1/*-
| 1/*-
|
2 * Copyright (c) 2005 Pawel Jakub Dawidek
| 2 * Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
|
3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h>
| 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h>
|
28__FBSDID("$FreeBSD: head/sys/geom/eli/g_eli.c 161127 2006-08-09 18:11:14Z pjd $");
| 28__FBSDID("$FreeBSD: head/sys/geom/eli/g_eli.c 161220 2006-08-11 19:09:12Z pjd $");
|
29 30#include <sys/param.h> 31#include <sys/systm.h> 32#include <sys/kernel.h> 33#include <sys/linker.h> 34#include <sys/module.h> 35#include <sys/lock.h> 36#include <sys/mutex.h> 37#include <sys/bio.h> 38#include <sys/sysctl.h> 39#include <sys/malloc.h> 40#include <sys/kthread.h> 41#include <sys/proc.h> 42#include <sys/sched.h> 43#include <sys/smp.h> 44#include <sys/uio.h> 45#include <sys/vnode.h> 46 47#include <vm/uma.h> 48 49#include <geom/geom.h> 50#include <geom/eli/g_eli.h> 51#include <geom/eli/pkcs5v2.h> 52 53 54MALLOC_DEFINE(M_ELI, "eli data", "GEOM_ELI Data"); 55 56SYSCTL_DECL(_kern_geom); 57SYSCTL_NODE(_kern_geom, OID_AUTO, eli, CTLFLAG_RW, 0, "GEOM_ELI stuff"); 58u_int g_eli_debug = 0; 59TUNABLE_INT("kern.geom.eli.debug", &g_eli_debug); 60SYSCTL_UINT(_kern_geom_eli, OID_AUTO, debug, CTLFLAG_RW, &g_eli_debug, 0, 61 "Debug level"); 62static u_int g_eli_tries = 3; 63TUNABLE_INT("kern.geom.eli.tries", &g_eli_tries); 64SYSCTL_UINT(_kern_geom_eli, OID_AUTO, tries, CTLFLAG_RW, &g_eli_tries, 0, 65 "Number of tries for entering the passphrase"); 66static u_int g_eli_visible_passphrase = 0; 67TUNABLE_INT("kern.geom.eli.visible_passphrase", &g_eli_visible_passphrase); 68SYSCTL_UINT(_kern_geom_eli, OID_AUTO, visible_passphrase, CTLFLAG_RW, 69 &g_eli_visible_passphrase, 0, 70 "Turn on echo when entering the passphrase (for debug purposes only!!)"); 71u_int g_eli_overwrites = 5; 72TUNABLE_INT("kern.geom.eli.overwrites", &g_eli_overwrites); 73SYSCTL_UINT(_kern_geom_eli, OID_AUTO, overwrites, CTLFLAG_RW, &g_eli_overwrites, 74 0, "Number of times on-disk keys should be overwritten when destroying them"); 75static u_int g_eli_threads = 0; 76TUNABLE_INT("kern.geom.eli.threads", &g_eli_threads); 77SYSCTL_UINT(_kern_geom_eli, OID_AUTO, threads, CTLFLAG_RW, &g_eli_threads, 0, 78 "Number of threads doing crypto work"); 79u_int g_eli_batch = 0; 80TUNABLE_INT("kern.geom.eli.batch", &g_eli_batch); 81SYSCTL_UINT(_kern_geom_eli, OID_AUTO, batch, CTLFLAG_RW, &g_eli_batch, 0, 82 "Use crypto operations batching"); 83 84static int g_eli_destroy_geom(struct gctl_req *req, struct g_class *mp, 85 struct g_geom *gp); 86 87static g_taste_t g_eli_taste; 88static g_dumpconf_t g_eli_dumpconf; 89 90struct g_class g_eli_class = { 91 .name = G_ELI_CLASS_NAME, 92 .version = G_VERSION, 93 .ctlreq = g_eli_config, 94 .taste = g_eli_taste, 95 .destroy_geom = g_eli_destroy_geom 96}; 97 98 99/* 100 * Code paths: 101 * BIO_READ: 102 * g_eli_start -> g_io_request -> g_eli_read_done -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 103 * BIO_WRITE: 104 * g_eli_start -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> g_eli_write_done -> g_io_deliver 105 */ 106 107 108/* 109 * EAGAIN from crypto(9) means, that we were probably balanced to another crypto 110 * accelerator or something like this. 111 * The function updates the SID and rerun the operation. 112 */ 113int 114g_eli_crypto_rerun(struct cryptop *crp) 115{ 116 struct g_eli_softc *sc; 117 struct g_eli_worker *wr; 118 struct bio *bp; 119 int error; 120 121 bp = (struct bio *)crp->crp_opaque; 122 sc = bp->bio_to->geom->softc; 123 LIST_FOREACH(wr, &sc->sc_workers, w_next) { 124 if (wr->w_number == bp->bio_pflags) 125 break; 126 } 127 KASSERT(wr != NULL, ("Invalid worker (%u).", bp->bio_pflags)); 128 G_ELI_DEBUG(1, "Rerunning crypto %s request (sid: %ju -> %ju).", 129 bp->bio_cmd == BIO_READ ? "READ" : "WRITE", (uintmax_t)wr->w_sid, 130 (uintmax_t)crp->crp_sid); 131 wr->w_sid = crp->crp_sid; 132 crp->crp_etype = 0; 133 error = crypto_dispatch(crp); 134 if (error == 0) 135 return (0); 136 G_ELI_DEBUG(1, "%s: crypto_dispatch() returned %d.", __func__, error); 137 crp->crp_etype = error; 138 return (error); 139} 140 141/* 142 * The function is called afer reading encrypted data from the provider. 143 * 144 * g_eli_start -> g_io_request -> G_ELI_READ_DONE -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 145 */ 146void 147g_eli_read_done(struct bio *bp) 148{ 149 struct g_eli_softc *sc; 150 struct bio *pbp; 151 152 G_ELI_LOGREQ(2, bp, "Request done."); 153 pbp = bp->bio_parent; 154 if (pbp->bio_error == 0) 155 pbp->bio_error = bp->bio_error; 156 /* 157 * Do we have all sectors already? 158 */ 159 pbp->bio_inbed++; 160 if (pbp->bio_inbed < pbp->bio_children) 161 return; 162 g_destroy_bio(bp); 163 if (pbp->bio_error != 0) { 164 G_ELI_LOGREQ(0, pbp, "%s() failed", __func__); 165 pbp->bio_completed = 0; 166 if (pbp->bio_driver2 != NULL) { 167 free(pbp->bio_driver2, M_ELI); 168 pbp->bio_driver2 = NULL; 169 } 170 g_io_deliver(pbp, pbp->bio_error); 171 return; 172 } 173 sc = pbp->bio_to->geom->softc; 174 mtx_lock(&sc->sc_queue_mtx); 175 bioq_insert_tail(&sc->sc_queue, pbp); 176 mtx_unlock(&sc->sc_queue_mtx); 177 wakeup(sc); 178} 179 180/* 181 * The function is called after we encrypt and write data. 182 * 183 * g_eli_start -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> G_ELI_WRITE_DONE -> g_io_deliver 184 */ 185void 186g_eli_write_done(struct bio *bp) 187{ 188 struct bio *pbp; 189 190 G_ELI_LOGREQ(2, bp, "Request done."); 191 pbp = bp->bio_parent; 192 if (pbp->bio_error == 0) { 193 if (bp->bio_error != 0) 194 pbp->bio_error = bp->bio_error; 195 } 196 /* 197 * Do we have all sectors already? 198 */ 199 pbp->bio_inbed++; 200 if (pbp->bio_inbed < pbp->bio_children) 201 return; 202 free(pbp->bio_driver2, M_ELI); 203 pbp->bio_driver2 = NULL; 204 if (pbp->bio_error != 0) { 205 G_ELI_LOGREQ(0, pbp, "Crypto WRITE request failed (error=%d).", 206 pbp->bio_error); 207 pbp->bio_completed = 0; 208 } 209 g_destroy_bio(bp); 210 /* 211 * Write is finished, send it up. 212 */ 213 pbp->bio_completed = pbp->bio_length; 214 g_io_deliver(pbp, pbp->bio_error); 215} 216 217/* 218 * This function should never be called, but GEOM made as it set ->orphan() 219 * method for every geom. 220 */ 221static void 222g_eli_orphan_spoil_assert(struct g_consumer *cp) 223{ 224 225 panic("Function %s() called for %s.", __func__, cp->geom->name); 226} 227 228static void 229g_eli_orphan(struct g_consumer *cp) 230{ 231 struct g_eli_softc *sc; 232 233 g_topology_assert(); 234 sc = cp->geom->softc; 235 if (sc == NULL) 236 return; 237 g_eli_destroy(sc, 1); 238} 239 240/* 241 * BIO_READ : G_ELI_START -> g_io_request -> g_eli_read_done -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 242 * BIO_WRITE: G_ELI_START -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> g_eli_write_done -> g_io_deliver 243 */ 244static void 245g_eli_start(struct bio *bp) 246{ 247 struct g_eli_softc *sc; 248 struct g_consumer *cp; 249 struct bio *cbp; 250 251 sc = bp->bio_to->geom->softc; 252 KASSERT(sc != NULL, 253 ("Provider's error should be set (error=%d)(device=%s).", 254 bp->bio_to->error, bp->bio_to->name)); 255 G_ELI_LOGREQ(2, bp, "Request received."); 256 257 switch (bp->bio_cmd) { 258 case BIO_READ: 259 case BIO_WRITE: 260 case BIO_GETATTR: 261 break; 262 case BIO_DELETE: 263 /* 264 * We could eventually support BIO_DELETE request. 