Attachment #119306 for bug #161807

View | Details | Raw Unified | Return to bug 161807
Collapse All | Expand All





#define	GELI_BACKUP_DIR	"/var/backups/"
#define	GELI_ENC_ALGO	"aes"
#define	GELI_VERSION	"6"

static void eli_main(struct gctl_req *req, unsigned flags);
static void eli_init(struct gctl_req *req);

/*
 * Available commands:
 *
 * init [-bhPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-V version] prov
 * label - alias for 'init'
 * attach [-dprv] [-j passfile] [-k keyfile] prov
 * detach [-fl] prov ...

		{ 'l', "keylen", "0", G_TYPE_NUMBER },
		{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
		{ 's', "sectorsize", "0", G_TYPE_NUMBER },
		{ 'V', "eliversion", GELI_VERSION, G_TYPE_NUMBER },
		G_OPT_SENTINEL
	    },
	    "[-bPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov"
	},
	{ "label", G_FLAG_VERBOSE, eli_main,
	    {

		{ 'l', "keylen", "0", G_TYPE_NUMBER },
		{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
		{ 's', "sectorsize", "0", G_TYPE_NUMBER },
		{ 'V', "eliversion", GELI_VERSION, G_TYPE_NUMBER },
		G_OPT_SENTINEL
	    },
	    "- an alias for 'init'"

		return;
	}

	version = gctl_get_intmax(req, "eliversion");
	if (G_ELI_VERSION_06 < version) {
		gctl_error(req, "Invalid metadata version (must be between %d "
		    "and %d): %d", G_ELI_VERSION_00, G_ELI_VERSION_06,
		    version);
		return;
	}
	bzero(&md, sizeof(md));
	strlcpy(md.md_magic, G_ELI_MAGIC, sizeof(md.md_magic));
	md.md_version = version;
	md.md_flags = 0;
	if (gctl_get_int(req, "boot"))
		md.md_flags |= G_ELI_FLAG_BOOT;

Lines 60-65 Link Here

(-)sbin/geom/class/eli/geli.8 (+6 lines)
60	.Op Fl K Ar newkeyfile	60	.Op Fl K Ar newkeyfile
61	.Op Fl l Ar keylen	61	.Op Fl l Ar keylen
62	.Op Fl s Ar sectorsize	62	.Op Fl s Ar sectorsize
		63	.Op Fl V Ar eliversion
63	.Ar prov	64	.Ar prov
64	.Nm	65	.Nm
65	.Cm label - an alias for	66	.Cm label - an alias for
Lines 319-324 Link Here
319	Increasing sector size allows to increase performance, because we need to	320	Increasing sector size allows to increase performance, because we need to
320	generate an IV and do encrypt/decrypt for every single sector - less number	321	generate an IV and do encrypt/decrypt for every single sector - less number
321	of sectors means less work to do.	322	of sectors means less work to do.
		323	.It Fl V Ar eliversion
		324	Use a specific encryption metadata version when creating encrypted devices.
		325	This defaults to whatever version was compiled into the
		326	.Nm
		327	binary.
322	.El	328	.El
323	.It Cm attach	329	.It Cm attach
324	Attach the given provider.	330	Attach the given provider.

Return to bug 161807

Lines 60-65 Link Here

(-)sbin/geom/class/eli/geom_eli.c (-3 / +13 lines)
60		60
61	#define GELI_BACKUP_DIR "/var/backups/"	61	#define GELI_BACKUP_DIR "/var/backups/"
62	#define GELI_ENC_ALGO "aes"	62	#define GELI_ENC_ALGO "aes"
		63	#define GELI_VERSION "6"
63		64
64	static void eli_main(struct gctl_req *req, unsigned flags);	65	static void eli_main(struct gctl_req *req, unsigned flags);
65	static void eli_init(struct gctl_req *req);	66	static void eli_init(struct gctl_req *req);
Lines 81-87 Link Here
81	/*	82	/*
82	* Available commands:	83	* Available commands:
83	*	84	*
84	* init [-bhPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] prov	85	* init [-bhPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-V version] prov
85	* label - alias for 'init'	86	* label - alias for 'init'
86	* attach [-dprv] [-j passfile] [-k keyfile] prov	87	* attach [-dprv] [-j passfile] [-k keyfile] prov
87	* detach [-fl] prov ...	88	* detach [-fl] prov ...
Lines 112-120 Link Here
112	{ 'l', "keylen", "0", G_TYPE_NUMBER },	113	{ 'l', "keylen", "0", G_TYPE_NUMBER },
113	{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },	114	{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
114	{ 's', "sectorsize", "0", G_TYPE_NUMBER },	115	{ 's', "sectorsize", "0", G_TYPE_NUMBER },
		116	{ 'V', "eliversion", GELI_VERSION, G_TYPE_NUMBER },
115	G_OPT_SENTINEL	117	G_OPT_SENTINEL
116	},	118	},
117	"[-bPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] prov"	119	"[-bPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] [-V version] prov"
118	},	120	},
119	{ "label", G_FLAG_VERBOSE, eli_main,	121	{ "label", G_FLAG_VERBOSE, eli_main,
120	{	122	{
Lines 128-133 Link Here
128	{ 'l', "keylen", "0", G_TYPE_NUMBER },	130	{ 'l', "keylen", "0", G_TYPE_NUMBER },
129	{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },	131	{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
130	{ 's', "sectorsize", "0", G_TYPE_NUMBER },	132	{ 's', "sectorsize", "0", G_TYPE_NUMBER },
		133	{ 'V', "eliversion", GELI_VERSION, G_TYPE_NUMBER },
131	G_OPT_SENTINEL	134	G_OPT_SENTINEL
132	},	135	},
133	"- an alias for 'init'"	136	"- an alias for 'init'"
Lines 673-681 Link Here
673	return;	676	return;
674	}	677	}
675		678
		679	version = gctl_get_intmax(req, "eliversion");
		680	if (G_ELI_VERSION_06 < version) {
		681	gctl_error(req, "Invalid metadata version (must be between %d "
		682	"and %d): %d", G_ELI_VERSION_00, G_ELI_VERSION_06,
		683	version);
		684	return;
		685	}
676	bzero(&md, sizeof(md));	686	bzero(&md, sizeof(md));
677	strlcpy(md.md_magic, G_ELI_MAGIC, sizeof(md.md_magic));	687	strlcpy(md.md_magic, G_ELI_MAGIC, sizeof(md.md_magic));
678	md.md_version = G_ELI_VERSION;	688	md.md_version = version;
679	md.md_flags = 0;	689	md.md_flags = 0;
680	if (gctl_get_int(req, "boot"))	690	if (gctl_get_int(req, "boot"))
681	md.md_flags \|= G_ELI_FLAG_BOOT;	691	md.md_flags \|= G_ELI_FLAG_BOOT;