2 * Copyright (c) 2002 Poul-Henning Kamp
3 * Copyright (c) 2002 Networks Associates Technology, Inc.
6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp
7 * and NAI Labs, the Security Research Division of Network Associates, Inc.
8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
9 * DARPA CHATS research program.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/types.h>
36 #include <sys/queue.h>
37 #include <sys/mutex.h>
39 #include <readpassphrase.h>
49 #include <sys/errno.h>
52 #include <crypto/rijndael/rijndael.h>
53 #include <crypto/sha2/sha2.h>
55 #define KASSERT(foo, bar) do { if(!(foo)) { warn bar ; exit (1); } } while (0)
57 #include <geom/geom.h>
58 #include <geom/bde/g_bde.h>
60 extern const char template[];
65 g_hexdump(void *ptr, int length)
71 for (i = 0; i < length; i+= 16) {
73 for (j = 0; j < 16; j++) {
76 printf(" %02x", cp[k]);
81 for (j = 0; j < 16; j++) {
85 else if (cp[k] >= ' ' && cp[k] <= '~')
96 usage(const char *reason)
101 fprintf(stderr, "Usage error: %s", reason);
102 fprintf(stderr, "Usage:\n");
103 fprintf(stderr, "\t%s attach dest -l filename\n", p);
104 fprintf(stderr, "\t%s detach dest\n", p);
105 fprintf(stderr, "\t%s init dest [-i] [-f filename] -l filename\n", p);
106 fprintf(stderr, "\t%s setkey dest [-n key] -l filename\n", p);
107 fprintf(stderr, "\t%s destroy dest [-n key] -l filename\n", p);
112 g_read_data(struct g_consumer *cp, off_t offset, off_t length, int *error)
122 o2 = lseek(fd, offset, SEEK_SET);
125 i = read(fd, p, length);
134 random_bits(void *p, u_int len)
140 fdr = open("/dev/urandom", O_RDONLY);
142 err(1, "/dev/urandom");
145 i = read(fdr, p, len);
147 err(1, "read from /dev/urandom");
151 static u_char sha2[SHA512_DIGEST_LENGTH];
154 reset_passphrase(struct g_bde_softc *sc)
157 memcpy(sc->sha2, sha2, SHA512_DIGEST_LENGTH);
161 setup_passphrase(struct g_bde_softc *sc, int sure, const char *input)
163 char buf1[BUFSIZ], buf2[BUFSIZ], *p;
166 g_bde_hash_pass(sc, input, strlen(input));
167 memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH);
172 sure ? "Enter new passphrase:" : "Enter passphrase: ",
174 RPP_ECHO_OFF | RPP_REQUIRE_TTY);
176 err(1, "readpassphrase");
179 p = readpassphrase("Reenter new passphrase: ",
181 RPP_ECHO_OFF | RPP_REQUIRE_TTY);
183 err(1, "readpassphrase");
185 if (strcmp(buf1, buf2)) {
186 printf("They didn't match.\n");
190 if (strlen(buf1) < 3) {
191 printf("Too short passphrase.\n");
196 g_bde_hash_pass(sc, buf1, strlen(buf1));
197 memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH);
201 encrypt_sector(void *d, int len, int klen, void *key)
207 error = rijndael_cipherInit(&ci, MODE_CBC, NULL);
209 errx(1, "rijndael_cipherInit=%d", error);
210 error = rijndael_makeKey(&ki, DIR_ENCRYPT, klen, key);
212 errx(1, "rijndael_makeKeY=%d", error);
213 error = rijndael_blockEncrypt(&ci, &ki, d, len * 8, d);
215 errx(1, "rijndael_blockEncrypt=%d", error);
219 cmd_attach(const struct g_bde_softc *sc, const char *dest, const char *lfile)
222 struct geomconfiggeom gcg;
223 u_char buf[256 + 16];
225 gfd = open("/dev/geom.ctl", O_RDWR);
227 err(1, "/dev/geom.ctl");
228 memset(&gcg, 0, sizeof gcg);
