2 * Copyright (c) 2010 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Alex Hornung <ahornung@gmail.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * This file implements initial version of device-mapper crypt target.
38 #include <sys/types.h>
39 #include <sys/param.h>
40 #include <sys/endian.h>
44 #include <sys/globaldata.h>
45 #include <sys/kerneldump.h>
46 #include <sys/malloc.h>
47 #include <sys/mpipe.h>
49 #include <sys/mutex2.h>
50 #include <sys/vnode.h>
51 #include <crypto/sha1.h>
52 #include <crypto/sha2/sha2.h>
53 #include <opencrypto/cryptodev.h>
54 #include <opencrypto/rmd160.h>
55 #include <machine/cpufunc.h>
57 #include <dev/disk/dm/dm.h>
58 MALLOC_DEFINE(M_DMCRYPT, "dm_crypt", "Device Mapper Target Crypt");
60 struct target_crypt_config;
62 typedef void dispatch_t(void *);
63 typedef void ivgen_t(struct target_crypt_config *, u_int8_t *, size_t, off_t,
66 typedef int ivgen_ctor_t(struct target_crypt_config *, char *, void **);
67 typedef int ivgen_dtor_t(struct target_crypt_config *, void *);
76 struct essiv_ivgen_priv {
77 struct cryptoini crypto_session;
78 struct objcache *crp_crd_cache;
81 u_int8_t crypto_keyhash[SHA512_DIGEST_LENGTH];
84 typedef struct target_crypt_config {
90 u_int8_t crypto_key[512>>3];
93 u_int64_t block_offset;
95 SHA512_CTX essivsha512_ctx;
97 struct cryptoini crypto_session;
99 struct iv_generator *ivgen;
101 } dm_target_crypt_config_t;
109 struct dmtc_dump_helper {
110 dm_target_crypt_config_t *priv;
118 struct cryptodesc crd[128];
119 struct cryptop crp[128];
123 #define DMTC_BUF_SIZE_WRITE \
124 MAXPHYS + sizeof(struct dmtc_helper) + \
125 MAXPHYS/DEV_BSIZE*(sizeof(struct cryptop) + sizeof(struct cryptodesc))
126 #define DMTC_BUF_SIZE_READ \
127 sizeof(struct dmtc_helper) + \
128 MAXPHYS/DEV_BSIZE*(sizeof(struct cryptop) + sizeof(struct cryptodesc))
130 static void dmtc_crypto_dispatch(void *arg);
131 static void dmtc_crypto_dump_start(dm_target_crypt_config_t *priv,
132 struct dmtc_dump_helper *dump_helper);
133 static void dmtc_crypto_read_start(dm_target_crypt_config_t *priv,
135 static void dmtc_crypto_write_start(dm_target_crypt_config_t *priv,
137 static void dmtc_bio_read_done(struct bio *bio);
138 static void dmtc_bio_write_done(struct bio *bio);
139 static int dmtc_crypto_cb_dump_done(struct cryptop *crp);
140 static int dmtc_crypto_cb_read_done(struct cryptop *crp);
141 static int dmtc_crypto_cb_write_done(struct cryptop *crp);
143 static ivgen_ctor_t essiv_ivgen_ctor;
144 static ivgen_dtor_t essiv_ivgen_dtor;
145 static ivgen_t essiv_ivgen;
146 static ivgen_t plain_ivgen;
147 static ivgen_t plain64_ivgen;
149 static struct iv_generator ivgens[] = {
150 { .name = "essiv", .ctor = essiv_ivgen_ctor, .dtor = essiv_ivgen_dtor,
151 .gen_iv = essiv_ivgen },
152 { .name = "plain", .ctor = NULL, .dtor = NULL, .gen_iv = plain_ivgen },
153 { .name = "plain64", .ctor = NULL, .dtor = NULL, .gen_iv = plain64_ivgen },
154 { NULL, NULL, NULL, NULL }
157 struct objcache_malloc_args essiv_ivgen_malloc_args = {
158 2*sizeof(void *) + (sizeof(struct cryptodesc) +
159 sizeof(struct cryptop)), M_DMCRYPT };
161 static struct malloc_pipe dmtc_read_mpipe;
162 static struct malloc_pipe dmtc_write_mpipe;
165 dmtc_init_mpipe(void)
169 nmax = (physmem*5/1000*PAGE_SIZE)/(DMTC_BUF_SIZE_WRITE + DMTC_BUF_SIZE_READ) + 1;
174 kprintf("dm_target_crypt: Setting min/max mpipe buffers: %d/%d\n", 2, nmax);
176 mpipe_init(&dmtc_write_mpipe, M_DMCRYPT, DMTC_BUF_SIZE_WRITE,
177 2, nmax, MPF_NOZERO | MPF_CALLBACK, NULL, NULL, NULL);
178 mpipe_init(&dmtc_read_mpipe, M_DMCRYPT, DMTC_BUF_SIZE_READ,
179 2, nmax, MPF_NOZERO | MPF_CALLBACK, NULL, NULL, NULL);
183 dmtc_destroy_mpipe(void)
185 mpipe_done(&dmtc_write_mpipe);
186 mpipe_done(&dmtc_read_mpipe);
190 * Overwrite private information (in buf) to avoid leaking it
193 dmtc_crypto_clear(void *buf, size_t len)
195 memset(buf, 0xFF, len);
200 * ESSIV IV Generator Routines
