![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sbin / cgdconfig
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.34 / (download) - annotate - [selected], Fri Aug 12 10:49:35 2022 UTC (20 months, 1 week ago) by riastradh
Branch: MAIN
CVS Tags: netbsd-10-base,
netbsd-10-0-RELEASE,
netbsd-10-0-RC6,
netbsd-10-0-RC5,
netbsd-10-0-RC4,
netbsd-10-0-RC3,
netbsd-10-0-RC2,
netbsd-10-0-RC1,
netbsd-10,
HEAD
Changes since 1.33: +119 -2
lines
Diff to previous 1.33 (colored)
cgdconfig(8): Add support for generating shared-key parameters files. Usage model: - Generate a parameters file that supports sharing its main key: cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum - Make another parameters file that uses the same shared main key but derives an independent subkey from it: cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256
Revision 1.33 / (download) - annotate - [select for diffs], Fri Aug 12 10:49:17 2022 UTC (20 months, 1 week ago) by riastradh
Branch: MAIN
Changes since 1.32: +65 -2
lines
Diff to previous 1.32 (colored) to selected 1.34 (colored)
cgdconfig(8): Add support for shared keys.
New clause `shared <id> algorithm <alg> subkey <info>' in a keygen
block enables `cgdconfig -C' to reuse a key between different params
files, so you can, e.g., use a single password for multiple disks.
This is better than simply caching the password itself because:
- Hashing the password is expensive, so it should only be done once.
Suppose your budget is time t before you get bored, and you
calibrate password hash parameters to unlock n disks before you get
bored waiting for `cgdconfig -C'.
. With n password hashings the adversary's cost goes up only by a
factor of t/n.
. With one password hashing and n subkeys the adversary's cost goes
up by a factor of n.
And if you ever add a disk, rehashing it will make `cgdconfig -C'
go over budget, whereas another subkey adds negligible cost to you.
- Subkeys work for other types of keygen blocks, like shell_cmd,
which could be used to get a key from a hardware token that needs a
button press.
The <info> parameter must be different for each params file;
everything else in the keygen block must be the same. With this
clause, the keygen block determines a shared key used only to derive
keys; the actual key used by cgdconfig is derived from the shared key
by the specified algorithm.
The only supported algorithm is hkdf-hmac-sha256, which uses
HKDF-Expand of RFC 5869 instantiated with SHA-256.
Example:
algorithm aes-cbc;
iv-method encblkno1;
keylength 128;
verify_method none;
keygen pkcs5_pbkdf2/sha1 {
iterations 39361;
salt AAAAgMoHiYonye6KogdYJAobCHE=;
shared "pw" algorithm hkdf-hmac-sha256
subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=;
};
The key used for this disk will be derived by
HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==),
where k is the outcome of PBKDF2-SHA1 with the given parameters.
Note that <info> encodes a four-byte prefix giving the big-endian
length in bits of the info argument to HKDF, just like all other bit
strings in cgdconfig parameters files.
If you have multiple disks configured using the same keygen block
except for the info parameter, `cgdconfig -C' will only prompt once
for your passphrase, generate a shared key k with PBKDF2 as usual,
and then reuse it for each of the disks.
