2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2005-2011 Pawel Jakub Dawidek <pawel@dawidek.net>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
32 #include <sys/param.h>
33 #include <sys/systm.h>
34 #include <sys/kernel.h>
35 #include <sys/module.h>
37 #include <sys/mutex.h>
39 #include <sys/sysctl.h>
40 #include <sys/malloc.h>
41 #include <sys/kthread.h>
43 #include <sys/sched.h>
48 #include <geom/geom.h>
49 #include <geom/geom_dbg.h>
50 #include <geom/eli/g_eli.h>
52 MALLOC_DECLARE(M_ELI);
55 g_eli_ctl_attach(struct gctl_req *req, struct g_class *mp)
57 struct g_eli_metadata md;
58 struct g_provider *pp;
59 u_char *key, mkey[G_ELI_DATAIVKEYLEN];
60 int *nargs, *detach, *readonly, *dryrunp;
61 int keysize, error, nkey, dryrun, dummy;
66 nargs = gctl_get_paraml(req, "nargs", sizeof(*nargs));
68 gctl_error(req, "No '%s' argument.", "nargs");
72 gctl_error(req, "Invalid number of arguments.");
76 detach = gctl_get_paraml(req, "detach", sizeof(*detach));
78 gctl_error(req, "No '%s' argument.", "detach");
82 /* "keyno" is optional for backward compatibility */
84 valp = gctl_get_param(req, "keyno", &dummy);
86 valp = gctl_get_paraml(req, "keyno", sizeof(*valp));
90 if (nkey < -1 || nkey >= G_ELI_MAXMKEYS) {
91 gctl_error(req, "Invalid '%s' argument.", "keyno");
95 readonly = gctl_get_paraml(req, "readonly", sizeof(*readonly));
96 if (readonly == NULL) {
97 gctl_error(req, "No '%s' argument.", "readonly");
101 /* "dryrun" is optional for backward compatibility */
103 dryrunp = gctl_get_param(req, "dryrun", &dummy);
104 if (dryrunp != NULL) {
105 dryrunp = gctl_get_paraml(req, "dryrun", sizeof(*dryrunp));
110 if (*detach && *readonly) {
111 gctl_error(req, "Options -d and -r are mutually exclusive.");
115 pp = gctl_get_provider(req, "arg0");
118 error = g_eli_read_metadata(mp, pp, &md);
120 gctl_error(req, "Cannot read metadata from %s (error=%d).",
124 if (md.md_keys == 0x00) {
125 explicit_bzero(&md, sizeof(md));
126 gctl_error(req, "No valid keys on %s.", pp->name);
129 if (!eli_metadata_crypto_supported(&md)) {
130 explicit_bzero(&md, sizeof(md));
131 gctl_error(req, "Invalid or unsupported algorithms.");
135 key = gctl_get_param(req, "key", &keysize);
136 if (key == NULL || keysize != G_ELI_USERKEYLEN) {
137 explicit_bzero(&md, sizeof(md));
138 gctl_error(req, "No '%s' argument.", "key");
143 error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
145 error = g_eli_mkey_decrypt(&md, key, mkey, nkey);
146 explicit_bzero(key, keysize);
148 explicit_bzero(&md, sizeof(md));
149 gctl_error(req, "Wrong key for %s.", pp->name);
151 } else if (error > 0) {
152 explicit_bzero(&md, sizeof(md));
153 gctl_error(req, "Cannot decrypt Master Key for %s (error=%d).",
157 G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name);
160 md.md_flags |= G_ELI_FLAG_WO_DETACH;
162 md.md_flags |= G_ELI_FLAG_RO;
164 g_eli_create(req, mp, pp, &md, mkey, nkey);
165 explicit_bzero(mkey, sizeof(mkey));
