1/* $OpenBSD: softraid_crypto.c,v 1.104 2014/01/21 04:23:14 jsing Exp $ */ 2/* 3 * Copyright (c) 2007 Marco Peereboom <marco@peereboom.us> 4 * Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org> 5 * Copyright (c) 2008 Damien Miller <djm@mindrot.org> 6 * Copyright (c) 2009 Joel Sing <jsing@openbsd.org> 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21#include "bio.h" 22 23#include <sys/param.h> 24#include <sys/systm.h> 25#include <sys/buf.h> 26#include <sys/device.h> 27#include <sys/ioctl.h> 28#include <sys/proc.h> 29#include <sys/malloc.h> 30#include <sys/pool.h> 31#include <sys/kernel.h> 32#include <sys/disk.h> 33#include <sys/rwlock.h> 34#include <sys/queue.h> 35#include <sys/fcntl.h> 36#include <sys/disklabel.h> 37#include <sys/vnode.h> 38#include <sys/mount.h> 39#include <sys/sensors.h> 40#include <sys/stat.h> 41#include <sys/conf.h> 42#include <sys/uio.h> 43#include <sys/dkio.h> 44 45#include <crypto/cryptodev.h> 46#include <crypto/cryptosoft.h> 47#include <crypto/rijndael.h> 48#include <crypto/md5.h> 49#include <crypto/sha1.h> 50#include <crypto/sha2.h> 51#include <crypto/hmac.h> 52 53#include <scsi/scsi_all.h> 54#include <scsi/scsiconf.h> 55#include <scsi/scsi_disk.h> 56 57#include <dev/softraidvar.h> 58#include <dev/rndvar.h> 59 60/* 61 * The per-I/O data that we need to preallocate. We cannot afford to allow I/O 62 * to start failing when memory pressure kicks in. We can store this in the WU 63 * because we assert that only one ccb per WU will ever be active. 64 */ 65struct sr_crypto_wu { 66 TAILQ_ENTRY(sr_crypto_wu) cr_link; 67 struct uio cr_uio; 68 struct iovec cr_iov; 69 struct cryptop *cr_crp; 70 struct cryptodesc *cr_descs; 71 struct sr_workunit *cr_wu; 72 void *cr_dmabuf; 73}; 74 75 76struct sr_crypto_wu *sr_crypto_wu_get(struct sr_workunit *, int); 77void sr_crypto_wu_put(struct sr_crypto_wu *); 78int sr_crypto_create_keys(struct sr_discipline *); 79int sr_crypto_get_kdf(struct bioc_createraid *, 80 struct sr_discipline *); 81int sr_crypto_decrypt(u_char *, u_char *, u_char *, size_t, int); 82int sr_crypto_encrypt(u_char *, u_char *, u_char *, size_t, int); 83int sr_crypto_decrypt_key(struct sr_discipline *); 84int sr_crypto_change_maskkey(struct sr_discipline *, 85 struct sr_crypto_kdfinfo *, struct sr_crypto_kdfinfo *); 86int sr_crypto_create(struct sr_discipline *, 87 struct bioc_createraid *, int, int64_t); 88int sr_crypto_assemble(struct sr_discipline *, 89 struct bioc_createraid *, int, void *); 90int sr_crypto_alloc_resources(struct sr_discipline *); 91void sr_crypto_free_resources(struct sr_discipline *); 92int sr_crypto_ioctl(struct sr_discipline *, 93 struct bioc_discipline *); 94int sr_crypto_meta_opt_handler(struct sr_discipline *, 95 struct sr_meta_opt_hdr *); 96int sr_crypto_write(struct cryptop *); 97int sr_crypto_rw(struct sr_workunit *); 98int sr_crypto_dev_rw(struct sr_workunit *, struct sr_crypto_wu *); 99void sr_crypto_done(struct sr_workunit *); 100int sr_crypto_read(struct cryptop *); 101void sr_crypto_finish_io(struct sr_workunit *); 102void sr_crypto_calculate_check_hmac_sha1(u_int8_t *, int, 103 u_int8_t *, int, u_char *); 104void sr_crypto_hotplug(struct sr_discipline *, struct disk *, int); 105 106#ifdef SR_DEBUG0 107void sr_crypto_dumpkeys(struct sr_discipline *); 108#endif 109 110/* Discipline initialisation. */ 111void 112sr_crypto_discipline_init(struct sr_discipline *sd) 113{ 114 int i; 115 116 /* Fill out discipline members. */ 117 sd->sd_type = SR_MD_CRYPTO; 118 strlcpy(sd->sd_name, "CRYPTO", sizeof(sd->sd_name)); 119 sd->sd_capabilities = SR_CAP_SYSTEM_DISK | SR_CAP_AUTO_ASSEMBLE; 120 sd->sd_max_wu = SR_CRYPTO_NOWU; 121 122 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) 123 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1; 124 125 /* Setup discipline specific function pointers. */ 126 sd->sd_alloc_resources = sr_crypto_alloc_resources; 127 sd->sd_assemble = sr_crypto_assemble; 128 sd->sd_create = sr_crypto_create; 129 sd->sd_free_resources = sr_crypto_free_resources; 130 sd->sd_ioctl_handler = sr_crypto_ioctl; 131 sd->sd_meta_opt_handler = sr_crypto_meta_opt_handler; 132 sd->sd_scsi_rw = sr_crypto_rw; 133 sd->sd_scsi_done = sr_crypto_done; 134} 135 136int 137sr_crypto_create(struct sr_discipline *sd, struct bioc_createraid *bc, 138 int no_chunk, int64_t coerced_size) 139{ 140 struct sr_meta_opt_item *omi; 141 int rv = EINVAL; 142 143 if (no_chunk != 1) { 144 sr_error(sd->sd_sc, "%s requires exactly one chunk", 145 sd->sd_name); 146 goto done; 147 } 148 149 /* Create crypto optional metadata. */ 150 omi = malloc(sizeof(struct sr_meta_opt_item), M_DEVBUF, 151 M_WAITOK | M_ZERO); 152 omi->omi_som = malloc(sizeof(struct sr_meta_crypto), M_DEVBUF, 153 M_WAITOK | M_ZERO); 154 omi->omi_som->som_type = SR_OPT_CRYPTO; 155 omi->omi_som->som_length = sizeof(struct sr_meta_crypto); 156 SLIST_INSERT_HEAD(&sd->sd_meta_opt, omi, omi_link); 