Lines Matching refs:sd
105 sr_crypto_discipline_init(struct sr_discipline *sd)
110 sd->sd_wu_size = sizeof(struct sr_crypto_wu);
111 sd->sd_type = SR_MD_CRYPTO;
112 strlcpy(sd->sd_name, "CRYPTO", sizeof(sd->sd_name));
113 sd->sd_capabilities = SR_CAP_SYSTEM_DISK | SR_CAP_AUTO_ASSEMBLE;
114 sd->sd_max_wu = SR_CRYPTO_NOWU;
117 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
120 sd->sd_alloc_resources = sr_crypto_alloc_resources;
121 sd->sd_assemble = sr_crypto_assemble;
122 sd->sd_create = sr_crypto_create;
123 sd->sd_free_resources = sr_crypto_free_resources;
124 sd->sd_ioctl_handler = sr_crypto_ioctl;
125 sd->sd_meta_opt_handler = sr_crypto_meta_opt_handler;
126 sd->sd_scsi_rw = sr_crypto_rw;
127 sd->sd_scsi_done = sr_crypto_done;
131 sr_crypto_create(struct sr_discipline *sd, struct bioc_createraid *bc,
138 sr_error(sd->sd_sc, "%s requires exactly one chunk",
139 sd->sd_name);
144 sr_error(sd->sd_sc, "%s exceeds maximum size (%lli > %llu)",
145 sd->sd_name, coerced_size, SR_CRYPTO_MAXSIZE);
156 SLIST_INSERT_HEAD(&sd->sd_meta_opt, omi, omi_link);
157 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)omi->omi_som;
158 sd->sd_meta->ssdi.ssd_opt_no++;
160 sd->mds.mdd_crypto.key_disk = NULL;
165 if (sr_crypto_get_kdf(bc, sd))
167 sd->mds.mdd_crypto.key_disk =
168 sr_crypto_create_key_disk(sd, bc->bc_key_disk);
169 if (sd->mds.mdd_crypto.key_disk == NULL)
171 sd->sd_capabilities |= SR_CAP_AUTO_ASSEMBLE;
180 } else if (sr_crypto_get_kdf(bc, sd))
187 sd->sd_meta->ssdi.ssd_size = coerced_size;
189 sr_crypto_create_keys(sd);
191 sd->sd_max_ccb_per_wu = no_chunk;
199 sr_crypto_assemble(struct sr_discipline *sd, struct bioc_createraid *bc,
204 sd->mds.mdd_crypto.key_disk = NULL;
207 if (sd->mds.mdd_crypto.scr_meta == NULL)
212 memcpy(sd->mds.mdd_crypto.scr_maskkey, data,
213 sizeof(sd->mds.mdd_crypto.scr_maskkey));
216 sd->mds.mdd_crypto.key_disk =
217 sr_crypto_read_key_disk(sd, bc->bc_key_disk);
218 if (sd->mds.mdd_crypto.key_disk == NULL)
225 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) <
229 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
239 if (sr_crypto_get_kdf(bc, sd))
244 sd->sd_max_ccb_per_wu = sd->sd_meta->ssdi.ssd_chunk_no;
255 struct sr_discipline *sd = wu->swu_dis;
263 DEVNAME(sd->sd_sc), wu, encrypt);
295 crwu->cr_crp->crp_sid = sd->mds.mdd_crypto.scr_sid[keyndx];
308 crd->crd_alg = sd->mds.mdd_crypto.scr_alg;
309 crd->crd_klen = sd->mds.mdd_crypto.scr_klen;
310 crd->crd_key = sd->mds.mdd_crypto.scr_key[0];
318 sr_crypto_get_kdf(struct bioc_createraid *bc, struct sr_discipline *sd)
339 if (sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint) <
342 memcpy(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
348 if (sizeof(sd->mds.mdd_crypto.scr_maskkey) <
351 memcpy(sd->mds.mdd_crypto.scr_maskkey, &kdfinfo->maskkey,
444 sr_crypto_decrypt_key(struct sr_discipline *sd)
449 DNPRINTF(SR_D_DIS, "%s: sr_crypto_decrypt_key\n", DEVNAME(sd->sd_sc));
451 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1)
454 if (sr_crypto_decrypt((u_char *)sd->mds.mdd_crypto.scr_meta->scm_key,
455 (u_char *)sd->mds.mdd_crypto.scr_key,
456 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key),