166 explicit_bzero(&md, sizeof(md));
169 static struct g_eli_softc *
170 g_eli_find_device(struct g_class *mp, const char *prov)
172 struct g_eli_softc *sc;
174 struct g_provider *pp;
175 struct g_consumer *cp;
177 if (strncmp(prov, _PATH_DEV, strlen(_PATH_DEV)) == 0)
178 prov += strlen(_PATH_DEV);
179 LIST_FOREACH(gp, &mp->geom, geom) {
183 pp = LIST_FIRST(&gp->provider);
184 if (pp != NULL && strcmp(pp->name, prov) == 0)
186 cp = LIST_FIRST(&gp->consumer);
187 if (cp != NULL && cp->provider != NULL &&
188 strcmp(cp->provider->name, prov) == 0) {
196 g_eli_ctl_detach(struct gctl_req *req, struct g_class *mp)
198 struct g_eli_softc *sc;
199 int *force, *last, *nargs, error;
206 nargs = gctl_get_paraml(req, "nargs", sizeof(*nargs));
208 gctl_error(req, "No '%s' argument.", "nargs");
212 gctl_error(req, "Missing device(s).");
215 force = gctl_get_paraml(req, "force", sizeof(*force));
217 gctl_error(req, "No '%s' argument.", "force");
220 last = gctl_get_paraml(req, "last", sizeof(*last));
222 gctl_error(req, "No '%s' argument.", "last");
226 for (i = 0; i < *nargs; i++) {
227 snprintf(param, sizeof(param), "arg%d", i);
228 prov = gctl_get_asciiparam(req, param);
230 gctl_error(req, "No 'arg%d' argument.", i);
233 sc = g_eli_find_device(mp, prov);
235 gctl_error(req, "No such device: %s.", prov);
239 sc->sc_flags |= G_ELI_FLAG_RW_DETACH;
240 sc->sc_geom->access = g_eli_access;
242 error = g_eli_destroy(sc, *force ? TRUE : FALSE);
245 "Cannot destroy device %s (error=%d).",
254 g_eli_ctl_onetime(struct gctl_req *req, struct g_class *mp)
256 struct g_eli_metadata md;
257 struct g_provider *pp;
259 intmax_t *keylen, *sectorsize;
260 u_char mkey[G_ELI_DATAIVKEYLEN];
261 int *nargs, *detach, *noautoresize, *notrim;
264 bzero(&md, sizeof(md));
266 nargs = gctl_get_paraml(req, "nargs", sizeof(*nargs));
268 gctl_error(req, "No '%s' argument.", "nargs");
272 gctl_error(req, "Invalid number of arguments.");
276 strlcpy(md.md_magic, G_ELI_MAGIC, sizeof(md.md_magic));
277 md.md_version = G_ELI_VERSION;
278 md.md_flags |= G_ELI_FLAG_ONETIME;
279 md.md_flags |= G_ELI_FLAG_AUTORESIZE;
281 detach = gctl_get_paraml(req, "detach", sizeof(*detach));
282 if (detach != NULL && *detach)
283 md.md_flags |= G_ELI_FLAG_WO_DETACH;
284 noautoresize = gctl_get_paraml(req, "noautoresize",
285 sizeof(*noautoresize));
286 if (noautoresize != NULL && *noautoresize)
287 md.md_flags &= ~G_ELI_FLAG_AUTORESIZE;
288 notrim = gctl_get_paraml(req, "notrim", sizeof(*notrim));
289 if (notrim != NULL && *notrim)
290 md.md_flags |= G_ELI_FLAG_NODELETE;
292 md.md_ealgo = CRYPTO_ALGORITHM_MIN - 1;
293 name = gctl_get_asciiparam(req, "aalgo");
295 gctl_error(req, "No '%s' argument.", "aalgo");
299 md.md_aalgo = g_eli_str2aalgo(name);
300 if (md.md_aalgo >= CRYPTO_ALGORITHM_MIN &&
301 md.md_aalgo <= CRYPTO_ALGORITHM_MAX) {
302 md.md_flags |= G_ELI_FLAG_AUTH;
305 * For backward compatibility, check if the -a option
306 * was used to provide encryption algorithm.
