1.\" $NetBSD: cgd.4,v 1.8 2006/03/11 08:04:48 elric Exp $ 2.\" 3.\" Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Roland C. Dowdeswell. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the NetBSD 20.\" Foundation, Inc. and its contributors. 21.\" 4. Neither the name of The NetBSD Foundation nor the names of its 22.\" contributors may be used to endorse or promote products derived 23.\" from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35.\" POSSIBILITY OF SUCH DAMAGE. 36.\" 37.Dd August 14, 2003 38.Dt CGD 4 39.Os 40.Sh NAME 41.Nm cgd 42.Nd cryptographic disk driver 43.Sh SYNOPSIS 44.Cd "pseudo-device cgd" Op Ar count 45.Sh DESCRIPTION 46The 47.Nm 48driver provides the capability of encrypting blocks on their way 49to and from a disk or partition. 50.Pp 51In order to compile support for the 52.Nm 53into your kernel, you must add the driver to your kernel configuration 54file. 55To do this, add a line similar to: 56.Bd -unfilled -offset indent 57pseudo-device cgd 4 # cryptographic disk driver 58.Ed 59.Pp 60The count argument defines how many 61.Nm Ns 's 62may be configured at a time. 63.Ss Encryption Algorithms 64Currently the following cryptographic algorithms are supported: 65.Bl -tag -width indentxxxxxxx 66.It aes-cbc 67AES in CBC mode. 68AES uses a 128 bit blocksize and can accept keys of 69length 128, 192, or 256. 70The default key length is 128. 71.It 3des-cbc 72Triple DES in CBC mode. 73Triple DES uses a 64 bit blocksize and is 74performed in EDE3 mode with a 168 bit key. 75The key passed to the kernel 76is 192 bits but the parity bits are ignored. 77.It blowfish-cbc 78Blowfish in CBC mode. 79Blowfish uses a 64 bit blocksize and can accept keys between 40 and 80448 bits in multiples of 8. 81It is strongly encouraged that keys be at least 128 bits long. 82There are no performance advantages of using shorter keys. 83The default key length is 128 bits. 84.El 85.Ss IV Methods 86Currently, the only IV Method supported is 87.Ar encblkno 88(Encrypted Block Number). 89This method encrypts the block number of the 90physical disk block with the cipher and key provided and uses that as the 91IV for CBC mode. 92This method should ensure that each block has a different 93IV and that the IV is reasonably unpredictable. 94.Ss IOCTLS 95A 96.Nm 97responds to all of the standard disk 98.Xr ioctl 2 99calls defined in 100.Xr sd 4 , 101and also defines the following: 102.Bl -tag -width CGDIOCSET 103.It CGDIOCSET 104configure the 105.Nm . 106This 107.Xr ioctl 2 108sets up the encryption parameters and points the 109.Nm 110at the underlying disk. 111.It CGDIOCCLR 112unconfigures the 113.Nm . 114.El 115.Pp 116These 117.Xr ioctl 2 Ns 's 118and their associated data structures are defined in 119.Pa /usr/include/dev/cgdvar.h . 120.Sh WARNINGS 121It goes without saying that if you forget the passphrase that you used 122to configure a 123.Nm , 124then you have irrevocably lost all of the data on the disk. 125Please ensure that you are using an appropriate backup strategy. 126.Sh FILES 127.Bl -tag -width indentxxxxxxxxxxx 128.It /dev/{,r}cgd* 129.Nm 130device special files. 131.El 132.Sh SEE ALSO 133.Xr config 1 , 134.Xr ioctl 2 , 135.Xr sd 4 , 136.Xr MAKEDEV 8 , 137.Xr cgdconfig 8 138.Sh HISTORY 139The 140.Nm 141driver was written by Roland C. Dowdeswell for 142.Nx . 143The 144.Nm 145driver originally appeared in 146.Nx 2.0 . 147