nia
1e8ef14842
cgdconfig.8: Use argon2id in examples
2021-12-04 15:03:58 +00:00
christos
ccce93efc8
-lpthread to LDADD (fixes lint build)
2021-11-28 02:01:30 +00:00
nia
47fbfd2f6a
cgdconfig(8): add some console feedback when calculating the number
...
of pkcs5_pbkdf2 iterations
2021-11-22 16:04:03 +00:00
nia
1569bcc0b3
cgdconfig(8): Add an argon2id password-based key generation method
...
This provides an extra level of side-channel and cracking resistance
compared to the pre-existing pkcs5_pbkdf2/sha1 method used for
password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes)
parallelism (integer, usually the number of CPU cores)
version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile
is initially generated.
lgtm riastradh@
2021-11-22 14:34:35 +00:00
riastradh
3db1594692
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
2021-06-16 23:22:08 +00:00
prlw1
6fcffc8303
Make adiantum a first class citizen
2021-06-03 15:40:27 +00:00
nia
cb91ad3daa
cgdconfig.8: use gpt in examples, it's more versatile for this use case
2021-04-30 21:07:34 +00:00
maya
1b70e4604b
The -n flag is useless with -g, don't mention it.
...
From rudolf in PR misc/36243
2021-04-18 19:56:09 +00:00
riastradh
800615b324
Touch up cgdconfig(8) man page.
...
- Suggest adiantum first.
- Remove references to Blowfish.
- Clarify that ivmethod is relevant only for ancient compatibility.
2020-12-11 21:52:19 +00:00
wiz
c6cc6b9db4
Use Nm.
2020-06-23 14:08:01 +00:00
nia
44bd074d70
cgdconfig.8: remove references to using cgd for swap
...
this is potentially misleading now that the kernel does swap encryption
2020-06-23 13:23:56 +00:00
nia
4e9ba6e816
cgdconfig.8: Reflect actual behaviour of /dev/(u)random
2020-06-23 13:20:14 +00:00
kre
84b2b98300
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather
...
than if (!ret) when ret is not a boolean, and test fopen result against
NULL, for example).
NFCI.
2019-04-10 06:11:37 +00:00
kre
c2cf8ad6d4
PR bin/53999 from rudolf (eq.cz)
...
Fix cgdconfig to report verification failures with gpt and mbr
verification methods (and not treat them as silent hard errors).
This also causes the cgd to be unconfigured when one of those
verification methods fails.
Add ATF tests to check that bad verification is reported, and
does not leave the cgd configured.
Patches from the PR applied.
2019-04-10 06:09:39 +00:00
mlelstv
e93ebd453a
Avoid crash when no algorithm is specified in parameter file.
2018-12-30 12:05:48 +00:00
wiz
e63c9a2484
Sort SEE ALSO.
2018-12-29 18:34:01 +00:00
alnsn
7f3a8bf678
s/Dec/December/.
2018-12-28 18:33:54 +00:00
alnsn
4b140abf1c
Document that cgd.conf supports NAME=label and ROOT.<suffix> targets.
...
XXX Default paramsfile for NAME=label is /etc/cgd/dkNN (resolved wedge
partition) and /etc/cgd/ROOT.<suffix> for ROOT.<suffix>. This isn't yet
documented. IMO, it should be the other way around: /etc/cgd/label
for the former and /et/cgd/[root-device] for the latter.
2018-12-27 21:17:08 +00:00
prlw1
30eeab08c0
typo
2018-09-01 11:46:52 +00:00
kre
0efffb3e4f
With the change to use getpass_r the 128 byte passphrase limit no
...
longer applies, so update the BUGS section here to reflect that change.
The limit now is 1023 whichever method is used to fetch the passphrase.
2018-05-09 20:23:35 +00:00
alnsn
265610788f
use explicit_memset(3)
2018-05-09 19:38:46 +00:00
alnsn
98def45107
Missed one change when doing a manual merge of my patch with kre's commit.
2018-05-09 18:18:11 +00:00
alnsn
bf3984213d
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
...
XXX Using memset for wiping isn't a good idea because memset is likely
optimised away by gcc. This should be revisited.
2018-05-09 18:11:56 +00:00
wiz
9f41709322
Add commas in enumeration.
2018-05-09 17:35:03 +00:00
kre
2d50dc8f17
Fix missing -p in usage message (noted by Christoph Badura, thanks),
...
and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
2018-05-09 14:27:41 +00:00
kre
99316b228e
Check arg count in configure() at entry, rather than later.
...
This avoids the stupid null deref I added a couple of commits
ago (on bad usage) and also simplifies the rest of the routine
which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
2018-05-09 13:19:33 +00:00
kre
ed050bc6ea
Fix usage for rump. Fixes test breakage caused by previous commit.
2018-05-06 20:55:42 +00:00
kre
8880a43f55
Check whether the cgd device selected is available to be
...
configured,that is, not already in use, before requesting
passwords from the user (or elsewhere).
2018-05-05 11:28:44 +00:00
christos
8cdbd53a62
Need <sys/stat.h> for S_IFBLK.
2017-01-10 20:45:19 +00:00
alnsn
11d74f071c
Add aes-xts to cgdconfig(8).
2016-12-11 00:34:39 +00:00
sevan
d2528dc7eb
Spelling mistake.
...
Bump date.
2016-09-11 01:09:34 +00:00
christos
55b06df259
replace openssl HMAC(3) with our hmac(3).
2016-07-01 22:50:09 +00:00
christos
35da36c439
CID 1340063: fix TOCTOU
2015-11-24 14:07:18 +00:00
christos
fc8a4870ed
Don't chdir to the config directory; just form the parameters file with a
...
path if needed.
2015-11-22 20:24:19 +00:00
christos
d3037dba83
fix error messages containing \n
2015-06-16 23:18:54 +00:00
christos
d980f336d5
fix possibly uninitialized variable.
2014-12-14 23:27:14 +00:00
christos
d4b702a5f2
avoid local variable shadowing devname.
2014-12-14 23:25:07 +00:00
wiz
b1ec4779e4
Bump date for previous. Fix typo.
2014-12-14 17:15:14 +00:00
mlelstv
a0b59f5f8a
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
2014-12-14 12:31:39 +00:00
mlelstv
f902d9ca42
support wedge names.
...
The default param file for a wedge is still named after the device (dkN)
which might be unpredictable. Use an explicit param file instead.
2014-12-14 11:31:39 +00:00
christos
2882a9c896
List all cgd's no matter if they are not contiguously allocated
2013-06-09 18:37:40 +00:00
wiz
5fd31fe80e
Whitespace.
...
New sentence, new line.
2012-12-05 08:56:54 +00:00
christos
0f179f793d
add cgdconfig -l like vnconfig -l
2012-12-05 02:23:20 +00:00
matt
cf7ed4c9cc
Convert to C89 function definitions
2012-03-20 18:50:30 +00:00
joerg
baa8e84b6f
Use __dead
2011-08-29 14:34:58 +00:00
dholland
a1d28c6e00
fix typo
2011-07-03 19:05:10 +00:00
pooka
5f732a29cb
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open
...
and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was
useful only for the oldstyle regime.
2010-12-14 17:46:21 +00:00
pooka
39f08af21d
mirror change of -lrumpcrypto ==> -lrumpkern_crypto
2010-12-05 20:13:26 +00:00
elric
297cd81a0d
Remove a line that was intended only for my personal testing and that
...
breaks things.
2010-12-02 18:02:58 +00:00
elric
7de6a71be4
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do
...
for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand
why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
2010-12-02 04:54:32 +00:00