203 essiv_ivgen_ctor(struct target_crypt_config *priv, char *iv_hash, void **p_ivpriv)
205 struct essiv_ivgen_priv *ivpriv;
206 u_int8_t crypto_keyhash[SHA512_DIGEST_LENGTH];
207 unsigned int klen, hashlen;
210 klen = (priv->crypto_klen >> 3);
215 if (!strcmp(iv_hash, "sha1")) {
218 hashlen = SHA1_RESULTLEN;
220 SHA1Update(&ctx, priv->crypto_key, priv->crypto_klen>>3);
221 SHA1Final(crypto_keyhash, &ctx);
222 } else if (!strcmp(iv_hash, "sha256")) {
225 hashlen = SHA256_DIGEST_LENGTH;
227 SHA256_Update(&ctx, priv->crypto_key, priv->crypto_klen>>3);
228 SHA256_Final(crypto_keyhash, &ctx);
229 } else if (!strcmp(iv_hash, "sha384")) {
232 hashlen = SHA384_DIGEST_LENGTH;
234 SHA384_Update(&ctx, priv->crypto_key, priv->crypto_klen>>3);
235 SHA384_Final(crypto_keyhash, &ctx);
236 } else if (!strcmp(iv_hash, "sha512")) {
239 hashlen = SHA512_DIGEST_LENGTH;
241 SHA512_Update(&ctx, priv->crypto_key, priv->crypto_klen>>3);
242 SHA512_Final(crypto_keyhash, &ctx);
243 } else if (!strcmp(iv_hash, "md5")) {
246 hashlen = MD5_DIGEST_LENGTH;
248 MD5Update(&ctx, priv->crypto_key, priv->crypto_klen>>3);
249 MD5Final(crypto_keyhash, &ctx);
250 } else if (!strcmp(iv_hash, "rmd160") ||
251 !strcmp(iv_hash, "ripemd160")) {
256 RMD160Update(&ctx, priv->crypto_key, priv->crypto_klen>>3);
257 RMD160Final(crypto_keyhash, &ctx);
262 /* Convert hashlen to bits */
265 ivpriv = kmalloc(sizeof(struct essiv_ivgen_priv), M_DMCRYPT,
267 memcpy(ivpriv->crypto_keyhash, crypto_keyhash, sizeof(crypto_keyhash));
268 ivpriv->keyhash_len = sizeof(crypto_keyhash);
269 dmtc_crypto_clear(crypto_keyhash, sizeof(crypto_keyhash));
271 ivpriv->crypto_session.cri_alg = priv->crypto_alg;
272 ivpriv->crypto_session.cri_key = (u_int8_t *)ivpriv->crypto_keyhash;
273 ivpriv->crypto_session.cri_klen = hashlen;
274 ivpriv->crypto_session.cri_mlen = 0;
275 ivpriv->crypto_session.cri_next = NULL;
278 * XXX: in principle we also need to check if the block size of the
279 * cipher is a valid iv size for the block cipher.
282 error = crypto_newsession(&ivpriv->crypto_sid,
283 &ivpriv->crypto_session,
284 CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE);
286 kprintf("dm_target_crypt: Error during crypto_newsession "
287 "for essiv_ivgen, error = %d\n",
289 dmtc_crypto_clear(ivpriv->crypto_keyhash, ivpriv->keyhash_len);
290 kfree(ivpriv, M_DMCRYPT);
294 ivpriv->crp_crd_cache = objcache_create(
295 "dmcrypt-essiv-cache", 0, 0,
297 objcache_malloc_alloc,
298 objcache_malloc_free,
299 &essiv_ivgen_malloc_args );
306 essiv_ivgen_dtor(struct target_crypt_config *priv, void *arg)
308 struct essiv_ivgen_priv *ivpriv;
310 ivpriv = (struct essiv_ivgen_priv *)arg;
311 KKASSERT(ivpriv != NULL);
313 crypto_freesession(ivpriv->crypto_sid);
315 objcache_destroy(ivpriv->crp_crd_cache);
317 dmtc_crypto_clear(ivpriv->crypto_keyhash, ivpriv->keyhash_len);
318 kfree(ivpriv, M_DMCRYPT);
324 essiv_ivgen_done(struct cryptop *crp)
326 struct essiv_ivgen_priv *ivpriv;
331 if (crp->crp_etype == EAGAIN)
332 return crypto_dispatch(crp);
334 if (crp->crp_etype != 0) {
335 kprintf("dm_target_crypt: essiv_ivgen_done, "
336 "crp->crp_etype = %d\n", crp->crp_etype);
339 free_addr = crp->crp_opaque;
341 * In-memory structure is:
342 * | ivpriv | opaque | crp | crd |
343 * | (void *) | (void *) | (cryptop) | (cryptodesc) |
345 ivpriv = *((struct essiv_ivgen_priv **)crp->crp_opaque);
346 crp->crp_opaque += sizeof(void *);
347 opaque = *((void **)crp->crp_opaque);
349 objcache_put(ivpriv->crp_crd_cache, free_addr);
350 dmtc_crypto_dispatch(opaque);
355 essiv_ivgen(dm_target_crypt_config_t *priv, u_int8_t *iv,
356 size_t iv_len, off_t sector, void *opaque)
358 struct essiv_ivgen_priv *ivpriv;
359 struct cryptodesc *crd;
361 caddr_t space, alloc_addr;
364 ivpriv = priv->ivgen_priv;
365 KKASSERT(ivpriv != NULL);
368 * In-memory structure is:
369 * | ivpriv | opaque | crp | crd |
370 * | (void *) | (void *) | (cryptop) | (cryptodesc) |
