1148456Spjd/*- 2220922Spjd * Copyright (c) 2005-2011 Pawel Jakub Dawidek <pawel@dawidek.net> 3148456Spjd * All rights reserved. 4148456Spjd * 5148456Spjd * Redistribution and use in source and binary forms, with or without 6148456Spjd * modification, are permitted provided that the following conditions 7148456Spjd * are met: 8148456Spjd * 1. Redistributions of source code must retain the above copyright 9148456Spjd * notice, this list of conditions and the following disclaimer. 10148456Spjd * 2. Redistributions in binary form must reproduce the above copyright 11148456Spjd * notice, this list of conditions and the following disclaimer in the 12148456Spjd * documentation and/or other materials provided with the distribution. 13155174Spjd * 14148456Spjd * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 15148456Spjd * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16148456Spjd * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17148456Spjd * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 18148456Spjd * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19148456Spjd * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20148456Spjd * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21148456Spjd * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22148456Spjd * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23148456Spjd * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24148456Spjd * SUCH DAMAGE. 25148456Spjd */ 26148456Spjd 27148456Spjd#include <sys/cdefs.h> 28148456Spjd__FBSDID("$FreeBSD$"); 29148456Spjd 30148456Spjd#include <sys/param.h> 31148456Spjd#include <sys/systm.h> 32228634Savg#include <sys/cons.h> 33148456Spjd#include <sys/kernel.h> 34155537Spjd#include <sys/linker.h> 35148456Spjd#include <sys/module.h> 36148456Spjd#include <sys/lock.h> 37148456Spjd#include <sys/mutex.h> 38148456Spjd#include <sys/bio.h> 39223921Sae#include <sys/sbuf.h> 40148456Spjd#include <sys/sysctl.h> 41148456Spjd#include <sys/malloc.h> 42189900Spjd#include <sys/eventhandler.h> 43148456Spjd#include <sys/kthread.h> 44148456Spjd#include <sys/proc.h> 45148456Spjd#include <sys/sched.h> 46149353Spjd#include <sys/smp.h> 47148456Spjd#include <sys/uio.h> 48155535Spjd#include <sys/vnode.h> 49148456Spjd 50148456Spjd#include <vm/uma.h> 51148456Spjd 52148456Spjd#include <geom/geom.h> 53148456Spjd#include <geom/eli/g_eli.h> 54148456Spjd#include <geom/eli/pkcs5v2.h> 55148456Spjd 56219029SnetchildFEATURE(geom_eli, "GEOM crypto module"); 57148456Spjd 58148456SpjdMALLOC_DEFINE(M_ELI, "eli data", "GEOM_ELI Data"); 59148456Spjd 60148456SpjdSYSCTL_DECL(_kern_geom); 61148456SpjdSYSCTL_NODE(_kern_geom, OID_AUTO, eli, CTLFLAG_RW, 0, "GEOM_ELI stuff"); 62221631Spjdstatic int g_eli_version = G_ELI_VERSION; 63221631SpjdSYSCTL_INT(_kern_geom_eli, OID_AUTO, version, CTLFLAG_RD, &g_eli_version, 0, 64221631Spjd "GELI version"); 65213165Spjdint g_eli_debug = 0; 66148456SpjdTUNABLE_INT("kern.geom.eli.debug", &g_eli_debug); 67213165SpjdSYSCTL_INT(_kern_geom_eli, OID_AUTO, debug, CTLFLAG_RW, &g_eli_debug, 0, 68148456Spjd "Debug level"); 69148456Spjdstatic u_int g_eli_tries = 3; 70148456SpjdTUNABLE_INT("kern.geom.eli.tries", &g_eli_tries); 71148456SpjdSYSCTL_UINT(_kern_geom_eli, OID_AUTO, tries, CTLFLAG_RW, &g_eli_tries, 0, 72155432Sbrueffer "Number of tries for entering the passphrase"); 73215299Sedstatic u_int g_eli_visible_passphrase = GETS_NOECHO; 74148456SpjdTUNABLE_INT("kern.geom.eli.visible_passphrase", &g_eli_visible_passphrase); 75148456SpjdSYSCTL_UINT(_kern_geom_eli, OID_AUTO, visible_passphrase, CTLFLAG_RW, 76148456Spjd &g_eli_visible_passphrase, 0, 77215299Sed "Visibility of passphrase prompt (0 = invisible, 1 = visible, 2 = asterisk)"); 78213062Spjdu_int g_eli_overwrites = G_ELI_OVERWRITES; 79159306SpjdTUNABLE_INT("kern.geom.eli.overwrites", &g_eli_overwrites); 80148456SpjdSYSCTL_UINT(_kern_geom_eli, OID_AUTO, overwrites, CTLFLAG_RW, &g_eli_overwrites, 81155432Sbrueffer 0, "Number of times on-disk keys should be overwritten when destroying them"); 82149353Spjdstatic u_int g_eli_threads = 0; 83148456SpjdTUNABLE_INT("kern.geom.eli.threads", &g_eli_threads); 84148456SpjdSYSCTL_UINT(_kern_geom_eli, OID_AUTO, threads, CTLFLAG_RW, &g_eli_threads, 0, 85148456Spjd "Number of threads doing crypto work"); 86159307Spjdu_int g_eli_batch = 0; 87159307SpjdTUNABLE_INT("kern.geom.eli.batch", &g_eli_batch); 88159307SpjdSYSCTL_UINT(_kern_geom_eli, OID_AUTO, batch, CTLFLAG_RW, &g_eli_batch, 0, 89159307Spjd "Use crypto operations batching"); 90148456Spjd 91272006Scperciva/* 92272006Scperciva * Passphrase cached during boot, in order to be more user-friendly if 93272006Scperciva * there are multiple providers using the same passphrase. 94272006Scperciva */ 95272006Scpercivastatic char cached_passphrase[256]; 96272006Scpercivastatic u_int g_eli_boot_passcache = 1; 97272006ScpercivaTUNABLE_INT("kern.geom.eli.boot_passcache", &g_eli_boot_passcache); 98272006ScpercivaSYSCTL_UINT(_kern_geom_eli, OID_AUTO, boot_passcache, CTLFLAG_RD, 99272006Scperciva &g_eli_boot_passcache, 0, 100272006Scperciva "Passphrases are cached during boot process for possible reuse"); 101272006Scpercivastatic void 102285263Sgjbfetch_loader_passphrase(void * dummy) 103285263Sgjb{ 104285263Sgjb char * env_passphrase; 105285263Sgjb 106285263Sgjb KASSERT(dynamic_kenv, ("need dynamic kenv")); 107285263Sgjb 108285263Sgjb if ((env_passphrase = getenv("kern.geom.eli.passphrase")) != NULL) { 109285263Sgjb /* Extract passphrase from the environment. */ 110285263Sgjb strlcpy(cached_passphrase, env_passphrase, 111285263Sgjb sizeof(cached_passphrase)); 112285263Sgjb freeenv(env_passphrase); 113285263Sgjb 114285263Sgjb /* Wipe the passphrase from the environment. */ 115285263Sgjb unsetenv("kern.geom.eli.passphrase"); 116285263Sgjb } 117285263Sgjb} 118285263SgjbSYSINIT(geli_fetch_loader_passphrase, SI_SUB_KMEM + 1, SI_ORDER_ANY, 119285263Sgjb fetch_loader_passphrase, NULL); 120285263Sgjbstatic void 121272006Scpercivazero_boot_passcache(void * dummy) 122272006Scperciva{ 123272006Scperciva 124272006Scperciva memset(cached_passphrase, 0, sizeof(cached_passphrase)); 125272006Scperciva} 126272006ScpercivaEVENTHANDLER_DEFINE(mountroot, zero_boot_passcache, NULL, 0); 127272006Scperciva 128189900Spjdstatic eventhandler_tag g_eli_pre_sync = NULL; 129189900Spjd 130148456Spjdstatic int g_eli_destroy_geom(struct gctl_req *req, struct g_class *mp, 131148456Spjd struct g_geom *gp); 132189900Spjdstatic void g_eli_init(struct g_class *mp); 133189900Spjdstatic void