Module Name: src
Committed By: riastradh
Date: Fri Aug 12 10:48:28 UTC 2022
Modified Files:
src/distrib/sets/lists/tests: mi
src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c
src/tests/dev/cgd: Makefile
Added Files:
src/tests/dev/cgd: t_cgdconfig.sh
Log Message:
cgdconfig(8): New -t operation just prints the derived key in base64.
For testing purposes.
To generate a diff of this commit:
cvs rdiff -u -r1.1217 -r1.1218 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.52 -r1.53 src/sbin/cgdconfig/cgdconfig.8
cvs rdiff -u -r1.53 -r1.54 src/sbin/cgdconfig/cgdconfig.c
cvs rdiff -u -r1.11 -r1.12 src/tests/dev/cgd/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/dev/cgd/t_cgdconfig.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/tests/mi
diff -u src/distrib/sets/lists/tests/mi:1.1217 src/distrib/sets/lists/tests/mi:1.1218
--- src/distrib/sets/lists/tests/mi:1.1217 Thu Jul 21 09:52:48 2022
+++ src/distrib/sets/lists/tests/mi Fri Aug 12 10:48:27 2022
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1217 2022/07/21 09:52:48 kre Exp $
+# $NetBSD: mi,v 1.1218 2022/08/12 10:48:27 riastradh Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -1426,6 +1426,7 @@
./usr/tests/dev/cgd/t_cgd_adiantum tests-fs-tests atf,compattestfile,rump
./usr/tests/dev/cgd/t_cgd_aes tests-fs-tests atf,compattestfile,rump
./usr/tests/dev/cgd/t_cgd_blowfish tests-fs-tests atf,compattestfile,rump
+./usr/tests/dev/cgd/t_cgdconfig tests-fs-tests compattestfile,atf
./usr/tests/dev/clock_subr tests-fs-tests compattestfile,atf
./usr/tests/dev/clock_subr/Atffile tests-fs-tests compattestfile,atf
./usr/tests/dev/clock_subr/Kyuafile tests-fs-tests compattestfile,atf,kyua
Index: src/sbin/cgdconfig/cgdconfig.8
diff -u src/sbin/cgdconfig/cgdconfig.8:1.52 src/sbin/cgdconfig/cgdconfig.8:1.53
--- src/sbin/cgdconfig/cgdconfig.8:1.52 Sat Dec 4 15:03:58 2021
+++ src/sbin/cgdconfig/cgdconfig.8 Fri Aug 12 10:48:27 2022
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.52 2021/12/04 15:03:58 nia Exp $
+.\" $NetBSD: cgdconfig.8,v 1.53 2022/08/12 10:48:27 riastradh Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -60,6 +60,9 @@
.Ar alg
.Op Ar keylen
.Nm
+.Fl t
+.Ar paramsfile
+.Nm
.Fl l
.Op Fl v Ns Op Cm v
.Op Ar cgd
@@ -143,6 +146,8 @@ in question to be unconfigured rather th
again.
.It Fl s
Read the key (nb: not the passphrase) from stdin.
+.It Fl t
+Generate the key and print it to standard output encoded in base64.
.It Fl U
Unconfigure all the devices listed in the cgd configuration file.
