1/* $OpenBSD: softraid_crypto.c,v 1.139 2020/07/13 00:06:22 kn Exp $ */ 2/* 3 * Copyright (c) 2007 Marco Peereboom <marco@peereboom.us> 4 * Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org> 5 * Copyright (c) 2008 Damien Miller <djm@mindrot.org> 6 * Copyright (c) 2009 Joel Sing <jsing@openbsd.org> 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21#include "bio.h" 22 23#include <sys/param.h> 24#include <sys/systm.h> 25#include <sys/buf.h> 26#include <sys/device.h> 27#include <sys/ioctl.h> 28#include <sys/malloc.h> 29#include <sys/pool.h> 30#include <sys/kernel.h> 31#include <sys/disk.h> 32#include <sys/rwlock.h> 33#include <sys/queue.h> 34#include <sys/fcntl.h> 35#include <sys/disklabel.h> 36#include <sys/vnode.h> 37#include <sys/mount.h> 38#include <sys/sensors.h> 39#include <sys/stat.h> 40#include <sys/conf.h> 41#include <sys/uio.h> 42#include <sys/dkio.h> 43 44#include <crypto/cryptodev.h> 45#include <crypto/rijndael.h> 46#include <crypto/md5.h> 47#include <crypto/sha1.h> 48#include <crypto/sha2.h> 49#include <crypto/hmac.h> 50 51#include <scsi/scsi_all.h> 52#include <scsi/scsiconf.h> 53#include <scsi/scsi_disk.h> 54 55#include <dev/softraidvar.h> 56 57struct sr_crypto_wu *sr_crypto_prepare(struct sr_workunit *, int); 58int sr_crypto_create_keys(struct sr_discipline *); 59int sr_crypto_get_kdf(struct bioc_createraid *, 60 struct sr_discipline *); 61int sr_crypto_decrypt(u_char *, u_char *, u_char *, size_t, int); 62int sr_crypto_encrypt(u_char *, u_char *, u_char *, size_t, int); 63int sr_crypto_decrypt_key(struct sr_discipline *); 64int sr_crypto_change_maskkey(struct sr_discipline *, 65 struct sr_crypto_kdfinfo *, struct sr_crypto_kdfinfo *); 66int sr_crypto_create(struct sr_discipline *, 67 struct bioc_createraid *, int, int64_t); 68int sr_crypto_assemble(struct sr_discipline *, 69 struct bioc_createraid *, int, void *); 70int sr_crypto_alloc_resources(struct sr_discipline *); 71void sr_crypto_free_resources(struct sr_discipline *); 72int sr_crypto_ioctl(struct sr_discipline *, 73 struct bioc_discipline *); 74int sr_crypto_meta_opt_handler(struct sr_discipline *, 75 struct sr_meta_opt_hdr *); 76void sr_crypto_write(struct cryptop *); 77int sr_crypto_rw(struct sr_workunit *); 78int sr_crypto_dev_rw(struct sr_workunit *, struct sr_crypto_wu *); 79void sr_crypto_done(struct sr_workunit *); 80void sr_crypto_read(struct cryptop *); 81void sr_crypto_calculate_check_hmac_sha1(u_int8_t *, int, 82 u_int8_t *, int, u_char *); 83void sr_crypto_hotplug(struct sr_discipline *, struct disk *, int); 84 85#ifdef SR_DEBUG0 86void sr_crypto_dumpkeys(struct sr_discipline *); 87#endif 88 89/* Discipline initialisation. */ 90void 91sr_crypto_discipline_init(struct sr_discipline *sd) 92{ 93 int i; 94 95 /* Fill out discipline members. */ 96 sd->sd_wu_size = sizeof(struct sr_crypto_wu); 97 sd->sd_type = SR_MD_CRYPTO; 98 strlcpy(sd->sd_name, "CRYPTO", sizeof(sd->sd_name)); 99 sd->sd_capabilities = SR_CAP_SYSTEM_DISK | SR_CAP_AUTO_ASSEMBLE; 100 sd->sd_max_wu = SR_CRYPTO_NOWU; 101 102 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) 103 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1; 104 105 /* Setup discipline specific function pointers. */ 106 sd->sd_alloc_resources = sr_crypto_alloc_resources; 107 sd->sd_assemble = sr_crypto_assemble; 108 sd->sd_create = sr_crypto_create; 109 sd->sd_free_resources = sr_crypto_free_resources; 110 sd->sd_ioctl_handler = sr_crypto_ioctl; 111 sd->sd_meta_opt_handler = sr_crypto_meta_opt_handler; 112 sd->sd_scsi_rw = sr_crypto_rw; 113 sd->sd_scsi_done = sr_crypto_done; 114} 115 116int 117sr_crypto_create(struct sr_discipline *sd, struct bioc_createraid *bc, 118 int no_chunk, int64_t coerced_size) 119{ 120 struct sr_meta_opt_item *omi; 121 int rv = EINVAL; 122 123 if (no_chunk != 1) { 124 sr_error(sd->sd_sc, "%s requires exactly one chunk", 125 sd->sd_name); 126 goto done; 127 } 128 129 if (coerced_size > SR_CRYPTO_MAXSIZE) { 130 sr_error(sd->sd_sc, "%s exceeds maximum size (%lli > %llu)", 131 sd->sd_name, coerced_size, SR_CRYPTO_MAXSIZE); 132 goto done; 133 } 134 135 /* Create crypto optional metadata. */ 136 omi = malloc(sizeof(struct sr_meta_opt_item), M_DEVBUF, 137 M_WAITOK | M_ZERO); 138 omi->omi_som = malloc(sizeof(struct sr_meta_crypto), M_DEVBUF, 139 M_WAITOK | M_ZERO); 140 omi->omi_som->som_type = SR_OPT_CRYPTO; 141 omi->omi_som->som_length = sizeof(struct sr_meta_crypto); 142 SLIST_INSERT_HEAD(&sd->sd_meta_opt, omi, omi_link); 143 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)omi->omi_som; 144 sd->sd_meta->ssdi.ssd_opt_no++; 145 146 sd->mds.mdd_crypto.key_disk = NULL; 147 148 if (bc->bc_key_disk != NODEV) { 149 150 /* Create a key disk. */ 151 if (sr_crypto_get_kdf(bc, sd)) 152 goto done; 153 sd->mds.mdd_crypto.key_disk = 154 sr_crypto_create_key_disk(sd, bc->bc_key_disk); 155 if (sd->mds.mdd_crypto.key_disk == NULL) 156 goto done; 157 sd->sd_capabilities |= SR_CAP_AUTO_ASSEMBLE; 158 159 } else if (bc->bc_opaque_flags & BIOC_SOOUT) { 160 161 /* No hint available yet. */ 162 bc->bc_opaque_status = BIOC_SOINOUT_FAILED; 163 rv = EAGAIN; 164 goto done; 165 166 } else if (sr_crypto_get_kdf(bc, sd)) 167 goto done; 168 169 /* Passphrase volumes cannot be automatically assembled. */ 170 if (!