1/*- 2 * Copyright (c) 2002 Poul-Henning Kamp 3 * Copyright (c) 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp 7 * and NAI Labs, the Security Research Division of Network Associates, Inc. 8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 9 * DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution.
| 1/*- 2 * Copyright (c) 2002 Poul-Henning Kamp 3 * Copyright (c) 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp 7 * and NAI Labs, the Security Research Division of Network Associates, Inc. 8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 9 * DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution.
|
19 * 3. The names of the authors may not be used to endorse or promote 20 * products derived from this software without specific prior written 21 * permission.
| |
22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 *
| 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 *
|
35 * $FreeBSD: head/sys/geom/bde/g_bde.h 106226 2002-10-30 22:13:54Z phk $
| 32 * $FreeBSD: head/sys/geom/bde/g_bde.h 106407 2002-11-04 09:27:01Z phk $
|
36 */ 37
| 33 */ 34
|
38/* These are quite, but not entirely unlike constants. */
| 35#ifndef _SYS_GEOM_BDE_G_BDE_H_ 36#define _SYS_GEOM_BDE_G_BDE_H_ 1 37 38/* 39 * These are quite, but not entirely unlike constants. 40 * 41 * They are not commented in details here, to prevent unadvisable 42 * experimentation. Please consult the code where they are used before you 43 * even think about modifying these. 44 */ 45
|
39#define G_BDE_MKEYLEN (2048/8) 40#define G_BDE_SKEYBITS 128 41#define G_BDE_SKEYLEN (G_BDE_SKEYBITS/8) 42#define G_BDE_KKEYBITS 128 43#define G_BDE_KKEYLEN (G_BDE_KKEYBITS/8) 44#define G_BDE_MAXKEYS 4 45#define G_BDE_LOCKSIZE 384
| 46#define G_BDE_MKEYLEN (2048/8) 47#define G_BDE_SKEYBITS 128 48#define G_BDE_SKEYLEN (G_BDE_SKEYBITS/8) 49#define G_BDE_KKEYBITS 128 50#define G_BDE_KKEYLEN (G_BDE_KKEYBITS/8) 51#define G_BDE_MAXKEYS 4 52#define G_BDE_LOCKSIZE 384
|
| 53#define NLOCK_FIELDS 13
|
46
| 54
|
| 55
|
47/* This just needs to be "large enough" */ 48#define G_BDE_KEYBYTES 304 49 50struct g_bde_work; 51struct g_bde_softc; 52 53struct g_bde_sector { 54 struct g_bde_work *owner; 55 struct g_bde_softc *softc; 56 off_t offset; 57 u_int size; 58 u_int ref; 59 void *data; 60 TAILQ_ENTRY(g_bde_sector) list; 61 u_char valid; 62 u_char malloc; 63 enum {JUNK, IO, VALID} state; 64 int error;
| 56/* This just needs to be "large enough" */ 57#define G_BDE_KEYBYTES 304 58 59struct g_bde_work; 60struct g_bde_softc; 61 62struct g_bde_sector { 63 struct g_bde_work *owner; 64 struct g_bde_softc *softc; 65 off_t offset; 66 u_int size; 67 u_int ref; 68 void *data; 69 TAILQ_ENTRY(g_bde_sector) list; 70 u_char valid; 71 u_char malloc; 72 enum {JUNK, IO, VALID} state; 73 int error;
|
| 74 time_t used;
|
65}; 66 67struct g_bde_work { 68 struct mtx mutex; 69 off_t offset; 70 off_t length; 71 void *data; 72 struct bio *bp; 73 struct g_bde_softc *softc; 74 off_t so; 75 off_t kso; 76 u_int ko; 77 struct g_bde_sector *sp; 78 struct g_bde_sector *ksp; 79 TAILQ_ENTRY(g_bde_work) list; 80 enum {SETUP, WAIT, FINISH} state; 81 int error; 82}; 83
