diff options
author | phk <phk@FreeBSD.org> | 2002-11-04 09:27:01 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 2002-11-04 09:27:01 +0000 |
commit | 16874ad9231c653cc0923d057079cb01dc655144 (patch) | |
tree | f63c9d7688c826251a2cc69a8cbf9eace1f02f75 /sys/geom/bde/g_bde.h | |
parent | 8f58d0f543eb1d2ede1aa0736e9fe5e958cba1d6 (diff) | |
download | FreeBSD-src-16874ad9231c653cc0923d057079cb01dc655144.zip FreeBSD-src-16874ad9231c653cc0923d057079cb01dc655144.tar.gz |
Run a revision on the GBDE encryption facility.
Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.
Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.
This code has still not been stared at for 10 years by a gang of
hard-core cryptographers. Discretion advised.
NB: These changes result in the on-disk format changing: dump/restore needed.
Sponsored by: DARPA & NAI Labs.
Diffstat (limited to 'sys/geom/bde/g_bde.h')
-rw-r--r-- | sys/geom/bde/g_bde.h | 95 |
1 files changed, 77 insertions, 18 deletions
diff --git a/sys/geom/bde/g_bde.h b/sys/geom/bde/g_bde.h index 6354411..c5f9bf5 100644 --- a/sys/geom/bde/g_bde.h +++ b/sys/geom/bde/g_bde.h @@ -16,9 +16,6 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -35,7 +32,17 @@ * $FreeBSD$ */ -/* These are quite, but not entirely unlike constants. */ +#ifndef _SYS_GEOM_BDE_G_BDE_H_ +#define _SYS_GEOM_BDE_G_BDE_H_ 1 + +/* + * These are quite, but not entirely unlike constants. + * + * They are not commented in details here, to prevent unadvisable + * experimentation. Please consult the code where they are used before you + * even think about modifying these. + */ + #define G_BDE_MKEYLEN (2048/8) #define G_BDE_SKEYBITS 128 #define G_BDE_SKEYLEN (G_BDE_SKEYBITS/8) @@ -43,6 +50,8 @@ #define G_BDE_KKEYLEN (G_BDE_KKEYBITS/8) #define G_BDE_MAXKEYS 4 #define G_BDE_LOCKSIZE 384 +#define NLOCK_FIELDS 13 + /* This just needs to be "large enough" */ #define G_BDE_KEYBYTES 304 @@ -62,6 +71,7 @@ struct g_bde_sector { u_char malloc; enum {JUNK, IO, VALID} state; int error; + time_t used; }; struct g_bde_work { @@ -81,21 +91,31 @@ struct g_bde_work { int error; }; +/* + * The decrypted contents of the lock sectors. Notice that this is not + * the same as the on-disk layout. The on-disk layout is dynamic and + * dependent on the pass-phrase. + */ struct g_bde_key { uint64_t sector0; - /* Physical byte offset of first byte used */ + /* Physical byte offset of 1st byte used */ uint64_t sectorN; - /* Physical byte offset of first byte not used */ + /* Physical byte offset of 1st byte not used */ uint64_t keyoffset; + /* Number of bytes the disk image is skewed. */ uint64_t lsector[G_BDE_MAXKEYS]; - /* Physical offsets */ + /* Physical byte offsets of lock sectors */ uint32_t sectorsize; + /* Our "logical" sector size */ uint32_t flags; /* 1 = lockfile in sector 0 */ - uint8_t hash[16]; uint8_t salt[16]; + /* Used to frustate the kkey generation */ uint8_t spare[32]; + /* For future use, random contents */ uint8_t mkey[G_BDE_MKEYLEN]; + /* Our masterkey. */ + /* Non-stored help-fields */ uint64_t zone_width; /* On-disk width of zone */ uint64_t zone_cont; /* Payload width of zone */ @@ -114,12 +134,11 @@ struct g_bde_softc { struct mtx worklist_mutex; struct proc *thread; struct g_bde_key key; - u_char arc4_sbox[256]; - u_char arc4_i, arc4_j; int dead; u_int nwork; u_int nsect; u_int ncache; + u_char sha2[SHA512_DIGEST_LENGTH]; }; /* g_bde_crypt.c */ @@ -133,14 +152,12 @@ int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len); int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len); /* g_bde_lock .c */ -void g_bde_encode_lock(struct g_bde_key *gl, u_char *ptr); -void g_bde_decode_lock(struct g_bde_key *gl, u_char *ptr); -u_char g_bde_arc4(struct g_bde_softc *sc); -void g_bde_arc4_seq(struct g_bde_softc *sc, void *ptr, u_int len); -void g_bde_arc4_seed(struct g_bde_softc *sc, const void *ptr, u_int len); -int g_bde_keyloc_encrypt(struct g_bde_softc *sc, void *input, void *output); -int g_bde_keyloc_decrypt(struct g_bde_softc *sc, void *input, void *output); -int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey); +int g_bde_encode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr); +int g_bde_decode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr); +int g_bde_keyloc_encrypt(struct g_bde_softc *sc, uint64_t *input, void *output); +int g_bde_keyloc_decrypt(struct g_bde_softc *sc, void *input, uint64_t *output); +int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *keymat, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey); +void g_bde_hash_pass(struct g_bde_softc *sc, const void *input, u_int len); /* g_bde_math .c */ uint64_t g_bde_max_sector(struct g_bde_key *lp); @@ -150,3 +167,45 @@ void g_bde_map_sector(struct g_bde_key *lp, uint64_t isector, uint64_t *osector, void g_bde_start1(struct bio *bp); void g_bde_worker(void *arg); +/* + * These four functions wrap the raw Rijndael functions and make sure we + * explode if something fails which shouldn't. + */ + +static __inline void +AES_init(cipherInstance *ci) +{ + int error; + + error = rijndael_cipherInit(ci, MODE_CBC, NULL); + KASSERT(error > 0, ("rijndael_cipherInit %d", error)); +} + +static __inline void +AES_makekey(keyInstance *ki, int dir, u_int len, void *key) +{ + int error; + + error = rijndael_makeKey(ki, dir, len, key); + KASSERT(error > 0, ("rijndael_makeKey %d", error)); +} + +static __inline void +AES_encrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len) +{ + int error; + + error = rijndael_blockEncrypt(ci, ki, in, len * 8, out); + KASSERT(error > 0, ("rijndael_blockEncrypt %d", error)); +} + +static __inline void +AES_decrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len) +{ + int error; + + error = rijndael_blockDecrypt(ci, ki, in, len * 8, out); + KASSERT(error > 0, ("rijndael_blockDecrypt %d", error)); +} + +#endif /* _SYS_GEOM_BDE_G_BDE_H_ */ |