372 alloc_addr = space = objcache_get(ivpriv->crp_crd_cache, M_WAITOK);
373 *((struct essiv_ivgen_priv **)space) = ivpriv;
374 space += sizeof(void *);
375 *((void **)space) = opaque;
376 space += sizeof(void *);
377 crp = (struct cryptop *)space;
378 space += sizeof(struct cryptop);
379 crd = (struct cryptodesc *)space;
382 bzero(crd, sizeof(struct cryptodesc));
383 bzero(crp, sizeof(struct cryptop));
384 *((off_t *)iv) = htole64(sector + priv->iv_offset);
385 crp->crp_buf = (caddr_t)iv;
387 crp->crp_sid = ivpriv->crypto_sid;
388 crp->crp_ilen = crp->crp_olen = iv_len;
390 crp->crp_opaque = alloc_addr;
392 crp->crp_callback = essiv_ivgen_done;
396 crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_REL | CRYPTO_F_BATCH;
398 crd->crd_alg = priv->crypto_alg;
400 crd->crd_key = (caddr_t)priv->crypto_keyhash;
401 crd->crd_klen = priv->crypto_klen;
404 bzero(crd->crd_iv, sizeof(crd->crd_iv));
407 crd->crd_len = iv_len;
408 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
409 crd->crd_flags |= CRD_F_ENCRYPT;
410 crd->crd_next = NULL;
412 error = crypto_dispatch(crp);
414 kprintf("dm_target_crypt: essiv_ivgen, error = %d\n", error);
419 plain_ivgen(dm_target_crypt_config_t *priv, u_int8_t *iv,
420 size_t iv_len, off_t sector, void *opaque)
423 *((uint32_t *)iv) = htole32((uint32_t)(sector + priv->iv_offset));
424 dmtc_crypto_dispatch(opaque);
428 plain64_ivgen(dm_target_crypt_config_t *priv, u_int8_t *iv,
429 size_t iv_len, off_t sector, void *opaque)
432 *((uint64_t *)iv) = htole64((uint64_t)(sector + priv->iv_offset));
433 dmtc_crypto_dispatch(opaque);
438 geli_ivgen(dm_target_crypt_config_t *priv, u_int8_t *iv,
439 size_t iv_len, off_t sector, void *opaque)
443 u_int8_t md[SHA512_DIGEST_LENGTH]; /* Max. Digest Size */
445 memcpy(&ctx512, &priv->essivsha512_ctx, sizeof(SHA512_CTX));
446 SHA512_Update(&ctx512, (u_int8_t*)§or, sizeof(off_t));
447 SHA512_Final(md, &ctx512);
449 memcpy(iv, md, iv_len);
450 dmtc_crypto_dispatch(opaque);
455 * Init function called from dm_table_load_ioctl.
456 * cryptsetup actually passes us this:
457 * aes-cbc-essiv:sha256 7997f8af... 0 /dev/ad0s0a 8
460 hex2key(char *hex, size_t key_len, u_int8_t *key)
466 for (key_idx = 0; key_idx < key_len; ++key_idx) {
469 key[key_idx] = (u_int8_t)strtoul(hex_buf, NULL, 16);
478 dm_target_crypt_init(dm_dev_t * dmv, void **target_config, char *params)
480 dm_target_crypt_config_t *priv;
483 char *crypto_alg, *crypto_mode, *iv_mode, *iv_opt, *key, *dev;
485 int i, argc, klen, error;
486 uint64_t iv_offset, block_offset;
491 len = strlen(params) + 1;
494 status_str = kmalloc(len, M_DMCRYPT, M_WAITOK);
496 * Parse a string, containing tokens delimited by white space,
497 * into an argument vector
499 for (ap = args; ap < &args[5] &&
500 (*ap = strsep(¶ms, " \t")) != NULL;) {
508 kprintf("dm_target_crypt: not enough arguments, "
510 kfree(status_str, M_DMCRYPT);
511 return ENOMEM; /* XXX */
514 crypto_alg = strsep(&args[0], "-");
515 crypto_mode = strsep(&args[0], "-");
516 iv_opt = strsep(&args[0], "-");
517 iv_mode = strsep(&iv_opt, ":");
519 iv_offset = strtouq(args[2], NULL, 0);
521 block_offset = strtouq(args[4], NULL, 0);
522 /* bits / 8 = bytes, 1 byte = 2 hexa chars, so << 2 */
523 klen = strlen(key) << 2;
526 kprintf("dm_target_crypt - new: dev=%s, crypto_alg=%s, crypto_mode=%s, "
527 "iv_mode=%s, iv_opt=%s, key=%s, iv_offset=%ju, "
528 "block_offset=%ju\n",
529 dev, crypto_alg, crypto_mode, iv_mode, iv_opt, key, iv_offset,
533 priv = kmalloc(sizeof(dm_target_crypt_config_t), M_DMCRYPT, M_WAITOK);
535 kprintf("dm_target_crypt: could not allocate memory\n");
536 kfree(status_str, M_DMCRYPT);
540 /* Insert dmp to global pdev list */
541 if ((priv->pdev = dm_pdev_insert(dev)) == NULL) {
542 kprintf("dm_target_crypt: dm_pdev_insert failed\n");
543 kfree(status_str, M_DMCRYPT);
548 * This code checks for valid combinations of algorithm and mode.
