diff options
-rw-r--r-- | usr.sbin/vnconfig/vnconfig.8 | 14 | ||||
-rw-r--r-- | usr.sbin/vnconfig/vnconfig.c | 28 |
2 files changed, 30 insertions, 12 deletions
diff --git a/usr.sbin/vnconfig/vnconfig.8 b/usr.sbin/vnconfig/vnconfig.8 index 353c018f4e7..bf87b315f84 100644 --- a/usr.sbin/vnconfig/vnconfig.8 +++ b/usr.sbin/vnconfig/vnconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: vnconfig.8,v 1.29 2007/01/23 08:15:23 grunk Exp $ +.\" $OpenBSD: vnconfig.8,v 1.30 2007/01/27 10:34:46 grunk Exp $ .\" .\" Copyright (c) 1993 University of Utah. .\" Copyright (c) 1980, 1989, 1991, 1993 @@ -44,6 +44,7 @@ .Nm .Op Fl ckluv .Op Fl K Ar rounds +.Op Fl S Ar saltfile .Ar rawdev .Ar regular_file .Sh DESCRIPTION @@ -89,7 +90,11 @@ Associate an encryption key with the device. All data will be encrypted using the Blowfish cipher before it is written to the disk. The user is asked for both a passphrase and the name of a salt file. -These are combined according to PKCS #5 PBKDF2 for the specified number of +The salt file can also be specified on the command line using the +.Fl S +option. +The passphrase and salt are combined according to PKCS #5 PBKDF2 for the +specified number of rounds to generate the actual key used. .Ar rounds is a number between 1000 and @@ -108,6 +113,11 @@ List the (s)vnd devices and indicate which ones are in use. If a specific .Ar rawdev is given, then only that one will be described. +.It Fl S Ar saltfile +When +.Fl K +is used, specify the +.Pa saltfile . .It Fl u Unconfigures a .Ar rawdev . diff --git a/usr.sbin/vnconfig/vnconfig.c b/usr.sbin/vnconfig/vnconfig.c index 6f18bd30083..0f9bb6eb700 100644 --- a/usr.sbin/vnconfig/vnconfig.c +++ b/usr.sbin/vnconfig/vnconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vnconfig.c,v 1.20 2006/12/26 22:55:20 grunk Exp $ */ +/* $OpenBSD: vnconfig.c,v 1.21 2007/01/27 10:34:46 grunk Exp $ */ /* * Copyright (c) 1993 University of Utah. * Copyright (c) 1990, 1993 @@ -67,7 +67,7 @@ int verbose = 0; __dead void usage(void); int config(char *, char *, int, char *, size_t); int getinfo(const char *); -char *get_pkcs_key(char *); +char *get_pkcs_key(char *, char *); int main(int argc, char **argv) @@ -75,11 +75,12 @@ main(int argc, char **argv) int ch, rv, action = VND_CONFIG; char *key = NULL; char *rounds = NULL; + char *saltopt = NULL; size_t keylen = 0; int opt_k = 0; int opt_K = 0; - while ((ch = getopt(argc, argv, "cluvK:k")) != -1) { + while ((ch = getopt(argc, argv, "ckK:luS:v")) != -1) { switch (ch) { case 'c': action = VND_CONFIG; @@ -94,6 +95,9 @@ main(int argc, char **argv) opt_K = 1; rounds = optarg; break; + case 'S': + saltopt = optarg; + break; case 'u': action = VND_UNCONFIG; break; @@ -115,7 +119,7 @@ main(int argc, char **argv) key = getpass("Encryption key: "); keylen = strlen(key); } else if (opt_K) { - key = get_pkcs_key(rounds); + key = get_pkcs_key(rounds, saltopt); keylen = 128; } @@ -132,7 +136,7 @@ main(int argc, char **argv) } char * -get_pkcs_key(char *arg) +get_pkcs_key(char *arg, char *saltopt) { char keybuf[128], saltbuf[128], saltfilebuf[PATH_MAX]; char *saltfile; @@ -147,12 +151,16 @@ get_pkcs_key(char *arg) if (!key || strlen(key) == 0) errx(1, "Need an encryption key"); strncpy(keybuf, key, sizeof(keybuf)); - printf("Salt file: "); - fflush(stdout); - saltfile = fgets(saltfilebuf, sizeof(saltfilebuf), stdin); + if (saltopt) + saltfile = saltopt; + else { + printf("Salt file: "); + fflush(stdout); + saltfile = fgets(saltfilebuf, sizeof(saltfilebuf), stdin); + } if (!saltfile || saltfile[0] == '\n') { warnx("Skipping salt file, insecure"); - saltfile = 0; + saltfile = NULL; } else { size_t len = strlen(saltfile); if (saltfile[len - 1] == '\n') @@ -290,7 +298,7 @@ usage(void) extern char *__progname; (void)fprintf(stderr, - "usage: %s [-ckluv] [-K rounds] rawdev regular_file\n", + "usage: %s [-ckluv] [-K rounds] [-S saltfile] rawdev regular_file\n", __progname); exit(1); } |