git: 8d2d1d651678 - main - Remove GBDE source files

From: Poul-Henning Kamp <phk_at_FreeBSD.org>
Date: Tue, 07 May 2024 07:40:45 UTC
The branch main has been updated by phk:

URL: https://cgit.FreeBSD.org/src/commit/?id=8d2d1d651678178aa7f24f0530347f860423fd9e

commit 8d2d1d651678178aa7f24f0530347f860423fd9e
Author:     Poul-Henning Kamp <phk@FreeBSD.org>
AuthorDate: 2024-05-07 07:31:09 +0000
Commit:     Poul-Henning Kamp <phk@FreeBSD.org>
CommitDate: 2024-05-07 07:31:09 +0000

    Remove GBDE source files
---
 sbin/gbde/Makefile         |   31 -
 sbin/gbde/Makefile.depend  |   18 -
 sbin/gbde/gbde.8           |  271 ----
 sbin/gbde/gbde.c           |  895 ------------
 sbin/gbde/image.uu         | 3304 --------------------------------------------
 sbin/gbde/template.txt     |   31 -
 sbin/gbde/test.sh          |   66 -
 sys/geom/bde/g_bde.c       |  296 ----
 sys/geom/bde/g_bde.h       |  215 ---
 sys/geom/bde/g_bde_crypt.c |  358 -----
 sys/geom/bde/g_bde_lock.c  |  478 -------
 sys/geom/bde/g_bde_work.c  |  778 -----------
 12 files changed, 6741 deletions(-)

diff --git a/sbin/gbde/Makefile b/sbin/gbde/Makefile
deleted file mode 100644
index 8c84781fc4ed..000000000000
--- a/sbin/gbde/Makefile
+++ /dev/null
@@ -1,31 +0,0 @@
-
-PACKAGE=geom
-PROG=	gbde
-SRCS=	gbde.c template.c
-SRCS+=	rijndael-alg-fst.c
-SRCS+=	rijndael-api-fst.c
-SRCS+=	g_bde_lock.c
-
-# rijndael-fst.c does evil casting things which can results in warnings,
-# the test-vectors check out however, so it works right.
-NO_WCAST_ALIGN=
-NO_WMISSING_VARIABLE_DECLARATIONS=
-
-CFLAGS+= -I${SRCTOP}/sys
-.PATH:	${SRCTOP}/sys/geom/bde \
-	${SRCTOP}/sys/crypto/rijndael \
-	${SRCTOP}/sys/crypto/sha2
-
-CLEANFILES+= template.c
-
-MAN=	gbde.8
-LIBADD=	md util geom
-
-template.c: template.txt
-	file2c 'const char template[] = {' ',0};' \
-		< ${.CURDIR}/template.txt > template.c
-
-test: ${PROG}
-	sh ${.CURDIR}/test.sh ${.CURDIR}
-
-.include <bsd.prog.mk>
diff --git a/sbin/gbde/Makefile.depend b/sbin/gbde/Makefile.depend
deleted file mode 100644
index 2edf986e595a..000000000000
--- a/sbin/gbde/Makefile.depend
+++ /dev/null
@@ -1,18 +0,0 @@
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
-	include \
-	include/xlocale \
-	lib/${CSU_DIR} \
-	lib/libc \
-	lib/libcompiler_rt \
-	lib/libgeom \
-	lib/libmd \
-	lib/libutil \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/sbin/gbde/gbde.8 b/sbin/gbde/gbde.8
deleted file mode 100644
index 1f3d41017307..000000000000
--- a/sbin/gbde/gbde.8
+++ /dev/null
@@ -1,271 +0,0 @@
-.\"
-.\" Copyright (c) 2002 Poul-Henning Kamp
-.\" Copyright (c) 2002 Networks Associates Technology, Inc.
-.\" All rights reserved.