.It Fl u
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.53 src/sbin/cgdconfig/cgdconfig.c:1.54
--- src/sbin/cgdconfig/cgdconfig.c:1.53 Mon Nov 22 14:34:35 2021
+++ src/sbin/cgdconfig/cgdconfig.c Fri Aug 12 10:48:27 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.53 2021/11/22 14:34:35 nia Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.54 2022/08/12 10:48:27 riastradh Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.53 2021/11/22 14:34:35 nia Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.54 2022/08/12 10:48:27 riastradh Exp $");
#endif
#ifdef HAVE_ARGON2
@@ -51,6 +51,11 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.53 202
#include <paths.h>
#include <dirent.h>
+/* base64 gunk */
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/bootblock.h>
@@ -83,7 +88,8 @@ enum action {
ACTION_CONFIGALL, /* configure all from config file */
ACTION_UNCONFIGALL, /* unconfigure all from config file */
ACTION_CONFIGSTDIN, /* configure, key from stdin */
- ACTION_LIST /* list configured devices */
+ ACTION_LIST, /* list configured devices */
+ ACTION_PRINTKEY, /* print key to stdout */
};
/* if nflag is set, do not configure/unconfigure the cgd's */
@@ -106,6 +112,7 @@ static int unconfigure(int, char **, str
static int do_all(const char *, int, char **,
int (*)(int, char **, struct params *, int));
static int do_list(int, char **);
+static int do_printkey(int, char **);
#define CONFIG_FLAGS_FROMALL 1 /* called from configure_all() */
#define CONFIG_FLAGS_FROMMAIN 2 /* called from main() */
@@ -155,6 +162,7 @@ usage(void)
(void)fprintf(stderr, " %s -l [-v[v]] [cgd]\n", getprogname());
(void)fprintf(stderr, " %s -s [-nv] [-i ivmeth] cgd dev alg "
"[keylen]\n", getprogname());
+ (void)fprintf(stderr, " %s -t paramsfile\n", getprogname());
(void)fprintf(stderr, " %s -U [-nv] [-f configfile]\n",
getprogname());
(void)fprintf(stderr, " %s -u [-nv] cgd\n", getprogname());
@@ -209,7 +217,7 @@ main(int argc, char **argv)
p = params_new();
kg = NULL;
- while ((ch = getopt(argc, argv, "CGUV:b:ef:gi:k:lno:spuv")) != -1)
+ while ((ch = getopt(argc, argv, "CGUV:b:ef:gi:k:lno:sptuv")) != -1)
switch (ch) {
case 'C':
set_action(&action, ACTION_CONFIGALL);
@@ -276,7 +284,9 @@ main(int argc, char **argv)
case 's':
set_action(&action, ACTION_CONFIGSTDIN);
break;
-
+ case 't':
+ set_action(&action, ACTION_PRINTKEY);
+ break;
case 'u':
set_action(&action, ACTION_UNCONFIGURE);
break;
@@ -319,6 +329,8 @@ main(int argc, char **argv)
return configure_stdin(p, argc, argv);
case ACTION_LIST:
return do_list(argc, argv);
+ case ACTION_PRINTKEY:
+ return do_printkey(argc, argv);
default:
errx(EXIT_FAILURE, "undefined action");
/* NOTREACHED */
@@ -1339,6 +1351,45 @@ do_list(int argc, char **argv)
return 0;
}
+static int
+do_printkey(int argc, char **argv)
+{
+ struct params *p;
+ const uint8_t *raw;
+ size_t nbits, nbytes;
+ size_t nb64;
+ char *b64;
+ int ret;
+
+ if (argc != 1)
+ usage();
+ p = params_cget(argv[0]);
+ if (p == NULL)
+ return -1;
+ if (!params_verify(p)) {
+ warnx("invalid parameters file \"%s\"", argv[0]);
