1148456Spjd/*- 2220922Spjd * Copyright (c) 2005-2011 Pawel Jakub Dawidek <pawel@dawidek.net> 3148456Spjd * All rights reserved. 4148456Spjd * 5148456Spjd * Redistribution and use in source and binary forms, with or without 6148456Spjd * modification, are permitted provided that the following conditions 7148456Spjd * are met: 8148456Spjd * 1. Redistributions of source code must retain the above copyright 9148456Spjd * notice, this list of conditions and the following disclaimer. 10148456Spjd * 2. Redistributions in binary form must reproduce the above copyright 11148456Spjd * notice, this list of conditions and the following disclaimer in the 12148456Spjd * documentation and/or other materials provided with the distribution. 13155174Spjd * 14148456Spjd * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 15148456Spjd * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16148456Spjd * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17148456Spjd * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 18148456Spjd * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19148456Spjd * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20148456Spjd * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21148456Spjd * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22148456Spjd * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23148456Spjd * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24148456Spjd * SUCH DAMAGE. 25148456Spjd */ 26148456Spjd 27148456Spjd#include <sys/cdefs.h> 28148456Spjd__FBSDID("$FreeBSD$"); 29148456Spjd 30148456Spjd#include <sys/param.h> 31148456Spjd#include <sys/systm.h> 32228634Savg#include <sys/cons.h> 33148456Spjd#include <sys/kernel.h> 34155537Spjd#include <sys/linker.h> 35148456Spjd#include <sys/module.h> 36148456Spjd#include <sys/lock.h> 37148456Spjd#include <sys/mutex.h> 38148456Spjd#include <sys/bio.h> 39223921Sae#include <sys/sbuf.h> 40148456Spjd#include <sys/sysctl.h> 41148456Spjd#include <sys/malloc.h> 42189900Spjd#include <sys/eventhandler.h> 43148456Spjd#include <sys/kthread.h> 44148456Spjd#include <sys/proc.h> 45148456Spjd#include <sys/sched.h> 46149353Spjd#include <sys/smp.h> 47148456Spjd#include <sys/uio.h> 48155535Spjd#include <sys/vnode.h> 49148456Spjd 50148456Spjd#include <vm/uma.h> 51148456Spjd 52148456Spjd#include <geom/geom.h> 53148456Spjd#include <geom/eli/g_eli.h> 54148456Spjd#include <geom/eli/pkcs5v2.h> 55148456Spjd 56219029SnetchildFEATURE(geom_eli, "GEOM crypto module"); 57148456Spjd 58148456SpjdMALLOC_DEFINE(M_ELI, "eli data", "GEOM_ELI Data"); 59148456Spjd 60148456SpjdSYSCTL_DECL(_kern_geom); 61148456SpjdSYSCTL_NODE(_kern_geom, OID_AUTO, eli, CTLFLAG_RW, 0, "GEOM_ELI stuff"); 62221631Spjdstatic int g_eli_version = G_ELI_VERSION; 63221631SpjdSYSCTL_INT(_kern_geom_eli, OID_AUTO, version, CTLFLAG_RD, &g_eli_version, 0, 64221631Spjd "GELI version"); 65213165Spjdint g_eli_debug = 0; 66148456SpjdTUNABLE_INT("kern.geom.eli.debug", &g_eli_debug); 67213165SpjdSYSCTL_INT(_kern_geom_eli, OID_AUTO, debug, CTLFLAG_RW, &g_eli_debug, 0, 68148456Spjd "Debug level"); 69148456Spjdstatic u_int g_eli_tries = 3; 70148456SpjdTUNABLE_INT("kern.geom.eli.tries", &g_eli_tries); 71148456SpjdSYSCTL_UINT(_kern_geom_eli, OID_AUTO, tries, CTLFLAG_RW, &g_eli_tries, 0, 72155432Sbrueffer "Number of tries for entering the passphrase"); 73215299Sedstatic u_int g_eli_visible_passphrase = GETS_NOECHO; 74148456SpjdTUNABLE_INT("kern.geom.eli.visible_passphrase", &g_eli_visible_passphrase); 75148456SpjdSYSCTL_UINT(_kern_geom_eli, OID_AUTO, visible_passphrase, CTLFLAG_RW, 76148456Spjd &g_eli_visible_passphrase, 0, 77215299Sed "Visibility of passphrase prompt (0 = invisible, 1 = visible, 2 = asterisk)"); 78213062Spjdu_int g_eli_overwrites = G_ELI_OVERWRITES; 79159306SpjdTUNABLE_INT("kern.geom.eli.overwrites", &g_eli_overwrites); 80148456SpjdSYSCTL_UINT(_kern_geom_eli, OID_AUTO, overwrites, CTLFLAG_RW, &g_eli_overwrites, 81155432Sbrueffer 0, "Number of times on-disk keys should be overwritten when destroying them"); 82149353Spjdstatic u_int g_eli_threads = 0; 83148456SpjdTUNABLE_INT("kern.geom.eli.threads", &g_eli_threads); 84148456SpjdSYSCTL_UINT(_kern_geom_eli, OID_AUTO, threads, CTLFLAG_RW, &g_eli_threads, 0, 85148456Spjd "Number of threads doing crypto work"); 86159307Spjdu_int g_eli_batch = 0; 87159307SpjdTUNABLE_INT("kern.geom.eli.batch", &g_eli_batch); 88159307SpjdSYSCTL_UINT(_kern_geom_eli, OID_AUTO, batch, CTLFLAG_RW, &g_eli_batch, 0, 89159307Spjd "Use crypto operations batching"); 90148456Spjd 91189900Spjdstatic eventhandler_tag g_eli_pre_sync = NULL; 92189900Spjd 93148456Spjdstatic int g_eli_destroy_geom(struct gctl_req *req, struct g_class *mp, 94148456Spjd struct g_geom *gp); 95189900Spjdstatic void g_eli_init(struct g_class *mp); 96189900Spjdstatic void g_eli_fini(struct g_class *mp); 97148456Spjd 98148456Spjdstatic g_taste_t g_eli_taste; 99148456Spjdstatic g_dumpconf_t g_eli_dumpconf; 100148456Spjd 101148456Spjdstruct g_class g_eli_class = { 102148456Spjd .name = G_ELI_CLASS_NAME, 103148456Spjd .version = G_VERSION, 104148456Spjd .ctlreq = g_eli_config, 105148456Spjd .taste = g_eli_taste, 106189900Spjd .destroy_geom = g_eli_destroy_geom, 107189900Spjd .init = g_eli_init, 108189900Spjd .fini = g_eli_fini 109148456Spjd}; 110148456Spjd 111148456Spjd 112148456Spjd/* 113148456Spjd * Code paths: 114148456Spjd * BIO_READ: 115214118Spjd * g_eli_start -> g_eli_crypto_read -> g_io_request -> g_eli_read_done -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 116148456Spjd * BIO_WRITE: 117148456Spjd * g_eli_start -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> g_eli_write_done -> g_io_deliver 118148456Spjd */ 119148456Spjd 120148456Spjd 121148456Spjd/* 122148456Spjd * EAGAIN from crypto(9) means, that we were probably balanced to another crypto 123148456Spjd * accelerator or something like this. 124148456Spjd * The function updates the SID and rerun the operation. 