From 16874ad9231c653cc0923d057079cb01dc655144 Mon Sep 17 00:00:00 2001 From: phk Date: Mon, 4 Nov 2002 09:27:01 +0000 Subject: Run a revision on the GBDE encryption facility. Replace ARC4 with SHA2-512. Change lock-structure encoding to use random ordering rather for obscurity. Encrypt lock-structure with AES/256 instead of AES/128. Change kkey derivation to be MD5 hash based. Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen. Remove clause 3 of the license with NAI Labs consent. Many thanks to "Lucky Green" and "David Wagner" , for code reading, inputs and suggestions. This code has still not been stared at for 10 years by a gang of hard-core cryptographers. Discretion advised. NB: These changes result in the on-disk format changing: dump/restore needed. Sponsored by: DARPA & NAI Labs. --- sys/geom/bde/g_bde_crypt.c | 57 ++++++++-------------------------------------- 1 file changed, 10 insertions(+), 47 deletions(-) (limited to 'sys/geom/bde/g_bde_crypt.c') diff --git a/sys/geom/bde/g_bde_crypt.c b/sys/geom/bde/g_bde_crypt.c index 6cabb52..6c545a8 100644 --- a/sys/geom/bde/g_bde_crypt.c +++ b/sys/geom/bde/g_bde_crypt.c @@ -16,9 +16,6 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -49,51 +46,12 @@ #include #include -#include -#include - #include +#include -/* - * These four functions wrap the raw Rijndael functions and make sure we - * explode if something fails which shouldn't. - */ - -static void -AES_init(cipherInstance *ci) -{ - int error; - - error = rijndael_cipherInit(ci, MODE_CBC, NULL); - KASSERT(error > 0, ("rijndael_cipherInit %d", error)); -} - -static void -AES_makekey(keyInstance *ki, int dir, u_int len, void *key) -{ - int error; - - error = rijndael_makeKey(ki, dir, len, key); - KASSERT(error > 0, ("rijndael_makeKey %d", error)); -} - -static void -AES_encrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len) -{ - int error; - - error = rijndael_blockEncrypt(ci, ki, in, len * 8, out); - KASSERT(error > 0, ("rijndael_blockEncrypt %d", error)); -} - -static void -AES_decrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len) -{ - int error; +#include +#include - error = rijndael_blockDecrypt(ci, ki, in, len * 8, out); - KASSERT(error > 0, ("rijndael_blockDecrypt %d", error)); -} /* * Derive kkey from mkey + sector offset. @@ -120,10 +78,14 @@ g_bde_kkey(struct g_bde_softc *sc, keyInstance *ki, int dir, off_t sector) u_int t; MD5_CTX ct; u_char buf[16]; + u_char buf2[8]; + + /* We have to be architecture neutral */ + g_enc_le8(buf2, sector); MD5Init(&ct); MD5Update(&ct, sc->key.salt, 8); - MD5Update(&ct, (void *)§or, sizeof sector); + MD5Update(&ct, buf2, sizeof buf2); MD5Update(&ct, sc->key.salt + 8, 8); MD5Final(buf, &ct); @@ -131,8 +93,9 @@ g_bde_kkey(struct g_bde_softc *sc, keyInstance *ki, int dir, off_t sector) for (t = 0; t < 16; t++) { MD5Update(&ct, &sc->key.mkey[buf[t]], 1); if (t == 8) - MD5Update(&ct, (void *)§or, sizeof sector); + MD5Update(&ct, buf2, sizeof buf2); } + bzero(buf2, sizeof buf2); MD5Final(buf, &ct); bzero(&ct, sizeof ct); AES_makekey(ki, dir, G_BDE_KKEYBITS, buf); -- cgit v1.1