sbin/gbde/gbde.c

249423Sdim/*-
193323Sed * Copyright (c) 2002 Poul-Henning Kamp
353358Sdim * Copyright (c) 2002 Networks Associates Technology, Inc.
353358Sdim * All rights reserved.
353358Sdim *
193323Sed * This software was developed for the FreeBSD Project by Poul-Henning Kamp
193323Sed * and NAI Labs, the Security Research Division of Network Associates, Inc.
327952Sdim * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
296417Sdim * DARPA CHATS research program.
296417Sdim *
296417Sdim * Redistribution and use in source and binary forms, with or without
327952Sdim * modification, are permitted provided that the following conditions
193323Sed * are met:
193323Sed * 1. Redistributions of source code must retain the above copyright
309124Sdim *    notice, this list of conditions and the following disclaimer.
234353Sdim * 2. Redistributions in binary form must reproduce the above copyright
327952Sdim *    notice, this list of conditions and the following disclaimer in the
243830Sdim *    documentation and/or other materials provided with the distribution.
327952Sdim *
327952Sdim * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
193323Sed * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
249423Sdim * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
296417Sdim * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
296417Sdim * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
327952Sdim * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
249423Sdim * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
249423Sdim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
249423Sdim * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
327952Sdim * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
353358Sdim * SUCH DAMAGE.
327952Sdim *
296417Sdim * $FreeBSD: head/sbin/gbde/gbde.c 111298 2003-02-23 07:37:47Z tjr $
327952Sdim */
327952Sdim
327952Sdim#include <sys/types.h>
327952Sdim#include <sys/queue.h>
327952Sdim#include <sys/mutex.h>
327952Sdim#include <md5.h>
327952Sdim#include <readpassphrase.h>
276479Sdim#include <string.h>
327952Sdim#include <stdint.h>
327952Sdim#include <unistd.h>
327952Sdim#include <fcntl.h>
344779Sdim#include <paths.h>
327952Sdim#include <strings.h>
327952Sdim#include <stdlib.h>
327952Sdim#include <err.h>
327952Sdim#include <stdio.h>
327952Sdim#include <libutil.h>
327952Sdim#include <sys/errno.h>
360784Sdim#include <sys/disk.h>
327952Sdim#include <sys/stat.h>
327952Sdim#include <crypto/rijndael/rijndael.h>
327952Sdim#include <crypto/sha2/sha2.h>
327952Sdim
296417Sdim#define KASSERT(foo, bar) do { if(!(foo)) { warn bar ; exit (1); } } while (0)
327952Sdim
296417Sdim#include <geom/geom.h>
321369Sdim#include <geom/bde/g_bde.h>
327952Sdim
327952Sdimextern const char template[];
327952Sdim
327952Sdim
327952Sdim#if 0
193323Sedstatic void
193323Sedg_hexdump(void *ptr, int length)
276479Sdim{
276479Sdim	int i, j, k;
193323Sed	unsigned char *cp;
193323Sed
344779Sdim	cp = ptr;
193323Sed	for (i = 0; i < length; i+= 16) {
314564Sdim		printf("%04x  ", i);
261991Sdim		for (j = 0; j < 16; j++) {
261991Sdim			k = i + j;
193323Sed			if (k < length)
296417Sdim				printf(" %02x", cp[k]);
296417Sdim			else
341825Sdim				printf("   ");
353358Sdim		}
193323Sed		printf("  |");
321369Sdim		for (j = 0; j < 16; j++) {
360784Sdim			k = i + j;
321369Sdim			if (k >= length)
321369Sdim				printf(" ");
321369Sdim			else if (cp[k] >= ' ' && cp[k] <= '~')
