2 * Copyright (c) 2010 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Alex Hornung <ahornung@gmail.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * This file implements initial version of device-mapper crypt target.
38 #include <sys/endian.h>
41 #include <sys/globaldata.h>
42 #include <sys/kerneldump.h>
43 #include <sys/malloc.h>
44 #include <sys/mpipe.h>
46 #include <sys/mutex2.h>
47 #include <sys/vnode.h>
48 #include <crypto/sha1.h>
49 #include <crypto/sha2/sha2.h>
50 #include <opencrypto/cryptodev.h>
51 #include <opencrypto/rmd160.h>
52 #include <machine/cpufunc.h>
53 #include <cpu/atomic.h>
57 #include <dev/disk/dm/dm.h>
58 MALLOC_DEFINE(M_DMCRYPT, "dm_crypt", "Device Mapper Target Crypt");
60 KTR_INFO_MASTER(dmcrypt);
62 #if !defined(KTR_DMCRYPT)
63 #define KTR_DMCRYPT KTR_ALL
66 KTR_INFO(KTR_DMCRYPT, dmcrypt, crypto_dispatch, 0,
67 "crypto_dispatch(%p)", struct cryptop *crp);
68 KTR_INFO(KTR_DMCRYPT, dmcrypt, crypt_strategy, 0,
69 "crypt_strategy(b_cmd = %d, bp = %p)", int cmd, struct buf *bp);
70 KTR_INFO(KTR_DMCRYPT, dmcrypt, crypto_write_start, 1,
71 "crypto_write_start(crp = %p, bp = %p, sector = %d/%d)",
72 struct cryptop *crp, struct buf *bp, int i, int sectors);
73 KTR_INFO(KTR_DMCRYPT, dmcrypt, crypto_cb_write_done, 1,
74 "crypto_cb_write_done(crp = %p, bp = %p, n = %d)",
75 struct cryptop *crp, struct buf *bp, int n);
76 KTR_INFO(KTR_DMCRYPT, dmcrypt, bio_write_done, 1,
77 "bio_write_done(bp = %p)", struct buf *bp);
78 KTR_INFO(KTR_DMCRYPT, dmcrypt, crypto_write_retry, 1,
79 "crypto_write_retry(crp = %p)", struct buf *bp);
80 KTR_INFO(KTR_DMCRYPT, dmcrypt, bio_read_done, 2,
81 "bio_read_done(bp = %p)", struct buf *bp);
82 KTR_INFO(KTR_DMCRYPT, dmcrypt, crypto_read_start, 2,
83 "crypto_read_start(crp = %p, bp = %p, sector = %d/%d)",
84 struct cryptop *crp, struct buf *bp, int i, int sectors);
85 KTR_INFO(KTR_DMCRYPT, dmcrypt, crypto_cb_read_done, 2,
86 "crypto_cb_read_done(crp = %p, bp = %p, n = %d)",
87 struct cryptop *crp, struct buf *bp, int n);
89 struct target_crypt_config;
91 typedef void dispatch_t(void *);
92 typedef void ivgen_t(struct target_crypt_config *, u_int8_t *, size_t, off_t,
95 typedef int ivgen_ctor_t(struct target_crypt_config *, char *, void **);
96 typedef int ivgen_dtor_t(struct target_crypt_config *, void *);
105 struct essiv_ivgen_priv {
106 struct cryptoini crypto_session;
107 struct objcache *crp_crd_cache;
108 u_int64_t crypto_sid;
110 u_int8_t crypto_keyhash[SHA512_DIGEST_LENGTH];
113 typedef struct target_crypt_config {
119 u_int8_t crypto_key[512>>3];
121 u_int64_t crypto_sid;
122 u_int64_t block_offset;
124 SHA512_CTX essivsha512_ctx;
126 struct cryptoini crypto_session;
128 struct iv_generator *ivgen;
131 struct malloc_pipe read_mpipe;
132 struct malloc_pipe write_mpipe;
133 } dm_target_crypt_config_t;
136 dm_target_crypt_config_t *priv;
142 struct dmtc_dump_helper {
143 dm_target_crypt_config_t *priv;
151 struct cryptodesc crd[128];
152 struct cryptop crp[128];
156 #define DMTC_BUF_SIZE_WRITE \
157 MAXPHYS + sizeof(struct dmtc_helper) + \
158 MAXPHYS/DEV_BSIZE*(sizeof(struct cryptop) + sizeof(struct cryptodesc))
159 #define DMTC_BUF_SIZE_READ \
160 sizeof(struct dmtc_helper) + \
161 MAXPHYS/DEV_BSIZE*(sizeof(struct cryptop) + sizeof(struct cryptodesc))
163 static void dmtc_crypto_dispatch(void *arg);
164 static void dmtc_crypto_dump_start(dm_target_crypt_config_t *priv,
165 struct dmtc_dump_helper *dump_helper);
166 static void dmtc_crypto_read_start(dm_target_crypt_config_t *priv,
168 static void dmtc_crypto_write_start(dm_target_crypt_config_t *priv,
170 static void dmtc_bio_read_done(struct bio *bio);