(bc->bc_flags & BIOC_SCNOAUTOASSEMBLE) && bc->bc_key_disk == NODEV) 171 goto done; 172 173 sd->sd_meta->ssdi.ssd_size = coerced_size; 174 175 sr_crypto_create_keys(sd); 176 177 sd->sd_max_ccb_per_wu = no_chunk; 178 179 rv = 0; 180done: 181 return (rv); 182} 183 184int 185sr_crypto_assemble(struct sr_discipline *sd, struct bioc_createraid *bc, 186 int no_chunk, void *data) 187{ 188 int rv = EINVAL; 189 190 sd->mds.mdd_crypto.key_disk = NULL; 191 192 /* Crypto optional metadata must already exist... */ 193 if (sd->mds.mdd_crypto.scr_meta == NULL) 194 goto done; 195 196 if (data != NULL) { 197 /* Kernel already has mask key. */ 198 memcpy(sd->mds.mdd_crypto.scr_maskkey, data, 199 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 200 } else if (bc->bc_key_disk != NODEV) { 201 /* Read the mask key from the key disk. */ 202 sd->mds.mdd_crypto.key_disk = 203 sr_crypto_read_key_disk(sd, bc->bc_key_disk); 204 if (sd->mds.mdd_crypto.key_disk == NULL) 205 goto done; 206 } else if (bc->bc_opaque_flags & BIOC_SOOUT) { 207 /* provide userland with kdf hint */ 208 if (bc->bc_opaque == NULL) 209 goto done; 210 211 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) < 212 bc->bc_opaque_size) 213 goto done; 214 215 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 216 bc->bc_opaque, bc->bc_opaque_size)) 217 goto done; 218 219 /* we're done */ 220 bc->bc_opaque_status = BIOC_SOINOUT_OK; 221 rv = EAGAIN; 222 goto done; 223 } else if (bc->bc_opaque_flags & BIOC_SOIN) { 224 /* get kdf with maskkey from userland */ 225 if (sr_crypto_get_kdf(bc, sd)) 226 goto done; 227 } else 228 goto done; 229 230 sd->sd_max_ccb_per_wu = sd->sd_meta->ssdi.ssd_chunk_no; 231 232 rv = 0; 233done: 234 return (rv); 235} 236 237struct sr_crypto_wu * 238sr_crypto_prepare(struct sr_workunit *wu, int encrypt) 239{ 240 struct scsi_xfer *xs = wu->swu_xs; 241 struct sr_discipline *sd = wu->swu_dis; 242 struct sr_crypto_wu *crwu; 243 struct cryptodesc *crd; 244 int flags, i, n; 245 daddr_t blkno; 246 u_int keyndx; 247 248 DNPRINTF(SR_D_DIS, "%s: sr_crypto_prepare wu %p encrypt %d\n", 249 DEVNAME(sd->sd_sc), wu, encrypt); 250 251 crwu = (struct sr_crypto_wu *)wu; 252 crwu->cr_uio.uio_iovcnt = 1; 253 crwu->cr_uio.uio_iov->iov_len = xs->datalen; 254 if (xs->flags & SCSI_DATA_OUT) { 255 crwu->cr_uio.uio_iov->iov_base = crwu->cr_dmabuf; 256 memcpy(crwu->cr_uio.uio_iov->iov_base, xs->data, xs->datalen); 257 } else 258 crwu->cr_uio.uio_iov->iov_base = xs->data; 259 260 blkno = wu->swu_blk_start; 261 n = xs->datalen >> DEV_BSHIFT; 262 263 /* 264 * We preallocated enough crypto descs for up to MAXPHYS of I/O. 265 * Since there may be less than that we need to tweak the amount 266 * of crypto desc structures to be just long enough for our needs. 267 */ 268 KASSERT(crwu->cr_crp->crp_ndescalloc >= n); 269 crwu->cr_crp->crp_ndesc = n; 270 flags = (encrypt ? CRD_F_ENCRYPT : 0) | 271 CRD_F_IV_PRESENT | CRD_F_IV_EXPLICIT; 272 273 /* 274 * Select crypto session based on block number. 275 * 276 * XXX - this does not handle the case where the read/write spans 277 * across a different key blocks (e.g. 0.5TB boundary). Currently 278 * this is already broken by the use of scr_key[0] below. 279 */ 280 keyndx = blkno >> SR_CRYPTO_KEY_BLKSHIFT; 281 crwu->cr_crp->crp_sid = sd->mds.mdd_crypto.scr_sid[keyndx]; 282 283 crwu->cr_crp->crp_opaque = crwu; 284 crwu->cr_crp->crp_ilen = xs->datalen; 285 crwu->cr_crp->crp_alloctype = M_DEVBUF; 286 crwu->cr_crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_NOQUEUE; 287 crwu->cr_crp->crp_buf = &crwu->cr_uio; 288 for (i = 0; i < crwu->cr_crp->crp_ndesc; i++, blkno++) { 289 crd = &crwu->cr_crp->crp_desc[i]; 290 crd->crd_skip = i << DEV_BSHIFT; 291 crd->crd_len = DEV_BSIZE; 292 crd->crd_inject = 0; 293 crd->crd_flags = flags; 294 crd->crd_alg = sd->mds.mdd_crypto.scr_alg; 295 crd->crd_klen = sd->mds.mdd_crypto.scr_klen; 296 crd->crd_key = sd->mds.mdd_crypto.scr_key[0]; 297 memcpy(crd->crd_iv, &blkno, sizeof(blkno)); 298 } 299 300 return (crwu); 301} 302 303int 304sr_crypto_get_kdf(struct bioc_createraid *bc, struct sr_discipline *sd) 305{ 306 int rv = EINVAL; 307 struct sr_crypto_kdfinfo *kdfinfo; 308 309 if (!