From owner-svn-soc-all@FreeBSD.ORG Sat Jul 13 17:38:58 2013 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id B035E69D for ; Sat, 13 Jul 2013 17:38:58 +0000 (UTC) (envelope-from def@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) by mx1.freebsd.org (Postfix) with ESMTP id 924B41A89 for ; Sat, 13 Jul 2013 17:38:58 +0000 (UTC) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6DHcwCP009485 for ; Sat, 13 Jul 2013 17:38:58 GMT (envelope-from def@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.14.7/8.14.6/Submit) id r6DHcw7c009468 for svn-soc-all@FreeBSD.org; Sat, 13 Jul 2013 17:38:58 GMT (envelope-from def@FreeBSD.org) Date: Sat, 13 Jul 2013 17:38:58 GMT Message-Id: <201307131738.r6DHcw7c009468@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to def@FreeBSD.org using -f From: def@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r254757 - in soc2013/def/crashdump-head/sys: amd64/conf conf crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jul 2013 17:38:58 -0000 Author: def Date: Sat Jul 13 17:38:58 2013 New Revision: 254757 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=254757 Log: Import XTS implementation from pefs. Compile kernel with ENCRYPT_CRASH option - compile xts.c into kernel. Added: soc2013/def/crashdump-head/sys/crypto/xts.c soc2013/def/crashdump-head/sys/crypto/xts.h Modified: soc2013/def/crashdump-head/sys/amd64/conf/GENERIC soc2013/def/crashdump-head/sys/conf/files soc2013/def/crashdump-head/sys/conf/options Modified: soc2013/def/crashdump-head/sys/amd64/conf/GENERIC ============================================================================== --- soc2013/def/crashdump-head/sys/amd64/conf/GENERIC Sat Jul 13 15:34:37 2013 (r254756) +++ soc2013/def/crashdump-head/sys/amd64/conf/GENERIC Sat Jul 13 17:38:58 2013 (r254757) @@ -339,3 +339,6 @@ device virtio_blk # VirtIO Block device device virtio_scsi # VirtIO SCSI device device virtio_balloon # VirtIO Memory Balloon device + +# Unattended encrypted kernel crash dumps +option ENCRYPT_CRASH Modified: soc2013/def/crashdump-head/sys/conf/files ============================================================================== --- soc2013/def/crashdump-head/sys/conf/files Sat Jul 13 15:34:37 2013 (r254756) +++ soc2013/def/crashdump-head/sys/conf/files Sat Jul 13 17:38:58 2013 (r254757) @@ -546,6 +546,7 @@ netgraph_mppc_encryption | sctp crypto/sha2/sha2.c optional crypto | geom_bde | ipsec | random | \ sctp | zfs +crypto/xts.c optional crypto | encrypt_crash ddb/db_access.c optional ddb ddb/db_break.c optional ddb ddb/db_capture.c optional ddb Modified: soc2013/def/crashdump-head/sys/conf/options ============================================================================== --- soc2013/def/crashdump-head/sys/conf/options Sat Jul 13 15:34:37 2013 (r254756) +++ soc2013/def/crashdump-head/sys/conf/options Sat Jul 13 17:38:58 2013 (r254757) @@ -897,3 +897,6 @@ # Resource Limits RCTL opt_global.h + +# Unattended encrypted kernel crash dumps +ENCRYPT_CRASH opt_crash.h Added: soc2013/def/crashdump-head/sys/crypto/xts.