socsvn commit: r254757 - in soc2013/def/crashdump-head/sys: amd64/conf conf crypto

Sat Jul 13 17:38:58 UTC 2013

Author: def
Date: Sat Jul 13 17:38:58 2013
New Revision: 254757
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=254757

Log:
  Import XTS implementation from pefs. Compile kernel with ENCRYPT_CRASH option - compile xts.c into kernel.

Added:
  soc2013/def/crashdump-head/sys/crypto/xts.c
  soc2013/def/crashdump-head/sys/crypto/xts.h
Modified:
  soc2013/def/crashdump-head/sys/amd64/conf/GENERIC
  soc2013/def/crashdump-head/sys/conf/files
  soc2013/def/crashdump-head/sys/conf/options

Modified: soc2013/def/crashdump-head/sys/amd64/conf/GENERIC
==============================================================================

--- soc2013/def/crashdump-head/sys/amd64/conf/GENERIC	Sat Jul 13 15:34:37 2013	(r254756)
+++ soc2013/def/crashdump-head/sys/amd64/conf/GENERIC	Sat Jul 13 17:38:58 2013	(r254757)
@@ -339,3 +339,6 @@
 device		virtio_blk	# VirtIO Block device
 device		virtio_scsi	# VirtIO SCSI device
 device		virtio_balloon	# VirtIO Memory Balloon device
+
+# Unattended encrypted kernel crash dumps
+option		ENCRYPT_CRASH

Modified: soc2013/def/crashdump-head/sys/conf/files
==============================================================================
--- soc2013/def/crashdump-head/sys/conf/files	Sat Jul 13 15:34:37 2013	(r254756)
+++ soc2013/def/crashdump-head/sys/conf/files	Sat Jul 13 17:38:58 2013	(r254757)
@@ -546,6 +546,7 @@
 					 netgraph_mppc_encryption | sctp
 crypto/sha2/sha2.c		optional crypto | geom_bde | ipsec | random | \
 					 sctp | zfs
+crypto/xts.c			optional crypto | encrypt_crash
 ddb/db_access.c			optional ddb
 ddb/db_break.c			optional ddb
 ddb/db_capture.c		optional ddb

Modified: soc2013/def/crashdump-head/sys/conf/options
==============================================================================
--- soc2013/def/crashdump-head/sys/conf/options	Sat Jul 13 15:34:37 2013	(r254756)
+++ soc2013/def/crashdump-head/sys/conf/options	Sat Jul 13 17:38:58 2013	(r254757)
@@ -897,3 +897,6 @@
 