g_eli_fini(struct g_class *mp); 134148456Spjd 135148456Spjdstatic g_taste_t g_eli_taste; 136148456Spjdstatic g_dumpconf_t g_eli_dumpconf; 137148456Spjd 138148456Spjdstruct g_class g_eli_class = { 139148456Spjd .name = G_ELI_CLASS_NAME, 140148456Spjd .version = G_VERSION, 141148456Spjd .ctlreq = g_eli_config, 142148456Spjd .taste = g_eli_taste, 143189900Spjd .destroy_geom = g_eli_destroy_geom, 144189900Spjd .init = g_eli_init, 145189900Spjd .fini = g_eli_fini 146148456Spjd}; 147148456Spjd 148148456Spjd 149148456Spjd/* 150148456Spjd * Code paths: 151148456Spjd * BIO_READ: 152214118Spjd * g_eli_start -> g_eli_crypto_read -> g_io_request -> g_eli_read_done -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 153148456Spjd * BIO_WRITE: 154148456Spjd * g_eli_start -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> g_eli_write_done -> g_io_deliver 155148456Spjd */ 156148456Spjd 157148456Spjd 158148456Spjd/* 159148456Spjd * EAGAIN from crypto(9) means, that we were probably balanced to another crypto 160148456Spjd * accelerator or something like this. 161148456Spjd * The function updates the SID and rerun the operation. 162148456Spjd */ 163159307Spjdint 164148456Spjdg_eli_crypto_rerun(struct cryptop *crp) 165148456Spjd{ 166148456Spjd struct g_eli_softc *sc; 167148456Spjd struct g_eli_worker *wr; 168148456Spjd struct bio *bp; 169148456Spjd int error; 170148456Spjd 171148456Spjd bp = (struct bio *)crp->crp_opaque; 172148456Spjd sc = bp->bio_to->geom->softc; 173148456Spjd LIST_FOREACH(wr, &sc->sc_workers, w_next) { 174148456Spjd if (wr->w_number == bp->bio_pflags) 175148456Spjd break; 176148456Spjd } 177148456Spjd KASSERT(wr != NULL, ("Invalid worker (%u).", bp->bio_pflags)); 178155432Sbrueffer G_ELI_DEBUG(1, "Rerunning crypto %s request (sid: %ju -> %ju).", 179148456Spjd bp->bio_cmd == BIO_READ ? "READ" : "WRITE", (uintmax_t)wr->w_sid, 180148456Spjd (uintmax_t)crp->crp_sid); 181148456Spjd wr->w_sid = crp->crp_sid; 182148456Spjd crp->crp_etype = 0; 183148456Spjd error = crypto_dispatch(crp); 184148456Spjd if (error == 0) 185148456Spjd return (0); 186148456Spjd G_ELI_DEBUG(1, "%s: crypto_dispatch() returned %d.", __func__, error); 187148456Spjd crp->crp_etype = error; 188148456Spjd return (error); 189148456Spjd} 190148456Spjd 191148456Spjd/* 192148456Spjd * The function is called afer reading encrypted data from the provider. 193149030Spjd * 194214118Spjd * g_eli_start -> g_eli_crypto_read -> g_io_request -> G_ELI_READ_DONE -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 195148456Spjd */ 196159307Spjdvoid 197148456Spjdg_eli_read_done(struct bio *bp) 198148456Spjd{ 199148456Spjd struct g_eli_softc *sc; 200148456Spjd struct bio *pbp; 201148456Spjd 202148456Spjd G_ELI_LOGREQ(2, bp, "Request done."); 203148456Spjd pbp = bp->bio_parent; 204291195Ssmh if (pbp->bio_error == 0 && bp->bio_error != 0) 205148456Spjd pbp->bio_error = bp->bio_error; 206220299Strociny g_destroy_bio(bp); 207159307Spjd /* 208159307Spjd * Do we have all sectors already? 209159307Spjd */ 210159307Spjd pbp->bio_inbed++; 211159307Spjd if (pbp->bio_inbed < pbp->bio_children) 212159307Spjd return; 213214118Spjd sc = pbp->bio_to->geom->softc; 214148456Spjd if (pbp->bio_error != 0) { 215291195Ssmh G_ELI_LOGREQ(0, pbp, "%s() failed (error=%d)", __func__, 216291195Ssmh pbp->bio_error); 217148456Spjd pbp->bio_completed = 0; 218159307Spjd if (pbp->bio_driver2 != NULL) { 219159307Spjd free(pbp->bio_driver2, M_ELI); 220159307Spjd pbp->bio_driver2 = NULL; 221159307Spjd } 222148456Spjd g_io_deliver(pbp, pbp->bio_error); 223214118Spjd atomic_subtract_int(&sc->sc_inflight, 1); 224148456Spjd return; 225148456Spjd } 226149193Spjd mtx_lock(&sc->sc_queue_mtx); 227149193Spjd bioq_insert_tail(&sc->sc_queue, pbp); 228149193Spjd mtx_unlock(&sc->sc_queue_mtx); 229149193Spjd wakeup(sc); 230148456Spjd} 231148456Spjd 232148456Spjd/* 233148456Spjd * The function is called after we encrypt and write data. 234149030Spjd * 235149030Spjd * g_eli_start -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> G_ELI_WRITE_DONE -> g_io_deliver 236148456Spjd */ 237159307Spjdvoid 238148456Spjdg_eli_write_done(struct bio *bp) 239148456Spjd{ 240214118Spjd struct g_eli_softc *sc; 241148456Spjd struct bio *pbp; 242148456Spjd 243148456Spjd G_ELI_LOGREQ(2, bp, "Request done."); 244148456Spjd pbp = bp->bio_parent; 245291195Ssmh if (pbp->bio_error == 0 && bp->bio_error != 0) 246291195Ssmh pbp->bio_error = bp->bio_error; 247220299Strociny g_destroy_bio(bp); 248159307Spjd /* 249159307Spjd * Do we have all sectors already? 250159307Spjd */ 251159307Spjd pbp->bio_inbed++; 252159307Spjd if (pbp->bio_inbed < pbp->bio_children) 253159307Spjd return; 254148456Spjd free(pbp->bio_driver2, M_ELI); 255148456Spjd pbp->bio_driver2 = NULL; 256159307Spjd if (pbp->bio_error != 0) { 257291195Ssmh G_ELI_LOGREQ(0, pbp, "%s() failed (error=%d)", __func__, 258148456Spjd pbp->bio_error); 259148456Spjd pbp->bio_completed = 0; 260291195Ssmh } else 261291195Ssmh pbp->bio_completed = pbp->bio_length; 262291195Ssmh 263148456Spjd /* 264148456Spjd * Write is finished, send it up. 265148456Spjd */ 266214118Spjd sc = pbp->bio_to->geom->softc; 267148456Spjd g_io_deliver(pbp, pbp->bio_error); 268214118Spjd atomic_subtract_int(&sc->sc_inflight, 1); 269148456Spjd} 270148456Spjd 271148456Spjd/* 272148456Spjd * This function should never be called, but GEOM made as it set ->orphan() 273148456Spjd * method for every geom. 274148456Spjd */ 275148456Spjdstatic void 276148456Spjdg_eli_orphan_spoil_assert(struct g_consumer *cp) 277148456Spjd{ 278148456Spjd 279148456Spjd panic("Function %s() called for %s.", __func__, cp->geom->name); 280148456Spjd} 281148456Spjd 282148456Spjdstatic void 283148456Spjdg_eli_orphan(struct g_consumer *cp) 284148456Spjd{ 285148456Spjd struct g_eli_softc *sc; 286148456Spjd 287148456Spjd g_topology_assert(); 288148456Spjd sc = cp->geom->softc; 289148456Spjd if (sc == NULL) 290148456Spjd return; 291214118Spjd g_eli_destroy(sc, TRUE); 292148456Spjd} 293148456Spjd 294149030Spjd/* 295214116Spjd * BIO_READ: 296214118Spjd * G_ELI_START -> g_eli_crypto_read -> g_io_request -> g_eli_read_done -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 297214116Spjd * BIO_WRITE: 298214116Spjd * G_ELI_START -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> g_eli_write_done -> g_io_deliver 299149030Spjd */ 300155174Spjdstatic void 301148456Spjdg_eli_start(struct bio *bp) 302155174Spjd{ 303148456Spjd struct g_eli_softc *sc; 304157686Spjd struct g_consumer *cp; 305148456Spjd struct bio *cbp; 306148456Spjd 307148456Spjd sc = bp->bio_to->geom->softc; 308148456Spjd KASSERT(sc != NULL, 309148456Spjd ("Provider's error should be set (error=%d)(device=%s).", 310148456Spjd bp->bio_to->error, bp->bio_to->name)); 311148456Spjd G_ELI_LOGREQ(2, bp, "Request received."); 312148456Spjd 313148456Spjd switch (bp->bio_cmd) { 314148456Spjd case BIO_READ: 315148456Spjd case BIO_WRITE: 316157686Spjd case BIO_GETATTR: 317163836Spjd case BIO_FLUSH: 318148456Spjd break; 319148456Spjd case BIO_DELETE: 320148456Spjd /* 321148456Spjd * We could eventually support BIO_DELETE request. 