+ return -1;
+ }
+ p->key = getkey("key", p->keygen, p->keylen);
+ raw = bits_getbuf(p->key);
+ nbits = bits_len(p->key);
+ assert(nbits <= INT_MAX - 7);
+ nbytes = BITS2BYTES(nbits);
+ assert(nbytes <= 3*(INT_MAX/4) - 2);
+
+ nb64 = 4*((nbytes + 2)/3);
+ b64 = emalloc(nb64 + 2);
+ ret = __b64_ntop(raw, nbytes, b64, nb64 + 1);
+ assert(ret == (int)nb64);
+ b64[nb64] = '\n';
+ b64[nb64 + 1] = '\0';
+
+ if (fwrite(b64, nb64 + 1, 1, stdout) != 1)
+ err(1, "fwrite");
+ fflush(stdout);
+ return ferror(stdout);
+}
+
static void
eliminate_cores(void)
{
Index: src/tests/dev/cgd/Makefile
diff -u src/tests/dev/cgd/Makefile:1.11 src/tests/dev/cgd/Makefile:1.12
--- src/tests/dev/cgd/Makefile:1.11 Mon Jun 29 23:44:01 2020
+++ src/tests/dev/cgd/Makefile Fri Aug 12 10:48:28 2022
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.11 2020/06/29 23:44:01 riastradh Exp $
+# $NetBSD: Makefile,v 1.12 2022/08/12 10:48:28 riastradh Exp $
#
.include <bsd.own.mk>
@@ -7,7 +7,8 @@ TESTSDIR= ${TESTSBASE}/dev/cgd
FILES= paramsfile
FILESDIR= ${TESTSDIR}
-TESTS_SH= t_cgd
+TESTS_SH+= t_cgd
+TESTS_SH+= t_cgdconfig
.if ${MKRUMP} != "no"
TESTS_C+= t_cgd_3des
Added files:
Index: src/tests/dev/cgd/t_cgdconfig.sh
diff -u /dev/null src/tests/dev/cgd/t_cgdconfig.sh:1.1
--- /dev/null Fri Aug 12 10:48:28 2022
+++ src/tests/dev/cgd/t_cgdconfig.sh Fri Aug 12 10:48:28 2022
@@ -0,0 +1,94 @@
+# $NetBSD: t_cgdconfig.sh,v 1.1 2022/08/12 10:48:28 riastradh Exp $
+#
+# Copyright (c) 2022 The NetBSD Foundation, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+atf_test_case storedkey
+storedkey_head()
+{
+ atf_set descr "Test key generation with storedkey"
+}
+storedkey_body()
+{
+ cat <<EOF >params
+algorithm adiantum;
+iv-method encblkno1;
+keylength 256;
+verify_method none;
+keygen storedkey key AAABAJtnmp3XZspMBAFpCYnB8Hekn0 \
+ gj5cDVngslfGLSqwcy;
+EOF
+ atf_check -o inline:'m2eanddmykwEAWkJicHwd6SfSCPlwNWeCyV8YtKrBzI=\n' \
+ cgdconfig -t params
+}
+
+atf_test_case storedkey2a
+storedkey2a_head()
+{
+ atf_set descr "Test key generation with combined storedkeys"
+}
+storedkey2a_body()
+{
+ cat <<EOF >params
+algorithm adiantum;
+iv-method encblkno1;
+keylength 256;
+verify_method none;
+keygen storedkey key AAABAJtnmp3XZspMBAFpCYnB8Hekn0 \
+ gj5cDVngslfGLSqwcy;
+keygen storedkey key AAABAK1pbgIayXftX0RQ3AaMK4YEd/ \
+ fowKwQbENxpu3o1k9m;
+EOF
+ atf_check -o inline:'Ng70n82vvaFbRTnVj03b8aDov8slbMXySFTajzp9SFQ=\n' \
+ cgdconfig -t params
+}
+
+atf_test_case storedkey2b
+storedkey2b_head()
+{
+ atf_set descr "Test key generation with combined storedkeys, reversed"
+}
+storedkey2b_body()
+{
+ cat <<EOF >params
+algorithm adiantum;
+iv-method encblkno1;
+keylength 256;
+verify_method none;
+keygen storedkey key AAABAK1pbgIayXftX0RQ3AaMK4YEd/ \
+ fowKwQbENxpu3o1k9m;
+keygen storedkey key AAABAJtnmp3XZspMBAFpCYnB8Hekn0 \
+ gj5cDVngslfGLSqwcy;
+EOF
+ atf_check -o inline:'Ng70n82vvaFbRTnVj03b8aDov8slbMXySFTajzp9SFQ=\n' \
+ cgdconfig -t params
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case storedkey
+ atf_add_test_case storedkey2a
+ atf_add_test_case storedkey2b
+}
