1 /* $OpenBSD: softraid_crypto.c,v 1.137 2017/06/12 16:39:51 jsing Exp $ */ 2 /* 3 * Copyright (c) 2007 Marco Peereboom <marco@peereboom.us> 4 * Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org> 5 * Copyright (c) 2008 Damien Miller <djm@mindrot.org> 6 * Copyright (c) 2009 Joel Sing <jsing@openbsd.org> 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 #include "bio.h" 22 23 #include <sys/param.h> 24 #include <sys/systm.h> 25 #include <sys/buf.h> 26 #include <sys/device.h> 27 #include <sys/ioctl.h> 28 #include <sys/malloc.h> 29 #include <sys/pool.h> 30 #include <sys/kernel.h> 31 #include <sys/disk.h> 32 #include <sys/rwlock.h> 33 #include <sys/queue.h> 34 #include <sys/fcntl.h> 35 #include <sys/disklabel.h> 36 #include <sys/vnode.h> 37 #include <sys/mount.h> 38 #include <sys/sensors.h> 39 #include <sys/stat.h> 40 #include <sys/conf.h> 41 #include <sys/uio.h> 42 #include <sys/dkio.h> 43 44 #include <crypto/cryptodev.h> 45 #include <crypto/rijndael.h> 46 #include <crypto/md5.h> 47 #include <crypto/sha1.h> 48 #include <crypto/sha2.h> 49 #include <crypto/hmac.h> 50 51 #include <scsi/scsi_all.h> 52 #include <scsi/scsiconf.h> 53 #include <scsi/scsi_disk.h> 54 55 #include <dev/softraidvar.h> 56 57 /* 58 * The per-I/O data that we need to preallocate. We cannot afford to allow I/O 59 * to start failing when memory pressure kicks in. We can store this in the WU 60 * because we assert that only one ccb per WU will ever be active. 61 */ 62 struct sr_crypto_wu { 63 struct sr_workunit cr_wu; /* Must be first. */ 64 struct uio cr_uio; 65 struct iovec cr_iov; 66 struct cryptop *cr_crp; 67 void *cr_dmabuf; 68 }; 69 70 71 struct sr_crypto_wu *sr_crypto_prepare(struct sr_workunit *, int); 72 int sr_crypto_create_keys(struct sr_discipline *); 73 int sr_crypto_get_kdf(struct bioc_createraid *, 74 struct sr_discipline *); 75 int sr_crypto_decrypt(u_char *, u_char *, u_char *, size_t, int); 76 int sr_crypto_encrypt(u_char *, u_char *, u_char *, size_t, int); 77 int sr_crypto_decrypt_key(struct sr_discipline *); 78 int sr_crypto_change_maskkey(struct sr_discipline *, 79 struct sr_crypto_kdfinfo *, struct sr_crypto_kdfinfo *); 80 int sr_crypto_create(struct sr_discipline *, 81 struct bioc_createraid *, int, int64_t); 82 int sr_crypto_assemble(struct sr_discipline *, 83 struct bioc_createraid *, int, void *); 84 int sr_crypto_alloc_resources(struct sr_discipline *); 85 void sr_crypto_free_resources(struct sr_discipline *); 86 int sr_crypto_ioctl(struct sr_discipline *, 87 struct bioc_discipline *); 88 int sr_crypto_meta_opt_handler(struct sr_discipline *, 89 struct sr_meta_opt_hdr *); 90 void sr_crypto_write(struct cryptop *); 91 int sr_crypto_rw(struct sr_workunit *); 92 int sr_crypto_dev_rw(struct sr_workunit *, struct sr_crypto_wu *); 93 void sr_crypto_done(struct sr_workunit *); 94 void sr_crypto_read(struct cryptop *); 95 void sr_crypto_calculate_check_hmac_sha1(u_int8_t *, int, 96 u_int8_t *, int, u_char *); 97 void sr_crypto_hotplug(struct sr_discipline *, struct disk *, int); 98 99 #ifdef SR_DEBUG0 100 void sr_crypto_dumpkeys(struct sr_discipline *); 101 #endif 102 103 /* Discipline initialisation. */ 104 void 105 sr_crypto_discipline_init(struct sr_discipline *sd) 106 { 107 int i; 108 109 /* Fill out discipline members. */ 110 sd->sd_type = SR_MD_CRYPTO; 111 strlcpy(sd->sd_name, "CRYPTO", sizeof(sd->sd_name)); 112 sd->sd_capabilities = SR_CAP_SYSTEM_DISK | SR_CAP_AUTO_ASSEMBLE; 113 sd->sd_max_wu = SR_CRYPTO_NOWU; 114 115 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) 116 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1; 117 118 /* Setup discipline specific function pointers. */ 119 sd->sd_alloc_resources = sr_crypto_alloc_resources; 120 sd->sd_assemble = sr_crypto_assemble; 121 sd->sd_create = sr_crypto_create; 122 sd->sd_free_resources = sr_crypto_free_resources; 123 sd->sd_ioctl_handler = sr_crypto_ioctl; 124 sd->sd_meta_opt_handler = sr_crypto_meta_opt_handler; 125 sd->sd_scsi_rw = sr_crypto_rw; 126 sd->sd_scsi_done = sr_crypto_done; 127 } 128 129 int 130 sr_crypto_create(struct sr_discipline *sd, struct bioc_createraid *bc, 131 int no_chunk, int64_t coerced_size) 132 { 133 struct sr_meta_opt_item *omi; 134 int rv = EINVAL; 135 136 if (no_chunk != 1) { 137 sr_error(sd->sd_sc, "%s requires exactly one chunk", 138 sd->sd_name); 139 goto done; 140 } 141 142 if (coerced_size > SR_CRYPTO_MAXSIZE) { 143 sr_error(sd->sd_sc, "%s exceeds maximum size (%lli > %llu)", 144 sd->sd_name, coerced_size, SR_CRYPTO_MAXSIZE); 145 goto done; 146 } 147 148 /* Create crypto optional metadata. */ 149 omi = malloc(sizeof(struct sr_meta_opt_item), M_DEVBUF, 