socsvn commit: r254757 - in soc2013/def/crashdump-head/sys: amd64/conf conf crypto
def at FreeBSD.org
def at FreeBSD.org
Sat Jul 13 17:38:58 UTC 2013
Author: def
Date: Sat Jul 13 17:38:58 2013
New Revision: 254757
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=254757
Log:
Import XTS implementation from pefs. Compile kernel with ENCRYPT_CRASH option - compile xts.c into kernel.
Added:
soc2013/def/crashdump-head/sys/crypto/xts.c
soc2013/def/crashdump-head/sys/crypto/xts.h
Modified:
soc2013/def/crashdump-head/sys/amd64/conf/GENERIC
soc2013/def/crashdump-head/sys/conf/files
soc2013/def/crashdump-head/sys/conf/options
Modified: soc2013/def/crashdump-head/sys/amd64/conf/GENERIC
==============================================================================
--- soc2013/def/crashdump-head/sys/amd64/conf/GENERIC Sat Jul 13 15:34:37 2013 (r254756)
+++ soc2013/def/crashdump-head/sys/amd64/conf/GENERIC Sat Jul 13 17:38:58 2013 (r254757)
@@ -339,3 +339,6 @@
device virtio_blk # VirtIO Block device
device virtio_scsi # VirtIO SCSI device
device virtio_balloon # VirtIO Memory Balloon device
+
+# Unattended encrypted kernel crash dumps
+option ENCRYPT_CRASH
Modified: soc2013/def/crashdump-head/sys/conf/files
==============================================================================
--- soc2013/def/crashdump-head/sys/conf/files Sat Jul 13 15:34:37 2013 (r254756)
+++ soc2013/def/crashdump-head/sys/conf/files Sat Jul 13 17:38:58 2013 (r254757)
@@ -546,6 +546,7 @@
netgraph_mppc_encryption | sctp
crypto/sha2/sha2.c optional crypto | geom_bde | ipsec | random | \
sctp | zfs
+crypto/xts.c optional crypto | encrypt_crash
ddb/db_access.c optional ddb
ddb/db_break.c optional ddb
ddb/db_capture.c optional ddb
Modified: soc2013/def/crashdump-head/sys/conf/options
==============================================================================
--- soc2013/def/crashdump-head/sys/conf/options Sat Jul 13 15:34:37 2013 (r254756)
+++ soc2013/def/crashdump-head/sys/conf/options Sat Jul 13 17:38:58 2013 (r254757)
@@ -897,3 +897,6 @@
# Resource Limits
RCTL opt_global.h
+
+# Unattended encrypted kernel crash dumps
+ENCRYPT_CRASH opt_crash.h
Added: soc2013/def/crashdump-head/sys/crypto/xts.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ soc2013/def/crashdump-head/sys/crypto/xts.c Sat Jul 13 17:38:58 2013 (r254757)
@@ -0,0 +1,222 @@
+/*
+ * Copyright (c) 2007, 2008 University of Tsukuba
+ * Copyright (c) 2010 Gleb Kurtsou <gleb at FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 3. Neither the name of the University of Tsukuba nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/endian.h>
+#include <crypto/xts.h>
+
+#ifdef _KERNEL
+#include <sys/libkern.h>
+#else
+#include <string.h>
+#endif
+
+void
+xts_aes_keysetup(struct xts_ctx *ctx, const uint8_t *key, uint32_t keybits)
+{
+ rijndael_set_key(&ctx->o.pctx_aes, key, keybits);
+}
+
+void
+xts_aes_encrypt(const struct xts_ctx *ctx, const uint8_t *in, uint8_t *out)
+{
+ rijndael_encrypt(&ctx->o.pctx_aes, in, out);
+}
+
+void
+xts_aes_decrypt(const struct xts_ctx *ctx, const uint8_t *in, uint8_t *out)
+{
+ rijndael_decrypt(&ctx->o.pctx_aes, in, out);
+}
+
+const struct xts_alg xts_alg_aes = {
+ .pa_encrypt = xts_aes_encrypt,
+ .pa_decrypt = xts_aes_decrypt,
+ .pa_keysetup = xts_aes_keysetup,
+ .pa_id = XTS_ALG_AES,
+};
+
+static __inline void
+xor128(void *dst, const void *src1, const void *src2)
+{
+ const uint64_t *s1 = (const uint64_t *)src1;
+ const uint64_t *s2 = (const uint64_t *)src2;
+ uint64_t *d = (uint64_t *)dst;
+
+ d[0] = s1[0] ^ s2[0];
+ d[1] = s1[1] ^ s2[1];
+}
+
+static __inline int
+shl128(uint64_t *d, const uint64_t *s)
+{
+ int c0, c1;
+
+ c0 = s[0] & (1ULL << 63) ? 1 : 0;
+ c1 = s[1] & (1ULL << 63) ? 1 : 0;
+ d[0] = s[0] << 1;
+ d[1] = s[1] << 1 | c0;
+
+ return (c1);
+}
+
+static __inline void
+gf_mul128(uint64_t *dst, const uint64_t *src)
+{
+ static const uint8_t gf_128_fdbk = 0x87;
+ int carry;
+
+ carry = shl128(dst, src);
+ if (carry != 0)
+ ((uint8_t *)dst)[0] ^= gf_128_fdbk;
+}
+
+static __inline void
+xts_fullblock(algop_crypt_t *data_crypt, const struct xts_ctx *data_ctx,
+ uint64_t *tweak, const uint8_t *src, uint8_t *dst)
+{
+ xor128(dst, src, tweak);
+ data_crypt(data_ctx, dst, dst);
+ xor128(dst, dst, tweak);
+ gf_mul128(tweak, tweak);
+}
+
+static __inline void
+xts_lastblock(algop_crypt_t *data_crypt, const struct xts_ctx *data_ctx,
+ uint64_t *tweak, const uint8_t *src, uint8_t *dst, int len)
+{
+ uint8_t b[XTS_BLK_BYTES];
+
+ dst -= XTS_BLK_BYTES; /* m - 1 */
+ memcpy(b, dst, XTS_BLK_BYTES);
+ memcpy(b, src, len);
+ memcpy(dst + XTS_BLK_BYTES, dst, len);
+
+ xor128(dst, b, tweak);
+ data_crypt(data_ctx, dst, dst);
+ xor128(dst, dst, tweak);
+}
+
+static __inline void
+xts_smallblock(const struct xts_alg *alg, const struct xts_ctx *data_ctx,
+ uint64_t *tweak, const uint8_t *src, uint8_t *dst, int len)
+{
+ uint8_t buf[XTS_BLK_BYTES], *p;
+
+ /*
+ * Encryption/decryption of sectors smaller then 128 bits is not defined
+ * by IEEE P1619 standard.
+ * To work around it encrypt such sector in CTR mode.
+ * CTR tweak (counter) value is XTS-tweak xor'ed with block length, i.e.
+ * entire small block has to be reencrypted after length change.
+ */
+ memset(buf, len, XTS_BLK_BYTES);
+ xor128(buf, buf, tweak);
+ alg->pa_encrypt(data_ctx, buf, buf);
+ for (p = buf; len > 0; len--)
+ *(dst++) = *(src++) ^ *(p++);
+}
+
+static __inline void
+xts_start(const struct xts_alg *alg, const struct xts_ctx *tweak_ctx,
+ uint64_t *tweak, uint64_t sector, const uint8_t *xtweak)
+{
+ tweak[0] = htole64(sector);
+ tweak[1] = *((const uint64_t *)xtweak);
+
+ /* encrypt the tweak */
+ alg->pa_encrypt(tweak_ctx, (uint8_t *)tweak, (uint8_t *)tweak);
+}
+
+void
+xts_block_encrypt(const struct xts_alg *alg,
+ const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx,
+ uint64_t sector, const uint8_t *xtweak, int len,
+ const uint8_t *src, uint8_t *dst)
+{
+ uint64_t tweak[XTS_BLK_BYTES / 8];
+
+ xts_start(alg, tweak_ctx, tweak, sector, xtweak);
