g_eli.c (213062) | g_eli.c (213067) |
---|---|
1/*- 2 * Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> |
28__FBSDID("$FreeBSD: head/sys/geom/eli/g_eli.c 213062 2010-09-23 11:19:48Z pjd $"); | 28__FBSDID("$FreeBSD: head/sys/geom/eli/g_eli.c 213067 2010-09-23 11:49:47Z pjd $"); |
29 30#include <sys/param.h> 31#include <sys/systm.h> 32#include <sys/kernel.h> 33#include <sys/linker.h> 34#include <sys/module.h> 35#include <sys/lock.h> 36#include <sys/mutex.h> --- 333 unchanged lines hidden (view full) --- 370 else if (sc->sc_flags & G_ELI_FLAG_AUTH) 371 g_eli_auth_run(wr, bp); 372 else 373 g_eli_crypto_run(wr, bp); 374 } 375} 376 377/* | 29 30#include <sys/param.h> 31#include <sys/systm.h> 32#include <sys/kernel.h> 33#include <sys/linker.h> 34#include <sys/module.h> 35#include <sys/lock.h> 36#include <sys/mutex.h> --- 333 unchanged lines hidden (view full) --- 370 else if (sc->sc_flags & G_ELI_FLAG_AUTH) 371 g_eli_auth_run(wr, bp); 372 else 373 g_eli_crypto_run(wr, bp); 374 } 375} 376 377/* |
378 * Select encryption key. If G_ELI_FLAG_SINGLE_KEY is present we only have one 379 * key available for all the data. If the flag is not present select the key 380 * based on data offset. 381 */ 382uint8_t * 383g_eli_crypto_key(struct g_eli_softc *sc, off_t offset, size_t blocksize) 384{ 385 u_int nkey; 386 387 if (sc->sc_nekeys == 1) 388 return (sc->sc_ekeys[0]); 389 390 KASSERT(sc->sc_nekeys > 1, ("%s: sc_nekeys=%u", __func__, 391 sc->sc_nekeys)); 392 KASSERT((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) == 0, 393 ("%s: SINGLE_KEY flag set, but sc_nekeys=%u", __func__, 394 sc->sc_nekeys)); 395 396 /* We switch key every 2^G_ELI_KEY_SHIFT blocks. */ 397 nkey = (offset >> G_ELI_KEY_SHIFT) / blocksize; 398 399 KASSERT(nkey < sc->sc_nekeys, ("%s: nkey=%u >= sc_nekeys=%u", __func__, 400 nkey, sc->sc_nekeys)); 401 402 return (sc->sc_ekeys[nkey]); 403} 404 405/* |
|
378 * Here we generate IV. It is unique for every sector. 379 */ 380void 381g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, 382 size_t size) 383{ 384 u_char off[8], hash[SHA256_DIGEST_LENGTH]; 385 SHA256_CTX ctx; --- 157 unchanged lines hidden (view full) --- 543 else 544 gp->access = g_std_access; 545 546 sc->sc_crypto = G_ELI_CRYPTO_SW; 547 sc->sc_flags = md->md_flags; 548 /* Backward compatibility. */ 549 if (md->md_version < 4) 550 sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER; | 406 * Here we generate IV. It is unique for every sector. 407 */ 408void 409g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, 410 size_t size) 411{ 412 u_char off[8], hash[SHA256_DIGEST_LENGTH]; 413 SHA256_CTX ctx; --- 157 unchanged lines hidden (view full) --- 571 else 572 gp->access = g_std_access; 573 574 sc->sc_crypto = G_ELI_CRYPTO_SW; 575 sc->sc_flags = md->md_flags; 576 /* Backward compatibility. */ 577 if (md->md_version < 4) 578 sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER; |
579 if (md->md_version < 5) 580 sc->sc_flags |= G_ELI_FLAG_SINGLE_KEY; |
|
