On Wed, Jan 21, 2004 at 04:26:09PM +0100, Poul-Henning Kamp wrote:
>
> Hi Allan,
>
> Can you please redo the diff -with '-u' ?
Sure, attached.
> Poul-Henning
>
> --
> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
> [EMAIL PROTECTED] | TCP/IP since RFC 956
> FreeBSD committer | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
--
Allan Fields _.^. ,_ ,. ._ .
AFRSL - http://afields.ca <,'/-\/- /\'_| /_
Ottawa, Canada `'|'====-=--- -- -
`---- -- -
BSDCan 2004: May 2004, Ottawa
See http://www.bsdcan.org for details.
diff -ru src-5_2/sbin/gbde/gbde.c src-5_2-afields/sbin/gbde/gbde.c
--- src-5_2/sbin/gbde/gbde.c Mon Oct 13 16:14:02 2003
+++ src-5_2-afields/sbin/gbde/gbde.c Wed Jan 21 10:03:20 2004
@@ -40,14 +40,16 @@
*
* Introduce -E, alternate entropy source (instead of /dev/random)
*
+ * Introduce -c, cipher specification
+ *
+ * Introduce -o, one-time-pad source
+ *
* Introduce -i take IV from keyboard or
*
* Introduce -I take IV from file/cmd
*
* Introduce -m/-M store encrypted+encoded masterkey in file
*
- * Introduce -k/-K get pass-phrase part from file/cmd
- *
* Introduce -d add more dest-devices to worklist.
*
* Add key-option: selfdestruct bit.
@@ -62,6 +64,8 @@
*
* Make all verbs work on both attached/detached devices.
*
+ * Investigate process memory scrubbing and file caching issues further
+ *
*/
#include <sys/types.h>
@@ -142,6 +146,10 @@
fprintf(stderr, "\t%s init /dev/dest [-i] [-f filename] [-L lockfile]\n", p);
fprintf(stderr, "\t%s setkey dest [-n key] [-l lockfile] [-L lockfile]\n", p);
fprintf(stderr, "\t%s destroy dest [-n key] [-l lockfile] [-L lockfile]\n", p);
+ fprintf(stderr, "Key entry:\n");
+ fprintf(stderr, "\tBy default the user is prompted on the tty. From the
command line:\n");
+ fprintf(stderr, "\t-p/-P <passphrase>\t\t-k/-K <keyfile>\n");
+ fprintf(stderr, "\t-k-/-K- for input on stdin\t-r toggles 'raw' mode\n");
exit (1);
}
@@ -234,6 +242,35 @@
memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH);
}
+static const char *
+read_keyfile(const char *keyf, int raw)
+{ /* XXX: to be reviewed by authors */
+ static FILE * kf;
+ char kbuf[BUFSIZ];
+ char c; int i;
+
+ if (strchr(&keyf[0],'-')&&
+ strchr(&keyf[1],'\0'))
+ kf = fdopen(STDIN_FILENO,"r");
+ else kf = fopen(keyf,"r");
+ if (kf == NULL)
+ errx(errno,"Error opening keyfile: %s\n",strerror(errno));
+
+ bzero(kbuf, sizeof(kbuf));
+ for (i = 0; (c = getc(kf)) != EOF && (i < BUFSIZ-1); i++) {
+ if (raw == 0 && (c=='\n' || c=='\r')) break;
+ kbuf[i] = c;
+ } /* kbuf[BUFSIZ] = '\0'; */
+
+ if (ferror(kf) != 0)
+ errx(errno, "Error reading keyfile: %s",strerror(errno));
+ else if (strlen(kbuf) < 3)
+ errx(1,"Too short passphrase from keyfile\n");
+
+ (void)fclose(kf);
+ return strdup(kbuf); /* XXX: No way to scrub buf before return? */
+}
+
static void
encrypt_sector(void *d, int len, int klen, void *key)
{
@@ -692,9 +729,10 @@
const char *opts;
const char *l_opt, *L_opt;
const char *p_opt, *P_opt;
- const char *f_opt;
+ const char *k_opt, *K_opt;
+ const char *f_opt, *pbuf;