(bc->bc_opaque_flags & BIOC_SOIN)) 310 return (rv); 311 if (bc->bc_opaque == NULL) 312 return (rv); 313 if (bc->bc_opaque_size != sizeof(*kdfinfo)) 314 return (rv); 315 316 kdfinfo = malloc(bc->bc_opaque_size, M_DEVBUF, M_WAITOK | M_ZERO); 317 if (copyin(bc->bc_opaque, kdfinfo, bc->bc_opaque_size)) 318 goto out; 319 320 if (kdfinfo->len != bc->bc_opaque_size) 321 goto out; 322 323 /* copy KDF hint to disk meta data */ 324 if (kdfinfo->flags & SR_CRYPTOKDF_HINT) { 325 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) < 326 kdfinfo->genkdf.len) 327 goto out; 328 memcpy(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 329 &kdfinfo->genkdf, kdfinfo->genkdf.len); 330 } 331 332 /* copy mask key to run-time meta data */ 333 if ((kdfinfo->flags & SR_CRYPTOKDF_KEY)) { 334 if (sizeof(sd->mds.mdd_crypto.scr_maskkey) < 335 sizeof(kdfinfo->maskkey)) 336 goto out; 337 memcpy(sd->mds.mdd_crypto.scr_maskkey, &kdfinfo->maskkey, 338 sizeof(kdfinfo->maskkey)); 339 } 340 341 bc->bc_opaque_status = BIOC_SOINOUT_OK; 342 rv = 0; 343out: 344 explicit_bzero(kdfinfo, bc->bc_opaque_size); 345 free(kdfinfo, M_DEVBUF, bc->bc_opaque_size); 346 347 return (rv); 348} 349 350int 351sr_crypto_encrypt(u_char *p, u_char *c, u_char *key, size_t size, int alg) 352{ 353 rijndael_ctx ctx; 354 int i, rv = 1; 355 356 switch (alg) { 357 case SR_CRYPTOM_AES_ECB_256: 358 if (rijndael_set_key_enc_only(&ctx, key, 256) != 0) 359 goto out; 360 for (i = 0; i < size; i += RIJNDAEL128_BLOCK_LEN) 361 rijndael_encrypt(&ctx, &p[i], &c[i]); 362 rv = 0; 363 break; 364 default: 365 DNPRINTF(SR_D_DIS, "%s: unsupported encryption algorithm %d\n", 366 "softraid", alg); 367 rv = -1; 368 goto out; 369 } 370 371out: 372 explicit_bzero(&ctx, sizeof(ctx)); 373 return (rv); 374} 375 376int 377sr_crypto_decrypt(u_char *c, u_char *p, u_char *key, size_t size, int alg) 378{ 379 rijndael_ctx ctx; 380 int i, rv = 1; 381 382 switch (alg) { 383 case SR_CRYPTOM_AES_ECB_256: 384 if (rijndael_set_key(&ctx, key, 256) != 0) 385 goto out; 386 for (i = 0; i < size; i += RIJNDAEL128_BLOCK_LEN) 387 rijndael_decrypt(&ctx, &c[i], &p[i]); 388 rv = 0; 389 break; 390 default: 391 DNPRINTF(SR_D_DIS, "%s: unsupported encryption algorithm %d\n", 392 "softraid", alg); 393 rv = -1; 394 goto out; 395 } 396 397out: 398 explicit_bzero(&ctx, sizeof(ctx)); 399 return (rv); 400} 401 402void 403sr_crypto_calculate_check_hmac_sha1(u_int8_t *maskkey, int maskkey_size, 404 u_int8_t *key, int key_size, u_char *check_digest) 405{ 406 u_char check_key[SHA1_DIGEST_LENGTH]; 407 HMAC_SHA1_CTX hmacctx; 408 SHA1_CTX shactx; 409 410 bzero(check_key, sizeof(check_key)); 411 bzero(&hmacctx, sizeof(hmacctx)); 412 bzero(&shactx, sizeof(shactx)); 413 414 /* k = SHA1(mask_key) */ 415 SHA1Init(&shactx); 416 SHA1Update(&shactx, maskkey, maskkey_size); 417 SHA1Final(check_key, &shactx); 418 419 /* mac = HMAC_SHA1_k(unencrypted key) */ 420 HMAC_SHA1_Init(&hmacctx, check_key, sizeof(check_key)); 421 HMAC_SHA1_Update(&hmacctx, key, key_size); 422 HMAC_SHA1_Final(check_digest, &hmacctx); 423 424 explicit_bzero(check_key, sizeof(check_key)); 425 explicit_bzero(&hmacctx, sizeof(hmacctx)); 426 explicit_bzero(&shactx, sizeof(shactx)); 427} 428 429int 430sr_crypto_decrypt_key(struct sr_discipline *sd) 431{ 432 u_char check_digest[SHA1_DIGEST_LENGTH]; 433 int rv = 1; 434 435 DNPRINTF(SR_D_DIS, "%s: sr_crypto_decrypt_key\n", DEVNAME(sd->sd_sc)); 436 437 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1) 438 goto out; 439 440 if (sr_crypto_decrypt((u_char *)sd->mds.mdd_crypto.scr_meta->scm_key, 441 (u_char *)sd->mds.mdd_crypto.scr_key, 442 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key), 443 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1) 444 goto out; 445 446#ifdef SR_DEBUG0 447 sr_crypto_dumpkeys(sd); 448#endif 449 450 /* Check that the key decrypted properly. */ 451 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey, 452 sizeof(sd->mds.mdd_crypto.scr_maskkey), 453 (u_int8_t *)sd->mds.mdd_crypto.scr_key, 454 sizeof(sd->mds.mdd_crypto.scr_key), 455 check_digest); 456 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, 457 check_digest, sizeof(check_digest)) != 0) { 458 explicit_bzero(sd->mds.mdd_crypto.scr_key, 459 sizeof(sd->mds.mdd_crypto.scr_key)); 460 goto out; 461 } 462 463 