mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-09 04:36:31 +00:00
Remove GBDE source files
This commit is contained in:
parent
984764d796
commit
8d2d1d6516
|
@ -1,31 +0,0 @@
|
|||
|
||||
PACKAGE=geom
|
||||
PROG= gbde
|
||||
SRCS= gbde.c template.c
|
||||
SRCS+= rijndael-alg-fst.c
|
||||
SRCS+= rijndael-api-fst.c
|
||||
SRCS+= g_bde_lock.c
|
||||
|
||||
# rijndael-fst.c does evil casting things which can results in warnings,
|
||||
# the test-vectors check out however, so it works right.
|
||||
NO_WCAST_ALIGN=
|
||||
NO_WMISSING_VARIABLE_DECLARATIONS=
|
||||
|
||||
CFLAGS+= -I${SRCTOP}/sys
|
||||
.PATH: ${SRCTOP}/sys/geom/bde \
|
||||
${SRCTOP}/sys/crypto/rijndael \
|
||||
${SRCTOP}/sys/crypto/sha2
|
||||
|
||||
CLEANFILES+= template.c
|
||||
|
||||
MAN= gbde.8
|
||||
LIBADD= md util geom
|
||||
|
||||
template.c: template.txt
|
||||
file2c 'const char template[] = {' ',0};' \
|
||||
< ${.CURDIR}/template.txt > template.c
|
||||
|
||||
test: ${PROG}
|
||||
sh ${.CURDIR}/test.sh ${.CURDIR}
|
||||
|
||||
.include <bsd.prog.mk>
|
|
@ -1,18 +0,0 @@
|
|||
# Autogenerated - do NOT edit!
|
||||
|
||||
DIRDEPS = \
|
||||
include \
|
||||
include/xlocale \
|
||||
lib/${CSU_DIR} \
|
||||
lib/libc \
|
||||
lib/libcompiler_rt \
|
||||
lib/libgeom \
|
||||
lib/libmd \
|
||||
lib/libutil \
|
||||
|
||||
|
||||
.include <dirdeps.mk>
|
||||
|
||||
.if ${DEP_RELDIR} == ${_DEP_RELDIR}
|
||||
# local dependencies - needed for -jN in clean tree
|
||||
.endif
|
271
sbin/gbde/gbde.8
271
sbin/gbde/gbde.8
|
@ -1,271 +0,0 @@
|
|||
.\"
|
||||
.\" Copyright (c) 2002 Poul-Henning Kamp
|
||||
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" This software was developed for the FreeBSD Project by Poul-Henning Kamp
|
||||
.\" and NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||
.\" DARPA CHATS research program.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd October 3, 2016
|
||||
.Dt GBDE 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm gbde
|
||||
.Nd operation and management utility for Geom Based Disk Encryption
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Cm attach
|
||||
.Ar destination
|
||||
.Op Fl k Ar keyfile
|
||||
.Op Fl l Ar lockfile
|
||||
.Op Fl p Ar pass-phrase
|
||||
.Nm
|
||||
.Cm detach
|
||||
.Ar destination
|
||||
.Nm
|
||||
.Cm init
|
||||
.Ar destination
|
||||
.Op Fl i
|
||||
.Op Fl f Ar filename
|
||||
.Op Fl K Ar new-keyfile
|
||||
.Op Fl L Ar new-lockfile
|
||||
.Op Fl P Ar new-pass-phrase
|
||||
.Nm
|
||||
.Cm setkey
|
||||
.Ar destination
|
||||
.Op Fl n Ar key
|
||||
.Op Fl k Ar keyfile
|
||||
.Op Fl l Ar lockfile
|
||||
.Op Fl p Ar pass-phrase
|
||||
.Op Fl K Ar new-keyfile
|
||||
.Op Fl L Ar new-lockfile
|
||||
.Op Fl P Ar new-pass-phrase
|
||||
.Nm
|
||||
.Cm nuke
|
||||
.Ar destination
|
||||
.Op Fl n Ar key
|
||||
.Op Fl k Ar keyfile
|
||||
.Op Fl l Ar lockfile
|
||||
.Op Fl p Ar pass-phrase
|
||||
.Nm
|
||||
.Cm destroy
|
||||
.Ar destination
|
||||
.Op Fl k Ar keyfile
|
||||
.Op Fl l Ar lockfile
|
||||
.Op Fl p Ar pass-phrase
|
||||
.Sh DESCRIPTION
|
||||
.Bf -symbolic
|
||||
NOTICE:
|
||||
Please be aware that this code has not yet received much review
|
||||
and analysis by qualified cryptographers and therefore should be considered
|
||||
a slightly suspect experimental facility.
|
||||
.Pp
|
||||
We cannot at this point guarantee that the on-disk format will not change
|
||||
in response to reviews or bug-fixes, so potential users are advised to
|
||||
be prepared that
|
||||
.Xr dump 8 Ns / Ns
|
||||
.Xr restore 8
|
||||
based migrations may be called for in the future.
|
||||
.Ef
|
||||
.Pp
|
||||
The
|
||||
.Nm
|
||||
utility is the only official operation and management interface for the
|
||||
.Xr gbde 4
|
||||
.Tn GEOM
|
||||
based disk encryption kernel facility.
|
||||
The interaction between the
|
||||
.Nm
|
||||
utility and the kernel part is not a published interface.
|
||||
.Pp
|
||||
The operational aspect consists of two subcommands:
|
||||
one to open and attach
|
||||
a device to the in-kernel cryptographic
|
||||
.Nm
|
||||
module
|
||||
.Pq Cm attach ,
|
||||
and one to close and detach a device
|
||||
.Pq Cm detach .
|
||||
.Pp
|
||||
The management part allows initialization of the master key and lock sectors
|
||||
on a device
|
||||
.Pq Cm init ,
|
||||
initialization and replacement of pass-phrases
|
||||
.Pq Cm setkey ,
|
||||
and key invalidation
|
||||
.Pq Cm nuke
|
||||
and blackening
|
||||
.Pq Cm destroy
|
||||
functions.
|
||||
.Pp
|
||||
The
|
||||
.Fl l Ar lockfile
|
||||
argument is used to supply the lock selector data.
|
||||
If no
|
||||
.Fl l
|
||||
option is specified, the first sector is used for this purpose.
|
||||
.Pp
|
||||
The
|
||||
.Fl L Ar new-lockfile
|
||||
argument
|
||||
specifies the lock selector file for the key
|
||||
initialized with the
|
||||
.Cm init
|
||||
subcommand
|
||||
or modified with the
|
||||
.Cm setkey
|
||||
subcommand.
|
||||
.Pp
|
||||
The
|
||||
.Fl n Ar key
|
||||
argument can be used to specify to which of the four keys
|
||||
the operation applies.
|
||||
A value of 1 to 4 selects the specified key, a value of 0 (the default)
|
||||
means
|
||||
.Dq "this key"
|
||||
(i.e., the key used to gain access to the device)
|
||||
and a value of \-1 means
|
||||
.Dq "all keys" .
|
||||
.Pp
|
||||
The
|
||||
.Fl f Ar filename
|
||||
specifies an optional parameter file for use under initialization.
|
||||
.Pp
|
||||
Alternatively, the
|
||||
.Fl i
|
||||
option toggles an interactive mode where a template file with descriptions
|
||||
of the parameters can be interactively edited.
|
||||
.Pp
|
||||
The
|
||||
.Fl p Ar pass-phrase
|
||||
argument
|
||||
specifies the pass-phrase used for opening the device.
|
||||
If not specified, the controlling terminal will be used to prompt the user
|
||||
for the pass-phrase.
|
||||
Be aware that using this option may expose the pass-phrase to other
|
||||
users who happen to run
|
||||
.Xr ps 1
|
||||
or similar while the command is running.
|
||||
.Pp
|
||||
The
|
||||
.Fl P Ar new-pass-phrase
|
||||
argument
|
||||
can be used to specify the new pass-phrase to the
|
||||
.Cm init
|
||||
and
|
||||
.Cm setkey
|
||||
subcommands.
|
||||
If not specified, the user is prompted for the new pass-phrase on the
|
||||
controlling terminal.
|
||||
Be aware that using this option may expose the pass-phrase to other
|
||||
users who happen to run
|
||||
.Xr ps 1
|
||||
or similar while the command is running.
|
||||
.Pp
|
||||
The
|
||||
.Fl k Ar keyfile
|
||||
argument specifies a key file to be used in combination with the
|
||||
pass-phrase (whether the pass-phrase is specified on the command line
|
||||
or entered from the terminal) for opening the device.
|
||||
The device will only be opened if the contents of the key file and the
|
||||
pass-phrase are both correct.
|
||||
.Pp
|
||||
The
|
||||
.Fl K Ar new-keyfile
|
||||
argument can be used to specify a new key file to the
|
||||
.Cm init
|
||||
and
|
||||
.Cm setkey
|
||||
subcommands.
|
||||
If not specified, no key file will be used (even if one was previously
|
||||
used).
|
||||
.Sh EXAMPLES
|
||||
To initialize a device, using default parameters:
|
||||
.Pp
|
||||
.Dl "gbde init /dev/ada0s1f -L /etc/ada0s1f.lock"
|
||||
.Pp
|
||||
To attach an encrypted device:
|
||||
.Pp
|
||||
.Dl "gbde attach ada0s1f -l /etc/ada0s1f.lock"
|
||||
.Pp
|
||||
The encrypted device has the suffix
|
||||
.Pa .bde
|
||||
so a typical
|
||||
command to create and mount a file system would be:
|
||||
.Pp
|
||||
.Dl "newfs /dev/ada0s1f.bde"
|
||||
.Dl "mount /dev/ada0s1f.bde /secret"
|
||||
.Pp
|
||||
To detach an encrypted device:
|
||||
.Pp
|
||||
.Dl "gbde detach ada0s1f"
|
||||
.Pp
|
||||
Please notice that detaching an encrypted device corresponds to
|
||||
physically removing it, do not forget to unmount the file system first.
|
||||
.Pp
|
||||
To initialize the second key using a detached lockfile and a trivial
|
||||
pass-phrase:
|
||||
.Pp
|
||||
.Dl "gbde setkey ada0s1f -n 2 -P foo -L key2.lockfile"
|
||||
.Pp
|
||||
To invalidate your own masterkey:
|
||||
.Pp
|
||||
.Dl "gbde nuke ada0s1f"
|
||||
.Pp
|
||||
This will overwrite your masterkey sector with zeros, and results in
|
||||
a diagnostic if you try to use the key again.
|
||||
You can also destroy the other three copies of the masterkey with the
|
||||
-n argument.
|
||||
.Pp
|
||||
You can also invalidate your masterkey without leaving a tell-tale sector
|
||||
full of zeros:
|
||||
.Pp
|
||||
.Dl "gbde destroy ada0s1f"
|
||||
.Pp
|
||||
This will overwrite the information fields in your masterkey sector,
|
||||
encrypt it and write it back.
|
||||
You get a (different) diagnostic if you try to use it.
|
||||
.Sh SEE ALSO
|
||||
.Xr gbde 4 ,
|
||||
.Xr geom 4
|
||||
.Sh HISTORY
|
||||
This software was developed for the
|
||||
.Fx
|
||||
Project by
|
||||
.An Poul-Henning Kamp
|
||||
and NAI Labs, the Security Research Division of Network Associates, Inc.\&
|
||||
under DARPA/SPAWAR contract N66001-01-C-8035
|
||||
.Pq Dq CBOSS ,
|
||||
as part of the
|
||||
DARPA CHATS research program.
|
||||
.Nm
|
||||
first appeared in
|
||||
.Fx 5.0 .
|
||||
.Sh AUTHORS
|
||||
.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org
|
||||
.Sh BUGS
|
||||
The cryptographic algorithms and the overall design have not been
|
||||
attacked mercilessly for over 10 years by a gang of cryptoanalysts.
|
895
sbin/gbde/gbde.c
895
sbin/gbde/gbde.c
|
@ -1,895 +0,0 @@
|
|||
/*-
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*
|
||||
* Copyright (c) 2002 Poul-Henning Kamp
|
||||
* Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by Poul-Henning Kamp
|
||||
* and NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||
* DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* XXX: Future stuff
|
||||
*
|
||||
* Replace the template file options (-i & -f) with command-line variables
|
||||
* "-v property=foo"
|
||||
*
|
||||
* Introduce -e, extra entropy source (XOR with /dev/random)
|
||||
*
|
||||
* Introduce -E, alternate entropy source (instead of /dev/random)
|
||||
*
|
||||
* Introduce -i take IV from keyboard or
|
||||
*
|
||||
* Introduce -I take IV from file/cmd
|
||||
*
|
||||
* Introduce -m/-M store encrypted+encoded masterkey in file
|
||||
*
|
||||
* Introduce -k/-K get pass-phrase part from file/cmd
|
||||
*
|
||||
* Introduce -d add more dest-devices to worklist.
|
||||
*
|
||||
* Add key-option: selfdestruct bit.
|
||||
*
|
||||
* New/changed verbs:
|
||||
* "onetime" attach with onetime nonstored locksector
|
||||
* "key"/"unkey" to blast memory copy of key without orphaning
|
||||
* "nuke" blow away everything attached, crash/halt/power-off if possible.
|
||||
* "blast" destroy all copies of the masterkey
|
||||
* "destroy" destroy one copy of the masterkey
|
||||
* "backup"/"restore" of masterkey sectors.
