Print this page
5857 add -o option to lofiadm
Reviewed by: Dan McDonald <danmcd@omniti.com>
Reviewed by: Andy Stormont <astormont@racktopsystems.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
*** 23,32 ****
--- 23,33 ----
* Use is subject to license terms.
* Copyright 2012 Joyent, Inc. All rights reserved.
*
* Copyright 2013 Nexenta Systems, Inc. All rights reserved.
* Copyright (c) 2014 Gary Mills
+ * Copyright (c) 2016 Andrey Sokolov
*/
/*
* lofiadm - administer lofi(7d). Very simple, add and remove file<->device
* associations, and display status. All the ioctls are private between
*** 151,160 ****
--- 152,163 ----
#define KILOBYTE 1024
#define MEGABYTE (KILOBYTE * KILOBYTE)
#define GIGABYTE (KILOBYTE * MEGABYTE)
#define LIBZ "libz.so.1"
+ const char lofi_crypto_magic[6] = LOFI_CRYPTO_MAGIC;
+
static void
usage(const char *pname)
{
(void) fprintf(stderr, gettext(USAGE), pname, pname, pname,
pname, pname, pname, pname, pname, pname, pname);
*** 833,843 ****
/*
* PBE the passphrase into a raw key
*/
static void
! getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz)
{
CK_SESSION_HANDLE sess;
CK_RV rv;
char *pass = NULL;
size_t passlen = 0;
--- 836,847 ----
/*
* PBE the passphrase into a raw key
*/
static void
! getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz,
! boolean_t with_confirmation)
{
CK_SESSION_HANDLE sess;
CK_RV rv;
char *pass = NULL;
size_t passlen = 0;
*** 864,874 ****
rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
if (rv != CKR_OK)
goto cleanup;
/* get user passphrase with 8 byte minimum */
! if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN, B_TRUE) < 0) {
die(gettext("passphrases do not match\n"));
}
/*
* salt should not be NULL, or else pkcs11_PasswdToKey() will
--- 868,879 ----
rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
if (rv != CKR_OK)
goto cleanup;
/* get user passphrase with 8 byte minimum */
! if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN,
! with_confirmation) < 0) {
die(gettext("passphrases do not match\n"));
}
/*
* salt should not be NULL, or else pkcs11_PasswdToKey() will
*** 1757,1766 ****
--- 1762,1793 ----
if (name_to_minor(filename) != 0) {
die(gettext("cannot use %s on itself\n"), LOFI_DRIVER_NAME);
}
}
+ static boolean_t
+ check_file_is_encrypted(const char *filename)
+ {
+ int fd;
+ char buf[sizeof (lofi_crypto_magic)];
+
+ fd = open64(filename, O_RDONLY);
+ if (fd == -1) {
+ die(gettext("open: %s"), filename);
+ }
+ if (lseek(fd, CRYOFF, SEEK_SET) != CRYOFF) {
+ die(gettext("lseek: %s"), filename);
+ }
+ if (read(fd, buf, sizeof (buf)) != sizeof (buf)) {
+ die(gettext("read: %s"), filename);
+ }
+ (void) close(fd);
+
+ return (strncmp(buf, lofi_crypto_magic,
+ sizeof (lofi_crypto_magic)) == 0);
+ }
+
static uint32_t
convert_to_num(const char *str)
{
int len;
uint32_t segsize, mult = 1;
*** 1830,1840 ****
pname = getpname(argv[0]);
(void) setlocale(LC_ALL, "");
(void) textdomain(TEXT_DOMAIN);
! while ((c = getopt(argc, argv, "a:c:Cd:efk:o:rs:T:U")) != EOF) {
switch (c) {
case 'a':
addflag = B_TRUE;
if ((filename = realpath(optarg, realfilename)) == NULL)
die("%s", optarg);
--- 1857,1867 ----
pname = getpname(argv[0]);
(void) setlocale(LC_ALL, "");
(void) textdomain(TEXT_DOMAIN);
! while ((c = getopt(argc, argv, "a:c:Cd:efk:rs:T:U")) != EOF) {
switch (c) {
case 'a':
addflag = B_TRUE;
if ((filename = realpath(optarg, realfilename)) == NULL)
die("%s", optarg);
*** 2019,2029 ****
"mechanisms\n"));
init_crypto(token, cipher, &sess);
if (cipher_only) {
! getkeyfromuser(cipher, &rkey, &rksz);
} else if (token != NULL) {
getkeyfromtoken(sess, token, keyfile, cipher,
&rkey, &rksz);
} else {
/* this also handles ephemeral keys */
--- 2046,2057 ----
"mechanisms\n"));
init_crypto(token, cipher, &sess);
if (cipher_only) {
! getkeyfromuser(cipher, &rkey, &rksz,
! !check_file_is_encrypted(filename));
} else if (token != NULL) {
getkeyfromtoken(sess, token, keyfile, cipher,
&rkey, &rksz);
} else {
/* this also handles ephemeral keys */