1/*- 2 * Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 *
| 1/*- 2 * Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 *
|
26 * $FreeBSD: head/sys/geom/eli/g_eli.h 161127 2006-08-09 18:11:14Z pjd $
| 26 * $FreeBSD: head/sys/geom/eli/g_eli.h 161217 2006-08-11 18:39:58Z pjd $
|
27 */ 28 29#ifndef _G_ELI_H_ 30#define _G_ELI_H_ 31 32#include <sys/endian.h> 33#include <sys/errno.h> 34#include <sys/malloc.h> 35#include <crypto/sha2/sha2.h> 36#include <opencrypto/cryptodev.h> 37#ifdef _KERNEL 38#include <sys/bio.h> 39#include <sys/libkern.h> 40#include <geom/geom.h> 41#else 42#include <stdio.h> 43#include <string.h> 44#include <strings.h> 45#endif 46#ifndef _OpenSSL_ 47#include <sys/md5.h> 48#endif 49 50#define G_ELI_CLASS_NAME "ELI" 51#define G_ELI_MAGIC "GEOM::ELI" 52#define G_ELI_SUFFIX ".eli" 53 54/* 55 * Version history: 56 * 0 - Initial version number. 57 * 1 - Added data authentication support (md_aalgo field and 58 * G_ELI_FLAG_AUTH flag).
| 27 */ 28 29#ifndef _G_ELI_H_ 30#define _G_ELI_H_ 31 32#include <sys/endian.h> 33#include <sys/errno.h> 34#include <sys/malloc.h> 35#include <crypto/sha2/sha2.h> 36#include <opencrypto/cryptodev.h> 37#ifdef _KERNEL 38#include <sys/bio.h> 39#include <sys/libkern.h> 40#include <geom/geom.h> 41#else 42#include <stdio.h> 43#include <string.h> 44#include <strings.h> 45#endif 46#ifndef _OpenSSL_ 47#include <sys/md5.h> 48#endif 49 50#define G_ELI_CLASS_NAME "ELI" 51#define G_ELI_MAGIC "GEOM::ELI" 52#define G_ELI_SUFFIX ".eli" 53 54/* 55 * Version history: 56 * 0 - Initial version number. 57 * 1 - Added data authentication support (md_aalgo field and 58 * G_ELI_FLAG_AUTH flag).
|
| 59 * 2 - Added G_ELI_FLAG_READONLY.
|
59 */
| 60 */
|
60#define G_ELI_VERSION 1
| 61#define G_ELI_VERSION 2
|
61 62/* ON DISK FLAGS. */ 63/* Use random, onetime keys. */ 64#define G_ELI_FLAG_ONETIME 0x00000001 65/* Ask for the passphrase from the kernel, before mounting root. */ 66#define G_ELI_FLAG_BOOT 0x00000002 67/* Detach on last close, if we were open for writing. */ 68#define G_ELI_FLAG_WO_DETACH 0x00000004 69/* Detach on last close. */ 70#define G_ELI_FLAG_RW_DETACH 0x00000008 71/* Provide data authentication. */ 72#define G_ELI_FLAG_AUTH 0x00000010 73/* Provider is read-only, we should deny all write attempts. */ 74#define G_ELI_FLAG_RO 0x00000020 75/* RUNTIME FLAGS. */ 76/* Provider was open for writing. */ 77#define G_ELI_FLAG_WOPEN 0x00010000 78/* Destroy device. */ 79#define G_ELI_FLAG_DESTROY 0x00020000 80 81#define SHA512_MDLEN 64 82#define G_ELI_AUTH_SECKEYLEN SHA256_DIGEST_LENGTH 83 84#define G_ELI_MAXMKEYS 2 85#define G_ELI_MAXKEYLEN 64 86#define G_ELI_USERKEYLEN G_ELI_MAXKEYLEN 87#define G_ELI_DATAKEYLEN G_ELI_MAXKEYLEN 88#define G_ELI_AUTHKEYLEN G_ELI_MAXKEYLEN 89#define G_ELI_IVKEYLEN G_ELI_MAXKEYLEN 90#define G_ELI_SALTLEN 64 91#define G_ELI_DATAIVKEYLEN (G_ELI_DATAKEYLEN + G_ELI_IVKEYLEN) 92/* Data-Key, IV-Key, HMAC_SHA512(Derived-Key, Data-Key+IV-Key) */ 93#define G_ELI_MKEYLEN (G_ELI_DATAIVKEYLEN + SHA512_MDLEN) 94 95#ifdef _KERNEL 96extern u_int g_eli_debug; 97extern u_int g_eli_overwrites; 98extern u_int g_eli_batch; 99 100#define G_ELI_CRYPTO_HW 1 101#define G_ELI_CRYPTO_SW 2 102 103#define G_ELI_DEBUG(lvl, ...) do { \ 104 if (g_eli_debug >= (lvl)) { \ 105 printf("GEOM_ELI"); \ 106 if (g_eli_debug > 0) \ 107 printf("[%u]", lvl); \ 108 printf(": "); \ 109 printf(__VA_ARGS__); \ 110 printf("\n"); \ 111 } \ 112} while (0) 113#define G_ELI_LOGREQ(lvl, bp, ...) do { \ 114 if (g_eli_debug >= (lvl)) { \ 115 printf("GEOM_ELI"); \ 116 if (g_eli_debug > 0) \ 117 