Module Name: src
Committed By: riastradh
Date: Fri Aug 12 10:49:47 UTC 2022
Modified Files:
src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c
Log Message:
cgdconfig(8): Handle -P/-S for shared keys with -G too.
This way you can convert an existing parameters file to one that is
derived from a shared key, and derive other subkeys for other disks
from the same shared key.
cgdconfig -G -S -o /etc/cgd/wd0.shared /etc/cgd/wd0
cgdconfig -G -S -o /etc/cgd/wd1.shared \
-P /etc/cgd/wd0.shared /etc/cgd/wd1
This way, if you enter the same new password both times, wd0.shared
and wd1.shared generate the same keys as wd0 and wd1, but only need
one password entry with `cgdconfig -C'.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 src/sbin/cgdconfig/cgdconfig.8
cvs rdiff -u -r1.57 -r1.58 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.8
diff -u src/sbin/cgdconfig/cgdconfig.8:1.56 src/sbin/cgdconfig/cgdconfig.8:1.57
--- src/sbin/cgdconfig/cgdconfig.8:1.56 Fri Aug 12 10:49:35 2022
+++ src/sbin/cgdconfig/cgdconfig.8 Fri Aug 12 10:49:47 2022
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.56 2022/08/12 10:49:35 riastradh Exp $
+.\" $NetBSD: cgdconfig.8,v 1.57 2022/08/12 10:49:47 riastradh Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -144,7 +144,9 @@ With the
.Fl S
option for the
.Fl g
-action, specify a parameters file with a shared key to reuse for
+or
+.Fl G
+actions, specify a parameters file with a shared key to reuse for
deriving this one as a subkey.
.It Fl p
Read all passphrases from stdin rather than
@@ -157,7 +159,9 @@ in question to be unconfigured rather th
again.
.It Fl S
When generating a parameters file with
-.Fl g ,
+.Fl g
+or
+.Fl G ,
arrange to use a subkey of a shared key.
If
.Fl P Ar paramsfile
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.57 src/sbin/cgdconfig/cgdconfig.c:1.58
--- src/sbin/cgdconfig/cgdconfig.c:1.57 Fri Aug 12 10:49:35 2022
+++ src/sbin/cgdconfig/cgdconfig.c Fri Aug 12 10:49:47 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.57 2022/08/12 10:49:35 riastradh Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.58 2022/08/12 10:49:47 riastradh Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.57 2022/08/12 10:49:35 riastradh Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.58 2022/08/12 10:49:47 riastradh Exp $");
#endif
#ifdef HAVE_ARGON2
@@ -129,7 +129,8 @@ static int configure(int, char **, struc
static int configure_stdin(struct params *, int argc, char **);
static int generate(struct params *, int, char **, const char *,
const char *);
-static int generate_convert(struct params *, int, char **, const char *);
+static int generate_convert(struct params *, int, char **, const char *,
+ const char *);
static int unconfigure(int, char **, struct params *, int);
static int do_all(const char *, int, char **,
int (*)(int, char **, struct params *, int));
@@ -180,8 +181,8 @@ usage(void)
"[paramsfile]\n", getprogname());
(void)fprintf(stderr, " %s -C [-enpv] [-f configfile]\n",
getprogname());
- (void)fprintf(stderr, " %s -G [-enpv] [-i ivmeth] [-k kgmeth] "
- "[-o outfile] paramsfile\n", getprogname());
+ (void)fprintf(stderr, " %s -G [-enpSv] [-i ivmeth] [-k kgmeth] "
+ "[-P paramsfile] [-o outfile] paramsfile\n", getprogname());
(void)fprintf(stderr, " %s -g [-Sv] [-i ivmeth] [-k kgmeth] "
"[-P paramsfile] [-o outfile] alg [keylen]\n", getprogname());
(void)fprintf(stderr, " %s -l [-v[v]] [cgd]\n", getprogname());
@@ -350,15 +351,19 @@ main(int argc, char **argv)
err(1, "init failed");
/* validate the consistency of the arguments */
- if (Pfile != NULL && action != ACTION_GENERATE) {
- warnx("-P is only for use with -g action");
+ if (Pfile != NULL &&
+ action != ACTION_GENERATE &&
+ action != ACTION_GENERATE_CONVERT) {
+ warnx("-P is only for use with -g/-G action");
usage();
}
if (Pfile != NULL && !Sflag) {
warnx("-P only makes sense with -S flag");
}
- if (Sflag && action != ACTION_GENERATE) {
- warnx("-S is only for use with -g action");
+ if (Sflag &&
+ action != ACTION_GENERATE &&
+ action != ACTION_GENERATE_CONVERT) {
+ warnx("-S is only for use with -g/-G action");
usage();
}
@@ -371,7 +376,7 @@ main(int argc, char **argv)
case ACTION_GENERATE:
return generate(p, argc, argv, outfile, Pfile);
case ACTION_GENERATE_CONVERT:
- return generate_convert(p, argc, argv, outfile);
+ return generate_convert(p, argc, argv, outfile, Pfile);
case ACTION_CONFIGALL:
return do_all(cfile, argc, argv, configure);
case ACTION_UNCONFIGALL:
@@ -1293,10 +1298,12 @@ generate(struct params *p, int argc, cha
}
static int
-generate_convert(struct params *p, int argc, char **argv, const char *outfile)
+generate_convert(struct params *p, int argc, char **argv, const char *outfile,
+ const char *Pfile)
{
struct params *oldp;
struct keygen *kg;
+ int ret;
if (argc != 1)
usage();
@@ -1340,13 +1347,42 @@ generate_convert(struct params *p, int a
params_free(oldp);
- if (!p->keygen) {
- p->keygen = keygen_generate(KEYGEN_PKCS5_PBKDF2_SHA1);
- if (!p->keygen)
+ if (Pfile) {
+ struct params *pp;
+
+ pp = params_cget(Pfile);
+ if (pp == NULL)
+ return -1;
+ if (!params_verify(pp)) {
+ params_free(pp);
+ warnx("invalid parameters file \"%s\"", Pfile);
+ return -1;
+ }
+ p = params_combine(pp, p);
+ keygen_stripstored(&p->keygen);
+ if (!p->keygen) {
+ warnx("no keygen in parameters file \"%s\"", Pfile);
return -1;
+ }
+ } else {
+ if (!p->keygen) {
+ p->keygen = keygen_generate(KEYGEN_PKCS5_PBKDF2_SHA1);
+ if (!p->keygen)
+ return -1;
+ }
+ (void)params_filldefaults(p);
+ (void)keygen_filldefaults(p->keygen, p->keylen);
}
- (void)params_filldefaults(p);
- (void)keygen_filldefaults(p->keygen, p->keylen);
+
+ if (Sflag) {
+ if (Pfile)
+ ret = keygen_tweakshared(p->keygen);
+ else
+ ret = keygen_makeshared(p->keygen);
+ if (ret)
+ return ret;
+ }
+
p->key = getkey("new file", p->keygen, p->keylen);
kg = keygen_generate(KEYGEN_STOREDKEY);