rv = 0; /* Success */ 464out: 465 /* we don't need the mask key anymore */ 466 explicit_bzero(&sd->mds.mdd_crypto.scr_maskkey, 467 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 468 469 explicit_bzero(check_digest, sizeof(check_digest)); 470 471 return rv; 472} 473 474int 475sr_crypto_create_keys(struct sr_discipline *sd) 476{ 477 478 DNPRINTF(SR_D_DIS, "%s: sr_crypto_create_keys\n", 479 DEVNAME(sd->sd_sc)); 480 481 if (AES_MAXKEYBYTES < sizeof(sd->mds.mdd_crypto.scr_maskkey)) 482 return (1); 483 484 /* XXX allow user to specify */ 485 sd->mds.mdd_crypto.scr_meta->scm_alg = SR_CRYPTOA_AES_XTS_256; 486 487 /* generate crypto keys */ 488 arc4random_buf(sd->mds.mdd_crypto.scr_key, 489 sizeof(sd->mds.mdd_crypto.scr_key)); 490 491 /* Mask the disk keys. */ 492 sd->mds.mdd_crypto.scr_meta->scm_mask_alg = SR_CRYPTOM_AES_ECB_256; 493 sr_crypto_encrypt((u_char *)sd->mds.mdd_crypto.scr_key, 494 (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key, 495 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key), 496 sd->mds.mdd_crypto.scr_meta->scm_mask_alg); 497 498 /* Prepare key decryption check code. */ 499 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1; 500 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey, 501 sizeof(sd->mds.mdd_crypto.scr_maskkey), 502 (u_int8_t *)sd->mds.mdd_crypto.scr_key, 503 sizeof(sd->mds.mdd_crypto.scr_key), 504 sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac); 505 506 /* Erase the plaintext disk keys */ 507 explicit_bzero(sd->mds.mdd_crypto.scr_key, 508 sizeof(sd->mds.mdd_crypto.scr_key)); 509 510#ifdef SR_DEBUG0 511 sr_crypto_dumpkeys(sd); 512#endif 513 514 sd->mds.mdd_crypto.scr_meta->scm_flags = SR_CRYPTOF_KEY | 515 SR_CRYPTOF_KDFHINT; 516 517 return (0); 518} 519 520int 521sr_crypto_change_maskkey(struct sr_discipline *sd, 522 struct sr_crypto_kdfinfo *kdfinfo1, struct sr_crypto_kdfinfo *kdfinfo2) 523{ 524 u_char check_digest[SHA1_DIGEST_LENGTH]; 525 u_char *c, *p = NULL; 526 size_t ksz; 527 int rv = 1; 528 529 DNPRINTF(SR_D_DIS, "%s: sr_crypto_change_maskkey\n", 530 DEVNAME(sd->sd_sc)); 531 532 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1) 533 goto out; 534 535 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key; 536 ksz = sizeof(sd->mds.mdd_crypto.scr_key); 537 p = malloc(ksz, M_DEVBUF, M_WAITOK | M_CANFAIL | M_ZERO); 538 if (p == NULL) 539 goto out; 540 541 if (sr_crypto_decrypt(c, p, kdfinfo1->maskkey, ksz, 542 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1) 543 goto out; 544 545#ifdef SR_DEBUG0 546 sr_crypto_dumpkeys(sd); 547#endif 548 549 sr_crypto_calculate_check_hmac_sha1(kdfinfo1->maskkey, 550 sizeof(kdfinfo1->maskkey), p, ksz, check_digest); 551 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, 552 check_digest, sizeof(check_digest)) != 0) { 553 sr_error(sd->sd_sc, "incorrect key or passphrase"); 554 rv = EPERM; 555 goto out; 556 } 557 558 /* Copy new KDF hint to metadata, if supplied. */ 559 if (kdfinfo2->flags & SR_CRYPTOKDF_HINT) { 560 if (kdfinfo2->genkdf.len > 561 sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint)) 562 goto out; 563 explicit_bzero(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 564 sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint)); 565 memcpy(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 566 &kdfinfo2->genkdf, kdfinfo2->genkdf.len); 567 } 568 569 /* Mask the disk keys. */ 570 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key; 571 if (sr_crypto_encrypt(p, c, kdfinfo2->maskkey, ksz, 572 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1) 573 goto out; 574 575 /* Prepare key decryption check code. */ 576 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1; 577 sr_crypto_calculate_check_hmac_sha1(kdfinfo2->maskkey, 578 sizeof(kdfinfo2->maskkey), (u_int8_t *)sd->mds.mdd_crypto.scr_key, 579 sizeof(sd->mds.mdd_crypto.scr_key), check_digest); 580 581 /* Copy new encrypted key and HMAC to metadata. */ 582 memcpy(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, check_digest, 583 sizeof(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac)); 584 585 rv = 0; /* Success */ 586 587out: 588 if (p) { 589 explicit_bzero(p, ksz); 590 free(p, M_DEVBUF, ksz); 591 } 592 593 explicit_bzero(check_digest, sizeof(check_digest)); 594 explicit_bzero(&kdfinfo1->maskkey, sizeof(kdfinfo1->maskkey)); 595 explicit_bzero(&kdfinfo2->maskkey, sizeof(kdfinfo2->maskkey)); 596 597 return (rv); 598} 599 600struct sr_chunk * 601sr_crypto_create_key_disk(struct sr_discipline *sd, dev_t dev) 602{ 603 struct sr_softc *sc = sd->sd_sc; 604 struct sr_discipline *fakesd = NULL; 605 struct sr_metadata *sm = NULL; 606 struct sr_meta_chunk *km; 607 struct sr_meta_opt_item *omi = NULL; 608 struct sr_meta_keydisk *skm; 609 struct sr_chunk *key_disk = NULL; 610 struct disklabel label; 611 struct vnode *vn; 612 char devname[32]; 613 int c, part, open = 0; 614 615 /* 616 * Create a metadata structure on the key disk and store 617 * keying material in the optional metadata. 