Run a revision on the GBDE encryption facility.

Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.

Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.

This code has still not been stared at for 10 years by a gang of
hard-core cryptographers.  Discretion advised.

NB: These changes result in the on-disk format changing: dump/restore needed.

Sponsored by:   DARPA & NAI Labs.

1 files changed, 29 insertions, 5 deletions

diff --git a/sbin/gbde/gbde.8 b/sbin/gbde/gbde.8
index 2b1ec8668b16..0ea3eeff6473 100644
--- a/sbin/gbde/gbde.8
+++ b/sbin/gbde/gbde.8
@@ -16,9 +16,6 @@
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
-.\" 3. The names of the authors may not be used to endorse or promote
-.\"    products derived from this software without specific prior written
-.\"    permission.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -69,9 +66,21 @@
 .Ar destination
 .Op Fl n Ar key
 .Op Fl l Ar lockfile
+.Op Fl p Ar pass-phrase
 .Op Fl L Ar lockfile
+.Sh NOTICE
+.Pp
+Please be aware that this code has not yet received much review
+and analysis by qualified cryptographers and therefore should be considered
+a slightly suspect experimental facility.
+.Pp
+We cannot at this point guarantee that the on-disk format will not change
+in response to reviews or bug-fixes, so potential users are adviced to
+be prepared that
+.Xr dump 8 /
+.Xr restore 8
+based migrations may be called for in the future.
 .Sh DESCRIPTION
-The
 .Nm
 program is the only official operation and management interface for the
 .Xr gbde 4
@@ -128,15 +137,27 @@ argument
 specifies the pass-phrase used to opening the device.
 If not specified, the controlling terminal will be used to prompt the user
 for the pass-phrase.
+Be aware that using this option may exposed the pass-phrase to other
+users who happen to run
+.Xr
+ps 1
+or similar while the command is running.
 .Pp
 The
 .Fl P Ar new-pass-phrase
 argument
 can be used to specify the new pass-phrase to the
+.Cm init
+and 
 .Cm setkey
-subcommand.
+subcommands.
 If not specified, the user is prompted for the new pass-phrase on the
 controlling terminal.
+Be aware that using this option may exposed the pass-phrase to other
+users who happen to run
+.Xr
+ps 1
+or similar while the command is running.
 .Sh EXAMPLES
 To initialize a device, using default parameters:
 .Dl # gbde init /dev/ad0s1f -l /etc/ad0s1f.lock
@@ -168,3 +189,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
 DARPA CHATS research program.
 .Sh AUTHORS
 .An "Poul-Henning Kamp" Aq phk@FreeBSD.org
+.Sh BUGS
+The cryptographic algorithms and the over-all design has not been
+attacked mercilessly for over 10 years by a gang or cryptoanalysts.