root/uvm/uvm_swap_encrypt.c

DEFINITIONS

1. swap_encrypt_ctl
2. swap_key_create
3. swap_key_delete
4. swap_encrypt
5. swap_decrypt
6. swap_key_prepare
7. swap_key_cleanup

    1 /*      $OpenBSD: uvm_swap_encrypt.c,v 1.14 2005/03/26 16:06:46 deraadt Exp $   */
    3 /*
    4  * Copyright 1999 Niels Provos <provos@citi.umich.edu>
    5  * All rights reserved.
    6  *
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  * 1. Redistributions of source code must retain the above copyright
   11  *    notice, this list of conditions and the following disclaimer.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *    notice, this list of conditions and the following disclaimer in the
   14  *    documentation and/or other materials provided with the distribution.
   15  * 3. All advertising materials mentioning features or use of this software
   16  *    must display the following acknowledgement:
   17  *      This product includes software developed by Niels Provos.
   18  * 4. The name of the author may not be used to endorse or promote products
   19  *    derived from this software without specific prior written permission.
   20  *
   21  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   22  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   23  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   24  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   26  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   30  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   31  */
   33 #include <sys/param.h>
   34 #include <sys/systm.h>
   35 #include <sys/kernel.h>
   36 #include <sys/malloc.h>
   37 #include <sys/sysctl.h>
   38 #include <sys/time.h>
   39 #include <sys/conf.h>
   40 #include <dev/rndvar.h>
   41 #include <crypto/rijndael.h>
   43 #include <uvm/uvm.h>
   45 struct swap_key *kcur = NULL;
rijndael_ctx swap_ctxt;
   48 int uvm_doswapencrypt = 1;
u_int uvm_swpkeyscreated = 0;
u_int uvm_swpkeysdeleted = 0;
   52 int swap_encrypt_initialized = 0;
   54 int
swap_encrypt_ctl(int *name, u_int namelen, void *oldp, size_t *oldlenp,
   56     void *newp, size_t newlen, struct proc *p)
   57 {
   58         /* all sysctl names at this level are terminal */
   59         if (namelen != 1)
   60                 return (ENOTDIR);               /* overloaded */
   62         switch (name[0]) {
   63         case SWPENC_ENABLE: {
   64                 int doencrypt = uvm_doswapencrypt;
   65                 int result;
result = sysctl_int(oldp, oldlenp, newp, newlen, &doencrypt);
   68                 if (result)
   69                         return result;
   71                 /*
   72                  * Swap Encryption has been turned on, we need to
   73                  * initialize state for swap devices that have been
   74                  * added.
   75                  */
   76                 if (doencrypt)
uvm_swap_initcrypt_all();
uvm_doswapencrypt = doencrypt;
   79                 return (0);
   80         }
   81         case SWPENC_CREATED:
   82                 return (sysctl_rdint(oldp, oldlenp, newp, uvm_swpkeyscreated));
   83         case SWPENC_DELETED:
   84                 return (sysctl_rdint(oldp, oldlenp, newp, uvm_swpkeysdeleted));
   85         default:
   86                 return (EOPNOTSUPP);
   87         }
   88         /* NOTREACHED */
   89 }
   91 void
swap_key_create(struct swap_key *key)
   93 {
   94         int i;
u_int32_t *p = key->key;
key->refcount = 0;
   98         for (i = 0; i < sizeof(key->key) / sizeof(u_int32_t); i++)