125148456Spjd */ 126159307Spjdint 127148456Spjdg_eli_crypto_rerun(struct cryptop *crp) 128148456Spjd{ 129148456Spjd struct g_eli_softc *sc; 130148456Spjd struct g_eli_worker *wr; 131148456Spjd struct bio *bp; 132148456Spjd int error; 133148456Spjd 134148456Spjd bp = (struct bio *)crp->crp_opaque; 135148456Spjd sc = bp->bio_to->geom->softc; 136148456Spjd LIST_FOREACH(wr, &sc->sc_workers, w_next) { 137148456Spjd if (wr->w_number == bp->bio_pflags) 138148456Spjd break; 139148456Spjd } 140148456Spjd KASSERT(wr != NULL, ("Invalid worker (%u).", bp->bio_pflags)); 141155432Sbrueffer G_ELI_DEBUG(1, "Rerunning crypto %s request (sid: %ju -> %ju).", 142148456Spjd bp->bio_cmd == BIO_READ ? "READ" : "WRITE", (uintmax_t)wr->w_sid, 143148456Spjd (uintmax_t)crp->crp_sid); 144148456Spjd wr->w_sid = crp->crp_sid; 145148456Spjd crp->crp_etype = 0; 146148456Spjd error = crypto_dispatch(crp); 147148456Spjd if (error == 0) 148148456Spjd return (0); 149148456Spjd G_ELI_DEBUG(1, "%s: crypto_dispatch() returned %d.", __func__, error); 150148456Spjd crp->crp_etype = error; 151148456Spjd return (error); 152148456Spjd} 153148456Spjd 154148456Spjd/* 155148456Spjd * The function is called afer reading encrypted data from the provider. 156149030Spjd * 157214118Spjd * g_eli_start -> g_eli_crypto_read -> g_io_request -> G_ELI_READ_DONE -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 158148456Spjd */ 159159307Spjdvoid 160148456Spjdg_eli_read_done(struct bio *bp) 161148456Spjd{ 162148456Spjd struct g_eli_softc *sc; 163148456Spjd struct bio *pbp; 164148456Spjd 165148456Spjd G_ELI_LOGREQ(2, bp, "Request done."); 166148456Spjd pbp = bp->bio_parent; 167148456Spjd if (pbp->bio_error == 0) 168148456Spjd pbp->bio_error = bp->bio_error; 169220299Strociny g_destroy_bio(bp); 170159307Spjd /* 171159307Spjd * Do we have all sectors already? 172159307Spjd */ 173159307Spjd pbp->bio_inbed++; 174159307Spjd if (pbp->bio_inbed < pbp->bio_children) 175159307Spjd return; 176214118Spjd sc = pbp->bio_to->geom->softc; 177148456Spjd if (pbp->bio_error != 0) { 178148456Spjd G_ELI_LOGREQ(0, pbp, "%s() failed", __func__); 179148456Spjd pbp->bio_completed = 0; 180159307Spjd if (pbp->bio_driver2 != NULL) { 181159307Spjd free(pbp->bio_driver2, M_ELI); 182159307Spjd pbp->bio_driver2 = NULL; 183159307Spjd } 184148456Spjd g_io_deliver(pbp, pbp->bio_error); 185214118Spjd atomic_subtract_int(&sc->sc_inflight, 1); 186148456Spjd return; 187148456Spjd } 188149193Spjd mtx_lock(&sc->sc_queue_mtx); 189149193Spjd bioq_insert_tail(&sc->sc_queue, pbp); 190149193Spjd mtx_unlock(&sc->sc_queue_mtx); 191149193Spjd wakeup(sc); 192148456Spjd} 193148456Spjd 194148456Spjd/* 195148456Spjd * The function is called after we encrypt and write data. 196149030Spjd * 197149030Spjd * g_eli_start -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> G_ELI_WRITE_DONE -> g_io_deliver 198148456Spjd */ 199159307Spjdvoid 200148456Spjdg_eli_write_done(struct bio *bp) 201148456Spjd{ 202214118Spjd struct g_eli_softc *sc; 203148456Spjd struct bio *pbp; 204148456Spjd 205148456Spjd G_ELI_LOGREQ(2, bp, "Request done."); 206148456Spjd pbp = bp->bio_parent; 207159307Spjd if (pbp->bio_error == 0) { 208159307Spjd if (bp->bio_error != 0) 209159307Spjd pbp->bio_error = bp->bio_error; 210159307Spjd } 211220299Strociny g_destroy_bio(bp); 212159307Spjd /* 213159307Spjd * Do we have all sectors already? 214159307Spjd */ 215159307Spjd pbp->bio_inbed++; 216159307Spjd if (pbp->bio_inbed < pbp->bio_children) 217159307Spjd return; 218148456Spjd free(pbp->bio_driver2, M_ELI); 219148456Spjd pbp->bio_driver2 = NULL; 220159307Spjd if (pbp->bio_error != 0) { 221149931Spjd G_ELI_LOGREQ(0, pbp, "Crypto WRITE request failed (error=%d).", 222148456Spjd pbp->bio_error); 223148456Spjd pbp->bio_completed = 0; 224148456Spjd } 225148456Spjd /* 226148456Spjd * Write is finished, send it up. 227148456Spjd */ 228159307Spjd pbp->bio_completed = pbp->bio_length; 229214118Spjd sc = pbp->bio_to->geom->softc; 230148456Spjd g_io_deliver(pbp, pbp->bio_error); 231214118Spjd atomic_subtract_int(&sc->sc_inflight, 1); 232148456Spjd} 233148456Spjd 234148456Spjd/* 235148456Spjd * This function should never be called, but GEOM made as it set ->orphan() 236148456Spjd * method for every geom. 237148456Spjd */ 238148456Spjdstatic void 239148456Spjdg_eli_orphan_spoil_assert(struct g_consumer *cp) 240148456Spjd{ 241148456Spjd 242148456Spjd panic("Function %s() called for %s.", __func__, cp->geom->name); 243148456Spjd} 244148456Spjd 245148456Spjdstatic void 246148456Spjdg_eli_orphan(struct g_consumer *cp) 247148456Spjd{ 248148456Spjd struct g_eli_softc *sc; 249148456Spjd 250148456Spjd g_topology_assert(); 251148456Spjd sc = cp->geom->softc; 252148456Spjd if (sc == NULL) 253148456Spjd return; 254214118Spjd g_eli_destroy(sc, TRUE); 255148456Spjd} 256148456Spjd 257149030Spjd/* 258214116Spjd * BIO_READ: 259214118Spjd * G_ELI_START -> g_eli_crypto_read -> g_io_request -> g_eli_read_done -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver 260214116Spjd * BIO_WRITE: 261214116Spjd * G_ELI_START -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> g_eli_write_done -> g_io_deliver 262149030Spjd */ 263155174Spjdstatic void 264148456Spjdg_eli_start(struct bio *bp) 265155174Spjd{ 266148456Spjd struct g_eli_softc *sc; 267157686Spjd struct g_consumer *cp; 268148456Spjd struct bio *cbp; 269148456Spjd 270148456Spjd sc = bp->bio_to->geom->softc; 271148456Spjd KASSERT(sc != NULL, 272148456Spjd ("Provider's error should be set (error=%d)(device=%s).", 273148456Spjd bp->bio_to->error, bp->bio_to->name)); 274148456Spjd G_ELI_LOGREQ(2, bp, "Request received."); 275148456Spjd 276148456Spjd switch (bp->bio_cmd) { 277148456Spjd case BIO_READ: 278148456Spjd case BIO_WRITE: 279157686Spjd case BIO_GETATTR: 280163836Spjd case BIO_FLUSH: 281148456Spjd break; 282148456Spjd case BIO_DELETE: 283148456Spjd /* 284148456Spjd * We could eventually support BIO_DELETE request. 285148456Spjd * It could be done by overwritting requested sector with 286148456Spjd * random data g_eli_overwrites number of times. 