system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-06 16:40:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

geli: fix indentation

Browse source 
no functional changes
This commit is contained in:
Mariusz Zaborski 2024-05-19 15:37:07 +02:00
parent 4b3141f5d5
commit 838d5ae6d8
1 changed files with 116 additions and 116 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

232
sys/geom/eli/g_eli.c
View file

@ -172,32 +172,32 @@ static void
zero_boot_passcache(void) zero_boot_passcache(void)
{ {
explicit_bzero(cached_passphrase, sizeof(cached_passphrase)); explicit_bzero(cached_passphrase, sizeof(cached_passphrase));
} }
static void static void
zero_geli_intake_keys(void) zero_geli_intake_keys(void)
{ {
struct keybuf *keybuf; struct keybuf *keybuf;
int i; int i;
if ((keybuf = get_keybuf()) != NULL) { if ((keybuf = get_keybuf()) != NULL) {
/* Scan the key buffer, clear all GELI keys. */ /* Scan the key buffer, clear all GELI keys. */
for (i = 0; i < keybuf->kb_nents; i++) { for (i = 0; i < keybuf->kb_nents; i++) {
if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) { if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
explicit_bzero(keybuf->kb_ents[i].ke_data, explicit_bzero(keybuf->kb_ents[i].ke_data,
sizeof(keybuf->kb_ents[i].ke_data)); sizeof(keybuf->kb_ents[i].ke_data));
keybuf->kb_ents[i].ke_type = KEYBUF_TYPE_NONE; keybuf->kb_ents[i].ke_type = KEYBUF_TYPE_NONE;
} }
} }
} }
} }
static void static void
zero_intake_passcache(void *dummy) zero_intake_passcache(void *dummy)
{ {
zero_boot_passcache(); zero_boot_passcache();
zero_geli_intake_keys(); zero_geli_intake_keys();
} }
EVENTHANDLER_DEFINE(mountroot, zero_intake_passcache, NULL, 0); EVENTHANDLER_DEFINE(mountroot, zero_intake_passcache, NULL, 0);
@ -269,7 +269,7 @@ g_eli_crypto_rerun(struct cryptop *crp)
static void static void
g_eli_getattr_done(struct bio *bp) g_eli_getattr_done(struct bio *bp)
{ {
if (bp->bio_error == 0 && if (bp->bio_error == 0 &&
!strcmp(bp->bio_attribute, "GEOM::physpath")) { !strcmp(bp->bio_attribute, "GEOM::physpath")) {
strlcat(bp->bio_data, "/eli", bp->bio_length); strlcat(bp->bio_data, "/eli", bp->bio_length);
} }
@ -891,8 +891,8 @@ g_eli_init_uma(void)
* likely to see. * likely to see.
*/ */
g_eli_alloc_sz = roundup2((PAGE_SIZE + sizeof(int) + g_eli_alloc_sz = roundup2((PAGE_SIZE + sizeof(int) +
G_ELI_AUTH_SECKEYLEN) * nsw_cluster_max + G_ELI_AUTH_SECKEYLEN) * nsw_cluster_max +
sizeof(uintptr_t), PAGE_SIZE); sizeof(uintptr_t), PAGE_SIZE);
g_eli_uma = uma_zcreate("GELI buffers", g_eli_alloc_sz, g_eli_uma = uma_zcreate("GELI buffers", g_eli_alloc_sz,
NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
@ -1327,7 +1327,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN]; u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN];
u_int i, nkey, nkeyfiles, tries, showpass; u_int i, nkey, nkeyfiles, tries, showpass;
int error; int error;
struct keybuf *keybuf; struct keybuf *keybuf;
g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name); g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name);
g_topology_assert(); g_topology_assert();
@ -1372,116 +1372,116 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
tries = g_eli_tries; tries = g_eli_tries;
} }
if ((keybuf = get_keybuf()) != NULL) { if ((keybuf = get_keybuf()) != NULL) {
/* Scan the key buffer, try all GELI keys. */ /* Scan the key buffer, try all GELI keys. */
for (i = 0; i < keybuf->kb_nents; i++) { for (i = 0; i < keybuf->kb_nents; i++) {
if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) { if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
memcpy(key, keybuf->kb_ents[i].ke_data, memcpy(key, keybuf->kb_ents[i].ke_data,
sizeof(key)); sizeof(key));
if (g_eli_mkey_decrypt_any(&md, key, if (g_eli_mkey_decrypt_any(&md, key,
mkey, &nkey) == 0 ) { mkey, &nkey) == 0 ) {
explicit_bzero(key, sizeof(key)); explicit_bzero(key, sizeof(key));
goto have_key; goto have_key;
} }
} }
} }
} }
for (i = 0; i <= tries; i++) { for (i = 0; i <= tries; i++) {
g_eli_crypto_hmac_init(&ctx, NULL, 0); g_eli_crypto_hmac_init(&ctx, NULL, 0);
/* /*
* Load all key files. * Load all key files.
*/ */
nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name); nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name);