322148456Spjd * It could be done by overwritting requested sector with 323148456Spjd * random data g_eli_overwrites number of times. 324148456Spjd */ 325162834Spjd default: 326148456Spjd g_io_deliver(bp, EOPNOTSUPP); 327148456Spjd return; 328148456Spjd } 329148456Spjd cbp = g_clone_bio(bp); 330148456Spjd if (cbp == NULL) { 331148456Spjd g_io_deliver(bp, ENOMEM); 332148456Spjd return; 333148456Spjd } 334214118Spjd bp->bio_driver1 = cbp; 335214118Spjd bp->bio_pflags = G_ELI_NEW_BIO; 336157686Spjd switch (bp->bio_cmd) { 337157686Spjd case BIO_READ: 338159307Spjd if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) { 339214118Spjd g_eli_crypto_read(sc, bp, 0); 340159307Spjd break; 341159307Spjd } 342159307Spjd /* FALLTHROUGH */ 343157686Spjd case BIO_WRITE: 344149193Spjd mtx_lock(&sc->sc_queue_mtx); 345149193Spjd bioq_insert_tail(&sc->sc_queue, bp); 346149193Spjd mtx_unlock(&sc->sc_queue_mtx); 347149193Spjd wakeup(sc); 348157686Spjd break; 349157686Spjd case BIO_GETATTR: 350163836Spjd case BIO_FLUSH: 351157686Spjd cbp->bio_done = g_std_done; 352157686Spjd cp = LIST_FIRST(&sc->sc_geom->consumer); 353157686Spjd cbp->bio_to = cp->provider; 354157783Spjd G_ELI_LOGREQ(2, cbp, "Sending request."); 355157686Spjd g_io_request(cbp, cp); 356157686Spjd break; 357148456Spjd } 358148456Spjd} 359148456Spjd 360214163Spjdstatic int 361214163Spjdg_eli_newsession(struct g_eli_worker *wr) 362214163Spjd{ 363214163Spjd struct g_eli_softc *sc; 364214163Spjd struct cryptoini crie, cria; 365214163Spjd int error; 366214163Spjd 367214163Spjd sc = wr->w_softc; 368214163Spjd 369214163Spjd bzero(&crie, sizeof(crie)); 370214163Spjd crie.cri_alg = sc->sc_ealgo; 371214163Spjd crie.cri_klen = sc->sc_ekeylen; 372214163Spjd if (sc->sc_ealgo == CRYPTO_AES_XTS) 373214163Spjd crie.cri_klen <<= 1; 374221628Spjd if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) != 0) { 375221628Spjd crie.cri_key = g_eli_key_hold(sc, 0, 376221628Spjd LIST_FIRST(&sc->sc_geom->consumer)->provider->sectorsize); 377221628Spjd } else { 378221628Spjd crie.cri_key = sc->sc_ekey; 379221628Spjd } 380214163Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) { 381214163Spjd bzero(&cria, sizeof(cria)); 382214163Spjd cria.cri_alg = sc->sc_aalgo; 383214163Spjd cria.cri_klen = sc->sc_akeylen; 384214163Spjd cria.cri_key = sc->sc_akey; 385214163Spjd crie.cri_next = &cria; 386214163Spjd } 387214163Spjd 388214163Spjd switch (sc->sc_crypto) { 389214163Spjd case G_ELI_CRYPTO_SW: 390214163Spjd error = crypto_newsession(&wr->w_sid, &crie, 391214163Spjd CRYPTOCAP_F_SOFTWARE); 392214163Spjd break; 393214163Spjd case G_ELI_CRYPTO_HW: 394214163Spjd error = crypto_newsession(&wr->w_sid, &crie, 395214163Spjd CRYPTOCAP_F_HARDWARE); 396214163Spjd break; 397214163Spjd case G_ELI_CRYPTO_UNKNOWN: 398214163Spjd error = crypto_newsession(&wr->w_sid, &crie, 399214163Spjd CRYPTOCAP_F_HARDWARE); 400214163Spjd if (error == 0) { 401214163Spjd mtx_lock(&sc->sc_queue_mtx); 402214163Spjd if (sc->sc_crypto == G_ELI_CRYPTO_UNKNOWN) 403214163Spjd sc->sc_crypto = G_ELI_CRYPTO_HW; 404214163Spjd mtx_unlock(&sc->sc_queue_mtx); 405214163Spjd } else { 406214163Spjd error = crypto_newsession(&wr->w_sid, &crie, 407214163Spjd CRYPTOCAP_F_SOFTWARE); 408214163Spjd mtx_lock(&sc->sc_queue_mtx); 409214163Spjd if (sc->sc_crypto == G_ELI_CRYPTO_UNKNOWN) 410214163Spjd sc->sc_crypto = G_ELI_CRYPTO_SW; 411214163Spjd mtx_unlock(&sc->sc_queue_mtx); 412214163Spjd } 413214163Spjd break; 414214163Spjd default: 415214163Spjd panic("%s: invalid condition", __func__); 416214163Spjd } 417214163Spjd 418221628Spjd if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) != 0) 419221628Spjd g_eli_key_drop(sc, crie.cri_key); 420221628Spjd 421214163Spjd return (error); 422214163Spjd} 423214163Spjd 424214118Spjdstatic void 425214163Spjdg_eli_freesession(struct g_eli_worker *wr) 426214163Spjd{ 427214163Spjd 428214163Spjd crypto_freesession(wr->w_sid); 429214163Spjd} 430214163Spjd 431214163Spjdstatic void 432214118Spjdg_eli_cancel(struct g_eli_softc *sc) 433214118Spjd{ 434214118Spjd struct bio *bp; 435214118Spjd 436214118Spjd mtx_assert(&sc->sc_queue_mtx, MA_OWNED); 437214118Spjd 438214118Spjd while ((bp = bioq_takefirst(&sc->sc_queue)) != NULL) { 439214118Spjd KASSERT(bp->bio_pflags == G_ELI_NEW_BIO, 440214118Spjd ("Not new bio when canceling (bp=%p).", bp)); 441214118Spjd g_io_deliver(bp, ENXIO); 442214118Spjd } 443214118Spjd} 444214118Spjd 445214118Spjdstatic struct bio * 446214118Spjdg_eli_takefirst(struct g_eli_softc *sc) 447214118Spjd{ 448214118Spjd struct bio *bp; 449214118Spjd 450214118Spjd mtx_assert(&sc->sc_queue_mtx, MA_OWNED); 451214118Spjd 452214118Spjd if (!(sc->sc_flags & G_ELI_FLAG_SUSPEND)) 453214118Spjd return (bioq_takefirst(&sc->sc_queue)); 454214118Spjd /* 455214118Spjd * Device suspended, so we skip new I/O requests. 456214118Spjd */ 457214118Spjd TAILQ_FOREACH(bp, &sc->sc_queue.queue, bio_queue) { 458214118Spjd if (bp->bio_pflags != G_ELI_NEW_BIO) 459214118Spjd break; 460214118Spjd } 461214118Spjd if (bp != NULL) 462214118Spjd bioq_remove(&sc->sc_queue, bp); 463214118Spjd return (bp); 464214118Spjd} 465214118Spjd 466148456Spjd/* 467148456Spjd * This is the main function for kernel worker thread when we don't have 468148456Spjd * hardware acceleration and we have to do cryptography in software. 