1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2002 Poul-Henning Kamp
5 * Copyright (c) 2002 Networks Associates Technology, Inc.
6 * All rights reserved.
7 *
8 * This software was developed for the FreeBSD Project by Poul-Henning Kamp
9 * and NAI Labs, the Security Research Division of Network Associates, Inc.
10 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
11 * DARPA CHATS research program.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 */
35
36 #include <sys/param.h>
37 #include <sys/bio.h>
38 #include <sys/lock.h>
39 #include <sys/mutex.h>
40 #include <sys/malloc.h>
41 #include <sys/systm.h>
42 #include <sys/kernel.h>
43 #include <sys/kthread.h>
44 #include <sys/sysctl.h>
45
46 #include <crypto/rijndael/rijndael-api-fst.h>
47 #include <crypto/sha2/sha512.h>
48 #include <geom/geom.h>
49 #include <geom/bde/g_bde.h>
50 #define BDE_CLASS_NAME "BDE"
51
52 FEATURE(geom_bde, "GEOM-based Disk Encryption");
53
54 static void
g_bde_start(struct bio * bp)55 g_bde_start(struct bio *bp)
56 {
57
58 switch (bp->bio_cmd) {
59 case BIO_DELETE:
60 case BIO_READ:
61 case BIO_WRITE:
62 g_bde_start1(bp);
63 break;
64 case BIO_GETATTR:
65 g_io_deliver(bp, EOPNOTSUPP);
66 break;
67 default:
68 g_io_deliver(bp, EOPNOTSUPP);
69 return;
70 }
71 return;
72 }
73
74 static void
g_bde_orphan(struct g_consumer * cp)75 g_bde_orphan(struct g_consumer *cp)
76 {
77 struct g_geom *gp;
78 struct g_provider *pp;
79 struct g_bde_softc *sc;
80
81 g_trace(G_T_TOPOLOGY, "g_bde_orphan(%p/%s)", cp, cp->provider->name);
82 g_topology_assert();
83
84 gp = cp->geom;
85 sc = gp->softc;
86 gp->flags |= G_GEOM_WITHER;
87 LIST_FOREACH(pp, &gp->provider, provider)
88 g_wither_provider(pp, ENXIO);
89 explicit_bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */
90 return;
91 }
92
93 static int
g_bde_access(struct g_provider * pp,int dr,int dw,int de)94 g_bde_access(struct g_provider *pp, int dr, int dw, int de)
95 {
96 struct g_geom *gp;
97 struct g_consumer *cp;
98
99 gp = pp->geom;
100 cp = LIST_FIRST(&gp->consumer);
101 if (cp->acr == 0 && cp->acw == 0 && cp->ace == 0) {
102 de++;
103 dr++;
104 }
105 /* ... and let go of it on last close */
106 if ((cp->acr + dr) == 0 && (cp->acw + dw) == 0 && (cp->ace + de) == 1) {
107 de--;
108 dr--;
109 }
110 return (g_access(cp, dr, dw, de));
111 }
112
113 static void
g_bde_create_geom(struct gctl_req * req,struct g_class * mp,struct g_provider * pp)114 g_bde_create_geom(struct gctl_req *req, struct g_class *mp, struct g_provider *pp)
115 {
116 struct g_geom *gp;
117 struct g_consumer *cp;
118 struct g_bde_key *kp;
119 int error, i;
120 u_int sectorsize;
121 off_t mediasize;
122 struct g_bde_softc *sc;
123 void *pass;
124 void *key;
125
126 g_trace(G_T_TOPOLOGY, "g_bde_create_geom(%s, %s)", mp->name, pp->name);
127 g_topology_assert();
128 gp = NULL;
129
130 gp = g_new_geomf(mp, "%s.bde", pp->name);
131 cp = g_new_consumer(gp);
132 error = g_attach(cp, pp);
133 if (error != 0) {
134 g_destroy_consumer(cp);
135 g_destroy_geom(gp);
136 gctl_error(req, "could not attach consumer");
137 return;
138 }
139 error = g_access(cp, 1, 1, 1);
140 if (error) {
141 g_detach(cp);
142 g_destroy_consumer(cp);
143 g_destroy_geom(gp);
144 gctl_error(req, "could not access consumer");
145 return;
146 }
147 pass = NULL;
148 key = NULL;
149 do {
150 pass = gctl_get_param(req, "pass", &i);
151 if (pass == NULL || i != SHA512_DIGEST_LENGTH) {
152 gctl_error(req, "No usable key presented");
153 break;
154 }
155 key = gctl_get_param(req, "key", &i);
156 if (key != NULL && i != 16) {
157 gctl_error(req, "Invalid key presented");
158 break;
159 }
160 sectorsize = cp->provider->sectorsize;
161 mediasize = cp->provider->mediasize;
162 sc = g_malloc(sizeof(struct g_bde_softc), M_WAITOK | M_ZERO);
163 gp->softc = sc;
164 sc->geom = gp;
165 sc->consumer = cp;
