Page MenuHomeFreeBSD
Differential D36576 Diff 110568 stand/libsa/geli/geliboot.c

Changeset View

Standalone View

View Options

stand/libsa/geli/geliboot.c

Show All 35 Linesstruct known_dev {
char name[GELIDEV_NAMELEN]; char name[GELIDEV_NAMELEN];
struct geli_dev *gdev; struct geli_dev *gdev;
SLIST_ENTRY(known_dev) entries; SLIST_ENTRY(known_dev) entries;
}; };
SLIST_HEAD(known_dev_list, known_dev) known_devs_head = SLIST_HEAD(known_dev_list, known_dev) known_devs_head =
SLIST_HEAD_INITIALIZER(known_devs_head); SLIST_HEAD_INITIALIZER(known_devs_head);
static geli_ukey saved_keys[GELI_MAX_KEYS]; #define GELI_SAVED_KEYS_SIZE (GELI_MAX_KEYS * sizeof(geli_ukey))
static geli_ukey *saved_keys;
static unsigned int nsaved_keys = 0; static unsigned int nsaved_keys = 0;
/* /*
* Copy keys from local storage to the keybuf struct. * Copy keys from local storage to the keybuf struct.
* Destroy the local storage when finished. * Destroy the local storage when finished.
*/ */
void void
geli_export_key_buffer(struct keybuf *fkeybuf) geli_export_key_buffer(struct keybuf *fkeybuf)
{ {
unsigned int i; unsigned int i;
for (i = 0; i < nsaved_keys; i++) { for (i = 0; i < nsaved_keys; i++) {
fkeybuf->kb_ents[i].ke_type = KEYBUF_TYPE_GELI; fkeybuf->kb_ents[i].ke_type = KEYBUF_TYPE_GELI;
memcpy(fkeybuf->kb_ents[i].ke_data, saved_keys[i], memcpy(fkeybuf->kb_ents[i].ke_data, saved_keys[i],
G_ELI_USERKEYLEN); G_ELI_USERKEYLEN);
} }
fkeybuf->kb_nents = nsaved_keys; fkeybuf->kb_nents = nsaved_keys;
explicit_bzero(saved_keys, sizeof(saved_keys)); explicit_bzero(saved_keys, GELI_SAVED_KEYS_SIZE);
} }
/* /*
* Copy keys from a keybuf struct into local storage. * Copy keys from a keybuf struct into local storage.
* Zero out the keybuf. * Zero out the keybuf.
*/ */
void void
geli_import_key_buffer(struct keybuf *skeybuf) geli_import_key_buffer(struct keybuf *skeybuf)
{ {
unsigned int i; unsigned int i;
if (saved_keys == NULL)
saved_keys = calloc(1, GELI_SAVED_KEYS_SIZE);
for (i = 0; i < skeybuf->kb_nents && i < GELI_MAX_KEYS; i++) { for (i = 0; i < skeybuf->kb_nents && i < GELI_MAX_KEYS; i++) {
memcpy(saved_keys[i], skeybuf->kb_ents[i].ke_data, memcpy(saved_keys[i], skeybuf->kb_ents[i].ke_data,
G_ELI_USERKEYLEN); G_ELI_USERKEYLEN);
explicit_bzero(skeybuf->kb_ents[i].ke_data, explicit_bzero(skeybuf->kb_ents[i].ke_data,
G_ELI_USERKEYLEN); G_ELI_USERKEYLEN);
skeybuf->kb_ents[i].ke_type = KEYBUF_TYPE_NONE; skeybuf->kb_ents[i].ke_type = KEYBUF_TYPE_NONE;
} }
nsaved_keys = skeybuf->kb_nents; nsaved_keys = skeybuf->kb_nents;
skeybuf->kb_nents = 0; skeybuf->kb_nents = 0;
} }
void void
geli_add_key(geli_ukey key) geli_add_key(geli_ukey key)
{ {
/* /*
* If we run out of key space, the worst that will happen is * If we run out of key space, the worst that will happen is
* it will ask the user for the password again. * it will ask the user for the password again.
*/ */
if (saved_keys == NULL)
saved_keys = calloc(1, GELI_SAVED_KEYS_SIZE);
if (nsaved_keys < GELI_MAX_KEYS) { if (nsaved_keys < GELI_MAX_KEYS) {
memcpy(saved_keys[nsaved_keys], key, G_ELI_USERKEYLEN); memcpy(saved_keys[nsaved_keys], key, G_ELI_USERKEYLEN);
nsaved_keys++; nsaved_keys++;
} }
} }
static int static int
geli_findkey(struct geli_dev *gdev, u_char *mkey) geli_findkey(struct geli_dev *gdev, u_char *mkey)
{ {
u_int keynum; u_int keynum;
int i; int i;
/* XXX should we check that gdev->keybuf_slot < nsaved_keys ? */
if (gdev->keybuf_slot >= 0) { if (gdev->keybuf_slot >= 0) {
if (g_eli_mkey_decrypt_any(&gdev->md, saved_keys[gdev->keybuf_slot], if (g_eli_mkey_decrypt_any(&gdev->md, saved_keys[gdev->keybuf_slot],
mkey, &keynum) == 0) { mkey, &keynum) == 0) {
return (0); return (0);
} }
} }
for (i = 0; i < nsaved_keys; i++) { for (i = 0; i < nsaved_keys; i++) {
▲ Show 20 LinesShow All 288 LinesShow Last 20 Lines