From owner-cvs-all Sat Oct 19 10:28:47 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4DAA37B406; Sat, 19 Oct 2002 10:28:45 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC17243E77; Sat, 19 Oct 2002 10:28:44 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.4/8.12.4) with SMTP id g9JHSDOo087185; Sat, 19 Oct 2002 13:28:13 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sat, 19 Oct 2002 13:28:13 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Poul-Henning Kamp Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/conf NOTES files options src/sys/geom/bde g_bde.c g_bde.h g_bde_crypt.c g_bde_lock.c g_bde_work.c In-Reply-To: <200210191702.g9JH2JrM062903@repoman.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG phk left it out, but: Approved by re@ The scope for damage is highly limited as it's an isolated module that isn't compiled in by default. (my commit messages are, at the very least, arriving out-of-order: I got this after the bug fix commit) Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories On Sat, 19 Oct 2002, Poul-Henning Kamp wrote: > phk 2002/10/19 10:02:19 PDT > > Modified files: > sys/conf NOTES files options > Added files: > sys/geom/bde g_bde.c g_bde.h g_bde_crypt.c > g_bde_lock.c g_bde_work.c > Log: > Add Geom Based Disk Encryption to the tree. > > This is an encryption module designed for to secure denial of access > to the contents of "cold disks" with or without destruction activation. > > Major features: > > * Based on AES, MD5 and ARC4 algorithms. > * Four cryptographic barriers: > 1) Pass-phrase encrypts the master key. > 2) Pass-phrase + Lock data locates master key. > 3) 128 bit key derived from 2048 bit master key protects sector key. > 3) 128 bit random single-use sector keys protect data payload. > * Up to four different changeable pass-phrases. > * Blackening feature for provable destruction of master key material. > * Isotropic disk contents offers no information about sector contents. > * Configurable destination sector range allows steganographic deployment. > > This commit adds the kernel part, separate commits will follow for the > userland utility and documentation. > > This software was developed for the FreeBSD Project by Poul-Henning Kamp and > NAI Labs, the Security Research Division of Network Associates, Inc. under > DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS > research program. > > Many thanks to Robert Watson, CBOSS Principal Investigator for making this > possible. > > Sponsored by: DARPA & NAI Labs. > > Revision Changes Path > 1.1101 +1 -0 src/sys/conf/NOTES > 1.723 +4 -0 src/sys/conf/files > 1.359 +1 -0 src/sys/conf/options > 1.1 +282 -0 src/sys/geom/bde/g_bde.c (new) > 1.1 +150 -0 src/sys/geom/bde/g_bde.h (new) > 1.1 +356 -0 src/sys/geom/bde/g_bde_crypt.c (new) > 1.1 +311 -0 src/sys/geom/bde/g_bde_lock.c (new) > 1.1 +731 -0 src/sys/geom/bde/g_bde_work.c (new) > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message