1/*-
2 * Copyright (c) 2002 Poul-Henning Kamp
3 * Copyright (c) 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp
7 * and NAI Labs, the Security Research Division of Network Associates, Inc.
8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
9 * DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
| 1/*-
2 * Copyright (c) 2002 Poul-Henning Kamp
3 * Copyright (c) 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp
7 * and NAI Labs, the Security Research Division of Network Associates, Inc.
8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
9 * DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
|
33 *
34 */
35
36#include <sys/param.h>
37#include <sys/bio.h>
38#include <sys/lock.h>
39#include <sys/mutex.h>
40#include <sys/malloc.h>
41#include <sys/systm.h>
42#include <sys/kernel.h>
43#include <sys/kthread.h>
44
45#include <crypto/rijndael/rijndael.h>
46#include <crypto/sha2/sha2.h>
47#include <geom/geom.h>
48#include <geom/bde/g_bde.h>
49#define BDE_CLASS_NAME "BDE"
50
51static void
52g_bde_start(struct bio *bp)
53{
54
55 switch (bp->bio_cmd) {
56 case BIO_DELETE:
57 case BIO_READ:
58 case BIO_WRITE:
59 g_bde_start1(bp);
60 break;
61 case BIO_GETATTR:
62 g_io_deliver(bp, EOPNOTSUPP);
63 break;
64 default:
65 g_io_deliver(bp, EOPNOTSUPP);
66 return;
67 }
68 return;
69}
70
71static void
72g_bde_orphan(struct g_consumer *cp)
73{
74 struct g_geom *gp;
75 struct g_provider *pp;
76 struct g_bde_softc *sc;
77 int error;
78
79 g_trace(G_T_TOPOLOGY, "g_bde_orphan(%p/%s)", cp, cp->provider->name);
80 g_topology_assert();
81 KASSERT(cp->provider->error != 0,
82 ("g_bde_orphan with error == 0"));
83
84 gp = cp->geom;
85 sc = gp->softc;
86 gp->flags |= G_GEOM_WITHER;
87 error = cp->provider->error;
88 LIST_FOREACH(pp, &gp->provider, provider)
89 g_orphan_provider(pp, error);
90 bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */
91 return;
92}
93
94static int
95g_bde_access(struct g_provider *pp, int dr, int dw, int de)
96{
97 struct g_geom *gp;
98 struct g_consumer *cp;
99
100 gp = pp->geom;
101 cp = LIST_FIRST(&gp->consumer);
102 if (cp->acr == 0 && cp->acw == 0 && cp->ace == 0) {
103 de++;
104 dr++;
105 }
106 /* ... and let go of it on last close */
107 if ((cp->acr + dr) == 0 && (cp->acw + dw) == 0 && (cp->ace + de) == 1) {
108 de--;
109 dr--;
110 }
111 return (g_access(cp, dr, dw, de));
112}
113
114static void
115g_bde_create_geom(struct gctl_req *req, struct g_class *mp, struct g_provider *pp)
116{
117 struct g_geom *gp;
118 struct g_consumer *cp;
119 struct g_bde_key *kp;
120 int error, i;
121 u_int sectorsize;
122 off_t mediasize;
123 struct g_bde_softc *sc;
124 void *pass;
125 void *key;
126
127 g_trace(G_T_TOPOLOGY, "g_bde_create_geom(%s, %s)", mp->name, pp->name);
128 g_topology_assert();
129 gp = NULL;
130
131
132 gp = g_new_geomf(mp, "%s.bde", pp->name);
| 33 *
34 */
35
36#include <sys/param.h>
37#include <sys/bio.h>
38#include <sys/lock.h>
39#include <sys/mutex.h>
40#include <sys/malloc.h>
41#include <sys/systm.h>
42#include <sys/kernel.h>
43#include <sys/kthread.h>
44
45#include <crypto/rijndael/rijndael.h>
46#include <crypto/sha2/sha2.h>
47#include <geom/geom.h>
48#include <geom/bde/g_bde.h>
49#define BDE_CLASS_NAME "BDE"
50
51static void
52g_bde_start(struct bio *bp)
53{
54
55 switch (bp->bio_cmd) {
56 case BIO_DELETE:
57 case BIO_READ:
58 case BIO_WRITE:
59 g_bde_start1(bp);
60 break;
61 case BIO_GETATTR:
62 g_io_deliver(bp, EOPNOTSUPP);
63 break;
64 default:
65 g_io_deliver(bp, EOPNOTSUPP);
66 return;
67 }
68 return;
69}
70
71static void
72g_bde_orphan(struct g_consumer *cp)
73{
74 struct g_geom *gp;
75 struct g_provider *pp;
76 struct g_bde_softc *sc;
77 int error;
78
79 g_trace(G_T_TOPOLOGY, "g_bde_orphan(%p/%s)", cp, cp->provider->name);
80 g_topology_assert();
81 KASSERT(cp->provider->error != 0,
82 ("g_bde_orphan with error == 0"));
83
84 gp = cp->geom;
85 sc = gp->softc;
86 gp->flags |= G_GEOM_WITHER;
87 error = cp->provider->error;
88 LIST_FOREACH(pp, &gp->provider, provider)
89 g_orphan_provider(pp, error);
90 bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */
91 return;
92}
93
94static int
95g_bde_access(struct g_provider *pp, int dr, int dw, int de)
96{
97 struct g_geom *gp;
98 struct g_consumer *cp;
99
100 gp = pp->geom;
101 cp = LIST_FIRST(&gp->consumer);
102 if (cp->acr == 0 && cp->acw == 0 && cp->ace == 0) {
103 de++;
104 dr++;
105 }
106 /* ... and let go of it on last close */
107 if ((cp->acr + dr) == 0 && (cp->acw + dw) == 0 && (cp->ace + de) == 1) {
108 de--;
109 dr--;
110 }
111 return (g_access(cp, dr, dw, de));
112}
113
114static void
115g_bde_create_geom(struct gctl_req *req, struct g_class *mp, struct g_provider *pp)
116{
117 struct g_geom *gp;
118 struct g_consumer *cp;
119 struct g_bde_key *kp;
120 int error, i;
121 u_int sectorsize;
122 off_t mediasize;
123 struct g_bde_softc *sc;
124 void *pass;
125 void *key;
126
127 g_trace(G_T_TOPOLOGY, "g_bde_create_geom(%s, %s)", mp->name, pp->name);
128 g_topology_assert();
129 gp = NULL;
130
131
132 gp = g_new_geomf(mp, "%s.bde", pp->name);
|
137 cp = g_new_consumer(gp);
138 g_attach(cp, pp);
139 error = g_access(cp, 1, 1, 1);
140 if (error) {
141 g_detach(cp);
142 g_destroy_consumer(cp);
143 g_destroy_geom(gp);
144 gctl_error(req, "could not access consumer");
145 return;
146 }
147 pass = NULL;
148 key = NULL;
149 do {
150 pass = gctl_get_param(req, "pass", &i);
151 if (pass == NULL || i != SHA512_DIGEST_LENGTH) {
152 gctl_error(req, "No usable key presented");
153 break;
154 }
155 key = gctl_get_param(req, "key", &i);
156 if (key != NULL && i != 16) {
157 gctl_error(req, "Invalid key presented");
158 break;
159 }
160 sectorsize = cp->provider->sectorsize;
161 mediasize = cp->provider->mediasize;
162 sc = g_malloc(sizeof(struct g_bde_softc), M_WAITOK | M_ZERO);
163 gp->softc = sc;
164 sc->geom = gp;
165 sc->consumer = cp;
166
167 error = g_bde_decrypt_lock(sc, pass, key,
168 mediasize, sectorsize, NULL);
169 bzero(sc->sha2, sizeof sc->sha2);
170 if (error)
171 break;
172 kp = &sc->key;
173
174 /* Initialize helper-fields */
175 kp->keys_per_sector = kp->sectorsize / G_BDE_SKEYLEN;
176 kp->zone_cont = kp->keys_per_sector * kp->sectorsize;
177 kp->zone_width = kp->zone_cont + kp->sectorsize;
178 kp->media_width = kp->sectorN - kp->sector0 -
179 G_BDE_MAXKEYS * kp->sectorsize;
180
181 /* Our external parameters */
182 sc->zone_cont = kp->zone_cont;
183 sc->mediasize = g_bde_max_sector(kp);
184 sc->sectorsize = kp->sectorsize;
185
186 TAILQ_INIT(&sc->freelist);
187 TAILQ_INIT(&sc->worklist);
188 mtx_init(&sc->worklist_mutex, "g_bde_worklist", NULL, MTX_DEF);
189 /* XXX: error check */
190 kthread_create(g_bde_worker, gp, &sc->thread, 0, 0,
191 "g_bde %s", gp->name);
192 pp = g_new_providerf(gp, gp->name);
193#if 0
194 /*
195 * XXX: Disable this for now. Appearantly UFS no longer
196 * XXX: issues BIO_DELETE requests correctly, with the obvious
197 * XXX: outcome that userdata is trashed.
