diff options
-rw-r--r-- | sbin/geom/class/eli/Makefile | 1 | ||||
-rw-r--r-- | sys/conf/files | 1 | ||||
-rw-r--r-- | sys/geom/eli/g_eli.c | 83 | ||||
-rw-r--r-- | sys/geom/eli/g_eli.h | 96 | ||||
-rw-r--r-- | sys/geom/eli/g_eli_crypto.c | 72 | ||||
-rw-r--r-- | sys/geom/eli/g_eli_hmac.c | 150 | ||||
-rw-r--r-- | sys/geom/eli/g_eli_key_cache.c | 32 | ||||
-rw-r--r-- | sys/geom/eli/pkcs5v2.c | 2 | ||||
-rw-r--r-- | sys/modules/geom/geom_eli/Makefile | 1 |
9 files changed, 254 insertions, 184 deletions
diff --git a/sbin/geom/class/eli/Makefile b/sbin/geom/class/eli/Makefile index 50de651..5eff32c 100644 --- a/sbin/geom/class/eli/Makefile +++ b/sbin/geom/class/eli/Makefile @@ -4,6 +4,7 @@ GEOM_CLASS= eli SRCS= g_eli_crypto.c +SRCS+= g_eli_hmac.c SRCS+= g_eli_key.c SRCS+= pkcs5v2.c SRCS+= sha256c.c diff --git a/sys/conf/files b/sys/conf/files index feac6c0..3652b3b 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -2994,6 +2994,7 @@ geom/concat/g_concat.c optional geom_concat geom/eli/g_eli.c optional geom_eli geom/eli/g_eli_crypto.c optional geom_eli geom/eli/g_eli_ctl.c optional geom_eli +geom/eli/g_eli_hmac.c optional geom_eli geom/eli/g_eli_integrity.c optional geom_eli geom/eli/g_eli_key.c optional geom_eli geom/eli/g_eli_key_cache.c optional geom_eli diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c index 57adc40..a2b4e65 100644 --- a/sys/geom/eli/g_eli.c +++ b/sys/geom/eli/g_eli.c @@ -571,40 +571,6 @@ again: } } -/* - * Here we generate IV. It is unique for every sector. - */ -void -g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, - size_t size) -{ - uint8_t off[8]; - - if ((sc->sc_flags & G_ELI_FLAG_NATIVE_BYTE_ORDER) != 0) - bcopy(&offset, off, sizeof(off)); - else - le64enc(off, (uint64_t)offset); - - switch (sc->sc_ealgo) { - case CRYPTO_AES_XTS: - bcopy(off, iv, sizeof(off)); - bzero(iv + sizeof(off), size - sizeof(off)); - break; - default: - { - u_char hash[SHA256_DIGEST_LENGTH]; - SHA256_CTX ctx; - - /* Copy precalculated SHA256 context for IV-Key. */ - bcopy(&sc->sc_ivctx, &ctx, sizeof(ctx)); - SHA256_Update(&ctx, off, sizeof(off)); - SHA256_Final(hash, &ctx); - bcopy(hash, iv, MIN(sizeof(hash), size)); - break; - } - } -} - int g_eli_read_metadata(struct g_class *mp, struct g_provider *pp, struct g_eli_metadata *md) @@ -751,44 +717,9 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp, else gp->access = g_std_access; - sc->sc_version = md->md_version; - sc->sc_inflight = 0; - sc->sc_crypto = G_ELI_CRYPTO_UNKNOWN; - sc->sc_flags = md->md_flags; - /* Backward compatibility. */ - if (md->md_version < G_ELI_VERSION_04) - sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER; - if (md->md_version < G_ELI_VERSION_05) - sc->sc_flags |= G_ELI_FLAG_SINGLE_KEY; - if (md->md_version < G_ELI_VERSION_06 && - (sc->sc_flags & G_ELI_FLAG_AUTH) != 0) { - sc->sc_flags |= G_ELI_FLAG_FIRST_KEY; - } - if (md->md_version < G_ELI_VERSION_07) - sc->sc_flags |= G_ELI_FLAG_ENC_IVKEY; - sc->sc_ealgo = md->md_ealgo; + eli_metadata_softc(sc, md, bpp->sectorsize, bpp->mediasize); sc->sc_nkey = nkey; - if (sc->sc_flags & G_ELI_FLAG_AUTH) { - sc->sc_akeylen = sizeof(sc->sc_akey) * 8; - sc->sc_aalgo = md->md_aalgo; - sc->sc_alen = g_eli_hashlen(sc->sc_aalgo); - - sc->sc_data_per_sector = bpp->sectorsize - sc->sc_alen; - /* - * Some hash functions (like SHA1 and RIPEMD160) generates hash - * which length is not multiple of 128 bits, but we want data - * length to be multiple of 128, so we can encrypt without - * padding. The line below rounds down data length to multiple - * of 128 bits. - */ - sc->sc_data_per_sector -= sc->sc_data_per_sector % 16; - - sc->sc_bytes_per_sector = - (md->md_sectorsize - 1) / sc->sc_data_per_sector + 1; - sc->sc_bytes_per_sector *= bpp->sectorsize; - } - gp->softc = sc; sc->sc_geom = gp; @@ -831,22 +762,10 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp, goto failed; } - sc->sc_sectorsize = md->md_sectorsize; - sc->sc_mediasize = bpp->mediasize; - if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) - sc->sc_mediasize -= bpp->sectorsize; - if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) - sc->sc_mediasize -= (sc->sc_mediasize % sc->sc_sectorsize); - else { - sc->sc_mediasize /= sc->sc_bytes_per_sector; - sc->sc_mediasize *= sc->sc_sectorsize; - } - /* * Remember the keys in our softc structure. */ g_eli_mkey_propagate(sc, mkey); - sc->sc_ekeylen = md->md_keylen; LIST_INIT(&sc->sc_workers); diff --git a/sys/geom/eli/g_eli.h b/sys/geom/eli/g_eli.h index e4dbee6..3deb865 100644 --- a/sys/geom/eli/g_eli.h +++ b/sys/geom/eli/g_eli.h @@ -40,8 +40,6 @@ #include <sys/libkern.h> #include <sys/lock.h> #include <sys/mutex.h> -#include <sys/queue.h> -#include <sys/tree.h> #include <geom/geom.h> #else #include <assert.h> @@ -49,6 +47,8 @@ #include <string.h> #include <strings.h> #endif +#include <sys/queue.h> +#include <sys/tree.h> #ifndef _OpenSSL_ #include <sys/md5.h> #endif @@ -132,15 +132,15 @@ /* Switch data encryption key every 2^20 blocks. */ #define G_ELI_KEY_SHIFT 20 +#define G_ELI_CRYPTO_UNKNOWN 0 +#define G_ELI_CRYPTO_HW 1 +#define G_ELI_CRYPTO_SW 2 + #ifdef _KERNEL extern int g_eli_debug; extern u_int g_eli_overwrites; extern u_int g_eli_batch; -#define G_ELI_CRYPTO_UNKNOWN 0 -#define G_ELI_CRYPTO_HW 1 -#define G_ELI_CRYPTO_SW 2 - #define G_ELI_DEBUG(lvl, ...) do { \ if (g_eli_debug >= (lvl)) { \ printf("GEOM_ELI"); \ @@ -173,6 +173,8 @@ struct g_eli_worker { LIST_ENTRY(g_eli_worker) w_next; }; +#endif /* _KERNEL */ + struct g_eli_softc { struct g_geom *sc_geom; u_int sc_version; @@ -200,15 +202,35 @@ struct g_eli_softc { size_t sc_sectorsize; u_int sc_bytes_per_sector; u_int sc_data_per_sector; +#ifndef _KERNEL + int sc_cpubind; +#else /* _KERNEL */ boolean_t sc_cpubind; /* Only for software cryptography. */ struct bio_queue_head sc_queue; struct mtx sc_queue_mtx; LIST_HEAD(, g_eli_worker) sc_workers; +#endif /* _KERNEL */ }; #define sc_name sc_geom->name -#endif /* _KERNEL */ + +#define G_ELI_KEY_MAGIC 0xe11341c + +struct g_eli_key { + /* Key value, must be first in the structure. */ + uint8_t gek_key[G_ELI_DATAKEYLEN]; + /* Magic. */ + int gek_magic; + /* Key number. */ + uint64_t gek_keyno; + /* Reference counter. */ + int gek_count; + /* Keeps keys sorted by most recent use. */ + TAILQ_ENTRY(g_eli_key) gek_next; + /* Keeps keys sorted by number. */ + RB_ENTRY(g_eli_key) gek_link; +}; struct g_eli_metadata { char md_magic[16]; /* Magic value. */ @@ -569,6 +591,60 @@ g_eli_hashlen(u_int algo) return (0); } +static __inline void +eli_metadata_softc(struct g_eli_softc *sc, const struct g_eli_metadata *md, + u_int sectorsize, off_t mediasize) +{ + + sc->sc_version = md->md_version; + sc->sc_inflight = 0; + sc->sc_crypto = G_ELI_CRYPTO_UNKNOWN; + sc->sc_flags = md->md_flags; + /* Backward compatibility. */ + if (md->md_version < G_ELI_VERSION_04) + sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER; + if (md->md_version < G_ELI_VERSION_05) + sc->sc_flags |= G_ELI_FLAG_SINGLE_KEY; + if (md->md_version < G_ELI_VERSION_06 && + (sc->sc_flags & G_ELI_FLAG_AUTH) != 0) { + sc->sc_flags |= G_ELI_FLAG_FIRST_KEY; + } + if (md->md_version < G_ELI_VERSION_07) + sc->sc_flags |= G_ELI_FLAG_ENC_IVKEY; + sc->sc_ealgo = md->md_ealgo; + + if (sc->sc_flags & G_ELI_FLAG_AUTH) { + sc->sc_akeylen = sizeof(sc->sc_akey) * 8; + sc->sc_aalgo = md->md_aalgo; + sc->sc_alen = g_eli_hashlen(sc->sc_aalgo); + + sc->sc_data_per_sector = sectorsize - sc->sc_alen; + /* + * Some hash functions (like SHA1 and RIPEMD160) generates hash + * which length is not multiple of 128 bits, but we want data + * length to be multiple of 128, so we can encrypt without + * padding. The line below rounds down data length to multiple + * of 128 bits. + */ + sc->sc_data_per_sector -= sc->sc_data_per_sector % 16; + + sc->sc_bytes_per_sector = + (md->md_sectorsize - 1) / sc->sc_data_per_sector + 1; + sc->sc_bytes_per_sector *= sectorsize; + } + sc->sc_sectorsize = md->md_sectorsize; + sc->sc_mediasize = mediasize; + if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) + sc->sc_mediasize -= sectorsize; + if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) + sc->sc_mediasize -= (sc->sc_mediasize % sc->sc_sectorsize); + else { + sc->sc_mediasize /= sc->sc_bytes_per_sector; + sc->sc_mediasize *= sc->sc_sectorsize; + } + sc->sc_ekeylen = md->md_keylen; +} + #ifdef _KERNEL int g_eli_read_metadata(struct g_class *mp, struct g_provider *pp, struct g_eli_metadata *md); @@ -583,8 +659,6 @@ void g_eli_config(struct gctl_req *req, struct g_class *mp, const char *verb); void g_eli_read_done(struct bio *bp); void g_eli_write_done(struct bio *bp); int g_eli_crypto_rerun(struct cryptop *crp); -void g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, - size_t size); void g_eli_crypto_read(struct g_eli_softc *sc, struct bio *bp, boolean_t fromworker); void g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp); @@ -592,6 +666,8 @@ void g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp); void g_eli_auth_read(struct