341825Sdim				printf("%c", cp[k]);
341825Sdim			else
341825Sdim				printf(".");
341825Sdim		}
353358Sdim		printf("|\n");
353358Sdim	}
353358Sdim}
353358Sdim#endif
193323Sed
193323Sedstatic void __dead2
327952Sdimusage(const char *reason)
327952Sdim{
327952Sdim	const char *p;
327952Sdim
321369Sdim	p = getprogname();
321369Sdim	fprintf(stderr, "Usage error: %s", reason);
321369Sdim	fprintf(stderr, "Usage:\n");
321369Sdim	fprintf(stderr, "\t%s attach dest [-l lockfile]\n", p);
321369Sdim	fprintf(stderr, "\t%s detach dest\n", p);
321369Sdim	fprintf(stderr, "\t%s init /dev/dest [-i] [-f filename] [-L lockfile]\n", p);
321369Sdim	fprintf(stderr, "\t%s setkey dest [-n key] [-l lockfile] [-L lockfile]\n", p);
321369Sdim	fprintf(stderr, "\t%s destroy dest [-n key] [-l lockfile] [-L lockfile]\n", p);
321369Sdim	exit (1);
321369Sdim}
296417Sdim
296417Sdimvoid *
296417Sdimg_read_data(struct g_consumer *cp, off_t offset, off_t length, int *error)
296417Sdim{
296417Sdim	void *p;
249423Sdim	int fd, i;
321369Sdim	off_t o2;
296417Sdim
296417Sdim	p = malloc(length);
249423Sdim	if (p == NULL)
344779Sdim		err(1, "malloc");
344779Sdim	fd = *(int *)cp;
344779Sdim	o2 = lseek(fd, offset, SEEK_SET);
344779Sdim	if (o2 != offset)
296417Sdim		err(1, "lseek");
296417Sdim	i = read(fd, p, length);
249423Sdim	if (i != length)
296417Sdim		err(1, "read");
296417Sdim	if (error != NULL)
344779Sdim		error = 0;
296417Sdim	return (p);
296417Sdim}
261991Sdim
296417Sdimstatic void
296417Sdimrandom_bits(void *p, u_int len)
344779Sdim{
309124Sdim	static int fdr = -1;
309124Sdim	int i;
309124Sdim
309124Sdim	if (fdr < 0) {
344779Sdim		fdr = open("/dev/urandom", O_RDONLY);
344779Sdim		if (fdr < 0)
296417Sdim			err(1, "/dev/urandom");
344779Sdim	}
327952Sdim
249423Sdim	i = read(fdr, p, len);
296417Sdim	if (i != (int)len)
327952Sdim		err(1, "read from /dev/urandom");
296417Sdim}
249423Sdim
296417Sdim/* XXX: not nice */
344779Sdimstatic u_char sha2[SHA512_DIGEST_LENGTH];
327952Sdim
344779Sdimstatic void
296417Sdimreset_passphrase(struct g_bde_softc *sc)
327952Sdim{
296417Sdim
296417Sdim	memcpy(sc->sha2, sha2, SHA512_DIGEST_LENGTH);
296417Sdim}
249423Sdim
296417Sdimstatic void
296417Sdimsetup_passphrase(struct g_bde_softc *sc, int sure, const char *input)
344779Sdim{
296417Sdim	char buf1[BUFSIZ], buf2[BUFSIZ], *p;
296417Sdim
296417Sdim	if (input != NULL) {
296417Sdim		g_bde_hash_pass(sc, input, strlen(input));
193323Sed		memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH);
296417Sdim		return;
296417Sdim	}
344779Sdim	for (;;) {
193323Sed		p = readpassphrase(
296417Sdim		    sure ? "Enter new passphrase:" : "Enter passphrase: ",
296417Sdim		    buf1, sizeof buf1,
296417Sdim		    RPP_ECHO_OFF | RPP_REQUIRE_TTY);
296417Sdim		if (p == NULL)
193323Sed			err(1, "readpassphrase");
327952Sdim
344779Sdim		if (sure) {
344779Sdim			p = readpassphrase("Reenter new passphrase: ",
327952Sdim			    buf2, sizeof buf2,
296417Sdim			    RPP_ECHO_OFF | RPP_REQUIRE_TTY);
296417Sdim			if (p == NULL)
296417Sdim				err(1, "readpassphrase");
296417Sdim
296417Sdim			if (strcmp(buf1, buf2)) {
296417Sdim				printf("They didn't match.\n");
296417Sdim				continue;
296417Sdim			}
296417Sdim		}
296417Sdim		if (strlen(buf1) < 3) {
296417Sdim			printf("Too short passphrase.\n");
296417Sdim			continue;
296417Sdim		}
296417Sdim		break;
296417Sdim	}
296417Sdim	g_bde_hash_pass(sc, buf1, strlen(buf1));
296417Sdim	memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH);
