mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-09 04:36:31 +00:00
geli: fix indentation
no functional changes
This commit is contained in:
parent
4b3141f5d5
commit
838d5ae6d8
|
@ -172,32 +172,32 @@ static void
|
|||
zero_boot_passcache(void)
|
||||
{
|
||||
|
||||
explicit_bzero(cached_passphrase, sizeof(cached_passphrase));
|
||||
explicit_bzero(cached_passphrase, sizeof(cached_passphrase));
|
||||
}
|
||||
|
||||
static void
|
||||
zero_geli_intake_keys(void)
|
||||
{
|
||||
struct keybuf *keybuf;
|
||||
int i;
|
||||
struct keybuf *keybuf;
|
||||
int i;
|
||||
|
||||
if ((keybuf = get_keybuf()) != NULL) {
|
||||
/* Scan the key buffer, clear all GELI keys. */
|
||||
for (i = 0; i < keybuf->kb_nents; i++) {
|
||||
if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
|
||||
explicit_bzero(keybuf->kb_ents[i].ke_data,
|
||||
sizeof(keybuf->kb_ents[i].ke_data));
|
||||
keybuf->kb_ents[i].ke_type = KEYBUF_TYPE_NONE;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ((keybuf = get_keybuf()) != NULL) {
|
||||
/* Scan the key buffer, clear all GELI keys. */
|
||||
for (i = 0; i < keybuf->kb_nents; i++) {
|
||||
if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
|
||||
explicit_bzero(keybuf->kb_ents[i].ke_data,
|
||||
sizeof(keybuf->kb_ents[i].ke_data));
|
||||
keybuf->kb_ents[i].ke_type = KEYBUF_TYPE_NONE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
zero_intake_passcache(void *dummy)
|
||||
{
|
||||
zero_boot_passcache();
|
||||
zero_geli_intake_keys();
|
||||
zero_boot_passcache();
|
||||
zero_geli_intake_keys();
|
||||
}
|
||||
EVENTHANDLER_DEFINE(mountroot, zero_intake_passcache, NULL, 0);
|
||||
|
||||
|
@ -269,7 +269,7 @@ g_eli_crypto_rerun(struct cryptop *crp)
|
|||
static void
|
||||
g_eli_getattr_done(struct bio *bp)
|
||||
{
|
||||
if (bp->bio_error == 0 &&
|
||||
if (bp->bio_error == 0 &&
|
||||
!strcmp(bp->bio_attribute, "GEOM::physpath")) {
|
||||
strlcat(bp->bio_data, "/eli", bp->bio_length);
|
||||
}
|
||||
|
@ -891,8 +891,8 @@ g_eli_init_uma(void)
|
|||
* likely to see.
|
||||
*/
|
||||
g_eli_alloc_sz = roundup2((PAGE_SIZE + sizeof(int) +
|
||||
G_ELI_AUTH_SECKEYLEN) * nsw_cluster_max +
|
||||
sizeof(uintptr_t), PAGE_SIZE);
|
||||
G_ELI_AUTH_SECKEYLEN) * nsw_cluster_max +
|
||||
sizeof(uintptr_t), PAGE_SIZE);
|
||||
|
||||
g_eli_uma = uma_zcreate("GELI buffers", g_eli_alloc_sz,
|
||||
NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
|
||||
|
@ -1327,7 +1327,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
|
|||
u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN];
|
||||
u_int i, nkey, nkeyfiles, tries, showpass;
|
||||
int error;
|
||||
struct keybuf *keybuf;
|
||||
struct keybuf *keybuf;
|
||||
|
||||
g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name);
|
||||
g_topology_assert();
|
||||
|
@ -1372,116 +1372,116 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
|
|||
tries = g_eli_tries;
|
||||
}
|
||||
|
||||
if ((keybuf = get_keybuf()) != NULL) {
|
||||
/* Scan the key buffer, try all GELI keys. */
|
||||
for (i = 0; i < keybuf->kb_nents; i++) {
|
||||
if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
|
||||
memcpy(key, keybuf->kb_ents[i].ke_data,
|
||||
sizeof(key));
|
||||
if ((keybuf = get_keybuf()) != NULL) {
|
||||
/* Scan the key buffer, try all GELI keys. */
|
||||
for (i = 0; i < keybuf->kb_nents; i++) {
|
||||
if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
|
||||
memcpy(key, keybuf->kb_ents[i].ke_data,
|
||||
sizeof(key));
|
||||
|
||||
if (g_eli_mkey_decrypt_any(&md, key,
|
||||
mkey, &nkey) == 0 ) {
|
||||
explicit_bzero(key, sizeof(key));
|
||||
goto have_key;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (g_eli_mkey_decrypt_any(&md, key,
|
||||
mkey, &nkey) == 0 ) {
|
||||
explicit_bzero(key, sizeof(key));
|
||||
goto have_key;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0; i <= tries; i++) {
|
||||
g_eli_crypto_hmac_init(&ctx, NULL, 0);
|
||||
for (i = 0; i <= tries; i++) {
|
||||
g_eli_crypto_hmac_init(&ctx, NULL, 0);
|
||||
|
||||
/*
|
||||
* Load all key files.
