[src/trunk]: src cgdconfig(8): New -T operation prints all generated keys in ...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src cgdconfig(8): New -T operation prints all generated keys in ...
From: riastradh <riastradh%NetBSD.org@localhost>
Date: Fri, 12 Aug 2022 15:01:23 +0000
details:   https://anonhg.NetBSD.org/src/rev/8b736c4d92ce
branches:  trunk
changeset: 368890:8b736c4d92ce
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Fri Aug 12 10:48:44 2022 +0000

description:
cgdconfig(8): New -T operation prints all generated keys in cgd.conf.

For testing purposes.

diffstat:

 sbin/cgdconfig/cgdconfig.8   |  10 ++++++-
 sbin/cgdconfig/cgdconfig.c   |  66 ++++++++++++++++++++++++++++++++++++++------
 tests/dev/cgd/t_cgdconfig.sh |  37 ++++++++++++++++++++++++-
 3 files changed, 102 insertions(+), 11 deletions(-)

diffs (242 lines):

diff -r cfb3540f8e70 -r 8b736c4d92ce sbin/cgdconfig/cgdconfig.8
--- a/sbin/cgdconfig/cgdconfig.8        Fri Aug 12 10:48:27 2022 +0000
+++ b/sbin/cgdconfig/cgdconfig.8        Fri Aug 12 10:48:44 2022 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.53 2022/08/12 10:48:27 riastradh Exp $
+.\" $NetBSD: cgdconfig.8,v 1.54 2022/08/12 10:48:44 riastradh Exp $
 .\"
 .\" Copyright (c) 2002, The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -60,6 +60,9 @@
 .Ar alg
 .Op Ar keylen
 .Nm
+.Fl T
+.Op Fl f Ar configfile
+.Nm
 .Fl t
 .Ar paramsfile
 .Nm
@@ -146,6 +149,11 @@
 again.
 .It Fl s
 Read the key (nb: not the passphrase) from stdin.
+.It Fl T
+Generate all keys for all the devices listed in the
+.Nm
+configuration file and print them to standard output encoded in
+base64.
 .It Fl t
 Generate the key and print it to standard output encoded in base64.
 .It Fl U
diff -r cfb3540f8e70 -r 8b736c4d92ce sbin/cgdconfig/cgdconfig.c
--- a/sbin/cgdconfig/cgdconfig.c        Fri Aug 12 10:48:27 2022 +0000
+++ b/sbin/cgdconfig/cgdconfig.c        Fri Aug 12 10:48:44 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.54 2022/08/12 10:48:27 riastradh Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.55 2022/08/12 10:48:44 riastradh Exp $ */
 
 /*-
  * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
 #ifndef lint
 __COPYRIGHT("@(#) Copyright (c) 2002, 2003\
  The NetBSD Foundation, Inc.  All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.54 2022/08/12 10:48:27 riastradh Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.55 2022/08/12 10:48:44 riastradh Exp $");
 #endif
 
 #ifdef HAVE_ARGON2
@@ -90,6 +90,7 @@
         ACTION_CONFIGSTDIN,            /* configure, key from stdin */
         ACTION_LIST,                   /* list configured devices */
         ACTION_PRINTKEY,               /* print key to stdout */
+        ACTION_PRINTALLKEYS,           /* print all keys to stdout */
 };
 
 /* if nflag is set, do not configure/unconfigure the cgd's */
@@ -112,6 +113,9 @@
 static int     do_all(const char *, int, char **,
                       int (*)(int, char **, struct params *, int));
 static int     do_list(int, char **);
+static int     printkey(const char *, const char *, const char *, ...)
+                   __printflike(3,4);
+static int     printkey1(int, char **, struct params *, int);
 static int     do_printkey(int, char **);
 
 #define CONFIG_FLAGS_FROMALL   1       /* called from configure_all() */
@@ -163,6 +167,7 @@
        (void)fprintf(stderr, "       %s -s [-nv] [-i ivmeth] cgd dev alg "
            "[keylen]\n", getprogname());
        (void)fprintf(stderr, "       %s -t paramsfile\n", getprogname());
+       (void)fprintf(stderr, "       %s -T [-f configfile]\n", getprogname());
        (void)fprintf(stderr, "       %s -U [-nv] [-f configfile]\n",
            getprogname());
        (void)fprintf(stderr, "       %s -u [-nv] cgd\n", getprogname());
@@ -217,7 +222,7 @@
        p = params_new();
        kg = NULL;
 
-       while ((ch = getopt(argc, argv, "CGUV:b:ef:gi:k:lno:sptuv")) != -1)
+       while ((ch = getopt(argc, argv, "CGTUV:b:ef:gi:k:lno:sptuv")) != -1)
                switch (ch) {
                case 'C':
                        set_action(&action, ACTION_CONFIGALL);
@@ -225,6 +230,9 @@
                case 'G':
                        set_action(&action, ACTION_GENERATE_CONVERT);
                        break;
+               case 'T':
+                       set_action(&action, ACTION_PRINTALLKEYS);
+                       break;
                case 'U':
                        set_action(&action, ACTION_UNCONFIGALL);
                        break;
@@ -331,6 +339,8 @@
                return do_list(argc, argv);
        case ACTION_PRINTKEY:
                return do_printkey(argc, argv);
+       case ACTION_PRINTALLKEYS:
+               return do_all(cfile, argc, argv, printkey1);
        default:
                errx(EXIT_FAILURE, "undefined action");
                /* NOTREACHED */
@@ -1352,8 +1362,9 @@
 }
 
 static int
-do_printkey(int argc, char **argv)
+printkey(const char *dev, const char *paramsfile, const char *fmt, ...)
 {
+       va_list va;
        struct params *p;
        const uint8_t *raw;
        size_t nbits, nbytes;
@@ -1361,16 +1372,14 @@
        char *b64;
        int ret;
 