287148456Spjd */ 288162834Spjd default: 289148456Spjd g_io_deliver(bp, EOPNOTSUPP); 290148456Spjd return; 291148456Spjd } 292148456Spjd cbp = g_clone_bio(bp); 293148456Spjd if (cbp == NULL) { 294148456Spjd g_io_deliver(bp, ENOMEM); 295148456Spjd return; 296148456Spjd } 297214118Spjd bp->bio_driver1 = cbp; 298214118Spjd bp->bio_pflags = G_ELI_NEW_BIO; 299157686Spjd switch (bp->bio_cmd) { 300157686Spjd case BIO_READ: 301159307Spjd if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) { 302214118Spjd g_eli_crypto_read(sc, bp, 0); 303159307Spjd break; 304159307Spjd } 305159307Spjd /* FALLTHROUGH */ 306157686Spjd case BIO_WRITE: 307149193Spjd mtx_lock(&sc->sc_queue_mtx); 308149193Spjd bioq_insert_tail(&sc->sc_queue, bp); 309149193Spjd mtx_unlock(&sc->sc_queue_mtx); 310149193Spjd wakeup(sc); 311157686Spjd break; 312157686Spjd case BIO_GETATTR: 313163836Spjd case BIO_FLUSH: 314157686Spjd cbp->bio_done = g_std_done; 315157686Spjd cp = LIST_FIRST(&sc->sc_geom->consumer); 316157686Spjd cbp->bio_to = cp->provider; 317157783Spjd G_ELI_LOGREQ(2, cbp, "Sending request."); 318157686Spjd g_io_request(cbp, cp); 319157686Spjd break; 320148456Spjd } 321148456Spjd} 322148456Spjd 323214163Spjdstatic int 324214163Spjdg_eli_newsession(struct g_eli_worker *wr) 325214163Spjd{ 326214163Spjd struct g_eli_softc *sc; 327214163Spjd struct cryptoini crie, cria; 328214163Spjd int error; 329214163Spjd 330214163Spjd sc = wr->w_softc; 331214163Spjd 332214163Spjd bzero(&crie, sizeof(crie)); 333214163Spjd crie.cri_alg = sc->sc_ealgo; 334214163Spjd crie.cri_klen = sc->sc_ekeylen; 335214163Spjd if (sc->sc_ealgo == CRYPTO_AES_XTS) 336214163Spjd crie.cri_klen <<= 1; 337221628Spjd if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) != 0) { 338221628Spjd crie.cri_key = g_eli_key_hold(sc, 0, 339221628Spjd LIST_FIRST(&sc->sc_geom->consumer)->provider->sectorsize); 340221628Spjd } else { 341221628Spjd crie.cri_key = sc->sc_ekey; 342221628Spjd } 343214163Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) { 344214163Spjd bzero(&cria, sizeof(cria)); 345214163Spjd cria.cri_alg = sc->sc_aalgo; 346214163Spjd cria.cri_klen = sc->sc_akeylen; 347214163Spjd cria.cri_key = sc->sc_akey; 348214163Spjd crie.cri_next = &cria; 349214163Spjd } 350214163Spjd 351214163Spjd switch (sc->sc_crypto) { 352214163Spjd case G_ELI_CRYPTO_SW: 353214163Spjd error = crypto_newsession(&wr->w_sid, &crie, 354214163Spjd CRYPTOCAP_F_SOFTWARE); 355214163Spjd break; 356214163Spjd case G_ELI_CRYPTO_HW: 357214163Spjd error = crypto_newsession(&wr->w_sid, &crie, 358214163Spjd CRYPTOCAP_F_HARDWARE); 359214163Spjd break; 360214163Spjd case G_ELI_CRYPTO_UNKNOWN: 361214163Spjd error = crypto_newsession(&wr->w_sid, &crie, 362214163Spjd CRYPTOCAP_F_HARDWARE); 363214163Spjd if (error == 0) { 364214163Spjd mtx_lock(&sc->sc_queue_mtx); 365214163Spjd if (sc->sc_crypto == G_ELI_CRYPTO_UNKNOWN) 366214163Spjd sc->sc_crypto = G_ELI_CRYPTO_HW; 367214163Spjd mtx_unlock(&sc->sc_queue_mtx); 368214163Spjd } else { 369214163Spjd error = crypto_newsession(&wr->w_sid, &crie, 370214163Spjd CRYPTOCAP_F_SOFTWARE); 371214163Spjd mtx_lock(&sc->sc_queue_mtx); 372214163Spjd if (sc->sc_crypto == G_ELI_CRYPTO_UNKNOWN) 373214163Spjd sc->sc_crypto = G_ELI_CRYPTO_SW; 374214163Spjd mtx_unlock(&sc->sc_queue_mtx); 375214163Spjd } 376214163Spjd break; 377214163Spjd default: 378214163Spjd panic("%s: invalid condition", __func__); 379214163Spjd } 380214163Spjd 381221628Spjd if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) != 0) 382221628Spjd g_eli_key_drop(sc, crie.cri_key); 383221628Spjd 384214163Spjd return (error); 385214163Spjd} 386214163Spjd 387214118Spjdstatic void 388214163Spjdg_eli_freesession(struct g_eli_worker *wr) 389214163Spjd{ 390214163Spjd 391214163Spjd crypto_freesession(wr->w_sid); 392214163Spjd} 393214163Spjd 394214163Spjdstatic void 395214118Spjdg_eli_cancel(struct g_eli_softc *sc) 396214118Spjd{ 397214118Spjd struct bio *bp; 398214118Spjd 399214118Spjd mtx_assert(&sc->sc_queue_mtx, MA_OWNED); 400214118Spjd 401214118Spjd while ((bp = bioq_takefirst(&sc->sc_queue)) != NULL) { 402214118Spjd KASSERT(bp->bio_pflags == G_ELI_NEW_BIO, 403214118Spjd ("Not new bio when canceling (bp=%p).", bp)); 404214118Spjd g_io_deliver(bp, ENXIO); 405214118Spjd } 406214118Spjd} 407214118Spjd 408214118Spjdstatic struct bio * 409214118Spjdg_eli_takefirst(struct g_eli_softc *sc) 410214118Spjd{ 411214118Spjd struct bio *bp; 412214118Spjd 413214118Spjd mtx_assert(&sc->sc_queue_mtx, MA_OWNED); 414214118Spjd 415214118Spjd if (!(sc->sc_flags & G_ELI_FLAG_SUSPEND)) 416214118Spjd return (bioq_takefirst(&sc->sc_queue)); 417214118Spjd /* 418214118Spjd * Device suspended, so we skip new I/O requests. 419214118Spjd */ 420214118Spjd TAILQ_FOREACH(bp, &sc->sc_queue.queue, bio_queue) { 421214118Spjd if (bp->bio_pflags != G_ELI_NEW_BIO) 422214118Spjd break; 423214118Spjd } 424214118Spjd if (bp != NULL) 425214118Spjd bioq_remove(&sc->sc_queue, bp); 426214118Spjd return (bp); 427214118Spjd} 428214118Spjd 429148456Spjd/* 430148456Spjd * This is the main function for kernel worker thread when we don't have 431148456Spjd * hardware acceleration and we have to do cryptography in software. 432148456Spjd * Dedicated thread is needed, so we don't slow down g_up/g_down GEOM 433148456Spjd * threads with crypto work. 434148456Spjd */ 435148456Spjdstatic void 436148456Spjdg_eli_worker(void *arg) 437148456Spjd{ 438148456Spjd struct g_eli_softc *sc; 439148456Spjd struct g_eli_worker *wr; 440148456Spjd struct bio *bp; 441214163Spjd int error; 442148456Spjd 443148456Spjd wr = arg; 444148456Spjd sc = wr->w_softc; 445166321Spjd#ifdef SMP 446166321Spjd /* Before sched_bind() to a CPU, wait for all CPUs to go on-line. */ 447226840Spjd if (sc->sc_cpubind) { 448166321Spjd while (!smp_started) 449166321Spjd tsleep(wr, 0, "geli:smp", hz / 4); 450166321Spjd } 451166321Spjd#endif 452170307Sjeff thread_lock(curthread); 453206665Spjd sched_prio(curthread, PUSER); 454226840Spjd if (sc->sc_cpubind) 455226840Spjd sched_bind(curthread, wr->w_number % mp_ncpus); 456170307Sjeff thread_unlock(curthread); 457155174Spjd 458148456Spjd G_ELI_DEBUG(1, "Thread %s started.", curthread->td_proc->p_comm); 459148456Spjd 460148456Spjd for (;;) { 461148456Spjd mtx_lock(&sc->sc_queue_mtx); 462214118Spjdagain: 463214118Spjd bp = g_eli_takefirst(sc); 464148456Spjd if (bp == NULL) { 465159307Spjd if (sc->sc_flags & G_ELI_FLAG_DESTROY) { 466214118Spjd g_eli_cancel(sc); 467148456Spjd LIST_REMOVE(wr, w_next); 468214163Spjd g_eli_freesession(wr); 469148456Spjd free(wr, M_ELI); 470148456Spjd G_ELI_DEBUG(1, "Thread %s exiting.", 471148456Spjd curthread->td_proc->p_comm); 472148456Spjd wakeup(&sc->sc_workers); 473148456Spjd mtx_unlock(&sc->sc_queue_mtx); 474172836Sjulian kproc_exit(0); 475148456Spjd } 476214118Spjd while (sc->sc_flags & G_ELI_FLAG_SUSPEND) { 477214118Spjd if (sc->sc_inflight > 0) { 478226727Spjd G_ELI_DEBUG(0, "inflight=%d", 479226727Spjd sc->sc_inflight); 480214118Spjd /* 481214118Spjd * We still have inflight BIOs, so 482214118Spjd * sleep and retry. 