|
||||
*
|
||||
* Make all verbs work on both attached/detached devices.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <md5.h>
|
||||
#include <readpassphrase.h>
|
||||
#include <string.h>
|
||||
#include <stdint.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
#include <paths.h>
|
||||
#include <strings.h>
|
||||
#include <stdlib.h>
|
||||
#include <err.h>
|
||||
#include <stdio.h>
|
||||
#include <libutil.h>
|
||||
#include <libgeom.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/disk.h>
|
||||
#include <sys/stat.h>
|
||||
#include <crypto/rijndael/rijndael-api-fst.h>
|
||||
#include <crypto/sha2/sha512.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/linker.h>
|
||||
|
||||
#define GBDEMOD "geom_bde"
|
||||
#define KASSERT(foo, bar) do { if(!(foo)) { warn bar ; exit (1); } } while (0)
|
||||
|
||||
#include <geom/geom.h>
|
||||
#include <geom/bde/g_bde.h>
|
||||
|
||||
extern const char template[];
|
||||
|
||||
|
||||
#if 0
|
||||
static void
|
||||
g_hexdump(void *ptr, int length)
|
||||
{
|
||||
int i, j, k;
|
||||
unsigned char *cp;
|
||||
|
||||
cp = ptr;
|
||||
for (i = 0; i < length; i+= 16) {
|
||||
printf("%04x ", i);
|
||||
for (j = 0; j < 16; j++) {
|
||||
k = i + j;
|
||||
if (k < length)
|
||||
printf(" %02x", cp[k]);
|
||||
else
|
||||
printf(" ");
|
||||
}
|
||||
printf(" |");
|
||||
for (j = 0; j < 16; j++) {
|
||||
k = i + j;
|
||||
if (k >= length)
|
||||
printf(" ");
|
||||
else if (cp[k] >= ' ' && cp[k] <= '~')
|
||||
printf("%c", cp[k]);
|
||||
else
|
||||
printf(".");
|
||||
}
|
||||
printf("|\n");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
static void __dead2
|
||||
usage(void)
|
||||
{
|
||||
|
||||
(void)fprintf(stderr,
|
||||
"usage: gbde attach destination [-k keyfile] [-l lockfile] [-p pass-phrase]\n"
|
||||
" gbde detach destination\n"
|
||||
" gbde init destination [-i] [-f filename] [-K new-keyfile]\n"
|
||||
" [-L new-lockfile] [-P new-pass-phrase]\n"
|
||||
" gbde setkey destination [-n key]\n"
|
||||
" [-k keyfile] [-l lockfile] [-p pass-phrase]\n"
|
||||
" [-K new-keyfile] [-L new-lockfile] [-P new-pass-phrase]\n"
|
||||
" gbde nuke destination [-n key]\n"
|
||||
" [-k keyfile] [-l lockfile] [-p pass-phrase]\n"
|
||||
" gbde destroy destination [-k keyfile] [-l lockfile] [-p pass-phrase]\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
void *
|
||||
g_read_data(struct g_consumer *cp, off_t offset, off_t length, int *error)
|
||||
{
|
||||
void *p;
|
||||
int fd, i;
|
||||
off_t o2;
|
||||
|
||||
p = malloc(length);
|
||||
if (p == NULL)
|
||||
err(1, "malloc");
|
||||
fd = *(int *)cp;
|
||||
o2 = lseek(fd, offset, SEEK_SET);
|
||||
if (o2 != offset)
|
||||
err(1, "lseek");
|
||||
i = read(fd, p, length);
|
||||
if (i != length)
|
||||
err(1, "read");
|
||||
if (error != NULL)
|
||||
error = 0;
|
||||
return (p);
|
||||
}
|
||||
|
||||
static void
|
||||
random_bits(void *p, u_int len)
|
||||
{
|
||||
arc4random_buf(p, len);
|
||||
}
|
||||
|
||||
/* XXX: not nice */
|
||||
static u_char sha2[SHA512_DIGEST_LENGTH];
|
||||
|
||||
static void
|
||||
reset_passphrase(struct g_bde_softc *sc)
|
||||
{
|
||||
|
||||
memcpy(sc->sha2, sha2, SHA512_DIGEST_LENGTH);
|
||||
}
|
||||
|
||||
static void
|
||||
setup_passphrase(struct g_bde_softc *sc, int sure, const char *input,
|
||||
const char *keyfile)
|
||||
{
|
||||
char buf1[BUFSIZ + SHA512_DIGEST_LENGTH];
|
||||
char buf2[BUFSIZ + SHA512_DIGEST_LENGTH];
|
||||
char *p;
|
||||
int kfd, klen, bpos = 0;
|
||||
|
||||
if (keyfile != NULL) {
|
||||
/* Read up to BUFSIZ bytes from keyfile */
|
||||
kfd = open(keyfile, O_RDONLY, 0);
|
||||
if (kfd < 0)
|
||||
err(1, "%s", keyfile);
|
||||
klen = read(kfd, buf1, BUFSIZ);
|
||||
if (klen == -1)
|
||||
err(1, "%s", keyfile);
|
||||
close(kfd);
|
||||
|
||||
/* Prepend the passphrase with the hash of the key read */
|
||||
g_bde_hash_pass(sc, buf1, klen);
|
||||
memcpy(buf1, sc->sha2, SHA512_DIGEST_LENGTH);
|
||||
memcpy(buf2, sc->sha2, SHA512_DIGEST_LENGTH);
|
||||
bpos = SHA512_DIGEST_LENGTH;
|
||||
}
|
||||
|
||||
if (input != NULL) {
|
||||
if (strlen(input) >= BUFSIZ)
|
||||
errx(1, "Passphrase too long");
|
||||
strcpy(buf1 + bpos, input);
|
||||
|
||||
g_bde_hash_pass(sc, buf1, strlen(buf1 + bpos) + bpos);
|
||||
memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH);
|
||||
return;
|
||||
}
|
||||
for (;;) {
|
||||
p = readpassphrase(
|
||||
sure ? "Enter new passphrase:" : "Enter passphrase: ",
|
||||
buf1 + bpos, sizeof buf1 - bpos,
|
||||
RPP_ECHO_OFF | RPP_REQUIRE_TTY);
|
||||
if (p == NULL)
|
||||
err(1, "readpassphrase");
|
||||
|
||||
if (sure) {
|
||||
p = readpassphrase("Reenter new passphrase: ",
|
||||
buf2 + bpos, sizeof buf2 - bpos,
|
||||
RPP_ECHO_OFF | RPP_REQUIRE_TTY);
|
||||
if (p == NULL)
|
||||
err(1, "readpassphrase");
|
||||
|
||||
if (strcmp(buf1 + bpos, buf2 + bpos)) {
|
||||
printf("They didn't match.\n");
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if (strlen(buf1 + bpos) < 3) {
|
||||
printf("Too short passphrase.\n");
|
||||
continue;
|
||||
}
|
||||
break;
|
||||
}
|
||||
g_bde_hash_pass(sc, buf1, strlen(buf1 + bpos) + bpos);
|
||||
memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH);
|
||||
}
|
||||
|
||||
static void
|
||||
encrypt_sector(void *d, int len, int klen, void *key)
|
||||
{
|
||||
keyInstance ki;
|
||||
cipherInstance ci;
|
||||
int error;
|
||||
|
||||
error = rijndael_cipherInit(&ci, MODE_CBC, NULL);
|
||||
if (error <= 0)
|
||||
errx(1, "rijndael_cipherInit=%d", error);
|
||||
error = rijndael_makeKey(&ki, DIR_ENCRYPT, klen, key);
|
||||
if (error <= 0)
|
||||
errx(1, "rijndael_makeKeY=%d", error);
|
||||
error = rijndael_blockEncrypt(&ci, &ki, d, len * 8, d);
|
||||
if (error <= 0)
|
||||
errx(1, "rijndael_blockEncrypt=%d", error);
|
||||
}
|
||||
|
||||
static void
|
||||
cmd_attach(const struct g_bde_softc *sc, const char *dest, const char *lfile)
|
||||
{
|
||||
int ffd;
|
||||
u_char buf[16];
|
||||
struct gctl_req *r;
|
||||
const char *errstr;
|
||||
|
||||
r = gctl_get_handle();
|
||||
gctl_ro_param(r, "verb", -1, "create geom");
|
||||
gctl_ro_param(r, "class", -1, "BDE");
|
||||
gctl_ro_param(r, "provider", -1, dest);
|
||||
gctl_ro_param(r, "pass", SHA512_DIGEST_LENGTH, sc->sha2);
|
||||
if (lfile != NULL) {
|
||||
ffd = open(lfile, O_RDONLY, 0);
|
||||
if (ffd < 0)
|
||||
err(1, "%s", lfile);
|
||||
read(ffd, buf, 16);
|
||||
gctl_ro_param(r, "key", 16, buf);
|
||||
close(ffd);
|
||||
}
|
||||
errstr = gctl_issue(r);
|
||||
if (errstr != NULL)
|
||||
errx(1, "Attach to %s failed: %s", dest, errstr);
|
||||
|
||||
exit (0);
|
||||
}
|
||||
|
||||
static void
|
||||
cmd_detach(const char *dest)
|
||||
{
|
||||
struct gctl_req *r;
|
||||
const char *errstr;
|
||||
char buf[BUFSIZ];
|
||||
|
||||
r = gctl_get_handle();
|
||||
gctl_ro_param(r, "verb", -1, "destroy geom");
|
||||
gctl_ro_param(r, "class", -1, "BDE");
|
||||
sprintf(buf, "%s.bde", dest);
|
||||
gctl_ro_param(r, "geom", -1, buf);
|
||||
/* gctl_dump(r, stdout); */
|
||||
errstr = gctl_issue(r);
|
||||
if (errstr != NULL)
|
||||
errx(1, "Detach of %s failed: %s", dest, errstr);
|
||||
exit (0);
|
||||
}
|
||||
|
||||
static void
|
||||
cmd_open(struct g_bde_softc *sc, int dfd , const char *l_opt, u_int *nkey)
|
||||
{
|
||||
int error;
|
||||
int ffd;
|
||||
u_char keyloc[16];
|
||||
u_int sectorsize;
|
||||
off_t mediasize;
|
||||
struct stat st;
|
||||
|
||||
error = ioctl(dfd, DIOCGSECTORSIZE, §orsize);
|
||||
if (error)
|
||||
sectorsize = 512;
|
||||
error = ioctl(dfd, DIOCGMEDIASIZE, &mediasize);
|
||||
if (error) {
|
||||
error = fstat(dfd, &st);
|
||||
if (error == 0 && S_ISREG(st.st_mode))
|
||||
mediasize = st.st_size;
|
||||
else
|
||||
error = ENOENT;
|
||||
}
|
||||
if (error)
|
||||
mediasize = (off_t)-1;
|
||||
if (l_opt != NULL) {
|
||||
ffd = open(l_opt, O_RDONLY, 0);
|
||||
if (ffd < 0)
|
||||
err(1, "%s", l_opt);
|
||||
read(ffd, keyloc, sizeof keyloc);
|
||||
close(ffd);
|
||||
} else {
|
||||
memset(keyloc, 0, sizeof keyloc);
|
||||
}
|
||||
|
||||
error = g_bde_decrypt_lock(sc, sc->sha2, keyloc, mediasize,
|
||||
sectorsize, nkey);
|
||||
if (error == ENOENT)
|
||||
errx(1, "Lock was destroyed.");
|
||||
if (error == ESRCH)
|
||||
errx(1, "Lock was nuked.");
|
||||
if (error == ENOTDIR)
|
||||
errx(1, "Lock not found");
|
||||
if (error != 0)
|
||||
errx(1, "Error %d decrypting lock", error);
|
||||
if (nkey)
|
||||
printf("Opened with key %u\n", 1 + *nkey);
|
||||
return;
|
||||
}
|
||||
|
||||
static void
|
||||
cmd_nuke(struct g_bde_key *gl, int dfd , int key)
|
||||
{
|
||||
int i;
|
||||
u_char *sbuf;
|
||||
off_t offset, offset2;
|
||||
|
||||
sbuf = malloc(gl->sectorsize);
|
||||
memset(sbuf, 0, gl->sectorsize);
|
||||
offset = (gl->lsector[key] & ~(gl->sectorsize - 1));
|
||||
offset2 = lseek(dfd, offset, SEEK_SET);
|
||||
if (offset2 != offset)
|
||||
err(1, "lseek");
|
||||
i = write(dfd, sbuf, gl->sectorsize);
|
||||
free(sbuf);
|
||||
if (i != (int)gl->sectorsize)
|
||||
err(1, "write");
|
||||
printf("Nuked key %d\n", 1 + key);
|
||||
}
|
||||
|
||||
static void
|
||||
cmd_write(struct g_bde_key *gl, struct g_bde_softc *sc, int dfd , int key, const char *l_opt)
|
||||
{
|
||||
int i, ffd;
|
||||
uint64_t off[2];
|
||||
u_char keyloc[16];
|
||||
u_char *sbuf, *q;
|
||||
off_t offset, offset2;
|
||||
|
||||
sbuf = malloc(gl->sectorsize);
|
||||
/*
|
||||
* Find the byte-offset in the lock sector where we will put the lock
|
||||
* data structure. We can put it any random place as long as the
|
||||
* structure fits.
|
||||
*/
|
||||
for(;;) {
|
||||
random_bits(off, sizeof off);
|
||||
off[0] &= (gl->sectorsize - 1);
|
||||
if (off[0] + G_BDE_LOCKSIZE > gl->sectorsize)
|
||||
continue;
|
||||
break;
|
||||
}
|
||||
|
||||
/* Add the sector offset in bytes */
|
||||
off[0] += (gl->lsector[key] & ~(gl->sectorsize - 1));
|
||||
gl->lsector[key] = off[0];
|
||||
|
||||
i = g_bde_keyloc_encrypt(sc->sha2, off[0], off[1], keyloc);
|
||||
if (i)
|
||||
errx(1, "g_bde_keyloc_encrypt()");
|
||||
if (l_opt != NULL) {
|
||||
ffd = open(l_opt, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
||||
if (ffd < 0)
|
||||
err(1, "%s", l_opt);
|
||||
write(ffd, keyloc, sizeof keyloc);
|
||||
close(ffd);
|
||||
} else if (gl->flags & GBDE_F_SECT0) {
|
||||
offset2 = lseek(dfd, 0, SEEK_SET);
|
||||
if (offset2 != 0)
|
||||
err(1, "lseek");
|
||||
i = read(dfd, sbuf, gl->sectorsize);
|
||||
if (i != (int)gl->sectorsize)
|
||||
err(1, "read");
|
||||
memcpy(sbuf + key * 16, keyloc, sizeof keyloc);
|
||||
offset2 = lseek(dfd, 0, SEEK_SET);
|
||||
if (offset2 != 0)
|
||||
err(1, "lseek");
|
||||
i = write(dfd, sbuf, gl->sectorsize);
|
||||
if (i != (int)gl->sectorsize)
|
||||
err(1, "write");
|
||||
} else {
|
||||
errx(1, "No -L option and no space in sector 0 for lockfile");
|
||||
}
|
||||
|
||||
/* Allocate a sectorbuffer and fill it with random junk */
|
||||
if (sbuf == NULL)
|
||||
err(1, "malloc");
|
||||
random_bits(sbuf, gl->sectorsize);
|
||||
|
||||
/* Fill random bits in the spare field */
|
||||
random_bits(gl->spare, sizeof(gl->spare));
|
||||
|
||||
/* Encode the structure where we want it */
|
||||
q = sbuf + (off[0] % gl->sectorsize);
|
||||
i = g_bde_encode_lock(sc->sha2, gl, q);
|
||||
if (i < 0)
|
||||
errx(1, "programming error encoding lock");
|
||||
|
||||
encrypt_sector(q, G_BDE_LOCKSIZE, 256, sc->sha2 + 16);
|
||||
offset = gl->lsector[key] & ~(gl->sectorsize - 1);
|
||||
offset2 = lseek(dfd, offset, SEEK_SET);
|
||||
if (offset2 != offset)
|
||||
err(1, "lseek");
|
||||
i = write(dfd, sbuf, gl->sectorsize);
|
||||
if (i != (int)gl->sectorsize)
|
||||
err(1, "write");
|
||||
free(sbuf);
|
||||
#if 0
|
||||
printf("Wrote key %d at %jd\n", key, (intmax_t)offset);
|
||||
printf("s0 = %jd\n", (intmax_t)gl->sector0);
|
||||
printf("sN = %jd\n", (intmax_t)gl->sectorN);
|
||||