551 sc->sc_ealgo = md->md_ealgo; 552 sc->sc_nkey = nkey; | 581 sc->sc_ealgo = md->md_ealgo; 582 sc->sc_nkey = nkey; |
553 /* 554 * Remember the keys in our softc structure. 555 */ 556 g_eli_mkey_propagate(sc, mkey); 557 sc->sc_ekeylen = md->md_keylen; | |
558 559 if (sc->sc_flags & G_ELI_FLAG_AUTH) { 560 sc->sc_akeylen = sizeof(sc->sc_akey) * 8; 561 sc->sc_aalgo = md->md_aalgo; 562 sc->sc_alen = g_eli_hashlen(sc->sc_aalgo); 563 564 sc->sc_data_per_sector = bpp->sectorsize - sc->sc_alen; 565 /* --- 13 unchanged lines hidden (view full) --- 579 * This is expensive operation and we can do it only once now or 580 * for every access to sector, so now will be much better. 581 */ 582 SHA256_Init(&sc->sc_akeyctx); 583 SHA256_Update(&sc->sc_akeyctx, sc->sc_akey, 584 sizeof(sc->sc_akey)); 585 } 586 | 583 584 if (sc->sc_flags & G_ELI_FLAG_AUTH) { 585 sc->sc_akeylen = sizeof(sc->sc_akey) * 8; 586 sc->sc_aalgo = md->md_aalgo; 587 sc->sc_alen = g_eli_hashlen(sc->sc_aalgo); 588 589 sc->sc_data_per_sector = bpp->sectorsize - sc->sc_alen; 590 /* --- 13 unchanged lines hidden (view full) --- 604 * This is expensive operation and we can do it only once now or 605 * for every access to sector, so now will be much better. 606 */ 607 SHA256_Init(&sc->sc_akeyctx); 608 SHA256_Update(&sc->sc_akeyctx, sc->sc_akey, 609 sizeof(sc->sc_akey)); 610 } 611 |
587 /* 588 * Precalculate SHA256 for IV generation. 589 * This is expensive operation and we can do it only once now or for 590 * every access to sector, so now will be much better. 591 */ 592 SHA256_Init(&sc->sc_ivctx); 593 SHA256_Update(&sc->sc_ivctx, sc->sc_ivkey, sizeof(sc->sc_ivkey)); 594 | |
595 gp->softc = sc; 596 sc->sc_geom = gp; 597 598 bioq_init(&sc->sc_queue); 599 mtx_init(&sc->sc_queue_mtx, "geli:queue", NULL, MTX_DEF); 600 601 pp = NULL; 602 cp = g_new_consumer(gp); --- 25 unchanged lines hidden (view full) --- 628 bpp->name, error); 629 } else { 630 G_ELI_DEBUG(1, "Cannot access %s (error=%d).", 631 bpp->name, error); 632 } 633 goto failed; 634 } 635 | 612 gp->softc = sc; 613 sc->sc_geom = gp; 614 615 bioq_init(&sc->sc_queue); 616 mtx_init(&sc->sc_queue_mtx, "geli:queue", NULL, MTX_DEF); 617 618 pp = NULL; 619 cp = g_new_consumer(gp); --- 25 unchanged lines hidden (view full) --- 645 bpp->name, error); 646 } else { 647 G_ELI_DEBUG(1, "Cannot access %s (error=%d).", 648 bpp->name, error); 649 } 650 goto failed; 651 } 652 |
653 sc->sc_sectorsize = md->md_sectorsize; 654 sc->sc_mediasize = bpp->mediasize; 655 if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) 656 sc->sc_mediasize -= bpp->sectorsize; 657 if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) 658 sc->sc_mediasize -= (sc->sc_mediasize % sc->sc_sectorsize); 659 else { 660 sc->sc_mediasize /= sc->sc_bytes_per_sector; 661 sc->sc_mediasize *= sc->sc_sectorsize; 662 } 663 664 /* 665 * Remember the keys in our softc structure. 666 */ 667 g_eli_mkey_propagate(sc, mkey); 668 sc->sc_ekeylen = md->md_keylen; 669 670 /* 671 * Precalculate SHA256 for IV generation. 672 * This is expensive operation and we can do it only once now or for 673 * every access to sector, so now will be much better. 674 */ 675 SHA256_Init(&sc->sc_ivctx); 676 SHA256_Update(&sc->sc_ivctx, sc->sc_ivkey, sizeof(sc->sc_ivkey)); 677 |