469148456Spjd * Dedicated thread is needed, so we don't slow down g_up/g_down GEOM 470148456Spjd * threads with crypto work. 471148456Spjd */ 472148456Spjdstatic void 473148456Spjdg_eli_worker(void *arg) 474148456Spjd{ 475148456Spjd struct g_eli_softc *sc; 476148456Spjd struct g_eli_worker *wr; 477148456Spjd struct bio *bp; 478214163Spjd int error; 479148456Spjd 480148456Spjd wr = arg; 481148456Spjd sc = wr->w_softc; 482166321Spjd#ifdef SMP 483166321Spjd /* Before sched_bind() to a CPU, wait for all CPUs to go on-line. */ 484226840Spjd if (sc->sc_cpubind) { 485166321Spjd while (!smp_started) 486166321Spjd tsleep(wr, 0, "geli:smp", hz / 4); 487166321Spjd } 488166321Spjd#endif 489170307Sjeff thread_lock(curthread); 490206665Spjd sched_prio(curthread, PUSER); 491226840Spjd if (sc->sc_cpubind) 492226840Spjd sched_bind(curthread, wr->w_number % mp_ncpus); 493170307Sjeff thread_unlock(curthread); 494155174Spjd 495148456Spjd G_ELI_DEBUG(1, "Thread %s started.", curthread->td_proc->p_comm); 496148456Spjd 497148456Spjd for (;;) { 498148456Spjd mtx_lock(&sc->sc_queue_mtx); 499214118Spjdagain: 500214118Spjd bp = g_eli_takefirst(sc); 501148456Spjd if (bp == NULL) { 502159307Spjd if (sc->sc_flags & G_ELI_FLAG_DESTROY) { 503214118Spjd g_eli_cancel(sc); 504148456Spjd LIST_REMOVE(wr, w_next); 505214163Spjd g_eli_freesession(wr); 506148456Spjd free(wr, M_ELI); 507148456Spjd G_ELI_DEBUG(1, "Thread %s exiting.", 508148456Spjd curthread->td_proc->p_comm); 509148456Spjd wakeup(&sc->sc_workers); 510148456Spjd mtx_unlock(&sc->sc_queue_mtx); 511172836Sjulian kproc_exit(0); 512148456Spjd } 513214118Spjd while (sc->sc_flags & G_ELI_FLAG_SUSPEND) { 514214118Spjd if (sc->sc_inflight > 0) { 515226727Spjd G_ELI_DEBUG(0, "inflight=%d", 516226727Spjd sc->sc_inflight); 517214118Spjd /* 518214118Spjd * We still have inflight BIOs, so 519214118Spjd * sleep and retry. 520214118Spjd */ 521214118Spjd msleep(sc, &sc->sc_queue_mtx, PRIBIO, 522214118Spjd "geli:inf", hz / 5); 523214118Spjd goto again; 524214118Spjd } 525214118Spjd /* 526214118Spjd * Suspend requested, mark the worker as 527214118Spjd * suspended and go to sleep. 528214118Spjd */ 529214163Spjd if (wr->w_active) { 530214163Spjd g_eli_freesession(wr); 531214163Spjd wr->w_active = FALSE; 532214163Spjd } 533214118Spjd wakeup(&sc->sc_workers); 534214118Spjd msleep(sc, &sc->sc_queue_mtx, PRIBIO, 535214118Spjd "geli:suspend", 0); 536214163Spjd if (!wr->w_active && 537214163Spjd !(sc->sc_flags & G_ELI_FLAG_SUSPEND)) { 538214163Spjd error = g_eli_newsession(wr); 539214163Spjd KASSERT(error == 0, 540214163Spjd ("g_eli_newsession() failed on resume (error=%d)", 541214163Spjd error)); 542214163Spjd wr->w_active = TRUE; 543214163Spjd } 544214118Spjd goto again; 545214118Spjd } 546206665Spjd msleep(sc, &sc->sc_queue_mtx, PDROP, "geli:w", 0); 547148456Spjd continue; 548148456Spjd } 549214118Spjd if (bp->bio_pflags == G_ELI_NEW_BIO) 550214118Spjd atomic_add_int(&sc->sc_inflight, 1); 551148456Spjd mtx_unlock(&sc->sc_queue_mtx); 552214118Spjd if (bp->bio_pflags == G_ELI_NEW_BIO) { 553214118Spjd bp->bio_pflags = 0; 554214118Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) { 555214118Spjd if (bp->bio_cmd == BIO_READ) 556214118Spjd g_eli_auth_read(sc, bp); 557214118Spjd else 558214118Spjd g_eli_auth_run(wr, bp); 559214118Spjd } else { 560214118Spjd if (bp->bio_cmd == BIO_READ) 561214118Spjd g_eli_crypto_read(sc, bp, 1); 562214118Spjd else 563214118Spjd g_eli_crypto_run(wr, bp); 564214118Spjd } 565214118Spjd } else { 566214118Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) 567214118Spjd g_eli_auth_run(wr, bp); 568214118Spjd else 569214118Spjd g_eli_crypto_run(wr, bp); 570214118Spjd } 571148456Spjd } 572148456Spjd} 573148456Spjd 574148456Spjd/* 575148456Spjd * Here we generate IV. It is unique for every sector. 576148456Spjd */ 577159307Spjdvoid 578148456Spjdg_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, 579148456Spjd size_t size) 580148456Spjd{ 581213070Spjd uint8_t off[8]; 582148456Spjd 583211927Spjd if ((sc->sc_flags & G_ELI_FLAG_NATIVE_BYTE_ORDER) != 0) 584211927Spjd bcopy(&offset, off, sizeof(off)); 585211927Spjd else 586161220Spjd le64enc(off, (uint64_t)offset); 587213070Spjd 588213070Spjd switch (sc->sc_ealgo) { 589213070Spjd case CRYPTO_AES_XTS: 590213070Spjd bcopy(off, iv, sizeof(off)); 591213070Spjd bzero(iv + sizeof(off), size - sizeof(off)); 592213070Spjd break; 593213070Spjd default: 594213070Spjd { 595213070Spjd u_char hash[SHA256_DIGEST_LENGTH]; 596213070Spjd SHA256_CTX ctx; 597213070Spjd 598213070Spjd /* Copy precalculated SHA256 context for IV-Key. */ 599213070Spjd bcopy(&sc->sc_ivctx, &ctx, sizeof(ctx)); 600213070Spjd SHA256_Update(&ctx, off, sizeof(off)); 601213070Spjd SHA256_Final(hash, &ctx); 602213070Spjd bcopy(hash, iv, MIN(sizeof(hash), size)); 603213070Spjd break; 604213070Spjd } 605213070Spjd } 606148456Spjd} 607148456Spjd 608148456Spjdint 609148456Spjdg_eli_read_metadata(struct g_class *mp, struct g_provider *pp, 610148456Spjd struct g_eli_metadata *md) 611148456Spjd{ 612148456Spjd struct g_geom *gp; 613148456Spjd struct g_consumer *cp; 614148456Spjd u_char *buf = NULL; 615148456Spjd int error; 616148456Spjd 617148456Spjd g_topology_assert(); 618148456Spjd 619148456Spjd gp = g_new_geomf(mp, "eli:taste"); 620148456Spjd gp->start = g_eli_start; 621148456Spjd gp->access = g_std_access; 622148456Spjd /* 623148456Spjd * g_eli_read_metadata() is always called from the event thread. 624148456Spjd * Our geom is created and destroyed in the same event, so there 625148456Spjd * could be no orphan nor spoil event in the meantime. 626148456Spjd */ 627148456Spjd gp->orphan = g_eli_orphan_spoil_assert; 628148456Spjd gp->spoiled = g_eli_orphan_spoil_assert; 629148456Spjd cp = g_new_consumer(gp); 630148456Spjd error = g_attach(cp, pp); 631148456Spjd if (error != 0) 632148456Spjd goto end; 633148456Spjd error = g_access(cp, 1, 0, 0); 634148456Spjd if (error != 0) 635148456Spjd goto end; 636148456Spjd g_topology_unlock(); 637148456Spjd buf = g_read_data(cp, pp->mediasize - pp->sectorsize, pp->sectorsize, 638148456Spjd &error); 639148456Spjd g_topology_lock(); 640152967Ssobomax if (buf == NULL) 641148456Spjd goto end; 642148456Spjd eli_metadata_decode(buf, md); 643148456Spjdend: 644148456Spjd if (buf != NULL) 645148456Spjd g_free(buf); 646148456Spjd if (cp->provider != NULL) { 647148456Spjd if (cp->acr == 1) 648148456Spjd g_access(cp, -1, 0, 0); 649148456Spjd g_detach(cp); 650148456Spjd } 651148456Spjd g_destroy_consumer(cp); 652148456Spjd g_destroy_geom(gp); 653148456Spjd return (error); 654148456Spjd} 655148456Spjd 656148456Spjd/* 657148456Spjd * The function is called when we had last close on provider and user requested 658148456Spjd * to close it when this situation occur. 