Revision 1.32 / (download) - annotate - [select for diffs], Mon Nov 22 14:34:35 2021 UTC (2 years, 4 months ago) by nia
Branch: MAIN
Changes since 1.31: +97 -2
lines
Diff to previous 1.31 (colored) to selected 1.34 (colored)
cgdconfig(8): Add an argon2id password-based key generation method This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption. Several new keygen parameters are supported: memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...) We do our best to calibrate these automatically when the paramsfile is initially generated. lgtm riastradh@
Revision 1.30.8.1 / (download) - annotate - [select for diffs], Sun Jun 6 20:30:48 2021 UTC (2 years, 10 months ago) by cjep
Branch: cjep_sun2x
Changes since 1.30: +3 -2
lines
Diff to previous 1.30 (colored) next main 1.31 (colored) to selected 1.34 (colored)
sync with head
Revision 1.31 / (download) - annotate - [select for diffs], Thu Jun 3 15:40:27 2021 UTC (2 years, 10 months ago) by prlw1
Branch: MAIN
CVS Tags: cjep_sun2x-base1
Changes since 1.30: +3 -2
lines
Diff to previous 1.30 (colored) to selected 1.34 (colored)
Make adiantum a first class citizen
Revision 1.29.14.1 / (download) - annotate - [select for diffs], Mon Jun 10 22:05:32 2019 UTC (4 years, 10 months ago) by christos
Branch: phil-wifi
Changes since 1.29: +4 -2
lines
Diff to previous 1.29 (colored) next main 1.30 (colored) to selected 1.34 (colored)
Sync with HEAD
Revision 1.29.12.1 / (download) - annotate - [select for diffs], Fri Jan 18 08:50:12 2019 UTC (5 years, 3 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.29: +4 -2
lines
Diff to previous 1.29 (colored) next main 1.30 (colored) to selected 1.34 (colored)
Synch with HEAD
Revision 1.30 / (download) - annotate - [select for diffs], Sun Dec 30 12:05:48 2018 UTC (5 years, 3 months ago) by mlelstv
Branch: MAIN
CVS Tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
phil-wifi-20191119,
phil-wifi-20190609,
pgoyette-compat-20190127,
pgoyette-compat-20190118,
netbsd-9-base,
netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE,
netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1,
netbsd-9,
is-mlppp-base,
is-mlppp,
cjep_sun2x-base,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x
Branch point for: cjep_sun2x
Changes since 1.29: +4 -2
lines
Diff to previous 1.29 (colored) to selected 1.34 (colored)
Avoid crash when no algorithm is specified in parameter file.
Revision 1.28.2.1 / (download) - annotate - [select for diffs], Sat Jan 7 08:56:06 2017 UTC (7 years, 3 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.28: +3 -2
lines
Diff to previous 1.28 (colored) next main 1.29 (colored) to selected 1.34 (colored)
Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.)
Revision 1.29 / (download) - annotate - [select for diffs], Sun Dec 11 00:34:39 2016 UTC (7 years, 4 months ago) by alnsn
Branch: MAIN
CVS Tags: prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
phil-wifi-base,
pgoyette-localcount-20170426,
pgoyette-localcount-20170320,
pgoyette-localcount-20170107,
pgoyette-compat-base,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
netbsd-8-base,
netbsd-8-2-RELEASE,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1,
netbsd-8-0-RELEASE,
netbsd-8-0-RC2,
netbsd-8-0-RC1,
netbsd-8,
matt-nb8-mediatek-base,
matt-nb8-mediatek,
bouyer-socketcan-base1,
bouyer-socketcan-base,
bouyer-socketcan
Branch point for: phil-wifi,
pgoyette-compat
Changes since 1.28: +3 -2
lines
Diff to previous 1.28 (colored) to selected 1.34 (colored)
Add aes-xts to cgdconfig(8).
Revision 1.28 / (download) - annotate - [select for diffs], Tue Nov 24 14:07:18 2015 UTC (8 years, 4 months ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-base,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
localcount-20160914
Branch point for: pgoyette-localcount
Changes since 1.27: +5 -5
lines
Diff to previous 1.27 (colored) to selected 1.34 (colored)
CID 1340063: fix TOCTOU
Revision 1.27 / (download) - annotate - [select for diffs], Sun Nov 22 20:24:19 2015 UTC (8 years, 4 months ago) by christos
Branch: MAIN
Changes since 1.26: +13 -2
lines
Diff to previous 1.26 (colored) to selected 1.34 (colored)
Don't chdir to the config directory; just form the parameters file with a path if needed.
Revision 1.26 / (download) - annotate - [select for diffs], Tue Jun 16 23:18:54 2015 UTC (8 years, 10 months ago) by christos
Branch: MAIN
Changes since 1.25: +4 -4
lines
Diff to previous 1.25 (colored) to selected 1.34 (colored)
fix error messages containing \n
Revision 1.25 / (download) - annotate - [select for diffs], Sun Dec 14 12:31:39 2014 UTC (9 years, 4 months ago) by mlelstv
Branch: MAIN
Changes since 1.24: +12 -2
lines
Diff to previous 1.24 (colored) to selected 1.34 (colored)
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
Revision 1.21.8.2 / (download) - annotate - [select for diffs], Sun Sep 28 11:17:10 2008 UTC (15 years, 6 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.21.8.1: +15 -4
lines
Diff to previous 1.21.8.1 (colored) to branchpoint 1.21 (colored) next main 1.22 (colored) to selected 1.34 (colored)
Sync with HEAD.
