1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
|
/*-
* Copyright (c) 2002 Poul-Henning Kamp
* Copyright (c) 2002 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by Poul-Henning Kamp
* and NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#ifndef _SYS_GEOM_BDE_G_BDE_H_
#define _SYS_GEOM_BDE_G_BDE_H_ 1
/*
* These are quite, but not entirely unlike constants.
*
* They are not commented in details here, to prevent unadvisable
* experimentation. Please consult the code where they are used before you
* even think about modifying these.
*/
#define G_BDE_MKEYLEN (2048/8)
#define G_BDE_SKEYBITS 128
#define G_BDE_SKEYLEN (G_BDE_SKEYBITS/8)
#define G_BDE_KKEYBITS 128
#define G_BDE_KKEYLEN (G_BDE_KKEYBITS/8)
#define G_BDE_MAXKEYS 4
#define G_BDE_LOCKSIZE 384
#define NLOCK_FIELDS 13
/* This just needs to be "large enough" */
#define G_BDE_KEYBYTES 304
struct g_bde_work;
struct g_bde_softc;
struct g_bde_sector {
struct g_bde_work *owner;
struct g_bde_softc *softc;
off_t offset;
u_int size;
u_int ref;
void *data;
TAILQ_ENTRY(g_bde_sector) list;
u_char valid;
u_char malloc;
enum {JUNK, IO, VALID} state;
int error;
time_t used;
};
struct g_bde_work {
struct mtx mutex;
off_t offset;
off_t length;
void *data;
struct bio *bp;
struct g_bde_softc *softc;
off_t so;
off_t kso;
u_int ko;
struct g_bde_sector *sp;
struct g_bde_sector *ksp;
TAILQ_ENTRY(g_bde_work) list;
enum {SETUP, WAIT, FINISH} state;
int error;
};
/*
* The decrypted contents of the lock sectors. Notice that this is not
* the same as the on-disk layout. The on-disk layout is dynamic and
* dependent on the pass-phrase.
*/
struct g_bde_key {
uint64_t sector0;
/* Physical byte offset of 1st byte used */
uint64_t sectorN;
/* Physical byte offset of 1st byte not used */
uint64_t keyoffset;
/* Number of bytes the disk image is skewed. */
uint64_t lsector[G_BDE_MAXKEYS];
/* Physical byte offsets of lock sectors */
uint32_t sectorsize;
/* Our "logical" sector size */
uint32_t flags;
#define GBDE_F_SECT0 1
uint8_t salt[16];
/* Used to frustate the kkey generation */
uint8_t spare[32];
/* For future use, random contents */
uint8_t mkey[G_BDE_MKEYLEN];
/* Our masterkey. */
/* Non-stored help-fields */
uint64_t zone_width; /* On-disk width of zone */
uint64_t zone_cont; /* Payload width of zone */
uint64_t media_width; /* Non-magic width of zone */
u_int keys_per_sector;
};
struct g_bde_softc {
off_t mediasize;
u_int sectorsize;
uint64_t zone_cont;
struct g_geom *geom;
struct g_consumer *consumer;
TAILQ_HEAD(, g_bde_sector) freelist;
TAILQ_HEAD(, g_bde_work) worklist;
struct mtx worklist_mutex;
struct proc *thread;
struct g_bde_key key;
int dead;
u_int nwork;
u_int nsect;
u_int ncache;
u_char sha2[SHA512_DIGEST_LENGTH];
};
/* g_bde_crypt.c */
void g_bde_crypt_delete(struct g_bde_work *wp);
void g_bde_crypt_read(struct g_bde_work *wp);
void g_bde_crypt_write(struct g_bde_work *wp);
/* g_bde_key.c */
void g_bde_zap_key(struct g_bde_softc *sc);
int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len);
int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len);
/* g_bde_lock .c */
int g_bde_encode_lock(u_char *sha2, struct g_bde_key *gl, u_char *ptr);
int g_bde_decode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr);
int g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64_t v1, void *output);
int g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64_t *output);
int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *keymat, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey);
void g_bde_hash_pass(struct g_bde_softc *sc, const void *input, u_int len);
/* g_bde_math .c */
uint64_t g_bde_max_sector(struct g_bde_key *lp);
void g_bde_map_sector(struct g_bde_work *wp);
/* g_bde_work.c */
void g_bde_start1(struct bio *bp);
void g_bde_worker(void *arg);
/*
* These four functions wrap the raw Rijndael functions and make sure we
* explode if something fails which shouldn't.
*/
static __inline void
AES_init(cipherInstance *ci)
{
int error;
error = rijndael_cipherInit(ci, MODE_CBC, NULL);
KASSERT(error > 0, ("rijndael_cipherInit %d", error));
}
static __inline void
AES_makekey(keyInstance *ki, int dir, u_int len, const void *key)
{
int error;
error = rijndael_makeKey(ki, dir, len, key);
KASSERT(error > 0, ("rijndael_makeKey %d", error));
}
static __inline void
AES_encrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len)
{
int error;
error = rijndael_blockEncrypt(ci, ki, in, len * 8, out);
KASSERT(error > 0, ("rijndael_blockEncrypt %d", error));
}
static __inline void
AES_decrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len)
{
int error;
error = rijndael_blockDecrypt(ci, ki, in, len * 8, out);
KASSERT(error > 0, ("rijndael_blockDecrypt %d", error));
}
#endif /* _SYS_GEOM_BDE_G_BDE_H_ */
|