-.\"
-.\" This software was developed for the FreeBSD Project by Poul-Henning Kamp
-.\" and NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.Dd October 3, 2016
-.Dt GBDE 8
-.Os
-.Sh NAME
-.Nm gbde
-.Nd operation and management utility for Geom Based Disk Encryption
-.Sh SYNOPSIS
-.Nm
-.Cm attach
-.Ar destination
-.Op Fl k Ar keyfile
-.Op Fl l Ar lockfile
-.Op Fl p Ar pass-phrase
-.Nm
-.Cm detach
-.Ar destination
-.Nm
-.Cm init
-.Ar destination
-.Op Fl i
-.Op Fl f Ar filename
-.Op Fl K Ar new-keyfile
-.Op Fl L Ar new-lockfile
-.Op Fl P Ar new-pass-phrase
-.Nm
-.Cm setkey
-.Ar destination
-.Op Fl n Ar key
-.Op Fl k Ar keyfile
-.Op Fl l Ar lockfile
-.Op Fl p Ar pass-phrase
-.Op Fl K Ar new-keyfile
-.Op Fl L Ar new-lockfile
-.Op Fl P Ar new-pass-phrase
-.Nm
-.Cm nuke
-.Ar destination
-.Op Fl n Ar key
-.Op Fl k Ar keyfile
-.Op Fl l Ar lockfile
-.Op Fl p Ar pass-phrase
-.Nm
-.Cm destroy
-.Ar destination
-.Op Fl k Ar keyfile
-.Op Fl l Ar lockfile
-.Op Fl p Ar pass-phrase
-.Sh DESCRIPTION
-.Bf -symbolic
-NOTICE:
-Please be aware that this code has not yet received much review
-and analysis by qualified cryptographers and therefore should be considered
-a slightly suspect experimental facility.
-.Pp
-We cannot at this point guarantee that the on-disk format will not change
-in response to reviews or bug-fixes, so potential users are advised to
-be prepared that
-.Xr dump 8 Ns / Ns
-.Xr restore 8
-based migrations may be called for in the future.
-.Ef
-.Pp
-The
-.Nm
-utility is the only official operation and management interface for the
-.Xr gbde 4
-.Tn GEOM
-based disk encryption kernel facility.
-The interaction between the
-.Nm
-utility and the kernel part is not a published interface.
-.Pp
-The operational aspect consists of two subcommands:
-one to open and attach
-a device to the in-kernel cryptographic
-.Nm
-module
-.Pq Cm attach ,
-and one to close and detach a device
-.Pq Cm detach .
-.Pp
-The management part allows initialization of the master key and lock sectors
-on a device
-.Pq Cm init ,
-initialization and replacement of pass-phrases
-.Pq Cm setkey ,
-and key invalidation
-.Pq Cm nuke
-and blackening
-.Pq Cm destroy
-functions.
-.Pp
-The
-.Fl l Ar lockfile
-argument is used to supply the lock selector data.
-If no
-.Fl l
-option is specified, the first sector is used for this purpose.
-.Pp
-The
-.Fl L Ar new-lockfile
-argument
-specifies the lock selector file for the key
-initialized with the
-.Cm init
-subcommand
-or modified with the
-.Cm setkey
-subcommand.
-.Pp
-The
-.Fl n Ar key
-argument can be used to specify to which of the four keys
-the operation applies.
-A value of 1 to 4 selects the specified key, a value of 0 (the default)
-means
-.Dq "this key"
-(i.e., the key used to gain access to the device)
-and a value of \-1 means
-.Dq "all keys" .
-.Pp
-The
-.Fl f Ar filename
-specifies an optional parameter file for use under initialization.
-.Pp
-Alternatively, the
-.Fl i
-option toggles an interactive mode where a template file with descriptions
-of the parameters can be interactively edited.
-.Pp
-The
-.Fl p Ar pass-phrase
-argument
-specifies the pass-phrase used for opening the device.
-If not specified, the controlling terminal will be used to prompt the user
-for the pass-phrase.
-Be aware that using this option may expose the pass-phrase to other
-users who happen to run
-.Xr ps 1
-or similar while the command is running.
-.Pp
-The
-.Fl P Ar new-pass-phrase
-argument
-can be used to specify the new pass-phrase to the
-.Cm init
-and
-.Cm setkey
-subcommands.