| 75}; 76 77struct g_bde_work { 78 struct mtx mutex; 79 off_t offset; 80 off_t length; 81 void *data; 82 struct bio *bp; 83 struct g_bde_softc *softc; 84 off_t so; 85 off_t kso; 86 u_int ko; 87 struct g_bde_sector *sp; 88 struct g_bde_sector *ksp; 89 TAILQ_ENTRY(g_bde_work) list; 90 enum {SETUP, WAIT, FINISH} state; 91 int error; 92}; 93
|
| 94/* 95 * The decrypted contents of the lock sectors. Notice that this is not 96 * the same as the on-disk layout. The on-disk layout is dynamic and 97 * dependent on the pass-phrase. 98 */
|
84struct g_bde_key { 85 uint64_t sector0;
| 99struct g_bde_key { 100 uint64_t sector0;
|
86 /* Physical byte offset of first byte used */
| 101 /* Physical byte offset of 1st byte used */
|
87 uint64_t sectorN;
| 102 uint64_t sectorN;
|
88 /* Physical byte offset of first byte not used */
| 103 /* Physical byte offset of 1st byte not used */
|
89 uint64_t keyoffset;
| 104 uint64_t keyoffset;
|
| 105 /* Number of bytes the disk image is skewed. */
|
90 uint64_t lsector[G_BDE_MAXKEYS];
| 106 uint64_t lsector[G_BDE_MAXKEYS];
|
91 /* Physical offsets */
| 107 /* Physical byte offsets of lock sectors */
|
92 uint32_t sectorsize;
| 108 uint32_t sectorsize;
|
| 109 /* Our "logical" sector size */
|
93 uint32_t flags; 94 /* 1 = lockfile in sector 0 */
| 110 uint32_t flags; 111 /* 1 = lockfile in sector 0 */
|
95 uint8_t hash[16];
| |
96 uint8_t salt[16];
| 112 uint8_t salt[16];
|
| 113 /* Used to frustate the kkey generation */
|
97 uint8_t spare[32];
| 114 uint8_t spare[32];
|
| 115 /* For future use, random contents */
|
98 uint8_t mkey[G_BDE_MKEYLEN];
| 116 uint8_t mkey[G_BDE_MKEYLEN];
|
| 117 /* Our masterkey. */ 118
|
99 /* Non-stored help-fields */ 100 uint64_t zone_width; /* On-disk width of zone */ 101 uint64_t zone_cont; /* Payload width of zone */ 102 uint64_t media_width; /* Non-magic width of zone */ 103 u_int keys_per_sector; 104}; 105 106struct g_bde_softc { 107 off_t mediasize; 108 u_int sectorsize; 109 uint64_t zone_cont; 110 struct g_geom *geom; 111 struct g_consumer *consumer; 112 TAILQ_HEAD(, g_bde_sector) freelist; 113 TAILQ_HEAD(, g_bde_work) worklist; 114 struct mtx worklist_mutex; 115 struct proc *thread; 116 struct g_bde_key key;
| 119 /* Non-stored help-fields */ 120 uint64_t zone_width; /* On-disk width of zone */ 121 uint64_t zone_cont; /* Payload width of zone */ 122 uint64_t media_width; /* Non-magic width of zone */ 123 u_int keys_per_sector; 124}; 125 126struct g_bde_softc { 127 off_t mediasize; 128 u_int sectorsize; 129 uint64_t zone_cont; 130 struct g_geom *geom; 131 struct g_consumer *consumer; 132 TAILQ_HEAD(, g_bde_sector) freelist; 133 TAILQ_HEAD(, g_bde_work) worklist; 134 struct mtx worklist_mutex; 135 struct proc *thread; 136 struct g_bde_key key;
|
117 u_char arc4_sbox[256]; 118 u_char arc4_i, arc4_j;
| |
119 int dead; 120 u_int nwork; 121 u_int nsect; 122 u_int ncache;
| 137 int dead; 138 u_int nwork; 139 u_int nsect; 140 u_int ncache;
|
| 141 u_char sha2[SHA512_DIGEST_LENGTH];
|
123}; 124 125/* g_bde_crypt.c */ 126void g_bde_crypt_delete(struct g_bde_work *wp); 127void g_bde_crypt_read(struct g_bde_work *wp); 128void g_bde_crypt_write(struct g_bde_work *wp); 129 130/* g_bde_key.c */ 131void g_bde_zap_key(struct g_bde_softc *sc); 132int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len); 133int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len); 134 135/* g_bde_lock .c */
