sbin/bioctl/bioctl.c

*61f93244Sjsing/* $OpenBSD: bioctl.c,v 1.133 2016/09/08 18:41:04 jsing Exp $       */
cf6503d7Sderaadt
3af9de98Smarco/*
2f39728eSdlg * Copyright (c) 2004, 2005 Marco Peereboom
3af9de98Smarco * All rights reserved.
3af9de98Smarco *
3af9de98Smarco * Redistribution and use in source and binary forms, with or without
3af9de98Smarco * modification, are permitted provided that the following conditions
3af9de98Smarco * are met:
3af9de98Smarco * 1. Redistributions of source code must retain the above copyright
3af9de98Smarco *    notice, this list of conditions and the following disclaimer.
3af9de98Smarco * 2. Redistributions in binary form must reproduce the above copyright
3af9de98Smarco *    notice, this list of conditions and the following disclaimer in the
3af9de98Smarco *    documentation and/or other materials provided with the distribution.
3af9de98Smarco *
3af9de98Smarco * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
3af9de98Smarco * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3af9de98Smarco * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
3af9de98Smarco * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR
3af9de98Smarco * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
3af9de98Smarco * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
3af9de98Smarco * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3af9de98Smarco * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
3af9de98Smarco * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3af9de98Smarco * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3af9de98Smarco * SUCH DAMAGE.
3af9de98Smarco *
3af9de98Smarco */
3af9de98Smarco
b9fc9a72Sderaadt#include <sys/param.h>	/* NODEV */
c2126c9aSmarco#include <sys/ioctl.h>
91f4f7d8Sdlg#include <sys/dkio.h>
46bc198bSmarco#include <sys/stat.h>
aef7fe28Shshoexer#include <dev/softraidvar.h>
e7d4f752Sderaadt#include <dev/biovar.h>
3af9de98Smarco
db2730c1Smarco#include <errno.h>
db2730c1Smarco#include <err.h>
db2730c1Smarco#include <fcntl.h>
8ccdd032Sderaadt#include <util.h>
934f30d8Sderaadt#include <ctype.h>
db2730c1Smarco#include <stdio.h>
db2730c1Smarco#include <stdlib.h>
db2730c1Smarco#include <string.h>
db2730c1Smarco#include <unistd.h>
b9fc9a72Sderaadt#include <limits.h>
03b2dfbfShenning#include <vis.h>
9e8c6f5bShshoexer#include <readpassphrase.h>
db2730c1Smarco
6de960dcSmarcostruct locator {
6de960dcSmarco	int		channel;
6de960dcSmarco	int		target;
6de960dcSmarco	int		lun;
6de960dcSmarco};
6de960dcSmarco
d865b7d2Suebayasistruct timing {
d865b7d2Suebayasi	int		interval;
d865b7d2Suebayasi	int		start;
d865b7d2Suebayasi};
d865b7d2Suebayasi
8ccdd032Sderaadtvoid			usage(void);
41eccc89Sderaadtconst char 		*str2locator(const char *, struct locator *);
d865b7d2Suebayasiconst char 		*str2patrol(const char *, struct timing *);
d313c28bSjsingvoid			bio_status(struct bio_status *);
46bc198bSmarcoint			bio_parse_devlist(char *, dev_t *);
aef7fe28Shshoexervoid			bio_kdf_derive(struct sr_crypto_kdfinfo *,
c6446370Sjsing			    struct sr_crypto_kdf_pbkdf2 *, char *, int);
aef7fe28Shshoexervoid			bio_kdf_generate(struct sr_crypto_kdfinfo *);
*61f93244Sjsingvoid			derive_key_pkcs(u_int32_t, int, u_int8_t *, size_t,
*61f93244Sjsing			    u_int8_t *, size_t, char *, int);
8ccdd032Sderaadt
8ccdd032Sderaadtvoid			bio_inq(char *);
8ccdd032Sderaadtvoid			bio_alarm(char *);
a15048bbSmarcoint			bio_getvolbyname(char *);
a15048bbSmarcovoid			bio_setstate(char *, int, char *);
a928c459Sderaadtvoid			bio_setblink(char *, char *, int);
a928c459Sderaadtvoid			bio_blink(char *, int, int);
0054cd36Sjsingvoid			bio_createraid(u_int16_t, char *, char *);
c7c3e8aaSmarcovoid			bio_deleteraid(char *);
c6446370Sjsingvoid			bio_changepass(char *);
e8a57fdeSmarcou_int32_t		bio_createflags(char *);
03b2dfbfShenningchar			*bio_vis(char *);
03b2dfbfShenningvoid			bio_diskinq(char *);
d865b7d2Suebayasivoid			bio_patrol(char *);
3af9de98Smarco
3af9de98Smarcoint			devh = -1;
abe9d68eSderaadtint			human;
abe9d68eSderaadtint			verbose;
e8a57fdeSmarcou_int32_t		cflags = 0;
aedd4f07Sdjmint			rflag = 8192;
86735da2Smarcochar			*password;
3af9de98Smarco
545c4d7fSjsingvoid			*bio_cookie;
545c4d7fSjsing
b96c6ce2Sckuetheint rpp_flag = RPP_REQUIRE_TTY;
3af9de98Smarco
3af9de98Smarcoint
3af9de98Smarcomain(int argc, char *argv[])
3af9de98Smarco{
545c4d7fSjsing	struct bio_locate	bl;
3af9de98Smarco	extern char		*optarg;
db2730c1Smarco	u_int64_t		func = 0;
e63d8b1dSdtucker	char			*devicename = NULL;
cf6503d7Sderaadt	char			*realname = NULL, *al_arg = NULL;
7195049bSmarco	char			*bl_arg = NULL, *dev_list = NULL;
0054cd36Sjsing	char			*key_disk = NULL;
aedd4f07Sdjm	const char		*errstr;
d313c28bSjsing	int			ch, blink = 0, changepass = 0, diskinq = 0;
c6446370Sjsing	int			ss_func = 0;
9ecba717Sderaadt	u_int16_t		cr_level = 0;
e37c64dbSjsing	int			biodev = 0;
3af9de98Smarco
3af9de98Smarco	if (argc < 2)
3af9de98Smarco		usage();
3af9de98Smarco
d865b7d2Suebayasi	while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:O:Pp:qr:R:st:u:v")) !=
c6446370Sjsing	    -1) {
3af9de98Smarco		switch (ch) {
edfd9792Smarco		case 'a': /* alarm */
edfd9792Smarco			func |= BIOC_ALARM;
edfd9792Smarco			al_arg = optarg;
edfd9792Smarco			break;
c55617f1Sdlg		case 'b': /* blink */
c55617f1Sdlg			func |= BIOC_BLINK;
a928c459Sderaadt			blink = BIOC_SBBLINK;
a928c459Sderaadt			bl_arg = optarg;
a928c459Sderaadt			break;
e8a57fdeSmarco		case 'C': /* creation flags */
e8a57fdeSmarco			cflags = bio_createflags(optarg);
e8a57fdeSmarco			break;
7195049bSmarco		case 'c': /* create */
7195049bSmarco			func |= BIOC_CREATERAID;
025f5691Sderaadt			if (isdigit((unsigned char)*optarg)) {
92d21b5cStedu				cr_level = strtonum(optarg, 0, 10, &errstr);
92d21b5cStedu				if (errstr != NULL)
92d21b5cStedu					errx(1, "Invalid RAID level");
92d21b5cStedu			} else
98b750e4Stedu				cr_level = *optarg;
7195049bSmarco			break;
c7c3e8aaSmarco		case 'd':
c7c3e8aaSmarco			/* delete volume */
c7c3e8aaSmarco			func |= BIOC_DELETERAID;
c7c3e8aaSmarco			break;
a928c459Sderaadt		case 'u': /* unblink */
a928c459Sderaadt			func |= BIOC_BLINK;
a928c459Sderaadt			blink = BIOC_SBUNBLINK;
c55617f1Sdlg			bl_arg = optarg;
c55617f1Sdlg			break;
6de960dcSmarco		case 'H': /* set hotspare */
