From owner-cvs-src@FreeBSD.ORG Tue Jun 6 07:17:34 2006 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E51DF16BFA8; Tue, 6 Jun 2006 07:11:03 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B23D43D55; Tue, 6 Jun 2006 07:10:49 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 9E71E5136C; Tue, 6 Jun 2006 09:10:48 +0200 (CEST) Received: from localhost (dlp84.neoplus.adsl.tpnet.pl [83.24.45.84]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id A515351307; Tue, 6 Jun 2006 09:10:42 +0200 (CEST) Date: Tue, 6 Jun 2006 09:08:27 +0200 From: Pawel Jakub Dawidek To: Nate Lawson Message-ID: <20060606070827.GC72060@garage.freebsd.pl> References: <20060605223446.AD29316DBF5@hub.freebsd.org> <4484DB40.1010907@root.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="B4IIlcmfBL/1gGOG" Content-Disposition: inline In-Reply-To: <4484DB40.1010907@root.org> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/geom/class/eli geom_eli.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jun 2006 07:17:36 -0000 --B4IIlcmfBL/1gGOG Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 05, 2006 at 06:32:48PM -0700, Nate Lawson wrote: +> Pawel Jakub Dawidek wrote: +> >pjd 2006-06-05 21:40:54 UTC +> > FreeBSD src repository +> > Modified files: +> > sbin/geom/class/eli geom_eli.c Log: +> > Userland bits of geli(8) data authentication. +> > Now, encryption algorithm is given using '-e' option, not '-a'. +> > The '-a' option is now used to specify authentication algorithm. +> > Supported by: Wheel Sp. z o.o. (http://www.wheel.pl) +> > Revision Changes Path +> > 1.11 +29 -15 src/sbin/geom/class/eli/geom_eli.c +>=20 +> Excellent! One of my longstanding complaints has been that no block enc= ryption software supported integrity, only privacy. +>=20 +> http://www.root.org/talks/Usenix_20040629.pdf The problem is that it was not easy to make it reliable, ie. to be sure that storing both data and HMAC is atomic operation, so user won't get false postitives on system crash or power failure. But I found a way to do it, so here it is:) If you are interested how it is done, I tried to describe it at the beginning of g_eli_integrity.c. (I need to write a paper about GELI someday...) +> As far as the flag change goes, won't this make it difficult to MFC this= new feature later? One will get an error if it tries to specify encryption algorithm with '-a' flag, so nothing bad will happen. I handle metadata backward compatibility, so we are safe here. If needed I can eventually accept encryption algorithm specified with '-a' flag and print a warning. The bigger problem is that to MFC geli(8) authentication, I need to MFC my recent opencrypto work, which I'd like to be well tested first. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --B4IIlcmfBL/1gGOG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEhSnrForvXbEpPzQRAvXNAJwL1luKjfHwp+JoJkx31Y+3M3vK+wCgqL5t aLcMiUuHyMgoDfH7Boa1Mh4= =cKxy -----END PGP SIGNATURE----- --B4IIlcmfBL/1gGOG--