157 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)omi->omi_som; 158 sd->sd_meta->ssdi.ssd_opt_no++; 159 160 sd->mds.mdd_crypto.key_disk = NULL; 161 162 if (bc->bc_key_disk != NODEV) { 163 164 /* Create a key disk. */ 165 if (sr_crypto_get_kdf(bc, sd)) 166 goto done; 167 sd->mds.mdd_crypto.key_disk = 168 sr_crypto_create_key_disk(sd, bc->bc_key_disk); 169 if (sd->mds.mdd_crypto.key_disk == NULL) 170 goto done; 171 sd->sd_capabilities |= SR_CAP_AUTO_ASSEMBLE; 172 173 } else if (bc->bc_opaque_flags & BIOC_SOOUT) { 174 175 /* No hint available yet. */ 176 bc->bc_opaque_status = BIOC_SOINOUT_FAILED; 177 rv = EAGAIN; 178 goto done; 179 180 } else if (sr_crypto_get_kdf(bc, sd)) 181 goto done; 182 183 /* Passphrase volumes cannot be automatically assembled. */ 184 if (!(bc->bc_flags & BIOC_SCNOAUTOASSEMBLE) && bc->bc_key_disk == NODEV) 185 goto done; 186 187 sd->sd_meta->ssdi.ssd_size = coerced_size; 188 189 sr_crypto_create_keys(sd); 190 191 sd->sd_max_ccb_per_wu = no_chunk; 192 193 rv = 0; 194done: 195 return (rv); 196} 197 198int 199sr_crypto_assemble(struct sr_discipline *sd, struct bioc_createraid *bc, 200 int no_chunk, void *data) 201{ 202 int rv = EINVAL; 203 204 sd->mds.mdd_crypto.key_disk = NULL; 205 206 /* Crypto optional metadata must already exist... */ 207 if (sd->mds.mdd_crypto.scr_meta == NULL) 208 goto done; 209 210 if (data != NULL) { 211 /* Kernel already has mask key. */ 212 bcopy(data, sd->mds.mdd_crypto.scr_maskkey, 213 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 214 } else if (bc->bc_key_disk != NODEV) { 215 /* Read the mask key from the key disk. */ 216 sd->mds.mdd_crypto.key_disk = 217 sr_crypto_read_key_disk(sd, bc->bc_key_disk); 218 if (sd->mds.mdd_crypto.key_disk == NULL) 219 goto done; 220 } else if (bc->bc_opaque_flags & BIOC_SOOUT) { 221 /* provide userland with kdf hint */ 222 if (bc->bc_opaque == NULL) 223 goto done; 224 225 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) < 226 bc->bc_opaque_size) 227 goto done; 228 229 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 230 bc->bc_opaque, bc->bc_opaque_size)) 231 goto done; 232 233 /* we're done */ 234 bc->bc_opaque_status = BIOC_SOINOUT_OK; 235 rv = EAGAIN; 236 goto done; 237 } else if (bc->bc_opaque_flags & BIOC_SOIN) { 238 /* get kdf with maskkey from userland */ 239 if (sr_crypto_get_kdf(bc, sd)) 240 goto done; 241 } else 242 goto done; 243 244 sd->sd_max_ccb_per_wu = sd->sd_meta->ssdi.ssd_chunk_no; 245 246 rv = 0; 247done: 248 return (rv); 249} 250 251struct sr_crypto_wu * 252sr_crypto_wu_get(struct sr_workunit *wu, int encrypt) 253{ 254 struct scsi_xfer *xs = wu->swu_xs; 255 struct sr_discipline *sd = wu->swu_dis; 256 struct sr_crypto_wu *crwu; 257 struct cryptodesc *crd; 258 int flags, i, n; 259 daddr_t blk; 260 u_int keyndx; 261 262 DNPRINTF(SR_D_DIS, "%s: sr_crypto_wu_get wu %p encrypt %d\n", 263 DEVNAME(sd->sd_sc), wu, encrypt); 264 265 mtx_enter(&sd->mds.mdd_crypto.scr_mutex); 266 if ((crwu = TAILQ_FIRST(&sd->mds.mdd_crypto.scr_wus)) != NULL) 267 TAILQ_REMOVE(&sd->mds.mdd_crypto.scr_wus, crwu, cr_link); 268 mtx_leave(&sd->mds.mdd_crypto.scr_mutex); 269 if (crwu == NULL) 270 panic("sr_crypto_wu_get: out of work units"); 271 272 crwu->cr_uio.uio_iovcnt = 1; 273 crwu->cr_uio.uio_iov->iov_len = xs->datalen; 274 if (xs->flags & SCSI_DATA_OUT) { 275 crwu->cr_uio.uio_iov->iov_base = crwu->cr_dmabuf; 276 bcopy(xs->data, crwu->cr_uio.uio_iov->iov_base, xs->datalen); 277 } else 278 crwu->cr_uio.uio_iov->iov_base = xs->data; 279 280 blk = wu->swu_blk_start; 281 n = xs->datalen >> DEV_BSHIFT; 282 283 /* 284 * We preallocated enough crypto descs for up to MAXPHYS of I/O. 285 * Since there may be less than that we need to tweak the linked list 286 * of crypto desc structures to be just long enough for our needs. 287 */ 288 crd = crwu->cr_descs; 289 for (i = 0; i < ((MAXPHYS >> DEV_BSHIFT) - n); i++) { 290 crd = crd->crd_next; 291 KASSERT(crd); 292 } 293 crwu->cr_crp->crp_desc = crd; 294 flags = (encrypt ? CRD_F_ENCRYPT : 0) | 295 CRD_F_IV_PRESENT | CRD_F_IV_EXPLICIT; 296 297 /* 298 * Select crypto session based on block number. 299 * 300 * XXX - this does not handle the case where the read/write spans 301 * across a different key blocks (e.g. 0.5TB boundary). Currently 302 * this is already broken by the use of scr_key[0] below. 