618 */ 619 620 sr_meta_getdevname(sc, dev, devname, sizeof(devname)); 621 622 /* Make sure chunk is not already in use. */ 623 c = sr_chunk_in_use(sc, dev); 624 if (c != BIOC_SDINVALID && c != BIOC_SDOFFLINE) { 625 sr_error(sc, "%s is already in use", devname); 626 goto done; 627 } 628 629 /* Open device. */ 630 if (bdevvp(dev, &vn)) { 631 sr_error(sc, "cannot open key disk %s", devname); 632 goto done; 633 } 634 if (VOP_OPEN(vn, FREAD | FWRITE, NOCRED, curproc)) { 635 DNPRINTF(SR_D_META,"%s: sr_crypto_create_key_disk cannot " 636 "open %s\n", DEVNAME(sc), devname); 637 vput(vn); 638 goto done; 639 } 640 open = 1; /* close dev on error */ 641 642 /* Get partition details. */ 643 part = DISKPART(dev); 644 if (VOP_IOCTL(vn, DIOCGDINFO, (caddr_t)&label, 645 FREAD, NOCRED, curproc)) { 646 DNPRINTF(SR_D_META, "%s: sr_crypto_create_key_disk ioctl " 647 "failed\n", DEVNAME(sc)); 648 goto done; 649 } 650 if (label.d_partitions[part].p_fstype != FS_RAID) { 651 sr_error(sc, "%s partition not of type RAID (%d)", 652 devname, label.d_partitions[part].p_fstype); 653 goto done; 654 } 655 656 /* 657 * Create and populate chunk metadata. 658 */ 659 660 key_disk = malloc(sizeof(struct sr_chunk), M_DEVBUF, M_WAITOK | M_ZERO); 661 km = &key_disk->src_meta; 662 663 key_disk->src_dev_mm = dev; 664 key_disk->src_vn = vn; 665 strlcpy(key_disk->src_devname, devname, sizeof(km->scmi.scm_devname)); 666 key_disk->src_size = 0; 667 668 km->scmi.scm_volid = sd->sd_meta->ssdi.ssd_level; 669 km->scmi.scm_chunk_id = 0; 670 km->scmi.scm_size = 0; 671 km->scmi.scm_coerced_size = 0; 672 strlcpy(km->scmi.scm_devname, devname, sizeof(km->scmi.scm_devname)); 673 memcpy(&km->scmi.scm_uuid, &sd->sd_meta->ssdi.ssd_uuid, 674 sizeof(struct sr_uuid)); 675 676 sr_checksum(sc, km, &km->scm_checksum, 677 sizeof(struct sr_meta_chunk_invariant)); 678 679 km->scm_status = BIOC_SDONLINE; 680 681 /* 682 * Create and populate our own discipline and metadata. 683 */ 684 685 sm = malloc(sizeof(struct sr_metadata), M_DEVBUF, M_WAITOK | M_ZERO); 686 sm->ssdi.ssd_magic = SR_MAGIC; 687 sm->ssdi.ssd_version = SR_META_VERSION; 688 sm->ssd_ondisk = 0; 689 sm->ssdi.ssd_vol_flags = 0; 690 memcpy(&sm->ssdi.ssd_uuid, &sd->sd_meta->ssdi.ssd_uuid, 691 sizeof(struct sr_uuid)); 692 sm->ssdi.ssd_chunk_no = 1; 693 sm->ssdi.ssd_volid = SR_KEYDISK_VOLID; 694 sm->ssdi.ssd_level = SR_KEYDISK_LEVEL; 695 sm->ssdi.ssd_size = 0; 696 strlcpy(sm->ssdi.ssd_vendor, "OPENBSD", sizeof(sm->ssdi.ssd_vendor)); 697 snprintf(sm->ssdi.ssd_product, sizeof(sm->ssdi.ssd_product), 698 "SR %s", "KEYDISK"); 699 snprintf(sm->ssdi.ssd_revision, sizeof(sm->ssdi.ssd_revision), 700 "%03d", SR_META_VERSION); 701 702 fakesd = malloc(sizeof(struct sr_discipline), M_DEVBUF, 703 M_WAITOK | M_ZERO); 704 fakesd->sd_sc = sd->sd_sc; 705 fakesd->sd_meta = sm; 706 fakesd->sd_meta_type = SR_META_F_NATIVE; 707 fakesd->sd_vol_status = BIOC_SVONLINE; 708 strlcpy(fakesd->sd_name, "KEYDISK", sizeof(fakesd->sd_name)); 709 SLIST_INIT(&fakesd->sd_meta_opt); 710 711 /* Add chunk to volume. */ 712 fakesd->sd_vol.sv_chunks = malloc(sizeof(struct sr_chunk *), M_DEVBUF, 713 M_WAITOK | M_ZERO); 714 fakesd->sd_vol.sv_chunks[0] = key_disk; 715 SLIST_INIT(&fakesd->sd_vol.sv_chunk_list); 716 SLIST_INSERT_HEAD(&fakesd->sd_vol.sv_chunk_list, key_disk, src_link); 717 718 /* Generate mask key. */ 719 arc4random_buf(sd->mds.mdd_crypto.scr_maskkey, 720 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 721 722 /* Copy mask key to optional metadata area. */ 723 omi = malloc(sizeof(struct sr_meta_opt_item), M_DEVBUF, 724 M_WAITOK | M_ZERO); 725 omi->omi_som = malloc(sizeof(struct sr_meta_keydisk), M_DEVBUF, 726 M_WAITOK | M_ZERO); 727 omi->omi_som->som_type = SR_OPT_KEYDISK; 728 omi->omi_som->som_length = sizeof(struct sr_meta_keydisk); 729 skm = (struct sr_meta_keydisk *)omi->omi_som; 730 memcpy(&skm->skm_maskkey, sd->mds.mdd_crypto.scr_maskkey, 731 sizeof(skm->skm_maskkey)); 732 SLIST_INSERT_HEAD(&fakesd->sd_meta_opt, omi, omi_link); 733 fakesd->sd_meta->ssdi.ssd_opt_no++; 734 735 /* Save metadata. */ 736 if (sr_meta_save(fakesd, SR_META_DIRTY)) { 737 sr_error(sc, "could not save