The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/dev/softraid_crypto.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /* $OpenBSD: softraid_crypto.c,v 1.145 2021/10/24 14:50:42 tobhe Exp $ */
    2 /*
    3  * Copyright (c) 2007 Marco Peereboom <marco@peereboom.us>
    4  * Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org>
    5  * Copyright (c) 2008 Damien Miller <djm@mindrot.org>
    6  * Copyright (c) 2009 Joel Sing <jsing@openbsd.org>
    7  *
    8  * Permission to use, copy, modify, and distribute this software for any
    9  * purpose with or without fee is hereby granted, provided that the above
   10  * copyright notice and this permission notice appear in all copies.
   11  *
   12  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   13  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   14  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   15  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   16  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   17  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   18  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   19  */
   20 
   21 #include "bio.h"
   22 
   23 #include <sys/param.h>
   24 #include <sys/systm.h>
   25 #include <sys/buf.h>
   26 #include <sys/device.h>
   27 #include <sys/ioctl.h>
   28 #include <sys/malloc.h>
   29 #include <sys/pool.h>
   30 #include <sys/kernel.h>
   31 #include <sys/disk.h>
   32 #include <sys/rwlock.h>
   33 #include <sys/queue.h>
   34 #include <sys/fcntl.h>
   35 #include <sys/disklabel.h>
   36 #include <sys/vnode.h>
   37 #include <sys/mount.h>
   38 #include <sys/sensors.h>
   39 #include <sys/stat.h>
   40 #include <sys/conf.h>
   41 #include <sys/uio.h>
   42 #include <sys/dkio.h>
   43 
   44 #include <crypto/cryptodev.h>
   45 #include <crypto/rijndael.h>
   46 #include <crypto/md5.h>
   47 #include <crypto/sha1.h>
   48 #include <crypto/sha2.h>
   49 #include <crypto/hmac.h>
   50 
   51 #include <scsi/scsi_all.h>
   52 #include <scsi/scsiconf.h>
   53 #include <scsi/scsi_disk.h>
   54 
   55 #include <dev/softraidvar.h>
   56 
   57 struct sr_crypto_wu *sr_crypto_prepare(struct sr_workunit *,
   58                     struct sr_crypto *, int);
   59 int             sr_crypto_decrypt(u_char *, u_char *, u_char *, size_t, int);
   60 int             sr_crypto_encrypt(u_char *, u_char *, u_char *, size_t, int);
   61 int             sr_crypto_decrypt_key(struct sr_discipline *,
   62                     struct sr_crypto *);
   63 int             sr_crypto_change_maskkey(struct sr_discipline *,
   64                     struct sr_crypto *, struct sr_crypto_kdfinfo *,
   65                     struct sr_crypto_kdfinfo *);
   66 int             sr_crypto_create(struct sr_discipline *,
   67                     struct bioc_createraid *, int, int64_t);
   68 int             sr_crypto_meta_create(struct sr_discipline *,
   69                     struct sr_crypto *, struct bioc_createraid *);
   70 int             sr_crypto_set_key(struct sr_discipline *, struct sr_crypto *,
   71                     struct bioc_createraid *, int, void *);
   72 int             sr_crypto_assemble(struct sr_discipline *,
   73                     struct bioc_createraid *, int, void *);
   74 void            sr_crypto_free_sessions(struct sr_discipline *,
   75                     struct sr_crypto *);
   76 int             sr_crypto_alloc_resources_internal(struct sr_discipline *,
   77                     struct sr_crypto *);
   78 int             sr_crypto_alloc_resources(struct sr_discipline *);
   79 void            sr_crypto_free_resources_internal(struct sr_discipline *,
   80                     struct sr_crypto *);
   81 void            sr_crypto_free_resources(struct sr_discipline *);
   82 int             sr_crypto_ioctl_internal(struct sr_discipline *,
   83                     struct sr_crypto *, struct bioc_discipline *);
   84 int             sr_crypto_ioctl(struct sr_discipline *,
   85                     struct bioc_discipline *);
   86 int             sr_crypto_meta_opt_handler_internal(struct sr_discipline *,
   87                     struct sr_crypto *, struct sr_meta_opt_hdr *);
   88 int             sr_crypto_meta_opt_handler(struct sr_discipline *,
   89                     struct sr_meta_opt_hdr *);
   90 int             sr_crypto_rw(struct sr_workunit *);
   91 int             sr_crypto_dev_rw(struct sr_workunit *, struct sr_crypto_wu *);
   92 void            sr_crypto_done_internal(struct sr_workunit *,
   93                     struct sr_crypto *);
   94 void            sr_crypto_done(struct sr_workunit *);
   95 void            sr_crypto_calculate_check_hmac_sha1(u_int8_t *, int,
   96                    u_int8_t *, int, u_char *);
   97 void            sr_crypto_hotplug(struct sr_discipline *, struct disk *, int);
   98 
   99 #ifdef SR_DEBUG0
  100 void             sr_crypto_dumpkeys(struct sr_crypto *);
  101 #endif
  102 
  103 /* Discipline initialisation. */
  104 void
  105 sr_crypto_discipline_init(struct sr_discipline *sd)
  106 {
  107         int i;
  108 
  109         /* Fill out discipline members. */
  110         sd->sd_wu_size = sizeof(struct sr_crypto_wu);
  111         sd->sd_type = SR_MD_CRYPTO;
  112         strlcpy(sd->sd_name, "CRYPTO", sizeof(sd->sd_name));
  113         sd->sd_capabilities = SR_CAP_SYSTEM_DISK | SR_CAP_AUTO_ASSEMBLE;
  114         sd->sd_max_wu = SR_CRYPTO_NOWU;
  115 
  116         for (i = 0; i < SR_CRYPTO_MAXKEYS; i++)
  117                 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
  118 
  119         /* Setup discipline specific function pointers. */
  120         sd->sd_alloc_resources = sr_crypto_alloc_resources;
  121         sd->sd_assemble = sr_crypto_assemble;
  122         sd->sd_create = sr_crypto_create;
  123         sd->sd_free_resources = sr_crypto_free_resources;
  124         sd->sd_ioctl_handler = sr_crypto_ioctl;
  125         sd->sd_meta_opt_handler = sr_crypto_meta_opt_handler;
  126         sd->sd_scsi_rw = sr_crypto_rw;
  127         sd->sd_scsi_done = sr_crypto_done;
  128 }
  129 
  130 int
  131 sr_crypto_create(struct sr_discipline *sd, struct bioc_createraid *bc,
  132     int no_chunk, int64_t coerced_size)
  133 {
  134         int rv = EINVAL;
  135 
  136         if (no_chunk != 1) {
  137                 sr_error(sd->sd_sc, "%s requires exactly one chunk",
  138                     sd->sd_name);
  139                 return (rv);
  140         }
  141 
  142         sd->sd_meta->ssdi.ssd_size = coerced_size;
  143 
  144         rv = sr_crypto_meta_create(sd, &sd->mds.mdd_crypto, bc);
  145         if (rv)
  146                 return (rv);
  147 
  148         sd->sd_max_ccb_per_wu = no_chunk;
  149         return (0);
  150 }
  151 
  152 int