 # Resource Limits
 RCTL		opt_global.h
+
+# Unattended encrypted kernel crash dumps
+ENCRYPT_CRASH	opt_crash.h

Added: soc2013/def/crashdump-head/sys/crypto/xts.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ soc2013/def/crashdump-head/sys/crypto/xts.c	Sat Jul 13 17:38:58 2013	(r254757)
@@ -0,0 +1,222 @@
+/*
+ * Copyright (c) 2007, 2008 University of Tsukuba
+ * Copyright (c) 2010 Gleb Kurtsou <gleb at FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of the University of Tsukuba nor the names of its
+ *    contributors may be used to endorse or promote products derived from
+ *    this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/endian.h>
+#include <crypto/xts.h>
+
+#ifdef _KERNEL
+#include <sys/libkern.h>
+#else
+#include <string.h>
+#endif
+
+void
+xts_aes_keysetup(struct xts_ctx *ctx, const uint8_t *key, uint32_t keybits)
+{
+	rijndael_set_key(&ctx->o.pctx_aes, key, keybits);
+}
+
+void
+xts_aes_encrypt(const struct xts_ctx *ctx, const uint8_t *in, uint8_t *out)
+{
+	rijndael_encrypt(&ctx->o.pctx_aes, in, out);
+}
+
+void
+xts_aes_decrypt(const struct xts_ctx *ctx, const uint8_t *in, uint8_t *out)
+{
+	rijndael_decrypt(&ctx->o.pctx_aes, in, out);
+}
+
+const struct xts_alg xts_alg_aes = {
+	.pa_encrypt 	= xts_aes_encrypt,
+	.pa_decrypt 	= xts_aes_decrypt,
+	.pa_keysetup 	= xts_aes_keysetup,
+	.pa_id 		= XTS_ALG_AES,
+};
+
+static __inline void
+xor128(void *dst, const void *src1, const void *src2)
+{
+	const uint64_t *s1 = (const uint64_t *)src1;
+	const uint64_t *s2 = (const uint64_t *)src2;
+	uint64_t *d = (uint64_t *)dst;
+
+	d[0] = s1[0] ^ s2[0];
+	d[1] = s1[1] ^ s2[1];
+}
+
+static __inline int
+shl128(uint64_t *d, const uint64_t *s)
+{
+	int c0, c1;
+
+	c0 = s[0] & (1ULL << 63) ? 1 : 0;
+	c1 = s[1] & (1ULL << 63) ? 1 : 0;
+	d[0] = s[0] << 1;
+	d[1] = s[1] << 1 | c0;
+
+	return (c1);
+}
+
+static __inline void
+gf_mul128(uint64_t *dst, const uint64_t *src)
+{
+	static const uint8_t gf_128_fdbk = 0x87;
+	int carry;
+
+	carry = shl128(dst, src);
+	if (carry != 0)
+		((uint8_t *)dst)[0] ^= gf_128_fdbk;
+}
+
+static __inline void
+xts_fullblock(algop_crypt_t *data_crypt, const struct xts_ctx *data_ctx,
+    uint64_t *tweak, const uint8_t *src, uint8_t *dst)
+{
+	xor128(dst, src, tweak);
+	data_crypt(data_ctx, dst, dst);
+	xor128(dst, dst, tweak);
+	gf_mul128(tweak, tweak);
+}
+
+static __inline void
+xts_lastblock(algop_crypt_t *data_crypt, const struct xts_ctx *data_ctx,
+    uint64_t *tweak, const uint8_t *src, uint8_t *dst, int len)
+{
+	uint8_t b[XTS_BLK_BYTES];
+
+	dst -= XTS_BLK_BYTES;			/* m - 1 */
+	memcpy(b, dst, XTS_BLK_BYTES);
+	memcpy(b, src, len);
+	memcpy(dst + XTS_BLK_BYTES, dst, len);
+
+	xor128(dst, b, tweak);
+	data_crypt(data_ctx, dst, dst);
+	xor128(dst, dst, tweak);
+}
+
+static __inline void
+xts_smallblock(const struct xts_alg *alg, const struct xts_ctx *data_ctx,
+    uint64_t *tweak, const uint8_t *src, uint8_t *dst, int len)
+{
+	uint8_t buf[XTS_BLK_BYTES], *p;
+
+	/*
+	 * Encryption/decryption of sectors smaller then 128 bits is not defined
+	 * by IEEE P1619 standard.
+	 * To work around it encrypt such sector in CTR mode.
+	 * CTR tweak (counter) value is XTS-tweak xor'ed with block length, i.e.
+	 * entire small block has to be reencrypted after length change.
+	 */
+	memset(buf, len, XTS_BLK_BYTES);
+	xor128(buf, buf, tweak);
+	alg->pa_encrypt(data_ctx, buf, buf);
+	for (p = buf; len > 0; len--)
+		*(dst++) = *(src++) ^ *(p++);
+}
+
+static __inline void
+xts_start(const struct xts_alg *alg, const struct xts_ctx *tweak_ctx,
+    uint64_t *tweak, uint64_t sector, const uint8_t *xtweak)
+{
+	tweak[0] = htole64(sector);
+	tweak[1] = *((const uint64_t *)xtweak);
+
+	/* encrypt the tweak */
+	alg->pa_encrypt(tweak_ctx, (uint8_t *)tweak, (uint8_t *)tweak);
+}
+
+void
+xts_block_encrypt(const struct xts_alg *alg,
+    const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx,
+    uint64_t sector, const uint8_t *xtweak, int len,
+    const uint8_t *src, uint8_t *dst)
+{
+	uint64_t tweak[XTS_BLK_BYTES / 8];
+
+	xts_start(alg, tweak_ctx, tweak, sector, xtweak);
+
+	if (len < XTS_BLK_BYTES) {
+		xts_smallblock(alg, data_ctx, tweak, src, dst, len);
+		return;
+	}
+
+	while (len >= XTS_BLK_BYTES) {
+		xts_fullblock(alg->pa_encrypt, data_ctx, tweak, src, dst);
+		dst += XTS_BLK_BYTES;
+		src += XTS_BLK_BYTES;
+		len -= XTS_BLK_BYTES;
+	}
+
+	if (len != 0)
+		xts_lastblock(alg->pa_encrypt, data_ctx, tweak, src, dst, len);
+}
+
+void
+xts_block_decrypt(const struct xts_alg *alg,
+    const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx,
+    uint64_t sector, const uint8_t *xtweak, int len,
+    const uint8_t *src, uint8_t *dst)
+{
+	uint64_t tweak[XTS_BLK_BYTES / 8];
+	uint64_t prevtweak[XTS_BLK_BYTES / 8];
+
+	xts_start(alg, tweak_ctx, tweak, sector, xtweak);
+
+	if (len < XTS_BLK_BYTES) {
+		xts_smallblock(alg, data_ctx, tweak, src, dst, len);
+		return;
+	}
+
+	if ((len & XTS_BLK_MASK) != 0)
+		len -= XTS_BLK_BYTES;
+
+	while (len >= XTS_BLK_BYTES) {
+		xts_fullblock(alg->pa_decrypt, data_ctx, tweak, src, dst);
+		dst += XTS_BLK_BYTES;
+		src += XTS_BLK_BYTES;
+		len -= XTS_BLK_BYTES;
+	}
+
+	if (len != 0) {
+		len += XTS_BLK_BYTES;
+		prevtweak[0] = tweak[0];
+		prevtweak[1] = tweak[1];
+		gf_mul128(tweak, tweak);
+		xts_fullblock(alg->pa_decrypt, data_ctx, tweak, src, dst);
+		dst += XTS_BLK_BYTES;
+		src += XTS_BLK_BYTES;
+		len -= XTS_BLK_BYTES;
+		xts_lastblock(alg->pa_decrypt, data_ctx, prevtweak,
+		    src, dst, len);
+	}
+}

Added: soc2013/def/crashdump-head/sys/crypto/xts.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ soc2013/def/crashdump-head/sys/crypto/xts.h	Sat Jul 13 17:38:58 2013	(r254757)
@@ -0,0 +1,75 @@
+/*-
+ * Copyright (c) 2009 Gleb Kurtsou <gleb at FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef __XTS_H
+#define __XTS_H
+
+#include <crypto/camellia/camellia.h>
+#include <crypto/rijndael/rijndael.h>
+
+#define	XTS_BLK_BYTES		16
+#define	XTS_BLK_MASK		(XTS_BLK_BYTES - 1)
+#define	XTS_ALG_INVALID		0
+#define	XTS_ALG_AES		4
+#define	XTS_ALG_CAMELLIA	5
+
+struct xts_ctx {
+	union {
+		camellia_ctx	pctx_camellia;
+		rijndael_ctx	pctx_aes;
+	} o;
+} __aligned(CACHE_LINE_SIZE);
+
+
+typedef void	algop_crypt_t(const struct xts_ctx *ctx, const uint8_t *in, uint8_t *out);
+typedef void	algop_keysetup_t(struct xts_ctx *ctx, const uint8_t *key, uint32_t keybits);
+
+struct xts_alg {
+	algop_crypt_t		*pa_encrypt;
+	algop_crypt_t		*pa_decrypt;
+	algop_keysetup_t	*pa_keysetup;
+	int			pa_id;
+};
+
+void	xts_block_encrypt(const struct xts_alg *alg,
+	    const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx,
+	    uint64_t sector, const uint8_t *xtweak, int len,
+	    const uint8_t *src, uint8_t *dst);
+
+void	xts_block_decrypt(const struct xts_alg *alg,
+	    const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx,
+	    uint64_t sector, const uint8_t *xtweak, int len,
+	    const uint8_t *src, uint8_t *dst);
+
+algop_crypt_t		xts_aes_encrypt;
+algop_crypt_t		xts_aes_decrypt;
+algop_keysetup_t	xts_aes_keysetup;
+
+extern const struct	xts_alg xts_alg_aes;
+
+#endif /*  __XTS_H */
