Lines Matching full:sd
111 sr_crypto_discipline_init(struct sr_discipline *sd)
116 sd->sd_type = SR_MD_CRYPTO;
117 strlcpy(sd->sd_name, "CRYPTO", sizeof(sd->sd_name));
118 sd->sd_capabilities = SR_CAP_SYSTEM_DISK | SR_CAP_AUTO_ASSEMBLE;
119 sd->sd_max_wu = SR_CRYPTO_NOWU;
122 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
125 sd->sd_alloc_resources = sr_crypto_alloc_resources;
126 sd->sd_assemble = sr_crypto_assemble;
127 sd->sd_create = sr_crypto_create;
128 sd->sd_free_resources = sr_crypto_free_resources;
129 sd->sd_ioctl_handler = sr_crypto_ioctl;
130 sd->sd_meta_opt_handler = sr_crypto_meta_opt_handler;
131 sd->sd_scsi_rw = sr_crypto_rw;
132 sd->sd_scsi_done = sr_crypto_done;
136 sr_crypto_create(struct sr_discipline *sd, struct bioc_createraid *bc,
143 sr_error(sd->sd_sc, "%s requires exactly one chunk",
144 sd->sd_name);
155 SLIST_INSERT_HEAD(&sd->sd_meta_opt, omi, omi_link);
156 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)omi->omi_som;
157 sd->sd_meta->ssdi.ssd_opt_no++;
159 sd->mds.mdd_crypto.key_disk = NULL;
164 if (sr_crypto_get_kdf(bc, sd))
166 sd->mds.mdd_crypto.key_disk =
167 sr_crypto_create_key_disk(sd, bc->bc_key_disk);
168 if (sd->mds.mdd_crypto.key_disk == NULL)
170 sd->sd_capabilities |= SR_CAP_AUTO_ASSEMBLE;
179 } else if (sr_crypto_get_kdf(bc, sd))
186 sd->sd_meta->ssdi.ssd_size = coerced_size;
188 sr_crypto_create_keys(sd);
190 sd->sd_max_ccb_per_wu = no_chunk;
198 sr_crypto_assemble(struct sr_discipline *sd, struct bioc_createraid *bc,
203 sd->mds.mdd_crypto.key_disk = NULL;
206 if (sd->mds.mdd_crypto.scr_meta == NULL)
211 bcopy(data, sd->mds.mdd_crypto.scr_maskkey,
212 sizeof(sd->mds.mdd_crypto.scr_maskkey));
215 sd->mds.mdd_crypto.key_disk =
216 sr_crypto_read_key_disk(sd, bc->bc_key_disk);
217 if (sd->mds.mdd_crypto.key_disk == NULL)
224 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) <
228 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
238 if (sr_crypto_get_kdf(bc, sd))
243 sd->sd_max_ccb_per_wu = sd->sd_meta->ssdi.ssd_chunk_no;
254 struct sr_discipline *sd = wu->swu_dis;
262 DEVNAME(sd->sd_sc), wu, encrypt);
264 mtx_enter(&sd->mds.mdd_crypto.scr_mutex);
265 if ((crwu = TAILQ_FIRST(&sd->mds.mdd_crypto.scr_wus)) != NULL)
266 TAILQ_REMOVE(&sd->mds.mdd_crypto.scr_wus, crwu, cr_link);
267 mtx_leave(&sd->mds.mdd_crypto.scr_mutex);
306 crwu->cr_crp->crp_sid = sd->mds.mdd_crypto.scr_sid[keyndx];
321 switch (sd->mds.mdd_crypto.scr_meta->scm_alg) {
331 crd->crd_key = sd->mds.mdd_crypto.scr_key[0];
351 struct sr_discipline *sd = wu->swu_dis;
359 mtx_enter(&sd->mds.mdd_crypto.scr_mutex);
360 TAILQ_INSERT_TAIL(&sd->mds.mdd_crypto.scr_wus, crwu, cr_link);
361 mtx_leave(&sd->mds.mdd_crypto.scr_mutex);
365 sr_crypto_get_kdf(struct bioc_createraid *bc, struct sr_discipline *sd)
386 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) <
390 sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
396 if (sizeof(sd->mds.mdd_crypto.scr_maskkey) <
399 bcopy(&kdfinfo->maskkey, sd->mds.mdd_crypto.scr_maskkey,
492 sr_crypto_decrypt_key(struct sr_discipline *sd)
497 DNPRINTF(SR_D_DIS, "%s: sr_crypto_decrypt_key\n", DEVNAME(sd->sd_sc));
499 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1)
502 if (sr_crypto_decrypt((u_char *)sd->mds.mdd_crypto.scr_meta->scm_key,