150 M_WAITOK | M_ZERO); 151 omi->omi_som = malloc(sizeof(struct sr_meta_crypto), M_DEVBUF, 152 M_WAITOK | M_ZERO); 153 omi->omi_som->som_type = SR_OPT_CRYPTO; 154 omi->omi_som->som_length = sizeof(struct sr_meta_crypto); 155 SLIST_INSERT_HEAD(&sd->sd_meta_opt, omi, omi_link); 156 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)omi->omi_som; 157 sd->sd_meta->ssdi.ssd_opt_no++; 158 159 sd->mds.mdd_crypto.key_disk = NULL; 160 161 if (bc->bc_key_disk != NODEV) { 162 163 /* Create a key disk. */ 164 if (sr_crypto_get_kdf(bc, sd)) 165 goto done; 166 sd->mds.mdd_crypto.key_disk = 167 sr_crypto_create_key_disk(sd, bc->bc_key_disk); 168 if (sd->mds.mdd_crypto.key_disk == NULL) 169 goto done; 170 sd->sd_capabilities |= SR_CAP_AUTO_ASSEMBLE; 171 172 } else if (bc->bc_opaque_flags & BIOC_SOOUT) { 173 174 /* No hint available yet. */ 175 bc->bc_opaque_status = BIOC_SOINOUT_FAILED; 176 rv = EAGAIN; 177 goto done; 178 179 } else if (sr_crypto_get_kdf(bc, sd)) 180 goto done; 181 182 /* Passphrase volumes cannot be automatically assembled. */ 183 if (!(bc->bc_flags & BIOC_SCNOAUTOASSEMBLE) && bc->bc_key_disk == NODEV) 184 goto done; 185 186 sd->sd_meta->ssdi.ssd_size = coerced_size; 187 188 sr_crypto_create_keys(sd); 189 190 sd->sd_max_ccb_per_wu = no_chunk; 191 192 rv = 0; 193 done: 194 return (rv); 195 } 196 197 int 198 sr_crypto_assemble(struct sr_discipline *sd, struct bioc_createraid *bc, 199 int no_chunk, void *data) 200 { 201 int rv = EINVAL; 202 203 sd->mds.mdd_crypto.key_disk = NULL; 204 205 /* Crypto optional metadata must already exist... */ 206 if (sd->mds.mdd_crypto.scr_meta == NULL) 207 goto done; 208 209 if (data != NULL) { 210 /* Kernel already has mask key. */ 211 memcpy(sd->mds.mdd_crypto.scr_maskkey, data, 212 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 213 } else if (bc->bc_key_disk != NODEV) { 214 /* Read the mask key from the key disk. */ 215 sd->mds.mdd_crypto.key_disk = 216 sr_crypto_read_key_disk(sd, bc->bc_key_disk); 217 if (sd->mds.mdd_crypto.key_disk == NULL) 218 goto done; 219 } else if (bc->bc_opaque_flags & BIOC_SOOUT) { 220 /* provide userland with kdf hint */ 221 if (bc->bc_opaque == NULL) 222 goto done; 223 224 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) < 225 bc->bc_opaque_size) 226 goto done; 227 228 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 229 bc->bc_opaque, bc->bc_opaque_size)) 230 goto done; 231 232 /* we're done */ 233 bc->bc_opaque_status = BIOC_SOINOUT_OK; 234 rv = EAGAIN; 235 goto done; 236 } else if (bc->bc_opaque_flags & BIOC_SOIN) { 237 /* get kdf with maskkey from userland */ 238 if (sr_crypto_get_kdf(bc, sd)) 239 goto done; 240 } else 241 goto done; 242 243 sd->sd_max_ccb_per_wu = sd->sd_meta->ssdi.ssd_chunk_no; 244 245 rv = 0; 246 done: 247 return (rv); 248 } 249 250 struct sr_crypto_wu * 251 sr_crypto_prepare(struct sr_workunit *wu, int encrypt) 252 { 253 struct scsi_xfer *xs = wu->swu_xs; 254 struct sr_discipline *sd = wu->swu_dis; 255 struct sr_crypto_wu *crwu; 256 struct cryptodesc *crd; 257 int flags, i, n; 258 daddr_t blkno; 259 u_int keyndx; 260 261 DNPRINTF(SR_D_DIS, "%s: sr_crypto_prepare wu %p encrypt %d\n", 262 DEVNAME(sd->sd_sc), wu, encrypt); 263 264 crwu = (struct sr_crypto_wu *)wu; 265 crwu->cr_uio.uio_iovcnt = 1; 266 crwu->cr_uio.uio_iov->iov_len = xs->datalen; 267 if (xs->flags & SCSI_DATA_OUT) { 268 crwu->cr_uio.uio_iov->iov_base = crwu->cr_dmabuf; 269 memcpy(crwu->cr_uio.uio_iov->iov_base, xs->data, xs->datalen); 270 } else 271 crwu->cr_uio.uio_iov->iov_base = xs->data; 272 273 blkno = wu->swu_blk_start; 274 n = xs->datalen >> DEV_BSHIFT; 275 276 /* 277 * We preallocated enough crypto descs for up to MAXPHYS of I/O. 278 * Since there may be less than that we need to tweak the amount 279 * of crypto desc structures to be just long enough for our needs. 280 */ 281 KASSERT(crwu->cr_crp->crp_ndescalloc >= n); 282 crwu->cr_crp->crp_ndesc = n; 283 flags = (encrypt ? CRD_F_ENCRYPT : 0) | 284 CRD_F_IV_PRESENT | CRD_F_IV_EXPLICIT; 285 286 /* 287 * Select crypto session based on block number. 288 * 289 * XXX - this does not handle the case where the read/write spans 290 * across a different key blocks (e.g. 0.5TB boundary). Currently 291 * this is already broken by the use of scr_key[0] below. 