printf("[%u]", lvl); \ 118 printf(": "); \ 119 printf(__VA_ARGS__); \ 120 printf(" "); \ 121 g_print_bio(bp); \ 122 printf("\n"); \ 123 } \ 124} while (0) 125 126struct g_eli_worker { 127 struct g_eli_softc *w_softc; 128 struct proc *w_proc; 129 u_int w_number; 130 uint64_t w_sid; 131 LIST_ENTRY(g_eli_worker) w_next; 132}; 133 134struct g_eli_softc { 135 struct g_geom *sc_geom; 136 u_int sc_crypto; 137 uint8_t sc_mkey[G_ELI_DATAIVKEYLEN]; 138 uint8_t sc_ekey[G_ELI_DATAKEYLEN]; 139 u_int sc_ealgo; 140 u_int sc_ekeylen; 141 uint8_t sc_akey[G_ELI_AUTHKEYLEN]; 142 u_int sc_aalgo; 143 u_int sc_akeylen; 144 u_int sc_alen; 145 SHA256_CTX sc_akeyctx; 146 uint8_t sc_ivkey[G_ELI_IVKEYLEN]; 147 SHA256_CTX sc_ivctx; 148 int sc_nkey; 149 uint32_t sc_flags; 150 u_int sc_bytes_per_sector; 151 u_int sc_data_per_sector; 152 153 /* Only for software cryptography. */ 154 struct bio_queue_head sc_queue; 155 struct mtx sc_queue_mtx; 156 LIST_HEAD(, g_eli_worker) sc_workers; 157}; 158#define sc_name sc_geom->name 159#endif /* _KERNEL */ 160 161struct g_eli_metadata { 162 char md_magic[16]; /* Magic value. */ 163 uint32_t md_version; /* Version number. */ 164 uint32_t md_flags; /* Additional flags. */ 165 uint16_t md_ealgo; /* Encryption algorithm. */ 166 uint16_t md_keylen; /* Key length. */ 167 uint16_t md_aalgo; /* Authentication algorithm. */ 168 uint64_t md_provsize; /* Provider's size. */ 169 uint32_t md_sectorsize; /* Sector size. */ 170 uint8_t md_keys; /* Available keys. */ 171 int32_t md_iterations; /* Number of iterations for PKCS#5v2. */ 172 uint8_t md_salt[G_ELI_SALTLEN]; /* Salt. */ 173 /* Encrypted master key (IV-key, Data-key, HMAC). */ 174 uint8_t md_mkeys[G_ELI_MAXMKEYS * G_ELI_MKEYLEN]; 175 u_char md_hash[16]; /* MD5 hash. */ 176} __packed; 177#ifndef _OpenSSL_ 178static __inline void 179eli_metadata_encode(struct g_eli_metadata *md, u_char *data) 180{ 181 MD5_CTX ctx; 182 u_char *p; 183 184 p = data; 185 bcopy(md->md_magic, p, sizeof(md->md_magic)); p += sizeof(md->md_magic); 186 le32enc(p, md->md_version); p += sizeof(md->md_version); 187 le32enc(p, md->md_flags); p += sizeof(md->md_flags); 188 le16enc(p, md->md_ealgo); p += sizeof(md->md_ealgo); 189 le16enc(p, md->md_keylen); p += sizeof(md->md_keylen); 190 le16enc(p, md->md_aalgo); p += sizeof(md->md_aalgo); 191 le64enc(p, md->md_provsize); p += sizeof(md->md_provsize); 192 le32enc(p, md->md_sectorsize); p += sizeof(md->md_sectorsize); 193 *p = md->md_keys; p += sizeof(md->md_keys); 194 le32enc(p, md->md_iterations); p += sizeof(md->md_iterations); 195 bcopy(md->md_salt, p, sizeof(md->md_salt)); p += sizeof(md->md_salt); 196 bcopy(md->md_mkeys, p, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); 197 MD5Init(&ctx); 198 MD5Update(&ctx, data, p - data); 199 MD5Final(md->md_hash, &ctx); 200 bcopy(md->md_hash, p, sizeof(md->md_hash)); 201} 202static __inline int 203eli_metadata_decode_v0(const u_char *data, struct g_eli_metadata *md) 204{ 205 MD5_CTX ctx; 206 const u_char *p; 207 208 p = data + sizeof(md->md_magic) + sizeof(md->md_version); 209 md->md_flags = le32dec(p); p += sizeof(md->md_flags); 210 md->md_ealgo = le16dec(p); p += sizeof(md->md_ealgo); 211 md->md_keylen = le16dec(p); p += sizeof(md->md_keylen); 212 md->md_provsize = le64dec(p); p += sizeof(md->md_provsize); 213 md->md_sectorsize = le32dec(p); p += sizeof(md->md_sectorsize); 214 md->md_keys = *p; p += sizeof(md->md_keys); 215 md->md_iterations = le32dec(p); p += sizeof(md->md_iterations); 216 bcopy(p, md->md_salt, sizeof(md->md_salt)); p += sizeof(md->md_salt); 217 bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); 218 MD5Init(&ctx); 219 MD5Update(&ctx, data, p - data); 220 MD5Final(md->md_hash, &ctx); 221 if (bcmp(md->md_hash, p, 16) != 0) 222 return (EINVAL); 223 return (0); 224} 225static __inline int