171 static void dmtc_bio_write_done(struct bio *bio);
172 static int dmtc_crypto_cb_dump_done(struct cryptop *crp);
173 static int dmtc_crypto_cb_read_done(struct cryptop *crp);
174 static int dmtc_crypto_cb_write_done(struct cryptop *crp);
176 static ivgen_ctor_t essiv_ivgen_ctor;
177 static ivgen_dtor_t essiv_ivgen_dtor;
178 static ivgen_t essiv_ivgen;
179 static ivgen_t plain_ivgen;
180 static ivgen_t plain64_ivgen;
182 static struct iv_generator ivgens[] = {
183 { .name = "essiv", .ctor = essiv_ivgen_ctor, .dtor = essiv_ivgen_dtor,
184 .gen_iv = essiv_ivgen },
185 { .name = "plain", .ctor = NULL, .dtor = NULL, .gen_iv = plain_ivgen },
186 { .name = "plain64", .ctor = NULL, .dtor = NULL, .gen_iv = plain64_ivgen },
187 { NULL, NULL, NULL, NULL }
190 struct objcache_malloc_args essiv_ivgen_malloc_args = {
191 2*sizeof(void *) + (sizeof(struct cryptodesc) +
192 sizeof(struct cryptop)), M_DMCRYPT };
195 dmtc_init_mpipe(struct target_crypt_config *priv)
199 nmax = (physmem*2/1000*PAGE_SIZE)/(DMTC_BUF_SIZE_WRITE + DMTC_BUF_SIZE_READ) + 1;
204 kprintf("dm_target_crypt: Setting min/max mpipe buffers: %d/%d\n", 2, nmax);
206 mpipe_init(&priv->write_mpipe, M_DMCRYPT, DMTC_BUF_SIZE_WRITE,
207 2, nmax, MPF_NOZERO | MPF_CALLBACK, NULL, NULL, NULL);
208 mpipe_init(&priv->read_mpipe, M_DMCRYPT, DMTC_BUF_SIZE_READ,
209 2, nmax, MPF_NOZERO | MPF_CALLBACK, NULL, NULL, NULL);
213 dmtc_destroy_mpipe(struct target_crypt_config *priv)
215 mpipe_done(&priv->write_mpipe);
216 mpipe_done(&priv->read_mpipe);
220 * Overwrite private information (in buf) to avoid leaking it
223 dmtc_crypto_clear(void *buf, size_t len)
225 memset(buf, 0xFF, len);
230 * ESSIV IV Generator Routines
233 essiv_ivgen_ctor(struct target_crypt_config *priv, char *iv_hash, void **p_ivpriv)
235 struct essiv_ivgen_priv *ivpriv;
236 u_int8_t crypto_keyhash[SHA512_DIGEST_LENGTH];
237 unsigned int klen, hashlen;
240 klen = (priv->crypto_klen >> 3);
245 if (!strcmp(iv_hash, "sha1")) {
248 hashlen = SHA1_RESULTLEN;
250 SHA1Update(&ctx, priv->crypto_key, klen);
251 SHA1Final(crypto_keyhash, &ctx);
252 } else if (!strcmp(iv_hash, "sha256")) {
255 hashlen = SHA256_DIGEST_LENGTH;
257 SHA256_Update(&ctx, priv->crypto_key, klen);
258 SHA256_Final(crypto_keyhash, &ctx);
259 } else if (!strcmp(iv_hash, "sha384")) {
262 hashlen = SHA384_DIGEST_LENGTH;
264 SHA384_Update(&ctx, priv->crypto_key, klen);
265 SHA384_Final(crypto_keyhash, &ctx);
266 } else if (!strcmp(iv_hash, "sha512")) {
269 hashlen = SHA512_DIGEST_LENGTH;
271 SHA512_Update(&ctx, priv->crypto_key, klen);
272 SHA512_Final(crypto_keyhash, &ctx);
273 } else if (!strcmp(iv_hash, "md5")) {
276 hashlen = MD5_DIGEST_LENGTH;
278 MD5Update(&ctx, priv->crypto_key, klen);
279 MD5Final(crypto_keyhash, &ctx);
280 } else if (!strcmp(iv_hash, "rmd160") ||
281 !strcmp(iv_hash, "ripemd160")) {
286 RMD160Update(&ctx, priv->crypto_key, klen);
287 RMD160Final(crypto_keyhash, &ctx);
292 /* Convert hashlen to bits */
295 ivpriv = kmalloc(sizeof(struct essiv_ivgen_priv), M_DMCRYPT,
297 memcpy(ivpriv->crypto_keyhash, crypto_keyhash, sizeof(crypto_keyhash));
298 ivpriv->keyhash_len = sizeof(crypto_keyhash);
299 dmtc_crypto_clear(crypto_keyhash, sizeof(crypto_keyhash));
301 ivpriv->crypto_session.cri_alg = priv->crypto_alg;
302 ivpriv->crypto_session.cri_key = (u_int8_t *)ivpriv->crypto_keyhash;
303 ivpriv->crypto_session.cri_klen = hashlen;
304 ivpriv->crypto_session.cri_mlen = 0;
305 ivpriv->crypto_session.cri_next = NULL;
308 * XXX: in principle we also need to check if the block size of the
309 * cipher is a valid iv size for the block cipher.