265 * It could be done by overwritting requested sector with 266 * random data g_eli_overwrites number of times. 267 */ 268 default: 269 g_io_deliver(bp, EOPNOTSUPP); 270 return; 271 } 272 cbp = g_clone_bio(bp); 273 if (cbp == NULL) { 274 g_io_deliver(bp, ENOMEM); 275 return; 276 } 277 switch (bp->bio_cmd) { 278 case BIO_READ: 279 if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) { 280 bp->bio_driver2 = NULL; 281 cbp->bio_done = g_eli_read_done; 282 cp = LIST_FIRST(&sc->sc_geom->consumer); 283 cbp->bio_to = cp->provider; 284 G_ELI_LOGREQ(2, cbp, "Sending request."); 285 /* 286 * Read encrypted data from provider. 287 */ 288 g_io_request(cbp, cp); 289 break; 290 } 291 bp->bio_pflags = 255; 292 /* FALLTHROUGH */ 293 case BIO_WRITE: 294 bp->bio_driver1 = cbp; 295 mtx_lock(&sc->sc_queue_mtx); 296 bioq_insert_tail(&sc->sc_queue, bp); 297 mtx_unlock(&sc->sc_queue_mtx); 298 wakeup(sc); 299 break; 300 case BIO_GETATTR: 301 cbp->bio_done = g_std_done; 302 cp = LIST_FIRST(&sc->sc_geom->consumer); 303 cbp->bio_to = cp->provider; 304 G_ELI_LOGREQ(2, cbp, "Sending request."); 305 g_io_request(cbp, cp); 306 break; 307 } 308} 309 310/* 311 * This is the main function for kernel worker thread when we don't have 312 * hardware acceleration and we have to do cryptography in software. 313 * Dedicated thread is needed, so we don't slow down g_up/g_down GEOM 314 * threads with crypto work. 315 */ 316static void 317g_eli_worker(void *arg) 318{ 319 struct g_eli_softc *sc; 320 struct g_eli_worker *wr; 321 struct bio *bp; 322 323 wr = arg; 324 sc = wr->w_softc; 325 mtx_lock_spin(&sched_lock); 326 sched_prio(curthread, PRIBIO); 327 if (sc->sc_crypto == G_ELI_CRYPTO_SW && g_eli_threads == 0) 328 sched_bind(curthread, wr->w_number); 329 mtx_unlock_spin(&sched_lock); 330 331 G_ELI_DEBUG(1, "Thread %s started.", curthread->td_proc->p_comm); 332 333 for (;;) { 334 mtx_lock(&sc->sc_queue_mtx); 335 bp = bioq_takefirst(&sc->sc_queue); 336 if (bp == NULL) { 337 if (sc->sc_flags & G_ELI_FLAG_DESTROY) { 338 LIST_REMOVE(wr, w_next); 339 crypto_freesession(wr->w_sid); 340 free(wr, M_ELI); 341 G_ELI_DEBUG(1, "Thread %s exiting.", 342 curthread->td_proc->p_comm); 343 wakeup(&sc->sc_workers); 344 mtx_unlock(&sc->sc_queue_mtx); 345 kthread_exit(0); 346 } 347 msleep(sc, &sc->sc_queue_mtx, PRIBIO | PDROP, 348 "geli:w", 0); 349 continue; 350 } 351 mtx_unlock(&sc->sc_queue_mtx); 352 if (bp->bio_cmd == BIO_READ && bp->bio_pflags == 255) 353 g_eli_auth_read(sc, bp); 354 else if (sc->sc_flags & G_ELI_FLAG_AUTH) 355 g_eli_auth_run(wr, bp); 356 else 357 g_eli_crypto_run(wr, bp); 358 } 359} 360 361/* 362 * Here we generate IV. It is unique for every sector. 363 */ 364void 365g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, 366 size_t size) 367{
| 29 30#include <sys/param.h> 31#include <sys/systm.h> 32#include <sys/kernel.h> 33#include <sys/linker.h> 34#include <sys/module.h> 35#include <sys/lock.h> 36#include <sys/mutex.h> 37#include <sys/bio.h> 38#include <sys/sysctl.h> 39#include <sys/malloc.h> 40#include <sys/kthread.h> 41#include <sys/proc.h> 42#include <sys/sched.h> 43#include <sys/smp.h> 44#include <sys/uio.h> 45#include <sys/vnode.h> 46 47#include <vm/uma.h> 48 49#include <geom/geom.h> 50#include <geom/eli/g_eli.h> 51#include <geom/eli/pkcs5v2.h> 52 53 54MALLOC_DEFINE(M_ELI, "eli data", "GEOM_ELI Data"); 55 56SYSCTL_DECL(_kern_geom); 57SYSCTL_NODE(_kern_geom, OID_AUTO, eli, CTLFLAG_RW, 0, "GEOM_ELI stuff"); 58u_int g_eli_debug = 0; 59TUNABLE_INT("kern.geom.eli.debug", &g_eli_debug); 60SYSCTL_UINT(_kern_geom_eli, OID_AUTO, debug, CTLFLAG_RW, &g_eli_debug, 0, 61 "Debug level"); 62static u_int g_eli_tries = 3; 63TUNABLE_INT("kern.geom.eli.tries", &g_eli_tries); 64SYSCTL_UINT(_kern_geom_eli, OID_AUTO, tries, CTLFLAG_RW, &g_eli_tries, 0, 65 "Number of tries for entering the passphrase"); 66static u_int g_eli_visible_passphrase = 0; 67TUNABLE_INT("kern.geom.eli.visible_passphrase", &g_eli_visible_passphrase); 68SYSCTL_UINT(_kern_geom_eli, OID_AUTO, visible_passphrase, CTLFLAG_RW, 69 &g_eli_visible_passphrase, 0, 70 "Turn on echo when entering the passphrase (for debug purposes only!!)"); 71u_int g_eli_overwrites = 5; 72TUNABLE_INT("kern.geom.eli.overwrites", &g_eli_overwrites); 73SYSCTL_UINT(_kern_geom_eli, OID_AUTO, overwrites, CTLFLAG_RW, &g_eli_overwrites, 74 0, "Number of times on-disk keys should be overwritten when destroying them"); 75static u_int g_eli_threads = 0; 76TUNABLE_INT("kern.geom.eli.threads", &g_eli_threads); 77SYSCTL_UINT(_kern_geom_eli, OID_AUTO, threads, CTLFLAG_RW, &g_eli_threads, 0, 78 "Number of threads doing crypto work"); 79u_int g_eli_batch = 0; 80TUNABLE_INT("kern.geom.eli.batch", &g_eli_batch); 81SYSCTL_UINT(_kern_geom_eli, OID_AUTO, batch, CTLFLAG_RW, &g_eli_batch, 0, 82 "Use crypto operations batching"); 83 84static int g_eli_destroy_geom(struct gctl_req *req, struct g_class *mp, 85 struct g_geom *gp); 86 87static g_taste_t g_eli_taste; 88static g_dumpconf_t g_eli_dumpconf; 89 90struct g_class g_eli_class = { 91 .name = G_ELI_CLASS_NAME, 92 .version = G_VERSION, 93 .ctlreq = g_eli_config, 94 .taste = g_eli_taste, 95 .destroy_geom = g_eli_destroy_geom 96}; 97 98 99/* 100 * Code paths: 101 * BIO_READ: 102 * g_eli_start -> g_io_request -> g_eli_read_done -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 103 * BIO_WRITE: 104 * g_eli_start -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> g_eli_write_done -> g_io_deliver 105 */ 106 107 108/* 109 * EAGAIN from crypto(9) means, that we were probably balanced to another crypto 110 * accelerator or something like this. 111 * The function updates the SID and rerun the operation. 112 */ 113int 114g_eli_crypto_rerun(struct cryptop *crp) 115{ 116 struct g_eli_softc *sc; 117 struct g_eli_worker *wr; 118 struct bio *bp; 119 int error; 120 121 bp = (struct bio *)crp->crp_opaque; 122 sc = bp->bio_to->geom->softc; 123 LIST_FOREACH(wr, &sc->sc_workers, w_next) { 124 if (wr->w_number == bp->bio_pflags) 125 break; 126 } 127 KASSERT(wr != NULL, ("Invalid worker (%u).", bp->bio_pflags)); 128 G_ELI_DEBUG(1, "Rerunning crypto %s request (sid: %ju -> %ju).", 129 bp->bio_cmd == BIO_READ ? "READ" : "WRITE", (uintmax_t)wr->w_sid, 130 (uintmax_t)crp->crp_sid); 131 wr->w_sid = crp->crp_sid; 132 crp->crp_etype = 0; 133 error = crypto_dispatch(crp); 134 if (error == 0) 135 return (0); 136 G_ELI_DEBUG(1, "%s: crypto_dispatch() returned %d.", __func__, error); 137 crp->crp_etype = error; 138 return (error); 139} 140 141/* 142 * The function is called afer reading encrypted data from the provider. 143 * 144 * g_eli_start -> g_io_request -> G_ELI_READ_DONE -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 145 */ 146void 147g_eli_read_done(struct bio *bp) 148{ 149 struct g_eli_softc *sc; 150 struct bio *pbp; 151 152 G_ELI_LOGREQ(2, bp, "Request done."); 153 pbp = bp->bio_parent; 154 if (pbp->bio_error == 0) 155 pbp->bio_error = bp->bio_error; 156 /* 157 * Do we have all sectors already? 