g_eli_softc *sc, struct bio *bp); void g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp); #endif +void g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, + size_t size); void g_eli_mkey_hmac(unsigned char *mkey, const unsigned char *key); int g_eli_mkey_decrypt(const struct g_eli_metadata *md, @@ -620,6 +696,8 @@ void g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize); void g_eli_crypto_hmac(const uint8_t *hkey, size_t hkeysize, const uint8_t *data, size_t datasize, uint8_t *md, size_t mdsize); +void g_eli_key_fill(struct g_eli_softc *sc, struct g_eli_key *key, + uint64_t keyno); #ifdef _KERNEL void g_eli_key_init(struct g_eli_softc *sc); void g_eli_key_destroy(struct g_eli_softc *sc); diff --git a/sys/geom/eli/g_eli_crypto.c b/sys/geom/eli/g_eli_crypto.c index 43eabf4..2d145fd 100644 --- a/sys/geom/eli/g_eli_crypto.c +++ b/sys/geom/eli/g_eli_crypto.c @@ -221,75 +221,3 @@ g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize, return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize)); } - -void -g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey, - size_t hkeylen) -{ - u_char k_ipad[128], key[128]; - SHA512_CTX lctx; - u_int i; - - bzero(key, sizeof(key)); - if (hkeylen == 0) - ; /* do nothing */ - else if (hkeylen <= 128) - bcopy(hkey, key, hkeylen); - else { - /* If key is longer than 128 bytes reset it to key = SHA512(key). */ - SHA512_Init(&lctx); - SHA512_Update(&lctx, hkey, hkeylen); - SHA512_Final(key, &lctx); - } - - /* XOR key with ipad and opad values. */ - for (i = 0; i < sizeof(key); i++) { - k_ipad[i] = key[i] ^ 0x36; - ctx->k_opad[i] = key[i] ^ 0x5c; - } - bzero(key, sizeof(key)); - /* Perform inner SHA512. */ - SHA512_Init(&ctx->shactx); - SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad)); - bzero(k_ipad, sizeof(k_ipad)); -} - -void -g_eli_crypto_hmac_update(struct hmac_ctx *ctx, const uint8_t *data, - size_t datasize) -{ - - SHA512_Update(&ctx->shactx, data, datasize); -} - -void -g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize) -{ - u_char digest[SHA512_MDLEN]; - SHA512_CTX lctx; - - SHA512_Final(digest, &ctx->shactx); - /* Perform outer SHA512. */ - SHA512_Init(&lctx); - SHA512_Update(&lctx, ctx->k_opad, sizeof(ctx->k_opad)); - bzero(ctx, sizeof(*ctx)); - SHA512_Update(&lctx, digest, sizeof(digest)); - SHA512_Final(digest, &lctx); - bzero(&lctx, sizeof(lctx)); - /* mdsize == 0 means "Give me the whole hash!" */ - if (mdsize == 0) - mdsize = SHA512_MDLEN; - bcopy(digest, md, mdsize); - bzero(digest, sizeof(digest)); -} - -void -g_eli_crypto_hmac(const uint8_t *hkey, size_t hkeysize, const uint8_t *data, - size_t datasize, uint8_t *md, size_t mdsize) -{ - struct hmac_ctx ctx; - - g_eli_crypto_hmac_init(&ctx, hkey, hkeysize); - g_eli_crypto_hmac_update(&ctx, data, datasize); - g_eli_crypto_hmac_final(&ctx, md, mdsize); -} diff --git a/sys/geom/eli/g_eli_hmac.c b/sys/geom/eli/g_eli_hmac.c new file mode 100644 index 0000000..36b76de --- /dev/null +++ b/sys/geom/eli/g_eli_hmac.c @@ -0,0 +1,150 @@ +/*- + * Copyright (c) 2005-2010 Pawel Jakub Dawidek <pjd@FreeBSD.