312 error = crypto_newsession(&ivpriv->crypto_sid,
313 &ivpriv->crypto_session,
314 CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE);
316 kprintf("dm_target_crypt: Error during crypto_newsession "
317 "for essiv_ivgen, error = %d\n",
319 dmtc_crypto_clear(ivpriv->crypto_keyhash, ivpriv->keyhash_len);
320 kfree(ivpriv, M_DMCRYPT);
324 ivpriv->crp_crd_cache = objcache_create(
325 "dmcrypt-essiv-cache", 0, 0,
327 objcache_malloc_alloc,
328 objcache_malloc_free,
329 &essiv_ivgen_malloc_args );
336 essiv_ivgen_dtor(struct target_crypt_config *priv, void *arg)
338 struct essiv_ivgen_priv *ivpriv;
340 ivpriv = (struct essiv_ivgen_priv *)arg;
341 KKASSERT(ivpriv != NULL);
343 crypto_freesession(ivpriv->crypto_sid);
345 objcache_destroy(ivpriv->crp_crd_cache);
347 dmtc_crypto_clear(ivpriv->crypto_keyhash, ivpriv->keyhash_len);
348 kfree(ivpriv, M_DMCRYPT);
354 essiv_ivgen_done(struct cryptop *crp)
356 struct essiv_ivgen_priv *ivpriv;
361 if (crp->crp_etype == EAGAIN)
362 return crypto_dispatch(crp);
364 if (crp->crp_etype != 0) {
365 kprintf("dm_target_crypt: essiv_ivgen_done, "
366 "crp->crp_etype = %d\n", crp->crp_etype);
369 free_addr = crp->crp_opaque;
371 * In-memory structure is:
372 * | ivpriv | opaque | crp | crd |
373 * | (void *) | (void *) | (cryptop) | (cryptodesc) |
375 ivpriv = *((struct essiv_ivgen_priv **)crp->crp_opaque);
376 crp->crp_opaque += sizeof(void *);
377 opaque = *((void **)crp->crp_opaque);
379 objcache_put(ivpriv->crp_crd_cache, free_addr);
380 dmtc_crypto_dispatch(opaque);
385 essiv_ivgen(dm_target_crypt_config_t *priv, u_int8_t *iv,
386 size_t iv_len, off_t sector, void *opaque)
388 struct essiv_ivgen_priv *ivpriv;
389 struct cryptodesc *crd;
391 caddr_t space, alloc_addr;
394 ivpriv = priv->ivgen_priv;
395 KKASSERT(ivpriv != NULL);
398 * In-memory structure is:
399 * | ivpriv | opaque | crp | crd |
400 * | (void *) | (void *) | (cryptop) | (cryptodesc) |
402 alloc_addr = space = objcache_get(ivpriv->crp_crd_cache, M_WAITOK);
403 *((struct essiv_ivgen_priv **)space) = ivpriv;
404 space += sizeof(void *);
405 *((void **)space) = opaque;
406 space += sizeof(void *);
407 crp = (struct cryptop *)space;
408 space += sizeof(struct cryptop);
409 crd = (struct cryptodesc *)space;
412 bzero(crd, sizeof(struct cryptodesc));
413 bzero(crp, sizeof(struct cryptop));
414 *((off_t *)iv) = htole64(sector + priv->iv_offset);
415 crp->crp_buf = (caddr_t)iv;
417 crp->crp_sid = ivpriv->crypto_sid;
418 crp->crp_ilen = crp->crp_olen = iv_len;
420 crp->crp_opaque = alloc_addr;
422 crp->crp_callback = essiv_ivgen_done;
426 crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_REL | CRYPTO_F_BATCH;
428 crd->crd_alg = priv->crypto_alg;
430 crd->crd_key = (caddr_t)priv->crypto_keyhash;
431 crd->crd_klen = priv->crypto_klen;
434 bzero(crd->crd_iv, sizeof(crd->crd_iv));
437 crd->crd_len = iv_len;
438 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
439 crd->crd_flags |= CRD_F_ENCRYPT;
440 crd->crd_next = NULL;
442 error = crypto_dispatch(crp);
444 kprintf("dm_target_crypt: essiv_ivgen, error = %d\n", error);
449 plain_ivgen(dm_target_crypt_config_t *priv, u_int8_t *iv,
450 size_t iv_len, off_t sector, void *opaque)
453 *((uint32_t *)iv) = htole32((uint32_t)(sector + priv->iv_offset));
454 dmtc_crypto_dispatch(opaque);
458 plain64_ivgen(dm_target_crypt_config_t *priv, u_int8_t *iv,
459 size_t iv_len, off_t sector, void *opaque)
462 *((uint64_t *)iv) = htole64((uint64_t)(sector + priv->iv_offset));
463 dmtc_crypto_dispatch(opaque);
468 geli_ivgen(dm_target_crypt_config_t *priv, u_int8_t *iv,
469 size_t iv_len, off_t sector, void *opaque)
473 u_int8_t md[SHA512_DIGEST_LENGTH]; /* Max. Digest Size */
475 memcpy(&ctx512, &priv->essivsha512_ctx, sizeof(SHA512_CTX));
476 SHA512_Update(&ctx512, (u_int8_t*)§or, sizeof(off_t));
477 SHA512_Final(md, &ctx512);
479 memcpy(iv, md, iv_len);
480 dmtc_crypto_dispatch(opaque);
485 * Init function called from dm_table_load_ioctl.