303 */ 304 keyndx = blk >> SR_CRYPTO_KEY_BLKSHIFT; 305 crwu->cr_crp->crp_sid = sd->mds.mdd_crypto.scr_sid[keyndx]; 306 307 crwu->cr_crp->crp_ilen = xs->datalen; 308 crwu->cr_crp->crp_alloctype = M_DEVBUF; 309 crwu->cr_crp->crp_buf = &crwu->cr_uio; 310 for (i = 0, crd = crwu->cr_crp->crp_desc; crd; 311 i++, blk++, crd = crd->crd_next) { 312 crd->crd_skip = i << DEV_BSHIFT; 313 crd->crd_len = DEV_BSIZE; 314 crd->crd_inject = 0; 315 crd->crd_flags = flags; 316 crd->crd_alg = sd->mds.mdd_crypto.scr_alg; 317 crd->crd_klen = sd->mds.mdd_crypto.scr_klen; 318 crd->crd_key = sd->mds.mdd_crypto.scr_key[0]; 319 bcopy(&blk, crd->crd_iv, sizeof(blk)); 320 } 321 crwu->cr_wu = wu; 322 crwu->cr_crp->crp_opaque = crwu; 323 324 return (crwu); 325} 326 327void 328sr_crypto_wu_put(struct sr_crypto_wu *crwu) 329{ 330 struct sr_workunit *wu = crwu->cr_wu; 331 struct sr_discipline *sd = wu->swu_dis; 332 333 DNPRINTF(SR_D_DIS, "%s: sr_crypto_wu_put crwu: %p\n", 334 DEVNAME(wu->swu_dis->sd_sc), crwu); 335 336 mtx_enter(&sd->mds.mdd_crypto.scr_mutex); 337 TAILQ_INSERT_TAIL(&sd->mds.mdd_crypto.scr_wus, crwu, cr_link); 338 mtx_leave(&sd->mds.mdd_crypto.scr_mutex); 339} 340 341int 342sr_crypto_get_kdf(struct bioc_createraid *bc, struct sr_discipline *sd) 343{ 344 int rv = EINVAL; 345 struct sr_crypto_kdfinfo *kdfinfo; 346 347 if (!(bc->bc_opaque_flags & BIOC_SOIN)) 348 return (rv); 349 if (bc->bc_opaque == NULL) 350 return (rv); 351 if (bc->bc_opaque_size != sizeof(*kdfinfo)) 352 return (rv); 353 354 kdfinfo = malloc(bc->bc_opaque_size, M_DEVBUF, M_WAITOK | M_ZERO); 355 if (copyin(bc->bc_opaque, kdfinfo, bc->bc_opaque_size)) 356 goto out; 357 358 if (kdfinfo->len != bc->bc_opaque_size) 359 goto out; 360 361 /* copy KDF hint to disk meta data */ 362 if (kdfinfo->flags & SR_CRYPTOKDF_HINT) { 363 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) < 364 kdfinfo->genkdf.len) 365 goto out; 366 bcopy(&kdfinfo->genkdf, 367 sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 368 kdfinfo->genkdf.len); 369 } 370 371 /* copy mask key to run-time meta data */ 372 if ((kdfinfo->flags & SR_CRYPTOKDF_KEY)) { 373 if (sizeof(sd->mds.mdd_crypto.scr_maskkey) < 374 sizeof(kdfinfo->maskkey)) 375 goto out; 376 bcopy(&kdfinfo->maskkey, sd->mds.mdd_crypto.scr_maskkey, 377 sizeof(kdfinfo->maskkey)); 378 } 379 380 bc->bc_opaque_status = BIOC_SOINOUT_OK; 381 rv = 0; 382out: 383 explicit_bzero(kdfinfo, bc->bc_opaque_size); 384 free(kdfinfo, M_DEVBUF); 385 386 return (rv); 387} 388 389int 390sr_crypto_encrypt(u_char *p, u_char *c, u_char *key, size_t size, int alg) 391{ 392 rijndael_ctx ctx; 393 int i, rv = 1; 394 395 switch (alg) { 396 case SR_CRYPTOM_AES_ECB_256: 397 if (rijndael_set_key_enc_only(&ctx, key, 256) != 0) 398 goto out; 399 for (i = 0; i < size; i += RIJNDAEL128_BLOCK_LEN) 400 rijndael_encrypt(&ctx, &p[i], &c[i]); 401 rv = 0; 402 break; 403 default: 404 DNPRINTF(SR_D_DIS, "%s: unsupported encryption algorithm %d\n", 405 "softraid", alg); 406 rv = -1; 407 goto out; 408 } 409 410out: 411 explicit_bzero(&ctx, sizeof(ctx)); 412 return (rv); 413} 414 415int 416sr_crypto_decrypt(u_char *c, u_char *p, u_char *key, size_t size, int alg) 417{ 418 rijndael_ctx ctx; 419 int i, rv = 1; 420 421 switch (alg) { 422 case SR_CRYPTOM_AES_ECB_256: 423 if (rijndael_set_key(&ctx, key, 256) != 0) 424 goto out; 425 for (i = 0; i < size; i += RIJNDAEL128_BLOCK_LEN) 426 rijndael_decrypt(&ctx, &c[i], &p[i]); 427 rv = 0; 428 break; 429 default: 430 DNPRINTF(SR_D_DIS, "%s: unsupported encryption algorithm %d\n", 431 "softraid", alg); 432 rv = -1; 433 goto out; 434 } 435 436out: 437 explicit_bzero(&ctx, sizeof(ctx)); 438 return (rv); 439} 440 441void 442sr_crypto_calculate_check_hmac_sha1(u_int8_t *maskkey, int maskkey_size, 443 u_int8_t *key, int key_size, u_char *check_digest) 444{ 445 u_char check_key[SHA1_DIGEST_LENGTH]; 446 HMAC_SHA1_CTX hmacctx; 447 SHA1_CTX shactx; 448 449 bzero(check_key, sizeof(check_key)); 450 bzero(&hmacctx, sizeof(hmacctx)); 451 bzero(&shactx, sizeof(shactx)); 452 453 /* k = SHA1(mask_key) */ 454 SHA1Init(&shactx); 455 SHA1Update(&shactx, maskkey, maskkey_size); 456 SHA1Final(check_key, &shactx); 457 458 /* mac = HMAC_SHA1_k(unencrypted key) */ 459 HMAC_SHA1_Init(&hmacctx, check_key, sizeof(check_key)); 460 HMAC_SHA1_Update(&hmacctx, key, key_size); 461 HMAC_SHA1_Final(check_digest, &hmacctx); 462 463 explicit_bzero(check_key, sizeof(check_key)); 464 explicit_bzero(&hmacctx, sizeof(hmacctx)); 465 explicit_bzero(&shactx, sizeof(shactx)); 466} 467 468int 469sr_crypto_decrypt_key(struct sr_discipline *sd) 470{ 471 u_char check_digest[SHA1_DIGEST_LENGTH]; 472 int rv = 1; 473 474 DNPRINTF(SR_D_DIS, "%s: sr_crypto_decrypt_key\n", DEVNAME(sd->sd_sc)); 475 476 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1) 477 goto out; 478 479 if (sr_crypto_decrypt((u_char *)sd->mds.mdd_crypto.scr_meta->scm_key, 480 (u_char *)sd->mds.mdd_crypto.scr_key, 481 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key), 482 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1) 483 goto out; 484 485#ifdef SR_DEBUG0 486 sr_crypto_dumpkeys(sd); 487#endif 488 489 /* Check that the key decrypted properly. */ 490 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey, 491 sizeof(sd->mds.mdd_crypto.scr_maskkey), 492 (u_int8_t *)sd->mds.mdd_crypto.scr_key, 493 sizeof(sd->mds.mdd_crypto.scr_key), 494 check_digest); 495 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, 496 check_digest, sizeof(check_digest)) != 0) { 497 