6de960dcSmarco			func |= BIOC_SETSTATE;
a15048bbSmarco			ss_func = BIOC_SSHOTSPARE;
6de960dcSmarco			al_arg = optarg;
6de960dcSmarco			break;
8ccdd032Sderaadt		case 'h':
8ccdd032Sderaadt			human = 1;
8ccdd032Sderaadt			break;
db2730c1Smarco		case 'i': /* inquiry */
db2730c1Smarco			func |= BIOC_INQ;
3af9de98Smarco			break;
0054cd36Sjsing		case 'k': /* Key disk. */
0054cd36Sjsing			key_disk = optarg;
0054cd36Sjsing			break;
7195049bSmarco		case 'l': /* device list */
7195049bSmarco			func |= BIOC_DEVLIST;
7195049bSmarco			dev_list = optarg;
7195049bSmarco			break;
c6446370Sjsing		case 'P':
c6446370Sjsing			/* Change passphrase. */
c6446370Sjsing			changepass = 1;
c6446370Sjsing			break;
86735da2Smarco		case 'p':
86735da2Smarco			password = optarg;
86735da2Smarco			break;
aedd4f07Sdjm		case 'r':
aedd4f07Sdjm			rflag = strtonum(optarg, 1000, 1<<30, &errstr);
aedd4f07Sdjm			if (errstr != NULL)
*61f93244Sjsing				errx(1, "number of KDF rounds is %s: %s",
aedd4f07Sdjm				    errstr, optarg);
aedd4f07Sdjm			break;
50e55a42Sjsing		case 'O':
50e55a42Sjsing			/* set a chunk to offline */
50e55a42Sjsing			func |= BIOC_SETSTATE;
50e55a42Sjsing			ss_func = BIOC_SSOFFLINE;
50e55a42Sjsing			al_arg = optarg;
50e55a42Sjsing			break;
a15048bbSmarco		case 'R':
a15048bbSmarco			/* rebuild to provided chunk/CTL */
a15048bbSmarco			func |= BIOC_SETSTATE;
a15048bbSmarco			ss_func = BIOC_SSREBUILD;
a15048bbSmarco			al_arg = optarg;
a15048bbSmarco			break;
b96c6ce2Sckuethe		case 's':
b96c6ce2Sckuethe			rpp_flag = RPP_STDIN;
b96c6ce2Sckuethe			break;
d865b7d2Suebayasi		case 't': /* patrol */
d865b7d2Suebayasi			func |= BIOC_PATROL;
d865b7d2Suebayasi			al_arg = optarg;
d865b7d2Suebayasi			break;
abe9d68eSderaadt		case 'v':
abe9d68eSderaadt			verbose = 1;
abe9d68eSderaadt			break;
03b2dfbfShenning		case 'q':
03b2dfbfShenning			diskinq = 1;
03b2dfbfShenning			break;
3af9de98Smarco		default:
3af9de98Smarco			usage();
3af9de98Smarco			/* NOTREACHED */
3af9de98Smarco		}
3af9de98Smarco	}
cf6503d7Sderaadt	argc -= optind;
cf6503d7Sderaadt	argv += optind;
3af9de98Smarco
c6446370Sjsing	if (argc != 1 || (changepass && func != 0))
cf6503d7Sderaadt		usage();
cf6503d7Sderaadt
dcbaf4c8Sderaadt	if (func == 0)
dcbaf4c8Sderaadt		func |= BIOC_INQ;
dcbaf4c8Sderaadt
e63d8b1dSdtucker	devicename = argv[0];
e63d8b1dSdtucker	if (devicename == NULL)
e37c64dbSjsing		errx(1, "need device");
10b411a7Smarco
e63d8b1dSdtucker	devh = opendev(devicename, O_RDWR, OPENDEV_PART, &realname);
e37c64dbSjsing	if (devh == -1) {
41eccc89Sderaadt		devh = open("/dev/bio", O_RDWR);
3af9de98Smarco		if (devh == -1)
41eccc89Sderaadt			err(1, "Can't open %s", "/dev/bio");
3af9de98Smarco
e63d8b1dSdtucker		bl.bl_name = devicename;
d313c28bSjsing		if (ioctl(devh, BIOCLOCATE, &bl))
10b411a7Smarco			errx(1, "Can't locate %s device via %s",
41eccc89Sderaadt			    bl.bl_name, "/dev/bio");
d313c28bSjsing
d313c28bSjsing		bio_status(&bl.bl_bio.bio_status);
d313c28bSjsing
545c4d7fSjsing		bio_cookie = bl.bl_bio.bio_cookie;
e37c64dbSjsing		biodev = 1;
e63d8b1dSdtucker		devicename = NULL;
e37c64dbSjsing	}
3af9de98Smarco
03b2dfbfShenning	if (diskinq) {
e63d8b1dSdtucker		bio_diskinq(devicename);
e37c64dbSjsing	} else if (changepass && !biodev) {
e63d8b1dSdtucker		bio_changepass(devicename);
03b2dfbfShenning	} else if (func & BIOC_INQ) {
e63d8b1dSdtucker		bio_inq(devicename);
edfd9792Smarco	} else if (func == BIOC_ALARM) {
edfd9792Smarco		bio_alarm(al_arg);
c55617f1Sdlg	} else if (func == BIOC_BLINK) {
e63d8b1dSdtucker		bio_setblink(devicename, bl_arg, blink);
d865b7d2Suebayasi	} else if (func == BIOC_PATROL) {
d865b7d2Suebayasi		bio_patrol(al_arg);
6de960dcSmarco	} else if (func == BIOC_SETSTATE) {
a15048bbSmarco		bio_setstate(al_arg, ss_func, argv[0]);
e37c64dbSjsing	} else if (func == BIOC_DELETERAID && !biodev) {
e63d8b1dSdtucker		bio_deleteraid(devicename);
7195049bSmarco	} else if (func & BIOC_CREATERAID || func & BIOC_DEVLIST) {
7195049bSmarco		if (!(func & BIOC_CREATERAID))
7195049bSmarco			errx(1, "need -c parameter");
7195049bSmarco		if (!(func & BIOC_DEVLIST))
7195049bSmarco			errx(1, "need -l parameter");
e37c64dbSjsing		if (!biodev)
e37c64dbSjsing			errx(1, "must use bio device");
0054cd36Sjsing		bio_createraid(cr_level, dev_list, key_disk);
3af9de98Smarco	}
3af9de98Smarco
3af9de98Smarco	return (0);
3af9de98Smarco}
3af9de98Smarco
3af9de98Smarcovoid
3af9de98Smarcousage(void)
3af9de98Smarco{
3af9de98Smarco	extern char		*__progname;
3af9de98Smarco
d90b5d8bSjmc	fprintf(stderr,
d0b772c8Sjmc		"usage: %s [-hiqv] [-a alarm-function] "
d90b5d8bSjmc		"[-b channel:target[.lun]]\n"
d0b772c8Sjmc		"\t[-H channel:target[.lun]] "
af56bbe7Smatthieu		"[-R device | channel:target[.lun]]\n"
2e6b119fSjmc		"\t[-t patrol-function] "
2e6b119fSjmc		"[-u channel:target[.lun]] "
d0b772c8Sjmc		"device\n"
b96c6ce2Sckuethe		"       %s [-dhiPqsv] "
b90fdff5Sjmc		"[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n"
50e55a42Sjsing		"\t[-l special[,special,...]] "
50e55a42Sjsing		"[-O device | channel:target[.lun]]\n"
50e55a42Sjsing		"\t[-p passfile] [-R device | channel:target[.lun]]\n"
2e6b119fSjmc		"\t[-r rounds] "
d0b772c8Sjmc		"device\n", __progname, __progname);
d90b5d8bSjmc
3af9de98Smarco	exit(1);
3af9de98Smarco}
3af9de98Smarco
41eccc89Sderaadtconst char *
6de960dcSmarcostr2locator(const char *string, struct locator *location)
6de960dcSmarco{
50d3c4dcSdlg	const char		*errstr;
41eccc89Sderaadt	char			parse[80], *targ, *lun;
6de960dcSmarco
41eccc89Sderaadt	strlcpy(parse, string, sizeof parse);
41eccc89Sderaadt	targ = strchr(parse, ':');
6de960dcSmarco	if (targ == NULL)
41eccc89Sderaadt		return ("target not specified");
6de960dcSmarco	*targ++ = '\0';
6de960dcSmarco
50d3c4dcSdlg	lun = strchr(targ, '.');
6de960dcSmarco	if (lun != NULL) {
6de960dcSmarco		*lun++ = '\0';
50d3c4dcSdlg		location->lun = strtonum(lun, 0, 256, &errstr);
50d3c4dcSdlg		if (errstr)
41eccc89Sderaadt			return (errstr);
6de960dcSmarco	} else
6de960dcSmarco		location->lun = 0;
6de960dcSmarco
50d3c4dcSdlg	location->target = strtonum(targ, 0, 256, &errstr);
50d3c4dcSdlg	if (errstr)
41eccc89Sderaadt		return (errstr);
41eccc89Sderaadt	location->channel = strtonum(parse, 0, 256, &errstr);
50d3c4dcSdlg	if (errstr)
41eccc89Sderaadt		return (errstr);
41eccc89Sderaadt	return (NULL);