|
636 LIST_INIT(&sc->sc_workers); 637 638 bzero(&crie, sizeof(crie)); 639 crie.cri_alg = sc->sc_ealgo; 640 crie.cri_klen = sc->sc_ekeylen; | 678 LIST_INIT(&sc->sc_workers); 679 680 bzero(&crie, sizeof(crie)); 681 crie.cri_alg = sc->sc_ealgo; 682 crie.cri_klen = sc->sc_ekeylen; |
641 crie.cri_key = sc->sc_ekey; | 683 crie.cri_key = sc->sc_ekeys[0]; |
642 if (sc->sc_flags & G_ELI_FLAG_AUTH) { 643 bzero(&cria, sizeof(cria)); 644 cria.cri_alg = sc->sc_aalgo; 645 cria.cri_klen = sc->sc_akeylen; 646 cria.cri_key = sc->sc_akey; 647 crie.cri_next = &cria; 648 } 649 --- 60 unchanged lines hidden (view full) --- 710 if (sc->sc_crypto == G_ELI_CRYPTO_HW) 711 break; 712 } 713 714 /* 715 * Create decrypted provider. 716 */ 717 pp = g_new_providerf(gp, "%s%s", bpp->name, G_ELI_SUFFIX); | 684 if (sc->sc_flags & G_ELI_FLAG_AUTH) { 685 bzero(&cria, sizeof(cria)); 686 cria.cri_alg = sc->sc_aalgo; 687 cria.cri_klen = sc->sc_akeylen; 688 cria.cri_key = sc->sc_akey; 689 crie.cri_next = &cria; 690 } 691 --- 60 unchanged lines hidden (view full) --- 752 if (sc->sc_crypto == G_ELI_CRYPTO_HW) 753 break; 754 } 755 756 /* 757 * Create decrypted provider. 758 */ 759 pp = g_new_providerf(gp, "%s%s", bpp->name, G_ELI_SUFFIX); |
718 pp->sectorsize = md->md_sectorsize; 719 pp->mediasize = bpp->mediasize; 720 if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) 721 pp->mediasize -= bpp->sectorsize; 722 if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) 723 pp->mediasize -= (pp->mediasize % pp->sectorsize); 724 else { 725 pp->mediasize /= sc->sc_bytes_per_sector; 726 pp->mediasize *= pp->sectorsize; 727 } | 760 pp->mediasize = sc->sc_mediasize; 761 pp->sectorsize = sc->sc_sectorsize; |
728 729 g_error_provider(pp, 0); 730 731 G_ELI_DEBUG(0, "Device %s created.", pp->name); 732 G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo), 733 sc->sc_ekeylen); 734 if (sc->sc_flags & G_ELI_FLAG_AUTH) 735 G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo)); --- 14 unchanged lines hidden (view full) --- 750 mtx_destroy(&sc->sc_queue_mtx); 751 if (cp->provider != NULL) { 752 if (cp->acr == 1) 753 g_access(cp, -1, -1, -1); 754 g_detach(cp); 755 } 756 g_destroy_consumer(cp); 757 g_destroy_geom(gp); | 762 763 g_error_provider(pp, 0); 764 765 G_ELI_DEBUG(0, "Device %s created.", pp->name); 766 G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo), 767 sc->sc_ekeylen); 768 if (sc->sc_flags & G_ELI_FLAG_AUTH) 769 G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo)); --- 14 unchanged lines hidden (view full) --- 784 mtx_destroy(&sc->sc_queue_mtx); 785 if (cp->provider != NULL) { 786 if (cp->acr == 1) 787 g_access(cp, -1, -1, -1); 788 g_detach(cp); 789 } 790 g_destroy_consumer(cp); 791 g_destroy_geom(gp); |
