d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Constify input to the arc4 seed function.

Browse Source 
Implement the lockfile hunting in sector zero.

Sponsored by:	DARPA & NAI Labs.
This commit is contained in:
Poul-Henning Kamp 2002-10-20 11:09:58 +00:00
parent 9d649c1fd0
commit 8e91949016
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=105512
2 changed files with 52 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/geom/bde/g_bde.h
View File

@ -91,6 +91,7 @@ struct g_bde_key {
/* Physical offsets */ /* Physical offsets */
uint32_t sectorsize; uint32_t sectorsize;
uint32_t flags; uint32_t flags;
/* 1 = lockfile in sector 0 */
uint8_t hash[16]; uint8_t hash[16];
uint8_t spare[48]; uint8_t spare[48];
uint8_t key[G_BDE_MKEYLEN]; uint8_t key[G_BDE_MKEYLEN];
@ -135,7 +136,7 @@ void g_bde_encode_lock(struct g_bde_key *gl, u_char *ptr);
void g_bde_decode_lock(struct g_bde_key *gl, u_char *ptr); void g_bde_decode_lock(struct g_bde_key *gl, u_char *ptr);
u_char g_bde_arc4(struct g_bde_softc *sc); u_char g_bde_arc4(struct g_bde_softc *sc);
void g_bde_arc4_seq(struct g_bde_softc *sc, void *ptr, u_int len); void g_bde_arc4_seq(struct g_bde_softc *sc, void *ptr, u_int len);
void g_bde_arc4_seed(struct g_bde_softc *sc, void *ptr, u_int len); void g_bde_arc4_seed(struct g_bde_softc *sc, const void *ptr, u_int len);
int g_bde_keyloc_encrypt(struct g_bde_softc *sc, void *input, void *output); int g_bde_keyloc_encrypt(struct g_bde_softc *sc, void *input, void *output);
int g_bde_keyloc_decrypt(struct g_bde_softc *sc, void *input, void *output); int g_bde_keyloc_decrypt(struct g_bde_softc *sc, void *input, void *output);
int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey); int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey);

58
sys/geom/bde/g_bde_lock.c
View File

@ -143,9 +143,10 @@ g_bde_arc4_seq(struct g_bde_softc *sc, void *ptr, u_int len)
} }
void void
g_bde_arc4_seed(struct g_bde_softc *sc, void *ptr, u_int len) g_bde_arc4_seed(struct g_bde_softc *sc, const void *ptr, u_int len)
{ {
u_char k[256], *p, c; u_char k[256], c;
const u_char *p;
u_int i; u_int i;
p = ptr; p = ptr;
@ -180,6 +181,8 @@ g_bde_keyloc_encrypt(struct g_bde_softc *sc, void *input, void *output)
keyInstance ki; keyInstance ki;
cipherInstance ci; cipherInstance ci;
bcopy(input, output, 16);
return 0;
rijndael_cipherInit(&ci, MODE_CBC, NULL); rijndael_cipherInit(&ci, MODE_CBC, NULL);
p = input; p = input;
g_bde_arc4_seq(sc, buf, sizeof buf); g_bde_arc4_seq(sc, buf, sizeof buf);
@ -189,6 +192,7 @@ g_bde_keyloc_encrypt(struct g_bde_softc *sc, void *input, void *output)
rijndael_makeKey(&ki, DIR_ENCRYPT, G_BDE_KKEYBITS, buf); rijndael_makeKey(&ki, DIR_ENCRYPT, G_BDE_KKEYBITS, buf);
rijndael_blockEncrypt(&ci, &ki, buf1, 16 * 8, output); rijndael_blockEncrypt(&ci, &ki, buf1, 16 * 8, output);
bzero(&ci, sizeof ci); bzero(&ci, sizeof ci);
bzero(&ki, sizeof ki);
return (0); return (0);
} }
@ -201,6 +205,8 @@ g_bde_keyloc_decrypt(struct g_bde_softc *sc, void *input, void *output)
keyInstance ki; keyInstance ki;
cipherInstance ci; cipherInstance ci;
bcopy(input, output, 16);
return 0;
rijndael_cipherInit(&ci, MODE_CBC, NULL); rijndael_cipherInit(&ci, MODE_CBC, NULL);
g_bde_arc4_seq(sc, buf1, sizeof buf1); g_bde_arc4_seq(sc, buf1, sizeof buf1);
g_bde_arc4_seq(sc, buf2, sizeof buf2); g_bde_arc4_seq(sc, buf2, sizeof buf2);
@ -210,15 +216,16 @@ g_bde_keyloc_decrypt(struct g_bde_softc *sc, void *input, void *output)
for (i = 0; i < sizeof buf1; i++) for (i = 0; i < sizeof buf1; i++)
p[i] ^= buf1[i]; p[i] ^= buf1[i];
bzero(&ci, sizeof ci); bzero(&ci, sizeof ci);
bzero(&ki, sizeof ki);
return (0); return (0);
} }
/* /*
* Encode/Decode lock sectors. * Encode/Decode lock sectors, do the real work.
*/ */
int static int
g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey) g_bde_decrypt_lockx(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey)
{ {
u_char *buf, k1buf[16], k2buf[G_BDE_LOCKSIZE], k3buf[16], *q; u_char *buf, k1buf[16], k2buf[G_BDE_LOCKSIZE], k3buf[16], *q;
struct g_bde_key *gl; struct g_bde_key *gl;
@ -239,7 +246,7 @@ g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t med
if (off[0] + G_BDE_LOCKSIZE > (uint64_t)mediasize) { if (off[0] + G_BDE_LOCKSIZE > (uint64_t)mediasize) {
bzero(off, sizeof off); bzero(off, sizeof off);
return (ESRCH); return (EINVAL);
} }
off[1] = 0; off[1] = 0;
m = 1; m = 1;
@ -256,7 +263,7 @@ g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t med
q = buf + off[0] % sectorsize; q = buf + off[0] % sectorsize;
off[1] = 0; off[1] = 0;
for (i = 0; i < (int)sizeof(*gl); i++) for (i = 0; i < G_BDE_LOCKSIZE; i++)
off[1] += q[i]; off[1] += q[i];
if (off[1] == 0) { if (off[1] == 0) {
@ -287,7 +294,7 @@ g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t med
bzero(buf, sectorsize * m); bzero(buf, sectorsize * m);
g_free(buf); g_free(buf);
off[0] = 0; off[0] = 0;
return (ESRCH); return (ENOTDIR);
} }
bzero(k1buf, sizeof k1buf); bzero(k1buf, sizeof k1buf);
@ -309,3 +316,38 @@ g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t med
return (0); return (0);
} }
/*
* Encode/Decode lock sectors.
*/
int
g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *sbox, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey)
{
u_char *buf, buf1[16];
int error, e, i;
bzero(buf1, sizeof buf1);
if (bcmp(buf1, meta, sizeof buf1))
return (g_bde_decrypt_lockx(sc, sbox, meta, mediasize,
sectorsize, nkey));
buf = g_read_data(sc->consumer, 0, sectorsize, &error);
if (buf == NULL)
return(error);
error = 0;
for (i = 0; i < G_BDE_MAXKEYS; i++) {
e = g_bde_decrypt_lockx(sc, sbox, buf + i * 16, mediasize,
sectorsize, nkey);
if (e == 0 || e == ENOENT) {
error = e;
break;
}
if (e == ESRCH)
error = ENOTDIR;
else if (e != 0)
error = e;
}
g_free(buf);
return (error);
}