158 */ 159 pbp->bio_inbed++; 160 if (pbp->bio_inbed < pbp->bio_children) 161 return; 162 g_destroy_bio(bp); 163 if (pbp->bio_error != 0) { 164 G_ELI_LOGREQ(0, pbp, "%s() failed", __func__); 165 pbp->bio_completed = 0; 166 if (pbp->bio_driver2 != NULL) { 167 free(pbp->bio_driver2, M_ELI); 168 pbp->bio_driver2 = NULL; 169 } 170 g_io_deliver(pbp, pbp->bio_error); 171 return; 172 } 173 sc = pbp->bio_to->geom->softc; 174 mtx_lock(&sc->sc_queue_mtx); 175 bioq_insert_tail(&sc->sc_queue, pbp); 176 mtx_unlock(&sc->sc_queue_mtx); 177 wakeup(sc); 178} 179 180/* 181 * The function is called after we encrypt and write data. 182 * 183 * g_eli_start -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> G_ELI_WRITE_DONE -> g_io_deliver 184 */ 185void 186g_eli_write_done(struct bio *bp) 187{ 188 struct bio *pbp; 189 190 G_ELI_LOGREQ(2, bp, "Request done."); 191 pbp = bp->bio_parent; 192 if (pbp->bio_error == 0) { 193 if (bp->bio_error != 0) 194 pbp->bio_error = bp->bio_error; 195 } 196 /* 197 * Do we have all sectors already? 198 */ 199 pbp->bio_inbed++; 200 if (pbp->bio_inbed < pbp->bio_children) 201 return; 202 free(pbp->bio_driver2, M_ELI); 203 pbp->bio_driver2 = NULL; 204 if (pbp->bio_error != 0) { 205 G_ELI_LOGREQ(0, pbp, "Crypto WRITE request failed (error=%d).", 206 pbp->bio_error); 207 pbp->bio_completed = 0; 208 } 209 g_destroy_bio(bp); 210 /* 211 * Write is finished, send it up. 212 */ 213 pbp->bio_completed = pbp->bio_length; 214 g_io_deliver(pbp, pbp->bio_error); 215} 216 217/* 218 * This function should never be called, but GEOM made as it set ->orphan() 219 * method for every geom. 220 */ 221static void 222g_eli_orphan_spoil_assert(struct g_consumer *cp) 223{ 224 225 panic("Function %s() called for %s.", __func__, cp->geom->name); 226} 227 228static void 229g_eli_orphan(struct g_consumer *cp) 230{ 231 struct g_eli_softc *sc; 232 233 g_topology_assert(); 234 sc = cp->geom->softc; 235 if (sc == NULL) 236 return; 237 g_eli_destroy(sc, 1); 238} 239 240/* 241 * BIO_READ : G_ELI_START -> g_io_request -> g_eli_read_done -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 242 * BIO_WRITE: G_ELI_START -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> g_eli_write_done -> g_io_deliver 243 */ 244static void 245g_eli_start(struct bio *bp) 246{ 247 struct g_eli_softc *sc; 248 struct g_consumer *cp; 249 struct bio *cbp; 250 251 sc = bp->bio_to->geom->softc; 252 KASSERT(sc != NULL, 253 ("Provider's error should be set (error=%d)(device=%s).", 254 bp->bio_to->error, bp->bio_to->name)); 255 G_ELI_LOGREQ(2, bp, "Request received."); 256 257 switch (bp->bio_cmd) { 258 case BIO_READ: 259 case BIO_WRITE: 260 case BIO_GETATTR: 261 break; 262 case BIO_DELETE: 263 /* 264 * We could eventually support BIO_DELETE request. 265 * It could be done by overwritting requested sector with 266 * random data g_eli_overwrites number of times. 267 */ 268 default: 269 g_io_deliver(bp, EOPNOTSUPP); 270 return; 271 } 272 cbp = g_clone_bio(bp); 273 if (cbp == NULL) { 274 g_io_deliver(bp, ENOMEM); 275 return; 276 } 277 switch (bp->bio_cmd) { 278 case BIO_READ: 279 if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) { 280 bp->bio_driver2 = NULL; 281 cbp->bio_done = g_eli_read_done; 282 cp = LIST_FIRST(&sc->sc_geom->consumer); 283 cbp->bio_to = cp->provider; 284 G_ELI_LOGREQ(2, cbp, "Sending request."); 285 /* 286 * Read encrypted data from provider. 287 */ 288 g_io_request(cbp, cp); 289 break; 290 } 291 bp->bio_pflags = 255; 292 /* FALLTHROUGH */ 293 case BIO_WRITE: 294 bp->bio_driver1 = cbp; 295 mtx_lock(&sc->sc_queue_mtx); 296 bioq_insert_tail(&sc->sc_queue, bp); 297 mtx_unlock(&sc->sc_queue_mtx); 298 wakeup(sc); 299 break; 300 case BIO_GETATTR: 301 cbp->bio_done = g_std_done; 302 cp = LIST_FIRST(&sc->sc_geom->consumer); 303 cbp->bio_to = cp->provider; 304 G_ELI_LOGREQ(2, cbp, "Sending request."); 305 g_io_request(cbp, cp); 306 break; 307 } 308} 309 310/* 311 * This is the main function for kernel worker thread when we don't have 312 * hardware acceleration and we have to do cryptography in software. 313 * Dedicated thread is needed, so we don't slow down g_up/g_down GEOM 314 * threads with crypto work. 315 */ 316static void 317g_eli_worker(void *arg) 318{ 319 struct g_eli_softc *sc; 320 struct g_eli_worker *wr; 321 struct bio *bp; 322 323 wr = arg; 324 sc = wr->w_softc; 325 mtx_lock_spin(&sched_lock); 326 sched_prio(curthread, PRIBIO); 327 if (sc->sc_crypto == G_ELI_CRYPTO_SW && g_eli_threads == 0) 328 sched_bind(curthread, wr->w_number); 329 mtx_unlock_spin(&sched_lock); 330 331 G_ELI_DEBUG(1, "Thread %s started.", curthread->td_proc->p_comm); 332 333 for (;;) { 334 mtx_lock(&sc->sc_queue_mtx); 335 bp = bioq_takefirst(&sc->sc_queue); 336 if (bp == NULL) { 337 if (sc->sc_flags & G_ELI_FLAG_DESTROY) { 338 LIST_REMOVE(wr, w_next); 339 crypto_freesession(wr->w_sid); 340 free(wr, M_ELI); 341 G_ELI_DEBUG(1, "Thread %s exiting.", 342 curthread->td_proc->p_comm); 343 wakeup(&sc->sc_workers); 344 mtx_unlock(&sc->sc_queue_mtx); 345 kthread_exit(0); 346 } 347 msleep(sc, &sc->sc_queue_mtx, PRIBIO | PDROP, 348 "geli:w", 0); 349 continue; 350 } 351 mtx_unlock(&sc->sc_queue_mtx); 352 if (bp->bio_cmd == BIO_READ && bp->bio_pflags == 255) 353 g_eli_auth_read(sc, bp); 354 else if (sc->sc_flags & G_ELI_FLAG_AUTH) 355 g_eli_auth_run(wr, bp); 356 else 357 g_eli_crypto_run(wr, bp); 358 } 359} 360 361/* 362 * Here we generate IV. It is unique for every sector. 363 */ 364void 365g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, 366 size_t size) 367{
|
368 u_char hash[SHA256_DIGEST_LENGTH];
| 368 u_char off[8], hash[SHA256_DIGEST_LENGTH];
|
369 SHA256_CTX ctx; 370
| 369 SHA256_CTX ctx; 370
|
| 371 if (!(sc->sc_flags & G_ELI_FLAG_NATIVE_BYTE_ORDER)) 372 le64enc(off, (uint64_t)offset);
|
371 /* Copy precalculated SHA256 context for IV-Key. */ 372 bcopy(&sc->sc_ivctx, &ctx, sizeof(ctx)); 373 SHA256_Update(&ctx, (uint8_t *)&offset, sizeof(offset)); 374 SHA256_Final(hash, &ctx); 375 bcopy(hash, iv, size); 376} 377 378int 379g_eli_read_metadata(struct g_class *mp, struct g_provider *pp, 380 struct g_eli_metadata *md) 381{ 382 struct g_geom *gp; 383 struct g_consumer *cp; 384 u_char *buf = NULL; 385 int error; 386 387 g_topology_assert(); 388 389 gp = g_new_geomf(mp, "eli:taste"); 390 gp->start = g_eli_start; 391 gp->access = g_std_access; 392 /* 393 * g_eli_read_metadata() is always called from the event thread. 394 * Our geom is created and destroyed in the same event, so there 395 * could be no orphan nor spoil event in the meantime. 396 */ 397 gp->orphan = g_eli_orphan_spoil_assert; 398 gp->spoiled = g_eli_orphan_spoil_assert; 399 cp = g_new_consumer(gp); 400 error = g_attach(cp, pp); 401 if (error != 0) 402 goto end; 403 error = g_access(cp, 1, 0, 0); 404 if (error != 0) 405 goto end; 406 g_topology_unlock(); 407 buf = g_read_data(cp, pp->mediasize - pp->sectorsize, pp->sectorsize, 408 &error); 409 g_topology_lock(); 410 if (buf == NULL) 411 goto end; 412 eli_metadata_decode(buf, md); 413end: 414 if (buf != NULL) 415 g_free(buf); 416 if (cp->provider != NULL) { 417 if (cp->acr == 1) 418 g_access(cp, -1, 0, 0); 419 g_detach(cp); 420 } 421 g_destroy_consumer(cp); 422 g_destroy_geom(gp); 423 return (error); 424} 425 426/* 427 * The function is called when we had last close on provider and user requested 428 * to close it when this situation occur. 