296417Sdim}
296417Sdim
296417Sdimstatic void
296417Sdimencrypt_sector(void *d, int len, int klen, void *key)
296417Sdim{
296417Sdim	keyInstance ki;
296417Sdim	cipherInstance ci;
193323Sed	int error;
296417Sdim
296417Sdim	error = rijndael_cipherInit(&ci, MODE_CBC, NULL);
344779Sdim	if (error <= 0)
344779Sdim		errx(1, "rijndael_cipherInit=%d", error);
344779Sdim	error = rijndael_makeKey(&ki, DIR_ENCRYPT, klen, key);
193323Sed	if (error <= 0)
296417Sdim		errx(1, "rijndael_makeKeY=%d", error);
296417Sdim	error = rijndael_blockEncrypt(&ci, &ki, d, len * 8, d);
296417Sdim	if (error <= 0)
193323Sed		errx(1, "rijndael_blockEncrypt=%d", error);
344779Sdim}
344779Sdim
344779Sdimstatic void
344779Sdimcmd_attach(const struct g_bde_softc *sc, const char *dest, const char *lfile)
344779Sdim{
344779Sdim	int gfd, i, ffd;
344779Sdim	struct geomconfiggeom gcg;
296417Sdim	u_char buf[256 + 16];
296417Sdim
193323Sed	gfd = open("/dev/geom.ctl", O_RDWR);
321369Sdim	if (gfd < 0)
321369Sdim		err(1, "/dev/geom.ctl");
321369Sdim	memset(&gcg, 0, sizeof gcg);
321369Sdim	gcg.class.u.name = "BDE";
321369Sdim	gcg.class.len = strlen(gcg.class.u.name);
296417Sdim	gcg.provider.u.name = dest;
296417Sdim	gcg.provider.len = strlen(gcg.provider.u.name);
321369Sdim	gcg.flag = GCFG_CREATE;
193323Sed	gcg.len = sizeof buf;
193323Sed	gcg.ptr = buf;
193323Sed
344779Sdim	if (lfile != NULL) {
296417Sdim		ffd = open(lfile, O_RDONLY, 0);
296417Sdim		if (ffd < 0)
296417Sdim			err(1, "%s", lfile);
193323Sed		read(ffd, buf + sizeof(sc->sha2), 16);
321369Sdim		close(ffd);
321369Sdim	} else {
321369Sdim		memset(buf + sizeof(sc->sha2), 0, 16);
321369Sdim	}
321369Sdim	memcpy(buf, sc->sha2, sizeof(sc->sha2));
296417Sdim
193323Sed	i = ioctl(gfd, GEOMCONFIGGEOM, &gcg);
296417Sdim	if (i != 0)
193323Sed		err(1, "ioctl(GEOMCONFIGGEOM)");
296417Sdim	exit (0);
344779Sdim}
344779Sdim
344779Sdimstatic void
296417Sdimcmd_detach(const char *dest)
296417Sdim{
296417Sdim	int i, gfd;
193323Sed	struct geomconfiggeom gcg;
193323Sed
193323Sed	gfd = open("/dev/geom.ctl", O_RDWR);
353358Sdim	if (gfd < 0)
353358Sdim		err(1, "/dev/geom.ctl");
353358Sdim	memset(&gcg, 0, sizeof gcg);
353358Sdim	gcg.class.u.name = "BDE";
353358Sdim	gcg.class.len = strlen(gcg.class.u.name);
193323Sed	gcg.provider.u.name = dest;
193323Sed	gcg.provider.len = strlen(gcg.provider.u.name);
193323Sed	gcg.flag = GCFG_DISMANTLE;
344779Sdim
296417Sdim	i = ioctl(gfd, GEOMCONFIGGEOM, &gcg);
193323Sed	if (i != 0)
193323Sed		err(1, "ioctl(GEOMCONFIGGEOM)");
193323Sed	exit (0);
193323Sed}
193323Sed
193323Sedstatic void
193323Sedcmd_open(struct g_bde_softc *sc, int dfd , const char *l_opt, u_int *nkey)
193323Sed{
344779Sdim	int error;
344779Sdim	int ffd;
344779Sdim	u_char keyloc[16];
193323Sed	u_int sectorsize;
193323Sed	off_t mediasize;
193323Sed	struct stat st;
321369Sdim
321369Sdim	error = ioctl(dfd, DIOCGSECTORSIZE, &sectorsize);
344779Sdim	if (error)
193323Sed		sectorsize = 512;
344779Sdim	error = ioctl(dfd, DIOCGMEDIASIZE, &mediasize);
344779Sdim	if (error) {
344779Sdim		error = fstat(dfd, &st);
344779Sdim		if (error == 0 && S_ISREG(st.st_mode))
344779Sdim			mediasize = st.st_size;
344779Sdim		else
344779Sdim			error = ENOENT;
193323Sed	}
344779Sdim	if (error)
344779Sdim		mediasize = (off_t)-1;
344779Sdim	if (l_opt != NULL) {
344779Sdim		ffd = open(l_opt, O_RDONLY, 0);
193323Sed		if (ffd < 0)
344779Sdim			err(1, "%s", l_opt);
344779Sdim		read(ffd, keyloc, sizeof keyloc);