486 * cryptsetup actually passes us this:
487 * aes-cbc-essiv:sha256 7997f8af... 0 /dev/ad0s0a 8
490 hex2key(char *hex, size_t key_len, u_int8_t *key)
496 for (key_idx = 0; key_idx < key_len; ++key_idx) {
499 key[key_idx] = (u_int8_t)strtoul(hex_buf, NULL, 16);
508 dm_target_crypt_init(dm_table_entry_t *table_en, int argc, char **argv)
510 dm_target_crypt_config_t *priv;
512 char *crypto_alg, *crypto_mode, *iv_mode, *iv_opt, *key, *dev;
515 uint64_t iv_offset, block_offset;
518 kprintf("dm_target_crypt: not enough arguments, "
524 for (i = 0; i < argc; i++) {
525 len += strlen(argv[i]);
528 /* len is strlen() of input string +1 */
529 status_str = kmalloc(len, M_DMCRYPT, M_WAITOK);
531 crypto_alg = strsep(&argv[0], "-");
532 crypto_mode = strsep(&argv[0], "-");
533 iv_opt = strsep(&argv[0], "-");
534 iv_mode = strsep(&iv_opt, ":");
536 iv_offset = strtouq(argv[2], NULL, 0);
538 block_offset = strtouq(argv[4], NULL, 0);
539 /* bits / 8 = bytes, 1 byte = 2 hexa chars, so << 2 */
540 klen = strlen(key) << 2;
543 kprintf("dm_target_crypt - new: dev=%s, crypto_alg=%s, crypto_mode=%s, "
544 "iv_mode=%s, iv_opt=%s, key=%s, iv_offset=%ju, "
545 "block_offset=%ju\n",
546 dev, crypto_alg, crypto_mode, iv_mode, iv_opt, key, iv_offset,
550 priv = kmalloc(sizeof(dm_target_crypt_config_t), M_DMCRYPT, M_WAITOK);
552 /* Insert dmp to global pdev list */
553 if ((priv->pdev = dm_pdev_insert(dev)) == NULL) {
554 kprintf("dm_target_crypt: dm_pdev_insert failed\n");
555 kfree(status_str, M_DMCRYPT);
560 * This code checks for valid combinations of algorithm and mode.
561 * Currently supported options are:
568 if ((strcmp(crypto_mode, "cbc") != 0) &&
569 !((strcmp(crypto_mode, "xts") == 0) &&
570 ((strcmp(crypto_alg, "aes") == 0) ||
571 (strcmp(crypto_alg, "twofish") == 0) ||
572 (strcmp(crypto_alg, "serpent") == 0))))
574 kprintf("dm_target_crypt: only support 'cbc' chaining mode,"
575 " aes-xts, twofish-xts and serpent-xts, "
576 "invalid mode '%s-%s'\n",
577 crypto_alg, crypto_mode);
581 if (!strcmp(crypto_alg, "aes")) {
582 if (!strcmp(crypto_mode, "xts")) {
583 priv->crypto_alg = CRYPTO_AES_XTS;
584 if (klen != 256 && klen != 512)
586 } else if (!strcmp(crypto_mode, "cbc")) {
587 priv->crypto_alg = CRYPTO_AES_CBC;
588 if (klen != 128 && klen != 192 && klen != 256)
593 priv->crypto_klen = klen;
594 } else if (!strcmp(crypto_alg, "twofish")) {
595 if (!strcmp(crypto_mode, "xts")) {
596 priv->crypto_alg = CRYPTO_TWOFISH_XTS;
597 if (klen != 256 && klen != 512)
599 } else if (!strcmp(crypto_mode, "cbc")) {
600 priv->crypto_alg = CRYPTO_TWOFISH_CBC;
601 if (klen != 128 && klen != 192 && klen != 256)
606 priv->crypto_klen = klen;
607 } else if (!strcmp(crypto_alg, "serpent")) {
608 if (!strcmp(crypto_mode, "xts")) {
609 priv->crypto_alg = CRYPTO_SERPENT_XTS;
610 if (klen != 256 && klen != 512)
612 } else if (!strcmp(crypto_mode, "cbc")) {
613 priv->crypto_alg = CRYPTO_SERPENT_CBC;
614 if (klen != 128 && klen != 192 && klen != 256)
619 priv->crypto_klen = klen;
620 } else if (!strcmp(crypto_alg, "blowfish")) {
621 priv->crypto_alg = CRYPTO_BLF_CBC;
622 if (klen < 128 || klen > 448 || (klen % 8) != 0)
624 priv->crypto_klen = klen;
625 } else if (!strcmp(crypto_alg, "3des") ||
626 !strncmp(crypto_alg, "des3", 4)) {
627 priv->crypto_alg = CRYPTO_3DES_CBC;
630 priv->crypto_klen = 168;
631 } else if (!strcmp(crypto_alg, "camellia")) {
632 priv->crypto_alg = CRYPTO_CAMELLIA_CBC;
633 if (klen != 128 && klen != 192 && klen != 256)
635 priv->crypto_klen = klen;
636 } else if (!strcmp(crypto_alg, "skipjack")) {
637 priv->crypto_alg = CRYPTO_SKIPJACK_CBC;
640 priv->crypto_klen = 80;
641 } else if (!strcmp(crypto_alg, "cast5")) {
642 priv->crypto_alg = CRYPTO_CAST_CBC;
645 priv->crypto_klen = 128;
646 } else if (!strcmp(crypto_alg, "null")) {
647 priv->crypto_alg = CRYPTO_NULL_CBC;
650 priv->crypto_klen = 128;
652 kprintf("dm_target_crypt: Unsupported crypto algorithm: %s\n",
657 /* Save length of param string */
658 priv->params_len = len;
659 priv->block_offset = block_offset;
660 priv->iv_offset = iv_offset - block_offset;
662 dm_table_add_deps(table_en, priv->pdev);
664 dm_table_init_target(table_en, DM_CRYPTO_DEV, priv);
666 error = hex2key(key, priv->crypto_klen >> 3,
667 (u_int8_t *)priv->crypto_key);
670 kprintf("dm_target_crypt: hex2key failed, "
671 "invalid key format\n");
676 for(i = 0; ivgens[i].name != NULL; i++) {
677 if (!strcmp(iv_mode, ivgens[i].name))
681 if (ivgens[i].name == NULL) {
682 kprintf("dm_target_crypt: iv_mode='%s' unsupported\n",
687 /* Call our ivgen constructor */
688 if (ivgens[i].ctor != NULL) {
689 error = ivgens[i].ctor(priv, iv_opt,
692 kprintf("dm_target_crypt: ctor for '%s' failed\n",
698 priv->ivgen = &ivgens[i];