explicit_bzero(sd->mds.mdd_crypto.scr_key, 498 sizeof(sd->mds.mdd_crypto.scr_key)); 499 goto out; 500 } 501 502 rv = 0; /* Success */ 503out: 504 /* we don't need the mask key anymore */ 505 explicit_bzero(&sd->mds.mdd_crypto.scr_maskkey, 506 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 507 508 explicit_bzero(check_digest, sizeof(check_digest)); 509 510 return rv; 511} 512 513int 514sr_crypto_create_keys(struct sr_discipline *sd) 515{ 516 517 DNPRINTF(SR_D_DIS, "%s: sr_crypto_create_keys\n", 518 DEVNAME(sd->sd_sc)); 519 520 if (AES_MAXKEYBYTES < sizeof(sd->mds.mdd_crypto.scr_maskkey)) 521 return (1); 522 523 /* XXX allow user to specify */ 524 sd->mds.mdd_crypto.scr_meta->scm_alg = SR_CRYPTOA_AES_XTS_256; 525 526 /* generate crypto keys */ 527 arc4random_buf(sd->mds.mdd_crypto.scr_key, 528 sizeof(sd->mds.mdd_crypto.scr_key)); 529 530 /* Mask the disk keys. */ 531 sd->mds.mdd_crypto.scr_meta->scm_mask_alg = SR_CRYPTOM_AES_ECB_256; 532 sr_crypto_encrypt((u_char *)sd->mds.mdd_crypto.scr_key, 533 (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key, 534 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key), 535 sd->mds.mdd_crypto.scr_meta->scm_mask_alg); 536 537 /* Prepare key decryption check code. */ 538 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1; 539 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey, 540 sizeof(sd->mds.mdd_crypto.scr_maskkey), 541 (u_int8_t *)sd->mds.mdd_crypto.scr_key, 542 sizeof(sd->mds.mdd_crypto.scr_key), 543 sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac); 544 545 /* Erase the plaintext disk keys */ 546 explicit_bzero(sd->mds.mdd_crypto.scr_key, 547 sizeof(sd->mds.mdd_crypto.scr_key)); 548 549#ifdef SR_DEBUG0 550 sr_crypto_dumpkeys(sd); 551#endif 552 553 sd->mds.mdd_crypto.scr_meta->scm_flags = SR_CRYPTOF_KEY | 554 SR_CRYPTOF_KDFHINT; 555 556 return (0); 557} 558 559int 560sr_crypto_change_maskkey(struct sr_discipline *sd, 561 struct sr_crypto_kdfinfo *kdfinfo1, struct sr_crypto_kdfinfo *kdfinfo2) 562{ 563 u_char check_digest[SHA1_DIGEST_LENGTH]; 564 u_char *c, *p = NULL; 565 size_t ksz; 566 int rv = 1; 567 568 DNPRINTF(SR_D_DIS, "%s: sr_crypto_change_maskkey\n", 569 DEVNAME(sd->sd_sc)); 570 571 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1) 572 goto out; 573 574 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key; 575 ksz = sizeof(sd->mds.mdd_crypto.scr_key); 576 p = malloc(ksz, M_DEVBUF, M_WAITOK | M_CANFAIL | M_ZERO); 577 if (p == NULL) 578 goto out; 579 580 if (sr_crypto_decrypt(c, p, kdfinfo1->maskkey, ksz, 581 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1) 582 goto out; 583 584#ifdef SR_DEBUG0 585 sr_crypto_dumpkeys(sd); 586#endif 587 588 sr_crypto_calculate_check_hmac_sha1(kdfinfo1->maskkey, 589 sizeof(kdfinfo1->maskkey), p, ksz, check_digest); 590 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, 591 check_digest, sizeof(check_digest)) != 0) { 592 sr_error(sd->sd_sc, "incorrect key or passphrase"); 593 rv = EPERM; 594 goto out; 595 } 596 597 /* Mask the disk keys. */ 598 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key; 599 if (sr_crypto_encrypt(p, c, kdfinfo2->maskkey, ksz, 600 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1) 601 goto out; 602 603 /* Prepare key decryption check code. */ 604 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1; 605 sr_crypto_calculate_check_hmac_sha1(kdfinfo2->maskkey, 606 sizeof(kdfinfo2->maskkey), (u_int8_t *)sd->mds.mdd_crypto.scr_key, 607 sizeof(sd->mds.mdd_crypto.scr_key), check_digest); 608 609 /* Copy new encrypted key and HMAC to metadata. */ 610 bcopy(check_digest, sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, 611 sizeof(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac)); 612 613 rv = 0; /* Success */ 614 615out: 616 if (p) { 617 explicit_bzero(p, ksz); 618 free(p, M_DEVBUF); 619 } 620 621 explicit_bzero(check_digest, sizeof(check_digest)); 622 explicit_bzero(&kdfinfo1->maskkey, sizeof(kdfinfo1->maskkey)); 623 explicit_bzero(&kdfinfo2->maskkey, sizeof(kdfinfo2->maskkey)); 624 625 return (rv); 626} 627 628struct sr_chunk * 629sr_crypto_create_key_disk(struct sr_discipline *sd, dev_t dev) 630{ 631 struct sr_softc *sc = sd->sd_sc; 632 struct sr_discipline *fakesd = NULL; 633 struct sr_metadata *sm = NULL; 634 struct sr_meta_chunk *km; 635 struct sr_meta_opt_item *omi = NULL; 636 struct sr_meta_keydisk *skm; 637 struct sr_chunk *key_disk = NULL; 638 struct disklabel label; 639 struct vnode *vn; 640 char devname[32]; 641 int c, part, open = 0; 642 643 /* 644 * Create a metadata structure on the key disk and store 645 * keying material in the optional metadata. 