549 * Currently supported options are:
556 if ((strcmp(crypto_mode, "cbc") != 0) &&
557 !((strcmp(crypto_mode, "xts") == 0) &&
558 ((strcmp(crypto_alg, "aes") == 0) ||
559 (strcmp(crypto_alg, "twofish") == 0) ||
560 (strcmp(crypto_alg, "serpent") == 0))))
562 kprintf("dm_target_crypt: only support 'cbc' chaining mode,"
563 " aes-xts, twofish-xts and serpent-xts, "
564 "invalid mode '%s-%s'\n",
565 crypto_alg, crypto_mode);
569 if (!strcmp(crypto_alg, "aes")) {
570 if (!strcmp(crypto_mode, "xts")) {
571 priv->crypto_alg = CRYPTO_AES_XTS;
572 if (klen != 256 && klen != 512)
574 } else if (!strcmp(crypto_mode, "cbc")) {
575 priv->crypto_alg = CRYPTO_AES_CBC;
576 if (klen != 128 && klen != 192 && klen != 256)
581 priv->crypto_klen = klen;
582 } else if (!strcmp(crypto_alg, "twofish")) {
583 if (!strcmp(crypto_mode, "xts")) {
584 priv->crypto_alg = CRYPTO_TWOFISH_XTS;
585 if (klen != 256 && klen != 512)
587 } else if (!strcmp(crypto_mode, "cbc")) {
588 priv->crypto_alg = CRYPTO_TWOFISH_CBC;
589 if (klen != 128 && klen != 192 && klen != 256)
594 priv->crypto_klen = klen;
595 } else if (!strcmp(crypto_alg, "serpent")) {
596 if (!strcmp(crypto_mode, "xts")) {
597 priv->crypto_alg = CRYPTO_SERPENT_XTS;
598 if (klen != 256 && klen != 512)
600 } else if (!strcmp(crypto_mode, "cbc")) {
601 priv->crypto_alg = CRYPTO_SERPENT_CBC;
602 if (klen != 128 && klen != 192 && klen != 256)
607 priv->crypto_klen = klen;
608 } else if (!strcmp(crypto_alg, "blowfish")) {
609 priv->crypto_alg = CRYPTO_BLF_CBC;
610 if (klen < 128 || klen > 448 || (klen % 8) != 0)
612 priv->crypto_klen = klen;
613 } else if (!strcmp(crypto_alg, "3des") ||
614 !strncmp(crypto_alg, "des3", 4)) {
615 priv->crypto_alg = CRYPTO_3DES_CBC;
618 priv->crypto_klen = 168;
619 } else if (!strcmp(crypto_alg, "camellia")) {
620 priv->crypto_alg = CRYPTO_CAMELLIA_CBC;
621 if (klen != 128 && klen != 192 && klen != 256)
623 priv->crypto_klen = klen;
624 } else if (!strcmp(crypto_alg, "skipjack")) {
625 priv->crypto_alg = CRYPTO_SKIPJACK_CBC;
628 priv->crypto_klen = 80;
629 } else if (!strcmp(crypto_alg, "cast5")) {
630 priv->crypto_alg = CRYPTO_CAST_CBC;
633 priv->crypto_klen = 128;
634 } else if (!strcmp(crypto_alg, "null")) {
635 priv->crypto_alg = CRYPTO_NULL_CBC;
638 priv->crypto_klen = 128;
640 kprintf("dm_target_crypt: Unsupported crypto algorithm: %s\n",
645 /* Save length of param string */
646 priv->params_len = len;
647 priv->block_offset = block_offset;
648 priv->iv_offset = iv_offset - block_offset;
650 *target_config = priv;
652 dmv->dev_type = DM_CRYPTO_DEV;
654 error = hex2key(key, priv->crypto_klen >> 3,
655 (u_int8_t *)priv->crypto_key);
658 kprintf("dm_target_crypt: hex2key failed, "
659 "invalid key format\n");
664 for(i = 0; ivgens[i].name != NULL; i++) {
665 if (!strcmp(iv_mode, ivgens[i].name))
669 if (ivgens[i].name == NULL) {
670 kprintf("dm_target_crypt: iv_mode='%s' unsupported\n",
675 /* Call our ivgen constructor */
676 if (ivgens[i].ctor != NULL) {
677 error = ivgens[i].ctor(priv, iv_opt,
680 kprintf("dm_target_crypt: ctor for '%s' failed\n",
686 priv->ivgen = &ivgens[i];
688 priv->crypto_session.cri_alg = priv->crypto_alg;
689 priv->crypto_session.cri_key = (u_int8_t *)priv->crypto_key;
690 priv->crypto_session.cri_klen = priv->crypto_klen;
691 priv->crypto_session.cri_mlen = 0;
692 priv->crypto_session.cri_next = NULL;
694 error = crypto_newsession(&priv->crypto_sid,
695 &priv->crypto_session,
696 CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE);
698 kprintf("dm_target_crypt: Error during crypto_newsession, "
704 memset(key, '0', strlen(key));
706 ksprintf(status_str, "%s-%s-%s:%s %s %ju %s %ju",
707 crypto_alg, crypto_mode, iv_mode, iv_opt,
708 key, iv_offset, dev, block_offset);
710 ksprintf(status_str, "%s-%s-%s %s %ju %s %ju",
711 crypto_alg, crypto_mode, iv_mode,
712 key, iv_offset, dev, block_offset);
714 priv->status_str = status_str;
719 kprintf("dm_target_crypt: ENOTSUP\n");
720 kfree(status_str, M_DMCRYPT);
724 /* Status routine called to get params string. */
726 dm_target_crypt_status(void *target_config)
728 dm_target_crypt_config_t *priv;
731 priv = target_config;
733 /* caller expects use of M_DM */
734 params = kmalloc(DM_MAX_PARAMS_SIZE, M_DM, M_WAITOK);
736 ksnprintf(params, DM_MAX_PARAMS_SIZE, "%s",
743 dm_target_crypt_destroy(dm_table_entry_t * table_en)
745 dm_target_crypt_config_t *priv;
748 * Disconnect the crypt config before unbusying the target.