292 */ 293 keyndx = blkno >> SR_CRYPTO_KEY_BLKSHIFT; 294 crwu->cr_crp->crp_sid = sd->mds.mdd_crypto.scr_sid[keyndx]; 295 296 crwu->cr_crp->crp_opaque = crwu; 297 crwu->cr_crp->crp_ilen = xs->datalen; 298 crwu->cr_crp->crp_alloctype = M_DEVBUF; 299 crwu->cr_crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_NOQUEUE; 300 crwu->cr_crp->crp_buf = &crwu->cr_uio; 301 for (i = 0; i < crwu->cr_crp->crp_ndesc; i++, blkno++) { 302 crd = &crwu->cr_crp->crp_desc[i]; 303 crd->crd_skip = i << DEV_BSHIFT; 304 crd->crd_len = DEV_BSIZE; 305 crd->crd_inject = 0; 306 crd->crd_flags = flags; 307 crd->crd_alg = sd->mds.mdd_crypto.scr_alg; 308 crd->crd_klen = sd->mds.mdd_crypto.scr_klen; 309 crd->crd_key = sd->mds.mdd_crypto.scr_key[0]; 310 memcpy(crd->crd_iv, &blkno, sizeof(blkno)); 311 } 312 313 return (crwu); 314 } 315 316 int 317 sr_crypto_get_kdf(struct bioc_createraid *bc, struct sr_discipline *sd) 318 { 319 int rv = EINVAL; 320 struct sr_crypto_kdfinfo *kdfinfo; 321 322 if (!(bc->bc_opaque_flags & BIOC_SOIN)) 323 return (rv); 324 if (bc->bc_opaque == NULL) 325 return (rv); 326 if (bc->bc_opaque_size != sizeof(*kdfinfo)) 327 return (rv); 328 329 kdfinfo = malloc(bc->bc_opaque_size, M_DEVBUF, M_WAITOK | M_ZERO); 330 if (copyin(bc->bc_opaque, kdfinfo, bc->bc_opaque_size)) 331 goto out; 332 333 if (kdfinfo->len != bc->bc_opaque_size) 334 goto out; 335 336 /* copy KDF hint to disk meta data */ 337 if (kdfinfo->flags & SR_CRYPTOKDF_HINT) { 338 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) < 339 kdfinfo->genkdf.len) 340 goto out; 341 memcpy(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 342 &kdfinfo->genkdf, kdfinfo->genkdf.len); 343 } 344 345 /* copy mask key to run-time meta data */ 346 if ((kdfinfo->flags & SR_CRYPTOKDF_KEY)) { 347 if (sizeof(sd->mds.mdd_crypto.scr_maskkey) < 348 sizeof(kdfinfo->maskkey)) 349 goto out; 350 memcpy(sd->mds.mdd_crypto.scr_maskkey, &kdfinfo->maskkey, 351 sizeof(kdfinfo->maskkey)); 352 } 353 354 bc->bc_opaque_status = BIOC_SOINOUT_OK; 355 rv = 0; 356 out: 357 explicit_bzero(kdfinfo, bc->bc_opaque_size); 358 free(kdfinfo, M_DEVBUF, bc->bc_opaque_size); 359 360 return (rv); 361 } 362 363 int 364 sr_crypto_encrypt(u_char *p, u_char *c, u_char *key, size_t size, int alg) 365 { 366 rijndael_ctx ctx; 367 int i, rv = 1; 368 369 switch (alg) { 370 case SR_CRYPTOM_AES_ECB_256: 371 if (rijndael_set_key_enc_only(&ctx, key, 256) != 0) 372 goto out; 373 for (i = 0; i < size; i += RIJNDAEL128_BLOCK_LEN) 374 rijndael_encrypt(&ctx, &p[i], &c[i]); 375 rv = 0; 376 break; 377 default: 378 DNPRINTF(SR_D_DIS, "%s: unsupported encryption algorithm %d\n", 379 "softraid", alg); 380 rv = -1; 381 goto out; 382 } 383 384 out: 385 explicit_bzero(&ctx, sizeof(ctx)); 386 return (rv); 387 } 388 389 int 390 sr_crypto_decrypt(u_char *c, u_char *p, u_char *key, size_t size, int alg) 391 { 392 rijndael_ctx ctx; 393 int i, rv = 1; 394 395 switch (alg) { 396 case SR_CRYPTOM_AES_ECB_256: 397 if (rijndael_set_key(&ctx, key, 256) != 0) 398 goto out; 399 for (i = 0; i < size; i += RIJNDAEL128_BLOCK_LEN) 400 rijndael_decrypt(&ctx, &c[i], &p[i]); 401 rv = 0; 402 break; 403 default: 404 DNPRINTF(SR_D_DIS, "%s: unsupported encryption algorithm %d\n", 405 "softraid", alg); 406 rv = -1; 407 goto out; 408 } 409 410 out: 411 explicit_bzero(&ctx, sizeof(ctx)); 412 return (rv); 413 } 414 415 void 416 sr_crypto_calculate_check_hmac_sha1(u_int8_t *maskkey, int maskkey_size, 417 u_int8_t *key, int key_size, u_char *check_digest) 418 { 419 u_char check_key[SHA1_DIGEST_LENGTH]; 420 HMAC_SHA1_CTX hmacctx; 421 SHA1_CTX shactx; 422 423 bzero(check_key, sizeof(check_key)); 424 bzero(&hmacctx, sizeof(hmacctx)); 425 bzero(&shactx, sizeof(shactx)); 426 427 /* k = SHA1(mask_key) */ 428 SHA1Init(&shactx); 429 SHA1Update(&shactx, maskkey, maskkey_size); 430 SHA1Final(check_key, &shactx); 431 432 /* mac = HMAC_SHA1_k(unencrypted key) */ 433 HMAC_SHA1_Init(&hmacctx, check_key, sizeof(check_key)); 434 HMAC_SHA1_Update(&hmacctx, key, key_size); 435 HMAC_SHA1_Final(check_digest, &hmacctx); 436 437 explicit_bzero(check_key, sizeof(check_key)); 438 explicit_bzero(&hmacctx, sizeof(hmacctx)); 439 explicit_bzero(&shactx, sizeof(shactx)); 440 } 441 442 int 443 sr_crypto_decrypt_key(struct sr_discipline *sd) 444 { 445 u_char check_digest[SHA1_DIGEST_LENGTH]; 446 int rv = 1; 447 448 DNPRINTF(SR_D_DIS, "%s: sr_crypto_decrypt_key\n", DEVNAME(sd->sd_sc)); 449 450 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1) 451 goto out; 452 453 if (sr_crypto_decrypt((u_char *)sd->mds.mdd_crypto.scr_meta->scm_key, 454 (u_char *)sd->mds.mdd_crypto.scr_key, 455 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key), 456 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1) 457 goto out; 458 459 #ifdef SR_DEBUG0 460 sr_crypto_dumpkeys(sd); 461 #endif 462 463 /* Check that the key decrypted properly. */ 464 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey, 465 sizeof(sd->mds.mdd_crypto.scr_maskkey), 466 (u_int8_t *)sd->mds.mdd_crypto.scr_key, 467 