2 * Copyright (c) 2002 Poul-Henning Kamp
3 * Copyright (c) 2002 Networks Associates Technology, Inc.
6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp
7 * and NAI Labs, the Security Research Division of Network Associates, Inc.
8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
9 * DARPA CHATS research program.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #ifndef _SYS_GEOM_BDE_G_BDE_H_
36 #define _SYS_GEOM_BDE_G_BDE_H_ 1
39 * These are quite, but not entirely unlike constants.
41 * They are not commented in details here, to prevent unadvisable
42 * experimentation. Please consult the code where they are used before you
43 * even think about modifying these.
46 #define G_BDE_MKEYLEN (2048/8)
47 #define G_BDE_SKEYBITS 128
48 #define G_BDE_SKEYLEN (G_BDE_SKEYBITS/8)
49 #define G_BDE_KKEYBITS 128
50 #define G_BDE_KKEYLEN (G_BDE_KKEYBITS/8)
51 #define G_BDE_MAXKEYS 4
52 #define G_BDE_LOCKSIZE 384
53 #define NLOCK_FIELDS 13
56 /* This just needs to be "large enough" */
57 #define G_BDE_KEYBYTES 304
63 struct g_bde_work *owner;
64 struct g_bde_softc *softc;
69 TAILQ_ENTRY(g_bde_sector) list;
72 enum {JUNK, IO, VALID} state;
83 struct g_bde_softc *softc;
87 struct g_bde_sector *sp;
88 struct g_bde_sector *ksp;
89 TAILQ_ENTRY(g_bde_work) list;
90 enum {SETUP, WAIT, FINISH} state;
95 * The decrypted contents of the lock sectors. Notice that this is not
96 * the same as the on-disk layout. The on-disk layout is dynamic and
97 * dependent on the pass-phrase.
101 /* Physical byte offset of 1st byte used */
103 /* Physical byte offset of 1st byte not used */
105 /* Number of bytes the disk image is skewed. */
106 uint64_t lsector[G_BDE_MAXKEYS];
107 /* Physical byte offsets of lock sectors */
109 /* Our "logical" sector size */
111 #define GBDE_F_SECT0 1
113 /* Used to frustate the kkey generation */
115 /* For future use, random contents */
116 uint8_t mkey[G_BDE_MKEYLEN];
119 /* Non-stored help-fields */
120 uint64_t zone_width; /* On-disk width of zone */
121 uint64_t zone_cont; /* Payload width of zone */
122 uint64_t media_width; /* Non-magic width of zone */
123 u_int keys_per_sector;
131 struct g_consumer *consumer;
132 TAILQ_HEAD(, g_bde_sector) freelist;
133 TAILQ_HEAD(, g_bde_work) worklist;
134 struct mtx worklist_mutex;
136 struct g_bde_key key;
141 u_char sha2[SHA512_DIGEST_LENGTH];
145 void g_bde_crypt_delete(struct g_bde_work *wp);
146 void g_bde_crypt_read(struct g_bde_work *wp);
147 void g_bde_crypt_write(struct g_bde_work *wp);
150 void g_bde_zap_key(struct g_bde_softc *sc);
151 int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len);
152 int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len);
155 int g_bde_encode_lock(u_char *sha2, struct g_bde_key *gl, u_char *ptr);
156 int g_bde_decode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr);
157 int g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64_t v1, void *output);
158 int g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64_t *output);
159 int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *keymat, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey);
160 void g_bde_hash_pass(struct g_bde_softc *sc, const void *input, u_int len);
163 uint64_t g_bde_max_sector(struct g_bde_key *lp);
164 void g_bde_map_sector(struct g_bde_work *wp);
167 void g_bde_start1(struct bio *bp);
168 void g_bde_worker(void *arg);
171 * These four functions wrap the raw Rijndael functions and make sure we
172 * explode if something fails which shouldn't.
176 AES_init(cipherInstance *ci)
180 error = rijndael_cipherInit(ci, MODE_CBC, NULL);
181 KASSERT(error > 0, ("rijndael_cipherInit %d", error));
185 AES_makekey(keyInstance *ki, int dir, u_int len, void *key)
189 error = rijndael_makeKey(ki, dir, len, key);
190 KASSERT(error > 0, ("rijndael_makeKey %d", error));
194 AES_encrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len)
198 error = rijndael_blockEncrypt(ci, ki, in, len * 8, out);
199 KASSERT(error > 0, ("rijndael_blockEncrypt %d", error));
203 AES_decrypt(cipherInstance *ci, keyInstance *ki, void *in, void *out, u_int len)
207 error = rijndael_blockDecrypt(ci, ki, in, len * 8, out);
208 KASSERT(error > 0, ("rijndael_blockDecrypt %d", error));
211 #endif /* _SYS_GEOM_BDE_G_BDE_H_ */