[src/trunk]: src/sbin/cgdconfig Add '-e' option (echo the passphrase) and wip...

[alnsn <alnsn%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d94f748d241e
branches:  trunk
changeset: 832391:d94f748d241e
user:      alnsn <alnsn%NetBSD.org@localhost>
date:      Wed May 09 18:11:56 2018 +0000

description:
Add '-e' option (echo the passphrase) and wipe the passphrase after use.

XXX Using memset for wiping isn't a good idea because memset is likely
optimised away by gcc. This should be revisited.

diffstat:

 sbin/cgdconfig/cgdconfig.8 |  10 ++++++----
 sbin/cgdconfig/cgdconfig.c |  40 +++++++++++++++++++++++++++-------------
 2 files changed, 33 insertions(+), 17 deletions(-)

diffs (147 lines):

diff -r 21f4cc5a9a49 -r d94f748d241e sbin/cgdconfig/cgdconfig.8
--- a/sbin/cgdconfig/cgdconfig.8        Wed May 09 17:35:03 2018 +0000
+++ b/sbin/cgdconfig/cgdconfig.8        Wed May 09 18:11:56 2018 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.38 2018/05/09 17:35:03 wiz Exp $
+.\" $NetBSD: cgdconfig.8,v 1.39 2018/05/09 18:11:56 alnsn Exp $
 .\"
 .\" Copyright (c) 2002, The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -35,17 +35,17 @@
 .Nd configuration utility for the cryptographic disk driver
 .Sh SYNOPSIS
 .Nm
-.Op Fl npv
+.Op Fl enpv
 .Op Fl V Ar vmeth
 .Ar cgd dev
 .Op Ar paramsfile
 .Nm
 .Fl C
-.Op Fl npv
+.Op Fl enpv
 .Op Fl f Ar configfile
 .Nm
 .Fl G
-.Op Fl npv
+.Op Fl enpv
 .Op Fl i Ar ivmeth
 .Op Fl k Ar kgmeth
 .Op Fl o Ar outfile
@@ -89,6 +89,8 @@
 .Bl -tag -width configfilexxxx
 .It Fl C
 Configure all the devices listed in the cgd configuration file.
+.It Fl e
+Echo the passphase.
 .It Fl f Ar configfile
 Specify the configuration file explicitly, rather than using the default
 configuration file
diff -r 21f4cc5a9a49 -r d94f748d241e sbin/cgdconfig/cgdconfig.c
--- a/sbin/cgdconfig/cgdconfig.c        Wed May 09 17:35:03 2018 +0000
+++ b/sbin/cgdconfig/cgdconfig.c        Wed May 09 18:11:56 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.45 2018/05/09 14:27:41 kre Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.46 2018/05/09 18:11:56 alnsn Exp $ */
 
 /*-
  * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
 #ifndef lint
 __COPYRIGHT("@(#) Copyright (c) 2002, 2003\
  The NetBSD Foundation, Inc.  All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.45 2018/05/09 14:27:41 kre Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.46 2018/05/09 18:11:56 alnsn Exp $");
 #endif
 
 #include <err.h>
@@ -89,8 +89,10 @@
 
 /* if pflag is set to PFLAG_STDIN read from stdin rather than getpass(3) */
 
-#define        PFLAG_GETPASS   0x01
-#define        PFLAG_STDIN     0x02
+#define        PFLAG_GETPASS           0x01
+#define        PFLAG_GETPASS_ECHO      0x02
+#define        PFLAG_GETPASS_MASK      0x03
+#define        PFLAG_STDIN             0x04
 int    pflag = PFLAG_GETPASS;
 
 static int     configure(int, char **, struct params *, int);
@@ -136,11 +138,11 @@
 usage(void)
 {
 
-       (void)fprintf(stderr, "usage: %s [-npv] [-V vmeth] cgd dev "
+       (void)fprintf(stderr, "usage: %s [-enpv] [-V vmeth] cgd dev "
            "[paramsfile]\n", getprogname());
-       (void)fprintf(stderr, "       %s -C [-npv] [-f configfile]\n",
+       (void)fprintf(stderr, "       %s -C [-enpv] [-f configfile]\n",
            getprogname());
-       (void)fprintf(stderr, "       %s -G [-npv] [-i ivmeth] [-k kgmeth] "
+       (void)fprintf(stderr, "       %s -G [-enpv] [-i ivmeth] [-k kgmeth] "
            "[-o outfile] paramsfile\n", getprogname());
        (void)fprintf(stderr, "       %s -g [-nv] [-i ivmeth] [-k kgmeth] "
            "[-o outfile] alg [keylen]\n", getprogname());
@@ -201,7 +203,7 @@
        p = params_new();
        kg = NULL;
 
-       while ((ch = getopt(argc, argv, "CGUV:b:f:gi:k:lno:spuv")) != -1)
+       while ((ch = getopt(argc, argv, "CGUV:b:ef:gi:k:lno:spuv")) != -1)
                switch (ch) {
                case 'C':
                        set_action(&action, ACTION_CONFIGALL);
@@ -230,6 +232,9 @@
                                p = params_combine(p, tp);
                        }
                        break;
+               case 'e':
+                       pflag = PFLAG_GETPASS_ECHO;
+                       break;
                case 'f':
                        if (cfile)
                                usage();
@@ -377,12 +382,17 @@
 maybe_getpass(char *prompt)
 {
        char     buf[1024];
-       char    *p = buf;
-       char    *tmp;
+       char    *p = NULL;
+       char    *tmp, *pass;
 
        switch (pflag) {
        case PFLAG_GETPASS:
-               p = getpass(prompt);
+               p = getpass_r(prompt, buf, sizeof(buf));
+               break;
+
+       case PFLAG_GETPASS_ECHO:
+               p = getpassfd(prompt, buf, sizeof(buf), NULL,
+                   GETPASS_ECHO|GETPASS_ECHO_NL|GETPASS_NEED_TTY, 0);
                break;
 
        case PFLAG_STDIN:
@@ -401,7 +411,10 @@
        if (!p)
                err(EXIT_FAILURE, "failed to read passphrase");
 
-       return estrdup(p);
+       pass = estrdup(p);
+       memset(buf, 0, sizeof(buf));
+
+       return pass;
 }
 
 /*ARGSUSED*/
@@ -422,7 +435,8 @@
        char             buf[1024];
        u_int8_t        *tmp;
 
-       snprintf(buf, sizeof(buf), "%s's passphrase:", target);
+       snprintf(buf, sizeof(buf), "%s's passphrase%s:", target,
+           pflag & PFLAG_GETPASS_ECHO ? " (echo)" : "");
        passp = maybe_getpass(buf);
        if (pkcs5_pbkdf2(&tmp, BITS2BYTES(keylen), (uint8_t *)passp,
            strlen(passp),