2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2005-2019 Pawel Jakub Dawidek <pawel@dawidek.net>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/endian.h>
35 #include <sys/errno.h>
36 #include <sys/malloc.h>
37 #include <crypto/sha2/sha256.h>
38 #include <crypto/sha2/sha512.h>
39 #include <opencrypto/cryptodev.h>
42 #include <sys/libkern.h>
44 #include <sys/mutex.h>
45 #include <geom/geom.h>
46 #include <crypto/intake.h>
53 #include <sys/queue.h>
59 #define G_ELI_CLASS_NAME "ELI"
60 #define G_ELI_MAGIC "GEOM::ELI"
61 #define G_ELI_SUFFIX ".eli"
65 * 0 - Initial version number.
66 * 1 - Added data authentication support (md_aalgo field and
67 * G_ELI_FLAG_AUTH flag).
68 * 2 - Added G_ELI_FLAG_READONLY.
69 * 3 - Added 'configure' subcommand.
70 * 4 - IV is generated from offset converted to little-endian
71 * (the G_ELI_FLAG_NATIVE_BYTE_ORDER flag will be set for older versions).
72 * 5 - Added multiple encrypton keys and AES-XTS support.
73 * 6 - Fixed usage of multiple keys for authenticated providers (the
74 * G_ELI_FLAG_FIRST_KEY flag will be set for older versions).
75 * 7 - Encryption keys are now generated from the Data Key and not from the
76 * IV Key (the G_ELI_FLAG_ENC_IVKEY flag will be set for older versions).
78 #define G_ELI_VERSION_00 0
79 #define G_ELI_VERSION_01 1
80 #define G_ELI_VERSION_02 2
81 #define G_ELI_VERSION_03 3
82 #define G_ELI_VERSION_04 4
83 #define G_ELI_VERSION_05 5
84 #define G_ELI_VERSION_06 6
85 #define G_ELI_VERSION_07 7
86 #define G_ELI_VERSION G_ELI_VERSION_07
89 /* Use random, onetime keys. */
90 #define G_ELI_FLAG_ONETIME 0x00000001
91 /* Ask for the passphrase from the kernel, before mounting root. */
92 #define G_ELI_FLAG_BOOT 0x00000002
93 /* Detach on last close, if we were open for writing. */
94 #define G_ELI_FLAG_WO_DETACH 0x00000004
95 /* Detach on last close. */
96 #define G_ELI_FLAG_RW_DETACH 0x00000008
97 /* Provide data authentication. */
98 #define G_ELI_FLAG_AUTH 0x00000010
99 /* Provider is read-only, we should deny all write attempts. */
100 #define G_ELI_FLAG_RO 0x00000020
101 /* Don't pass through BIO_DELETE requests. */
102 #define G_ELI_FLAG_NODELETE 0x00000040
103 /* This GELI supports GELIBoot */
104 #define G_ELI_FLAG_GELIBOOT 0x00000080
105 /* Hide passphrase length in GELIboot. */
106 #define G_ELI_FLAG_GELIDISPLAYPASS 0x00000100
107 /* Expand provider automatically. */
108 #define G_ELI_FLAG_AUTORESIZE 0x00000200
111 /* Provider was open for writing. */
112 #define G_ELI_FLAG_WOPEN 0x00010000
113 /* Destroy device. */
114 #define G_ELI_FLAG_DESTROY 0x00020000
115 /* Provider uses native byte-order for IV generation. */
116 #define G_ELI_FLAG_NATIVE_BYTE_ORDER 0x00040000
117 /* Provider uses single encryption key. */
118 #define G_ELI_FLAG_SINGLE_KEY 0x00080000
119 /* Device suspended. */
120 #define G_ELI_FLAG_SUSPEND 0x00100000
121 /* Provider uses first encryption key. */
122 #define G_ELI_FLAG_FIRST_KEY 0x00200000
123 /* Provider uses IV-Key for encryption key generation. */
124 #define G_ELI_FLAG_ENC_IVKEY 0x00400000
126 #define G_ELI_NEW_BIO 255
128 #define SHA512_MDLEN 64
129 #define G_ELI_AUTH_SECKEYLEN SHA256_DIGEST_LENGTH