750 priv = table_en->target_config;
753 table_en->target_config = NULL;
754 dm_pdev_decr(priv->pdev);
756 dm_target_unbusy(table_en->target);
759 * Clean up the crypt config
761 * Overwrite the private information before freeing memory to
764 if (priv->status_str) {
765 dmtc_crypto_clear(priv->status_str, strlen(priv->status_str));
766 kfree(priv->status_str, M_DMCRYPT);
767 crypto_freesession(priv->crypto_sid);
770 if ((priv->ivgen) && (priv->ivgen->dtor != NULL)) {
771 priv->ivgen->dtor(priv, priv->ivgen_priv);
774 dmtc_crypto_clear(priv, sizeof(dm_target_crypt_config_t));
775 kfree(priv, M_DMCRYPT);
781 dm_target_crypt_deps(dm_table_entry_t * table_en, prop_array_t prop_array)
783 dm_target_crypt_config_t *priv;
788 if (table_en->target_config == NULL)
791 priv = table_en->target_config;
793 if ((error = VOP_GETATTR(priv->pdev->pdev_vnode, &va)) != 0)
796 prop_array_add_uint64(prop_array,
797 (uint64_t)makeudev(va.va_rmajor, va.va_rminor));
802 /* Unsupported for this target. */
804 dm_target_crypt_upcall(dm_table_entry_t * table_en, struct buf * bp)
809 /************************************************************************
810 * STRATEGY SUPPORT FUNCTIONS *
811 ************************************************************************
813 * READ PATH: doio -> bio_read_done -> crypto_work -> crypto_cb_read_done
814 * WRITE PATH: crypto_work -> crypto_cb_write_done -> doio -> bio_write_done
818 * Wrapper around crypto_dispatch() to match dispatch_t type
821 dmtc_crypto_dispatch(void *arg)
825 crp = (struct cryptop *)arg;
826 KKASSERT(crp != NULL);
827 crypto_dispatch(crp);
831 * Start IO operation, called from dmstrategy routine.
834 dm_target_crypt_strategy(dm_table_entry_t *table_en, struct buf *bp)
838 dm_target_crypt_config_t *priv;
839 priv = table_en->target_config;
841 /* Get rid of stuff we can't really handle */
842 if ((bp->b_cmd == BUF_CMD_READ) || (bp->b_cmd == BUF_CMD_WRITE)) {
843 if (((bp->b_bcount % DEV_BSIZE) != 0) || (bp->b_bcount == 0)) {
844 kprintf("dm_target_crypt_strategy: can't really "
845 "handle bp->b_bcount = %d\n",
847 bp->b_error = EINVAL;
848 bp->b_flags |= B_ERROR | B_INVAL;
849 biodone(&bp->b_bio1);
856 bio = push_bio(&bp->b_bio1);
857 bio->bio_offset = bp->b_bio1.bio_offset +
858 priv->block_offset * DEV_BSIZE;
859 bio->bio_caller_info1.ptr = priv;
860 bio->bio_done = dmtc_bio_read_done;
861 vn_strategy(priv->pdev->pdev_vnode, bio);
864 bio = push_bio(&bp->b_bio1);
865 bio->bio_offset = bp->b_bio1.bio_offset +
866 priv->block_offset * DEV_BSIZE;
867 bio->bio_caller_info1.ptr = priv;
868 dmtc_crypto_write_start(priv, bio);
871 vn_strategy(priv->pdev->pdev_vnode, &bp->b_bio1);
878 * STRATEGY READ PATH PART 1/3 (after read BIO completes)
881 dmtc_bio_read_done(struct bio *bio)
885 dm_target_crypt_config_t *priv;
888 * If a read error occurs we shortcut the operation, otherwise
891 if (bio->bio_buf->b_flags & B_ERROR) {
895 priv = bio->bio_caller_info1.ptr;
896 dmtc_crypto_read_start(priv, bio);
901 * STRATEGY READ PATH PART 2/3
904 dmtc_crypto_read_retry(void *arg1, void *arg2)
906 dm_target_crypt_config_t *priv = arg1;
907 struct bio *bio = arg2;
909 dmtc_crypto_read_start(priv, bio);
913 dmtc_crypto_read_start(dm_target_crypt_config_t *priv, struct bio *bio)
915 struct dmtc_helper *dmtc;
916 struct cryptodesc *crd;
918 struct cryptoini *cri;
919 int i, bytes, sectors, sz;
923 cri = &priv->crypto_session;
926 * Note: b_resid no good after read I/O, it will be 0, use
929 bytes = bio->bio_buf->b_bcount;
930 isector = bio->bio_offset / DEV_BSIZE; /* ivgen salt base? */
931 sectors = bytes / DEV_BSIZE; /* Number of sectors */
932 sz = sectors * (sizeof(*crp) + sizeof(*crd));
935 * For reads with bogus page we can't decrypt in place as stuff
936 * can get ripped out from under us.