6de960dcSmarco}
6de960dcSmarco
d865b7d2Suebayasiconst char *
d865b7d2Suebayasistr2patrol(const char *string, struct timing *timing)
d865b7d2Suebayasi{
d865b7d2Suebayasi	const char		*errstr;
d865b7d2Suebayasi	char			parse[80], *interval = NULL, *start = NULL;
d865b7d2Suebayasi
d865b7d2Suebayasi	timing->interval = 0;
d865b7d2Suebayasi	timing->start = 0;
d865b7d2Suebayasi
d865b7d2Suebayasi	strlcpy(parse, string, sizeof parse);
d865b7d2Suebayasi
d865b7d2Suebayasi	interval = strchr(parse, '.');
d865b7d2Suebayasi	if (interval != NULL) {
d865b7d2Suebayasi		*interval++ = '\0';
d865b7d2Suebayasi		start = strchr(interval, '.');
d865b7d2Suebayasi		if (start != NULL)
d865b7d2Suebayasi			*start++ = '\0';
d865b7d2Suebayasi	}
d865b7d2Suebayasi	if (interval != NULL) {
d865b7d2Suebayasi		/* -1 == continuously */
d865b7d2Suebayasi		timing->interval = strtonum(interval, -1, INT_MAX, &errstr);
d865b7d2Suebayasi		if (errstr)
d865b7d2Suebayasi			return (errstr);
d865b7d2Suebayasi	}
d865b7d2Suebayasi	if (start != NULL) {
d865b7d2Suebayasi		timing->start = strtonum(start, 0, INT_MAX, &errstr);
d865b7d2Suebayasi		if (errstr)
d865b7d2Suebayasi			return (errstr);
d865b7d2Suebayasi	}
d865b7d2Suebayasi
d865b7d2Suebayasi	return (NULL);
d865b7d2Suebayasi}
d865b7d2Suebayasi
3af9de98Smarcovoid
d313c28bSjsingbio_status(struct bio_status *bs)
d313c28bSjsing{
0a69bfccSjsing	extern char		*__progname;
0a69bfccSjsing	char			*prefix;
d313c28bSjsing	int			i;
d313c28bSjsing
d313c28bSjsing	if (strlen(bs->bs_controller))
0a69bfccSjsing		prefix = bs->bs_controller;
0a69bfccSjsing	else
0a69bfccSjsing		prefix = __progname;
d313c28bSjsing
0a69bfccSjsing	for (i = 0; i < bs->bs_msg_count; i++)
0a69bfccSjsing		printf("%s: %s\n", prefix, bs->bs_msgs[i].bm_msg);
0a69bfccSjsing
0a69bfccSjsing	if (bs->bs_status == BIO_STATUS_ERROR) {
0a69bfccSjsing		if (bs->bs_msg_count == 0)
0a69bfccSjsing			errx(1, "unknown error");
0a69bfccSjsing		else
d313c28bSjsing			exit(1);
d313c28bSjsing	}
0a69bfccSjsing}
d313c28bSjsing
d313c28bSjsingvoid
8ccdd032Sderaadtbio_inq(char *name)
d4546a56Sdlg{
cc711184Skettenis	char 			*status, *cache;
cc711184Skettenis	char			size[64], scsiname[16], volname[32];
d865b7d2Suebayasi	char			percent[20], seconds[20];
d313c28bSjsing	int			i, d, volheader, hotspare, unused;
aa65acf1Sderaadt	char			encname[16], serial[32];
8ccdd032Sderaadt	struct bioc_inq		bi;
8ccdd032Sderaadt	struct bioc_vol		bv;
c2b1f828Sderaadt	struct bioc_disk	bd;
db2730c1Smarco
db2730c1Smarco	memset(&bi, 0, sizeof(bi));
3af9de98Smarco
545c4d7fSjsing	bi.bi_bio.bio_cookie = bio_cookie;
3af9de98Smarco
d313c28bSjsing	if (ioctl(devh, BIOCINQ, &bi)) {
03b2dfbfShenning		if (errno == ENOTTY)
03b2dfbfShenning			bio_diskinq(name);
03b2dfbfShenning		else
da3b0664Shenning			err(1, "BIOCINQ");
3af9de98Smarco		return;
3af9de98Smarco	}
3af9de98Smarco
d313c28bSjsing	bio_status(&bi.bi_bio.bio_status);
d313c28bSjsing
8ccdd032Sderaadt	volheader = 0;
8ccdd032Sderaadt	for (i = 0; i < bi.bi_novol; i++) {
db2730c1Smarco		memset(&bv, 0, sizeof(bv));
545c4d7fSjsing		bv.bv_bio.bio_cookie = bio_cookie;
8ccdd032Sderaadt		bv.bv_volid = i;
0a92ff65Sderaadt		bv.bv_percent = -1;
9017fb97Sderaadt		bv.bv_seconds = 0;
70a2ae7bSmarco
d313c28bSjsing		if (ioctl(devh, BIOCVOL, &bv))
da3b0664Shenning			err(1, "BIOCVOL");
3af9de98Smarco
d313c28bSjsing		bio_status(&bv.bv_bio.bio_status);
d313c28bSjsing
8ccdd032Sderaadt		if (name && strcmp(name, bv.bv_dev) != 0)
8ccdd032Sderaadt			continue;
8ccdd032Sderaadt
8ccdd032Sderaadt		if (!volheader) {
8ccdd032Sderaadt			volheader = 1;
150c22bbSjcs			printf("%-11s %-10s %14s %-8s\n",
8ccdd032Sderaadt			    "Volume", "Status", "Size", "Device");
8ccdd032Sderaadt		}
8ccdd032Sderaadt
0a92ff65Sderaadt		percent[0] = '\0';
9017fb97Sderaadt		seconds[0] = '\0';
0a92ff65Sderaadt		if (bv.bv_percent != -1)
0a92ff65Sderaadt			snprintf(percent, sizeof percent,
0a92ff65Sderaadt			    " %d%% done", bv.bv_percent);
9017fb97Sderaadt		if (bv.bv_seconds)
9017fb97Sderaadt			snprintf(seconds, sizeof seconds,
9017fb97Sderaadt			    " %u seconds", bv.bv_seconds);
8ccdd032Sderaadt		switch (bv.bv_status) {
db2730c1Smarco		case BIOC_SVONLINE:
8ccdd032Sderaadt			status = BIOC_SVONLINE_S;
db2730c1Smarco			break;
db2730c1Smarco		case BIOC_SVOFFLINE:
8ccdd032Sderaadt			status = BIOC_SVOFFLINE_S;
db2730c1Smarco			break;
db2730c1Smarco		case BIOC_SVDEGRADED:
8ccdd032Sderaadt			status = BIOC_SVDEGRADED_S;
db2730c1Smarco			break;
0a92ff65Sderaadt		case BIOC_SVBUILDING:
0a92ff65Sderaadt			status = BIOC_SVBUILDING_S;
0a92ff65Sderaadt			break;
0a92ff65Sderaadt		case BIOC_SVREBUILD:
0a92ff65Sderaadt			status = BIOC_SVREBUILD_S;
0a92ff65Sderaadt			break;
0a92ff65Sderaadt		case BIOC_SVSCRUB:
0a92ff65Sderaadt			status = BIOC_SVSCRUB_S;
0a92ff65Sderaadt			break;
db2730c1Smarco		case BIOC_SVINVALID:
db2730c1Smarco		default:
8ccdd032Sderaadt			status = BIOC_SVINVALID_S;
d4546a56Sdlg		}
cc711184Skettenis		switch (bv.bv_cache) {
cc711184Skettenis		case BIOC_CVWRITEBACK:
cc711184Skettenis			cache = BIOC_CVWRITEBACK_S;
cc711184Skettenis			break;
cc711184Skettenis		case BIOC_CVWRITETHROUGH:
cc711184Skettenis			cache = BIOC_CVWRITETHROUGH_S;
cc711184Skettenis			break;
cc711184Skettenis		case BIOC_CVUNKNOWN:
cc711184Skettenis		default:
cc711184Skettenis			cache = BIOC_CVUNKNOWN_S;
cc711184Skettenis		}
3af9de98Smarco
aa65acf1Sderaadt		snprintf(volname, sizeof volname, "%s %u",
8ccdd032Sderaadt		    bi.bi_dev, bv.bv_volid);
b9950701Smarco
9ecba717Sderaadt		unused = 0;
9ecba717Sderaadt		hotspare = 0;
aa65acf1Sderaadt		if (bv.bv_level == -1 && bv.bv_nodisk == 1)
aa65acf1Sderaadt			hotspare = 1;
b9950701Smarco		else if (bv.bv_level == -2 && bv.bv_nodisk == 1)
b9950701Smarco			unused = 1;
aa65acf1Sderaadt		else {
8ccdd032Sderaadt			if (human)
8ccdd032Sderaadt				fmt_scaled(bv.bv_size, size);
8ccdd032Sderaadt			else
8ccdd032Sderaadt				snprintf(size, sizeof size, "%14llu",
8ccdd032Sderaadt				    bv.bv_size);
da935596Stodd			switch (bv.bv_level) {
da935596Stodd			case 'C':
150c22bbSjcs				printf("%11s %-10s %14s %-7s CRYPTO%s%s\n",
da935596Stodd				    volname, status, size, bv.bv_dev,
da935596Stodd				    percent, seconds);
da935596Stodd				break;
2b5fc845Sjsing			case 'c':
2b5fc845Sjsing				printf("%11s %-10s %14s %-7s CONCAT%s%s\n",