-If not specified, the user is prompted for the new pass-phrase on the
-controlling terminal.
-Be aware that using this option may expose the pass-phrase to other
-users who happen to run
-.Xr ps 1
-or similar while the command is running.
-.Pp
-The
-.Fl k Ar keyfile
-argument specifies a key file to be used in combination with the
-pass-phrase (whether the pass-phrase is specified on the command line
-or entered from the terminal) for opening the device.
-The device will only be opened if the contents of the key file and the
-pass-phrase are both correct.
-.Pp
-The
-.Fl K Ar new-keyfile
-argument can be used to specify a new key file to the
-.Cm init
-and
-.Cm setkey
-subcommands.
-If not specified, no key file will be used (even if one was previously
-used).
-.Sh EXAMPLES
-To initialize a device, using default parameters:
-.Pp
-.Dl "gbde init /dev/ada0s1f -L /etc/ada0s1f.lock"
-.Pp
-To attach an encrypted device:
-.Pp
-.Dl "gbde attach ada0s1f -l /etc/ada0s1f.lock"
-.Pp
-The encrypted device has the suffix
-.Pa .bde
-so a typical
-command to create and mount a file system would be:
-.Pp
-.Dl "newfs /dev/ada0s1f.bde"
-.Dl "mount /dev/ada0s1f.bde /secret"
-.Pp
-To detach an encrypted device:
-.Pp
-.Dl "gbde detach ada0s1f"
-.Pp
-Please notice that detaching an encrypted device corresponds to
-physically removing it, do not forget to unmount the file system first.
-.Pp
-To initialize the second key using a detached lockfile and a trivial
-pass-phrase:
-.Pp
-.Dl "gbde setkey ada0s1f -n 2 -P foo -L key2.lockfile"
-.Pp
-To invalidate your own masterkey:
-.Pp
-.Dl "gbde nuke ada0s1f"
-.Pp
-This will overwrite your masterkey sector with zeros, and results in
-a diagnostic if you try to use the key again.
-You can also destroy the other three copies of the masterkey with the
--n argument.
-.Pp
-You can also invalidate your masterkey without leaving a tell-tale sector
-full of zeros:
-.Pp
-.Dl "gbde destroy ada0s1f"
-.Pp
-This will overwrite the information fields in your masterkey sector,
-encrypt it and write it back.
-You get a (different) diagnostic if you try to use it.
-.Sh SEE ALSO
-.Xr gbde 4 ,
-.Xr geom 4
-.Sh HISTORY
-This software was developed for the
-.Fx
-Project by
-.An Poul-Henning Kamp
-and NAI Labs, the Security Research Division of Network Associates, Inc.\&
-under DARPA/SPAWAR contract N66001-01-C-8035
-.Pq Dq CBOSS ,
-as part of the
-DARPA CHATS research program.
-.Nm
-first appeared in
-.Fx 5.0 .
-.Sh AUTHORS
-.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org
-.Sh BUGS
-The cryptographic algorithms and the overall design have not been
-attacked mercilessly for over 10 years by a gang of cryptoanalysts.
diff --git a/sbin/gbde/gbde.c b/sbin/gbde/gbde.c
deleted file mode 100644
index e173bb78ad90..000000000000
--- a/sbin/gbde/gbde.c
+++ /dev/null
@@ -1,895 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause
- *
- * Copyright (c) 2002 Poul-Henning Kamp
- * Copyright (c) 2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed for the FreeBSD Project by Poul-Henning Kamp
- * and NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * XXX: Future stuff
- *
- * Replace the template file options (-i & -f) with command-line variables
- * "-v property=foo"
- *
- * Introduce -e, extra entropy source (XOR with /dev/random)
- *
- * Introduce -E, alternate entropy source (instead of /dev/random)
- *
- * Introduce -i take IV from keyboard or
- *
- * Introduce -I take IV from file/cmd
- *
- * Introduce -m/-M store encrypted+encoded masterkey in file
- *
- * Introduce -k/-K get pass-phrase part from file/cmd
- *
- * Introduce -d add more dest-devices to worklist.