938 * XXX actually it looks like we can, and in any case the initial
939 * read already completed and threw crypted data into the buffer
940 * cache buffer. Disable for now.
942 space = mpipe_alloc_callback(&dmtc_read_mpipe,
943 dmtc_crypto_read_retry, priv, bio);
947 dmtc = (struct dmtc_helper *)space;
948 dmtc->free_addr = space;
949 space += sizeof(struct dmtc_helper);
950 dmtc->orig_buf = NULL;
951 dmtc->data_buf = bio->bio_buf->b_data;
952 bio->bio_caller_info2.ptr = dmtc;
953 bio->bio_buf->b_error = 0;
956 * Load crypto descriptors (crp/crd loop)
960 bio->bio_caller_info3.value = sectors;
963 kprintf("Read, bytes = %d (b_bcount), "
964 "sectors = %d (bio = %p, b_cmd = %d)\n",
965 bytes, sectors, bio, bio->bio_buf->b_cmd);
967 for (i = 0; i < sectors; i++) {
968 crp = (struct cryptop *)ptr;
970 crd = (struct cryptodesc *)ptr;
971 ptr += sizeof (*crd);
973 crp->crp_buf = dmtc->data_buf + i * DEV_BSIZE;
975 crp->crp_sid = priv->crypto_sid;
976 crp->crp_ilen = crp->crp_olen = DEV_BSIZE;
978 crp->crp_opaque = (void *)bio;
980 crp->crp_callback = dmtc_crypto_cb_read_done;
983 crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_REL |
986 crd->crd_alg = priv->crypto_alg;
988 crd->crd_key = (caddr_t)priv->crypto_key;
989 crd->crd_klen = priv->crypto_klen;
993 crd->crd_len = DEV_BSIZE /* XXX */;
994 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
995 crd->crd_next = NULL;
997 crd->crd_flags &= ~CRD_F_ENCRYPT;
1000 * Note: last argument is used to generate salt(?) and is
1001 * a 64 bit value, but the original code passed an
1002 * int. Changing it now will break pre-existing
1005 priv->ivgen->gen_iv(priv, crd->crd_iv, sizeof(crd->crd_iv),
1011 * STRATEGY READ PATH PART 3/3
1014 dmtc_crypto_cb_read_done(struct cryptop *crp)
1016 struct dmtc_helper *dmtc;
1017 struct bio *bio, *obio;
1020 if (crp->crp_etype == EAGAIN)
1021 return crypto_dispatch(crp);
1023 bio = (struct bio *)crp->crp_opaque;
1024 KKASSERT(bio != NULL);
1029 if (crp->crp_etype) {
1030 kprintf("dm_target_crypt: dmtc_crypto_cb_read_done "
1033 bio->bio_buf->b_error = crp->crp_etype;
1037 * On the last chunk of the decryption we do any required copybacks
1038 * and complete the I/O.
1040 n = atomic_fetchadd_int(&bio->bio_caller_info3.value, -1);
1042 kprintf("dmtc_crypto_cb_read_done %p, n = %d\n", bio, n);
1047 * For the B_HASBOGUS case we didn't decrypt in place,
1048 * so we need to copy stuff back into the buf.
1050 * (disabled for now).
1052 dmtc = bio->bio_caller_info2.ptr;
1053 if (bio->bio_buf->b_error) {
1054 bio->bio_buf->b_flags |= B_ERROR;
1057 else if (bio->bio_buf->b_flags & B_HASBOGUS) {
1058 memcpy(bio->bio_buf->b_data, dmtc->data_buf,
1059 bio->bio_buf->b_bcount);
1062 mpipe_free(&dmtc_read_mpipe, dmtc->free_addr);
1063 obio = pop_bio(bio);
1068 /* END OF STRATEGY READ SECTION */
1071 * STRATEGY WRITE PATH PART 1/3
1075 dmtc_crypto_write_retry(void *arg1, void *arg2)
1077 dm_target_crypt_config_t *priv = arg1;
1078 struct bio *bio = arg2;
1080 dmtc_crypto_write_start(priv, bio);
1084 dmtc_crypto_write_start(dm_target_crypt_config_t *priv, struct bio *bio)
1086 struct dmtc_helper *dmtc;
1087 struct cryptodesc *crd;
1088 struct cryptop *crp;
1089 struct cryptoini *cri;
1090 int i, bytes, sectors, sz;
1092 u_char *ptr, *space;
1094 cri = &priv->crypto_session;
1097 * Use b_bcount for consistency
1099 bytes = bio->bio_buf->b_bcount;
1101 isector = bio->bio_offset / DEV_BSIZE; /* ivgen salt base? */
1102 sectors = bytes / DEV_BSIZE; /* Number of sectors */
1103 sz = sectors * (sizeof(*crp) + sizeof(*crd));
1106 * For writes and reads with bogus page don't decrypt in place.