308 md.md_ealgo = g_eli_str2ealgo(name);
309 if (md.md_ealgo < CRYPTO_ALGORITHM_MIN ||
310 md.md_ealgo > CRYPTO_ALGORITHM_MAX) {
312 "Invalid authentication algorithm.");
315 gctl_error(req, "warning: The -e option, not "
316 "the -a option is now used to specify "
317 "encryption algorithm to use.");
322 if (md.md_ealgo < CRYPTO_ALGORITHM_MIN ||
323 md.md_ealgo > CRYPTO_ALGORITHM_MAX) {
324 name = gctl_get_asciiparam(req, "ealgo");
326 gctl_error(req, "No '%s' argument.", "ealgo");
329 md.md_ealgo = g_eli_str2ealgo(name);
330 if (md.md_ealgo < CRYPTO_ALGORITHM_MIN ||
331 md.md_ealgo > CRYPTO_ALGORITHM_MAX) {
332 gctl_error(req, "Invalid encryption algorithm.");
337 keylen = gctl_get_paraml(req, "keylen", sizeof(*keylen));
338 if (keylen == NULL) {
339 gctl_error(req, "No '%s' argument.", "keylen");
342 md.md_keylen = g_eli_keylen(md.md_ealgo, *keylen);
343 if (md.md_keylen == 0) {
344 gctl_error(req, "Invalid '%s' argument.", "keylen");
348 /* Not important here. */
350 /* Not important here. */
351 bzero(md.md_salt, sizeof(md.md_salt));
354 arc4rand(mkey, sizeof(mkey), 0);
356 /* Not important here. */
357 bzero(md.md_hash, sizeof(md.md_hash));
359 pp = gctl_get_provider(req, "arg0");
363 sectorsize = gctl_get_paraml(req, "sectorsize", sizeof(*sectorsize));
364 if (sectorsize == NULL) {
365 gctl_error(req, "No '%s' argument.", "sectorsize");
368 if (*sectorsize == 0)
369 md.md_sectorsize = pp->sectorsize;
371 if (*sectorsize < 0 || (*sectorsize % pp->sectorsize) != 0) {
372 gctl_error(req, "Invalid sector size.");
375 if (*sectorsize > PAGE_SIZE) {
376 gctl_error(req, "warning: Using sectorsize bigger than "
379 md.md_sectorsize = *sectorsize;
382 g_eli_create(req, mp, pp, &md, mkey, -1);
383 explicit_bzero(mkey, sizeof(mkey));
384 explicit_bzero(&md, sizeof(md));
388 g_eli_ctl_configure(struct gctl_req *req, struct g_class *mp)
390 struct g_eli_softc *sc;
391 struct g_eli_metadata md;
392 struct g_provider *pp;
393 struct g_consumer *cp;
397 int *nargs, *boot, *noboot, *trim, *notrim, *geliboot, *nogeliboot;
398 int *displaypass, *nodisplaypass, *autoresize, *noautoresize;
399 int zero, error, changed;
407 nargs = gctl_get_paraml(req, "nargs", sizeof(*nargs));
409 gctl_error(req, "No '%s' argument.", "nargs");
413 gctl_error(req, "Missing device(s).");
417 boot = gctl_get_paraml(req, "boot", sizeof(*boot));
420 noboot = gctl_get_paraml(req, "noboot", sizeof(*noboot));
423 if (*boot && *noboot) {
424 gctl_error(req, "Options -b and -B are mutually exclusive.");
427 if (*boot || *noboot)
430 trim = gctl_get_paraml(req, "trim", sizeof(*trim));
433 notrim = gctl_get_paraml(req, "notrim", sizeof(*notrim));
436 if (*trim && *notrim) {
437 gctl_error(req, "Options -t and -T are mutually exclusive.");
440 if (*trim || *notrim)
443 geliboot = gctl_get_paraml(req, "geliboot", sizeof(*geliboot));
444 if (geliboot == NULL)
446 nogeliboot = gctl_get_paraml(req, "nogeliboot", sizeof(*nogeliboot));
447 if (nogeliboot == NULL)
449 if (*geliboot && *nogeliboot) {
450 gctl_error(req, "Options -g and -G are mutually exclusive.");
453 if (*geliboot || *nogeliboot)
456 displaypass = gctl_get_paraml(req, "displaypass", sizeof(*displaypass));
457 if (displaypass == NULL)