if (nkeyfiles == 0 && md.md_iterations == -1) { if (nkeyfiles == 0 && md.md_iterations == -1) {
/* /*
* No key files and no passphrase, something is * No key files and no passphrase, something is
* definitely wrong here. * definitely wrong here.
* geli(8) doesn't allow for such situation, so assume * geli(8) doesn't allow for such situation, so assume
* that there was really no passphrase and in that case * that there was really no passphrase and in that case
* key files are no properly defined in loader.conf. * key files are no properly defined in loader.conf.
*/ */
G_ELI_DEBUG(0, G_ELI_DEBUG(0,
"Found no key files in loader.conf for %s.", "Found no key files in loader.conf for %s.",
pp->name); pp->name);
return (NULL); return (NULL);
} }
/* Ask for the passphrase if defined. */ /* Ask for the passphrase if defined. */
if (md.md_iterations >= 0) { if (md.md_iterations >= 0) {
/* Try first with cached passphrase. */ /* Try first with cached passphrase. */
if (i == 0) { if (i == 0) {
if (!g_eli_boot_passcache) if (!g_eli_boot_passcache)
continue; continue;
memcpy(passphrase, cached_passphrase, memcpy(passphrase, cached_passphrase,
sizeof(passphrase)); sizeof(passphrase));
} else { } else {
printf("Enter passphrase for %s: ", pp->name); printf("Enter passphrase for %s: ", pp->name);
showpass = g_eli_visible_passphrase; showpass = g_eli_visible_passphrase;
if ((md.md_flags & G_ELI_FLAG_GELIDISPLAYPASS) != 0) if ((md.md_flags & G_ELI_FLAG_GELIDISPLAYPASS) != 0)
showpass = GETS_ECHOPASS; showpass = GETS_ECHOPASS;
cngets(passphrase, sizeof(passphrase), cngets(passphrase, sizeof(passphrase),
showpass); showpass);
memcpy(cached_passphrase, passphrase, memcpy(cached_passphrase, passphrase,
sizeof(passphrase)); sizeof(passphrase));
} }
} }
/* /*
* Prepare Derived-Key from the user passphrase. * Prepare Derived-Key from the user passphrase.
*/ */
if (md.md_iterations == 0) { if (md.md_iterations == 0) {
g_eli_crypto_hmac_update(&ctx, md.md_salt, g_eli_crypto_hmac_update(&ctx, md.md_salt,
sizeof(md.md_salt)); sizeof(md.md_salt));
g_eli_crypto_hmac_update(&ctx, passphrase, g_eli_crypto_hmac_update(&ctx, passphrase,
strlen(passphrase)); strlen(passphrase));
explicit_bzero(passphrase, sizeof(passphrase)); explicit_bzero(passphrase, sizeof(passphrase));
} else if (md.md_iterations > 0) { } else if (md.md_iterations > 0) {
u_char dkey[G_ELI_USERKEYLEN]; u_char dkey[G_ELI_USERKEYLEN];
pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
sizeof(md.md_salt), passphrase, md.md_iterations); sizeof(md.md_salt), passphrase, md.md_iterations);
explicit_bzero(passphrase, sizeof(passphrase)); explicit_bzero(passphrase, sizeof(passphrase));
g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
explicit_bzero(dkey, sizeof(dkey)); explicit_bzero(dkey, sizeof(dkey));
} }
g_eli_crypto_hmac_final(&ctx, key, 0); g_eli_crypto_hmac_final(&ctx, key, 0);
/* /*
* Decrypt Master-Key. * Decrypt Master-Key.
*/ */
error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey); error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
explicit_bzero(key, sizeof(key)); explicit_bzero(key, sizeof(key));
if (error == -1) { if (error == -1) {
if (i == tries) { if (i == tries) {
G_ELI_DEBUG(0, G_ELI_DEBUG(0,
"Wrong key for %s. No tries left.", "Wrong key for %s. No tries left.",
pp->name); pp->name);
g_eli_keyfiles_clear(pp->name); g_eli_keyfiles_clear(pp->name);
return (NULL); return (NULL);
} }
if (i > 0) { if (i > 0) {
G_ELI_DEBUG(0, G_ELI_DEBUG(0,
"Wrong key for %s. Tries left: %u.", "Wrong key for %s. Tries left: %u.",
pp->name, tries - i); pp->name, tries - i);
} }
/* Try again. */ /* Try again. */
continue; continue;
} else if (error > 0) { } else if (error > 0) {
G_ELI_DEBUG(0, G_ELI_DEBUG(0,
"Cannot decrypt Master Key for %s (error=%d).", "Cannot decrypt Master Key for %s (error=%d).",
pp->name, error); pp->name, error);
g_eli_keyfiles_clear(pp->name); g_eli_keyfiles_clear(pp->name);
return (NULL); return (NULL);
} }
g_eli_keyfiles_clear(pp->name); g_eli_keyfiles_clear(pp->name);
G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name); G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name);
break; break;
} }
have_key: have_key:
/* /*