1108 space = mpipe_alloc_callback(&dmtc_write_mpipe,
1109 dmtc_crypto_write_retry, priv, bio);
1113 dmtc = (struct dmtc_helper *)space;
1114 dmtc->free_addr = space;
1115 space += sizeof(struct dmtc_helper);
1116 memcpy(space + sz, bio->bio_buf->b_data, bytes);
1118 bio->bio_caller_info2.ptr = dmtc;
1119 bio->bio_buf->b_error = 0;
1121 dmtc->orig_buf = bio->bio_buf->b_data;
1122 dmtc->data_buf = space + sz;
1125 * Load crypto descriptors (crp/crd loop)
1129 bio->bio_caller_info3.value = sectors;
1132 kprintf("Write, bytes = %d (b_bcount), "
1133 "sectors = %d (bio = %p, b_cmd = %d)\n",
1134 bytes, sectors, bio, bio->bio_buf->b_cmd);
1136 for (i = 0; i < sectors; i++) {
1137 crp = (struct cryptop *)ptr;
1138 ptr += sizeof(*crp);
1139 crd = (struct cryptodesc *)ptr;
1140 ptr += sizeof (*crd);
1142 crp->crp_buf = dmtc->data_buf + i * DEV_BSIZE;
1144 crp->crp_sid = priv->crypto_sid;
1145 crp->crp_ilen = crp->crp_olen = DEV_BSIZE;
1147 crp->crp_opaque = (void *)bio;
1149 crp->crp_callback = dmtc_crypto_cb_write_done;
1150 crp->crp_desc = crd;
1152 crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_REL |
1155 crd->crd_alg = priv->crypto_alg;
1157 crd->crd_key = (caddr_t)priv->crypto_key;
1158 crd->crd_klen = priv->crypto_klen;
1162 crd->crd_len = DEV_BSIZE /* XXX */;
1163 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
1164 crd->crd_next = NULL;
1166 crd->crd_flags |= CRD_F_ENCRYPT;
1169 * Note: last argument is used to generate salt(?) and is
1170 * a 64 bit value, but the original code passed an
1171 * int. Changing it now will break pre-existing
1174 priv->ivgen->gen_iv(priv, crd->crd_iv, sizeof(crd->crd_iv),
1180 * STRATEGY WRITE PATH PART 2/3
1183 dmtc_crypto_cb_write_done(struct cryptop *crp)
1185 struct dmtc_helper *dmtc;
1186 dm_target_crypt_config_t *priv;
1187 struct bio *bio, *obio;
1190 if (crp->crp_etype == EAGAIN)
1191 return crypto_dispatch(crp);
1193 bio = (struct bio *)crp->crp_opaque;
1194 KKASSERT(bio != NULL);
1199 if (crp->crp_etype != 0) {
1200 kprintf("dm_target_crypt: dmtc_crypto_cb_write_done "
1203 bio->bio_buf->b_error = crp->crp_etype;
1207 * On the last chunk of the encryption we issue the write
1209 n = atomic_fetchadd_int(&bio->bio_caller_info3.value, -1);
1211 kprintf("dmtc_crypto_cb_write_done %p, n = %d\n", bio, n);
1215 dmtc = bio->bio_caller_info2.ptr;
1216 priv = (dm_target_crypt_config_t *)bio->bio_caller_info1.ptr;
1218 if (bio->bio_buf->b_error) {
1219 bio->bio_buf->b_flags |= B_ERROR;
1220 mpipe_free(&dmtc_write_mpipe, dmtc->free_addr);
1221 obio = pop_bio(bio);
1224 dmtc->orig_buf = bio->bio_buf->b_data;
1225 bio->bio_buf->b_data = dmtc->data_buf;
1226 bio->bio_done = dmtc_bio_write_done;
1227 vn_strategy(priv->pdev->pdev_vnode, bio);
1234 * STRATEGY WRITE PATH PART 3/3
1237 dmtc_bio_write_done(struct bio *bio)
1239 struct dmtc_helper *dmtc;
1242 dmtc = bio->bio_caller_info2.ptr;
1243 bio->bio_buf->b_data = dmtc->orig_buf;
1244 mpipe_free(&dmtc_write_mpipe, dmtc->free_addr);
1245 obio = pop_bio(bio);
1248 /* END OF STRATEGY WRITE SECTION */
1254 extern int tsleep_crypto_dump;
1257 dm_target_crypt_dump(dm_table_entry_t *table_en, void *data, size_t length, off_t offset)
1259 static struct dmtc_dump_helper dump_helper;
1260 dm_target_crypt_config_t *priv;
1262 static int first_call = 1;
1264 priv = table_en->target_config;
1268 dump_reactivate_cpus();
1271 /* Magically enable tsleep */
1272 tsleep_crypto_dump = 1;
1276 * 0 length means flush buffers and return
1279 if (priv->pdev->pdev_vnode->v_rdev == NULL) {
1280 tsleep_crypto_dump = 0;
1283 dev_ddump(priv->pdev->pdev_vnode->v_rdev,
1284 data, 0, offset, 0);
1285 tsleep_crypto_dump = 0;
1289 bzero(&dump_helper, sizeof(dump_helper));
1290 dump_helper.priv = priv;
1291 dump_helper.data = data;
1292 dump_helper.length = length;
1293 dump_helper.offset = offset +