2b5fc845Sjsing				    volname, status, size, bv.bv_dev,
2b5fc845Sjsing				    percent, seconds);
2b5fc845Sjsing				break;
da935596Stodd			default:
cc711184Skettenis				printf("%11s %-10s %14s %-7s RAID%u%s%s %s\n",
0a92ff65Sderaadt				    volname, status, size, bv.bv_dev,
cc711184Skettenis				    bv.bv_level, percent, seconds, cache);
da935596Stodd				break;
da935596Stodd			}
da935596Stodd
aa65acf1Sderaadt		}
8ccdd032Sderaadt
8ccdd032Sderaadt		for (d = 0; d < bv.bv_nodisk; d++) {
db2730c1Smarco			memset(&bd, 0, sizeof(bd));
545c4d7fSjsing			bd.bd_bio.bio_cookie = bio_cookie;
8ccdd032Sderaadt			bd.bd_diskid = d;
8ccdd032Sderaadt			bd.bd_volid = i;
d865b7d2Suebayasi			bd.bd_patrol.bdp_percent = -1;
d865b7d2Suebayasi			bd.bd_patrol.bdp_seconds = 0;
3af9de98Smarco
d313c28bSjsing			if (ioctl(devh, BIOCDISK, &bd))
da3b0664Shenning				err(1, "BIOCDISK");
3af9de98Smarco
d313c28bSjsing			bio_status(&bd.bd_bio.bio_status);
d313c28bSjsing
8ccdd032Sderaadt			switch (bd.bd_status) {
db2730c1Smarco			case BIOC_SDONLINE:
8ccdd032Sderaadt				status = BIOC_SDONLINE_S;
d4546a56Sdlg				break;
db2730c1Smarco			case BIOC_SDOFFLINE:
8ccdd032Sderaadt				status = BIOC_SDOFFLINE_S;
d4546a56Sdlg				break;
db2730c1Smarco			case BIOC_SDFAILED:
8ccdd032Sderaadt				status = BIOC_SDFAILED_S;
db2730c1Smarco				break;
db2730c1Smarco			case BIOC_SDREBUILD:
8ccdd032Sderaadt				status = BIOC_SDREBUILD_S;
db2730c1Smarco				break;
db2730c1Smarco			case BIOC_SDHOTSPARE:
8ccdd032Sderaadt				status = BIOC_SDHOTSPARE_S;
db2730c1Smarco				break;
db2730c1Smarco			case BIOC_SDUNUSED:
8ccdd032Sderaadt				status = BIOC_SDUNUSED_S;
db2730c1Smarco				break;
e1dfb373Sderaadt			case BIOC_SDSCRUB:
e1dfb373Sderaadt				status = BIOC_SDSCRUB_S;
e1dfb373Sderaadt				break;
db2730c1Smarco			case BIOC_SDINVALID:
d4546a56Sdlg			default:
8ccdd032Sderaadt				status = BIOC_SDINVALID_S;
d4546a56Sdlg			}
aa65acf1Sderaadt
b9950701Smarco			if (hotspare || unused)
aa65acf1Sderaadt				;	/* use volname from parent volume */
aa65acf1Sderaadt			else
aa65acf1Sderaadt				snprintf(volname, sizeof volname, "    %3u",
aa65acf1Sderaadt				    bd.bd_diskid);
aa65acf1Sderaadt
0054cd36Sjsing			if (bv.bv_level == 'C' && bd.bd_size == 0)
0054cd36Sjsing				snprintf(size, sizeof size, "%14s", "key disk");
0054cd36Sjsing			else if (human)
8ccdd032Sderaadt				fmt_scaled(bd.bd_size, size);
8ccdd032Sderaadt			else
8ccdd032Sderaadt				snprintf(size, sizeof size, "%14llu",
8ccdd032Sderaadt				    bd.bd_size);
8ccdd032Sderaadt			snprintf(scsiname, sizeof scsiname,
43d61178Sderaadt			    "%u:%u.%u",
43d61178Sderaadt			    bd.bd_channel, bd.bd_target, bd.bd_lun);
5978b28dSderaadt			if (bd.bd_procdev[0])
abe9d68eSderaadt				strlcpy(encname, bd.bd_procdev, sizeof encname);
5978b28dSderaadt			else
abe9d68eSderaadt				strlcpy(encname, "noencl", sizeof encname);
abe9d68eSderaadt			if (bd.bd_serial[0])
abe9d68eSderaadt				strlcpy(serial, bd.bd_serial, sizeof serial);
abe9d68eSderaadt			else
abe9d68eSderaadt				strlcpy(serial, "unknown serial", sizeof serial);
8ccdd032Sderaadt
d865b7d2Suebayasi			percent[0] = '\0';
d865b7d2Suebayasi			seconds[0] = '\0';
d865b7d2Suebayasi			if (bd.bd_patrol.bdp_percent != -1)
d865b7d2Suebayasi				snprintf(percent, sizeof percent,
d865b7d2Suebayasi				    " patrol %d%% done", bd.bd_patrol.bdp_percent);
d865b7d2Suebayasi			if (bd.bd_patrol.bdp_seconds)
d865b7d2Suebayasi				snprintf(seconds, sizeof seconds,
d865b7d2Suebayasi				    " %u seconds", bd.bd_patrol.bdp_seconds);
d865b7d2Suebayasi
150c22bbSjcs			printf("%11s %-10s %14s %-7s %-6s <%s>\n",
aa65acf1Sderaadt			    volname, status, size, scsiname, encname,
8ccdd032Sderaadt			    bd.bd_vendor);
abe9d68eSderaadt			if (verbose)
d865b7d2Suebayasi				printf("%11s %-10s %14s %-7s %-6s '%s'%s%s\n",
d865b7d2Suebayasi				    "", "", "", "", "", serial, percent, seconds);
d4546a56Sdlg		}
d4546a56Sdlg	}
d4546a56Sdlg}
edfd9792Smarco
edfd9792Smarcovoid
edfd9792Smarcobio_alarm(char *arg)
edfd9792Smarco{
8ccdd032Sderaadt	struct bioc_alarm	ba;
edfd9792Smarco
c2b1f828Sderaadt	memset(&ba, 0, sizeof(ba));
545c4d7fSjsing	ba.ba_bio.bio_cookie = bio_cookie;
edfd9792Smarco
edfd9792Smarco	switch (arg[0]) {
edfd9792Smarco	case 'q': /* silence alarm */
edfd9792Smarco		/* FALLTHROUGH */
edfd9792Smarco	case 's':
8ccdd032Sderaadt		ba.ba_opcode = BIOC_SASILENCE;
edfd9792Smarco		break;
edfd9792Smarco
edfd9792Smarco	case 'e': /* enable alarm */
8ccdd032Sderaadt		ba.ba_opcode = BIOC_SAENABLE;
edfd9792Smarco		break;
edfd9792Smarco
edfd9792Smarco	case 'd': /* disable alarm */
8ccdd032Sderaadt		ba.ba_opcode = BIOC_SADISABLE;
edfd9792Smarco		break;
edfd9792Smarco
edfd9792Smarco	case 't': /* test alarm */
8ccdd032Sderaadt		ba.ba_opcode = BIOC_SATEST;
edfd9792Smarco		break;
edfd9792Smarco
edfd9792Smarco	case 'g': /* get alarm state */
8ccdd032Sderaadt		ba.ba_opcode = BIOC_GASTATUS;
edfd9792Smarco		break;
edfd9792Smarco
edfd9792Smarco	default:
da3b0664Shenning		errx(1, "invalid alarm function: %s", arg);
edfd9792Smarco	}
edfd9792Smarco
d313c28bSjsing	if (ioctl(devh, BIOCALARM, &ba))
da3b0664Shenning		err(1, "BIOCALARM");
edfd9792Smarco
d313c28bSjsing	bio_status(&ba.ba_bio.bio_status);
d313c28bSjsing
d313c28bSjsing	if (arg[0] == 'g')
edfd9792Smarco		printf("alarm is currently %s\n",
8ccdd032Sderaadt		    ba.ba_status ? "enabled" : "disabled");
edfd9792Smarco}
6de960dcSmarco
a15048bbSmarcoint
a15048bbSmarcobio_getvolbyname(char *name)
a15048bbSmarco{
d313c28bSjsing	int			id = -1, i;
a15048bbSmarco	struct bioc_inq		bi;
a15048bbSmarco	struct bioc_vol		bv;
a15048bbSmarco
a15048bbSmarco	memset(&bi, 0, sizeof(bi));
545c4d7fSjsing	bi.bi_bio.bio_cookie = bio_cookie;
d313c28bSjsing	if (ioctl(devh, BIOCINQ, &bi))
a15048bbSmarco		err(1, "BIOCINQ");
a15048bbSmarco
d313c28bSjsing	bio_status(&bi.bi_bio.bio_status);
d313c28bSjsing
a15048bbSmarco	for (i = 0; i < bi.bi_novol; i++) {
a15048bbSmarco		memset(&bv, 0, sizeof(bv));
545c4d7fSjsing		bv.bv_bio.bio_cookie = bio_cookie;
a15048bbSmarco		bv.bv_volid = i;
d313c28bSjsing		if (ioctl(devh, BIOCVOL, &bv))
a15048bbSmarco			err(1, "BIOCVOL");
a15048bbSmarco
d313c28bSjsing		bio_status(&bv.bv_bio.bio_status);
d313c28bSjsing
a15048bbSmarco		if (name && strcmp(name, bv.bv_dev) != 0)
a15048bbSmarco			continue;
a15048bbSmarco		id = i;
a15048bbSmarco		break;