  153 sr_crypto_meta_create(struct sr_discipline *sd, struct sr_crypto *mdd_crypto,
  154     struct bioc_createraid *bc)
  155 {
  156         struct sr_meta_opt_item *omi;
  157         int                     rv = EINVAL;
  158 
  159         if (sd->sd_meta->ssdi.ssd_size > SR_CRYPTO_MAXSIZE) {
  160                 sr_error(sd->sd_sc, "%s exceeds maximum size (%lli > %llu)",
  161                     sd->sd_name, sd->sd_meta->ssdi.ssd_size,
  162                     SR_CRYPTO_MAXSIZE);
  163                 goto done;
  164         }
  165 
  166         /* Create crypto optional metadata. */
  167         omi = malloc(sizeof(struct sr_meta_opt_item), M_DEVBUF,
  168             M_WAITOK | M_ZERO);
  169         omi->omi_som = malloc(sizeof(struct sr_meta_crypto), M_DEVBUF,
  170             M_WAITOK | M_ZERO);
  171         omi->omi_som->som_type = SR_OPT_CRYPTO;
  172         omi->omi_som->som_length = sizeof(struct sr_meta_crypto);
  173         SLIST_INSERT_HEAD(&sd->sd_meta_opt, omi, omi_link);
  174         mdd_crypto->scr_meta = (struct sr_meta_crypto *)omi->omi_som;
  175         sd->sd_meta->ssdi.ssd_opt_no++;
  176 
  177         mdd_crypto->key_disk = NULL;
  178 
  179         if (bc->bc_key_disk != NODEV) {
  180 
  181                 /* Create a key disk. */
  182                 if (sr_crypto_get_kdf(bc, sd, mdd_crypto))
  183                         goto done;
  184                 mdd_crypto->key_disk =
  185                     sr_crypto_create_key_disk(sd, mdd_crypto, bc->bc_key_disk);
  186                 if (mdd_crypto->key_disk == NULL)
  187                         goto done;
  188                 sd->sd_capabilities |= SR_CAP_AUTO_ASSEMBLE;
  189 
  190         } else if (bc->bc_opaque_flags & BIOC_SOOUT) {
  191 
  192                 /* No hint available yet. */
  193                 bc->bc_opaque_status = BIOC_SOINOUT_FAILED;
  194                 rv = EAGAIN;
  195                 goto done;
  196 
  197         } else if (sr_crypto_get_kdf(bc, sd, mdd_crypto))
  198                 goto done;
  199 
  200         /* Passphrase volumes cannot be automatically assembled. */
  201         if (!(bc->bc_flags & BIOC_SCNOAUTOASSEMBLE) && bc->bc_key_disk == NODEV)
  202                 goto done;
  203 
  204         sr_crypto_create_keys(sd, mdd_crypto);
  205 
  206         rv = 0;
  207 done:
  208         return (rv);
  209 }
  210 
  211 int
  212 sr_crypto_set_key(struct sr_discipline *sd, struct sr_crypto *mdd_crypto,
  213     struct bioc_createraid *bc, int no_chunk, void *data)
  214 {
  215         int     rv = EINVAL;
  216 
  217         mdd_crypto->key_disk = NULL;
  218 
  219         /* Crypto optional metadata must already exist... */
  220         if (mdd_crypto->scr_meta == NULL)
  221                 goto done;
  222 
  223         if (data != NULL) {
  224                 /* Kernel already has mask key. */
  225                 memcpy(mdd_crypto->scr_maskkey, data,
  226                     sizeof(mdd_crypto->scr_maskkey));
  227         } else if (bc->bc_key_disk != NODEV) {
  228                 /* Read the mask key from the key disk. */
  229                 mdd_crypto->key_disk =
  230                     sr_crypto_read_key_disk(sd, mdd_crypto, bc->bc_key_disk);
  231                 if (mdd_crypto->key_disk == NULL)
  232                         goto done;
  233         } else if (bc->bc_opaque_flags & BIOC_SOOUT) {
  234                 /* provide userland with kdf hint */
  235                 if (bc->bc_opaque == NULL)
  236                         goto done;
  237 
  238                 if (sizeof(mdd_crypto->scr_meta->scm_kdfhint) <
  239                     bc->bc_opaque_size)
  240                         goto done;
  241 
  242                 if (copyout(mdd_crypto->scr_meta->scm_kdfhint,
  243                     bc->bc_opaque, bc->bc_opaque_size))
  244                         goto done;
  245 
  246                 /* we're done */
  247                 bc->bc_opaque_status = BIOC_SOINOUT_OK;
  248                 rv = EAGAIN;
  249                 goto done;
  250         } else if (bc->bc_opaque_flags & BIOC_SOIN) {
  251                 /* get kdf with maskkey from userland */
  252                 if (sr_crypto_get_kdf(bc, sd, mdd_crypto))
  253                         goto done;
  254         } else
  255                 goto done;
  256 
  257 
  258         rv = 0;
  259 done:
  260         return (rv);
  261 }
  262 
  263 int
  264 sr_crypto_assemble(struct sr_discipline *sd,
  265     struct bioc_createraid *bc, int no_chunk, void *data)
  266 {
  267         int rv;
  268 
  269         rv = sr_crypto_set_key(sd, &sd->mds.mdd_crypto, bc, no_chunk, data);
  270         if (rv)
  271                 return (rv);
  272 
  273         sd->sd_max_ccb_per_wu = sd->sd_meta->ssdi.ssd_chunk_no;
  274         return (0);
  275 }
  276 
  277 struct sr_crypto_wu *
  278 sr_crypto_prepare(struct sr_workunit *wu, struct sr_crypto *mdd_crypto,
  279     int encrypt)
  280 {
  281         struct scsi_xfer        *xs = wu->swu_xs;
  282         struct sr_crypto_wu     *crwu;
  283         struct cryptodesc       *crd;
  284         int                     flags, i, n;
  285         daddr_t                 blkno;
  286         u_int                   keyndx;
  287 
  288         DNPRINTF(SR_D_DIS, "%s: sr_crypto_prepare wu %p encrypt %d\n",
  289             DEVNAME(wu->swu_dis->sd_sc), wu, encrypt);
  290 
  291         crwu = (struct sr_crypto_wu *)wu;
  292         crwu->cr_uio.uio_iovcnt = 1;
  293         crwu->cr_uio.uio_iov->iov_len = xs->datalen;
  294         if (xs->flags & SCSI_DATA_OUT) {
  295                 crwu->cr_uio.uio_iov->iov_base = crwu->cr_dmabuf;
  296                 memcpy(crwu->cr_uio.uio_iov->iov_base, xs->data, xs->datalen);
  297         } else
  298                 crwu->cr_uio.uio_iov->iov_base = xs->data;
  299 
  300         blkno = wu->swu_blk_start;
  301         n = xs->datalen >> DEV_BSHIFT;
  302 
  303         /*
  304          * We preallocated enough crypto descs for up to MAXPHYS of I/O.
  305          * Since there may be less than that we need to tweak the amount
  306          * of crypto desc structures to be just long enough for our needs.
  307          */
  308         KASSERT(crwu->cr_crp->crp_ndescalloc >= n);
  309         crwu->cr_crp->crp_ndesc = n;
  310         flags = (encrypt ? CRD_F_ENCRYPT : 0) |
  311             CRD_F_IV_PRESENT | CRD_F_IV_EXPLICIT;
  312 
  313         /*
  314          * Select crypto session based on block number.
  315          *
  316          * XXX - this does not handle the case where the read/write spans
  317          * across a different key blocks (e.g. 0.5TB boundary). Currently
  318          * this is already broken by the use of scr_key[0] below.
