2 * Copyright (c) 2005-2011 Pawel Jakub Dawidek <pawel@dawidek.net>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
30 #include <sys/param.h>
31 #include <sys/systm.h>
33 #include <sys/kernel.h>
34 #include <sys/linker.h>
35 #include <sys/module.h>
37 #include <sys/mutex.h>
40 #include <sys/sysctl.h>
41 #include <sys/malloc.h>
42 #include <sys/eventhandler.h>
43 #include <sys/kthread.h>
45 #include <sys/sched.h>
48 #include <sys/vnode.h>
52 #include <geom/geom.h>
53 #include <geom/eli/g_eli.h>
54 #include <geom/eli/pkcs5v2.h>
56 #include <crypto/intake.h>
58 FEATURE(geom_eli, "GEOM crypto module");
60 MALLOC_DEFINE(M_ELI, "eli data", "GEOM_ELI Data");
62 SYSCTL_DECL(_kern_geom);
63 SYSCTL_NODE(_kern_geom, OID_AUTO, eli, CTLFLAG_RW, 0, "GEOM_ELI stuff");
64 static int g_eli_version = G_ELI_VERSION;
65 SYSCTL_INT(_kern_geom_eli, OID_AUTO, version, CTLFLAG_RD, &g_eli_version, 0,
68 SYSCTL_INT(_kern_geom_eli, OID_AUTO, debug, CTLFLAG_RWTUN, &g_eli_debug, 0,
70 static u_int g_eli_tries = 3;
71 SYSCTL_UINT(_kern_geom_eli, OID_AUTO, tries, CTLFLAG_RWTUN, &g_eli_tries, 0,
72 "Number of tries for entering the passphrase");
73 static u_int g_eli_visible_passphrase = GETS_NOECHO;
74 SYSCTL_UINT(_kern_geom_eli, OID_AUTO, visible_passphrase, CTLFLAG_RWTUN,
75 &g_eli_visible_passphrase, 0,
76 "Visibility of passphrase prompt (0 = invisible, 1 = visible, 2 = asterisk)");
77 u_int g_eli_overwrites = G_ELI_OVERWRITES;
78 SYSCTL_UINT(_kern_geom_eli, OID_AUTO, overwrites, CTLFLAG_RWTUN, &g_eli_overwrites,
79 0, "Number of times on-disk keys should be overwritten when destroying them");
80 static u_int g_eli_threads = 0;
81 SYSCTL_UINT(_kern_geom_eli, OID_AUTO, threads, CTLFLAG_RWTUN, &g_eli_threads, 0,
82 "Number of threads doing crypto work");
83 u_int g_eli_batch = 0;
84 SYSCTL_UINT(_kern_geom_eli, OID_AUTO, batch, CTLFLAG_RWTUN, &g_eli_batch, 0,
85 "Use crypto operations batching");
88 * Passphrase cached during boot, in order to be more user-friendly if
89 * there are multiple providers using the same passphrase.
91 static char cached_passphrase[256];
92 static u_int g_eli_boot_passcache = 1;
93 TUNABLE_INT("kern.geom.eli.boot_passcache", &g_eli_boot_passcache);
94 SYSCTL_UINT(_kern_geom_eli, OID_AUTO, boot_passcache, CTLFLAG_RD,
95 &g_eli_boot_passcache, 0,
96 "Passphrases are cached during boot process for possible reuse");
98 fetch_loader_passphrase(void * dummy)
100 char * env_passphrase;
102 KASSERT(dynamic_kenv, ("need dynamic kenv"));
104 if ((env_passphrase = kern_getenv("kern.geom.eli.passphrase")) != NULL) {
105 /* Extract passphrase from the environment. */
106 strlcpy(cached_passphrase, env_passphrase,
107 sizeof(cached_passphrase));
108 freeenv(env_passphrase);
110 /* Wipe the passphrase from the environment. */
111 kern_unsetenv("kern.geom.eli.passphrase");
114 SYSINIT(geli_fetch_loader_passphrase, SI_SUB_KMEM + 1, SI_ORDER_ANY,
115 fetch_loader_passphrase, NULL);
118 zero_boot_passcache(void)
121 explicit_bzero(cached_passphrase, sizeof(cached_passphrase));
125 zero_geli_intake_keys(void)
127 struct keybuf *keybuf;
130 if ((keybuf = get_keybuf()) != NULL) {
131 /* Scan the key buffer, clear all GELI keys. */
132 for (i = 0; i < keybuf->kb_nents; i++) {
133 if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
134 explicit_bzero(keybuf->kb_ents[i].ke_data,
135 sizeof(keybuf->kb_ents[i].ke_data));
136 keybuf->kb_ents[i].ke_type = KEYBUF_TYPE_NONE;
143 zero_intake_passcache(void *dummy)
145 zero_boot_passcache();
146 zero_geli_intake_keys();
148 EVENTHANDLER_DEFINE(mountroot, zero_intake_passcache, NULL, 0);
150 static eventhandler_tag g_eli_pre_sync = NULL;
152 static int g_eli_destroy_geom(struct gctl_req *req, struct g_class *mp,
154 static void g_eli_init(struct g_class *mp);
155 static void g_eli_fini(struct g_class *mp);
157 static g_taste_t g_eli_taste;
158 static g_dumpconf_t g_eli_dumpconf;
160 struct g_class g_eli_class = {
161 .name = G_ELI_CLASS_NAME,
162 .version = G_VERSION,
163 .ctlreq = g_eli_config,
164 .taste = g_eli_taste,
165 .destroy_geom = g_eli_destroy_geom,
174 * g_eli_start -> g_eli_crypto_read -> g_io_request -> g_eli_read_done -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver
176 * g_eli_start -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> g_eli_write_done -> g_io_deliver
181 * EAGAIN from crypto(9) means, that we were probably balanced to another crypto
182 * accelerator or something like this.