344779Sdim		close(ffd);
193323Sed	} else {
193323Sed		memset(keyloc, 0, sizeof keyloc);
193323Sed	}
193323Sed
193323Sed	error = g_bde_decrypt_lock(sc, sc->sha2, keyloc, mediasize,
193323Sed	    sectorsize, nkey);
193323Sed	if (error == ENOENT)
193323Sed		errx(1, "Lock was destroyed.");
234353Sdim	if (error == ESRCH)
327952Sdim		errx(1, "Lock was nuked.");
296417Sdim	if (error == ENOTDIR)
296417Sdim		errx(1, "Lock not found");
296417Sdim	if (error != 0)
296417Sdim		errx(1, "Error %d decrypting lock", error);
296417Sdim	if (nkey)
296417Sdim		printf("Opened with key %u\n", *nkey);
296417Sdim	return;
234353Sdim}
296417Sdim
296417Sdimstatic void
296417Sdimcmd_nuke(struct g_bde_key *gl, int dfd , int key)
327952Sdim{
234353Sdim	int i;
296417Sdim	u_char *sbuf;
234353Sdim	off_t offset, offset2;
296417Sdim
296417Sdim	sbuf = malloc(gl->sectorsize);
296417Sdim	memset(sbuf, 0, gl->sectorsize);
296417Sdim	offset = (gl->lsector[key] & ~(gl->sectorsize - 1));
296417Sdim	offset2 = lseek(dfd, offset, SEEK_SET);
296417Sdim	if (offset2 != offset)
296417Sdim		err(1, "lseek");
234353Sdim	i = write(dfd, sbuf, gl->sectorsize);
296417Sdim	if (i != (int)gl->sectorsize)
296417Sdim		err(1, "write");
234353Sdim	printf("Nuked key %d\n", key);
327952Sdim}
234353Sdim
296417Sdimstatic void
296417Sdimcmd_write(struct g_bde_key *gl, struct g_bde_softc *sc, int dfd , int key, const char *l_opt)
296417Sdim{
234353Sdim	int i, ffd;
296417Sdim	uint64_t off[2];
296417Sdim	u_char keyloc[16];
296417Sdim	u_char *sbuf, *q;
296417Sdim	off_t offset, offset2;
296417Sdim
296417Sdim	sbuf = malloc(gl->sectorsize);
296417Sdim	/*
234353Sdim	 * Find the byte-offset in the lock sector where we will put the lock
296417Sdim	 * data structure.  We can put it any random place as long as the
296417Sdim	 * structure fits.
296417Sdim	 */
296417Sdim	for(;;) {
327952Sdim		random_bits(off, sizeof off);
234353Sdim		off[0] &= (gl->sectorsize - 1);
296417Sdim		if (off[0] + G_BDE_LOCKSIZE > gl->sectorsize)
234353Sdim			continue;
296417Sdim		break;
296417Sdim	}
296417Sdim
296417Sdim	/* Add the sector offset in bytes */
296417Sdim	off[0] += (gl->lsector[key] & ~(gl->sectorsize - 1));
296417Sdim	gl->lsector[key] = off[0];
234353Sdim
296417Sdim	i = g_bde_keyloc_encrypt(sc, off, keyloc);
309124Sdim	if (i)
296417Sdim		errx(1, "g_bde_keyloc_encrypt()");
296417Sdim	if (l_opt != NULL) {
296417Sdim		ffd = open(l_opt, O_WRONLY | O_CREAT | O_TRUNC, 0600);
234353Sdim		if (ffd < 0)
296417Sdim			err(1, "%s", l_opt);
296417Sdim		write(ffd, keyloc, sizeof keyloc);
296417Sdim		close(ffd);
296417Sdim	} else if (gl->flags & 1) {
296417Sdim		offset2 = lseek(dfd, 0, SEEK_SET);
296417Sdim		if (offset2 != 0)
296417Sdim			err(1, "lseek");
296417Sdim		i = read(dfd, sbuf, gl->sectorsize);
296417Sdim		if (i != (int)gl->sectorsize)
296417Sdim			err(1, "read");
296417Sdim		memcpy(sbuf + key * 16, keyloc, sizeof keyloc);
296417Sdim		offset2 = lseek(dfd, 0, SEEK_SET);
296417Sdim		if (offset2 != 0)
296417Sdim			err(1, "lseek");
296417Sdim		i = write(dfd, sbuf, gl->sectorsize);
296417Sdim		if (i != (int)gl->sectorsize)
296417Sdim			err(1, "write");
296417Sdim	} else {
296417Sdim		errx(1, "No -L option and no space in sector 0 for lockfile");
296417Sdim	}
234353Sdim
234353Sdim	/* Allocate a sectorbuffer and fill it with random junk */
296417Sdim	if (sbuf == NULL)
296417Sdim		err(1, "malloc");
296417Sdim	random_bits(sbuf, gl->sectorsize);
296417Sdim
296417Sdim	/* Fill random bits in the spare field */