  319          */
  320         keyndx = blkno >> SR_CRYPTO_KEY_BLKSHIFT;
  321         crwu->cr_crp->crp_sid = mdd_crypto->scr_sid[keyndx];
  322 
  323         crwu->cr_crp->crp_ilen = xs->datalen;
  324         crwu->cr_crp->crp_alloctype = M_DEVBUF;
  325         crwu->cr_crp->crp_flags = CRYPTO_F_IOV;
  326         crwu->cr_crp->crp_buf = &crwu->cr_uio;
  327         for (i = 0; i < crwu->cr_crp->crp_ndesc; i++, blkno++) {
  328                 crd = &crwu->cr_crp->crp_desc[i];
  329                 crd->crd_skip = i << DEV_BSHIFT;
  330                 crd->crd_len = DEV_BSIZE;
  331                 crd->crd_inject = 0;
  332                 crd->crd_flags = flags;
  333                 crd->crd_alg = mdd_crypto->scr_alg;
  334                 crd->crd_klen = mdd_crypto->scr_klen;
  335                 crd->crd_key = mdd_crypto->scr_key[0];
  336                 memcpy(crd->crd_iv, &blkno, sizeof(blkno));
  337         }
  338 
  339         return (crwu);
  340 }
  341 
  342 int
  343 sr_crypto_get_kdf(struct bioc_createraid *bc, struct sr_discipline *sd,
  344     struct sr_crypto *mdd_crypto)
  345 {
  346         int                     rv = EINVAL;
  347         struct sr_crypto_kdfinfo *kdfinfo;
  348 
  349         if (!(bc->bc_opaque_flags & BIOC_SOIN))
  350                 return (rv);
  351         if (bc->bc_opaque == NULL)
  352                 return (rv);
  353         if (bc->bc_opaque_size != sizeof(*kdfinfo))
  354                 return (rv);
  355 
  356         kdfinfo = malloc(bc->bc_opaque_size, M_DEVBUF, M_WAITOK | M_ZERO);
  357         if (copyin(bc->bc_opaque, kdfinfo, bc->bc_opaque_size))
  358                 goto out;
  359 
  360         if (kdfinfo->len != bc->bc_opaque_size)
  361                 goto out;
  362 
  363         /* copy KDF hint to disk meta data */
  364         if (kdfinfo->flags & SR_CRYPTOKDF_HINT) {
  365                 if (sizeof(mdd_crypto->scr_meta->scm_kdfhint) <
  366                     kdfinfo->genkdf.len)
  367                         goto out;
  368                 memcpy(mdd_crypto->scr_meta->scm_kdfhint,
  369                     &kdfinfo->genkdf, kdfinfo->genkdf.len);
  370         }
  371 
  372         /* copy mask key to run-time meta data */
  373         if ((kdfinfo->flags & SR_CRYPTOKDF_KEY)) {
  374                 if (sizeof(mdd_crypto->scr_maskkey) < sizeof(kdfinfo->maskkey))
  375                         goto out;
  376                 memcpy(mdd_crypto->scr_maskkey, &kdfinfo->maskkey,
  377                     sizeof(kdfinfo->maskkey));
  378         }
  379 
  380         bc->bc_opaque_status = BIOC_SOINOUT_OK;
  381         rv = 0;
  382 out:
  383         explicit_bzero(kdfinfo, bc->bc_opaque_size);
  384         free(kdfinfo, M_DEVBUF, bc->bc_opaque_size);
  385 
  386         return (rv);
  387 }
  388 
  389 int
  390 sr_crypto_encrypt(u_char *p, u_char *c, u_char *key, size_t size, int alg)
  391 {
  392         rijndael_ctx            ctx;
  393         int                     i, rv = 1;
  394 
  395         switch (alg) {
  396         case SR_CRYPTOM_AES_ECB_256:
  397                 if (rijndael_set_key_enc_only(&ctx, key, 256) != 0)
  398                         goto out;
  399                 for (i = 0; i < size; i += RIJNDAEL128_BLOCK_LEN)
  400                         rijndael_encrypt(&ctx, &p[i], &c[i]);
  401                 rv = 0;
  402                 break;
  403         default:
  404                 DNPRINTF(SR_D_DIS, "%s: unsupported encryption algorithm %d\n",
  405                     "softraid", alg);
  406                 rv = -1;
  407                 goto out;
  408         }
  409 
  410 out:
  411         explicit_bzero(&ctx, sizeof(ctx));
  412         return (rv);
  413 }
  414 
  415 int
  416 sr_crypto_decrypt(u_char *c, u_char *p, u_char *key, size_t size, int alg)
  417 {
  418         rijndael_ctx            ctx;
  419         int                     i, rv = 1;
  420 
  421         switch (alg) {
  422         case SR_CRYPTOM_AES_ECB_256:
  423                 if (rijndael_set_key(&ctx, key, 256) != 0)
  424                         goto out;
  425                 for (i = 0; i < size; i += RIJNDAEL128_BLOCK_LEN)
  426                         rijndael_decrypt(&ctx, &c[i], &p[i]);
  427                 rv = 0;
  428                 break;
  429         default:
  430                 DNPRINTF(SR_D_DIS, "%s: unsupported encryption algorithm %d\n",
  431                     "softraid", alg);
  432                 rv = -1;
  433                 goto out;
  434         }
  435 
  436 out:
  437         explicit_bzero(&ctx, sizeof(ctx));
  438         return (rv);
  439 }
  440 
  441 void
  442 sr_crypto_calculate_check_hmac_sha1(u_int8_t *maskkey, int maskkey_size,
  443     u_int8_t *key, int key_size, u_char *check_digest)
  444 {
  445         u_char                  check_key[SHA1_DIGEST_LENGTH];
  446         HMAC_SHA1_CTX           hmacctx;
  447         SHA1_CTX                shactx;
  448 
  449         bzero(check_key, sizeof(check_key));
  450         bzero(&hmacctx, sizeof(hmacctx));
  451         bzero(&shactx, sizeof(shactx));
  452 
  453         /* k = SHA1(mask_key) */
  454         SHA1Init(&shactx);
  455         SHA1Update(&shactx, maskkey, maskkey_size);
  456         SHA1Final(check_key, &shactx);
  457 
  458         /* mac = HMAC_SHA1_k(unencrypted key) */
  459         HMAC_SHA1_Init(&hmacctx, check_key, sizeof(check_key));
  460         HMAC_SHA1_Update(&hmacctx, key, key_size);
  461         HMAC_SHA1_Final(check_digest, &hmacctx);
  462 
  463         explicit_bzero(check_key, sizeof(check_key));
  464         explicit_bzero(&hmacctx, sizeof(hmacctx));
  465         explicit_bzero(&shactx, sizeof(shactx));
  466 }
  467 
  468 int
  469 sr_crypto_decrypt_key(struct sr_discipline *sd, struct sr_crypto *mdd_crypto)
  470 {
  471         u_char                  check_digest[SHA1_DIGEST_LENGTH];
  472         int                     rv = 1;
  473 
  474         DNPRINTF(SR_D_DIS, "%s: sr_crypto_decrypt_key\n", DEVNAME(sd->sd_sc));
  475 
  476         if (mdd_crypto->scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1)
  477                 goto out;
  478 
  479         if (sr_crypto_decrypt((u_char *)mdd_crypto->scr_meta->scm_key,
  480             (u_char *)mdd_crypto->scr_key,
  481             mdd_crypto->scr_maskkey, sizeof(mdd_crypto->scr_key),
  482             mdd_crypto->scr_meta->scm_mask_alg) == -1)
  483                 goto out;
  484 
  485 #ifdef SR_DEBUG0
  486         sr_crypto_dumpkeys(mdd_crypto);
  487 #endif
  488 
  489         /* Check that the key decrypted properly. */
  490         sr_crypto_calculate_check_hmac_sha1(mdd_crypto->scr_maskkey,