503 (u_char *)sd->mds.mdd_crypto.scr_key,
504 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key),
505 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1)
509 sr_crypto_dumpkeys(sd);
513 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey,
514 sizeof(sd->mds.mdd_crypto.scr_maskkey),
515 (u_int8_t *)sd->mds.mdd_crypto.scr_key,
516 sizeof(sd->mds.mdd_crypto.scr_key),
518 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac,
520 explicit_bzero(sd->mds.mdd_crypto.scr_key,
521 sizeof(sd->mds.mdd_crypto.scr_key));
528 explicit_bzero(&sd->mds.mdd_crypto.scr_maskkey,
529 sizeof(sd->mds.mdd_crypto.scr_maskkey));
537 sr_crypto_create_keys(struct sr_discipline *sd)
541 DEVNAME(sd->sd_sc));
543 if (AES_MAXKEYBYTES < sizeof(sd->mds.mdd_crypto.scr_maskkey))
547 sd->mds.mdd_crypto.scr_meta->scm_alg = SR_CRYPTOA_AES_XTS_256;
550 arc4random_buf(sd->mds.mdd_crypto.scr_key,
551 sizeof(sd->mds.mdd_crypto.scr_key));
554 sd->mds.mdd_crypto.scr_meta->scm_mask_alg = SR_CRYPTOM_AES_ECB_256;
555 sr_crypto_encrypt((u_char *)sd->mds.mdd_crypto.scr_key,
556 (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key,
557 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key),
558 sd->mds.mdd_crypto.scr_meta->scm_mask_alg);
561 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1;
562 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey,
563 sizeof(sd->mds.mdd_crypto.scr_maskkey),
564 (u_int8_t *)sd->mds.mdd_crypto.scr_key,
565 sizeof(sd->mds.mdd_crypto.scr_key),
566 sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac);
569 explicit_bzero(sd->mds.mdd_crypto.scr_key,
570 sizeof(sd->mds.mdd_crypto.scr_key));
573 sr_crypto_dumpkeys(sd);
576 sd->mds.mdd_crypto.scr_meta->scm_flags = SR_CRYPTOF_KEY |
583 sr_crypto_change_maskkey(struct sr_discipline *sd,
592 DEVNAME(sd->sd_sc));
594 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1)
597 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key;
598 ksz = sizeof(sd->mds.mdd_crypto.scr_key);
604 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1)
608 sr_crypto_dumpkeys(sd);
613 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac,
615 sr_error(sd->sd_sc, "incorrect key or passphrase");
621 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key;
623 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1)
627 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1;
629 sizeof(kdfinfo2->maskkey), (u_int8_t *)sd->mds.mdd_crypto.scr_key,
630 sizeof(sd->mds.mdd_crypto.scr_key), check_digest);
633 bcopy(check_digest, sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac,
634 sizeof(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac));
652 sr_crypto_create_key_disk(struct sr_discipline *sd, dev_t dev)
654 struct sr_softc *sc = sd->sd_sc;
726 km->scmi.scm_volid = sd->sd_meta->ssdi.ssd_level;
731 bcopy(&sd->sd_meta->ssdi.ssd_uuid, &km->scmi.scm_uuid,
748 bcopy(&sd->sd_meta->ssdi.ssd_uuid, &sm->ssdi.ssd_uuid,
762 fakesd->sd_sc = sd->sd_sc;
777 arc4random_buf(sd->mds.mdd_crypto.scr_maskkey,
778 sizeof(sd->mds.mdd_crypto.scr_maskkey));
788 bcopy(sd->mds.mdd_crypto.scr_maskkey, &skm->skm_maskkey,
824 sr_crypto_read_key_disk(struct sr_discipline *sd, dev_t dev)
826 struct sr_softc *sc = sd->sd_sc;
891 if (sr_meta_native_read(sd, dev, sm, NULL)) {