printf("l[0] = %jd\n", (intmax_t)gl->lsector[0]);
|
||||
printf("l[1] = %jd\n", (intmax_t)gl->lsector[1]);
|
||||
printf("l[2] = %jd\n", (intmax_t)gl->lsector[2]);
|
||||
printf("l[3] = %jd\n", (intmax_t)gl->lsector[3]);
|
||||
printf("k = %jd\n", (intmax_t)gl->keyoffset);
|
||||
printf("ss = %jd\n", (intmax_t)gl->sectorsize);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
cmd_destroy(struct g_bde_key *gl, int nkey)
|
||||
{
|
||||
int i;
|
||||
|
||||
bzero(&gl->sector0, sizeof gl->sector0);
|
||||
bzero(&gl->sectorN, sizeof gl->sectorN);
|
||||
bzero(&gl->keyoffset, sizeof gl->keyoffset);
|
||||
gl->flags &= GBDE_F_SECT0;
|
||||
bzero(gl->mkey, sizeof gl->mkey);
|
||||
for (i = 0; i < G_BDE_MAXKEYS; i++)
|
||||
if (i != nkey)
|
||||
gl->lsector[i] = ~0;
|
||||
}
|
||||
|
||||
static int
|
||||
sorthelp(const void *a, const void *b)
|
||||
{
|
||||
const uint64_t *oa, *ob;
|
||||
|
||||
oa = a;
|
||||
ob = b;
|
||||
if (*oa > *ob)
|
||||
return 1;
|
||||
if (*oa < *ob)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
cmd_init(struct g_bde_key *gl, int dfd, const char *f_opt, int i_opt, const char *l_opt)
|
||||
{
|
||||
int i;
|
||||
u_char *buf;
|
||||
unsigned sector_size;
|
||||
uint64_t first_sector;
|
||||
uint64_t last_sector;
|
||||
uint64_t total_sectors;
|
||||
off_t off, off2;
|
||||
unsigned nkeys;
|
||||
const char *p;
|
||||
char *q, cbuf[BUFSIZ];
|
||||
unsigned u, u2;
|
||||
uint64_t o;
|
||||
properties params;
|
||||
|
||||
bzero(gl, sizeof *gl);
|
||||
if (f_opt != NULL) {
|
||||
i = open(f_opt, O_RDONLY);
|
||||
if (i < 0)
|
||||
err(1, "%s", f_opt);
|
||||
params = properties_read(i);
|
||||
close (i);
|
||||
} else if (i_opt) {
|
||||
/* XXX: Polish */
|
||||
asprintf(&q, "%stemp.XXXXXXXXXX", _PATH_TMP);
|
||||
if (q == NULL)
|
||||
err(1, "asprintf");
|
||||
i = mkstemp(q);
|
||||
if (i < 0)
|
||||
err(1, "%s", q);
|
||||
write(i, template, strlen(template));
|
||||
close (i);
|
||||
p = getenv("EDITOR");
|
||||
if (p == NULL)
|
||||
p = "vi";
|
||||
if (snprintf(cbuf, sizeof(cbuf), "%s %s\n", p, q) >=
|
||||
(ssize_t)sizeof(cbuf)) {
|
||||
unlink(q);
|
||||
errx(1, "EDITOR is too long");
|
||||
}
|
||||
system(cbuf);
|
||||
i = open(q, O_RDONLY);
|
||||
if (i < 0)
|
||||
err(1, "%s", f_opt);
|
||||
params = properties_read(i);
|
||||
close (i);
|
||||
unlink(q);
|
||||
free(q);
|
||||
} else {
|
||||
/* XXX: Hack */
|
||||
i = open(_PATH_DEVNULL, O_RDONLY);
|
||||
if (i < 0)
|
||||
err(1, "%s", _PATH_DEVNULL);
|
||||
params = properties_read(i);
|
||||
close (i);
|
||||
}
|
||||
|
||||
/* <sector_size> */
|
||||
p = property_find(params, "sector_size");
|
||||
i = ioctl(dfd, DIOCGSECTORSIZE, &u);
|
||||
if (p != NULL) {
|
||||
sector_size = strtoul(p, &q, 0);
|
||||
if (!*p || *q)
|
||||
errx(1, "sector_size not a proper number");
|
||||
} else if (i == 0) {
|
||||
sector_size = u;
|
||||
} else {
|
||||
errx(1, "Missing sector_size property");
|
||||
}
|
||||
if (sector_size & (sector_size - 1))
|
||||
errx(1, "sector_size not a power of 2");
|
||||
if (sector_size < 512)
|
||||
errx(1, "sector_size is smaller than 512");
|
||||
buf = malloc(sector_size);
|
||||
if (buf == NULL)
|
||||
err(1, "Failed to malloc sector buffer");
|
||||
gl->sectorsize = sector_size;
|
||||
|
||||
i = ioctl(dfd, DIOCGMEDIASIZE, &off);
|
||||
if (i == 0) {
|
||||
first_sector = 0;
|
||||
total_sectors = off / sector_size;
|
||||
last_sector = total_sectors - 1;
|
||||
} else {
|
||||
first_sector = 0;
|
||||
last_sector = 0;
|
||||
total_sectors = 0;
|
||||
}
|
||||
|
||||
/* <first_sector> */
|
||||
p = property_find(params, "first_sector");
|
||||
if (p != NULL) {
|
||||
first_sector = strtoul(p, &q, 0);
|
||||
if (!*p || *q)
|
||||
errx(1, "first_sector not a proper number");
|
||||
}
|
||||
|
||||
/* <last_sector> */
|
||||
p = property_find(params, "last_sector");
|
||||
if (p != NULL) {
|
||||
last_sector = strtoul(p, &q, 0);
|
||||
if (!*p || *q)
|
||||
errx(1, "last_sector not a proper number");
|
||||
if (last_sector <= first_sector)
|
||||
errx(1, "last_sector not larger than first_sector");
|
||||
total_sectors = last_sector + 1;
|
||||
}
|
||||
|
||||
/* <total_sectors> */
|
||||
p = property_find(params, "total_sectors");
|
||||
if (p != NULL) {
|
||||
total_sectors = strtoul(p, &q, 0);
|
||||
if (!*p || *q)
|
||||
errx(1, "total_sectors not a proper number");
|
||||
if (last_sector == 0)
|
||||
last_sector = first_sector + total_sectors - 1;
|
||||
}
|
||||
|
||||
if (l_opt == NULL && first_sector != 0)
|
||||
errx(1, "No -L new-lockfile argument and first_sector != 0");
|
||||
else if (l_opt == NULL) {
|
||||
first_sector++;
|
||||
total_sectors--;
|
||||
gl->flags |= GBDE_F_SECT0;
|
||||
}
|
||||
gl->sector0 = first_sector * gl->sectorsize;
|
||||
|
||||
if (total_sectors != (last_sector - first_sector) + 1)
|
||||
errx(1, "total_sectors disagree with first_sector and last_sector");
|
||||
if (total_sectors == 0)
|
||||
errx(1, "missing last_sector or total_sectors");
|
||||
|
||||
gl->sectorN = (last_sector + 1) * gl->sectorsize;
|
||||
|
||||
/* Find a random keyoffset */
|
||||
random_bits(&o, sizeof o);
|
||||
o %= (gl->sectorN - gl->sector0);
|
||||
o &= ~(gl->sectorsize - 1);
|
||||
gl->keyoffset = o;
|
||||
|
||||
/* <number_of_keys> */
|
||||
p = property_find(params, "number_of_keys");
|
||||
if (p != NULL) {
|
||||
nkeys = strtoul(p, &q, 0);
|
||||
if (!*p || *q)
|
||||
errx(1, "number_of_keys not a proper number");
|
||||
if (nkeys < 1 || nkeys > G_BDE_MAXKEYS)
|
||||
errx(1, "number_of_keys out of range");
|
||||
} else {
|
||||
nkeys = 4;
|
||||
}
|
||||
for (u = 0; u < nkeys; u++) {
|
||||
for(;;) {
|
||||
do {
|
||||
random_bits(&o, sizeof o);
|
||||
o %= gl->sectorN;
|
||||
o &= ~(gl->sectorsize - 1);
|
||||
} while(o < gl->sector0);
|
||||
for (u2 = 0; u2 < u; u2++)
|
||||
if (o == gl->lsector[u2])
|
||||
break;
|
||||
if (u2 < u)
|
||||
continue;
|
||||
break;
|
||||
}
|
||||
gl->lsector[u] = o;
|
||||
}
|
||||
for (; u < G_BDE_MAXKEYS; u++) {
|
||||
do
|
||||
random_bits(&o, sizeof o);
|
||||
while (o < gl->sectorN);
|
||||
gl->lsector[u] = o;
|
||||
}
|
||||
qsort(gl->lsector, G_BDE_MAXKEYS, sizeof gl->lsector[0], sorthelp);
|
||||
|
||||
/* Flush sector zero if we use it for lockfile data */
|
||||
if (gl->flags & GBDE_F_SECT0) {
|
||||
off2 = lseek(dfd, 0, SEEK_SET);
|
||||
if (off2 != 0)
|
||||
err(1, "lseek(2) to sector 0");
|
||||
random_bits(buf, sector_size);
|
||||
i = write(dfd, buf, sector_size);
|
||||
if (i != (int)sector_size)
|
||||
err(1, "write sector 0");
|
||||
}
|
||||
|
||||
/* <random_flush> */
|
||||
p = property_find(params, "random_flush");
|
||||
if (p != NULL) {
|
||||
off = first_sector * sector_size;
|
||||
off2 = lseek(dfd, off, SEEK_SET);
|
||||
if (off2 != off)
|
||||
err(1, "lseek(2) to first_sector");
|
||||
off2 = last_sector * sector_size;
|
||||
while (off <= off2) {
|
||||
random_bits(buf, sector_size);
|
||||
i = write(dfd, buf, sector_size);
|
||||
if (i != (int)sector_size)
|
||||
err(1, "write to $device_name");
|
||||
off += sector_size;
|
||||
}
|
||||
}
|
||||
|
||||
random_bits(gl->mkey, sizeof gl->mkey);
|
||||
random_bits(gl->salt, sizeof gl->salt);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static enum action {
|
||||
ACT_HUH,
|
||||
ACT_ATTACH, ACT_DETACH,
|
||||
ACT_INIT, ACT_SETKEY, ACT_DESTROY, ACT_NUKE
|
||||
} action;
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
const char *opts;
|
||||
const char *k_opt, *K_opt;
|
||||
const char *l_opt, *L_opt;
|
||||
const char *p_opt, *P_opt;
|
||||
const char *f_opt;
|
||||
char *dest;
|
||||
int i_opt, n_opt, ch, dfd, doopen;
|
||||
u_int nkey;
|
||||
int i;
|
||||
char *q, buf[BUFSIZ];
|
||||
struct g_bde_key *gl;
|
||||
struct g_bde_softc sc;
|
||||
|
||||
fprintf(stderr, "GBDE disk-encryption is deprecated,\n");
|
||||
fprintf(stderr, "and will be removed in FreeBSD 15.0\n");
|
||||
fprintf(stderr, "(continuing in 5 seconds)\n");
|
||||
sleep(5);
|
||||
|
||||
if (argc < 3)
|
||||
usage();
|
||||
|
||||
if (modfind("g_bde") < 0) {
|
||||
/* need to load the gbde module */
|
||||
if (kldload(GBDEMOD) < 0 || modfind("g_bde") < 0)
|
||||
err(1, GBDEMOD ": Kernel module not available");
|
||||
}
|
||||
doopen = 0;
|
||||
if (!strcmp(argv[1], "attach")) {
|
||||
action = ACT_ATTACH;
|
||||
opts = "k:l:p:";
|
||||
} else if (!strcmp(argv[1], "detach")) {
|
||||
action = ACT_DETACH;
|
||||
opts = "";
|
||||
} else if (!strcmp(argv[1], "init")) {
|
||||
action = ACT_INIT;
|
||||
doopen = 1;
|
||||
opts = "f:iK:L:P:";
|
||||
} else if (!strcmp(argv[1], "setkey")) {
|
||||
action = ACT_SETKEY;
|
||||
doopen = 1;
|
||||
opts = "k:K:l:L:n:p:P:";
|
||||
} else if (!strcmp(argv[1], "destroy")) {
|
||||
action = ACT_DESTROY;
|
||||
doopen = 1;
|
||||
opts = "k:l:p:";
|
||||
} else if (!strcmp(argv[1], "nuke")) {
|
||||
action = ACT_NUKE;
|
||||
doopen = 1;
|
||||
opts = "k:l:n:p:";
|
||||
} else {
|
||||
usage();
|
||||
}
|
||||
argc--;
|
||||
argv++;
|
||||
|
||||
dest = strdup(argv[1]);
|
||||
argc--;
|
||||
argv++;
|
||||
|
||||
p_opt = NULL;
|
||||
P_opt = NULL;
|
||||
k_opt = NULL;
|
||||
K_opt = NULL;
|
||||
l_opt = NULL;
|
||||
L_opt = NULL;
|
||||
f_opt = NULL;
|
||||
n_opt = 0;
|
||||
i_opt = 0;
|
||||
|
||||
while((ch = getopt(argc, argv, opts)) != -1)
|
||||
switch (ch) {
|
||||
case 'f':
|
||||
f_opt = optarg;
|
||||
break;
|
||||
case 'i':
|
||||
i_opt = !i_opt;
|
||||
break;
|
||||
case 'k':
|
||||
k_opt = optarg;
|
||||
break;
|
||||
case 'K':
|
||||
K_opt = optarg;
|
||||
break;
|
||||
case 'l':
|
||||
l_opt = optarg;
|
||||
break;
|
||||
case 'L':
|
||||
L_opt = optarg;
|
||||
break;
|
||||
case 'n':
|
||||
n_opt = strtoul(optarg, &q, 0);
|
||||
if (!*optarg || *q)
|
||||
errx(1, "-n argument not numeric");
|
||||
if (n_opt < -1 || n_opt > G_BDE_MAXKEYS)
|
||||
errx(1, "-n argument out of range");
|
||||
break;
|
||||
case 'p':
|
||||
p_opt = optarg;
|
||||
break;
|
||||
case 'P':
|
||||
P_opt = optarg;
|
||||
break;
|
||||
default:
|
||||
usage();
|
||||
}
|
||||
|
||||
if (doopen) {
|
||||
dfd = open(dest, O_RDWR);
|
||||
if (dfd < 0 && dest[0] != '/') {
|
||||
if (snprintf(buf, sizeof(buf), "%s%s",
|
||||
_PATH_DEV, dest) >= (ssize_t)sizeof(buf))
|
||||
errno = ENAMETOOLONG;
|
||||
else
|
||||
dfd = open(buf, O_RDWR);
|
||||
}
|
||||
if (dfd < 0)
|
||||
err(1, "%s", dest);
|
||||
} else {
|
||||
if (!memcmp(dest, _PATH_DEV, strlen(_PATH_DEV)))
|
||||
strcpy(dest, dest + strlen(_PATH_DEV));
|
||||
}
|
||||
|
||||
memset(&sc, 0, sizeof sc);
|
||||
sc.consumer = (void *)&dfd;
|
||||
gl = &sc.key;
|
||||
switch(action) {
|
||||
case ACT_ATTACH:
|
||||
setup_passphrase(&sc, 0, p_opt, k_opt);
|
||||
cmd_attach(&sc, dest, l_opt);
|
||||
break;
|
||||
case ACT_DETACH:
|
||||
cmd_detach(dest);
|
||||
break;
|
||||
case ACT_INIT:
|
||||
cmd_init(gl, dfd, f_opt, i_opt, L_opt);
|
||||
setup_passphrase(&sc, 1, P_opt, K_opt);
|
||||
cmd_write(gl, &sc, dfd, 0, L_opt);
|
||||
break;
|
||||
case ACT_SETKEY:
|
||||
setup_passphrase(&sc, 0, p_opt, k_opt);
|
||||
cmd_open(&sc, dfd, l_opt, &nkey);
|
||||
if (n_opt == 0)
|
||||
n_opt = nkey + 1;
|
||||
setup_passphrase(&sc, 1, P_opt, K_opt);
|
||||
cmd_write(gl, &sc, dfd, n_opt - 1, L_opt);
|
||||
break;
|
||||
case ACT_DESTROY:
|
||||
setup_passphrase(&sc, 0, p_opt, k_opt);
|
||||
cmd_open(&sc, dfd, l_opt, &nkey);
|
||||
cmd_destroy(gl, nkey);
|
||||
reset_passphrase(&sc);
|
||||
cmd_write(gl, &sc, dfd, nkey, l_opt);
|
||||
break;
|
||||
case ACT_NUKE:
|
||||
setup_passphrase(&sc, 0, p_opt, k_opt);
|
||||
cmd_open(&sc, dfd, l_opt, &nkey);
|
||||
if (n_opt == 0)
|
||||
n_opt = nkey + 1;
|
||||
if (n_opt == -1) {
|
||||
for(i = 0; i < G_BDE_MAXKEYS; i++)
|
||||
cmd_nuke(gl, dfd, i);
|
||||
} else {
|
||||
cmd_nuke(gl, dfd, n_opt - 1);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
errx(1, "internal error");
|
||||
}
|
||||
|
||||
return(0);
