1.\" $NetBSD: cgd.4,v 1.1 2002/10/04 18:57:35 elric Exp $ 2.\" 3.\" Copyright (c) 2002, The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Roland C. Dowdeswell. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the NetBSD 20.\" Foundation, Inc. and its contributors. 21.\" 4. Neither the name of The NetBSD Foundation nor the names of its 22.\" contributors may be used to endorse or promote products derived 23.\" from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35.\" POSSIBILITY OF SUCH DAMAGE. 36.\" 37.Dd September 23, 2002 38.Dt CGD 4 39.Os 40.Sh NAME 41.Nm cgd 42.Nd cryptographic disk driver 43.Sh SYNOPSIS 44.Cd "pseudo-device cgd" Op Ar count 45.Sh DESCRIPTION 46The 47.Nm 48driver provides the capability of encrypting blocks on their way 49to and from a disk or partition. 50.Pp 51In order to compile support for the 52.Nm 53into your kernel, you must add the driver to your kernel configuration 54file. To do this, add a line similar to: 55.Bd -unfilled -offset indent 56pseudo-device cgd 4 # cryptographic disk devices 57.Ed 58.Pp 59The count argument defines how many 60.Nm Ns 's 61may be configured at a time. 62.Ss Encryption Algorithms 63Currently the following cryptographic algorithms are supported: 64.Bl -tag -width indentxxxxxxx 65.It aes-cbc 66AES in CBC mode. AES uses a 128 bit blocksize and can accept keys of 67length 128, 192 or 256. The default key length is 256. 68.It 3des-cbc 69Triple DES in CBC mode. Triple DES uses a 64 bit blocksize and is 70performed in EDE3 mode with a 168 bit key. The key passed to the kernel 71is 192 bits but the parity bits are ignored. 72.It blowfish-cbc 73Blowfish in CBC mode. Blowfish uses a 64 bit blocksize and can accept 74keys of length 128. 75.El 76.Ss IV Methods 77Currently, the only IV Method supported is 78.Ar encblkno 79(Encrypted Block Number.) This method encrypts the block number of the 80physical disk block with the cipher and key provided and uses that as the 81IV for CBC mode. This method should ensure that each block has a different 82IV and that the IV is reasonably unpredictable. 83.Ss IOCTLS 84A 85.Nm 86responds to all of the standard disk 87.Xr ioctl 2 88calls defined in 89.Xr sd 4 , 90and also defines the following: 91.Bl -tag -width CGDIOCSET 92.It CGDIOCSET 93configure the 94.Nm "" . 95This 96.Xr ioctl 2 97sets up the encryption parameters and points the 98.Nm 99at the underlying disk. 100.It CGDIOCCLR 101unconfigures the 102.Nm "" . 103.El 104.Pp 105These 106.Xr ioctl 2 Ns 's 107and their associated data structures are defined in 108.Pa /usr/include/dev/cgdvar.h . 109.Sh WARNINGS 110It goes without saying that if you forget the passphrase that you used 111to configure a 112.Nm "" , 113then you have irrevocably lost all of the data on the disk. Please ensure 114that you are using an appropriate backup strategy. 115.Sh FILES 116.Bl -tag -width indentxxxxxxxxxxx 117.It /dev/{,r}cgd* 118.Nm 119device special files. 120.El 121.Sh SEE ALSO 122.Xr ioctl 2 , 123.Xr sd 4 , 124.Xr MAKEDEV 8 , 125.Xr cgdconfig 8 , 126.Xr config 8 127.Sh HISTORY 128The 129.Nm 130driver was written by Roland C. Dowdeswell for 131.Nx . 132The 133.Nm 134driver originally appeared in 135.Nx 1.7 . 136