   99                 *p++ = arc4random();
uvm_swpkeyscreated++;
  102 }
  104 void
swap_key_delete(struct swap_key *key)
  106 {
  107         /* Make sure that this key gets removed if we just used it */
swap_key_cleanup(key);
memset(key, 0, sizeof(*key));
uvm_swpkeysdeleted++;
  112 }
  114 /*
  115  * Encrypt the data before it goes to swap, the size should be 64-bit
  116  * aligned.
  117  */
  119 void
swap_encrypt(struct swap_key *key, caddr_t src, caddr_t dst, u_int64_t block,
size_t count)
  122 {
u_int32_t *dsrc = (u_int32_t *)src;
u_int32_t *ddst = (u_int32_t *)dst;
u_int32_t iv[4];
u_int32_t iv1, iv2, iv3, iv4;
  128         if (!swap_encrypt_initialized)
swap_encrypt_initialized = 1;
swap_key_prepare(key, 1);
count /= sizeof(u_int32_t);
iv[0] = block >> 32; iv[1] = block; iv[2] = ~iv[0]; iv[3] = ~iv[1];
rijndael_encrypt(&swap_ctxt, (u_char *)iv, (u_char *)iv); 
iv1 = iv[0]; iv2 = iv[1]; iv3 = iv[2]; iv4 = iv[3];
  139         for (; count > 0; count -= 4) {
ddst[0] = dsrc[0] ^ iv1;
ddst[1] = dsrc[1] ^ iv2;
ddst[2] = dsrc[2] ^ iv3;
ddst[3] = dsrc[3] ^ iv4;
  144                 /*
  145                  * Do not worry about endianess, it only needs to decrypt
  146                  * on this machine.
  147                  */
rijndael_encrypt(&swap_ctxt, (u_char *)ddst, (u_char *)ddst);
iv1 = ddst[0];
iv2 = ddst[1];
iv3 = ddst[2];
iv4 = ddst[3];
dsrc += 4;
ddst += 4;
  156         }
  157 }
  159 /*
  160  * Decrypt the data after we retrieved it from swap, the size should be 64-bit
  161  * aligned.
  162  */
  164 void
swap_decrypt(struct swap_key *key, caddr_t src, caddr_t dst, u_int64_t block,
size_t count)
  167 {
u_int32_t *dsrc = (u_int32_t *)src;
u_int32_t *ddst = (u_int32_t *)dst;
u_int32_t iv[4];
u_int32_t iv1, iv2, iv3, iv4, niv1, niv2, niv3, niv4;
  173         if (!swap_encrypt_initialized)
panic("swap_decrypt: key not initialized");
swap_key_prepare(key, 0);
count /= sizeof(u_int32_t);
iv[0] = block >> 32; iv[1] = block; iv[2] = ~iv[0]; iv[3] = ~iv[1];
rijndael_encrypt(&swap_ctxt, (u_char *)iv, (u_char *)iv); 
iv1 = iv[0]; iv2 = iv[1]; iv3 = iv[2]; iv4 = iv[3];
  184         for (; count > 0; count -= 4) {
ddst[0] = niv1 = dsrc[0];
ddst[1] = niv2 = dsrc[1];
ddst[2] = niv3 = dsrc[2];
ddst[3] = niv4 = dsrc[3];
rijndael_decrypt(&swap_ctxt, (u_char *)ddst, (u_char *)ddst);
ddst[0] ^= iv1;
ddst[1] ^= iv2;
ddst[2] ^= iv3;
ddst[3] ^= iv4;
iv1 = niv1;
iv2 = niv2;
iv3 = niv3;
iv4 = niv4;
dsrc += 4;
ddst += 4;
  202         }
  203 }
  205 void
swap_key_prepare(struct swap_key *key, int encrypt)
  207 {
  208         /*
  209          * Check if we have prepared for this key already,
  210          * if we only have the encryption schedule, we have
  211          * to recompute and get the decryption schedule also.
  212          */
  213         if (kcur == key && (encrypt || !swap_ctxt.enc_only))
  214                 return;
  216         if (encrypt)
rijndael_set_key_enc_only(&swap_ctxt, (u_char *)key->key,
  218                     sizeof(key->key) * 8);
  219         else
rijndael_set_key(&swap_ctxt, (u_char *)key->key,
  221                     sizeof(key->key) * 8);
kcur = key;
  224 }
  226 /*
  227  * Make sure that a specific key is no longer available.
  228  */
  230 void
swap_key_cleanup(struct swap_key *key)
  232 {
  233         /* Check if we have a key */
  234         if (kcur == NULL || kcur != key)
  235                 return;
  237         /* Zero out the subkeys */
memset(&swap_ctxt, 0, sizeof(swap_ctxt));
kcur = NULL;
  241 }