183 * The function updates the SID and rerun the operation.
186 g_eli_crypto_rerun(struct cryptop *crp)
188 struct g_eli_softc *sc;
189 struct g_eli_worker *wr;
193 bp = (struct bio *)crp->crp_opaque;
194 sc = bp->bio_to->geom->softc;
195 LIST_FOREACH(wr, &sc->sc_workers, w_next) {
196 if (wr->w_number == bp->bio_pflags)
199 KASSERT(wr != NULL, ("Invalid worker (%u).", bp->bio_pflags));
200 G_ELI_DEBUG(1, "Rerunning crypto %s request (sid: %ju -> %ju).",
201 bp->bio_cmd == BIO_READ ? "READ" : "WRITE", (uintmax_t)wr->w_sid,
202 (uintmax_t)crp->crp_sid);
203 wr->w_sid = crp->crp_sid;
205 error = crypto_dispatch(crp);
208 G_ELI_DEBUG(1, "%s: crypto_dispatch() returned %d.", __func__, error);
209 crp->crp_etype = error;
214 g_eli_getattr_done(struct bio *bp)
216 if (bp->bio_error == 0 &&
217 !strcmp(bp->bio_attribute, "GEOM::physpath")) {
218 strlcat(bp->bio_data, "/eli", bp->bio_length);
224 * The function is called afer reading encrypted data from the provider.
226 * g_eli_start -> g_eli_crypto_read -> g_io_request -> G_ELI_READ_DONE -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver
229 g_eli_read_done(struct bio *bp)
231 struct g_eli_softc *sc;
234 G_ELI_LOGREQ(2, bp, "Request done.");
235 pbp = bp->bio_parent;
236 if (pbp->bio_error == 0 && bp->bio_error != 0)
237 pbp->bio_error = bp->bio_error;
240 * Do we have all sectors already?
243 if (pbp->bio_inbed < pbp->bio_children)
245 sc = pbp->bio_to->geom->softc;
246 if (pbp->bio_error != 0) {
247 G_ELI_LOGREQ(0, pbp, "%s() failed (error=%d)", __func__,
249 pbp->bio_completed = 0;
250 if (pbp->bio_driver2 != NULL) {
251 free(pbp->bio_driver2, M_ELI);
252 pbp->bio_driver2 = NULL;
254 g_io_deliver(pbp, pbp->bio_error);
256 atomic_subtract_int(&sc->sc_inflight, 1);
259 mtx_lock(&sc->sc_queue_mtx);
260 bioq_insert_tail(&sc->sc_queue, pbp);
261 mtx_unlock(&sc->sc_queue_mtx);
266 * The function is called after we encrypt and write data.
268 * g_eli_start -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> G_ELI_WRITE_DONE -> g_io_deliver
271 g_eli_write_done(struct bio *bp)
273 struct g_eli_softc *sc;
276 G_ELI_LOGREQ(2, bp, "Request done.");
277 pbp = bp->bio_parent;
278 if (pbp->bio_error == 0 && bp->bio_error != 0)
279 pbp->bio_error = bp->bio_error;
282 * Do we have all sectors already?
285 if (pbp->bio_inbed < pbp->bio_children)
287 free(pbp->bio_driver2, M_ELI);
288 pbp->bio_driver2 = NULL;
289 if (pbp->bio_error != 0) {
290 G_ELI_LOGREQ(0, pbp, "%s() failed (error=%d)", __func__,
292 pbp->bio_completed = 0;
294 pbp->bio_completed = pbp->bio_length;
297 * Write is finished, send it up.
299 sc = pbp->bio_to->geom->softc;
300 g_io_deliver(pbp, pbp->bio_error);
302 atomic_subtract_int(&sc->sc_inflight, 1);
306 * This function should never be called, but GEOM made as it set ->orphan()
307 * method for every geom.
310 g_eli_orphan_spoil_assert(struct g_consumer *cp)
313 panic("Function %s() called for %s.", __func__, cp->geom->name);
317 g_eli_orphan(struct g_consumer *cp)
319 struct g_eli_softc *sc;
322 sc = cp->geom->softc;
325 g_eli_destroy(sc, TRUE);
330 * G_ELI_START -> g_eli_crypto_read -> g_io_request -> g_eli_read_done -> g_eli_crypto_run -> g_eli_crypto_read_done -> g_io_deliver
332 * G_ELI_START -> g_eli_crypto_run -> g_eli_crypto_write_done -> g_io_request -> g_eli_write_done -> g_io_deliver
335 g_eli_start(struct bio *bp)
337 struct g_eli_softc *sc;
338 struct g_consumer *cp;
341 sc = bp->bio_to->geom->softc;
343 ("Provider's error should be set (error=%d)(device=%s).",
344 bp->bio_to->error, bp->bio_to->name));
345 G_ELI_LOGREQ(2, bp, "Request received.");
347 switch (bp->bio_cmd) {
356 * If the user hasn't set the NODELETE flag, we just pass
357 * it down the stack and let the layers beneath us do (or
358 * not) whatever they do with it. If they have, we
359 * reject it. A possible extension would be an
360 * additional flag to take it as a hint to shred the data
361 * with [multiple?] overwrites.
363 if (!(sc->sc_flags & G_ELI_FLAG_NODELETE))
366 g_io_deliver(bp, EOPNOTSUPP);
369 cbp = g_clone_bio(bp);
371 g_io_deliver(bp, ENOMEM);
374 bp->bio_driver1 = cbp;
375 bp->bio_pflags = G_ELI_NEW_BIO;
376 switch (bp->bio_cmd) {
378 if (!(sc->sc_flags & G_ELI_FLAG_AUTH)) {
379 g_eli_crypto_read(sc, bp, 0);
384 mtx_lock(&sc->sc_queue_mtx);
385 bioq_insert_tail(&sc->sc_queue, bp);
386 mtx_unlock(&sc->sc_queue_mtx);
393 if (bp->bio_cmd == BIO_GETATTR)
394 cbp->bio_done = g_eli_getattr_done;
396 cbp->bio_done = g_std_done;
397 cp = LIST_FIRST(&sc->sc_geom->consumer);
398 cbp->bio_to = cp->provider;
399 G_ELI_LOGREQ(2, cbp, "Sending request.");
400 g_io_request(cbp, cp);
406 g_eli_newsession(struct g_eli_worker *wr)
408 struct g_eli_softc *sc;
409 struct cryptoini crie, cria;
414 bzero(&crie, sizeof(crie));
415 crie.cri_alg = sc->sc_ealgo;
416 crie.cri_klen = sc->sc_ekeylen;
417 if (sc->sc_ealgo == CRYPTO_AES_XTS)
419 if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) != 0) {
420 crie.cri_key = g_eli_key_hold(sc, 0,
421 LIST_FIRST(&sc->sc_geom->consumer)->provider->sectorsize);
423 crie.cri_key = sc->sc_ekey;
425 if (sc->sc_flags & G_ELI_FLAG_AUTH) {
426 bzero(&cria, sizeof(cria));
427 cria.cri_alg = sc->sc_aalgo;
428 cria.cri_klen = sc->sc_akeylen;
429 cria.cri_key = sc->sc_akey;
430 crie.cri_next = &cria;
433 switch (sc->sc_crypto) {
434 case G_ELI_CRYPTO_SW:
435 error = crypto_newsession(&wr->w_sid, &crie,
436 CRYPTOCAP_F_SOFTWARE);
438 case G_ELI_CRYPTO_HW:
439 error = crypto_newsession(&wr->w_sid, &crie,
440 CRYPTOCAP_F_HARDWARE);
442 case G_ELI_CRYPTO_UNKNOWN:
443 error = crypto_newsession(&wr->w_sid, &crie,
444 CRYPTOCAP_F_HARDWARE);
446 mtx_lock(&sc->sc_queue_mtx);
447 if (sc->sc_crypto == G_ELI_CRYPTO_UNKNOWN)
448 sc->sc_crypto = G_ELI_CRYPTO_HW;
449 mtx_unlock(&sc->sc_queue_mtx);
451 error = crypto_newsession(&wr->w_sid, &crie,
452 CRYPTOCAP_F_SOFTWARE);
453 mtx_lock(&sc->sc_queue_mtx);
454 if (sc->sc_crypto == G_ELI_CRYPTO_UNKNOWN)
455 sc->sc_crypto = G_ELI_CRYPTO_SW;
456 mtx_unlock(&sc->sc_queue_mtx);
460 panic("%s: invalid condition", __func__);
463 if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) != 0)
464 g_eli_key_drop(sc, crie.cri_key);
470 g_eli_freesession(struct g_eli_worker *wr)
473 crypto_freesession(wr->w_sid);
477 g_eli_cancel(struct g_eli_softc *sc)
481 mtx_assert(&sc->sc_queue_mtx, MA_OWNED);
483 while ((bp = bioq_takefirst(&sc->sc_queue)) != NULL) {
484 KASSERT(bp->bio_pflags == G_ELI_NEW_BIO,
485 ("Not new bio when canceling (bp=%p).", bp));
486 g_io_deliver(bp, ENXIO);
491 g_eli_takefirst(struct g_eli_softc *sc)
495 mtx_assert(&sc->sc_queue_mtx, MA_OWNED);
497 if (!(sc->sc_flags & G_ELI_FLAG_SUSPEND))
498 return (bioq_takefirst(&sc->sc_queue));
500 * Device suspended, so we skip new I/O requests.
