#
1.63 |
|
12-May-2024 |
christos |
PR/58212: Malte Dehling: Add zfs verification method
|
#
1.62 |
|
29-Apr-2024 |
riastradh |
cgdconfig(8): KNF in cgdconfig.c.
No functional change intended.
|
Revision tags: netbsd-10-0-RELEASE netbsd-10-0-RC6 netbsd-10-0-RC5 netbsd-10-0-RC4 netbsd-10-0-RC3 netbsd-10-0-RC2 netbsd-10-0-RC1 netbsd-10-base
|
#
1.61 |
|
17-Nov-2022 |
chs |
Restore backward compatibility of UFS2 with previous NetBSD releases by disabling support in UFS2 for extended attributes (including ACLs). Add a new variant of UFS2 called "UFS2ea" that does support extended attributes. Add new fsck_ffs operations "-c ea" and "-c no-ea" to convert file systems from UFS2 to UFS2ea and vice-versa (both of which delete all existing extended attributes in the process).
|
#
1.60 |
|
13-Sep-2022 |
riastradh |
cgdconfig(8): Restore loop for password re-entry for non-shared keys.
Fixes mistake in previous which changed the semantics in the case where _no_ keys are shared.
|
#
1.59 |
|
30-Aug-2022 |
riastradh |
cgdconfig(8): Gracefully handle failed verification with shared keys.
The first time each key is verified, if verification fails, we chuck the failed key and try again with passphrase re-entry.
But if a key has already been verified, and verification fails, assume something is wrong with the disk and fail.
|
#
1.58 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Handle -P/-S for shared keys with -G too.
This way you can convert an existing parameters file to one that is derived from a shared key, and derive other subkeys for other disks from the same shared key.
cgdconfig -G -S -o /etc/cgd/wd0.shared /etc/cgd/wd0 cgdconfig -G -S -o /etc/cgd/wd1.shared \ -P /etc/cgd/wd0.shared /etc/cgd/wd1
This way, if you enter the same new password both times, wd0.shared and wd1.shared generate the same keys as wd0 and wd1, but only need one password entry with `cgdconfig -C'.
|
#
1.57 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for generating shared-key parameters files.
Usage model:
- Generate a parameters file that supports sharing its main key:
cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum
- Make another parameters file that uses the same shared main key but derives an independent subkey from it:
cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256
|
#
1.56 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for shared keys.
New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because:
- Hashing the password is expensive, so it should only be done once.
Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'.
. With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n.
And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you.
- Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press.
The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm.
The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256.
Example:
algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; };
The key used for this disk will be derived by
HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==),
where k is the outcome of PBKDF2-SHA1 with the given parameters.
Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files.
If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks.
|
#
1.55 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -T operation prints all generated keys in cgd.conf.
For testing purposes.
|
#
1.54 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -t operation just prints the derived key in base64.
For testing purposes.
|
#
1.53 |
|
22-Nov-2021 |
nia |
cgdconfig(8): Add an argon2id password-based key generation method
This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile is initially generated.
lgtm riastradh@
|
#
1.52 |
|
16-Jun-2021 |
riastradh |
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.51 |
|
18-Apr-2021 |
maya |
The -n flag is useless with -g, don't mention it.
From rudolf in PR misc/36243
|
Revision tags: netbsd-9-4-RELEASE netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609
|
#
1.50 |
|
10-Apr-2019 |
kre |
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example).
NFCI.
|
#
1.49 |
|
10-Apr-2019 |
kre |
PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails.
Add ATF tests to check that bad verification is reported, and does not leave the cgd configured.