483214118Spjd */ 484214118Spjd msleep(sc, &sc->sc_queue_mtx, PRIBIO, 485214118Spjd "geli:inf", hz / 5); 486214118Spjd goto again; 487214118Spjd } 488214118Spjd /* 489214118Spjd * Suspend requested, mark the worker as 490214118Spjd * suspended and go to sleep. 491214118Spjd */ 492214163Spjd if (wr->w_active) { 493214163Spjd g_eli_freesession(wr); 494214163Spjd wr->w_active = FALSE; 495214163Spjd } 496214118Spjd wakeup(&sc->sc_workers); 497214118Spjd msleep(sc, &sc->sc_queue_mtx, PRIBIO, 498214118Spjd "geli:suspend", 0); 499214163Spjd if (!wr->w_active && 500214163Spjd !(sc->sc_flags & G_ELI_FLAG_SUSPEND)) { 501214163Spjd error = g_eli_newsession(wr); 502214163Spjd KASSERT(error == 0, 503214163Spjd ("g_eli_newsession() failed on resume (error=%d)", 504214163Spjd error)); 505214163Spjd wr->w_active = TRUE; 506214163Spjd } 507214118Spjd goto again; 508214118Spjd } 509206665Spjd msleep(sc, &sc->sc_queue_mtx, PDROP, "geli:w", 0); 510148456Spjd continue; 511148456Spjd } 512214118Spjd if (bp->bio_pflags == G_ELI_NEW_BIO) 513214118Spjd atomic_add_int(&sc->sc_inflight, 1); 514148456Spjd mtx_unlock(&sc->sc_queue_mtx); 515214118Spjd if (bp->bio_pflags == G_ELI_NEW_BIO) { 516214118Spjd bp->bio_pflags = 0; 517214118Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) { 518214118Spjd if (bp->bio_cmd == BIO_READ) 519214118Spjd g_eli_auth_read(sc, bp); 520214118Spjd else 521214118Spjd g_eli_auth_run(wr, bp); 522214118Spjd } else { 523214118Spjd if (bp->bio_cmd == BIO_READ) 524214118Spjd g_eli_crypto_read(sc, bp, 1); 525214118Spjd else 526214118Spjd g_eli_crypto_run(wr, bp); 527214118Spjd } 528214118Spjd } else { 529214118Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) 530214118Spjd g_eli_auth_run(wr, bp); 531214118Spjd else 532214118Spjd g_eli_crypto_run(wr, bp); 533214118Spjd } 534148456Spjd } 535148456Spjd} 536148456Spjd 537148456Spjd/* 538148456Spjd * Here we generate IV. It is unique for every sector. 539148456Spjd */ 540159307Spjdvoid 541148456Spjdg_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, 542148456Spjd size_t size) 543148456Spjd{ 544213070Spjd uint8_t off[8]; 545148456Spjd 546211927Spjd if ((sc->sc_flags & G_ELI_FLAG_NATIVE_BYTE_ORDER) != 0) 547211927Spjd bcopy(&offset, off, sizeof(off)); 548211927Spjd else 549161220Spjd le64enc(off, (uint64_t)offset); 550213070Spjd 551213070Spjd switch (sc->sc_ealgo) { 552213070Spjd case CRYPTO_AES_XTS: 553213070Spjd bcopy(off, iv, sizeof(off)); 554213070Spjd bzero(iv + sizeof(off), size - sizeof(off)); 555213070Spjd break; 556213070Spjd default: 557213070Spjd { 558213070Spjd u_char hash[SHA256_DIGEST_LENGTH]; 559213070Spjd SHA256_CTX ctx; 560213070Spjd 561213070Spjd /* Copy precalculated SHA256 context for IV-Key. */ 562213070Spjd bcopy(&sc->sc_ivctx, &ctx, sizeof(ctx)); 563213070Spjd SHA256_Update(&ctx, off, sizeof(off)); 564213070Spjd SHA256_Final(hash, &ctx); 565213070Spjd bcopy(hash, iv, MIN(sizeof(hash), size)); 566213070Spjd break; 567213070Spjd } 568213070Spjd } 569148456Spjd} 570148456Spjd 571148456Spjdint 572148456Spjdg_eli_read_metadata(struct g_class *mp, struct g_provider *pp, 573148456Spjd struct g_eli_metadata *md) 574148456Spjd{ 575148456Spjd struct g_geom *gp; 576148456Spjd struct g_consumer *cp; 577148456Spjd u_char *buf = NULL; 578148456Spjd int error; 579148456Spjd 580148456Spjd g_topology_assert(); 581148456Spjd 582148456Spjd gp = g_new_geomf(mp, "eli:taste"); 583148456Spjd gp->start = g_eli_start; 584148456Spjd gp->access = g_std_access; 585148456Spjd /* 586148456Spjd * g_eli_read_metadata() is always called from the event thread. 587148456Spjd * Our geom is created and destroyed in the same event, so there 588148456Spjd * could be no orphan nor spoil event in the meantime. 589148456Spjd */ 590148456Spjd gp->orphan = g_eli_orphan_spoil_assert; 591148456Spjd gp->spoiled = g_eli_orphan_spoil_assert; 592148456Spjd cp = g_new_consumer(gp); 593148456Spjd error = g_attach(cp, pp); 594148456Spjd if (error != 0) 595148456Spjd goto end; 596148456Spjd error = g_access(cp, 1, 0, 0); 597148456Spjd if (error != 0) 598148456Spjd goto end; 599148456Spjd g_topology_unlock(); 600148456Spjd buf = g_read_data(cp, pp->mediasize - pp->sectorsize, pp->sectorsize, 601148456Spjd &error); 602148456Spjd g_topology_lock(); 603152967Ssobomax if (buf == NULL) 604148456Spjd goto end; 605148456Spjd eli_metadata_decode(buf, md); 606148456Spjdend: 607148456Spjd if (buf != NULL) 608148456Spjd g_free(buf); 609148456Spjd if (cp->provider != NULL) { 610148456Spjd if (cp->acr == 1) 611148456Spjd g_access(cp, -1, 0, 0); 612148456Spjd g_detach(cp); 613148456Spjd } 614148456Spjd g_destroy_consumer(cp); 615148456Spjd g_destroy_geom(gp); 616148456Spjd return (error); 617148456Spjd} 618148456Spjd 619148456Spjd/* 620148456Spjd * The function is called when we had last close on provider and user requested 621148456Spjd * to close it when this situation occur. 622148456Spjd */ 623148456Spjdstatic void 624255144Smavg_eli_last_close(void *arg, int flags __unused) 625148456Spjd{ 626148456Spjd struct g_geom *gp; 627255144Smav char gpname[64]; 628148456Spjd int error; 629148456Spjd 630148456Spjd g_topology_assert(); 631255144Smav gp = arg; 632255144Smav strlcpy(gpname, gp->name, sizeof(gpname)); 633255144Smav error = g_eli_destroy(gp->softc, TRUE); 634148456Spjd KASSERT(error == 0, ("Cannot detach %s on last close (error=%d).", 635255144Smav gpname, error)); 636255144Smav G_ELI_DEBUG(0, "Detached %s on last close.", gpname); 637148456Spjd} 638148456Spjd 639148456Spjdint 640148456Spjdg_eli_access(struct g_provider *pp, int dr, int dw, int de) 641148456Spjd{ 642148456Spjd struct g_eli_softc *sc; 643148456Spjd struct g_geom *gp; 644148456Spjd 645148456Spjd gp = pp->geom; 646148456Spjd sc = gp->softc; 647148456Spjd 648148456Spjd if (dw > 0) { 649161127Spjd if (sc->sc_flags & G_ELI_FLAG_RO) { 650161127Spjd /* Deny write attempts. */ 651161127Spjd return (EROFS); 652161127Spjd } 653148456Spjd /* Someone is opening us for write, we need to remember that. */ 654148456Spjd sc->sc_flags |= G_ELI_FLAG_WOPEN; 655148456Spjd return (0); 656148456Spjd } 657148456Spjd /* Is this the last close? */ 658148456Spjd if (pp->acr + dr > 0 || pp->acw + dw > 0 || pp->ace + de > 0) 659148456Spjd return (0); 660148456Spjd 661148456Spjd /* 662148456Spjd * Automatically detach on last close if requested. 