g_bde_crypt.c (113010) | g_bde_crypt.c (114153) |
---|---|
1/*- 2 * Copyright (c) 2002 Poul-Henning Kamp 3 * Copyright (c) 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp 7 * and NAI Labs, the Security Research Division of Network Associates, Inc. 8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the --- 15 unchanged lines hidden (view full) --- 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * | 1/*- 2 * Copyright (c) 2002 Poul-Henning Kamp 3 * Copyright (c) 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp 7 * and NAI Labs, the Security Research Division of Network Associates, Inc. 8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the --- 15 unchanged lines hidden (view full) --- 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * |
32 * $FreeBSD: head/sys/geom/bde/g_bde_crypt.c 113010 2003-04-03 11:33:51Z phk $ | 32 * $FreeBSD: head/sys/geom/bde/g_bde_crypt.c 114153 2003-04-28 06:38:31Z phk $ |
33 * 34 * This source file contains the functions responsible for the crypto, keying 35 * and mapping operations on the I/O requests. 36 * 37 */ 38 39#include <sys/param.h> 40#include <sys/bio.h> --- 7 unchanged lines hidden (view full) --- 48 49#include <crypto/rijndael/rijndael.h> 50#include <crypto/sha2/sha2.h> 51 52#include <geom/geom.h> 53#include <geom/bde/g_bde.h> 54 55 | 33 * 34 * This source file contains the functions responsible for the crypto, keying 35 * and mapping operations on the I/O requests. 36 * 37 */ 38 39#include <sys/param.h> 40#include <sys/bio.h> --- 7 unchanged lines hidden (view full) --- 48 49#include <crypto/rijndael/rijndael.h> 50#include <crypto/sha2/sha2.h> 51 52#include <geom/geom.h> 53#include <geom/bde/g_bde.h> 54 55 |
56#define MD5_KEY 57 |
|
56/* 57 * Derive kkey from mkey + sector offset. 58 * 59 * Security objective: Derive a potentially very large number of distinct skeys 60 * from the comparatively small key material in our mkey, in such a way that 61 * if one, more or even many of the kkeys are compromised, this does not 62 * significantly help an attack on other kkeys and in particular does not 63 * weaken or compromised the mkey. --- 59 unchanged lines hidden (view full) --- 123 AES_init(&ci); 124 sc = wp->softc; 125 o = 0; 126 for (n = 0; o < wp->length; n++, o += sc->sectorsize) { 127 d = (u_char *)wp->ksp->data + wp->ko + n * G_BDE_SKEYLEN; 128 g_bde_kkey(sc, &ki, DIR_DECRYPT, wp->offset + o); 129 AES_decrypt(&ci, &ki, d, skey, sizeof skey); 130 d = (u_char *)wp->data + o; | 58/* 59 * Derive kkey from mkey + sector offset. 60 * 61 * Security objective: Derive a potentially very large number of distinct skeys 62 * from the comparatively small key material in our mkey, in such a way that 63 * if one, more or even many of the kkeys are compromised, this does not 64 * significantly help an attack on other kkeys and in particular does not 65 * weaken or compromised the mkey. --- 59 unchanged lines hidden (view full) --- 125 AES_init(&ci); 126 sc = wp->softc; 127 o = 0; 128 for (n = 0; o < wp->length; n++, o += sc->sectorsize) { 129 d = (u_char *)wp->ksp->data + wp->ko + n * G_BDE_SKEYLEN; 130 g_bde_kkey(sc, &ki, DIR_DECRYPT, wp->offset + o); 131 AES_decrypt(&ci, &ki, d, skey, sizeof skey); 132 d = (u_char *)wp->data + o; |
133#ifdef MD5_KEY 134 { 135 MD5_CTX ct; 136 u_char rkey[16]; 137 int i; 138 139 MD5Init(&ct); 140 MD5Update(&ct, d, sc->sectorsize); 141 MD5Final(rkey, &ct); 142 if (bcmp(rkey, skey, 16) != 0) { 143#if 0 144 printf("MD5_KEY failed at %jd (t=%d)\n", 145 (intmax_t)(wp->offset + o), time_second); 146#endif 147 for (i = 0; i < sc->sectorsize; i++) 148 d[i] = 'A' + i % 26; 149 sprintf(d, "MD5_KEY failed at %jd (t=%d)", 150 (intmax_t)(wp->offset + o), time_second); 151 } 152 } 153#else |
|
131 AES_makekey(&ki, DIR_DECRYPT, G_BDE_SKEYBITS, skey); 132 AES_decrypt(&ci, &ki, d, d, sc->sectorsize); | 154 AES_makekey(&ki, DIR_DECRYPT, G_BDE_SKEYBITS, skey); 155 AES_decrypt(&ci, &ki, d, d, sc->sectorsize); |
156#endif |
|
133 } 134 bzero(skey, sizeof skey); 135 bzero(&ci, sizeof ci); 136 bzero(&ki, sizeof ci); 137} 138 139/* 140 * Encryption work for write operation. --- 15 unchanged lines hidden (view full) --- 156 157 sc = wp->softc; 158 AES_init(&ci); 159 o = 0; 160 for (n = 0; o < wp->length; n++, o += sc->sectorsize) { 161 162 s = (u_char *)wp->data + o; 163 d = (u_char *)wp->sp->data + o; | 157 } 158 bzero(skey, sizeof skey); 159 bzero(&ci, sizeof ci); 160 bzero(&ki, sizeof ci); 161} 162 163/* 164 * Encryption work for write operation. --- 15 unchanged lines hidden (view full) --- 180 181 sc = wp->softc; 182 AES_init(&ci); 183 o = 0; 184 for (n = 0; o < wp->length; n++, o += sc->sectorsize) { 185 186 s = (u_char *)wp->data + o; 187 d = (u_char *)wp->sp->data + o; |
188#ifdef MD5_KEY 189 { 190 MD5_CTX ct; 191 192 MD5Init(&ct); 193 MD5Update(&ct, s, sc->sectorsize); 194 MD5Final(skey, &ct); 195 bcopy(s, d, sc->sectorsize); 196 } 197#else |
|
164 arc4rand(&skey, sizeof skey, 0); 165 AES_makekey(&ki, DIR_ENCRYPT, G_BDE_SKEYBITS, skey); 166 AES_encrypt(&ci, &ki, s, d, sc->sectorsize); | 198 arc4rand(&skey, sizeof skey, 0); 199 AES_makekey(&ki, DIR_ENCRYPT, G_BDE_SKEYBITS, skey); 200 AES_encrypt(&ci, &ki, s, d, sc->sectorsize); |
201#endif |
|
167 168 d = (u_char *)wp->ksp->data + wp->ko + n * G_BDE_SKEYLEN; 169 g_bde_kkey(sc, &ki, DIR_ENCRYPT, wp->offset + o); 170 AES_encrypt(&ci, &ki, skey, d, sizeof skey); 171 bzero(skey, sizeof skey); 172 } 173 bzero(skey, sizeof skey); 174 bzero(&ci, sizeof ci); --- 156 unchanged lines hidden --- | 202 203 d = (u_char *)wp->ksp->data + wp->ko + n * G_BDE_SKEYLEN; 204 g_bde_kkey(sc, &ki, DIR_ENCRYPT, wp->offset + o); 205 AES_encrypt(&ci, &ki, skey, d, sizeof skey); 206 bzero(skey, sizeof skey); 207 } 208 bzero(skey, sizeof skey); 209 bzero(&ci, sizeof ci); --- 156 unchanged lines hidden --- |