|
||||
}
|
3304
sbin/gbde/image.uu
3304
sbin/gbde/image.uu
File diff suppressed because it is too large
Load Diff
|
@ -1,31 +0,0 @@
|
|||
#
|
||||
# Sector size is the smallest unit of data which can be read or written.
|
||||
# Making it too small decreases performance and decreases available space.
|
||||
# Making it too large may prevent filesystems from working. 512 is the
|
||||
# minimum and always safe. For UFS, use the fragment size
|
||||
#
|
||||
sector_size = 512
|
||||
|
||||
#
|
||||
# Start and end of the encrypted section of the partition. Specify in
|
||||
# sector numbers. If none specified, "all" will be assumed, to the
|
||||
# extent the value of this can be established.
|
||||
#
|
||||
#first_sector = 0
|
||||
#last_sector = 2879
|
||||
#total_sectors = 2880
|
||||
|
||||
#
|
||||
# An encrypted partition can have more than one key. It may be a good idea
|
||||
# to make at least two keys, and save one of them for "just in case" use.
|
||||
# The minimum is obviously one and the maximum is 4.
|
||||
#
|
||||
number_of_keys = 4
|
||||
|
||||
#
|
||||
# Flushing the partition with random bytes prevents a brute-force attack
|
||||
# from skipping sectors which obviously contains un-encrypted data.
|
||||
# NB: This variable is boolean, if it is present it means "yes" even if
|
||||
# you set it to the value "no"
|
||||
#
|
||||
#random_flush =
|
|
@ -1,66 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
MD=99
|
||||
mdconfig -d -u $MD > /dev/null 2>&1 || true
|
||||
|
||||
mdconfig -a -t malloc -s 1m -u $MD
|
||||
|
||||
D=/dev/md$MD
|
||||
|
||||
./gbde init $D -P foo -L /tmp/_l1
|
||||
./gbde setkey $D -p foo -l /tmp/_l1 -P bar -L /tmp/_l1
|
||||
./gbde setkey $D -p bar -l /tmp/_l1 -P foo -L /tmp/_l1
|
||||
|
||||
./gbde setkey $D -p foo -l /tmp/_l1 -n 2 -P foo2 -L /tmp/_l2
|
||||
./gbde setkey $D -p foo2 -l /tmp/_l2 -n 3 -P foo3 -L /tmp/_l3
|
||||
./gbde setkey $D -p foo3 -l /tmp/_l3 -n 4 -P foo4 -L /tmp/_l4
|
||||
./gbde setkey $D -p foo4 -l /tmp/_l4 -n 1 -P foo1 -L /tmp/_l1
|
||||
|
||||
./gbde nuke $D -p foo1 -l /tmp/_l1 -n 4
|
||||
if ./gbde nuke $D -p foo4 -l /tmp/_l4 -n 3 ; then false ; fi
|
||||
./gbde destroy $D -p foo2 -l /tmp/_l2
|
||||
if ./gbde destroy $D -p foo2 -l /tmp/_l2 ; then false ; fi
|
||||
|
||||
./gbde nuke $D -p foo1 -l /tmp/_l1 -n -1
|
||||
if ./gbde nuke $D -p foo1 -l /tmp/_l1 -n -1 ; then false ; fi
|
||||
if ./gbde nuke $D -p foo2 -l /tmp/_l2 -n -1 ; then false ; fi
|
||||
if ./gbde nuke $D -p foo3 -l /tmp/_l3 -n -1 ; then false ; fi
|
||||
if ./gbde nuke $D -p foo4 -l /tmp/_l4 -n -1 ; then false ; fi
|
||||
|
||||
rm -f /tmp/_l1 /tmp/_l2 /tmp/_l3 /tmp/_l4
|
||||
|
||||
./gbde init $D -P foo
|
||||
./gbde setkey $D -p foo -P bar
|
||||
./gbde setkey $D -p bar -P foo
|
||||
|
||||
./gbde setkey $D -p foo -n 2 -P foo2
|
||||
./gbde setkey $D -p foo2 -n 3 -P foo3
|
||||
./gbde setkey $D -p foo3 -n 4 -P foo4
|
||||
./gbde setkey $D -p foo4 -n 1 -P foo1
|
||||
|
||||
mdconfig -d -u $MD
|
||||
|
||||
mdconfig -a -t malloc -s 1m -u $MD
|
||||
if [ -f image.uu ] ; then
|
||||
uudecode -p image.uu | bzcat > $D
|
||||
else
|
||||
uudecode -p ${1}/image.uu | bzcat > $D
|
||||
fi
|
||||
|
||||
if [ `md5 < $D` != "a4066a739338d451b919e63f9ee4a12c" ] ; then
|
||||
echo "Failed to set up md(4) device correctly"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
./gbde attach $D -p foo
|
||||
fsck_ffs ${D}.bde
|
||||
./gbde detach $D
|
||||
mdconfig -d -u $MD
|
||||
|
||||
|
||||
echo "***********"
|
||||
echo "Test passed"
|
||||
echo "***********"
|
||||
exit 0
|
|
@ -1,296 +0,0 @@
|
|||
/*-
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*
|
||||
* Copyright (c) 2002 Poul-Henning Kamp
|
||||
* Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by Poul-Henning Kamp
|
||||
* and NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||
* DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/bio.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/kthread.h>
|
||||
#include <sys/sysctl.h>
|
||||
|
||||
#include <crypto/rijndael/rijndael-api-fst.h>
|
||||
#include <crypto/sha2/sha512.h>
|
||||
#include <geom/geom.h>
|
||||
#include <geom/bde/g_bde.h>
|
||||
#define BDE_CLASS_NAME "BDE"
|
||||
|
||||
FEATURE(geom_bde, "GEOM-based Disk Encryption");
|
||||
|
||||
static void
|
||||
g_bde_start(struct bio *bp)
|
||||
{
|
||||
|
||||
switch (bp->bio_cmd) {
|
||||
case BIO_DELETE:
|
||||
case BIO_READ:
|
||||
case BIO_WRITE:
|
||||
g_bde_start1(bp);
|
||||
break;
|
||||
case BIO_GETATTR:
|
||||
g_io_deliver(bp, EOPNOTSUPP);
|
||||
break;
|
||||
default:
|
||||
g_io_deliver(bp, EOPNOTSUPP);
|
||||
return;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
static void
|
||||
g_bde_orphan(struct g_consumer *cp)
|
||||
{
|
||||
struct g_geom *gp;
|
||||
struct g_provider *pp;
|
||||
struct g_bde_softc *sc;
|
||||
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_orphan(%p/%s)", cp, cp->provider->name);
|
||||
g_topology_assert();
|
||||
|
||||
gp = cp->geom;
|
||||
sc = gp->softc;
|
||||
gp->flags |= G_GEOM_WITHER;
|
||||
LIST_FOREACH(pp, &gp->provider, provider)
|
||||
g_wither_provider(pp, ENXIO);
|
||||
explicit_bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */
|
||||
return;
|
||||
}
|
||||
|
||||
static int
|
||||
g_bde_access(struct g_provider *pp, int dr, int dw, int de)
|
||||
{
|
||||
struct g_geom *gp;
|
||||
struct g_consumer *cp;
|
||||
|
||||
gp = pp->geom;
|
||||
cp = LIST_FIRST(&gp->consumer);
|
||||
if (cp->acr == 0 && cp->acw == 0 && cp->ace == 0) {
|
||||
de++;
|
||||
dr++;
|
||||
}
|
||||
/* ... and let go of it on last close */
|
||||
if ((cp->acr + dr) == 0 && (cp->acw + dw) == 0 && (cp->ace + de) == 1) {
|
||||
de--;
|
||||
dr--;
|
||||
}
|
||||
return (g_access(cp, dr, dw, de));
|
||||
}
|
||||
|
||||
static void
|
||||
g_bde_create_geom(struct gctl_req *req, struct g_class *mp, struct g_provider *pp)
|
||||
{
|
||||
struct g_geom *gp;
|
||||
struct g_consumer *cp;
|
||||
struct g_bde_key *kp;
|
||||
int error, i;
|
||||
u_int sectorsize;
|
||||
off_t mediasize;
|
||||
struct g_bde_softc *sc;
|
||||
void *pass;
|
||||
void *key;
|
||||
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_create_geom(%s, %s)", mp->name, pp->name);
|
||||
g_topology_assert();
|
||||
gp = NULL;
|
||||
|
||||
gp = g_new_geomf(mp, "%s.bde", pp->name);
|
||||
cp = g_new_consumer(gp);
|
||||
error = g_attach(cp, pp);
|
||||
if (error != 0) {
|
||||
g_destroy_consumer(cp);
|
||||
g_destroy_geom(gp);
|
||||
gctl_error(req, "could not attach consumer");
|
||||
return;
|
||||
}
|
||||
error = g_access(cp, 1, 1, 1);
|
||||
if (error) {
|
||||
g_detach(cp);
|
||||
g_destroy_consumer(cp);
|
||||
g_destroy_geom(gp);
|
||||
gctl_error(req, "could not access consumer");
|
||||
return;
|
||||
}
|
||||
pass = NULL;
|
||||
key = NULL;
|
||||
do {
|
||||
pass = gctl_get_param(req, "pass", &i);
|
||||
if (pass == NULL || i != SHA512_DIGEST_LENGTH) {
|
||||
gctl_error(req, "No usable key presented");
|
||||
break;
|
||||
}
|
||||
key = gctl_get_param(req, "key", &i);
|
||||
if (key != NULL && i != 16) {
|
||||
gctl_error(req, "Invalid key presented");
|
||||
break;
|
||||
}
|
||||
sectorsize = cp->provider->sectorsize;
|
||||
mediasize = cp->provider->mediasize;
|
||||
sc = g_malloc(sizeof(struct g_bde_softc), M_WAITOK | M_ZERO);
|
||||
gp->softc = sc;
|
||||
sc->geom = gp;
|
||||
sc->consumer = cp;
|
||||
|
||||
error = g_bde_decrypt_lock(sc, pass, key,
|
||||
mediasize, sectorsize, NULL);
|
||||
explicit_bzero(sc->sha2, sizeof sc->sha2);
|
||||
if (error)
|
||||
break;
|
||||
kp = &sc->key;
|
||||
|
||||
/* Initialize helper-fields */
|
||||
kp->keys_per_sector = kp->sectorsize / G_BDE_SKEYLEN;
|
||||
kp->zone_cont = kp->keys_per_sector * kp->sectorsize;
|
||||
kp->zone_width = kp->zone_cont + kp->sectorsize;
|
||||
kp->media_width = kp->sectorN - kp->sector0 -
|
||||
G_BDE_MAXKEYS * kp->sectorsize;
|
||||
|
||||
/* Our external parameters */
|
||||
sc->zone_cont = kp->zone_cont;
|
||||
sc->mediasize = g_bde_max_sector(kp);
|
||||
sc->sectorsize = kp->sectorsize;
|
||||
|
||||
TAILQ_INIT(&sc->freelist);
|
||||
TAILQ_INIT(&sc->worklist);
|
||||
mtx_init(&sc->worklist_mutex, "g_bde_worklist", NULL, MTX_DEF);
|
||||
/* XXX: error check */
|
||||
kproc_create(g_bde_worker, gp, &sc->thread, 0, 0,
|
||||
"g_bde %s", gp->name);
|
||||
pp = g_new_providerf(gp, "%s", gp->name);
|
||||
pp->stripesize = kp->zone_cont;
|
||||
pp->stripeoffset = 0;
|
||||
pp->mediasize = sc->mediasize;
|
||||
pp->sectorsize = sc->sectorsize;
|
||||
g_error_provider(pp, 0);
|
||||
break;
|
||||
} while (0);
|
||||
if (pass != NULL)
|
||||
explicit_bzero(pass, SHA512_DIGEST_LENGTH);
|
||||
if (key != NULL)
|
||||
explicit_bzero(key, 16);
|
||||
if (error == 0)
|
||||
return;
|
||||
g_access(cp, -1, -1, -1);
|
||||
g_detach(cp);
|
||||
g_destroy_consumer(cp);
|
||||
g_free(gp->softc);
|
||||
g_destroy_geom(gp);
|
||||
switch (error) {
|
||||
case ENOENT:
|
||||
gctl_error(req, "Lock was destroyed");
|
||||
break;
|
||||
case ESRCH:
|
||||
gctl_error(req, "Lock was nuked");
|
||||
break;
|
||||
case EINVAL:
|
||||
gctl_error(req, "Could not open lock");
|
||||
break;
|
||||
case ENOTDIR:
|
||||
gctl_error(req, "Lock not found");
|
||||
break;
|
||||
default:
|
||||
gctl_error(req, "Could not open lock (%d)", error);
|
||||
break;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
static int
|
||||
g_bde_destroy_geom(struct gctl_req *req, struct g_class *mp, struct g_geom *gp)
|
||||
{
|
||||
struct g_consumer *cp;
|
||||
struct g_provider *pp;
|
||||
struct g_bde_softc *sc;
|
||||
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_destroy_geom(%s, %s)", mp->name, gp->name);
|
||||
g_topology_assert();
|
||||
/*
|
||||
* Orderly detachment.
|
||||
*/
|
||||
KASSERT(gp != NULL, ("NULL geom"));
|
||||
pp = LIST_FIRST(&gp->provider);
|
||||
KASSERT(pp != NULL, ("NULL provider"));
|
||||
if (pp->acr > 0 || pp->acw > 0 || pp->ace > 0)
|
||||
return (EBUSY);
|
||||
sc = gp->softc;
|
||||
cp = LIST_FIRST(&gp->consumer);
|
||||
KASSERT(cp != NULL, ("NULL consumer"));
|
||||
sc->dead = 1;
|
||||
wakeup(sc);
|
||||
g_access(cp, -1, -1, -1);
|
||||
g_detach(cp);
|
||||
g_destroy_consumer(cp);
|
||||
while (sc->dead != 2 && !LIST_EMPTY(&pp->consumers))
|
||||
tsleep(sc, PRIBIO, "g_bdedie", hz);
|
||||
mtx_destroy(&sc->worklist_mutex);
|
||||
explicit_bzero(&sc->key, sizeof sc->key);
|
||||
g_free(sc);
|
||||
g_wither_geom(gp, ENXIO);
|
||||
return (0);
|
||||
}
|
||||
|
||||
static void
|
||||
g_bde_ctlreq(struct gctl_req *req, struct g_class *mp, char const *verb)
|
||||
{
|
||||
struct g_geom *gp;
|
||||
struct g_provider *pp;
|
||||
|
||||
if (!strcmp(verb, "create geom")) {
|
||||
pp = gctl_get_provider(req, "provider");
|
||||
if (pp != NULL)
|
||||
g_bde_create_geom(req, mp, pp);
|
||||
} else if (!strcmp(verb, "destroy geom")) {
|
||||
gp = gctl_get_geom(req, mp, "geom");
|
||||
if (gp != NULL)
|
||||
g_bde_destroy_geom(req, mp, gp);
|
||||
} else {
|
||||
gctl_error(req, "unknown verb");
|
||||
}
|
||||
}
|
||||
|
||||
static struct g_class g_bde_class = {
|
||||
.name = BDE_CLASS_NAME,
|
||||
.version = G_VERSION,
|
||||
.destroy_geom = g_bde_destroy_geom,
|
||||
.ctlreq = g_bde_ctlreq,
|
||||
.start = g_bde_start,
|
||||
.orphan = g_bde_orphan,
|
||||
.access = g_bde_access,
|
||||
.spoiled = g_std_spoiled,
|
||||
};
|
||||
|
||||
DECLARE_GEOM_CLASS(g_bde_class, g_bde);
|
||||
MODULE_VERSION(geom_bde, 0);
|
|
@ -1,215 +0,0 @@
|
|||
/*-
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*
|
||||
* Copyright (c) 2002 Poul-Henning Kamp
|
||||
* Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by Poul-Henning Kamp
|
||||
* and NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||
* DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef _SYS_GEOM_BDE_G_BDE_H_
|
||||
#define _SYS_GEOM_BDE_G_BDE_H_ 1
|
||||
|
||||
/*
|
||||
* These are quite, but not entirely unlike constants.
|
||||
*
|
||||
* They are not commented in details here, to prevent unadvisable
|
||||
* experimentation. Please consult the code where they are used before you
|
||||
* even think about modifying these.
|
||||
*/
|
||||
|
||||
#define G_BDE_MKEYLEN (2048/8)
|
||||
#define G_BDE_SKEYBITS 128
|
||||
#define G_BDE_SKEYLEN (G_BDE_SKEYBITS/8)
|
||||
#define G_BDE_KKEYBITS 128
|
||||
#define G_BDE_KKEYLEN (G_BDE_KKEYBITS/8)
|
||||
#define G_BDE_MAXKEYS 4
|
||||
#define G_BDE_LOCKSIZE 384
|
||||
#define NLOCK_FIELDS 13
|
||||
|
||||
/* This just needs to be "large enough" */
|
||||
#define G_BDE_KEYBYTES 304
|
||||
|
||||
/* This file is being included by userspace. */
|
||||
#ifndef __diagused
|
||||
#define __diagused
|
||||
#endif
|
||||
|
||||
struct g_bde_work;
|
||||
struct g_bde_softc;
|
||||
|
||||
struct g_bde_sector {
|
||||
struct g_bde_work *owner;
|
||||
struct g_bde_softc *softc;
|
||||
off_t offset;
|
||||
u_int size;
|
||||
u_int ref;
|
||||
void *data;
|
||||
TAILQ_ENTRY(g_bde_sector) list;
|
||||
u_char valid;
|
||||
u_char malloc;
|
||||
enum {JUNK, IO, VALID} state;
|
||||
int error;
|
||||
time_t used;
|
||||
};
|
||||
|
||||
struct g_bde_work {
|
||||
struct mtx mutex;
|
||||
off_t offset;
|
||||
off_t length;
|
||||
void *data;
|
||||
struct bio *bp;
|
||||
struct g_bde_softc *softc;
|
||||
off_t so;
|
||||
off_t kso;
|
||||
u_int ko;
|
||||
struct g_bde_sector *sp;
|
||||
struct g_bde_sector *ksp;
|
||||
TAILQ_ENTRY(g_bde_work) list;
|
||||
enum {SETUP, WAIT, FINISH} state;
|
||||
int error;
|
||||
};
|
||||
|
||||
/*
|
||||
* The decrypted contents of the lock sectors. Notice that this is not
|
||||
* the same as the on-disk layout. The on-disk layout is dynamic and
|
||||
* dependent on the pass-phrase.