char *dest;
- int i_opt, n_opt, ch, dfd, doopen;
+ int i_opt, n_opt, r_opt, ch, dfd, doopen;
u_int nkey;
int i;
char *q, buf[BUFSIZ];
@@ -713,26 +751,26 @@
doopen = 0;
if (!strcmp(argv[1], "attach")) {
action = ACT_ATTACH;
- opts = "l:p:";
+ opts = "l:p:k:r";
} else if (!strcmp(argv[1], "detach")) {
action = ACT_DETACH;
opts = "";
} else if (!strcmp(argv[1], "init")) {
action = ACT_INIT;
doopen = 1;
- opts = "f:iL:P:";
+ opts = "f:iL:P:K:r";
} else if (!strcmp(argv[1], "setkey")) {
action = ACT_SETKEY;
doopen = 1;
- opts = "n:l:L:p:P:";
+ opts = "n:l:L:p:k:P:K:r";
} else if (!strcmp(argv[1], "destroy")) {
action = ACT_DESTROY;
doopen = 1;
- opts = "l:p:";
+ opts = "l:p:k:r";
} else if (!strcmp(argv[1], "nuke")) {
action = ACT_NUKE;
doopen = 1;
- opts = "l:p:n:";
+ opts = "n:l:p:k:r";
} else {
usage("Unknown sub command\n");
}
@@ -743,10 +781,14 @@
argc--;
argv++;
+ pbuf = NULL;
p_opt = NULL;
P_opt = NULL;
l_opt = NULL;
L_opt = NULL;
+ k_opt = NULL;
+ K_opt = NULL;
+ r_opt = 0;
f_opt = NULL;
n_opt = 0;
i_opt = 0;
@@ -770,6 +812,15 @@
case 'P':
P_opt = optarg;
break;
+ case 'k':
+ k_opt = optarg;
+ break;
+ case 'K':
+ K_opt = optarg;
+ break;
+ case 'r':
+ r_opt = 1;
+ break;
case 'n':
n_opt = strtoul(optarg, &q, 0);
if (!*optarg || *q)
@@ -780,6 +831,9 @@
usage("Invalid option\n");
}
+ if (p_opt && k_opt) usage("Duplicate key spec: -p and -k\n");
+ if (P_opt && K_opt) usage("Duplicate key spec: -P and -K\n");
+
if (doopen) {
dfd = open(dest, O_RDWR | O_CREAT, 0644);
if (dfd < 0) {
@@ -803,7 +857,10 @@
gl = &sc.key;
switch(action) {
case ACT_ATTACH:
- setup_passphrase(&sc, 0, p_opt);
+ if (k_opt) pbuf = read_keyfile(k_opt, r_opt);
+ else if (p_opt) pbuf = strdup(p_opt);
+ setup_passphrase(&sc, 0, pbuf);
+
cmd_attach(&sc, dest, l_opt);
break;
case ACT_DETACH:
@@ -811,26 +868,43 @@
break;
case ACT_INIT:
cmd_init(gl, dfd, f_opt, i_opt, L_opt);
- setup_passphrase(&sc, 1, P_opt);
+
+ if (K_opt) pbuf = read_keyfile(K_opt, r_opt);
+ else if (P_opt) pbuf = strdup(P_opt);
+ setup_passphrase(&sc, 1, pbuf);
+
cmd_write(gl, &sc, dfd, 0, L_opt);
break;
case ACT_SETKEY:
- setup_passphrase(&sc, 0, p_opt);
+ if (k_opt) pbuf = read_keyfile(k_opt, r_opt);
+ else if (p_opt) pbuf = strdup(p_opt);
+ setup_passphrase(&sc, 0, pbuf);
+
cmd_open(&sc, dfd, l_opt, &nkey);
if (n_opt == 0)
n_opt = nkey + 1;
- setup_passphrase(&sc, 1, P_opt);
+
+ if (K_opt) pbuf = read_keyfile(K_opt, r_opt);
+ else if (P_opt) pbuf = strdup(P_opt);
+ setup_passphrase(&sc, 1, pbuf);
+
cmd_write(gl, &sc, dfd, n_opt - 1, L_opt);
break;
case ACT_DESTROY:
- setup_passphrase(&sc, 0, p_opt);
+ if (k_opt) pbuf = read_keyfile(k_opt, r_opt);
+ else if (p_opt) pbuf = strdup(p_opt);
+ setup_passphrase(&sc, 0, pbuf);
+
cmd_open(&sc, dfd, l_opt, &nkey);
cmd_destroy(gl, nkey);
reset_passphrase(&sc);
cmd_write(gl, &sc, dfd, nkey, l_opt);
break;
case ACT_NUKE:
- setup_passphrase(&sc, 0, p_opt);
+ if (k_opt) pbuf = read_keyfile(k_opt, r_opt);
+ else if (p_opt) pbuf = strdup(p_opt);
+ setup_passphrase(&sc, 0, pbuf);
+