459 nodisplaypass = gctl_get_paraml(req, "nodisplaypass", sizeof(*nodisplaypass));
460 if (nodisplaypass == NULL)
461 nodisplaypass = &zero;
462 if (*displaypass && *nodisplaypass) {
463 gctl_error(req, "Options -d and -D are mutually exclusive.");
466 if (*displaypass || *nodisplaypass)
469 autoresize = gctl_get_paraml(req, "autoresize", sizeof(*autoresize));
470 if (autoresize == NULL)
472 noautoresize = gctl_get_paraml(req, "noautoresize",
473 sizeof(*noautoresize));
474 if (noautoresize == NULL)
475 noautoresize = &zero;
476 if (*autoresize && *noautoresize) {
477 gctl_error(req, "Options -r and -R are mutually exclusive.");
480 if (*autoresize || *noautoresize)
484 gctl_error(req, "No option given.");
488 for (i = 0; i < *nargs; i++) {
489 snprintf(param, sizeof(param), "arg%d", i);
490 prov = gctl_get_asciiparam(req, param);
492 gctl_error(req, "No 'arg%d' argument.", i);
495 sc = g_eli_find_device(mp, prov);
498 * We ignore not attached providers, userland part will
501 G_ELI_DEBUG(1, "Skipping configuration of not attached "
502 "provider %s.", prov);
505 if (sc->sc_flags & G_ELI_FLAG_RO) {
506 gctl_error(req, "Cannot change configuration of "
507 "read-only provider %s.", prov);
511 if (*boot && (sc->sc_flags & G_ELI_FLAG_BOOT)) {
512 G_ELI_DEBUG(1, "BOOT flag already configured for %s.",
515 } else if (*noboot && !(sc->sc_flags & G_ELI_FLAG_BOOT)) {
516 G_ELI_DEBUG(1, "BOOT flag not configured for %s.",
521 if (*notrim && (sc->sc_flags & G_ELI_FLAG_NODELETE)) {
522 G_ELI_DEBUG(1, "TRIM disable flag already configured for %s.",
525 } else if (*trim && !(sc->sc_flags & G_ELI_FLAG_NODELETE)) {
526 G_ELI_DEBUG(1, "TRIM disable flag not configured for %s.",
531 if (*geliboot && (sc->sc_flags & G_ELI_FLAG_GELIBOOT)) {
532 G_ELI_DEBUG(1, "GELIBOOT flag already configured for %s.",
535 } else if (*nogeliboot && !(sc->sc_flags & G_ELI_FLAG_GELIBOOT)) {
536 G_ELI_DEBUG(1, "GELIBOOT flag not configured for %s.",
541 if (*displaypass && (sc->sc_flags & G_ELI_FLAG_GELIDISPLAYPASS)) {
542 G_ELI_DEBUG(1, "GELIDISPLAYPASS flag already configured for %s.",
545 } else if (*nodisplaypass &&
546 !(sc->sc_flags & G_ELI_FLAG_GELIDISPLAYPASS)) {
547 G_ELI_DEBUG(1, "GELIDISPLAYPASS flag not configured for %s.",
552 if (*autoresize && (sc->sc_flags & G_ELI_FLAG_AUTORESIZE)) {
553 G_ELI_DEBUG(1, "AUTORESIZE flag already configured for %s.",
556 } else if (*noautoresize &&
557 !(sc->sc_flags & G_ELI_FLAG_AUTORESIZE)) {
558 G_ELI_DEBUG(1, "AUTORESIZE flag not configured for %s.",
563 if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) {
565 * ONETIME providers don't write metadata to
566 * disk, so don't try reading it. This means
567 * we're bit-flipping uninitialized memory in md
568 * below, but that's OK; we don't do anything
571 cp = LIST_FIRST(&sc->sc_geom->consumer);
573 error = g_eli_read_metadata(mp, pp, &md);
576 "Cannot read metadata from %s (error=%d).",
583 md.md_flags |= G_ELI_FLAG_BOOT;
584 sc->sc_flags |= G_ELI_FLAG_BOOT;
585 } else if (*noboot) {
586 md.md_flags &= ~G_ELI_FLAG_BOOT;
587 sc->sc_flags &= ~G_ELI_FLAG_BOOT;
591 md.md_flags |= G_ELI_FLAG_NODELETE;
592 sc->sc_flags |= G_ELI_FLAG_NODELETE;
594 md.md_flags &= ~G_ELI_FLAG_NODELETE;
595 sc->sc_flags &= ~G_ELI_FLAG_NODELETE;