1294 priv->block_offset * DEV_BSIZE;
1295 dump_helper.ident = &id;
1296 dmtc_crypto_dump_start(priv, &dump_helper);
1299 * Hackery to make stuff appear synchronous. The crypto callback will
1300 * set id to 1 and call wakeup on it. If the request completed
1301 * synchronously, id will be 1 and we won't bother to sleep. If not,
1302 * the crypto request will complete asynchronously and we sleep until
1306 tsleep(&dump_helper, 0, "cryptdump", 0);
1308 dump_helper.offset = dm_pdev_correct_dump_offset(priv->pdev,
1309 dump_helper.offset);
1311 dev_ddump(priv->pdev->pdev_vnode->v_rdev,
1312 dump_helper.space, 0, dump_helper.offset,
1313 dump_helper.length);
1315 tsleep_crypto_dump = 0;
1320 dmtc_crypto_dump_start(dm_target_crypt_config_t *priv, struct dmtc_dump_helper *dump_helper)
1322 struct cryptodesc *crd;
1323 struct cryptop *crp;
1324 struct cryptoini *cri;
1325 int i, bytes, sectors;
1328 cri = &priv->crypto_session;
1330 bytes = dump_helper->length;
1332 isector = dump_helper->offset / DEV_BSIZE; /* ivgen salt base? */
1333 sectors = bytes / DEV_BSIZE; /* Number of sectors */
1334 dump_helper->sectors = sectors;
1336 kprintf("Dump, bytes = %d, "
1337 "sectors = %d, LENGTH=%zu\n", bytes, sectors, dump_helper->length);
1339 KKASSERT(dump_helper->length <= 65536);
1341 memcpy(dump_helper->space, dump_helper->data, bytes);
1345 for (i = 0; i < sectors; i++) {
1346 crp = &dump_helper->crp[i];
1347 crd = &dump_helper->crd[i];
1349 crp->crp_buf = dump_helper->space + i * DEV_BSIZE;
1351 crp->crp_sid = priv->crypto_sid;
1352 crp->crp_ilen = crp->crp_olen = DEV_BSIZE;
1354 crp->crp_opaque = (void *)dump_helper;
1356 crp->crp_callback = dmtc_crypto_cb_dump_done;
1357 crp->crp_desc = crd;
1359 crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_REL |
1362 crd->crd_alg = priv->crypto_alg;
1365 crd->crd_len = DEV_BSIZE /* XXX */;
1366 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
1367 crd->crd_next = NULL;
1369 crd->crd_flags |= CRD_F_ENCRYPT;
1372 * Note: last argument is used to generate salt(?) and is
1373 * a 64 bit value, but the original code passed an
1374 * int. Changing it now will break pre-existing
1377 priv->ivgen->gen_iv(priv, crd->crd_iv, sizeof(crd->crd_iv),
1383 dmtc_crypto_cb_dump_done(struct cryptop *crp)
1385 struct dmtc_dump_helper *dump_helper;
1386 dm_target_crypt_config_t *priv;
1389 if (crp->crp_etype == EAGAIN)
1390 return crypto_dispatch(crp);
1392 dump_helper = (struct dmtc_dump_helper *)crp->crp_opaque;
1393 KKASSERT(dump_helper != NULL);
1395 if (crp->crp_etype != 0) {
1396 kprintf("dm_target_crypt: dmtc_crypto_cb_dump_done "
1399 return crp->crp_etype;
1403 * On the last chunk of the encryption we return control
1405 n = atomic_fetchadd_int(&dump_helper->sectors, -1);
1408 priv = (dm_target_crypt_config_t *)dump_helper->priv;
1409 atomic_add_int(dump_helper->ident, 1);
1410 wakeup(dump_helper);
1417 dmtc_mod_handler(module_t mod, int type, void *unused)
1419 dm_target_t *dmt = NULL;
1424 if ((dmt = dm_target_lookup("crypt")) != NULL) {
1425 dm_target_unbusy(dmt);
1428 dmt = dm_target_alloc("crypt");
1429 dmt->version[0] = 1;
1430 dmt->version[1] = 6;
1431 dmt->version[2] = 0;
1432 strlcpy(dmt->name, "crypt", DM_MAX_TYPE_NAME);
1433 dmt->init = &dm_target_crypt_init;
1434 dmt->status = &dm_target_crypt_status;
1435 dmt->strategy = &dm_target_crypt_strategy;
1436 dmt->deps = &dm_target_crypt_deps;
1437 dmt->destroy = &dm_target_crypt_destroy;
1438 dmt->upcall = &dm_target_crypt_upcall;
1439 dmt->dump = &dm_target_crypt_dump;
1443 err = dm_target_insert(dmt);
1445 dmtc_destroy_mpipe();
1447 kprintf("dm_target_crypt: Successfully initialized\n");
1451 err = dm_target_rem("crypt");
1453 dmtc_destroy_mpipe();
1454 kprintf("dm_target_crypt: unloaded\n");
1465 DM_TARGET_MODULE(dm_target_crypt, dmtc_mod_handler);