Patches from the PR applied.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.48 |
|
09-May-2018 |
alnsn |
branches: 1.48.2; use explicit_memset(3)
|
#
1.47 |
|
09-May-2018 |
alnsn |
Missed one change when doing a manual merge of my patch with kre's commit.
|
#
1.46 |
|
09-May-2018 |
alnsn |
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
|
#
1.45 |
|
09-May-2018 |
kre |
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
|
#
1.44 |
|
09-May-2018 |
kre |
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
|
#
1.43 |
|
06-May-2018 |
kre |
Fix usage for rump. Fixes test breakage caused by previous commit.
|
#
1.42 |
|
05-May-2018 |
kre |
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base
|
#
1.41 |
|
10-Jan-2017 |
christos |
branches: 1.41.6; 1.41.12; Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
branches: 1.40.2; Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
#
1.62 |
|
29-Apr-2024 |
riastradh |
cgdconfig(8): KNF in cgdconfig.c.
No functional change intended.
|
Revision tags: netbsd-10-0-RELEASE netbsd-10-0-RC6 netbsd-10-0-RC5 netbsd-10-0-RC4 netbsd-10-0-RC3 netbsd-10-0-RC2 netbsd-10-0-RC1 netbsd-10-base
|
#
1.61 |
|
17-Nov-2022 |
chs |
Restore backward compatibility of UFS2 with previous NetBSD releases by disabling support in UFS2 for extended attributes (including ACLs). Add a new variant of UFS2 called "UFS2ea" that does support extended attributes. Add new fsck_ffs operations "-c ea" and "-c no-ea" to convert file systems from UFS2 to UFS2ea and vice-versa (both of which delete all existing extended attributes in the process).
|
#
1.60 |
|
13-Sep-2022 |
riastradh |
cgdconfig(8): Restore loop for password re-entry for non-shared keys.
Fixes mistake in previous which changed the semantics in the case where _no_ keys are shared.
|
#
1.59 |
|
30-Aug-2022 |
riastradh |
cgdconfig(8): Gracefully handle failed verification with shared keys.
The first time each key is verified, if verification fails, we chuck the failed key and try again with passphrase re-entry.
But if a key has already been verified, and verification fails, assume something is wrong with the disk and fail.
|
#
1.58 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Handle -P/-S for shared keys with -G too.
This way you can convert an existing parameters file to one that is derived from a shared key, and derive other subkeys for other disks from the same shared key.
cgdconfig -G -S -o /etc/cgd/wd0.shared /etc/cgd/wd0 cgdconfig -G -S -o /etc/cgd/wd1.shared \ -P /etc/cgd/wd0.shared /etc/cgd/wd1
This way, if you enter the same new password both times, wd0.shared and wd1.shared generate the same keys as wd0 and wd1, but only need one password entry with `cgdconfig -C'.
|
#
1.57 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for generating shared-key parameters files.
Usage model:
- Generate a parameters file that supports sharing its main key:
cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum
- Make another parameters file that uses the same shared main key but derives an independent subkey from it:
cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256
|
#
1.56 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for shared keys.
New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because:
- Hashing the password is expensive, so it should only be done once.
Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'.
. With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n.
And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you.
- Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press.
The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm.
The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256.
Example:
algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; };
The key used for this disk will be derived by
HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==),
where k is the outcome of PBKDF2-SHA1 with the given parameters.
Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files.
If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks.
|
#
1.55 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -T operation prints all generated keys in cgd.conf.
For testing purposes.
|
#
1.54 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -t operation just prints the derived key in base64.
For testing purposes.
|
#
1.53 |
|
22-Nov-2021 |
nia |
cgdconfig(8): Add an argon2id password-based key generation method
This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile is initially generated.
lgtm riastradh@
|
#
1.52 |
|
16-Jun-2021 |
riastradh |
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.51 |
|
18-Apr-2021 |
maya |
The -n flag is useless with -g, don't mention it.
From rudolf in PR misc/36243
|
Revision tags: netbsd-9-4-RELEASE netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609
|
#
1.50 |
|
10-Apr-2019 |
kre |
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example).
NFCI.
|
#
1.49 |
|
10-Apr-2019 |
kre |
PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails.
Add ATF tests to check that bad verification is reported, and does not leave the cgd configured.