234353Sdim	random_bits(gl->spare, sizeof(gl->spare));
296417Sdim
296417Sdim	/* Encode the structure where we want it */
296417Sdim	q = sbuf + (off[0] % gl->sectorsize);
296417Sdim	i = g_bde_encode_lock(sc, gl, q);
327952Sdim	if (i < 0)
327952Sdim		errx(1, "programming error encoding lock");
296417Sdim
327952Sdim	encrypt_sector(q, G_BDE_LOCKSIZE, 256, sc->sha2 + 16);
327952Sdim	offset = gl->lsector[key] & ~(gl->sectorsize - 1);
327952Sdim	offset2 = lseek(dfd, offset, SEEK_SET);
296417Sdim	if (offset2 != offset)
296417Sdim		err(1, "lseek");
234353Sdim	i = write(dfd, sbuf, gl->sectorsize);
327952Sdim	if (i != (int)gl->sectorsize)
327952Sdim		err(1, "write");
234353Sdim	printf("Wrote key %d at %jd\n", key, (intmax_t)offset);
327952Sdim#if 0
296417Sdim	printf("s0 = %jd\n", (intmax_t)gl->sector0);
327952Sdim	printf("sN = %jd\n", (intmax_t)gl->sectorN);
327952Sdim	printf("l[0] = %jd\n", (intmax_t)gl->lsector[0]);
234353Sdim	printf("l[1] = %jd\n", (intmax_t)gl->lsector[1]);
314564Sdim	printf("l[2] = %jd\n", (intmax_t)gl->lsector[2]);
314564Sdim	printf("l[3] = %jd\n", (intmax_t)gl->lsector[3]);
314564Sdim	printf("k = %jd\n", (intmax_t)gl->keyoffset);
296417Sdim	printf("ss = %jd\n", (intmax_t)gl->sectorsize);
327952Sdim#endif
296417Sdim}
296417Sdim
314564Sdimstatic void
327952Sdimcmd_destroy(struct g_bde_key *gl, int nkey)
296417Sdim{
296417Sdim	int i;
296417Sdim
327952Sdim	bzero(&gl->sector0, sizeof gl->sector0);
296417Sdim	bzero(&gl->sectorN, sizeof gl->sectorN);
296417Sdim	bzero(&gl->keyoffset, sizeof gl->keyoffset);
234353Sdim	bzero(&gl->flags, sizeof gl->flags);
327952Sdim	bzero(gl->mkey, sizeof gl->mkey);
327952Sdim	for (i = 0; i < G_BDE_MAXKEYS; i++)
296417Sdim		if (i != nkey)
261991Sdim			gl->lsector[i] = ~0;
261991Sdim}
296417Sdim
296417Sdimstatic int
341825Sdimsorthelp(const void *a, const void *b)
296417Sdim{
276479Sdim	const off_t *oa, *ob;
276479Sdim
276479Sdim	oa = a;
276479Sdim	ob = b;
261991Sdim	return (*oa - *ob);
261991Sdim}
261991Sdim
276479Sdimstatic void
276479Sdimcmd_init(struct g_bde_key *gl, int dfd, const char *f_opt, int i_opt, const char *l_opt)
276479Sdim{
261991Sdim	int i;
261991Sdim	u_char *buf;
261991Sdim	unsigned sector_size;
261991Sdim	uint64_t	first_sector;
261991Sdim	uint64_t	last_sector;
261991Sdim	uint64_t	total_sectors;
261991Sdim	off_t	off, off2;
261991Sdim	unsigned nkeys;
261991Sdim	const char *p;
261991Sdim	char *q, cbuf[BUFSIZ];
261991Sdim	unsigned u, u2;
276479Sdim	uint64_t o;
261991Sdim	properties	params;
276479Sdim
280031Sdim	bzero(gl, sizeof *gl);
276479Sdim	if (f_opt != NULL) {
261991Sdim		i = open(f_opt, O_RDONLY);
261991Sdim		if (i < 0)
261991Sdim			err(1, "%s", f_opt);
261991Sdim		params = properties_read(i);
276479Sdim		close (i);
276479Sdim	} else {
276479Sdim		/* XXX: Polish */
276479Sdim		q = strdup("/tmp/temp.XXXXXXXXXX");
276479Sdim		i = mkstemp(q);
276479Sdim		if (i < 0)
276479Sdim			err(1, "%s", q);
276479Sdim		write(i, template, strlen(template));
280031Sdim		close (i);
276479Sdim		if (i_opt) {
276479Sdim			p = getenv("EDITOR");
276479Sdim			if (p == NULL)
261991Sdim				p = "vi";
276479Sdim			if (snprintf(cbuf, sizeof(cbuf), "%s %s\n", p, q) >=
276479Sdim			    (ssize_t)sizeof(cbuf))
261991Sdim				errx(1, "EDITOR is too long");
276479Sdim			system(cbuf);
261991Sdim		}
261991Sdim		i = open(q, O_RDONLY);
261991Sdim		if (i < 0)
261991Sdim			err(1, "%s", f_opt);
261991Sdim		params = properties_read(i);
276479Sdim		close (i);
