1/*- 2 * Copyright (c) 2002 Poul-Henning Kamp 3 * Copyright (c) 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp 7 * and NAI Labs, the Security Research Division of Network Associates, Inc. 8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the --- 15 unchanged lines hidden (view full) --- 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * |
32 * $FreeBSD: head/sys/geom/bde/g_bde_crypt.c 114153 2003-04-28 06:38:31Z phk $ |
33 * 34 * This source file contains the functions responsible for the crypto, keying 35 * and mapping operations on the I/O requests. 36 * 37 */ 38 39#include <sys/param.h> 40#include <sys/bio.h> --- 7 unchanged lines hidden (view full) --- 48 49#include <crypto/rijndael/rijndael.h> 50#include <crypto/sha2/sha2.h> 51 52#include <geom/geom.h> 53#include <geom/bde/g_bde.h> 54 55 |
56#define MD5_KEY 57 |
58/* 59 * Derive kkey from mkey + sector offset. 60 * 61 * Security objective: Derive a potentially very large number of distinct skeys 62 * from the comparatively small key material in our mkey, in such a way that 63 * if one, more or even many of the kkeys are compromised, this does not 64 * significantly help an attack on other kkeys and in particular does not 65 * weaken or compromised the mkey. --- 59 unchanged lines hidden (view full) --- 125 AES_init(&ci); 126 sc = wp->softc; 127 o = 0; 128 for (n = 0; o < wp->length; n++, o += sc->sectorsize) { 129 d = (u_char *)wp->ksp->data + wp->ko + n * G_BDE_SKEYLEN; 130 g_bde_kkey(sc, &ki, DIR_DECRYPT, wp->offset + o); 131 AES_decrypt(&ci, &ki, d, skey, sizeof skey); 132 d = (u_char *)wp->data + o; |
133#ifdef MD5_KEY 134 { 135 MD5_CTX ct; 136 u_char rkey[16]; 137 int i; 138 139 MD5Init(&ct); 140 MD5Update(&ct, d, sc->sectorsize); 141 MD5Final(rkey, &ct); 142 if (bcmp(rkey, skey, 16) != 0) { 143#if 0 144 printf("MD5_KEY failed at %jd (t=%d)\n", 145 (intmax_t)(wp->offset + o), time_second); 146#endif 147 for (i = 0; i < sc->sectorsize; i++) 148 d[i] = 'A' + i % 26; 149 sprintf(d, "MD5_KEY failed at %jd (t=%d)", 150 (intmax_t)(wp->offset + o), time_second); 151 } 152 } 153#else |
154 AES_makekey(&ki, DIR_DECRYPT, G_BDE_SKEYBITS, skey); 155 AES_decrypt(&ci, &ki, d, d, sc->sectorsize); |
156#endif |
157 } 158 bzero(skey, sizeof skey); 159 bzero(&ci, sizeof ci); 160 bzero(&ki, sizeof ci); 161} 162 163/* 164 * Encryption work for write operation. --- 15 unchanged lines hidden (view full) --- 180 181 sc = wp->softc; 182 AES_init(&ci); 183 o = 0; 184 for (n = 0; o < wp->length; n++, o += sc->sectorsize) { 185 186 s = (u_char *)wp->data + o; 187 d = (u_char *)wp->sp->data + o; |
188#ifdef MD5_KEY 189 { 190 MD5_CTX ct; 191 192 MD5Init(&ct); 193 MD5Update(&ct, s, sc->sectorsize); 194 MD5Final(skey, &ct); 195 bcopy(s, d, sc->sectorsize); 196 } 197#else |
198 arc4rand(&skey, sizeof skey, 0); 199 AES_makekey(&ki, DIR_ENCRYPT, G_BDE_SKEYBITS, skey); 200 AES_encrypt(&ci, &ki, s, d, sc->sectorsize); |
201#endif |
202 203 d = (u_char *)wp->ksp->data + wp->ko + n * G_BDE_SKEYLEN; 204 g_bde_kkey(sc, &ki, DIR_ENCRYPT, wp->offset + o); 205 AES_encrypt(&ci, &ki, skey, d, sizeof skey); 206 bzero(skey, sizeof skey); 207 } 208 bzero(skey, sizeof skey); 209 bzero(&ci, sizeof ci); --- 156 unchanged lines hidden --- |