131 #define G_ELI_MAXMKEYS 2
132 #define G_ELI_MAXKEYLEN 64
133 #define G_ELI_USERKEYLEN G_ELI_MAXKEYLEN
134 #define G_ELI_DATAKEYLEN G_ELI_MAXKEYLEN
135 #define G_ELI_AUTHKEYLEN G_ELI_MAXKEYLEN
136 #define G_ELI_IVKEYLEN G_ELI_MAXKEYLEN
137 #define G_ELI_SALTLEN 64
138 #define G_ELI_DATAIVKEYLEN (G_ELI_DATAKEYLEN + G_ELI_IVKEYLEN)
139 /* Data-Key, IV-Key, HMAC_SHA512(Derived-Key, Data-Key+IV-Key) */
140 #define G_ELI_MKEYLEN (G_ELI_DATAIVKEYLEN + SHA512_MDLEN)
141 #define G_ELI_OVERWRITES 5
142 /* Switch data encryption key every 2^20 blocks. */
143 #define G_ELI_KEY_SHIFT 20
145 #define G_ELI_CRYPTO_UNKNOWN 0
146 #define G_ELI_CRYPTO_HW 1
147 #define G_ELI_CRYPTO_SW 2
148 #define G_ELI_CRYPTO_SW_ACCEL 3
151 #if (MAX_KEY_BYTES < G_ELI_DATAIVKEYLEN)
152 #error "MAX_KEY_BYTES is less than G_ELI_DATAKEYLEN"
155 extern int g_eli_debug;
156 extern u_int g_eli_overwrites;
157 extern u_int g_eli_batch;
159 #define G_ELI_DEBUG(lvl, ...) \
160 _GEOM_DEBUG("GEOM_ELI", g_eli_debug, (lvl), NULL, __VA_ARGS__)
161 #define G_ELI_LOGREQ(lvl, bp, ...) \
162 _GEOM_DEBUG("GEOM_ELI", g_eli_debug, (lvl), (bp), __VA_ARGS__)
164 struct g_eli_worker {
165 struct g_eli_softc *w_softc;
169 crypto_session_t w_sid;
171 LIST_ENTRY(g_eli_worker) w_next;
177 struct g_geom *sc_geom;
180 uint8_t sc_mkey[G_ELI_DATAIVKEYLEN];
181 uint8_t sc_ekey[G_ELI_DATAKEYLEN];
182 TAILQ_HEAD(, g_eli_key) sc_ekeys_queue;
183 RB_HEAD(g_eli_key_tree, g_eli_key) sc_ekeys_tree;
184 struct mtx sc_ekeys_lock;
185 uint64_t sc_ekeys_total;
186 uint64_t sc_ekeys_allocated;
189 uint8_t sc_akey[G_ELI_AUTHKEYLEN];
193 SHA256_CTX sc_akeyctx;
194 uint8_t sc_ivkey[G_ELI_IVKEYLEN];
200 size_t sc_sectorsize;
202 u_int sc_bytes_per_sector;
203 u_int sc_data_per_sector;
207 boolean_t sc_cpubind;
209 /* Only for software cryptography. */
210 struct bio_queue_head sc_queue;
211 struct mtx sc_queue_mtx;
212 LIST_HEAD(, g_eli_worker) sc_workers;
215 #define sc_name sc_geom->name
217 #define G_ELI_KEY_MAGIC 0xe11341c
220 /* Key value, must be first in the structure. */
221 uint8_t gek_key[G_ELI_DATAKEYLEN];
226 /* Reference counter. */
228 /* Keeps keys sorted by most recent use. */
229 TAILQ_ENTRY(g_eli_key) gek_next;
230 /* Keeps keys sorted by number. */
231 RB_ENTRY(g_eli_key) gek_link;
234 struct g_eli_metadata {
235 char md_magic[16]; /* Magic value. */
236 uint32_t md_version; /* Version number. */
237 uint32_t md_flags; /* Additional flags. */
238 uint16_t md_ealgo; /* Encryption algorithm. */
239 uint16_t md_keylen; /* Key length. */
240 uint16_t md_aalgo; /* Authentication algorithm. */
241 uint64_t md_provsize; /* Provider's size. */
242 uint32_t md_sectorsize; /* Sector size. */
243 uint8_t md_keys; /* Available keys. */
244 int32_t md_iterations; /* Number of iterations for PKCS#5v2. */
245 uint8_t md_salt[G_ELI_SALTLEN]; /* Salt. */
246 /* Encrypted master key (IV-key, Data-key, HMAC). */
247 uint8_t md_mkeys[G_ELI_MAXMKEYS * G_ELI_MKEYLEN];
248 u_char md_hash[16]; /* MD5 hash. */
252 eli_metadata_encode_v0(struct g_eli_metadata *md, u_char **datap)
257 le32enc(p, md->md_flags); p += sizeof(md->md_flags);
258 le16enc(p, md->md_ealgo); p += sizeof(md->md_ealgo);
