1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2005-2010 Pawel Jakub Dawidek <pjd@FreeBSD.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 __FBSDID("$FreeBSD$"); 31 32 #include <sys/param.h> 33 #ifdef _KERNEL 34 #include <sys/systm.h> 35 #include <sys/kernel.h> 36 #include <sys/malloc.h> 37 #else 38 #include <stdint.h> 39 #include <string.h> 40 #include <strings.h> 41 #include <errno.h> 42 #include <assert.h> 43 #include <openssl/evp.h> 44 #define _OpenSSL_ 45 #endif 46 #include <geom/eli/g_eli.h> 47 48 #ifdef _KERNEL 49 MALLOC_DECLARE(M_ELI); 50 51 static int 52 g_eli_crypto_done(struct cryptop *crp) 53 { 54 55 crp->crp_opaque = (void *)crp; 56 wakeup(crp); 57 return (0); 58 } 59 60 static int 61 g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize, 62 const u_char *key, size_t keysize) 63 { 64 struct cryptoini cri; 65 struct cryptop *crp; 66 struct cryptodesc *crd; 67 crypto_session_t sid; 68 u_char *p; 69 int error; 70 71 KASSERT(algo != CRYPTO_AES_XTS, 72 ("%s: CRYPTO_AES_XTS unexpected here", __func__)); 73 74 bzero(&cri, sizeof(cri)); 75 cri.cri_alg = algo; 76 cri.cri_key = __DECONST(void *, key); 77 cri.cri_klen = keysize; 78 error = crypto_newsession(&sid, &cri, CRYPTOCAP_F_SOFTWARE); 79 if (error != 0) 80 return (error); 81 p = malloc(sizeof(*crp) + sizeof(*crd), M_ELI, M_NOWAIT | M_ZERO); 82 if (p == NULL) { 83 crypto_freesession(sid); 84 return (ENOMEM); 85 } 86 crp = (struct cryptop *)p; p += sizeof(*crp); 87 crd = (struct cryptodesc *)p; p += sizeof(*crd); 88 89 crd->crd_skip = 0; 90 crd->crd_len = datasize; 91 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; 92 if (enc) 93 crd->crd_flags |= CRD_F_ENCRYPT; 94 crd->crd_alg = algo; 95 crd->crd_key = __DECONST(void *, key); 96 crd->crd_klen = keysize; 97 bzero(crd->crd_iv, sizeof(crd->crd_iv)); 98 crd->crd_next = NULL; 99 100 crp->crp_session = sid; 101 crp->crp_ilen = datasize; 102 crp->crp_olen = datasize; 103 crp->crp_opaque = NULL; 104 crp->crp_callback = g_eli_crypto_done; 105 crp->crp_buf = (void *)data; 106 crp->crp_flags = CRYPTO_F_CBIFSYNC; 107 crp->crp_desc = crd; 108 109 error = crypto_dispatch(crp); 110 if (error == 0) { 111 while (crp->crp_opaque == NULL) 112 tsleep(crp, PRIBIO, "geli", hz / 5); 113 error = crp->crp_etype; 114 } 115 116 free(crp, M_ELI); 117 crypto_freesession(sid); 118 return (error); 119 } 120 #else /* !_KERNEL */ 121 static int 122 g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize, 123 const u_char *key, size_t keysize) 124 { 125 EVP_CIPHER_CTX ctx; 126 const EVP_CIPHER *type; 127 u_char iv[keysize]; 128 int outsize; 129 130 assert(algo != CRYPTO_AES_XTS); 131 132 switch (algo) { 133 case CRYPTO_NULL_CBC: 134 type = EVP_enc_null(); 135 break; 136 case CRYPTO_AES_CBC: 137 switch (keysize) { 138 case 128: 139 type = EVP_aes_128_cbc(); 140 break; 141 case 192: 142 type = EVP_aes_192_cbc(); 143 break; 144 case 256: 145 type = EVP_aes_256_cbc(); 146 break; 147 default: 148 return (EINVAL); 149 } 150 break; 151 case CRYPTO_BLF_CBC: 152 type = EVP_bf_cbc(); 153 break; 154 #ifndef OPENSSL_NO_CAMELLIA 155 case CRYPTO_CAMELLIA_CBC: 156 switch (keysize) { 157 case 128: 158 type = EVP_camellia_128_cbc(); 159 break; 160 case 192: 161 type = EVP_camellia_192_cbc(); 162 break; 163 case 256: 164 type = EVP_camellia_256_cbc(); 165 break; 166 default: 167 return (EINVAL); 168 } 169 break; 170 #endif 171 case CRYPTO_3DES_CBC: 172 type = EVP_des_ede3_cbc(); 173 break; 174 default: 175 return (EINVAL); 176 } 177 178 EVP_CIPHER_CTX_init(&ctx); 179 180 EVP_CipherInit_ex(&ctx, type, NULL, NULL, NULL, enc); 181 EVP_CIPHER_CTX_set_key_length(&ctx, keysize / 8); 182 EVP_CIPHER_CTX_set_padding(&ctx, 0); 183 bzero(iv, sizeof(iv)); 184 EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, enc); 185 186 if (EVP_CipherUpdate(&ctx, data, &outsize, data, datasize) == 0) { 187 EVP_CIPHER_CTX_cleanup(&ctx); 188 return (EINVAL); 189 } 190 assert(outsize == (int)datasize); 191 192 if (EVP_CipherFinal_ex(&ctx, data + outsize, &outsize) == 0) { 193 EVP_CIPHER_CTX_cleanup(&ctx); 194 return (EINVAL); 195 } 196 assert(outsize == 0); 197 198 EVP_CIPHER_CTX_cleanup(&ctx); 199 return (0); 200 } 201 #endif /* !_KERNEL */ 202 203 int 204 g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize, 205 const u_char *key, size_t keysize) 206 { 207 208 /* We prefer AES-CBC for metadata protection. */ 209 if (algo == CRYPTO_AES_XTS) 210 algo = CRYPTO_AES_CBC; 211 212 return (g_eli_crypto_cipher(algo, 1, data, datasize, key, keysize)); 213 } 214 215 int 216 g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize, 217 const u_char *key, size_t keysize) 218 { 219 220 /* We prefer AES-CBC for metadata protection. */ 221 if (algo == CRYPTO_AES_XTS) 222 algo = CRYPTO_AES_CBC; 223 224 return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize)); 225 } 226