summaryrefslogtreecommitdiffstats
path: root/sys/geom/eli/g_eli.h
diff options
context:
space:
mode:
Diffstat (limited to 'sys/geom/eli/g_eli.h')
-rw-r--r--sys/geom/eli/g_eli.h96
1 files changed, 87 insertions, 9 deletions
diff --git a/sys/geom/eli/g_eli.h b/sys/geom/eli/g_eli.h
index e4dbee6..3deb865 100644
--- a/sys/geom/eli/g_eli.h
+++ b/sys/geom/eli/g_eli.h
@@ -40,8 +40,6 @@
#include <sys/libkern.h>
#include <sys/lock.h>
#include <sys/mutex.h>
-#include <sys/queue.h>
-#include <sys/tree.h>
#include <geom/geom.h>
#else
#include <assert.h>
@@ -49,6 +47,8 @@
#include <string.h>
#include <strings.h>
#endif
+#include <sys/queue.h>
+#include <sys/tree.h>
#ifndef _OpenSSL_
#include <sys/md5.h>
#endif
@@ -132,15 +132,15 @@
/* Switch data encryption key every 2^20 blocks. */
#define G_ELI_KEY_SHIFT 20
+#define G_ELI_CRYPTO_UNKNOWN 0
+#define G_ELI_CRYPTO_HW 1
+#define G_ELI_CRYPTO_SW 2
+
#ifdef _KERNEL
extern int g_eli_debug;
extern u_int g_eli_overwrites;
extern u_int g_eli_batch;
-#define G_ELI_CRYPTO_UNKNOWN 0
-#define G_ELI_CRYPTO_HW 1
-#define G_ELI_CRYPTO_SW 2
-
#define G_ELI_DEBUG(lvl, ...) do { \
if (g_eli_debug >= (lvl)) { \
printf("GEOM_ELI"); \
@@ -173,6 +173,8 @@ struct g_eli_worker {
LIST_ENTRY(g_eli_worker) w_next;
};
+#endif /* _KERNEL */
+
struct g_eli_softc {
struct g_geom *sc_geom;
u_int sc_version;
@@ -200,15 +202,35 @@ struct g_eli_softc {
size_t sc_sectorsize;
u_int sc_bytes_per_sector;
u_int sc_data_per_sector;
+#ifndef _KERNEL
+ int sc_cpubind;
+#else /* _KERNEL */
boolean_t sc_cpubind;
/* Only for software cryptography. */
struct bio_queue_head sc_queue;
struct mtx sc_queue_mtx;
LIST_HEAD(, g_eli_worker) sc_workers;
+#endif /* _KERNEL */
};
#define sc_name sc_geom->name
-#endif /* _KERNEL */
+
+#define G_ELI_KEY_MAGIC 0xe11341c
+
+struct g_eli_key {
+ /* Key value, must be first in the structure. */
+ uint8_t gek_key[G_ELI_DATAKEYLEN];
+ /* Magic. */
+ int gek_magic;
+ /* Key number. */
+ uint64_t gek_keyno;
+ /* Reference counter. */
+ int gek_count;
+ /* Keeps keys sorted by most recent use. */
+ TAILQ_ENTRY(g_eli_key) gek_next;
+ /* Keeps keys sorted by number. */
+ RB_ENTRY(g_eli_key) gek_link;
+};
struct g_eli_metadata {
char md_magic[16]; /* Magic value. */
@@ -569,6 +591,60 @@ g_eli_hashlen(u_int algo)
return (0);
}
+static __inline void
+eli_metadata_softc(struct g_eli_softc *sc, const struct g_eli_metadata *md,
+ u_int sectorsize, off_t mediasize)
+{
+
+ sc->sc_version = md->md_version;
+ sc->sc_inflight = 0;
+ sc->sc_crypto = G_ELI_CRYPTO_UNKNOWN;
+ sc->sc_flags = md->md_flags;
+ /* Backward compatibility. */
+ if (md->md_version < G_ELI_VERSION_04)
+ sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER;
+ if (md->md_version < G_ELI_VERSION_05)
+ sc->sc_flags |= G_ELI_FLAG_SINGLE_KEY;
+ if (md->md_version < G_ELI_VERSION_06 &&
+ (sc->sc_flags & G_ELI_FLAG_AUTH) != 0) {
+ sc->sc_flags |= G_ELI_FLAG_FIRST_KEY;
+ }
+ if (md->md_version < G_ELI_VERSION_07)
+ sc->sc_flags |= G_ELI_FLAG_ENC_IVKEY;
+ sc->sc_ealgo = md->md_ealgo;
+
+ if (sc->sc_flags & G_ELI_FLAG_AUTH) {
+ sc->sc_akeylen = sizeof(sc->sc_akey) * 8;
+ sc->sc_aalgo = md->md_aalgo;
+ sc->sc_alen = g_eli_hashlen(sc->sc_aalgo);
+
+ sc->sc_data_per_sector = sectorsize - sc->sc_alen;
+ /*
+ * Some hash functions (like SHA1 and RIPEMD160) generates hash
+ * which length is not multiple of 128 bits, but we want data
+ * length to be multiple of 128, so we can encrypt without
+ * padding. The line below rounds down data length to multiple
+ * of 128 bits.
+ */
+ sc->sc_data_per_sector -= sc->sc_data_per_sector % 16;
+
+ sc->sc_bytes_per_sector =
+ (md->md_sectorsize - 1) / sc->sc_data_per_sector + 1;
+ sc->sc_bytes_per_sector *= sectorsize;
+ }
+ sc->sc_sectorsize = md->md_sectorsize;
+ sc->sc_mediasize = mediasize;
+ if (!(sc->sc_flags & G_ELI_FLAG_ONETIME))
+ sc->sc_mediasize -= sectorsize;
+ if (!(sc->sc_flags & G_ELI_FLAG_AUTH))
+ sc->sc_mediasize -= (sc->sc_mediasize % sc->sc_sectorsize);
+ else {
+ sc->sc_mediasize /= sc->sc_bytes_per_sector;
+ sc->sc_mediasize *= sc->sc_sectorsize;
+ }
+ sc->sc_ekeylen = md->md_keylen;
+}
+
#ifdef _KERNEL
int g_eli_read_metadata(struct g_class *mp, struct g_provider *pp,
struct g_eli_metadata *md);
@@ -583,8 +659,6 @@ void g_eli_config(struct gctl_req *req, struct g_class *mp, const char *verb);
void g_eli_read_done(struct bio *bp);
void g_eli_write_done(struct bio *bp);
int g_eli_crypto_rerun(struct cryptop *crp);
-void g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv,
- size_t size);
void g_eli_crypto_read(struct g_eli_softc *sc, struct bio *bp, boolean_t fromworker);
void g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp);
@@ -592,6 +666,8 @@ void g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp);
void g_eli_auth_read(struct g_eli_softc *sc, struct bio *bp);
void g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp);
#endif
+void g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv,
+ size_t size);
void g_eli_mkey_hmac(unsigned char *mkey, const unsigned char *key);
int g_eli_mkey_decrypt(const struct g_eli_metadata *md,
@@ -620,6 +696,8 @@ void g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize);
void g_eli_crypto_hmac(const uint8_t *hkey, size_t hkeysize,
const uint8_t *data, size_t datasize, uint8_t *md, size_t mdsize);
+void g_eli_key_fill(struct g_eli_softc *sc, struct g_eli_key *key,
+ uint64_t keyno);
#ifdef _KERNEL
void g_eli_key_init(struct g_eli_softc *sc);
void g_eli_key_destroy(struct g_eli_softc *sc);
OpenPOWER on IntegriCloud