Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/geom/bde/g_bde.h
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2002 Poul-Henning Kamp 5 * Copyright (c) 2002 Networks Associates Technology, Inc. 6 * All rights reserved. 7 * 8 * This software was developed for the FreeBSD Project by Poul-Henning Kamp 9 * and NAI Labs, the Security Research Division of Network Associates, Inc. 10 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 11 * DARPA CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $FreeBSD$ 35 */ 36 37 #ifndef _SYS_GEOM_BDE_G_BDE_H_ 38 #define _SYS_GEOM_BDE_G_BDE_H_ 1 39 40 /* 41 * These are quite, but not entirely unlike constants. 42 * 43 * They are not commented in details here, to prevent unadvisable 44 * experimentation. Please consult the code where they are used before you 45 * even think about modifying these. 46 */ 47 48 #define G_BDE_MKEYLEN (2048/8) 49 #define G_BDE_SKEYBITS 128 50 #define G_BDE_SKEYLEN (G_BDE_SKEYBITS/8) 51 #define G_BDE_KKEYBITS 128 52 #define G_BDE_KKEYLEN (G_BDE_KKEYBITS/8) 53 #define G_BDE_MAXKEYS 4 54 #define G_BDE_LOCKSIZE 384 55 #define NLOCK_FIELDS 13 56 57 /* This just needs to be "large enough" */ 58 #define G_BDE_KEYBYTES 304 59 60 /* This file is being included by userspace. */ 61 #ifndef __diagused 62 #define __diagused 63 #endif 64 65 struct g_bde_work; 66 struct g_bde_softc; 67 68 struct g_bde_sector { 69 struct g_bde_work *owner; 70 struct g_bde_softc *softc; 71 off_t offset; 72 u_int size; 73 u_int ref; 74 void *data; 75 TAILQ_ENTRY(g_bde_sector) list; 76 u_char valid; 77 u_char malloc; 78 enum {JUNK, IO, VALID} state; 79 int error; 80 time_t used; 81 }; 82 83 struct g_bde_work { 84 struct mtx mutex; 85 off_t offset; 86 off_t length; 87 void *data; 88 struct bio *bp; 89 struct g_bde_softc *softc; 90 off_t so; 91 off_t kso; 92 u_int ko; 93 struct g_bde_sector *sp; 94 struct g_bde_sector *ksp; 95 TAILQ_ENTRY(g_bde_work) list; 96 enum {SETUP, WAIT, FINISH} state; 97 int error; 98 }; 99 100 /* 101 * The decrypted contents of the lock sectors. Notice that this is not 102 * the same as the on-disk layout. The on-disk layout is dynamic and 103 * dependent on the pass-phrase. 104 */ 105 struct g_bde_key { 106 uint64_t sector0; 107 /* Physical byte offset of 1st byte used */ 108 uint64_t sectorN; 109 /* Physical byte offset of 1st byte not used */ 110 uint64_t keyoffset; 111 /* Number of bytes the disk image is skewed. */ 112 uint64_t lsector[G_BDE_MAXKEYS]; 113 /* Physical byte offsets of lock sectors */ 114 uint32_t sectorsize; 115 /* Our "logical" sector size */ 116 uint32_t flags; 117 #define GBDE_F_SECT0 1 118 uint8_t salt[16]; 119 /* Used to frustate the kkey generation */ 120 uint8_t spare[32]; 121 /* For future use, random contents */ 122 uint8_t mkey[G_BDE_MKEYLEN]; 123 /* Our masterkey. */ 124 125 /* Non-stored help-fields */ 126 uint64_t zone_width; /* On-disk width of zone */ 127 uint64_t zone_cont; /* Payload width of zone */ 128 uint64_t media_width; /* Non-magic width of zone */ 129 u_int keys_per_sector; 130 }; 131 132 struct g_bde_softc { 133 off_t mediasize; 134 u_int sectorsize; 135 uint64_t zone_cont; 136 struct g_geom *geom; 137 struct g_consumer *consumer; 138 TAILQ_HEAD(, g_bde_sector) freelist; 139 TAILQ_HEAD(, g_bde_work) worklist; 140 struct mtx worklist_mutex; 141 struct proc *thread; 142 struct g_bde_key key; 143 int dead; 144 u_int nwork; 145 u_int nsect; 146 u_int ncache; 147 u_char sha2[SHA512_DIGEST_LENGTH]; 148 }; 149 150 /* g_bde_crypt.c */ 151 void g_bde_crypt_delete(struct g_bde_work *wp); 152 void g_bde_crypt_read(struct g_bde_work *wp); 153 void g_bde_crypt_write(struct g_bde_work *wp); 154 155 /* g_bde_key.c */ 156 void g_bde_zap_key(struct g_bde_softc *sc); 157 int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len); 158 int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len); 159 160 /* g_bde_lock .c */ 161 int g_bde_encode_lock(u_char *sha2, struct g_bde_key *gl, u_char *ptr); 162 int g_bde_decode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr); 163 int g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64_t v1, void *output); 164 int g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64_t *output); 165 int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *keymat, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey); 166 void g_bde_hash_pass(struct g_bde_softc *sc, const void *input, u_int len); 167 168 /* g_bde_math .c */ 169 uint64_t g_bde_max_sector(struct g_bde_key *lp); 170 void g_bde_map_sector(struct g_bde_work *wp); 171 172 /* g_bde_work.c */ 173 void g_bde_start1(struct bio *bp); 174 void g_bde_worker(void *arg); 175 176 /* 177 * These four functions wrap the raw Rijndael functions and make sure we 178 * explode if something fails which shouldn't. 179 */ 180 181 static __inline void 182 AES_init(cipherInstance *ci) 183 { 184 int error __diagused; 185 186 error = rijndael_cipherInit(ci, MODE_CBC, NULL); 187 KASSERT(error > 0, ("rijndael_cipherInit %d", error)); 188 } 189 190 static __inline void 191 AES_makekey(keyInstance *ki, int dir, u_int len, const void *key) 192 { 193 int error __diagused; 194 195 error = rijndael_makeKey(ki, dir, len, key); 196 KASSERT(error > 0, ("rijndael_makeKey %d", error)); 197 } 198 199 static __inline void 200 AES_encrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len) 201 { 202 int error __diagused; 203 204 error = rijndael_blockEncrypt(ci, ki, in, len * 8, out); 205 KASSERT(error > 0, ("rijndael_blockEncrypt %d", error)); 206 } 207 208 static __inline void 209 AES_decrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len) 210 { 211 int error __diagused; 212 213 error = rijndael_blockDecrypt(ci, ki, in, len * 8, out); 214 KASSERT(error > 0, ("rijndael_blockDecrypt %d", error)); 215 } 216 217 #endif /* _SYS_GEOM_BDE_G_BDE_H_ */
Cache object: e9d27db35954083d5df2b8382c551c7d
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]