792 if (sc->sc_ekeys != NULL) { 793 bzero(sc->sc_ekeys, 794 sc->sc_nekeys * (sizeof(uint8_t *) + G_ELI_DATAKEYLEN)); 795 free(sc->sc_ekeys, M_ELI); 796 } |
|
758 bzero(sc, sizeof(*sc)); 759 free(sc, M_ELI); 760 return (NULL); 761} 762 763int 764g_eli_destroy(struct g_eli_softc *sc, boolean_t force) 765{ --- 23 unchanged lines hidden (view full) --- 789 sc->sc_flags |= G_ELI_FLAG_DESTROY; 790 wakeup(sc); 791 while (!LIST_EMPTY(&sc->sc_workers)) { 792 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO, 793 "geli:destroy", 0); 794 } 795 mtx_destroy(&sc->sc_queue_mtx); 796 gp->softc = NULL; | 797 bzero(sc, sizeof(*sc)); 798 free(sc, M_ELI); 799 return (NULL); 800} 801 802int 803g_eli_destroy(struct g_eli_softc *sc, boolean_t force) 804{ --- 23 unchanged lines hidden (view full) --- 828 sc->sc_flags |= G_ELI_FLAG_DESTROY; 829 wakeup(sc); 830 while (!LIST_EMPTY(&sc->sc_workers)) { 831 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO, 832 "geli:destroy", 0); 833 } 834 mtx_destroy(&sc->sc_queue_mtx); 835 gp->softc = NULL; |
836 bzero(sc->sc_ekeys, 837 sc->sc_nekeys * (sizeof(uint8_t *) + G_ELI_DATAKEYLEN)); 838 free(sc->sc_ekeys, M_ELI); |
|
797 bzero(sc, sizeof(*sc)); 798 free(sc, M_ELI); 799 800 if (pp == NULL || (pp->acr == 0 && pp->acw == 0 && pp->ace == 0)) 801 G_ELI_DEBUG(0, "Device %s destroyed.", gp->name); 802 g_wither_geom_close(gp, ENXIO); 803 804 return (0); --- 232 unchanged lines hidden (view full) --- 1037 if (sc->sc_flags & (flag)) { \ 1038 if (!first) \ 1039 sbuf_printf(sb, ", "); \ 1040 else \ 1041 first = 0; \ 1042 sbuf_printf(sb, name); \ 1043 } \ 1044} while (0) | 839 bzero(sc, sizeof(*sc)); 840 free(sc, M_ELI); 841 842 if (pp == NULL || (pp->acr == 0 && pp->acw == 0 && pp->ace == 0)) 843 G_ELI_DEBUG(0, "Device %s destroyed.", gp->name); 844 g_wither_geom_close(gp, ENXIO); 845 846 return (0); --- 232 unchanged lines hidden (view full) --- 1079 if (sc->sc_flags & (flag)) { \ 1080 if (!first) \ 1081 sbuf_printf(sb, ", "); \ 1082 else \ 1083 first = 0; \ 1084 sbuf_printf(sb, name); \ 1085 } \ 1086} while (0) |
1087 ADD_FLAG(G_ELI_FLAG_SINGLE_KEY, "SINGLE-KEY"); |
|
1045 ADD_FLAG(G_ELI_FLAG_NATIVE_BYTE_ORDER, "NATIVE-BYTE-ORDER"); 1046 ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME"); 1047 ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT"); 1048 ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH"); 1049 ADD_FLAG(G_ELI_FLAG_RW_DETACH, "RW-DETACH"); 1050 ADD_FLAG(G_ELI_FLAG_AUTH, "AUTH"); 1051 ADD_FLAG(G_ELI_FLAG_WOPEN, "W-OPEN"); 1052 ADD_FLAG(G_ELI_FLAG_DESTROY, "DESTROY"); --- 82 unchanged lines hidden --- | 1088 ADD_FLAG(G_ELI_FLAG_NATIVE_BYTE_ORDER, "NATIVE-BYTE-ORDER"); 1089 ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME"); 1090 ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT"); 1091 ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH"); 1092 ADD_FLAG(G_ELI_FLAG_RW_DETACH, "RW-DETACH"); 1093 ADD_FLAG(G_ELI_FLAG_AUTH, "AUTH"); 1094 ADD_FLAG(G_ELI_FLAG_WOPEN, "W-OPEN"); 1095 ADD_FLAG(G_ELI_FLAG_DESTROY, "DESTROY"); --- 82 unchanged lines hidden --- |