Changeset View
Changeset View
Standalone View
Standalone View
head/sys/geom/eli/g_eli.c
| Show First 20 Lines • Show All 1,120 Lines • ▼ Show 20 Lines | g_eli_keyfiles_clear(const char *provider) | ||||
| for (i = 0; ; i++) { | for (i = 0; ; i++) { | ||||
| snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); | snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); | ||||
| keyfile = preload_search_by_type(name); | keyfile = preload_search_by_type(name); | ||||
| if (keyfile == NULL) | if (keyfile == NULL) | ||||
| return; | return; | ||||
| data = preload_fetch_addr(keyfile); | data = preload_fetch_addr(keyfile); | ||||
| size = preload_fetch_size(keyfile); | size = preload_fetch_size(keyfile); | ||||
| if (data != NULL && size != 0) | if (data != NULL && size != 0) | ||||
| bzero(data, size); | explicit_bzero(data, size); | ||||
| } | } | ||||
| } | } | ||||
| /* | /* | ||||
| * Tasting is only made on boot. | * Tasting is only made on boot. | ||||
| * We detect providers which should be attached before root is mounted. | * We detect providers which should be attached before root is mounted. | ||||
| */ | */ | ||||
| static struct g_geom * | static struct g_geom * | ||||
| ▲ Show 20 Lines • Show All 118 Lines • ▼ Show 20 Lines | tries = g_eli_tries; | ||||
| g_eli_crypto_hmac_update(&ctx, passphrase, | g_eli_crypto_hmac_update(&ctx, passphrase, | ||||
| strlen(passphrase)); | strlen(passphrase)); | ||||
| explicit_bzero(passphrase, sizeof(passphrase)); | explicit_bzero(passphrase, sizeof(passphrase)); | ||||
| } else if (md.md_iterations > 0) { | } else if (md.md_iterations > 0) { | ||||
| u_char dkey[G_ELI_USERKEYLEN]; | u_char dkey[G_ELI_USERKEYLEN]; | ||||
| pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, | pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, | ||||
| sizeof(md.md_salt), passphrase, md.md_iterations); | sizeof(md.md_salt), passphrase, md.md_iterations); | ||||
| bzero(passphrase, sizeof(passphrase)); | explicit_bzero(passphrase, sizeof(passphrase)); | ||||
| g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); | g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); | ||||
| explicit_bzero(dkey, sizeof(dkey)); | explicit_bzero(dkey, sizeof(dkey)); | ||||
| } | } | ||||
| g_eli_crypto_hmac_final(&ctx, key, 0); | g_eli_crypto_hmac_final(&ctx, key, 0); | ||||
| /* | /* | ||||
| * Decrypt Master-Key. | * Decrypt Master-Key. | ||||
| */ | */ | ||||
| error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey); | error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey); | ||||
| bzero(key, sizeof(key)); | explicit_bzero(key, sizeof(key)); | ||||
| if (error == -1) { | if (error == -1) { | ||||
| if (i == tries) { | if (i == tries) { | ||||
| G_ELI_DEBUG(0, | G_ELI_DEBUG(0, | ||||
| "Wrong key for %s. No tries left.", | "Wrong key for %s. No tries left.", | ||||
| pp->name); | pp->name); | ||||
| g_eli_keyfiles_clear(pp->name); | g_eli_keyfiles_clear(pp->name); | ||||
| return (NULL); | return (NULL); | ||||
| } | } | ||||
| Show All 16 Lines | tries = g_eli_tries; | ||||
| break; | break; | ||||
| } | } | ||||
| have_key: | have_key: | ||||
| /* | /* | ||||
| * We have correct key, let's attach provider. | * We have correct key, let's attach provider. | ||||
| */ | */ | ||||
| gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey); | gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey); | ||||
| bzero(mkey, sizeof(mkey)); | explicit_bzero(mkey, sizeof(mkey)); | ||||
| bzero(&md, sizeof(md)); | explicit_bzero(&md, sizeof(md)); | ||||
| if (gp == NULL) { | if (gp == NULL) { | ||||
| G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name, | G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name, | ||||
| G_ELI_SUFFIX); | G_ELI_SUFFIX); | ||||
| return (NULL); | return (NULL); | ||||
| } | } | ||||
| return (gp); | return (gp); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 135 Lines • Show Last 20 Lines | |||||