metadata to %s", devname); 738 goto fail; 739 } 740 741 goto done; 742 743fail: 744 free(key_disk, M_DEVBUF, sizeof(struct sr_chunk)); 745 key_disk = NULL; 746 747done: 748 free(omi, M_DEVBUF, sizeof(struct sr_meta_opt_item)); 749 if (fakesd && fakesd->sd_vol.sv_chunks) 750 free(fakesd->sd_vol.sv_chunks, M_DEVBUF, 751 sizeof(struct sr_chunk *)); 752 free(fakesd, M_DEVBUF, sizeof(struct sr_discipline)); 753 free(sm, M_DEVBUF, sizeof(struct sr_metadata)); 754 if (open) { 755 VOP_CLOSE(vn, FREAD | FWRITE, NOCRED, curproc); 756 vput(vn); 757 } 758 759 return key_disk; 760} 761 762struct sr_chunk * 763sr_crypto_read_key_disk(struct sr_discipline *sd, dev_t dev) 764{ 765 struct sr_softc *sc = sd->sd_sc; 766 struct sr_metadata *sm = NULL; 767 struct sr_meta_opt_item *omi, *omi_next; 768 struct sr_meta_opt_hdr *omh; 769 struct sr_meta_keydisk *skm; 770 struct sr_meta_opt_head som; 771 struct sr_chunk *key_disk = NULL; 772 struct disklabel label; 773 struct vnode *vn = NULL; 774 char devname[32]; 775 int c, part, open = 0; 776 777 /* 778 * Load a key disk and load keying material into memory. 779 */ 780 781 SLIST_INIT(&som); 782 783 sr_meta_getdevname(sc, dev, devname, sizeof(devname)); 784 785 /* Make sure chunk is not already in use. */ 786 c = sr_chunk_in_use(sc, dev); 787 if (c != BIOC_SDINVALID && c != BIOC_SDOFFLINE) { 788 sr_error(sc, "%s is already in use", devname); 789 goto done; 790 } 791 792 /* Open device. */ 793 if (bdevvp(dev, &vn)) { 794 sr_error(sc, "cannot open key disk %s", devname); 795 goto done; 796 } 797 if (VOP_OPEN(vn, FREAD, NOCRED, curproc)) { 798 DNPRINTF(SR_D_META,"%s: sr_crypto_read_key_disk cannot " 799 "open %s\n", DEVNAME(sc), devname); 800 vput(vn); 801 goto done; 802 } 803 open = 1; /* close dev on error */ 804 805 /* Get partition details. */ 806 part = DISKPART(dev); 807 if (VOP_IOCTL(vn, DIOCGDINFO, (caddr_t)&label, FREAD, 808 NOCRED, curproc)) { 809 DNPRINTF(SR_D_META, "%s: sr_crypto_read_key_disk ioctl " 810 "failed\n", DEVNAME(sc)); 811 goto done; 812 } 813 if (label.d_partitions[part].p_fstype != FS_RAID) { 814 sr_error(sc, "%s partition not of type RAID (%d)", 815 devname, label.d_partitions[part].p_fstype); 816 goto done; 817 } 818 819 /* 820 * Read and validate key disk metadata. 821 */ 822 sm = malloc(SR_META_SIZE * DEV_BSIZE, M_DEVBUF, M_WAITOK | M_ZERO); 823 if (sr_meta_native_read(sd, dev, sm, NULL)) { 824 sr_error(sc, "native bootprobe could not read native metadata"); 825 goto done; 826 } 827 828 if (sr_meta_validate(sd, dev, sm, NULL)) { 829 DNPRINTF(SR_D_META, "%s: invalid metadata\n", 830 DEVNAME(sc)); 831 goto done; 832 } 833 834 /* Make sure this is a key disk. */ 835 if (sm->ssdi.ssd_level != SR_KEYDISK_LEVEL) { 836 sr_error(sc, "%s is not a key disk", devname); 837 goto done; 838 } 839 840 /* Construct key disk chunk. */ 841 key_disk = malloc(sizeof(struct sr_chunk), M_DEVBUF, M_WAITOK | M_ZERO); 842 key_disk->src_dev_mm = dev; 843 key_disk->src_vn = vn; 844 key_disk->src_size = 0; 845 846 memcpy(&key_disk->src_meta, (struct sr_meta_chunk *)(sm + 1), 847 sizeof(key_disk->src_meta)); 848 849 /* Read mask key from optional metadata. */ 850 sr_meta_opt_load(sc, sm, &som); 851 SLIST_FOREACH(omi, &som, omi_link) { 852 omh = omi->omi_som; 853 if (omh->som_type == SR_OPT_KEYDISK) { 854 skm = (struct sr_meta_keydisk *)omh; 855 memcpy(sd->mds.mdd_crypto.scr_maskkey, &skm->skm_maskkey, 856 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 857 } else if (omh->som_type == SR_OPT_CRYPTO) { 858 /* Original keydisk format with key in crypto area. */ 859 memcpy(sd->mds.mdd_crypto.scr_maskkey, 860 omh + sizeof(struct sr_meta_opt_hdr), 861 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 862 } 863 } 864 865 open = 0; 866 867done: 868 for (omi = SLIST_FIRST(&som); omi != NULL; omi = omi_next) { 869 omi_next = SLIST_NEXT(omi, omi_link); 870 free(omi->omi_som, M_DEVBUF, 0); 871 free(omi, M_DEVBUF, sizeof(struct sr_meta_opt_item)); 872 } 873 874 free(sm, M_DEVBUF, SR_META_SIZE * DEV_BSIZE); 875 876 if (vn && open) { 877 VOP_CLOSE(vn, FREAD, NOCRED, curproc); 878 vput(vn); 879 } 880 881 return key_disk; 882} 883 884static void 885sr_crypto_free_sessions(struct sr_discipline *sd) 886{ 887 u_int i; 888 889 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) { 890 if (sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1) { 891 crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]); 892 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1; 893 } 894 } 895} 896 897int 898sr_crypto_alloc_resources(struct sr_discipline *sd) 899{ 900 