- *
- * Add key-option: selfdestruct bit.
- *
- * New/changed verbs:
- *	"onetime"	attach with onetime nonstored locksector
- *	"key"/"unkey" to blast memory copy of key without orphaning
- *	"nuke" blow away everything attached, crash/halt/power-off if possible.
- *	"blast" destroy all copies of the masterkey
- *	"destroy" destroy one copy of the masterkey
- *	"backup"/"restore" of masterkey sectors.
- *
- * Make all verbs work on both attached/detached devices.
- *
- */
-
-#include <sys/types.h>
-#include <sys/queue.h>
-#include <sys/mutex.h>
-#include <md5.h>
-#include <readpassphrase.h>
-#include <string.h>
-#include <stdint.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <paths.h>
-#include <strings.h>
-#include <stdlib.h>
-#include <err.h>
-#include <stdio.h>
-#include <libutil.h>
-#include <libgeom.h>
-#include <sys/errno.h>
-#include <sys/disk.h>
-#include <sys/stat.h>
-#include <crypto/rijndael/rijndael-api-fst.h>
-#include <crypto/sha2/sha512.h>
-#include <sys/param.h>
-#include <sys/linker.h>
-
-#define GBDEMOD "geom_bde"
-#define KASSERT(foo, bar) do { if(!(foo)) { warn bar ; exit (1); } } while (0)
-
-#include <geom/geom.h>
-#include <geom/bde/g_bde.h>
-
-extern const char template[];
-
-
-#if 0
-static void
-g_hexdump(void *ptr, int length)
-{
-	int i, j, k;
-	unsigned char *cp;
-
-	cp = ptr;
-	for (i = 0; i < length; i+= 16) {
-		printf("%04x  ", i);
-		for (j = 0; j < 16; j++) {
-			k = i + j;
-			if (k < length)
-				printf(" %02x", cp[k]);
-			else
-				printf("   ");
-		}
-		printf("  |");
-		for (j = 0; j < 16; j++) {
-			k = i + j;
-			if (k >= length)
-				printf(" ");
-			else if (cp[k] >= ' ' && cp[k] <= '~')
-				printf("%c", cp[k]);
-			else
-				printf(".");
-		}
-		printf("|\n");
-	}
-}
-#endif
-
-static void __dead2
-usage(void)
-{
-
-	(void)fprintf(stderr,
-"usage: gbde attach destination [-k keyfile] [-l lockfile] [-p pass-phrase]\n"
-"       gbde detach destination\n"
-"       gbde init destination [-i] [-f filename] [-K new-keyfile]\n"
-"            [-L new-lockfile] [-P new-pass-phrase]\n"
-"       gbde setkey destination [-n key]\n"
-"            [-k keyfile] [-l lockfile] [-p pass-phrase]\n"
-"            [-K new-keyfile] [-L new-lockfile] [-P new-pass-phrase]\n"
-"       gbde nuke destination [-n key]\n"
-"            [-k keyfile] [-l lockfile] [-p pass-phrase]\n"
-"       gbde destroy destination [-k keyfile] [-l lockfile] [-p pass-phrase]\n");
-	exit(1);
-}
-
-void *
-g_read_data(struct g_consumer *cp, off_t offset, off_t length, int *error)
-{
-	void *p;
-	int fd, i;
-	off_t o2;
-
-	p = malloc(length);
-	if (p == NULL)
-		err(1, "malloc");
-	fd = *(int *)cp;
-	o2 = lseek(fd, offset, SEEK_SET);
-	if (o2 != offset)
-		err(1, "lseek");
-	i = read(fd, p, length);
-	if (i != length)
-		err(1, "read");
-	if (error != NULL)
-		error = 0;