599 md.md_flags |= G_ELI_FLAG_GELIBOOT;
600 sc->sc_flags |= G_ELI_FLAG_GELIBOOT;
601 } else if (*nogeliboot) {
602 md.md_flags &= ~G_ELI_FLAG_GELIBOOT;
603 sc->sc_flags &= ~G_ELI_FLAG_GELIBOOT;
607 md.md_flags |= G_ELI_FLAG_GELIDISPLAYPASS;
608 sc->sc_flags |= G_ELI_FLAG_GELIDISPLAYPASS;
609 } else if (*nodisplaypass) {
610 md.md_flags &= ~G_ELI_FLAG_GELIDISPLAYPASS;
611 sc->sc_flags &= ~G_ELI_FLAG_GELIDISPLAYPASS;
615 md.md_flags |= G_ELI_FLAG_AUTORESIZE;
616 sc->sc_flags |= G_ELI_FLAG_AUTORESIZE;
617 } else if (*noautoresize) {
618 md.md_flags &= ~G_ELI_FLAG_AUTORESIZE;
619 sc->sc_flags &= ~G_ELI_FLAG_AUTORESIZE;
622 if (sc->sc_flags & G_ELI_FLAG_ONETIME) {
623 /* There's no metadata on disk so we are done here. */
627 sector = malloc(pp->sectorsize, M_ELI, M_WAITOK | M_ZERO);
628 eli_metadata_encode(&md, sector);
629 error = g_write_data(cp, pp->mediasize - pp->sectorsize, sector,
633 "Cannot store metadata on %s (error=%d).",
636 explicit_bzero(&md, sizeof(md));
637 zfree(sector, M_ELI);
642 g_eli_ctl_setkey(struct gctl_req *req, struct g_class *mp)
644 struct g_eli_softc *sc;
645 struct g_eli_metadata md;
646 struct g_provider *pp;
647 struct g_consumer *cp;
649 u_char *key, *mkeydst, *sector;
651 int keysize, nkey, error;
655 name = gctl_get_asciiparam(req, "arg0");
657 gctl_error(req, "No 'arg%u' argument.", 0);
660 key = gctl_get_param(req, "key", &keysize);
661 if (key == NULL || keysize != G_ELI_USERKEYLEN) {
662 gctl_error(req, "No '%s' argument.", "key");
665 sc = g_eli_find_device(mp, name);
667 gctl_error(req, "Provider %s is invalid.", name);
670 if (sc->sc_flags & G_ELI_FLAG_RO) {
671 gctl_error(req, "Cannot change keys for read-only provider.");
674 cp = LIST_FIRST(&sc->sc_geom->consumer);
677 error = g_eli_read_metadata(mp, pp, &md);
679 gctl_error(req, "Cannot read metadata from %s (error=%d).",
684 valp = gctl_get_paraml(req, "keyno", sizeof(*valp));
686 gctl_error(req, "No '%s' argument.", "keyno");
693 if (nkey < 0 || nkey >= G_ELI_MAXMKEYS) {
694 gctl_error(req, "Invalid '%s' argument.", "keyno");
698 valp = gctl_get_paraml(req, "iterations", sizeof(*valp));
700 gctl_error(req, "No '%s' argument.", "iterations");
703 /* Check if iterations number should and can be changed. */
704 if (*valp != -1 && md.md_iterations == -1) {
705 md.md_iterations = *valp;
706 } else if (*valp != -1 && *valp != md.md_iterations) {
707 if (bitcount32(md.md_keys) != 1) {
708 gctl_error(req, "To be able to use '-i' option, only "
709 "one key can be defined.");
712 if (md.md_keys != (1 << nkey)) {
713 gctl_error(req, "Only already defined key can be "
714 "changed when '-i' option is used.");
717 md.md_iterations = *valp;
720 mkeydst = md.md_mkeys + nkey * G_ELI_MKEYLEN;
721 md.md_keys |= (1 << nkey);
723 bcopy(sc->sc_mkey, mkeydst, sizeof(sc->sc_mkey));
725 /* Encrypt Master Key with the new key. */
726 error = g_eli_mkey_encrypt(md.md_ealgo, key, md.md_keylen, mkeydst);
727 explicit_bzero(key, keysize);
729 explicit_bzero(&md, sizeof(md));
730 gctl_error(req, "Cannot encrypt Master Key (error=%d).", error);
734 sector = malloc(pp->sectorsize, M_ELI, M_WAITOK | M_ZERO);
735 /* Store metadata with fresh key. */
736 eli_metadata_encode(&md, sector);
737 explicit_bzero(&md, sizeof(md));
