From owner-cvs-all  Tue May 28  7:22:55 2002
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id E64FC37B405; Tue, 28 May 2002 07:22:49 -0700 (PDT)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.3/8.12.3) with SMTP id g4SEMSb5011803;
	Tue, 28 May 2002 10:22:28 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Tue, 28 May 2002 10:22:28 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Poul-Henning Kamp <phk@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/conf files src/sys/geom geom_aes.c
In-Reply-To: <xzpy9e67axm.fsf@flood.ping.uio.no>
Message-ID: <Pine.NEB.3.96L.1020528102023.90727F-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


On 27 May 2002, Dag-Erling Smorgrav wrote:

> Poul-Henning Kamp <phk@FreeBSD.org> writes:
> >   Log:
> >   Add a proof-of-concept encryption class.
> >   
> >   "The only hard problem in cryptography is key-management."
> >   
> >   All sectors are encrypted with AES in CBC mode using a constant key,
> >   currently compiled in and all zero.
> 
> How about using an ioctl on the raw encrypted device to specify the
> key?  i.e.
> 
>         fd = open("/dev/foo.aes", O_RDWR);
>         ioctl(fd, GEOMIOSETKEY, keydata);
>         close(fd);
>         mount("ufs", "/mnt", "/dev/foo", 0, NULL);
> 
> The ioctl should always succeed, even when the wrong key was given, but
> of course the contents of the device won't make sense unless you set the
> right key. 

Other interesting cases would include pre-keying in the loader, perhaps
interactively via the console.  One of the really cool cases would be for
geom/mount-twiddling code to know how to talk to key storage devices such
as smart cards...  If you try to boot the machine/mount the device without
the smart card, then you don't have keying material.  If the card is
inserted, then keying material is extracted and used.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message