Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Jun 2006 09:08:27 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Nate Lawson <nate@root.org>
Cc:        cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sbin/geom/class/eli geom_eli.c
Message-ID:  <20060606070827.GC72060@garage.freebsd.pl>
In-Reply-To: <4484DB40.1010907@root.org>
References:  <20060605223446.AD29316DBF5@hub.freebsd.org> <4484DB40.1010907@root.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--B4IIlcmfBL/1gGOG
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 05, 2006 at 06:32:48PM -0700, Nate Lawson wrote:
+> Pawel Jakub Dawidek wrote:
+> >pjd         2006-06-05 21:40:54 UTC
+> >  FreeBSD src repository
+> >  Modified files:
+> >    sbin/geom/class/eli  geom_eli.c   Log:
+> >  Userland bits of geli(8) data authentication.
+> >  Now, encryption algorithm is given using '-e' option, not '-a'.
+> >  The '-a' option is now used to specify authentication algorithm.
+> >    Supported by:   Wheel Sp. z o.o. (http://www.wheel.pl)
+> >    Revision  Changes    Path
+> >  1.11      +29 -15    src/sbin/geom/class/eli/geom_eli.c
+>=20
+> Excellent!  One of my longstanding complaints has been that no block enc=
ryption software supported integrity, only privacy.
+>=20
+> http://www.root.org/talks/Usenix_20040629.pdf

The problem is that it was not easy to make it reliable, ie. to be sure
that storing both data and HMAC is atomic operation, so user won't get
false postitives on system crash or power failure.
But I found a way to do it, so here it is:)
If you are interested how it is done, I tried to describe it at the
beginning of g_eli_integrity.c.
(I need to write a paper about GELI someday...)

+> As far as the flag change goes, won't this make it difficult to MFC this=
 new feature later?

One will get an error if it tries to specify encryption algorithm with
'-a' flag, so nothing bad will happen.
I handle metadata backward compatibility, so we are safe here.

If needed I can eventually accept encryption algorithm specified with
'-a' flag and print a warning.

The bigger problem is that to MFC geli(8) authentication, I need to MFC
my recent opencrypto work, which I'd like to be well tested first.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--B4IIlcmfBL/1gGOG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFEhSnrForvXbEpPzQRAvXNAJwL1luKjfHwp+JoJkx31Y+3M3vK+wCgqL5t
aLcMiUuHyMgoDfH7Boa1Mh4=
=cKxy
-----END PGP SIGNATURE-----

--B4IIlcmfBL/1gGOG--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060606070827.GC72060>