|
||||
*/
|
||||
nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name);
|
||||
/*
|
||||
* Load all key files.
|
||||
*/
|
||||
nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name);
|
||||
|
||||
if (nkeyfiles == 0 && md.md_iterations == -1) {
|
||||
/*
|
||||
* No key files and no passphrase, something is
|
||||
* definitely wrong here.
|
||||
* geli(8) doesn't allow for such situation, so assume
|
||||
* that there was really no passphrase and in that case
|
||||
* key files are no properly defined in loader.conf.
|
||||
*/
|
||||
G_ELI_DEBUG(0,
|
||||
"Found no key files in loader.conf for %s.",
|
||||
pp->name);
|
||||
return (NULL);
|
||||
}
|
||||
if (nkeyfiles == 0 && md.md_iterations == -1) {
|
||||
/*
|
||||
* No key files and no passphrase, something is
|
||||
* definitely wrong here.
|
||||
* geli(8) doesn't allow for such situation, so assume
|
||||
* that there was really no passphrase and in that case
|
||||
* key files are no properly defined in loader.conf.
|
||||
*/
|
||||
G_ELI_DEBUG(0,
|
||||
"Found no key files in loader.conf for %s.",
|
||||
pp->name);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
/* Ask for the passphrase if defined. */
|
||||
if (md.md_iterations >= 0) {
|
||||
/* Try first with cached passphrase. */
|
||||
if (i == 0) {
|
||||
if (!g_eli_boot_passcache)
|
||||
continue;
|
||||
memcpy(passphrase, cached_passphrase,
|
||||
sizeof(passphrase));
|
||||
} else {
|
||||
printf("Enter passphrase for %s: ", pp->name);
|
||||
/* Ask for the passphrase if defined. */
|
||||
if (md.md_iterations >= 0) {
|
||||
/* Try first with cached passphrase. */
|
||||
if (i == 0) {
|
||||
if (!g_eli_boot_passcache)
|
||||
continue;
|
||||
memcpy(passphrase, cached_passphrase,
|
||||
sizeof(passphrase));
|
||||
} else {
|
||||
printf("Enter passphrase for %s: ", pp->name);
|
||||
showpass = g_eli_visible_passphrase;
|
||||
if ((md.md_flags & G_ELI_FLAG_GELIDISPLAYPASS) != 0)
|
||||
showpass = GETS_ECHOPASS;
|
||||
cngets(passphrase, sizeof(passphrase),
|
||||
cngets(passphrase, sizeof(passphrase),
|
||||
showpass);
|
||||
memcpy(cached_passphrase, passphrase,
|
||||
sizeof(passphrase));
|
||||
}
|
||||
}
|
||||
memcpy(cached_passphrase, passphrase,
|
||||
sizeof(passphrase));
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Prepare Derived-Key from the user passphrase.