646 */ 647 648 sr_meta_getdevname(sc, dev, devname, sizeof(devname)); 649 650 /* Make sure chunk is not already in use. */ 651 c = sr_chunk_in_use(sc, dev); 652 if (c != BIOC_SDINVALID && c != BIOC_SDOFFLINE) { 653 sr_error(sc, "%s is already in use", devname); 654 goto done; 655 } 656 657 /* Open device. */ 658 if (bdevvp(dev, &vn)) { 659 sr_error(sc, "cannot open key disk %s", devname); 660 goto done; 661 } 662 if (VOP_OPEN(vn, FREAD | FWRITE, NOCRED, curproc)) { 663 DNPRINTF(SR_D_META,"%s: sr_crypto_create_key_disk cannot " 664 "open %s\n", DEVNAME(sc), devname); 665 vput(vn); 666 goto fail; 667 } 668 open = 1; /* close dev on error */ 669 670 /* Get partition details. */ 671 part = DISKPART(dev); 672 if (VOP_IOCTL(vn, DIOCGDINFO, (caddr_t)&label, 673 FREAD, NOCRED, curproc)) { 674 DNPRINTF(SR_D_META, "%s: sr_crypto_create_key_disk ioctl " 675 "failed\n", DEVNAME(sc)); 676 VOP_CLOSE(vn, FREAD | FWRITE, NOCRED, curproc); 677 vput(vn); 678 goto fail; 679 } 680 if (label.d_secsize != DEV_BSIZE) { 681 sr_error(sc, "%s has unsupported sector size (%d)", 682 devname, label.d_secsize); 683 goto fail; 684 } 685 if (label.d_partitions[part].p_fstype != FS_RAID) { 686 sr_error(sc, "%s partition not of type RAID (%d)\n", 687 devname, label.d_partitions[part].p_fstype); 688 goto fail; 689 } 690 691 /* 692 * Create and populate chunk metadata. 693 */ 694 695 key_disk = malloc(sizeof(struct sr_chunk), M_DEVBUF, M_WAITOK | M_ZERO); 696 km = &key_disk->src_meta; 697 698 key_disk->src_dev_mm = dev; 699 key_disk->src_vn = vn; 700 strlcpy(key_disk->src_devname, devname, sizeof(km->scmi.scm_devname)); 701 key_disk->src_size = 0; 702 703 km->scmi.scm_volid = sd->sd_meta->ssdi.ssd_level; 704 km->scmi.scm_chunk_id = 0; 705 km->scmi.scm_size = 0; 706 km->scmi.scm_coerced_size = 0; 707 strlcpy(km->scmi.scm_devname, devname, sizeof(km->scmi.scm_devname)); 708 bcopy(&sd->sd_meta->ssdi.ssd_uuid, &km->scmi.scm_uuid, 709 sizeof(struct sr_uuid)); 710 711 sr_checksum(sc, km, &km->scm_checksum, 712 sizeof(struct sr_meta_chunk_invariant)); 713 714 km->scm_status = BIOC_SDONLINE; 715 716 /* 717 * Create and populate our own discipline and metadata. 718 */ 719 720 sm = malloc(sizeof(struct sr_metadata), M_DEVBUF, M_WAITOK | M_ZERO); 721 sm->ssdi.ssd_magic = SR_MAGIC; 722 sm->ssdi.ssd_version = SR_META_VERSION; 723 sm->ssd_ondisk = 0; 724 sm->ssdi.ssd_vol_flags = 0; 725 bcopy(&sd->sd_meta->ssdi.ssd_uuid, &sm->ssdi.ssd_uuid, 726 sizeof(struct sr_uuid)); 727 sm->ssdi.ssd_chunk_no = 1; 728 sm->ssdi.ssd_volid = SR_KEYDISK_VOLID; 729 sm->ssdi.ssd_level = SR_KEYDISK_LEVEL; 730 sm->ssdi.ssd_size = 0; 731 strlcpy(sm->ssdi.ssd_vendor, "OPENBSD", sizeof(sm->ssdi.ssd_vendor)); 732 snprintf(sm->ssdi.ssd_product, sizeof(sm->ssdi.ssd_product), 733 "SR %s", "KEYDISK"); 734 snprintf(sm->ssdi.ssd_revision, sizeof(sm->ssdi.ssd_revision), 735 "%03d", SR_META_VERSION); 736 737 fakesd = malloc(sizeof(struct sr_discipline), M_DEVBUF, 738 M_WAITOK | M_ZERO); 739 fakesd->sd_sc = sd->sd_sc; 740 fakesd->sd_meta = sm; 741 fakesd->sd_meta_type = SR_META_F_NATIVE; 742 fakesd->sd_vol_status = BIOC_SVONLINE; 743 strlcpy(fakesd->sd_name, "KEYDISK", sizeof(fakesd->sd_name)); 744 SLIST_INIT(&fakesd->sd_meta_opt); 745 746 /* Add chunk to volume. */ 747 fakesd->sd_vol.sv_chunks = malloc(sizeof(struct sr_chunk *), M_DEVBUF, 748 M_WAITOK | M_ZERO); 749 fakesd->sd_vol.sv_chunks[0] = key_disk; 750 SLIST_INIT(&fakesd->sd_vol.sv_chunk_list); 751 SLIST_INSERT_HEAD(&fakesd->sd_vol.sv_chunk_list, key_disk, src_link); 752 753 /* Generate mask key. */ 754 arc4random_buf(sd->mds.mdd_crypto.scr_maskkey, 755 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 756 757 /* Copy mask key to optional metadata area. */ 758 omi = malloc(sizeof(struct sr_meta_opt_item), M_DEVBUF, 759 M_WAITOK | M_ZERO); 760 omi->omi_som = malloc(sizeof(struct sr_meta_keydisk), M_DEVBUF, 761 M_WAITOK | M_ZERO); 762 omi->omi_som->som_type = SR_OPT_KEYDISK; 763 omi->omi_som->som_length = sizeof(struct sr_meta_keydisk); 764 skm = (struct sr_meta_keydisk *)omi->omi_som; 765 bcopy(sd->mds.mdd_crypto.scr_maskkey, &skm->skm_maskkey, 766 sizeof(skm->skm_maskkey)); 767 SLIST_INSERT_HEAD(&fakesd->sd_meta_opt, omi, omi_link); 768 fakesd->sd_meta->ssdi.ssd_opt_no++; 769 770 /* Save metadata. */ 771 if (sr_meta_save(fakesd, SR_META_DIRTY)) { 772 sr_error(sc, "could not save metadata to %s", devname); 773 goto fail; 774 } 775 776 goto done; 777 778fail: 779 if (key_disk) 780 free(key_disk, M_DEVBUF); 781 key_disk = NULL; 782 783done: 784 if (omi) 785 free(omi, M_DEVBUF); 786 if (fakesd && fakesd->sd_vol.sv_chunks) 787 free(fakesd->sd_vol.sv_chunks, M_DEVBUF); 788 if (fakesd) 789 free(fakesd, M_DEVBUF); 790 if (sm) 791 free(sm, M_DEVBUF); 792 if (open) { 793 VOP_CLOSE(vn, FREAD | FWRITE, NOCRED, curproc); 794 vput(vn); 795 } 796 797 return key_disk; 798} 799 800struct sr_chunk * 801sr_crypto_read_key_disk(struct sr_discipline *sd, dev_t dev) 802{ 803 struct sr_softc *sc = sd->sd_sc; 804 struct sr_metadata *sm = NULL; 805 struct sr_meta_opt_item *omi, *omi_next; 806 struct sr_meta_opt_hdr *omh; 807 struct sr_meta_keydisk *skm; 808 struct sr_meta_opt_head som; 809 struct sr_chunk *key_disk = NULL; 810 struct disklabel label; 811 struct vnode *vn = NULL; 812 char devname[32]; 813 int c, part, open = 0; 814 815 /* 816 * Load a key disk and load keying material into memory. 