diff options
| -rw-r--r-- | sys/geom/eli/g_eli.c | 10 | ||||
| -rw-r--r-- | sys/geom/eli/g_eli.h | 22 |
2 files changed, 21 insertions, 11 deletions
diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c index 8844297..51846fc 100644 --- a/sys/geom/eli/g_eli.c +++ b/sys/geom/eli/g_eli.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> + * Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -365,9 +365,11 @@ void g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, size_t size) { - u_char hash[SHA256_DIGEST_LENGTH]; + u_char off[8], hash[SHA256_DIGEST_LENGTH]; SHA256_CTX ctx; + if (!(sc->sc_flags & G_ELI_FLAG_NATIVE_BYTE_ORDER)) + le64enc(off, (uint64_t)offset); /* Copy precalculated SHA256 context for IV-Key. */ bcopy(&sc->sc_ivctx, &ctx, sizeof(ctx)); SHA256_Update(&ctx, (uint8_t *)&offset, sizeof(offset)); @@ -515,6 +517,9 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp, sc->sc_crypto = G_ELI_CRYPTO_SW; sc->sc_flags = md->md_flags; + /* Backward compatibility. */ + if (md->md_version < 2) + sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER; sc->sc_ealgo = md->md_ealgo; sc->sc_nkey = nkey; /* @@ -999,6 +1004,7 @@ g_eli_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp, sbuf_printf(sb, name); \ } \ } while (0) + ADD_FLAG(G_ELI_FLAG_NATIVE_BYTE_ORDER, "NATIVE-BYTE-ORDER"); ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME"); ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT"); ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH"); diff --git a/sys/geom/eli/g_eli.h b/sys/geom/eli/g_eli.h index 9a507e0..e24f314 100644 --- a/sys/geom/eli/g_eli.h +++ b/sys/geom/eli/g_eli.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> + * Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -57,27 +57,31 @@ * 1 - Added data authentication support (md_aalgo field and * G_ELI_FLAG_AUTH flag). * 2 - Added G_ELI_FLAG_READONLY. + * - IV is generated from offset converted to little-endian + * (flag G_ELI_FLAG_NATIVE_BYTE_ORDER will be set for older versions). */ #define G_ELI_VERSION 2 /* ON DISK FLAGS. */ /* Use random, onetime keys. */ -#define G_ELI_FLAG_ONETIME 0x00000001 +#define G_ELI_FLAG_ONETIME 0x00000001 /* Ask for the passphrase from the kernel, before mounting root. */ -#define G_ELI_FLAG_BOOT 0x00000002 +#define G_ELI_FLAG_BOOT 0x00000002 /* Detach on last close, if we were open for writing. */ -#define G_ELI_FLAG_WO_DETACH 0x00000004 +#define G_ELI_FLAG_WO_DETACH 0x00000004 /* Detach on last close. */ -#define G_ELI_FLAG_RW_DETACH 0x00000008 +#define G_ELI_FLAG_RW_DETACH 0x00000008 /* Provide data authentication. */ -#define G_ELI_FLAG_AUTH 0x00000010 +#define G_ELI_FLAG_AUTH 0x00000010 /* Provider is read-only, we should deny all write attempts. */ -#define G_ELI_FLAG_RO 0x00000020 +#define G_ELI_FLAG_RO 0x00000020 /* RUNTIME FLAGS. */ /* Provider was open for writing. */ -#define G_ELI_FLAG_WOPEN 0x00010000 +#define G_ELI_FLAG_WOPEN 0x00010000 /* Destroy device. */ -#define G_ELI_FLAG_DESTROY 0x00020000 +#define G_ELI_FLAG_DESTROY 0x00020000 +/* Provider uses native byte-order for IV generation. */ +#define G_ELI_FLAG_NATIVE_BYTE_ORDER 0x00040000 #define SHA512_MDLEN 64 #define G_ELI_AUTH_SECKEYLEN SHA256_DIGEST_LENGTH |
