cgdconfig(8): New -t operation just prints the derived key in base64.
For testing purposes.
This commit is contained in:
parent
a14297961e
commit
a7c16118d0
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: mi,v 1.1217 2022/07/21 09:52:48 kre Exp $
|
||||
# $NetBSD: mi,v 1.1218 2022/08/12 10:48:27 riastradh Exp $
|
||||
#
|
||||
# Note: don't delete entries from here - mark them as "obsolete" instead.
|
||||
#
|
||||
|
@ -1426,6 +1426,7 @@
|
|||
./usr/tests/dev/cgd/t_cgd_adiantum tests-fs-tests atf,compattestfile,rump
|
||||
./usr/tests/dev/cgd/t_cgd_aes tests-fs-tests atf,compattestfile,rump
|
||||
./usr/tests/dev/cgd/t_cgd_blowfish tests-fs-tests atf,compattestfile,rump
|
||||
./usr/tests/dev/cgd/t_cgdconfig tests-fs-tests compattestfile,atf
|
||||
./usr/tests/dev/clock_subr tests-fs-tests compattestfile,atf
|
||||
./usr/tests/dev/clock_subr/Atffile tests-fs-tests compattestfile,atf
|
||||
./usr/tests/dev/clock_subr/Kyuafile tests-fs-tests compattestfile,atf,kyua
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: cgdconfig.8,v 1.52 2021/12/04 15:03:58 nia Exp $
|
||||
.\" $NetBSD: cgdconfig.8,v 1.53 2022/08/12 10:48:27 riastradh Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
|
||||
.\" All rights reserved.
|
||||
|
@ -60,6 +60,9 @@
|
|||
.Ar alg
|
||||
.Op Ar keylen
|
||||
.Nm
|
||||
.Fl t
|
||||
.Ar paramsfile
|
||||
.Nm
|
||||
.Fl l
|
||||
.Op Fl v Ns Op Cm v
|
||||
.Op Ar cgd
|
||||
|
@ -143,6 +146,8 @@ in question to be unconfigured rather than prompting for the passphrase
|
|||
again.
|
||||
.It Fl s
|
||||
Read the key (nb: not the passphrase) from stdin.
|
||||
.It Fl t
|
||||
Generate the key and print it to standard output encoded in base64.
|
||||
.It Fl U
|
||||
Unconfigure all the devices listed in the cgd configuration file.
|
||||
.It Fl u
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: cgdconfig.c,v 1.53 2021/11/22 14:34:35 nia Exp $ */
|
||||
/* $NetBSD: cgdconfig.c,v 1.54 2022/08/12 10:48:27 riastradh Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
|
||||
|
@ -33,7 +33,7 @@
|
|||
#ifndef lint
|
||||
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
|
||||
The NetBSD Foundation, Inc. All rights reserved.");
|
||||
__RCSID("$NetBSD: cgdconfig.c,v 1.53 2021/11/22 14:34:35 nia Exp $");
|
||||
__RCSID("$NetBSD: cgdconfig.c,v 1.54 2022/08/12 10:48:27 riastradh Exp $");
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ARGON2
|
||||
|
@ -51,6 +51,11 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.53 2021/11/22 14:34:35 nia Exp $");
|
|||
#include <paths.h>
|
||||
#include <dirent.h>
|
||||
|
||||
/* base64 gunk */
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/nameser.h>
|
||||
#include <resolv.h>
|
||||
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/bootblock.h>
|
||||
|
@ -83,7 +88,8 @@ enum action {
|
|||
ACTION_CONFIGALL, /* configure all from config file */
|
||||
ACTION_UNCONFIGALL, /* unconfigure all from config file */
|
||||
ACTION_CONFIGSTDIN, /* configure, key from stdin */
|
||||
ACTION_LIST /* list configured devices */
|
||||
ACTION_LIST, /* list configured devices */
|
||||
ACTION_PRINTKEY, /* print key to stdout */
|
||||
};
|
||||
|
||||
/* if nflag is set, do not configure/unconfigure the cgd's */
|
||||
|
@ -106,6 +112,7 @@ static int unconfigure(int, char **, struct params *, int);
|
|||