  491             sizeof(mdd_crypto->scr_maskkey), (u_int8_t *)mdd_crypto->scr_key,
  492             sizeof(mdd_crypto->scr_key), check_digest);
  493         if (memcmp(mdd_crypto->scr_meta->chk_hmac_sha1.sch_mac,
  494             check_digest, sizeof(check_digest)) != 0) {
  495                 explicit_bzero(mdd_crypto->scr_key,
  496                     sizeof(mdd_crypto->scr_key));
  497                 goto out;
  498         }
  499 
  500         rv = 0; /* Success */
  501 out:
  502         /* we don't need the mask key anymore */
  503         explicit_bzero(&mdd_crypto->scr_maskkey,
  504             sizeof(mdd_crypto->scr_maskkey));
  505 
  506         explicit_bzero(check_digest, sizeof(check_digest));
  507 
  508         return rv;
  509 }
  510 
  511 int
  512 sr_crypto_create_keys(struct sr_discipline *sd, struct sr_crypto *mdd_crypto)
  513 {
  514 
  515         DNPRINTF(SR_D_DIS, "%s: sr_crypto_create_keys\n",
  516             DEVNAME(sd->sd_sc));
  517 
  518         if (AES_MAXKEYBYTES < sizeof(mdd_crypto->scr_maskkey))
  519                 return (1);
  520 
  521         /* XXX allow user to specify */
  522         mdd_crypto->scr_meta->scm_alg = SR_CRYPTOA_AES_XTS_256;
  523 
  524         /* generate crypto keys */
  525         arc4random_buf(mdd_crypto->scr_key, sizeof(mdd_crypto->scr_key));
  526 
  527         /* Mask the disk keys. */
  528         mdd_crypto->scr_meta->scm_mask_alg = SR_CRYPTOM_AES_ECB_256;
  529         sr_crypto_encrypt((u_char *)mdd_crypto->scr_key,
  530             (u_char *)mdd_crypto->scr_meta->scm_key,
  531             mdd_crypto->scr_maskkey, sizeof(mdd_crypto->scr_key),
  532             mdd_crypto->scr_meta->scm_mask_alg);
  533 
  534         /* Prepare key decryption check code. */
  535         mdd_crypto->scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1;
  536         sr_crypto_calculate_check_hmac_sha1(mdd_crypto->scr_maskkey,
  537             sizeof(mdd_crypto->scr_maskkey),
  538             (u_int8_t *)mdd_crypto->scr_key, sizeof(mdd_crypto->scr_key),
  539             mdd_crypto->scr_meta->chk_hmac_sha1.sch_mac);
  540 
  541         /* Erase the plaintext disk keys */
  542         explicit_bzero(mdd_crypto->scr_key, sizeof(mdd_crypto->scr_key));
  543 
  544 #ifdef SR_DEBUG0
  545         sr_crypto_dumpkeys(mdd_crypto);
  546 #endif
  547 
  548         mdd_crypto->scr_meta->scm_flags = SR_CRYPTOF_KEY | SR_CRYPTOF_KDFHINT;
  549 
  550         return (0);
  551 }
  552 
  553 int
  554 sr_crypto_change_maskkey(struct sr_discipline *sd, struct sr_crypto *mdd_crypto,
  555   struct sr_crypto_kdfinfo *kdfinfo1, struct sr_crypto_kdfinfo *kdfinfo2)
  556 {
  557         u_char                  check_digest[SHA1_DIGEST_LENGTH];
  558         u_char                  *c, *p = NULL;
  559         size_t                  ksz;
  560         int                     rv = 1;
  561 
  562         DNPRINTF(SR_D_DIS, "%s: sr_crypto_change_maskkey\n",
  563             DEVNAME(sd->sd_sc));
  564 
  565         if (mdd_crypto->scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1)
  566                 goto out;
  567 
  568         c = (u_char *)mdd_crypto->scr_meta->scm_key;
  569         ksz = sizeof(mdd_crypto->scr_key);
  570         p = malloc(ksz, M_DEVBUF, M_WAITOK | M_CANFAIL | M_ZERO);
  571         if (p == NULL)
  572                 goto out;
  573 
  574         if (sr_crypto_decrypt(c, p, kdfinfo1->maskkey, ksz,
  575             mdd_crypto->scr_meta->scm_mask_alg) == -1)
  576                 goto out;
  577 
  578 #ifdef SR_DEBUG0
  579         sr_crypto_dumpkeys(mdd_crypto);
  580 #endif
  581 
  582         sr_crypto_calculate_check_hmac_sha1(kdfinfo1->maskkey,
  583             sizeof(kdfinfo1->maskkey), p, ksz, check_digest);
  584         if (memcmp(mdd_crypto->scr_meta->chk_hmac_sha1.sch_mac,
  585             check_digest, sizeof(check_digest)) != 0) {
  586                 sr_error(sd->sd_sc, "incorrect key or passphrase");
  587                 rv = EPERM;
  588                 goto out;
  589         }
  590 
  591         /* Copy new KDF hint to metadata, if supplied. */
  592         if (kdfinfo2->flags & SR_CRYPTOKDF_HINT) {
  593                 if (kdfinfo2->genkdf.len >
  594                     sizeof(mdd_crypto->scr_meta->scm_kdfhint))
  595                         goto out;
  596                 explicit_bzero(mdd_crypto->scr_meta->scm_kdfhint,
  597                     sizeof(mdd_crypto->scr_meta->scm_kdfhint));
  598                 memcpy(mdd_crypto->scr_meta->scm_kdfhint,
  599                     &kdfinfo2->genkdf, kdfinfo2->genkdf.len);
  600         }
  601 
  602         /* Mask the disk keys. */
  603         c = (u_char *)mdd_crypto->scr_meta->scm_key;
  604         if (sr_crypto_encrypt(p, c, kdfinfo2->maskkey, ksz,
  605             mdd_crypto->scr_meta->scm_mask_alg) == -1)
  606                 goto out;
  607 
  608         /* Prepare key decryption check code. */
  609         mdd_crypto->scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1;
  610         sr_crypto_calculate_check_hmac_sha1(kdfinfo2->maskkey,
  611             sizeof(kdfinfo2->maskkey), (u_int8_t *)mdd_crypto->scr_key,
  612             sizeof(mdd_crypto->scr_key), check_digest);
  613 
  614         /* Copy new encrypted key and HMAC to metadata. */
  615         memcpy(mdd_crypto->scr_meta->chk_hmac_sha1.sch_mac, check_digest,
  616             sizeof(mdd_crypto->scr_meta->chk_hmac_sha1.sch_mac));
  617 
  618         rv = 0; /* Success */
  619 
  620 out:
  621         if (p) {
  622                 explicit_bzero(p, ksz);
  623                 free(p, M_DEVBUF, ksz);
  624         }
  625 
  626         explicit_bzero(check_digest, sizeof(check_digest));
  627         explicit_bzero(&kdfinfo1->maskkey, sizeof(kdfinfo1->maskkey));
  628         explicit_bzero(&kdfinfo2->maskkey, sizeof(kdfinfo2->maskkey));
  629 
  630         return (rv);
  631 }
  632 
  633 struct sr_chunk *
  634 sr_crypto_create_key_disk(struct sr_discipline *sd,
  635     struct sr_crypto *mdd_crypto, dev_t dev)
  636 {
  637         struct sr_softc         *sc = sd->sd_sc;
  638         struct sr_discipline    *fakesd = NULL;
  639         struct sr_metadata      *sm = NULL;
  640         struct sr_meta_chunk    *km;
  641         struct sr_meta_opt_item *omi = NULL;
  642         struct sr_meta_keydisk  *skm;
  643         struct sr_chunk         *key_disk = NULL;
  644         struct disklabel        label;
  645         struct vnode            *vn;
  646         char                    devname[32];
  647         int                     c, part, open = 0;
  648 
  649         /*
  650          * Create a metadata structure on the key disk and store
  651          * keying material in the optional metadata.
  652          */
  653 
  654         sr_meta_getdevname(sc, dev, devname, sizeof(devname));
  655 
  656         /* Make sure chunk is not already in use. */
  657         c = sr_chunk_in_use(sc, dev);
  658         if (c != BIOC_SDINVALID && c != BIOC_SDOFFLINE) {
  659                 sr_error(sc, "%s is already in use", devname);
  660                 goto done;
  661         }
  662 
  663         /* Open device. */
  664         if (bdevvp(dev, &vn)) {
  665                 sr_error(sc, "cannot open key disk %s", devname);
  666                 goto done;
  667         }
  668         if (VOP_OPEN(vn, FREAD | FWRITE, NOCRED, curproc)) {
  669                 DNPRINTF(SR_D_META,"%s: sr_crypto_create_key_disk cannot "
  670                     "open %s\n", DEVNAME(sc), devname);
  671                 vput(vn);
  672                 goto done;
  673         }
  674         open = 1; /* close dev on error */
  675 
  676         /* Get partition details. */
  677         part = DISKPART(dev);
  678         if (VOP_IOCTL(vn, DIOCGDINFO, (caddr_t)&label,
  679             FREAD, NOCRED, curproc)) {
  680                 DNPRINTF(SR_D_META, "%s: sr_crypto_create_key_disk ioctl "
  681                     "failed\n", DEVNAME(sc));
  682                 goto done;
  683         }
  684         if (label.d_partitions[part].p_fstype != FS_RAID) {
  685                 sr_error(sc, "%s partition not of type RAID (%d)",
  686                     devname, label.d_partitions[part].p_fstype);
  687                 goto done;
  688         }
  689 
  690         /*
  691          * Create and populate chunk metadata.
  692          */
  693 
  694         key_disk = malloc(sizeof(struct sr_chunk), M_DEVBUF, M_WAITOK | M_ZERO);
  695         km = &key_disk->src_meta;
  696 
  697         key_disk->src_dev_mm = dev;
  698         key_disk->src_vn = vn;
  699         strlcpy(key_disk->src_devname, devname, sizeof(km->scmi.scm_devname));
  700         key_disk->src_size = 0;
  701 
  702         km->scmi.scm_volid = sd->sd_meta->ssdi.ssd_level;
  703         km->scmi.scm_chunk_id = 0;
  704         km->scmi.scm_size = 0;
  705         km->scmi.scm_coerced_size = 0;
  706         strlcpy(km->scmi.scm_devname, devname, sizeof(km->scmi.scm_devname));
  707         memcpy(&km->scmi.scm_uuid, &sd->sd_meta->ssdi.ssd_uuid,
  708             sizeof(struct sr_uuid));
  709 
  710         sr_checksum(sc, km, &km->scm_checksum,
  711             sizeof(struct sr_meta_chunk_invariant));
  712 
  713         km->scm_status = BIOC_SDONLINE;
  714 
  715         /*
  716          * Create and populate our own discipline and metadata.
  717          */
  718 
  719         sm = malloc(sizeof(struct sr_metadata), M_DEVBUF, M_WAITOK | M_ZERO);
  720         sm->ssdi.ssd_magic = SR_MAGIC;
  721         sm->ssdi.ssd_version = SR_META_VERSION;
  722         sm->ssd_ondisk = 0;
  723         sm->ssdi.ssd_vol_flags = 0;
  724         memcpy(&sm->ssdi.ssd_uuid, &sd->sd_meta->ssdi.ssd_uuid,
  725             sizeof(struct sr_uuid));
  726         sm->ssdi.ssd_chunk_no = 1;
  727         sm->ssdi.ssd_volid = SR_KEYDISK_VOLID;
  728         sm->ssdi.ssd_level = SR_KEYDISK_LEVEL;
  729         sm->ssdi.ssd_size = 0;
  730         strlcpy(sm->ssdi.ssd_vendor, "OPENBSD", sizeof(sm->ssdi.ssd_vendor));
  731         snprintf(sm->ssdi.ssd_product, sizeof(sm->ssdi.ssd_product),
  732             "SR %s", "KEYDISK");
  733         snprintf(sm->ssdi.ssd_revision, sizeof(sm->ssdi.ssd_revision),
  734             "%03d", SR_META_VERSION);
  735 
  736         fakesd = malloc(sizeof(struct sr_discipline), M_DEVBUF,
  737             M_WAITOK | M_ZERO);
  738         fakesd->sd_sc = sd->sd_sc;
  739         fakesd->sd_meta = sm;
  740         fakesd->sd_meta_type = SR_META_F_NATIVE;
  741         fakesd->sd_vol_status = BIOC_SVONLINE;
  742         strlcpy(fakesd->sd_name, "KEYDISK", sizeof(fakesd->sd_name));
  743         SLIST_INIT(&fakesd->sd_meta_opt);
  744 
  745         /* Add chunk to volume. */
  746         fakesd->sd_vol.sv_chunks = malloc(sizeof(struct sr_chunk *), M_DEVBUF,
  747             M_WAITOK | M_ZERO);
  748         fakesd->sd_vol.sv_chunks[0] = key_disk;
  749         SLIST_INIT(&fakesd->sd_vol.sv_chunk_list);
  750         SLIST_INSERT_HEAD(&fakesd->sd_vol.sv_chunk_list, key_disk, src_link);
  751 
  752         /* Generate mask key. */
  753         arc4random_buf(mdd_crypto->scr_maskkey,
  754             sizeof(mdd_crypto->scr_maskkey));
  755 
  756         /* Copy mask key to optional metadata area. */
  757         omi = malloc(sizeof(struct sr_meta_opt_item), M_DEVBUF,
  758             M_WAITOK | M_ZERO);
  759         omi->omi_som = malloc(sizeof(struct sr_meta_keydisk), M_DEVBUF,
  760             M_WAITOK | M_ZERO);
  761         omi->omi_som->som_type = SR_OPT_KEYDISK;
  762         omi->omi_som->som_length = sizeof(struct sr_meta_keydisk);
  763         skm = (struct sr_meta_keydisk *)omi->omi_som;
  764         memcpy(&skm->skm_maskkey, mdd_crypto->scr_maskkey,
  765             sizeof(skm->skm_maskkey));
  766         SLIST_INSERT_HEAD(&fakesd->sd_meta_opt, omi, omi_link);
  767         fakesd->sd_meta->ssdi.ssd_opt_no++;
  768 
  769         /* Save metadata. */
  770         if (sr_meta_save(fakesd, SR_META_DIRTY)) {
  771                 sr_error(sc, "could not save metadata to %s", devname);
  772                 goto fail;
  773         }
  774 
  775         goto done;
  776 
  777 fail:
  778         free(key_disk, M_DEVBUF, sizeof(struct sr_chunk));
  779         key_disk = NULL;
  780 
  781 done:
  782         free(omi, M_DEVBUF, sizeof(struct sr_meta_opt_item));
  783         if (fakesd && fakesd->sd_vol.sv_chunks)
  784                 free(fakesd->sd_vol.sv_chunks, M_DEVBUF,
  785                     sizeof(struct sr_chunk *));
  786         free(fakesd, M_DEVBUF, sizeof(struct sr_discipline));
  787         free(sm, M_DEVBUF, sizeof(struct sr_metadata));
  788         if (open) {
  789                 VOP_CLOSE(vn, FREAD | FWRITE, NOCRED, curproc);
  790                 vput(vn);
  791         }
  792 
  793         return key_disk;
  794 }
  795 
  796 struct sr_chunk *
  797 sr_crypto_read_key_disk(struct sr_discipline *sd, struct sr_crypto *mdd_crypto,
  798     dev_t dev)
  799 {
  800         struct sr_softc         *sc = sd->sd_sc;
  801         struct sr_metadata      *sm = NULL;
  802         struct sr_meta_opt_item *omi, *omi_next;
  803         struct sr_meta_opt_hdr  *omh;
  804         struct sr_meta_keydisk  *skm;
  805         struct sr_meta_opt_head som;
  806         struct sr_chunk         *key_disk = NULL;
  807         struct disklabel        label;
  808         struct vnode            *vn = NULL;
  809         char                    devname[32];
  810         int                     c, part, open = 0;
  811 
  812         /*
  813          * Load a key disk and load keying material into memory.