Patches from the PR applied.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.48 |
|
09-May-2018 |
alnsn |
branches: 1.48.2; use explicit_memset(3)
|
#
1.47 |
|
09-May-2018 |
alnsn |
Missed one change when doing a manual merge of my patch with kre's commit.
|
#
1.46 |
|
09-May-2018 |
alnsn |
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
|
#
1.45 |
|
09-May-2018 |
kre |
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
|
#
1.44 |
|
09-May-2018 |
kre |
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
|
#
1.43 |
|
06-May-2018 |
kre |
Fix usage for rump. Fixes test breakage caused by previous commit.
|
#
1.42 |
|
05-May-2018 |
kre |
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base
|
#
1.41 |
|
10-Jan-2017 |
christos |
branches: 1.41.6; 1.41.12; Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
branches: 1.40.2; Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
#
1.61 |
|
17-Nov-2022 |
chs |
Restore backward compatibility of UFS2 with previous NetBSD releases by disabling support in UFS2 for extended attributes (including ACLs). Add a new variant of UFS2 called "UFS2ea" that does support extended attributes. Add new fsck_ffs operations "-c ea" and "-c no-ea" to convert file systems from UFS2 to UFS2ea and vice-versa (both of which delete all existing extended attributes in the process).
|
#
1.60 |
|
13-Sep-2022 |
riastradh |
cgdconfig(8): Restore loop for password re-entry for non-shared keys.
Fixes mistake in previous which changed the semantics in the case where _no_ keys are shared.
|
#
1.59 |
|
30-Aug-2022 |
riastradh |
cgdconfig(8): Gracefully handle failed verification with shared keys.
The first time each key is verified, if verification fails, we chuck the failed key and try again with passphrase re-entry.
But if a key has already been verified, and verification fails, assume something is wrong with the disk and fail.
|
#
1.58 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Handle -P/-S for shared keys with -G too.
This way you can convert an existing parameters file to one that is derived from a shared key, and derive other subkeys for other disks from the same shared key.
cgdconfig -G -S -o /etc/cgd/wd0.shared /etc/cgd/wd0 cgdconfig -G -S -o /etc/cgd/wd1.shared \ -P /etc/cgd/wd0.shared /etc/cgd/wd1
This way, if you enter the same new password both times, wd0.shared and wd1.shared generate the same keys as wd0 and wd1, but only need one password entry with `cgdconfig -C'.
|
#
1.57 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for generating shared-key parameters files.
Usage model:
- Generate a parameters file that supports sharing its main key:
cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum
- Make another parameters file that uses the same shared main key but derives an independent subkey from it:
cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256
|
#
1.56 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for shared keys.
New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because:
- Hashing the password is expensive, so it should only be done once.
Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'.
. With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n.
And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you.
- Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press.
The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm.
The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256.
Example:
algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; };
The key used for this disk will be derived by
HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==),
where k is the outcome of PBKDF2-SHA1 with the given parameters.
Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files.
If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks.
|
#
1.55 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -T operation prints all generated keys in cgd.conf.
For testing purposes.
|
#
1.54 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -t operation just prints the derived key in base64.
For testing purposes.
|
#
1.53 |
|
22-Nov-2021 |
nia |
cgdconfig(8): Add an argon2id password-based key generation method
This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile is initially generated.
lgtm riastradh@
|
#
1.52 |
|
16-Jun-2021 |
riastradh |
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.51 |
|
18-Apr-2021 |
maya |
The -n flag is useless with -g, don't mention it.
From rudolf in PR misc/36243
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609
|
#
1.50 |
|
10-Apr-2019 |
kre |
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example).
NFCI.
|
#
1.49 |
|
10-Apr-2019 |
kre |
PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails.
Add ATF tests to check that bad verification is reported, and does not leave the cgd configured.
Patches from the PR applied.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.48 |
|
09-May-2018 |
alnsn |
branches: 1.48.2; use explicit_memset(3)
|
#
1.47 |
|
09-May-2018 |
alnsn |
Missed one change when doing a manual merge of my patch with kre's commit.
|
#
1.46 |
|
09-May-2018 |
alnsn |
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
|
#
1.45 |
|
09-May-2018 |
kre |
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
|
#
1.44 |
|
09-May-2018 |
kre |
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
|
#
1.43 |
|
06-May-2018 |
kre |
Fix usage for rump. Fixes test breakage caused by previous commit.
|
#
1.42 |
|
05-May-2018 |
kre |
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base
|
#
1.41 |
|
10-Jan-2017 |
christos |
branches: 1.41.6; 1.41.12; Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
branches: 1.40.2; Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
#
1.60 |
|
13-Sep-2022 |
riastradh |
cgdconfig(8): Restore loop for password re-entry for non-shared keys.
Fixes mistake in previous which changed the semantics in the case where _no_ keys are shared.
|
#
1.59 |
|
30-Aug-2022 |
riastradh |
cgdconfig(8): Gracefully handle failed verification with shared keys.
The first time each key is verified, if verification fails, we chuck the failed key and try again with passphrase re-entry.
But if a key has already been verified, and verification fails, assume something is wrong with the disk and fail.
|
#
1.58 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Handle -P/-S for shared keys with -G too.
This way you can convert an existing parameters file to one that is derived from a shared key, and derive other subkeys for other disks from the same shared key.
cgdconfig -G -S -o /etc/cgd/wd0.shared /etc/cgd/wd0 cgdconfig -G -S -o /etc/cgd/wd1.shared \ -P /etc/cgd/wd0.shared /etc/cgd/wd1
This way, if you enter the same new password both times, wd0.shared and wd1.shared generate the same keys as wd0 and wd1, but only need one password entry with `cgdconfig -C'.
|
#
1.57 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for generating shared-key parameters files.
Usage model:
- Generate a parameters file that supports sharing its main key:
cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum
- Make another parameters file that uses the same shared main key but derives an independent subkey from it:
cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256
|
#
1.56 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for shared keys.
New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because:
- Hashing the password is expensive, so it should only be done once.
Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'.
. With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n.
And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you.
- Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press.
The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm.
The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256.
Example:
algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; };
The key used for this disk will be derived by
HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==),
where k is the outcome of PBKDF2-SHA1 with the given parameters.
Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files.
If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks.
|
#
1.55 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -T operation prints all generated keys in cgd.conf.
For testing purposes.
|
#
1.54 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -t operation just prints the derived key in base64.
For testing purposes.
|
#
1.53 |
|
22-Nov-2021 |
nia |
cgdconfig(8): Add an argon2id password-based key generation method
This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile is initially generated.
lgtm riastradh@
|
#
1.52 |
|
16-Jun-2021 |
riastradh |
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.51 |
|
18-Apr-2021 |
maya |
The -n flag is useless with -g, don't mention it.
From rudolf in PR misc/36243
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609
|
#
1.50 |
|
10-Apr-2019 |
kre |
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example).
NFCI.
|
#
1.49 |
|
10-Apr-2019 |
kre |
PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails.
Add ATF tests to check that bad verification is reported, and does not leave the cgd configured.
Patches from the PR applied.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.48 |
|
09-May-2018 |
alnsn |
branches: 1.48.2; use explicit_memset(3)
|
#
1.47 |
|
09-May-2018 |
alnsn |
Missed one change when doing a manual merge of my patch with kre's commit.
|
#
1.46 |
|
09-May-2018 |
alnsn |
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
|
#
1.45 |
|
09-May-2018 |
kre |
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
|
#
1.44 |
|
09-May-2018 |
kre |
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
|
#
1.43 |
|
06-May-2018 |
kre |
Fix usage for rump. Fixes test breakage caused by previous commit.
|
#
1.42 |
|
05-May-2018 |
kre |
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base
|
#
1.41 |
|
10-Jan-2017 |
christos |
branches: 1.41.6; 1.41.12; Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
branches: 1.40.2; Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
#
1.59 |
|
30-Aug-2022 |
riastradh |
cgdconfig(8): Gracefully handle failed verification with shared keys.
The first time each key is verified, if verification fails, we chuck the failed key and try again with passphrase re-entry.
But if a key has already been verified, and verification fails, assume something is wrong with the disk and fail.
|
#
1.58 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Handle -P/-S for shared keys with -G too.
This way you can convert an existing parameters file to one that is derived from a shared key, and derive other subkeys for other disks from the same shared key.
cgdconfig -G -S -o /etc/cgd/wd0.shared /etc/cgd/wd0 cgdconfig -G -S -o /etc/cgd/wd1.shared \ -P /etc/cgd/wd0.shared /etc/cgd/wd1
This way, if you enter the same new password both times, wd0.shared and wd1.shared generate the same keys as wd0 and wd1, but only need one password entry with `cgdconfig -C'.
|
#
1.57 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for generating shared-key parameters files.
Usage model:
- Generate a parameters file that supports sharing its main key:
cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum
- Make another parameters file that uses the same shared main key but derives an independent subkey from it:
cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256
|
#
1.56 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for shared keys.
New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because:
- Hashing the password is expensive, so it should only be done once.
Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'.
. With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n.
And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you.
- Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press.
The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm.
The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256.
Example:
algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; };
The key used for this disk will be derived by
HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==),
where k is the outcome of PBKDF2-SHA1 with the given parameters.
Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files.
If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks.
|
#
1.55 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -T operation prints all generated keys in cgd.conf.
For testing purposes.
|
#
1.54 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -t operation just prints the derived key in base64.
For testing purposes.
|
#
1.53 |
|
22-Nov-2021 |
nia |
cgdconfig(8): Add an argon2id password-based key generation method
This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile is initially generated.
lgtm riastradh@
|
#
1.52 |
|
16-Jun-2021 |
riastradh |
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.51 |
|
18-Apr-2021 |
maya |
The -n flag is useless with -g, don't mention it.
From rudolf in PR misc/36243
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609
|
#
1.50 |
|
10-Apr-2019 |
kre |
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example).
NFCI.
|
#
1.49 |
|
10-Apr-2019 |
kre |
PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails.
Add ATF tests to check that bad verification is reported, and does not leave the cgd configured.
Patches from the PR applied.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.48 |
|
09-May-2018 |
alnsn |
branches: 1.48.2; use explicit_memset(3)
|
#
1.47 |
|
09-May-2018 |
alnsn |
Missed one change when doing a manual merge of my patch with kre's commit.
|
#
1.46 |
|
09-May-2018 |
alnsn |
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
|
#
1.45 |
|
09-May-2018 |
kre |
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
|
#
1.44 |
|
09-May-2018 |
kre |
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
|
#
1.43 |
|
06-May-2018 |
kre |
Fix usage for rump. Fixes test breakage caused by previous commit.
|
#
1.42 |
|
05-May-2018 |
kre |
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base
|
#
1.41 |
|
10-Jan-2017 |
christos |
branches: 1.41.6; 1.41.12; Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
branches: 1.40.2; Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
#
1.58 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Handle -P/-S for shared keys with -G too.
This way you can convert an existing parameters file to one that is derived from a shared key, and derive other subkeys for other disks from the same shared key.
cgdconfig -G -S -o /etc/cgd/wd0.shared /etc/cgd/wd0 cgdconfig -G -S -o /etc/cgd/wd1.shared \ -P /etc/cgd/wd0.shared /etc/cgd/wd1
This way, if you enter the same new password both times, wd0.shared and wd1.shared generate the same keys as wd0 and wd1, but only need one password entry with `cgdconfig -C'.
|
#
1.57 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for generating shared-key parameters files.
Usage model:
- Generate a parameters file that supports sharing its main key:
cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum
- Make another parameters file that uses the same shared main key but derives an independent subkey from it:
cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256
|
#
1.56 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): Add support for shared keys.