-       if (argc != 1)
-               usage();
-       p = params_cget(argv[0]);
+       p = params_cget(paramsfile);
        if (p == NULL)
                return -1;
        if (!params_verify(p)) {
-               warnx("invalid parameters file \"%s\"", argv[0]);
+               warnx("invalid parameters file \"%s\"", paramsfile);
                return -1;
        }
-       p->key = getkey("key", p->keygen, p->keylen);
+       p->key = getkey(dev, p->keygen, p->keylen);
        raw = bits_getbuf(p->key);
        nbits = bits_len(p->key);
        assert(nbits <= INT_MAX - 7);
@@ -1384,12 +1393,51 @@
        b64[nb64] = '\n';
        b64[nb64 + 1] = '\0';
 
+       va_start(va, fmt);
+       vprintf(fmt, va);
+       va_end(va);
        if (fwrite(b64, nb64 + 1, 1, stdout) != 1)
                err(1, "fwrite");
        fflush(stdout);
        return ferror(stdout);
 }
 
+static int
+printkey1(int argc, char **argv, struct params *inparams, int flags)
+{
+       char devicename[PATH_MAX], paramsfilebuf[PATH_MAX];
+       const char *dev, *paramsfile;
+
+       assert(flags == CONFIG_FLAGS_FROMALL);
+
+       if (argc < 2 || argc > 3)
+               return -1;
+
+       dev = getfsspecname(devicename, sizeof(devicename), argv[1]);
+       if (dev == NULL) {
+               warnx("getfsspecname failed: %s", devicename);
+               return -1;
+       }
+
+       if (argc == 2) {
+               strlcpy(paramsfilebuf, dev, sizeof(paramsfilebuf));
+               paramsfile = basename(paramsfilebuf);
+       } else {
+               paramsfile = argv[2];
+       }
+
+       return printkey(dev, paramsfile, "%s: ", dev);
+}
+
+static int
+do_printkey(int argc, char **argv)
+{
+
+       if (argc != 1)
+               usage();
+       return printkey("key", argv[0], "");
+}
+
 static void
 eliminate_cores(void)
 {
diff -r cfb3540f8e70 -r 8b736c4d92ce tests/dev/cgd/t_cgdconfig.sh
--- a/tests/dev/cgd/t_cgdconfig.sh      Fri Aug 12 10:48:27 2022 +0000
+++ b/tests/dev/cgd/t_cgdconfig.sh      Fri Aug 12 10:48:44 2022 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: t_cgdconfig.sh,v 1.1 2022/08/12 10:48:28 riastradh Exp $
+#      $NetBSD: t_cgdconfig.sh,v 1.2 2022/08/12 10:48:44 riastradh Exp $
 #
 # Copyright (c) 2022 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -44,6 +44,40 @@
            cgdconfig -t params
 }
 
+atf_test_case storedkeys
+storedkeys_head()
+{
+       atf_set descr "Test multiple stored keys with cgd.conf"
+}
+storedkeys_body()
+{
+       cat <<EOF >wd0e
+algorithm adiantum;
+iv-method encblkno1;
+keylength 256;
+verify_method none;
+keygen storedkey key AAABAJtnmp3XZspMBAFpCYnB8Hekn0 \
+                     gj5cDVngslfGLSqwcy;
+EOF
+       cat <<EOF >ld1e
+algorithm adiantum;
+iv-method encblkno1;
+keylength 256;
+verify_method none;
+keygen storedkey key AAABAK1pbgIayXftX0RQ3AaMK4YEd/ \
+                     fowKwQbENxpu3o1k9m;
+EOF
+       cat <<EOF >cgd.conf
+cgd0   /dev/wd0e       wd0e
+cgd1   /dev/ld1e       ld1e
+EOF
+       cat <<EOF >expected
+/dev/wd0e: m2eanddmykwEAWkJicHwd6SfSCPlwNWeCyV8YtKrBzI=
+/dev/ld1e: rWluAhrJd+1fRFDcBowrhgR39+jArBBsQ3Gm7ejWT2Y=
+EOF
+       atf_check -o file:expected cgdconfig -T -f cgd.conf
+}
+
 atf_test_case storedkey2a
 storedkey2a_head()
 {
@@ -91,4 +125,5 @@
        atf_add_test_case storedkey
        atf_add_test_case storedkey2a
        atf_add_test_case storedkey2b
+       atf_add_test_case storedkeys
 }
Prev by Date: [src/trunk]: src/tests/dev/cgd cgdconfig(8): New -t operation just prints the...
Next by Date: [src/trunk]: src/tests/dev/cgd cgdconfig(8): Add support for shared keys.
Previous by Thread: [src/trunk]: src/tests/dev/cgd cgdconfig(8): New -t operation just prints the...
Next by Thread: [src/trunk]: src/tests/dev/cgd cgdconfig(8): Add support for shared keys.
Indexes:
Home | Main Index | Thread Index | Old Index