| 142}; 143 144/* g_bde_crypt.c */ 145void g_bde_crypt_delete(struct g_bde_work *wp); 146void g_bde_crypt_read(struct g_bde_work *wp); 147void g_bde_crypt_write(struct g_bde_work *wp); 148 149/* g_bde_key.c */ 150void g_bde_zap_key(struct g_bde_softc *sc); 151int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len); 152int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len); 153 154/* g_bde_lock .c */
|
136void g_bde_encode_lock(struct g_bde_key *gl, u_char *ptr); 137void g_bde_decode_lock(struct g_bde_key *gl, u_char *ptr); 138u_char g_bde_arc4(struct g_bde_softc *sc); 139void g_bde_arc4_seq(struct g_bde_softc *sc, void *ptr, u_int len); 140void g_bde_arc4_seed(struct g_bde_softc *sc, const void *ptr, u_int len); 141int g_bde_keyloc_encrypt(struct g_bde_softc *sc, void *input, void *output); 142int g_bde_keyloc_decrypt(struct g_bde_softc *sc, void *input, void *output); 143int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey);
| 155int g_bde_encode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr); 156int g_bde_decode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr); 157int g_bde_keyloc_encrypt(struct g_bde_softc *sc, uint64_t *input, void *output); 158int g_bde_keyloc_decrypt(struct g_bde_softc *sc, void *input, uint64_t *output); 159int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *keymat, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey); 160void g_bde_hash_pass(struct g_bde_softc *sc, const void *input, u_int len);
|
144 145/* g_bde_math .c */ 146uint64_t g_bde_max_sector(struct g_bde_key *lp); 147void g_bde_map_sector(struct g_bde_key *lp, uint64_t isector, uint64_t *osector, uint64_t *ksector, u_int *koffset); 148 149/* g_bde_work.c */ 150void g_bde_start1(struct bio *bp); 151void g_bde_worker(void *arg); 152
| 161 162/* g_bde_math .c */ 163uint64_t g_bde_max_sector(struct g_bde_key *lp); 164void g_bde_map_sector(struct g_bde_key *lp, uint64_t isector, uint64_t *osector, uint64_t *ksector, u_int *koffset); 165 166/* g_bde_work.c */ 167void g_bde_start1(struct bio *bp); 168void g_bde_worker(void *arg); 169
|
| 170/* 171 * These four functions wrap the raw Rijndael functions and make sure we 172 * explode if something fails which shouldn't. 173 */ 174 175static __inline void 176AES_init(cipherInstance *ci) 177{ 178 int error; 179 180 error = rijndael_cipherInit(ci, MODE_CBC, NULL); 181 KASSERT(error > 0, ("rijndael_cipherInit %d", error)); 182} 183 184static __inline void 185AES_makekey(keyInstance *ki, int dir, u_int len, void *key) 186{ 187 int error; 188 189 error = rijndael_makeKey(ki, dir, len, key); 190 KASSERT(error > 0, ("rijndael_makeKey %d", error)); 191} 192 193static __inline void 194AES_encrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len) 195{ 196 int error; 197 198 error = rijndael_blockEncrypt(ci, ki, in, len * 8, out); 199 KASSERT(error > 0, ("rijndael_blockEncrypt %d", error)); 200} 201 202static __inline void 203AES_decrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len) 204{ 205 int error; 206 207 error = rijndael_blockDecrypt(ci, ki, in, len * 8, out); 208 KASSERT(error > 0, ("rijndael_blockDecrypt %d", error)); 209} 210 211#endif /* _SYS_GEOM_BDE_G_BDE_H_ */
|
| |