The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/geom/bde/g_bde.h

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
    3  *
    4  * Copyright (c) 2002 Poul-Henning Kamp
    5  * Copyright (c) 2002 Networks Associates Technology, Inc.
    6  * All rights reserved.
    7  *
    8  * This software was developed for the FreeBSD Project by Poul-Henning Kamp
    9  * and NAI Labs, the Security Research Division of Network Associates, Inc.
   10  * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
   11  * DARPA CHATS research program.
   12  *
   13  * Redistribution and use in source and binary forms, with or without
   14  * modification, are permitted provided that the following conditions
   15  * are met:
   16  * 1. Redistributions of source code must retain the above copyright
   17  *    notice, this list of conditions and the following disclaimer.
   18  * 2. Redistributions in binary form must reproduce the above copyright
   19  *    notice, this list of conditions and the following disclaimer in the
   20  *    documentation and/or other materials provided with the distribution.
   21  *
   22  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   32  * SUCH DAMAGE.
   33  *
   34  * $FreeBSD: releng/12.0/sys/geom/bde/g_bde.h 326270 2017-11-27 15:17:37Z pfg $
   35  */
   36 
   37 #ifndef _SYS_GEOM_BDE_G_BDE_H_
   38 #define _SYS_GEOM_BDE_G_BDE_H_ 1
   39 
   40 /*
   41  * These are quite, but not entirely unlike constants.
   42  *
   43  * They are not commented in details here, to prevent unadvisable
   44  * experimentation. Please consult the code where they are used before you
   45  * even think about modifying these.
   46  */
   47 
   48 #define G_BDE_MKEYLEN   (2048/8)
   49 #define G_BDE_SKEYBITS  128
   50 #define G_BDE_SKEYLEN   (G_BDE_SKEYBITS/8)
   51 #define G_BDE_KKEYBITS  128
   52 #define G_BDE_KKEYLEN   (G_BDE_KKEYBITS/8)
   53 #define G_BDE_MAXKEYS   4
   54 #define G_BDE_LOCKSIZE  384
   55 #define NLOCK_FIELDS    13
   56 
   57 
   58 /* This just needs to be "large enough" */
   59 #define G_BDE_KEYBYTES  304
   60 
   61 struct g_bde_work;
   62 struct g_bde_softc;
   63 
   64 struct g_bde_sector {
   65         struct g_bde_work       *owner;
   66         struct g_bde_softc      *softc;
   67         off_t                   offset;
   68         u_int                   size;
   69         u_int                   ref;
   70         void                    *data;
   71         TAILQ_ENTRY(g_bde_sector) list;
   72         u_char                  valid;
   73         u_char                  malloc;
   74         enum {JUNK, IO, VALID}  state;
   75         int                     error;
   76         time_t                  used;
   77 };
   78 
   79 struct g_bde_work {
   80         struct mtx              mutex;
   81         off_t                   offset;
   82         off_t                   length;
   83         void                    *data;
   84         struct bio              *bp;
   85         struct g_bde_softc      *softc;
   86         off_t                   so;
   87         off_t                   kso;
   88         u_int                   ko;
   89         struct g_bde_sector     *sp;
   90         struct g_bde_sector     *ksp;
   91         TAILQ_ENTRY(g_bde_work) list;
   92         enum {SETUP, WAIT, FINISH} state;
   93         int                     error;
   94 };
   95 
   96 /*
   97  * The decrypted contents of the lock sectors.  Notice that this is not
   98  * the same as the on-disk layout.  The on-disk layout is dynamic and
   99  * dependent on the pass-phrase.
  100  */
  101 struct g_bde_key {
  102         uint64_t                sector0;        
  103                                 /* Physical byte offset of 1st byte used */
  104         uint64_t                sectorN;
  105                                 /* Physical byte offset of 1st byte not used */
  106         uint64_t                keyoffset;
  107                                 /* Number of bytes the disk image is skewed. */
  108         uint64_t                lsector[G_BDE_MAXKEYS];
  109                                 /* Physical byte offsets of lock sectors */
  110         uint32_t                sectorsize;
  111                                 /* Our "logical" sector size */