a15048bbSmarco	}
a15048bbSmarco
a15048bbSmarco	return (id);
a15048bbSmarco}
a15048bbSmarco
ebaf584eSderaadtvoid
8d8693a2Sdtuckerbio_setstate(char *arg, int status, char *devicename)
6de960dcSmarco{
6de960dcSmarco	struct bioc_setstate	bs;
6de960dcSmarco	struct locator		location;
a15048bbSmarco	struct stat		sb;
41eccc89Sderaadt	const char		*errstr;
6de960dcSmarco
a15048bbSmarco	memset(&bs, 0, sizeof(bs));
a15048bbSmarco	if (stat(arg, &sb) == -1) {
a15048bbSmarco		/* use CTL */
41eccc89Sderaadt		errstr = str2locator(arg, &location);
41eccc89Sderaadt		if (errstr)
41eccc89Sderaadt			errx(1, "Target %s: %s", arg, errstr);
6de960dcSmarco		bs.bs_channel = location.channel;
6de960dcSmarco		bs.bs_target = location.target;
6de960dcSmarco		bs.bs_lun = location.lun;
a15048bbSmarco	} else {
a15048bbSmarco		/* use other id */
a15048bbSmarco		bs.bs_other_id = sb.st_rdev;
a15048bbSmarco		bs.bs_other_id_type = BIOC_SSOTHER_DEVT;
a15048bbSmarco	}
a15048bbSmarco
545c4d7fSjsing	bs.bs_bio.bio_cookie = bio_cookie;
a15048bbSmarco	bs.bs_status = status;
a15048bbSmarco
d2647ac1Sjsing	if (status != BIOC_SSHOTSPARE) {
a15048bbSmarco		/* make sure user supplied a sd device */
8d8693a2Sdtucker		bs.bs_volid = bio_getvolbyname(devicename);
a15048bbSmarco		if (bs.bs_volid == -1)
8d8693a2Sdtucker			errx(1, "invalid device %s", devicename);
d2647ac1Sjsing	}
6de960dcSmarco
d313c28bSjsing	if (ioctl(devh, BIOCSETSTATE, &bs))
da3b0664Shenning		err(1, "BIOCSETSTATE");
d313c28bSjsing
d313c28bSjsing	bio_status(&bs.bs_bio.bio_status);
6de960dcSmarco}
c55617f1Sdlg
c55617f1Sdlgvoid
a928c459Sderaadtbio_setblink(char *name, char *arg, int blink)
c55617f1Sdlg{
50d3c4dcSdlg	struct locator		location;
c2b1f828Sderaadt	struct bioc_blink	bb;
50d3c4dcSdlg	struct bioc_inq		bi;
50d3c4dcSdlg	struct bioc_vol		bv;
50d3c4dcSdlg	struct bioc_disk	bd;
41eccc89Sderaadt	const char		*errstr;
50d3c4dcSdlg	int			v, d, rv;
c55617f1Sdlg
41eccc89Sderaadt	errstr = str2locator(arg, &location);
41eccc89Sderaadt	if (errstr)
41eccc89Sderaadt		errx(1, "Target %s: %s", arg, errstr);
50d3c4dcSdlg
0505205bSdlg	/* try setting blink on the device directly */
0505205bSdlg	memset(&bb, 0, sizeof(bb));
545c4d7fSjsing	bb.bb_bio.bio_cookie = bio_cookie;
0505205bSdlg	bb.bb_status = blink;
0505205bSdlg	bb.bb_target = location.target;
649724a4Smarco	bb.bb_channel = location.channel;
0505205bSdlg	rv = ioctl(devh, BIOCBLINK, &bb);
d313c28bSjsing
d313c28bSjsing	if (rv == 0 && bb.bb_bio.bio_status.bs_status == BIO_STATUS_UNKNOWN)
0505205bSdlg		return;
0505205bSdlg
d313c28bSjsing	if (rv == 0 && bb.bb_bio.bio_status.bs_status == BIO_STATUS_SUCCESS) {
d313c28bSjsing		bio_status(&bb.bb_bio.bio_status);
d313c28bSjsing		return;
d313c28bSjsing	}
d313c28bSjsing
855d4e83Ssobrado	/* if the blink didn't work, try to find something that will */
0505205bSdlg
50d3c4dcSdlg	memset(&bi, 0, sizeof(bi));
545c4d7fSjsing	bi.bi_bio.bio_cookie = bio_cookie;
d313c28bSjsing	if (ioctl(devh, BIOCINQ, &bi))
da3b0664Shenning		err(1, "BIOCINQ");
50d3c4dcSdlg
d313c28bSjsing	bio_status(&bi.bi_bio.bio_status);
d313c28bSjsing
50d3c4dcSdlg	for (v = 0; v < bi.bi_novol; v++) {
50d3c4dcSdlg		memset(&bv, 0, sizeof(bv));
545c4d7fSjsing		bv.bv_bio.bio_cookie = bio_cookie;
50d3c4dcSdlg		bv.bv_volid = v;
d313c28bSjsing		if (ioctl(devh, BIOCVOL, &bv))
da3b0664Shenning			err(1, "BIOCVOL");
50d3c4dcSdlg
d313c28bSjsing		bio_status(&bv.bv_bio.bio_status);
d313c28bSjsing
50d3c4dcSdlg		if (name && strcmp(name, bv.bv_dev) != 0)
50d3c4dcSdlg			continue;
50d3c4dcSdlg
50d3c4dcSdlg		for (d = 0; d < bv.bv_nodisk; d++) {
50d3c4dcSdlg			memset(&bd, 0, sizeof(bd));
545c4d7fSjsing			bd.bd_bio.bio_cookie = bio_cookie;
50d3c4dcSdlg			bd.bd_volid = v;
50d3c4dcSdlg			bd.bd_diskid = d;
50d3c4dcSdlg
d313c28bSjsing			if (ioctl(devh, BIOCDISK, &bd))
da3b0664Shenning				err(1, "BIOCDISK");
50d3c4dcSdlg
d313c28bSjsing			bio_status(&bd.bd_bio.bio_status);
d313c28bSjsing
50d3c4dcSdlg			if (bd.bd_channel == location.channel &&
50d3c4dcSdlg			    bd.bd_target == location.target &&
50d3c4dcSdlg			    bd.bd_lun == location.lun) {
d313c28bSjsing				if (bd.bd_procdev[0] != '\0')
50d3c4dcSdlg					bio_blink(bd.bd_procdev,
a928c459Sderaadt					    location.target, blink);
d313c28bSjsing				else
d313c28bSjsing					warnx("Disk %s is not in an enclosure",
d313c28bSjsing					    arg);
50d3c4dcSdlg				return;
50d3c4dcSdlg			}
50d3c4dcSdlg		}
50d3c4dcSdlg	}
50d3c4dcSdlg
41eccc89Sderaadt	warnx("Disk %s does not exist", arg);
d313c28bSjsing
50d3c4dcSdlg	return;
50d3c4dcSdlg}
50d3c4dcSdlg
50d3c4dcSdlgvoid
a928c459Sderaadtbio_blink(char *enclosure, int target, int blinktype)
50d3c4dcSdlg{
50d3c4dcSdlg	int			bioh;
d313c28bSjsing	struct bio_locate	bl;
50d3c4dcSdlg	struct bioc_blink	blink;
50d3c4dcSdlg
41eccc89Sderaadt	bioh = open("/dev/bio", O_RDWR);
50d3c4dcSdlg	if (bioh == -1)
41eccc89Sderaadt		err(1, "Can't open %s", "/dev/bio");
50d3c4dcSdlg
c2b1f828Sderaadt	memset(&bl, 0, sizeof(bl));
d313c28bSjsing	bl.bl_name = enclosure;
d313c28bSjsing	if (ioctl(bioh, BIOCLOCATE, &bl))
41eccc89Sderaadt		errx(1, "Can't locate %s device via %s", enclosure, "/dev/bio");
c55617f1Sdlg
d313c28bSjsing	bio_status(&bl.bl_bio.bio_status);
d313c28bSjsing
c55617f1Sdlg	memset(&blink, 0, sizeof(blink));
545c4d7fSjsing	blink.bb_bio.bio_cookie = bio_cookie;
a928c459Sderaadt	blink.bb_status = blinktype;
c55617f1Sdlg	blink.bb_target = target;
c55617f1Sdlg
d313c28bSjsing	if (ioctl(bioh, BIOCBLINK, &blink))
da3b0664Shenning		err(1, "BIOCBLINK");
50d3c4dcSdlg
d313c28bSjsing	bio_status(&blink.bb_bio.bio_status);
d313c28bSjsing
50d3c4dcSdlg	close(bioh);
c55617f1Sdlg}
7195049bSmarco
7195049bSmarcovoid
0054cd36Sjsingbio_createraid(u_int16_t level, char *dev_list, char *key_disk)
7195049bSmarco{
7195049bSmarco	struct bioc_createraid	create;
aef7fe28Shshoexer	struct sr_crypto_kdfinfo kdfinfo;
aef7fe28Shshoexer	struct sr_crypto_kdf_pbkdf2 kdfhint;
0054cd36Sjsing	struct stat		sb;
8b0d0f28Sjsing	int			rv, no_dev, fd;
7f8eae2bSnicm	dev_t			*dt;
7195049bSmarco	u_int16_t		min_disks = 0;
7195049bSmarco
7195049bSmarco	if (!dev_list)
7195049bSmarco		errx(1, "no devices specified");
7195049bSmarco
f9b0dfcfStedu	dt = calloc(1, BIOC_CRMAXLEN);
46bc198bSmarco	if (!dt)
46bc198bSmarco		err(1, "not enough memory for dev_t list");
46bc198bSmarco
46bc198bSmarco	no_dev = bio_parse_devlist(dev_list, dt);
46bc198bSmarco
7195049bSmarco	switch (level) {
7195049bSmarco	case 0:
84e48fabSmarco		min_disks = 2;
7195049bSmarco		break;
7195049bSmarco	case 1:
7195049bSmarco		min_disks = 2;
7195049bSmarco		break;
e717853eSmarco	case 5:
e717853eSmarco		min_disks = 3;
e717853eSmarco		break;
84e48fabSmarco	case 'C':
aef7fe28Shshoexer		min_disks = 1;
84e48fabSmarco		break;
98b750e4Stedu	case 'c':
8fe6c343Sjsing		min_disks = 2;
98b750e4Stedu		break;
7195049bSmarco	default:
23afedbfSgrunk		errx(1, "unsupported raid level");
7195049bSmarco	}
7195049bSmarco
84e48fabSmarco	if (no_dev < min_disks)
84e48fabSmarco		errx(1, "not enough disks");
84e48fabSmarco
aef7fe28Shshoexer	/* for crypto raid we only allow one single chunk */
aef7fe28Shshoexer	if (level == 'C' && no_dev != min_disks)
818b0595Shalex		errx(1, "not exactly one partition");
aef7fe28Shshoexer
7195049bSmarco	memset(&create, 0, sizeof(create));
545c4d7fSjsing	create.bc_bio.bio_cookie = bio_cookie;
7195049bSmarco	create.bc_level = level;
46bc198bSmarco	create.bc_dev_list_len = no_dev * sizeof(dev_t);
46bc198bSmarco	create.bc_dev_list = dt;
e8a57fdeSmarco	create.bc_flags = BIOC_SCDEVT | cflags;
0054cd36Sjsing	create.bc_key_disk = NODEV;
7195049bSmarco
e7d4f752Sderaadt	if (level == 'C' && key_disk == NULL) {
0054cd36Sjsing
aef7fe28Shshoexer		memset(&kdfinfo, 0, sizeof(kdfinfo));
aef7fe28Shshoexer		memset(&kdfhint, 0, sizeof(kdfhint));
aef7fe28Shshoexer
0054cd36Sjsing		create.bc_flags |= BIOC_SCNOAUTOASSEMBLE;
0054cd36Sjsing
aef7fe28Shshoexer		create.bc_opaque = &kdfhint;
aef7fe28Shshoexer		create.bc_opaque_size = sizeof(kdfhint);
aef7fe28Shshoexer		create.bc_opaque_flags = BIOC_SOOUT;
aef7fe28Shshoexer
aef7fe28Shshoexer		/* try to get KDF hint */
d313c28bSjsing		if (ioctl(devh, BIOCCREATERAID, &create))
83e979edShshoexer			err(1, "ioctl");
83e979edShshoexer
d313c28bSjsing		bio_status(&create.bc_bio.bio_status);
d313c28bSjsing
83e979edShshoexer		if (create.bc_opaque_status == BIOC_SOINOUT_OK) {
c6446370Sjsing			bio_kdf_derive(&kdfinfo, &kdfhint, "Passphrase: ", 0);
aef7fe28Shshoexer			memset(&kdfhint, 0, sizeof(kdfhint));
aef7fe28Shshoexer		} else {
aef7fe28Shshoexer			bio_kdf_generate(&kdfinfo);
aef7fe28Shshoexer		}
aef7fe28Shshoexer
aef7fe28Shshoexer		create.bc_opaque = &kdfinfo;
aef7fe28Shshoexer		create.bc_opaque_size = sizeof(kdfinfo);
aef7fe28Shshoexer		create.bc_opaque_flags = BIOC_SOIN;
0054cd36Sjsing
0054cd36Sjsing	} else if (level == 'C' && key_disk != NULL) {
0054cd36Sjsing
8b0d0f28Sjsing		/* Get device number for key disk. */
8b0d0f28Sjsing		fd = opendev(key_disk, O_RDONLY, OPENDEV_BLCK, NULL);
8b0d0f28Sjsing		if (fd == -1)
8b0d0f28Sjsing			err(1, "could not open %s", key_disk);
8b0d0f28Sjsing		if (fstat(fd, &sb) == -1) {
ffb4dd05Sguenther			int saved_errno = errno;
8b0d0f28Sjsing			close(fd);
ffb4dd05Sguenther			errc(1, saved_errno, "could not stat %s", key_disk);
8b0d0f28Sjsing		}
8b0d0f28Sjsing		close(fd);
0054cd36Sjsing		create.bc_key_disk = sb.st_rdev;
0054cd36Sjsing
0054cd36Sjsing		memset(&kdfinfo, 0, sizeof(kdfinfo));
0054cd36Sjsing
0054cd36Sjsing		kdfinfo.genkdf.len = sizeof(kdfinfo.genkdf);
0054cd36Sjsing		kdfinfo.genkdf.type = SR_CRYPTOKDFT_KEYDISK;
0054cd36Sjsing		kdfinfo.len = sizeof(kdfinfo);
0054cd36Sjsing		kdfinfo.flags = SR_CRYPTOKDF_HINT;
0054cd36Sjsing
0054cd36Sjsing		create.bc_opaque = &kdfinfo;
0054cd36Sjsing		create.bc_opaque_size = sizeof(kdfinfo);
0054cd36Sjsing		create.bc_opaque_flags = BIOC_SOIN;
0054cd36Sjsing
aef7fe28Shshoexer	}
aef7fe28Shshoexer
7195049bSmarco	rv = ioctl(devh, BIOCCREATERAID, &create);
0a488504Spelikan	explicit_bzero(&kdfinfo, sizeof(kdfinfo));
d313c28bSjsing	if (rv == -1)
da3b0664Shenning		err(1, "BIOCCREATERAID");
d313c28bSjsing
d313c28bSjsing	bio_status(&create.bc_bio.bio_status);
46bc198bSmarco
46bc198bSmarco	free(dt);
46bc198bSmarco}
46bc198bSmarco
aef7fe28Shshoexervoid
aef7fe28Shshoexerbio_kdf_derive(struct sr_crypto_kdfinfo *kdfinfo, struct sr_crypto_kdf_pbkdf2
c6446370Sjsing    *kdfhint, char* prompt, int verify)
aef7fe28Shshoexer{
aef7fe28Shshoexer	if (!kdfinfo)
aef7fe28Shshoexer		errx(1, "invalid KDF info");
aef7fe28Shshoexer	if (!kdfhint)
aef7fe28Shshoexer		errx(1, "invalid KDF hint");
aef7fe28Shshoexer
aef7fe28Shshoexer	if (kdfhint->len != sizeof(*kdfhint))
aef7fe28Shshoexer		errx(1, "KDF hint has invalid size");
aef7fe28Shshoexer
aef7fe28Shshoexer	kdfinfo->flags = SR_CRYPTOKDF_KEY;
aef7fe28Shshoexer	kdfinfo->len = sizeof(*kdfinfo);
aef7fe28Shshoexer
*61f93244Sjsing	derive_key_pkcs(kdfhint->type, kdfhint->rounds,
aef7fe28Shshoexer	    kdfinfo->maskkey, sizeof(kdfinfo->maskkey),
*61f93244Sjsing	    kdfhint->salt, sizeof(kdfhint->salt),
*61f93244Sjsing	    prompt, verify);
aef7fe28Shshoexer}
aef7fe28Shshoexer
aef7fe28Shshoexervoid
aef7fe28Shshoexerbio_kdf_generate(struct sr_crypto_kdfinfo *kdfinfo)
aef7fe28Shshoexer{
aef7fe28Shshoexer	if (!kdfinfo)
aef7fe28Shshoexer		errx(1, "invalid KDF info");
aef7fe28Shshoexer
aef7fe28Shshoexer	kdfinfo->pbkdf2.len = sizeof(kdfinfo->pbkdf2);
aef7fe28Shshoexer	kdfinfo->pbkdf2.type = SR_CRYPTOKDFT_PBKDF2;
aedd4f07Sdjm	kdfinfo->pbkdf2.rounds = rflag;
*61f93244Sjsing
0054cd36Sjsing	kdfinfo->flags = SR_CRYPTOKDF_KEY | SR_CRYPTOKDF_HINT;
*61f93244Sjsing	kdfinfo->len = sizeof(*kdfinfo);
aef7fe28Shshoexer
aef7fe28Shshoexer	/* generate salt */
aef7fe28Shshoexer	arc4random_buf(kdfinfo->pbkdf2.salt, sizeof(kdfinfo->pbkdf2.salt));
aef7fe28Shshoexer
*61f93244Sjsing	derive_key_pkcs(kdfinfo->pbkdf2.type, kdfinfo->pbkdf2.rounds,
aef7fe28Shshoexer	    kdfinfo->maskkey, sizeof(kdfinfo->maskkey),
c6446370Sjsing	    kdfinfo->pbkdf2.salt, sizeof(kdfinfo->pbkdf2.salt),
c6446370Sjsing	    "New passphrase: ", 1);
aef7fe28Shshoexer}
aef7fe28Shshoexer
46bc198bSmarcoint
46bc198bSmarcobio_parse_devlist(char *lst, dev_t *dt)
46bc198bSmarco{
46bc198bSmarco	char			*s, *e;
46bc198bSmarco	u_int32_t		sz = 0;
46bc198bSmarco	int			no_dev = 0, i, x;
46bc198bSmarco	struct stat		sb;
b9fc9a72Sderaadt	char			dev[PATH_MAX];
e37c64dbSjsing	int			fd;
46bc198bSmarco
46bc198bSmarco	if (!lst)
46bc198bSmarco		errx(1, "invalid device list");
46bc198bSmarco
46bc198bSmarco	s = e = lst;
46bc198bSmarco	/* make sure we have a valid device list like /dev/sdNa,/dev/sdNNa */
46bc198bSmarco	while (*e != '\0') {