229 gcg.class.u.name = "BDE";
230 gcg.class.len = strlen(gcg.class.u.name);
231 gcg.provider.u.name = dest;
232 gcg.provider.len = strlen(gcg.provider.u.name);
234 gcg.len = sizeof buf;
238 ffd = open(lfile, O_RDONLY, 0);
241 read(ffd, buf + sizeof(sc->sha2), 16);
244 memset(buf + sizeof(sc->sha2), 0, 16);
246 memcpy(buf, sc->sha2, sizeof(sc->sha2));
248 i = ioctl(gfd, GEOMCONFIGGEOM, &gcg);
250 err(1, "ioctl(GEOMCONFIGGEOM)");
255 cmd_detach(const char *dest)
258 struct geomconfiggeom gcg;
260 gfd = open("/dev/geom.ctl", O_RDWR);
262 err(1, "/dev/geom.ctl");
263 memset(&gcg, 0, sizeof gcg);
264 gcg.class.u.name = "BDE";
265 gcg.class.len = strlen(gcg.class.u.name);
266 gcg.provider.u.name = dest;
267 gcg.provider.len = strlen(gcg.provider.u.name);
270 i = ioctl(gfd, GEOMCONFIGGEOM, &gcg);
272 err(1, "ioctl(GEOMCONFIGGEOM)");
277 cmd_open(struct g_bde_softc *sc, int dfd , const char *l_opt, u_int *nkey)
286 error = ioctl(dfd, DIOCGSECTORSIZE, §orsize);
289 error = ioctl(dfd, DIOCGMEDIASIZE, &mediasize);
291 error = fstat(dfd, &st);
292 if (error == 0 && S_ISREG(st.st_mode))
293 mediasize = st.st_size;
298 mediasize = (off_t)-1;
300 ffd = open(l_opt, O_RDONLY, 0);
303 read(ffd, keyloc, sizeof keyloc);
306 memset(keyloc, 0, sizeof keyloc);
309 error = g_bde_decrypt_lock(sc, sc->sha2, keyloc, mediasize,
312 errx(1, "Lock was destroyed.");
314 errx(1, "Lock was nuked.");
315 if (error == ENOTDIR)
316 errx(1, "Lock not found");
318 errx(1, "Error %d decrypting lock", error);
320 printf("Opened with key %u\n", *nkey);
325 cmd_nuke(struct g_bde_key *gl, int dfd , int key)
329 off_t offset, offset2;
331 sbuf = malloc(gl->sectorsize);
332 memset(sbuf, 0, gl->sectorsize);
333 offset = (gl->lsector[key] & ~(gl->sectorsize - 1));
334 offset2 = lseek(dfd, offset, SEEK_SET);
335 if (offset2 != offset)
337 i = write(dfd, sbuf, gl->sectorsize);
338 if (i != (int)gl->sectorsize)
340 printf("Nuked key %d\n", key);
344 cmd_write(struct g_bde_key *gl, struct g_bde_softc *sc, int dfd , int key, const char *l_opt)
350 off_t offset, offset2;
352 sbuf = malloc(gl->sectorsize);
354 * Find the byte-offset in the lock sector where we will put the lock
355 * data structure. We can put it any random place as long as the
359 random_bits(off, sizeof off);
360 off[0] &= (gl->sectorsize - 1);
361 if (off[0] + G_BDE_LOCKSIZE > gl->sectorsize)
366 /* Add the sector offset in bytes */
367 off[0] += (gl->lsector[key] & ~(gl->sectorsize - 1));
368 gl->lsector[key] = off[0];
370 i = g_bde_keyloc_encrypt(sc, off, keyloc);
372 errx(1, "g_bde_keyloc_encrypt()");
374 ffd = open(l_opt, O_WRONLY | O_CREAT | O_TRUNC, 0600);
377 write(ffd, keyloc, sizeof keyloc);
379 } else if (gl->flags & 1) {
380 offset2 = lseek(dfd, 0, SEEK_SET);
383 i = read(dfd, sbuf, gl->sectorsize);
384 if (i != (int)gl->sectorsize)
386 memcpy(sbuf + key * 16, keyloc, sizeof keyloc);
387 offset2 = lseek(dfd, 0, SEEK_SET);
390 i = write(dfd, sbuf, gl->sectorsize);
391 if (i != (int)gl->sectorsize)
394 errx(1, "No -L option and no space in sector 0 for lockfile");
397 /* Allocate a sectorbuffer and fill it with random junk */
400 random_bits(sbuf, gl->sectorsize);
