From owner-freebsd-hackers@FreeBSD.ORG Wed Jan 21 07:43:57 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E1F816A4CE for ; Wed, 21 Jan 2004 07:43:57 -0800 (PST) Received: from afields.ca (afields.ca [216.194.67.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63F5C43D45 for ; Wed, 21 Jan 2004 07:42:57 -0800 (PST) (envelope-from afields@afields.ca) Received: from afields.ca (localhost.afields.ca [127.0.0.1]) by afields.ca (8.12.6/8.12.6) with ESMTP id i0LFguGo050881; Wed, 21 Jan 2004 10:42:56 -0500 (EST) (envelope-from afields@afields.ca) Received: (from afields@localhost) by afields.ca (8.12.6/8.12.9/Submit) id i0LFgudj050880; Wed, 21 Jan 2004 10:42:56 -0500 (EST) (envelope-from afields) Date: Wed, 21 Jan 2004 10:42:56 -0500 From: Allan Fields To: Poul-Henning Kamp Message-ID: <20040121154256.GL34696@afields.ca> References: <20040121152149.GK34696@afields.ca> <25259.1074698769@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="St7VIuEGZ6dlpu13" Content-Disposition: inline In-Reply-To: <25259.1074698769@critter.freebsd.dk> User-Agent: Mutt/1.4i cc: freebsd-hackers@freebsd.org Subject: Re: Status GBDE attach at boot [PATCH] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Allan Fields List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2004 15:43:57 -0000 --St7VIuEGZ6dlpu13 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Jan 21, 2004 at 04:26:09PM +0100, Poul-Henning Kamp wrote: > > Hi Allan, > > Can you please redo the diff -with '-u' ? Sure, attached. > Poul-Henning > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. -- Allan Fields _.^. ,_ ,. ._ . AFRSL - http://afields.ca <,'/-\/- /\'_| /_ Ottawa, Canada `'|'====-=--- -- - `---- -- - BSDCan 2004: May 2004, Ottawa See http://www.bsdcan.org for details. --St7VIuEGZ6dlpu13 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="gbde-afields-2.diff" diff -ru src-5_2/sbin/gbde/gbde.c src-5_2-afields/sbin/gbde/gbde.c --- src-5_2/sbin/gbde/gbde.c Mon Oct 13 16:14:02 2003 +++ src-5_2-afields/sbin/gbde/gbde.c Wed Jan 21 10:03:20 2004 @@ -40,14 +40,16 @@ * * Introduce -E, alternate entropy source (instead of /dev/random) * + * Introduce -c, cipher specification + * + * Introduce -o, one-time-pad source + * * Introduce -i take IV from keyboard or * * Introduce -I take IV from file/cmd * * Introduce -m/-M store encrypted+encoded masterkey in file * - * Introduce -k/-K get pass-phrase part from file/cmd - * * Introduce -d add more dest-devices to worklist. * * Add key-option: selfdestruct bit. @@ -62,6 +64,8 @@ * * Make all verbs work on both attached/detached devices. * + * Investigate process memory scrubbing and file caching issues further + * */ #include @@ -142,6 +146,10 @@ fprintf(stderr, "\t%s init /dev/dest [-i] [-f filename] [-L lockfile]\n", p); fprintf(stderr, "\t%s setkey dest [-n key] [-l lockfile] [-L lockfile]\n", p); fprintf(stderr, "\t%s destroy dest [-n key] [-l lockfile] [-L lockfile]\n", p); + fprintf(stderr, "Key entry:\n"); + fprintf(stderr, "\tBy default the user is prompted on the tty. From the command line:\n"); + fprintf(stderr, "\t-p/-P \t\t-k/-K \n"); + fprintf(stderr, "\t-k-/-K- for input on stdin\t-r toggles 'raw' mode\n"); exit (1); } @@ -234,6 +242,35 @@ memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH); } +static const char * +read_keyfile(const char *keyf, int raw) +{ /* XXX: to be reviewed by authors */ + static FILE * kf; + char kbuf[BUFSIZ]; + char c; int i; + + if (strchr(&keyf[0],'-')&& + strchr(&keyf[1],'\0')) + kf = fdopen(STDIN_FILENO,"r"); + else kf = fopen(keyf,"r"); + if (kf == NULL) + errx(errno,"Error opening keyfile: %s\n",strerror(errno)); + + bzero(kbuf, sizeof(kbuf)); + for (i = 0; (c = getc(kf)) != EOF && (i < BUFSIZ-1); i++) { + if (raw == 0 && (c=='\n' || c=='\r')) break; + kbuf[i] = c; + } /* kbuf[BUFSIZ] = '\0'; */ + + if (ferror(kf) != 0) + errx(errno, "Error reading keyfile: %s",strerror(errno)); + else if (strlen(kbuf) < 3) + errx(1,"Too short passphrase from keyfile\n"); + + (void)fclose(kf); + return strdup(kbuf); /* XXX: No way to scrub buf before return? */ +} + static void encrypt_sector(void *d, int len, int klen, void *key) { @@ -692,9 +729,10 @@ const char *opts; const char *l_opt, *L_opt; const char *p_opt, *P_opt; - const char *f_opt; + const char *k_opt, *K_opt; + const char *f_opt, *pbuf; char *dest; - int i_opt, n_opt, ch, dfd, doopen; + int i_opt, n_opt, r_opt, ch, dfd, doopen; u_int nkey; int i; char *q, buf[BUFSIZ]; @@ -713,26 +751,26 @@ doopen = 0; if (!strcmp(argv[1], "attach")) { action = ACT_ATTACH; - opts = "l:p:"; + opts = "l:p:k:r"; } else if (!strcmp(argv[1], "detach")) { action = ACT_DETACH; opts = ""; } else if (!strcmp(argv[1], "init")) { action = ACT_INIT; doopen = 1; - opts = "f:iL:P:"; + opts = "f:iL:P:K:r"; } else if (!strcmp(argv[1], "setkey")) { action = ACT_SETKEY; doopen = 1; - opts = "n:l:L:p:P:"; + opts = "n:l:L:p:k:P:K:r"; } else if (!strcmp(argv[1], "destroy")) { action = ACT_DESTROY; doopen = 1; - opts = "l:p:"; + opts = "l:p:k:r"; } else if (!strcmp(argv[1], "nuke")) { action = ACT_NUKE; doopen = 1; - opts = "l:p:n:"; + opts = "n:l:p:k:r"; } else { usage("Unknown sub command\n"); } @@ -743,10 +781,14 @@ argc--; argv++; + pbuf = NULL; p_opt = NULL; P_opt = NULL; l_opt = NULL; L_opt = NULL; + k_opt = NULL; + K_opt = NULL; + r_opt = 0; f_opt = NULL; n_opt = 0; i_opt = 0; @@ -770,6 +812,15 @@ case 'P': P_opt = optarg; break; + case 'k': + k_opt = optarg; + break; + case 'K': + K_opt = optarg; + break; + case 'r': + r_opt = 1; + break; case 'n': n_opt = strtoul(optarg, &q, 0); if (!*optarg || *q) @@ -780,6 +831,9 @@ usage("Invalid option\n"); } + if (p_opt && k_opt) usage("Duplicate key spec: -p and -k\n"); + if (P_opt && K_opt) usage("Duplicate key spec: -P and -K\n"); + if (doopen) { dfd = open(dest, O_RDWR | O_CREAT, 0644); if (dfd < 0) { @@ -803,7 +857,10 @@ gl = &sc.key; switch(action) { case ACT_ATTACH: - setup_passphrase(&sc, 0, p_opt); + if (k_opt) pbuf = read_keyfile(k_opt, r_opt); + else if (p_opt) pbuf = strdup(p_opt); + setup_passphrase(&sc, 0, pbuf); + cmd_attach(&sc, dest, l_opt); break; case ACT_DETACH: @@ -811,26 +868,43 @@ break; case ACT_INIT: cmd_init(gl, dfd, f_opt, i_opt, L_opt); - setup_passphrase(&sc, 1, P_opt); + + if (K_opt) pbuf = read_keyfile(K_opt, r_opt); + else if (P_opt) pbuf = strdup(P_opt); + setup_passphrase(&sc, 1, pbuf); + cmd_write(gl, &sc, dfd, 0, L_opt); break; case ACT_SETKEY: - setup_passphrase(&sc, 0, p_opt); + if (k_opt) pbuf = read_keyfile(k_opt, r_opt); + else if (p_opt) pbuf = strdup(p_opt); + setup_passphrase(&sc, 0, pbuf); + cmd_open(&sc, dfd, l_opt, &nkey); if (n_opt == 0) n_opt = nkey + 1; - setup_passphrase(&sc, 1, P_opt); + + if (K_opt) pbuf = read_keyfile(K_opt, r_opt); + else if (P_opt) pbuf = strdup(P_opt); + setup_passphrase(&sc, 1, pbuf); + cmd_write(gl, &sc, dfd, n_opt - 1, L_opt); break; case ACT_DESTROY: - setup_passphrase(&sc, 