1/*-
2 * Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
--- 11 unchanged lines hidden (view full) ---
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD: head/sys/geom/eli/g_eli.c 213062 2010-09-23 11:19:48Z pjd $");
29
30#include <sys/param.h>
31#include <sys/systm.h>
32#include <sys/kernel.h>
33#include <sys/linker.h>
34#include <sys/module.h>
35#include <sys/lock.h>
36#include <sys/mutex.h>
--- 333 unchanged lines hidden (view full) ---
370 else if (sc->sc_flags & G_ELI_FLAG_AUTH)
371 g_eli_auth_run(wr, bp);
372 else
373 g_eli_crypto_run(wr, bp);
374 }
375}
376
377/*
378 * Here we generate IV. It is unique for every sector.
379 */
380void
381g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv,
382 size_t size)
383{
384 u_char off[8], hash[SHA256_DIGEST_LENGTH];
385 SHA256_CTX ctx;
--- 157 unchanged lines hidden (view full) ---
543 else
544 gp->access = g_std_access;
545
546 sc->sc_crypto = G_ELI_CRYPTO_SW;
547 sc->sc_flags = md->md_flags;
548 /* Backward compatibility. */
549 if (md->md_version < 4)
550 sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER;
551 sc->sc_ealgo = md->md_ealgo;
552 sc->sc_nkey = nkey;
553 /*
554 * Remember the keys in our softc structure.
555 */
556 g_eli_mkey_propagate(sc, mkey);
557 sc->sc_ekeylen = md->md_keylen;
558
559 if (sc->sc_flags & G_ELI_FLAG_AUTH) {
560 sc->sc_akeylen = sizeof(sc->sc_akey) * 8;
561 sc->sc_aalgo = md->md_aalgo;
562 sc->sc_alen = g_eli_hashlen(sc->sc_aalgo);
563
564 sc->sc_data_per_sector = bpp->sectorsize - sc->sc_alen;
565 /*
--- 13 unchanged lines hidden (view full) ---
579 * This is expensive operation and we can do it only once now or
580 * for every access to sector, so now will be much better.
581 */
582 SHA256_Init(&sc->sc_akeyctx);
583 SHA256_Update(&sc->sc_akeyctx, sc->sc_akey,
584 sizeof(sc->sc_akey));
585 }
586
587 /*
588 * Precalculate SHA256 for IV generation.
589 * This is expensive operation and we can do it only once now or for
590 * every access to sector, so now will be much better.
591 */
592 SHA256_Init(&sc->sc_ivctx);
593 SHA256_Update(&sc->sc_ivctx, sc->sc_ivkey, sizeof(sc->sc_ivkey));
594
595 gp->softc = sc;
596 sc->sc_geom = gp;
597
598 bioq_init(&sc->sc_queue);
599 mtx_init(&sc->sc_queue_mtx, "geli:queue", NULL, MTX_DEF);
600
601 pp = NULL;
602 cp = g_new_consumer(gp);
--- 25 unchanged lines hidden (view full) ---
628 bpp->name, error);
629 } else {
630 G_ELI_DEBUG(1, "Cannot access %s (error=%d).",
631 bpp->name, error);
632 }
633 goto failed;
634 }
635
636 LIST_INIT(&sc->sc_workers);
637
638 bzero(&crie, sizeof(crie));
639 crie.cri_alg = sc->sc_ealgo;
640 crie.cri_klen = sc->sc_ekeylen;
641 crie.cri_key = sc->sc_ekey;
642 if (sc->sc_flags & G_ELI_FLAG_AUTH) {
643 bzero(&cria, sizeof(cria));
644 cria.cri_alg = sc->sc_aalgo;
645 cria.cri_klen = sc->sc_akeylen;
646 cria.cri_key = sc->sc_akey;
647 crie.cri_next = &cria;
648 }
649
--- 60 unchanged lines hidden (view full) ---
710 if (sc->sc_crypto == G_ELI_CRYPTO_HW)
711 break;
712 }
713
714 /*
715 * Create decrypted provider.