259 le16enc(p, md->md_keylen); p += sizeof(md->md_keylen);
260 le64enc(p, md->md_provsize); p += sizeof(md->md_provsize);
261 le32enc(p, md->md_sectorsize); p += sizeof(md->md_sectorsize);
262 *p = md->md_keys; p += sizeof(md->md_keys);
263 le32enc(p, md->md_iterations); p += sizeof(md->md_iterations);
264 bcopy(md->md_salt, p, sizeof(md->md_salt)); p += sizeof(md->md_salt);
265 bcopy(md->md_mkeys, p, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys);
269 eli_metadata_encode_v1v2v3v4v5v6v7(struct g_eli_metadata *md, u_char **datap)
274 le32enc(p, md->md_flags); p += sizeof(md->md_flags);
275 le16enc(p, md->md_ealgo); p += sizeof(md->md_ealgo);
276 le16enc(p, md->md_keylen); p += sizeof(md->md_keylen);
277 le16enc(p, md->md_aalgo); p += sizeof(md->md_aalgo);
278 le64enc(p, md->md_provsize); p += sizeof(md->md_provsize);
279 le32enc(p, md->md_sectorsize); p += sizeof(md->md_sectorsize);
280 *p = md->md_keys; p += sizeof(md->md_keys);
281 le32enc(p, md->md_iterations); p += sizeof(md->md_iterations);
282 bcopy(md->md_salt, p, sizeof(md->md_salt)); p += sizeof(md->md_salt);
283 bcopy(md->md_mkeys, p, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys);
287 eli_metadata_encode(struct g_eli_metadata *md, u_char *data)
294 bcopy(md->md_magic, p, sizeof(md->md_magic));
295 p += sizeof(md->md_magic);
296 le32enc(p, md->md_version);
297 p += sizeof(md->md_version);
298 switch (md->md_version) {
299 case G_ELI_VERSION_00:
300 eli_metadata_encode_v0(md, &p);
302 case G_ELI_VERSION_01:
303 case G_ELI_VERSION_02:
304 case G_ELI_VERSION_03:
305 case G_ELI_VERSION_04:
306 case G_ELI_VERSION_05:
307 case G_ELI_VERSION_06:
308 case G_ELI_VERSION_07:
309 eli_metadata_encode_v1v2v3v4v5v6v7(md, &p);
313 panic("%s: Unsupported version %u.", __func__,
314 (u_int)md->md_version);
316 assert(!"Unsupported metadata version.");
320 MD5Update(&ctx, data, p - data);
321 MD5Final((void *)hash, &ctx);
322 bcopy(hash, md->md_hash, sizeof(md->md_hash));
323 bcopy(md->md_hash, p, sizeof(md->md_hash));
326 eli_metadata_decode_v0(const u_char *data, struct g_eli_metadata *md)
332 p = data + sizeof(md->md_magic) + sizeof(md->md_version);
333 md->md_flags = le32dec(p); p += sizeof(md->md_flags);
334 md->md_ealgo = le16dec(p); p += sizeof(md->md_ealgo);
335 md->md_keylen = le16dec(p); p += sizeof(md->md_keylen);
336 md->md_provsize = le64dec(p); p += sizeof(md->md_provsize);
337 md->md_sectorsize = le32dec(p); p += sizeof(md->md_sectorsize);
338 md->md_keys = *p; p += sizeof(md->md_keys);
339 md->md_iterations = le32dec(p); p += sizeof(md->md_iterations);
340 bcopy(p, md->md_salt, sizeof(md->md_salt)); p += sizeof(md->md_salt);
341 bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys);
343 MD5Update(&ctx, data, p - data);
344 MD5Final((void *)hash, &ctx);
345 bcopy(hash, md->md_hash, sizeof(md->md_hash));
346 if (bcmp(md->md_hash, p, 16) != 0)
352 eli_metadata_decode_v1v2v3v4v5v6v7(const u_char *data, struct g_eli_metadata *md)
358 p = data + sizeof(md->md_magic) + sizeof(md->md_version);
359 md->md_flags = le32dec(p); p += sizeof(md->md_flags);
360 md->md_ealgo = le16dec(p); p += sizeof(md->md_ealgo);