static int do_all(const char *, int, char **,
|
||||
int (*)(int, char **, struct params *, int));
|
||||
static int do_list(int, char **);
|
||||
static int do_printkey(int, char **);
|
||||
|
||||
#define CONFIG_FLAGS_FROMALL 1 /* called from configure_all() */
|
||||
#define CONFIG_FLAGS_FROMMAIN 2 /* called from main() */
|
||||
|
@ -155,6 +162,7 @@ usage(void)
|
|||
(void)fprintf(stderr, " %s -l [-v[v]] [cgd]\n", getprogname());
|
||||
(void)fprintf(stderr, " %s -s [-nv] [-i ivmeth] cgd dev alg "
|
||||
"[keylen]\n", getprogname());
|
||||
(void)fprintf(stderr, " %s -t paramsfile\n", getprogname());
|
||||
(void)fprintf(stderr, " %s -U [-nv] [-f configfile]\n",
|
||||
getprogname());
|
||||
(void)fprintf(stderr, " %s -u [-nv] cgd\n", getprogname());
|
||||
|
@ -209,7 +217,7 @@ main(int argc, char **argv)
|
|||
p = params_new();
|
||||
kg = NULL;
|
||||
|
||||
while ((ch = getopt(argc, argv, "CGUV:b:ef:gi:k:lno:spuv")) != -1)
|
||||
while ((ch = getopt(argc, argv, "CGUV:b:ef:gi:k:lno:sptuv")) != -1)
|
||||
switch (ch) {
|
||||
case 'C':
|
||||
set_action(&action, ACTION_CONFIGALL);
|
||||
|
@ -276,7 +284,9 @@ main(int argc, char **argv)
|
|||
case 's':
|
||||
set_action(&action, ACTION_CONFIGSTDIN);
|
||||
break;
|
||||
|
||||
case 't':
|
||||
set_action(&action, ACTION_PRINTKEY);
|
||||
break;
|
||||
case 'u':
|
||||
set_action(&action, ACTION_UNCONFIGURE);
|
||||
break;
|
||||
|
@ -319,6 +329,8 @@ main(int argc, char **argv)
|
|||
return configure_stdin(p, argc, argv);
|
||||
case ACTION_LIST:
|
||||
return do_list(argc, argv);
|
||||
case ACTION_PRINTKEY:
|
||||
return do_printkey(argc, argv);
|
||||
default:
|
||||
errx(EXIT_FAILURE, "undefined action");
|
||||
/* NOTREACHED */
|
||||
|
@ -1339,6 +1351,45 @@ do_list(int argc, char **argv)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
do_printkey(int argc, char **argv)
|
||||
{
|
||||
struct params *p;
|
||||
const uint8_t *raw;
|
||||
size_t nbits, nbytes;
|
||||
size_t nb64;
|
||||
char *b64;
|
||||
int ret;
|
||||
|
||||
if (argc != 1)
|
||||
usage();
|
||||
p = params_cget(argv[0]);
|
||||
if (p == NULL)
|
||||
return -1;
|
||||
if (!params_verify(p)) {
|
||||
warnx("invalid parameters file \"%s\"", argv[0]);
|
||||
return -1;
|
||||
}
|
||||
p->key = getkey("key", p->keygen, p->keylen);
|
||||
raw = bits_getbuf(p->key);
|
||||
nbits = bits_len(p->key);
|
||||
assert(nbits <= INT_MAX - 7);
|
||||
nbytes = BITS2BYTES(nbits);
|
||||
assert(nbytes <= 3*(INT_MAX/4) - 2);
|
||||
|
||||
nb64 = 4*((nbytes + 2)/3);
|
||||
b64 = emalloc(nb64 + 2);
|
||||
ret = __b64_ntop(raw, nbytes, b64, nb64 + 1);
|
||||
assert(ret == (int)nb64);
|
||||
b64[nb64] = '\n';
|
||||
b64[nb64 + 1] = '\0';
|
||||
|
||||
if (fwrite(b64, nb64 + 1, 1, stdout) != 1)
|
||||
err(1, "fwrite");
|
||||
fflush(stdout);
|
||||
return ferror(stdout);
|
||||
}
|
||||
|
||||
static void
|
||||
eliminate_cores(void)
|
||||
{
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: Makefile,v 1.11 2020/06/29 23:44:01 riastradh Exp $
|
||||
# $NetBSD: Makefile,v 1.12 2022/08/12 10:48:28 riastradh Exp $
|
||||
#
|
||||
|
||||
.include <bsd.own.mk>
|
||||
|
@ -7,7 +7,8 @@ TESTSDIR= ${TESTSBASE}/dev/cgd
|
|||
FILES= paramsfile
|
||||
FILESDIR= ${TESTSDIR}
|
||||
|
||||
TESTS_SH= t_cgd
|
||||
TESTS_SH+= t_cgd
|
||||
TESTS_SH+= t_cgdconfig
|
||||
|
||||
.if ${MKRUMP} != "no"