700 priv->crypto_session.cri_alg = priv->crypto_alg;
701 priv->crypto_session.cri_key = (u_int8_t *)priv->crypto_key;
702 priv->crypto_session.cri_klen = priv->crypto_klen;
703 priv->crypto_session.cri_mlen = 0;
704 priv->crypto_session.cri_next = NULL;
706 error = crypto_newsession(&priv->crypto_sid,
707 &priv->crypto_session,
708 CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE);
710 kprintf("dm_target_crypt: Error during crypto_newsession, "
716 memset(key, '0', strlen(key));
718 ksprintf(status_str, "%s-%s-%s:%s %s %ju %s %ju",
719 crypto_alg, crypto_mode, iv_mode, iv_opt,
720 key, iv_offset, dev, block_offset);
722 ksprintf(status_str, "%s-%s-%s %s %ju %s %ju",
723 crypto_alg, crypto_mode, iv_mode,
724 key, iv_offset, dev, block_offset);
726 priv->status_str = status_str;
728 /* Initialize mpipes */
729 dmtc_init_mpipe(priv);
734 kprintf("dm_target_crypt: ENOTSUP\n");
735 kfree(status_str, M_DMCRYPT);
739 /* Table routine called to get params string. */
741 dm_target_crypt_table(void *target_config)
743 dm_target_crypt_config_t *priv;
746 priv = target_config;
748 params = dm_alloc_string(DM_MAX_PARAMS_SIZE);
750 ksnprintf(params, DM_MAX_PARAMS_SIZE, "%s",
757 dm_target_crypt_destroy(dm_table_entry_t *table_en)
759 dm_target_crypt_config_t *priv;
762 * Disconnect the crypt config before unbusying the target.
764 priv = table_en->target_config;
767 dm_pdev_decr(priv->pdev);
770 * Clean up the crypt config
772 * Overwrite the private information before freeing memory to
775 if (priv->status_str) {
776 dmtc_crypto_clear(priv->status_str, strlen(priv->status_str));
777 kfree(priv->status_str, M_DMCRYPT);
778 crypto_freesession(priv->crypto_sid);
781 if ((priv->ivgen) && (priv->ivgen->dtor != NULL)) {
782 priv->ivgen->dtor(priv, priv->ivgen_priv);
786 dmtc_destroy_mpipe(priv);
788 dmtc_crypto_clear(priv, sizeof(dm_target_crypt_config_t));
789 kfree(priv, M_DMCRYPT);
794 /************************************************************************
795 * STRATEGY SUPPORT FUNCTIONS *
796 ************************************************************************
798 * READ PATH: doio -> bio_read_done -> crypto_work -> crypto_cb_read_done
799 * WRITE PATH: crypto_work -> crypto_cb_write_done -> doio -> bio_write_done
803 * Wrapper around crypto_dispatch() to match dispatch_t type
806 dmtc_crypto_dispatch(void *arg)
810 crp = (struct cryptop *)arg;
811 KKASSERT(crp != NULL);
812 KTR_LOG(dmcrypt_crypto_dispatch, crp);
813 crypto_dispatch(crp);
817 * Start IO operation, called from dmstrategy routine.
820 dm_target_crypt_strategy(dm_table_entry_t *table_en, struct buf *bp)
824 dm_target_crypt_config_t *priv;
825 priv = table_en->target_config;
827 /* Get rid of stuff we can't really handle */
828 if ((bp->b_cmd == BUF_CMD_READ) || (bp->b_cmd == BUF_CMD_WRITE)) {
829 if (((bp->b_bcount % DEV_BSIZE) != 0) || (bp->b_bcount == 0)) {
830 kprintf("dm_target_crypt_strategy: can't really "
831 "handle bp->b_bcount = %d\n",
833 bp->b_error = EINVAL;
834 bp->b_flags |= B_ERROR | B_INVAL;
835 biodone(&bp->b_bio1);
840 KTR_LOG(dmcrypt_crypt_strategy, bp->b_cmd, bp);
844 bio = push_bio(&bp->b_bio1);
845 bio->bio_offset = bp->b_bio1.bio_offset +
846 priv->block_offset * DEV_BSIZE;
847 bio->bio_caller_info1.ptr = priv;
848 bio->bio_done = dmtc_bio_read_done;
849 vn_strategy(priv->pdev->pdev_vnode, bio);
852 bio = push_bio(&bp->b_bio1);
853 bio->bio_offset = bp->b_bio1.bio_offset +
854 priv->block_offset * DEV_BSIZE;
855 bio->bio_caller_info1.ptr = priv;
856 dmtc_crypto_write_start(priv, bio);
859 vn_strategy(priv->pdev->pdev_vnode, &bp->b_bio1);
866 * STRATEGY READ PATH PART 1/3 (after read BIO completes)
869 dmtc_bio_read_done(struct bio *bio)
873 dm_target_crypt_config_t *priv;
875 KTR_LOG(dmcrypt_bio_read_done, bio->bio_buf);
878 * If a read error occurs we shortcut the operation, otherwise
881 if (bio->bio_buf->b_flags & B_ERROR) {
885 priv = bio->bio_caller_info1.ptr;
886 dmtc_crypto_read_start(priv, bio);
891 * STRATEGY READ PATH PART 2/3
894 dmtc_crypto_read_retry(void *arg1, void *arg2)
896 dm_target_crypt_config_t *priv = arg1;
897 struct bio *bio = arg2;
899 dmtc_crypto_read_start(priv, bio);
903 dmtc_crypto_read_start(dm_target_crypt_config_t *priv, struct bio *bio)
905 struct dmtc_helper *dmtc;
906 struct cryptodesc *crd;
908 int i, bytes, sectors, sz;
913 * Note: b_resid no good after read I/O, it will be 0, use
916 bytes = bio->bio_buf->b_bcount;
917 isector = bio->bio_offset / DEV_BSIZE; /* ivgen salt base? */
918 sectors = bytes / DEV_BSIZE; /* Number of sectors */
919 sz = sectors * (sizeof(*crp) + sizeof(*crd));
922 * For reads with bogus page we can't decrypt in place as stuff
923 * can get ripped out from under us.