166
167 error = g_bde_decrypt_lock(sc, pass, key,
168 mediasize, sectorsize, NULL);
169 explicit_bzero(sc->sha2, sizeof sc->sha2);
170 if (error)
171 break;
172 kp = &sc->key;
173
174 /* Initialize helper-fields */
175 kp->keys_per_sector = kp->sectorsize / G_BDE_SKEYLEN;
176 kp->zone_cont = kp->keys_per_sector * kp->sectorsize;
177 kp->zone_width = kp->zone_cont + kp->sectorsize;
178 kp->media_width = kp->sectorN - kp->sector0 -
179 G_BDE_MAXKEYS * kp->sectorsize;
180
181 /* Our external parameters */
182 sc->zone_cont = kp->zone_cont;
183 sc->mediasize = g_bde_max_sector(kp);
184 sc->sectorsize = kp->sectorsize;
185
186 TAILQ_INIT(&sc->freelist);
187 TAILQ_INIT(&sc->worklist);
188 mtx_init(&sc->worklist_mutex, "g_bde_worklist", NULL, MTX_DEF);
189 /* XXX: error check */
190 kproc_create(g_bde_worker, gp, &sc->thread, 0, 0,
191 "g_bde %s", gp->name);
192 pp = g_new_providerf(gp, "%s", gp->name);
193 pp->stripesize = kp->zone_cont;
194 pp->stripeoffset = 0;
195 pp->mediasize = sc->mediasize;
196 pp->sectorsize = sc->sectorsize;
197 g_error_provider(pp, 0);
198 break;
199 } while (0);
200 if (pass != NULL)
201 explicit_bzero(pass, SHA512_DIGEST_LENGTH);
202 if (key != NULL)
203 explicit_bzero(key, 16);
204 if (error == 0)
205 return;
206 g_access(cp, -1, -1, -1);
207 g_detach(cp);
208 g_destroy_consumer(cp);
209 g_free(gp->softc);
210 g_destroy_geom(gp);
211 switch (error) {
212 case ENOENT:
213 gctl_error(req, "Lock was destroyed");
214 break;
215 case ESRCH:
216 gctl_error(req, "Lock was nuked");
217 break;
218 case EINVAL:
219 gctl_error(req, "Could not open lock");
220 break;
221 case ENOTDIR:
222 gctl_error(req, "Lock not found");
223 break;
224 default:
225 gctl_error(req, "Could not open lock (%d)", error);
226 break;
227 }
228 return;
229 }
230
231 static int
g_bde_destroy_geom(struct gctl_req * req,struct g_class * mp,struct g_geom * gp)232 g_bde_destroy_geom(struct gctl_req *req, struct g_class *mp, struct g_geom *gp)
233 {
234 struct g_consumer *cp;
235 struct g_provider *pp;
236 struct g_bde_softc *sc;
237
238 g_trace(G_T_TOPOLOGY, "g_bde_destroy_geom(%s, %s)", mp->name, gp->name);
239 g_topology_assert();
240 /*
241 * Orderly detachment.
242 */
243 KASSERT(gp != NULL, ("NULL geom"));
244 pp = LIST_FIRST(&gp->provider);
245 KASSERT(pp != NULL, ("NULL provider"));
246 if (pp->acr > 0 || pp->acw > 0 || pp->ace > 0)
247 return (EBUSY);
248 sc = gp->softc;
249 cp = LIST_FIRST(&gp->consumer);
250 KASSERT(cp != NULL, ("NULL consumer"));
251 sc->dead = 1;
252 wakeup(sc);
253 g_access(cp, -1, -1, -1);
254 g_detach(cp);
255 g_destroy_consumer(cp);
256 while (sc->dead != 2 && !LIST_EMPTY(&pp->consumers))
257 tsleep(sc, PRIBIO, "g_bdedie", hz);
258 mtx_destroy(&sc->worklist_mutex);
259 explicit_bzero(&sc->key, sizeof sc->key);
260 g_free(sc);
261 g_wither_geom(gp, ENXIO);
262 return (0);
263 }
264
265 static void
g_bde_ctlreq(struct gctl_req * req,struct g_class * mp,char const * verb)266 g_bde_ctlreq(struct gctl_req *req, struct g_class *mp, char const *verb)
267 {
268 struct g_geom *gp;
269 struct g_provider *pp;
270
271 if (!strcmp(verb, "create geom")) {
272 pp = gctl_get_provider(req, "provider");
273 if (pp != NULL)
274 g_bde_create_geom(req, mp, pp);
275 } else if (!strcmp(verb, "destroy geom")) {
276 gp = gctl_get_geom(req, mp, "geom");
277 if (gp != NULL)
278 g_bde_destroy_geom(req, mp, gp);
279 } else {
280 gctl_error(req, "unknown verb");
281 }
282 }
283
284 static struct g_class g_bde_class = {
285 .name = BDE_CLASS_NAME,
286 .version = G_VERSION,
287 .destroy_geom = g_bde_destroy_geom,
288 .ctlreq = g_bde_ctlreq,
289 .start = g_bde_start,
290 .orphan = g_bde_orphan,
291 .access = g_bde_access,
292 .spoiled = g_std_spoiled,
293 };
294
295 DECLARE_GEOM_CLASS(g_bde_class, g_bde);
296 MODULE_VERSION(geom_bde, 0);
297