429 */ 430static void 431g_eli_last_close(struct g_eli_softc *sc) 432{ 433 struct g_geom *gp; 434 struct g_provider *pp; 435 char ppname[64]; 436 int error; 437 438 g_topology_assert(); 439 gp = sc->sc_geom; 440 pp = LIST_FIRST(&gp->provider); 441 strlcpy(ppname, pp->name, sizeof(ppname)); 442 error = g_eli_destroy(sc, 1); 443 KASSERT(error == 0, ("Cannot detach %s on last close (error=%d).", 444 ppname, error)); 445 G_ELI_DEBUG(0, "Detached %s on last close.", ppname); 446} 447 448int 449g_eli_access(struct g_provider *pp, int dr, int dw, int de) 450{ 451 struct g_eli_softc *sc; 452 struct g_geom *gp; 453 454 gp = pp->geom; 455 sc = gp->softc; 456 457 if (dw > 0) { 458 if (sc->sc_flags & G_ELI_FLAG_RO) { 459 /* Deny write attempts. */ 460 return (EROFS); 461 } 462 /* Someone is opening us for write, we need to remember that. */ 463 sc->sc_flags |= G_ELI_FLAG_WOPEN; 464 return (0); 465 } 466 /* Is this the last close? */ 467 if (pp->acr + dr > 0 || pp->acw + dw > 0 || pp->ace + de > 0) 468 return (0); 469 470 /* 471 * Automatically detach on last close if requested. 472 */ 473 if ((sc->sc_flags & G_ELI_FLAG_RW_DETACH) || 474 (sc->sc_flags & G_ELI_FLAG_WOPEN)) { 475 g_eli_last_close(sc); 476 } 477 return (0); 478} 479 480struct g_geom * 481g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp, 482 const struct g_eli_metadata *md, const u_char *mkey, int nkey) 483{ 484 struct g_eli_softc *sc; 485 struct g_eli_worker *wr; 486 struct g_geom *gp; 487 struct g_provider *pp; 488 struct g_consumer *cp; 489 struct cryptoini crie, cria; 490 u_int i, threads; 491 int error; 492 493 G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX); 494 495 gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX); 496 gp->softc = NULL; /* for a moment */ 497 498 sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO); 499 gp->start = g_eli_start; 500 /* 501 * Spoiling cannot happen actually, because we keep provider open for 502 * writing all the time or provider is read-only. 503 */ 504 gp->spoiled = g_eli_orphan_spoil_assert; 505 gp->orphan = g_eli_orphan; 506 gp->dumpconf = g_eli_dumpconf; 507 /* 508 * If detach-on-last-close feature is not enabled and we don't operate 509 * on read-only provider, we can simply use g_std_access(). 510 */ 511 if (md->md_flags & (G_ELI_FLAG_WO_DETACH | G_ELI_FLAG_RO)) 512 gp->access = g_eli_access; 513 else 514 gp->access = g_std_access; 515 516 sc->sc_crypto = G_ELI_CRYPTO_SW; 517 sc->sc_flags = md->md_flags;
| 373 /* Copy precalculated SHA256 context for IV-Key. */ 374 bcopy(&sc->sc_ivctx, &ctx, sizeof(ctx)); 375 SHA256_Update(&ctx, (uint8_t *)&offset, sizeof(offset)); 376 SHA256_Final(hash, &ctx); 377 bcopy(hash, iv, size); 378} 379 380int 381g_eli_read_metadata(struct g_class *mp, struct g_provider *pp, 382 struct g_eli_metadata *md) 383{ 384 struct g_geom *gp; 385 struct g_consumer *cp; 386 u_char *buf = NULL; 387 int error; 388 389 g_topology_assert(); 390 391 gp = g_new_geomf(mp, "eli:taste"); 392 gp->start = g_eli_start; 393 gp->access = g_std_access; 394 /* 395 * g_eli_read_metadata() is always called from the event thread. 396 * Our geom is created and destroyed in the same event, so there 397 * could be no orphan nor spoil event in the meantime. 398 */ 399 gp->orphan = g_eli_orphan_spoil_assert; 400 gp->spoiled = g_eli_orphan_spoil_assert; 401 cp = g_new_consumer(gp); 402 error = g_attach(cp, pp); 403 if (error != 0) 404 goto end; 405 error = g_access(cp, 1, 0, 0); 406 if (error != 0) 407 goto end; 408 g_topology_unlock(); 409 buf = g_read_data(cp, pp->mediasize - pp->sectorsize, pp->sectorsize, 410 &error); 411 g_topology_lock(); 412 if (buf == NULL) 413 goto end; 414 eli_metadata_decode(buf, md); 415end: 416 if (buf != NULL) 417 g_free(buf); 418 if (cp->provider != NULL) { 419 if (cp->acr == 1) 420 g_access(cp, -1, 0, 0); 421 g_detach(cp); 422 } 423 g_destroy_consumer(cp); 424 g_destroy_geom(gp); 425 return (error); 426} 427 428/* 429 * The function is called when we had last close on provider and user requested 430 * to close it when this situation occur. 431 */ 432static void 433g_eli_last_close(struct g_eli_softc *sc) 434{ 435 struct g_geom *gp; 436 struct g_provider *pp; 437 char ppname[64]; 438 int error; 439 440 g_topology_assert(); 441 gp = sc->sc_geom; 442 pp = LIST_FIRST(&gp->provider); 443 strlcpy(ppname, pp->name, sizeof(ppname)); 444 error = g_eli_destroy(sc, 1); 445 KASSERT(error == 0, ("Cannot detach %s on last close (error=%d).", 446 ppname, error)); 447 G_ELI_DEBUG(0, "Detached %s on last close.", ppname); 448} 449 450int 451g_eli_access(struct g_provider *pp, int dr, int dw, int de) 452{ 453 struct g_eli_softc *sc; 454 struct g_geom *gp; 455 456 gp = pp->geom; 457 sc = gp->softc; 458 459 if (dw > 0) { 460 if (sc->sc_flags & G_ELI_FLAG_RO) { 461 /* Deny write attempts. */ 462 return (EROFS); 463 } 464 /* Someone is opening us for write, we need to remember that. */ 465 sc->sc_flags |= G_ELI_FLAG_WOPEN; 466 return (0); 467 } 468 /* Is this the last close? */ 469 if (pp->acr + dr > 0 || pp->acw + dw > 0 || pp->ace + de > 0) 470 return (0); 471 472 /* 473 * Automatically detach on last close if requested. 474 */ 475 if ((sc->sc_flags & G_ELI_FLAG_RW_DETACH) || 476 (sc->sc_flags & G_ELI_FLAG_WOPEN)) { 477 g_eli_last_close(sc); 478 } 479 return (0); 480} 481 482struct g_geom * 483g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp, 484 const struct g_eli_metadata *md, const u_char *mkey, int nkey) 485{ 486 struct g_eli_softc *sc; 487 struct g_eli_worker *wr; 488 struct g_geom *gp; 489 struct g_provider *pp; 490 struct g_consumer *cp; 491 struct cryptoini crie, cria; 492 u_int i, threads; 493 int error; 494 495 G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX); 496 497 gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX); 498 gp->softc = NULL; /* for a moment */ 499 500 sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO); 501 gp->start = g_eli_start; 502 /* 503 * Spoiling cannot happen actually, because we keep provider open for 504 * writing all the time or provider is read-only. 505 */ 506 gp->spoiled = g_eli_orphan_spoil_assert; 507 gp->orphan = g_eli_orphan; 508 gp->dumpconf = g_eli_dumpconf; 509 /* 510 * If detach-on-last-close feature is not enabled and we don't operate 511 * on read-only provider, we can simply use g_std_access(). 512 */ 513 if (md->md_flags & (G_ELI_FLAG_WO_DETACH | G_ELI_FLAG_RO)) 514 gp->access = g_eli_access; 515 else 516 gp->access = g_std_access; 517 518 sc->sc_crypto = G_ELI_CRYPTO_SW; 519 sc->sc_flags = md->md_flags;
|
| 520 /* Backward compatibility. */ 521 if (md->md_version < 2) 522 sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER;
|