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2013/def/crashdump-head/sys/crypto/xts.c Sat Jul 13 17:38:58 2013 (r254757) @@ -0,0 +1,222 @@ +/* + * Copyright (c) 2007, 2008 University of Tsukuba + * Copyright (c) 2010 Gleb Kurtsou + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of the University of Tsukuba nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include + +#ifdef _KERNEL +#include +#else +#include +#endif + +void +xts_aes_keysetup(struct xts_ctx *ctx, const uint8_t *key, uint32_t keybits) +{ + rijndael_set_key(&ctx->o.pctx_aes, key, keybits); +} + +void +xts_aes_encrypt(const struct xts_ctx *ctx, const uint8_t *in, uint8_t *out) +{ + rijndael_encrypt(&ctx->o.pctx_aes, in, out); +} + +void +xts_aes_decrypt(const struct xts_ctx *ctx, const uint8_t *in, uint8_t *out) +{ + rijndael_decrypt(&ctx->o.pctx_aes, in, out); +} + +const struct xts_alg xts_alg_aes = { + .pa_encrypt = xts_aes_encrypt, + .pa_decrypt = xts_aes_decrypt, + .pa_keysetup = xts_aes_keysetup, + .pa_id = XTS_ALG_AES, +}; + +static __inline void +xor128(void *dst, const void *src1, const void *src2) +{ + const uint64_t *s1 = (const uint64_t *)src1; + const uint64_t *s2 = (const uint64_t *)src2; + uint64_t *d = (uint64_t *)dst; + + d[0] = s1[0] ^ s2[0]; + d[1] = s1[1] ^ s2[1]; +} + +static __inline int +shl128(uint64_t *d, const uint64_t *s) +{ + int c0, c1; + + c0 = s[0] & (1ULL << 63) ? 1 : 0; + c1 = s[1] & (1ULL << 63) ? 1 : 0; + d[0] = s[0] << 1; + d[1] = s[1] << 1 | c0; + + return (c1); +} + +static __inline void +gf_mul128(uint64_t *dst, const uint64_t *src) +{ + static const uint8_t gf_128_fdbk = 0x87; + int carry; + + carry = shl128(dst, src); + if (carry != 0) + ((uint8_t *)dst)[0] ^= gf_128_fdbk; +} + +static __inline void +xts_fullblock(algop_crypt_t *data_crypt, const struct xts_ctx *data_ctx, + uint64_t *tweak, const uint8_t *src, uint8_t *dst) +{ + xor128(dst, src, tweak); + data_crypt(data_ctx, dst, dst); + xor128(dst, dst, tweak); + gf_mul128(tweak, tweak); +} + +static __inline void +xts_lastblock(algop_crypt_t *data_crypt, const struct xts_ctx *data_ctx, + uint64_t *tweak, const uint8_t *src, uint8_t *dst, int len) +{ + uint8_t b[XTS_BLK_BYTES]; + + dst -= XTS_BLK_BYTES; /* m - 1 */ + memcpy(b, dst, XTS_BLK_BYTES); + memcpy(b, src, len); + memcpy(dst + XTS_BLK_BYTES, dst, len); + + xor128(dst, b, tweak); + data_crypt(data_ctx, dst, dst); + xor128(dst, dst, tweak); +} + +static __inline void +xts_smallblock(const struct xts_alg *alg, const struct xts_ctx *data_ctx, + uint64_t *tweak, const uint8_t *src, uint8_t *dst, int len) +{ + uint8_t buf[XTS_BLK_BYTES], *p; + + /* + * Encryption/decryption of sectors smaller then 128 bits is not defined + * by IEEE P1619 standard. + * To work around it encrypt such sector in CTR mode. + * CTR tweak (counter) value is XTS-tweak xor'ed with block length, i.e. + * entire small block has to be reencrypted after length change. + */ + memset(buf, len, XTS_BLK_BYTES); + xor128(buf, buf, tweak); + alg->pa_encrypt(data_ctx, buf, buf); + for (p = buf; len > 0; len--) + *(dst++) = *(src++) ^ *(p++); +} + +static __inline void +xts_start(const struct xts_alg *alg, const struct xts_ctx *tweak_ctx, + uint64_t *tweak, uint64_t sector, const uint8_t *xtweak) +{ + tweak[0] = htole64(sector); + tweak[1] = *((const uint64_t *)xtweak); + + /* encrypt the tweak */ + alg->pa_encrypt(tweak_ctx, (uint8_t *)tweak, (uint8_t *)tweak); +} + +void +xts_block_encrypt(const struct xts_alg *alg, + const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx, + uint64_t sector, const uint8_t *xtweak, int len, + const uint8_t *src, uint8_t *dst) +{ + uint64_t tweak[XTS_BLK_BYTES / 8]; + + xts_start(alg, tweak_ctx, tweak, sector, xtweak); + + if (len < XTS_BLK_BYTES) { + xts_smallblock(alg, data_ctx, tweak, src, dst, len); + return; + } + + while (len >= XTS_BLK_BYTES) { + xts_fullblock(alg->pa_encrypt, data_ctx, tweak, src, dst); + dst += XTS_BLK_BYTES; + src += XTS_BLK_BYTES; + len -= XTS_BLK_BYTES; + } + + if (len != 0) + xts_lastblock(alg->pa_encrypt, data_ctx, tweak, src, dst, len); +} + +void +xts_block_decrypt(const struct xts_alg *alg, + const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx, + uint64_t sector, const uint8_t *xtweak, int len, + const uint8_t *src, uint8_t *dst) +{ + uint64_t tweak[XTS_BLK_BYTES / 8]; + uint64_t prevtweak[XTS_BLK_BYTES / 8]; + + xts_start(alg, tweak_ctx, tweak, sector, xtweak); + + if (len < XTS_BLK_BYTES) { + xts_smallblock(alg, data_ctx, tweak, src, dst, len); + return; + } + + if ((len & XTS_BLK_MASK) != 0) + len -= XTS_BLK_BYTES; + + while (len >= XTS_BLK_BYTES) { + xts_fullblock(alg->pa_decrypt, data_ctx, tweak, src, dst); + dst += XTS_BLK_BYTES; + src += XTS_BLK_BYTES; + len -= XTS_BLK_BYTES; + } + + if (len != 0) { + len += XTS_BLK_BYTES; + prevtweak[0] = tweak[0]; + prevtweak[1] = tweak[1]; + gf_mul128(tweak, tweak); + xts_fullblock(alg->pa_decrypt, data_ctx, tweak, src, dst); + dst += XTS_BLK_BYTES; + src += XTS_BLK_BYTES; + len -= XTS_BLK_BYTES; + xts_lastblock(alg->pa_decrypt, data_ctx, prevtweak, + src, dst, len); + } +} Added: soc2013/def/crashdump-head/sys/crypto/xts.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2013/def/crashdump-head/sys/crypto/xts.h Sat Jul 13 17:38:58 2013 (r254757) @@ -0,0 +1,75 @@ +/*- + * Copyright (c) 2009 Gleb Kurtsou + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef __XTS_H +#define __XTS_H + +#include +#include + +#define XTS_BLK_BYTES 16 +#define XTS_BLK_MASK (XTS_BLK_BYTES - 1) +#define XTS_ALG_INVALID 0 +#define XTS_ALG_AES 4 +#define XTS_ALG_CAMELLIA 5 + +struct xts_ctx { + union { + camellia_ctx pctx_camellia; + rijndael_ctx pctx_aes; + } o; +} __aligned(CACHE_LINE_SIZE); + + +typedef void algop_crypt_t(const struct xts_ctx *ctx, const uint8_t *in, uint8_t *out); +typedef void algop_keysetup_t(struct xts_ctx *ctx, const uint8_t *key, uint32_t keybits); + +struct xts_alg { + algop_crypt_t *pa_encrypt; + algop_crypt_t *pa_decrypt; + algop_keysetup_t *pa_keysetup; + int pa_id; +}; + +void xts_block_encrypt(const struct xts_alg *alg, + const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx, + uint64_t sector, const uint8_t *xtweak, int len, + const uint8_t *src, uint8_t *dst); + +void xts_block_decrypt(const struct xts_alg *alg, + const struct xts_ctx *tweak_ctx, const struct xts_ctx *data_ctx, + uint64_t sector, const uint8_t *xtweak, int len, + const uint8_t *src, uint8_t *dst); + +algop_crypt_t xts_aes_encrypt; +algop_crypt_t xts_aes_decrypt; +algop_keysetup_t xts_aes_keysetup; + +extern const struct xts_alg xts_alg_aes; + +#endif /* __XTS_H */