663148456Spjd */ 664148456Spjd if ((sc->sc_flags & G_ELI_FLAG_RW_DETACH) || 665148456Spjd (sc->sc_flags & G_ELI_FLAG_WOPEN)) { 666255144Smav g_post_event(g_eli_last_close, gp, M_WAITOK, NULL); 667148456Spjd } 668148456Spjd return (0); 669148456Spjd} 670148456Spjd 671163877Spjdstatic int 672163877Spjdg_eli_cpu_is_disabled(int cpu) 673163877Spjd{ 674163877Spjd#ifdef SMP 675222813Sattilio return (CPU_ISSET(cpu, &hlt_cpus_mask)); 676163877Spjd#else 677163877Spjd return (0); 678163877Spjd#endif 679163877Spjd} 680163877Spjd 681148456Spjdstruct g_geom * 682148456Spjdg_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp, 683148456Spjd const struct g_eli_metadata *md, const u_char *mkey, int nkey) 684148456Spjd{ 685148456Spjd struct g_eli_softc *sc; 686148456Spjd struct g_eli_worker *wr; 687148456Spjd struct g_geom *gp; 688148456Spjd struct g_provider *pp; 689148456Spjd struct g_consumer *cp; 690148456Spjd u_int i, threads; 691148456Spjd int error; 692148456Spjd 693148456Spjd G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX); 694148456Spjd 695148456Spjd gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX); 696148456Spjd sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO); 697148456Spjd gp->start = g_eli_start; 698148456Spjd /* 699148456Spjd * Spoiling cannot happen actually, because we keep provider open for 700161127Spjd * writing all the time or provider is read-only. 701148456Spjd */ 702148456Spjd gp->spoiled = g_eli_orphan_spoil_assert; 703148456Spjd gp->orphan = g_eli_orphan; 704161127Spjd gp->dumpconf = g_eli_dumpconf; 705148456Spjd /* 706161127Spjd * If detach-on-last-close feature is not enabled and we don't operate 707161127Spjd * on read-only provider, we can simply use g_std_access(). 708148456Spjd */ 709161127Spjd if (md->md_flags & (G_ELI_FLAG_WO_DETACH | G_ELI_FLAG_RO)) 710148456Spjd gp->access = g_eli_access; 711148456Spjd else 712148456Spjd gp->access = g_std_access; 713148456Spjd 714226733Spjd sc->sc_version = md->md_version; 715214118Spjd sc->sc_inflight = 0; 716214163Spjd sc->sc_crypto = G_ELI_CRYPTO_UNKNOWN; 717148456Spjd sc->sc_flags = md->md_flags; 718161220Spjd /* Backward compatibility. */ 719226728Spjd if (md->md_version < G_ELI_VERSION_04) 720161220Spjd sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER; 721226728Spjd if (md->md_version < G_ELI_VERSION_05) 722213067Spjd sc->sc_flags |= G_ELI_FLAG_SINGLE_KEY; 723226728Spjd if (md->md_version < G_ELI_VERSION_06 && 724226728Spjd (sc->sc_flags & G_ELI_FLAG_AUTH) != 0) { 725221628Spjd sc->sc_flags |= G_ELI_FLAG_FIRST_KEY; 726226728Spjd } 727238116Spjd if (md->md_version < G_ELI_VERSION_07) 728238116Spjd sc->sc_flags |= G_ELI_FLAG_ENC_IVKEY; 729159307Spjd sc->sc_ealgo = md->md_ealgo; 730148456Spjd sc->sc_nkey = nkey; 731148456Spjd 732159307Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) { 733159307Spjd sc->sc_akeylen = sizeof(sc->sc_akey) * 8; 734159307Spjd sc->sc_aalgo = md->md_aalgo; 735159307Spjd sc->sc_alen = g_eli_hashlen(sc->sc_aalgo); 736159307Spjd 737159307Spjd sc->sc_data_per_sector = bpp->sectorsize - sc->sc_alen; 738159307Spjd /* 739159307Spjd * Some hash functions (like SHA1 and RIPEMD160) generates hash 740159307Spjd * which length is not multiple of 128 bits, but we want data 741159307Spjd * length to be multiple of 128, so we can encrypt without 742159307Spjd * padding. The line below rounds down data length to multiple 743159307Spjd * of 128 bits. 744159307Spjd */ 745159307Spjd sc->sc_data_per_sector -= sc->sc_data_per_sector % 16; 746159307Spjd 747159307Spjd sc->sc_bytes_per_sector = 748159307Spjd (md->md_sectorsize - 1) / sc->sc_data_per_sector + 1; 749159307Spjd sc->sc_bytes_per_sector *= bpp->sectorsize; 750159307Spjd } 751159307Spjd 752148456Spjd gp->softc = sc; 753148456Spjd sc->sc_geom = gp; 754148456Spjd 755148456Spjd bioq_init(&sc->sc_queue); 756148456Spjd mtx_init(&sc->sc_queue_mtx, "geli:queue", NULL, MTX_DEF); 757220922Spjd mtx_init(&sc->sc_ekeys_lock, "geli:ekeys", NULL, MTX_DEF); 758148456Spjd 759148456Spjd pp = NULL; 760148456Spjd cp = g_new_consumer(gp); 761148456Spjd error = g_attach(cp, bpp); 762148456Spjd if (error != 0) { 763148456Spjd if (req != NULL) { 764148456Spjd gctl_error(req, "Cannot attach to %s (error=%d).", 765148456Spjd bpp->name, error); 766148456Spjd } else { 767148456Spjd G_ELI_DEBUG(1, "Cannot attach to %s (error=%d).", 768148456Spjd bpp->name, error); 769148456Spjd } 770148456Spjd goto failed; 771148456Spjd } 772148456Spjd /* 773148456Spjd * Keep provider open all the time, so we can run critical tasks, 774148456Spjd * like Master Keys deletion, without wondering if we can open 775148456Spjd * provider or not. 776161127Spjd * We don't open provider for writing only when user requested read-only 777161127Spjd * access. 778148456Spjd */ 779161127Spjd if (sc->sc_flags & G_ELI_FLAG_RO) 780161127Spjd error = g_access(cp, 1, 0, 1); 781161127Spjd else 782161127Spjd error = g_access(cp, 1, 1, 1); 783148456Spjd if (error != 0) { 784148456Spjd if (req != NULL) { 785148456Spjd gctl_error(req, "Cannot access %s (error=%d).", 786148456Spjd bpp->name, error); 787148456Spjd } else { 788148456Spjd G_ELI_DEBUG(1, "Cannot access %s (error=%d).", 789148456Spjd bpp->name, error); 790148456Spjd } 791148456Spjd goto failed; 792148456Spjd } 793148456Spjd 794213067Spjd sc->sc_sectorsize = md->md_sectorsize; 795213067Spjd sc->sc_mediasize = bpp->mediasize; 796213067Spjd if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) 797213067Spjd sc->sc_mediasize -= bpp->sectorsize; 798213067Spjd if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) 799213067Spjd sc->sc_mediasize -= (sc->sc_mediasize % sc->sc_sectorsize); 800213067Spjd else { 801213067Spjd sc->sc_mediasize /= sc->sc_bytes_per_sector; 802213067Spjd sc->sc_mediasize *= sc->sc_sectorsize; 803213067Spjd } 804213067Spjd 805213067Spjd /* 806213067Spjd * Remember the keys in our softc structure. 