1/*-
2 * Copyright (c) 2002 Poul-Henning Kamp
3 * Copyright (c) 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp
7 * and NAI Labs, the Security Research Division of Network Associates, Inc.
8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
9 * DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
| 1/*-
2 * Copyright (c) 2002 Poul-Henning Kamp
3 * Copyright (c) 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp
7 * and NAI Labs, the Security Research Division of Network Associates, Inc.
8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
9 * DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
|
19 * 3. The names of the authors may not be used to endorse or promote
20 * products derived from this software without specific prior written
21 * permission.
| |
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 *
| 19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
|
35 * $FreeBSD: head/sys/geom/bde/g_bde.h 106226 2002-10-30 22:13:54Z phk $
| 32 * $FreeBSD: head/sys/geom/bde/g_bde.h 106407 2002-11-04 09:27:01Z phk $
|
36 */
37
| 33 */
34
|
38/* These are quite, but not entirely unlike constants. */
| 35#ifndef _SYS_GEOM_BDE_G_BDE_H_
36#define _SYS_GEOM_BDE_G_BDE_H_ 1
37
38/*
39 * These are quite, but not entirely unlike constants.
40 *
41 * They are not commented in details here, to prevent unadvisable
42 * experimentation. Please consult the code where they are used before you
43 * even think about modifying these.
44 */
45
|
39#define G_BDE_MKEYLEN (2048/8)
40#define G_BDE_SKEYBITS 128
41#define G_BDE_SKEYLEN (G_BDE_SKEYBITS/8)
42#define G_BDE_KKEYBITS 128
43#define G_BDE_KKEYLEN (G_BDE_KKEYBITS/8)
44#define G_BDE_MAXKEYS 4
45#define G_BDE_LOCKSIZE 384
| 46#define G_BDE_MKEYLEN (2048/8)
47#define G_BDE_SKEYBITS 128
48#define G_BDE_SKEYLEN (G_BDE_SKEYBITS/8)
49#define G_BDE_KKEYBITS 128
50#define G_BDE_KKEYLEN (G_BDE_KKEYBITS/8)
51#define G_BDE_MAXKEYS 4
52#define G_BDE_LOCKSIZE 384
|
| 53#define NLOCK_FIELDS 13
|
46
| 54
|
| 55
|
47/* This just needs to be "large enough" */
48#define G_BDE_KEYBYTES 304
49
50struct g_bde_work;
51struct g_bde_softc;
52
53struct g_bde_sector {
54 struct g_bde_work *owner;
55 struct g_bde_softc *softc;
56 off_t offset;
57 u_int size;
58 u_int ref;
59 void *data;
60 TAILQ_ENTRY(g_bde_sector) list;
61 u_char valid;
62 u_char malloc;
63 enum {JUNK, IO, VALID} state;
64 int error;
| 56/* This just needs to be "large enough" */
57#define G_BDE_KEYBYTES 304
58
59struct g_bde_work;
60struct g_bde_softc;
61
62struct g_bde_sector {
63 struct g_bde_work *owner;
64 struct g_bde_softc *softc;
65 off_t offset;
66 u_int size;
67 u_int ref;
68 void *data;
69 TAILQ_ENTRY(g_bde_sector) list;
70 u_char valid;
71 u_char malloc;
72 enum {JUNK, IO, VALID} state;
73 int error;
|
| 74 time_t used;
|
65};
66
67struct g_bde_work {
68 struct mtx mutex;
69 off_t offset;
70 off_t length;
71 void *data;
72 struct bio *bp;
73 struct g_bde_softc *softc;
74 off_t so;
75 off_t kso;
76 u_int ko;
77 struct g_bde_sector *sp;
78 struct g_bde_sector *ksp;
79 TAILQ_ENTRY(g_bde_work) list;
80 enum {SETUP, WAIT, FINISH} state;
81 int error;
82};
83
| 75};
76
77struct g_bde_work {
78 struct mtx mutex;
79 off_t offset;
80 off_t length;
81 void *data;
82 struct bio *bp;
83 struct g_bde_softc *softc;
84 off_t so;
85 off_t kso;
86 u_int ko;
87 struct g_bde_sector *sp;
88 struct g_bde_sector *ksp;
89 TAILQ_ENTRY(g_bde_work) list;
90 enum {SETUP, WAIT, FINISH} state;
91 int error;
92};
93
|
| 94/*
95 * The decrypted contents of the lock sectors. Notice that this is not
96 * the same as the on-disk layout. The on-disk layout is dynamic and
97 * dependent on the pass-phrase.
