133cdd9e13
update the Fortuna code to use SHAd-256 as defined in FS&K. Approved by: so (self)
212 lines
6.4 KiB
C
212 lines
6.4 KiB
C
/*-
|
|
* Copyright (c) 2002 Poul-Henning Kamp
|
|
* Copyright (c) 2002 Networks Associates Technology, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This software was developed for the FreeBSD Project by Poul-Henning Kamp
|
|
* and NAI Labs, the Security Research Division of Network Associates, Inc.
|
|
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
|
* DARPA CHATS research program.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#ifndef _SYS_GEOM_BDE_G_BDE_H_
|
|
#define _SYS_GEOM_BDE_G_BDE_H_ 1
|
|
|
|
/*
|
|
* These are quite, but not entirely unlike constants.
|
|
*
|
|
* They are not commented in details here, to prevent unadvisable
|
|
* experimentation. Please consult the code where they are used before you
|
|
* even think about modifying these.
|
|
*/
|
|
|
|
#define G_BDE_MKEYLEN (2048/8)
|
|
#define G_BDE_SKEYBITS 128
|
|
#define G_BDE_SKEYLEN (G_BDE_SKEYBITS/8)
|
|
#define G_BDE_KKEYBITS 128
|
|
#define G_BDE_KKEYLEN (G_BDE_KKEYBITS/8)
|
|
#define G_BDE_MAXKEYS 4
|
|
#define G_BDE_LOCKSIZE 384
|
|
#define NLOCK_FIELDS 13
|
|
|
|
|
|
/* This just needs to be "large enough" */
|
|
#define G_BDE_KEYBYTES 304
|
|
|
|
struct g_bde_work;
|
|
struct g_bde_softc;
|
|
|
|
struct g_bde_sector {
|
|
struct g_bde_work *owner;
|
|
struct g_bde_softc *softc;
|
|
off_t offset;
|
|
u_int size;
|
|
u_int ref;
|
|
void *data;
|
|
TAILQ_ENTRY(g_bde_sector) list;
|
|
u_char valid;
|
|
u_char malloc;
|
|
enum {JUNK, IO, VALID} state;
|
|
int error;
|
|
time_t used;
|
|
};
|
|
|
|
struct g_bde_work {
|
|
struct mtx mutex;
|
|
off_t offset;
|
|
off_t length;
|
|
void *data;
|
|
struct bio *bp;
|
|
struct g_bde_softc *softc;
|
|
off_t so;
|
|
off_t kso;
|
|
u_int ko;
|
|
struct g_bde_sector *sp;
|
|
struct g_bde_sector *ksp;
|
|
TAILQ_ENTRY(g_bde_work) list;
|
|
enum {SETUP, WAIT, FINISH} state;
|
|
int error;
|
|
};
|
|
|
|
/*
|
|
* The decrypted contents of the lock sectors. Notice that this is not
|
|
* the same as the on-disk layout. The on-disk layout is dynamic and
|
|
* dependent on the pass-phrase.