+
+ if (len < XTS_BLK_BYTES) {
+ xts_smallblock(alg, data_ctx, tweak, src, dst, len);
+ return;
+ }
+
+ while (len >= XTS_BLK_BYTES) {
+ xts_fullblock(alg->pa_encrypt, data_ctx, tweak, src, dst);
+ dst += XTS_BLK_BYTES;
+ src += XTS_BLK_BYTES;
+ len -= XTS_BLK_BYTES;
+ }
+
+ if (len != 0)
+ xts_lastblock(alg->pa_encrypt, data_ctx, tweak, src, dst, len);
+}
+
+void
+xts_block_decrypt(const struct xts_alg *alg,
+ const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx,
+ uint64_t sector, const uint8_t *xtweak, int len,
+ const uint8_t *src, uint8_t *dst)
+{
+ uint64_t tweak[XTS_BLK_BYTES / 8];
+ uint64_t prevtweak[XTS_BLK_BYTES / 8];
+
+ xts_start(alg, tweak_ctx, tweak, sector, xtweak);
+
+ if (len < XTS_BLK_BYTES) {
+ xts_smallblock(alg, data_ctx, tweak, src, dst, len);
+ return;
+ }
+
+ if ((len & XTS_BLK_MASK) != 0)
+ len -= XTS_BLK_BYTES;
+
+ while (len >= XTS_BLK_BYTES) {
+ xts_fullblock(alg->pa_decrypt, data_ctx, tweak, src, dst);
+ dst += XTS_BLK_BYTES;
+ src += XTS_BLK_BYTES;
+ len -= XTS_BLK_BYTES;
+ }
+
+ if (len != 0) {
+ len += XTS_BLK_BYTES;
+ prevtweak[0] = tweak[0];
+ prevtweak[1] = tweak[1];
+ gf_mul128(tweak, tweak);
+ xts_fullblock(alg->pa_decrypt, data_ctx, tweak, src, dst);
+ dst += XTS_BLK_BYTES;
+ src += XTS_BLK_BYTES;
+ len -= XTS_BLK_BYTES;
+ xts_lastblock(alg->pa_decrypt, data_ctx, prevtweak,
+ src, dst, len);
+ }
+}
Added: soc2013/def/crashdump-head/sys/crypto/xts.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ soc2013/def/crashdump-head/sys/crypto/xts.h Sat Jul 13 17:38:58 2013 (r254757)
@@ -0,0 +1,75 @@
+/*-
+ * Copyright (c) 2009 Gleb Kurtsou <gleb at FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef __XTS_H
+#define __XTS_H
+
+#include <crypto/camellia/camellia.h>
+#include <crypto/rijndael/rijndael.h>
+
+#define XTS_BLK_BYTES 16
+#define XTS_BLK_MASK (XTS_BLK_BYTES - 1)
+#define XTS_ALG_INVALID 0
+#define XTS_ALG_AES 4
+#define XTS_ALG_CAMELLIA 5
+
+struct xts_ctx {
+ union {
+ camellia_ctx pctx_camellia;
+ rijndael_ctx pctx_aes;
+ } o;
+} __aligned(CACHE_LINE_SIZE);
+
+
+typedef void algop_crypt_t(const struct xts_ctx *ctx, const uint8_t *in, uint8_t *out);
+typedef void algop_keysetup_t(struct xts_ctx *ctx, const uint8_t *key, uint32_t keybits);
+
+struct xts_alg {
+ algop_crypt_t *pa_encrypt;
+ algop_crypt_t *pa_decrypt;
+ algop_keysetup_t *pa_keysetup;
+ int pa_id;
+};
+
+void xts_block_encrypt(const struct xts_alg *alg,
+ const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx,
+ uint64_t sector, const uint8_t *xtweak, int len,
+ const uint8_t *src, uint8_t *dst);
+
+void xts_block_decrypt(const struct xts_alg *alg,
+ const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx,
+ uint64_t sector, const uint8_t *xtweak, int len,
+ const uint8_t *src, uint8_t *dst);
+
+algop_crypt_t xts_aes_encrypt;
+algop_crypt_t xts_aes_decrypt;
+algop_keysetup_t xts_aes_keysetup;
+
+extern const struct xts_alg xts_alg_aes;
+
+#endif /* __XTS_H */
More information about the svn-soc-all
mailing list