Date: 6 Feb 2003 18:00:26 -0000 From: DoubleF <doublef@tele-kom.ru> To: "FreeBSD-questions" <FreeBSD-questions@freebsd.org> Subject: vnode-based encryption driver Message-ID: <20030206180026.5631.qmail@mail.tele-kom.ru>
next in thread | raw e-mail | index | archive | help
Hello, I'm running 4.4-RELEASE and I'm changing the vn(4) driver to do transparent data encryption (for now it's a lame XOR algorithm, but that's not forever; I once made it to run with CAST128 from the crypto libs, and fell back just to sort out problem No 2 below). My questions are: 1) Am I reinventing the wheel? Don't tell me about cfs, though. I know that something concerning cryptography is going to get into 4.8-R kernel from OpenBSD, but what will it look like? 2) After I disklabel it according to the vnconfig man page and newfs it (I can even successfully fsck it), it won't mount stating it has an incorrect superblock. fsck -b ... doesn't help (though states it's all ok). It's the same with XOR and CAST. When I use the original version of vn, and do _everything_ the same way, it works (mounts). Ordinary reads from and writes to the encrypted vn0 go ok, e.g. # cat /dev/urandom|tee foo>/dev/vn0 makes a file foo identical to /dev/vn0 (though the file which is backing vn0 is encrypted). If you need the diff, just tell me. But the changes are so straightforward (directing read and write routines in vn_cdevsw to two routines doing the crypto and calling physread/write appropriately) that I can't think of a way it could fail... Am I not processing _all_ the reads/writes? 3) Does anyone (except for me) need it? (I'm going to change vnconfig too, otherwise we'll store the key in the 'door';) 4) Is hackers@ a better place for discussion? Any suggestions welcome. DoubleF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030206180026.5631.qmail>