Changeset View
Changeset View
Standalone View
Standalone View
head/sys/geom/eli/g_eli.c
Show First 20 Lines • Show All 1,120 Lines • ▼ Show 20 Lines | g_eli_keyfiles_clear(const char *provider) | ||||
for (i = 0; ; i++) { | for (i = 0; ; i++) { | ||||
snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); | snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); | ||||
keyfile = preload_search_by_type(name); | keyfile = preload_search_by_type(name); | ||||
if (keyfile == NULL) | if (keyfile == NULL) | ||||
return; | return; | ||||
data = preload_fetch_addr(keyfile); | data = preload_fetch_addr(keyfile); | ||||
size = preload_fetch_size(keyfile); | size = preload_fetch_size(keyfile); | ||||
if (data != NULL && size != 0) | if (data != NULL && size != 0) | ||||
bzero(data, size); | explicit_bzero(data, size); | ||||
} | } | ||||
} | } | ||||
/* | /* | ||||
* Tasting is only made on boot. | * Tasting is only made on boot. | ||||
* We detect providers which should be attached before root is mounted. | * We detect providers which should be attached before root is mounted. | ||||
*/ | */ | ||||
static struct g_geom * | static struct g_geom * | ||||
▲ Show 20 Lines • Show All 118 Lines • ▼ Show 20 Lines | tries = g_eli_tries; | ||||
g_eli_crypto_hmac_update(&ctx, passphrase, | g_eli_crypto_hmac_update(&ctx, passphrase, | ||||
strlen(passphrase)); | strlen(passphrase)); | ||||
explicit_bzero(passphrase, sizeof(passphrase)); | explicit_bzero(passphrase, sizeof(passphrase)); | ||||
} else if (md.md_iterations > 0) { | } else if (md.md_iterations > 0) { | ||||
u_char dkey[G_ELI_USERKEYLEN]; | u_char dkey[G_ELI_USERKEYLEN]; | ||||
pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, | pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, | ||||
sizeof(md.md_salt), passphrase, md.md_iterations); | sizeof(md.md_salt), passphrase, md.md_iterations); | ||||
bzero(passphrase, sizeof(passphrase)); | explicit_bzero(passphrase, sizeof(passphrase)); | ||||
g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); | g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); | ||||
explicit_bzero(dkey, sizeof(dkey)); | explicit_bzero(dkey, sizeof(dkey)); | ||||
} | } | ||||
g_eli_crypto_hmac_final(&ctx, key, 0); | g_eli_crypto_hmac_final(&ctx, key, 0); | ||||
/* | /* | ||||
* Decrypt Master-Key. | * Decrypt Master-Key. | ||||
*/ | */ | ||||
error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey); | error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey); | ||||
bzero(key, sizeof(key)); | explicit_bzero(key, sizeof(key)); | ||||
if (error == -1) { | if (error == -1) { | ||||
if (i == tries) { | if (i == tries) { | ||||
G_ELI_DEBUG(0, | G_ELI_DEBUG(0, | ||||
"Wrong key for %s. No tries left.", | "Wrong key for %s. No tries left.", | ||||
pp->name); | pp->name); | ||||
g_eli_keyfiles_clear(pp->name); | g_eli_keyfiles_clear(pp->name); | ||||
return (NULL); | return (NULL); | ||||
} | } | ||||
Show All 16 Lines | tries = g_eli_tries; | ||||
break; | break; | ||||
} | } | ||||
have_key: | have_key: | ||||
/* | /* | ||||
* We have correct key, let's attach provider. | * We have correct key, let's attach provider. | ||||
*/ | */ | ||||
gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey); | gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey); | ||||
bzero(mkey, sizeof(mkey)); | explicit_bzero(mkey, sizeof(mkey)); | ||||
bzero(&md, sizeof(md)); | explicit_bzero(&md, sizeof(md)); | ||||
if (gp == NULL) { | if (gp == NULL) { | ||||
G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name, | G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name, | ||||
G_ELI_SUFFIX); | G_ELI_SUFFIX); | ||||
return (NULL); | return (NULL); | ||||
} | } | ||||
return (gp); | return (gp); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 135 Lines • Show Last 20 Lines |