sizeof(sd->mds.mdd_crypto.scr_key), 468 check_digest); 469 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, 470 check_digest, sizeof(check_digest)) != 0) { 471 explicit_bzero(sd->mds.mdd_crypto.scr_key, 472 sizeof(sd->mds.mdd_crypto.scr_key)); 473 goto out; 474 } 475 476 rv = 0; /* Success */ 477 out: 478 /* we don't need the mask key anymore */ 479 explicit_bzero(&sd->mds.mdd_crypto.scr_maskkey, 480 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 481 482 explicit_bzero(check_digest, sizeof(check_digest)); 483 484 return rv; 485 } 486 487 int 488 sr_crypto_create_keys(struct sr_discipline *sd) 489 { 490 491 DNPRINTF(SR_D_DIS, "%s: sr_crypto_create_keys\n", 492 DEVNAME(sd->sd_sc)); 493 494 if (AES_MAXKEYBYTES < sizeof(sd->mds.mdd_crypto.scr_maskkey)) 495 return (1); 496 497 /* XXX allow user to specify */ 498 sd->mds.mdd_crypto.scr_meta->scm_alg = SR_CRYPTOA_AES_XTS_256; 499 500 /* generate crypto keys */ 501 arc4random_buf(sd->mds.mdd_crypto.scr_key, 502 sizeof(sd->mds.mdd_crypto.scr_key)); 503 504 /* Mask the disk keys. */ 505 sd->mds.mdd_crypto.scr_meta->scm_mask_alg = SR_CRYPTOM_AES_ECB_256; 506 sr_crypto_encrypt((u_char *)sd->mds.mdd_crypto.scr_key, 507 (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key, 508 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key), 509 sd->mds.mdd_crypto.scr_meta->scm_mask_alg); 510 511 /* Prepare key decryption check code. */ 512 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1; 513 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey, 514 sizeof(sd->mds.mdd_crypto.scr_maskkey), 515 (u_int8_t *)sd->mds.mdd_crypto.scr_key, 516 sizeof(sd->mds.mdd_crypto.scr_key), 517 sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac); 518 519 /* Erase the plaintext disk keys */ 520 explicit_bzero(sd->mds.mdd_crypto.scr_key, 521 sizeof(sd->mds.mdd_crypto.scr_key)); 522 523 #ifdef SR_DEBUG0 524 sr_crypto_dumpkeys(sd); 525 #endif 526 527 sd->mds.mdd_crypto.scr_meta->scm_flags = SR_CRYPTOF_KEY | 528 SR_CRYPTOF_KDFHINT; 529 530 return (0); 531 } 532 533 int 534 sr_crypto_change_maskkey(struct sr_discipline *sd, 535 struct sr_crypto_kdfinfo *kdfinfo1, struct sr_crypto_kdfinfo *kdfinfo2) 536 { 537 u_char check_digest[SHA1_DIGEST_LENGTH]; 538 u_char *c, *p = NULL; 539 size_t ksz; 540 int rv = 1; 541 542 DNPRINTF(SR_D_DIS, "%s: sr_crypto_change_maskkey\n", 543 DEVNAME(sd->sd_sc)); 544 545 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1) 546 goto out; 547 548 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key; 549 ksz = sizeof(sd->mds.mdd_crypto.scr_key); 550 p = malloc(ksz, M_DEVBUF, M_WAITOK | M_CANFAIL | M_ZERO); 551 if (p == NULL) 552 goto out; 553 554 if (sr_crypto_decrypt(c, p, kdfinfo1->maskkey, ksz, 555 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1) 556 goto out; 557 558 #ifdef SR_DEBUG0 559 sr_crypto_dumpkeys(sd); 560 #endif 561 562 sr_crypto_calculate_check_hmac_sha1(kdfinfo1->maskkey, 563 sizeof(kdfinfo1->maskkey), p, ksz, check_digest); 564 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, 565 check_digest, sizeof(check_digest)) != 0) { 566 sr_error(sd->sd_sc, "incorrect key or passphrase"); 567 rv = EPERM; 568 goto out; 569 } 570 571 /* Copy new KDF hint to metadata, if supplied. */ 572 if (kdfinfo2->flags & SR_CRYPTOKDF_HINT) { 573 if (kdfinfo2->genkdf.len > 574 sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint)) 575 goto out; 576 explicit_bzero(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 577 sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint)); 578 memcpy(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 579 &kdfinfo2->genkdf, kdfinfo2->genkdf.len); 580 } 581 582 /* Mask the disk keys. */ 583 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key; 584 if (sr_crypto_encrypt(p, c, kdfinfo2->maskkey, ksz, 585 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1) 586 goto out; 587 588 /* Prepare key decryption check code. */ 589 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1; 590 sr_crypto_calculate_check_hmac_sha1(kdfinfo2->maskkey, 591 sizeof(kdfinfo2->maskkey), (u_int8_t *)sd->mds.mdd_crypto.scr_key, 592 sizeof(sd->mds.mdd_crypto.scr_key), check_digest); 593 594 /* Copy new encrypted key and HMAC to metadata. */ 595 memcpy(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, check_digest, 596 sizeof(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac)); 597 598 rv = 0; /* Success */ 599 600 out: 601 if (p) { 602 explicit_bzero(p, ksz); 603 free(p, M_DEVBUF, ksz); 604 } 605 606 explicit_bzero(check_digest, sizeof(check_digest)); 607 explicit_bzero(&kdfinfo1->maskkey, sizeof(kdfinfo1->maskkey)); 608 explicit_bzero(&kdfinfo2->maskkey, sizeof(kdfinfo2->maskkey)); 609 610 return (rv); 611 } 612 613 struct sr_chunk * 614 sr_crypto_create_key_disk(struct sr_discipline *sd, dev_t dev) 615 { 616 struct sr_softc *sc = sd->sd_sc; 617 struct sr_discipline *fakesd = NULL; 618 struct sr_metadata *sm = NULL; 619 struct sr_meta_chunk *km; 620 struct sr_meta_opt_item *omi = NULL; 621 struct sr_meta_keydisk *skm; 622 struct sr_chunk *key_disk = NULL; 623 struct disklabel label; 624 struct vnode *vn; 625 char devname[32]; 626 int c, part, open = 0; 627 628 /* 629 * Create a metadata structure on the key disk and store 630 * keying material in the optional metadata. 