457 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1)
461 sr_crypto_dumpkeys(sd);
465 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey,
466 sizeof(sd->mds.mdd_crypto.scr_maskkey),
467 (u_int8_t *)sd->mds.mdd_crypto.scr_key,
468 sizeof(sd->mds.mdd_crypto.scr_key),
470 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac,
472 explicit_bzero(sd->mds.mdd_crypto.scr_key,
473 sizeof(sd->mds.mdd_crypto.scr_key));
480 explicit_bzero(&sd->mds.mdd_crypto.scr_maskkey,
481 sizeof(sd->mds.mdd_crypto.scr_maskkey));
489 sr_crypto_create_keys(struct sr_discipline *sd)
493 DEVNAME(sd->sd_sc));
495 if (AES_MAXKEYBYTES < sizeof(sd->mds.mdd_crypto.scr_maskkey))
499 sd->mds.mdd_crypto.scr_meta->scm_alg = SR_CRYPTOA_AES_XTS_256;
502 arc4random_buf(sd->mds.mdd_crypto.scr_key,
503 sizeof(sd->mds.mdd_crypto.scr_key));
506 sd->mds.mdd_crypto.scr_meta->scm_mask_alg = SR_CRYPTOM_AES_ECB_256;
507 sr_crypto_encrypt((u_char *)sd->mds.mdd_crypto.scr_key,
508 (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key,
509 sd->mds.mdd_crypto.scr_maskkey, sizeof(sd->mds.mdd_crypto.scr_key),
510 sd->mds.mdd_crypto.scr_meta->scm_mask_alg);
513 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1;
514 sr_crypto_calculate_check_hmac_sha1(sd->mds.mdd_crypto.scr_maskkey,
515 sizeof(sd->mds.mdd_crypto.scr_maskkey),
516 (u_int8_t *)sd->mds.mdd_crypto.scr_key,
517 sizeof(sd->mds.mdd_crypto.scr_key),
518 sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac);
521 explicit_bzero(sd->mds.mdd_crypto.scr_key,
522 sizeof(sd->mds.mdd_crypto.scr_key));
525 sr_crypto_dumpkeys(sd);
528 sd->mds.mdd_crypto.scr_meta->scm_flags = SR_CRYPTOF_KEY |
535 sr_crypto_change_maskkey(struct sr_discipline *sd,
544 DEVNAME(sd->sd_sc));
546 if (sd->mds.mdd_crypto.scr_meta->scm_check_alg != SR_CRYPTOC_HMAC_SHA1)
549 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key;
550 ksz = sizeof(sd->mds.mdd_crypto.scr_key);
556 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1)
560 sr_crypto_dumpkeys(sd);
565 if (memcmp(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac,
567 sr_error(sd->sd_sc, "incorrect key or passphrase");
575 sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint))
577 explicit_bzero(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
578 sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint));
579 memcpy(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
584 c = (u_char *)sd->mds.mdd_crypto.scr_meta->scm_key;
586 sd->mds.mdd_crypto.scr_meta->scm_mask_alg) == -1)
590 sd->mds.mdd_crypto.scr_meta->scm_check_alg = SR_CRYPTOC_HMAC_SHA1;
592 sizeof(kdfinfo2->maskkey), (u_int8_t *)sd->mds.mdd_crypto.scr_key,
593 sizeof(sd->mds.mdd_crypto.scr_key), check_digest);
596 memcpy(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac, check_digest,
597 sizeof(sd->mds.mdd_crypto.scr_meta->chk_hmac_sha1.sch_mac));
615 sr_crypto_create_key_disk(struct sr_discipline *sd, dev_t dev)
617 struct sr_softc *sc = sd->sd_sc;
682 km->scmi.scm_volid = sd->sd_meta->ssdi.ssd_level;
687 memcpy(&km->scmi.scm_uuid, &sd->sd_meta->ssdi.ssd_uuid,
704 memcpy(&sm->ssdi.ssd_uuid, &sd->sd_meta->ssdi.ssd_uuid,
718 fakesd->sd_sc = sd->sd_sc;
733 arc4random_buf(sd->mds.mdd_crypto.scr_maskkey,
