Lines Matching full:sd
91 sr_crypto_discipline_init(struct sr_discipline *sd)
96 sd->sd_wu_size = sizeof(struct sr_crypto_wu);
97 sd->sd_type = SR_MD_CRYPTO;
98 strlcpy(sd->sd_name, "CRYPTO", sizeof(sd->sd_name));
99 sd->sd_capabilities = SR_CAP_SYSTEM_DISK | SR_CAP_AUTO_ASSEMBLE;
100 sd->sd_max_wu = SR_CRYPTO_NOWU;
103 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
106 sd->sd_alloc_resources = sr_crypto_alloc_resources;
107 sd->sd_assemble = sr_crypto_assemble;
108 sd->sd_create = sr_crypto_create;
109 sd->sd_free_resources = sr_crypto_free_resources;
110 sd->sd_ioctl_handler = sr_crypto_ioctl;
111 sd->sd_meta_opt_handler = sr_crypto_meta_opt_handler;
112 sd->sd_scsi_rw = sr_crypto_rw;
113 sd->sd_scsi_done = sr_crypto_done;
117 sr_crypto_create(struct sr_discipline *sd, struct bioc_createraid *bc,
124 sr_error(sd->sd_sc, "%s requires exactly one chunk",
125 sd->sd_name);
130 sr_error(sd->sd_sc, "%s exceeds maximum size (%lli > %llu)",
131 sd->sd_name, coerced_size, SR_CRYPTO_MAXSIZE);
142 SLIST_INSERT_HEAD(&sd->sd_meta_opt, omi, omi_link);
143 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)omi->omi_som;
144 sd->sd_meta->ssdi.ssd_opt_no++;
146 sd->mds.mdd_crypto.key_disk = NULL;
151 if (sr_crypto_get_kdf(bc, sd))
153 sd->mds.mdd_crypto.key_disk =
154 sr_crypto_create_key_disk(sd, bc->bc_key_disk);
155 if (sd->mds.mdd_crypto.key_disk == NULL)
157 sd->sd_capabilities |= SR_CAP_AUTO_ASSEMBLE;
166 } else if (sr_crypto_get_kdf(bc, sd))
173 sd->sd_meta->ssdi.ssd_size = coerced_size;
175 sr_crypto_create_keys(sd);
177 sd->sd_max_ccb_per_wu = no_chunk;
185 sr_crypto_assemble(struct sr_discipline *sd, struct bioc_createraid *bc,
190 sd->mds.mdd_crypto.key_disk = NULL;
193 if (sd->mds.mdd_crypto.scr_meta == NULL)
198 memcpy(sd->mds.mdd_crypto.scr_maskkey, data,
199 sizeof(sd->mds.mdd_crypto.scr_maskkey));
202 sd->mds.mdd_crypto.key_disk =
203 sr_crypto_read_key_disk(sd, bc->bc_key_disk);
204 if (sd->mds.mdd_crypto.key_disk == NULL)
211 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) <
215 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
225 if (sr_crypto_get_kdf(bc, sd))
230 sd->sd_max_ccb_per_wu = sd->sd_meta->ssdi.ssd_chunk_no;
241 struct sr_discipline *sd = wu->swu_dis;
249 DEVNAME(sd->sd_sc), wu, encrypt);
281 crwu->cr_crp->crp_sid = sd->mds.mdd_crypto.scr_sid[keyndx];
294 crd->crd_alg = sd->mds.mdd_crypto.scr_alg;
295 crd->crd_klen = sd->mds.mdd_crypto.scr_klen;
296 crd->crd_key = sd->mds.mdd_crypto.scr_key[0];
304 sr_crypto_get_kdf(struct bioc_createraid *bc, struct sr_discipline *sd)
325 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) <
328 memcpy(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
334 if (sizeof(sd->mds.mdd_crypto.scr_maskkey) <
337 memcpy(sd->mds.mdd_crypto.scr_maskkey, &kdfinfo->maskkey,
430 sr_crypto_decrypt_key(struct sr_discipline *sd)
435 DNPRINTF(SR_D_DIS, "%s: sr_crypto_decrypt_key\n", DEVNAME(sd->sd_sc));
437 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1)
440 if (sr_crypto_decrypt((u_char *)sd->mds.mdd_crypto.scr_meta->scm_key,
441 (u_char *)sd->mds.mdd_crypto.scr_key,
442 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key),
