4 files changed, 407 insertions, 0 deletions

diff --git a/lib/geom/shsec/Makefile b/lib/geom/shsec/Makefile
new file mode 100644
index 000000000000..493ea5d15acd
--- /dev/null
+++ b/lib/geom/shsec/Makefile
@@ -0,0 +1,5 @@
+PACKAGE=geom
+
+GEOM_CLASS=	shsec
+
+.include <bsd.lib.mk>
diff --git a/lib/geom/shsec/Makefile.depend b/lib/geom/shsec/Makefile.depend
new file mode 100644
index 000000000000..0dd05cace3c0
--- /dev/null
+++ b/lib/geom/shsec/Makefile.depend
@@ -0,0 +1,16 @@
+# Autogenerated - do NOT edit!
+
+DIRDEPS = \
+	include \
+	include/xlocale \
+	lib/${CSU_DIR} \
+	lib/libc \
+	lib/libcompiler_rt \
+	lib/libgeom \
+
+
+.include <dirdeps.mk>
+
+.if ${DEP_RELDIR} == ${_DEP_RELDIR}
+# local dependencies - needed for -jN in clean tree
+.endif
diff --git a/lib/geom/shsec/geom_shsec.c b/lib/geom/shsec/geom_shsec.c
new file mode 100644
index 000000000000..227bdcf39b7d
--- /dev/null
+++ b/lib/geom/shsec/geom_shsec.c
@@ -0,0 +1,259 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2004-2005 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <errno.h>
+#include <paths.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <strings.h>
+#include <assert.h>
+#include <libgeom.h>
+#include <geom/shsec/g_shsec.h>
+
+#include "core/geom.h"
+#include "misc/subr.h"
+
+
+uint32_t lib_version = G_LIB_VERSION;
+uint32_t version = G_SHSEC_VERSION;
+
+static void shsec_main(struct gctl_req *req, unsigned flags);
+static void shsec_clear(struct gctl_req *req);
+static void shsec_dump(struct gctl_req *req);
+static void shsec_label(struct gctl_req *req);
+
+struct g_command class_commands[] = {
+	{ "clear", G_FLAG_VERBOSE, shsec_main, G_NULL_OPTS,
+	    "[-v] prov ..."
+	},
+	{ "dump", 0, shsec_main, G_NULL_OPTS,
+	    "prov ..."
+	},
+	{ "label", G_FLAG_VERBOSE | G_FLAG_LOADKLD, shsec_main,
+	    {
+		{ 'h', "hardcode", NULL, G_TYPE_BOOL },
+		G_OPT_SENTINEL
+	    },
+	    "[-hv] name prov prov ..."
+	},
+	{ "stop", G_FLAG_VERBOSE, NULL,
+	    {
+		{ 'f', "force", NULL, G_TYPE_BOOL },
+		G_OPT_SENTINEL
+	    },
+	    "[-fv] name ..."
+	},
+	G_CMD_SENTINEL
+};
+
+static int verbose = 0;
+
+static void
+shsec_main(struct gctl_req *req, unsigned flags)
+{
+	const char *name;
+
+	if ((flags & G_FLAG_VERBOSE) != 0)
+		verbose = 1;
+
+	name = gctl_get_ascii(req, "verb");
+	if (name == NULL) {
+		gctl_error(req, "No '%s' argument.", "verb");
+		return;
+	}
+	if (strcmp(name, "label") == 0)
+		shsec_label(req);
+	else if (strcmp(name, "clear") == 0)
+		shsec_clear(req);
+	else if (strcmp(name, "dump") == 0)
+		shsec_dump(req);
+	else
+		gctl_error(req, "Unknown command: %s.", name);
+}
+
+static void
+shsec_label(struct gctl_req *req)
+{
+	struct g_shsec_metadata md;
+	off_t compsize, msize;
+	u_char sector[512];
+	unsigned ssize, secsize;
+	const char *name;
+	int error, i, nargs, hardcode;
+
+	bzero(sector, sizeof(sector));
+	nargs = gctl_get_int(req, "nargs");
+	if (nargs <= 2) {
+		gctl_error(req, "Too few arguments.");
+		return;
+	}
+	hardcode = gctl_get_int(req, "hardcode");
+
+	/*
+	 * Clear last sector first to spoil all components if device exists.