631 */ 632 633 sr_meta_getdevname(sc, dev, devname, sizeof(devname)); 634 635 /* Make sure chunk is not already in use. */ 636 c = sr_chunk_in_use(sc, dev); 637 if (c != BIOC_SDINVALID && c != BIOC_SDOFFLINE) { 638 sr_error(sc, "%s is already in use", devname); 639 goto done; 640 } 641 642 /* Open device. */ 643 if (bdevvp(dev, &vn)) { 644 sr_error(sc, "cannot open key disk %s", devname); 645 goto done; 646 } 647 if (VOP_OPEN(vn, FREAD | FWRITE, NOCRED, curproc)) { 648 DNPRINTF(SR_D_META,"%s: sr_crypto_create_key_disk cannot " 649 "open %s\n", DEVNAME(sc), devname); 650 vput(vn); 651 goto done; 652 } 653 open = 1; /* close dev on error */ 654 655 /* Get partition details. */ 656 part = DISKPART(dev); 657 if (VOP_IOCTL(vn, DIOCGDINFO, (caddr_t)&label, 658 FREAD, NOCRED, curproc)) { 659 DNPRINTF(SR_D_META, "%s: sr_crypto_create_key_disk ioctl " 660 "failed\n", DEVNAME(sc)); 661 goto done; 662 } 663 if (label.d_partitions[part].p_fstype != FS_RAID) { 664 sr_error(sc, "%s partition not of type RAID (%d)", 665 devname, label.d_partitions[part].p_fstype); 666 goto done; 667 } 668 669 /* 670 * Create and populate chunk metadata. 671 */ 672 673 key_disk = malloc(sizeof(struct sr_chunk), M_DEVBUF, M_WAITOK | M_ZERO); 674 km = &key_disk->src_meta; 675 676 key_disk->src_dev_mm = dev; 677 key_disk->src_vn = vn; 678 strlcpy(key_disk->src_devname, devname, sizeof(km->scmi.scm_devname)); 679 key_disk->src_size = 0; 680 681 km->scmi.scm_volid = sd->sd_meta->ssdi.ssd_level; 682 km->scmi.scm_chunk_id = 0; 683 km->scmi.scm_size = 0; 684 km->scmi.scm_coerced_size = 0; 685 strlcpy(km->scmi.scm_devname, devname, sizeof(km->scmi.scm_devname)); 686 memcpy(&km->scmi.scm_uuid, &sd->sd_meta->ssdi.ssd_uuid, 687 sizeof(struct sr_uuid)); 688 689 sr_checksum(sc, km, &km->scm_checksum, 690 sizeof(struct sr_meta_chunk_invariant)); 691 692 km->scm_status = BIOC_SDONLINE; 693 694 /* 695 * Create and populate our own discipline and metadata. 696 */ 697 698 sm = malloc(sizeof(struct sr_metadata), M_DEVBUF, M_WAITOK | M_ZERO); 699 sm->ssdi.ssd_magic = SR_MAGIC; 700 sm->ssdi.ssd_version = SR_META_VERSION; 701 sm->ssd_ondisk = 0; 702 sm->ssdi.ssd_vol_flags = 0; 703 memcpy(&sm->ssdi.ssd_uuid, &sd->sd_meta->ssdi.ssd_uuid, 704 sizeof(struct sr_uuid)); 705 sm->ssdi.ssd_chunk_no = 1; 706 sm->ssdi.ssd_volid = SR_KEYDISK_VOLID; 707 sm->ssdi.ssd_level = SR_KEYDISK_LEVEL; 708 sm->ssdi.ssd_size = 0; 709 strlcpy(sm->ssdi.ssd_vendor, "OPENBSD", sizeof(sm->ssdi.ssd_vendor)); 710 snprintf(sm->ssdi.ssd_product, sizeof(sm->ssdi.ssd_product), 711 "SR %s", "KEYDISK"); 712 snprintf(sm->ssdi.ssd_revision, sizeof(sm->ssdi.ssd_revision), 713 "%03d", SR_META_VERSION); 714 715 fakesd = malloc(sizeof(struct sr_discipline), M_DEVBUF, 716 M_WAITOK | M_ZERO); 717 fakesd->sd_sc = sd->sd_sc; 718 fakesd->sd_meta = sm; 719 fakesd->sd_meta_type = SR_META_F_NATIVE; 720 fakesd->sd_vol_status = BIOC_SVONLINE; 721 strlcpy(fakesd->sd_name, "KEYDISK", sizeof(fakesd->sd_name)); 722 SLIST_INIT(&fakesd->sd_meta_opt); 723 724 /* Add chunk to volume. */ 725 fakesd->sd_vol.sv_chunks = malloc(sizeof(struct sr_chunk *), M_DEVBUF, 726 M_WAITOK | M_ZERO); 727 fakesd->sd_vol.sv_chunks[0] = key_disk; 728 SLIST_INIT(&fakesd->sd_vol.sv_chunk_list); 729 SLIST_INSERT_HEAD(&fakesd->sd_vol.sv_chunk_list, key_disk, src_link); 730 731 /* Generate mask key. */ 732 arc4random_buf(sd->mds.mdd_crypto.scr_maskkey, 733 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 734 735 /* Copy mask key to optional metadata area. */ 736 omi = malloc(sizeof(struct sr_meta_opt_item), M_DEVBUF, 737 M_WAITOK | M_ZERO); 738 omi->omi_som = malloc(sizeof(struct sr_meta_keydisk), M_DEVBUF, 739 M_WAITOK | M_ZERO); 740 omi->omi_som->som_type = SR_OPT_KEYDISK; 741 omi->omi_som->som_length = sizeof(struct sr_meta_keydisk); 742 skm = (struct sr_meta_keydisk *)omi->omi_som; 743 memcpy(&skm->skm_maskkey, sd->mds.mdd_crypto.scr_maskkey, 744 sizeof(skm->skm_maskkey)); 745 SLIST_INSERT_HEAD(&fakesd->sd_meta_opt, omi, omi_link); 746 