518 sc->sc_ealgo = md->md_ealgo; 519 sc->sc_nkey = nkey; 520 /* 521 * Remember the keys in our softc structure. 522 */ 523 g_eli_mkey_propagate(sc, mkey); 524 sc->sc_ekeylen = md->md_keylen; 525 526 if (sc->sc_flags & G_ELI_FLAG_AUTH) { 527 sc->sc_akeylen = sizeof(sc->sc_akey) * 8; 528 sc->sc_aalgo = md->md_aalgo; 529 sc->sc_alen = g_eli_hashlen(sc->sc_aalgo); 530 531 sc->sc_data_per_sector = bpp->sectorsize - sc->sc_alen; 532 /* 533 * Some hash functions (like SHA1 and RIPEMD160) generates hash 534 * which length is not multiple of 128 bits, but we want data 535 * length to be multiple of 128, so we can encrypt without 536 * padding. The line below rounds down data length to multiple 537 * of 128 bits. 538 */ 539 sc->sc_data_per_sector -= sc->sc_data_per_sector % 16; 540 541 sc->sc_bytes_per_sector = 542 (md->md_sectorsize - 1) / sc->sc_data_per_sector + 1; 543 sc->sc_bytes_per_sector *= bpp->sectorsize; 544 /* 545 * Precalculate SHA256 for HMAC key generation. 546 * This is expensive operation and we can do it only once now or 547 * for every access to sector, so now will be much better. 548 */ 549 SHA256_Init(&sc->sc_akeyctx); 550 SHA256_Update(&sc->sc_akeyctx, sc->sc_akey, 551 sizeof(sc->sc_akey)); 552 } 553 554 /* 555 * Precalculate SHA256 for IV generation. 556 * This is expensive operation and we can do it only once now or for 557 * every access to sector, so now will be much better. 558 */ 559 SHA256_Init(&sc->sc_ivctx); 560 SHA256_Update(&sc->sc_ivctx, sc->sc_ivkey, sizeof(sc->sc_ivkey)); 561 562 gp->softc = sc; 563 sc->sc_geom = gp; 564 565 bioq_init(&sc->sc_queue); 566 mtx_init(&sc->sc_queue_mtx, "geli:queue", NULL, MTX_DEF); 567 568 pp = NULL; 569 cp = g_new_consumer(gp); 570 error = g_attach(cp, bpp); 571 if (error != 0) { 572 if (req != NULL) { 573 gctl_error(req, "Cannot attach to %s (error=%d).", 574 bpp->name, error); 575 } else { 576 G_ELI_DEBUG(1, "Cannot attach to %s (error=%d).", 577 bpp->name, error); 578 } 579 goto failed; 580 } 581 /* 582 * Keep provider open all the time, so we can run critical tasks, 583 * like Master Keys deletion, without wondering if we can open 584 * provider or not. 585 * We don't open provider for writing only when user requested read-only 586 * access. 587 */ 588 if (sc->sc_flags & G_ELI_FLAG_RO) 589 error = g_access(cp, 1, 0, 1); 590 else 591 error = g_access(cp, 1, 1, 1); 592 if (error != 0) { 593 if (req != NULL) { 594 gctl_error(req, "Cannot access %s (error=%d).", 595 bpp->name, error); 596 } else { 597 G_ELI_DEBUG(1, "Cannot access %s (error=%d).", 598 bpp->name, error); 599 } 600 goto failed; 601 } 602 603 LIST_INIT(&sc->sc_workers); 604 605 bzero(&crie, sizeof(crie)); 606 crie.cri_alg = sc->sc_ealgo; 607 crie.cri_klen = sc->sc_ekeylen; 608 crie.cri_key = sc->sc_ekey; 609 if (sc->sc_flags & G_ELI_FLAG_AUTH) { 610 bzero(&cria, sizeof(cria)); 611 cria.cri_alg = sc->sc_aalgo; 612 cria.cri_klen = sc->sc_akeylen; 613 cria.cri_key = sc->sc_akey; 614 crie.cri_next = &cria; 615 } 616 617 threads = g_eli_threads; 618 if (threads == 0) 619 threads = mp_ncpus; 620 else if (threads > mp_ncpus) { 621 /* There is really no need for too many worker threads. */ 622 threads = mp_ncpus; 623 G_ELI_DEBUG(0, "Reducing number of threads to %u.", threads); 624 } 625 for (i = 0; i < threads; i++) { 626 wr = malloc(sizeof(*wr), M_ELI, M_WAITOK | M_ZERO); 627 wr->w_softc = sc; 628 wr->w_number = i; 629 630 /* 631 * If this is the first pass, try to get hardware support. 632 * Use software cryptography, if we cannot get it. 633 */ 634 if (i == 0) { 635 error = crypto_newsession(&wr->w_sid, &crie, 1); 636 if (error == 0) 637 sc->sc_crypto = G_ELI_CRYPTO_HW; 638 } 639 if (sc->sc_crypto == G_ELI_CRYPTO_SW) 640 error = crypto_newsession(&wr->w_sid, &crie, 0); 641 if (error != 0) { 642 free(wr, M_ELI); 643 if (req != NULL) { 644 gctl_error(req, "Cannot set up crypto session " 645 "for %s (error=%d).", bpp->name, error); 646 } else { 647 G_ELI_DEBUG(1, "Cannot set up crypto session " 648 "for %s (error=%d).", bpp->name, error); 649 } 650 goto failed; 651 } 652 653 error = kthread_create(g_eli_worker, wr, &wr->w_proc, 0, 0, 654 "g_eli[%u] %s", i, bpp->name); 655 if (error != 0) { 656 crypto_freesession(wr->w_sid); 657 free(wr, M_ELI); 658 if (req != NULL) { 659 gctl_error(req, "Cannot create kernel thread " 660 "for %s (error=%d).", bpp->name, error); 661 } else { 662 G_ELI_DEBUG(1, "Cannot create kernel thread " 663 "for %s (error=%d).", bpp->name, error); 664 } 665 goto failed; 666 } 667 LIST_INSERT_HEAD(&sc->sc_workers, wr, w_next); 668 /* If we have hardware support, one thread is enough. */ 669 if (sc->sc_crypto == G_ELI_CRYPTO_HW) 670 break; 671 } 672 673 /* 674 * Create decrypted provider. 675 */ 676 pp = g_new_providerf(gp, "%s%s", bpp->name, G_ELI_SUFFIX); 677 pp->sectorsize = md->md_sectorsize; 678 pp->mediasize = bpp->mediasize; 679 if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) 680 pp->mediasize -= bpp->sectorsize; 681 if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) 682 pp->mediasize -= (pp->mediasize % pp->sectorsize); 683 else { 684 pp->mediasize /= sc->sc_bytes_per_sector; 685 pp->mediasize *= pp->sectorsize; 686 } 687 688 g_error_provider(pp, 0); 689 690 G_ELI_DEBUG(0, "Device %s created.", pp->name); 691 G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo), 692 sc->sc_ekeylen); 693 if (sc->sc_flags & G_ELI_FLAG_AUTH) 694 G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo)); 695 G_ELI_DEBUG(0, " Crypto: %s", 696 sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware"); 697 return (gp); 698failed: 699 mtx_lock(&sc->sc_queue_mtx); 700 sc->sc_flags |= G_ELI_FLAG_DESTROY; 701 wakeup(sc); 702 /* 703 * Wait for kernel threads self destruction. 704 */ 705 while (!LIST_EMPTY(&sc->sc_workers)) { 706 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO, 707 "geli:destroy", 0); 708 } 709 mtx_destroy(&sc->sc_queue_mtx); 710 if (cp->provider != NULL) { 711 if (cp->acr == 1) 712 g_access(cp, -1, -1, -1); 713 g_detach(cp); 714 } 715 g_destroy_consumer(cp); 716 g_destroy_geom(gp); 717 bzero(sc, sizeof(*sc)); 718 free(sc, M_ELI); 719 return (NULL); 720} 721 722int 723g_eli_destroy(struct g_eli_softc *sc, boolean_t force) 724{ 725 struct g_geom *gp; 726 struct g_provider *pp; 727 728 g_topology_assert(); 729 730 if (sc == NULL) 731 return (ENXIO); 732 733 gp = sc->sc_geom; 734 pp = LIST_FIRST(&gp->provider); 735 if (pp != NULL && (pp->acr != 0 || pp->acw != 0 || pp->ace != 0)) { 736 if (force) { 737 G_ELI_DEBUG(1, "Device %s is still open, so it " 738 "cannot be definitely removed.", pp->name); 739 } else { 740 G_ELI_DEBUG(1, 741 "Device %s is still open (r%dw%de%d).", pp->name, 742 pp->acr, pp->acw, pp->ace); 743 return (EBUSY); 744 } 745 } 746 747 mtx_lock(&sc->sc_queue_mtx); 748 sc->sc_flags |= G_ELI_FLAG_DESTROY; 749 wakeup(sc); 750 while (!LIST_EMPTY(&sc->sc_workers)) { 751 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO, 752 "geli:destroy", 0); 753 } 754 mtx_destroy(&sc->sc_queue_mtx); 755 gp->softc = NULL; 756 bzero(sc, sizeof(*sc)); 757 free(sc, M_ELI); 758 759 if (pp == NULL || (pp->acr == 0 && pp->acw == 0 && pp->ace == 0)) 760 G_ELI_DEBUG(0, "Device %s destroyed.", gp->name); 761 g_wither_geom_close(gp, ENXIO); 762 763 return (0); 764} 765 766static int 767g_eli_destroy_geom(struct gctl_req *req __unused, 768 struct g_class *mp __unused, struct g_geom *gp) 769{ 770 struct g_eli_softc *sc; 771 772 sc = gp->softc; 773 return (g_eli_destroy(sc, 0)); 774} 775 776static int 777g_eli_keyfiles_load(struct hmac_ctx *ctx, const char *provider) 778{ 779 u_char *keyfile, *data, *size; 780 char *file, name[64]; 781 int i; 782 783 for (i = 0; ; i++) { 784 snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); 785 keyfile = preload_search_by_type(name); 786 if (keyfile == NULL) 787 return (i); /* Return number of loaded keyfiles. */ 788 data = preload_search_info(keyfile, MODINFO_ADDR); 789 if (data == NULL) { 790 G_ELI_DEBUG(0, "Cannot find key file data for %s.", 791 name); 792 return (0); 793 } 794 data = *(void **)data; 795 size = preload_search_info(keyfile, MODINFO_SIZE); 796 if (size == NULL) { 797 G_ELI_DEBUG(0, "Cannot find key file size for %s.", 798 name); 799 return (0); 800 } 801 file = preload_search_info(keyfile, MODINFO_NAME); 802 if (file == NULL) { 803 G_ELI_DEBUG(0, "Cannot find key file name for %s.", 804 name); 805 return (0); 806 } 807 G_ELI_DEBUG(1, "Loaded keyfile %s for %s (type: %s).", file, 808 provider, name); 809 g_eli_crypto_hmac_update(ctx, data, *(size_t *)size); 810 } 811} 812 813static void 814g_eli_keyfiles_clear(const char *provider) 815{ 816 u_char *keyfile, *data, *size; 817 char name[64]; 818 int i; 819 820 for (i = 0; ; i++) { 821 snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); 822 keyfile = preload_search_by_type(name); 823 if (keyfile == NULL) 824 return; 825 data = preload_search_info(keyfile, MODINFO_ADDR); 826 size = preload_search_info(keyfile, MODINFO_SIZE); 827 if (data == NULL || size == NULL) 828 continue; 829 data = *(void **)data; 830 bzero(data, *(size_t *)size); 831 } 832} 833 834/* 835 * Tasting is only made on boot. 836 * We detect providers which should be attached before root is mounted. 