738 error = g_write_data(cp, pp->mediasize - pp->sectorsize, sector,
740 zfree(sector, M_ELI);
742 gctl_error(req, "Cannot store metadata on %s (error=%d).",
746 G_ELI_DEBUG(1, "Key %u changed on %s.", nkey, pp->name);
750 g_eli_ctl_delkey(struct gctl_req *req, struct g_class *mp)
752 struct g_eli_softc *sc;
753 struct g_eli_metadata md;
754 struct g_provider *pp;
755 struct g_consumer *cp;
757 u_char *mkeydst, *sector;
760 int error, nkey, *all, *force;
765 nkey = 0; /* fixes causeless gcc warning */
767 name = gctl_get_asciiparam(req, "arg0");
769 gctl_error(req, "No 'arg%u' argument.", 0);
772 sc = g_eli_find_device(mp, name);
774 gctl_error(req, "Provider %s is invalid.", name);
777 if (sc->sc_flags & G_ELI_FLAG_RO) {
778 gctl_error(req, "Cannot delete keys for read-only provider.");
781 cp = LIST_FIRST(&sc->sc_geom->consumer);
784 error = g_eli_read_metadata(mp, pp, &md);
786 gctl_error(req, "Cannot read metadata from %s (error=%d).",
791 all = gctl_get_paraml(req, "all", sizeof(*all));
793 gctl_error(req, "No '%s' argument.", "all");
798 mkeydst = md.md_mkeys;
799 keysize = sizeof(md.md_mkeys);
801 force = gctl_get_paraml(req, "force", sizeof(*force));
803 gctl_error(req, "No '%s' argument.", "force");
807 valp = gctl_get_paraml(req, "keyno", sizeof(*valp));
809 gctl_error(req, "No '%s' argument.", "keyno");
816 if (nkey < 0 || nkey >= G_ELI_MAXMKEYS) {
817 gctl_error(req, "Invalid '%s' argument.", "keyno");
820 if (!(md.md_keys & (1 << nkey)) && !*force) {
821 gctl_error(req, "Master Key %u is not set.", nkey);
824 md.md_keys &= ~(1 << nkey);
825 if (md.md_keys == 0 && !*force) {
826 gctl_error(req, "This is the last Master Key. Use '-f' "
827 "flag if you really want to remove it.");
830 mkeydst = md.md_mkeys + nkey * G_ELI_MKEYLEN;
831 keysize = G_ELI_MKEYLEN;
834 sector = malloc(pp->sectorsize, M_ELI, M_WAITOK | M_ZERO);
835 for (i = 0; i <= g_eli_overwrites; i++) {
836 if (i == g_eli_overwrites)
837 explicit_bzero(mkeydst, keysize);
839 arc4rand(mkeydst, keysize, 0);
840 /* Store metadata with destroyed key. */
841 eli_metadata_encode(&md, sector);
842 error = g_write_data(cp, pp->mediasize - pp->sectorsize, sector,
845 G_ELI_DEBUG(0, "Cannot store metadata on %s "
846 "(error=%d).", pp->name, error);
849 * Flush write cache so we don't overwrite data N times in cache
850 * and only once on disk.
852 (void)g_io_flush(cp);
854 explicit_bzero(&md, sizeof(md));
855 zfree(sector, M_ELI);
857 G_ELI_DEBUG(1, "All keys removed from %s.", pp->name);
859 G_ELI_DEBUG(1, "Key %d removed from %s.", nkey, pp->name);
863 g_eli_suspend_one(struct g_eli_softc *sc, struct gctl_req *req)
865 struct g_eli_worker *wr;
869 KASSERT(sc != NULL, ("NULL sc"));
871 if (sc->sc_flags & G_ELI_FLAG_ONETIME) {
873 "Device %s is using one-time key, suspend not supported.",
878 mtx_lock(&sc->sc_queue_mtx);
879 if (sc->sc_flags & G_ELI_FLAG_SUSPEND) {
880 mtx_unlock(&sc->sc_queue_mtx);
881 gctl_error(req, "Device %s already suspended.",
885 sc->sc_flags |= G_ELI_FLAG_SUSPEND;
888 LIST_FOREACH(wr, &sc->sc_workers, w_next) {
894 /* Not all threads suspended. */
895 msleep(&sc->sc_workers, &sc->sc_queue_mtx, PRIBIO,
899 * Clear sensitive data on suspend, they will be recovered on resume.