-	return (p);
-}
-
-static void
-random_bits(void *p, u_int len)
-{
-	arc4random_buf(p, len);
-}
-
-/* XXX: not nice */
-static u_char sha2[SHA512_DIGEST_LENGTH];
-
-static void
-reset_passphrase(struct g_bde_softc *sc)
-{
-
-	memcpy(sc->sha2, sha2, SHA512_DIGEST_LENGTH);
-}
-
-static void
-setup_passphrase(struct g_bde_softc *sc, int sure, const char *input,
-    const char *keyfile)
-{
-	char buf1[BUFSIZ + SHA512_DIGEST_LENGTH];
-	char buf2[BUFSIZ + SHA512_DIGEST_LENGTH];
-	char *p;
-	int kfd, klen, bpos = 0;
-
-	if (keyfile != NULL) {
-		/* Read up to BUFSIZ bytes from keyfile */
-		kfd = open(keyfile, O_RDONLY, 0);
-		if (kfd < 0)
-			err(1, "%s", keyfile);
-		klen = read(kfd, buf1, BUFSIZ);
-		if (klen == -1)
-			err(1, "%s", keyfile);
-		close(kfd);
-
-		/* Prepend the passphrase with the hash of the key read */
-		g_bde_hash_pass(sc, buf1, klen);
-		memcpy(buf1, sc->sha2, SHA512_DIGEST_LENGTH);
-		memcpy(buf2, sc->sha2, SHA512_DIGEST_LENGTH);
-		bpos = SHA512_DIGEST_LENGTH;
-	}
-
-	if (input != NULL) {
-		if (strlen(input) >= BUFSIZ)
-			errx(1, "Passphrase too long");
-		strcpy(buf1 + bpos, input);
-
-		g_bde_hash_pass(sc, buf1, strlen(buf1 + bpos) + bpos);
-		memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH);
-		return;
-	}
-	for (;;) {
-		p = readpassphrase(
-		    sure ? "Enter new passphrase:" : "Enter passphrase: ",
-		    buf1 + bpos, sizeof buf1 - bpos,
-		    RPP_ECHO_OFF | RPP_REQUIRE_TTY);
-		if (p == NULL)
-			err(1, "readpassphrase");
-
-		if (sure) {
-			p = readpassphrase("Reenter new passphrase: ",
-			    buf2 + bpos, sizeof buf2 - bpos,
-			    RPP_ECHO_OFF | RPP_REQUIRE_TTY);
-			if (p == NULL)
-				err(1, "readpassphrase");
-
-			if (strcmp(buf1 + bpos, buf2 + bpos)) {
-				printf("They didn't match.\n");
-				continue;
-			}
-		}
-		if (strlen(buf1 + bpos) < 3) {
-			printf("Too short passphrase.\n");
-			continue;
-		}
-		break;
-	}
-	g_bde_hash_pass(sc, buf1, strlen(buf1 + bpos) + bpos);
-	memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH);
-}
-
-static void
-encrypt_sector(void *d, int len, int klen, void *key)
-{
-	keyInstance ki;
-	cipherInstance ci;
-	int error;
-
-	error = rijndael_cipherInit(&ci, MODE_CBC, NULL);
-	if (error <= 0)
-		errx(1, "rijndael_cipherInit=%d", error);
-	error = rijndael_makeKey(&ki, DIR_ENCRYPT, klen, key);
-	if (error <= 0)
-		errx(1, "rijndael_makeKeY=%d", error);
-	error = rijndael_blockEncrypt(&ci, &ki, d, len * 8, d);
-	if (error <= 0)
-		errx(1, "rijndael_blockEncrypt=%d", error);
-}
-
-static void
-cmd_attach(const struct g_bde_softc *sc, const char *dest, const char *lfile)
-{
-	int ffd;
-	u_char buf[16];
-	struct gctl_req *r;
-	const char *errstr;
-
-	r = gctl_get_handle();
-	gctl_ro_param(r, "verb", -1, "create geom");
-	gctl_ro_param(r, "class", -1, "BDE");
