Commit Graph

35 Commits

Author SHA1 Message Date
allanjude
c7c2f2dfab Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c
cperciva's libmd implementation is 5-30% faster

The same was done for SHA256 previously in r263218

cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation

Extend sbin/md5 to create sha384(1)

Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h}

Reviewed by:	cperciva, des, delphij
Approved by:	secteam, bapt (mentor)
MFC after:	2 weeks
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3929
2015-12-27 17:33:59 +00:00
phk
0f5b16fa3e Report the 1-based key numbers rather than the 0-based ones to be consistent.
Fix documentation for destroy command.  Not sure how the wrong explanation
happened.

Spotted by:	mwlucas
2014-11-09 15:53:29 +00:00
brueffer
d8b63f3ba1 Add a missing break in option parsing.
CID:		1011452
Found with:	Coverity Prevent(tm)
MFC after:	1 week
2014-04-15 07:37:56 +00:00
uqs
972d4b6a91 Remove dead variable assignments
Found by:	clang static analyzer
Verified by:	md5(1)
2010-06-11 17:03:04 +00:00
cperciva
b14cd9989e Teach gbde(8) to use a key file in addition to a passphrase. This
makes it practical to use GBDE for "something you have plus something
you know" security together with a USB flash drive.

Reviewed by:	phk
MFC after:	7 days
2006-02-08 06:52:15 +00:00
ume
5f96af1a75 gbde(8) is also rejndael user.
Reported by:	phk
2005-03-11 22:07:04 +00:00
ru
f4d1c5e662 - Fixed description of the "destroy" command options.
- Document the "nuke" command.
- Mention which commands correspond to which functions.
2005-02-12 21:47:05 +00:00
pjd
3c0c7b01b6 - Sort options.
- Put 'break' into separate line.
2005-02-03 21:34:39 +00:00
pjd
1d320aa5ac Fix whitespace. 2005-02-03 21:25:35 +00:00
pjd
492540a830 - Remove bogus O_CREAT flag. We really don't want to create a file here.
PR:		bin/67793
  Submitted by:	Amir Shalem <amir@boom.org.il>

- Sync usage with manual page.

Approved by:	phk
MFC after:	1 week
2005-02-03 13:12:17 +00:00
phk
d99f64fa38 Fix a type bug which sometimes wrote unusable lock sectors on the disk. 2004-09-10 12:16:54 +00:00
pjd
75f67c7681 Allow to setup GBDE on providers which contain '/' in their names,
e.g. mirror/<name>, stripe/<name>.

Approved by:	phk
2004-09-06 13:42:09 +00:00
sobomax
8ce714e6e3 o Fix semantics of comparison function for qsort(3). According to qsort(3)
manpage:

     The comparison function must return an integer less than, equal to, or
     greater than zero if the first argument is considered to be respectively
     less than, equal to, or greater than the second.

  Therefore, simply returning "arg1 > arg2" is incorrect. Actually it works
  but for the number of items to be sorted less than 7 due to special case
  handling in qsort(3);

o add missing '\n' to one of usage() calls.

Approved by:	phk
2004-06-25 13:04:49 +00:00
des
78edb732be Don't create a template file if we're not going to let the user edit it. 2004-02-05 10:57:29 +00:00
pjd
38bd67169d Fixed some non-critical memory leaks and one temporary file leak
(theoretical).

Approved by:	phk, scottl (mentor)
2004-02-05 08:39:38 +00:00
des
69ab9ceec0 Mechanical whitespace cleanup. Also, note that previous commit was
Sponsored by:	Teleplan AS
2004-02-03 11:12:29 +00:00
des
bd77f8c94f Remove newline characters from error strings. 2004-02-03 11:10:34 +00:00
phk
b8ead5692b Insert an overview of the plans here, in case I get run over by a bus. 2003-10-13 20:14:02 +00:00
phk
1665650eeb I think it is more correct to use modfind() than kldfind() here. 2003-10-10 14:32:28 +00:00
phk
18f409c057 Autoload kernel module if necessary.
Submitted by:	mr
2003-10-07 09:29:59 +00:00
phk
a7b8d85b93 Interior decoration changes. 2003-10-07 09:28:07 +00:00
phk
069191fcbf Simplify the GEOM OAM api: Drop the request type, and let everything
hinge on the "verb" parameter which the class gets to interpret as
it sees fit.

Move the entire request into the kernel and move changed parameters
back when done.
2003-06-01 13:47:51 +00:00
phk
3f6cd8397d Avoid off_t -> integer overflow when sorting the locksector addresses. 2003-04-14 09:36:39 +00:00
phk
574223ef32 Use new GEOM OAM. Kernels have supported this for a number of days, so
people should be OK.
2003-03-31 18:38:31 +00:00
tjr
1efdc35426 Fix two unsafe uses of sprintf(). 2003-02-23 07:37:47 +00:00
tjr
2702599ca0 Correct some err() format string bugs. 2003-02-23 06:35:33 +00:00
phk
790740dde5 Solve another bug in the mapping code: correctly skip lock sectors.
Make sure sector zero is protected if it contains metadata.

Lower WARNS for gbde to 3 on non-i386 archs.  rijndael-fst is evil
but appearntly does the right thing and passes the test-vectors.

MFC Candidate.
2002-12-18 22:11:54 +00:00
phk
761d063e80 Fix two blunders in the mapping functions which can lead to corrupt data,
for request sizes larger than the sectorsize or for multi-key setups.

See warning mailed to current@ for details of recovery.

Found by:	Marcus Reid <marcus@blazingdot.com>
2002-12-18 19:57:27 +00:00
phk
33a843a724 Untwist a twisty bit of logic which gcc for some reason cannot see
through on ia64.
2002-12-18 07:25:33 +00:00
phk
756126a3b5 A couple of stylistic improvements. 2002-12-17 19:16:10 +00:00
phk
17f924ed6e Synchronize usage() with reality.
Semi-automatic handling of /dev prefix for device names.

Sponsored by:	DARPA & NAI Labs.
Approved by:	re (blanket)
2002-12-01 15:58:28 +00:00
phk
16874ad923 Run a revision on the GBDE encryption facility.
Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.

Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.

This code has still not been stared at for 10 years by a gang of
hard-core cryptographers.  Discretion advised.

NB: These changes result in the on-disk format changing: dump/restore needed.

Sponsored by:   DARPA & NAI Labs.
2002-11-04 09:27:01 +00:00
phk
11b00e1ce0 Initialize the new salt field in the lock sector.
Sponsored by:	DARPA & NAI Labs
2002-10-30 22:14:34 +00:00
phk
6539d53209 s/dettach/detach/g etc.
Pointed out by:	chris
2002-10-20 19:08:56 +00:00
phk
7748521fbc Complete the Geom Based Disk Encryption: Add the OAM utility.
Sponsored by:	DARPA and NAI Labs
2002-10-20 11:16:13 +00:00