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <sys/param.h> +#ifdef _KERNEL +#include <sys/systm.h> +#include <sys/kernel.h> +#include <sys/malloc.h> +#else +#include <stdint.h> +#include <string.h> +#include <strings.h> +#include <errno.h> +#include <assert.h> +#include <openssl/evp.h> +#define _OpenSSL_ +#endif +#include <geom/eli/g_eli.h> + +void +g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey, + size_t hkeylen) +{ + u_char k_ipad[128], key[128]; + SHA512_CTX lctx; + u_int i; + + bzero(key, sizeof(key)); + if (hkeylen == 0) + ; /* do nothing */ + else if (hkeylen <= 128) + bcopy(hkey, key, hkeylen); + else { + /* If key is longer than 128 bytes reset it to key = SHA512(key). */ + SHA512_Init(&lctx); + SHA512_Update(&lctx, hkey, hkeylen); + SHA512_Final(key, &lctx); + } + + /* XOR key with ipad and opad values. */ + for (i = 0; i < sizeof(key); i++) { + k_ipad[i] = key[i] ^ 0x36; + ctx->k_opad[i] = key[i] ^ 0x5c; + } + bzero(key, sizeof(key)); + /* Perform inner SHA512. */ + SHA512_Init(&ctx->shactx); + SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad)); + bzero(k_ipad, sizeof(k_ipad)); +} + +void +g_eli_crypto_hmac_update(struct hmac_ctx *ctx, const uint8_t *data, + size_t datasize) +{ + + SHA512_Update(&ctx->shactx, data, datasize); +} + +void +g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize) +{ + u_char digest[SHA512_MDLEN]; + SHA512_CTX lctx; + + SHA512_Final(digest, &ctx->shactx); + /* Perform outer SHA512. */ + SHA512_Init(&lctx); + SHA512_Update(&lctx, ctx->k_opad, sizeof(ctx->k_opad)); + bzero(ctx, sizeof(*ctx)); + SHA512_Update(&lctx, digest, sizeof(digest)); + SHA512_Final(digest, &lctx); + bzero(&lctx, sizeof(lctx)); + /* mdsize == 0 means "Give me the whole hash!" */ + if (mdsize == 0) + mdsize = SHA512_MDLEN; + bcopy(digest, md, mdsize); + bzero(digest, sizeof(digest)); +} + +void +g_eli_crypto_hmac(const uint8_t *hkey, size_t hkeysize, const uint8_t *data, + size_t datasize, uint8_t *md, size_t mdsize) +{ + struct hmac_ctx ctx; + + g_eli_crypto_hmac_init(&ctx, hkey, hkeysize); + g_eli_crypto_hmac_update(&ctx, data, datasize); + g_eli_crypto_hmac_final(&ctx, md, mdsize); +} + +/* + * Here we generate IV. It is unique for every sector. + */ +void +g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, + size_t size) +{ + uint8_t off[8]; + + if ((sc->sc_flags & G_ELI_FLAG_NATIVE_BYTE_ORDER) != 0) + bcopy(&offset, off, sizeof(off)); + else + le64enc(off, (uint64_t)offset); + + switch (sc->sc_ealgo) { + case CRYPTO_AES_XTS: + bcopy(off, iv, sizeof(off)); + bzero(iv + sizeof(off), size - sizeof(off)); + break; + default: + { + u_char hash[SHA256_DIGEST_LENGTH]; + SHA256_CTX ctx; + + /* Copy precalculated SHA256 context for IV-Key. */ + bcopy(&sc->sc_ivctx, &ctx, sizeof(ctx)); + SHA256_Update(&ctx, off, sizeof(off)); + SHA256_Final(hash, &ctx); + bcopy(hash, iv, MIN(sizeof(hash), size)); + break; + } + } +} diff --git