198 */
199 pp->flags |= G_PF_CANDELETE;
200#endif
201 pp->stripesize = kp->zone_cont;
202 pp->stripeoffset = 0;
203 pp->mediasize = sc->mediasize;
204 pp->sectorsize = sc->sectorsize;
205 g_error_provider(pp, 0);
206 break;
207 } while (0);
208 if (pass != NULL)
209 bzero(pass, SHA512_DIGEST_LENGTH);
210 if (key != NULL)
211 bzero(key, 16);
212 if (error == 0)
213 return;
214 g_access(cp, -1, -1, -1);
215 g_detach(cp);
216 g_destroy_consumer(cp);
217 if (gp->softc != NULL)
218 g_free(gp->softc);
219 g_destroy_geom(gp);
220 return;
221}
222
223
224static int
225g_bde_destroy_geom(struct gctl_req *req, struct g_class *mp, struct g_geom *gp)
226{
227 struct g_consumer *cp;
228 struct g_provider *pp;
229 struct g_bde_softc *sc;
230
231 g_trace(G_T_TOPOLOGY, "g_bde_destroy_geom(%s, %s)", mp->name, gp->name);
232 g_topology_assert();
233 /*
234 * Orderly detachment.
235 */
236 KASSERT(gp != NULL, ("NULL geom"));
237 pp = LIST_FIRST(&gp->provider);
238 KASSERT(pp != NULL, ("NULL provider"));
239 if (pp->acr > 0 || pp->acw > 0 || pp->ace > 0)
240 return (EBUSY);
241 sc = gp->softc;
242 cp = LIST_FIRST(&gp->consumer);
243 KASSERT(cp != NULL, ("NULL consumer"));
244 sc->dead = 1;
245 wakeup(sc);
246 g_access(cp, -1, -1, -1);
247 g_detach(cp);
248 g_destroy_consumer(cp);
249 while (sc->dead != 2 && !LIST_EMPTY(&pp->consumers))
250 tsleep(sc, PRIBIO, "g_bdedie", hz);
251 mtx_destroy(&sc->worklist_mutex);
252 bzero(&sc->key, sizeof sc->key);
253 g_free(sc);
254 g_wither_geom(gp, ENXIO);
255 return (0);
256}
257
258static void
259g_bde_ctlreq(struct gctl_req *req, struct g_class *mp, char const *verb)
260{
261 struct g_geom *gp;
262 struct g_provider *pp;
263
264 if (!strcmp(verb, "create geom")) {
265 pp = gctl_get_provider(req, "provider");
266 if (pp != NULL)
267 g_bde_create_geom(req, mp, pp);
268 } else if (!strcmp(verb, "destroy geom")) {
269 gp = gctl_get_geom(req, mp, "geom");
270 if (gp != NULL)
271 g_bde_destroy_geom(req, mp, gp);
272 } else {
273 gctl_error(req, "unknown verb");
274 }
275}
276
277static struct g_class g_bde_class = {
278 .name = BDE_CLASS_NAME,
279 .destroy_geom = g_bde_destroy_geom,
280 .ctlreq = g_bde_ctlreq,
| 133 cp = g_new_consumer(gp);
134 g_attach(cp, pp);
135 error = g_access(cp, 1, 1, 1);
136 if (error) {
137 g_detach(cp);
138 g_destroy_consumer(cp);
139 g_destroy_geom(gp);
140 gctl_error(req, "could not access consumer");
141 return;
142 }
143 pass = NULL;
144 key = NULL;
145 do {
146 pass = gctl_get_param(req, "pass", &i);
147 if (pass == NULL || i != SHA512_DIGEST_LENGTH) {
148 gctl_error(req, "No usable key presented");
149 break;
150 }
151 key = gctl_get_param(req, "key", &i);
152 if (key != NULL && i != 16) {
153 gctl_error(req, "Invalid key presented");
154 break;
155 }
156 sectorsize = cp->provider->sectorsize;
157 mediasize = cp->provider->mediasize;
158 sc = g_malloc(sizeof(struct g_bde_softc), M_WAITOK | M_ZERO);
159 gp->softc = sc;
160 sc->geom = gp;
161 sc->consumer = cp;
162
163 error = g_bde_decrypt_lock(sc, pass, key,
164 mediasize, sectorsize, NULL);
165 bzero(sc->sha2, sizeof sc->sha2);
166 if (error)
167 break;