817 */ 818 819 SLIST_INIT(&som); 820 821 sr_meta_getdevname(sc, dev, devname, sizeof(devname)); 822 823 /* Make sure chunk is not already in use. */ 824 c = sr_chunk_in_use(sc, dev); 825 if (c != BIOC_SDINVALID && c != BIOC_SDOFFLINE) { 826 sr_error(sc, "%s is already in use", devname); 827 goto done; 828 } 829 830 /* Open device. */ 831 if (bdevvp(dev, &vn)) { 832 sr_error(sc, "cannot open key disk %s", devname); 833 goto done; 834 } 835 if (VOP_OPEN(vn, FREAD | FWRITE, NOCRED, curproc)) { 836 DNPRINTF(SR_D_META,"%s: sr_crypto_read_key_disk cannot " 837 "open %s\n", DEVNAME(sc), devname); 838 vput(vn); 839 goto done; 840 } 841 open = 1; /* close dev on error */ 842 843 /* Get partition details. */ 844 part = DISKPART(dev); 845 if (VOP_IOCTL(vn, DIOCGDINFO, (caddr_t)&label, FREAD, 846 NOCRED, curproc)) { 847 DNPRINTF(SR_D_META, "%s: sr_crypto_read_key_disk ioctl " 848 "failed\n", DEVNAME(sc)); 849 VOP_CLOSE(vn, FREAD | FWRITE, NOCRED, curproc); 850 vput(vn); 851 goto done; 852 } 853 if (label.d_secsize != DEV_BSIZE) { 854 sr_error(sc, "%s has unsupported sector size (%d)", 855 devname, label.d_secsize); 856 goto done; 857 } 858 if (label.d_partitions[part].p_fstype != FS_RAID) { 859 sr_error(sc, "%s partition not of type RAID (%d)\n", 860 devname, label.d_partitions[part].p_fstype); 861 goto done; 862 } 863 864 /* 865 * Read and validate key disk metadata. 866 */ 867 sm = malloc(SR_META_SIZE * 512, M_DEVBUF, M_WAITOK | M_ZERO); 868 if (sr_meta_native_read(sd, dev, sm, NULL)) { 869 sr_error(sc, "native bootprobe could not read native metadata"); 870 goto done; 871 } 872 873 if (sr_meta_validate(sd, dev, sm, NULL)) { 874 DNPRINTF(SR_D_META, "%s: invalid metadata\n", 875 DEVNAME(sc)); 876 goto done; 877 } 878 879 /* Make sure this is a key disk. */ 880 if (sm->ssdi.ssd_level != SR_KEYDISK_LEVEL) { 881 sr_error(sc, "%s is not a key disk", devname); 882 goto done; 883 } 884 885 /* Construct key disk chunk. */ 886 key_disk = malloc(sizeof(struct sr_chunk), M_DEVBUF, M_WAITOK | M_ZERO); 887 key_disk->src_dev_mm = dev; 888 key_disk->src_vn = vn; 889 key_disk->src_size = 0; 890 891 bcopy((struct sr_meta_chunk *)(sm + 1), &key_disk->src_meta, 892 sizeof(key_disk->src_meta)); 893 894 /* Read mask key from optional metadata. */ 895 sr_meta_opt_load(sc, sm, &som); 896 SLIST_FOREACH(omi, &som, omi_link) { 897 omh = omi->omi_som; 898 if (omh->som_type == SR_OPT_KEYDISK) { 899 skm = (struct sr_meta_keydisk *)omh; 900 bcopy(&skm->skm_maskkey, 901 sd->mds.mdd_crypto.scr_maskkey, 902 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 903 } else if (omh->som_type == SR_OPT_CRYPTO) { 904 /* Original keydisk format with key in crypto area. */ 905 bcopy(omh + sizeof(struct sr_meta_opt_hdr), 906 sd->mds.mdd_crypto.scr_maskkey, 907 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 908 } 909 } 910 911 open = 0; 912 913done: 914 for (omi = SLIST_FIRST(&som); omi != SLIST_END(&som); omi = omi_next) { 915 omi_next = SLIST_NEXT(omi, omi_link); 916 if (omi->omi_som) 917 free(omi->omi_som, M_DEVBUF); 918 free(omi, M_DEVBUF); 919 } 920 921 if (sm) 922 free(sm, M_DEVBUF); 923 924 if (vn && open) { 925 VOP_CLOSE(vn, FREAD, NOCRED, curproc); 926 vput(vn); 927 } 928 929 return key_disk; 930} 931 932int 933sr_crypto_alloc_resources(struct sr_discipline *sd) 934{ 935 struct cryptoini cri; 936 struct sr_crypto_wu *crwu; 937 u_int num_keys, i; 938 939 DNPRINTF(SR_D_DIS, "%s: sr_crypto_alloc_resources\n", 940 DEVNAME(sd->sd_sc)); 941 942 sd->mds.mdd_crypto.scr_alg = CRYPTO_AES_XTS; 943 switch (sd->mds.mdd_crypto.scr_meta->scm_alg) { 944 case SR_CRYPTOA_AES_XTS_128: 945 sd->mds.mdd_crypto.scr_klen = 256; 946 break; 947 case SR_CRYPTOA_AES_XTS_256: 948 sd->mds.mdd_crypto.scr_klen = 512; 949 break; 950 default: 951 sr_error(sd->sd_sc, "unknown crypto algorithm"); 952 return (EINVAL); 953 } 954 955 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) 956 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1; 957 958 if (sr_wu_alloc(sd, sizeof(struct sr_workunit))) { 959 sr_error(sd->sd_sc, "unable to allocate work units"); 960 return (ENOMEM); 961 } 962 if (sr_ccb_alloc(sd)) { 963 sr_error(sd->sd_sc, "unable to allocate CCBs"); 964 return (ENOMEM); 965 } 966 if (sr_crypto_decrypt_key(sd)) { 967 sr_error(sd->sd_sc, "incorrect key or passphrase"); 968 return (EPERM); 969 } 970 971 /* 972 * For each wu allocate the uio, iovec and crypto structures. 973 * these have to be allocated now because during runtime we can't 974 * fail an allocation without failing the io (which can cause real 975 * problems). 