46bc198bSmarco		if (*e == ',')
46bc198bSmarco			s = e + 1;
46bc198bSmarco		else if (*(e + 1) == '\0' || *(e + 1) == ',') {
46bc198bSmarco			/* got one */
46bc198bSmarco			sz = e - s + 1;
5c1f8f6bSdjm			strlcpy(dev, s, sz + 1);
e37c64dbSjsing			fd = opendev(dev, O_RDONLY, OPENDEV_BLCK, NULL);
e37c64dbSjsing			if (fd == -1)
e37c64dbSjsing				err(1, "could not open %s", dev);
e37c64dbSjsing			if (fstat(fd, &sb) == -1) {
ffb4dd05Sguenther				int saved_errno = errno;
e37c64dbSjsing				close(fd);
ffb4dd05Sguenther				errc(1, saved_errno, "could not stat %s", dev);
e37c64dbSjsing			}
e37c64dbSjsing			close(fd);
46bc198bSmarco			dt[no_dev] = sb.st_rdev;
46bc198bSmarco			no_dev++;
5c1f8f6bSdjm			if (no_dev > (int)(BIOC_CRMAXLEN / sizeof(dev_t)))
46bc198bSmarco				errx(1, "too many devices on device list");
46bc198bSmarco		}
46bc198bSmarco		e++;
46bc198bSmarco	}
46bc198bSmarco
46bc198bSmarco	for (i = 0; i < no_dev; i++)
46bc198bSmarco		for (x = 0; x < no_dev; x++)
46bc198bSmarco			if (dt[i] == dt[x] && x != i)
46bc198bSmarco				errx(1, "duplicate device in list");
46bc198bSmarco
46bc198bSmarco	return (no_dev);
7195049bSmarco}
e8a57fdeSmarco
e8a57fdeSmarcou_int32_t
e8a57fdeSmarcobio_createflags(char *lst)
e8a57fdeSmarco{
e8a57fdeSmarco	char			*s, *e, fs[32];
e8a57fdeSmarco	u_int32_t		sz = 0;
e8a57fdeSmarco	u_int32_t		flags = 0;
e8a57fdeSmarco
e8a57fdeSmarco	if (!lst)
e8a57fdeSmarco		errx(1, "invalid flags list");
e8a57fdeSmarco
e8a57fdeSmarco	s = e = lst;
e8a57fdeSmarco	/* make sure we have a valid flags list like force,noassemeble */
e8a57fdeSmarco	while (*e != '\0') {
e8a57fdeSmarco		if (*e == ',')
e8a57fdeSmarco			s = e + 1;
e8a57fdeSmarco		else if (*(e + 1) == '\0' || *(e + 1) == ',') {
e8a57fdeSmarco			/* got one */
e8a57fdeSmarco			sz = e - s + 1;
e8a57fdeSmarco			switch (s[0]) {
e8a57fdeSmarco			case 'f':
e8a57fdeSmarco				flags |= BIOC_SCFORCE;
e8a57fdeSmarco				break;
e8a57fdeSmarco			case 'n':
e8a57fdeSmarco				flags |= BIOC_SCNOAUTOASSEMBLE;
e8a57fdeSmarco				break;
e8a57fdeSmarco			default:
e8a57fdeSmarco				strlcpy(fs, s, sz + 1);
e8a57fdeSmarco				errx(1, "invalid flag %s", fs);
e8a57fdeSmarco			}
e8a57fdeSmarco		}
e8a57fdeSmarco		e++;
e8a57fdeSmarco	}
e8a57fdeSmarco
e8a57fdeSmarco	return (flags);
e8a57fdeSmarco}
03b2dfbfShenning
c7c3e8aaSmarcovoid
c7c3e8aaSmarcobio_deleteraid(char *dev)
c7c3e8aaSmarco{
c7c3e8aaSmarco	struct bioc_deleteraid	bd;
c7c3e8aaSmarco	memset(&bd, 0, sizeof(bd));
c7c3e8aaSmarco
545c4d7fSjsing	bd.bd_bio.bio_cookie = bio_cookie;
a15048bbSmarco	/* XXX make this a dev_t instead of a string */
c7c3e8aaSmarco	strlcpy(bd.bd_dev, dev, sizeof bd.bd_dev);
c7c3e8aaSmarco	if (ioctl(devh, BIOCDELETERAID, &bd))
d313c28bSjsing		err(1, "BIOCDELETERAID");
d313c28bSjsing
d313c28bSjsing	bio_status(&bd.bd_bio.bio_status);
c7c3e8aaSmarco}
c7c3e8aaSmarco
c6446370Sjsingvoid
c6446370Sjsingbio_changepass(char *dev)
c6446370Sjsing{
c6446370Sjsing	struct bioc_discipline bd;
c6446370Sjsing	struct sr_crypto_kdfpair kdfpair;
c6446370Sjsing	struct sr_crypto_kdfinfo kdfinfo1, kdfinfo2;
c6446370Sjsing	struct sr_crypto_kdf_pbkdf2 kdfhint;
c6446370Sjsing	int rv;
c6446370Sjsing
c6446370Sjsing	memset(&bd, 0, sizeof(bd));
c6446370Sjsing	memset(&kdfhint, 0, sizeof(kdfhint));
c6446370Sjsing	memset(&kdfinfo1, 0, sizeof(kdfinfo1));
c6446370Sjsing	memset(&kdfinfo2, 0, sizeof(kdfinfo2));
c6446370Sjsing
c6446370Sjsing	/* XXX use dev_t instead of string. */
c6446370Sjsing	strlcpy(bd.bd_dev, dev, sizeof(bd.bd_dev));
c6446370Sjsing	bd.bd_cmd = SR_IOCTL_GET_KDFHINT;
c6446370Sjsing	bd.bd_size = sizeof(kdfhint);
c6446370Sjsing	bd.bd_data = &kdfhint;
c6446370Sjsing
c6446370Sjsing	if (ioctl(devh, BIOCDISCIPLINE, &bd))
d313c28bSjsing		err(1, "BIOCDISCIPLINE");
d313c28bSjsing
d313c28bSjsing	bio_status(&bd.bd_bio.bio_status);
c6446370Sjsing
c6446370Sjsing	/* Current passphrase. */
c6446370Sjsing	bio_kdf_derive(&kdfinfo1, &kdfhint, "Old passphrase: ", 0);
c6446370Sjsing
c6446370Sjsing	/* New passphrase. */
2c98a0f7Sjsing	bio_kdf_generate(&kdfinfo2);
c6446370Sjsing
c6446370Sjsing	kdfpair.kdfinfo1 = &kdfinfo1;
c6446370Sjsing	kdfpair.kdfsize1 = sizeof(kdfinfo1);
c6446370Sjsing	kdfpair.kdfinfo2 = &kdfinfo2;
c6446370Sjsing	kdfpair.kdfsize2 = sizeof(kdfinfo2);
c6446370Sjsing
c6446370Sjsing	bd.bd_cmd = SR_IOCTL_CHANGE_PASSPHRASE;
c6446370Sjsing	bd.bd_size = sizeof(kdfpair);
c6446370Sjsing	bd.bd_data = &kdfpair;
c6446370Sjsing
c6446370Sjsing	rv = ioctl(devh, BIOCDISCIPLINE, &bd);
c6446370Sjsing
c6446370Sjsing	memset(&kdfhint, 0, sizeof(kdfhint));
0a488504Spelikan	explicit_bzero(&kdfinfo1, sizeof(kdfinfo1));
0a488504Spelikan	explicit_bzero(&kdfinfo2, sizeof(kdfinfo2));
c6446370Sjsing
d313c28bSjsing	if (rv)
d313c28bSjsing		err(1, "BIOCDISCIPLINE");
d313c28bSjsing
d313c28bSjsing	bio_status(&bd.bd_bio.bio_status);
c6446370Sjsing}
c6446370Sjsing
03b2dfbfShenning#define BIOCTL_VIS_NBUF		4
03b2dfbfShenning#define BIOCTL_VIS_BUFLEN	80
03b2dfbfShenning
03b2dfbfShenningchar *
03b2dfbfShenningbio_vis(char *s)
03b2dfbfShenning{
03b2dfbfShenning	static char	 rbuf[BIOCTL_VIS_NBUF][BIOCTL_VIS_BUFLEN];
03b2dfbfShenning	static uint	 idx = 0;
03b2dfbfShenning	char		*buf;
03b2dfbfShenning
03b2dfbfShenning	buf = rbuf[idx++];
03b2dfbfShenning	if (idx == BIOCTL_VIS_NBUF)
03b2dfbfShenning		idx = 0;
03b2dfbfShenning
03b2dfbfShenning	strnvis(buf, s, BIOCTL_VIS_BUFLEN, VIS_NL|VIS_CSTYLE);
03b2dfbfShenning	return (buf);
03b2dfbfShenning}
03b2dfbfShenning
03b2dfbfShenningvoid
03b2dfbfShenningbio_diskinq(char *sd_dev)
03b2dfbfShenning{
03b2dfbfShenning	struct dk_inquiry	di;
03b2dfbfShenning
da3b0664Shenning	if (ioctl(devh, DIOCINQ, &di) == -1)
da3b0664Shenning		err(1, "DIOCINQ");
03b2dfbfShenning
03b2dfbfShenning	printf("%s: <%s, %s, %s>, serial %s\n", sd_dev, bio_vis(di.vendor),
03b2dfbfShenning	    bio_vis(di.product), bio_vis(di.revision), bio_vis(di.serial));
03b2dfbfShenning}
aef7fe28Shshoexer
aef7fe28Shshoexervoid
d865b7d2Suebayasibio_patrol(char *arg)
d865b7d2Suebayasi{
d865b7d2Suebayasi	struct bioc_patrol	bp;
d865b7d2Suebayasi	struct timing		timing;
d865b7d2Suebayasi	const char		*errstr;
d865b7d2Suebayasi
d865b7d2Suebayasi	memset(&bp, 0, sizeof(bp));
d865b7d2Suebayasi	bp.bp_bio.bio_cookie = bio_cookie;
d865b7d2Suebayasi
d865b7d2Suebayasi	switch (arg[0]) {
d865b7d2Suebayasi	case 'a':