837 */ 838static struct g_geom * 839g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) 840{ 841 struct g_eli_metadata md; 842 struct g_geom *gp; 843 struct hmac_ctx ctx; 844 char passphrase[256]; 845 u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN]; 846 u_int i, nkey, nkeyfiles, tries; 847 int error; 848 849 g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name); 850 g_topology_assert(); 851 852 if (rootvnode != NULL || g_eli_tries == 0) 853 return (NULL); 854 855 G_ELI_DEBUG(3, "Tasting %s.", pp->name); 856 857 error = g_eli_read_metadata(mp, pp, &md); 858 if (error != 0) 859 return (NULL); 860 gp = NULL; 861 862 if (strcmp(md.md_magic, G_ELI_MAGIC) != 0) 863 return (NULL); 864 if (md.md_version > G_ELI_VERSION) { 865 printf("geom_eli.ko module is too old to handle %s.\n", 866 pp->name); 867 return (NULL); 868 } 869 if (md.md_provsize != pp->mediasize) 870 return (NULL); 871 /* Should we attach it on boot? */ 872 if (!(md.md_flags & G_ELI_FLAG_BOOT)) 873 return (NULL); 874 if (md.md_keys == 0x00) { 875 G_ELI_DEBUG(0, "No valid keys on %s.", pp->name); 876 return (NULL); 877 } 878 if (md.md_iterations == -1) { 879 /* If there is no passphrase, we try only once. */ 880 tries = 1; 881 } else { 882 /* Ask for the passphrase no more than g_eli_tries times. */ 883 tries = g_eli_tries; 884 } 885 886 for (i = 0; i < tries; i++) { 887 g_eli_crypto_hmac_init(&ctx, NULL, 0); 888 889 /* 890 * Load all key files. 891 */ 892 nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name); 893 894 if (nkeyfiles == 0 && md.md_iterations == -1) { 895 /* 896 * No key files and no passphrase, something is 897 * definitely wrong here. 898 * geli(8) doesn't allow for such situation, so assume 899 * that there was really no passphrase and in that case 900 * key files are no properly defined in loader.conf. 901 */ 902 G_ELI_DEBUG(0, 903 "Found no key files in loader.conf for %s.", 904 pp->name); 905 return (NULL); 906 } 907 908 /* Ask for the passphrase if defined. */ 909 if (md.md_iterations >= 0) { 910 printf("Enter passphrase for %s: ", pp->name); 911 gets(passphrase, sizeof(passphrase), 912 g_eli_visible_passphrase); 913 } 914 915 /* 916 * Prepare Derived-Key from the user passphrase. 917 */ 918 if (md.md_iterations == 0) { 919 g_eli_crypto_hmac_update(&ctx, md.md_salt, 920 sizeof(md.md_salt)); 921 g_eli_crypto_hmac_update(&ctx, passphrase, 922 strlen(passphrase)); 923 } else if (md.md_iterations > 0) { 924 u_char dkey[G_ELI_USERKEYLEN]; 925 926 pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, 927 sizeof(md.md_salt), passphrase, md.md_iterations); 928 g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); 929 bzero(dkey, sizeof(dkey)); 930 } 931 932 g_eli_crypto_hmac_final(&ctx, key, 0); 933 934 /* 935 * Decrypt Master-Key. 936 */ 937 error = g_eli_mkey_decrypt(&md, key, mkey, &nkey); 938 bzero(key, sizeof(key)); 939 if (error == -1) { 940 if (i == tries - 1) { 941 G_ELI_DEBUG(0, 942 "Wrong key for %s. No tries left.", 943 pp->name); 944 g_eli_keyfiles_clear(pp->name); 945 return (NULL); 946 } 947 G_ELI_DEBUG(0, "Wrong key for %s. Tries left: %u.", 948 pp->name, tries - i - 1); 949 /* Try again. */ 950 continue; 951 } else if (error > 0) { 952 G_ELI_DEBUG(0, "Cannot decrypt Master Key for %s (error=%d).", 953 pp->name, error); 954 g_eli_keyfiles_clear(pp->name); 955 return (NULL); 956 } 957 G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name); 958 break; 959 } 960 961 /* 962 * We have correct key, let's attach provider. 963 */ 964 gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey); 965 bzero(mkey, sizeof(mkey)); 966 bzero(&md, sizeof(md)); 967 if (gp == NULL) { 968 G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name, 969 G_ELI_SUFFIX); 970 return (NULL); 971 } 972 return (gp); 973} 974 975static void 976g_eli_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp, 977 struct g_consumer *cp, struct g_provider *pp) 978{ 979 struct g_eli_softc *sc; 980 981 g_topology_assert(); 982 sc = gp->softc; 983 if (sc == NULL) 984 return; 985 if (pp != NULL || cp != NULL) 986 return; /* Nothing here. */ 987 sbuf_printf(sb, "%s<Flags>", indent); 988 if (sc->sc_flags == 0) 989 sbuf_printf(sb, "NONE"); 990 else { 991 int first = 1; 992 993#define ADD_FLAG(flag, name) do { \ 994 if (sc->sc_flags & (flag)) { \ 995 if (!first) \ 996 sbuf_printf(sb, ", "); \ 997 else \ 998 first = 0; \ 999 sbuf_printf(sb, name); \ 1000 } \ 1001} while (0)
| 523 sc->sc_ealgo = md->md_ealgo; 524 sc->sc_nkey = nkey; 525 /* 526 * Remember the keys in our softc structure. 527 */ 528 g_eli_mkey_propagate(sc, mkey); 529 sc->sc_ekeylen = md->md_keylen; 530 531 if (sc->sc_flags & G_ELI_FLAG_AUTH) { 532 sc->sc_akeylen = sizeof(sc->sc_akey) * 8; 533 sc->sc_aalgo = md->md_aalgo; 534 sc->sc_alen = g_eli_hashlen(sc->sc_aalgo); 535 536 sc->sc_data_per_sector = bpp->sectorsize - sc->sc_alen; 537 /* 538 * Some hash functions (like SHA1 and RIPEMD160) generates hash 539 * which length is not multiple of 128 bits, but we want data 540 * length to be multiple of 128, so we can encrypt without 541 * padding. The line below rounds down data length to multiple 542 * of 128 bits. 543 */ 544 sc->sc_data_per_sector -= sc->sc_data_per_sector % 16; 545 546 sc->sc_bytes_per_sector = 547 (md->md_sectorsize - 1) / sc->sc_data_per_sector + 1; 548 sc->sc_bytes_per_sector *= bpp->sectorsize; 549 /* 550 * Precalculate SHA256 for HMAC key generation. 551 * This is expensive operation and we can do it only once now or 552 * for every access to sector, so now will be much better. 553 */ 554 SHA256_Init(&sc->sc_akeyctx); 555 SHA256_Update(&sc->sc_akeyctx, sc->sc_akey, 556 sizeof(sc->sc_akey)); 557 } 558 559 /* 560 * Precalculate SHA256 for IV generation. 561 * This is expensive operation and we can do it only once now or for 562 * every access to sector, so now will be much better. 563 */ 564 SHA256_Init(&sc->sc_ivctx); 565 SHA256_Update(&sc->sc_ivctx, sc->sc_ivkey, sizeof(sc->sc_ivkey)); 566 567 gp->softc = sc; 568 sc->sc_geom = gp; 569 570 bioq_init(&sc->sc_queue); 571 mtx_init(&sc->sc_queue_mtx, "geli:queue", NULL, MTX_DEF); 572 573 pp = NULL; 574 cp = g_new_consumer(gp); 575 error = g_attach(cp, bpp); 576 if (error != 0) { 577 if (req != NULL) { 578 gctl_error(req, "Cannot attach to %s (error=%d).", 579 bpp->name, error); 580 } else { 581 G_ELI_DEBUG(1, "Cannot attach to %s (error=%d).", 582 bpp->name, error); 583 } 584 goto failed; 585 } 586 /* 587 * Keep provider open all the time, so we can run critical tasks, 588 * like Master Keys deletion, without wondering if we can open 589 * provider or not. 590 * We don't open provider for writing only when user requested read-only 591 * access. 