261991Sdim		unlink(q);
261991Sdim	}
261991Sdim
261991Sdim	/* <sector_size> */
261991Sdim	p = property_find(params, "sector_size");
296417Sdim	i = ioctl(dfd, DIOCGSECTORSIZE, &u);
296417Sdim	if (p != NULL) {
296417Sdim		sector_size = strtoul(p, &q, 0);
296417Sdim		if (!*p || *q)
296417Sdim			errx(1, "sector_size not a proper number");
296417Sdim	} else if (i == 0) {
296417Sdim		sector_size = u;
296417Sdim	} else {
296417Sdim		errx(1, "Missing sector_size property");
296417Sdim	}
296417Sdim	if (sector_size & (sector_size - 1))
296417Sdim		errx(1, "sector_size not a power of 2");
296417Sdim	if (sector_size < 512)
296417Sdim		errx(1, "sector_size is smaller than 512");
296417Sdim	buf = malloc(sector_size);
296417Sdim	if (buf == NULL)
296417Sdim		err(1, "Failed to malloc sector buffer");
296417Sdim	gl->sectorsize = sector_size;
261991Sdim
296417Sdim	i = ioctl(dfd, DIOCGMEDIASIZE, &off);
296417Sdim	if (i == 0) {
296417Sdim		first_sector = 0;
296417Sdim		total_sectors = off / sector_size;
296417Sdim		last_sector = total_sectors - 1;
296417Sdim	} else {
296417Sdim		first_sector = 0;
314564Sdim		last_sector = 0;
314564Sdim		total_sectors = 0;
296417Sdim	}
296417Sdim
296417Sdim	/* <first_sector> */
296417Sdim	p = property_find(params, "first_sector");
296417Sdim	if (p != NULL) {
296417Sdim		first_sector = strtoul(p, &q, 0);
296417Sdim		if (!*p || *q)
296417Sdim			errx(1, "first_sector not a proper number");
296417Sdim	}
296417Sdim
276479Sdim	/* <last_sector> */
261991Sdim	p = property_find(params, "last_sector");
261991Sdim	if (p != NULL) {
261991Sdim		last_sector = strtoul(p, &q, 0);
261991Sdim		if (!*p || *q)
309124Sdim			errx(1, "last_sector not a proper number");
309124Sdim		if (last_sector <= first_sector)
309124Sdim			errx(1, "last_sector not larger than first_sector");
309124Sdim		total_sectors = last_sector + 1;
309124Sdim	}
261991Sdim
261991Sdim	/* <total_sectors> */
261991Sdim	p = property_find(params, "total_sectors");
261991Sdim	if (p != NULL) {
261991Sdim		total_sectors = strtoul(p, &q, 0);
261991Sdim		if (!*p || *q)
261991Sdim			errx(1, "total_sectors not a proper number");
261991Sdim		if (last_sector == 0)
261991Sdim			last_sector = first_sector + total_sectors - 1;
261991Sdim	}
261991Sdim
261991Sdim	if (l_opt == NULL && first_sector != 0)
261991Sdim		errx(1, "No -L new-lockfile argument and first_sector != 0");
261991Sdim	else if (l_opt == NULL) {
261991Sdim		first_sector++;
314564Sdim		total_sectors--;
314564Sdim		gl->flags |= 1;
314564Sdim	}
314564Sdim	gl->sector0 = first_sector * gl->sectorsize;
314564Sdim
314564Sdim	if (total_sectors != (last_sector - first_sector) + 1)
314564Sdim		errx(1, "total_sectors disagree with first_sector and last_sector");
314564Sdim	if (total_sectors == 0)
314564Sdim		errx(1, "missing last_sector or total_sectors");
314564Sdim
314564Sdim	gl->sectorN = (last_sector + 1) * gl->sectorsize;
314564Sdim
314564Sdim	/* Find a random keyoffset */
314564Sdim	random_bits(&o, sizeof o);
314564Sdim	o %= (gl->sectorN - gl->sector0);
314564Sdim	o &= ~(gl->sectorsize - 1);
327952Sdim	gl->keyoffset = o;
327952Sdim
314564Sdim	/* <number_of_keys> */
314564Sdim	p = property_find(params, "number_of_keys");
314564Sdim	if (p == NULL)
314564Sdim		errx(1, "Missing number_of_keys property");
314564Sdim	nkeys = strtoul(p, &q, 0);
314564Sdim	if (!*p || *q)
314564Sdim		errx(1, "number_of_keys not a proper number");
314564Sdim	if (nkeys < 1 || nkeys > G_BDE_MAXKEYS)