-	gctl_ro_param(r, "provider", -1, dest);
-	gctl_ro_param(r, "pass", SHA512_DIGEST_LENGTH, sc->sha2);
-	if (lfile != NULL) {
-		ffd = open(lfile, O_RDONLY, 0);
-		if (ffd < 0)
-			err(1, "%s", lfile);
-		read(ffd, buf, 16);
-		gctl_ro_param(r, "key", 16, buf);
-		close(ffd);
-	}
-	errstr = gctl_issue(r);
-	if (errstr != NULL)
-		errx(1, "Attach to %s failed: %s", dest, errstr);
-
-	exit (0);
-}
-
-static void
-cmd_detach(const char *dest)
-{
-	struct gctl_req *r;
-	const char *errstr;
-	char buf[BUFSIZ];
-
-	r = gctl_get_handle();
-	gctl_ro_param(r, "verb", -1, "destroy geom");
-	gctl_ro_param(r, "class", -1, "BDE");
-	sprintf(buf, "%s.bde", dest);
-	gctl_ro_param(r, "geom", -1, buf);
-	/* gctl_dump(r, stdout); */
-	errstr = gctl_issue(r);
-	if (errstr != NULL)
-		errx(1, "Detach of %s failed: %s", dest, errstr);
-	exit (0);
-}
-
-static void
-cmd_open(struct g_bde_softc *sc, int dfd , const char *l_opt, u_int *nkey)
-{
-	int error;
-	int ffd;
-	u_char keyloc[16];
-	u_int sectorsize;
-	off_t mediasize;
-	struct stat st;
-
-	error = ioctl(dfd, DIOCGSECTORSIZE, &sectorsize);
-	if (error)
-		sectorsize = 512;
-	error = ioctl(dfd, DIOCGMEDIASIZE, &mediasize);
-	if (error) {
-		error = fstat(dfd, &st);
-		if (error == 0 && S_ISREG(st.st_mode))
-			mediasize = st.st_size;
-		else
-			error = ENOENT;
-	}
-	if (error)
-		mediasize = (off_t)-1;
-	if (l_opt != NULL) {
-		ffd = open(l_opt, O_RDONLY, 0);
-		if (ffd < 0)
-			err(1, "%s", l_opt);
-		read(ffd, keyloc, sizeof keyloc);
-		close(ffd);
-	} else {
-		memset(keyloc, 0, sizeof keyloc);
-	}
-
-	error = g_bde_decrypt_lock(sc, sc->sha2, keyloc, mediasize,
-	    sectorsize, nkey);
-	if (error == ENOENT)
-		errx(1, "Lock was destroyed.");
-	if (error == ESRCH)
-		errx(1, "Lock was nuked.");
-	if (error == ENOTDIR)
-		errx(1, "Lock not found");
-	if (error != 0)
-		errx(1, "Error %d decrypting lock", error);
-	if (nkey)
-		printf("Opened with key %u\n", 1 + *nkey);
-	return;
-}
-
-static void
-cmd_nuke(struct g_bde_key *gl, int dfd , int key)
-{
-	int i;
-	u_char *sbuf;
-	off_t offset, offset2;
-
-	sbuf = malloc(gl->sectorsize);
-	memset(sbuf, 0, gl->sectorsize);
-	offset = (gl->lsector[key] & ~(gl->sectorsize - 1));
-	offset2 = lseek(dfd, offset, SEEK_SET);
-	if (offset2 != offset)
-		err(1, "lseek");
-	i = write(dfd, sbuf, gl->sectorsize);
-	free(sbuf);
-	if (i != (int)gl->sectorsize)
-		err(1, "write");
-	printf("Nuked key %d\n", 1 + key);
-}
-
-static void
-cmd_write(struct g_bde_key *gl, struct g_bde_softc *sc, int dfd , int key, const char *l_opt)
-{
-	int i, ffd;
-	uint64_t off[2];
-	u_char keyloc[16];
-	u_char *sbuf, *q;
-	off_t offset, offset2;
-
-	sbuf = malloc(gl->sectorsize);
-	/*
-	 * Find the byte-offset in the lock sector where we will put the lock
-	 * data structure.  We can put it any random place as long as the
-	 * structure fits.