901 explicit_bzero(sc->sc_mkey, sizeof(sc->sc_mkey));
902 g_eli_key_destroy(sc);
903 explicit_bzero(sc->sc_akey, sizeof(sc->sc_akey));
904 explicit_bzero(&sc->sc_akeyctx, sizeof(sc->sc_akeyctx));
905 explicit_bzero(sc->sc_ivkey, sizeof(sc->sc_ivkey));
906 explicit_bzero(&sc->sc_ivctx, sizeof(sc->sc_ivctx));
907 mtx_unlock(&sc->sc_queue_mtx);
908 G_ELI_DEBUG(0, "Device %s has been suspended.", sc->sc_name);
912 g_eli_ctl_suspend(struct gctl_req *req, struct g_class *mp)
914 struct g_eli_softc *sc;
919 nargs = gctl_get_paraml(req, "nargs", sizeof(*nargs));
921 gctl_error(req, "No '%s' argument.", "nargs");
924 all = gctl_get_paraml(req, "all", sizeof(*all));
926 gctl_error(req, "No '%s' argument.", "all");
929 if (!*all && *nargs == 0) {
930 gctl_error(req, "Too few arguments.");
935 struct g_geom *gp, *gp2;
937 LIST_FOREACH_SAFE(gp, &mp->geom, geom, gp2) {
939 if (sc->sc_flags & G_ELI_FLAG_ONETIME) {
941 "Device %s is using one-time key, suspend not supported, skipping.",
945 g_eli_suspend_one(sc, req);
952 for (i = 0; i < *nargs; i++) {
953 snprintf(param, sizeof(param), "arg%d", i);
954 prov = gctl_get_asciiparam(req, param);
956 G_ELI_DEBUG(0, "No 'arg%d' argument.", i);
960 sc = g_eli_find_device(mp, prov);
962 G_ELI_DEBUG(0, "No such provider: %s.", prov);
965 g_eli_suspend_one(sc, req);
971 g_eli_ctl_resume(struct gctl_req *req, struct g_class *mp)
973 struct g_eli_metadata md;
974 struct g_eli_softc *sc;
975 struct g_provider *pp;
976 struct g_consumer *cp;
978 u_char *key, mkey[G_ELI_DATAIVKEYLEN];
979 int *nargs, keysize, error;
984 nargs = gctl_get_paraml(req, "nargs", sizeof(*nargs));
986 gctl_error(req, "No '%s' argument.", "nargs");
990 gctl_error(req, "Invalid number of arguments.");
994 name = gctl_get_asciiparam(req, "arg0");
996 gctl_error(req, "No 'arg%u' argument.", 0);
999 key = gctl_get_param(req, "key", &keysize);
1000 if (key == NULL || keysize != G_ELI_USERKEYLEN) {
1001 gctl_error(req, "No '%s' argument.", "key");
1004 sc = g_eli_find_device(mp, name);
1006 gctl_error(req, "Provider %s is invalid.", name);
1009 cp = LIST_FIRST(&sc->sc_geom->consumer);
1011 error = g_eli_read_metadata(mp, pp, &md);
1013 gctl_error(req, "Cannot read metadata from %s (error=%d).",
1017 if (md.md_keys == 0x00) {
1018 explicit_bzero(&md, sizeof(md));
1019 gctl_error(req, "No valid keys on %s.", pp->name);
1023 error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
1024 explicit_bzero(key, keysize);
1026 explicit_bzero(&md, sizeof(md));
1027 gctl_error(req, "Wrong key for %s.", pp->name);
1029 } else if (error > 0) {
1030 explicit_bzero(&md, sizeof(md));
1031 gctl_error(req, "Cannot decrypt Master Key for %s (error=%d).",
1035 G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name);
1037 mtx_lock(&sc->sc_queue_mtx);
1038 if (!(sc->sc_flags & G_ELI_FLAG_SUSPEND))
1039 gctl_error(req, "Device %s is not suspended.", name);
1041 /* Restore sc_mkey, sc_ekeys, sc_akey and sc_ivkey. */
1042 g_eli_mkey_propagate(sc, mkey);
1043 sc->sc_flags &= ~G_ELI_FLAG_SUSPEND;
1044 G_ELI_DEBUG(1, "Resumed %s.", pp->name);
1047 mtx_unlock(&sc->sc_queue_mtx);
1048 explicit_bzero(mkey, sizeof(mkey));
1049 explicit_bzero(&md, sizeof(md));
1053 g_eli_kill_one(struct g_eli_softc *sc)
1055 struct g_provider *pp;
1056 struct g_consumer *cp;
1059 g_topology_assert();
1064 pp = LIST_FIRST(&sc->sc_geom->provider);
1065 g_error_provider(pp, ENXIO);
1067 cp = LIST_FIRST(&sc->sc_geom->consumer);
1070 if (sc->sc_flags & G_ELI_FLAG_RO) {
1071 G_ELI_DEBUG(0, "WARNING: Metadata won't be erased on read-only "
1072 "provider: %s.", pp->name);
1078 sector = malloc(pp->sectorsize, M_ELI, M_WAITOK);
1079 for (i = 0; i <= g_eli_overwrites; i++) {
1080 if (i == g_eli_overwrites)
1081 bzero(sector, pp->sectorsize);
1083 arc4rand(sector, pp->sectorsize, 0);
1084 err = g_write_data(cp, pp->mediasize - pp->sectorsize,
1085 sector, pp->sectorsize);
1087 G_ELI_DEBUG(0, "Cannot erase metadata on %s "
1088 "(error=%d).", pp->name, err);
1093 * Flush write cache so we don't overwrite data N times
1094 * in cache and only once on disk.