New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because:
- Hashing the password is expensive, so it should only be done once.
Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'.
. With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n.
And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you.
- Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press.
The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm.
The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256.
Example:
algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; };
The key used for this disk will be derived by
HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==),
where k is the outcome of PBKDF2-SHA1 with the given parameters.
Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files.
If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks.
|
#
1.55 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -T operation prints all generated keys in cgd.conf.
For testing purposes.
|
#
1.54 |
|
12-Aug-2022 |
riastradh |
cgdconfig(8): New -t operation just prints the derived key in base64.
For testing purposes.
|
#
1.53 |
|
22-Nov-2021 |
nia |
cgdconfig(8): Add an argon2id password-based key generation method
This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile is initially generated.
lgtm riastradh@
|
#
1.52 |
|
16-Jun-2021 |
riastradh |
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.51 |
|
18-Apr-2021 |
maya |
The -n flag is useless with -g, don't mention it.
From rudolf in PR misc/36243
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609
|
#
1.50 |
|
10-Apr-2019 |
kre |
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example).
NFCI.
|
#
1.49 |
|
10-Apr-2019 |
kre |
PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails.
Add ATF tests to check that bad verification is reported, and does not leave the cgd configured.
Patches from the PR applied.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.48 |
|
09-May-2018 |
alnsn |
branches: 1.48.2; use explicit_memset(3)
|
#
1.47 |
|
09-May-2018 |
alnsn |
Missed one change when doing a manual merge of my patch with kre's commit.
|
#
1.46 |
|
09-May-2018 |
alnsn |
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
|
#
1.45 |
|
09-May-2018 |
kre |
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
|
#
1.44 |
|
09-May-2018 |
kre |
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
|
#
1.43 |
|
06-May-2018 |
kre |
Fix usage for rump. Fixes test breakage caused by previous commit.
|
#
1.42 |
|
05-May-2018 |
kre |
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base
|
#
1.41 |
|
10-Jan-2017 |
christos |
branches: 1.41.6; 1.41.12; Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
branches: 1.40.2; Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
#
1.53 |
|
22-Nov-2021 |
nia |
cgdconfig(8): Add an argon2id password-based key generation method
This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile is initially generated.
lgtm riastradh@
|
#
1.52 |
|
16-Jun-2021 |
riastradh |
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.51 |
|
18-Apr-2021 |
maya |
The -n flag is useless with -g, don't mention it.
From rudolf in PR misc/36243
|
Revision tags: netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609
|
#
1.50 |
|
10-Apr-2019 |
kre |
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example).
NFCI.
|
#
1.49 |
|
10-Apr-2019 |
kre |
PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails.
Add ATF tests to check that bad verification is reported, and does not leave the cgd configured.
Patches from the PR applied.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.48 |
|
09-May-2018 |
alnsn |
branches: 1.48.2; use explicit_memset(3)
|
#
1.47 |
|
09-May-2018 |
alnsn |
Missed one change when doing a manual merge of my patch with kre's commit.
|
#
1.46 |
|
09-May-2018 |
alnsn |
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
|
#
1.45 |
|
09-May-2018 |
kre |
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
|
#
1.44 |
|
09-May-2018 |
kre |
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
|
#
1.43 |
|
06-May-2018 |
kre |
Fix usage for rump. Fixes test breakage caused by previous commit.
|
#
1.42 |
|
05-May-2018 |
kre |
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base
|
#
1.41 |
|
10-Jan-2017 |
christos |
branches: 1.41.6; 1.41.12; Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
branches: 1.40.2; Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
#
1.52 |
|
16-Jun-2021 |
riastradh |
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.51 |
|
18-Apr-2021 |
maya |
The -n flag is useless with -g, don't mention it.
From rudolf in PR misc/36243
|
Revision tags: netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609
|
#
1.50 |
|
10-Apr-2019 |
kre |
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example).