659148456Spjd */ 660148456Spjdstatic void 661255144Smavg_eli_last_close(void *arg, int flags __unused) 662148456Spjd{ 663148456Spjd struct g_geom *gp; 664255144Smav char gpname[64]; 665148456Spjd int error; 666148456Spjd 667148456Spjd g_topology_assert(); 668255144Smav gp = arg; 669255144Smav strlcpy(gpname, gp->name, sizeof(gpname)); 670255144Smav error = g_eli_destroy(gp->softc, TRUE); 671148456Spjd KASSERT(error == 0, ("Cannot detach %s on last close (error=%d).", 672255144Smav gpname, error)); 673255144Smav G_ELI_DEBUG(0, "Detached %s on last close.", gpname); 674148456Spjd} 675148456Spjd 676148456Spjdint 677148456Spjdg_eli_access(struct g_provider *pp, int dr, int dw, int de) 678148456Spjd{ 679148456Spjd struct g_eli_softc *sc; 680148456Spjd struct g_geom *gp; 681148456Spjd 682148456Spjd gp = pp->geom; 683148456Spjd sc = gp->softc; 684148456Spjd 685148456Spjd if (dw > 0) { 686161127Spjd if (sc->sc_flags & G_ELI_FLAG_RO) { 687161127Spjd /* Deny write attempts. */ 688161127Spjd return (EROFS); 689161127Spjd } 690148456Spjd /* Someone is opening us for write, we need to remember that. */ 691148456Spjd sc->sc_flags |= G_ELI_FLAG_WOPEN; 692148456Spjd return (0); 693148456Spjd } 694148456Spjd /* Is this the last close? */ 695148456Spjd if (pp->acr + dr > 0 || pp->acw + dw > 0 || pp->ace + de > 0) 696148456Spjd return (0); 697148456Spjd 698148456Spjd /* 699148456Spjd * Automatically detach on last close if requested. 700148456Spjd */ 701148456Spjd if ((sc->sc_flags & G_ELI_FLAG_RW_DETACH) || 702148456Spjd (sc->sc_flags & G_ELI_FLAG_WOPEN)) { 703255144Smav g_post_event(g_eli_last_close, gp, M_WAITOK, NULL); 704148456Spjd } 705148456Spjd return (0); 706148456Spjd} 707148456Spjd 708163877Spjdstatic int 709163877Spjdg_eli_cpu_is_disabled(int cpu) 710163877Spjd{ 711163877Spjd#ifdef SMP 712222813Sattilio return (CPU_ISSET(cpu, &hlt_cpus_mask)); 713163877Spjd#else 714163877Spjd return (0); 715163877Spjd#endif 716163877Spjd} 717163877Spjd 718148456Spjdstruct g_geom * 719148456Spjdg_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp, 720148456Spjd const struct g_eli_metadata *md, const u_char *mkey, int nkey) 721148456Spjd{ 722148456Spjd struct g_eli_softc *sc; 723148456Spjd struct g_eli_worker *wr; 724148456Spjd struct g_geom *gp; 725148456Spjd struct g_provider *pp; 726148456Spjd struct g_consumer *cp; 727148456Spjd u_int i, threads; 728148456Spjd int error; 729148456Spjd 730148456Spjd G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX); 731148456Spjd 732148456Spjd gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX); 733148456Spjd sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO); 734148456Spjd gp->start = g_eli_start; 735148456Spjd /* 736148456Spjd * Spoiling cannot happen actually, because we keep provider open for 737161127Spjd * writing all the time or provider is read-only. 738148456Spjd */ 739148456Spjd gp->spoiled = g_eli_orphan_spoil_assert; 740148456Spjd gp->orphan = g_eli_orphan; 741161127Spjd gp->dumpconf = g_eli_dumpconf; 742148456Spjd /* 743161127Spjd * If detach-on-last-close feature is not enabled and we don't operate 744161127Spjd * on read-only provider, we can simply use g_std_access(). 745148456Spjd */ 746161127Spjd if (md->md_flags & (G_ELI_FLAG_WO_DETACH | G_ELI_FLAG_RO)) 747148456Spjd gp->access = g_eli_access; 748148456Spjd else 749148456Spjd gp->access = g_std_access; 750148456Spjd 751226733Spjd sc->sc_version = md->md_version; 752214118Spjd sc->sc_inflight = 0; 753214163Spjd sc->sc_crypto = G_ELI_CRYPTO_UNKNOWN; 754148456Spjd sc->sc_flags = md->md_flags; 755161220Spjd /* Backward compatibility. */ 756226728Spjd if (md->md_version < G_ELI_VERSION_04) 757161220Spjd sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER; 758226728Spjd if (md->md_version < G_ELI_VERSION_05) 759213067Spjd sc->sc_flags |= G_ELI_FLAG_SINGLE_KEY; 760226728Spjd if (md->md_version < G_ELI_VERSION_06 && 761226728Spjd (sc->sc_flags & G_ELI_FLAG_AUTH) != 0) { 762221628Spjd sc->sc_flags |= G_ELI_FLAG_FIRST_KEY; 763226728Spjd } 764238116Spjd if (md->md_version < G_ELI_VERSION_07) 765238116Spjd sc->sc_flags |= G_ELI_FLAG_ENC_IVKEY; 766159307Spjd sc->sc_ealgo = md->md_ealgo; 767148456Spjd sc->sc_nkey = nkey; 768148456Spjd 769159307Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) { 770159307Spjd sc->sc_akeylen = sizeof(sc->sc_akey) * 8; 771159307Spjd sc->sc_aalgo = md->md_aalgo; 772159307Spjd sc->sc_alen = g_eli_hashlen(sc->sc_aalgo); 773159307Spjd 774159307Spjd sc->sc_data_per_sector = bpp->sectorsize - sc->sc_alen; 775159307Spjd /* 776159307Spjd * Some hash functions (like SHA1 and RIPEMD160) generates hash 777159307Spjd * which length is not multiple of 128 bits, but we want data 778159307Spjd * length to be multiple of 128, so we can encrypt without 779159307Spjd * padding. The line below rounds down data length to multiple 780159307Spjd * of 128 bits. 781159307Spjd */ 782159307Spjd sc->sc_data_per_sector -= sc->sc_data_per_sector % 16; 783159307Spjd 784159307Spjd sc->sc_bytes_per_sector = 785159307Spjd (md->md_sectorsize - 1) / sc->sc_data_per_sector + 1; 786159307Spjd sc->sc_bytes_per_sector *= bpp->sectorsize; 787159307Spjd } 788159307Spjd 789148456Spjd gp->softc = sc; 790148456Spjd sc->sc_geom = gp; 791148456Spjd 792148456Spjd bioq_init(&sc->sc_queue); 793148456Spjd mtx_init(&sc->sc_queue_mtx, "geli:queue", NULL, MTX_DEF); 794220922Spjd mtx_init(&sc->sc_ekeys_lock, "geli:ekeys", NULL, MTX_DEF); 795148456Spjd 796148456Spjd pp = NULL; 797148456Spjd cp = g_new_consumer(gp); 798148456Spjd error = g_attach(cp, bpp); 799148456Spjd if (error != 0) { 800148456Spjd if (req != NULL) { 801148456Spjd gctl_error(req, "Cannot attach to %s (error=%d).", 802148456Spjd bpp->name, error); 803148456Spjd } else { 804148456Spjd G_ELI_DEBUG(1, "Cannot attach to %s (error=%d).", 805148456Spjd bpp->name, error); 806148456Spjd } 807148456Spjd goto failed; 808148456Spjd } 809148456Spjd /* 810148456Spjd * Keep provider open all the time, so we can run critical tasks, 811148456Spjd * like Master Keys deletion, without wondering if we can open 812148456Spjd * provider or not. 813161127Spjd * We don't open provider for writing only when user requested read-only 814161127Spjd * access. 815148456Spjd */ 816161127Spjd if (sc->sc_flags & G_ELI_FLAG_RO) 817161127Spjd error = g_access(cp, 1, 0, 1); 818161127Spjd else 819161127Spjd error = g_access(cp, 1, 1, 1); 820148456Spjd if (error != 0) { 821148456Spjd if (req != NULL) { 822148456Spjd gctl_error(req, "Cannot access %s (error=%d).", 823148456Spjd bpp->name, error); 824148456Spjd } else { 825148456Spjd G_ELI_DEBUG(1, "Cannot access %s (error=%d).", 826148456Spjd bpp->name, error); 827148456Spjd } 828148456Spjd goto failed; 829148456Spjd } 830148456Spjd 831213067Spjd sc->sc_sectorsize = md->md_sectorsize; 832213067Spjd sc->sc_mediasize = bpp->mediasize; 833213067Spjd if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) 834213067Spjd sc->sc_mediasize -= bpp->sectorsize; 835213067Spjd if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) 836213067Spjd sc->sc_mediasize -= (sc->sc_mediasize % sc->sc_sectorsize); 837213067Spjd else { 838213067Spjd sc->sc_mediasize /= sc->sc_bytes_per_sector; 839213067Spjd sc->sc_mediasize *= sc->sc_sectorsize; 840213067Spjd } 841213067Spjd 842213067Spjd /* 843213067Spjd * Remember the keys in our softc structure. 