Edit
IABSD.fr/src/sys/uvm/uvm_swap_encrypt.c
jsg
- sys/uvm/uvm_swap_encrypt.c
-
/* $OpenBSD: uvm_swap_encrypt.c,v 1.24 2021/03/12 14:15:49 jsg Exp $ */ /* * Copyright 1999 Niels Provos <provos@citi.umich.edu> * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Niels Provos. * 4. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> #include <sys/malloc.h> #include <sys/sysctl.h> #include <sys/time.h> #include <crypto/rijndael.h> #include <uvm/uvm.h> #include <uvm/uvm_swap_encrypt.h> struct swap_key *kcur = NULL; rijndael_ctx swap_ctxt; int uvm_doswapencrypt = 1; u_int uvm_swpkeyscreated = 0; u_int uvm_swpkeysdeleted = 0; int swap_encrypt_initialized = 0; int swap_encrypt_ctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen, struct proc *p) { /* all sysctl names at this level are terminal */ if (namelen != 1) return (ENOTDIR); /* overloaded */ switch (name[0]) { case SWPENC_ENABLE: { int doencrypt = uvm_doswapencrypt; int result; result = sysctl_int_bounded(oldp, oldlenp, newp, newlen, &doencrypt, 0, 1); if (result) return result; /* * Swap Encryption has been turned on, we need to * initialize state for swap devices that have been * added. */ if (doencrypt) uvm_swap_initcrypt_all(); uvm_doswapencrypt = doencrypt; return (0); } case SWPENC_CREATED: return (sysctl_rdint(oldp, oldlenp, newp, uvm_swpkeyscreated)); case SWPENC_DELETED: return (sysctl_rdint(oldp, oldlenp, newp, uvm_swpkeysdeleted)); default: return (EOPNOTSUPP); } /* NOTREACHED */ } void swap_key_create(struct swap_key *key) { arc4random_buf(key->key, sizeof(key->key)); uvm_swpkeyscreated++; } void swap_key_delete(struct swap_key *key) { /* Make sure that this key gets removed if we just used it */ swap_key_cleanup(key); explicit_bzero(key, sizeof(*key)); uvm_swpkeysdeleted++; } /* * Encrypt the data before it goes to swap, the size should be 64-bit * aligned. */ void swap_encrypt(struct swap_key *key, caddr_t src, caddr_t dst, u_int64_t block, size_t count) { u_int32_t *dsrc = (u_int32_t *)src; u_int32_t *ddst = (u_int32_t *)dst; u_int32_t iv[4]; u_int32_t iv1, iv2, iv3, iv4; if (!swap_encrypt_initialized) swap_encrypt_initialized = 1; swap_key_prepare(key, 1); count /= sizeof(u_int32_t); iv[0] = block >> 32; iv[1] = block; iv[2] = ~iv[0]; iv[3] = ~iv[1]; rijndael_encrypt(&swap_ctxt, (u_char *)iv, (u_char *)iv); iv1 = iv[0]; iv2 = iv[1]; iv3 = iv[2]; iv4 = iv[3]; for (; count > 0; count -= 4) { ddst[0] = dsrc[0] ^ iv1; ddst[1] = dsrc[1] ^ iv2; ddst[2] = dsrc[2] ^ iv3; ddst[3] = dsrc[3] ^ iv4; /* * Do not worry about endianness, it only needs to decrypt * on this machine. */ rijndael_encrypt(&swap_ctxt, (u_char *)ddst, (u_char *)ddst); iv1 = ddst[0]; iv2 = ddst[1]; iv3 = ddst[2]; iv4 = ddst[3]; dsrc += 4; ddst += 4; } } /* * Decrypt the data after we retrieved it from swap, the size should be 64-bit * aligned. */ void swap_decrypt(struct swap_key *key, caddr_t src, caddr_t dst, u_int64_t block, size_t count) { u_int32_t *dsrc = (u_int32_t *)src; u_int32_t *ddst = (u_int32_t *)dst; u_int32_t iv[4]; u_int32_t iv1, iv2, iv3, iv4, niv1, niv2, niv3, niv4; if (!swap_encrypt_initialized) panic("swap_decrypt: key not initialized"); swap_key_prepare(key, 0); count /= sizeof(u_int32_t); iv[0] = block >> 32; iv[1] = block; iv[2] = ~iv[0]; iv[3] = ~iv[1]; rijndael_encrypt(&swap_ctxt, (u_char *)iv, (u_char *)iv); iv1 = iv[0]; iv2 = iv[1]; iv3 = iv[2]; iv4 = iv[3]; for (; count > 0; count -= 4) { ddst[0] = niv1 = dsrc[0]; ddst[1] = niv2 = dsrc[1]; ddst[2] = niv3 = dsrc[2]; ddst[3] = niv4 = dsrc[3]; rijndael_decrypt(&swap_ctxt, (u_char *)ddst, (u_char *)ddst); ddst[0] ^= iv1; ddst[1] ^= iv2; ddst[2] ^= iv3; ddst[3] ^= iv4; iv1 = niv1; iv2 = niv2; iv3 = niv3; iv4 = niv4; dsrc += 4; ddst += 4; } } void swap_key_prepare(struct swap_key *key, int encrypt) { /* * Check if we have prepared for this key already, * if we only have the encryption schedule, we have * to recompute and get the decryption schedule also. */ if (kcur == key && (encrypt || !swap_ctxt.enc_only)) return; if (encrypt) rijndael_set_key_enc_only(&swap_ctxt, (u_char *)key->key, sizeof(key->key) * 8); else rijndael_set_key(&swap_ctxt, (u_char *)key->key, sizeof(key->key) * 8); kcur = key; } /* * Make sure that a specific key is no longer available. */ void swap_key_cleanup(struct swap_key *key) { /* Check if we have a key */ if (kcur == NULL || kcur != key) return; /* Zero out the subkeys */ explicit_bzero(&swap_ctxt, sizeof(swap_ctxt)); kcur = NULL; }