struct sr_workunit *wu; 901 struct sr_crypto_wu *crwu; 902 struct cryptoini cri; 903 u_int num_keys, i; 904 905 DNPRINTF(SR_D_DIS, "%s: sr_crypto_alloc_resources\n", 906 DEVNAME(sd->sd_sc)); 907 908 sd->mds.mdd_crypto.scr_alg = CRYPTO_AES_XTS; 909 switch (sd->mds.mdd_crypto.scr_meta->scm_alg) { 910 case SR_CRYPTOA_AES_XTS_128: 911 sd->mds.mdd_crypto.scr_klen = 256; 912 break; 913 case SR_CRYPTOA_AES_XTS_256: 914 sd->mds.mdd_crypto.scr_klen = 512; 915 break; 916 default: 917 sr_error(sd->sd_sc, "unknown crypto algorithm"); 918 return (EINVAL); 919 } 920 921 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) 922 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1; 923 924 if (sr_wu_alloc(sd)) { 925 sr_error(sd->sd_sc, "unable to allocate work units"); 926 return (ENOMEM); 927 } 928 if (sr_ccb_alloc(sd)) { 929 sr_error(sd->sd_sc, "unable to allocate CCBs"); 930 return (ENOMEM); 931 } 932 if (sr_crypto_decrypt_key(sd)) { 933 sr_error(sd->sd_sc, "incorrect key or passphrase"); 934 return (EPERM); 935 } 936 937 /* 938 * For each work unit allocate the uio, iovec and crypto structures. 939 * These have to be allocated now because during runtime we cannot 940 * fail an allocation without failing the I/O (which can cause real 941 * problems). 942 */ 943 TAILQ_FOREACH(wu, &sd->sd_wu, swu_next) { 944 crwu = (struct sr_crypto_wu *)wu; 945 crwu->cr_uio.uio_iov = &crwu->cr_iov; 946 crwu->cr_dmabuf = dma_alloc(MAXPHYS, PR_WAITOK); 947 crwu->cr_crp = crypto_getreq(MAXPHYS >> DEV_BSHIFT); 948 if (crwu->cr_crp == NULL) 949 return (ENOMEM); 950 } 951 952 memset(&cri, 0, sizeof(cri)); 953 cri.cri_alg = sd->mds.mdd_crypto.scr_alg; 954 cri.cri_klen = sd->mds.mdd_crypto.scr_klen; 955 956 /* Allocate a session for every 2^SR_CRYPTO_KEY_BLKSHIFT blocks. */ 957 num_keys = ((sd->sd_meta->ssdi.ssd_size - 1) >> 958 SR_CRYPTO_KEY_BLKSHIFT) + 1; 959 if (num_keys > SR_CRYPTO_MAXKEYS) 960 return (EFBIG); 961 for (i = 0; i < num_keys; i++) { 962 cri.cri_key = sd->mds.mdd_crypto.scr_key[i]; 963 if (crypto_newsession(&sd->mds.mdd_crypto.scr_sid[i], 964 &cri, 0) != 0) { 965 sr_crypto_free_sessions(sd); 966 return (EINVAL); 967 } 968 } 969 970 sr_hotplug_register(sd, sr_crypto_hotplug); 971 972 return (0); 973} 974 975void 976sr_crypto_free_resources(struct sr_discipline *sd) 977{ 978 struct sr_workunit *wu; 979 struct sr_crypto_wu *crwu; 980 981 DNPRINTF(SR_D_DIS, "%s: sr_crypto_free_resources\n", 982 DEVNAME(sd->sd_sc)); 983 984 if (sd->mds.mdd_crypto.key_disk != NULL) { 985 explicit_bzero(sd->mds.mdd_crypto.key_disk, 986 sizeof(*sd->mds.mdd_crypto.key_disk)); 987 free(sd->mds.mdd_crypto.key_disk, M_DEVBUF, 988 sizeof(*sd->mds.mdd_crypto.key_disk)); 989 } 990 991 sr_hotplug_unregister(sd, sr_crypto_hotplug); 992 993 sr_crypto_free_sessions(sd); 994 995 TAILQ_FOREACH(wu, &sd->sd_wu, swu_next) { 996 crwu = (struct sr_crypto_wu *)wu; 997 if (crwu->cr_dmabuf) 998 dma_free(crwu->cr_dmabuf, MAXPHYS); 999 if (crwu->cr_crp) 1000 crypto_freereq(crwu->cr_crp); 1001 } 1002 1003 sr_wu_free(sd); 1004 sr_ccb_free(sd); 1005} 1006 1007int 1008sr_crypto_ioctl(struct sr_discipline *sd, struct bioc_discipline *bd) 1009{ 1010 struct sr_crypto_kdfpair kdfpair; 1011 struct sr_crypto_kdfinfo kdfinfo1, kdfinfo2; 1012 int size, rv = 1; 1013 1014 DNPRINTF(SR_D_IOCTL, "%s: sr_crypto_ioctl %u\n", 1015 DEVNAME(sd->sd_sc), bd->bd_cmd); 1016 1017 switch (bd->bd_cmd) { 1018 case SR_IOCTL_GET_KDFHINT: 1019 1020 /* Get KDF hint for userland. */ 1021 size = sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint); 1022 if (bd->bd_data == NULL || bd->bd_size > size) 1023 goto bad; 1024 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 1025 bd->bd_data, bd->bd_size)) 1026 goto bad; 1027 1028 rv = 0; 1029 1030 break; 1031 1032 case SR_IOCTL_CHANGE_PASSPHRASE: 1033 1034 /* Attempt to change passphrase. */ 1035 1036 size = sizeof(kdfpair); 1037 if (bd->bd_data == NULL || bd->bd_size > size) 1038 goto bad; 1039 if (copyin(bd->bd_data, &kdfpair, size)) 1040 goto bad; 1041 1042 size = sizeof(kdfinfo1); 1043 if (kdfpair.kdfinfo1 == NULL || kdfpair.kdfsize1 > size) 1044 goto bad; 1045 if (copyin(kdfpair.kdfinfo1, &kdfinfo1, size)) 1046 goto bad; 1047 1048 size = sizeof(kdfinfo2); 1049 if (kdfpair.kdfinfo2 == NULL || kdfpair.kdfsize2 > size) 1050 goto bad; 1051 if (copyin(kdfpair.kdfinfo2, &kdfinfo2, size)) 1052 goto bad; 1053 1054 if (sr_crypto_change_maskkey(sd, &kdfinfo1, &kdfinfo2)) 1055 goto bad; 1056 1057 /* Save metadata to disk. */ 1058 rv = sr_meta_save(sd, SR_META_DIRTY); 1059 1060 break; 1061 } 1062 1063bad: 1064 