  814          */
  815 
  816         SLIST_INIT(&som);
  817 
  818         sr_meta_getdevname(sc, dev, devname, sizeof(devname));
  819 
  820         /* Make sure chunk is not already in use. */
  821         c = sr_chunk_in_use(sc, dev);
  822         if (c != BIOC_SDINVALID && c != BIOC_SDOFFLINE) {
  823                 sr_error(sc, "%s is already in use", devname);
  824                 goto done;
  825         }
  826 
  827         /* Open device. */
  828         if (bdevvp(dev, &vn)) {
  829                 sr_error(sc, "cannot open key disk %s", devname);
  830                 goto done;
  831         }
  832         if (VOP_OPEN(vn, FREAD, NOCRED, curproc)) {
  833                 DNPRINTF(SR_D_META,"%s: sr_crypto_read_key_disk cannot "
  834                     "open %s\n", DEVNAME(sc), devname);
  835                 vput(vn);
  836                 goto done;
  837         }
  838         open = 1; /* close dev on error */
  839 
  840         /* Get partition details. */
  841         part = DISKPART(dev);
  842         if (VOP_IOCTL(vn, DIOCGDINFO, (caddr_t)&label, FREAD,
  843             NOCRED, curproc)) {
  844                 DNPRINTF(SR_D_META, "%s: sr_crypto_read_key_disk ioctl "
  845                     "failed\n", DEVNAME(sc));
  846                 goto done;
  847         }
  848         if (label.d_partitions[part].p_fstype != FS_RAID) {
  849                 sr_error(sc, "%s partition not of type RAID (%d)",
  850                     devname, label.d_partitions[part].p_fstype);
  851                 goto done;
  852         }
  853 
  854         /*
  855          * Read and validate key disk metadata.
  856          */
  857         sm = malloc(SR_META_SIZE * DEV_BSIZE, M_DEVBUF, M_WAITOK | M_ZERO);
  858         if (sr_meta_native_read(sd, dev, sm, NULL)) {
  859                 sr_error(sc, "native bootprobe could not read native metadata");
  860                 goto done;
  861         }
  862 
  863         if (sr_meta_validate(sd, dev, sm, NULL)) {
  864                 DNPRINTF(SR_D_META, "%s: invalid metadata\n",
  865                     DEVNAME(sc));
  866                 goto done;
  867         }
  868 
  869         /* Make sure this is a key disk. */
  870         if (sm->ssdi.ssd_level != SR_KEYDISK_LEVEL) {
  871                 sr_error(sc, "%s is not a key disk", devname);
  872                 goto done;
  873         }
  874 
  875         /* Construct key disk chunk. */
  876         key_disk = malloc(sizeof(struct sr_chunk), M_DEVBUF, M_WAITOK | M_ZERO);
  877         key_disk->src_dev_mm = dev;
  878         key_disk->src_vn = vn;
  879         key_disk->src_size = 0;
  880 
  881         memcpy(&key_disk->src_meta, (struct sr_meta_chunk *)(sm + 1),
  882             sizeof(key_disk->src_meta));
  883 
  884         /* Read mask key from optional metadata. */
  885         sr_meta_opt_load(sc, sm, &som);
  886         SLIST_FOREACH(omi, &som, omi_link) {
  887                 omh = omi->omi_som;
  888                 if (omh->som_type == SR_OPT_KEYDISK) {
  889                         skm = (struct sr_meta_keydisk *)omh;
  890                         memcpy(mdd_crypto->scr_maskkey, &skm->skm_maskkey,
  891                             sizeof(mdd_crypto->scr_maskkey));
  892                 } else if (omh->som_type == SR_OPT_CRYPTO) {
  893                         /* Original keydisk format with key in crypto area. */
  894                         memcpy(mdd_crypto->scr_maskkey,
  895                             omh + sizeof(struct sr_meta_opt_hdr),
  896                             sizeof(mdd_crypto->scr_maskkey));
  897                 }
  898         }
  899 
  900         open = 0;
  901 
  902 done:
  903         for (omi = SLIST_FIRST(&som); omi != NULL; omi = omi_next) {
  904                 omi_next = SLIST_NEXT(omi, omi_link);
  905                 free(omi->omi_som, M_DEVBUF, 0);
  906                 free(omi, M_DEVBUF, sizeof(struct sr_meta_opt_item));
  907         }
  908 
  909         free(sm, M_DEVBUF, SR_META_SIZE * DEV_BSIZE);
  910 
  911         if (vn && open) {
  912                 VOP_CLOSE(vn, FREAD, NOCRED, curproc);
  913                 vput(vn);
  914         }
  915 
  916         return key_disk;
  917 }
  918 
  919 void
  920 sr_crypto_free_sessions(struct sr_discipline *sd, struct sr_crypto *mdd_crypto)
  921 {
  922         u_int                   i;
  923 
  924         for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) {
  925                 if (mdd_crypto->scr_sid[i] != (u_int64_t)-1) {
  926                         crypto_freesession(mdd_crypto->scr_sid[i]);
  927                         mdd_crypto->scr_sid[i] = (u_int64_t)-1;
  928                 }
  929         }
  930 }
  931 
  932 int
  933 sr_crypto_alloc_resources_internal(struct sr_discipline *sd,
  934     struct sr_crypto *mdd_crypto)
  935 {
  936         struct sr_workunit      *wu;
  937         struct sr_crypto_wu     *crwu;
  938         struct cryptoini        cri;
  939         u_int                   num_keys, i;
  940 
  941         DNPRINTF(SR_D_DIS, "%s: sr_crypto_alloc_resources\n",
  942             DEVNAME(sd->sd_sc));
  943 
  944         mdd_crypto->scr_alg = CRYPTO_AES_XTS;
  945         switch (mdd_crypto->scr_meta->scm_alg) {
  946         case SR_CRYPTOA_AES_XTS_128:
  947                 mdd_crypto->scr_klen = 256;
  948                 break;
  949         case SR_CRYPTOA_AES_XTS_256:
  950                 mdd_crypto->scr_klen = 512;
  951                 break;
  952         default:
  953                 sr_error(sd->sd_sc, "unknown crypto algorithm");
  954                 return (EINVAL);
  955         }
  956 
  957         for (i = 0; i < SR_CRYPTO_MAXKEYS; i++)
  958                 mdd_crypto->scr_sid[i] = (u_int64_t)-1;
  959 
  960         if (sr_wu_alloc(sd)) {
  961                 sr_error(sd->sd_sc, "unable to allocate work units");
  962                 return (ENOMEM);
  963         }
  964         if (sr_ccb_alloc(sd)) {
  965                 sr_error(sd->sd_sc, "unable to allocate CCBs");
  966                 return (ENOMEM);
  967         }
  968         if (sr_crypto_decrypt_key(sd, mdd_crypto)) {
  969                 sr_error(sd->sd_sc, "incorrect key or passphrase");
  970                 return (EPERM);
  971         }
  972 
  973         /*
  974          * For each work unit allocate the uio, iovec and crypto structures.
