From owner-freebsd-questions Thu Feb 6 10: 0:37 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23A2437B401 for ; Thu, 6 Feb 2003 10:00:34 -0800 (PST) Received: from mail.tele-kom.ru (tele-kom.ru [81.22.2.14]) by mx1.FreeBSD.org (Postfix) with SMTP id 2498A43FBD for ; Thu, 6 Feb 2003 10:00:33 -0800 (PST) (envelope-from doublef@tele-kom.ru) Received: (qmail 5632 invoked by uid 0); 6 Feb 2003 18:00:26 -0000 Date: 6 Feb 2003 18:00:26 -0000 Message-ID: <20030206180026.5631.qmail@mail.tele-kom.ru> Received: from (HELO ) (81.22.3.203) by tele-kom.ru with ESMTP id 4504-1044554091-9 for FreeBSD-questions@freebsd.org; Thu Feb 6 17:54:51 2003 0000 From: DoubleF To: "FreeBSD-questions" Subject: vnode-based encryption driver Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, I'm running 4.4-RELEASE and I'm changing the vn(4) driver to do transparent data encryption (for now it's a lame XOR algorithm, but that's not forever; I once made it to run with CAST128 from the crypto libs, and fell back just to sort out problem No 2 below). My questions are: 1) Am I reinventing the wheel? Don't tell me about cfs, though. I know that something concerning cryptography is going to get into 4.8-R kernel from OpenBSD, but what will it look like? 2) After I disklabel it according to the vnconfig man page and newfs it (I can even successfully fsck it), it won't mount stating it has an incorrect superblock. fsck -b ... doesn't help (though states it's all ok). It's the same with XOR and CAST. When I use the original version of vn, and do _everything_ the same way, it works (mounts). Ordinary reads from and writes to the encrypted vn0 go ok, e.g. # cat /dev/urandom|tee foo>/dev/vn0 makes a file foo identical to /dev/vn0 (though the file which is backing vn0 is encrypted). If you need the diff, just tell me. But the changes are so straightforward (directing read and write routines in vn_cdevsw to two routines doing the crypto and calling physread/write appropriately) that I can't think of a way it could fail... Am I not processing _all_ the reads/writes? 3) Does anyone (except for me) need it? (I'm going to change vnconfig too, otherwise we'll store the key in the 'door';) 4) Is hackers@ a better place for discussion? Any suggestions welcome. DoubleF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message