|
||||
*/
|
||||
if (md.md_iterations == 0) {
|
||||
g_eli_crypto_hmac_update(&ctx, md.md_salt,
|
||||
sizeof(md.md_salt));
|
||||
g_eli_crypto_hmac_update(&ctx, passphrase,
|
||||
strlen(passphrase));
|
||||
explicit_bzero(passphrase, sizeof(passphrase));
|
||||
} else if (md.md_iterations > 0) {
|
||||
u_char dkey[G_ELI_USERKEYLEN];
|
||||
/*
|
||||
* Prepare Derived-Key from the user passphrase.
|
||||
*/
|
||||
if (md.md_iterations == 0) {
|
||||
g_eli_crypto_hmac_update(&ctx, md.md_salt,
|
||||
sizeof(md.md_salt));
|
||||
g_eli_crypto_hmac_update(&ctx, passphrase,
|
||||
strlen(passphrase));
|
||||
explicit_bzero(passphrase, sizeof(passphrase));
|
||||
} else if (md.md_iterations > 0) {
|
||||
u_char dkey[G_ELI_USERKEYLEN];
|
||||
|
||||
pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
|
||||
sizeof(md.md_salt), passphrase, md.md_iterations);
|
||||
explicit_bzero(passphrase, sizeof(passphrase));
|
||||
g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
|
||||
explicit_bzero(dkey, sizeof(dkey));
|
||||
}
|
||||
pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
|
||||
sizeof(md.md_salt), passphrase, md.md_iterations);
|
||||
explicit_bzero(passphrase, sizeof(passphrase));
|
||||
g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
|
||||
explicit_bzero(dkey, sizeof(dkey));
|
||||
}
|
||||
|
||||
g_eli_crypto_hmac_final(&ctx, key, 0);
|
||||
g_eli_crypto_hmac_final(&ctx, key, 0);
|
||||
|
||||
/*
|
||||
* Decrypt Master-Key.
|
||||
*/
|
||||
error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
|
||||
explicit_bzero(key, sizeof(key));
|
||||
if (error == -1) {
|
||||
if (i == tries) {
|
||||
G_ELI_DEBUG(0,
|
||||
"Wrong key for %s. No tries left.",
|
||||
pp->name);
|
||||
g_eli_keyfiles_clear(pp->name);
|
||||
return (NULL);
|
||||
}
|
||||
if (i > 0) {
|
||||
G_ELI_DEBUG(0,
|
||||
"Wrong key for %s. Tries left: %u.",
|
||||
pp->name, tries - i);
|
||||
}
|
||||
/* Try again. */
|
||||
continue;
|
||||
} else if (error > 0) {
|
||||
G_ELI_DEBUG(0,
|
||||
"Cannot decrypt Master Key for %s (error=%d).",
|
||||
pp->name, error);
|
||||
g_eli_keyfiles_clear(pp->name);
|
||||
return (NULL);
|
||||
}
|
||||
g_eli_keyfiles_clear(pp->name);
|
||||
G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name);
|
||||
break;
|
||||
}
|
||||
/*
|
||||
* Decrypt Master-Key.
|
||||
*/
|
||||
error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
|
||||
explicit_bzero(key, sizeof(key));
|
||||
if (error == -1) {
|
||||
if (i == tries) {
|
||||
G_ELI_DEBUG(0,
|
||||
"Wrong key for %s. No tries left.",
|
||||
pp->name);
|
||||
g_eli_keyfiles_clear(pp->name);
|
||||
return (NULL);
|
||||
}
|
||||
if (i > 0) {
|
||||
G_ELI_DEBUG(0,
|
||||
"Wrong key for %s. Tries left: %u.",
|
||||
pp->name, tries - i);
|
||||
}
|
||||
/* Try again. */
|
||||
continue;
|
||||
} else if (error > 0) {
|
||||
G_ELI_DEBUG(0,
|
||||
"Cannot decrypt Master Key for %s (error=%d).",
|
||||
pp->name, error);
|
||||
g_eli_keyfiles_clear(pp->name);
|
||||
return (NULL);
|
||||
}
|
||||
g_eli_keyfiles_clear(pp->name);
|
||||
G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name);
|
||||
break;
|
||||
}
|
||||
have_key:
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue
Block a user