#
e83b6acb |
| 12-Aug-2022 |
riastradh <riastradh@NetBSD.org> |
cgdconfig(8): Add support for generating shared-key parameters files.
Usage model:
- Generate a parameters file that supports sharing its main key:
cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantu
cgdconfig(8): Add support for generating shared-key parameters files.
Usage model:
- Generate a parameters file that supports sharing its main key:
cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum
- Make another parameters file that uses the same shared main key but derives an independent subkey from it:
cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256
show more ...
|
#
a21ea60e |
| 12-Aug-2022 |
riastradh <riastradh@NetBSD.org> |
cgdconfig(8): Add support for shared keys.
New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can,
cgdconfig(8): Add support for shared keys.
New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because:
- Hashing the password is expensive, so it should only be done once.
Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'.
. With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n.
And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you.
- Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press.
The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm.
The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256.
Example:
algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; };
The key used for this disk will be derived by
HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==),
where k is the outcome of PBKDF2-SHA1 with the given parameters.
Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files.
If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks.
show more ...
|
#
43ad3a20 |
| 22-Nov-2021 |
nia <nia@NetBSD.org> |
cgdconfig(8): Add an argon2id password-based key generation method
This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for
cgdconfig(8): Add an argon2id password-based key generation method
This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile is initially generated.
lgtm riastradh@
show more ...
|
#
c83c4011 |
| 03-Jun-2021 |
prlw1 <prlw1@NetBSD.org> |
Make adiantum a first class citizen
|
#
7ece43da |
| 30-Dec-2018 |
mlelstv <mlelstv@NetBSD.org> |
Avoid crash when no algorithm is specified in parameter file.
|
#
49b199d4 |
| 11-Dec-2016 |
alnsn <alnsn@NetBSD.org> |
Add aes-xts to cgdconfig(8).
|
#
30445997 |
| 24-Nov-2015 |
christos <christos@NetBSD.org> |
CID 1340063: fix TOCTOU
|
#
f0b8e7b7 |
| 22-Nov-2015 |
christos <christos@NetBSD.org> |
Don't chdir to the config directory; just form the parameters file with a path if needed.
|
#
4ff9f6f7 |
| 16-Jun-2015 |
christos <christos@NetBSD.org> |
fix error messages containing \n
|
#
a38acfb7 |
| 14-Dec-2014 |
mlelstv <mlelstv@NetBSD.org> |
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
|
#
8c6fb6fa |
| 12-Sep-2008 |
christos <christos@NetBSD.org> |
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV
|
#
98059cd5 |
| 11-May-2008 |
elric <elric@NetBSD.org> |
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
|
#
ce099b40 |
| 28-Apr-2008 |
martin <martin@NetBSD.org> |
Remove clause 3 and 4 from TNF licenses
|
#
f4f95f57 |
| 11-Nov-2007 |
christos <christos@NetBSD.org> |
simplify and fix the combination code. Hi pooka.
|
#
ad18d2e4 |
| 06-Nov-2007 |
christos <christos@NetBSD.org> |
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
|
#
6d1dbd06 |
| 06-Feb-2007 |
cbiere <cbiere@NetBSD.org> |
Use warn() and warnx().
|
#
6065c2bb |
| 06-Feb-2007 |
cbiere <cbiere@NetBSD.org> |
crypt_defaults_lookup(): * Avoid comparison of int with unsigned. * Simplified.
|
#
df06563b |
| 17-Jan-2007 |
hubertf <hubertf@NetBSD.org> |
Remove more duplicate #includes, from Slava Semushin <slava.semushin@gmail.com>
|
#
2a1607d0 |
| 26-Aug-2006 |
christos <christos@NetBSD.org> |
Programs that use efun.
|
#
6ec9e1c3 |
| 17-Mar-2006 |
elad <elad@NetBSD.org> |
Proper bounds check, found by Coverity, CID 1468.
|
#
cc9c2b57 |
| 27-Jun-2005 |
christos <christos@NetBSD.org> |
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
|
#
f8ce51d4 |
| 30-Mar-2005 |
christos <christos@NetBSD.org> |
Centralize error checking for malloc,calloc,strdup.
|
#
1b0f3868 |
| 04-Jan-2005 |
elric <elric@NetBSD.org> |
Fix comment. We're using microseconds not milliseconds.
|
#
d28b037b |
| 04-Jan-2005 |
elric <elric@NetBSD.org> |
Fix bits vs. bytes problem in call to calibration routine.
|
#
21840e45 |
| 13-Aug-2004 |
tv <tv@NetBSD.org> |
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
|