402 /* Fill random bits in the spare field */
403 random_bits(gl->spare, sizeof(gl->spare));
405 /* Encode the structure where we want it */
406 q = sbuf + (off[0] % gl->sectorsize);
407 i = g_bde_encode_lock(sc, gl, q);
409 errx(1, "programming error encoding lock");
411 encrypt_sector(q, G_BDE_LOCKSIZE, 256, sc->sha2 + 16);
412 offset = gl->lsector[key] & ~(gl->sectorsize - 1);
413 offset2 = lseek(dfd, offset, SEEK_SET);
414 if (offset2 != offset)
416 i = write(dfd, sbuf, gl->sectorsize);
417 if (i != (int)gl->sectorsize)
419 printf("Wrote key %d at %jd\n", key, (intmax_t)offset);
424 cmd_destroy(struct g_bde_key *gl, int nkey)
428 bzero(&gl->sector0, sizeof gl->sector0);
429 bzero(&gl->sectorN, sizeof gl->sectorN);
430 bzero(&gl->keyoffset, sizeof gl->keyoffset);
431 bzero(&gl->flags, sizeof gl->flags);
432 bzero(gl->mkey, sizeof gl->mkey);
433 for (i = 0; i < G_BDE_MAXKEYS; i++)
439 cmd_init(struct g_bde_key *gl, int dfd, const char *f_opt, int i_opt, const char *l_opt)
443 unsigned sector_size;
444 uint64_t first_sector;
445 uint64_t last_sector;
446 uint64_t total_sectors;
450 char *q, cbuf[BUFSIZ];
455 bzero(gl, sizeof *gl);
457 i = open(f_opt, O_RDONLY);
460 params = properties_read(i);
464 q = strdup("/tmp/temp.XXXXXXXXXX");
468 write(i, template, strlen(template));
471 p = getenv("EDITOR");
474 sprintf(cbuf, "%s %s\n", p, q);
477 i = open(q, O_RDONLY);
480 params = properties_read(i);
486 p = property_find(params, "sector_size");
487 i = ioctl(dfd, DIOCGSECTORSIZE, &u);
491 errx(1, "Missing sector_size property");
493 sector_size = strtoul(p, &q, 0);
495 errx(1, "sector_size not a proper number");
497 if (sector_size & (sector_size - 1))
498 errx(1, "sector_size not a power of 2");
499 if (sector_size < 512)
500 errx(1, "sector_size is smaller than 512");
501 buf = malloc(sector_size);
503 err(1, "Failed to malloc sector buffer");
504 gl->sectorsize = sector_size;
506 i = ioctl(dfd, DIOCGMEDIASIZE, &off);
509 total_sectors = off / sector_size;
510 last_sector = total_sectors - 1;
518 p = property_find(params, "first_sector");
520 first_sector = strtoul(p, &q, 0);
522 errx(1, "first_sector not a proper number");
524 gl->sector0 = first_sector * gl->sectorsize;
527 p = property_find(params, "last_sector");
529 last_sector = strtoul(p, &q, 0);
531 errx(1, "last_sector not a proper number");
532 if (last_sector <= first_sector)
533 errx(1, "last_sector not larger than first_sector");
534 total_sectors = last_sector + 1;
537 /* <total_sectors> */
538 p = property_find(params, "total_sectors");
540 total_sectors = strtoul(p, &q, 0);
542 errx(1, "total_sectors not a proper number");
543 if (last_sector == 0)
544 last_sector = first_sector + total_sectors - 1;
547 if (l_opt == NULL && first_sector != 0)
548 errx(1, "No -L new-lockfile argument and first_sector != 0");
549 else if (l_opt == NULL) {
555 if (total_sectors != (last_sector - first_sector) + 1)
556 errx(1, "total_sectors disagree with first_sector and last_sector");
557 if (total_sectors == 0)
558 errx(1, "missing last_sector or total_sectors");
560 gl->sectorN = (last_sector + 1) * gl->sectorsize;