cmd_open(&sc, dfd, l_opt, &nkey);
if (n_opt == 0)
n_opt = nkey + 1;
diff -ru src-5_2/sbin/gbde/test.sh src-5_2-afields/sbin/gbde/test.sh
--- src-5_2/sbin/gbde/test.sh Fri Oct 17 15:52:07 2003
+++ src-5_2-afields/sbin/gbde/test.sh Wed Jan 21 05:57:16 2004
@@ -2,42 +2,42 @@
# $FreeBSD: src/sbin/gbde/test.sh,v 1.3 2003/10/17 19:52:07 phk Exp $
set -e
+GBDE=./gbde
MD=99
mdconfig -d -u $MD > /dev/null 2>&1 || true
-
mdconfig -a -t malloc -s 1m -u $MD
D=/dev/md$MD
-./gbde init $D -P foo -L /tmp/_l1
-./gbde setkey $D -p foo -l /tmp/_l1 -P bar -L /tmp/_l1
-./gbde setkey $D -p bar -l /tmp/_l1 -P foo -L /tmp/_l1
-
-./gbde setkey $D -p foo -l /tmp/_l1 -n 2 -P foo2 -L /tmp/_l2
-./gbde setkey $D -p foo2 -l /tmp/_l2 -n 3 -P foo3 -L /tmp/_l3
-./gbde setkey $D -p foo3 -l /tmp/_l3 -n 4 -P foo4 -L /tmp/_l4
-./gbde setkey $D -p foo4 -l /tmp/_l4 -n 1 -P foo1 -L /tmp/_l1
-
-./gbde nuke $D -p foo1 -l /tmp/_l1 -n 4
-if ./gbde nuke $D -p foo4 -l /tmp/_l4 -n 3 ; then false ; fi
-./gbde destroy $D -p foo2 -l /tmp/_l2
-if ./gbde destroy $D -p foo2 -l /tmp/_l2 ; then false ; fi
-
-./gbde nuke $D -p foo1 -l /tmp/_l1 -n -1
-if ./gbde nuke $D -p foo1 -l /tmp/_l1 -n -1 ; then false ; fi
-if ./gbde nuke $D -p foo2 -l /tmp/_l2 -n -1 ; then false ; fi
-if ./gbde nuke $D -p foo3 -l /tmp/_l3 -n -1 ; then false ; fi
-if ./gbde nuke $D -p foo4 -l /tmp/_l4 -n -1 ; then false ; fi
-
-./gbde init $D -P foo
-./gbde setkey $D -p foo -P bar
-./gbde setkey $D -p bar -P foo
-
-./gbde setkey $D -p foo -n 2 -P foo2
-./gbde setkey $D -p foo2 -n 3 -P foo3
-./gbde setkey $D -p foo3 -n 4 -P foo4
-./gbde setkey $D -p foo4 -n 1 -P foo1
+${GBDE} init $D -P foo -L /tmp/_l1
+${GBDE} setkey $D -p foo -l /tmp/_l1 -P bar -L /tmp/_l1
+${GBDE} setkey $D -p bar -l /tmp/_l1 -P foo -L /tmp/_l1
+
+${GBDE} setkey $D -p foo -l /tmp/_l1 -n 2 -P foo2 -L /tmp/_l2
+${GBDE} setkey $D -p foo2 -l /tmp/_l2 -n 3 -P foo3 -L /tmp/_l3
+${GBDE} setkey $D -p foo3 -l /tmp/_l3 -n 4 -P foo4 -L /tmp/_l4
+${GBDE} setkey $D -p foo4 -l /tmp/_l4 -n 1 -P foo1 -L /tmp/_l1
+
+${GBDE} nuke $D -p foo1 -l /tmp/_l1 -n 4
+if ${GBDE} nuke $D -p foo4 -l /tmp/_l4 -n 3 ; then false ; fi
+${GBDE} destroy $D -p foo2 -l /tmp/_l2
+if ${GBDE} destroy $D -p foo2 -l /tmp/_l2 ; then false ; fi
+
+${GBDE} nuke $D -p foo1 -l /tmp/_l1 -n -1
+if ${GBDE} nuke $D -p foo1 -l /tmp/_l1 -n -1 ; then false ; fi
+if ${GBDE} nuke $D -p foo2 -l /tmp/_l2 -n -1 ; then false ; fi
+if ${GBDE} nuke $D -p foo3 -l /tmp/_l3 -n -1 ; then false ; fi
+if ${GBDE} nuke $D -p foo4 -l /tmp/_l4 -n -1 ; then false ; fi
+
+${GBDE} init $D -P foo
+${GBDE} setkey $D -p foo -P bar
+${GBDE} setkey $D -p bar -P foo
+
+${GBDE} setkey $D -p foo -n 2 -P foo2
+${GBDE} setkey $D -p foo2 -n 3 -P foo3
+${GBDE} setkey $D -p foo3 -n 4 -P foo4
+${GBDE} setkey $D -p foo4 -n 1 -P foo1
mdconfig -d -u $MD
@@ -47,9 +47,9 @@
else
uudecode -p ${1}/image.uu | bzcat > $D
fi
-gbde attach $D -p foo
+${GBDE} attach $D -p foo
fsck_ffs ${D}.bde
-gbde detach $D
+${GBDE} detach $D
mdconfig -d -u $MD
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
