28c28
< __FBSDID("$FreeBSD: head/sys/geom/eli/g_eli_key.c 202976 2010-01-25 16:58:58Z trasz $");
---
> __FBSDID("$FreeBSD: head/sys/geom/eli/g_eli_key.c 213067 2010-09-23 11:49:47Z pjd $");
45a46,48
> #ifdef _KERNEL
> MALLOC_DECLARE(M_ELI);
> #endif
180a184,223
> static void
> g_eli_ekeys_generate(struct g_eli_softc *sc)
> {
> uint8_t *keys;
> u_int kno;
> off_t mediasize;
> size_t blocksize;
> struct {
> char magic[4];
> uint8_t keyno[8];
> } __packed hmacdata;
>
> KASSERT((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) == 0,
> ("%s: G_ELI_FLAG_SINGLE_KEY flag present", __func__));
>
> if ((sc->sc_flags & G_ELI_FLAG_AUTH) != 0) {
> struct g_provider *pp;
>
> pp = LIST_FIRST(&sc->sc_geom->consumer)->provider;
> mediasize = pp->mediasize;
> blocksize = pp->sectorsize;
> } else {
> mediasize = sc->sc_mediasize;
> blocksize = sc->sc_sectorsize;
> }
> sc->sc_nekeys = ((mediasize - 1) >> G_ELI_KEY_SHIFT) / blocksize + 1;
> sc->sc_ekeys =
> malloc(sc->sc_nekeys * (sizeof(uint8_t *) + G_ELI_DATAKEYLEN),
> M_ELI, M_WAITOK);
> keys = (uint8_t *)(sc->sc_ekeys + sc->sc_nekeys);
> bcopy("ekey", hmacdata.magic, 4);
> for (kno = 0; kno < sc->sc_nekeys; kno++, keys += G_ELI_DATAKEYLEN) {
> sc->sc_ekeys[kno] = keys;
> le64enc(hmacdata.keyno, (uint64_t)kno);
> g_eli_crypto_hmac(sc->sc_mkey, G_ELI_MAXKEYLEN,
> (uint8_t *)&hmacdata, sizeof(hmacdata),
> sc->sc_ekeys[kno], 0);
> }
> }
>
196,197c239,244
< if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) {
< bcopy(mkey, sc->sc_ekey, sizeof(sc->sc_ekey));
---
> /*
> * The authentication key is: akey = HMAC_SHA512(Master-Key, 0x11)
> */
> if ((sc->sc_flags & G_ELI_FLAG_AUTH) != 0) {
> g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x11", 1,
> sc->sc_akey, 0);
199,204c246
< /*
< * The encryption key is: ekey = HMAC_SHA512(Master-Key, 0x10)
< * The authentication key is: akey = HMAC_SHA512(Master-Key, 0x11)
< */
< g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1, sc->sc_ekey, 0);
< g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x11", 1, sc->sc_akey, 0);
---
> arc4rand(sc->sc_akey, sizeof(sc->sc_akey), 0);
206a249,266
> if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) {
> sc->sc_nekeys = 1;
> sc->sc_ekeys = malloc(sc->sc_nekeys *
> (sizeof(uint8_t *) + G_ELI_DATAKEYLEN), M_ELI, M_WAITOK);
> sc->sc_ekeys[0] = (uint8_t *)(sc->sc_ekeys + sc->sc_nekeys);
> if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0)
> bcopy(mkey, sc->sc_ekeys[0], G_ELI_DATAKEYLEN);
> else {
> /*
> * The encryption key is: ekey = HMAC_SHA512(Master-Key, 0x10)
> */
> g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1,
> sc->sc_ekeys[0], 0);
> }
> } else {
> /* Generate all encryption keys. */
> g_eli_ekeys_generate(sc);
> }
< __FBSDID("$FreeBSD: head/sys/geom/eli/g_eli_key.c 202976 2010-01-25 16:58:58Z trasz $");
---
> __FBSDID("$FreeBSD: head/sys/geom/eli/g_eli_key.c 213067 2010-09-23 11:49:47Z pjd $");
45a46,48
> #ifdef _KERNEL
> MALLOC_DECLARE(M_ELI);
> #endif
180a184,223
> static void
> g_eli_ekeys_generate(struct g_eli_softc *sc)
> {
> uint8_t *keys;
> u_int kno;
> off_t mediasize;
> size_t blocksize;
> struct {
> char magic[4];
> uint8_t keyno[8];
> } __packed hmacdata;
>
> KASSERT((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) == 0,
> ("%s: G_ELI_FLAG_SINGLE_KEY flag present", __func__));
>
> if ((sc->sc_flags & G_ELI_FLAG_AUTH) != 0) {
> struct g_provider *pp;
>
> pp = LIST_FIRST(&sc->sc_geom->consumer)->provider;
> mediasize = pp->mediasize;
> blocksize = pp->sectorsize;
> } else {
> mediasize = sc->sc_mediasize;
> blocksize = sc->sc_sectorsize;
> }
> sc->sc_nekeys = ((mediasize - 1) >> G_ELI_KEY_SHIFT) / blocksize + 1;
> sc->sc_ekeys =
> malloc(sc->sc_nekeys * (sizeof(uint8_t *) + G_ELI_DATAKEYLEN),
> M_ELI, M_WAITOK);
> keys = (uint8_t *)(sc->sc_ekeys + sc->sc_nekeys);
> bcopy("ekey", hmacdata.magic, 4);
> for (kno = 0; kno < sc->sc_nekeys; kno++, keys += G_ELI_DATAKEYLEN) {
> sc->sc_ekeys[kno] = keys;
> le64enc(hmacdata.keyno, (uint64_t)kno);
> g_eli_crypto_hmac(sc->sc_mkey, G_ELI_MAXKEYLEN,
> (uint8_t *)&hmacdata, sizeof(hmacdata),
> sc->sc_ekeys[kno], 0);
> }
> }
>
196,197c239,244
< if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) {
< bcopy(mkey, sc->sc_ekey, sizeof(sc->sc_ekey));
---
> /*
> * The authentication key is: akey = HMAC_SHA512(Master-Key, 0x11)
> */
> if ((sc->sc_flags & G_ELI_FLAG_AUTH) != 0) {
> g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x11", 1,
> sc->sc_akey, 0);
199,204c246
< /*
< * The encryption key is: ekey = HMAC_SHA512(Master-Key, 0x10)
< * The authentication key is: akey = HMAC_SHA512(Master-Key, 0x11)
< */
< g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1, sc->sc_ekey, 0);
< g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x11", 1, sc->sc_akey, 0);
---
> arc4rand(sc->sc_akey, sizeof(sc->sc_akey), 0);
206a249,266
> if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) {
> sc->sc_nekeys = 1;
> sc->sc_ekeys = malloc(sc->sc_nekeys *
> (sizeof(uint8_t *) + G_ELI_DATAKEYLEN), M_ELI, M_WAITOK);
> sc->sc_ekeys[0] = (uint8_t *)(sc->sc_ekeys + sc->sc_nekeys);
> if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0)
> bcopy(mkey, sc->sc_ekeys[0], G_ELI_DATAKEYLEN);
> else {
> /*
> * The encryption key is: ekey = HMAC_SHA512(Master-Key, 0x10)
> */
> g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1,
> sc->sc_ekeys[0], 0);
> }
> } else {
> /* Generate all encryption keys. */
> g_eli_ekeys_generate(sc);
> }