0, p_opt); + if (k_opt) pbuf = read_keyfile(k_opt, r_opt); + else if (p_opt) pbuf = strdup(p_opt); + setup_passphrase(&sc, 0, pbuf); + cmd_open(&sc, dfd, l_opt, &nkey); cmd_destroy(gl, nkey); reset_passphrase(&sc); cmd_write(gl, &sc, dfd, nkey, l_opt); break; case ACT_NUKE: - setup_passphrase(&sc, 0, p_opt); + if (k_opt) pbuf = read_keyfile(k_opt, r_opt); + else if (p_opt) pbuf = strdup(p_opt); + setup_passphrase(&sc, 0, pbuf); + cmd_open(&sc, dfd, l_opt, &nkey); if (n_opt == 0) n_opt = nkey + 1; diff -ru src-5_2/sbin/gbde/test.sh src-5_2-afields/sbin/gbde/test.sh --- src-5_2/sbin/gbde/test.sh Fri Oct 17 15:52:07 2003 +++ src-5_2-afields/sbin/gbde/test.sh Wed Jan 21 05:57:16 2004 @@ -2,42 +2,42 @@ # $FreeBSD: src/sbin/gbde/test.sh,v 1.3 2003/10/17 19:52:07 phk Exp $ set -e +GBDE=./gbde MD=99 mdconfig -d -u $MD > /dev/null 2>&1 || true - mdconfig -a -t malloc -s 1m -u $MD D=/dev/md$MD -./gbde init $D -P foo -L /tmp/_l1 -./gbde setkey $D -p foo -l /tmp/_l1 -P bar -L /tmp/_l1 -./gbde setkey $D -p bar -l /tmp/_l1 -P foo -L /tmp/_l1 - -./gbde setkey $D -p foo -l /tmp/_l1 -n 2 -P foo2 -L /tmp/_l2 -./gbde setkey $D -p foo2 -l /tmp/_l2 -n 3 -P foo3 -L /tmp/_l3 -./gbde setkey $D -p foo3 -l /tmp/_l3 -n 4 -P foo4 -L /tmp/_l4 -./gbde setkey $D -p foo4 -l /tmp/_l4 -n 1 -P foo1 -L /tmp/_l1 - -./gbde nuke $D -p foo1 -l /tmp/_l1 -n 4 -if ./gbde nuke $D -p foo4 -l /tmp/_l4 -n 3 ; then false ; fi -./gbde destroy $D -p foo2 -l /tmp/_l2 -if ./gbde destroy $D -p foo2 -l /tmp/_l2 ; then false ; fi - -./gbde nuke $D -p foo1 -l /tmp/_l1 -n -1 -if ./gbde nuke $D -p foo1 -l /tmp/_l1 -n -1 ; then false ; fi -if ./gbde nuke $D -p foo2 -l /tmp/_l2 -n -1 ; then false ; fi -if ./gbde nuke $D -p foo3 -l /tmp/_l3 -n -1 ; then false ; fi -if ./gbde nuke $D -p foo4 -l /tmp/_l4 -n -1 ; then false ; fi - -./gbde init $D -P foo -./gbde setkey $D -p foo -P bar -./gbde setkey $D -p bar -P foo - -./gbde setkey $D -p foo -n 2 -P foo2 -./gbde setkey $D -p foo2 -n 3 -P foo3 -./gbde setkey $D -p foo3 -n 4 -P foo4 -./gbde setkey $D -p foo4 -n 1 -P foo1 +${GBDE} init $D -P foo -L /tmp/_l1 +${GBDE} setkey $D -p foo -l /tmp/_l1 -P bar -L /tmp/_l1 +${GBDE} setkey $D -p bar -l /tmp/_l1 -P foo -L /tmp/_l1 + +${GBDE} setkey $D -p foo -l /tmp/_l1 -n 2 -P foo2 -L /tmp/_l2 +${GBDE} setkey $D -p foo2 -l /tmp/_l2 -n 3 -P foo3 -L /tmp/_l3 +${GBDE} setkey $D -p foo3 -l /tmp/_l3 -n 4 -P foo4 -L /tmp/_l4 +${GBDE} setkey $D -p foo4 -l /tmp/_l4 -n 1 -P foo1 -L /tmp/_l1 + +${GBDE} nuke $D -p foo1 -l /tmp/_l1 -n 4 +if ${GBDE} nuke $D -p foo4 -l /tmp/_l4 -n 3 ; then false ; fi +${GBDE} destroy $D -p foo2 -l /tmp/_l2 +if ${GBDE} destroy $D -p foo2 -l /tmp/_l2 ; then false ; fi + +${GBDE} nuke $D -p foo1 -l /tmp/_l1 -n -1 +if ${GBDE} nuke $D -p foo1 -l /tmp/_l1 -n -1 ; then false ; fi +if ${GBDE} nuke $D -p foo2 -l /tmp/_l2 -n -1 ; then false ; fi +if ${GBDE} nuke $D -p foo3 -l /tmp/_l3 -n -1 ; then false ; fi +if ${GBDE} nuke $D -p foo4 -l /tmp/_l4 -n -1 ; then false ; fi + +${GBDE} init $D -P foo +${GBDE} setkey $D -p foo -P bar +${GBDE} setkey $D -p bar -P foo + +${GBDE} setkey $D -p foo -n 2 -P foo2 +${GBDE} setkey $D -p foo2 -n 3 -P foo3 +${GBDE} setkey $D -p foo3 -n 4 -P foo4 +${GBDE} setkey $D -p foo4 -n 1 -P foo1 mdconfig -d -u $MD @@ -47,9 +47,9 @@ else uudecode -p ${1}/image.uu | bzcat > $D fi -gbde attach $D -p foo +${GBDE} attach $D -p foo fsck_ffs ${D}.bde -gbde detach $D +${GBDE} detach $D mdconfig -d -u $MD --St7VIuEGZ6dlpu13--