|
||||
*/
|
||||
struct g_bde_key {
|
||||
uint64_t sector0;
|
||||
/* Physical byte offset of 1st byte used */
|
||||
uint64_t sectorN;
|
||||
/* Physical byte offset of 1st byte not used */
|
||||
uint64_t keyoffset;
|
||||
/* Number of bytes the disk image is skewed. */
|
||||
uint64_t lsector[G_BDE_MAXKEYS];
|
||||
/* Physical byte offsets of lock sectors */
|
||||
uint32_t sectorsize;
|
||||
/* Our "logical" sector size */
|
||||
uint32_t flags;
|
||||
#define GBDE_F_SECT0 1
|
||||
uint8_t salt[16];
|
||||
/* Used to frustate the kkey generation */
|
||||
uint8_t spare[32];
|
||||
/* For future use, random contents */
|
||||
uint8_t mkey[G_BDE_MKEYLEN];
|
||||
/* Our masterkey. */
|
||||
|
||||
/* Non-stored help-fields */
|
||||
uint64_t zone_width; /* On-disk width of zone */
|
||||
uint64_t zone_cont; /* Payload width of zone */
|
||||
uint64_t media_width; /* Non-magic width of zone */
|
||||
u_int keys_per_sector;
|
||||
};
|
||||
|
||||
struct g_bde_softc {
|
||||
off_t mediasize;
|
||||
u_int sectorsize;
|
||||
uint64_t zone_cont;
|
||||
struct g_geom *geom;
|
||||
struct g_consumer *consumer;
|
||||
TAILQ_HEAD(, g_bde_sector) freelist;
|
||||
TAILQ_HEAD(, g_bde_work) worklist;
|
||||
struct mtx worklist_mutex;
|
||||
struct proc *thread;
|
||||
struct g_bde_key key;
|
||||
int dead;
|
||||
u_int nwork;
|
||||
u_int nsect;
|
||||
u_int ncache;
|
||||
u_char sha2[SHA512_DIGEST_LENGTH];
|
||||
};
|
||||
|
||||
/* g_bde_crypt.c */
|
||||
void g_bde_crypt_delete(struct g_bde_work *wp);
|
||||
void g_bde_crypt_read(struct g_bde_work *wp);
|
||||
void g_bde_crypt_write(struct g_bde_work *wp);
|
||||
|
||||
/* g_bde_key.c */
|
||||
void g_bde_zap_key(struct g_bde_softc *sc);
|
||||
int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len);
|
||||
int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len);
|
||||
|
||||
/* g_bde_lock .c */
|
||||
int g_bde_encode_lock(u_char *sha2, struct g_bde_key *gl, u_char *ptr);
|
||||
int g_bde_decode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr);
|
||||
int g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64_t v1, void *output);
|
||||
int g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64_t *output);
|
||||
int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *keymat, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey);
|
||||
void g_bde_hash_pass(struct g_bde_softc *sc, const void *input, u_int len);
|
||||
|
||||
/* g_bde_math .c */
|
||||
uint64_t g_bde_max_sector(struct g_bde_key *lp);
|
||||
void g_bde_map_sector(struct g_bde_work *wp);
|
||||
|
||||
/* g_bde_work.c */
|
||||
void g_bde_start1(struct bio *bp);
|
||||
void g_bde_worker(void *arg);
|
||||
|
||||
/*
|
||||
* These four functions wrap the raw Rijndael functions and make sure we
|
||||
* explode if something fails which shouldn't.
|
||||
*/
|
||||
|
||||
static __inline void
|
||||
AES_init(cipherInstance *ci)
|
||||
{
|
||||
int error __diagused;
|
||||
|
||||
error = rijndael_cipherInit(ci, MODE_CBC, NULL);
|
||||
KASSERT(error > 0, ("rijndael_cipherInit %d", error));
|
||||
}
|
||||
|
||||
static __inline void
|
||||
AES_makekey(keyInstance *ki, int dir, u_int len, const void *key)
|
||||
{
|
||||
int error __diagused;
|
||||
|
||||
error = rijndael_makeKey(ki, dir, len, key);
|
||||
KASSERT(error > 0, ("rijndael_makeKey %d", error));
|
||||
}
|
||||
|
||||
static __inline void
|
||||
AES_encrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len)
|
||||
{
|
||||
int error __diagused;
|
||||
|
||||
error = rijndael_blockEncrypt(ci, ki, in, len * 8, out);
|
||||
KASSERT(error > 0, ("rijndael_blockEncrypt %d", error));
|
||||
}
|
||||
|
||||
static __inline void
|
||||
AES_decrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len)
|
||||
{
|
||||
int error __diagused;
|
||||
|
||||
error = rijndael_blockDecrypt(ci, ki, in, len * 8, out);
|
||||
KASSERT(error > 0, ("rijndael_blockDecrypt %d", error));
|
||||
}
|
||||
|
||||
#endif /* _SYS_GEOM_BDE_G_BDE_H_ */
|
|
@ -1,358 +0,0 @@
|
|||
/*-
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*
|
||||
* Copyright (c) 2002 Poul-Henning Kamp
|
||||
* Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by Poul-Henning Kamp
|
||||
* and NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||
* DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
/* This source file contains the functions responsible for the crypto, keying
|
||||
* and mapping operations on the I/O requests.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/bio.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/libkern.h>
|
||||
#include <sys/endian.h>
|
||||
#include <sys/md5.h>
|
||||
|
||||
#include <crypto/rijndael/rijndael-api-fst.h>
|
||||
#include <crypto/sha2/sha512.h>
|
||||
|
||||
#include <geom/geom.h>
|
||||
#include <geom/bde/g_bde.h>
|
||||
|
||||
/*
|
||||
* XXX: Debugging DO NOT ENABLE
|
||||
*/
|
||||
#undef MD5_KEY
|
||||
|
||||
/*
|
||||
* Derive kkey from mkey + sector offset.
|
||||
*
|
||||
* Security objective: Derive a potentially very large number of distinct skeys
|
||||
* from the comparatively small key material in our mkey, in such a way that
|
||||
* if one, more or even many of the kkeys are compromised, this does not
|
||||
* significantly help an attack on other kkeys and in particular does not
|
||||
* weaken or compromise the mkey.
|
||||
*
|
||||
* First we MD5 hash the sectornumber with the salt from the lock sector.
|
||||
* The salt prevents the precalculation and statistical analysis of the MD5
|
||||
* output which would be possible if we only gave it the sectornumber.
|
||||
*
|
||||
* The MD5 hash is used to pick out 16 bytes from the masterkey, which
|
||||
* are then hashed with MD5 together with the sector number.
|
||||
*
|
||||
* The resulting MD5 hash is the kkey.
|
||||
*/
|
||||
|
||||
static void
|
||||
g_bde_kkey(struct g_bde_softc *sc, keyInstance *ki, int dir, off_t sector)
|
||||
{
|
||||
u_int t;
|
||||
MD5_CTX ct;
|
||||
u_char buf[16];
|
||||
u_char buf2[8];
|
||||
|
||||
/* We have to be architecture neutral */
|
||||
le64enc(buf2, sector);
|
||||
|
||||
MD5Init(&ct);
|
||||
MD5Update(&ct, sc->key.salt, 8);
|
||||
MD5Update(&ct, buf2, sizeof buf2);
|
||||
MD5Update(&ct, sc->key.salt + 8, 8);
|
||||
MD5Final(buf, &ct);
|
||||
|
||||
MD5Init(&ct);
|
||||
for (t = 0; t < 16; t++) {
|
||||
MD5Update(&ct, &sc->key.mkey[buf[t]], 1);
|
||||
if (t == 8)
|
||||
MD5Update(&ct, buf2, sizeof buf2);
|
||||
}
|
||||
bzero(buf2, sizeof buf2);
|
||||
MD5Final(buf, &ct);
|
||||
bzero(&ct, sizeof ct);
|
||||
AES_makekey(ki, dir, G_BDE_KKEYBITS, buf);
|
||||
bzero(buf, sizeof buf);
|
||||
}
|
||||
|
||||
/*
|
||||
* Encryption work for read operation.
|
||||
*
|
||||
* Security objective: Find the kkey, find the skey, decrypt the sector data.
|
||||
*/
|
||||
|
||||
void
|
||||
g_bde_crypt_read(struct g_bde_work *wp)
|
||||
{
|
||||
struct g_bde_softc *sc;
|
||||
u_char *d;
|
||||
u_int n;
|
||||
off_t o;
|
||||
u_char skey[G_BDE_SKEYLEN];
|
||||
keyInstance ki;
|
||||
cipherInstance ci;
|
||||
|
||||
AES_init(&ci);
|
||||
sc = wp->softc;
|
||||
o = 0;
|
||||
for (n = 0; o < wp->length; n++, o += sc->sectorsize) {
|
||||
d = (u_char *)wp->ksp->data + wp->ko + n * G_BDE_SKEYLEN;
|
||||
g_bde_kkey(sc, &ki, DIR_DECRYPT, wp->offset + o);
|
||||
AES_decrypt(&ci, &ki, d, skey, sizeof skey);
|
||||
d = (u_char *)wp->data + o;
|
||||
AES_makekey(&ki, DIR_DECRYPT, G_BDE_SKEYBITS, skey);
|
||||
AES_decrypt(&ci, &ki, d, d, sc->sectorsize);
|
||||
}
|
||||
bzero(skey, sizeof skey);
|
||||
bzero(&ci, sizeof ci);
|
||||
bzero(&ki, sizeof ki);
|
||||
}
|
||||
|
||||
/*
|
||||
* Encryption work for write operation.
|
||||
*
|
||||
* Security objective: Create random skey, encrypt sector data,
|
||||
* encrypt skey with the kkey.
|
||||
*/
|
||||
|
||||
void
|
||||
g_bde_crypt_write(struct g_bde_work *wp)
|
||||
{
|
||||
u_char *s, *d;
|
||||
struct g_bde_softc *sc;
|
||||
u_int n;
|
||||
off_t o;
|
||||
u_char skey[G_BDE_SKEYLEN];
|
||||
keyInstance ki;
|
||||
cipherInstance ci;
|
||||
|
||||
sc = wp->softc;
|
||||
AES_init(&ci);
|
||||
o = 0;
|
||||
for (n = 0; o < wp->length; n++, o += sc->sectorsize) {
|
||||
s = (u_char *)wp->data + o;
|
||||
d = (u_char *)wp->sp->data + o;
|
||||
arc4rand(skey, sizeof skey, 0);
|
||||
AES_makekey(&ki, DIR_ENCRYPT, G_BDE_SKEYBITS, skey);
|
||||
AES_encrypt(&ci, &ki, s, d, sc->sectorsize);
|
||||
|
||||
d = (u_char *)wp->ksp->data + wp->ko + n * G_BDE_SKEYLEN;
|
||||
g_bde_kkey(sc, &ki, DIR_ENCRYPT, wp->offset + o);
|
||||
AES_encrypt(&ci, &ki, skey, d, sizeof skey);
|
||||
bzero(skey, sizeof skey);
|
||||
}
|
||||
bzero(skey, sizeof skey);
|
||||
bzero(&ci, sizeof ci);
|
||||
bzero(&ki, sizeof ki);
|
||||
}
|
||||
|
||||
/*
|
||||
* Encryption work for delete operation.
|
||||
*
|
||||
* Security objective: Write random data to the sectors.
|
||||
*
|
||||
* XXX: At a hit in performance we would trash the encrypted skey as well.
|
||||
* XXX: This would add frustration to the cleaning lady attack by making
|
||||
* XXX: deletes look like writes.
|
||||
*/
|
||||
|
||||
void
|
||||
g_bde_crypt_delete(struct g_bde_work *wp)
|
||||
{
|
||||
struct g_bde_softc *sc;
|
||||
u_char *d;
|
||||
off_t o;
|
||||
u_char skey[G_BDE_SKEYLEN];
|
||||
keyInstance ki;
|
||||
cipherInstance ci;
|
||||
|
||||
sc = wp->softc;
|
||||
d = wp->sp->data;
|
||||
AES_init(&ci);
|
||||
/*
|
||||
* Do not unroll this loop!
|
||||
* Our zone may be significantly wider than the amount of random
|
||||
* bytes arc4rand likes to give in one reseeding, whereas our
|
||||
* sectorsize is far more likely to be in the same range.
|
||||
*/
|
||||
for (o = 0; o < wp->length; o += sc->sectorsize) {
|
||||
arc4rand(d, sc->sectorsize, 0);
|
||||
arc4rand(skey, sizeof skey, 0);
|
||||
AES_makekey(&ki, DIR_ENCRYPT, G_BDE_SKEYBITS, skey);
|
||||
AES_encrypt(&ci, &ki, d, d, sc->sectorsize);
|
||||
d += sc->sectorsize;
|
||||
}
|
||||
/*
|
||||
* Having written a long random sequence to disk here, we want to
|
||||
* force a reseed, to avoid weakening the next time we use random
|
||||
* data for something important.
|
||||
*/
|
||||
arc4rand(&o, sizeof o, 1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate the total payload size of the encrypted device.
|
||||
*
|
||||
* Security objectives: none.
|
||||
*
|
||||
* This function needs to agree with g_bde_map_sector() about things.
|
||||
*/
|
||||
|
||||
uint64_t
|
||||
g_bde_max_sector(struct g_bde_key *kp)
|
||||
{
|
||||
uint64_t maxsect;
|
||||
|
||||
maxsect = kp->media_width;
|
||||
maxsect /= kp->zone_width;
|
||||
maxsect *= kp->zone_cont;
|
||||
return (maxsect);
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert an unencrypted side offset to offsets on the encrypted side.
|
||||
*
|
||||
* Security objective: Make it harder to identify what sectors contain what
|
||||
* on a "cold" disk image.
|
||||
*
|
||||
* We do this by adding the "keyoffset" from the lock to the physical sector
|
||||
* number modulus the available number of sectors. Since all physical sectors
|
||||
* presumably look the same cold, this will do.
|
||||
*
|
||||
* As part of the mapping we have to skip the lock sectors which we know
|
||||
* the physical address off. We also truncate the work packet, respecting
|
||||
* zone boundaries and lock sectors, so that we end up with a sequence of
|
||||
* sectors which are physically contiguous.
|
||||
*
|
||||
* Shuffling things further is an option, but the incremental frustration is
|
||||
* not currently deemed worth the run-time performance hit resulting from the
|
||||
* increased number of disk arm movements it would incur.
|
||||
*
|
||||
* This function offers nothing but a trivial diversion for an attacker able
|
||||
* to do "the cleaning lady attack" in its current static mapping form.