592 */ 593 if (sc->sc_flags & G_ELI_FLAG_RO) 594 error = g_access(cp, 1, 0, 1); 595 else 596 error = g_access(cp, 1, 1, 1); 597 if (error != 0) { 598 if (req != NULL) { 599 gctl_error(req, "Cannot access %s (error=%d).", 600 bpp->name, error); 601 } else { 602 G_ELI_DEBUG(1, "Cannot access %s (error=%d).", 603 bpp->name, error); 604 } 605 goto failed; 606 } 607 608 LIST_INIT(&sc->sc_workers); 609 610 bzero(&crie, sizeof(crie)); 611 crie.cri_alg = sc->sc_ealgo; 612 crie.cri_klen = sc->sc_ekeylen; 613 crie.cri_key = sc->sc_ekey; 614 if (sc->sc_flags & G_ELI_FLAG_AUTH) { 615 bzero(&cria, sizeof(cria)); 616 cria.cri_alg = sc->sc_aalgo; 617 cria.cri_klen = sc->sc_akeylen; 618 cria.cri_key = sc->sc_akey; 619 crie.cri_next = &cria; 620 } 621 622 threads = g_eli_threads; 623 if (threads == 0) 624 threads = mp_ncpus; 625 else if (threads > mp_ncpus) { 626 /* There is really no need for too many worker threads. */ 627 threads = mp_ncpus; 628 G_ELI_DEBUG(0, "Reducing number of threads to %u.", threads); 629 } 630 for (i = 0; i < threads; i++) { 631 wr = malloc(sizeof(*wr), M_ELI, M_WAITOK | M_ZERO); 632 wr->w_softc = sc; 633 wr->w_number = i; 634 635 /* 636 * If this is the first pass, try to get hardware support. 637 * Use software cryptography, if we cannot get it. 638 */ 639 if (i == 0) { 640 error = crypto_newsession(&wr->w_sid, &crie, 1); 641 if (error == 0) 642 sc->sc_crypto = G_ELI_CRYPTO_HW; 643 } 644 if (sc->sc_crypto == G_ELI_CRYPTO_SW) 645 error = crypto_newsession(&wr->w_sid, &crie, 0); 646 if (error != 0) { 647 free(wr, M_ELI); 648 if (req != NULL) { 649 gctl_error(req, "Cannot set up crypto session " 650 "for %s (error=%d).", bpp->name, error); 651 } else { 652 G_ELI_DEBUG(1, "Cannot set up crypto session " 653 "for %s (error=%d).", bpp->name, error); 654 } 655 goto failed; 656 } 657 658 error = kthread_create(g_eli_worker, wr, &wr->w_proc, 0, 0, 659 "g_eli[%u] %s", i, bpp->name); 660 if (error != 0) { 661 crypto_freesession(wr->w_sid); 662 free(wr, M_ELI); 663 if (req != NULL) { 664 gctl_error(req, "Cannot create kernel thread " 665 "for %s (error=%d).", bpp->name, error); 666 } else { 667 G_ELI_DEBUG(1, "Cannot create kernel thread " 668 "for %s (error=%d).", bpp->name, error); 669 } 670 goto failed; 671 } 672 LIST_INSERT_HEAD(&sc->sc_workers, wr, w_next); 673 /* If we have hardware support, one thread is enough. */ 674 if (sc->sc_crypto == G_ELI_CRYPTO_HW) 675 break; 676 } 677 678 /* 679 * Create decrypted provider. 680 */ 681 pp = g_new_providerf(gp, "%s%s", bpp->name, G_ELI_SUFFIX); 682 pp->sectorsize = md->md_sectorsize; 683 pp->mediasize = bpp->mediasize; 684 if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) 685 pp->mediasize -= bpp->sectorsize; 686 if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) 687 pp->mediasize -= (pp->mediasize % pp->sectorsize); 688 else { 689 pp->mediasize /= sc->sc_bytes_per_sector; 690 pp->mediasize *= pp->sectorsize; 691 } 692 693 g_error_provider(pp, 0); 694 695 G_ELI_DEBUG(0, "Device %s created.", pp->name); 696 G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo), 697 sc->sc_ekeylen); 698 if (sc->sc_flags & G_ELI_FLAG_AUTH) 699 G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo)); 700 G_ELI_DEBUG(0, " Crypto: %s", 701 sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware"); 702 return (gp); 703failed: 704 mtx_lock(&sc->sc_queue_mtx); 705 sc->sc_flags |= G_ELI_FLAG_DESTROY; 706 wakeup(sc); 707 /* 708 * Wait for kernel threads self destruction. 709 */ 710 while (!LIST_EMPTY(&sc->sc_workers)) { 711 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO, 712 "geli:destroy", 0); 713 } 714 mtx_destroy(&sc->sc_queue_mtx); 715 if (cp->provider != NULL) { 716 if (cp->acr == 1) 717 g_access(cp, -1, -1, -1); 718 g_detach(cp); 719 } 720 g_destroy_consumer(cp); 721 g_destroy_geom(gp); 722 bzero(sc, sizeof(*sc)); 723 free(sc, M_ELI); 724 return (NULL); 725} 726 727int 728g_eli_destroy(struct g_eli_softc *sc, boolean_t force) 729{ 730 struct g_geom *gp; 731 struct g_provider *pp; 732 733 g_topology_assert(); 734 735 if (sc == NULL) 736 return (ENXIO); 737 738 gp = sc->sc_geom; 739 pp = LIST_FIRST(&gp->provider); 740 if (pp != NULL && (pp->acr != 0 || pp->acw != 0 || pp->ace != 0)) { 741 if (force) { 742 G_ELI_DEBUG(1, "Device %s is still open, so it " 743 "cannot be definitely removed.", pp->name); 744 } else { 745 G_ELI_DEBUG(1, 746 "Device %s is still open (r%dw%de%d).", pp->name, 747 pp->acr, pp->acw, pp->ace); 748 return (EBUSY); 749 } 750 } 751 752 mtx_lock(&sc->sc_queue_mtx); 753 sc->sc_flags |= G_ELI_FLAG_DESTROY; 754 wakeup(sc); 755 while (!LIST_EMPTY(&sc->sc_workers)) { 756 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO, 757 "geli:destroy", 0); 758 } 759 mtx_destroy(&sc->sc_queue_mtx); 760 gp->softc = NULL; 761 bzero(sc, sizeof(*sc)); 762 free(sc, M_ELI); 763 764 if (pp == NULL || (pp->acr == 0 && pp->acw == 0 && pp->ace == 0)) 765 G_ELI_DEBUG(0, "Device %s destroyed.", gp->name); 766 g_wither_geom_close(gp, ENXIO); 767 768 return (0); 769} 770 771static int 772g_eli_destroy_geom(struct gctl_req *req __unused, 773 struct g_class *mp __unused, struct g_geom *gp) 774{ 775 struct g_eli_softc *sc; 776 777 sc = gp->softc; 778 return (g_eli_destroy(sc, 0)); 779} 780 781static int 782g_eli_keyfiles_load(struct hmac_ctx *ctx, const char *provider) 783{ 784 u_char *keyfile, *data, *size; 785 char *file, name[64]; 786 int i; 787 788 for (i = 0; ; i++) { 789 snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); 790 keyfile = preload_search_by_type(name); 791 if (keyfile == NULL) 792 return (i); /* Return number of loaded keyfiles. */ 793 data = preload_search_info(keyfile, MODINFO_ADDR); 794 if (data == NULL) { 795 G_ELI_DEBUG(0, "Cannot find key file data for %s.", 796 name); 797 return (0); 798 } 799 data = *(void **)data; 800 size = preload_search_info(keyfile, MODINFO_SIZE); 801 if (size == NULL) { 802 G_ELI_DEBUG(0, "Cannot find key file size for %s.", 803 name); 804 return (0); 805 } 806 file = preload_search_info(keyfile, MODINFO_NAME); 807 if (file == NULL) { 808 G_ELI_DEBUG(0, "Cannot find key file name for %s.", 809 name); 810 return (0); 811 } 812 G_ELI_DEBUG(1, "Loaded keyfile %s for %s (type: %s).", file, 813 provider, name); 814 g_eli_crypto_hmac_update(ctx, data, *(size_t *)size); 815 } 816} 817 818static void 819g_eli_keyfiles_clear(const char *provider) 820{ 821 u_char *keyfile, *data, *size; 822 char name[64]; 823 int i; 824 825 for (i = 0; ; i++) { 826 snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); 827 keyfile = preload_search_by_type(name); 828 if (keyfile == NULL) 829 return; 830 data = preload_search_info(keyfile, MODINFO_ADDR); 831 size = preload_search_info(keyfile, MODINFO_SIZE); 832 if (data == NULL || size == NULL) 833 continue; 834 data = *(void **)data; 835 bzero(data, *(size_t *)size); 836 } 837} 838 839/* 840 * Tasting is only made on boot. 841 * We detect providers which should be attached before root is mounted. 