+	 */
+	compsize = 0;
+	secsize = 0;
+	for (i = 1; i < nargs; i++) {
+		name = gctl_get_ascii(req, "arg%d", i);
+		msize = g_get_mediasize(name);
+		ssize = g_get_sectorsize(name);
+		if (msize == 0 || ssize == 0) {
+			gctl_error(req, "Can't get informations about %s: %s.",
+			    name, strerror(errno));
+			return;
+		}
+		msize -= ssize;
+		if (compsize == 0 || (compsize > 0 && msize < compsize))
+			compsize = msize;
+		if (secsize == 0)
+			secsize = ssize;
+		else
+			secsize = g_lcm(secsize, ssize);
+
+		error = g_metadata_clear(name, NULL);
+		if (error != 0) {
+			gctl_error(req, "Can't store metadata on %s: %s.", name,
+			    strerror(error));
+			return;
+		}
+	}
+
+	strlcpy(md.md_magic, G_SHSEC_MAGIC, sizeof(md.md_magic));
+	md.md_version = G_SHSEC_VERSION;
+	name = gctl_get_ascii(req, "arg0");
+	strlcpy(md.md_name, name, sizeof(md.md_name));
+	md.md_id = arc4random();
+	md.md_all = nargs - 1;
+
+	/*
+	 * Ok, store metadata.
+	 */
+	for (i = 1; i < nargs; i++) {
+		name = gctl_get_ascii(req, "arg%d", i);
+		msize = g_get_mediasize(name);
+		ssize = g_get_sectorsize(name);
+		if (compsize < msize - ssize) {
+			fprintf(stderr,
+			    "warning: %s: only %jd bytes from %jd bytes used.\n",
+			    name, (intmax_t)compsize, (intmax_t)(msize - ssize));
+		}
+
+		md.md_no = i - 1;
+		md.md_provsize = msize;
+		if (!hardcode)
+			bzero(md.md_provider, sizeof(md.md_provider));
+		else {
+			if (strncmp(name, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
+				name += sizeof(_PATH_DEV) - 1;
+			strlcpy(md.md_provider, name, sizeof(md.md_provider));
+		}
+		shsec_metadata_encode(&md, sector);
+		error = g_metadata_store(name, sector, sizeof(sector));
+		if (error != 0) {
+			fprintf(stderr, "Can't store metadata on %s: %s.\n",
+			    name, strerror(error));
+			gctl_error(req, "Not fully done.");
+			continue;
+		}
+		if (verbose)
+			printf("Metadata value stored on %s.\n", name);
+	}
+}
+
+static void
+shsec_clear(struct gctl_req *req)
+{
+	const char *name;
+	int error, i, nargs;
+
+	nargs = gctl_get_int(req, "nargs");
+	if (nargs < 1) {
+		gctl_error(req, "Too few arguments.");
+		return;
+	}
+
+	for (i = 0; i < nargs; i++) {
+		name = gctl_get_ascii(req, "arg%d", i);
+		error = g_metadata_clear(name, G_SHSEC_MAGIC);
+		if (error != 0) {
+			fprintf(stderr, "Can't clear metadata on %s: %s.\n",
+			    name, strerror(error));
+			gctl_error(req, "Not fully done.");
+			continue;
+		}
+		if (verbose)
+			printf("Metadata cleared on %s.\n", name);
+	}
+}
+
+static void
+shsec_metadata_dump(const struct g_shsec_metadata *md)
+{
+
+	printf("         Magic string: %s\n", md->md_magic);
+	printf("     Metadata version: %u\n", (u_int)md->md_version);
+	printf("          Device name: %s\n", md->md_name);
+	printf("            Device ID: %u\n", (u_int)md->md_id);
+	printf("          Disk number: %u\n", (u_int)md->md_no);
+	printf("Total number of disks: %u\n", (u_int)md->md_all);
+	printf("   Hardcoded provider: %s\n", md->md_provider);
+}
+
+static void
+shsec_dump(struct gctl_req *req)
+{