502 TAILQ_FOREACH(bp, &sc->sc_queue.queue, bio_queue) {
503 if (bp->bio_pflags != G_ELI_NEW_BIO)
507 bioq_remove(&sc->sc_queue, bp);
512 * This is the main function for kernel worker thread when we don't have
513 * hardware acceleration and we have to do cryptography in software.
514 * Dedicated thread is needed, so we don't slow down g_up/g_down GEOM
515 * threads with crypto work.
518 g_eli_worker(void *arg)
520 struct g_eli_softc *sc;
521 struct g_eli_worker *wr;
527 #ifdef EARLY_AP_STARTUP
528 MPASS(!sc->sc_cpubind || smp_started);
530 /* Before sched_bind() to a CPU, wait for all CPUs to go on-line. */
531 if (sc->sc_cpubind) {
533 tsleep(wr, 0, "geli:smp", hz / 4);
536 thread_lock(curthread);
537 sched_prio(curthread, PUSER);
539 sched_bind(curthread, wr->w_number % mp_ncpus);
540 thread_unlock(curthread);
542 G_ELI_DEBUG(1, "Thread %s started.", curthread->td_proc->p_comm);
545 mtx_lock(&sc->sc_queue_mtx);
547 bp = g_eli_takefirst(sc);
549 if (sc->sc_flags & G_ELI_FLAG_DESTROY) {
551 LIST_REMOVE(wr, w_next);
552 g_eli_freesession(wr);
554 G_ELI_DEBUG(1, "Thread %s exiting.",
555 curthread->td_proc->p_comm);
556 wakeup(&sc->sc_workers);
557 mtx_unlock(&sc->sc_queue_mtx);
560 while (sc->sc_flags & G_ELI_FLAG_SUSPEND) {
561 if (sc->sc_inflight > 0) {
562 G_ELI_DEBUG(0, "inflight=%d",
565 * We still have inflight BIOs, so
568 msleep(sc, &sc->sc_queue_mtx, PRIBIO,
573 * Suspend requested, mark the worker as
574 * suspended and go to sleep.
577 g_eli_freesession(wr);
578 wr->w_active = FALSE;
580 wakeup(&sc->sc_workers);
581 msleep(sc, &sc->sc_queue_mtx, PRIBIO,
584 !(sc->sc_flags & G_ELI_FLAG_SUSPEND)) {
585 error = g_eli_newsession(wr);
587 ("g_eli_newsession() failed on resume (error=%d)",
593 msleep(sc, &sc->sc_queue_mtx, PDROP, "geli:w", 0);
596 if (bp->bio_pflags == G_ELI_NEW_BIO)
597 atomic_add_int(&sc->sc_inflight, 1);
598 mtx_unlock(&sc->sc_queue_mtx);
599 if (bp->bio_pflags == G_ELI_NEW_BIO) {
601 if (sc->sc_flags & G_ELI_FLAG_AUTH) {
602 if (bp->bio_cmd == BIO_READ)
603 g_eli_auth_read(sc, bp);
605 g_eli_auth_run(wr, bp);
607 if (bp->bio_cmd == BIO_READ)
608 g_eli_crypto_read(sc, bp, 1);
610 g_eli_crypto_run(wr, bp);
613 if (sc->sc_flags & G_ELI_FLAG_AUTH)
614 g_eli_auth_run(wr, bp);
616 g_eli_crypto_run(wr, bp);
622 g_eli_read_metadata(struct g_class *mp, struct g_provider *pp,
623 struct g_eli_metadata *md)
626 struct g_consumer *cp;
632 gp = g_new_geomf(mp, "eli:taste");
633 gp->start = g_eli_start;
634 gp->access = g_std_access;
636 * g_eli_read_metadata() is always called from the event thread.
637 * Our geom is created and destroyed in the same event, so there
638 * could be no orphan nor spoil event in the meantime.