  975          * These have to be allocated now because during runtime we cannot
  976          * fail an allocation without failing the I/O (which can cause real
  977          * problems).
  978          */
  979         TAILQ_FOREACH(wu, &sd->sd_wu, swu_next) {
  980                 crwu = (struct sr_crypto_wu *)wu;
  981                 crwu->cr_uio.uio_iov = &crwu->cr_iov;
  982                 crwu->cr_dmabuf = dma_alloc(MAXPHYS, PR_WAITOK);
  983                 crwu->cr_crp = crypto_getreq(MAXPHYS >> DEV_BSHIFT);
  984                 if (crwu->cr_crp == NULL)
  985                         return (ENOMEM);
  986         }
  987 
  988         memset(&cri, 0, sizeof(cri));
  989         cri.cri_alg = mdd_crypto->scr_alg;
  990         cri.cri_klen = mdd_crypto->scr_klen;
  991 
  992         /* Allocate a session for every 2^SR_CRYPTO_KEY_BLKSHIFT blocks. */
  993         num_keys = ((sd->sd_meta->ssdi.ssd_size - 1) >>
  994             SR_CRYPTO_KEY_BLKSHIFT) + 1;
  995         if (num_keys > SR_CRYPTO_MAXKEYS)
  996                 return (EFBIG);
  997         for (i = 0; i < num_keys; i++) {
  998                 cri.cri_key = mdd_crypto->scr_key[i];
  999                 if (crypto_newsession(&mdd_crypto->scr_sid[i],
 1000                     &cri, 0) != 0) {
 1001                         sr_crypto_free_sessions(sd, mdd_crypto);
 1002                         return (EINVAL);
 1003                 }
 1004         }
 1005 
 1006         sr_hotplug_register(sd, sr_crypto_hotplug);
 1007 
 1008         return (0);
 1009 }
 1010 
 1011 int
 1012 sr_crypto_alloc_resources(struct sr_discipline *sd)
 1013 {
 1014         return sr_crypto_alloc_resources_internal(sd, &sd->mds.mdd_crypto);
 1015 }
 1016 
 1017 void
 1018 sr_crypto_free_resources_internal(struct sr_discipline *sd,
 1019     struct sr_crypto *mdd_crypto)
 1020 {
 1021         struct sr_workunit      *wu;
 1022         struct sr_crypto_wu     *crwu;
 1023 
 1024         DNPRINTF(SR_D_DIS, "%s: sr_crypto_free_resources\n",
 1025             DEVNAME(sd->sd_sc));
 1026 
 1027         if (mdd_crypto->key_disk != NULL) {
 1028                 explicit_bzero(mdd_crypto->key_disk,
 1029                     sizeof(*mdd_crypto->key_disk));
 1030                 free(mdd_crypto->key_disk, M_DEVBUF,
 1031                     sizeof(*mdd_crypto->key_disk));
 1032         }
 1033 
 1034         sr_hotplug_unregister(sd, sr_crypto_hotplug);
 1035 
 1036         sr_crypto_free_sessions(sd, mdd_crypto);
 1037 
 1038         TAILQ_FOREACH(wu, &sd->sd_wu, swu_next) {
 1039                 crwu = (struct sr_crypto_wu *)wu;
 1040                 if (crwu->cr_dmabuf)
 1041                         dma_free(crwu->cr_dmabuf, MAXPHYS);
 1042                 if (crwu->cr_crp)
 1043                         crypto_freereq(crwu->cr_crp);
 1044         }
 1045 
 1046         sr_wu_free(sd);
 1047         sr_ccb_free(sd);
 1048 }
 1049 
 1050 void
 1051 sr_crypto_free_resources(struct sr_discipline *sd)
 1052 {
 1053         struct sr_crypto *mdd_crypto = &sd->mds.mdd_crypto;
 1054         sr_crypto_free_resources_internal(sd, mdd_crypto);
 1055 }
 1056 
 1057 int
 1058 sr_crypto_ioctl_internal(struct sr_discipline *sd,
 1059     struct sr_crypto *mdd_crypto, struct bioc_discipline *bd)
 1060 {
 1061         struct sr_crypto_kdfpair kdfpair;
 1062         struct sr_crypto_kdfinfo kdfinfo1, kdfinfo2;
 1063         int                     size, rv = 1;
 1064 
 1065         DNPRINTF(SR_D_IOCTL, "%s: sr_crypto_ioctl %u\n",
 1066             DEVNAME(sd->sd_sc), bd->bd_cmd);
 1067 
 1068         switch (bd->bd_cmd) {
 1069         case SR_IOCTL_GET_KDFHINT:
 1070 
 1071                 /* Get KDF hint for userland. */
 1072                 size = sizeof(mdd_crypto->scr_meta->scm_kdfhint);
 1073                 if (bd->bd_data == NULL || bd->bd_size > size)
 1074                         goto bad;
 1075                 if (copyout(mdd_crypto->scr_meta->scm_kdfhint,
 1076                     bd->bd_data, bd->bd_size))
 1077                         goto bad;
 1078 
 1079                 rv = 0;
 1080 
 1081                 break;
 1082 
 1083         case SR_IOCTL_CHANGE_PASSPHRASE:
 1084 
 1085                 /* Attempt to change passphrase. */
 1086 
 1087                 size = sizeof(kdfpair);
 1088                 if (bd->bd_data == NULL || bd->bd_size > size)
 1089                         goto bad;
 1090                 if (copyin(bd->bd_data, &kdfpair, size))
 1091                         goto bad;
 1092 
 1093                 size = sizeof(kdfinfo1);
 1094                 if (kdfpair.kdfinfo1 == NULL || kdfpair.kdfsize1 > size)
 1095                         goto bad;
 1096                 if (copyin(kdfpair.kdfinfo1, &kdfinfo1, size))
 1097                         goto bad;
 1098 
 1099                 size = sizeof(kdfinfo2);
 1100                 if (kdfpair.kdfinfo2 == NULL || kdfpair.kdfsize2 > size)
 1101                         goto bad;
 1102                 if (copyin(kdfpair.kdfinfo2, &kdfinfo2, size))
 1103                         goto bad;
 1104 
 1105                 if (sr_crypto_change_maskkey(sd, mdd_crypto, &kdfinfo1,
 1106                     &kdfinfo2))
 1107                         goto bad;
 1108 
 1109                 /* Save metadata to disk. */
 1110                 rv = sr_meta_save(sd, SR_META_DIRTY);
 1111 
 1112                 break;
 1113         }
 1114 
 1115 bad:
 1116         explicit_bzero(&kdfpair, sizeof(kdfpair));
 1117         explicit_bzero(&kdfinfo1, sizeof(kdfinfo1));
 1118         explicit_bzero(&kdfinfo2, sizeof(kdfinfo2));
 1119 
 1120         return (rv);
 1121 }
 1122 
 1123 int
 1124 sr_crypto_ioctl(struct sr_discipline *sd, struct bioc_discipline *bd)
 1125 {
 1126         struct sr_crypto *mdd_crypto = &sd->mds.mdd_crypto;
 1127         return sr_crypto_ioctl_internal(sd, mdd_crypto, bd);
 1128 }
 1129 
 1130 int
 1131 sr_crypto_meta_opt_handler_internal(struct sr_discipline *sd,
 1132     struct sr_crypto *mdd_crypto, struct sr_meta_opt_hdr *om)
 1133 {
 1134         int rv = EINVAL;
 1135 
