mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-06 16:40:47 +00:00
geli: fix indentation
no functional changes
This commit is contained in:
parent
4b3141f5d5
commit
838d5ae6d8
|
@ -172,32 +172,32 @@ static void
|
||||||
zero_boot_passcache(void)
|
zero_boot_passcache(void)
|
||||||
{
|
{
|
||||||
|
|
||||||
explicit_bzero(cached_passphrase, sizeof(cached_passphrase));
|
explicit_bzero(cached_passphrase, sizeof(cached_passphrase));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
zero_geli_intake_keys(void)
|
zero_geli_intake_keys(void)
|
||||||
{
|
{
|
||||||
struct keybuf *keybuf;
|
struct keybuf *keybuf;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if ((keybuf = get_keybuf()) != NULL) {
|
if ((keybuf = get_keybuf()) != NULL) {
|
||||||
/* Scan the key buffer, clear all GELI keys. */
|
/* Scan the key buffer, clear all GELI keys. */
|
||||||
for (i = 0; i < keybuf->kb_nents; i++) {
|
for (i = 0; i < keybuf->kb_nents; i++) {
|
||||||
if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
|
if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
|
||||||
explicit_bzero(keybuf->kb_ents[i].ke_data,
|
explicit_bzero(keybuf->kb_ents[i].ke_data,
|
||||||
sizeof(keybuf->kb_ents[i].ke_data));
|
sizeof(keybuf->kb_ents[i].ke_data));
|
||||||
keybuf->kb_ents[i].ke_type = KEYBUF_TYPE_NONE;
|
keybuf->kb_ents[i].ke_type = KEYBUF_TYPE_NONE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
zero_intake_passcache(void *dummy)
|
zero_intake_passcache(void *dummy)
|
||||||
{
|
{
|
||||||
zero_boot_passcache();
|
zero_boot_passcache();
|
||||||
zero_geli_intake_keys();
|
zero_geli_intake_keys();
|
||||||
}
|
}
|
||||||
EVENTHANDLER_DEFINE(mountroot, zero_intake_passcache, NULL, 0);
|
EVENTHANDLER_DEFINE(mountroot, zero_intake_passcache, NULL, 0);
|
||||||
|
|
||||||
|
@ -269,7 +269,7 @@ g_eli_crypto_rerun(struct cryptop *crp)
|
||||||
static void
|
static void
|
||||||
g_eli_getattr_done(struct bio *bp)
|
g_eli_getattr_done(struct bio *bp)
|
||||||
{
|
{
|
||||||
if (bp->bio_error == 0 &&
|
if (bp->bio_error == 0 &&
|
||||||
!strcmp(bp->bio_attribute, "GEOM::physpath")) {
|
!strcmp(bp->bio_attribute, "GEOM::physpath")) {
|
||||||
strlcat(bp->bio_data, "/eli", bp->bio_length);
|
strlcat(bp->bio_data, "/eli", bp->bio_length);
|
||||||
}
|
}
|
||||||
|
@ -891,8 +891,8 @@ g_eli_init_uma(void)
|
||||||
* likely to see.
|
* likely to see.
|
||||||
*/
|
*/
|
||||||
g_eli_alloc_sz = roundup2((PAGE_SIZE + sizeof(int) +
|
g_eli_alloc_sz = roundup2((PAGE_SIZE + sizeof(int) +
|
||||||
G_ELI_AUTH_SECKEYLEN) * nsw_cluster_max +
|
G_ELI_AUTH_SECKEYLEN) * nsw_cluster_max +
|
||||||
sizeof(uintptr_t), PAGE_SIZE);
|
sizeof(uintptr_t), PAGE_SIZE);
|
||||||
|
|
||||||
g_eli_uma = uma_zcreate("GELI buffers", g_eli_alloc_sz,
|
g_eli_uma = uma_zcreate("GELI buffers", g_eli_alloc_sz,
|
||||||
NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
|
NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
|
||||||
|
@ -1327,7 +1327,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
|
||||||
u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN];
|
u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN];
|
||||||
u_int i, nkey, nkeyfiles, tries, showpass;
|
u_int i, nkey, nkeyfiles, tries, showpass;
|
||||||
int error;
|
int error;
|
||||||
struct keybuf *keybuf;
|
struct keybuf *keybuf;
|
||||||
|
|
||||||
g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name);
|
g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name);
|
||||||
g_topology_assert();
|
g_topology_assert();
|
||||||
|
@ -1372,116 +1372,116 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
|
||||||
tries = g_eli_tries;
|
tries = g_eli_tries;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((keybuf = get_keybuf()) != NULL) {
|
if ((keybuf = get_keybuf()) != NULL) {
|
||||||
/* Scan the key buffer, try all GELI keys. */
|
/* Scan the key buffer, try all GELI keys. */
|
||||||
for (i = 0; i < keybuf->kb_nents; i++) {
|
for (i = 0; i < keybuf->kb_nents; i++) {
|
||||||
if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
|
if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
|
||||||
memcpy(key, keybuf->kb_ents[i].ke_data,
|
memcpy(key, keybuf->kb_ents[i].ke_data,
|
||||||
sizeof(key));
|
sizeof(key));
|
||||||
|
|
||||||
if (g_eli_mkey_decrypt_any(&md, key,
|
if (g_eli_mkey_decrypt_any(&md, key,
|
||||||
mkey, &nkey) == 0 ) {
|
mkey, &nkey) == 0 ) {
|
||||||
explicit_bzero(key, sizeof(key));
|
explicit_bzero(key, sizeof(key));
|
||||||
goto have_key;
|
goto have_key;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i <= tries; i++) {
|
for (i = 0; i <= tries; i++) {
|
||||||
g_eli_crypto_hmac_init(&ctx, NULL, 0);
|
g_eli_crypto_hmac_init(&ctx, NULL, 0);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Load all key files.
|
* Load all key files.
|
||||||
*/
|
*/
|
||||||
nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name);
|
nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name);
|
||||||
|
|
||||||
if (nkeyfiles == 0 && md.md_iterations == -1) {
|
if (nkeyfiles == 0 && md.md_iterations == -1) {
|
||||||
/*
|
/*
|
||||||
* No key files and no passphrase, something is
|
* No key files and no passphrase, something is
|
||||||
* definitely wrong here.
|
* definitely wrong here.
|
||||||
* geli(8) doesn't allow for such situation, so assume
|
* geli(8) doesn't allow for such situation, so assume
|
||||||
* that there was really no passphrase and in that case
|
* that there was really no passphrase and in that case
|
||||||
* key files are no properly defined in loader.conf.
|
* key files are no properly defined in loader.conf.
|
||||||
*/
|
*/
|
||||||
G_ELI_DEBUG(0,
|
G_ELI_DEBUG(0,
|
||||||
"Found no key files in loader.conf for %s.",
|
"Found no key files in loader.conf for %s.",
|
||||||
pp->name);
|
pp->name);
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Ask for the passphrase if defined. */
|
/* Ask for the passphrase if defined. */
|
||||||
if (md.md_iterations >= 0) {
|
if (md.md_iterations >= 0) {
|
||||||
/* Try first with cached passphrase. */
|
/* Try first with cached passphrase. */
|
||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
if (!g_eli_boot_passcache)
|
if (!g_eli_boot_passcache)
|
||||||
continue;
|
continue;
|
||||||
memcpy(passphrase, cached_passphrase,
|
memcpy(passphrase, cached_passphrase,
|
||||||
sizeof(passphrase));
|
sizeof(passphrase));
|
||||||
} else {
|
} else {
|
||||||
printf("Enter passphrase for %s: ", pp->name);
|
printf("Enter passphrase for %s: ", pp->name);
|
||||||
showpass = g_eli_visible_passphrase;
|
showpass = g_eli_visible_passphrase;
|
||||||
if ((md.md_flags & G_ELI_FLAG_GELIDISPLAYPASS) != 0)
|
if ((md.md_flags & G_ELI_FLAG_GELIDISPLAYPASS) != 0)
|
||||||
showpass = GETS_ECHOPASS;
|
showpass = GETS_ECHOPASS;
|
||||||
cngets(passphrase, sizeof(passphrase),
|
cngets(passphrase, sizeof(passphrase),
|
||||||
showpass);
|
showpass);
|
||||||
memcpy(cached_passphrase, passphrase,
|
memcpy(cached_passphrase, passphrase,
|
||||||
sizeof(passphrase));
|
sizeof(passphrase));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Prepare Derived-Key from the user passphrase.