976 */ 977 mtx_init(&sd->mds.mdd_crypto.scr_mutex, IPL_BIO); 978 TAILQ_INIT(&sd->mds.mdd_crypto.scr_wus); 979 for (i = 0; i < sd->sd_max_wu; i++) { 980 crwu = malloc(sizeof(*crwu), M_DEVBUF, 981 M_WAITOK | M_ZERO | M_CANFAIL); 982 if (crwu == NULL) 983 return (ENOMEM); 984 /* put it on the list now so if we fail it'll be freed */ 985 mtx_enter(&sd->mds.mdd_crypto.scr_mutex); 986 TAILQ_INSERT_TAIL(&sd->mds.mdd_crypto.scr_wus, crwu, cr_link); 987 mtx_leave(&sd->mds.mdd_crypto.scr_mutex); 988 989 crwu->cr_uio.uio_iov = &crwu->cr_iov; 990 crwu->cr_dmabuf = dma_alloc(MAXPHYS, PR_WAITOK); 991 crwu->cr_crp = crypto_getreq(MAXPHYS >> DEV_BSHIFT); 992 if (crwu->cr_crp == NULL) 993 return (ENOMEM); 994 crwu->cr_descs = crwu->cr_crp->crp_desc; 995 } 996 997 memset(&cri, 0, sizeof(cri)); 998 cri.cri_alg = sd->mds.mdd_crypto.scr_alg; 999 cri.cri_klen = sd->mds.mdd_crypto.scr_klen; 1000 1001 /* Allocate a session for every 2^SR_CRYPTO_KEY_BLKSHIFT blocks */ 1002 num_keys = sd->sd_meta->ssdi.ssd_size >> SR_CRYPTO_KEY_BLKSHIFT; 1003 if (num_keys >= SR_CRYPTO_MAXKEYS) 1004 return (EFBIG); 1005 for (i = 0; i <= num_keys; i++) { 1006 cri.cri_key = sd->mds.mdd_crypto.scr_key[i]; 1007 if (crypto_newsession(&sd->mds.mdd_crypto.scr_sid[i], 1008 &cri, 0) != 0) { 1009 for (i = 0; 1010 sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1; 1011 i++) { 1012 crypto_freesession( 1013 sd->mds.mdd_crypto.scr_sid[i]); 1014 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1; 1015 } 1016 return (EINVAL); 1017 } 1018 } 1019 1020 sr_hotplug_register(sd, sr_crypto_hotplug); 1021 1022 return (0); 1023} 1024 1025void 1026sr_crypto_free_resources(struct sr_discipline *sd) 1027{ 1028 struct sr_crypto_wu *crwu; 1029 u_int i; 1030 1031 DNPRINTF(SR_D_DIS, "%s: sr_crypto_free_resources\n", 1032 DEVNAME(sd->sd_sc)); 1033 1034 if (sd->mds.mdd_crypto.key_disk != NULL) { 1035 explicit_bzero(sd->mds.mdd_crypto.key_disk, sizeof 1036 sd->mds.mdd_crypto.key_disk); 1037 free(sd->mds.mdd_crypto.key_disk, M_DEVBUF); 1038 } 1039 1040 sr_hotplug_unregister(sd, sr_crypto_hotplug); 1041 1042 for (i = 0; sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1; i++) { 1043 crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]); 1044 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1; 1045 } 1046 1047 mtx_enter(&sd->mds.mdd_crypto.scr_mutex); 1048 while ((crwu = TAILQ_FIRST(&sd->mds.mdd_crypto.scr_wus)) != NULL) { 1049 TAILQ_REMOVE(&sd->mds.mdd_crypto.scr_wus, crwu, cr_link); 1050 1051 if (crwu->cr_dmabuf != NULL) 1052 dma_free(crwu->cr_dmabuf, MAXPHYS); 1053 if (crwu->cr_crp) { 1054 crwu->cr_crp->crp_desc = crwu->cr_descs; 1055 crypto_freereq(crwu->cr_crp); 1056 } 1057 free(crwu, M_DEVBUF); 1058 } 1059 mtx_leave(&sd->mds.mdd_crypto.scr_mutex); 1060 1061 sr_wu_free(sd); 1062 sr_ccb_free(sd); 1063} 1064 1065int 1066sr_crypto_ioctl(struct sr_discipline *sd, struct bioc_discipline *bd) 1067{ 1068 struct sr_crypto_kdfpair kdfpair; 1069 struct sr_crypto_kdfinfo kdfinfo1, kdfinfo2; 1070 int size, rv = 1; 1071 1072 DNPRINTF(SR_D_IOCTL, "%s: sr_crypto_ioctl %u\n", 1073 DEVNAME(sd->sd_sc), bd->bd_cmd); 1074 1075 switch (bd->bd_cmd) { 1076 case SR_IOCTL_GET_KDFHINT: 1077 1078 /* Get KDF hint for userland. */ 1079 size = sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint); 1080 if (bd->bd_data == NULL || bd->bd_size > size) 1081 goto bad; 1082 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 1083 bd->bd_data, bd->bd_size)) 1084 goto bad; 1085 1086 rv = 0; 1087 1088 break; 1089 1090 case SR_IOCTL_CHANGE_PASSPHRASE: 1091 1092 /* Attempt to change passphrase. */ 1093 1094 size = sizeof(kdfpair); 1095 if (bd->bd_data == NULL || bd->bd_size > size) 1096 goto bad; 1097 if (copyin(bd->bd_data, &kdfpair, size)) 1098 goto bad; 1099 1100 size = sizeof(kdfinfo1); 1101 if (kdfpair.kdfinfo1 == NULL || kdfpair.kdfsize1 > size) 1102 goto bad; 1103 if (copyin(kdfpair.kdfinfo1, &kdfinfo1, size)) 1104 goto bad; 1105 1106 size = sizeof(kdfinfo2); 1107 if (kdfpair.kdfinfo2 == NULL || kdfpair.kdfsize2 > size) 1108 goto bad; 1109 if (copyin(kdfpair.kdfinfo2, &kdfinfo2, size)) 1110 goto bad; 1111 1112 if (sr_crypto_change_maskkey(sd, &kdfinfo1, &kdfinfo2)) 1113 goto bad; 1114 1115 /* Save metadata to disk. */ 1116 rv = sr_meta_save(sd, SR_META_DIRTY); 1117 1118 break; 1119 } 1120 1121bad: 1122 explicit_bzero(&kdfpair, sizeof(kdfpair)); 1123 explicit_bzero(&kdfinfo1, sizeof(kdfinfo1)); 1124 explicit_bzero(&kdfinfo2, sizeof(kdfinfo2)); 1125 1126 return (rv); 1127} 1128 1129int 1130sr_crypto_meta_opt_handler(struct sr_discipline *sd, struct sr_meta_opt_hdr *om) 1131{ 1132 int rv = EINVAL; 1133 1134 if (om->som_type == SR_OPT_CRYPTO) { 1135 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)om; 1136 rv = 0; 1137 } 1138 1139 return (rv); 1140} 1141 1142int 1143sr_crypto_rw(struct sr_workunit *wu) 1144{ 1145 struct sr_crypto_wu *crwu; 1146 daddr_t blk; 1147 int s, rv = 0; 1148 1149 DNPRINTF(SR_D_DIS, "%s: sr_crypto_rw wu %p\n", 1150 DEVNAME(wu->swu_dis->sd_sc), wu); 1151 1152 if (sr_validate_io(wu, &blk, "sr_crypto_rw")) 1153 