|
||||
TESTS_C+= t_cgd_3des
|
||||
|
|
|
@ -0,0 +1,94 @@
|
|||
# $NetBSD: t_cgdconfig.sh,v 1.1 2022/08/12 10:48:28 riastradh Exp $
|
||||
#
|
||||
# Copyright (c) 2022 The NetBSD Foundation, Inc.
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
||||
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
||||
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
# POSSIBILITY OF SUCH DAMAGE.
|
||||
#
|
||||
|
||||
atf_test_case storedkey
|
||||
storedkey_head()
|
||||
{
|
||||
atf_set descr "Test key generation with storedkey"
|
||||
}
|
||||
storedkey_body()
|
||||
{
|
||||
cat <<EOF >params
|
||||
algorithm adiantum;
|
||||
iv-method encblkno1;
|
||||
keylength 256;
|
||||
verify_method none;
|
||||
keygen storedkey key AAABAJtnmp3XZspMBAFpCYnB8Hekn0 \
|
||||
gj5cDVngslfGLSqwcy;
|
||||
EOF
|
||||
atf_check -o inline:'m2eanddmykwEAWkJicHwd6SfSCPlwNWeCyV8YtKrBzI=\n' \
|
||||
cgdconfig -t params
|
||||
}
|
||||
|
||||
atf_test_case storedkey2a
|
||||
storedkey2a_head()
|
||||
{
|
||||
atf_set descr "Test key generation with combined storedkeys"
|
||||
}
|
||||
storedkey2a_body()
|
||||
{
|
||||
cat <<EOF >params
|
||||
algorithm adiantum;
|
||||
iv-method encblkno1;
|
||||
keylength 256;
|
||||
verify_method none;
|
||||
keygen storedkey key AAABAJtnmp3XZspMBAFpCYnB8Hekn0 \
|
||||
gj5cDVngslfGLSqwcy;
|
||||
keygen storedkey key AAABAK1pbgIayXftX0RQ3AaMK4YEd/ \
|
||||
fowKwQbENxpu3o1k9m;
|
||||
EOF
|
||||
atf_check -o inline:'Ng70n82vvaFbRTnVj03b8aDov8slbMXySFTajzp9SFQ=\n' \
|
||||
cgdconfig -t params
|
||||
}
|
||||
|
||||
atf_test_case storedkey2b
|
||||
storedkey2b_head()
|
||||
{
|
||||
atf_set descr "Test key generation with combined storedkeys, reversed"
|
||||
}
|
||||
storedkey2b_body()
|
||||
{
|
||||
cat <<EOF >params
|
||||
algorithm adiantum;
|
||||
iv-method encblkno1;
|
||||
keylength 256;
|
||||
verify_method none;
|
||||
keygen storedkey key AAABAK1pbgIayXftX0RQ3AaMK4YEd/ \
|
||||
fowKwQbENxpu3o1k9m;
|
||||
keygen storedkey key AAABAJtnmp3XZspMBAFpCYnB8Hekn0 \
|
||||
gj5cDVngslfGLSqwcy;
|
||||
EOF
|
||||
atf_check -o inline:'Ng70n82vvaFbRTnVj03b8aDov8slbMXySFTajzp9SFQ=\n' \
|
||||
cgdconfig -t params
|
||||
}
|
||||
|
||||
atf_init_test_cases()
|
||||
{
|
||||
atf_add_test_case storedkey
|
||||
atf_add_test_case storedkey2a
|
||||
atf_add_test_case storedkey2b
|
||||
}
|
Loading…
Reference in New Issue