| 62 63/* ON DISK FLAGS. */ 64/* Use random, onetime keys. */ 65#define G_ELI_FLAG_ONETIME 0x00000001 66/* Ask for the passphrase from the kernel, before mounting root. */ 67#define G_ELI_FLAG_BOOT 0x00000002 68/* Detach on last close, if we were open for writing. */ 69#define G_ELI_FLAG_WO_DETACH 0x00000004 70/* Detach on last close. */ 71#define G_ELI_FLAG_RW_DETACH 0x00000008 72/* Provide data authentication. */ 73#define G_ELI_FLAG_AUTH 0x00000010 74/* Provider is read-only, we should deny all write attempts. */ 75#define G_ELI_FLAG_RO 0x00000020 76/* RUNTIME FLAGS. */ 77/* Provider was open for writing. */ 78#define G_ELI_FLAG_WOPEN 0x00010000 79/* Destroy device. */ 80#define G_ELI_FLAG_DESTROY 0x00020000 81 82#define SHA512_MDLEN 64 83#define G_ELI_AUTH_SECKEYLEN SHA256_DIGEST_LENGTH 84 85#define G_ELI_MAXMKEYS 2 86#define G_ELI_MAXKEYLEN 64 87#define G_ELI_USERKEYLEN G_ELI_MAXKEYLEN 88#define G_ELI_DATAKEYLEN G_ELI_MAXKEYLEN 89#define G_ELI_AUTHKEYLEN G_ELI_MAXKEYLEN 90#define G_ELI_IVKEYLEN G_ELI_MAXKEYLEN 91#define G_ELI_SALTLEN 64 92#define G_ELI_DATAIVKEYLEN (G_ELI_DATAKEYLEN + G_ELI_IVKEYLEN) 93/* Data-Key, IV-Key, HMAC_SHA512(Derived-Key, Data-Key+IV-Key) */ 94#define G_ELI_MKEYLEN (G_ELI_DATAIVKEYLEN + SHA512_MDLEN) 95 96#ifdef _KERNEL 97extern u_int g_eli_debug; 98extern u_int g_eli_overwrites; 99extern u_int g_eli_batch; 100 101#define G_ELI_CRYPTO_HW 1 102#define G_ELI_CRYPTO_SW 2 103 104#define G_ELI_DEBUG(lvl, ...) do { \ 105 if (g_eli_debug >= (lvl)) { \ 106 printf("GEOM_ELI"); \ 107 if (g_eli_debug > 0) \ 108 printf("[%u]", lvl); \ 109 printf(": "); \ 110 printf(__VA_ARGS__); \ 111 printf("\n"); \ 112 } \ 113} while (0) 114#define G_ELI_LOGREQ(lvl, bp, ...) do { \ 115 if (g_eli_debug >= (lvl)) { \ 116 printf("GEOM_ELI"); \ 117 if (g_eli_debug > 0) \ 118 printf("[%u]", lvl); \ 119 printf(": "); \ 120 printf(__VA_ARGS__); \ 121 printf(" "); \ 122 g_print_bio(bp); \ 123 printf("\n"); \ 124 } \ 125} while (0) 126 127struct g_eli_worker { 128 struct g_eli_softc *w_softc; 129 struct proc *w_proc; 130 u_int w_number; 131 uint64_t w_sid; 132 LIST_ENTRY(g_eli_worker) w_next; 133}; 134 135struct g_eli_softc { 136 struct g_geom *sc_geom; 137 u_int sc_crypto; 138 uint8_t sc_mkey[G_ELI_DATAIVKEYLEN]; 139 uint8_t sc_ekey[G_ELI_DATAKEYLEN]; 140 u_int sc_ealgo; 141 u_int sc_ekeylen; 142 uint8_t sc_akey[G_ELI_AUTHKEYLEN]; 143 u_int sc_aalgo; 144 u_int sc_akeylen; 145 u_int sc_alen; 146 SHA256_CTX sc_akeyctx; 147 uint8_t sc_ivkey[G_ELI_IVKEYLEN]; 148 SHA256_CTX sc_ivctx; 149 int sc_nkey; 150 uint32_t sc_flags; 151 u_int sc_bytes_per_sector; 152 u_int sc_data_per_sector; 153 154 /* Only for software cryptography. */ 155 struct bio_queue_head sc_queue; 156 struct mtx sc_queue_mtx; 157 LIST_HEAD(, g_eli_worker) sc_workers; 158}; 159#define sc_name sc_geom->name 160#endif /* _KERNEL */ 161 162struct g_eli_metadata { 163 char md_magic[16]; /* Magic value. */ 164 uint32_t md_version; /* Version number. */ 165 uint32_t md_flags; /* Additional flags. */ 166 uint16_t md_ealgo; /* Encryption algorithm. */ 167 uint16_t md_keylen; /* Key length. */ 168 uint16_t md_aalgo; /* Authentication algorithm. */ 169 uint64_t md_provsize; /* Provider's size. */ 170 uint32_t md_sectorsize; /* Sector size. */ 171 uint8_t md_keys; /* Available keys. */ 172 int32_t md_iterations; /* Number of iterations for PKCS#5v2. */ 