 1136         if (om->som_type == SR_OPT_CRYPTO) {
 1137                 mdd_crypto->scr_meta = (struct sr_meta_crypto *)om;
 1138                 rv = 0;
 1139         }
 1140 
 1141         return (rv);
 1142 }
 1143 
 1144 int
 1145 sr_crypto_meta_opt_handler(struct sr_discipline *sd, struct sr_meta_opt_hdr *om)
 1146 {
 1147         struct sr_crypto *mdd_crypto = &sd->mds.mdd_crypto;
 1148         return sr_crypto_meta_opt_handler_internal(sd, mdd_crypto, om);
 1149 }
 1150 
 1151 int
 1152 sr_crypto_rw(struct sr_workunit *wu)
 1153 {
 1154         struct sr_crypto_wu     *crwu;
 1155         struct sr_crypto        *mdd_crypto;
 1156         daddr_t                 blkno;
 1157         int                     rv, err;
 1158         int                     s;
 1159 
 1160         DNPRINTF(SR_D_DIS, "%s: sr_crypto_rw wu %p\n",
 1161             DEVNAME(wu->swu_dis->sd_sc), wu);
 1162 
 1163         if (sr_validate_io(wu, &blkno, "sr_crypto_rw"))
 1164                 return (1);
 1165 
 1166         if (wu->swu_xs->flags & SCSI_DATA_OUT) {
 1167                 mdd_crypto = &wu->swu_dis->mds.mdd_crypto;
 1168                 crwu = sr_crypto_prepare(wu, mdd_crypto, 1);
 1169                 rv = crypto_invoke(crwu->cr_crp);
 1170 
 1171                 DNPRINTF(SR_D_INTR, "%s: sr_crypto_rw: wu %p xs: %p\n",
 1172                     DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs);
 1173 
 1174                 if (rv) {
 1175                         /* fail io */
 1176                         wu->swu_xs->error = XS_DRIVER_STUFFUP;
 1177                         s = splbio();
 1178                         sr_scsi_done(wu->swu_dis, wu->swu_xs);
 1179                         splx(s);
 1180                 }
 1181 
 1182                 if ((err = sr_crypto_dev_rw(wu, crwu)) != 0)
 1183                         return err;
 1184         } else
 1185                 rv = sr_crypto_dev_rw(wu, NULL);
 1186 
 1187         return (rv);
 1188 }
 1189 
 1190 int
 1191 sr_crypto_dev_rw(struct sr_workunit *wu, struct sr_crypto_wu *crwu)
 1192 {
 1193         struct sr_discipline    *sd = wu->swu_dis;
 1194         struct scsi_xfer        *xs = wu->swu_xs;
 1195         struct sr_ccb           *ccb;
 1196         struct uio              *uio;
 1197         daddr_t                 blkno;
 1198 
 1199         blkno = wu->swu_blk_start;
 1200 
 1201         ccb = sr_ccb_rw(sd, 0, blkno, xs->datalen, xs->data, xs->flags, 0);
 1202         if (!ccb) {
 1203                 /* should never happen but handle more gracefully */
 1204                 printf("%s: %s: too many ccbs queued\n",
 1205                     DEVNAME(sd->sd_sc), sd->sd_meta->ssd_devname);
 1206                 goto bad;
 1207         }
 1208         if (!ISSET(xs->flags, SCSI_DATA_IN)) {
 1209                 uio = crwu->cr_crp->crp_buf;
 1210                 ccb->ccb_buf.b_data = uio->uio_iov->iov_base;
 1211                 ccb->ccb_opaque = crwu;
 1212         }
 1213         sr_wu_enqueue_ccb(wu, ccb);
 1214         sr_schedule_wu(wu);
 1215 
 1216         return (0);
 1217 
 1218 bad:
 1219         return (EINVAL);
 1220 }
 1221 
 1222 void
 1223 sr_crypto_done_internal(struct sr_workunit *wu, struct sr_crypto *mdd_crypto)
 1224 {
 1225         struct scsi_xfer        *xs = wu->swu_xs;
 1226         struct sr_crypto_wu     *crwu;
 1227         int                     rv;
 1228         int                     s;
 1229 
 1230         if (ISSET(wu->swu_flags, SR_WUF_REBUILD)) /* RAID 1C */
 1231                 return;
 1232 
 1233         /* If this was a successful read, initiate decryption of the data. */
 1234         if (ISSET(xs->flags, SCSI_DATA_IN) && xs->error == XS_NOERROR) {
 1235                 crwu = sr_crypto_prepare(wu, mdd_crypto, 0);
 1236                 DNPRINTF(SR_D_INTR, "%s: sr_crypto_done: crypto_invoke %p\n",
 1237                     DEVNAME(wu->swu_dis->sd_sc), crwu->cr_crp);
 1238                 rv = crypto_invoke(crwu->cr_crp);
 1239 
 1240                 DNPRINTF(SR_D_INTR, "%s: sr_crypto_done: wu %p xs: %p\n",
 1241                     DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs);
 1242 
 1243                 if (rv)
 1244                         wu->swu_xs->error = XS_DRIVER_STUFFUP;
 1245 
 1246                 s = splbio();
 1247                 sr_scsi_done(wu->swu_dis, wu->swu_xs);
 1248                 splx(s);
 1249                 return;
 1250         }
 1251 
 1252         s = splbio();
 1253         sr_scsi_done(wu->swu_dis, wu->swu_xs);
 1254         splx(s);
 1255 }
 1256 
 1257 void
 1258 sr_crypto_done(struct sr_workunit *wu)
 1259 {
 1260         struct sr_crypto *mdd_crypto = &wu->swu_dis->mds.mdd_crypto;
 1261         sr_crypto_done_internal(wu, mdd_crypto);
 1262 }
 1263 
 1264 void
 1265 sr_crypto_hotplug(struct sr_discipline *sd, struct disk *diskp, int action)
 1266 {
 1267         DNPRINTF(SR_D_MISC, "%s: sr_crypto_hotplug: %s %d\n",
 1268             DEVNAME(sd->sd_sc), diskp->dk_name, action);
 1269 }
 1270 
 1271 #ifdef SR_DEBUG0
 1272 void
 1273 sr_crypto_dumpkeys(struct sr_crypto *mdd_crypto)
 1274 {
 1275         int                     i, j;
 1276 
 1277         printf("sr_crypto_dumpkeys:\n");
 1278         for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) {
 1279                 printf("\tscm_key[%d]: 0x", i);
 1280                 for (j = 0; j < SR_CRYPTO_KEYBYTES; j++) {
 1281                         printf("%02x", mdd_crypto->scr_meta->scm_key[i][j]);
 1282                 }
 1283                 printf("\n");
 1284         }
 1285         printf("sr_crypto_dumpkeys: runtime data keys:\n");
 1286         for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) {
 1287                 printf("\tscr_key[%d]: 0x", i);
 1288                 for (j = 0; j < SR_CRYPTO_KEYBYTES; j++) {
 1289                         printf("%02x", mdd_crypto->scr_key[i][j]);
 1290                 }
 1291                 printf("\n");
 1292         }
 1293 }
 1294 #endif  /* SR_DEBUG */

Cache object: 77a7f7b1954e7b84095720d4d6060ecf


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.