807213067Spjd */ 808213067Spjd g_eli_mkey_propagate(sc, mkey); 809213067Spjd sc->sc_ekeylen = md->md_keylen; 810213067Spjd 811148456Spjd LIST_INIT(&sc->sc_workers); 812148456Spjd 813148456Spjd threads = g_eli_threads; 814149353Spjd if (threads == 0) 815149353Spjd threads = mp_ncpus; 816226840Spjd sc->sc_cpubind = (mp_ncpus > 1 && threads == mp_ncpus); 817148456Spjd for (i = 0; i < threads; i++) { 818163877Spjd if (g_eli_cpu_is_disabled(i)) { 819163877Spjd G_ELI_DEBUG(1, "%s: CPU %u disabled, skipping.", 820163905Spjd bpp->name, i); 821163877Spjd continue; 822163877Spjd } 823148456Spjd wr = malloc(sizeof(*wr), M_ELI, M_WAITOK | M_ZERO); 824148456Spjd wr->w_softc = sc; 825148456Spjd wr->w_number = i; 826214118Spjd wr->w_active = TRUE; 827148456Spjd 828214163Spjd error = g_eli_newsession(wr); 829148456Spjd if (error != 0) { 830148456Spjd free(wr, M_ELI); 831148456Spjd if (req != NULL) { 832155432Sbrueffer gctl_error(req, "Cannot set up crypto session " 833148456Spjd "for %s (error=%d).", bpp->name, error); 834148456Spjd } else { 835155432Sbrueffer G_ELI_DEBUG(1, "Cannot set up crypto session " 836148456Spjd "for %s (error=%d).", bpp->name, error); 837148456Spjd } 838148456Spjd goto failed; 839148456Spjd } 840148456Spjd 841172836Sjulian error = kproc_create(g_eli_worker, wr, &wr->w_proc, 0, 0, 842148456Spjd "g_eli[%u] %s", i, bpp->name); 843148456Spjd if (error != 0) { 844214163Spjd g_eli_freesession(wr); 845148456Spjd free(wr, M_ELI); 846148456Spjd if (req != NULL) { 847149193Spjd gctl_error(req, "Cannot create kernel thread " 848149193Spjd "for %s (error=%d).", bpp->name, error); 849148456Spjd } else { 850149193Spjd G_ELI_DEBUG(1, "Cannot create kernel thread " 851149193Spjd "for %s (error=%d).", bpp->name, error); 852148456Spjd } 853148456Spjd goto failed; 854148456Spjd } 855148456Spjd LIST_INSERT_HEAD(&sc->sc_workers, wr, w_next); 856148456Spjd } 857148456Spjd 858148456Spjd /* 859148456Spjd * Create decrypted provider. 860148456Spjd */ 861148456Spjd pp = g_new_providerf(gp, "%s%s", bpp->name, G_ELI_SUFFIX); 862213067Spjd pp->mediasize = sc->sc_mediasize; 863213067Spjd pp->sectorsize = sc->sc_sectorsize; 864159307Spjd 865148456Spjd g_error_provider(pp, 0); 866148456Spjd 867148456Spjd G_ELI_DEBUG(0, "Device %s created.", pp->name); 868159307Spjd G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo), 869159307Spjd sc->sc_ekeylen); 870159307Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) 871159307Spjd G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo)); 872148456Spjd G_ELI_DEBUG(0, " Crypto: %s", 873148456Spjd sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware"); 874148456Spjd return (gp); 875148456Spjdfailed: 876149193Spjd mtx_lock(&sc->sc_queue_mtx); 877149193Spjd sc->sc_flags |= G_ELI_FLAG_DESTROY; 878149193Spjd wakeup(sc); 879149193Spjd /* 880149193Spjd * Wait for kernel threads self destruction. 881149193Spjd */ 882149193Spjd while (!LIST_EMPTY(&sc->sc_workers)) { 883149193Spjd msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO, 884149193Spjd "geli:destroy", 0); 885148456Spjd } 886148456Spjd mtx_destroy(&sc->sc_queue_mtx); 887148456Spjd if (cp->provider != NULL) { 888148456Spjd if (cp->acr == 1) 889148456Spjd g_access(cp, -1, -1, -1); 890148456Spjd g_detach(cp); 891148456Spjd } 892148456Spjd g_destroy_consumer(cp); 893148456Spjd g_destroy_geom(gp); 894220922Spjd g_eli_key_destroy(sc); 895148456Spjd bzero(sc, sizeof(*sc)); 896148456Spjd free(sc, M_ELI); 897148456Spjd return (NULL); 898148456Spjd} 899148456Spjd 900148456Spjdint 901148456Spjdg_eli_destroy(struct g_eli_softc *sc, boolean_t force) 902148456Spjd{ 903148456Spjd struct g_geom *gp; 904148456Spjd struct g_provider *pp; 905148456Spjd 906148456Spjd g_topology_assert(); 907148456Spjd 908148456Spjd if (sc == NULL) 909148456Spjd return (ENXIO); 910148456Spjd 911148456Spjd gp = sc->sc_geom; 912148456Spjd pp = LIST_FIRST(&gp->provider); 913148456Spjd if (pp != NULL && (pp->acr != 0 || pp->acw != 0 || pp->ace != 0)) { 914148456Spjd if (force) { 915148456Spjd G_ELI_DEBUG(1, "Device %s is still open, so it " 916155432Sbrueffer "cannot be definitely removed.", pp->name); 917255144Smav sc->sc_flags |= G_ELI_FLAG_RW_DETACH; 918255144Smav gp->access = g_eli_access; 919255144Smav g_wither_provider(pp, ENXIO); 920255144Smav return (EBUSY); 921148456Spjd } else { 922148456Spjd G_ELI_DEBUG(1, 923148456Spjd "Device %s is still open (r%dw%de%d).", pp->name, 924148456Spjd pp->acr, pp->acw, pp->ace); 925148456Spjd return (EBUSY); 926148456Spjd } 927148456Spjd } 928148456Spjd 929149193Spjd mtx_lock(&sc->sc_queue_mtx); 930149193Spjd sc->sc_flags |= G_ELI_FLAG_DESTROY; 931149193Spjd wakeup(sc); 932149193Spjd while (!LIST_EMPTY(&sc->sc_workers)) { 933149193Spjd msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO, 934149193Spjd "geli:destroy", 0); 935148456Spjd } 936148456Spjd mtx_destroy(&sc->sc_queue_mtx); 937148456Spjd gp->softc = NULL; 938220922Spjd g_eli_key_destroy(sc); 939148456Spjd bzero(sc, sizeof(*sc)); 940148456Spjd free(sc, M_ELI); 941148456Spjd 942148456Spjd if (pp == NULL || (pp->acr == 0 && pp->acw == 0 && pp->ace == 0)) 943148456Spjd G_ELI_DEBUG(0, "Device %s destroyed.", gp->name); 944148456Spjd g_wither_geom_close(gp, ENXIO); 945148456Spjd 946148456Spjd return (0); 947148456Spjd} 948148456Spjd 949148456Spjdstatic int 950148456Spjdg_eli_destroy_geom(struct gctl_req *req __unused, 951148456Spjd struct g_class *mp __unused, struct g_geom *gp) 952148456Spjd{ 953148456Spjd struct g_eli_softc *sc; 954148456Spjd 955148456Spjd sc = gp->softc; 956214118Spjd return (g_eli_destroy(sc, FALSE)); 957148456Spjd} 958148456Spjd 959155537Spjdstatic int 960155537Spjdg_eli_keyfiles_load(struct hmac_ctx *ctx, const char *provider) 961155537Spjd{ 962218663Smarcel u_char *keyfile, *data; 963155537Spjd char *file, name[64]; 964218663Smarcel size_t size; 965155537Spjd int i; 966155537Spjd 967155537Spjd for (i = 0; ; i++) { 968155537Spjd snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); 969155537Spjd keyfile = preload_search_by_type(name); 970155537Spjd if (keyfile == NULL) 971155537Spjd return (i); /* Return number of loaded keyfiles. */ 972218663Smarcel data = preload_fetch_addr(keyfile); 973155537Spjd if (data == NULL) { 974155537Spjd G_ELI_DEBUG(0, "Cannot find key file data for %s.", 975155537Spjd name); 976155537Spjd return (0); 977155537Spjd } 978218663Smarcel size = preload_fetch_size(keyfile); 979218663Smarcel if (size == 0) { 980155537Spjd G_ELI_DEBUG(0, "Cannot find key file size for %s.", 981155537Spjd name); 982155537Spjd return (0); 983155537Spjd } 984155537Spjd file = preload_search_info(keyfile, MODINFO_NAME); 985155537Spjd if (file == NULL) { 986155537Spjd G_ELI_DEBUG(0, "Cannot find key file name for %s.", 987155537Spjd name); 988155537Spjd return (0); 989155537Spjd } 990155537Spjd G_ELI_DEBUG(1, "Loaded keyfile %s for %s (type: %s).", file, 991155537Spjd provider, name); 992218663Smarcel g_eli_crypto_hmac_update(ctx, data, size); 993155537Spjd } 994155537Spjd} 995155537Spjd 996155537Spjdstatic void 997155537Spjdg_eli_keyfiles_clear(const char *provider) 998155537Spjd{ 999218663Smarcel u_char *keyfile, *data; 1000155537Spjd char name[64]; 1001218663Smarcel size_t size; 1002155537Spjd int i; 1003155537Spjd 1004155537Spjd for (i = 0; ; i++) { 1005155537Spjd snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); 1006155537Spjd keyfile = preload_search_by_type(name); 1007155537Spjd if (keyfile == NULL) 1008155537Spjd return; 1009218663Smarcel data = preload_fetch_addr(keyfile); 1010218663Smarcel size = preload_fetch_size(keyfile); 1011218663Smarcel if (data != NULL && size != 0) 1012218663Smarcel bzero(data, size); 1013155537Spjd } 1014155537Spjd} 1015155537Spjd 1016148456Spjd/* 1017148456Spjd * Tasting is only made on boot. 1018148456Spjd * We detect providers which should be attached before root is mounted. 1019148456Spjd */ 1020148456Spjdstatic struct g_geom * 1021148456Spjdg_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) 1022148456Spjd{ 1023148456Spjd struct g_eli_metadata md; 1024148456Spjd struct g_geom *gp; 1025148456Spjd struct hmac_ctx ctx; 1026148456Spjd char passphrase[256]; 1027148456Spjd u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN]; 1028155537Spjd u_int i, nkey, nkeyfiles, tries; 1029148456Spjd int error; 1030148456Spjd 1031148456Spjd g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name); 1032148456Spjd g_topology_assert(); 1033148456Spjd 1034168507Spjd if (root_mounted() || g_eli_tries == 0) 1035148456Spjd return (NULL); 1036148456Spjd 1037148456Spjd G_ELI_DEBUG(3, "Tasting %s.", pp->name); 1038148456Spjd 1039148456Spjd error = g_eli_read_metadata(mp, pp, &md); 1040148456Spjd if (error != 0) 1041148456Spjd return (NULL); 1042148456Spjd gp = NULL; 1043148456Spjd 1044148456Spjd if (strcmp(md.md_magic, G_ELI_MAGIC) != 0) 1045148456Spjd return (NULL); 1046148456Spjd if (md.md_version > G_ELI_VERSION) { 1047148456Spjd printf("geom_eli.ko module is too old to handle %s.\n", 1048148456Spjd pp->name); 1049148456Spjd return (NULL); 1050148456Spjd } 1051148456Spjd if (md.md_provsize != pp->mediasize) 1052148456Spjd return (NULL); 1053148456Spjd /* Should we attach it on boot? */ 1054159307Spjd if (!(md.md_flags & G_ELI_FLAG_BOOT)) 1055148456Spjd return (NULL); 1056148456Spjd if (md.md_keys == 0x00) { 1057148456Spjd G_ELI_DEBUG(0, "No valid keys on %s.", pp->name); 1058148456Spjd return (NULL); 1059148456Spjd } 1060155537Spjd if (md.md_iterations == -1) { 1061155537Spjd /* If there is no passphrase, we try only once. */ 1062155537Spjd tries = 1; 1063155537Spjd } else { 1064155537Spjd /* Ask for the passphrase no more than g_eli_tries times. */ 1065155537Spjd tries = g_eli_tries; 1066155537Spjd } 1067148456Spjd 1068155537Spjd for (i = 0; i < tries; i++) { 1069155537Spjd g_eli_crypto_hmac_init(&ctx, NULL, 0); 1070155537Spjd 1071148456Spjd /* 1072155537Spjd * Load all key files. 1073155537Spjd */ 1074155537Spjd nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name); 1075155537Spjd 1076155537Spjd if (nkeyfiles == 0 && md.md_iterations == -1) { 1077155537Spjd /* 1078155537Spjd * No key files and no passphrase, something is 1079155537Spjd * definitely wrong here. 1080155537Spjd * geli(8) doesn't allow for such situation, so assume 1081155537Spjd * that there was really no passphrase and in that case 1082155537Spjd * key files are no properly defined in loader.conf. 1083155537Spjd */ 1084155537Spjd G_ELI_DEBUG(0, 1085155537Spjd "Found no key files in loader.conf for %s.", 1086155537Spjd pp->name); 1087155537Spjd return (NULL); 1088155537Spjd } 1089155537Spjd 1090155537Spjd /* Ask for the passphrase if defined. */ 1091155537Spjd if (md.md_iterations >= 0) { 1092155537Spjd printf("Enter passphrase for %s: ", pp->name); 1093228634Savg cngets(passphrase, sizeof(passphrase), 1094155537Spjd g_eli_visible_passphrase); 1095155537Spjd } 1096155537Spjd 1097155537Spjd /* 1098148456Spjd * Prepare Derived-Key from the user passphrase. 1099148456Spjd */ 1100148456Spjd if (md.md_iterations == 0) { 1101148456Spjd g_eli_crypto_hmac_update(&ctx, md.md_salt, 1102148456Spjd sizeof(md.md_salt)); 1103148456Spjd g_eli_crypto_hmac_update(&ctx, passphrase, 1104148456Spjd strlen(passphrase)); 1105180638Spjd bzero(passphrase, sizeof(passphrase)); 1106155537Spjd } else if (md.md_iterations > 0) { 1107148456Spjd u_char dkey[G_ELI_USERKEYLEN]; 1108148456Spjd 1109148456Spjd pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, 1110148456Spjd sizeof(md.md_salt), passphrase, md.md_iterations); 1111180638Spjd bzero(passphrase, sizeof(passphrase)); 1112148456Spjd g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); 1113148456Spjd bzero(dkey, sizeof(dkey)); 1114148456Spjd } 1115155537Spjd 1116148456Spjd g_eli_crypto_hmac_final(&ctx, key, 0); 1117148456Spjd 1118148456Spjd /* 1119148456Spjd * Decrypt Master-Key. 1120148456Spjd */ 1121148456Spjd error = g_eli_mkey_decrypt(&md, key, mkey, &nkey); 1122148456Spjd bzero(key, sizeof(key)); 1123148456Spjd if (error == -1) { 1124155537Spjd if (i == tries - 1) { 1125155537Spjd G_ELI_DEBUG(0, 1126155537Spjd "Wrong key for %s. No tries left.", 1127155537Spjd pp->name); 1128155537Spjd g_eli_keyfiles_clear(pp->name); 1129155537Spjd return (NULL); 1130148456Spjd } 1131148456Spjd G_ELI_DEBUG(0, "Wrong key for %s. Tries left: %u.", 1132155537Spjd pp->name, tries - i - 1); 1133148456Spjd /* Try again. */ 1134148456Spjd continue; 1135148456Spjd } else if (error > 0) { 1136226727Spjd G_ELI_DEBUG(0, 1137226727Spjd "Cannot decrypt Master Key for %s (error=%d).", 1138148456Spjd pp->name, error); 1139155537Spjd g_eli_keyfiles_clear(pp->name); 1140148456Spjd return (NULL); 1141148456Spjd } 1142148456Spjd G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name); 1143148456Spjd break; 1144148456Spjd } 1145148456Spjd 1146148456Spjd /* 1147148456Spjd * We have correct key, let's attach provider. 