173 uint8_t md_salt[G_ELI_SALTLEN]; /* Salt. */ 174 /* Encrypted master key (IV-key, Data-key, HMAC). */ 175 uint8_t md_mkeys[G_ELI_MAXMKEYS * G_ELI_MKEYLEN]; 176 u_char md_hash[16]; /* MD5 hash. */ 177} __packed; 178#ifndef _OpenSSL_ 179static __inline void 180eli_metadata_encode(struct g_eli_metadata *md, u_char *data) 181{ 182 MD5_CTX ctx; 183 u_char *p; 184 185 p = data; 186 bcopy(md->md_magic, p, sizeof(md->md_magic)); p += sizeof(md->md_magic); 187 le32enc(p, md->md_version); p += sizeof(md->md_version); 188 le32enc(p, md->md_flags); p += sizeof(md->md_flags); 189 le16enc(p, md->md_ealgo); p += sizeof(md->md_ealgo); 190 le16enc(p, md->md_keylen); p += sizeof(md->md_keylen); 191 le16enc(p, md->md_aalgo); p += sizeof(md->md_aalgo); 192 le64enc(p, md->md_provsize); p += sizeof(md->md_provsize); 193 le32enc(p, md->md_sectorsize); p += sizeof(md->md_sectorsize); 194 *p = md->md_keys; p += sizeof(md->md_keys); 195 le32enc(p, md->md_iterations); p += sizeof(md->md_iterations); 196 bcopy(md->md_salt, p, sizeof(md->md_salt)); p += sizeof(md->md_salt); 197 bcopy(md->md_mkeys, p, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); 198 MD5Init(&ctx); 199 MD5Update(&ctx, data, p - data); 200 MD5Final(md->md_hash, &ctx); 201 bcopy(md->md_hash, p, sizeof(md->md_hash)); 202} 203static __inline int 204eli_metadata_decode_v0(const u_char *data, struct g_eli_metadata *md) 205{ 206 MD5_CTX ctx; 207 const u_char *p; 208 209 p = data + sizeof(md->md_magic) + sizeof(md->md_version); 210 md->md_flags = le32dec(p); p += sizeof(md->md_flags); 211 md->md_ealgo = le16dec(p); p += sizeof(md->md_ealgo); 212 md->md_keylen = le16dec(p); p += sizeof(md->md_keylen); 213 md->md_provsize = le64dec(p); p += sizeof(md->md_provsize); 214 md->md_sectorsize = le32dec(p); p += sizeof(md->md_sectorsize); 215 md->md_keys = *p; p += sizeof(md->md_keys); 216 md->md_iterations = le32dec(p); p += sizeof(md->md_iterations); 217 bcopy(p, md->md_salt, sizeof(md->md_salt)); p += sizeof(md->md_salt); 218 bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); 219 MD5Init(&ctx); 220 MD5Update(&ctx, data, p - data); 221 MD5Final(md->md_hash, &ctx); 222 if (bcmp(md->md_hash, p, 16) != 0) 223 return (EINVAL); 224 return (0); 225} 226static __inline int
|
226eli_metadata_decode_v1(const u_char *data, struct g_eli_metadata *md)
| 227eli_metadata_decode_v1v2(const u_char *data, struct g_eli_metadata *md)
|
227{ 228 MD5_CTX ctx; 229 const u_char *p; 230 231 p = data + sizeof(md->md_magic) + sizeof(md->md_version); 232 md->md_flags = le32dec(p); p += sizeof(md->md_flags); 233 md->md_ealgo = le16dec(p); p += sizeof(md->md_ealgo); 234 md->md_keylen = le16dec(p); p += sizeof(md->md_keylen); 235 md->md_aalgo = le16dec(p); p += sizeof(md->md_aalgo); 236 md->md_provsize = le64dec(p); p += sizeof(md->md_provsize); 237 md->md_sectorsize = le32dec(p); p += sizeof(md->md_sectorsize); 238 md->md_keys = *p; p += sizeof(md->md_keys); 239 md->md_iterations = le32dec(p); p += sizeof(md->md_iterations); 240 bcopy(p, md->md_salt, sizeof(md->md_salt)); p += sizeof(md->md_salt); 241 bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); 242 MD5Init(&ctx); 243 MD5Update(&ctx, data, p - data); 244 MD5Final(md->md_hash, &ctx); 245 if (bcmp(md->md_hash, p, 16) != 0) 246 return (EINVAL); 247 return (0); 248} 249static __inline int 250eli_metadata_decode(const u_char *data, struct g_eli_metadata *md) 251{ 252 int error; 253 254 bcopy(data, md->md_magic, sizeof(md->md_magic)); 255 md->md_version = le32dec(data + sizeof(md->md_magic)); 256 switch (md->md_version) { 257 case 0: 258 error = eli_metadata_decode_v0(data, md); 259 break; 260 case 1:
| 228{ 229 MD5_CTX ctx; 230 const u_char *p; 231 232 p = data + sizeof(md->md_magic) + sizeof(md->md_version); 233 md->md_flags = le32dec(p); p += sizeof(md->md_flags); 234 md->md_ealgo = le16dec(p); p += sizeof(md->md_ealgo); 235 md->md_keylen = le16dec(p); p += sizeof(md->md_keylen); 236 md->md_aalgo = le16dec(p); p += sizeof(md->md_aalgo); 237 md->md_provsize = le64dec(p); p += sizeof(md->md_provsize); 238 md->md_sectorsize = le32dec(p); p += sizeof(md->md_sectorsize); 239 md->md_keys = *p; p += sizeof(md->md_keys); 240 md->md_iterations = le32dec(p); p += sizeof(md->md_iterations); 241 bcopy(p, md->md_salt, sizeof(md->md_salt)); p += sizeof(md->md_salt); 242 bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); 243 MD5Init(&ctx); 244 MD5Update(&ctx, data, p - data); 245 MD5Final(md->md_hash, &ctx); 246 if (bcmp(md->md_hash, p, 16) != 0) 247 return (EINVAL); 248 return (0); 249} 250static __inline int 251eli_metadata_decode(const u_char *data, struct g_eli_metadata *md) 252{ 253 int error; 254 255 bcopy(data, md->md_magic, sizeof(md->md_magic)); 256 md->md_version = le32dec(data + sizeof(md->md_magic)); 257 switch (md->md_version) { 258 case 0: 259 error = eli_metadata_decode_v0(data, md); 260 break; 261 case 1:
|
261 error = eli_metadata_decode_v1(data, md);
| 262 case 2: 263 error = eli_metadata_decode_v1v2(data, md);
|
262 break; 263 default: 264 error = EINVAL; 265 break; 266 } 267 return (error); 268} 269#endif /* !_OpenSSL */ 270 271static __inline u_int 272g_eli_str2ealgo(const char *name) 273{ 274 275 if (strcasecmp("null", name) == 0) 276 return (CRYPTO_NULL_CBC); 277 else if (strcasecmp("aes", name) == 0) 278 return (CRYPTO_AES_CBC); 279 else if (strcasecmp("blowfish", name) == 0) 280 return (CRYPTO_BLF_CBC); 281 else if (strcasecmp("3des", name) == 0) 282 return (CRYPTO_3DES_CBC); 283 return (CRYPTO_ALGORITHM_MIN - 1); 284} 285 286static __inline u_int 287g_eli_str2aalgo(const char *name) 288{ 289 290 if (strcasecmp("hmac/md5", name) == 0) 291 return (CRYPTO_MD5_HMAC); 292 else if (strcasecmp("hmac/sha1", name) == 0) 293 return (CRYPTO_SHA1_HMAC); 294 else if (strcasecmp("hmac/ripemd160", name) == 0) 295 return (CRYPTO_RIPEMD160_HMAC); 296 else if (strcasecmp("hmac/sha256", name) == 0) 297 return (CRYPTO_SHA2_256_HMAC); 298 else if (strcasecmp("hmac/sha384", name) == 0) 299 return (CRYPTO_SHA2_384_HMAC); 300 else if (strcasecmp("hmac/sha512", name) == 0) 301 return (CRYPTO_SHA2_512_HMAC); 302 return (CRYPTO_ALGORITHM_MIN - 1); 303} 304 305static __inline const char * 306g_eli_algo2str(u_int algo) 307{ 308 309 switch (algo) { 310 case CRYPTO_NULL_CBC: 311 return ("NULL"); 312 case CRYPTO_AES_CBC: 313 return ("AES-CBC"); 314 case CRYPTO_BLF_CBC: 315 return ("Blowfish-CBC"); 316 case CRYPTO_3DES_CBC: 317 return ("3DES-CBC"); 318 case CRYPTO_MD5_HMAC: 319 return ("HMAC/MD5"); 320 case CRYPTO_SHA1_HMAC: 321 return ("HMAC/SHA1"); 322 case CRYPTO_RIPEMD160_HMAC: 323 return ("HMAC/RIPEMD160"); 324 case CRYPTO_SHA2_256_HMAC: 325 return ("HMAC/SHA256"); 326 case CRYPTO_SHA2_384_HMAC: 327 return ("HMAC/SHA384"); 328 case CRYPTO_SHA2_512_HMAC: 329 return ("HMAC/SHA512"); 330 } 331 return ("unknown"); 332} 333 334static __inline void 335eli_metadata_dump(const struct g_eli_metadata *md) 336{ 337 static const char hex[] = "0123456789abcdef"; 338 char str[sizeof(md->md_mkeys) * 2 + 1]; 339 u_int i; 340 341 printf(" magic: %s\n", md->md_magic); 342 printf(" version: %u\n", (u_int)md->md_version); 343 printf(" flags: 0x%x\n", (u_int)md->md_flags); 