The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/geom/eli/g_eli_crypto.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
    3  *
    4  * Copyright (c) 2005-2010 Pawel Jakub Dawidek <pjd@FreeBSD.org>
    5  * All rights reserved.
    6  *
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  * 1. Redistributions of source code must retain the above copyright
   11  *    notice, this list of conditions and the following disclaimer.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *    notice, this list of conditions and the following disclaimer in the
   14  *    documentation and/or other materials provided with the distribution.
   15  *
   16  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
   17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
   20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   26  * SUCH DAMAGE.
   27  */
   28 
   29 #include <sys/cdefs.h>
   30 __FBSDID("$FreeBSD$");
   31 
   32 #include <sys/param.h>
   33 #ifdef _KERNEL
   34 #include <sys/systm.h>
   35 #include <sys/kernel.h>
   36 #include <sys/malloc.h>
   37 #else
   38 #include <stdint.h>
   39 #include <string.h>
   40 #include <strings.h>
   41 #include <errno.h>
   42 #include <assert.h>
   43 #include <openssl/evp.h>
   44 #define _OpenSSL_
   45 #endif
   46 #include <geom/eli/g_eli.h>
   47 
   48 #ifdef _KERNEL
   49 MALLOC_DECLARE(M_ELI);
   50 
   51 static int
   52 g_eli_crypto_done(struct cryptop *crp)
   53 {
   54 
   55         crp->crp_opaque = (void *)crp;
   56         wakeup(crp);
   57         return (0);
   58 }
   59 
   60 static int
   61 g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
   62     const u_char *key, size_t keysize)
   63 {
   64         struct crypto_session_params csp;
   65         struct cryptop *crp;
   66         crypto_session_t sid;
   67         int error;
   68 
   69         KASSERT(algo != CRYPTO_AES_XTS,
   70             ("%s: CRYPTO_AES_XTS unexpected here", __func__));
   71 
   72         memset(&csp, 0, sizeof(csp));
   73         csp.csp_mode = CSP_MODE_CIPHER;
   74         csp.csp_cipher_alg = algo;
   75         csp.csp_ivlen = g_eli_ivlen(algo);
   76         csp.csp_cipher_key = key;
   77         csp.csp_cipher_klen = keysize / 8;
   78         error = crypto_newsession(&sid, &csp, CRYPTOCAP_F_SOFTWARE);
   79         if (error != 0)
   80                 return (error);
   81         crp = crypto_getreq(sid, M_NOWAIT);
   82         if (crp == NULL) {
   83                 crypto_freesession(sid);
   84                 return (ENOMEM);
   85         }
   86 
   87         crp->crp_payload_start = 0;
   88         crp->crp_payload_length = datasize;
   89         crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_IV_SEPARATE;
   90         crp->crp_op = enc ? CRYPTO_OP_ENCRYPT : CRYPTO_OP_DECRYPT;
   91         memset(crp->crp_iv, 0, sizeof(crp->crp_iv));
   92 
   93         crp->crp_opaque = NULL;
   94         crp->crp_callback = g_eli_crypto_done;
   95         crypto_use_buf(crp, data, datasize);
   96 
   97         error = crypto_dispatch(crp);
   98         if (error == 0) {
   99                 while (crp->crp_opaque == NULL)
  100                         tsleep(crp, PRIBIO, "geli", hz / 5);
  101                 error = crp->crp_etype;
  102         }
  103 
  104         crypto_freereq(crp);
  105         crypto_freesession(sid);
  106         return (error);
  107 }
  108 #else   /* !_KERNEL */
  109 static int
  110 g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
  111     const u_char *key, size_t keysize)
  112 {
  113         EVP_CIPHER_CTX *ctx;
  114         const EVP_CIPHER *type;
  115         u_char iv[G_ELI_IVKEYLEN];
  116         int outsize;
  117 
  118         assert(algo != CRYPTO_AES_XTS);
  119 
  120         switch (algo) {
  121         case CRYPTO_NULL_CBC:
  122                 type = EVP_enc_null();
  123                 break;
  124         case CRYPTO_AES_CBC:
  125                 switch (keysize) {
  126                 case 128:
  127                         type = EVP_aes_128_cbc();
  128                         break;
  129                 case 192:
  130                         type = EVP_aes_192_cbc();
  131                         break;
  132                 case 256:
  133                         type = EVP_aes_256_cbc();
  134                         break;
  135                 default:
  136                         return (EINVAL);
  137                 }
  138                 break;
  139 #ifndef OPENSSL_NO_CAMELLIA
  140         case CRYPTO_CAMELLIA_CBC:
  141                 switch (keysize) {
  142                 case 128:
  143                         type = EVP_camellia_128_cbc();
  144                         break;
  145                 case 192:
  146                         type = EVP_camellia_192_cbc();
  147                         break;
  148                 case 256:
  149                         type = EVP_camellia_256_cbc();
  150                         break;
  151                 default:
  152                         return (EINVAL);
  153                 }
  154                 break;
  155 #endif
  156         default:
  157                 return (EINVAL);
  158         }
  159 
  160         ctx = EVP_CIPHER_CTX_new();
  161         if (ctx == NULL)
  162                 return (ENOMEM);
  163 
  164         EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, enc);
  165         EVP_CIPHER_CTX_set_key_length(ctx, keysize / 8);
  166         EVP_CIPHER_CTX_set_padding(ctx, 0);
  167         bzero(iv, sizeof(iv));
  168         EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc);
  169 
  170         if (EVP_CipherUpdate(ctx, data, &outsize, data, datasize) == 0) {
  171                 EVP_CIPHER_CTX_free(ctx);
  172                 return (EINVAL);
  173         }
  174         assert(outsize == (int)datasize);
  175 
  176         if (EVP_CipherFinal_ex(ctx, data + outsize, &outsize) == 0) {
  177                 EVP_CIPHER_CTX_free(ctx);
  178                 return (EINVAL);
  179         }
  180         assert(outsize == 0);
  181 
  182         EVP_CIPHER_CTX_free(ctx);
  183         return (0);
  184 }
  185 #endif  /* !_KERNEL */
  186 
  187 int
  188 g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize,
  189     const u_char *key, size_t keysize)
  190 {
  191 
  192         /* We prefer AES-CBC for metadata protection. */
  193         if (algo == CRYPTO_AES_XTS)
  194                 algo = CRYPTO_AES_CBC;
  195 
  196         return (g_eli_crypto_cipher(algo, 1, data, datasize, key, keysize));
  197 }
  198 
  199 int
  200 g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize,
  201     const u_char *key, size_t keysize)
  202 {
  203 
  204         /* We prefer AES-CBC for metadata protection. */
  205         if (algo == CRYPTO_AES_XTS)
  206                 algo = CRYPTO_AES_CBC;
  207 
  208         return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize));
  209 }

Cache object: ac6afd24eb89572bc8ec6ed6dc1a12a2


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.