Data authentication for geli(8) committed to HEAD.



Hi.

geli(8) from FreeBSD-CURRENT is not able to perform data integrity
verification (data authentication) using one of the following
algorithms:

- HMAC/MD5
- HMAC/SHA1
- HMAC/RIPEMD160
- HMAC/SHA256
- HMAC/SHA384
- HMAC/SHA512

One of the main design goals was to make it reliable and resistant to
power failures or system crashes. This was very important to commit both
data update and HMAC update as an atomic operation to the disk, so users
don't have to fight with false positives.
Even with data authentication enabled, geli(8) should still be fast - to
provide the reliability I'm talking on internal journal or other complex
mechanisms are used. It is still sector-to-sector encryption.

If someone is interested in the data layout itself, it is described in
the sys/geom/eli/g_eli_integrity.c file.

Before you use this feature, please read "DATA AUTHENTICATION" section
in the geli(8) manual page, to learn against which kind of attacks
geli(8) can protect your data and against which it can not.

While working on this, I improved crypto(9) framework a bit and various
drivers. At this point, all crypto accelerators, which we support should
work with geli(8) (ubsec(4), hifn(4), safe(4), padlock(4)), also with
data authentication functionality.

Enjoy!

<commercial>
The work was sponsored by Wheel LTD. [http://www.wheel.pl],
creator of authentication system - CERB - which allows to use mobile
phone/device in two-factor authentication process.
</commercial>

--
Pawel Jakub Dawidek http://www.wheel.pl
pjd@xxxxxxxxxxx http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!

Attachment: pgp6d9sbkDShL.pgp
Description: PGP signature