344 printf(" ealgo: %s\n", g_eli_algo2str(md->md_ealgo)); 345 printf(" keylen: %u\n", (u_int)md->md_keylen); 346 if (md->md_flags & G_ELI_FLAG_AUTH) 347 printf(" aalgo: %s\n", g_eli_algo2str(md->md_aalgo)); 348 printf(" provsize: %ju\n", (uintmax_t)md->md_provsize); 349 printf("sectorsize: %u\n", (u_int)md->md_sectorsize); 350 printf(" keys: 0x%02x\n", (u_int)md->md_keys); 351 printf("iterations: %u\n", (u_int)md->md_iterations); 352 bzero(str, sizeof(str)); 353 for (i = 0; i < sizeof(md->md_salt); i++) { 354 str[i * 2] = hex[md->md_salt[i] >> 4]; 355 str[i * 2 + 1] = hex[md->md_salt[i] & 0x0f]; 356 } 357 printf(" Salt: %s\n", str); 358 bzero(str, sizeof(str)); 359 for (i = 0; i < sizeof(md->md_mkeys); i++) { 360 str[i * 2] = hex[md->md_mkeys[i] >> 4]; 361 str[i * 2 + 1] = hex[md->md_mkeys[i] & 0x0f]; 362 } 363 printf("Master Key: %s\n", str); 364 bzero(str, sizeof(str)); 365 for (i = 0; i < 16; i++) { 366 str[i * 2] = hex[md->md_hash[i] >> 4]; 367 str[i * 2 + 1] = hex[md->md_hash[i] & 0x0f]; 368 } 369 printf(" MD5 hash: %s\n", str); 370} 371 372static __inline u_int 373g_eli_keylen(u_int algo, u_int keylen) 374{ 375 376 switch (algo) { 377 case CRYPTO_NULL_CBC: 378 if (keylen == 0) 379 keylen = 64 * 8; 380 else { 381 if (keylen > 64 * 8) 382 keylen = 0; 383 } 384 return (keylen); 385 case CRYPTO_AES_CBC: 386 switch (keylen) { 387 case 0: 388 return (128); 389 case 128: 390 case 192: 391 case 256: 392 return (keylen); 393 default: 394 return (0); 395 } 396 case CRYPTO_BLF_CBC: 397 if (keylen == 0) 398 return (128); 399 if (keylen < 128 || keylen > 448) 400 return (0); 401 if ((keylen % 32) != 0) 402 return (0); 403 return (keylen); 404 case CRYPTO_3DES_CBC: 405 if (keylen == 0 || keylen == 192) 406 return (192); 407 return (0); 408 default: 409 return (0); 410 } 411} 412 413static __inline u_int 414g_eli_hashlen(u_int algo) 415{ 416 417 switch (algo) { 418 case CRYPTO_MD5_HMAC: 419 return (16); 420 case CRYPTO_SHA1_HMAC: 421 return (20); 422 case CRYPTO_RIPEMD160_HMAC: 423 return (20); 424 case CRYPTO_SHA2_256_HMAC: 425 return (32); 426 case CRYPTO_SHA2_384_HMAC: 427 return (48); 428 case CRYPTO_SHA2_512_HMAC: 429 return (64); 430 } 431 return (0); 432} 433 434#ifdef _KERNEL 435int g_eli_read_metadata(struct g_class *mp, struct g_provider *pp, 436 struct g_eli_metadata *md); 437struct g_geom *g_eli_create(struct gctl_req *req, struct g_class *mp, 438 struct g_provider *bpp, const struct g_eli_metadata *md, 439 const u_char *mkey, int nkey); 440int g_eli_destroy(struct g_eli_softc *sc, boolean_t force); 441 442int g_eli_access(struct g_provider *pp, int dr, int dw, int de); 443void g_eli_config(struct gctl_req *req, struct g_class *mp, const char *verb); 444 445void g_eli_read_done(struct bio *bp); 446void g_eli_write_done(struct bio *bp); 447int g_eli_crypto_rerun(struct cryptop *crp); 448void g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, 449 size_t size); 450 451void g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp); 452 453void g_eli_auth_read(struct g_eli_softc *sc, struct bio *bp); 454void g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp); 455#endif 456 457void g_eli_mkey_hmac(unsigned char *mkey, const unsigned char *key); 458int g_eli_mkey_decrypt(const struct g_eli_metadata *md, 459 const unsigned char *key, unsigned char *mkey, unsigned *nkeyp); 460int g_eli_mkey_encrypt(unsigned algo, const unsigned char *key, unsigned keylen, 461 unsigned char *mkey); 462#ifdef _KERNEL 463void g_eli_mkey_propagate(struct g_eli_softc *sc, const unsigned char *mkey); 464#endif 465 