443 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1)
447 sr_crypto_dumpkeys(sd);
451 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey,
452 sizeof(sd->mds.mdd_crypto.scr_maskkey),
453 (u_int8_t *)sd->mds.mdd_crypto.scr_key,
454 sizeof(sd->mds.mdd_crypto.scr_key),
456 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac,
458 explicit_bzero(sd->mds.mdd_crypto.scr_key,
459 sizeof(sd->mds.mdd_crypto.scr_key));
466 explicit_bzero(&sd->mds.mdd_crypto.scr_maskkey,
467 sizeof(sd->mds.mdd_crypto.scr_maskkey));
475 sr_crypto_create_keys(struct sr_discipline *sd)
479 DEVNAME(sd->sd_sc));
481 if (AES_MAXKEYBYTES < sizeof(sd->mds.mdd_crypto.scr_maskkey))
485 sd->mds.mdd_crypto.scr_meta->scm_alg = SR_CRYPTOA_AES_XTS_256;
488 arc4random_buf(sd->mds.mdd_crypto.scr_key,
489 sizeof(sd->mds.mdd_crypto.scr_key));
492 sd->mds.mdd_crypto.scr_meta->scm_mask_alg = SR_CRYPTOM_AES_ECB_256;
493 sr_crypto_encrypt((u_char *)sd->mds.mdd_crypto.scr_key,
494 (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key,
495 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key),
496 sd->mds.mdd_crypto.scr_meta->scm_mask_alg);
499 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1;
500 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey,
501 sizeof(sd->mds.mdd_crypto.scr_maskkey),
502 (u_int8_t *)sd->mds.mdd_crypto.scr_key,
503 sizeof(sd->mds.mdd_crypto.scr_key),
504 sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac);
507 explicit_bzero(sd->mds.mdd_crypto.scr_key,
508 sizeof(sd->mds.mdd_crypto.scr_key));
511 sr_crypto_dumpkeys(sd);
514 sd->mds.mdd_crypto.scr_meta->scm_flags = SR_CRYPTOF_KEY |
521 sr_crypto_change_maskkey(struct sr_discipline *sd,
530 DEVNAME(sd->sd_sc));
532 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1)
535 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key;
536 ksz = sizeof(sd->mds.mdd_crypto.scr_key);
542 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1)
546 sr_crypto_dumpkeys(sd);
551 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac,
553 sr_error(sd->sd_sc, "incorrect key or passphrase");
561 sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint))
563 explicit_bzero(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
564 sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint));
565 memcpy(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
570 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key;
572 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1)
576 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1;
578 sizeof(kdfinfo2->maskkey), (u_int8_t *)sd->mds.mdd_crypto.scr_key,
579 sizeof(sd->mds.mdd_crypto.scr_key), check_digest);
582 memcpy(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, check_digest,
583 sizeof(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac));
601 sr_crypto_create_key_disk(struct sr_discipline *sd, dev_t dev)
603 struct sr_softc *sc = sd->sd_sc;
668 km->scmi.scm_volid = sd->sd_meta->ssdi.ssd_level;
673 memcpy(&km->scmi.scm_uuid, &sd->sd_meta->ssdi.ssd_uuid,
690 memcpy(&sm->ssdi.ssd_uuid, &sd->sd_meta->ssdi.ssd_uuid,
704 fakesd->sd_sc = sd->sd_sc;
719 arc4random_buf(sd->mds.mdd_crypto.scr_maskkey,
