Commit Graph

23 Commits

Author SHA1 Message Date
Poul-Henning Kamp
0322f8dc8d Comment typo 2005-07-20 18:08:16 +00:00
Hajimu UMEMOTO
68527b3aad stop including rijndael-api-fst.h from rijndael.h.
this is required to integrate opencrypto into crypto.
2005-03-11 15:42:51 +00:00
Warner Losh
fa521b0366 /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 18:27:30 +00:00
Poul-Henning Kamp
4090065137 Fix a problem that shows up if less than the full complement of
lock sectors are defined ("number_of_keys" argument to gbde init being
less than 4 in the default compile).
2004-09-11 17:58:53 +00:00
Poul-Henning Kamp
bbf53bc053 Remove the MD5_KEY debugging tool 2004-01-23 11:47:06 +00:00
Poul-Henning Kamp
d5ce9dac89 Correct bzero length so we clear the entire key structure. 2003-09-08 18:35:26 +00:00
Poul-Henning Kamp
a8c1568e29 Bzero the right number of bytes.
Found by:	Juergen Buchmueller <pullmoll@stop1984.com>
2003-09-06 18:37:17 +00:00
Poul-Henning Kamp
fc29c9de5c Don't use & in front of arrays.
Found by:       FlexeLint
2003-05-31 19:23:11 +00:00
Poul-Henning Kamp
039b4cba75 Considering that I did cast the arguments to (intmax_t) I must have
been sleepy since I used %qd instead of %jd.
2003-05-02 19:08:57 +00:00
Poul-Henning Kamp
c7f3baedf3 Fix an obscure fencepost error in GBDE's sector mapping code:
For certain combinations of sectorsize, mediasize and random numbers
(used to define the mapping), a multisector read or write would ignore
some subset of the sectors past the first sector in the request because
those sectors would be mapped past the end of the parent device, and
normal "end of media" truncation would zap that part of the request.

Rev 1.19+1.20 of g_bde_work.c added the check which should have alerted
me to this happening.  This commit maps the request correctly and
adds KASSERTS to make sure things stay inside the parent device.

This does not change the on-disk layout of GBDE, there is no need to
backup/restore.
2003-04-29 19:46:42 +00:00
Poul-Henning Kamp
90336bb4d8 I accidentally leaked this debugging tool in with my last commit.
Disable it with a direct warning.
2003-04-28 17:57:12 +00:00
Poul-Henning Kamp
306babd20c Rename g_bde_get_sector() to g_bde_get_keysector() and pick up the
offset from the work packet.
2003-04-28 06:38:31 +00:00
Poul-Henning Kamp
82db45a5af Use sys/endian.h instead of geom_enc.c for endian-agnostfication. 2003-04-03 11:33:51 +00:00
Poul-Henning Kamp
b4b138c27f Including <sys/stdint.h> is (almost?) universally only to be able to use
%j in printfs, so put a newsted include in <sys/systm.h> where the printf
prototype lives and save everybody else the trouble.
2003-03-18 08:45:25 +00:00
Poul-Henning Kamp
ea6ff0649f Limit our requests to DFLTPHYS, this is generally a good idea for
memory-allocation purposes.  Right now it is also a very good idea
because we hit a Giant assertion in the free(9) processing if we
free something larger than 64k.
2003-03-07 19:09:46 +00:00
Poul-Henning Kamp
acb161b16f Optimize the size of the work-items by letting the mapping function
decide the largest size which stays inside the zone and does not
collide with a lock sector.
2003-01-02 19:29:49 +00:00
Poul-Henning Kamp
1e90b74683 Solve another bug in the mapping code: correctly skip lock sectors.
Make sure sector zero is protected if it contains metadata.

Lower WARNS for gbde to 3 on non-i386 archs.  rijndael-fst is evil
but appearntly does the right thing and passes the test-vectors.

MFC Candidate.
2002-12-18 22:11:54 +00:00
Poul-Henning Kamp
88806cc28c Fix two blunders in the mapping functions which can lead to corrupt data,
for request sizes larger than the sectorsize or for multi-key setups.

See warning mailed to current@ for details of recovery.

Found by:	Marcus Reid <marcus@blazingdot.com>
2002-12-18 19:57:27 +00:00
Poul-Henning Kamp
19c61e97fb Conceiveably, there may exist an algorithm which can tell if a sequence of bytes
are the output of AES/128/CBC or ARC4RANDOM.  Encrypt the random data with which
we wipe when we get a BIO_DELETE to make such an algorithm useful.

Sponsored by:	DARPA & NAI Labs
Approved by:	re (blanket)
2002-12-01 15:50:48 +00:00
Poul-Henning Kamp
5afa461402 Run a revision on the GBDE encryption facility.
Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.

Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.

This code has still not been stared at for 10 years by a gang of
hard-core cryptographers.  Discretion advised.

NB: These changes result in the on-disk format changing: dump/restore needed.

Sponsored by:   DARPA & NAI Labs.
2002-11-04 09:27:01 +00:00
Poul-Henning Kamp
6c4a970782 Change the kkey generation cherry-picker to use MD5.
Sponsored by:	DARPA & NAI Labs
2002-10-30 22:13:54 +00:00
Poul-Henning Kamp
1907a57b5f Fix a bug in the cherry-picker kkey generator routine.
WARNING:  You need to backup and restore the _unencrypted_ contents
WARNING:  of your GBDE disks when you take this update!

Sponsored by:	DARPA & NAI Labs.
2002-10-28 11:06:58 +00:00
Poul-Henning Kamp
19b5c7bc4b Add Geom Based Disk Encryption to the tree.
This is an encryption module designed for to secure denial of access
to the contents of "cold disks" with or without destruction activation.

Major features:

   * Based on AES, MD5 and ARC4 algorithms.
   * Four cryptographic barriers:
        1) Pass-phrase encrypts the master key.
        2) Pass-phrase + Lock data locates master key.
        3) 128 bit key derived from 2048 bit master key protects sector key.
        3) 128 bit random single-use sector keys protect data payload.
   * Up to four different changeable pass-phrases.
   * Blackening feature for provable destruction of master key material.
   * Isotropic disk contents offers no information about sector contents.
   * Configurable destination sector range allows steganographic deployment.

This commit adds the kernel part, separate commits will follow for the
userland utility and documentation.

This software was developed for the FreeBSD Project by Poul-Henning Kamp and
NAI Labs, the Security Research Division of Network Associates, Inc.  under
DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
research program.

Many thanks to Robert Watson, CBOSS Principal Investigator for making this
possible.

Sponsored by:   DARPA & NAI Labs.
2002-10-19 17:02:17 +00:00