Before using byte offset for IV creation, covert it to little endian.

This way one will be able to use provider encrypted on eg. i386 on
eg. sparc64. This doesn't really buy us much today, because UFS isn't
endian agnostic.

We retain backward compatibility by setting G_ELI_FLAG_NATIVE_BYTE_ORDER
flag on devices with version number less than 2 and not converting the
offset.

sys/geom/eli/g_eli.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+ * Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -365,9 +365,11 @@ void
 g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv,
     size_t size)
 {
-	u_char hash[SHA256_DIGEST_LENGTH];
+	u_char off[8], hash[SHA256_DIGEST_LENGTH];
 	SHA256_CTX ctx;
 
+	if (!(sc->sc_flags & G_ELI_FLAG_NATIVE_BYTE_ORDER))
+		le64enc(off, (uint64_t)offset);
 	/* Copy precalculated SHA256 context for IV-Key. */
 	bcopy(&sc->sc_ivctx, &ctx, sizeof(ctx));
 	SHA256_Update(&ctx, (uint8_t *)&offset, sizeof(offset));
@@ -515,6 +517,9 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp,
 
 	sc->sc_crypto = G_ELI_CRYPTO_SW;
 	sc->sc_flags = md->md_flags;
+	/* Backward compatibility. */
+	if (md->md_version < 2)
+		sc->sc_flags |= G_ELI_FLAG_NATIVE_BYTE_ORDER;
 	sc->sc_ealgo = md->md_ealgo;
 	sc->sc_nkey = nkey;
 	/*
@@ -999,6 +1004,7 @@ g_eli_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp,
 		sbuf_printf(sb, name);					\
 	}								\
 } while (0)
+		ADD_FLAG(G_ELI_FLAG_NATIVE_BYTE_ORDER, "NATIVE-BYTE-ORDER");
 		ADD_FLAG(G_ELI_FLAG_ONETIME, "ONETIME");
 		ADD_FLAG(G_ELI_FLAG_BOOT, "BOOT");
 		ADD_FLAG(G_ELI_FLAG_WO_DETACH, "W-DETACH");

sys/geom/eli/g_eli.h

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+ * Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -57,27 +57,31 @@
  * 1 - Added data authentication support (md_aalgo field and
  *     G_ELI_FLAG_AUTH flag).
  * 2 - Added G_ELI_FLAG_READONLY.
+ *   - IV is generated from offset converted to little-endian
+ *     (flag G_ELI_FLAG_NATIVE_BYTE_ORDER will be set for older versions).
  */
 #define	G_ELI_VERSION		2
 
 /* ON DISK FLAGS. */
 /* Use random, onetime keys. */
-#define	G_ELI_FLAG_ONETIME	0x00000001
+#define	G_ELI_FLAG_ONETIME		0x00000001
 /* Ask for the passphrase from the kernel, before mounting root. */
-#define	G_ELI_FLAG_BOOT		0x00000002
+#define	G_ELI_FLAG_BOOT			0x00000002
 /* Detach on last close, if we were open for writing. */
-#define	G_ELI_FLAG_WO_DETACH	0x00000004
+#define	G_ELI_FLAG_WO_DETACH		0x00000004
 /* Detach on last close. */
-#define	G_ELI_FLAG_RW_DETACH	0x00000008
+#define	G_ELI_FLAG_RW_DETACH		0x00000008
 /* Provide data authentication. */
-#define	G_ELI_FLAG_AUTH		0x00000010
+#define	G_ELI_FLAG_AUTH			0x00000010
 /* Provider is read-only, we should deny all write attempts. */
-#define	G_ELI_FLAG_RO		0x00000020
+#define	G_ELI_FLAG_RO			0x00000020
 /* RUNTIME FLAGS. */
 /* Provider was open for writing. */
-#define	G_ELI_FLAG_WOPEN	0x00010000
+#define	G_ELI_FLAG_WOPEN		0x00010000
 /* Destroy device. */
-#define	G_ELI_FLAG_DESTROY	0x00020000
+#define	G_ELI_FLAG_DESTROY		0x00020000
+/* Provider uses native byte-order for IV generation. */
+#define	G_ELI_FLAG_NATIVE_BYTE_ORDER	0x00040000
 
 #define	SHA512_MDLEN		64
 #define	G_ELI_AUTH_SECKEYLEN	SHA256_DIGEST_LENGTH