|
||||
*/
|
||||
|
||||
void
|
||||
g_bde_map_sector(struct g_bde_work *wp)
|
||||
{
|
||||
|
||||
u_int zone, zoff, u, len;
|
||||
uint64_t ko;
|
||||
struct g_bde_softc *sc;
|
||||
struct g_bde_key *kp;
|
||||
|
||||
sc = wp->softc;
|
||||
kp = &sc->key;
|
||||
|
||||
/* find which zone and the offset in it */
|
||||
zone = wp->offset / kp->zone_cont;
|
||||
zoff = wp->offset % kp->zone_cont;
|
||||
|
||||
/* Calculate the offset of the key in the key sector */
|
||||
wp->ko = (zoff / kp->sectorsize) * G_BDE_SKEYLEN;
|
||||
|
||||
/* restrict length to that zone */
|
||||
len = kp->zone_cont - zoff;
|
||||
|
||||
/* ... and in general */
|
||||
if (len > DFLTPHYS)
|
||||
len = DFLTPHYS;
|
||||
|
||||
if (len < wp->length)
|
||||
wp->length = len;
|
||||
|
||||
/* Find physical sector address */
|
||||
wp->so = zone * kp->zone_width + zoff;
|
||||
wp->so += kp->keyoffset;
|
||||
wp->so %= kp->media_width;
|
||||
if (wp->so + wp->length > kp->media_width)
|
||||
wp->length = kp->media_width - wp->so;
|
||||
wp->so += kp->sector0;
|
||||
|
||||
/* The key sector is the last in this zone. */
|
||||
wp->kso = zone * kp->zone_width + kp->zone_cont;
|
||||
wp->kso += kp->keyoffset;
|
||||
wp->kso %= kp->media_width;
|
||||
wp->kso += kp->sector0;
|
||||
|
||||
/* Compensate for lock sectors */
|
||||
for (u = 0; u < G_BDE_MAXKEYS; u++) {
|
||||
/* Find the start of this lock sector */
|
||||
ko = rounddown2(kp->lsector[u], (uint64_t)kp->sectorsize);
|
||||
|
||||
if (wp->kso >= ko)
|
||||
wp->kso += kp->sectorsize;
|
||||
|
||||
if (wp->so >= ko) {
|
||||
/* lock sector before work packet */
|
||||
wp->so += kp->sectorsize;
|
||||
} else if ((wp->so + wp->length) > ko) {
|
||||
/* lock sector in work packet, truncate */
|
||||
wp->length = ko - wp->so;
|
||||
}
|
||||
}
|
||||
|
||||
#if 0
|
||||
printf("off %jd len %jd so %jd ko %jd kso %u\n",
|
||||
(intmax_t)wp->offset,
|
||||
(intmax_t)wp->length,
|
||||
(intmax_t)wp->so,
|
||||
(intmax_t)wp->kso,
|
||||
wp->ko);
|
||||
#endif
|
||||
KASSERT(wp->so + wp->length <= kp->sectorN,
|
||||
("wp->so (%jd) + wp->length (%jd) > EOM (%jd), offset = %jd",
|
||||
(intmax_t)wp->so,
|
||||
(intmax_t)wp->length,
|
||||
(intmax_t)kp->sectorN,
|
||||
(intmax_t)wp->offset));
|
||||
|
||||
KASSERT(wp->kso + kp->sectorsize <= kp->sectorN,
|
||||
("wp->kso (%jd) + kp->sectorsize > EOM (%jd), offset = %jd",
|
||||
(intmax_t)wp->kso,
|
||||
(intmax_t)kp->sectorN,
|
||||
(intmax_t)wp->offset));
|
||||
|
||||
KASSERT(wp->so >= kp->sector0,
|
||||
("wp->so (%jd) < BOM (%jd), offset = %jd",
|
||||
(intmax_t)wp->so,
|
||||
(intmax_t)kp->sector0,
|
||||
(intmax_t)wp->offset));
|
||||
|
||||
KASSERT(wp->kso >= kp->sector0,
|
||||
("wp->kso (%jd) <BOM (%jd), offset = %jd",
|
||||
(intmax_t)wp->kso,
|
||||
(intmax_t)kp->sector0,
|
||||
(intmax_t)wp->offset));
|
||||
}
|
|
@ -1,478 +0,0 @@
|
|||
/*-
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*
|
||||
* Copyright (c) 2002 Poul-Henning Kamp
|
||||
* Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by Poul-Henning Kamp
|
||||
* and NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||
* DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
/* This souce file contains routines which operates on the lock sectors, both
|
||||
* for the kernel and the userland program gbde(1).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/endian.h>
|
||||
#include <sys/md5.h>
|
||||
|
||||
#ifdef _KERNEL
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/systm.h>
|
||||
#else
|
||||
#include <err.h>
|
||||
#define CTASSERT(foo)
|
||||
#define KASSERT(foo, bar) do { if(!(foo)) { warn bar ; exit (1); } } while (0)
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#define g_free(foo) free(foo)
|
||||
#endif
|
||||
|
||||
#include <crypto/rijndael/rijndael-api-fst.h>
|
||||
#include <crypto/sha2/sha512.h>
|
||||
|
||||
#include <geom/geom.h>
|
||||
#include <geom/bde/g_bde.h>
|
||||
|
||||
/*
|
||||
* Hash the raw pass-phrase.
|
||||
*
|
||||
* Security objectives: produce from the pass-phrase a fixed length
|
||||
* bytesequence with PRN like properties in a reproducible way retaining
|
||||
* as much entropy from the pass-phrase as possible.
|
||||
*
|
||||
* SHA2-512 makes this easy.
|
||||
*/
|
||||
|
||||
void
|
||||
g_bde_hash_pass(struct g_bde_softc *sc, const void *input, u_int len)
|
||||
{
|
||||
SHA512_CTX cx;
|
||||
|
||||
SHA512_Init(&cx);
|
||||
SHA512_Update(&cx, input, len);
|
||||
SHA512_Final(sc->sha2, &cx);
|
||||
}
|
||||
|
||||
/*
|
||||
* Encode/Decode the lock structure in byte-sequence format.
|
||||
*
|
||||
* Security objectives: Store in pass-phrase dependent variant format.
|
||||
*
|
||||
* C-structure packing and byte-endianess depends on architecture, compiler
|
||||
* and compiler options. Writing raw structures to disk is therefore a bad
|
||||
* idea in these enlightend days.
|
||||
*
|
||||
* We spend a fraction of the key-material on shuffling the fields around
|
||||
* so they will be stored in an unpredictable sequence.
|
||||
*
|
||||
* For each byte of the key-material we derive two field indexes, and swap
|
||||
* the position of those two fields.
|
||||
*
|
||||
* I have not worked out the statistical properties of this shuffle, but
|
||||
* given that the key-material has PRN properties, the primary objective
|
||||
* of making it hard to figure out which bits are where in the lock sector
|
||||
* is sufficiently fulfilled.
|
||||
*
|
||||
* We include (and shuffle) an extra hash field in the stored version for
|
||||
* identification and versioning purposes. This field contains the MD5 hash
|
||||
* of a version identifier (currently "0000") followed by the stored lock
|
||||
* sector byte-sequence substituting zero bytes for the hash field.
|
||||
*
|
||||
* The stored keysequence is protected by AES/256/CBC elsewhere in the code
|
||||
* so the fact that the generated byte sequence has a much higher than
|
||||
* average density of zero bits (from the numeric fields) is not currently
|
||||
* a concern.
|
||||
*
|
||||
* Should this later become a concern, a simple software update and
|
||||
* pass-phrase change can remedy the situation. One possible solution
|
||||
* could be to XOR the numeric fields with a key-material derived PRN.
|
||||
*
|
||||
* The chosen shuffle algorithm only works as long as we have no more than 16
|
||||
* fields in the stored part of the lock structure (hence the CTASSERT below).
|
||||
*/
|
||||
|
||||
CTASSERT(NLOCK_FIELDS <= 16);
|
||||
|
||||
static void
|
||||
g_bde_shuffle_lock(u_char *sha2, int *buf)
|
||||
{
|
||||
int j, k, l;
|
||||
u_int u;
|
||||
|
||||
/* Assign the fields sequential positions */
|
||||
for(u = 0; u < NLOCK_FIELDS; u++)
|
||||
buf[u] = u;
|
||||
|
||||
/* Then mix it all up */
|
||||
for(u = 48; u < SHA512_DIGEST_LENGTH; u++) {
|
||||
j = sha2[u] % NLOCK_FIELDS;
|
||||
k = (sha2[u] / NLOCK_FIELDS) % NLOCK_FIELDS;
|
||||
l = buf[j];
|
||||
buf[j] = buf[k];
|
||||
buf[k] = l;
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
g_bde_encode_lock(u_char *sha2, struct g_bde_key *gl, u_char *ptr)
|
||||
{
|
||||
int shuffle[NLOCK_FIELDS];
|
||||
u_char *hash, *p;
|
||||
int i;
|
||||
MD5_CTX c;
|
||||
|
||||
p = ptr;
|
||||
hash = NULL;
|
||||
g_bde_shuffle_lock(sha2, shuffle);
|
||||
for (i = 0; i < NLOCK_FIELDS; i++) {
|
||||
switch(shuffle[i]) {
|
||||
case 0:
|
||||
le64enc(p, gl->sector0);
|
||||
p += 8;
|
||||
break;
|
||||
case 1:
|
||||
le64enc(p, gl->sectorN);
|
||||
p += 8;
|
||||
break;
|
||||
case 2:
|
||||
le64enc(p, gl->keyoffset);
|
||||
p += 8;
|
||||
break;
|
||||
case 3:
|
||||
le32enc(p, gl->sectorsize);
|
||||
p += 4;
|
||||
break;
|
||||
case 4:
|
||||
le32enc(p, gl->flags);
|
||||
p += 4;
|
||||
break;
|
||||
case 5:
|
||||
case 6:
|
||||
case 7:
|
||||
case 8:
|
||||
le64enc(p, gl->lsector[shuffle[i] - 5]);
|
||||
p += 8;
|
||||
break;
|
||||
case 9:
|
||||
bcopy(gl->spare, p, sizeof gl->spare);
|
||||
p += sizeof gl->spare;
|
||||
break;
|
||||
case 10:
|
||||
bcopy(gl->salt, p, sizeof gl->salt);
|
||||
p += sizeof gl->salt;
|
||||
break;
|
||||
case 11:
|
||||
bcopy(gl->mkey, p, sizeof gl->mkey);
|
||||
p += sizeof gl->mkey;
|
||||
break;
|
||||
case 12:
|
||||
bzero(p, 16);
|
||||
hash = p;
|
||||
p += 16;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(ptr + G_BDE_LOCKSIZE != p)
|
||||
return(-1);
|
||||
if (hash == NULL)
|
||||
return(-1);
|
||||
MD5Init(&c);
|
||||
MD5Update(&c, "0000", 4); /* Versioning */
|
||||
MD5Update(&c, ptr, G_BDE_LOCKSIZE);
|
||||
MD5Final(hash, &c);
|
||||
return(0);
|
||||
}
|
||||
|
||||
int
|
||||
g_bde_decode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr)
|
||||
{
|
||||
int shuffle[NLOCK_FIELDS];
|
||||
u_char *p;
|
||||
u_char hash[16], hash2[16];
|
||||
MD5_CTX c;
|
||||
int i;
|
||||
|
||||
p = ptr;
|
||||
g_bde_shuffle_lock(sc->sha2, shuffle);
|
||||
for (i = 0; i < NLOCK_FIELDS; i++) {
|
||||
switch(shuffle[i]) {
|
||||
case 0:
|
||||
gl->sector0 = le64dec(p);
|
||||
p += 8;
|
||||
break;
|
||||
case 1:
|
||||
gl->sectorN = le64dec(p);
|
||||
p += 8;
|
||||
break;
|
||||
case 2:
|
||||
gl->keyoffset = le64dec(p);
|
||||
p += 8;
|
||||
break;
|
||||
case 3:
|
||||
gl->sectorsize = le32dec(p);
|
||||
p += 4;
|
||||
break;
|
||||
case 4:
|
||||
gl->flags = le32dec(p);
|
||||
p += 4;
|
||||
break;
|
||||
case 5:
|
||||
case 6:
|
||||
case 7:
|
||||
case 8:
|
||||
gl->lsector[shuffle[i] - 5] = le64dec(p);
|
||||
p += 8;
|
||||
break;
|
||||
case 9:
|
||||
bcopy(p, gl->spare, sizeof gl->spare);
|
||||
p += sizeof gl->spare;
|
||||
break;
|
||||
case 10:
|
||||
bcopy(p, gl->salt, sizeof gl->salt);
|
||||
p += sizeof gl->salt;
|
||||
break;
|
||||
case 11:
|
||||
bcopy(p, gl->mkey, sizeof gl->mkey);
|
||||
p += sizeof gl->mkey;
|
||||
break;
|
||||
case 12:
|
||||
bcopy(p, hash2, sizeof hash2);
|
||||
bzero(p, sizeof hash2);
|
||||
p += sizeof hash2;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(ptr + G_BDE_LOCKSIZE != p)
|
||||
return(-1);
|
||||
MD5Init(&c);
|
||||
MD5Update(&c, "0000", 4); /* Versioning */
|
||||
MD5Update(&c, ptr, G_BDE_LOCKSIZE);
|
||||
MD5Final(hash, &c);
|
||||
if (bcmp(hash, hash2, sizeof hash2))
|
||||
return (1);
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Encode/Decode the locksector address ("metadata") with key-material.
|
||||
*
|
||||
* Security objectives: Encode/Decode the metadata encrypted by key-material.
|
||||
*
|
||||
* A simple AES/128/CBC will do. We take care to always store the metadata
|
||||
* in the same endianness to make it MI.
|
||||
*
|
||||
* In the typical case the metadata is stored in encrypted format in sector
|
||||
* zero on the media, but at the users discretion or if the piece of the
|
||||
* device used (sector0...sectorN) does not contain sector zero, it can
|
||||
* be stored in a filesystem or on a PostIt.
|
||||
*
|
||||
* The inability to easily locate the lock sectors makes an attack on a
|
||||
* cold disk much less attractive, without unduly inconveniencing the
|
||||
* legitimate user who can feasibly do a brute-force scan if the metadata
|
||||
* was lost.
|
||||
*/
|
||||
|
||||
int
|
||||
g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64_t v1, void *output)
|
||||
{
|
||||
u_char buf[16];
|
||||
keyInstance ki;
|
||||
cipherInstance ci;
|
||||
|
||||
le64enc(buf, v0);
|
||||
le64enc(buf + 8, v1);
|
||||
AES_init(&ci);
|
||||
AES_makekey(&ki, DIR_ENCRYPT, G_BDE_KKEYBITS, sha2 + 0);
|
||||
AES_encrypt(&ci, &ki, buf, output, sizeof buf);
|
||||
explicit_bzero(buf, sizeof buf);
|
||||
explicit_bzero(&ci, sizeof ci);
|
||||
explicit_bzero(&ki, sizeof ki);
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64_t *output)
|
||||
{
|
||||
keyInstance ki;
|
||||
cipherInstance ci;
|
||||
u_char buf[16];
|
||||
|
||||
AES_init(&ci);
|
||||
AES_makekey(&ki, DIR_DECRYPT, G_BDE_KKEYBITS, sha2 + 0);
|
||||
AES_decrypt(&ci, &ki, input, buf, sizeof buf);
|
||||
*output = le64dec(buf);
|
||||
explicit_bzero(buf, sizeof buf);
|
||||
explicit_bzero(&ci, sizeof ci);
|
||||
explicit_bzero(&ki, sizeof ki);
|
||||
return(0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Find and Encode/Decode lock sectors.
|
||||
*
|
||||
* Security objective: given the pass-phrase, find, decrypt, decode and
|
||||
* validate the lock sector contents.
|
||||
*
|
||||
* For ondisk metadata we cannot know beforehand which of the lock sectors
|
||||
* a given pass-phrase opens so we must try each of the metadata copies in
|
||||
* sector zero in turn. If metadata was passed as an argument, we don't
|
||||
* have this problem.
|
||||
*
|
||||
*/
|
||||
|
||||
static int
|
||||
g_bde_decrypt_lockx(struct g_bde_softc *sc, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey)
|
||||
{
|
||||
u_char *buf, *q;
|
||||
struct g_bde_key *gl;
|
||||
uint64_t off, q1;
|
||||
int error, m, i;
|
||||
keyInstance ki;
|
||||
cipherInstance ci;
|
||||
|
||||
gl = &sc->key;
|
||||
|
||||
/* Try to decrypt the metadata */
|
||||
error = g_bde_keyloc_decrypt(sc->sha2, meta, &off);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
/* If it points into thin blue air, forget it */
|
||||
if (off + G_BDE_LOCKSIZE > (uint64_t)mediasize) {
|
||||
off = 0;
|
||||
return (EINVAL);
|
||||
}
|
||||
|
||||
/* The lock data may span two physical sectors. */
|
||||
|
||||
m = 1;
|
||||
if (off % sectorsize > sectorsize - G_BDE_LOCKSIZE)
|
||||
m++;
|
||||
|
||||
/* Read the suspected sector(s) */
|
||||
buf = g_read_data(sc->consumer,
|
||||
off - (off % sectorsize),
|
||||
m * sectorsize, &error);
|
||||
if (buf == NULL) {
|
||||
off = 0;
|
||||
return(error);
|
||||
}
|
||||
|
||||
/* Find the byte-offset of the stored byte sequence */
|
||||
q = buf + off % sectorsize;
|
||||
|
||||
/* If it is all zero, somebody nuked our lock sector */
|
||||
q1 = 0;
|
||||
for (i = 0; i < G_BDE_LOCKSIZE; i++)
|
||||
q1 += q[i];
|
||||
if (q1 == 0) {
|
||||
off = 0;
|
||||
g_free(buf);
|
||||
return (ESRCH);
|
||||
}
|
||||
|
||||
/* Decrypt the byte-sequence in place */
|
||||
AES_init(&ci);
|
||||
AES_makekey(&ki, DIR_DECRYPT, 256, sc->sha2 + 16);
|
||||
AES_decrypt(&ci, &ki, q, q, G_BDE_LOCKSIZE);
|
||||
|
||||
/* Decode the byte-sequence */
|
||||
i = g_bde_decode_lock(sc, gl, q);
|
||||
q = NULL;
|
||||
if (i < 0) {
|
||||
off = 0;
|
||||
return (EDOOFUS); /* Programming error */
|
||||
} else if (i > 0) {
|
||||
off = 0;
|
||||
return (ENOTDIR); /* Hash didn't match */
|
||||
}
|
||||
|
||||
bzero(buf, sectorsize * m);
|
||||
g_free(buf);
|
||||
|
||||
/* If the masterkey is all zeros, user destroyed it */
|
||||
q1 = 0;
|
||||
for (i = 0; i < (int)sizeof(gl->mkey); i++)
|
||||
q1 += gl->mkey[i];
|
||||
if (q1 == 0)
|
||||
return (ENOENT);
|
||||
|
||||
/* If we have an unsorted lock-sequence, refuse */
|
||||
for (i = 0; i < G_BDE_MAXKEYS - 1; i++)
|
||||
if (gl->lsector[i] >= gl->lsector[i + 1])
|
||||
return (EINVAL);
|
||||
|
||||
/* Finally, find out which key was used by matching the byte offset */
|
||||
for (i = 0; i < G_BDE_MAXKEYS; i++)
|
||||
if (nkey != NULL && off == gl->lsector[i])
|
||||
*nkey = i;
|
||||
off = 0;
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *keymat, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey)
|
||||
{
|
||||
u_char *buf, buf1[16];
|
||||
int error, e, i;
|
||||
|
||||
/* set up the key-material */
|
||||
bcopy(keymat, sc->sha2, SHA512_DIGEST_LENGTH);
|
||||
|
||||
/* If passed-in metadata is non-zero, use it */
|
||||
bzero(buf1, sizeof buf1);
|
||||
if (meta != NULL && bcmp(buf1, meta, sizeof buf1))
|
||||
return (g_bde_decrypt_lockx(sc, meta, mediasize,
|
||||
sectorsize, nkey));
|
||||
|
||||
/* Read sector zero */
|
||||
buf = g_read_data(sc->consumer, 0, sectorsize, &error);
|
||||
if (buf == NULL)
|
||||
return(error);
|
||||
|
||||
/* Try each index in turn, save indicative errors for final result */
|
||||
error = EINVAL;
|
||||
for (i = 0; i < G_BDE_MAXKEYS; i++) {
|
||||
e = g_bde_decrypt_lockx(sc, buf + i * 16, mediasize,
|
||||
sectorsize, nkey);
|
||||
/* Success or destroyed master key terminates */
|
||||
if (e == 0 || e == ENOENT) {
|
||||
error = e;
|
||||
break;
|
||||
}
|
||||
if (e != 0 && error == EINVAL)
|
||||
error = e;
|
||||
}
|
||||
g_free(buf);
|
||||
return (error);
|
||||
}
|
|
@ -1,778 +0,0 @@
|
|||
/*-
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*
|
||||
* Copyright (c) 2002 Poul-Henning Kamp
|
||||
* Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by Poul-Henning Kamp
|
||||
* and NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||
* DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
/*
|
||||
* This source file contains the state-engine which makes things happen in the
|
||||
* right order.
