Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/geom/bde/g_bde.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2002 Poul-Henning Kamp 5 * Copyright (c) 2002 Networks Associates Technology, Inc. 6 * All rights reserved. 7 * 8 * This software was developed for the FreeBSD Project by Poul-Henning Kamp 9 * and NAI Labs, the Security Research Division of Network Associates, Inc. 10 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 11 * DARPA CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $FreeBSD$ 35 * 36 */ 37 38 #include <sys/param.h> 39 #include <sys/bio.h> 40 #include <sys/lock.h> 41 #include <sys/mutex.h> 42 #include <sys/malloc.h> 43 #include <sys/systm.h> 44 #include <sys/kernel.h> 45 #include <sys/kthread.h> 46 #include <sys/sysctl.h> 47 48 #include <crypto/rijndael/rijndael-api-fst.h> 49 #include <crypto/sha2/sha512.h> 50 #include <geom/geom.h> 51 #include <geom/bde/g_bde.h> 52 #define BDE_CLASS_NAME "BDE" 53 54 FEATURE(geom_bde, "GEOM-based Disk Encryption"); 55 56 static void 57 g_bde_start(struct bio *bp) 58 { 59 60 switch (bp->bio_cmd) { 61 case BIO_DELETE: 62 case BIO_READ: 63 case BIO_WRITE: 64 g_bde_start1(bp); 65 break; 66 case BIO_GETATTR: 67 g_io_deliver(bp, EOPNOTSUPP); 68 break; 69 default: 70 g_io_deliver(bp, EOPNOTSUPP); 71 return; 72 } 73 return; 74 } 75 76 static void 77 g_bde_orphan(struct g_consumer *cp) 78 { 79 struct g_geom *gp; 80 struct g_provider *pp; 81 struct g_bde_softc *sc; 82 83 g_trace(G_T_TOPOLOGY, "g_bde_orphan(%p/%s)", cp, cp->provider->name); 84 g_topology_assert(); 85 86 gp = cp->geom; 87 sc = gp->softc; 88 gp->flags |= G_GEOM_WITHER; 89 LIST_FOREACH(pp, &gp->provider, provider) 90 g_wither_provider(pp, ENXIO); 91 explicit_bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */ 92 return; 93 } 94 95 static int 96 g_bde_access(struct g_provider *pp, int dr, int dw, int de) 97 { 98 struct g_geom *gp; 99 struct g_consumer *cp; 100 101 gp = pp->geom; 102 cp = LIST_FIRST(&gp->consumer); 103 if (cp->acr == 0 && cp->acw == 0 && cp->ace == 0) { 104 de++; 105 dr++; 106 } 107 /* ... and let go of it on last close */ 108 if ((cp->acr + dr) == 0 && (cp->acw + dw) == 0 && (cp->ace + de) == 1) { 109 de--; 110 dr--; 111 } 112 return (g_access(cp, dr, dw, de)); 113 } 114 115 static void 116 g_bde_create_geom(struct gctl_req *req, struct g_class *mp, struct g_provider *pp) 117 { 118 struct g_geom *gp; 119 struct g_consumer *cp; 120 struct g_bde_key *kp; 121 int error, i; 122 u_int sectorsize; 123 off_t mediasize; 124 struct g_bde_softc *sc; 125 void *pass; 126 void *key; 127 128 g_trace(G_T_TOPOLOGY, "g_bde_create_geom(%s, %s)", mp->name, pp->name); 129 g_topology_assert(); 130 gp = NULL; 131 132 gp = g_new_geomf(mp, "%s.bde", pp->name); 133 cp = g_new_consumer(gp); 134 error = g_attach(cp, pp); 135 if (error != 0) { 136 g_destroy_consumer(cp); 137 g_destroy_geom(gp); 138 gctl_error(req, "could not attach consumer"); 139 return; 140 } 141 error = g_access(cp, 1, 1, 1); 142 if (error) { 143 g_detach(cp); 144 g_destroy_consumer(cp); 145 g_destroy_geom(gp); 146 gctl_error(req, "could not access consumer"); 147 return; 148 } 149 pass = NULL; 150 key = NULL; 151 do { 152 pass = gctl_get_param(req, "pass", &i); 153 if (pass == NULL || i != SHA512_DIGEST_LENGTH) { 154 gctl_error(req, "No usable key presented"); 155 break; 156 } 157 key = gctl_get_param(req, "key", &i); 158 if (key != NULL && i != 16) { 159 gctl_error(req, "Invalid key presented"); 160 break; 161 } 162 sectorsize = cp->provider->sectorsize; 163 mediasize = cp->provider->mediasize; 164 sc = g_malloc(sizeof(struct g_bde_softc), M_WAITOK | M_ZERO); 165 gp->softc = sc; 166 sc->geom = gp; 167 sc->consumer = cp; 168 169 error = g_bde_decrypt_lock(sc, pass, key, 170 mediasize, sectorsize, NULL); 171 explicit_bzero(sc->sha2, sizeof sc->sha2); 172 if (error) 173 break; 174 kp = &sc->key; 175 176 /* Initialize helper-fields */ 177 kp->keys_per_sector = kp->sectorsize / G_BDE_SKEYLEN; 178 kp->zone_cont = kp->keys_per_sector * kp->sectorsize; 179 kp->zone_width = kp->zone_cont + kp->sectorsize; 180 kp->media_width = kp->sectorN - kp->sector0 - 181 G_BDE_MAXKEYS * kp->sectorsize; 182 183 /* Our external parameters */ 184 sc->zone_cont = kp->zone_cont; 185 sc->mediasize = g_bde_max_sector(kp); 186 sc->sectorsize = kp->sectorsize; 187 188 TAILQ_INIT(&sc->freelist); 189 TAILQ_INIT(&sc->worklist); 190 mtx_init(&sc->worklist_mutex, "g_bde_worklist", NULL, MTX_DEF); 191 /* XXX: error check */ 192 kproc_create(g_bde_worker, gp, &sc->thread, 0, 0, 193 "g_bde %s", gp->name); 194 pp = g_new_providerf(gp, "%s", gp->name); 195 pp->stripesize = kp->zone_cont; 196 pp->stripeoffset = 0; 197 pp->mediasize = sc->mediasize; 198 pp->sectorsize = sc->sectorsize; 199 g_error_provider(pp, 0); 200 break; 201 } while (0); 202 if (pass != NULL) 203 explicit_bzero(pass, SHA512_DIGEST_LENGTH); 204 if (key != NULL) 205 explicit_bzero(key, 16); 206 if (error == 0) 207 return; 208 g_access(cp, -1, -1, -1); 209 g_detach(cp); 210 g_destroy_consumer(cp); 211 g_free(gp->softc); 212 g_destroy_geom(gp); 213 switch (error) { 214 case ENOENT: 215 gctl_error(req, "Lock was destroyed"); 216 break; 217 case ESRCH: 218 gctl_error(req, "Lock was nuked"); 219 break; 220 case EINVAL: 221 gctl_error(req, "Could not open lock"); 222 break; 223 case ENOTDIR: 224 gctl_error(req, "Lock not found"); 225 break; 226 default: 227 gctl_error(req, "Could not open lock (%d)", error); 228 break; 229 } 230 return; 231 } 232 233 static int 234 g_bde_destroy_geom(struct gctl_req *req, struct g_class *mp, struct g_geom *gp) 235 { 236 struct g_consumer *cp; 237 struct g_provider *pp; 238 struct g_bde_softc *sc; 239 240 g_trace(G_T_TOPOLOGY, "g_bde_destroy_geom(%s, %s)", mp->name, gp->name); 241 g_topology_assert(); 242 /* 243 * Orderly detachment. 244 */ 245 KASSERT(gp != NULL, ("NULL geom")); 246 pp = LIST_FIRST(&gp->provider); 247 KASSERT(pp != NULL, ("NULL provider")); 248 if (pp->acr > 0 || pp->acw > 0 || pp->ace > 0) 249 return (EBUSY); 250 sc = gp->softc; 251 cp = LIST_FIRST(&gp->consumer); 252 KASSERT(cp != NULL, ("NULL consumer")); 253 sc->dead = 1; 254 wakeup(sc); 255 g_access(cp, -1, -1, -1); 256 g_detach(cp); 257 g_destroy_consumer(cp); 258 while (sc->dead != 2 && !LIST_EMPTY(&pp->consumers)) 259 tsleep(sc, PRIBIO, "g_bdedie", hz); 260 mtx_destroy(&sc->worklist_mutex); 261 explicit_bzero(&sc->key, sizeof sc->key); 262 g_free(sc); 263 g_wither_geom(gp, ENXIO); 264 return (0); 265 } 266 267 static void 268 g_bde_ctlreq(struct gctl_req *req, struct g_class *mp, char const *verb) 269 { 270 struct g_geom *gp; 271 struct g_provider *pp; 272 273 if (!strcmp(verb, "create geom")) { 274 pp = gctl_get_provider(req, "provider"); 275 if (pp != NULL) 276 g_bde_create_geom(req, mp, pp); 277 } else if (!strcmp(verb, "destroy geom")) { 278 gp = gctl_get_geom(req, mp, "geom"); 279 if (gp != NULL) 280 g_bde_destroy_geom(req, mp, gp); 281 } else { 282 gctl_error(req, "unknown verb"); 283 } 284 } 285 286 static struct g_class g_bde_class = { 287 .name = BDE_CLASS_NAME, 288 .version = G_VERSION, 289 .destroy_geom = g_bde_destroy_geom, 290 .ctlreq = g_bde_ctlreq, 291 .start = g_bde_start, 292 .orphan = g_bde_orphan, 293 .access = g_bde_access, 294 .spoiled = g_std_spoiled, 295 }; 296 297 DECLARE_GEOM_CLASS(g_bde_class, g_bde); 298 MODULE_VERSION(geom_bde, 0);
Cache object: d6c22a973b72be6b3793b6ad8485df77
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]