98 */
|
84struct g_bde_key {
85 uint64_t sector0;
| 99struct g_bde_key {
100 uint64_t sector0;
|
86 /* Physical byte offset of first byte used */
| 101 /* Physical byte offset of 1st byte used */
|
87 uint64_t sectorN;
| 102 uint64_t sectorN;
|
88 /* Physical byte offset of first byte not used */
| 103 /* Physical byte offset of 1st byte not used */
|
89 uint64_t keyoffset;
| 104 uint64_t keyoffset;
|
| 105 /* Number of bytes the disk image is skewed. */
|
90 uint64_t lsector[G_BDE_MAXKEYS];
| 106 uint64_t lsector[G_BDE_MAXKEYS];
|
91 /* Physical offsets */
| 107 /* Physical byte offsets of lock sectors */
|
92 uint32_t sectorsize;
| 108 uint32_t sectorsize;
|
| 109 /* Our "logical" sector size */
|
93 uint32_t flags;
94 /* 1 = lockfile in sector 0 */
| 110 uint32_t flags;
111 /* 1 = lockfile in sector 0 */
|
95 uint8_t hash[16];
| |
96 uint8_t salt[16];
| 112 uint8_t salt[16];
|
| 113 /* Used to frustate the kkey generation */
|
97 uint8_t spare[32];
| 114 uint8_t spare[32];
|
| 115 /* For future use, random contents */
|
98 uint8_t mkey[G_BDE_MKEYLEN];
| 116 uint8_t mkey[G_BDE_MKEYLEN];
|
| 117 /* Our masterkey. */
118
|
99 /* Non-stored help-fields */
100 uint64_t zone_width; /* On-disk width of zone */
101 uint64_t zone_cont; /* Payload width of zone */
102 uint64_t media_width; /* Non-magic width of zone */
103 u_int keys_per_sector;
104};
105
106struct g_bde_softc {
107 off_t mediasize;
108 u_int sectorsize;
109 uint64_t zone_cont;
110 struct g_geom *geom;
111 struct g_consumer *consumer;
112 TAILQ_HEAD(, g_bde_sector) freelist;
113 TAILQ_HEAD(, g_bde_work) worklist;
114 struct mtx worklist_mutex;
115 struct proc *thread;
116 struct g_bde_key key;
| 119 /* Non-stored help-fields */
120 uint64_t zone_width; /* On-disk width of zone */
121 uint64_t zone_cont; /* Payload width of zone */
122 uint64_t media_width; /* Non-magic width of zone */
123 u_int keys_per_sector;
124};
125
126struct g_bde_softc {
127 off_t mediasize;
128 u_int sectorsize;
129 uint64_t zone_cont;
130 struct g_geom *geom;
131 struct g_consumer *consumer;
132 TAILQ_HEAD(, g_bde_sector) freelist;
133 TAILQ_HEAD(, g_bde_work) worklist;
134 struct mtx worklist_mutex;
135 struct proc *thread;
136 struct g_bde_key key;
|
117 u_char arc4_sbox[256];
118 u_char arc4_i, arc4_j;
| |
119 int dead;
120 u_int nwork;
121 u_int nsect;
122 u_int ncache;
| 137 int dead;
138 u_int nwork;
139 u_int nsect;
140 u_int ncache;
|
| 141 u_char sha2[SHA512_DIGEST_LENGTH];
|
123};
124
125/* g_bde_crypt.c */
126void g_bde_crypt_delete(struct g_bde_work *wp);
127void g_bde_crypt_read(struct g_bde_work *wp);
128void g_bde_crypt_write(struct g_bde_work *wp);
129
130/* g_bde_key.c */
131void g_bde_zap_key(struct g_bde_softc *sc);
132int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len);
133int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len);
134
135/* g_bde_lock .c */
| 142};
143
144/* g_bde_crypt.c */
145void g_bde_crypt_delete(struct g_bde_work *wp);
146void g_bde_crypt_read(struct g_bde_work *wp);
147void g_bde_crypt_write(struct g_bde_work *wp);