|
||||
*
|
||||
* Outline:
|
||||
* 1) g_bde_start1()
|
||||
* Break the struct bio into multiple work packets one per zone.
|
||||
* 2) g_bde_start2()
|
||||
* Setup the necessary sector buffers and start those read operations
|
||||
* which we can start at this time and put the item on the work-list.
|
||||
* 3) g_bde_worker()
|
||||
* Scan the work-list for items which are ready for crypto processing
|
||||
* and call the matching crypto function in g_bde_crypt.c and schedule
|
||||
* any writes needed. Read operations finish here by releasing the
|
||||
* sector buffers and delivering the original bio request.
|
||||
* 4) g_bde_write_done()
|
||||
* Release sector buffers and deliver the original bio request.
|
||||
*
|
||||
* Because of the C-scope rules, the functions are almost perfectly in the
|
||||
* opposite order in this source file.
|
||||
*
|
||||
* XXX: A switch to the hardware assisted crypto in src/sys/opencrypto will add
|
||||
* XXX: additional states to this state-engine. Since no hardware available
|
||||
* XXX: at this time has AES support, implementing this has been postponed
|
||||
* XXX: until such time as it would result in a benefit.
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/bio.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kthread.h>
|
||||
|
||||
#include <crypto/rijndael/rijndael-api-fst.h>
|
||||
#include <crypto/sha2/sha512.h>
|
||||
#include <geom/geom.h>
|
||||
#include <geom/bde/g_bde.h>
|
||||
|
||||
/*
|
||||
* FIXME: This used to call malloc_last_fail which in practice was almost
|
||||
* guaranteed to return time_uptime even in face of severe memory shortage.
|
||||
* As GBDE is the only consumer the kludge below was added to facilitate the
|
||||
* removal with minimial changes. The code should be fixed to respond to memory
|
||||
* pressure (e.g., by using lowmem eventhandler) instead.
|
||||
*/
|
||||
static int
|
||||
g_bde_malloc_last_fail(void)
|
||||
{
|
||||
|
||||
return (time_uptime);
|
||||
}
|
||||
|
||||
static void g_bde_delete_sector(struct g_bde_softc *wp, struct g_bde_sector *sp);
|
||||
static struct g_bde_sector * g_bde_new_sector(struct g_bde_work *wp, u_int len);
|
||||
static void g_bde_release_keysector(struct g_bde_work *wp);
|
||||
static struct g_bde_sector *g_bde_get_keysector(struct g_bde_work *wp);
|
||||
static int g_bde_start_read(struct g_bde_sector *sp);
|
||||
static void g_bde_purge_sector(struct g_bde_softc *sc, int fraction);
|
||||
|
||||
/*
|
||||
* Work item allocation.
|
||||
*
|
||||
* C++ would call these constructors and destructors.
|
||||
*/
|
||||
static u_int g_bde_nwork;
|
||||
SYSCTL_UINT(_debug, OID_AUTO, gbde_nwork, CTLFLAG_RD, &g_bde_nwork, 0, "");
|
||||
|
||||
static MALLOC_DEFINE(M_GBDE, "gbde", "GBDE data structures");
|
||||
|
||||
static struct g_bde_work *
|
||||
g_bde_new_work(struct g_bde_softc *sc)
|
||||
{
|
||||
struct g_bde_work *wp;
|
||||
|
||||
wp = malloc(sizeof *wp, M_GBDE, M_NOWAIT | M_ZERO);
|
||||
if (wp == NULL)
|
||||
return (wp);
|
||||
wp->state = SETUP;
|
||||
wp->softc = sc;
|
||||
g_bde_nwork++;
|
||||
sc->nwork++;
|
||||
TAILQ_INSERT_TAIL(&sc->worklist, wp, list);
|
||||
return (wp);
|
||||
}
|
||||
|
||||
static void
|
||||
g_bde_delete_work(struct g_bde_work *wp)
|
||||
{
|
||||
struct g_bde_softc *sc;
|
||||
|
||||
sc = wp->softc;
|
||||
g_bde_nwork--;
|
||||
sc->nwork--;
|
||||
TAILQ_REMOVE(&sc->worklist, wp, list);
|
||||
free(wp, M_GBDE);
|
||||
}
|
||||
|
||||
/*
|
||||
* Sector buffer allocation
|
||||
*
|
||||
* These two functions allocate and free back variable sized sector buffers
|
||||
*/
|
||||
|
||||
static u_int g_bde_nsect;
|
||||
SYSCTL_UINT(_debug, OID_AUTO, gbde_nsect, CTLFLAG_RD, &g_bde_nsect, 0, "");
|
||||
|
||||
static void
|
||||
g_bde_delete_sector(struct g_bde_softc *sc, struct g_bde_sector *sp)
|
||||
{
|
||||
|
||||
g_bde_nsect--;
|
||||
sc->nsect--;
|
||||
if (sp->malloc)
|
||||
free(sp->data, M_GBDE);
|
||||
free(sp, M_GBDE);
|
||||
}
|
||||
|
||||
static struct g_bde_sector *
|
||||
g_bde_new_sector(struct g_bde_work *wp, u_int len)
|
||||
{
|
||||
struct g_bde_sector *sp;
|
||||
|
||||
sp = malloc(sizeof *sp, M_GBDE, M_NOWAIT | M_ZERO);
|
||||
if (sp == NULL)
|
||||
return (sp);
|
||||
if (len > 0) {
|
||||
sp->data = malloc(len, M_GBDE, M_NOWAIT | M_ZERO);
|
||||
if (sp->data == NULL) {
|
||||
free(sp, M_GBDE);
|
||||
return (NULL);
|
||||
}
|
||||
sp->malloc = 1;
|
||||
}
|
||||
g_bde_nsect++;
|
||||
wp->softc->nsect++;
|
||||
sp->size = len;
|
||||
sp->softc = wp->softc;
|
||||
sp->ref = 1;
|
||||
sp->owner = wp;
|
||||
sp->offset = wp->so;
|
||||
sp->state = JUNK;
|
||||
return (sp);
|
||||
}
|
||||
|
||||
/*
|
||||
* Skey sector cache.
|
||||
*
|
||||
* Nothing prevents two separate I/O requests from addressing the same zone
|
||||
* and thereby needing the same skey sector. We therefore need to sequence
|
||||
* I/O operations to the skey sectors. A certain amount of caching is also
|
||||
* desirable, although the extent of benefit from this is not at this point
|
||||
* determined.
|
||||
*
|
||||
* XXX: GEOM may be able to grow a generic caching facility at some point
|
||||
* XXX: to support such needs.
|
||||
*/
|
||||
|
||||
static u_int g_bde_ncache;
|
||||
SYSCTL_UINT(_debug, OID_AUTO, gbde_ncache, CTLFLAG_RD, &g_bde_ncache, 0, "");
|
||||
|
||||
static void
|
||||
g_bde_purge_one_sector(struct g_bde_softc *sc, struct g_bde_sector *sp)
|
||||
{
|
||||
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_purge_one_sector(%p, %p)", sc, sp);
|
||||
if (sp->ref != 0)
|
||||
return;
|
||||
TAILQ_REMOVE(&sc->freelist, sp, list);
|
||||
g_bde_ncache--;
|
||||
sc->ncache--;
|
||||
bzero(sp->data, sp->size);
|
||||
g_bde_delete_sector(sc, sp);
|
||||
}
|
||||
|
||||
static struct g_bde_sector *
|
||||
g_bde_get_keysector(struct g_bde_work *wp)
|
||||
{
|
||||
struct g_bde_sector *sp;
|
||||
struct g_bde_softc *sc;
|
||||
off_t offset;
|
||||
|
||||
offset = wp->kso;
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_get_keysector(%p, %jd)", wp, (intmax_t)offset);
|
||||
sc = wp->softc;
|
||||
|
||||
if (g_bde_malloc_last_fail() < g_bde_ncache)
|
||||
g_bde_purge_sector(sc, -1);
|
||||
|
||||
sp = TAILQ_FIRST(&sc->freelist);
|
||||
if (sp != NULL && sp->ref == 0 && sp->used + 300 < time_uptime)
|
||||
g_bde_purge_one_sector(sc, sp);
|
||||
|
||||
TAILQ_FOREACH(sp, &sc->freelist, list) {
|
||||
if (sp->offset == offset)
|
||||
break;
|
||||
}
|
||||
if (sp != NULL) {
|
||||
sp->ref++;
|
||||
KASSERT(sp->offset == offset, ("wrong offset"));
|
||||
KASSERT(sp->softc == wp->softc, ("wrong softc"));
|
||||
if (sp->ref == 1)
|
||||
sp->owner = wp;
|
||||
} else {
|
||||
if (g_bde_malloc_last_fail() < g_bde_ncache) {
|
||||
TAILQ_FOREACH(sp, &sc->freelist, list)
|
||||
if (sp->ref == 0)
|
||||
break;
|
||||
}
|
||||
if (sp == NULL && !TAILQ_EMPTY(&sc->freelist))
|
||||
sp = TAILQ_FIRST(&sc->freelist);
|
||||
if (sp != NULL && sp->ref > 0)
|
||||
sp = NULL;
|
||||
if (sp == NULL) {
|
||||
sp = g_bde_new_sector(wp, sc->sectorsize);
|
||||
if (sp != NULL) {
|
||||
g_bde_ncache++;
|
||||
sc->ncache++;
|
||||
TAILQ_INSERT_TAIL(&sc->freelist, sp, list);
|
||||
sp->malloc = 2;
|
||||
}
|
||||
}
|
||||
if (sp != NULL) {
|
||||
sp->offset = offset;
|
||||
sp->softc = wp->softc;
|
||||
sp->ref = 1;
|
||||
sp->owner = wp;
|
||||
sp->state = JUNK;
|
||||
sp->error = 0;
|
||||
}
|
||||
}
|
||||
if (sp != NULL) {
|
||||
TAILQ_REMOVE(&sc->freelist, sp, list);
|
||||
TAILQ_INSERT_TAIL(&sc->freelist, sp, list);
|
||||
sp->used = time_uptime;
|
||||
}
|
||||
wp->ksp = sp;
|
||||
return(sp);
|
||||
}
|
||||
|
||||
static void
|
||||
g_bde_release_keysector(struct g_bde_work *wp)
|
||||
{
|
||||
struct g_bde_softc *sc;
|
||||
struct g_bde_work *wp2;
|
||||
struct g_bde_sector *sp;
|
||||
|
||||
sp = wp->ksp;
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_release_keysector(%p)", sp);
|
||||
KASSERT(sp->malloc == 2, ("Wrong sector released"));
|
||||
sc = sp->softc;
|
||||
KASSERT(sc != NULL, ("NULL sp->softc"));
|
||||
KASSERT(wp == sp->owner, ("Releasing, not owner"));
|
||||
sp->owner = NULL;
|
||||
wp->ksp = NULL;
|
||||
sp->ref--;
|
||||
if (sp->ref > 0) {
|
||||
TAILQ_REMOVE(&sc->freelist, sp, list);
|
||||
TAILQ_INSERT_TAIL(&sc->freelist, sp, list);
|
||||
TAILQ_FOREACH(wp2, &sc->worklist, list) {
|
||||
if (wp2->ksp == sp) {
|
||||
KASSERT(wp2 != wp, ("Self-reowning"));
|
||||
sp->owner = wp2;
|
||||
wakeup(sp->softc);
|
||||
break;
|
||||
}
|
||||
}
|
||||
KASSERT(wp2 != NULL, ("Failed to pick up owner for %p\n", sp));
|
||||
} else if (sp->error != 0) {
|
||||
sp->offset = ~0;
|
||||
sp->error = 0;
|
||||
sp->state = JUNK;
|
||||
}
|
||||
TAILQ_REMOVE(&sc->freelist, sp, list);
|
||||
TAILQ_INSERT_HEAD(&sc->freelist, sp, list);
|
||||
}
|
||||
|
||||
static void
|
||||
g_bde_purge_sector(struct g_bde_softc *sc, int fraction)
|
||||
{
|
||||
struct g_bde_sector *sp;
|
||||
int n;
|
||||
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_purge_sector(%p)", sc);
|
||||
if (fraction > 0)
|
||||
n = sc->ncache / fraction + 1;
|
||||
else
|
||||
n = g_bde_ncache - g_bde_malloc_last_fail();
|
||||
if (n < 0)
|
||||
return;
|
||||
if (n > sc->ncache)
|
||||
n = sc->ncache;
|
||||
while(n--) {
|
||||
TAILQ_FOREACH(sp, &sc->freelist, list) {
|
||||
if (sp->ref != 0)
|
||||
continue;
|
||||
TAILQ_REMOVE(&sc->freelist, sp, list);
|
||||
g_bde_ncache--;
|
||||
sc->ncache--;
|
||||
bzero(sp->data, sp->size);
|
||||
g_bde_delete_sector(sc, sp);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static struct g_bde_sector *
|
||||
g_bde_read_keysector(struct g_bde_softc *sc, struct g_bde_work *wp)
|
||||
{
|
||||
struct g_bde_sector *sp;
|
||||
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_read_keysector(%p)", wp);
|
||||
sp = g_bde_get_keysector(wp);
|
||||
if (sp == NULL) {
|
||||
g_bde_purge_sector(sc, -1);
|
||||
sp = g_bde_get_keysector(wp);
|
||||
}
|
||||
if (sp == NULL)
|
||||
return (sp);
|
||||
if (sp->owner != wp)
|
||||
return (sp);
|
||||
if (sp->state == VALID)
|
||||
return (sp);
|
||||
if (g_bde_start_read(sp) == 0)
|
||||
return (sp);
|
||||
g_bde_release_keysector(wp);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
/*
|
||||
* Contribute to the completion of the original bio request.
|
||||
*
|
||||
* We have no simple way to tell how many bits the original bio request has
|
||||
* been segmented into, so the easiest way to determine when we can deliver
|
||||
* it is to keep track of the number of bytes we have completed. We keep
|
||||
* track of any errors underway and latch onto the first one.