d865b7d2Suebayasi		bp.bp_opcode = BIOC_SPAUTO;
d865b7d2Suebayasi		break;
d865b7d2Suebayasi
d865b7d2Suebayasi	case 'm':
d865b7d2Suebayasi		bp.bp_opcode = BIOC_SPMANUAL;
d865b7d2Suebayasi		break;
d865b7d2Suebayasi
d865b7d2Suebayasi	case 'd':
d865b7d2Suebayasi		bp.bp_opcode = BIOC_SPDISABLE;
d865b7d2Suebayasi		break;
d865b7d2Suebayasi
d865b7d2Suebayasi	case 'g': /* get patrol state */
d865b7d2Suebayasi		bp.bp_opcode = BIOC_GPSTATUS;
d865b7d2Suebayasi		break;
d865b7d2Suebayasi
d865b7d2Suebayasi	case 's': /* start/stop patrol */
d865b7d2Suebayasi		if (strncmp("sta", arg, 3) == 0)
d865b7d2Suebayasi			bp.bp_opcode = BIOC_SPSTART;
d865b7d2Suebayasi		else
d865b7d2Suebayasi			bp.bp_opcode = BIOC_SPSTOP;
d865b7d2Suebayasi		break;
d865b7d2Suebayasi
d865b7d2Suebayasi	default:
d865b7d2Suebayasi		errx(1, "invalid patrol function: %s", arg);
d865b7d2Suebayasi	}
d865b7d2Suebayasi
d865b7d2Suebayasi	switch (arg[0]) {
d865b7d2Suebayasi	case 'a':
d865b7d2Suebayasi		errstr = str2patrol(arg, &timing);
d865b7d2Suebayasi		if (errstr)
d865b7d2Suebayasi			errx(1, "Patrol %s: %s", arg, errstr);
d865b7d2Suebayasi		bp.bp_autoival = timing.interval;
d865b7d2Suebayasi		bp.bp_autonext = timing.start;
d865b7d2Suebayasi		break;
d865b7d2Suebayasi	}
d865b7d2Suebayasi
d865b7d2Suebayasi	if (ioctl(devh, BIOCPATROL, &bp))
d865b7d2Suebayasi		err(1, "BIOCPATROL");
d865b7d2Suebayasi
d865b7d2Suebayasi	bio_status(&bp.bp_bio.bio_status);
d865b7d2Suebayasi
d865b7d2Suebayasi	if (arg[0] == 'g') {
d865b7d2Suebayasi		const char *mode, *status;
d865b7d2Suebayasi		char interval[40];
d865b7d2Suebayasi
d865b7d2Suebayasi		interval[0] = '\0';
d865b7d2Suebayasi
d865b7d2Suebayasi		switch (bp.bp_mode) {
d865b7d2Suebayasi		case BIOC_SPMAUTO:
d865b7d2Suebayasi			mode = "auto";
d865b7d2Suebayasi			snprintf(interval, sizeof interval,
d865b7d2Suebayasi			    " interval=%d next=%d", bp.bp_autoival,
d865b7d2Suebayasi			    bp.bp_autonext - bp.bp_autonow);
d865b7d2Suebayasi			break;
d865b7d2Suebayasi		case BIOC_SPMMANUAL:
d865b7d2Suebayasi			mode = "manual";
d865b7d2Suebayasi			break;
d865b7d2Suebayasi		case BIOC_SPMDISABLED:
d865b7d2Suebayasi			mode = "disabled";
d865b7d2Suebayasi			break;
d865b7d2Suebayasi		default:
2ad5ec6fSuebayasi			mode = "unknown";
d865b7d2Suebayasi			break;
d865b7d2Suebayasi		}
d865b7d2Suebayasi		switch (bp.bp_status) {
d865b7d2Suebayasi		case BIOC_SPSSTOPPED:
d865b7d2Suebayasi			status = "stopped";
d865b7d2Suebayasi			break;
d865b7d2Suebayasi		case BIOC_SPSREADY:
d865b7d2Suebayasi			status = "ready";
d865b7d2Suebayasi			break;
d865b7d2Suebayasi		case BIOC_SPSACTIVE:
d865b7d2Suebayasi			status = "active";
d865b7d2Suebayasi			break;
d865b7d2Suebayasi		case BIOC_SPSABORTED:
d865b7d2Suebayasi			status = "aborted";
d865b7d2Suebayasi			break;
d865b7d2Suebayasi		default:
d865b7d2Suebayasi			status = "unknown";
d865b7d2Suebayasi			break;
d865b7d2Suebayasi		}
d865b7d2Suebayasi		printf("patrol mode: %s%s\n", mode, interval);
d865b7d2Suebayasi		printf("patrol status: %s\n", status);
d865b7d2Suebayasi	}
d865b7d2Suebayasi}
d865b7d2Suebayasi
d865b7d2Suebayasivoid
*61f93244Sjsingderive_key_pkcs(u_int32_t type, int rounds, u_int8_t *key, size_t keysz,
*61f93244Sjsing    u_int8_t *salt, size_t saltsz, char *prompt, int verify)
aef7fe28Shshoexer{
86735da2Smarco	FILE		*f;
86735da2Smarco	size_t		pl;
86735da2Smarco	struct stat	sb;
9e8c6f5bShshoexer	char		passphrase[1024], verifybuf[1024];
aef7fe28Shshoexer
aef7fe28Shshoexer	if (!key)
aef7fe28Shshoexer		errx(1, "Invalid key");
aef7fe28Shshoexer	if (!salt)
aef7fe28Shshoexer		errx(1, "Invalid salt");
*61f93244Sjsing
*61f93244Sjsing	if (type != SR_CRYPTOKDFT_PBKDF2)
*61f93244Sjsing		errx(1, "unknown KDF type %d", type);
aef7fe28Shshoexer	if (rounds < 1000)
*61f93244Sjsing		errx(1, "number of KDF rounds is too small: %d", rounds);
aef7fe28Shshoexer
aef7fe28Shshoexer	/* get passphrase */
ba3d8661Smarco	if (password) {
86735da2Smarco		if ((f = fopen(password, "r")) == NULL)
86735da2Smarco			err(1, "invalid passphrase file");
86735da2Smarco
86735da2Smarco		if (fstat(fileno(f), &sb) == -1)
86735da2Smarco			err(1, "can't stat passphrase file");
86735da2Smarco		if (sb.st_uid != 0)
86735da2Smarco			errx(1, "passphrase file must be owned by root");
86735da2Smarco		if ((sb.st_mode & ~S_IFMT) != (S_IRUSR | S_IWUSR))
86735da2Smarco			errx(1, "passphrase file has the wrong permissions");
86735da2Smarco
86735da2Smarco		if (fgets(passphrase, sizeof(passphrase), f) == NULL)
86735da2Smarco			err(1, "can't read passphrase file");
86735da2Smarco		pl = strlen(passphrase);
86735da2Smarco		if (pl > 0 && passphrase[pl - 1] == '\n')
86735da2Smarco			passphrase[pl - 1] = '\0';
86735da2Smarco		else
86735da2Smarco			errx(1, "invalid passphrase length");
86735da2Smarco
86735da2Smarco		fclose(f);
ba3d8661Smarco	} else {
c6446370Sjsing		if (readpassphrase(prompt, passphrase, sizeof(passphrase),
b96c6ce2Sckuethe		    rpp_flag) == NULL)
7eef0726Stedu			err(1, "unable to read passphrase");
ba3d8661Smarco	}
9e8c6f5bShshoexer
4c688d0dShalex	if (verify && !password) {
9e8c6f5bShshoexer		/* request user to re-type it */
9e8c6f5bShshoexer		if (readpassphrase("Re-type passphrase: ", verifybuf,
b96c6ce2Sckuethe		    sizeof(verifybuf), rpp_flag) == NULL) {
0a488504Spelikan			explicit_bzero(passphrase, sizeof(passphrase));
7eef0726Stedu			err(1, "unable to read passphrase");
9e8c6f5bShshoexer		}
9e8c6f5bShshoexer		if ((strlen(passphrase) != strlen(verifybuf)) ||
9e8c6f5bShshoexer		    (strcmp(passphrase, verifybuf) != 0)) {
0a488504Spelikan			explicit_bzero(passphrase, sizeof(passphrase));
0a488504Spelikan			explicit_bzero(verifybuf, sizeof(verifybuf));
9e8c6f5bShshoexer			errx(1, "Passphrases did not match");
9e8c6f5bShshoexer		}
9e8c6f5bShshoexer		/* forget the re-typed one */
0a488504Spelikan		explicit_bzero(verifybuf, sizeof(verifybuf));
9e8c6f5bShshoexer	}
aef7fe28Shshoexer
aef7fe28Shshoexer	/* derive key from passphrase */
5c1f8f6bSdjm	if (pkcs5_pbkdf2(passphrase, strlen(passphrase), salt, saltsz,
5c1f8f6bSdjm	    key, keysz, rounds) != 0)
5c1f8f6bSdjm		errx(1, "pbkdf2 failed");
aef7fe28Shshoexer
aef7fe28Shshoexer	/* forget passphrase */
0a488504Spelikan	explicit_bzero(passphrase, sizeof(passphrase));
aef7fe28Shshoexer
aef7fe28Shshoexer	return;
aef7fe28Shshoexer}