fakesd->sd_meta->ssdi.ssd_opt_no++; 747 748 /* Save metadata. */ 749 if (sr_meta_save(fakesd, SR_META_DIRTY)) { 750 sr_error(sc, "could not save metadata to %s", devname); 751 goto fail; 752 } 753 754 goto done; 755 756 fail: 757 free(key_disk, M_DEVBUF, sizeof(struct sr_chunk)); 758 key_disk = NULL; 759 760 done: 761 free(omi, M_DEVBUF, sizeof(struct sr_meta_opt_item)); 762 if (fakesd && fakesd->sd_vol.sv_chunks) 763 free(fakesd->sd_vol.sv_chunks, M_DEVBUF, 764 sizeof(struct sr_chunk *)); 765 free(fakesd, M_DEVBUF, sizeof(struct sr_discipline)); 766 free(sm, M_DEVBUF, sizeof(struct sr_metadata)); 767 if (open) { 768 VOP_CLOSE(vn, FREAD | FWRITE, NOCRED, curproc); 769 vput(vn); 770 } 771 772 return key_disk; 773 } 774 775 struct sr_chunk * 776 sr_crypto_read_key_disk(struct sr_discipline *sd, dev_t dev) 777 { 778 struct sr_softc *sc = sd->sd_sc; 779 struct sr_metadata *sm = NULL; 780 struct sr_meta_opt_item *omi, *omi_next; 781 struct sr_meta_opt_hdr *omh; 782 struct sr_meta_keydisk *skm; 783 struct sr_meta_opt_head som; 784 struct sr_chunk *key_disk = NULL; 785 struct disklabel label; 786 struct vnode *vn = NULL; 787 char devname[32]; 788 int c, part, open = 0; 789 790 /* 791 * Load a key disk and load keying material into memory. 792 */ 793 794 SLIST_INIT(&som); 795 796 sr_meta_getdevname(sc, dev, devname, sizeof(devname)); 797 798 /* Make sure chunk is not already in use. */ 799 c = sr_chunk_in_use(sc, dev); 800 if (c != BIOC_SDINVALID && c != BIOC_SDOFFLINE) { 801 sr_error(sc, "%s is already in use", devname); 802 goto done; 803 } 804 805 /* Open device. */ 806 if (bdevvp(dev, &vn)) { 807 sr_error(sc, "cannot open key disk %s", devname); 808 goto done; 809 } 810 if (VOP_OPEN(vn, FREAD, NOCRED, curproc)) { 811 DNPRINTF(SR_D_META,"%s: sr_crypto_read_key_disk cannot " 812 "open %s\n", DEVNAME(sc), devname); 813 vput(vn); 814 goto done; 815 } 816 open = 1; /* close dev on error */ 817 818 /* Get partition details. */ 819 part = DISKPART(dev); 820 if (VOP_IOCTL(vn, DIOCGDINFO, (caddr_t)&label, FREAD, 821 NOCRED, curproc)) { 822 DNPRINTF(SR_D_META, "%s: sr_crypto_read_key_disk ioctl " 823 "failed\n", DEVNAME(sc)); 824 goto done; 825 } 826 if (label.d_partitions[part].p_fstype != FS_RAID) { 827 sr_error(sc, "%s partition not of type RAID (%d)", 828 devname, label.d_partitions[part].p_fstype); 829 goto done; 830 } 831 832 /* 833 * Read and validate key disk metadata. 834 */ 835 sm = malloc(SR_META_SIZE * DEV_BSIZE, M_DEVBUF, M_WAITOK | M_ZERO); 836 if (sr_meta_native_read(sd, dev, sm, NULL)) { 837 sr_error(sc, "native bootprobe could not read native metadata"); 838 goto done; 839 } 840 841 if (sr_meta_validate(sd, dev, sm, NULL)) { 842 DNPRINTF(SR_D_META, "%s: invalid metadata\n", 843 DEVNAME(sc)); 844 goto done; 845 } 846 847 /* Make sure this is a key disk. */ 848 if (sm->ssdi.ssd_level != SR_KEYDISK_LEVEL) { 849 sr_error(sc, "%s is not a key disk", devname); 850 goto done; 851 } 852 853 /* Construct key disk chunk. */ 854 key_disk = malloc(sizeof(struct sr_chunk), M_DEVBUF, M_WAITOK | M_ZERO); 855 key_disk->src_dev_mm = dev; 856 key_disk->src_vn = vn; 857 key_disk->src_size = 0; 858 859 memcpy(&key_disk->src_meta, (struct sr_meta_chunk *)(sm + 1), 860 sizeof(key_disk->src_meta)); 861 862 /* Read mask key from optional metadata. */ 863 sr_meta_opt_load(sc, sm, &som); 864 SLIST_FOREACH(omi, &som, omi_link) { 865 omh = omi->omi_som; 866 if (omh->som_type == SR_OPT_KEYDISK) { 867 skm = (struct sr_meta_keydisk *)omh; 868 memcpy(sd->mds.mdd_crypto.scr_maskkey, &skm->skm_maskkey, 869 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 870 } else if (omh->som_type == SR_OPT_CRYPTO) { 871 /* Original keydisk format with key in crypto area. */ 872 memcpy(sd->mds.mdd_crypto.scr_maskkey, 873 omh + sizeof(struct sr_meta_opt_hdr), 874 sizeof(sd->mds.mdd_crypto.scr_maskkey)); 875 } 876 } 877 878 open = 0; 879 880 done: 881 for (omi = SLIST_FIRST(&som); omi != NULL; omi = omi_next) { 882 omi_next = SLIST_NEXT(omi, omi_link); 883 free(omi->omi_som, M_DEVBUF, 0); 884 free(omi, M_DEVBUF, 0); 885 } 886 887 free(sm, M_DEVBUF, SR_META_SIZE * DEV_BSIZE); 888 889 if (vn && open) { 890 VOP_CLOSE(vn, FREAD, NOCRED, curproc); 891 vput(vn); 892 } 893 894 return key_disk; 895 } 896 897 static void 898 sr_crypto_free_sessions(struct sr_discipline *sd) 899 { 900 u_int i; 901 902 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) { 903 if (sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1) { 904 crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]); 905 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1; 906 } 907 } 908 } 909 910 int 911 