Revision 1.22.2.2 / (download) - annotate - [select for diffs], Wed Sep 24 16:35:51 2008 UTC (15 years, 6 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.22.2.1: +17 -6
lines
Diff to previous 1.22.2.1 (colored) next main 1.23 (colored) to selected 1.34 (colored)
Merge in changes between wrstuden-revivesa-base-2 and wrstuden-revivesa-base-3.
Revision 1.24 / (download) - annotate - [select for diffs], Fri Sep 12 16:51:55 2008 UTC (15 years, 7 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-tag8,
yamt-pagecache-base9,
yamt-pagecache-base8,
yamt-pagecache-base7,
yamt-pagecache-base6,
yamt-pagecache-base5,
yamt-pagecache-base4,
yamt-pagecache-base3,
yamt-pagecache-base2,
yamt-pagecache-base,
yamt-pagecache,
wrstuden-revivesa-base-3,
tls-maxphys-base,
tls-maxphys,
tls-earlyentropy-base,
tls-earlyentropy,
riastradh-xf86-video-intel-2-7-1-pre-2-21-15,
riastradh-drm2-base3,
riastradh-drm2-base2,
riastradh-drm2-base1,
riastradh-drm2-base,
riastradh-drm2,
netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-base,
netbsd-7-2-RELEASE,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE,
netbsd-7-1,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE,
netbsd-7-0,
netbsd-7,
netbsd-6-base,
netbsd-6-1-RELEASE,
netbsd-6-1-RC4,
netbsd-6-1-RC3,
netbsd-6-1-RC2,
netbsd-6-1-RC1,
netbsd-6-1-5-RELEASE,
netbsd-6-1-4-RELEASE,
netbsd-6-1-3-RELEASE,
netbsd-6-1-2-RELEASE,
netbsd-6-1-1-RELEASE,
netbsd-6-1,
netbsd-6-0-RELEASE,
netbsd-6-0-RC2,
netbsd-6-0-RC1,
netbsd-6-0-6-RELEASE,
netbsd-6-0-5-RELEASE,
netbsd-6-0-4-RELEASE,
netbsd-6-0-3-RELEASE,
netbsd-6-0-2-RELEASE,
netbsd-6-0-1-RELEASE,
netbsd-6-0,
netbsd-6,
netbsd-5-base,
netbsd-5-2-RELEASE,
netbsd-5-2-RC1,
netbsd-5-2-3-RELEASE,
netbsd-5-2-2-RELEASE,
netbsd-5-2-1-RELEASE,
netbsd-5-2,
netbsd-5-1-RELEASE,
netbsd-5-1-RC4,
netbsd-5-1-RC3,
netbsd-5-1-RC2,
netbsd-5-1-RC1,
netbsd-5-1-5-RELEASE,
netbsd-5-1-4-RELEASE,
netbsd-5-1-3-RELEASE,
netbsd-5-1-2-RELEASE,
netbsd-5-1-1-RELEASE,
netbsd-5-1,
netbsd-5-0-RELEASE,
netbsd-5-0-RC4,
netbsd-5-0-RC3,
netbsd-5-0-RC2,
netbsd-5-0-RC1,
netbsd-5-0-2-RELEASE,
netbsd-5-0-1-RELEASE,
netbsd-5-0,
netbsd-5,
mjf-devfs2-base,
matt-premerge-20091211,
matt-nb6-plus-nbase,
matt-nb6-plus-base,
matt-nb6-plus,
matt-nb5-pq3-base,
matt-nb5-pq3,
matt-nb5-mips64-u2-k2-k4-k7-k8-k9,
matt-nb5-mips64-u1-k1-k5,
matt-nb5-mips64-premerge-20101231,
matt-nb5-mips64-premerge-20091211,
matt-nb5-mips64-k15,
matt-nb5-mips64,
matt-nb4-mips64-k7-u2a-k9b,
matt-mips64-premerge-20101231,
matt-mips64-base2,
jym-xensuspend-nbase,
jym-xensuspend-base,
jym-xensuspend,
cherry-xenmp-base,
cherry-xenmp,
bouyer-quota2-nbase,
bouyer-quota2-base,
bouyer-quota2,
agc-symver-base,
agc-symver
Changes since 1.23: +17 -6
lines
Diff to previous 1.23 (colored) to selected 1.34 (colored)
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
Revision 1.22.2.1 / (download) - annotate - [select for diffs], Mon Jun 23 04:29:57 2008 UTC (15 years, 10 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.22: +39 -2
lines
Diff to previous 1.22 (colored) to selected 1.34 (colored)
Sync w/ -current. 34 merge conflicts to follow.