+	struct g_shsec_metadata md, tmpmd;
+	const char *name;
+	int error, i, nargs;
+
+	nargs = gctl_get_int(req, "nargs");
+	if (nargs < 1) {
+		gctl_error(req, "Too few arguments.");
+		return;
+	}
+
+	for (i = 0; i < nargs; i++) {
+		name = gctl_get_ascii(req, "arg%d", i);
+		error = g_metadata_read(name, (u_char *)&tmpmd, sizeof(tmpmd),
+		    G_SHSEC_MAGIC);
+		if (error != 0) {
+			fprintf(stderr, "Can't read metadata from %s: %s.\n",
+			    name, strerror(error));
+			gctl_error(req, "Not fully done.");
+			continue;
+		}
+		shsec_metadata_decode((u_char *)&tmpmd, &md);
+		printf("Metadata on %s:\n", name);
+		shsec_metadata_dump(&md);
+		printf("\n");
+	}
+}
diff --git a/lib/geom/shsec/gshsec.8 b/lib/geom/shsec/gshsec.8
new file mode 100644
index 000000000000..d4477de3a71e
--- /dev/null
+++ b/lib/geom/shsec/gshsec.8
@@ -0,0 +1,127 @@
+.\" Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd October 1, 2013
+.Dt GSHSEC 8
+.Os
+.Sh NAME
+.Nm gshsec
+.Nd "control utility for shared secret devices"
+.Sh SYNOPSIS
+.Nm
+.Cm label
+.Op Fl hv
+.Ar name
+.Ar prov prov ...
+.Nm
+.Cm stop
+.Op Fl fv
+.Ar name ...
+.Nm
+.Cm clear
+.Op Fl v
+.Ar prov ...
+.Nm
+.Cm dump
+.Ar prov ...
+.Nm
+.Cm list
+.Nm
+.Cm status
+.Nm
+.Cm load
+.Nm
+.Cm unload
+.Sh DESCRIPTION
+The
+.Nm
+utility is used for setting up a device which contains a shared secret.
+The secret is shared between the given providers.
+To collect the secret, all providers are needed.
+If one of the components is missing, there is no way to get any useful data from
+the rest of them.
+The first argument to
+.Nm
+indicates an action to be performed:
+.Bl -tag -width ".Cm destroy"
+.It Cm label
+Set up a shared secret device from the given components with the specified
+.Ar name .
+Metadata are stored in the last sector of every component.
+.It Cm stop
+Turn off an existing shared secret device by its
+.Ar name .
+This command does not touch on-disk metadata!
+.It Cm clear
+Clear metadata on the given providers.
+.It Cm dump
+Dump metadata stored on the given providers.
+.It Cm list
+See
+.Xr geom 8 .
+.It Cm status
+See
+.Xr geom 8 .
+.It Cm load
+See
+.Xr geom 8 .
+.It Cm unload
+See
+.Xr geom 8 .
+.El
+.Pp
+Additional options:
+.Bl -tag -width ".Fl f"
+.It Fl f
+Force the removal of the specified shared secret device.
+.It Fl h
+Hardcode providers' names in metadata.
+.It Fl v
+Be more verbose.
+.El
+.Sh EXIT STATUS
+Exit status is 0 on success, and 1 if the command fails.
+.Sh EXAMPLES
+The following example shows how to create a shared secret device.
+The secret will be split between a slice on a local disk and a USB Pen drive.
+.Bd -literal -offset indent
+gshsec label -v secret /dev/ada0s1 /dev/da0
+newfs /dev/shsec/secret
+.Ed
+.Pp
+From now on, when the USB Pen drive is inserted, it will be automatically
+detected and connected, making the secret available via the
+.Pa /dev/shsec/secret
+device.
+.Sh SEE ALSO
+.Xr geom 4 ,
+.Xr geom 8 ,
+.Xr newfs 8
+.Sh HISTORY
+The
+.Nm
+utility appeared in
+.Fx 5.4 .
+.Sh AUTHORS
+.An Pawel Jakub Dawidek Aq Mt pjd@FreeBSD.org