925 * XXX actually it looks like we can, and in any case the initial
926 * read already completed and threw crypted data into the buffer
927 * cache buffer. Disable for now.
929 space = mpipe_alloc_callback(&priv->read_mpipe,
930 dmtc_crypto_read_retry, priv, bio);
934 dmtc = (struct dmtc_helper *)space;
935 dmtc->free_addr = space;
936 space += sizeof(struct dmtc_helper);
937 dmtc->orig_buf = NULL;
938 dmtc->data_buf = bio->bio_buf->b_data;
940 bio->bio_caller_info2.ptr = dmtc;
941 bio->bio_buf->b_error = 0;
944 * Load crypto descriptors (crp/crd loop)
948 bio->bio_caller_info3.value = sectors;
951 kprintf("Read, bytes = %d (b_bcount), "
952 "sectors = %d (bio = %p, b_cmd = %d)\n",
953 bytes, sectors, bio, bio->bio_buf->b_cmd);
955 for (i = 0; i < sectors; i++) {
956 crp = (struct cryptop *)ptr;
958 crd = (struct cryptodesc *)ptr;
959 ptr += sizeof (*crd);
961 crp->crp_buf = dmtc->data_buf + i * DEV_BSIZE;
963 crp->crp_sid = priv->crypto_sid;
964 crp->crp_ilen = crp->crp_olen = DEV_BSIZE;
966 crp->crp_opaque = (void *)bio;
968 crp->crp_callback = dmtc_crypto_cb_read_done;
971 crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_REL |
974 crd->crd_alg = priv->crypto_alg;
976 crd->crd_key = (caddr_t)priv->crypto_key;
977 crd->crd_klen = priv->crypto_klen;
981 crd->crd_len = DEV_BSIZE /* XXX */;
982 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
983 crd->crd_next = NULL;
985 crd->crd_flags &= ~CRD_F_ENCRYPT;
987 KTR_LOG(dmcrypt_crypto_read_start, crp, bio->bio_buf, i,
991 * Note: last argument is used to generate salt(?) and is
992 * a 64 bit value, but the original code passed an
993 * int. Changing it now will break pre-existing
996 priv->ivgen->gen_iv(priv, crd->crd_iv, sizeof(crd->crd_iv),
1002 * STRATEGY READ PATH PART 3/3
1005 dmtc_crypto_cb_read_done(struct cryptop *crp)
1007 struct dmtc_helper *dmtc;
1008 struct bio *bio, *obio;
1011 if (crp->crp_etype == EAGAIN)
1012 return crypto_dispatch(crp);
1014 bio = (struct bio *)crp->crp_opaque;
1015 KKASSERT(bio != NULL);
1020 if (crp->crp_etype) {
1021 kprintf("dm_target_crypt: dmtc_crypto_cb_read_done "
1024 bio->bio_buf->b_error = crp->crp_etype;
1028 * On the last chunk of the decryption we do any required copybacks
1029 * and complete the I/O.
1031 n = atomic_fetchadd_int(&bio->bio_caller_info3.value, -1);
1033 kprintf("dmtc_crypto_cb_read_done %p, n = %d\n", bio, n);
1036 KTR_LOG(dmcrypt_crypto_cb_read_done, crp, bio->bio_buf, n);
1040 * For the B_HASBOGUS case we didn't decrypt in place,
1041 * so we need to copy stuff back into the buf.
1043 * (disabled for now).
1045 dmtc = bio->bio_caller_info2.ptr;
1046 if (bio->bio_buf->b_error) {
1047 bio->bio_buf->b_flags |= B_ERROR;
1050 else if (bio->bio_buf->b_flags & B_HASBOGUS) {
1051 memcpy(bio->bio_buf->b_data, dmtc->data_buf,
1052 bio->bio_buf->b_bcount);
1055 mpipe_free(&dmtc->priv->read_mpipe, dmtc->free_addr);
1056 obio = pop_bio(bio);
1061 /* END OF STRATEGY READ SECTION */
1064 * STRATEGY WRITE PATH PART 1/3
1068 dmtc_crypto_write_retry(void *arg1, void *arg2)
1070 dm_target_crypt_config_t *priv = arg1;
1071 struct bio *bio = arg2;
1073 KTR_LOG(dmcrypt_crypto_write_retry, bio->bio_buf);
1075 dmtc_crypto_write_start(priv, bio);
1079 dmtc_crypto_write_start(dm_target_crypt_config_t *priv, struct bio *bio)
1081 struct dmtc_helper *dmtc;
1082 struct cryptodesc *crd;
1083 struct cryptop *crp;
1084 int i, bytes, sectors, sz;
1086 u_char *ptr, *space;
1089 * Use b_bcount for consistency
1091 bytes = bio->bio_buf->b_bcount;
1093 isector = bio->bio_offset / DEV_BSIZE; /* ivgen salt base? */
1094 sectors = bytes / DEV_BSIZE; /* Number of sectors */
1095 sz = sectors * (sizeof(*crp) + sizeof(*crd));
1098 * For writes and reads with bogus page don't decrypt in place.