148
149/* g_bde_key.c */
150void g_bde_zap_key(struct g_bde_softc *sc);
151int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len);
152int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len);
153
154/* g_bde_lock .c */
|
136void g_bde_encode_lock(struct g_bde_key *gl, u_char *ptr);
137void g_bde_decode_lock(struct g_bde_key *gl, u_char *ptr);
138u_char g_bde_arc4(struct g_bde_softc *sc);
139void g_bde_arc4_seq(struct g_bde_softc *sc, void *ptr, u_int len);
140void g_bde_arc4_seed(struct g_bde_softc *sc, const void *ptr, u_int len);
141int g_bde_keyloc_encrypt(struct g_bde_softc *sc, void *input, void *output);
142int g_bde_keyloc_decrypt(struct g_bde_softc *sc, void *input, void *output);
143int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey);
| 155int g_bde_encode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr);
156int g_bde_decode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr);
157int g_bde_keyloc_encrypt(struct g_bde_softc *sc, uint64_t *input, void *output);
158int g_bde_keyloc_decrypt(struct g_bde_softc *sc, void *input, uint64_t *output);
159int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *keymat, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey);
160void g_bde_hash_pass(struct g_bde_softc *sc, const void *input, u_int len);
|
144
145/* g_bde_math .c */
146uint64_t g_bde_max_sector(struct g_bde_key *lp);
147void g_bde_map_sector(struct g_bde_key *lp, uint64_t isector, uint64_t *osector, uint64_t *ksector, u_int *koffset);
148
149/* g_bde_work.c */
150void g_bde_start1(struct bio *bp);
151void g_bde_worker(void *arg);
152
| 161
162/* g_bde_math .c */
163uint64_t g_bde_max_sector(struct g_bde_key *lp);
164void g_bde_map_sector(struct g_bde_key *lp, uint64_t isector, uint64_t *osector, uint64_t *ksector, u_int *koffset);
165
166/* g_bde_work.c */
167void g_bde_start1(struct bio *bp);
168void g_bde_worker(void *arg);
169
|
| 170/*
171 * These four functions wrap the raw Rijndael functions and make sure we
172 * explode if something fails which shouldn't.
173 */
174
175static __inline void
176AES_init(cipherInstance *ci)
177{
178 int error;
179
180 error = rijndael_cipherInit(ci, MODE_CBC, NULL);
181 KASSERT(error > 0, ("rijndael_cipherInit %d", error));
182}
183
184static __inline void
185AES_makekey(keyInstance *ki, int dir, u_int len, void *key)
186{
187 int error;
188
189 error = rijndael_makeKey(ki, dir, len, key);
190 KASSERT(error > 0, ("rijndael_makeKey %d", error));
191}
192
193static __inline void
194AES_encrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len)
195{
196 int error;
197
198 error = rijndael_blockEncrypt(ci, ki, in, len * 8, out);
199 KASSERT(error > 0, ("rijndael_blockEncrypt %d", error));
200}
201
202static __inline void
203AES_decrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len)
204{
205 int error;
206
207 error = rijndael_blockDecrypt(ci, ki, in, len * 8, out);
208 KASSERT(error > 0, ("rijndael_blockDecrypt %d", error));
209}
210
211#endif /* _SYS_GEOM_BDE_G_BDE_H_ */
|
| |