640 gp->orphan = g_eli_orphan_spoil_assert;
641 gp->spoiled = g_eli_orphan_spoil_assert;
642 cp = g_new_consumer(gp);
643 error = g_attach(cp, pp);
646 error = g_access(cp, 1, 0, 0);
650 buf = g_read_data(cp, pp->mediasize - pp->sectorsize, pp->sectorsize,
655 error = eli_metadata_decode(buf, md);
658 /* Metadata was read and decoded successfully. */
662 if (cp->provider != NULL) {
664 g_access(cp, -1, 0, 0);
667 g_destroy_consumer(cp);
673 * The function is called when we had last close on provider and user requested
674 * to close it when this situation occur.
677 g_eli_last_close(void *arg, int flags __unused)
685 strlcpy(gpname, gp->name, sizeof(gpname));
686 error = g_eli_destroy(gp->softc, TRUE);
687 KASSERT(error == 0, ("Cannot detach %s on last close (error=%d).",
689 G_ELI_DEBUG(0, "Detached %s on last close.", gpname);
693 g_eli_access(struct g_provider *pp, int dr, int dw, int de)
695 struct g_eli_softc *sc;
702 if (sc->sc_flags & G_ELI_FLAG_RO) {
703 /* Deny write attempts. */
706 /* Someone is opening us for write, we need to remember that. */
707 sc->sc_flags |= G_ELI_FLAG_WOPEN;
710 /* Is this the last close? */
711 if (pp->acr + dr > 0 || pp->acw + dw > 0 || pp->ace + de > 0)
715 * Automatically detach on last close if requested.
717 if ((sc->sc_flags & G_ELI_FLAG_RW_DETACH) ||
718 (sc->sc_flags & G_ELI_FLAG_WOPEN)) {
719 g_post_event(g_eli_last_close, gp, M_WAITOK, NULL);
725 g_eli_cpu_is_disabled(int cpu)
728 return (CPU_ISSET(cpu, &hlt_cpus_mask));
735 g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp,
736 const struct g_eli_metadata *md, const u_char *mkey, int nkey)
738 struct g_eli_softc *sc;
739 struct g_eli_worker *wr;
741 struct g_provider *pp;
742 struct g_consumer *cp;
746 G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX);
748 gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX);
749 sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO);
750 gp->start = g_eli_start;
752 * Spoiling can happen even though we have the provider open
753 * exclusively, e.g. through media change events.
755 gp->spoiled = g_eli_orphan;
756 gp->orphan = g_eli_orphan;
757 gp->dumpconf = g_eli_dumpconf;
759 * If detach-on-last-close feature is not enabled and we don't operate
760 * on read-only provider, we can simply use g_std_access().
762 if (md->md_flags & (G_ELI_FLAG_WO_DETACH | G_ELI_FLAG_RO))
763 gp->access = g_eli_access;
765 gp->access = g_std_access;
767 eli_metadata_softc(sc, md, bpp->sectorsize, bpp->mediasize);
773 bioq_init(&sc->sc_queue);
774 mtx_init(&sc->sc_queue_mtx, "geli:queue", NULL, MTX_DEF);
775 mtx_init(&sc->sc_ekeys_lock, "geli:ekeys", NULL, MTX_DEF);
778 cp = g_new_consumer(gp);
779 error = g_attach(cp, bpp);
782 gctl_error(req, "Cannot attach to %s (error=%d).",
785 G_ELI_DEBUG(1, "Cannot attach to %s (error=%d).",
791 * Keep provider open all the time, so we can run critical tasks,
792 * like Master Keys deletion, without wondering if we can open
794 * We don't open provider for writing only when user requested read-only
797 if (sc->sc_flags & G_ELI_FLAG_RO)
798 error = g_access(cp, 1, 0, 1);
800 error = g_access(cp, 1, 1, 1);
803 gctl_error(req, "Cannot access %s (error=%d).",
806 G_ELI_DEBUG(1, "Cannot access %s (error=%d).",
813 * Remember the keys in our softc structure.
815 g_eli_mkey_propagate(sc, mkey);
817 LIST_INIT(&sc->sc_workers);
819 threads = g_eli_threads;
822 sc->sc_cpubind = (mp_ncpus > 1 && threads == mp_ncpus);
823 for (i = 0; i < threads; i++) {
824 if (g_eli_cpu_is_disabled(i)) {
825 G_ELI_DEBUG(1, "%s: CPU %u disabled, skipping.",
829 wr = malloc(sizeof(*wr), M_ELI, M_WAITOK | M_ZERO);
834 error = g_eli_newsession(wr);
838 gctl_error(req, "Cannot set up crypto session "
839 "for %s (error=%d).", bpp->name, error);
841 G_ELI_DEBUG(1, "Cannot set up crypto session "
842 "for %s (error=%d).", bpp->name, error);
847 error = kproc_create(g_eli_worker, wr, &wr->w_proc, 0, 0,
848 "g_eli[%u] %s", i, bpp->name);
850 g_eli_freesession(wr);
853 gctl_error(req, "Cannot create kernel thread "
854 "for %s (error=%d).", bpp->name, error);
856 G_ELI_DEBUG(1, "Cannot create kernel thread "
857 "for %s (error=%d).", bpp->name, error);
861 LIST_INSERT_HEAD(&sc->sc_workers, wr, w_next);
865 * Create decrypted provider.
