summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/vnconfig/vnconfig.814
-rw-r--r--usr.sbin/vnconfig/vnconfig.c28
2 files changed, 30 insertions, 12 deletions
diff --git a/usr.sbin/vnconfig/vnconfig.8 b/usr.sbin/vnconfig/vnconfig.8
index 353c018f4e7..bf87b315f84 100644
--- a/usr.sbin/vnconfig/vnconfig.8
+++ b/usr.sbin/vnconfig/vnconfig.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: vnconfig.8,v 1.29 2007/01/23 08:15:23 grunk Exp $
+.\" $OpenBSD: vnconfig.8,v 1.30 2007/01/27 10:34:46 grunk Exp $
.\"
.\" Copyright (c) 1993 University of Utah.
.\" Copyright (c) 1980, 1989, 1991, 1993
@@ -44,6 +44,7 @@
.Nm
.Op Fl ckluv
.Op Fl K Ar rounds
+.Op Fl S Ar saltfile
.Ar rawdev
.Ar regular_file
.Sh DESCRIPTION
@@ -89,7 +90,11 @@ Associate an encryption key with the device.
All data will be encrypted using the Blowfish cipher before it is
written to the disk.
The user is asked for both a passphrase and the name of a salt file.
-These are combined according to PKCS #5 PBKDF2 for the specified number of
+The salt file can also be specified on the command line using the
+.Fl S
+option.
+The passphrase and salt are combined according to PKCS #5 PBKDF2 for the
+specified number of
rounds to generate the actual key used.
.Ar rounds
is a number between 1000 and
@@ -108,6 +113,11 @@ List the (s)vnd devices and indicate which ones are in use.
If a specific
.Ar rawdev
is given, then only that one will be described.
+.It Fl S Ar saltfile
+When
+.Fl K
+is used, specify the
+.Pa saltfile .
.It Fl u
Unconfigures a
.Ar rawdev .
diff --git a/usr.sbin/vnconfig/vnconfig.c b/usr.sbin/vnconfig/vnconfig.c
index 6f18bd30083..0f9bb6eb700 100644
--- a/usr.sbin/vnconfig/vnconfig.c
+++ b/usr.sbin/vnconfig/vnconfig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vnconfig.c,v 1.20 2006/12/26 22:55:20 grunk Exp $ */
+/* $OpenBSD: vnconfig.c,v 1.21 2007/01/27 10:34:46 grunk Exp $ */
/*
* Copyright (c) 1993 University of Utah.
* Copyright (c) 1990, 1993
@@ -67,7 +67,7 @@ int verbose = 0;
__dead void usage(void);
int config(char *, char *, int, char *, size_t);
int getinfo(const char *);
-char *get_pkcs_key(char *);
+char *get_pkcs_key(char *, char *);
int
main(int argc, char **argv)
@@ -75,11 +75,12 @@ main(int argc, char **argv)
int ch, rv, action = VND_CONFIG;
char *key = NULL;
char *rounds = NULL;
+ char *saltopt = NULL;
size_t keylen = 0;
int opt_k = 0;
int opt_K = 0;
- while ((ch = getopt(argc, argv, "cluvK:k")) != -1) {
+ while ((ch = getopt(argc, argv, "ckK:luS:v")) != -1) {
switch (ch) {
case 'c':
action = VND_CONFIG;
@@ -94,6 +95,9 @@ main(int argc, char **argv)
opt_K = 1;
rounds = optarg;
break;
+ case 'S':
+ saltopt = optarg;
+ break;
case 'u':
action = VND_UNCONFIG;
break;
@@ -115,7 +119,7 @@ main(int argc, char **argv)
key = getpass("Encryption key: ");
keylen = strlen(key);
} else if (opt_K) {
- key = get_pkcs_key(rounds);
+ key = get_pkcs_key(rounds, saltopt);
keylen = 128;
}
@@ -132,7 +136,7 @@ main(int argc, char **argv)
}
char *
-get_pkcs_key(char *arg)
+get_pkcs_key(char *arg, char *saltopt)
{
char keybuf[128], saltbuf[128], saltfilebuf[PATH_MAX];
char *saltfile;
@@ -147,12 +151,16 @@ get_pkcs_key(char *arg)
if (!key || strlen(key) == 0)
errx(1, "Need an encryption key");
strncpy(keybuf, key, sizeof(keybuf));
- printf("Salt file: ");
- fflush(stdout);
- saltfile = fgets(saltfilebuf, sizeof(saltfilebuf), stdin);
+ if (saltopt)
+ saltfile = saltopt;
+ else {
+ printf("Salt file: ");
+ fflush(stdout);
+ saltfile = fgets(saltfilebuf, sizeof(saltfilebuf), stdin);
+ }
if (!saltfile || saltfile[0] == '\n') {
warnx("Skipping salt file, insecure");
- saltfile = 0;
+ saltfile = NULL;
} else {
size_t len = strlen(saltfile);
if (saltfile[len - 1] == '\n')
@@ -290,7 +298,7 @@ usage(void)
extern char *__progname;
(void)fprintf(stderr,
- "usage: %s [-ckluv] [-K rounds] rawdev regular_file\n",
+ "usage: %s [-ckluv] [-K rounds] [-S saltfile] rawdev regular_file\n",
__progname);
exit(1);
}