361 md->md_keylen = le16dec(p); p += sizeof(md->md_keylen);
362 md->md_aalgo = le16dec(p); p += sizeof(md->md_aalgo);
363 md->md_provsize = le64dec(p); p += sizeof(md->md_provsize);
364 md->md_sectorsize = le32dec(p); p += sizeof(md->md_sectorsize);
365 md->md_keys = *p; p += sizeof(md->md_keys);
366 md->md_iterations = le32dec(p); p += sizeof(md->md_iterations);
367 bcopy(p, md->md_salt, sizeof(md->md_salt)); p += sizeof(md->md_salt);
368 bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys);
370 MD5Update(&ctx, data, p - data);
371 MD5Final((void *)hash, &ctx);
372 bcopy(hash, md->md_hash, sizeof(md->md_hash));
373 if (bcmp(md->md_hash, p, 16) != 0)
378 eli_metadata_decode(const u_char *data, struct g_eli_metadata *md)
382 bcopy(data, md->md_magic, sizeof(md->md_magic));
383 if (strcmp(md->md_magic, G_ELI_MAGIC) != 0)
385 md->md_version = le32dec(data + sizeof(md->md_magic));
386 switch (md->md_version) {
387 case G_ELI_VERSION_00:
388 error = eli_metadata_decode_v0(data, md);
390 case G_ELI_VERSION_01:
391 case G_ELI_VERSION_02:
392 case G_ELI_VERSION_03:
393 case G_ELI_VERSION_04:
394 case G_ELI_VERSION_05:
395 case G_ELI_VERSION_06:
396 case G_ELI_VERSION_07:
397 error = eli_metadata_decode_v1v2v3v4v5v6v7(data, md);
405 #endif /* !_OpenSSL */
407 static __inline u_int
408 g_eli_str2ealgo(const char *name)
411 if (strcasecmp("null", name) == 0)
412 return (CRYPTO_NULL_CBC);
413 else if (strcasecmp("null-cbc", name) == 0)
414 return (CRYPTO_NULL_CBC);
415 else if (strcasecmp("aes", name) == 0)
416 return (CRYPTO_AES_XTS);
417 else if (strcasecmp("aes-cbc", name) == 0)
418 return (CRYPTO_AES_CBC);
419 else if (strcasecmp("aes-xts", name) == 0)
420 return (CRYPTO_AES_XTS);
421 else if (strcasecmp("camellia", name) == 0)
422 return (CRYPTO_CAMELLIA_CBC);
423 else if (strcasecmp("camellia-cbc", name) == 0)
424 return (CRYPTO_CAMELLIA_CBC);
425 return (CRYPTO_ALGORITHM_MIN - 1);
428 static __inline u_int
429 g_eli_str2aalgo(const char *name)
432 if (strcasecmp("hmac/sha1", name) == 0)
433 return (CRYPTO_SHA1_HMAC);
434 else if (strcasecmp("hmac/ripemd160", name) == 0)
435 return (CRYPTO_RIPEMD160_HMAC);
436 else if (strcasecmp("hmac/sha256", name) == 0)
437 return (CRYPTO_SHA2_256_HMAC);
438 else if (strcasecmp("hmac/sha384", name) == 0)
439 return (CRYPTO_SHA2_384_HMAC);
440 else if (strcasecmp("hmac/sha512", name) == 0)
441 return (CRYPTO_SHA2_512_HMAC);
442 return (CRYPTO_ALGORITHM_MIN - 1);
445 static __inline const char *
446 g_eli_algo2str(u_int algo)
450 case CRYPTO_NULL_CBC:
456 case CRYPTO_CAMELLIA_CBC:
457 return ("CAMELLIA-CBC");
458 case CRYPTO_SHA1_HMAC:
459 return ("HMAC/SHA1");
460 case CRYPTO_RIPEMD160_HMAC:
461 return ("HMAC/RIPEMD160");
462 case CRYPTO_SHA2_256_HMAC:
463 return ("HMAC/SHA256");
464 case CRYPTO_SHA2_384_HMAC:
465 return ("HMAC/SHA384");
466 case CRYPTO_SHA2_512_HMAC:
467 return ("HMAC/SHA512");
473 eli_metadata_dump(const struct g_eli_metadata *md)
475 static const char hex[] = "0123456789abcdef";
476 char str[sizeof(md->md_mkeys) * 2 + 1];
479 printf(" magic: %s\n", md->md_magic);
480 printf(" version: %u\n", (u_int)md->md_version);
481 printf(" flags: 0x%x\n", (u_int)md->md_flags);
