2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2005-2010 Pawel Jakub Dawidek <pjd@FreeBSD.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
32 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/kernel.h>
36 #include <sys/malloc.h>
43 #include <openssl/evp.h>
46 #include <geom/eli/g_eli.h>
49 MALLOC_DECLARE(M_ELI);
52 g_eli_crypto_done(struct cryptop *crp)
55 crp->crp_opaque = (void *)crp;
61 g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
62 const u_char *key, size_t keysize)
66 struct cryptodesc *crd;
71 KASSERT(algo != CRYPTO_AES_XTS,
72 ("%s: CRYPTO_AES_XTS unexpected here", __func__));
74 bzero(&cri, sizeof(cri));
76 cri.cri_key = __DECONST(void *, key);
77 cri.cri_klen = keysize;
78 error = crypto_newsession(&sid, &cri, CRYPTOCAP_F_SOFTWARE);
81 p = malloc(sizeof(*crp) + sizeof(*crd), M_ELI, M_NOWAIT | M_ZERO);
83 crypto_freesession(sid);
86 crp = (struct cryptop *)p; p += sizeof(*crp);
87 crd = (struct cryptodesc *)p; p += sizeof(*crd);
90 crd->crd_len = datasize;
91 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
93 crd->crd_flags |= CRD_F_ENCRYPT;
95 crd->crd_key = __DECONST(void *, key);
96 crd->crd_klen = keysize;
97 bzero(crd->crd_iv, sizeof(crd->crd_iv));
100 crp->crp_session = sid;
101 crp->crp_ilen = datasize;
102 crp->crp_olen = datasize;
103 crp->crp_opaque = NULL;
104 crp->crp_callback = g_eli_crypto_done;
105 crp->crp_buf = (void *)data;
106 crp->crp_flags = CRYPTO_F_CBIFSYNC;
109 error = crypto_dispatch(crp);
111 while (crp->crp_opaque == NULL)
112 tsleep(crp, PRIBIO, "geli", hz / 5);
113 error = crp->crp_etype;
117 crypto_freesession(sid);
122 g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
123 const u_char *key, size_t keysize)
126 const EVP_CIPHER *type;
130 assert(algo != CRYPTO_AES_XTS);
133 case CRYPTO_NULL_CBC:
134 type = EVP_enc_null();
139 type = EVP_aes_128_cbc();
142 type = EVP_aes_192_cbc();
145 type = EVP_aes_256_cbc();
154 #ifndef OPENSSL_NO_CAMELLIA
155 case CRYPTO_CAMELLIA_CBC:
158 type = EVP_camellia_128_cbc();
161 type = EVP_camellia_192_cbc();
164 type = EVP_camellia_256_cbc();
171 case CRYPTO_3DES_CBC:
172 type = EVP_des_ede3_cbc();
178 ctx = EVP_CIPHER_CTX_new();
182 EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, enc);
183 EVP_CIPHER_CTX_set_key_length(ctx, keysize / 8);
184 EVP_CIPHER_CTX_set_padding(ctx, 0);
185 bzero(iv, sizeof(iv));
186 EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc);
188 if (EVP_CipherUpdate(ctx, data, &outsize, data, datasize) == 0) {
189 EVP_CIPHER_CTX_free(ctx);
192 assert(outsize == (int)datasize);
194 if (EVP_CipherFinal_ex(ctx, data + outsize, &outsize) == 0) {
195 EVP_CIPHER_CTX_free(ctx);
198 assert(outsize == 0);
200 EVP_CIPHER_CTX_free(ctx);
203 #endif /* !_KERNEL */
206 g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize,
207 const u_char *key, size_t keysize)
210 /* We prefer AES-CBC for metadata protection. */
211 if (algo == CRYPTO_AES_XTS)
212 algo = CRYPTO_AES_CBC;
214 return (g_eli_crypto_cipher(algo, 1, data, datasize, key, keysize));
218 g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize,
219 const u_char *key, size_t keysize)
222 /* We prefer AES-CBC for metadata protection. */
223 if (algo == CRYPTO_AES_XTS)
224 algo = CRYPTO_AES_CBC;
226 return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize));