uvm_swap_encrypt.c revision 1.12 
1/*	$OpenBSD: uvm_swap_encrypt.c,v 1.12 2003/12/26 10:04:49 markus Exp $	*/
2
3/*
4 * Copyright 1999 Niels Provos <provos@citi.umich.edu>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 *    must display the following acknowledgement:
17 *      This product includes software developed by Niels Provos.
18 * 4. The name of the author may not be used to endorse or promote products
19 *    derived from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33#include <sys/param.h>
34#include <sys/systm.h>
35#include <sys/kernel.h>
36#include <sys/malloc.h>
37#include <sys/sysctl.h>
38#include <sys/time.h>
39#include <sys/conf.h>
40#include <dev/rndvar.h>
41#include <crypto/rijndael.h>
42
43#include <uvm/uvm.h>
44
45struct swap_key *kcur = NULL;
46rijndael_ctx swap_ctxt;
47
48int uvm_doswapencrypt = 0;
49u_int uvm_swpkeyscreated = 0;
50u_int uvm_swpkeysdeleted = 0;
51
52int swap_encrypt_initialized = 0;
53
54int
55swap_encrypt_ctl(name, namelen, oldp, oldlenp, newp, newlen, p)
56	int *name;
57	u_int namelen;
58	void *oldp;
59	size_t *oldlenp;
60	void *newp;
61	size_t newlen;
62	struct proc *p;
63{
64	/* all sysctl names at this level are terminal */
65	if (namelen != 1)
66		return (ENOTDIR);		/* overloaded */
67
68	switch (name[0]) {
69	case SWPENC_ENABLE: {
70		int doencrypt = uvm_doswapencrypt;
71		int result;
72
73		result = sysctl_int(oldp, oldlenp, newp, newlen, &doencrypt);
74		if (result)
75			return result;
76
77		/* Swap Encryption has been turned on, we need to
78		 * initialize state for swap devices that have been
79		 * added
80		 */
81		if (doencrypt)
82			uvm_swap_initcrypt_all();
83		uvm_doswapencrypt = doencrypt;
84		return (0);
85	}
86	case SWPENC_CREATED:
87		return (sysctl_rdint(oldp, oldlenp, newp, uvm_swpkeyscreated));
88	case SWPENC_DELETED:
89		return (sysctl_rdint(oldp, oldlenp, newp, uvm_swpkeysdeleted));
90	default:
91		return (EOPNOTSUPP);
92	}
93	/* NOTREACHED */
94}
95
96void
97swap_key_create(struct swap_key *key)
98{
99	int i;
100	u_int32_t *p = key->key;
101
102	key->refcount = 0;
103	for (i = 0; i < sizeof(key->key) / sizeof(u_int32_t); i++)
104		*p++ = arc4random();
105
106	uvm_swpkeyscreated++;
107}
108
109void
110swap_key_delete(struct swap_key *key)
111{
112	/* Make sure that this key gets removed if we just used it */
113	swap_key_cleanup(key);
114
115	memset(key, 0, sizeof(*key));
116	uvm_swpkeysdeleted++;
117}
118
119/*
120 * Encrypt the data before it goes to swap, the size should be 64-bit
121 * aligned.
122 */
123
124void
125swap_encrypt(struct swap_key *key, caddr_t src, caddr_t dst,
126	     u_int64_t block, size_t count)
127{
128	u_int32_t *dsrc = (u_int32_t *)src;
129	u_int32_t *ddst = (u_int32_t *)dst;
130	u_int32_t iv[4];
131	u_int32_t iv1, iv2, iv3, iv4;
132
133	if (!swap_encrypt_initialized)
134		swap_encrypt_initialized = 1;
135
136	swap_key_prepare(key, 1);
137
138	count /= sizeof(u_int32_t);
139
140	iv[0] = block >> 32; iv[1] = block; iv[2] = ~iv[0]; iv[3] = ~iv[1];
141	rijndael_encrypt(&swap_ctxt, (u_char *)iv, (u_char *)iv);
142	iv1 = iv[0]; iv2 = iv[1]; iv3 = iv[2]; iv4 = iv[3];
143
144	for (; count > 0; count -= 4) {
145		ddst[0] = dsrc[0] ^ iv1;
146		ddst[1] = dsrc[1] ^ iv2;
147		ddst[2] = dsrc[2] ^ iv3;
148		ddst[3] = dsrc[3] ^ iv4;
149		/*
150		 * Do not worry about endianess, it only needs to decrypt
151		 * on this machine
152		 */
153		rijndael_encrypt(&swap_ctxt, (u_char *)ddst, (u_char *)ddst);
154		iv1 = ddst[0];
155		iv2 = ddst[1];
156		iv3 = ddst[2];
157		iv4 = ddst[3];
158
159		dsrc += 4;
160		ddst += 4;
161	}
162}
163
164/*
165 * Decrypt the data after we retrieved it from swap, the size should be 64-bit
166 * aligned.
167 */
168
169void
170swap_decrypt(struct swap_key *key, caddr_t src, caddr_t dst,
171	     u_int64_t block, size_t count)
172{
173	u_int32_t *dsrc = (u_int32_t *)src;
174	u_int32_t *ddst = (u_int32_t *)dst;
175	u_int32_t iv[4];
176	u_int32_t iv1, iv2, iv3, iv4, niv1, niv2, niv3, niv4;
177
178	if (!swap_encrypt_initialized)
179		panic("swap_decrypt: key not initialized");
180
181	swap_key_prepare(key, 0);
182
183	count /= sizeof(u_int32_t);
184
185	iv[0] = block >> 32; iv[1] = block; iv[2] = ~iv[0]; iv[3] = ~iv[1];
186	rijndael_encrypt(&swap_ctxt, (u_char *)iv, (u_char *)iv);
187	iv1 = iv[0]; iv2 = iv[1]; iv3 = iv[2]; iv4 = iv[3];
188
189	for (; count > 0; count -= 4) {
190		ddst[0] = niv1 = dsrc[0];
191		ddst[1] = niv2 = dsrc[1];
192		ddst[2] = niv3 = dsrc[2];
193		ddst[3] = niv4 = dsrc[3];
194		rijndael_decrypt(&swap_ctxt, (u_char *)ddst, (u_char *)ddst);
195		ddst[0] ^= iv1;
196		ddst[1] ^= iv2;
197		ddst[2] ^= iv3;
198		ddst[3] ^= iv4;
199
200		iv1 = niv1;
201		iv2 = niv2;
202		iv3 = niv3;
203		iv4 = niv4;
204
205		dsrc += 4;
206		ddst += 4;
207	}
208}
209
210void
211swap_key_prepare(struct swap_key *key, int encrypt)
212{
213	/* Check if we have prepared for this key already,
214	 * if we only have the encryption schedule, we have
215	 * to recompute and get the decryption schedule also
216	 */
217	if (kcur == key && (encrypt || !swap_ctxt.enc_only))
218		return;
219
220	if (encrypt)
221		rijndael_set_key_enc_only(&swap_ctxt, (u_char *)key->key,
222		    sizeof(key->key) * 8);
223	else
224		rijndael_set_key(&swap_ctxt, (u_char *)key->key,
225		    sizeof(key->key) * 8);
226
227	kcur = key;
228}
229
230/*
231 * Make sure that a specific key is no longer available.
232 */
233
234void
235swap_key_cleanup(struct swap_key *key)
236{
237	/* Check if we have a key */
238	if (kcur == NULL || kcur != key)
239		return;
240
241	/* Zero out the subkeys */
242       	memset(&swap_ctxt, 0, sizeof(swap_ctxt));
243
244	kcur = NULL;
245}
246