NFCI.
|
#
1.49 |
|
10-Apr-2019 |
kre |
PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails.
Add ATF tests to check that bad verification is reported, and does not leave the cgd configured.
Patches from the PR applied.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.48 |
|
09-May-2018 |
alnsn |
branches: 1.48.2; use explicit_memset(3)
|
#
1.47 |
|
09-May-2018 |
alnsn |
Missed one change when doing a manual merge of my patch with kre's commit.
|
#
1.46 |
|
09-May-2018 |
alnsn |
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
|
#
1.45 |
|
09-May-2018 |
kre |
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
|
#
1.44 |
|
09-May-2018 |
kre |
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
|
#
1.43 |
|
06-May-2018 |
kre |
Fix usage for rump. Fixes test breakage caused by previous commit.
|
#
1.42 |
|
05-May-2018 |
kre |
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base
|
#
1.41 |
|
10-Jan-2017 |
christos |
branches: 1.41.6; 1.41.12; Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
branches: 1.40.2; Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
#
1.51 |
|
18-Apr-2021 |
maya |
The -n flag is useless with -g, don't mention it.
From rudolf in PR misc/36243
|
Revision tags: netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609
|
#
1.50 |
|
10-Apr-2019 |
kre |
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example).
NFCI.
|
#
1.49 |
|
10-Apr-2019 |
kre |
PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails.
Add ATF tests to check that bad verification is reported, and does not leave the cgd configured.
Patches from the PR applied.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.48 |
|
09-May-2018 |
alnsn |
branches: 1.48.2; use explicit_memset(3)
|
#
1.47 |
|
09-May-2018 |
alnsn |
Missed one change when doing a manual merge of my patch with kre's commit.
|
#
1.46 |
|
09-May-2018 |
alnsn |
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
|
#
1.45 |
|
09-May-2018 |
kre |
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
|
#
1.44 |
|
09-May-2018 |
kre |
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
|
#
1.43 |
|
06-May-2018 |
kre |
Fix usage for rump. Fixes test breakage caused by previous commit.
|
#
1.42 |
|
05-May-2018 |
kre |
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base
|
#
1.41 |
|
10-Jan-2017 |
christos |
branches: 1.41.6; 1.41.12; Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
branches: 1.40.2; Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
#
1.50 |
|
10-Apr-2019 |
kre |
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example).
NFCI.
|
#
1.49 |
|
10-Apr-2019 |
kre |
PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails.
Add ATF tests to check that bad verification is reported, and does not leave the cgd configured.
Patches from the PR applied.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.48 |
|
09-May-2018 |
alnsn |
use explicit_memset(3)
|
#
1.47 |
|
09-May-2018 |
alnsn |
Missed one change when doing a manual merge of my patch with kre's commit.
|
#
1.46 |
|
09-May-2018 |
alnsn |
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
|
#
1.45 |
|
09-May-2018 |
kre |
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
|
#
1.44 |
|
09-May-2018 |
kre |
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
|
#
1.43 |
|
06-May-2018 |
kre |
Fix usage for rump. Fixes test breakage caused by previous commit.
|
#
1.42 |
|
05-May-2018 |
kre |
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base
|
#
1.41 |
|
10-Jan-2017 |
christos |
branches: 1.41.6; 1.41.12; Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
branches: 1.40.2; Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
#
1.41 |
|
10-Jan-2017 |
christos |
Need <sys/stat.h> for S_IFBLK.
|
Revision tags: pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|
Revision tags: pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.40 |
|
22-Nov-2015 |
christos |
Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
1.39 |
|
14-Dec-2014 |
christos |
fix possibly uninitialized variable.
|
#
1.38 |
|
14-Dec-2014 |
christos |
avoid local variable shadowing devname.
|
#
1.37 |
|
14-Dec-2014 |
mlelstv |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
1.36 |
|
14-Dec-2014 |
mlelstv |
support wedge names.