-	 */
-	for(;;) {
-		random_bits(off, sizeof off);
-		off[0] &= (gl->sectorsize - 1);
-		if (off[0] + G_BDE_LOCKSIZE > gl->sectorsize)
-			continue;
-		break;
-	}
-
-	/* Add the sector offset in bytes */
-	off[0] += (gl->lsector[key] & ~(gl->sectorsize - 1));
-	gl->lsector[key] = off[0];
-
-	i = g_bde_keyloc_encrypt(sc->sha2, off[0], off[1], keyloc);
-	if (i)
-		errx(1, "g_bde_keyloc_encrypt()");
-	if (l_opt != NULL) {
-		ffd = open(l_opt, O_WRONLY | O_CREAT | O_TRUNC, 0600);
-		if (ffd < 0)
-			err(1, "%s", l_opt);
-		write(ffd, keyloc, sizeof keyloc);
-		close(ffd);
-	} else if (gl->flags & GBDE_F_SECT0) {
-		offset2 = lseek(dfd, 0, SEEK_SET);
-		if (offset2 != 0)
-			err(1, "lseek");
-		i = read(dfd, sbuf, gl->sectorsize);
-		if (i != (int)gl->sectorsize)
-			err(1, "read");
-		memcpy(sbuf + key * 16, keyloc, sizeof keyloc);
-		offset2 = lseek(dfd, 0, SEEK_SET);
-		if (offset2 != 0)
-			err(1, "lseek");
-		i = write(dfd, sbuf, gl->sectorsize);
-		if (i != (int)gl->sectorsize)
-			err(1, "write");
-	} else {
-		errx(1, "No -L option and no space in sector 0 for lockfile");
-	}
-
-	/* Allocate a sectorbuffer and fill it with random junk */
-	if (sbuf == NULL)
-		err(1, "malloc");
-	random_bits(sbuf, gl->sectorsize);
-
-	/* Fill random bits in the spare field */
-	random_bits(gl->spare, sizeof(gl->spare));
-
-	/* Encode the structure where we want it */
-	q = sbuf + (off[0] % gl->sectorsize);
-	i = g_bde_encode_lock(sc->sha2, gl, q);
-	if (i < 0)
-		errx(1, "programming error encoding lock");
-
-	encrypt_sector(q, G_BDE_LOCKSIZE, 256, sc->sha2 + 16);
-	offset = gl->lsector[key] & ~(gl->sectorsize - 1);
-	offset2 = lseek(dfd, offset, SEEK_SET);
-	if (offset2 != offset)
-		err(1, "lseek");
-	i = write(dfd, sbuf, gl->sectorsize);
-	if (i != (int)gl->sectorsize)
-		err(1, "write");
-	free(sbuf);
-#if 0
-	printf("Wrote key %d at %jd\n", key, (intmax_t)offset);
-	printf("s0 = %jd\n", (intmax_t)gl->sector0);
-	printf("sN = %jd\n", (intmax_t)gl->sectorN);
-	printf("l[0] = %jd\n", (intmax_t)gl->lsector[0]);
-	printf("l[1] = %jd\n", (intmax_t)gl->lsector[1]);
-	printf("l[2] = %jd\n", (intmax_t)gl->lsector[2]);
-	printf("l[3] = %jd\n", (intmax_t)gl->lsector[3]);
-	printf("k = %jd\n", (intmax_t)gl->keyoffset);
-	printf("ss = %jd\n", (intmax_t)gl->sectorsize);
-#endif
-}
-
-static void
-cmd_destroy(struct g_bde_key *gl, int nkey)
-{
-	int i;
-
-	bzero(&gl->sector0, sizeof gl->sector0);
-	bzero(&gl->sectorN, sizeof gl->sectorN);
-	bzero(&gl->keyoffset, sizeof gl->keyoffset);
-	gl->flags &= GBDE_F_SECT0;
-	bzero(gl->mkey, sizeof gl->mkey);
-	for (i = 0; i < G_BDE_MAXKEYS; i++)
-		if (i != nkey)
-			gl->lsector[i] = ~0;
-}
-
-static int
-sorthelp(const void *a, const void *b)
-{
-	const uint64_t *oa, *ob;
-
-	oa = a;
-	ob = b;
-	if (*oa > *ob)
-		return 1;
-	if (*oa < *ob)