716 */
717 pp = g_new_providerf(gp, "%s%s", bpp->name, G_ELI_SUFFIX);
718 pp->sectorsize = md->md_sectorsize;
719 pp->mediasize = bpp->mediasize;
720 if (!(sc->sc_flags & G_ELI_FLAG_ONETIME))
721 pp->mediasize -= bpp->sectorsize;
722 if (!(sc->sc_flags & G_ELI_FLAG_AUTH))
723 pp->mediasize -= (pp->mediasize % pp->sectorsize);
724 else {
725 pp->mediasize /= sc->sc_bytes_per_sector;
726 pp->mediasize *= pp->sectorsize;
727 }
728
729 g_error_provider(pp, 0);
730
731 G_ELI_DEBUG(0, "Device %s created.", pp->name);
732 G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo),
733 sc->sc_ekeylen);
734 if (sc->sc_flags & G_ELI_FLAG_AUTH)
735 G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo));
--- 14 unchanged lines hidden (view full) ---
750 mtx_destroy(&sc->sc_queue_mtx);
751 if (cp->provider != NULL) {
752 if (cp->acr == 1)
753 g_access(cp, -1, -1, -1);
754 g_detach(cp);
755 }
756 g_destroy_consumer(cp);
757 g_destroy_geom(gp);
758 bzero(sc, sizeof(*sc));
759 free(sc, M_ELI);
760 return (NULL);
761}
762
763int
764g_eli_destroy(struct g_eli_softc *sc, boolean_t force)
765{
--- 23 unchanged lines hidden (view full) ---
789 sc->sc_flags |= G_ELI_FLAG_DESTROY;
790 wakeup(sc);
791 while (!LIST_EMPTY(&sc->sc_workers)) {
792 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO,
793 "geli:destroy", 0);
794 }
795 mtx_destroy(&sc->sc_queue_mtx);
796 gp->softc = NULL;
797 bzero(sc, sizeof(*sc));
798 free(sc, M_ELI);
799
800 if (pp == NULL || (pp->acr == 0 && pp->acw == 0 && pp->ace == 0))
801 G_ELI_DEBUG(0, "Device %s destroyed.", gp->name);
802 g_wither_geom_close(gp, ENXIO);
803
804 return (0);
--- 232 unchanged lines hidden (view full) ---
1037 if (sc->sc_flags & (flag)) { \
1038 if (!first) \
1039 sbuf_printf(sb, ", "); \
1040 else \
1041 first = 0; \
1042 sbuf_printf(sb, name); \
1043 } \
1044} while (0)
1045 ADD_FLAG(G_ELI_FLAG_NATIVE_BYTE_ORDER, "NATIVE-BYTE-ORDER");
1046 ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME");
1047 ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT");
1048 ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH");
1049 ADD_FLAG(G_ELI_FLAG_RW_DETACH, "RW-DETACH");
1050 ADD_FLAG(G_ELI_FLAG_AUTH, "AUTH");
1051 ADD_FLAG(G_ELI_FLAG_WOPEN, "W-OPEN");
1052 ADD_FLAG(G_ELI_FLAG_DESTROY, "DESTROY");
--- 82 unchanged lines hidden ---
2 * Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
--- 11 unchanged lines hidden (view full) ---
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD: head/sys/geom/eli/g_eli.c 213062 2010-09-23 11:19:48Z pjd $");
29
30#include <sys/param.h>
31#include <sys/systm.h>
32#include <sys/kernel.h>
33#include <sys/linker.h>
34#include <sys/module.h>
35#include <sys/lock.h>
36#include <sys/mutex.h>
--- 333 unchanged lines hidden (view full) ---
370 else if (sc->sc_flags & G_ELI_FLAG_AUTH)
371 g_eli_auth_run(wr, bp);
372 else
373 g_eli_crypto_run(wr, bp);
374 }
375}
376
377/*
378 * Here we generate IV. It is unique for every sector.
379 */
380void
381g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv,
382 size_t size)
383{
384 u_char off[8], hash[SHA256_DIGEST_LENGTH];
385 SHA256_CTX ctx;
--- 157 unchanged lines hidden (view full) ---
543 else
544 gp->access = g_std_access;
545
546 sc->sc_crypto = G_ELI_CRYPTO_SW;
547 sc->sc_flags = md->md_flags;
548 /* Backward compatibility. */
549 if (md->md_version < 4)
550 sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER;
551 sc->sc_ealgo = md->md_ealgo;
552 sc->sc_nkey = nkey;
553 /*
554 * Remember the keys in our softc structure.
555 */
556 g_eli_mkey_propagate(sc, mkey);
557 sc->sc_ekeylen = md->md_keylen;
558
559 if (sc->sc_flags & G_ELI_FLAG_AUTH) {
560 sc->sc_akeylen = sizeof(sc->sc_akey) * 8;
561 sc->sc_aalgo = md->md_aalgo;
562 sc->sc_alen = g_eli_hashlen(sc->sc_aalgo);
563
564 sc->sc_data_per_sector = bpp->sectorsize - sc->sc_alen;
565 /*
--- 13 unchanged lines hidden (view full) ---
579 * This is expensive operation and we can do it only once now or
580 * for every access to sector, so now will be much better.
581 */
582 SHA256_Init(&sc->sc_akeyctx);
583 SHA256_Update(&sc->sc_akeyctx, sc->sc_akey,
584 sizeof(sc->sc_akey));
585 }
586
587 /*
588 * Precalculate SHA256 for IV generation.