482 printf(" ealgo: %s\n", g_eli_algo2str(md->md_ealgo));
483 printf(" keylen: %u\n", (u_int)md->md_keylen);
484 if (md->md_flags & G_ELI_FLAG_AUTH)
485 printf(" aalgo: %s\n", g_eli_algo2str(md->md_aalgo));
486 printf(" provsize: %ju\n", (uintmax_t)md->md_provsize);
487 printf("sectorsize: %u\n", (u_int)md->md_sectorsize);
488 printf(" keys: 0x%02x\n", (u_int)md->md_keys);
489 printf("iterations: %d\n", (int)md->md_iterations);
490 bzero(str, sizeof(str));
491 for (i = 0; i < sizeof(md->md_salt); i++) {
492 str[i * 2] = hex[md->md_salt[i] >> 4];
493 str[i * 2 + 1] = hex[md->md_salt[i] & 0x0f];
495 printf(" Salt: %s\n", str);
496 bzero(str, sizeof(str));
497 for (i = 0; i < sizeof(md->md_mkeys); i++) {
498 str[i * 2] = hex[md->md_mkeys[i] >> 4];
499 str[i * 2 + 1] = hex[md->md_mkeys[i] & 0x0f];
501 printf("Master Key: %s\n", str);
502 bzero(str, sizeof(str));
503 for (i = 0; i < 16; i++) {
504 str[i * 2] = hex[md->md_hash[i] >> 4];
505 str[i * 2 + 1] = hex[md->md_hash[i] & 0x0f];
507 printf(" MD5 hash: %s\n", str);
512 eli_metadata_crypto_supported(const struct g_eli_metadata *md)
515 switch (md->md_ealgo) {
516 case CRYPTO_NULL_CBC:
518 case CRYPTO_CAMELLIA_CBC:
524 if (md->md_flags & G_ELI_FLAG_AUTH) {
525 switch (md->md_aalgo) {
526 case CRYPTO_SHA1_HMAC:
527 case CRYPTO_RIPEMD160_HMAC:
528 case CRYPTO_SHA2_256_HMAC:
529 case CRYPTO_SHA2_384_HMAC:
530 case CRYPTO_SHA2_512_HMAC:
540 static __inline u_int
541 g_eli_keylen(u_int algo, u_int keylen)
545 case CRYPTO_NULL_CBC:
554 case CRYPTO_CAMELLIA_CBC:
580 static __inline u_int
581 g_eli_ivlen(u_int algo)
586 return (AES_XTS_IV_LEN);
588 return (AES_BLOCK_LEN);
589 case CRYPTO_CAMELLIA_CBC:
590 return (CAMELLIA_BLOCK_LEN);
595 static __inline u_int
596 g_eli_hashlen(u_int algo)
600 case CRYPTO_SHA1_HMAC:
602 case CRYPTO_RIPEMD160_HMAC:
604 case CRYPTO_SHA2_256_HMAC:
606 case CRYPTO_SHA2_384_HMAC:
608 case CRYPTO_SHA2_512_HMAC:
614 static __inline off_t
615 eli_mediasize(const struct g_eli_softc *sc, off_t mediasize, u_int sectorsize)
618 if ((sc->sc_flags & G_ELI_FLAG_ONETIME) == 0) {
619 mediasize -= sectorsize;
621 if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0) {
622 mediasize -= (mediasize % sc->sc_sectorsize);
624 mediasize /= sc->sc_bytes_per_sector;
625 mediasize *= sc->sc_sectorsize;
632 eli_metadata_softc(struct g_eli_softc *sc, const struct g_eli_metadata *md,
633 u_int sectorsize, off_t mediasize)
636 sc->sc_version = md->md_version;
638 sc->sc_crypto = G_ELI_CRYPTO_UNKNOWN;
639 sc->sc_flags = md->md_flags;
640 /* Backward compatibility. */
641 if (md->md_version < G_ELI_VERSION_04)
642 sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER;
643 if (md->md_version < G_ELI_VERSION_05)
644 sc->sc_flags |= G_ELI_FLAG_SINGLE_KEY;
645 if (md->md_version < G_ELI_VERSION_06 &&
646 (sc->sc_flags & G_ELI_FLAG_AUTH) != 0) {
647 sc->sc_flags |= G_ELI_FLAG_FIRST_KEY;
649 if (md->md_version < G_ELI_VERSION_07)
650 sc->sc_flags |= G_ELI_FLAG_ENC_IVKEY;
651 sc->sc_ealgo = md->md_ealgo;
653 if (sc->sc_flags & G_ELI_FLAG_AUTH) {
654 sc->sc_akeylen = sizeof(sc->sc_akey) * 8;
655 sc->sc_aalgo = md->md_aalgo;
656 sc->sc_alen = g_eli_hashlen(sc->sc_aalgo);