896 if (sr_meta_validate(sd, dev, sm, NULL)) {
924 sd->mds.mdd_crypto.scr_maskkey,
925 sizeof(sd->mds.mdd_crypto.scr_maskkey));
929 sd->mds.mdd_crypto.scr_maskkey,
930 sizeof(sd->mds.mdd_crypto.scr_maskkey));
956 sr_crypto_alloc_resources(struct sr_discipline *sd)
963 DEVNAME(sd->sd_sc));
966 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
968 if (sr_wu_alloc(sd)) {
969 sr_error(sd->sd_sc, "unable to allocate work units");
972 if (sr_ccb_alloc(sd)) {
973 sr_error(sd->sd_sc, "unable to allocate CCBs");
976 if (sr_crypto_decrypt_key(sd)) {
977 sr_error(sd->sd_sc, "incorrect key or passphrase");
987 mtx_init(&sd->mds.mdd_crypto.scr_mutex, IPL_BIO);
988 TAILQ_INIT(&sd->mds.mdd_crypto.scr_wus);
989 for (i = 0; i < sd->sd_max_wu; i++) {
995 mtx_enter(&sd->mds.mdd_crypto.scr_mutex);
996 TAILQ_INSERT_TAIL(&sd->mds.mdd_crypto.scr_wus, crwu, cr_link);
997 mtx_leave(&sd->mds.mdd_crypto.scr_mutex);
1011 switch (sd->mds.mdd_crypto.scr_meta->scm_alg) {
1023 num_keys = sd->sd_meta->ssdi.ssd_size >> SR_CRYPTO_KEY_BLKSHIFT;
1027 cri.cri_key = sd->mds.mdd_crypto.scr_key[i];
1028 if (crypto_newsession(&sd->mds.mdd_crypto.scr_sid[i],
1031 sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1;
1034 sd->mds.mdd_crypto.scr_sid[i]);
1035 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
1041 sr_hotplug_register(sd, sr_crypto_hotplug);
1047 sr_crypto_free_resources(struct sr_discipline *sd)
1053 DEVNAME(sd->sd_sc));
1055 if (sd->mds.mdd_crypto.key_disk != NULL) {
1056 explicit_bzero(sd->mds.mdd_crypto.key_disk, sizeof
1057 sd->mds.mdd_crypto.key_disk);
1058 free(sd->mds.mdd_crypto.key_disk, M_DEVBUF);
1061 sr_hotplug_unregister(sd, sr_crypto_hotplug);
1063 for (i = 0; sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1; i++) {
1064 crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]);
1065 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
1068 mtx_enter(&sd->mds.mdd_crypto.scr_mutex);
1069 while ((crwu = TAILQ_FIRST(&sd->mds.mdd_crypto.scr_wus)) != NULL) {
1070 TAILQ_REMOVE(&sd->mds.mdd_crypto.scr_wus, crwu, cr_link);
1081 mtx_leave(&sd->mds.mdd_crypto.scr_mutex);
1083 sr_wu_free(sd);
1084 sr_ccb_free(sd);
1088 sr_crypto_ioctl(struct sr_discipline *sd, struct bioc_discipline *bd)
1095 DEVNAME(sd->sd_sc), bd->bd_cmd);
1101 size = sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint);
1104 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
1134 if (sr_crypto_change_maskkey(sd, &kdfinfo1, &kdfinfo2))
1138 rv = sr_meta_save(sd, SR_META_DIRTY);
1152 sr_crypto_meta_opt_handler(struct sr_discipline *sd, struct sr_meta_opt_hdr *om)
1157 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)om;
1214 struct sr_discipline *sd = wu->swu_dis;
1224 blk += sd->sd_meta->ssd_data_offset;
1226 ccb = sr_ccb_rw(sd, 0, blk, xs->datalen, xs->data, xs->flags, 0);
1230 DEVNAME(sd->sd_sc), sd->sd_meta->ssd_devname);
1292 struct sr_discipline *sd = wu->swu_dis;
1296 struct sr_softc *sc = sd->sd_sc;
1305 panic("%s: sr_crypto_finish_io", DEVNAME(sd->sd_sc));
1312 sr_scsi_done(sd, xs);
1336 sr_crypto_hotplug(struct sr_discipline *sd, struct disk *diskp, int action)
1339 DEVNAME(sd->sd_sc), diskp->dk_name, action);
1344 sr_crypto_dumpkeys(struct sr_discipline *sd)
1353 sd->mds.mdd_crypto.scr_meta->scm_key[i][j]);
1362 sd->mds.mdd_crypto.scr_key[i][j]);