Revision 1.21.8.1 / (download) - annotate - [select for diffs], Mon Jun 2 13:21:21 2008 UTC (15 years, 10 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.21: +39 -9
lines
Diff to previous 1.21 (colored) to selected 1.34 (colored)
Sync with HEAD.
Revision 1.21.10.1 / (download) - annotate - [select for diffs], Sun May 18 12:30:50 2008 UTC (15 years, 11 months ago) by yamt
Branch: yamt-pf42
Changes since 1.21: +39 -9
lines
Diff to previous 1.21 (colored) next main 1.22 (colored) to selected 1.34 (colored)
sync with head.
Revision 1.23 / (download) - annotate - [select for diffs], Sun May 11 03:15:21 2008 UTC (15 years, 11 months ago) by elric
Branch: MAIN
CVS Tags: yamt-pf42-base4,
yamt-pf42-base3,
yamt-pf42-base2,
wrstuden-revivesa-base-2,
wrstuden-revivesa-base-1,
wrstuden-revivesa-base,
hpcarm-cleanup-nbase
Changes since 1.22: +39 -2
lines
Diff to previous 1.22 (colored) to selected 1.34 (colored)
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
Revision 1.22 / (download) - annotate - [select for diffs], Mon Apr 28 20:23:08 2008 UTC (15 years, 11 months ago) by martin
Branch: MAIN
Branch point for: wrstuden-revivesa
Changes since 1.21: +2 -9
lines
Diff to previous 1.21 (colored) to selected 1.34 (colored)
Remove clause 3 and 4 from TNF licenses
Revision 1.19.4.2 / (download) - annotate - [select for diffs], Wed Jan 9 01:38:02 2008 UTC (16 years, 3 months ago) by matt
Branch: matt-armv6
Changes since 1.19.4.1: +15 -15
lines
Diff to previous 1.19.4.1 (colored) to branchpoint 1.19 (colored) next main 1.20 (colored) to selected 1.34 (colored)
sync with HEAD
Revision 1.21 / (download) - annotate - [select for diffs], Sun Nov 11 22:44:12 2007 UTC (16 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pf42-baseX,
yamt-pf42-base,
mjf-devfs-base,
mjf-devfs,
matt-armv6-nbase,
matt-armv6-base,
keiichi-mipv6-base,
keiichi-mipv6,
hpcarm-cleanup-base,
cube-autoconf-base,
cube-autoconf
Branch point for: yamt-pf42,
mjf-devfs2
Changes since 1.20: +15 -15
lines
Diff to previous 1.20 (colored) to selected 1.34 (colored)
simplify and fix the combination code. Hi pooka.
Revision 1.19.4.1 / (download) - annotate - [select for diffs], Tue Nov 6 23:12:30 2007 UTC (16 years, 5 months ago) by matt
Branch: matt-armv6
CVS Tags: matt-armv6-prevmlocking
Changes since 1.19: +40 -41
lines
Diff to previous 1.19 (colored) to selected 1.34 (colored)
sync with HEAD
Revision 1.20 / (download) - annotate - [select for diffs], Tue Nov 6 02:50:49 2007 UTC (16 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.19: +40 -41
lines
Diff to previous 1.19 (colored) to selected 1.34 (colored)
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
Revision 1.19 / (download) - annotate - [select for diffs], Tue Feb 6 01:55:40 2007 UTC (17 years, 2 months ago) by cbiere
Branch: MAIN
CVS Tags: matt-mips64-base,
matt-mips64,
hpcarm-cleanup
Branch point for: matt-armv6
Changes since 1.18: +11 -20
lines
Diff to previous 1.18 (colored) to selected 1.34 (colored)
Use warn() and warnx().