589 * This is expensive operation and we can do it only once now or for
590 * every access to sector, so now will be much better.
591 */
592 SHA256_Init(&sc->sc_ivctx);
593 SHA256_Update(&sc->sc_ivctx, sc->sc_ivkey, sizeof(sc->sc_ivkey));
594
595 gp->softc = sc;
596 sc->sc_geom = gp;
597
598 bioq_init(&sc->sc_queue);
599 mtx_init(&sc->sc_queue_mtx, "geli:queue", NULL, MTX_DEF);
600
601 pp = NULL;
602 cp = g_new_consumer(gp);
--- 25 unchanged lines hidden (view full) ---
628 bpp->name, error);
629 } else {
630 G_ELI_DEBUG(1, "Cannot access %s (error=%d).",
631 bpp->name, error);
632 }
633 goto failed;
634 }
635
636 LIST_INIT(&sc->sc_workers);
637
638 bzero(&crie, sizeof(crie));
639 crie.cri_alg = sc->sc_ealgo;
640 crie.cri_klen = sc->sc_ekeylen;
641 crie.cri_key = sc->sc_ekey;
642 if (sc->sc_flags & G_ELI_FLAG_AUTH) {
643 bzero(&cria, sizeof(cria));
644 cria.cri_alg = sc->sc_aalgo;
645 cria.cri_klen = sc->sc_akeylen;
646 cria.cri_key = sc->sc_akey;
647 crie.cri_next = &cria;
648 }
649
--- 60 unchanged lines hidden (view full) ---
710 if (sc->sc_crypto == G_ELI_CRYPTO_HW)
711 break;
712 }
713
714 /*
715 * Create decrypted provider.
716 */
717 pp = g_new_providerf(gp, "%s%s", bpp->name, G_ELI_SUFFIX);
718 pp->sectorsize = md->md_sectorsize;
719 pp->mediasize = bpp->mediasize;
720 if (!(sc->sc_flags & G_ELI_FLAG_ONETIME))
721 pp->mediasize -= bpp->sectorsize;
722 if (!(sc->sc_flags & G_ELI_FLAG_AUTH))
723 pp->mediasize -= (pp->mediasize % pp->sectorsize);
724 else {
725 pp->mediasize /= sc->sc_bytes_per_sector;
726 pp->mediasize *= pp->sectorsize;
727 }
728
729 g_error_provider(pp, 0);
730
731 G_ELI_DEBUG(0, "Device %s created.", pp->name);
732 G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo),
733 sc->sc_ekeylen);
734 if (sc->sc_flags & G_ELI_FLAG_AUTH)
735 G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo));
--- 14 unchanged lines hidden (view full) ---
750 mtx_destroy(&sc->sc_queue_mtx);
751 if (cp->provider != NULL) {
752 if (cp->acr == 1)
753 g_access(cp, -1, -1, -1);
754 g_detach(cp);
755 }
756 g_destroy_consumer(cp);
757 g_destroy_geom(gp);
758 bzero(sc, sizeof(*sc));
759 free(sc, M_ELI);
760 return (NULL);
761}
762
763int
764g_eli_destroy(struct g_eli_softc *sc, boolean_t force)
765{
--- 23 unchanged lines hidden (view full) ---
789 sc->sc_flags |= G_ELI_FLAG_DESTROY;
790 wakeup(sc);
791 while (!LIST_EMPTY(&sc->sc_workers)) {
792 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO,
793 "geli:destroy", 0);
794 }
795 mtx_destroy(&sc->sc_queue_mtx);
796 gp->softc = NULL;
797 bzero(sc, sizeof(*sc));
798 free(sc, M_ELI);
799
800 if (pp == NULL || (pp->acr == 0 && pp->acw == 0 && pp->ace == 0))
801 G_ELI_DEBUG(0, "Device %s destroyed.", gp->name);
802 g_wither_geom_close(gp, ENXIO);
803
804 return (0);
--- 232 unchanged lines hidden (view full) ---
1037 if (sc->sc_flags & (flag)) { \
1038 if (!first) \
1039 sbuf_printf(sb, ", "); \
1040 else \
1041 first = 0; \
1042 sbuf_printf(sb, name); \
1043 } \
1044} while (0)
1045 ADD_FLAG(G_ELI_FLAG_NATIVE_BYTE_ORDER, "NATIVE-BYTE-ORDER");
1046 ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME");
1047 ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT");
1048 ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH");
1049 ADD_FLAG(G_ELI_FLAG_RW_DETACH, "RW-DETACH");
1050 ADD_FLAG(G_ELI_FLAG_AUTH, "AUTH");
1051 ADD_FLAG(G_ELI_FLAG_WOPEN, "W-OPEN");
1052 ADD_FLAG(G_ELI_FLAG_DESTROY, "DESTROY");
--- 82 unchanged lines hidden ---