|
|
*/
|
|
struct g_bde_key {
|
|
uint64_t sector0;
|
|
/* Physical byte offset of 1st byte used */
|
|
uint64_t sectorN;
|
|
/* Physical byte offset of 1st byte not used */
|
|
uint64_t keyoffset;
|
|
/* Number of bytes the disk image is skewed. */
|
|
uint64_t lsector[G_BDE_MAXKEYS];
|
|
/* Physical byte offsets of lock sectors */
|
|
uint32_t sectorsize;
|
|
/* Our "logical" sector size */
|
|
uint32_t flags;
|
|
#define GBDE_F_SECT0 1
|
|
uint8_t salt[16];
|
|
/* Used to frustate the kkey generation */
|
|
uint8_t spare[32];
|
|
/* For future use, random contents */
|
|
uint8_t mkey[G_BDE_MKEYLEN];
|
|
/* Our masterkey. */
|
|
|
|
/* Non-stored help-fields */
|
|
uint64_t zone_width; /* On-disk width of zone */
|
|
uint64_t zone_cont; /* Payload width of zone */
|
|
uint64_t media_width; /* Non-magic width of zone */
|
|
u_int keys_per_sector;
|
|
};
|
|
|
|
struct g_bde_softc {
|
|
off_t mediasize;
|
|
u_int sectorsize;
|
|
uint64_t zone_cont;
|
|
struct g_geom *geom;
|
|
struct g_consumer *consumer;
|
|
TAILQ_HEAD(, g_bde_sector) freelist;
|
|
TAILQ_HEAD(, g_bde_work) worklist;
|
|
struct mtx worklist_mutex;
|
|
struct proc *thread;
|
|
struct g_bde_key key;
|
|
int dead;
|
|
u_int nwork;
|
|
u_int nsect;
|
|
u_int ncache;
|
|
u_char sha2[SHA512_DIGEST_LENGTH];
|
|
};
|
|
|
|
/* g_bde_crypt.c */
|
|
void g_bde_crypt_delete(struct g_bde_work *wp);
|
|
void g_bde_crypt_read(struct g_bde_work *wp);
|
|
void g_bde_crypt_write(struct g_bde_work *wp);
|
|
|
|
/* g_bde_key.c */
|
|
void g_bde_zap_key(struct g_bde_softc *sc);
|
|
int g_bde_get_key(struct g_bde_softc *sc, void *ptr, int len);
|
|
int g_bde_init_keybytes(struct g_bde_softc *sc, char *passp, int len);
|
|
|
|
/* g_bde_lock .c */
|
|
int g_bde_encode_lock(u_char *sha2, struct g_bde_key *gl, u_char *ptr);
|
|
int g_bde_decode_lock(struct g_bde_softc *sc, struct g_bde_key *gl, u_char *ptr);
|
|
int g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64_t v1, void *output);
|
|
int g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64_t *output);
|
|
int g_bde_decrypt_lock(struct g_bde_softc *sc, u_char *keymat, u_char *meta, off_t mediasize, u_int sectorsize, u_int *nkey);
|
|
void g_bde_hash_pass(struct g_bde_softc *sc, const void *input, u_int len);
|
|
|
|
/* g_bde_math .c */
|
|
uint64_t g_bde_max_sector(struct g_bde_key *lp);
|
|
void g_bde_map_sector(struct g_bde_work *wp);
|
|
|
|
/* g_bde_work.c */
|
|
void g_bde_start1(struct bio *bp);
|
|
void g_bde_worker(void *arg);
|
|
|
|
/*
|
|
* These four functions wrap the raw Rijndael functions and make sure we
|
|
* explode if something fails which shouldn't.
|
|
*/
|
|
|
|
static __inline void
|
|
AES_init(cipherInstance *ci)
|
|
{
|
|
int error;
|
|
|
|
error = rijndael_cipherInit(ci, MODE_CBC, NULL);
|
|
KASSERT(error > 0, ("rijndael_cipherInit %d", error));
|
|
}
|
|
|
|
static __inline void
|
|
AES_makekey(keyInstance *ki, int dir, u_int len, const void *key)
|
|
{
|
|
int error;
|
|
|
|
error = rijndael_makeKey(ki, dir, len, key);
|
|
KASSERT(error > 0, ("rijndael_makeKey %d", error));
|
|
}
|
|
|
|
static __inline void
|
|
AES_encrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len)
|
|
{
|
|
int error;
|
|
|
|
error = rijndael_blockEncrypt(ci, ki, in, len * 8, out);
|
|
KASSERT(error > 0, ("rijndael_blockEncrypt %d", error));
|
|
}
|
|
|
|
static __inline void
|
|
AES_decrypt(cipherInstance *ci, keyInstance *ki, const void *in, void *out, u_int len)
|
|
{
|
|
int error;
|
|
|
|
error = rijndael_blockDecrypt(ci, ki, in, len * 8, out);
|
|
KASSERT(error > 0, ("rijndael_blockDecrypt %d", error));
|
|
}
|
|
|
|
#endif /* _SYS_GEOM_BDE_G_BDE_H_ */
|