sr_crypto_alloc_resources(struct sr_discipline *sd) 912 { 913 struct sr_workunit *wu; 914 struct sr_crypto_wu *crwu; 915 struct cryptoini cri; 916 u_int num_keys, i; 917 918 DNPRINTF(SR_D_DIS, "%s: sr_crypto_alloc_resources\n", 919 DEVNAME(sd->sd_sc)); 920 921 sd->mds.mdd_crypto.scr_alg = CRYPTO_AES_XTS; 922 switch (sd->mds.mdd_crypto.scr_meta->scm_alg) { 923 case SR_CRYPTOA_AES_XTS_128: 924 sd->mds.mdd_crypto.scr_klen = 256; 925 break; 926 case SR_CRYPTOA_AES_XTS_256: 927 sd->mds.mdd_crypto.scr_klen = 512; 928 break; 929 default: 930 sr_error(sd->sd_sc, "unknown crypto algorithm"); 931 return (EINVAL); 932 } 933 934 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) 935 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1; 936 937 if (sr_wu_alloc(sd, sizeof(struct sr_crypto_wu))) { 938 sr_error(sd->sd_sc, "unable to allocate work units"); 939 return (ENOMEM); 940 } 941 if (sr_ccb_alloc(sd)) { 942 sr_error(sd->sd_sc, "unable to allocate CCBs"); 943 return (ENOMEM); 944 } 945 if (sr_crypto_decrypt_key(sd)) { 946 sr_error(sd->sd_sc, "incorrect key or passphrase"); 947 return (EPERM); 948 } 949 950 /* 951 * For each work unit allocate the uio, iovec and crypto structures. 952 * These have to be allocated now because during runtime we cannot 953 * fail an allocation without failing the I/O (which can cause real 954 * problems). 955 */ 956 TAILQ_FOREACH(wu, &sd->sd_wu, swu_next) { 957 crwu = (struct sr_crypto_wu *)wu; 958 crwu->cr_uio.uio_iov = &crwu->cr_iov; 959 crwu->cr_dmabuf = dma_alloc(MAXPHYS, PR_WAITOK); 960 crwu->cr_crp = crypto_getreq(MAXPHYS >> DEV_BSHIFT); 961 if (crwu->cr_crp == NULL) 962 return (ENOMEM); 963 } 964 965 memset(&cri, 0, sizeof(cri)); 966 cri.cri_alg = sd->mds.mdd_crypto.scr_alg; 967 cri.cri_klen = sd->mds.mdd_crypto.scr_klen; 968 969 /* Allocate a session for every 2^SR_CRYPTO_KEY_BLKSHIFT blocks. */ 970 num_keys = ((sd->sd_meta->ssdi.ssd_size - 1) >> 971 SR_CRYPTO_KEY_BLKSHIFT) + 1; 972 if (num_keys > SR_CRYPTO_MAXKEYS) 973 return (EFBIG); 974 for (i = 0; i < num_keys; i++) { 975 cri.cri_key = sd->mds.mdd_crypto.scr_key[i]; 976 if (crypto_newsession(&sd->mds.mdd_crypto.scr_sid[i], 977 &cri, 0) != 0) { 978 sr_crypto_free_sessions(sd); 979 return (EINVAL); 980 } 981 } 982 983 sr_hotplug_register(sd, sr_crypto_hotplug); 984 985 return (0); 986 } 987 988 void 989 sr_crypto_free_resources(struct sr_discipline *sd) 990 { 991 struct sr_workunit *wu; 992 struct sr_crypto_wu *crwu; 993 994 DNPRINTF(SR_D_DIS, "%s: sr_crypto_free_resources\n", 995 DEVNAME(sd->sd_sc)); 996 997 if (sd->mds.mdd_crypto.key_disk != NULL) { 998 explicit_bzero(sd->mds.mdd_crypto.key_disk, 999 sizeof(*sd->mds.mdd_crypto.key_disk)); 1000 free(sd->mds.mdd_crypto.key_disk, M_DEVBUF, 1001 sizeof(*sd->mds.mdd_crypto.key_disk)); 1002 } 1003 1004 sr_hotplug_unregister(sd, sr_crypto_hotplug); 1005 1006 sr_crypto_free_sessions(sd); 1007 1008 TAILQ_FOREACH(wu, &sd->sd_wu, swu_next) { 1009 crwu = (struct sr_crypto_wu *)wu; 1010 if (crwu->cr_dmabuf) 1011 dma_free(crwu->cr_dmabuf, MAXPHYS); 1012 if (crwu->cr_crp) 1013 crypto_freereq(crwu->cr_crp); 1014 } 1015 1016 sr_wu_free(sd); 1017 sr_ccb_free(sd); 1018 } 1019 1020 int 1021 sr_crypto_ioctl(struct sr_discipline *sd, struct bioc_discipline *bd) 1022 { 1023 struct sr_crypto_kdfpair kdfpair; 1024 struct sr_crypto_kdfinfo kdfinfo1, kdfinfo2; 1025 int size, rv = 1; 1026 1027 DNPRINTF(SR_D_IOCTL, "%s: sr_crypto_ioctl %u\n", 1028 DEVNAME(sd->sd_sc), bd->bd_cmd); 1029 1030 switch (bd->bd_cmd) { 1031 case SR_IOCTL_GET_KDFHINT: 1032 1033 /* Get KDF hint for userland. */ 1034 size = sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint); 1035 if (bd->bd_data == NULL || bd->bd_size > size) 1036 goto bad; 1037 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint, 1038 bd->bd_data, bd->bd_size)) 1039 goto bad; 1040 1041 rv = 0; 1042 1043 break; 1044 1045 case SR_IOCTL_CHANGE_PASSPHRASE: 1046 1047 /* Attempt to change passphrase. */ 1048 1049 size = sizeof(kdfpair); 1050 if (bd->bd_data == NULL || bd->bd_size > size) 1051 goto bad; 1052 if (copyin(bd->bd_data, &kdfpair, size)) 1053 goto bad; 1054 1055 size = sizeof(kdfinfo1); 1056 if (kdfpair.kdfinfo1 == NULL || kdfpair.kdfsize1 > size) 1057 goto bad; 1058 if (copyin(kdfpair.kdfinfo1, &kdfinfo1, size)) 1059 goto bad; 1060 1061 size = sizeof(kdfinfo2); 1062 if (kdfpair.kdfinfo2 == NULL || kdfpair.kdfsize2 > size) 1063 goto bad; 1064 if (copyin(kdfpair.kdfinfo2, &kdfinfo2, size)) 1065 goto bad; 1066 1067 if (sr_crypto_change_maskkey(sd, &kdfinfo1, &kdfinfo2)) 1068 goto bad; 1069 1070 /* Save metadata to disk. */ 1071 rv = sr_meta_save(sd, SR_META_DIRTY); 1072 1073 break; 1074 } 1075 