720 sizeof(sd->mds.mdd_crypto.scr_maskkey));
730 memcpy(&skm->skm_maskkey, sd->mds.mdd_crypto.scr_maskkey,
763 sr_crypto_read_key_disk(struct sr_discipline *sd, dev_t dev)
765 struct sr_softc *sc = sd->sd_sc;
823 if (sr_meta_native_read(sd, dev, sm, NULL)) {
828 if (sr_meta_validate(sd, dev, sm, NULL)) {
855 memcpy(sd->mds.mdd_crypto.scr_maskkey, &skm->skm_maskkey,
856 sizeof(sd->mds.mdd_crypto.scr_maskkey));
859 memcpy(sd->mds.mdd_crypto.scr_maskkey,
861 sizeof(sd->mds.mdd_crypto.scr_maskkey));
885 sr_crypto_free_sessions(struct sr_discipline *sd)
890 if (sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1) {
891 crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]);
892 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
898 sr_crypto_alloc_resources(struct sr_discipline *sd)
906 DEVNAME(sd->sd_sc));
908 sd->mds.mdd_crypto.scr_alg = CRYPTO_AES_XTS;
909 switch (sd->mds.mdd_crypto.scr_meta->scm_alg) {
911 sd->mds.mdd_crypto.scr_klen = 256;
914 sd->mds.mdd_crypto.scr_klen = 512;
917 sr_error(sd->sd_sc, "unknown crypto algorithm");
922 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
924 if (sr_wu_alloc(sd)) {
925 sr_error(sd->sd_sc, "unable to allocate work units");
928 if (sr_ccb_alloc(sd)) {
929 sr_error(sd->sd_sc, "unable to allocate CCBs");
932 if (sr_crypto_decrypt_key(sd)) {
933 sr_error(sd->sd_sc, "incorrect key or passphrase");
943 TAILQ_FOREACH(wu, &sd->sd_wu, swu_next) {
953 cri.cri_alg = sd->mds.mdd_crypto.scr_alg;
954 cri.cri_klen = sd->mds.mdd_crypto.scr_klen;
957 num_keys = ((sd->sd_meta->ssdi.ssd_size - 1) >>
962 cri.cri_key = sd->mds.mdd_crypto.scr_key[i];
963 if (crypto_newsession(&sd->mds.mdd_crypto.scr_sid[i],
965 sr_crypto_free_sessions(sd);
970 sr_hotplug_register(sd, sr_crypto_hotplug);
976 sr_crypto_free_resources(struct sr_discipline *sd)
982 DEVNAME(sd->sd_sc));
984 if (sd->mds.mdd_crypto.key_disk != NULL) {
985 explicit_bzero(sd->mds.mdd_crypto.key_disk,
986 sizeof(*sd->mds.mdd_crypto.key_disk));
987 free(sd->mds.mdd_crypto.key_disk, M_DEVBUF,
988 sizeof(*sd->mds.mdd_crypto.key_disk));
991 sr_hotplug_unregister(sd, sr_crypto_hotplug);
993 sr_crypto_free_sessions(sd);
995 TAILQ_FOREACH(wu, &sd->sd_wu, swu_next) {
1003 sr_wu_free(sd);
1004 sr_ccb_free(sd);
1008 sr_crypto_ioctl(struct sr_discipline *sd, struct bioc_discipline *bd)
1015 DEVNAME(sd->sd_sc), bd->bd_cmd);
1021 size = sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint);
1024 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
1054 if (sr_crypto_change_maskkey(sd, &kdfinfo1, &kdfinfo2))
1058 rv = sr_meta_save(sd, SR_META_DIRTY);
1072 sr_crypto_meta_opt_handler(struct sr_discipline *sd, struct sr_meta_opt_hdr *om)
1077 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)om;
1133 struct sr_discipline *sd = wu->swu_dis;
1141 ccb = sr_ccb_rw(sd, 0, blkno, xs->datalen, xs->data, xs->flags, 0);
1145 DEVNAME(sd->sd_sc), sd->sd_meta->ssd_devname);
1206 sr_crypto_hotplug(struct sr_discipline *sd, struct disk *diskp, int action)
1209 DEVNAME(sd->sd_sc), diskp->dk_name, action);
1214 sr_crypto_dumpkeys(struct sr_discipline *sd)
1223 sd->mds.mdd_crypto.scr_meta->scm_key[i][j]);
1232 sd->mds.mdd_crypto.scr_key[i][j]);