844213067Spjd */ 845213067Spjd g_eli_mkey_propagate(sc, mkey); 846213067Spjd sc->sc_ekeylen = md->md_keylen; 847213067Spjd 848148456Spjd LIST_INIT(&sc->sc_workers); 849148456Spjd 850148456Spjd threads = g_eli_threads; 851149353Spjd if (threads == 0) 852149353Spjd threads = mp_ncpus; 853226840Spjd sc->sc_cpubind = (mp_ncpus > 1 && threads == mp_ncpus); 854148456Spjd for (i = 0; i < threads; i++) { 855163877Spjd if (g_eli_cpu_is_disabled(i)) { 856163877Spjd G_ELI_DEBUG(1, "%s: CPU %u disabled, skipping.", 857163905Spjd bpp->name, i); 858163877Spjd continue; 859163877Spjd } 860148456Spjd wr = malloc(sizeof(*wr), M_ELI, M_WAITOK | M_ZERO); 861148456Spjd wr->w_softc = sc; 862148456Spjd wr->w_number = i; 863214118Spjd wr->w_active = TRUE; 864148456Spjd 865214163Spjd error = g_eli_newsession(wr); 866148456Spjd if (error != 0) { 867148456Spjd free(wr, M_ELI); 868148456Spjd if (req != NULL) { 869155432Sbrueffer gctl_error(req, "Cannot set up crypto session " 870148456Spjd "for %s (error=%d).", bpp->name, error); 871148456Spjd } else { 872155432Sbrueffer G_ELI_DEBUG(1, "Cannot set up crypto session " 873148456Spjd "for %s (error=%d).", bpp->name, error); 874148456Spjd } 875148456Spjd goto failed; 876148456Spjd } 877148456Spjd 878172836Sjulian error = kproc_create(g_eli_worker, wr, &wr->w_proc, 0, 0, 879148456Spjd "g_eli[%u] %s", i, bpp->name); 880148456Spjd if (error != 0) { 881214163Spjd g_eli_freesession(wr); 882148456Spjd free(wr, M_ELI); 883148456Spjd if (req != NULL) { 884149193Spjd gctl_error(req, "Cannot create kernel thread " 885149193Spjd "for %s (error=%d).", bpp->name, error); 886148456Spjd } else { 887149193Spjd G_ELI_DEBUG(1, "Cannot create kernel thread " 888149193Spjd "for %s (error=%d).", bpp->name, error); 889148456Spjd } 890148456Spjd goto failed; 891148456Spjd } 892148456Spjd LIST_INSERT_HEAD(&sc->sc_workers, wr, w_next); 893148456Spjd } 894148456Spjd 895148456Spjd /* 896148456Spjd * Create decrypted provider. 897148456Spjd */ 898148456Spjd pp = g_new_providerf(gp, "%s%s", bpp->name, G_ELI_SUFFIX); 899213067Spjd pp->mediasize = sc->sc_mediasize; 900213067Spjd pp->sectorsize = sc->sc_sectorsize; 901159307Spjd 902148456Spjd g_error_provider(pp, 0); 903148456Spjd 904148456Spjd G_ELI_DEBUG(0, "Device %s created.", pp->name); 905159307Spjd G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo), 906159307Spjd sc->sc_ekeylen); 907159307Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) 908159307Spjd G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo)); 909148456Spjd G_ELI_DEBUG(0, " Crypto: %s", 910148456Spjd sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware"); 911148456Spjd return (gp); 912148456Spjdfailed: 913149193Spjd mtx_lock(&sc->sc_queue_mtx); 914149193Spjd sc->sc_flags |= G_ELI_FLAG_DESTROY; 915149193Spjd wakeup(sc); 916149193Spjd /* 917149193Spjd * Wait for kernel threads self destruction. 918149193Spjd */ 919149193Spjd while (!LIST_EMPTY(&sc->sc_workers)) { 920149193Spjd msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO, 921149193Spjd "geli:destroy", 0); 922148456Spjd } 923148456Spjd mtx_destroy(&sc->sc_queue_mtx); 924148456Spjd if (cp->provider != NULL) { 925148456Spjd if (cp->acr == 1) 926148456Spjd g_access(cp, -1, -1, -1); 927148456Spjd g_detach(cp); 928148456Spjd } 929148456Spjd g_destroy_consumer(cp); 930148456Spjd g_destroy_geom(gp); 931220922Spjd g_eli_key_destroy(sc); 932148456Spjd bzero(sc, sizeof(*sc)); 933148456Spjd free(sc, M_ELI); 934148456Spjd return (NULL); 935148456Spjd} 936148456Spjd 937148456Spjdint 938148456Spjdg_eli_destroy(struct g_eli_softc *sc, boolean_t force) 939148456Spjd{ 940148456Spjd struct g_geom *gp; 941148456Spjd struct g_provider *pp; 942148456Spjd 943148456Spjd g_topology_assert(); 944148456Spjd 945148456Spjd if (sc == NULL) 946148456Spjd return (ENXIO); 947148456Spjd 948148456Spjd gp = sc->sc_geom; 949148456Spjd pp = LIST_FIRST(&gp->provider); 950148456Spjd if (pp != NULL && (pp->acr != 0 || pp->acw != 0 || pp->ace != 0)) { 951148456Spjd if (force) { 952148456Spjd G_ELI_DEBUG(1, "Device %s is still open, so it " 953155432Sbrueffer "cannot be definitely removed.", pp->name); 954255144Smav sc->sc_flags |= G_ELI_FLAG_RW_DETACH; 955255144Smav gp->access = g_eli_access; 956255144Smav g_wither_provider(pp, ENXIO); 957255144Smav return (EBUSY); 958148456Spjd } else { 959148456Spjd G_ELI_DEBUG(1, 960148456Spjd "Device %s is still open (r%dw%de%d).", pp->name, 961148456Spjd pp->acr, pp->acw, pp->ace); 962148456Spjd return (EBUSY); 963148456Spjd } 964148456Spjd } 965148456Spjd 966149193Spjd mtx_lock(&sc->sc_queue_mtx); 967149193Spjd sc->sc_flags |= G_ELI_FLAG_DESTROY; 968149193Spjd wakeup(sc); 969149193Spjd while (!LIST_EMPTY(&sc->sc_workers)) { 970149193Spjd msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO, 971149193Spjd "geli:destroy", 0); 972148456Spjd } 973148456Spjd mtx_destroy(&sc->sc_queue_mtx); 974148456Spjd gp->softc = NULL; 975220922Spjd g_eli_key_destroy(sc); 976148456Spjd bzero(sc, sizeof(*sc)); 977148456Spjd free(sc, M_ELI); 978148456Spjd 979148456Spjd if (pp == NULL || (pp->acr == 0 && pp->acw == 0 && pp->ace == 0)) 980148456Spjd G_ELI_DEBUG(0, "Device %s destroyed.", gp->name); 981148456Spjd g_wither_geom_close(gp, ENXIO); 982148456Spjd 983148456Spjd return (0); 984148456Spjd} 985148456Spjd 986148456Spjdstatic int 987148456Spjdg_eli_destroy_geom(struct gctl_req *req __unused, 988148456Spjd struct g_class *mp __unused, struct g_geom *gp) 989148456Spjd{ 990148456Spjd struct g_eli_softc *sc; 991148456Spjd 992148456Spjd sc = gp->softc; 993214118Spjd return (g_eli_destroy(sc, FALSE)); 994148456Spjd} 995148456Spjd 996155537Spjdstatic int 997155537Spjdg_eli_keyfiles_load(struct hmac_ctx *ctx, const char *provider) 998155537Spjd{ 999218663Smarcel u_char *keyfile, *data; 1000155537Spjd char *file, name[64]; 1001218663Smarcel size_t size; 1002155537Spjd int i; 1003155537Spjd 1004155537Spjd for (i = 0; ; i++) { 1005155537Spjd snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); 1006155537Spjd keyfile = preload_search_by_type(name); 