a/sys/geom/eli/g_eli_key_cache.c b/sys/geom/eli/g_eli_key_cache.c index cb86716..0b909be 100644 --- a/sys/geom/eli/g_eli_key_cache.c +++ b/sys/geom/eli/g_eli_key_cache.c @@ -28,17 +28,20 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> +#ifdef _KERNEL #include <sys/kernel.h> #include <sys/malloc.h> -#include <sys/queue.h> #include <sys/sysctl.h> #include <sys/systm.h> +#endif /* _KERNEL */ +#include <sys/queue.h> #include <sys/tree.h> #include <geom/geom.h> #include <geom/eli/g_eli.h> +#ifdef _KERNEL MALLOC_DECLARE(M_ELI); SYSCTL_DECL(_kern_geom_eli); @@ -56,22 +59,7 @@ static uint64_t g_eli_key_cache_misses; SYSCTL_UQUAD(_kern_geom_eli, OID_AUTO, key_cache_misses, CTLFLAG_RW, &g_eli_key_cache_misses, 0, "Key cache misses"); -#define G_ELI_KEY_MAGIC 0xe11341c - -struct g_eli_key { - /* Key value, must be first in the structure. */ - uint8_t gek_key[G_ELI_DATAKEYLEN]; - /* Magic. */ - int gek_magic; - /* Key number. */ - uint64_t gek_keyno; - /* Reference counter. */ - int gek_count; - /* Keeps keys sorted by most recent use. */ - TAILQ_ENTRY(g_eli_key) gek_next; - /* Keeps keys sorted by number. */ - RB_ENTRY(g_eli_key) gek_link; -}; +#endif /* _KERNEL */ static int g_eli_key_cmp(const struct g_eli_key *a, const struct g_eli_key *b) @@ -84,10 +72,7 @@ g_eli_key_cmp(const struct g_eli_key *a, const struct g_eli_key *b) return (0); } -RB_PROTOTYPE(g_eli_key_tree, g_eli_key, gek_link, g_eli_key_cmp); -RB_GENERATE(g_eli_key_tree, g_eli_key, gek_link, g_eli_key_cmp); - -static void +void g_eli_key_fill(struct g_eli_softc *sc, struct g_eli_key *key, uint64_t keyno) { const uint8_t *ekey; @@ -110,6 +95,10 @@ g_eli_key_fill(struct g_eli_softc *sc, struct g_eli_key *key, uint64_t keyno) key->gek_magic = G_ELI_KEY_MAGIC; } +#ifdef _KERNEL +RB_PROTOTYPE(g_eli_key_tree, g_eli_key, gek_link, g_eli_key_cmp); +RB_GENERATE(g_eli_key_tree, g_eli_key, gek_link, g_eli_key_cmp); + static struct g_eli_key * g_eli_key_allocate(struct g_eli_softc *sc, uint64_t keyno) { @@ -350,3 +339,4 @@ g_eli_key_drop(struct g_eli_softc *sc, uint8_t *rawkey) } mtx_unlock(&sc->sc_ekeys_lock); } +#endif /* _KERNEL */ diff --git a/sys/geom/eli/pkcs5v2.c b/sys/geom/eli/pkcs5v2.c index 05677c1..6992801 100644 --- a/sys/geom/eli/pkcs5v2.c +++ b/sys/geom/eli/pkcs5v2.c @@ -83,6 +83,7 @@ pkcs5v2_genkey(uint8_t *key, unsigned keylen, const uint8_t *salt, } #ifndef _KERNEL +#ifndef _STAND /* * Return the number of microseconds needed for 'interations' iterations. */ @@ -120,4 +121,5 @@ pkcs5v2_calculate(int usecs) } return (((intmax_t)iterations * (intmax_t)usecs) / v); } +#endif /* !_STAND */ #endif /* !_KERNEL */ diff --git a/sys/modules/geom/geom_eli/Makefile b/sys/modules/geom/geom_eli/Makefile index 51d821a..c42ccf1 100644 --- a/sys/modules/geom/geom_eli/Makefile +++ b/sys/modules/geom/geom_eli/Makefile @@ -6,6 +6,7 @@ KMOD= geom_eli SRCS= g_eli.c SRCS+= g_eli_crypto.c SRCS+= g_eli_ctl.c +SRCS+= g_eli_hmac.c SRCS+= g_eli_integrity.c SRCS+= g_eli_key.c SRCS+= g_eli_key_cache.c |