Revision 1.18 / (download) - annotate - [select for diffs], Tue Feb 6 00:51:09 2007 UTC (17 years, 2 months ago) by cbiere
Branch: MAIN
Changes since 1.17: +5 -8
lines
Diff to previous 1.17 (colored) to selected 1.34 (colored)
crypt_defaults_lookup(): * Avoid comparison of int with unsigned. * Simplified.
Revision 1.17 / (download) - annotate - [select for diffs], Wed Jan 17 21:59:49 2007 UTC (17 years, 3 months ago) by hubertf
Branch: MAIN
Changes since 1.16: +2 -3
lines
Diff to previous 1.16 (colored) to selected 1.34 (colored)
Remove more duplicate #includes, from Slava Semushin <slava.semushin@gmail.com>
Revision 1.16 / (download) - annotate - [select for diffs], Sat Aug 26 18:14:28 2006 UTC (17 years, 7 months ago) by christos
Branch: MAIN
CVS Tags: wrstuden-fixsa-newbase,
wrstuden-fixsa-base-1,
wrstuden-fixsa-base,
wrstuden-fixsa,
netbsd-4-base,
netbsd-4-0-RELEASE,
netbsd-4-0-RC5,
netbsd-4-0-RC4,
netbsd-4-0-RC3,
netbsd-4-0-RC2,
netbsd-4-0-RC1,
netbsd-4-0-1-RELEASE,
netbsd-4-0,
netbsd-4
Changes since 1.15: +3 -2
lines
Diff to previous 1.15 (colored) to selected 1.34 (colored)
Programs that use efun.
Revision 1.15 / (download) - annotate - [select for diffs], Fri Mar 17 13:58:27 2006 UTC (18 years, 1 month ago) by elad
Branch: MAIN
CVS Tags: abandoned-netbsd-4-base,
abandoned-netbsd-4
Changes since 1.14: +4 -4
lines
Diff to previous 1.14 (colored) to selected 1.34 (colored)
Proper bounds check, found by Coverity, CID 1468.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Jun 27 03:07:45 2005 UTC (18 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.13: +4 -6
lines
Diff to previous 1.13 (colored) to selected 1.34 (colored)
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
Revision 1.13 / (download) - annotate - [select for diffs], Wed Mar 30 17:10:18 2005 UTC (19 years ago) by christos
Branch: MAIN
Changes since 1.12: +6 -9
lines
Diff to previous 1.12 (colored) to selected 1.34 (colored)
Centralize error checking for malloc,calloc,strdup.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Jan 4 04:52:50 2005 UTC (19 years, 3 months ago) by elric
Branch: MAIN
CVS Tags: netbsd-3-base,
netbsd-3-1-RELEASE,
netbsd-3-1-RC4,
netbsd-3-1-RC3,
netbsd-3-1-RC2,
netbsd-3-1-RC1,
netbsd-3-1-1-RELEASE,
netbsd-3-1,
netbsd-3-0-RELEASE,
netbsd-3-0-RC6,
netbsd-3-0-RC5,
netbsd-3-0-RC4,
netbsd-3-0-RC3,
netbsd-3-0-RC2,
netbsd-3-0-RC1,
netbsd-3-0-3-RELEASE,
netbsd-3-0-2-RELEASE,
netbsd-3-0-1-RELEASE,
netbsd-3-0,
netbsd-3
Changes since 1.11: +3 -3
lines
Diff to previous 1.11 (colored) to selected 1.34 (colored)
Fix comment. We're using microseconds not milliseconds.
Revision 1.11 / (download) - annotate - [select for diffs], Tue Jan 4 04:50:26 2005 UTC (19 years, 3 months ago) by elric
Branch: MAIN
Changes since 1.10: +4 -4
lines
Diff to previous 1.10 (colored) to selected 1.34 (colored)
Fix bits vs. bytes problem in call to calibration routine.