1007155537Spjd if (keyfile == NULL) 1008155537Spjd return (i); /* Return number of loaded keyfiles. */ 1009218663Smarcel data = preload_fetch_addr(keyfile); 1010155537Spjd if (data == NULL) { 1011155537Spjd G_ELI_DEBUG(0, "Cannot find key file data for %s.", 1012155537Spjd name); 1013155537Spjd return (0); 1014155537Spjd } 1015218663Smarcel size = preload_fetch_size(keyfile); 1016218663Smarcel if (size == 0) { 1017155537Spjd G_ELI_DEBUG(0, "Cannot find key file size for %s.", 1018155537Spjd name); 1019155537Spjd return (0); 1020155537Spjd } 1021155537Spjd file = preload_search_info(keyfile, MODINFO_NAME); 1022155537Spjd if (file == NULL) { 1023155537Spjd G_ELI_DEBUG(0, "Cannot find key file name for %s.", 1024155537Spjd name); 1025155537Spjd return (0); 1026155537Spjd } 1027155537Spjd G_ELI_DEBUG(1, "Loaded keyfile %s for %s (type: %s).", file, 1028155537Spjd provider, name); 1029218663Smarcel g_eli_crypto_hmac_update(ctx, data, size); 1030155537Spjd } 1031155537Spjd} 1032155537Spjd 1033155537Spjdstatic void 1034155537Spjdg_eli_keyfiles_clear(const char *provider) 1035155537Spjd{ 1036218663Smarcel u_char *keyfile, *data; 1037155537Spjd char name[64]; 1038218663Smarcel size_t size; 1039155537Spjd int i; 1040155537Spjd 1041155537Spjd for (i = 0; ; i++) { 1042155537Spjd snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); 1043155537Spjd keyfile = preload_search_by_type(name); 1044155537Spjd if (keyfile == NULL) 1045155537Spjd return; 1046218663Smarcel data = preload_fetch_addr(keyfile); 1047218663Smarcel size = preload_fetch_size(keyfile); 1048218663Smarcel if (data != NULL && size != 0) 1049218663Smarcel bzero(data, size); 1050155537Spjd } 1051155537Spjd} 1052155537Spjd 1053148456Spjd/* 1054148456Spjd * Tasting is only made on boot. 1055148456Spjd * We detect providers which should be attached before root is mounted. 1056148456Spjd */ 1057148456Spjdstatic struct g_geom * 1058148456Spjdg_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) 1059148456Spjd{ 1060148456Spjd struct g_eli_metadata md; 1061148456Spjd struct g_geom *gp; 1062148456Spjd struct hmac_ctx ctx; 1063148456Spjd char passphrase[256]; 1064148456Spjd u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN]; 1065155537Spjd u_int i, nkey, nkeyfiles, tries; 1066148456Spjd int error; 1067148456Spjd 1068148456Spjd g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name); 1069148456Spjd g_topology_assert(); 1070148456Spjd 1071168507Spjd if (root_mounted() || g_eli_tries == 0) 1072148456Spjd return (NULL); 1073148456Spjd 1074148456Spjd G_ELI_DEBUG(3, "Tasting %s.", pp->name); 1075148456Spjd 1076148456Spjd error = g_eli_read_metadata(mp, pp, &md); 1077148456Spjd if (error != 0) 1078148456Spjd return (NULL); 1079148456Spjd gp = NULL; 1080148456Spjd 1081148456Spjd if (strcmp(md.md_magic, G_ELI_MAGIC) != 0) 1082148456Spjd return (NULL); 1083148456Spjd if (md.md_version > G_ELI_VERSION) { 1084148456Spjd printf("geom_eli.ko module is too old to handle %s.\n", 1085148456Spjd pp->name); 1086148456Spjd return (NULL); 1087148456Spjd } 1088148456Spjd if (md.md_provsize != pp->mediasize) 1089148456Spjd return (NULL); 1090148456Spjd /* Should we attach it on boot? */ 1091159307Spjd if (!(md.md_flags & G_ELI_FLAG_BOOT)) 1092148456Spjd return (NULL); 1093148456Spjd if (md.md_keys == 0x00) { 1094148456Spjd G_ELI_DEBUG(0, "No valid keys on %s.", pp->name); 1095148456Spjd return (NULL); 1096148456Spjd } 1097155537Spjd if (md.md_iterations == -1) { 1098155537Spjd /* If there is no passphrase, we try only once. */ 1099155537Spjd tries = 1; 1100155537Spjd } else { 1101155537Spjd /* Ask for the passphrase no more than g_eli_tries times. */ 1102155537Spjd tries = g_eli_tries; 1103155537Spjd } 1104148456Spjd 1105272006Scperciva for (i = 0; i <= tries; i++) { 1106155537Spjd g_eli_crypto_hmac_init(&ctx, NULL, 0); 1107155537Spjd 1108148456Spjd /* 1109155537Spjd * Load all key files. 1110155537Spjd */ 1111155537Spjd nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name); 1112155537Spjd 1113155537Spjd if (nkeyfiles == 0 && md.md_iterations == -1) { 1114155537Spjd /* 1115155537Spjd * No key files and no passphrase, something is 1116155537Spjd * definitely wrong here. 1117155537Spjd * geli(8) doesn't allow for such situation, so assume 1118155537Spjd * that there was really no passphrase and in that case 1119155537Spjd * key files are no properly defined in loader.conf. 1120155537Spjd */ 1121155537Spjd G_ELI_DEBUG(0, 1122155537Spjd "Found no key files in loader.conf for %s.", 1123155537Spjd pp->name); 1124155537Spjd return (NULL); 1125155537Spjd } 1126155537Spjd 1127155537Spjd /* Ask for the passphrase if defined. */ 1128155537Spjd if (md.md_iterations >= 0) { 1129272006Scperciva /* Try first with cached passphrase. */ 1130272006Scperciva if (i == 0) { 1131272006Scperciva if (!g_eli_boot_passcache) 1132272006Scperciva continue; 1133272006Scperciva memcpy(passphrase, cached_passphrase, 1134272006Scperciva sizeof(passphrase)); 1135272006Scperciva } else { 1136272006Scperciva printf("Enter passphrase for %s: ", pp->name); 1137272006Scperciva cngets(passphrase, sizeof(passphrase), 1138272006Scperciva g_eli_visible_passphrase); 1139272006Scperciva memcpy(cached_passphrase, passphrase, 1140272006Scperciva sizeof(passphrase)); 1141272006Scperciva } 1142155537Spjd } 1143155537Spjd 1144155537Spjd /* 1145148456Spjd * Prepare Derived-Key from the user passphrase. 1146148456Spjd */ 1147148456Spjd if (md.md_iterations == 0) { 1148148456Spjd g_eli_crypto_hmac_update(&ctx, md.md_salt, 1149148456Spjd sizeof(md.md_salt)); 1150148456Spjd g_eli_crypto_hmac_update(&ctx, passphrase, 1151148456Spjd strlen(passphrase)); 1152180638Spjd bzero(passphrase, sizeof(passphrase)); 1153155537Spjd } else if (md.md_iterations > 0) { 1154148456Spjd u_char dkey[G_ELI_USERKEYLEN]; 1155148456Spjd 1156148456Spjd pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, 1157148456Spjd sizeof(md.md_salt), passphrase, md.md_iterations); 1158180638Spjd bzero(passphrase, sizeof(passphrase)); 1159148456Spjd g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); 1160148456Spjd bzero(dkey, sizeof(dkey)); 1161148456Spjd } 1162155537Spjd 1163148456Spjd g_eli_crypto_hmac_final(&ctx, key, 0); 1164148456Spjd 1165148456Spjd /* 1166148456Spjd * Decrypt Master-Key. 1167148456Spjd */ 1168148456Spjd error = g_eli_mkey_decrypt(&md, key, mkey, &nkey); 1169148456Spjd bzero(key, sizeof(key)); 1170148456Spjd if (error == -1) { 1171272006Scperciva if (i == tries) { 1172155537Spjd G_ELI_DEBUG(0, 1173155537Spjd "Wrong key for %s. No tries left.", 1174155537Spjd pp->name); 1175155537Spjd g_eli_keyfiles_clear(pp->name); 1176155537Spjd return (NULL); 1177148456Spjd } 1178272006Scperciva if (i > 0) { 1179272006Scperciva G_ELI_DEBUG(0, 1180272006Scperciva "Wrong key for %s. Tries left: %u.", 1181272006Scperciva pp->name, tries - i); 1182272006Scperciva } 1183148456Spjd /* Try again. */ 1184148456Spjd continue; 1185148456Spjd } else if (error > 0) { 1186226727Spjd G_ELI_DEBUG(0, 1187226727Spjd "Cannot decrypt Master Key for %s (error=%d).", 1188148456Spjd pp->name, error); 1189155537Spjd g_eli_keyfiles_clear(pp->name); 1190148456Spjd return (NULL); 1191148456Spjd } 1192267860Smarius g_eli_keyfiles_clear(pp->name); 1193148456Spjd G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name); 1194148456Spjd break; 1195148456Spjd } 1196148456Spjd 1197148456Spjd /* 1198148456Spjd * We have correct key, let's attach provider. 