1076 bad: 1077 explicit_bzero(&kdfpair, sizeof(kdfpair)); 1078 explicit_bzero(&kdfinfo1, sizeof(kdfinfo1)); 1079 explicit_bzero(&kdfinfo2, sizeof(kdfinfo2)); 1080 1081 return (rv); 1082 } 1083 1084 int 1085 sr_crypto_meta_opt_handler(struct sr_discipline *sd, struct sr_meta_opt_hdr *om) 1086 { 1087 int rv = EINVAL; 1088 1089 if (om->som_type == SR_OPT_CRYPTO) { 1090 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)om; 1091 rv = 0; 1092 } 1093 1094 return (rv); 1095 } 1096 1097 int 1098 sr_crypto_rw(struct sr_workunit *wu) 1099 { 1100 struct sr_crypto_wu *crwu; 1101 daddr_t blkno; 1102 int rv = 0; 1103 1104 DNPRINTF(SR_D_DIS, "%s: sr_crypto_rw wu %p\n", 1105 DEVNAME(wu->swu_dis->sd_sc), wu); 1106 1107 if (sr_validate_io(wu, &blkno, "sr_crypto_rw")) 1108 return (1); 1109 1110 if (wu->swu_xs->flags & SCSI_DATA_OUT) { 1111 crwu = sr_crypto_prepare(wu, 1); 1112 crwu->cr_crp->crp_callback = sr_crypto_write; 1113 rv = crypto_dispatch(crwu->cr_crp); 1114 if (rv == 0) 1115 rv = crwu->cr_crp->crp_etype; 1116 } else 1117 rv = sr_crypto_dev_rw(wu, NULL); 1118 1119 return (rv); 1120 } 1121 1122 void 1123 sr_crypto_write(struct cryptop *crp) 1124 { 1125 struct sr_crypto_wu *crwu = crp->crp_opaque; 1126 struct sr_workunit *wu = &crwu->cr_wu; 1127 int s; 1128 1129 DNPRINTF(SR_D_INTR, "%s: sr_crypto_write: wu %p xs: %p\n", 1130 DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs); 1131 1132 if (crp->crp_etype) { 1133 /* fail io */ 1134 wu->swu_xs->error = XS_DRIVER_STUFFUP; 1135 s = splbio(); 1136 sr_scsi_done(wu->swu_dis, wu->swu_xs); 1137 splx(s); 1138 } 1139 1140 sr_crypto_dev_rw(wu, crwu); 1141 } 1142 1143 int 1144 sr_crypto_dev_rw(struct sr_workunit *wu, struct sr_crypto_wu *crwu) 1145 { 1146 struct sr_discipline *sd = wu->swu_dis; 1147 struct scsi_xfer *xs = wu->swu_xs; 1148 struct sr_ccb *ccb; 1149 struct uio *uio; 1150 daddr_t blkno; 1151 1152 blkno = wu->swu_blk_start; 1153 1154 ccb = sr_ccb_rw(sd, 0, blkno, xs->datalen, xs->data, xs->flags, 0); 1155 if (!ccb) { 1156 /* should never happen but handle more gracefully */ 1157 printf("%s: %s: too many ccbs queued\n", 1158 DEVNAME(sd->sd_sc), sd->sd_meta->ssd_devname); 1159 goto bad; 1160 } 1161 if (!ISSET(xs->flags, SCSI_DATA_IN)) { 1162 uio = crwu->cr_crp->crp_buf; 1163 ccb->ccb_buf.b_data = uio->uio_iov->iov_base; 1164 ccb->ccb_opaque = crwu; 1165 } 1166 sr_wu_enqueue_ccb(wu, ccb); 1167 sr_schedule_wu(wu); 1168 1169 return (0); 1170 1171 bad: 1172 /* wu is unwound by sr_wu_put */ 1173 if (crwu) 1174 crwu->cr_crp->crp_etype = EINVAL; 1175 return (1); 1176 } 1177 1178 void 1179 sr_crypto_done(struct sr_workunit *wu) 1180 { 1181 struct scsi_xfer *xs = wu->swu_xs; 1182 struct sr_crypto_wu *crwu; 1183 int s; 1184 1185 /* If this was a successful read, initiate decryption of the data. */ 1186 if (ISSET(xs->flags, SCSI_DATA_IN) && xs->error == XS_NOERROR) { 1187 crwu = sr_crypto_prepare(wu, 0); 1188 crwu->cr_crp->crp_callback = sr_crypto_read; 1189 DNPRINTF(SR_D_INTR, "%s: sr_crypto_done: crypto_dispatch %p\n", 1190 DEVNAME(wu->swu_dis->sd_sc), crwu->cr_crp); 1191 crypto_dispatch(crwu->cr_crp); 1192 return; 1193 } 1194 1195 s = splbio(); 1196 sr_scsi_done(wu->swu_dis, wu->swu_xs); 1197 splx(s); 1198 } 1199 1200 void 1201 sr_crypto_read(struct cryptop *crp) 1202 { 1203 struct sr_crypto_wu *crwu = crp->crp_opaque; 1204 struct sr_workunit *wu = &crwu->cr_wu; 1205 int s; 1206 1207 DNPRINTF(SR_D_INTR, "%s: sr_crypto_read: wu %p xs: %p\n", 1208 DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs); 1209 1210 if (crp->crp_etype) 1211 wu->swu_xs->error = XS_DRIVER_STUFFUP; 1212 1213 s = splbio(); 1214 sr_scsi_done(wu->swu_dis, wu->swu_xs); 1215 splx(s); 1216 } 1217 1218 void 1219 sr_crypto_hotplug(struct sr_discipline *sd, struct disk *diskp, int action) 1220 { 1221 DNPRINTF(SR_D_MISC, "%s: sr_crypto_hotplug: %s %d\n", 1222 DEVNAME(sd->sd_sc), diskp->dk_name, action); 1223 } 1224 1225 #ifdef SR_DEBUG0 1226 void 1227 sr_crypto_dumpkeys(struct sr_discipline *sd) 1228 { 1229 int i, j; 1230 1231 printf("sr_crypto_dumpkeys:\n"); 1232 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) { 1233 printf("\tscm_key[%d]: 0x", i); 1234 for (j = 0; j < SR_CRYPTO_KEYBYTES; j++) { 1235 printf("%02x", 1236 sd->mds.mdd_crypto.scr_meta->scm_key[i][j]); 1237 } 1238 printf("\n"); 1239 } 1240 printf("sr_crypto_dumpkeys: runtime data keys:\n"); 1241 for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) { 1242 printf("\tscr_key[%d]: 0x", i); 1243 for (j = 0; j < SR_CRYPTO_KEYBYTES; j++) { 1244 printf("%02x", 1245 sd->mds.mdd_crypto.scr_key[i][j]); 1246 } 1247 printf("\n"); 1248 } 1249 } 1250 #endif /* SR_DEBUG */ 1251