314564Sdim		errx(1, "number_of_keys out of range");
314564Sdim	for (u = 0; u < nkeys; u++) {
314564Sdim		for(;;) {
314564Sdim			do {
314564Sdim				random_bits(&o, sizeof o);
314564Sdim				o %= gl->sectorN;
314564Sdim				o &= ~(gl->sectorsize - 1);
314564Sdim			} while(o < gl->sector0);
314564Sdim			for (u2 = 0; u2 < u; u2++)
314564Sdim				if (o == gl->lsector[u2])
314564Sdim					break;
314564Sdim			if (u2 < u)
314564Sdim				continue;
314564Sdim			break;
314564Sdim		}
321369Sdim		gl->lsector[u] = o;
314564Sdim	}
314564Sdim	for (; u < G_BDE_MAXKEYS; u++) {
314564Sdim		do
314564Sdim			random_bits(&o, sizeof o);
314564Sdim		while (o < gl->sectorN);
314564Sdim		gl->lsector[u] = o;
314564Sdim	}
314564Sdim	qsort(gl->lsector, G_BDE_MAXKEYS, sizeof gl->lsector[0], sorthelp);
321369Sdim
321369Sdim	/* Flush sector zero if we use it for lockfile data */
321369Sdim	if (gl->flags & 1) {
321369Sdim		off2 = lseek(dfd, 0, SEEK_SET);
321369Sdim		if (off2 != 0)
321369Sdim			err(1, "lseek(2) to sector 0");
321369Sdim		random_bits(buf, sector_size);
321369Sdim		i = write(dfd, buf, sector_size);
321369Sdim		if (i != (int)sector_size)
321369Sdim			err(1, "write sector 0");
321369Sdim	}
321369Sdim
321369Sdim	/* <random_flush> */
321369Sdim	p = property_find(params, "random_flush");
321369Sdim	if (p != NULL) {
321369Sdim		off = first_sector * sector_size;
321369Sdim		off2 = lseek(dfd, off, SEEK_SET);
321369Sdim		if (off2 != off)
321369Sdim			err(1, "lseek(2) to first_sector");
321369Sdim		off2 = last_sector * sector_size;
321369Sdim		while (off <= off2) {
321369Sdim			random_bits(buf, sector_size);
321369Sdim			i = write(dfd, buf, sector_size);
321369Sdim			if (i != (int)sector_size)
321369Sdim				err(1, "write to $device_name");
321369Sdim			off += sector_size;
321369Sdim		}
321369Sdim	}
321369Sdim
321369Sdim	random_bits(gl->mkey, sizeof gl->mkey);
321369Sdim	random_bits(gl->salt, sizeof gl->salt);
321369Sdim
321369Sdim	return;
321369Sdim}
321369Sdim
321369Sdimstatic enum action {
321369Sdim	ACT_HUH,
321369Sdim	ACT_ATTACH, ACT_DETACH,
321369Sdim	ACT_INIT, ACT_SETKEY, ACT_DESTROY, ACT_NUKE
341825Sdim} action;
321369Sdim
321369Sdimint
321369Sdimmain(int argc, char **argv)
360784Sdim{
360784Sdim	const char *opts;
360784Sdim	const char *l_opt, *L_opt;
360784Sdim	const char *p_opt, *P_opt;
360784Sdim	const char *f_opt;
360784Sdim	char *dest;
360784Sdim	int i_opt, n_opt, ch, dfd, doopen;
360784Sdim	u_int nkey;
360784Sdim	int i;
360784Sdim	char *q, buf[BUFSIZ];
360784Sdim	struct g_bde_key *gl;
360784Sdim	struct g_bde_softc sc;
360784Sdim
360784Sdim	if (argc < 3)
360784Sdim		usage("Too few arguments\n");
360784Sdim
360784Sdim	doopen = 0;
360784Sdim	if (!strcmp(argv[1], "attach")) {
360784Sdim		action = ACT_ATTACH;
296417Sdim		opts = "l:p:";
296417Sdim	} else if (!strcmp(argv[1], "detach")) {
193323Sed		action = ACT_DETACH;
193323Sed		opts = "";
234353Sdim	} else if (!strcmp(argv[1], "init")) {
234353Sdim		action = ACT_INIT;
193323Sed		doopen = 1;
193323Sed		opts = "f:iL:P:";
296417Sdim	} else if (!strcmp(argv[1], "setkey")) {
309124Sdim		action = ACT_SETKEY;
309124Sdim		doopen = 1;
309124Sdim		opts = "n:l:L:p:P:";
309124Sdim	} else if (!strcmp(argv[1], "destroy")) {
193323Sed		action = ACT_DESTROY;
193323Sed		doopen = 1;
321369Sdim		opts = "l:p:";
321369Sdim	} else if (!strcmp(argv[1], "nuke")) {
234353Sdim		action = ACT_NUKE;
234353Sdim		doopen = 1;
234353Sdim		opts = "l:p:n:";
234353Sdim	} else {