1100 space = mpipe_alloc_callback(&priv->write_mpipe,
1101 dmtc_crypto_write_retry, priv, bio);
1105 dmtc = (struct dmtc_helper *)space;
1106 dmtc->free_addr = space;
1107 space += sizeof(struct dmtc_helper);
1108 memcpy(space + sz, bio->bio_buf->b_data, bytes);
1110 bio->bio_caller_info2.ptr = dmtc;
1111 bio->bio_buf->b_error = 0;
1113 dmtc->orig_buf = bio->bio_buf->b_data;
1114 dmtc->data_buf = space + sz;
1118 * Load crypto descriptors (crp/crd loop)
1122 bio->bio_caller_info3.value = sectors;
1125 kprintf("Write, bytes = %d (b_bcount), "
1126 "sectors = %d (bio = %p, b_cmd = %d)\n",
1127 bytes, sectors, bio, bio->bio_buf->b_cmd);
1129 for (i = 0; i < sectors; i++) {
1130 crp = (struct cryptop *)ptr;
1131 ptr += sizeof(*crp);
1132 crd = (struct cryptodesc *)ptr;
1133 ptr += sizeof (*crd);
1135 crp->crp_buf = dmtc->data_buf + i * DEV_BSIZE;
1137 crp->crp_sid = priv->crypto_sid;
1138 crp->crp_ilen = crp->crp_olen = DEV_BSIZE;
1140 crp->crp_opaque = (void *)bio;
1142 crp->crp_callback = dmtc_crypto_cb_write_done;
1143 crp->crp_desc = crd;
1145 crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_REL |
1148 crd->crd_alg = priv->crypto_alg;
1150 crd->crd_key = (caddr_t)priv->crypto_key;
1151 crd->crd_klen = priv->crypto_klen;
1155 crd->crd_len = DEV_BSIZE /* XXX */;
1156 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
1157 crd->crd_next = NULL;
1159 crd->crd_flags |= CRD_F_ENCRYPT;
1162 * Note: last argument is used to generate salt(?) and is
1163 * a 64 bit value, but the original code passed an
1164 * int. Changing it now will break pre-existing
1168 KTR_LOG(dmcrypt_crypto_write_start, crp, bio->bio_buf,
1171 priv->ivgen->gen_iv(priv, crd->crd_iv, sizeof(crd->crd_iv),
1177 * STRATEGY WRITE PATH PART 2/3
1180 dmtc_crypto_cb_write_done(struct cryptop *crp)
1182 struct dmtc_helper *dmtc;
1183 dm_target_crypt_config_t *priv;
1184 struct bio *bio, *obio;
1187 if (crp->crp_etype == EAGAIN)
1188 return crypto_dispatch(crp);
1190 bio = (struct bio *)crp->crp_opaque;
1191 KKASSERT(bio != NULL);
1196 if (crp->crp_etype != 0) {
1197 kprintf("dm_target_crypt: dmtc_crypto_cb_write_done "
1200 bio->bio_buf->b_error = crp->crp_etype;
1204 * On the last chunk of the encryption we issue the write
1206 n = atomic_fetchadd_int(&bio->bio_caller_info3.value, -1);
1208 kprintf("dmtc_crypto_cb_write_done %p, n = %d\n", bio, n);
1211 KTR_LOG(dmcrypt_crypto_cb_write_done, crp, bio->bio_buf, n);
1214 dmtc = bio->bio_caller_info2.ptr;
1215 priv = (dm_target_crypt_config_t *)bio->bio_caller_info1.ptr;
1217 if (bio->bio_buf->b_error) {
1218 bio->bio_buf->b_flags |= B_ERROR;
1219 mpipe_free(&dmtc->priv->write_mpipe, dmtc->free_addr);
1220 obio = pop_bio(bio);
1223 dmtc->orig_buf = bio->bio_buf->b_data;
1224 bio->bio_buf->b_data = dmtc->data_buf;
1225 bio->bio_done = dmtc_bio_write_done;
1226 vn_strategy(priv->pdev->pdev_vnode, bio);
1233 * STRATEGY WRITE PATH PART 3/3
1236 dmtc_bio_write_done(struct bio *bio)
1238 struct dmtc_helper *dmtc;
1241 dmtc = bio->bio_caller_info2.ptr;
1242 bio->bio_buf->b_data = dmtc->orig_buf;
1243 mpipe_free(&dmtc->priv->write_mpipe, dmtc->free_addr);
1245 KTR_LOG(dmcrypt_bio_write_done, bio->bio_buf);
1247 obio = pop_bio(bio);
1250 /* END OF STRATEGY WRITE SECTION */
1256 extern int tsleep_crypto_dump;
1259 dm_target_crypt_dump(dm_table_entry_t *table_en, void *data, size_t length, off_t offset)
1261 static struct dmtc_dump_helper dump_helper;
1262 dm_target_crypt_config_t *priv;
1264 static int first_call = 1;
1266 priv = table_en->target_config;
1270 dump_reactivate_cpus();
1273 /* Magically enable tsleep */
1274 tsleep_crypto_dump = 1;
1278 * 0 length means flush buffers and return
1281 if (priv->pdev->pdev_vnode->v_rdev == NULL) {
1282 tsleep_crypto_dump = 0;
