *prov; | 947 bzero(&md, sizeof(md)); 948} 949 950static void 951eli_configure(struct gctl_req *req) 952{ 953 const char *prov; |
929 bool boot, noboot; | 954 bool boot, noboot, trim, notrim; 955 int doboot, dotrim; |
930 int i, nargs; 931 932 nargs = gctl_get_int(req, "nargs"); 933 if (nargs == 0) { 934 gctl_error(req, "Too few arguments."); 935 return; 936 } 937 938 boot = gctl_get_int(req, "boot"); 939 noboot = gctl_get_int(req, "noboot"); | 956 int i, nargs; 957 958 nargs = gctl_get_int(req, "nargs"); 959 if (nargs == 0) { 960 gctl_error(req, "Too few arguments."); 961 return; 962 } 963 964 boot = gctl_get_int(req, "boot"); 965 noboot = gctl_get_int(req, "noboot"); |
966 trim = gctl_get_int(req, "trim"); 967 notrim = gctl_get_int(req, "notrim"); |
|
940 | 968 |
969 doboot = -1; |
|
941 if (boot && noboot) { 942 gctl_error(req, "Options -b and -B are mutually exclusive."); 943 return; 944 } | 970 if (boot && noboot) { 971 gctl_error(req, "Options -b and -B are mutually exclusive."); 972 return; 973 } |
945 if (!boot && !noboot) { | 974 if (boot) 975 doboot = 1; 976 else if (noboot) 977 doboot = 0; 978 979 dotrim = -1; 980 if (trim && notrim) { 981 gctl_error(req, "Options -t and -T are mutually exclusive."); 982 return; 983 } 984 if (trim) 985 dotrim = 1; 986 else if (notrim) 987 dotrim = 0; 988 989 if (doboot == -1 && dotrim == -1) { |
946 gctl_error(req, "No option given."); 947 return; 948 } 949 950 /* First attached providers. */ 951 gctl_issue(req); 952 /* Now the rest. */ 953 for (i = 0; i < nargs; i++) { 954 prov = gctl_get_ascii(req, "arg%d", i); 955 if (!eli_is_attached(prov)) | 990 gctl_error(req, "No option given."); 991 return; 992 } 993 994 /* First attached providers. */ 995 gctl_issue(req); 996 /* Now the rest. */ 997 for (i = 0; i < nargs; i++) { 998 prov = gctl_get_ascii(req, "arg%d", i); 999 if (!eli_is_attached(prov)) |
956 eli_configure_detached(req, prov, boot); | 1000 eli_configure_detached(req, prov, doboot, dotrim); |
957 } 958} 959 960static void 961eli_setkey_attached(struct gctl_req *req, struct g_eli_metadata *md) 962{ 963 unsigned char key[G_ELI_USERKEYLEN]; 964 intmax_t val, old = 0; --- 686 unchanged lines hidden --- | 1001 } 1002} 1003 1004static void 1005eli_setkey_attached(struct gctl_req *req, struct g_eli_metadata *md) 1006{ 1007 unsigned char key[G_ELI_USERKEYLEN]; 1008 intmax_t val, old = 0; --- 686 unchanged lines hidden --- |