1148148456Spjd */ 1149148456Spjd gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey); 1150148456Spjd bzero(mkey, sizeof(mkey)); 1151148456Spjd bzero(&md, sizeof(md)); 1152148456Spjd if (gp == NULL) { 1153148456Spjd G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name, 1154148456Spjd G_ELI_SUFFIX); 1155148456Spjd return (NULL); 1156148456Spjd } 1157148456Spjd return (gp); 1158148456Spjd} 1159148456Spjd 1160148456Spjdstatic void 1161148456Spjdg_eli_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp, 1162148456Spjd struct g_consumer *cp, struct g_provider *pp) 1163148456Spjd{ 1164148456Spjd struct g_eli_softc *sc; 1165148456Spjd 1166148456Spjd g_topology_assert(); 1167148456Spjd sc = gp->softc; 1168148456Spjd if (sc == NULL) 1169148456Spjd return; 1170148456Spjd if (pp != NULL || cp != NULL) 1171148456Spjd return; /* Nothing here. */ 1172220922Spjd 1173220922Spjd sbuf_printf(sb, "%s<KeysTotal>%ju</KeysTotal>", indent, 1174220922Spjd (uintmax_t)sc->sc_ekeys_total); 1175220922Spjd sbuf_printf(sb, "%s<KeysAllocated>%ju</KeysAllocated>", indent, 1176220922Spjd (uintmax_t)sc->sc_ekeys_allocated); 1177148460Spjd sbuf_printf(sb, "%s<Flags>", indent); 1178148460Spjd if (sc->sc_flags == 0) 1179148460Spjd sbuf_printf(sb, "NONE"); 1180148460Spjd else { 1181148460Spjd int first = 1; 1182148460Spjd 1183148460Spjd#define ADD_FLAG(flag, name) do { \ 1184159307Spjd if (sc->sc_flags & (flag)) { \ 1185148460Spjd if (!first) \ 1186148460Spjd sbuf_printf(sb, ", "); \ 1187148460Spjd else \ 1188148460Spjd first = 0; \ 1189148460Spjd sbuf_printf(sb, name); \ 1190148460Spjd } \ 1191148460Spjd} while (0) 1192214118Spjd ADD_FLAG(G_ELI_FLAG_SUSPEND, "SUSPEND"); 1193213067Spjd ADD_FLAG(G_ELI_FLAG_SINGLE_KEY, "SINGLE-KEY"); 1194161220Spjd ADD_FLAG(G_ELI_FLAG_NATIVE_BYTE_ORDER, "NATIVE-BYTE-ORDER"); 1195148460Spjd ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME"); 1196148460Spjd ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT"); 1197148460Spjd ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH"); 1198148460Spjd ADD_FLAG(G_ELI_FLAG_RW_DETACH, "RW-DETACH"); 1199159307Spjd ADD_FLAG(G_ELI_FLAG_AUTH, "AUTH"); 1200148460Spjd ADD_FLAG(G_ELI_FLAG_WOPEN, "W-OPEN"); 1201148460Spjd ADD_FLAG(G_ELI_FLAG_DESTROY, "DESTROY"); 1202161127Spjd ADD_FLAG(G_ELI_FLAG_RO, "READ-ONLY"); 1203148460Spjd#undef ADD_FLAG 1204148460Spjd } 1205148460Spjd sbuf_printf(sb, "</Flags>\n"); 1206148460Spjd 1207159307Spjd if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) { 1208148460Spjd sbuf_printf(sb, "%s<UsedKey>%u</UsedKey>\n", indent, 1209148460Spjd sc->sc_nkey); 1210148460Spjd } 1211226733Spjd sbuf_printf(sb, "%s<Version>%u</Version>\n", indent, sc->sc_version); 1212148456Spjd sbuf_printf(sb, "%s<Crypto>", indent); 1213148456Spjd switch (sc->sc_crypto) { 1214148456Spjd case G_ELI_CRYPTO_HW: 1215148456Spjd sbuf_printf(sb, "hardware"); 1216148456Spjd break; 1217148456Spjd case G_ELI_CRYPTO_SW: 1218148456Spjd sbuf_printf(sb, "software"); 1219148456Spjd break; 1220148456Spjd default: 1221148456Spjd sbuf_printf(sb, "UNKNOWN"); 1222148456Spjd break; 1223148456Spjd } 1224148456Spjd sbuf_printf(sb, "</Crypto>\n"); 1225159307Spjd if (sc->sc_flags & G_ELI_FLAG_AUTH) { 1226159307Spjd sbuf_printf(sb, 1227159307Spjd "%s<AuthenticationAlgorithm>%s</AuthenticationAlgorithm>\n", 1228159307Spjd indent, g_eli_algo2str(sc->sc_aalgo)); 1229159307Spjd } 1230159307Spjd sbuf_printf(sb, "%s<KeyLength>%u</KeyLength>\n", indent, 1231159307Spjd sc->sc_ekeylen); 1232226727Spjd sbuf_printf(sb, "%s<EncryptionAlgorithm>%s</EncryptionAlgorithm>\n", 1233226727Spjd indent, g_eli_algo2str(sc->sc_ealgo)); 1234214227Spjd sbuf_printf(sb, "%s<State>%s</State>\n", indent, 1235214227Spjd (sc->sc_flags & G_ELI_FLAG_SUSPEND) ? "SUSPENDED" : "ACTIVE"); 1236148456Spjd} 1237148456Spjd 1238189900Spjdstatic void 1239189900Spjdg_eli_shutdown_pre_sync(void *arg, int howto) 1240189900Spjd{ 1241189900Spjd struct g_class *mp; 1242189900Spjd struct g_geom *gp, *gp2; 1243189900Spjd struct g_provider *pp; 1244189900Spjd struct g_eli_softc *sc; 1245189900Spjd int error; 1246189900Spjd 1247189900Spjd mp = arg; 1248189900Spjd DROP_GIANT(); 1249189900Spjd g_topology_lock(); 1250189900Spjd LIST_FOREACH_SAFE(gp, &mp->geom, geom, gp2) { 1251189900Spjd sc = gp->softc; 1252189900Spjd if (sc == NULL) 1253189900Spjd continue; 1254189900Spjd pp = LIST_FIRST(&gp->provider); 1255189900Spjd KASSERT(pp != NULL, ("No provider? gp=%p (%s)", gp, gp->name)); 1256189900Spjd if (pp->acr + pp->acw + pp->ace == 0) 1257214118Spjd error = g_eli_destroy(sc, TRUE); 1258189900Spjd else { 1259189900Spjd sc->sc_flags |= G_ELI_FLAG_RW_DETACH; 1260189900Spjd gp->access = g_eli_access; 1261189900Spjd } 1262189900Spjd } 1263189900Spjd g_topology_unlock(); 1264189900Spjd PICKUP_GIANT(); 1265189900Spjd} 1266189900Spjd 1267189900Spjdstatic void 1268189900Spjdg_eli_init(struct g_class *mp) 1269189900Spjd{ 1270189900Spjd 1271189900Spjd g_eli_pre_sync = EVENTHANDLER_REGISTER(shutdown_pre_sync, 1272189900Spjd g_eli_shutdown_pre_sync, mp, SHUTDOWN_PRI_FIRST); 1273189900Spjd if (g_eli_pre_sync == NULL) 1274189900Spjd G_ELI_DEBUG(0, "Warning! Cannot register shutdown event."); 1275189900Spjd} 1276189900Spjd 1277189900Spjdstatic void 1278189900Spjdg_eli_fini(struct g_class *mp) 1279189900Spjd{ 1280189900Spjd 1281189900Spjd if (g_eli_pre_sync != NULL) 1282189900Spjd EVENTHANDLER_DEREGISTER(shutdown_pre_sync, g_eli_pre_sync); 1283189900Spjd} 1284189900Spjd 1285148456SpjdDECLARE_GEOM_CLASS(g_eli_class, g_eli); 1286160741SyarMODULE_DEPEND(g_eli, crypto, 1, 1, 1); 1287