466int g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize, 467 const u_char *key, size_t keysize); 468int g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize, 469 const u_char *key, size_t keysize); 470 471struct hmac_ctx { 472 SHA512_CTX shactx; 473 u_char k_opad[128]; 474}; 475 476void g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey, 477 size_t hkeylen); 478void g_eli_crypto_hmac_update(struct hmac_ctx *ctx, const uint8_t *data, 479 size_t datasize); 480void g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize); 481void g_eli_crypto_hmac(const uint8_t *hkey, size_t hkeysize, 482 const uint8_t *data, size_t datasize, uint8_t *md, size_t mdsize); 483#endif /* !_G_ELI_H_ */
| 264 break; 265 default: 266 error = EINVAL; 267 break; 268 } 269 return (error); 270} 271#endif /* !_OpenSSL */ 272 273static __inline u_int 274g_eli_str2ealgo(const char *name) 275{ 276 277 if (strcasecmp("null", name) == 0) 278 return (CRYPTO_NULL_CBC); 279 else if (strcasecmp("aes", name) == 0) 280 return (CRYPTO_AES_CBC); 281 else if (strcasecmp("blowfish", name) == 0) 282 return (CRYPTO_BLF_CBC); 283 else if (strcasecmp("3des", name) == 0) 284 return (CRYPTO_3DES_CBC); 285 return (CRYPTO_ALGORITHM_MIN - 1); 286} 287 288static __inline u_int 289g_eli_str2aalgo(const char *name) 290{ 291 292 if (strcasecmp("hmac/md5", name) == 0) 293 return (CRYPTO_MD5_HMAC); 294 else if (strcasecmp("hmac/sha1", name) == 0) 295 return (CRYPTO_SHA1_HMAC); 296 else if (strcasecmp("hmac/ripemd160", name) == 0) 297 return (CRYPTO_RIPEMD160_HMAC); 298 else if (strcasecmp("hmac/sha256", name) == 0) 299 return (CRYPTO_SHA2_256_HMAC); 300 else if (strcasecmp("hmac/sha384", name) == 0) 301 return (CRYPTO_SHA2_384_HMAC); 302 else if (strcasecmp("hmac/sha512", name) == 0) 303 return (CRYPTO_SHA2_512_HMAC); 304 return (CRYPTO_ALGORITHM_MIN - 1); 305} 306 307static __inline const char * 308g_eli_algo2str(u_int algo) 309{ 310 311 switch (algo) { 312 case CRYPTO_NULL_CBC: 313 return ("NULL"); 314 case CRYPTO_AES_CBC: 315 return ("AES-CBC"); 316 case CRYPTO_BLF_CBC: 317 return ("Blowfish-CBC"); 318 case CRYPTO_3DES_CBC: 319 return ("3DES-CBC"); 320 case CRYPTO_MD5_HMAC: 321 return ("HMAC/MD5"); 322 case CRYPTO_SHA1_HMAC: 323 return ("HMAC/SHA1"); 324 case CRYPTO_RIPEMD160_HMAC: 325 return ("HMAC/RIPEMD160"); 326 case CRYPTO_SHA2_256_HMAC: 327 return ("HMAC/SHA256"); 328 case CRYPTO_SHA2_384_HMAC: 329 return ("HMAC/SHA384"); 330 case CRYPTO_SHA2_512_HMAC: 331 return ("HMAC/SHA512"); 332 } 333 return ("unknown"); 334} 335 336static __inline void 337eli_metadata_dump(const struct g_eli_metadata *md) 338{ 339 static const char hex[] = "0123456789abcdef"; 340 char str[sizeof(md->md_mkeys) * 2 + 1]; 341 u_int i; 342 343 printf(" magic: %s\n", md->md_magic); 344 printf(" version: %u\n", (u_int)md->md_version); 345 printf(" flags: 0x%x\n", (u_int)md->md_flags); 346 printf(" ealgo: %s\n", g_eli_algo2str(md->md_ealgo)); 347 printf(" keylen: %u\n", (u_int)md->md_keylen); 348 if (md->md_flags & G_ELI_FLAG_AUTH) 349 printf(" aalgo: %s\n", g_eli_algo2str(md->md_aalgo)); 350 printf(" provsize: %ju\n", (uintmax_t)md->md_provsize); 351 printf("sectorsize: %u\n", (u_int)md->md_sectorsize); 352 printf(" keys: 0x%02x\n", (u_int)md->md_keys); 353 printf("iterations: %u\n", (u_int)md->md_iterations); 354 bzero(str, sizeof(str)); 355 for (i = 0; i < sizeof(md->md_salt); i++) { 356 str[i * 2] = hex[md->md_salt[i] >> 4]; 357 str[i * 2 + 1] = hex[md->md_salt[i] & 0x0f]; 358 } 359 printf(" Salt: %s\n", str); 360 bzero(str, sizeof(str)); 361 for (i = 0; i < sizeof(md->md_mkeys); i++) { 362 str[i * 2] = hex[md->md_mkeys[i] >> 4]; 363 str[i * 2 + 1] = hex[md->md_mkeys[i] & 0x0f]; 364 } 365 printf("Master Key: %s\n", str); 366 bzero(str, sizeof(str)); 367 for (i = 0; i < 16; i++) { 368 str[i * 2] = hex[md->md_hash[i] >> 4]; 369 str[i * 2 + 1] = hex[md->md_hash[i] & 0x0f]; 370 } 371 printf(" MD5 hash: %s\n", str); 372} 373 374static __inline u_int 375g_eli_keylen(u_int algo, u_int keylen) 376{ 377 378 switch (algo) { 379 case CRYPTO_NULL_CBC: 380 if (keylen == 0) 381 keylen = 64 * 8; 382 else { 383 if (keylen > 64 * 8) 384 keylen = 0; 385 } 386 return (keylen); 387 case CRYPTO_AES_CBC: 388 switch (keylen) { 389 case 0: 390 return (128); 391 case 128: 392 case 192: 393 case 256: 394 return (keylen); 395 default: 396 return (0); 397 } 398 case CRYPTO_BLF_CBC: 399 if (keylen == 0) 400 return (128); 401 if (keylen < 128 || keylen > 448) 402 return (0); 403 if ((keylen % 32) != 0) 404 return (0); 405 return (keylen); 406 case CRYPTO_3DES_CBC: 407 if (keylen == 0 || keylen == 192) 408 return (192); 409 return (0); 410 default: 411 return (0); 412 } 413} 414 415static __inline u_int 416g_eli_hashlen(u_int algo) 417{ 418 419 switch (algo) { 420 case CRYPTO_MD5_HMAC: 421 return (16); 422 case CRYPTO_SHA1_HMAC: 423 return (20); 424 case CRYPTO_RIPEMD160_HMAC: 425 return (20); 426 case CRYPTO_SHA2_256_HMAC: 427 return (32); 428 case CRYPTO_SHA2_384_HMAC: 429 return (48); 430 case CRYPTO_SHA2_512_HMAC: 431 return (64); 432 } 433 return (0); 434} 435 436#ifdef _KERNEL 437int g_eli_read_metadata(struct g_class *mp, struct g_provider *pp, 438 struct g_eli_metadata *md); 439struct g_geom *g_eli_create(struct gctl_req *req, struct g_class *mp, 440 struct g_provider *bpp, const struct g_eli_metadata *md, 441 const u_char *mkey, int nkey); 442int g_eli_destroy(struct g_eli_softc *sc, boolean_t force); 443 444int g_eli_access(struct g_provider *pp, int dr, int dw, int de); 445void g_eli_config(struct gctl_req *req, struct g_class *mp, const char *verb); 446 447void g_eli_read_done(struct bio *bp); 448void g_eli_write_done(struct bio *bp); 449int g_eli_crypto_rerun(struct cryptop *crp); 450void g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, 451 size_t size); 452 453void g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp); 454 455void g_eli_auth_read(struct g_eli_softc *sc, struct bio *bp); 456void g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp); 457#endif 458 459void g_eli_mkey_hmac(unsigned char *mkey, const unsigned char *key); 460int g_eli_mkey_decrypt(const struct g_eli_metadata *md, 461 const unsigned char *key, unsigned char *mkey, unsigned *nkeyp); 462int g_eli_mkey_encrypt(unsigned algo, const unsigned char *key, unsigned keylen, 463 unsigned char *mkey); 464#ifdef _KERNEL 465void g_eli_mkey_propagate(struct g_eli_softc *sc, const unsigned char *mkey); 466#endif 467 468int g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize, 469 const u_char *key, size_t keysize); 470int g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize, 471 const u_char *key, size_t keysize); 472 473struct hmac_ctx { 474 SHA512_CTX shactx; 475 u_char k_opad[128]; 476}; 477 478void g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey, 479 size_t hkeylen); 480void g_eli_crypto_hmac_update(struct hmac_ctx *ctx, const uint8_t *data, 481 size_t datasize); 482void g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize); 483void g_eli_crypto_hmac(const uint8_t *hkey, size_t hkeysize, 484 const uint8_t *data, size_t datasize, uint8_t *md, size_t mdsize); 485#endif /* !_G_ELI_H_ */
|