Pawel Jakub Dawidek
469e952070
Remove trailing spaces.
2006-09-30 08:16:49 +00:00
Pawel Jakub Dawidek
8abd1ad101
Add 'configure' subcommand which for now only allows setting and removing
...
of the BOOT flag. It can be performed on both attached and detached
providers.
Requested by: Matthias Lederhofer <matled@gmx.net>
MFC after: 1 week
2006-09-16 10:43:17 +00:00
Pawel Jakub Dawidek
dec53cdd32
Remove extra arguments.
...
MFC after: 3 days
2006-09-16 07:47:57 +00:00
Pawel Jakub Dawidek
2bd4ade694
Before using byte offset for IV creation, covert it to little endian.
...
This way one will be able to use provider encrypted on eg. i386 on
eg. sparc64. This doesn't really buy us much today, because UFS isn't
endian agnostic.
We retain backward compatibility by setting G_ELI_FLAG_NATIVE_BYTE_ORDER
flag on devices with version number less than 2 and not converting the
offset.
2006-08-11 19:09:12 +00:00
Pawel Jakub Dawidek
d04c304ddf
Forgot to bump version number after G_ELI_FLAG_READONLY flag addition.
2006-08-11 18:39:58 +00:00
Pawel Jakub Dawidek
850590166f
Allow geli to operate on read-only providers.
...
Initial patch from: vd
MFC after: 2 weeks
2006-08-09 18:11:14 +00:00
Yaroslav Tykhiy
f6829a059f
Fix what looks like a typo: MODULE_DEPEND() takes module names,
...
not KLD file names; and GELI module's name is g_eli, not geom_eli.
Approved by: pjd (silence)
MFC after: 5 days
2006-07-27 11:52:12 +00:00
Pawel Jakub Dawidek
8cfab1debb
Don't forget to initialize crp_olen field, which is used to calculate
...
bio_completed value.
2006-07-22 10:05:55 +00:00
Pawel Jakub Dawidek
c84efdca04
Allow to use the old -a option to specify an encryption algorithm to use
...
(for backward compatibility), but print a warning to inform about the
change.
2006-06-06 22:06:24 +00:00
Pawel Jakub Dawidek
15d6ee8de5
- Unbreak the build when geli is compiled into the kernel (on as module),
...
by silencing unfounded compiler warning.
Reported by:
2006-06-06 14:48:19 +00:00
Pawel Jakub Dawidek
eaa3b91996
Implement data integrity verification (data authentication) for geli(8).
...
Supported by: Wheel Sp. z o.o. (http://www.wheel.pl )
2006-06-05 21:38:54 +00:00
Pawel Jakub Dawidek
05bf5e8a0a
Make kern.geom.eli.overwrites sysctl a tunable as well.
2006-06-05 21:25:19 +00:00
Pawel Jakub Dawidek
5af2ae28f6
geli(8) provides keys on newsession time, so remove CRD_F_KEY_EXPLICIT flag
...
as HW crypto drivers don't support it.
2006-04-20 06:33:46 +00:00
Pawel Jakub Dawidek
cd0d707eb7
Correct debug: we are sending child bio here, not parent bio.
...
MFC after: 1 week
2006-04-15 18:30:42 +00:00
Pawel Jakub Dawidek
d3a1be900a
Pass BIO_GETATTR requests down.
...
MFC after: 1 week
2006-04-12 12:18:44 +00:00
Pawel Jakub Dawidek
39d92f5fa3
Typos.
2006-04-05 22:07:31 +00:00
Pawel Jakub Dawidek
700e04d9b6
Revert previous change, as I fixed MD5(9).
2006-03-30 18:50:00 +00:00
Pawel Jakub Dawidek
8e88808915
md_hash field in g_eli_metadata structure is not 4 byte aligned, which
...
case panic on sparc64.
The problem is in MD5(9) implementation. The Encode() function takes
'unsigned char *output' as its first argument, which is then assigned to
'u_int32_t *op'. If the 'output' argument is not 4 byte aligned (and in
geli(8) case it is not), sparc64 machine will panic.
I don't know how to fix MD5(9) in a clean way, so I'm implementing a
work-around in geli(8).
Reported by: brueffer
MFC after: 3 days
2006-03-30 14:41:13 +00:00
Pawel Jakub Dawidek
9af2131b78
Teach geli how to load keyfiles before root file system is mounted.
...
An example entries for loader.conf to make it possible:
geli_da0_keyfile0_load="YES"
geli_da0_keyfile0_type="da0:geli_keyfile0"
geli_da0_keyfile0_name="/boot/keys/da0.key0"
geli_da0_keyfile1_load="YES"
geli_da0_keyfile1_type="da0:geli_keyfile1"
geli_da0_keyfile1_name="/boot/keys/da0.key1"
geli_da0_keyfile2_load="YES"
geli_da0_keyfile2_type="da0:geli_keyfile2"
geli_da0_keyfile2_name="/boot/keys/da0.key2"
geli_da1s3a_keyfile0_load="YES"
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"
Thanks for jhb and kan who showed me the right direction.
MFC after: 3 days
2006-02-11 13:08:24 +00:00
Pawel Jakub Dawidek
a80f82a4a3
Check rootvnode variable to see if we still want to ask for passphrase on
...
boot. Other methods just don't work properly.