|
* Prepare Derived-Key from the user passphrase.
|
||||||
*/
|
*/
|
||||||
if (md.md_iterations == 0) {
|
if (md.md_iterations == 0) {
|
||||||
g_eli_crypto_hmac_update(&ctx, md.md_salt,
|
g_eli_crypto_hmac_update(&ctx, md.md_salt,
|
||||||
sizeof(md.md_salt));
|
sizeof(md.md_salt));
|
||||||
g_eli_crypto_hmac_update(&ctx, passphrase,
|
g_eli_crypto_hmac_update(&ctx, passphrase,
|
||||||
strlen(passphrase));
|
strlen(passphrase));
|
||||||
explicit_bzero(passphrase, sizeof(passphrase));
|
explicit_bzero(passphrase, sizeof(passphrase));
|
||||||
} else if (md.md_iterations > 0) {
|
} else if (md.md_iterations > 0) {
|
||||||
u_char dkey[G_ELI_USERKEYLEN];
|
u_char dkey[G_ELI_USERKEYLEN];
|
||||||
|
|
||||||
pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
|
pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
|
||||||
sizeof(md.md_salt), passphrase, md.md_iterations);
|
sizeof(md.md_salt), passphrase, md.md_iterations);
|
||||||
explicit_bzero(passphrase, sizeof(passphrase));
|
explicit_bzero(passphrase, sizeof(passphrase));
|
||||||
g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
|
g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
|
||||||
explicit_bzero(dkey, sizeof(dkey));
|
explicit_bzero(dkey, sizeof(dkey));
|
||||||
}
|
}
|
||||||
|
|
||||||
g_eli_crypto_hmac_final(&ctx, key, 0);
|
g_eli_crypto_hmac_final(&ctx, key, 0);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Decrypt Master-Key.
|
* Decrypt Master-Key.
|
||||||
*/
|
*/
|
||||||
error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
|
error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
|
||||||
explicit_bzero(key, sizeof(key));
|
explicit_bzero(key, sizeof(key));
|
||||||
if (error == -1) {
|
if (error == -1) {
|
||||||
if (i == tries) {
|
if (i == tries) {
|
||||||
G_ELI_DEBUG(0,
|
G_ELI_DEBUG(0,
|
||||||
"Wrong key for %s. No tries left.",
|
"Wrong key for %s. No tries left.",
|
||||||
pp->name);
|
pp->name);
|
||||||
g_eli_keyfiles_clear(pp->name);
|
g_eli_keyfiles_clear(pp->name);
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
if (i > 0) {
|
if (i > 0) {
|
||||||
G_ELI_DEBUG(0,
|
G_ELI_DEBUG(0,
|
||||||
"Wrong key for %s. Tries left: %u.",
|
"Wrong key for %s. Tries left: %u.",
|
||||||
pp->name, tries - i);
|
pp->name, tries - i);
|
||||||
}
|
}
|
||||||
/* Try again. */
|
/* Try again. */
|
||||||
continue;
|
continue;
|
||||||
} else if (error > 0) {
|
} else if (error > 0) {
|
||||||
G_ELI_DEBUG(0,
|
G_ELI_DEBUG(0,
|
||||||
"Cannot decrypt Master Key for %s (error=%d).",
|
"Cannot decrypt Master Key for %s (error=%d).",
|
||||||
pp->name, error);
|
pp->name, error);
|
||||||
g_eli_keyfiles_clear(pp->name);
|
g_eli_keyfiles_clear(pp->name);
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
g_eli_keyfiles_clear(pp->name);
|
g_eli_keyfiles_clear(pp->name);
|
||||||
G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name);
|
G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
have_key:
|
have_key:
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in a new issue