1285 dev_ddump(priv->pdev->pdev_vnode->v_rdev,
1286 data, 0, offset, 0);
1287 tsleep_crypto_dump = 0;
1291 bzero(&dump_helper, sizeof(dump_helper));
1292 dump_helper.priv = priv;
1293 dump_helper.data = data;
1294 dump_helper.length = length;
1295 dump_helper.offset = offset +
1296 priv->block_offset * DEV_BSIZE;
1297 dump_helper.ident = &id;
1298 dmtc_crypto_dump_start(priv, &dump_helper);
1301 * Hackery to make stuff appear synchronous. The crypto callback will
1302 * set id to 1 and call wakeup on it. If the request completed
1303 * synchronously, id will be 1 and we won't bother to sleep. If not,
1304 * the crypto request will complete asynchronously and we sleep until
1308 tsleep(&dump_helper, 0, "cryptdump", 0);
1310 dump_helper.offset = dm_pdev_correct_dump_offset(priv->pdev,
1311 dump_helper.offset);
1313 dev_ddump(priv->pdev->pdev_vnode->v_rdev,
1314 dump_helper.space, 0, dump_helper.offset,
1315 dump_helper.length);
1317 tsleep_crypto_dump = 0;
1322 dmtc_crypto_dump_start(dm_target_crypt_config_t *priv, struct dmtc_dump_helper *dump_helper)
1324 struct cryptodesc *crd;
1325 struct cryptop *crp;
1326 int i, bytes, sectors;
1329 bytes = dump_helper->length;
1331 isector = dump_helper->offset / DEV_BSIZE; /* ivgen salt base? */
1332 sectors = bytes / DEV_BSIZE; /* Number of sectors */
1333 dump_helper->sectors = sectors;
1335 kprintf("Dump, bytes = %d, "
1336 "sectors = %d, LENGTH=%zu\n", bytes, sectors, dump_helper->length);
1338 KKASSERT(dump_helper->length <= 65536);
1340 memcpy(dump_helper->space, dump_helper->data, bytes);
1344 for (i = 0; i < sectors; i++) {
1345 crp = &dump_helper->crp[i];
1346 crd = &dump_helper->crd[i];
1348 crp->crp_buf = dump_helper->space + i * DEV_BSIZE;
1350 crp->crp_sid = priv->crypto_sid;
1351 crp->crp_ilen = crp->crp_olen = DEV_BSIZE;
1353 crp->crp_opaque = (void *)dump_helper;
1355 crp->crp_callback = dmtc_crypto_cb_dump_done;
1356 crp->crp_desc = crd;
1358 crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_REL |
1361 crd->crd_alg = priv->crypto_alg;
1364 crd->crd_len = DEV_BSIZE /* XXX */;
1365 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
1366 crd->crd_next = NULL;
1368 crd->crd_flags |= CRD_F_ENCRYPT;
1371 * Note: last argument is used to generate salt(?) and is
1372 * a 64 bit value, but the original code passed an
1373 * int. Changing it now will break pre-existing
1376 priv->ivgen->gen_iv(priv, crd->crd_iv, sizeof(crd->crd_iv),
1382 dmtc_crypto_cb_dump_done(struct cryptop *crp)
1384 struct dmtc_dump_helper *dump_helper;
1387 if (crp->crp_etype == EAGAIN)
1388 return crypto_dispatch(crp);
1390 dump_helper = (struct dmtc_dump_helper *)crp->crp_opaque;
1391 KKASSERT(dump_helper != NULL);
1393 if (crp->crp_etype != 0) {
1394 kprintf("dm_target_crypt: dmtc_crypto_cb_dump_done "
1397 return crp->crp_etype;
1401 * On the last chunk of the encryption we return control
1403 n = atomic_fetchadd_int(&dump_helper->sectors, -1);
1406 atomic_add_int(dump_helper->ident, 1);
1407 wakeup(dump_helper);
1414 dmtc_mod_handler(module_t mod, int type, void *unused)
1416 dm_target_t *dmt = NULL;
1421 if ((dmt = dm_target_lookup("crypt")) != NULL) {
1422 dm_target_unbusy(dmt);
1425 dmt = dm_target_alloc("crypt");
1426 dmt->version[0] = 1;
1427 dmt->version[1] = 6;
1428 dmt->version[2] = 0;
1429 dmt->init = &dm_target_crypt_init;
1430 dmt->destroy = &dm_target_crypt_destroy;
1431 dmt->strategy = &dm_target_crypt_strategy;
1432 dmt->table = &dm_target_crypt_table;
1433 dmt->dump = &dm_target_crypt_dump;
1435 err = dm_target_insert(dmt);
1437 kprintf("dm_target_crypt: Successfully initialized\n");
1441 err = dm_target_remove("crypt");
1443 kprintf("dm_target_crypt: unloaded\n");
1454 DM_TARGET_MODULE(dm_target_crypt, dmtc_mod_handler);