-		return -1;
-	return 0;
-}
-
-static void
-cmd_init(struct g_bde_key *gl, int dfd, const char *f_opt, int i_opt, const char *l_opt)
-{
-	int i;
-	u_char *buf;
-	unsigned sector_size;
-	uint64_t	first_sector;
-	uint64_t	last_sector;
-	uint64_t	total_sectors;
-	off_t	off, off2;
-	unsigned nkeys;
-	const char *p;
-	char *q, cbuf[BUFSIZ];
-	unsigned u, u2;
-	uint64_t o;
-	properties	params;
-
-	bzero(gl, sizeof *gl);
-	if (f_opt != NULL) {
-		i = open(f_opt, O_RDONLY);
-		if (i < 0)
-			err(1, "%s", f_opt);
-		params = properties_read(i);
-		close (i);
-	} else if (i_opt) {
-		/* XXX: Polish */
-		asprintf(&q, "%stemp.XXXXXXXXXX", _PATH_TMP);
-		if (q == NULL)
-			err(1, "asprintf");
-		i = mkstemp(q);
-		if (i < 0)
-			err(1, "%s", q);
-		write(i, template, strlen(template));
-		close (i);
-		p = getenv("EDITOR");
-		if (p == NULL)
-			p = "vi";
-		if (snprintf(cbuf, sizeof(cbuf), "%s %s\n", p, q) >=
-		    (ssize_t)sizeof(cbuf)) {
-			unlink(q);
-			errx(1, "EDITOR is too long");
-		}
-		system(cbuf);
-		i = open(q, O_RDONLY);
-		if (i < 0)
-			err(1, "%s", f_opt);
-		params = properties_read(i);
-		close (i);
-		unlink(q);
-		free(q);
-	} else {
-		/* XXX: Hack */
-		i = open(_PATH_DEVNULL, O_RDONLY);
-		if (i < 0)
-			err(1, "%s", _PATH_DEVNULL);
-		params = properties_read(i);
-		close (i);
-	}
-
-	/* <sector_size> */
-	p = property_find(params, "sector_size");
-	i = ioctl(dfd, DIOCGSECTORSIZE, &u);
-	if (p != NULL) {
-		sector_size = strtoul(p, &q, 0);
-		if (!*p || *q)
-			errx(1, "sector_size not a proper number");
-	} else if (i == 0) {
-		sector_size = u;
-	} else {
-		errx(1, "Missing sector_size property");
-	}
-	if (sector_size & (sector_size - 1))
-		errx(1, "sector_size not a power of 2");
-	if (sector_size < 512)
-		errx(1, "sector_size is smaller than 512");
-	buf = malloc(sector_size);
-	if (buf == NULL)
-		err(1, "Failed to malloc sector buffer");
-	gl->sectorsize = sector_size;
-
-	i = ioctl(dfd, DIOCGMEDIASIZE, &off);
-	if (i == 0) {
-		first_sector = 0;
-		total_sectors = off / sector_size;
-		last_sector = total_sectors - 1;
-	} else {
-		first_sector = 0;
-		last_sector = 0;
-		total_sectors = 0;
-	}
-
-	/* <first_sector> */
-	p = property_find(params, "first_sector");
-	if (p != NULL) {
-		first_sector = strtoul(p, &q, 0);
-		if (!*p || *q)
-			errx(1, "first_sector not a proper number");
-	}
-
-	/* <last_sector> */
-	p = property_find(params, "last_sector");
-	if (p != NULL) {
-		last_sector = strtoul(p, &q, 0);
-		if (!*p || *q)
-			errx(1, "last_sector not a proper number");
-		if (last_sector <= first_sector)
-			errx(1, "last_sector not larger than first_sector");
-		total_sectors = last_sector + 1;
-	}
-
-	/* <total_sectors> */
-	p = property_find(params, "total_sectors");
-	if (p != NULL) {
*** 5852 LINES SKIPPED ***