867 pp = g_new_providerf(gp, "%s%s", bpp->name, G_ELI_SUFFIX);
868 pp->mediasize = sc->sc_mediasize;
869 pp->sectorsize = sc->sc_sectorsize;
871 g_error_provider(pp, 0);
873 G_ELI_DEBUG(0, "Device %s created.", pp->name);
874 G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo),
876 if (sc->sc_flags & G_ELI_FLAG_AUTH)
877 G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo));
878 G_ELI_DEBUG(0, " Crypto: %s",
879 sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware");
882 mtx_lock(&sc->sc_queue_mtx);
883 sc->sc_flags |= G_ELI_FLAG_DESTROY;
886 * Wait for kernel threads self destruction.
888 while (!LIST_EMPTY(&sc->sc_workers)) {
889 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO,
892 mtx_destroy(&sc->sc_queue_mtx);
893 if (cp->provider != NULL) {
895 g_access(cp, -1, -1, -1);
898 g_destroy_consumer(cp);
900 g_eli_key_destroy(sc);
901 bzero(sc, sizeof(*sc));
907 g_eli_destroy(struct g_eli_softc *sc, boolean_t force)
910 struct g_provider *pp;
918 pp = LIST_FIRST(&gp->provider);
919 if (pp != NULL && (pp->acr != 0 || pp->acw != 0 || pp->ace != 0)) {
921 G_ELI_DEBUG(1, "Device %s is still open, so it "
922 "cannot be definitely removed.", pp->name);
923 sc->sc_flags |= G_ELI_FLAG_RW_DETACH;
924 gp->access = g_eli_access;
925 g_wither_provider(pp, ENXIO);
929 "Device %s is still open (r%dw%de%d).", pp->name,
930 pp->acr, pp->acw, pp->ace);
935 mtx_lock(&sc->sc_queue_mtx);
936 sc->sc_flags |= G_ELI_FLAG_DESTROY;
938 while (!LIST_EMPTY(&sc->sc_workers)) {
939 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO,
942 mtx_destroy(&sc->sc_queue_mtx);
944 g_eli_key_destroy(sc);
945 bzero(sc, sizeof(*sc));
948 if (pp == NULL || (pp->acr == 0 && pp->acw == 0 && pp->ace == 0))
949 G_ELI_DEBUG(0, "Device %s destroyed.", gp->name);
950 g_wither_geom_close(gp, ENXIO);
956 g_eli_destroy_geom(struct gctl_req *req __unused,
957 struct g_class *mp __unused, struct g_geom *gp)
959 struct g_eli_softc *sc;
962 return (g_eli_destroy(sc, FALSE));
966 g_eli_keyfiles_load(struct hmac_ctx *ctx, const char *provider)
968 u_char *keyfile, *data;
969 char *file, name[64];
974 snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i);
975 keyfile = preload_search_by_type(name);
976 if (keyfile == NULL && i == 0) {
978 * If there is only one keyfile, allow simpler name.
980 snprintf(name, sizeof(name), "%s:geli_keyfile", provider);
981 keyfile = preload_search_by_type(name);
984 return (i); /* Return number of loaded keyfiles. */
985 data = preload_fetch_addr(keyfile);
987 G_ELI_DEBUG(0, "Cannot find key file data for %s.",
991 size = preload_fetch_size(keyfile);
993 G_ELI_DEBUG(0, "Cannot find key file size for %s.",
997 file = preload_search_info(keyfile, MODINFO_NAME);
999 G_ELI_DEBUG(0, "Cannot find key file name for %s.",
1003 G_ELI_DEBUG(1, "Loaded keyfile %s for %s (type: %s).", file,
1005 g_eli_crypto_hmac_update(ctx, data, size);
1010 g_eli_keyfiles_clear(const char *provider)
1012 u_char *keyfile, *data;
1017 for (i = 0; ; i++) {
1018 snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i);
1019 keyfile = preload_search_by_type(name);
1020 if (keyfile == NULL)
1022 data = preload_fetch_addr(keyfile);
1023 size = preload_fetch_size(keyfile);
1024 if (data != NULL && size != 0)
1030 * Tasting is only made on boot.
1031 * We detect providers which should be attached before root is mounted.