168 kp = &sc->key;
169
170 /* Initialize helper-fields */
171 kp->keys_per_sector = kp->sectorsize / G_BDE_SKEYLEN;
172 kp->zone_cont = kp->keys_per_sector * kp->sectorsize;
173 kp->zone_width = kp->zone_cont + kp->sectorsize;
174 kp->media_width = kp->sectorN - kp->sector0 -
175 G_BDE_MAXKEYS * kp->sectorsize;
176
177 /* Our external parameters */
178 sc->zone_cont = kp->zone_cont;
179 sc->mediasize = g_bde_max_sector(kp);
180 sc->sectorsize = kp->sectorsize;
181
182 TAILQ_INIT(&sc->freelist);
183 TAILQ_INIT(&sc->worklist);
184 mtx_init(&sc->worklist_mutex, "g_bde_worklist", NULL, MTX_DEF);
185 /* XXX: error check */
186 kthread_create(g_bde_worker, gp, &sc->thread, 0, 0,
187 "g_bde %s", gp->name);
188 pp = g_new_providerf(gp, gp->name);
189#if 0
190 /*
191 * XXX: Disable this for now. Appearantly UFS no longer
192 * XXX: issues BIO_DELETE requests correctly, with the obvious
193 * XXX: outcome that userdata is trashed.
194 */
195 pp->flags |= G_PF_CANDELETE;
196#endif
197 pp->stripesize = kp->zone_cont;
198 pp->stripeoffset = 0;
199 pp->mediasize = sc->mediasize;
200 pp->sectorsize = sc->sectorsize;
201 g_error_provider(pp, 0);
202 break;
203 } while (0);
204 if (pass != NULL)
205 bzero(pass, SHA512_DIGEST_LENGTH);
206 if (key != NULL)
207 bzero(key, 16);
208 if (error == 0)
209 return;
210 g_access(cp, -1, -1, -1);
211 g_detach(cp);
212 g_destroy_consumer(cp);
213 if (gp->softc != NULL)
214 g_free(gp->softc);
215 g_destroy_geom(gp);
216 return;
217}
218
219
220static int
221g_bde_destroy_geom(struct gctl_req *req, struct g_class *mp, struct g_geom *gp)
222{
223 struct g_consumer *cp;
224 struct g_provider *pp;
225 struct g_bde_softc *sc;
226
227 g_trace(G_T_TOPOLOGY, "g_bde_destroy_geom(%s, %s)", mp->name, gp->name);
228 g_topology_assert();
229 /*
230 * Orderly detachment.
231 */
232 KASSERT(gp != NULL, ("NULL geom"));
233 pp = LIST_FIRST(&gp->provider);
234 KASSERT(pp != NULL, ("NULL provider"));
235 if (pp->acr > 0 || pp->acw > 0 || pp->ace > 0)
236 return (EBUSY);
237 sc = gp->softc;
238 cp = LIST_FIRST(&gp->consumer);
239 KASSERT(cp != NULL, ("NULL consumer"));
240 sc->dead = 1;
241 wakeup(sc);
242 g_access(cp, -1, -1, -1);
243 g_detach(cp);
244 g_destroy_consumer(cp);
245 while (sc->dead != 2 && !LIST_EMPTY(&pp->consumers))
246 tsleep(sc, PRIBIO, "g_bdedie", hz);
247 mtx_destroy(&sc->worklist_mutex);
248 bzero(&sc->key, sizeof sc->key);
249 g_free(sc);
250 g_wither_geom(gp, ENXIO);
251 return (0);
252}
253
254static void
255g_bde_ctlreq(struct gctl_req *req, struct g_class *mp, char const *verb)
256{
257 struct g_geom *gp;
258 struct g_provider *pp;
259
260 if (!strcmp(verb, "create geom")) {
261 pp = gctl_get_provider(req, "provider");
262 if (pp != NULL)
263 g_bde_create_geom(req, mp, pp);
264 } else if (!strcmp(verb, "destroy geom")) {
265 gp = gctl_get_geom(req, mp, "geom");
266 if (gp != NULL)
267 g_bde_destroy_geom(req, mp, gp);
268 } else {
269 gctl_error(req, "unknown verb");
270 }
271}
272
273static struct g_class g_bde_class = {
274 .name = BDE_CLASS_NAME,
275 .destroy_geom = g_bde_destroy_geom,
276 .ctlreq = g_bde_ctlreq,
|