296417Sdim		usage("Unknown sub command\n");
296417Sdim	}
234353Sdim	argc--;
321369Sdim	argv++;
234353Sdim
234353Sdim	dest = strdup(argv[1]);
234353Sdim	argc--;
234353Sdim	argv++;
234353Sdim
234353Sdim	p_opt = NULL;
234353Sdim	P_opt = NULL;
296417Sdim	l_opt = NULL;
296417Sdim	L_opt = NULL;
296417Sdim	f_opt = NULL;
296417Sdim	n_opt = 0;
261991Sdim	i_opt = 0;
261991Sdim
234353Sdim	while((ch = getopt(argc, argv, opts)) != -1)
296417Sdim		switch (ch) {
234353Sdim		case 'f':
234353Sdim			f_opt = optarg;
234353Sdim			break;
321369Sdim		case 'i':
234353Sdim			i_opt = !i_opt;
234353Sdim		case 'l':
234353Sdim			l_opt = optarg;
234353Sdim			break;
234353Sdim		case 'L':
234353Sdim			L_opt = optarg;
296417Sdim			break;
309124Sdim		case 'p':
309124Sdim			p_opt = optarg;
309124Sdim			break;
261991Sdim		case 'P':
261991Sdim			P_opt = optarg;
234353Sdim			break;
234353Sdim		case 'n':
234353Sdim			n_opt = strtoul(optarg, &q, 0);
234353Sdim			if (!*optarg || *q)
261991Sdim				usage("-n argument not numeric\n");
261991Sdim			if (n_opt < -1 || n_opt > G_BDE_MAXKEYS)
261991Sdim				usage("-n argument out of range\n"); break;
261991Sdim		default:
261991Sdim			usage("Invalid option\n");
296417Sdim		}
296417Sdim
296417Sdim	if (doopen) {
360784Sdim		dfd = open(dest, O_RDWR | O_CREAT, 0644);
360784Sdim		if (dfd < 0) {
261991Sdim			if (snprintf(buf, sizeof(buf), "%s%s",
261991Sdim			    _PATH_DEV, dest) >= (ssize_t)sizeof(buf))
234353Sdim				errno = ENAMETOOLONG;
234353Sdim			else
234353Sdim				dfd = open(buf, O_RDWR | O_CREAT, 0644);
234353Sdim		}
234353Sdim		if (dfd < 0)
234353Sdim			err(1, "%s", dest);
234353Sdim	} else {
234353Sdim		if (!memcmp(dest, _PATH_DEV, strlen(_PATH_DEV)))
234353Sdim			strcpy(dest, dest + strlen(_PATH_DEV));
296417Sdim		if (strchr(dest, '/'))
276479Sdim			usage("\"dest\" argument must be geom-name\n");
234353Sdim	}
296417Sdim
296417Sdim	memset(&sc, 0, sizeof sc);
234353Sdim	sc.consumer = (void *)&dfd;
234353Sdim	gl = &sc.key;
234353Sdim	switch(action) {
234353Sdim	case ACT_ATTACH:
261991Sdim		setup_passphrase(&sc, 0, p_opt);
321369Sdim		cmd_attach(&sc, dest, l_opt);
193323Sed		break;
193323Sed	case ACT_DETACH:
193323Sed		cmd_detach(dest);
234353Sdim		break;
234353Sdim	case ACT_INIT:
234353Sdim		cmd_init(gl, dfd, f_opt, i_opt, L_opt);
234353Sdim		setup_passphrase(&sc, 1, P_opt);
276479Sdim		cmd_write(gl, &sc, dfd, 0, L_opt);
276479Sdim		break;
234353Sdim	case ACT_SETKEY:
234353Sdim		setup_passphrase(&sc, 0, p_opt);
234353Sdim		cmd_open(&sc, dfd, l_opt, &nkey);
234353Sdim		if (n_opt == 0)
234353Sdim			n_opt = nkey + 1;
234353Sdim		setup_passphrase(&sc, 1, P_opt);
296417Sdim		cmd_write(gl, &sc, dfd, n_opt - 1, L_opt);
296417Sdim		break;
234353Sdim	case ACT_DESTROY:
296417Sdim		setup_passphrase(&sc, 0, p_opt);
234353Sdim		cmd_open(&sc, dfd, l_opt, &nkey);
234353Sdim		cmd_destroy(gl, nkey);
309124Sdim		reset_passphrase(&sc);
309124Sdim		cmd_write(gl, &sc, dfd, nkey, l_opt);
234353Sdim		break;
234353Sdim	case ACT_NUKE:
276479Sdim		setup_passphrase(&sc, 0, p_opt);
276479Sdim		cmd_open(&sc, dfd, l_opt, &nkey);
234353Sdim		if (n_opt == 0)
309124Sdim			n_opt = nkey + 1;
309124Sdim		if (n_opt == -1) {
234353Sdim			for(i = 0; i < G_BDE_MAXKEYS; i++)
234353Sdim				cmd_nuke(gl, dfd, i);
234353Sdim		} else {
234353Sdim				cmd_nuke(gl, dfd, n_opt - 1);
234353Sdim		}
234353Sdim		break;
296417Sdim	default:
296417Sdim		usage("Internal error\n");
234353Sdim	}
234353Sdim
234353Sdim	return(0);
321369Sdim}
234353Sdim