1199148456Spjd */ 1200148456Spjd gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey); 1201148456Spjd bzero(mkey, sizeof(mkey)); 1202148456Spjd bzero(&md, sizeof(md)); 1203148456Spjd if (gp == NULL) { 1204148456Spjd G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name, 1205148456Spjd G_ELI_SUFFIX); 1206148456Spjd return (NULL); 1207148456Spjd } 1208148456Spjd return (gp); 1209148456Spjd} 1210148456Spjd 1211148456Spjdstatic void 1212148456Spjdg_eli_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp, 1213148456Spjd struct g_consumer *cp, struct g_provider *pp) 1214148456Spjd{ 1215148456Spjd struct g_eli_softc *sc; 1216148456Spjd 1217148456Spjd g_topology_assert(); 1218148456Spjd sc = gp->softc; 1219148456Spjd if (sc == NULL) 1220148456Spjd return; 1221148456Spjd if (pp != NULL || cp != NULL) 1222148456Spjd return; /* Nothing here. */ 1223220922Spjd 1224259383Sae sbuf_printf(sb, "%s<KeysTotal>%ju</KeysTotal>\n", indent, 1225220922Spjd (uintmax_t)sc->sc_ekeys_total); 1226259383Sae sbuf_printf(sb, "%s<KeysAllocated>%ju</KeysAllocated>\n", indent, 1227220922Spjd (uintmax_t)sc->sc_ekeys_allocated); 1228148460Spjd sbuf_printf(sb, "%s<Flags>", indent); 1229148460Spjd if (sc->sc_flags == 0) 1230148460Spjd sbuf_printf(sb, "NONE"); 1231148460Spjd else { 1232148460Spjd int first = 1; 1233148460Spjd 1234148460Spjd#define ADD_FLAG(flag, name) do { \ 1235159307Spjd if (sc->sc_flags & (flag)) { \ 1236148460Spjd if (!first) \ 1237148460Spjd sbuf_printf(sb, ", "); \ 1238148460Spjd else \ 1239148460Spjd first = 0; \ 1240148460Spjd sbuf_printf(sb, name); \ 1241148460Spjd } \ 1242148460Spjd} while (0) 1243214118Spjd ADD_FLAG(G_ELI_FLAG_SUSPEND, "SUSPEND"); 1244213067Spjd ADD_FLAG(G_ELI_FLAG_SINGLE_KEY, "SINGLE-KEY"); 1245161220Spjd ADD_FLAG(G_ELI_FLAG_NATIVE_BYTE_ORDER, "NATIVE-BYTE-ORDER"); 1246148460Spjd ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME"); 1247148460Spjd ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT"); 1248148460Spjd ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH"); 1249148460Spjd ADD_FLAG(G_ELI_FLAG_RW_DETACH, "RW-DETACH"); 1250159307Spjd ADD_FLAG(G_ELI_FLAG_AUTH, "AUTH"); 1251148460Spjd ADD_FLAG(G_ELI_FLAG_WOPEN, "W-OPEN"); 1252148460Spjd ADD_FLAG(G_ELI_FLAG_DESTROY, "DESTROY"); 1253161127Spjd ADD_FLAG(G_ELI_FLAG_RO, "READ-ONLY"); 1254148460Spjd#undef ADD_FLAG 1255148460Spjd } 1256148460Spjd sbuf_printf(sb, "</Flags>\n"); 1257148460Spjd 1258159307Spjd if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) { 1259148460Spjd sbuf_printf(sb, "%s<UsedKey>%u</UsedKey>\n", indent, 1260148460Spjd sc->sc_nkey); 1261148460Spjd } 1262226733Spjd sbuf_printf(sb, "%s<Version>%u</Version>\n", indent, sc->sc_version); 1263148456Spjd sbuf_printf(sb, "%s<Crypto>", indent); 1264148456Spjd switch (sc->sc_crypto) { 1265148456Spjd case G_ELI_CRYPTO_HW: 1266148456Spjd sbuf_printf(sb, "hardware"); 1267148456Spjd break; 1268148456Spjd case G_ELI_CRYPTO_SW: 1269148456Spjd sbuf_printf(sb, "software"); 1270148456Spjd break; 1271148456Spjd default: 1272148456Spjd sbuf_printf(sb, "UNKNOWN"); 1273148456Spjd break; 1274148456Spjd } 1275148456Spjd sbuf_printf(sb, "</Crypto>\n"); 1276159307Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) { 1277159307Spjd sbuf_printf(sb, 1278159307Spjd "%s<AuthenticationAlgorithm>%s</AuthenticationAlgorithm>\n", 1279159307Spjd indent, g_eli_algo2str(sc->sc_aalgo)); 1280159307Spjd } 1281159307Spjd sbuf_printf(sb, "%s<KeyLength>%u</KeyLength>\n", indent, 1282159307Spjd sc->sc_ekeylen); 1283226727Spjd sbuf_printf(sb, "%s<EncryptionAlgorithm>%s</EncryptionAlgorithm>\n", 1284226727Spjd indent, g_eli_algo2str(sc->sc_ealgo)); 1285214227Spjd sbuf_printf(sb, "%s<State>%s</State>\n", indent, 1286214227Spjd (sc->sc_flags & G_ELI_FLAG_SUSPEND) ? "SUSPENDED" : "ACTIVE"); 1287148456Spjd} 1288148456Spjd 1289189900Spjdstatic void 1290189900Spjdg_eli_shutdown_pre_sync(void *arg, int howto) 1291189900Spjd{ 1292189900Spjd struct g_class *mp; 1293189900Spjd struct g_geom *gp, *gp2; 1294189900Spjd struct g_provider *pp; 1295189900Spjd struct g_eli_softc *sc; 1296189900Spjd int error; 1297189900Spjd 1298189900Spjd mp = arg; 1299189900Spjd DROP_GIANT(); 1300189900Spjd g_topology_lock(); 1301189900Spjd LIST_FOREACH_SAFE(gp, &mp->geom, geom, gp2) { 1302189900Spjd sc = gp->softc; 1303189900Spjd if (sc == NULL) 1304189900Spjd continue; 1305189900Spjd pp = LIST_FIRST(&gp->provider); 1306189900Spjd KASSERT(pp != NULL, ("No provider? gp=%p (%s)", gp, gp->name)); 1307189900Spjd if (pp->acr + pp->acw + pp->ace == 0) 1308214118Spjd error = g_eli_destroy(sc, TRUE); 1309189900Spjd else { 1310189900Spjd sc->sc_flags |= G_ELI_FLAG_RW_DETACH; 1311189900Spjd gp->access = g_eli_access; 1312189900Spjd } 1313189900Spjd } 1314189900Spjd g_topology_unlock(); 1315189900Spjd PICKUP_GIANT(); 1316189900Spjd} 1317189900Spjd 1318189900Spjdstatic void 1319189900Spjdg_eli_init(struct g_class *mp) 1320189900Spjd{ 1321189900Spjd 1322189900Spjd g_eli_pre_sync = EVENTHANDLER_REGISTER(shutdown_pre_sync, 1323189900Spjd g_eli_shutdown_pre_sync, mp, SHUTDOWN_PRI_FIRST); 1324189900Spjd if (g_eli_pre_sync == NULL) 1325189900Spjd G_ELI_DEBUG(0, "Warning! Cannot register shutdown event."); 1326189900Spjd} 1327189900Spjd 1328189900Spjdstatic void 1329189900Spjdg_eli_fini(struct g_class *mp) 1330189900Spjd{ 1331189900Spjd 1332189900Spjd if (g_eli_pre_sync != NULL) 1333189900Spjd EVENTHANDLER_DEREGISTER(shutdown_pre_sync, g_eli_pre_sync); 1334189900Spjd} 1335189900Spjd 1336148456SpjdDECLARE_GEOM_CLASS(g_eli_class, g_eli); 1337160741SyarMODULE_DEPEND(g_eli, crypto, 1, 1, 1); 1338