svn commit: r332361 - in head: sbin/geom/class/eli sys/geom/eli

Tue Apr 10 13:22:49 UTC 2018

Author: oshogbo
Date: Tue Apr 10 13:22:48 2018
New Revision: 332361
URL: https://svnweb.freebsd.org/changeset/base/332361

Log:
  Introduce dry run option for attaching the device.
  This will allow us to verify if passphrase and key is valid without
  decrypting whole device.
  
  Reviewed by:	cem@, allanjude@
  Differential Revision:	https://reviews.freebsd.org/D15000

Modified:
  head/sbin/geom/class/eli/geli.8
  head/sbin/geom/class/eli/geom_eli.c
  head/sys/geom/eli/g_eli_ctl.c

Modified: head/sbin/geom/class/eli/geli.8
==============================================================================

--- head/sbin/geom/class/eli/geli.8	Tue Apr 10 13:16:50 2018	(r332360)
+++ head/sbin/geom/class/eli/geli.8	Tue Apr 10 13:22:48 2018	(r332361)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd September 17, 2017
+.Dd April 10, 2018
 .Dt GELI 8
 .Os
 .Sh NAME
@@ -67,7 +67,7 @@ utility:
 .Cm init
 .Nm
 .Cm attach
-.Op Fl dprv
+.Op Fl dnprv
 .Op Fl j Ar passfile
 .Op Fl k Ar keyfile
 .Ar prov
@@ -420,6 +420,9 @@ For more information see the description of the
 option for the
 .Cm init
 subcommand.
+.It Fl n
+Do a dry-run decryption.
+This is useful to verify passphrase and keyfile without decrypting the device.
 .It Fl p
 Do not use a passphrase as a component of the User Key.
 Cannot be combined with the

Modified: head/sbin/geom/class/eli/geom_eli.c
==============================================================================
--- head/sbin/geom/class/eli/geom_eli.c	Tue Apr 10 13:16:50 2018	(r332360)
+++ head/sbin/geom/class/eli/geom_eli.c	Tue Apr 10 13:22:48 2018	(r332361)
@@ -148,11 +148,12 @@ struct g_command class_commands[] = {
 		{ 'd', "detach", NULL, G_TYPE_BOOL },
 		{ 'j', "passfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI },
 		{ 'k', "keyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI },
+		{ 'n', "dryrun", NULL, G_TYPE_BOOL },
 		{ 'p', "nopassphrase", NULL, G_TYPE_BOOL },
 		{ 'r', "readonly", NULL, G_TYPE_BOOL },
 		G_OPT_SENTINEL
 	    },
-	    "[-dprv] [-j passfile] [-k keyfile] prov"
+	    "[-dnprv] [-j passfile] [-k keyfile] prov"
 	},
 	{ "detach", 0, NULL,
 	    {

Modified: head/sys/geom/eli/g_eli_ctl.c
==============================================================================
--- head/sys/geom/eli/g_eli_ctl.c	Tue Apr 10 13:16:50 2018	(r332360)
+++ head/sys/geom/eli/g_eli_ctl.c	Tue Apr 10 13:22:48 2018	(r332361)
@@ -59,7 +59,7 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class 
 	struct g_provider *pp;
 	const char *name;
 	u_char *key, mkey[G_ELI_DATAIVKEYLEN];
-	int *nargs, *detach, *readonly;
+	int *nargs, *detach, *readonly, *dryrun;
 	int keysize, error;
 	u_int nkey;
 
@@ -87,6 +87,12 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class 
 		return;
 	}
 
+	dryrun = gctl_get_paraml(req, "dryrun", sizeof(*dryrun));
+	if (dryrun == NULL) {
+		gctl_error(req, "No '%s' argument.", "dryrun");
+		return;
+	}
+
 	if (*detach && *readonly) {
 		gctl_error(req, "Options -d and -r are mutually exclusive.");
 		return;
@@ -141,7 +147,8 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class 
 		md.md_flags |= G_ELI_FLAG_WO_DETACH;
 	if (*readonly)
 		md.md_flags |= G_ELI_FLAG_RO;
-	g_eli_create(req, mp, pp, &md, mkey, nkey);
+	if (!*dryrun)
+		g_eli_create(req, mp, pp, &md, mkey, nkey);
 	explicit_bzero(mkey, sizeof(mkey));
 	explicit_bzero(&md, sizeof(md));
 }