562 /* Find a random keyoffset */
563 random_bits(&o, sizeof o);
564 o %= (gl->sectorN - gl->sector0);
565 o &= ~(gl->sectorsize - 1);
568 /* <number_of_keys> */
569 p = property_find(params, "number_of_keys");
571 errx(1, "Missing number_of_keys property");
572 nkeys = strtoul(p, &q, 0);
574 errx(1, "number_of_keys not a proper number");
575 if (nkeys < 1 || nkeys > G_BDE_MAXKEYS)
576 errx(1, "number_of_keys out of range");
577 for (u = 0; u < nkeys; u++) {
580 random_bits(&o, sizeof o);
582 o &= ~(gl->sectorsize - 1);
583 } while(o < gl->sector0);
584 for (u2 = 0; u2 < u; u2++)
585 if (o == gl->lsector[u2])
593 for (; u < G_BDE_MAXKEYS; u++) {
595 random_bits(&o, sizeof o);
596 while (o < gl->sectorN);
600 /* Flush sector zero if we use it for lockfile data */
602 off2 = lseek(dfd, 0, SEEK_SET);
604 err(1, "lseek(2) to sector 0");
605 random_bits(buf, sector_size);
606 i = write(dfd, buf, sector_size);
607 if (i != (int)sector_size)
608 err(1, "write sector 0");
612 p = property_find(params, "random_flush");
614 off = first_sector * sector_size;
615 off2 = lseek(dfd, off, SEEK_SET);
617 err(1, "lseek(2) to first_sector");
618 off2 = last_sector * sector_size;
619 while (off <= off2) {
620 random_bits(buf, sector_size);
621 i = write(dfd, buf, sector_size);
622 if (i != (int)sector_size)
623 err(1, "write to $device_name");
628 random_bits(gl->mkey, sizeof gl->mkey);
629 random_bits(gl->salt, sizeof gl->salt);
636 ACT_ATTACH, ACT_DETACH,
637 ACT_INIT, ACT_SETKEY, ACT_DESTROY, ACT_NUKE
641 main(int argc, char **argv)
644 const char *l_opt, *L_opt;
645 const char *p_opt, *P_opt;
648 int i_opt, n_opt, ch, dfd, nkey, doopen;
651 struct g_bde_key *gl;
652 struct g_bde_softc sc;
655 usage("Too few arguments\n");
658 if (!strcmp(argv[1], "attach")) {
661 } else if (!strcmp(argv[1], "detach")) {
664 } else if (!strcmp(argv[1], "init")) {
668 } else if (!strcmp(argv[1], "setkey")) {
672 } else if (!strcmp(argv[1], "destroy")) {
673 action = ACT_DESTROY;
676 } else if (!strcmp(argv[1], "nuke")) {
681 usage("Unknown sub command\n");
698 while((ch = getopt(argc, argv, opts)) != -1)
718 n_opt = strtoul(optarg, &q, 0);
720 usage("-n argument not numeric\n");
721 if (n_opt < -1 || n_opt > G_BDE_MAXKEYS)
722 usage("-n argument out of range\n");
725 usage("Invalid option\n");
729 dfd = open(dest, O_RDWR | O_CREAT, 0644);
734 memset(&sc, 0, sizeof sc);
735 sc.consumer = (struct g_consumer *)&dfd;
739 setup_passphrase(&sc, 0, p_opt);
740 cmd_attach(&sc, dest, l_opt);
746 cmd_init(gl, dfd, f_opt, i_opt, L_opt);
747 setup_passphrase(&sc, 1, P_opt);
748 cmd_write(gl, &sc, dfd, 0, L_opt);
751 setup_passphrase(&sc, 0, p_opt);
752 cmd_open(&sc, dfd, l_opt, &nkey);
755 setup_passphrase(&sc, 1, P_opt);
756 cmd_write(gl, &sc, dfd, n_opt - 1, L_opt);
759 setup_passphrase(&sc, 0, p_opt);
760 cmd_open(&sc, dfd, l_opt, &nkey);
761 cmd_destroy(gl, nkey);
762 reset_passphrase(&sc);
763 cmd_write(gl, &sc, dfd, nkey, l_opt);
766 setup_passphrase(&sc, 0, p_opt);
767 cmd_open(&sc, dfd, l_opt, &nkey);
771 for(i = 0; i < G_BDE_MAXKEYS; i++)
772 cmd_nuke(gl, dfd, i);
774 cmd_nuke(gl, dfd, n_opt - 1);
778 usage("Internal error\n");