|
||||
*
|
||||
* We always report "nothing done" in case of error, because random bits here
|
||||
* and there may be completed and returning a number of completed bytes does
|
||||
* not convey any useful information about which bytes they were. If some
|
||||
* piece of broken code somewhere interprets this to mean that nothing has
|
||||
* changed on the underlying media they deserve the lossage headed for them.
|
||||
*
|
||||
* A single mutex per g_bde instance is used to prevent contention.
|
||||
*/
|
||||
|
||||
static void
|
||||
g_bde_contribute(struct bio *bp, off_t bytes, int error)
|
||||
{
|
||||
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_contribute bp %p bytes %jd error %d",
|
||||
bp, (intmax_t)bytes, error);
|
||||
if (bp->bio_error == 0)
|
||||
bp->bio_error = error;
|
||||
bp->bio_completed += bytes;
|
||||
KASSERT(bp->bio_completed <= bp->bio_length, ("Too large contribution"));
|
||||
if (bp->bio_completed == bp->bio_length) {
|
||||
if (bp->bio_error != 0)
|
||||
bp->bio_completed = 0;
|
||||
g_io_deliver(bp, bp->bio_error);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* This is the common case "we're done with this work package" function
|
||||
*/
|
||||
|
||||
static void
|
||||
g_bde_work_done(struct g_bde_work *wp, int error)
|
||||
{
|
||||
|
||||
g_bde_contribute(wp->bp, wp->length, error);
|
||||
if (wp->sp != NULL)
|
||||
g_bde_delete_sector(wp->softc, wp->sp);
|
||||
if (wp->ksp != NULL)
|
||||
g_bde_release_keysector(wp);
|
||||
g_bde_delete_work(wp);
|
||||
}
|
||||
|
||||
/*
|
||||
* A write operation has finished. When we have all expected cows in the
|
||||
* barn close the door and call it a day.
|
||||
*/
|
||||
|
||||
static void
|
||||
g_bde_write_done(struct bio *bp)
|
||||
{
|
||||
struct g_bde_sector *sp;
|
||||
struct g_bde_work *wp;
|
||||
struct g_bde_softc *sc;
|
||||
|
||||
sp = bp->bio_caller1;
|
||||
sc = bp->bio_caller2;
|
||||
mtx_lock(&sc->worklist_mutex);
|
||||
KASSERT(sp != NULL, ("NULL sp"));
|
||||
KASSERT(sc != NULL, ("NULL sc"));
|
||||
KASSERT(sp->owner != NULL, ("NULL sp->owner"));
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_write_done(%p)", sp);
|
||||
if (bp->bio_error == 0 && bp->bio_completed != sp->size)
|
||||
bp->bio_error = EIO;
|
||||
sp->error = bp->bio_error;
|
||||
g_destroy_bio(bp);
|
||||
wp = sp->owner;
|
||||
if (wp->error == 0)
|
||||
wp->error = sp->error;
|
||||
|
||||
if (wp->bp->bio_cmd == BIO_DELETE) {
|
||||
KASSERT(sp == wp->sp, ("trashed delete op"));
|
||||
g_bde_work_done(wp, wp->error);
|
||||
mtx_unlock(&sc->worklist_mutex);
|
||||
return;
|
||||
}
|
||||
|
||||
KASSERT(wp->bp->bio_cmd == BIO_WRITE, ("Confused in g_bde_write_done()"));
|
||||
KASSERT(sp == wp->sp || sp == wp->ksp, ("trashed write op"));
|
||||
if (wp->sp == sp) {
|
||||
g_bde_delete_sector(sc, wp->sp);
|
||||
wp->sp = NULL;
|
||||
} else {
|
||||
sp->state = VALID;
|
||||
}
|
||||
if (wp->sp == NULL && wp->ksp != NULL && wp->ksp->state == VALID)
|
||||
g_bde_work_done(wp, wp->error);
|
||||
mtx_unlock(&sc->worklist_mutex);
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Send a write request for the given sector down the pipeline.
|
||||
*/
|
||||
|
||||
static int
|
||||
g_bde_start_write(struct g_bde_sector *sp)
|
||||
{
|
||||
struct bio *bp;
|
||||
struct g_bde_softc *sc;
|
||||
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_start_write(%p)", sp);
|
||||
sc = sp->softc;
|
||||
KASSERT(sc != NULL, ("NULL sc in g_bde_start_write"));
|
||||
KASSERT(sp->owner != NULL, ("NULL sp->owner in g_bde_start_write"));
|
||||
bp = g_new_bio();
|
||||
if (bp == NULL)
|
||||
return (ENOMEM);
|
||||
bp->bio_cmd = BIO_WRITE;
|
||||
bp->bio_offset = sp->offset;
|
||||
bp->bio_data = sp->data;
|
||||
bp->bio_length = sp->size;
|
||||
bp->bio_done = g_bde_write_done;
|
||||
bp->bio_caller1 = sp;
|
||||
bp->bio_caller2 = sc;
|
||||
sp->state = IO;
|
||||
g_io_request(bp, sc->consumer);
|
||||
return(0);
|
||||
}
|
||||
|
||||
/*
|
||||
* A read operation has finished. Mark the sector no longer iobusy and
|
||||
* wake up the worker thread and let it do its thing.
|
||||
*/
|
||||
|
||||
static void
|
||||
g_bde_read_done(struct bio *bp)
|
||||
{
|
||||
struct g_bde_sector *sp;
|
||||
struct g_bde_softc *sc;
|
||||
|
||||
sp = bp->bio_caller1;
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_read_done(%p)", sp);
|
||||
sc = bp->bio_caller2;
|
||||
mtx_lock(&sc->worklist_mutex);
|
||||
if (bp->bio_error == 0 && bp->bio_completed != sp->size)
|
||||
bp->bio_error = EIO;
|
||||
sp->error = bp->bio_error;
|
||||
if (sp->error == 0)
|
||||
sp->state = VALID;
|
||||
else
|
||||
sp->state = JUNK;
|
||||
wakeup(sc);
|
||||
g_destroy_bio(bp);
|
||||
mtx_unlock(&sc->worklist_mutex);
|
||||
}
|
||||
|
||||
/*
|
||||
* Send a read request for the given sector down the pipeline.
|
||||
*/
|
||||
|
||||
static int
|
||||
g_bde_start_read(struct g_bde_sector *sp)
|
||||
{
|
||||
struct bio *bp;
|
||||
struct g_bde_softc *sc;
|
||||
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_start_read(%p)", sp);
|
||||
sc = sp->softc;
|
||||
KASSERT(sc != NULL, ("Null softc in sp %p", sp));
|
||||
bp = g_new_bio();
|
||||
if (bp == NULL)
|
||||
return (ENOMEM);
|
||||
bp->bio_cmd = BIO_READ;
|
||||
bp->bio_offset = sp->offset;
|
||||
bp->bio_data = sp->data;
|
||||
bp->bio_length = sp->size;
|
||||
bp->bio_done = g_bde_read_done;
|
||||
bp->bio_caller1 = sp;
|
||||
bp->bio_caller2 = sc;
|
||||
sp->state = IO;
|
||||
g_io_request(bp, sc->consumer);
|
||||
return(0);
|
||||
}
|
||||
|
||||
/*
|
||||
* The worker thread.
|
||||
*
|
||||
* The up/down path of GEOM is not allowed to sleep or do any major work
|
||||
* so we use this thread to do the actual crypto operations and to push
|
||||
* the state engine onwards.
|
||||
*
|
||||
* XXX: if we switch to the src/sys/opencrypt hardware assisted encryption
|
||||
* XXX: using a thread here is probably not needed.
|
||||
*/
|
||||
|
||||
void
|
||||
g_bde_worker(void *arg)
|
||||
{
|
||||
struct g_bde_softc *sc;
|
||||
struct g_bde_work *wp, *twp;
|
||||
struct g_geom *gp;
|
||||
int restart, error;
|
||||
|
||||
gp = arg;
|
||||
sc = gp->softc;
|
||||
|
||||
mtx_lock(&sc->worklist_mutex);
|
||||
for (;;) {
|
||||
restart = 0;
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_worker scan");
|
||||
TAILQ_FOREACH_SAFE(wp, &sc->worklist, list, twp) {
|
||||
KASSERT(wp != NULL, ("NULL wp"));
|
||||
KASSERT(wp->softc != NULL, ("NULL wp->softc"));
|
||||
if (wp->state != WAIT)
|
||||
continue; /* Not interesting here */
|
||||
|
||||
KASSERT(wp->bp != NULL, ("NULL wp->bp"));
|
||||
KASSERT(wp->sp != NULL, ("NULL wp->sp"));
|
||||
|
||||
if (wp->ksp != NULL) {
|
||||
if (wp->ksp->owner != wp)
|
||||
continue;
|
||||
if (wp->ksp->state == IO)
|
||||
continue;
|
||||
KASSERT(wp->ksp->state == VALID,
|
||||
("Illegal sector state (%d)",
|
||||
wp->ksp->state));
|
||||
}
|
||||
|
||||
if (wp->bp->bio_cmd == BIO_READ && wp->sp->state == IO)
|
||||
continue;
|
||||
|
||||
if (wp->ksp != NULL && wp->ksp->error != 0) {
|
||||
g_bde_work_done(wp, wp->ksp->error);
|
||||
continue;
|
||||
}
|
||||
switch(wp->bp->bio_cmd) {
|
||||
case BIO_READ:
|
||||
if (wp->ksp == NULL) {
|
||||
KASSERT(wp->error != 0,
|
||||
("BIO_READ, no ksp and no error"));
|
||||
g_bde_work_done(wp, wp->error);
|
||||
break;
|
||||
}
|
||||
if (wp->sp->error != 0) {
|
||||
g_bde_work_done(wp, wp->sp->error);
|
||||
break;
|
||||
}
|
||||
mtx_unlock(&sc->worklist_mutex);
|
||||
g_bde_crypt_read(wp);
|
||||
mtx_lock(&sc->worklist_mutex);
|
||||
restart++;
|
||||
g_bde_work_done(wp, wp->sp->error);
|
||||
break;
|
||||
case BIO_WRITE:
|
||||
wp->state = FINISH;
|
||||
KASSERT(wp->sp->owner == wp,
|
||||
("Write not owner sp"));
|
||||
KASSERT(wp->ksp->owner == wp,
|
||||
("Write not owner ksp"));
|
||||
mtx_unlock(&sc->worklist_mutex);
|
||||
g_bde_crypt_write(wp);
|
||||
mtx_lock(&sc->worklist_mutex);
|
||||
restart++;
|
||||
error = g_bde_start_write(wp->sp);
|
||||
if (error) {
|
||||
g_bde_work_done(wp, error);
|
||||
break;
|
||||
}
|
||||
error = g_bde_start_write(wp->ksp);
|
||||
if (wp->error != 0)
|
||||
wp->error = error;
|
||||
break;
|
||||
case BIO_DELETE:
|
||||
wp->state = FINISH;
|
||||
mtx_unlock(&sc->worklist_mutex);
|
||||
g_bde_crypt_delete(wp);
|
||||
mtx_lock(&sc->worklist_mutex);
|
||||
restart++;
|
||||
g_bde_start_write(wp->sp);
|
||||
break;
|
||||
}
|
||||
if (restart)
|
||||
break;
|
||||
}
|
||||
if (!restart) {
|
||||
/*
|
||||
* We don't look for our death-warrant until we are
|
||||
* idle. Shouldn't make a difference in practice.
|
||||
*/
|
||||
if (sc->dead)
|
||||
break;
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_worker sleep");
|
||||
error = msleep(sc, &sc->worklist_mutex,
|
||||
PRIBIO, "-", hz);
|
||||
if (error == EWOULDBLOCK) {
|
||||
/*
|
||||
* Lose our skey cache in an orderly fashion.
|
||||
* The exact rate can be tuned to be less
|
||||
* aggressive if this is desirable. 10% per
|
||||
* second means that the cache is gone in a
|
||||
* few minutes.
|
||||
*/
|
||||
g_bde_purge_sector(sc, 10);
|
||||
}
|
||||
}
|
||||
}
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_worker die");
|
||||
g_bde_purge_sector(sc, 1);
|
||||
KASSERT(sc->nwork == 0, ("Dead but %d work remaining", sc->nwork));
|
||||
KASSERT(sc->ncache == 0, ("Dead but %d cache remaining", sc->ncache));
|
||||
KASSERT(sc->nsect == 0, ("Dead but %d sect remaining", sc->nsect));
|
||||
mtx_unlock(&sc->worklist_mutex);
|
||||
sc->dead = 2;
|
||||
wakeup(sc);
|
||||
kproc_exit(0);
|
||||
}
|
||||
|
||||
/*
|
||||
* g_bde_start1 has chopped the incoming request up so all the requests
|
||||
* we see here are inside a single zone. Map the data and key locations
|
||||
* grab the buffers we need and fire off the first volley of read requests.
|
||||
*/
|
||||
|
||||
static void
|
||||
g_bde_start2(struct g_bde_work *wp)
|
||||
{
|
||||
struct g_bde_softc *sc;
|
||||
|
||||
KASSERT(wp != NULL, ("NULL wp in g_bde_start2"));
|
||||
KASSERT(wp->softc != NULL, ("NULL wp->softc"));
|
||||
g_trace(G_T_TOPOLOGY, "g_bde_start2(%p)", wp);
|
||||
sc = wp->softc;
|
||||
switch (wp->bp->bio_cmd) {
|
||||
case BIO_READ:
|
||||
wp->sp = g_bde_new_sector(wp, 0);
|
||||
if (wp->sp == NULL) {
|
||||
g_bde_work_done(wp, ENOMEM);
|
||||
return;
|
||||
}
|
||||
wp->sp->size = wp->length;
|
||||
wp->sp->data = wp->data;
|
||||
if (g_bde_start_read(wp->sp) != 0) {
|
||||
g_bde_work_done(wp, ENOMEM);
|
||||
return;
|
||||
}
|
||||
g_bde_read_keysector(sc, wp);
|
||||
if (wp->ksp == NULL)
|
||||
wp->error = ENOMEM;
|
||||
break;
|
||||
case BIO_DELETE:
|
||||
wp->sp = g_bde_new_sector(wp, wp->length);
|
||||
if (wp->sp == NULL) {
|
||||
g_bde_work_done(wp, ENOMEM);
|
||||
return;
|
||||
}
|
||||
break;
|
||||
case BIO_WRITE:
|
||||
wp->sp = g_bde_new_sector(wp, wp->length);
|
||||
if (wp->sp == NULL) {
|
||||
g_bde_work_done(wp, ENOMEM);
|
||||
return;
|
||||
}
|
||||
g_bde_read_keysector(sc, wp);
|
||||
if (wp->ksp == NULL) {
|
||||
g_bde_work_done(wp, ENOMEM);
|
||||
return;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
KASSERT(0 == 1,
|
||||
("Wrong bio_cmd %d in g_bde_start2", wp->bp->bio_cmd));
|
||||
}
|
||||
|
||||
wp->state = WAIT;
|
||||
wakeup(sc);
|
||||
}
|
||||
|
||||
/*
|
||||
* Create a sequence of work structures, and have g_bde_map_sector() determine
|
||||
* how long they each can be. Feed them to g_bde_start2().
|
||||
*/
|
||||
|
||||
void
|
||||
g_bde_start1(struct bio *bp)
|
||||
{
|
||||
struct g_bde_softc *sc;
|
||||
struct g_bde_work *wp;
|
||||
off_t done;
|
||||
|
||||
sc = bp->bio_to->geom->softc;
|
||||
bp->bio_driver1 = sc;
|
||||
|
||||
mtx_lock(&sc->worklist_mutex);
|
||||
for(done = 0; done < bp->bio_length; ) {
|
||||
wp = g_bde_new_work(sc);
|
||||
if (wp != NULL) {
|
||||
wp->bp = bp;
|
||||
wp->offset = bp->bio_offset + done;
|
||||
wp->data = bp->bio_data + done;
|
||||
wp->length = bp->bio_length - done;
|
||||
g_bde_map_sector(wp);
|
||||
done += wp->length;
|
||||
g_bde_start2(wp);
|
||||
}
|
||||
if (wp == NULL || bp->bio_error != 0) {
|
||||
g_bde_contribute(bp, bp->bio_length - done, ENOMEM);
|
||||
break;
|
||||
}
|
||||
}
|
||||
mtx_unlock(&sc->worklist_mutex);
|
||||
return;
|
||||
}
|
Loading…
Reference in New Issue
Block a user