xref: /freebsd/sys/geom/eli/g_eli_crypto.c (revision 13ea0450a9c8742119d36f3bf8f47accdce46e54)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2005-2010 Pawel Jakub Dawidek <pjd@FreeBSD.org>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
31 
32 #include <sys/param.h>
33 #ifdef _KERNEL
34 #include <sys/systm.h>
35 #include <sys/kernel.h>
36 #include <sys/malloc.h>
37 #else
38 #include <stdint.h>
39 #include <string.h>
40 #include <strings.h>
41 #include <errno.h>
42 #include <assert.h>
43 #include <openssl/evp.h>
44 #define	_OpenSSL_
45 #endif
46 #include <geom/eli/g_eli.h>
47 
48 #ifdef _KERNEL
49 MALLOC_DECLARE(M_ELI);
50 
51 static int
52 g_eli_crypto_done(struct cryptop *crp)
53 {
54 
55 	crp->crp_opaque = (void *)crp;
56 	wakeup(crp);
57 	return (0);
58 }
59 
60 static int
61 g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
62     const u_char *key, size_t keysize)
63 {
64 	struct cryptoini cri;
65 	struct cryptop *crp;
66 	struct cryptodesc *crd;
67 	crypto_session_t sid;
68 	u_char *p;
69 	int error;
70 
71 	KASSERT(algo != CRYPTO_AES_XTS,
72 	    ("%s: CRYPTO_AES_XTS unexpected here", __func__));
73 
74 	bzero(&cri, sizeof(cri));
75 	cri.cri_alg = algo;
76 	cri.cri_key = __DECONST(void *, key);
77 	cri.cri_klen = keysize;
78 	error = crypto_newsession(&sid, &cri, CRYPTOCAP_F_SOFTWARE);
79 	if (error != 0)
80 		return (error);
81 	p = malloc(sizeof(*crp) + sizeof(*crd), M_ELI, M_NOWAIT | M_ZERO);
82 	if (p == NULL) {
83 		crypto_freesession(sid);
84 		return (ENOMEM);
85 	}
86 	crp = (struct cryptop *)p;	p += sizeof(*crp);
87 	crd = (struct cryptodesc *)p;	p += sizeof(*crd);
88 
89 	crd->crd_skip = 0;
90 	crd->crd_len = datasize;
91 	crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
92 	if (enc)
93 		crd->crd_flags |= CRD_F_ENCRYPT;
94 	crd->crd_alg = algo;
95 	crd->crd_key = __DECONST(void *, key);
96 	crd->crd_klen = keysize;
97 	bzero(crd->crd_iv, sizeof(crd->crd_iv));
98 	crd->crd_next = NULL;
99 
100 	crp->crp_session = sid;
101 	crp->crp_ilen = datasize;
102 	crp->crp_olen = datasize;
103 	crp->crp_opaque = NULL;
104 	crp->crp_callback = g_eli_crypto_done;
105 	crp->crp_buf = (void *)data;
106 	crp->crp_flags = CRYPTO_F_CBIFSYNC;
107 	crp->crp_desc = crd;
108 
109 	error = crypto_dispatch(crp);
110 	if (error == 0) {
111 		while (crp->crp_opaque == NULL)
112 			tsleep(crp, PRIBIO, "geli", hz / 5);
113 		error = crp->crp_etype;
114 	}
115 
116 	free(crp, M_ELI);
117 	crypto_freesession(sid);
118 	return (error);
119 }
120 #else	/* !_KERNEL */
121 static int
122 g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
123     const u_char *key, size_t keysize)
124 {
125 	EVP_CIPHER_CTX *ctx;
126 	const EVP_CIPHER *type;
127 	u_char iv[keysize];
128 	int outsize;
129 
130 	assert(algo != CRYPTO_AES_XTS);
131 
132 	switch (algo) {
133 	case CRYPTO_NULL_CBC:
134 		type = EVP_enc_null();
135 		break;
136 	case CRYPTO_AES_CBC:
137 		switch (keysize) {
138 		case 128:
139 			type = EVP_aes_128_cbc();
140 			break;
141 		case 192:
142 			type = EVP_aes_192_cbc();
143 			break;
144 		case 256:
145 			type = EVP_aes_256_cbc();
146 			break;
147 		default:
148 			return (EINVAL);
149 		}
150 		break;
151 	case CRYPTO_BLF_CBC:
152 		type = EVP_bf_cbc();
153 		break;
154 #ifndef OPENSSL_NO_CAMELLIA
155 	case CRYPTO_CAMELLIA_CBC:
156 		switch (keysize) {
157 		case 128:
158 			type = EVP_camellia_128_cbc();
159 			break;
160 		case 192:
161 			type = EVP_camellia_192_cbc();
162 			break;
163 		case 256:
164 			type = EVP_camellia_256_cbc();
165 			break;
166 		default:
167 			return (EINVAL);
168 		}
169 		break;
170 #endif
171 	case CRYPTO_3DES_CBC:
172 		type = EVP_des_ede3_cbc();
173 		break;
174 	default:
175 		return (EINVAL);
176 	}
177 
178 	ctx = EVP_CIPHER_CTX_new();
179 	if (ctx == NULL)
180 		return (ENOMEM);
181 
182 	EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, enc);
183 	EVP_CIPHER_CTX_set_key_length(ctx, keysize / 8);
184 	EVP_CIPHER_CTX_set_padding(ctx, 0);
185 	bzero(iv, sizeof(iv));
186 	EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc);
187 
188 	if (EVP_CipherUpdate(ctx, data, &outsize, data, datasize) == 0) {
189 		EVP_CIPHER_CTX_free(ctx);
190 		return (EINVAL);
191 	}
192 	assert(outsize == (int)datasize);
193 
194 	if (EVP_CipherFinal_ex(ctx, data + outsize, &outsize) == 0) {
195 		EVP_CIPHER_CTX_free(ctx);
196 		return (EINVAL);
197 	}
198 	assert(outsize == 0);
199 
200 	EVP_CIPHER_CTX_free(ctx);
201 	return (0);
202 }
203 #endif	/* !_KERNEL */
204 
205 int
206 g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize,
207     const u_char *key, size_t keysize)
208 {
209 
210 	/* We prefer AES-CBC for metadata protection. */
211 	if (algo == CRYPTO_AES_XTS)
212 		algo = CRYPTO_AES_CBC;
213 
214 	return (g_eli_crypto_cipher(algo, 1, data, datasize, key, keysize));
215 }
216 
217 int
218 g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize,
219     const u_char *key, size_t keysize)
220 {
221 
222 	/* We prefer AES-CBC for metadata protection. */
223 	if (algo == CRYPTO_AES_XTS)
224 		algo = CRYPTO_AES_CBC;
225 
226 	return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize));
227 }
228