842 */ 843static struct g_geom * 844g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) 845{ 846 struct g_eli_metadata md; 847 struct g_geom *gp; 848 struct hmac_ctx ctx; 849 char passphrase[256]; 850 u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN]; 851 u_int i, nkey, nkeyfiles, tries; 852 int error; 853 854 g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name); 855 g_topology_assert(); 856 857 if (rootvnode != NULL || g_eli_tries == 0) 858 return (NULL); 859 860 G_ELI_DEBUG(3, "Tasting %s.", pp->name); 861 862 error = g_eli_read_metadata(mp, pp, &md); 863 if (error != 0) 864 return (NULL); 865 gp = NULL; 866 867 if (strcmp(md.md_magic, G_ELI_MAGIC) != 0) 868 return (NULL); 869 if (md.md_version > G_ELI_VERSION) { 870 printf("geom_eli.ko module is too old to handle %s.\n", 871 pp->name); 872 return (NULL); 873 } 874 if (md.md_provsize != pp->mediasize) 875 return (NULL); 876 /* Should we attach it on boot? */ 877 if (!(md.md_flags & G_ELI_FLAG_BOOT)) 878 return (NULL); 879 if (md.md_keys == 0x00) { 880 G_ELI_DEBUG(0, "No valid keys on %s.", pp->name); 881 return (NULL); 882 } 883 if (md.md_iterations == -1) { 884 /* If there is no passphrase, we try only once. */ 885 tries = 1; 886 } else { 887 /* Ask for the passphrase no more than g_eli_tries times. */ 888 tries = g_eli_tries; 889 } 890 891 for (i = 0; i < tries; i++) { 892 g_eli_crypto_hmac_init(&ctx, NULL, 0); 893 894 /* 895 * Load all key files. 896 */ 897 nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name); 898 899 if (nkeyfiles == 0 && md.md_iterations == -1) { 900 /* 901 * No key files and no passphrase, something is 902 * definitely wrong here. 903 * geli(8) doesn't allow for such situation, so assume 904 * that there was really no passphrase and in that case 905 * key files are no properly defined in loader.conf. 906 */ 907 G_ELI_DEBUG(0, 908 "Found no key files in loader.conf for %s.", 909 pp->name); 910 return (NULL); 911 } 912 913 /* Ask for the passphrase if defined. */ 914 if (md.md_iterations >= 0) { 915 printf("Enter passphrase for %s: ", pp->name); 916 gets(passphrase, sizeof(passphrase), 917 g_eli_visible_passphrase); 918 } 919 920 /* 921 * Prepare Derived-Key from the user passphrase. 922 */ 923 if (md.md_iterations == 0) { 924 g_eli_crypto_hmac_update(&ctx, md.md_salt, 925 sizeof(md.md_salt)); 926 g_eli_crypto_hmac_update(&ctx, passphrase, 927 strlen(passphrase)); 928 } else if (md.md_iterations > 0) { 929 u_char dkey[G_ELI_USERKEYLEN]; 930 931 pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, 932 sizeof(md.md_salt), passphrase, md.md_iterations); 933 g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); 934 bzero(dkey, sizeof(dkey)); 935 } 936 937 g_eli_crypto_hmac_final(&ctx, key, 0); 938 939 /* 940 * Decrypt Master-Key. 941 */ 942 error = g_eli_mkey_decrypt(&md, key, mkey, &nkey); 943 bzero(key, sizeof(key)); 944 if (error == -1) { 945 if (i == tries - 1) { 946 G_ELI_DEBUG(0, 947 "Wrong key for %s. No tries left.", 948 pp->name); 949 g_eli_keyfiles_clear(pp->name); 950 return (NULL); 951 } 952 G_ELI_DEBUG(0, "Wrong key for %s. Tries left: %u.", 953 pp->name, tries - i - 1); 954 /* Try again. */ 955 continue; 956 } else if (error > 0) { 957 G_ELI_DEBUG(0, "Cannot decrypt Master Key for %s (error=%d).", 958 pp->name, error); 959 g_eli_keyfiles_clear(pp->name); 960 return (NULL); 961 } 962 G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name); 963 break; 964 } 965 966 /* 967 * We have correct key, let's attach provider. 968 */ 969 gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey); 970 bzero(mkey, sizeof(mkey)); 971 bzero(&md, sizeof(md)); 972 if (gp == NULL) { 973 G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name, 974 G_ELI_SUFFIX); 975 return (NULL); 976 } 977 return (gp); 978} 979 980static void 981g_eli_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp, 982 struct g_consumer *cp, struct g_provider *pp) 983{ 984 struct g_eli_softc *sc; 985 986 g_topology_assert(); 987 sc = gp->softc; 988 if (sc == NULL) 989 return; 990 if (pp != NULL || cp != NULL) 991 return; /* Nothing here. */ 992 sbuf_printf(sb, "%s<Flags>", indent); 993 if (sc->sc_flags == 0) 994 sbuf_printf(sb, "NONE"); 995 else { 996 int first = 1; 997 998#define ADD_FLAG(flag, name) do { \ 999 if (sc->sc_flags & (flag)) { \ 1000 if (!first) \ 1001 sbuf_printf(sb, ", "); \ 1002 else \ 1003 first = 0; \ 1004 sbuf_printf(sb, name); \ 1005 } \ 1006} while (0)
|
| 1007 ADD_FLAG(G_ELI_FLAG_NATIVE_BYTE_ORDER, "NATIVE-BYTE-ORDER");
|
1002 ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME"); 1003 ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT"); 1004 ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH"); 1005 ADD_FLAG(G_ELI_FLAG_RW_DETACH, "RW-DETACH"); 1006 ADD_FLAG(G_ELI_FLAG_AUTH, "AUTH"); 1007 ADD_FLAG(G_ELI_FLAG_WOPEN, "W-OPEN"); 1008 ADD_FLAG(G_ELI_FLAG_DESTROY, "DESTROY"); 1009 ADD_FLAG(G_ELI_FLAG_RO, "READ-ONLY"); 1010#undef ADD_FLAG 1011 } 1012 sbuf_printf(sb, "</Flags>\n"); 1013 1014 if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) { 1015 sbuf_printf(sb, "%s<UsedKey>%u</UsedKey>\n", indent, 1016 sc->sc_nkey); 1017 } 1018 sbuf_printf(sb, "%s<Crypto>", indent); 1019 switch (sc->sc_crypto) { 1020 case G_ELI_CRYPTO_HW: 1021 sbuf_printf(sb, "hardware"); 1022 break; 1023 case G_ELI_CRYPTO_SW: 1024 sbuf_printf(sb, "software"); 1025 break; 1026 default: 1027 sbuf_printf(sb, "UNKNOWN"); 1028 break; 1029 } 1030 sbuf_printf(sb, "</Crypto>\n"); 1031 if (sc->sc_flags & G_ELI_FLAG_AUTH) { 1032 sbuf_printf(sb, 1033 "%s<AuthenticationAlgorithm>%s</AuthenticationAlgorithm>\n", 1034 indent, g_eli_algo2str(sc->sc_aalgo)); 1035 } 1036 sbuf_printf(sb, "%s<KeyLength>%u</KeyLength>\n", indent, 1037 sc->sc_ekeylen); 1038 sbuf_printf(sb, "%s<EncryptionAlgorithm>%s</EncryptionAlgorithm>\n", indent, 1039 g_eli_algo2str(sc->sc_ealgo)); 1040} 1041 1042DECLARE_GEOM_CLASS(g_eli_class, g_eli); 1043MODULE_DEPEND(g_eli, crypto, 1, 1, 1);
| 1008 ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME"); 1009 ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT"); 1010 ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH"); 1011 ADD_FLAG(G_ELI_FLAG_RW_DETACH, "RW-DETACH"); 1012 ADD_FLAG(G_ELI_FLAG_AUTH, "AUTH"); 1013 ADD_FLAG(G_ELI_FLAG_WOPEN, "W-OPEN"); 1014 ADD_FLAG(G_ELI_FLAG_DESTROY, "DESTROY"); 1015 ADD_FLAG(G_ELI_FLAG_RO, "READ-ONLY"); 1016#undef ADD_FLAG 1017 } 1018 sbuf_printf(sb, "</Flags>\n"); 1019 1020 if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) { 1021 sbuf_printf(sb, "%s<UsedKey>%u</UsedKey>\n", indent, 1022 sc->sc_nkey); 1023 } 1024 sbuf_printf(sb, "%s<Crypto>", indent); 1025 switch (sc->sc_crypto) { 1026 case G_ELI_CRYPTO_HW: 1027 sbuf_printf(sb, "hardware"); 1028 break; 1029 case G_ELI_CRYPTO_SW: 1030 sbuf_printf(sb, "software"); 1031 break; 1032 default: 1033 sbuf_printf(sb, "UNKNOWN"); 1034 break; 1035 } 1036 sbuf_printf(sb, "</Crypto>\n"); 1037 if (sc->sc_flags & G_ELI_FLAG_AUTH) { 1038 sbuf_printf(sb, 1039 "%s<AuthenticationAlgorithm>%s</AuthenticationAlgorithm>\n", 1040 indent, g_eli_algo2str(sc->sc_aalgo)); 1041 } 1042 sbuf_printf(sb, "%s<KeyLength>%u</KeyLength>\n", indent, 1043 sc->sc_ekeylen); 1044 sbuf_printf(sb, "%s<EncryptionAlgorithm>%s</EncryptionAlgorithm>\n", indent, 1045 g_eli_algo2str(sc->sc_ealgo)); 1046} 1047 1048DECLARE_GEOM_CLASS(g_eli_class, g_eli); 1049MODULE_DEPEND(g_eli, crypto, 1, 1, 1);
|