explicit_bzero(&kdfpair, sizeof(kdfpair)); 1065 explicit_bzero(&kdfinfo1, sizeof(kdfinfo1)); 1066 explicit_bzero(&kdfinfo2, sizeof(kdfinfo2)); 1067 1068 return (rv); 1069} 1070 1071int 1072sr_crypto_meta_opt_handler(struct sr_discipline *sd, struct sr_meta_opt_hdr *om) 1073{ 1074 int rv = EINVAL; 1075 1076 if (om->som_type == SR_OPT_CRYPTO) { 1077 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)om; 1078 rv = 0; 1079 } 1080 1081 return (rv); 1082} 1083 1084int 1085sr_crypto_rw(struct sr_workunit *wu) 1086{ 1087 struct sr_crypto_wu *crwu; 1088 daddr_t blkno; 1089 int rv = 0; 1090 1091 DNPRINTF(SR_D_DIS, "%s: sr_crypto_rw wu %p\n", 1092 DEVNAME(wu->swu_dis->sd_sc), wu); 1093 1094 if (sr_validate_io(wu, &blkno, "sr_crypto_rw")) 1095 return (1); 1096 1097 if (wu->swu_xs->flags & SCSI_DATA_OUT) { 1098 crwu = sr_crypto_prepare(wu, 1); 1099 crwu->cr_crp->crp_callback = sr_crypto_write; 1100 rv = crypto_dispatch(crwu->cr_crp); 1101 if (rv == 0) 1102 rv = crwu->cr_crp->crp_etype; 1103 } else 1104 rv = sr_crypto_dev_rw(wu, NULL); 1105 1106 return (rv); 1107} 1108 1109void 1110sr_crypto_write(struct cryptop *crp) 1111{ 1112 struct sr_crypto_wu *crwu = crp->crp_opaque; 1113 struct sr_workunit *wu = &crwu->cr_wu; 1114 int s; 1115 1116 DNPRINTF(SR_D_INTR, "%s: sr_crypto_write: wu %p xs: %p\n", 1117 DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs); 1118 1119 if (crp->crp_etype) { 1120 /* fail io */ 1121 wu->swu_xs->error = XS_DRIVER_STUFFUP; 1122 s = splbio(); 1123 sr_scsi_done(wu->swu_dis, wu->swu_xs); 1124 splx(s); 1125 } 1126 1127 sr_crypto_dev_rw(wu, crwu); 1128} 1129 1130int 1131sr_crypto_dev_rw(struct sr_workunit *wu, struct sr_crypto_wu *crwu) 1132{ 1133 struct sr_discipline *sd = wu->swu_dis; 1134 struct scsi_xfer *xs = wu->swu_xs; 1135 struct sr_ccb *ccb; 1136 struct uio *uio; 1137 daddr_t blkno; 1138 1139 blkno = wu->swu_blk_start; 1140 1141 ccb = sr_ccb_rw(sd, 0, blkno, xs->datalen, xs->data, xs->flags, 0); 1142 if (!ccb) { 1143 /* should never happen but handle more gracefully */ 1144 printf("%s: %s: too many ccbs queued\n", 1145 DEVNAME(sd->sd_sc), sd->sd_meta->ssd_devname); 1146 goto bad; 1147 } 1148 if (!ISSET(xs->flags, SCSI_DATA_IN)) { 1149 uio = crwu->cr_crp->crp_buf; 1150 ccb->ccb_buf.b_data = uio->uio_iov->iov_base; 1151 ccb->ccb_opaque = crwu; 1152 } 1153 sr_wu_enqueue_ccb(wu, ccb); 1154 sr_schedule_wu(wu); 1155 1156 return (0); 1157 1158bad: 1159 /* wu is unwound by sr_wu_put */ 1160 if (crwu) 1161 crwu->cr_crp->crp_etype = EINVAL; 1162 return (1); 1163} 1164 1165void 1166sr_crypto_done(struct sr_workunit *wu) 1167{ 1168 struct scsi_xfer *xs = wu->swu_xs; 1169 struct sr_crypto_wu *crwu; 1170 int s; 1171 1172 /* If this was a successful read, initiate decryption of the data. */ 1173 if (ISSET(xs->flags, SCSI_DATA_IN) && xs->error == XS_NOERROR) { 1174 crwu = sr_crypto_prepare(wu, 0); 1175 crwu->cr_crp->crp_callback = sr_crypto_read; 1176 DNPRINTF(SR_D_INTR, "%s: sr_crypto_done: crypto_dispatch %p\n", 1177 DEVNAME(wu->swu_dis->sd_sc), crwu->cr_crp); 1178 crypto_dispatch(crwu->cr_crp); 1179 return; 1180 } 1181 1182 s = splbio(); 1183 sr_scsi_done(wu->swu_dis, wu->swu_xs); 1184 splx(s); 1185} 1186 1187void 1188sr_crypto_read(struct cryptop *crp) 1189{ 1190 struct sr_crypto_wu *crwu = crp->crp_opaque; 1191 struct sr_workunit *wu = &crwu->cr_wu; 1192 int s; 1193 1194 DNPRINTF(SR_D_INTR, "%s: sr_crypto_read: wu %p xs: %p\n", 1195 DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs); 1196 1197 if (crp->crp_etype) 1198 wu->swu_xs->error = XS_DRIVER_STUFFUP; 1199 1200 s = splbio(); 1201 sr_scsi_done(wu->swu_dis, wu->swu_xs); 1202 splx(s); 1203} 1204 1205void 1206sr_crypto_hotplug(struct sr_discipline *sd, struct disk *diskp, int action) 1207{ 1208 DNPRINTF(SR_D_MISC, "%s: sr_crypto_hotplug: %s %d\n", 1209 DEVNAME(sd->sd_sc), diskp->dk_name, action); 1210} 1211 1212#ifdef SR_DEBUG0 1213void 1214sr_crypto_dumpkeys(struct sr_discipline *sd) 1215{ 1216 int i, j; 1217 1218 printf("sr_crypto_dumpkeys:\n"); 1219 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) { 1220 printf("\tscm_key[%d]: 0x", i); 1221 for (j = 0; j < SR_CRYPTO_KEYBYTES; j++) { 1222 printf("%02x", 1223 sd->mds.mdd_crypto.scr_meta->scm_key[i][j]); 1224 } 1225 printf("\n"); 1226 } 1227 printf("sr_crypto_dumpkeys: runtime data keys:\n"); 1228 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) { 1229 printf("\tscr_key[%d]: 0x", i); 1230 for (j = 0; j < SR_CRYPTO_KEYBYTES; j++) { 1231 printf("%02x", 1232 sd->mds.mdd_crypto.scr_key[i][j]); 1233 } 1234 printf("\n"); 1235 } 1236} 1237#endif /* SR_DEBUG */ 1238