734 sizeof(sd->mds.mdd_crypto.scr_maskkey));
744 memcpy(&skm->skm_maskkey, sd->mds.mdd_crypto.scr_maskkey,
777 sr_crypto_read_key_disk(struct sr_discipline *sd, dev_t dev)
779 struct sr_softc *sc = sd->sd_sc;
837 if (sr_meta_native_read(sd, dev, sm, NULL)) {
842 if (sr_meta_validate(sd, dev, sm, NULL)) {
869 memcpy(sd->mds.mdd_crypto.scr_maskkey, &skm->skm_maskkey,
870 sizeof(sd->mds.mdd_crypto.scr_maskkey));
873 memcpy(sd->mds.mdd_crypto.scr_maskkey,
875 sizeof(sd->mds.mdd_crypto.scr_maskkey));
899 sr_crypto_free_sessions(struct sr_discipline *sd)
904 if (sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1) {
905 crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]);
906 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
912 sr_crypto_alloc_resources(struct sr_discipline *sd)
920 DEVNAME(sd->sd_sc));
922 sd->mds.mdd_crypto.scr_alg = CRYPTO_AES_XTS;
923 switch (sd->mds.mdd_crypto.scr_meta->scm_alg) {
925 sd->mds.mdd_crypto.scr_klen = 256;
928 sd->mds.mdd_crypto.scr_klen = 512;
931 sr_error(sd->sd_sc, "unknown crypto algorithm");
936 sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
938 if (sr_wu_alloc(sd)) {
939 sr_error(sd->sd_sc, "unable to allocate work units");
942 if (sr_ccb_alloc(sd)) {
943 sr_error(sd->sd_sc, "unable to allocate CCBs");
946 if (sr_crypto_decrypt_key(sd)) {
947 sr_error(sd->sd_sc, "incorrect key or passphrase");
957 TAILQ_FOREACH(wu, &sd->sd_wu, swu_next) {
967 cri.cri_alg = sd->mds.mdd_crypto.scr_alg;
968 cri.cri_klen = sd->mds.mdd_crypto.scr_klen;
971 num_keys = ((sd->sd_meta->ssdi.ssd_size - 1) >>
976 cri.cri_key = sd->mds.mdd_crypto.scr_key[i];
977 if (crypto_newsession(&sd->mds.mdd_crypto.scr_sid[i],
979 sr_crypto_free_sessions(sd);
984 sr_hotplug_register(sd, sr_crypto_hotplug);
990 sr_crypto_free_resources(struct sr_discipline *sd)
996 DEVNAME(sd->sd_sc));
998 if (sd->mds.mdd_crypto.key_disk != NULL) {
999 explicit_bzero(sd->mds.mdd_crypto.key_disk,
1000 sizeof(*sd->mds.mdd_crypto.key_disk));
1001 free(sd->mds.mdd_crypto.key_disk, M_DEVBUF,
1002 sizeof(*sd->mds.mdd_crypto.key_disk));
1005 sr_hotplug_unregister(sd, sr_crypto_hotplug);
1007 sr_crypto_free_sessions(sd);
1009 TAILQ_FOREACH(wu, &sd->sd_wu, swu_next) {
1017 sr_wu_free(sd);
1018 sr_ccb_free(sd);
1022 sr_crypto_ioctl(struct sr_discipline *sd, struct bioc_discipline *bd)
1029 DEVNAME(sd->sd_sc), bd->bd_cmd);
1035 size = sizeof(sd->mds.mdd_crypto.scr_meta->scm_kdfhint);
1038 if (copyout(sd->mds.mdd_crypto.scr_meta->scm_kdfhint,
1068 if (sr_crypto_change_maskkey(sd, &kdfinfo1, &kdfinfo2))
1072 rv = sr_meta_save(sd, SR_META_DIRTY);
1086 sr_crypto_meta_opt_handler(struct sr_discipline *sd, struct sr_meta_opt_hdr *om)
1091 sd->mds.mdd_crypto.scr_meta = (struct sr_meta_crypto *)om;
1147 struct sr_discipline *sd = wu->swu_dis;
1155 ccb = sr_ccb_rw(sd, 0, blkno, xs->datalen, xs->data, xs->flags, 0);
1159 DEVNAME(sd->sd_sc), sd->sd_meta->ssd_devname);
1220 sr_crypto_hotplug(struct sr_discipline *sd, struct disk *diskp, int action)
1223 DEVNAME(sd->sd_sc), diskp->dk_name, action);
1228 sr_crypto_dumpkeys(struct sr_discipline *sd)
1237 sd->mds.mdd_crypto.scr_meta->scm_key[i][j]);
1246 sd->mds.mdd_crypto.scr_key[i][j]);