MFC after: 3 days
2006-02-11 12:45:01 +00:00
Christian Brueffer
9864500624
Clean up some sysctl descriptions, debug messages etc.
...
Approved by: pjd
MFC after: 3 days
2006-02-07 17:23:22 +00:00
Pawel Jakub Dawidek
38ea96ac99
Remove trailing spaces.
2006-02-01 12:06:01 +00:00
Pawel Jakub Dawidek
7d54b385a6
- Use better types.
...
- Log problems at level 0 when killing providers.
MFC after: 3 days
2006-01-17 07:32:43 +00:00
Pawel Jakub Dawidek
b5f30223fc
Check return value.
...
Found by: Coverity Prevent(tm)
MFC after: 3 days
2006-01-17 07:30:34 +00:00
Pawel Jakub Dawidek
7192f621d0
Remove dead code.
...
Found by: Coverity Prevent(tm)
MFC after: 3 days
2006-01-17 07:27:46 +00:00
Pawel Jakub Dawidek
4ec0490779
Remove unused value.
...
Found by: Coverity Prevent(tm)
MFC after: 3 days
2006-01-17 07:26:48 +00:00
Maxim Sobolev
8a4a44b5aa
Check for g_read_data(9) errors properly:
...
o The only indication of error condition is NULL value returned by
the function;
o value pointed to by error argument is undefined in the case when
operation completes successfully.
Discussed with: phk
2005-11-30 19:24:51 +00:00
Pawel Jakub Dawidek
71270ca60b
Fix copy&paste typo.
...
MFC after: 3 days
2005-09-10 07:46:47 +00:00
Pawel Jakub Dawidek
cf47954083
Don't forget to initialize crp_etype field.
...
Reported by: Nick Evans <nevans@syphen.net>
MFC after: 3 days
2005-09-10 07:45:10 +00:00
Pawel Jakub Dawidek
dd549194ae
By default, when doing crypto work in software, start as many threads
...
as we have active CPUs and bind each thread to its own CPU.
MFC after: 3 days
2005-08-21 18:12:51 +00:00
Pawel Jakub Dawidek
b8db9f58da
Remove stale comment (we now always start worker thread).
...
MFC after: 3 days
2005-08-21 18:06:35 +00:00
Pawel Jakub Dawidek
efd9ac0dfc
Add a __packed keyword to g_eli_metadata struct definition, so
...
sizeof(struct g_eli_metadata) will return the exact number of bytes needed
for storing it on the disk.
Without this change GELI was unusable on amd64 (and probably other 64-bit
archs), because sizeof(struct g_eli_metadata) was greater than 512 bytes
and geli(8) was failing on assertion.
Reported by: Michael Reifenberger <mike@Reifenberger.com>
MFC after: 3 days
2005-08-20 10:43:03 +00:00
Pawel Jakub Dawidek
7a5c26fcbd
Allow to change number of iterations for PKCS#5v2. It can only be used
...
when there is only one key set.
MFC after: 3 days
2005-08-19 22:19:25 +00:00
Pawel Jakub Dawidek
fcd46203c5
- Add a missing period.
...
- Fix number of spaces.
MFC after: 3 days
2005-08-19 22:16:26 +00:00
Pawel Jakub Dawidek
dddd1d537a
Always run dedicated kernel thread (even when we have hardware support).
...
There is no performance impact, but allows to allocate memory with
M_WAITOK flag.
As a side effect this simplify code a bit.
MFC after: 3 days
2005-08-17 15:25:57 +00:00
Pawel Jakub Dawidek
bf71eaacf1
We should now return 0.
2005-08-17 15:12:34 +00:00
Pawel Jakub Dawidek
d1dca8a818
Even if crypto_dispatch() return an error, request is not canceled and
...
our callback will still be called, just to tell us that requested
failed...
Reported by: Mike Tancsa <mike@sentex.net>
MFC after: 3 days
2005-08-17 14:34:52 +00:00
Pawel Jakub Dawidek
2be2b2eab5
We don't need to clear allocated memory. This will speed-up things a bit.
...
MFC after: 3 days
2005-08-17 14:08:50 +00:00
Pawel Jakub Dawidek
bb30fea667
Because code paths for I/O requests are quite complex, add comments above
...
the functions which participate in I/O paths.
MFC after: 1 day
2005-08-13 17:45:37 +00:00
Pawel Jakub Dawidek
6985decf3c
GELI doesn't need cryptodev.
...
MFC after: 3 days
2005-08-11 14:52:27 +00:00
Pawel Jakub Dawidek
6eb1d21f14
Be case-insensitive when dealing with algorithm names.
...
PR: kern/84659
Submitted by: Benjamin Lutz <benlutz@datacomm.ch>
2005-08-08 19:40:38 +00:00
Pawel Jakub Dawidek
ea35a2ec3a
MFp4: Export more informations about encrypted providers.
...
MFC after: 1 week
2005-07-27 22:31:57 +00:00
Pawel Jakub Dawidek
7625429883
Reduce default debug level to 0.
...
MFC after: 1 week
2005-07-27 21:48:47 +00:00
Pawel Jakub Dawidek
c58794debd
Add GEOM_ELI class which provides GEOM providers encryption.
...
For features list and usage see manual page: geli(8).
Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 1 week
2005-07-27 21:43:37 +00:00