1033 static struct g_geom *
1034 g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
1036 struct g_eli_metadata md;
1038 struct hmac_ctx ctx;
1039 char passphrase[256];
1040 u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN];
1041 u_int i, nkey, nkeyfiles, tries, showpass;
1043 struct keybuf *keybuf;
1045 g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name);
1046 g_topology_assert();
1048 if (root_mounted() || g_eli_tries == 0)
1051 G_ELI_DEBUG(3, "Tasting %s.", pp->name);
1053 error = g_eli_read_metadata(mp, pp, &md);
1058 if (strcmp(md.md_magic, G_ELI_MAGIC) != 0)
1060 if (md.md_version > G_ELI_VERSION) {
1061 printf("geom_eli.ko module is too old to handle %s.\n",
1065 if (md.md_provsize != pp->mediasize)
1067 /* Should we attach it on boot? */
1068 if (!(md.md_flags & G_ELI_FLAG_BOOT))
1070 if (md.md_keys == 0x00) {
1071 G_ELI_DEBUG(0, "No valid keys on %s.", pp->name);
1074 if (md.md_iterations == -1) {
1075 /* If there is no passphrase, we try only once. */
1078 /* Ask for the passphrase no more than g_eli_tries times. */
1079 tries = g_eli_tries;
1082 if ((keybuf = get_keybuf()) != NULL) {
1083 /* Scan the key buffer, try all GELI keys. */
1084 for (i = 0; i < keybuf->kb_nents; i++) {
1085 if (keybuf->kb_ents[i].ke_type == KEYBUF_TYPE_GELI) {
1086 memcpy(key, keybuf->kb_ents[i].ke_data,
1089 if (g_eli_mkey_decrypt_any(&md, key,
1090 mkey, &nkey) == 0 ) {
1091 explicit_bzero(key, sizeof(key));
1098 for (i = 0; i <= tries; i++) {
1099 g_eli_crypto_hmac_init(&ctx, NULL, 0);
1102 * Load all key files.
1104 nkeyfiles = g_eli_keyfiles_load(&ctx, pp->name);
1106 if (nkeyfiles == 0 && md.md_iterations == -1) {
1108 * No key files and no passphrase, something is
1109 * definitely wrong here.
1110 * geli(8) doesn't allow for such situation, so assume
1111 * that there was really no passphrase and in that case
1112 * key files are no properly defined in loader.conf.
1115 "Found no key files in loader.conf for %s.",
1120 /* Ask for the passphrase if defined. */
1121 if (md.md_iterations >= 0) {
1122 /* Try first with cached passphrase. */
1124 if (!g_eli_boot_passcache)
1126 memcpy(passphrase, cached_passphrase,
1127 sizeof(passphrase));
1129 printf("Enter passphrase for %s: ", pp->name);
1130 showpass = g_eli_visible_passphrase;
1131 if ((md.md_flags & G_ELI_FLAG_GELIDISPLAYPASS) != 0)
1132 showpass = GETS_ECHOPASS;
1133 cngets(passphrase, sizeof(passphrase),
1135 memcpy(cached_passphrase, passphrase,
1136 sizeof(passphrase));
1141 * Prepare Derived-Key from the user passphrase.
1143 if (md.md_iterations == 0) {
1144 g_eli_crypto_hmac_update(&ctx, md.md_salt,
1145 sizeof(md.md_salt));
1146 g_eli_crypto_hmac_update(&ctx, passphrase,
1147 strlen(passphrase));
1148 explicit_bzero(passphrase, sizeof(passphrase));
1149 } else if (md.md_iterations > 0) {
1150 u_char dkey[G_ELI_USERKEYLEN];
1152 pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
1153 sizeof(md.md_salt), passphrase, md.md_iterations);
1154 bzero(passphrase, sizeof(passphrase));
1155 g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
1156 explicit_bzero(dkey, sizeof(dkey));
1159 g_eli_crypto_hmac_final(&ctx, key, 0);
1162 * Decrypt Master-Key.
1164 error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
1165 bzero(key, sizeof(key));
1169 "Wrong key for %s. No tries left.",
1171 g_eli_keyfiles_clear(pp->name);
1176 "Wrong key for %s. Tries left: %u.",
1177 pp->name, tries - i);
1181 } else if (error > 0) {
1183 "Cannot decrypt Master Key for %s (error=%d).",
1185 g_eli_keyfiles_clear(pp->name);
1188 g_eli_keyfiles_clear(pp->name);
1189 G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name);
1195 * We have correct key, let's attach provider.
