1.\" $NetBSD: cgd.4,v 1.2 2002/10/05 15:52:25 grant Exp $ 2.\" 3.\" Copyright (c) 2002, The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Roland C. Dowdeswell. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the NetBSD 20.\" Foundation, Inc. and its contributors. 21.\" 4. Neither the name of The NetBSD Foundation nor the names of its 22.\" contributors may be used to endorse or promote products derived 23.\" from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35.\" POSSIBILITY OF SUCH DAMAGE. 36.\" 37.Dd September 23, 2002 38.Dt CGD 4 39.Os 40.Sh NAME 41.Nm cgd 42.Nd cryptographic disk driver 43.Sh SYNOPSIS 44.Cd "pseudo-device cgd" Op Ar count 45.Sh DESCRIPTION 46The 47.Nm 48driver provides the capability of encrypting blocks on their way 49to and from a disk or partition. 50.Pp 51In order to compile support for the 52.Nm 53into your kernel, you must add the driver to your kernel configuration 54file. 55To do this, add a line similar to: 56.Bd -unfilled -offset indent 57pseudo-device cgd 4 # cryptographic disk driver 58.Ed 59.Pp 60The count argument defines how many 61.Nm Ns 's 62may be configured at a time. 63.Ss Encryption Algorithms 64Currently the following cryptographic algorithms are supported: 65.Bl -tag -width indentxxxxxxx 66.It aes-cbc 67AES in CBC mode. 68AES uses a 128 bit blocksize and can accept keys of 69length 128, 192 or 256. 70The default key length is 256. 71.It 3des-cbc 72Triple DES in CBC mode. 73Triple DES uses a 64 bit blocksize and is 74performed in EDE3 mode with a 168 bit key. 75The key passed to the kernel 76is 192 bits but the parity bits are ignored. 77.It blowfish-cbc 78Blowfish in CBC mode. 79Blowfish uses a 64 bit blocksize and can accept keys of length 128. 80.El 81.Ss IV Methods 82Currently, the only IV Method supported is 83.Ar encblkno 84(Encrypted Block Number). 85This method encrypts the block number of the 86physical disk block with the cipher and key provided and uses that as the 87IV for CBC mode. 88This method should ensure that each block has a different 89IV and that the IV is reasonably unpredictable. 90.Ss IOCTLS 91A 92.Nm 93responds to all of the standard disk 94.Xr ioctl 2 95calls defined in 96.Xr sd 4 , 97and also defines the following: 98.Bl -tag -width CGDIOCSET 99.It CGDIOCSET 100configure the 101.Nm "" . 102This 103.Xr ioctl 2 104sets up the encryption parameters and points the 105.Nm 106at the underlying disk. 107.It CGDIOCCLR 108unconfigures the 109.Nm "" . 110.El 111.Pp 112These 113.Xr ioctl 2 Ns 's 114and their associated data structures are defined in 115.Pa /usr/include/dev/cgdvar.h . 116.Sh WARNINGS 117It goes without saying that if you forget the passphrase that you used 118to configure a 119.Nm "" , 120then you have irrevocably lost all of the data on the disk. 121Please ensure that you are using an appropriate backup strategy. 122.Sh FILES 123.Bl -tag -width indentxxxxxxxxxxx 124.It /dev/{,r}cgd* 125.Nm 126device special files. 127.El 128.Sh SEE ALSO 129.Xr ioctl 2 , 130.Xr sd 4 , 131.Xr MAKEDEV 8 , 132.Xr cgdconfig 8 , 133.Xr config 8 134.Sh HISTORY 135The 136.Nm 137driver was written by Roland C. Dowdeswell for 138.Nx . 139The 140.Nm 141driver originally appeared in 142.Nx 1.7 . 143