1096 (void)g_io_flush(cp);
1098 free(sector, M_ELI);
1101 G_ELI_DEBUG(0, "%s has been killed.", pp->name);
1102 g_eli_destroy(sc, TRUE);
1107 g_eli_ctl_kill(struct gctl_req *req, struct g_class *mp)
1112 g_topology_assert();
1114 nargs = gctl_get_paraml(req, "nargs", sizeof(*nargs));
1115 if (nargs == NULL) {
1116 gctl_error(req, "No '%s' argument.", "nargs");
1119 all = gctl_get_paraml(req, "all", sizeof(*all));
1121 gctl_error(req, "No '%s' argument.", "all");
1124 if (!*all && *nargs == 0) {
1125 gctl_error(req, "Too few arguments.");
1130 struct g_geom *gp, *gp2;
1132 LIST_FOREACH_SAFE(gp, &mp->geom, geom, gp2) {
1133 error = g_eli_kill_one(gp->softc);
1135 gctl_error(req, "Not fully done.");
1138 struct g_eli_softc *sc;
1143 for (i = 0; i < *nargs; i++) {
1144 snprintf(param, sizeof(param), "arg%d", i);
1145 prov = gctl_get_asciiparam(req, param);
1147 G_ELI_DEBUG(0, "No 'arg%d' argument.", i);
1151 sc = g_eli_find_device(mp, prov);
1153 G_ELI_DEBUG(0, "No such provider: %s.", prov);
1156 error = g_eli_kill_one(sc);
1158 gctl_error(req, "Not fully done.");
1164 g_eli_config(struct gctl_req *req, struct g_class *mp, const char *verb)
1168 g_topology_assert();
1170 version = gctl_get_paraml(req, "version", sizeof(*version));
1171 if (version == NULL) {
1172 gctl_error(req, "No '%s' argument.", "version");
1175 while (*version != G_ELI_VERSION) {
1176 if (G_ELI_VERSION == G_ELI_VERSION_06 &&
1177 *version == G_ELI_VERSION_05) {
1181 if (G_ELI_VERSION == G_ELI_VERSION_07 &&
1182 (*version == G_ELI_VERSION_05 ||
1183 *version == G_ELI_VERSION_06)) {
1187 gctl_error(req, "Userland and kernel parts are out of sync.");
1191 if (strcmp(verb, "attach") == 0)
1192 g_eli_ctl_attach(req, mp);
1193 else if (strcmp(verb, "detach") == 0 || strcmp(verb, "stop") == 0)
1194 g_eli_ctl_detach(req, mp);
1195 else if (strcmp(verb, "onetime") == 0)
1196 g_eli_ctl_onetime(req, mp);
1197 else if (strcmp(verb, "configure") == 0)
1198 g_eli_ctl_configure(req, mp);
1199 else if (strcmp(verb, "setkey") == 0)
1200 g_eli_ctl_setkey(req, mp);
1201 else if (strcmp(verb, "delkey") == 0)
1202 g_eli_ctl_delkey(req, mp);
1203 else if (strcmp(verb, "suspend") == 0)
1204 g_eli_ctl_suspend(req, mp);
1205 else if (strcmp(verb, "resume") == 0)
1206 g_eli_ctl_resume(req, mp);
1207 else if (strcmp(verb, "kill") == 0)
1208 g_eli_ctl_kill(req, mp);
1210 gctl_error(req, "Unknown verb.");