  112         uint32_t                flags;
  113 #define GBDE_F_SECT0            1
  114         uint8_t                 salt[16];
  115                                 /* Used to frustate the kkey generation */
  116         uint8_t                 spare[32];
  117                                 /* For future use, random contents */
  118         uint8_t                 mkey[G_BDE_MKEYLEN];
  119                                 /* Our masterkey. */
  120 
  121         /* Non-stored help-fields */
  122         uint64_t                zone_width;     /* On-disk width of zone */
  123         uint64_t                zone_cont;      /* Payload width of zone */
  124         uint64_t                media_width;    /* Non-magic width of zone */
  125         u_int                   keys_per_sector;
  126 };
  127 
  128 struct g_bde_softc {
  129         off_t                   mediasize;
  130         u_int                   sectorsize;
  131         uint64_t                zone_cont;
  132         struct g_geom           *geom;
  133         struct g_consumer       *consumer;
  134         TAILQ_HEAD(, g_bde_sector)      freelist;
  135         TAILQ_HEAD(, g_bde_work)        worklist;
  136         struct mtx              worklist_mutex;
  137         struct proc             *thread;
  138         struct g_bde_key        key;
  139         int                     dead;
  140         u_int                   nwork;
  141         u_int                   nsect;
  142         u_int                   ncache;
  143         u_char                  sha2[SHA512_DIGEST_LENGTH];
  144 };
  145 
  146 /* g_bde_crypt.c */
  147 void g_bde_crypt_delete(struct g_bde_work *wp);
  148 void g_bde_crypt_read(struct g_bde_work *wp);
  149 void g_bde_crypt_write(struct g_bde_work *wp);
  150 
  151 /* g_bde_key.c */
  152 void g_bde_zap_key(struct g_bde_softc *sc);
  153 int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len);
  154 int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len);
  155 
  156 /* g_bde_lock .c */
  157 int g_bde_encode_lock(u_char *sha2, struct g_bde_key *gl, u_char *ptr);
  158 int g_bde_decode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr);
  159 int g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64_t v1, void *output);
  160 int g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64_t *output);
  161 int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *keymat, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey);
  162 void g_bde_hash_pass(struct g_bde_softc *sc, const void *input, u_int len);
  163 
  164 /* g_bde_math .c */
  165 uint64_t g_bde_max_sector(struct g_bde_key *lp);
  166 void g_bde_map_sector(struct g_bde_work *wp);
  167 
  168 /* g_bde_work.c */
  169 void g_bde_start1(struct bio *bp);
  170 void g_bde_worker(void *arg);
  171 
  172 /*
  173  * These four functions wrap the raw Rijndael functions and make sure we
  174  * explode if something fails which shouldn't.
  175  */
  176 
  177 static __inline void
  178 AES_init(cipherInstance *ci)
  179 {
  180         int error;
  181 
  182         error = rijndael_cipherInit(ci, MODE_CBC, NULL);
  183         KASSERT(error > 0, ("rijndael_cipherInit %d", error));
  184 }
  185 
  186 static __inline void
  187 AES_makekey(keyInstance *ki, int dir, u_int len, const void *key)
  188 {
  189         int error;
  190 
  191         error = rijndael_makeKey(ki, dir, len, key);
  192         KASSERT(error > 0, ("rijndael_makeKey %d", error));
  193 }
  194 
  195 static __inline void
  196 AES_encrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len)
  197 {
  198         int error;
  199 
  200         error = rijndael_blockEncrypt(ci, ki, in, len * 8, out);
  201         KASSERT(error > 0, ("rijndael_blockEncrypt %d", error));
  202 }
  203 
  204 static __inline void
  205 AES_decrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len)
  206 {
  207         int error;
  208 
  209         error = rijndael_blockDecrypt(ci, ki, in, len * 8, out);
  210         KASSERT(error > 0, ("rijndael_blockDecrypt %d", error));
  211 }
  212 
  213 #endif /* _SYS_GEOM_BDE_G_BDE_H_ */

Cache object: 0d59140a18ca594967c0391b3ba8d2e2


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.