1197 gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey);
1198 bzero(mkey, sizeof(mkey));
1199 bzero(&md, sizeof(md));
1201 G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name,
1209 g_eli_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp,
1210 struct g_consumer *cp, struct g_provider *pp)
1212 struct g_eli_softc *sc;
1214 g_topology_assert();
1218 if (pp != NULL || cp != NULL)
1219 return; /* Nothing here. */
1221 sbuf_printf(sb, "%s<KeysTotal>%ju</KeysTotal>\n", indent,
1222 (uintmax_t)sc->sc_ekeys_total);
1223 sbuf_printf(sb, "%s<KeysAllocated>%ju</KeysAllocated>\n", indent,
1224 (uintmax_t)sc->sc_ekeys_allocated);
1225 sbuf_printf(sb, "%s<Flags>", indent);
1226 if (sc->sc_flags == 0)
1227 sbuf_printf(sb, "NONE");
1231 #define ADD_FLAG(flag, name) do { \
1232 if (sc->sc_flags & (flag)) { \
1234 sbuf_printf(sb, ", "); \
1237 sbuf_printf(sb, name); \
1240 ADD_FLAG(G_ELI_FLAG_SUSPEND, "SUSPEND");
1241 ADD_FLAG(G_ELI_FLAG_SINGLE_KEY, "SINGLE-KEY");
1242 ADD_FLAG(G_ELI_FLAG_NATIVE_BYTE_ORDER, "NATIVE-BYTE-ORDER");
1243 ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME");
1244 ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT");
1245 ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH");
1246 ADD_FLAG(G_ELI_FLAG_RW_DETACH, "RW-DETACH");
1247 ADD_FLAG(G_ELI_FLAG_AUTH, "AUTH");
1248 ADD_FLAG(G_ELI_FLAG_WOPEN, "W-OPEN");
1249 ADD_FLAG(G_ELI_FLAG_DESTROY, "DESTROY");
1250 ADD_FLAG(G_ELI_FLAG_RO, "READ-ONLY");
1251 ADD_FLAG(G_ELI_FLAG_NODELETE, "NODELETE");
1252 ADD_FLAG(G_ELI_FLAG_GELIBOOT, "GELIBOOT");
1253 ADD_FLAG(G_ELI_FLAG_GELIDISPLAYPASS, "GELIDISPLAYPASS");
1256 sbuf_printf(sb, "</Flags>\n");
1258 if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) {
1259 sbuf_printf(sb, "%s<UsedKey>%u</UsedKey>\n", indent,
1262 sbuf_printf(sb, "%s<Version>%u</Version>\n", indent, sc->sc_version);
1263 sbuf_printf(sb, "%s<Crypto>", indent);
1264 switch (sc->sc_crypto) {
1265 case G_ELI_CRYPTO_HW:
1266 sbuf_printf(sb, "hardware");
1268 case G_ELI_CRYPTO_SW:
1269 sbuf_printf(sb, "software");
1272 sbuf_printf(sb, "UNKNOWN");
1275 sbuf_printf(sb, "</Crypto>\n");
1276 if (sc->sc_flags & G_ELI_FLAG_AUTH) {
1278 "%s<AuthenticationAlgorithm>%s</AuthenticationAlgorithm>\n",
1279 indent, g_eli_algo2str(sc->sc_aalgo));
1281 sbuf_printf(sb, "%s<KeyLength>%u</KeyLength>\n", indent,
1283 sbuf_printf(sb, "%s<EncryptionAlgorithm>%s</EncryptionAlgorithm>\n",
1284 indent, g_eli_algo2str(sc->sc_ealgo));
1285 sbuf_printf(sb, "%s<State>%s</State>\n", indent,
1286 (sc->sc_flags & G_ELI_FLAG_SUSPEND) ? "SUSPENDED" : "ACTIVE");
1290 g_eli_shutdown_pre_sync(void *arg, int howto)
1293 struct g_geom *gp, *gp2;
1294 struct g_provider *pp;
1295 struct g_eli_softc *sc;
1300 LIST_FOREACH_SAFE(gp, &mp->geom, geom, gp2) {
1304 pp = LIST_FIRST(&gp->provider);
1305 KASSERT(pp != NULL, ("No provider? gp=%p (%s)", gp, gp->name));
1306 if (pp->acr + pp->acw + pp->ace == 0)
1307 error = g_eli_destroy(sc, TRUE);
1309 sc->sc_flags |= G_ELI_FLAG_RW_DETACH;
1310 gp->access = g_eli_access;
1313 g_topology_unlock();
1317 g_eli_init(struct g_class *mp)
1320 g_eli_pre_sync = EVENTHANDLER_REGISTER(shutdown_pre_sync,
1321 g_eli_shutdown_pre_sync, mp, SHUTDOWN_PRI_FIRST);
1322 if (g_eli_pre_sync == NULL)
1323 G_ELI_DEBUG(0, "Warning! Cannot register shutdown event.");
1327 g_eli_fini(struct g_class *mp)
1330 if (g_eli_pre_sync != NULL)
1331 EVENTHANDLER_DEREGISTER(shutdown_pre_sync, g_eli_pre_sync);
1334 DECLARE_GEOM_CLASS(g_eli_class, g_eli);
1335 MODULE_DEPEND(g_eli, crypto, 1, 1, 1);
1336 MODULE_VERSION(geom_eli, 0);