Revision 1.10 / (download) - annotate - [select for diffs], Fri Aug 13 15:03:57 2004 UTC (19 years, 8 months ago) by tv
Branch: MAIN
Changes since 1.9: +14 -7
lines
Diff to previous 1.9 (colored) to selected 1.34 (colored)
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
Revision 1.9.2.1 / (download) - annotate - [select for diffs], Fri Aug 13 15:02:17 2004 UTC (19 years, 8 months ago) by tv
Branch: netbsd-2-0
CVS Tags: netbsd-2-base,
netbsd-2-1-RELEASE,
netbsd-2-1-RC6,
netbsd-2-1-RC5,
netbsd-2-1-RC4,
netbsd-2-1-RC3,
netbsd-2-1-RC2,
netbsd-2-1-RC1,
netbsd-2-1,
netbsd-2-0-RELEASE,
netbsd-2-0-RC5,
netbsd-2-0-RC4,
netbsd-2-0-RC3,
netbsd-2-0-RC2,
netbsd-2-0-RC1,
netbsd-2-0-3-RELEASE,
netbsd-2-0-2-RELEASE,
netbsd-2-0-1-RELEASE,
netbsd-2
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored) next main 1.10 (colored) to selected 1.34 (colored)
Oy, sometimes CVS sticky tags hurt. Revert urandomkey; that should be on HEAD.
Revision 1.9 / (download) - annotate - [select for diffs], Wed Mar 17 01:29:13 2004 UTC (20 years, 1 month ago) by dan
Branch: MAIN
CVS Tags: netbsd-2-0-base
Branch point for: netbsd-2-0
Changes since 1.8: +27 -6
lines
Diff to previous 1.8 (colored) to selected 1.34 (colored)
Fix a longstanding algorithmic flaw in PKCS#5 key generation. The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1. NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell. Update manpage accordingly and bump date.
Revision 1.8 / (download) - annotate - [select for diffs], Tue Sep 23 17:24:46 2003 UTC (20 years, 7 months ago) by cb
Branch: MAIN
Changes since 1.7: +7 -2
lines
Diff to previous 1.7 (colored) to selected 1.34 (colored)
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
Revision 1.7 / (download) - annotate - [select for diffs], Sun Jul 13 07:58:19 2003 UTC (20 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.6: +5 -2
lines
Diff to previous 1.6 (colored) to selected 1.34 (colored)
die if asprintf fails to malloc
Revision 1.6 / (download) - annotate - [select for diffs], Thu Apr 10 05:45:29 2003 UTC (21 years ago) by elric
Branch: MAIN
Changes since 1.5: +6 -3
lines
Diff to previous 1.5 (colored) to selected 1.34 (colored)
If reading an old style parameters file then default a missing keygen_iteration to 128. This will not default the iteration count on a new style parameter file as it is an error in the new style to fail to specify the iteration count. Addresses PR: bin/21056
Revision 1.5 / (download) - annotate - [select for diffs], Mon Mar 24 02:02:51 2003 UTC (21 years, 1 month ago) by elric
Branch: MAIN
Changes since 1.4: +502 -405
lines
Diff to previous 1.4 (colored) to selected 1.34 (colored)
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
Revision 1.4 / (download) - annotate - [select for diffs], Wed Dec 4 05:02:29 2002 UTC (21 years, 4 months ago) by elric
Branch: MAIN
CVS Tags: fvdl_fs64_base
Changes since 1.3: +21 -6
lines
Diff to previous 1.3 (colored) to selected 1.34 (colored)
Make iteration count for PKCS#5 settable in the parameters files.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Nov 30 03:10:53 2002 UTC (21 years, 4 months ago) by lukem
Branch: MAIN
Changes since 1.2: +1 -2
lines
Diff to previous 1.2 (colored) to selected 1.34 (colored)
tweaks for fparseln(3) move from libutil to libc: - remove #include <util.h> if nothing else needed it - remove LDFLAGS+=-lutil if nothing else needed it
Revision 1.2 / (download) - annotate - [select for diffs], Sat Oct 12 21:02:18 2002 UTC (21 years, 6 months ago) by elric
Branch: MAIN
Changes since 1.1: +49 -1
lines
Diff to previous 1.1 (colored) to selected 1.34 (colored)
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
Revision 1.1 / (download) - annotate - [select for diffs], Fri Oct 4 18:37:20 2002 UTC (21 years, 6 months ago) by elric
Branch: MAIN
Diff to selected 1.34 (colored)
Initial checkin of cgdconfig(8), a program to configure a cgd.