658 sc->sc_data_per_sector = sectorsize - sc->sc_alen;
660 * Some hash functions (like SHA1 and RIPEMD160) generates hash
661 * which length is not multiple of 128 bits, but we want data
662 * length to be multiple of 128, so we can encrypt without
663 * padding. The line below rounds down data length to multiple
666 sc->sc_data_per_sector -= sc->sc_data_per_sector % 16;
668 sc->sc_bytes_per_sector =
669 (md->md_sectorsize - 1) / sc->sc_data_per_sector + 1;
670 sc->sc_bytes_per_sector *= sectorsize;
672 sc->sc_provsize = mediasize;
673 sc->sc_sectorsize = md->md_sectorsize;
674 sc->sc_mediasize = eli_mediasize(sc, mediasize, sectorsize);
675 sc->sc_ekeylen = md->md_keylen;
679 int g_eli_read_metadata(struct g_class *mp, struct g_provider *pp,
680 struct g_eli_metadata *md);
681 struct g_geom *g_eli_create(struct gctl_req *req, struct g_class *mp,
682 struct g_provider *bpp, const struct g_eli_metadata *md,
683 const u_char *mkey, int nkey);
684 int g_eli_destroy(struct g_eli_softc *sc, boolean_t force);
686 int g_eli_access(struct g_provider *pp, int dr, int dw, int de);
687 void g_eli_config(struct gctl_req *req, struct g_class *mp, const char *verb);
689 void g_eli_read_done(struct bio *bp);
690 void g_eli_write_done(struct bio *bp);
691 int g_eli_crypto_rerun(struct cryptop *crp);
693 void g_eli_crypto_read(struct g_eli_softc *sc, struct bio *bp, boolean_t fromworker);
694 void g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp);
696 void g_eli_auth_read(struct g_eli_softc *sc, struct bio *bp);
697 void g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp);
699 void g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv,
702 void g_eli_mkey_hmac(unsigned char *mkey, const unsigned char *key);
703 int g_eli_mkey_decrypt(const struct g_eli_metadata *md,
704 const unsigned char *key, unsigned char *mkey, unsigned keyp);
705 int g_eli_mkey_decrypt_any(const struct g_eli_metadata *md,
706 const unsigned char *key, unsigned char *mkey, unsigned *nkeyp);
707 int g_eli_mkey_encrypt(unsigned algo, const unsigned char *key, unsigned keylen,
708 unsigned char *mkey);
710 void g_eli_mkey_propagate(struct g_eli_softc *sc, const unsigned char *mkey);
713 int g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize,
714 const u_char *key, size_t keysize);
715 int g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize,
716 const u_char *key, size_t keysize);
723 void g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const char *hkey,
725 void g_eli_crypto_hmac_update(struct hmac_ctx *ctx, const uint8_t *data,
727 void g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize);
728 void g_eli_crypto_hmac(const char *hkey, size_t hkeysize,
729 const uint8_t *data, size_t datasize, uint8_t *md, size_t mdsize);
731 void g_eli_key_fill(struct g_eli_softc *sc, struct g_eli_key *key,
734 void g_eli_key_init(struct g_eli_softc *sc);
735 void g_eli_key_destroy(struct g_eli_softc *sc);
736 void g_eli_key_resize(struct g_eli_softc *sc);
737 uint8_t *g_eli_key_hold(struct g_eli_softc *sc, off_t offset, size_t blocksize);
738 void g_eli_key_drop(struct g_eli_softc *sc, uint8_t *rawkey);
740 #endif /* !_G_ELI_H_ */