The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
|
Revision tags: netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.35 |
|
09-Jun-2013 |
christos |
List all cgd's no matter if they are not contiguously allocated
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
#
1.34 |
|
05-Dec-2012 |
christos |
add cgdconfig -l like vnconfig -l
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.33 |
|
29-Aug-2011 |
joerg |
branches: 1.33.2; 1.33.8; Use __dead
|
Revision tags: cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.32 |
|
14-Dec-2010 |
pooka |
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
|
#
1.31 |
|
02-Dec-2010 |
elric |
Remove a line that was intended only for my personal testing and that breaks things.
|
#
1.30 |
|
02-Dec-2010 |
elric |
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
|
#
1.29 |
|
27-Nov-2010 |
elric |
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
|
Revision tags: matt-premerge-20091211
|
#
1.28 |
|
08-Sep-2009 |
pooka |
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 mjf-devfs2-base
|
#
1.27 |
|
24-Jul-2008 |
christos |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
|
#
1.26 |
|
24-Jul-2008 |
dholland |
bzero the passphrase before freeing it, to discourage chill attacks.
|
#
1.25 |
|
24-Jul-2008 |
dholland |
Adjust this to not need -Wno-pointer-sign.
|
#
1.24 |
|
20-Jul-2008 |
lukem |
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
|
Revision tags: wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 wrstuden-revivesa-base
|
#
1.23 |
|
11-May-2008 |
elric |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
1.22 |
|
10-May-2008 |
elric |
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified.
Update man page to document -p flag.
|
#
1.21 |
|
28-Apr-2008 |
martin |
branches: 1.21.2; Remove clause 3 and 4 from TNF licenses
|
Revision tags: yamt-pf42-baseX yamt-pf42-base keiichi-mipv6-base cube-autoconf-base mjf-devfs-base matt-armv6-nbase matt-armv6-base hpcarm-cleanup-base
|
#
1.20 |
|
06-Nov-2007 |
martin |
branches: 1.20.8; 1.20.10; Do not use %d for size_t
|
#
1.19 |
|
06-Nov-2007 |
christos |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
Revision tags: matt-mips64-base
|
#
1.18 |
|
06-Feb-2007 |
cbiere |
branches: 1.18.4; Fixed format string in opendisk_werror() which was wrong since my previous commit.
|
#
1.17 |
|
06-Feb-2007 |
cbiere |
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base abandoned-netbsd-4-base netbsd-4-base
|
#
1.16 |
|
27-Jun-2005 |
christos |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
1.15 |
|
30-Mar-2005 |
elric |
setprogname(3) needs to come before calls to err(3).
|
#
1.14 |
|
30-Mar-2005 |
elric |
Lock all memory.
|
#
1.13 |
|
30-Mar-2005 |
elric |
Turn off core dumps.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 netbsd-3-0-RC2 netbsd-3-0-RC1 netbsd-3-base
|
#
1.12 |
|
13-Aug-2004 |
tv |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|
#
1.11 |
|
10-Aug-2004 |
rumble |
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully.
OK'd by elric.
|
Revision tags: netbsd-2-0-base
|
#
1.10 |
|
17-Mar-2004 |
dan |
branches: 1.10.2; Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
|
#
1.9 |
|
23-Sep-2003 |
cb |
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
|
#
1.8 |
|
17-May-2003 |
itojun |
use strlcpy
|
#
1.7 |
|
02-Apr-2003 |
fvdl |
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things.
This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
|
#
1.6 |
|
24-Mar-2003 |
elric |
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
|
#
1.5 |
|
24-Mar-2003 |
elric |
substantial rototill of the code.
o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
|
Revision tags: fvdl_fs64_base
|
#
1.4 |
|
28-Oct-2002 |
elric |
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
|
#
1.3 |
|
12-Oct-2002 |
elric |
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
|
#
1.2 |
|
12-Oct-2002 |
elric |
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
|
#
1.1 |
|
04-Oct-2002 |
elric |
Initial checkin of cgdconfig(8), a program to configure a cgd.
|