return (1); 1154 1155 if (wu->swu_xs->flags & SCSI_DATA_OUT) { 1156 crwu = sr_crypto_wu_get(wu, 1); 1157 if (crwu == NULL) 1158 return (1); 1159 crwu->cr_crp->crp_callback = sr_crypto_write; 1160 s = splvm(); 1161 rv = crypto_invoke(crwu->cr_crp); 1162 if (rv == 0) 1163 rv = crwu->cr_crp->crp_etype; 1164 splx(s); 1165 } else 1166 rv = sr_crypto_dev_rw(wu, NULL); 1167 1168 return (rv); 1169} 1170 1171int 1172sr_crypto_write(struct cryptop *crp) 1173{ 1174 struct sr_crypto_wu *crwu = crp->crp_opaque; 1175 struct sr_workunit *wu = crwu->cr_wu; 1176 int s; 1177 1178 DNPRINTF(SR_D_INTR, "%s: sr_crypto_write: wu %x xs: %x\n", 1179 DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs); 1180 1181 if (crp->crp_etype) { 1182 /* fail io */ 1183 wu->swu_xs->error = XS_DRIVER_STUFFUP; 1184 s = splbio(); 1185 sr_crypto_finish_io(wu); 1186 splx(s); 1187 } 1188 1189 return (sr_crypto_dev_rw(wu, crwu)); 1190} 1191 1192int 1193sr_crypto_dev_rw(struct sr_workunit *wu, struct sr_crypto_wu *crwu) 1194{ 1195 struct sr_discipline *sd = wu->swu_dis; 1196 struct scsi_xfer *xs = wu->swu_xs; 1197 struct sr_ccb *ccb; 1198 struct uio *uio; 1199 daddr_t blk; 1200 1201 blk = wu->swu_blk_start; 1202 blk += sd->sd_meta->ssd_data_offset; 1203 1204 ccb = sr_ccb_rw(sd, 0, blk, xs->datalen, xs->data, xs->flags, 0); 1205 if (!ccb) { 1206 /* should never happen but handle more gracefully */ 1207 printf("%s: %s: too many ccbs queued\n", 1208 DEVNAME(sd->sd_sc), sd->sd_meta->ssd_devname); 1209 goto bad; 1210 } 1211 if (!ISSET(xs->flags, SCSI_DATA_IN)) { 1212 uio = crwu->cr_crp->crp_buf; 1213 ccb->ccb_buf.b_data = uio->uio_iov->iov_base; 1214 ccb->ccb_opaque = crwu; 1215 } 1216 sr_wu_enqueue_ccb(wu, ccb); 1217 sr_schedule_wu(wu); 1218 1219 return (0); 1220 1221bad: 1222 /* wu is unwound by sr_wu_put */ 1223 if (crwu) 1224 crwu->cr_crp->crp_etype = EINVAL; 1225 return (1); 1226} 1227 1228void 1229sr_crypto_done(struct sr_workunit *wu) 1230{ 1231 struct scsi_xfer *xs = wu->swu_xs; 1232 struct sr_crypto_wu *crwu; 1233 struct sr_ccb *ccb; 1234 int s; 1235 1236 /* If this was a successful read, initiate decryption of the data. */ 1237 if (ISSET(xs->flags, SCSI_DATA_IN) && xs->error == XS_NOERROR) { 1238 /* only fails on implementation error */ 1239 crwu = sr_crypto_wu_get(wu, 0); 1240 if (crwu == NULL) 1241 panic("sr_crypto_intr: no wu"); 1242 crwu->cr_crp->crp_callback = sr_crypto_read; 1243 ccb = TAILQ_FIRST(&wu->swu_ccb); 1244 if (ccb == NULL) 1245 panic("sr_crypto_done: no ccbs on workunit"); 1246 ccb->ccb_opaque = crwu; 1247 DNPRINTF(SR_D_INTR, "%s: sr_crypto_intr: crypto_invoke %p\n", 1248 DEVNAME(wu->swu_dis->sd_sc), crwu->cr_crp); 1249 s = splvm(); 1250 crypto_invoke(crwu->cr_crp); 1251 splx(s); 1252 return; 1253 } 1254 1255 s = splbio(); 1256 sr_crypto_finish_io(wu); 1257 splx(s); 1258} 1259 1260void 1261sr_crypto_finish_io(struct sr_workunit *wu) 1262{ 1263 struct sr_discipline *sd = wu->swu_dis; 1264 struct scsi_xfer *xs = wu->swu_xs; 1265 struct sr_ccb *ccb; 1266#ifdef SR_DEBUG 1267 struct sr_softc *sc = sd->sd_sc; 1268#endif /* SR_DEBUG */ 1269 1270 splassert(IPL_BIO); 1271 1272 DNPRINTF(SR_D_INTR, "%s: sr_crypto_finish_io: wu %x xs: %x\n", 1273 DEVNAME(sc), wu, xs); 1274 1275 if (wu->swu_cb_active == 1) 1276 panic("%s: sr_crypto_finish_io", DEVNAME(sd->sd_sc)); 1277 TAILQ_FOREACH(ccb, &wu->swu_ccb, ccb_link) { 1278 if (ccb->ccb_opaque == NULL) 1279 continue; 1280 sr_crypto_wu_put(ccb->ccb_opaque); 1281 } 1282 1283 sr_scsi_done(sd, xs); 1284} 1285 1286int 1287sr_crypto_read(struct cryptop *crp) 1288{ 1289 struct sr_crypto_wu *crwu = crp->crp_opaque; 1290 struct sr_workunit *wu = crwu->cr_wu; 1291 int s; 1292 1293 DNPRINTF(SR_D_INTR, "%s: sr_crypto_read: wu %x xs: %x\n", 1294 DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs); 1295 1296 if (crp->crp_etype) 1297 wu->swu_xs->error = XS_DRIVER_STUFFUP; 1298 1299 s = splbio(); 1300 sr_crypto_finish_io(wu); 1301 splx(s); 1302 1303 return (0); 1304} 1305 1306void 1307sr_crypto_hotplug(struct sr_discipline *sd, struct disk *diskp, int action) 1308{ 1309 DNPRINTF(SR_D_MISC, "%s: sr_crypto_hotplug: %s %d\n", 1310 DEVNAME(sd->sd_sc), diskp->dk_name, action); 1311} 1312 1313#ifdef SR_DEBUG0 1314void 1315sr_crypto_dumpkeys(struct sr_discipline *sd) 1316{ 1317 int i, j; 1318 1319 printf("sr_crypto_dumpkeys:\n"); 1320 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) { 1321 printf("\tscm_key[%d]: 0x", i); 1322 for (j = 0; j < SR_CRYPTO_KEYBYTES; j++) { 1323 printf("%02x", 1324 sd->mds.mdd_crypto.scr_meta->scm_key[i][j]); 1325 } 1326 printf("\n"); 1327 } 1328 printf("sr_crypto_dumpkeys: runtime data keys:\n"); 1329 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) { 1330 printf("\tscr_key[%d]: 0x", i); 1331 for (j = 0; j < SR_CRYPTO_KEYBYTES; j++) { 1332 printf("%02x", 1333 sd->mds.mdd_crypto.scr_key[i][j]); 1334 } 1335 printf("\n"); 1336 } 1337} 1338#endif /* SR_DEBUG */ 1339