Index: head/stand/geli/Makefile =================================================================== --- head/stand/geli/Makefile (revision 326442) +++ head/stand/geli/Makefile (revision 326443) @@ -1,56 +1,55 @@ # $FreeBSD$ # libgeliboot MAN= .include MK_SSP= no LIB= geliboot INTERNALLIB= MK_PROFILE= no NO_PIC= .if ${MACHINE_CPUARCH} == "i386" || ${MACHINE_CPUARCH} == "amd64" CFLAGS+= -march=i386 .endif .if ${MACHINE_ARCH} == "amd64" CFLAGS+= -m32 .endif WARNS?= 0 # string functions from libc .PATH: ${SRCTOP}/lib/libc/string SRCS+= bcmp.c bcopy.c bzero.c # Our password input method SRCS+= pwgets.c # sha256 and sha512 from sys/crypto .PATH: ${SYSDIR}/crypto/sha2 CFLAGS+= -DWEAK_REFS SRCS+= sha256c.c sha512c.c # md5 from libmd .PATH: ${SRCTOP}/lib/libmd SRCS+= md5c.c # AES implementation from sys/crypto .PATH: ${SYSDIR}/crypto/rijndael CFLAGS+= -I${LDRSRC} # Remove asserts CFLAGS+= -DNDEBUG SRCS+= rijndael-alg-fst.c rijndael-api-fst.c rijndael-api.c # local GELI Implementation .PATH: ${SYSDIR}/geom/eli -CFLAGS+= -D_STAND SRCS+= geliboot_crypto.c g_eli_hmac.c g_eli_key.c g_eli_key_cache.c pkcs5v2.c # aes .PATH: ${SYSDIR}/opencrypto SRCS+= xform_aes_xts.c .include .include Index: head/sys/geom/eli/pkcs5v2.c =================================================================== --- head/sys/geom/eli/pkcs5v2.c (revision 326442) +++ head/sys/geom/eli/pkcs5v2.c (revision 326443) @@ -1,131 +1,131 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2005 Pawel Jakub Dawidek * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #ifdef _KERNEL #include #include #else #include #include #include #endif #include #include static __inline void xor(uint8_t *dst, const uint8_t *src, size_t size) { for (; size > 0; size--) *dst++ ^= *src++; } void pkcs5v2_genkey(uint8_t *key, unsigned keylen, const uint8_t *salt, size_t saltsize, const char *passphrase, u_int iterations) { uint8_t md[SHA512_MDLEN], saltcount[saltsize + sizeof(uint32_t)]; uint8_t *counter, *keyp; u_int i, bsize, passlen; uint32_t count; struct hmac_ctx startpoint, ctx; passlen = strlen(passphrase); bzero(key, keylen); bcopy(salt, saltcount, saltsize); counter = saltcount + saltsize; keyp = key; for (count = 1; keylen > 0; count++, keylen -= bsize, keyp += bsize) { bsize = MIN(keylen, sizeof(md)); be32enc(counter, count); g_eli_crypto_hmac_init(&startpoint, passphrase, passlen); ctx = startpoint; g_eli_crypto_hmac_update(&ctx, saltcount, sizeof(saltcount)); g_eli_crypto_hmac_final(&ctx, md, sizeof(md)); xor(keyp, md, bsize); for(i = 1; i < iterations; i++) { ctx = startpoint; g_eli_crypto_hmac_update(&ctx, md, sizeof(md)); g_eli_crypto_hmac_final(&ctx, md, sizeof(md)); xor(keyp, md, bsize); } } explicit_bzero(&startpoint, sizeof(startpoint)); explicit_bzero(&ctx, sizeof(ctx)); } #ifndef _KERNEL -#ifndef _STAND +#ifndef _STANDALONE /* * Return the number of microseconds needed for 'interations' iterations. */ static int pkcs5v2_probe(int iterations) { uint8_t key[G_ELI_USERKEYLEN], salt[G_ELI_SALTLEN]; uint8_t passphrase[] = "passphrase"; struct rusage start, end; int usecs; getrusage(RUSAGE_SELF, &start); pkcs5v2_genkey(key, sizeof(key), salt, sizeof(salt), passphrase, iterations); getrusage(RUSAGE_SELF, &end); usecs = end.ru_utime.tv_sec - start.ru_utime.tv_sec; usecs *= 1000000; usecs += end.ru_utime.tv_usec - start.ru_utime.tv_usec; return (usecs); } /* * Return the number of iterations which takes 'usecs' microseconds. */ int pkcs5v2_calculate(int usecs) { int iterations, v; for (iterations = 1; ; iterations <<= 1) { v = pkcs5v2_probe(iterations); if (v > 2000000) break; } return (((intmax_t)iterations * (intmax_t)usecs) / v); } -#endif /* !_STAND */ +#endif /* !_STANDALONE */ #endif /* !_KERNEL */ Index: head/sys/opencrypto/xform_userland.h =================================================================== --- head/sys/opencrypto/xform_userland.h (revision 326442) +++ head/sys/opencrypto/xform_userland.h (revision 326443) @@ -1,48 +1,48 @@ /*- * Copyright (c) 2015 Allan Jude * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _CRYPTO_XFORM_USERLAND_H_ #define _CRYPTO_XFORM_USERLAND_H_ #ifdef _KERNEL #include #define KMALLOC(size, type, flags) malloc(size, type, flags) #define KFREE(ptr, type) free(ptr, type) #else /* not _KERNEL */ -#ifdef _STAND +#ifdef _STANDALONE #include #else /* !_STAND */ #include #include #endif /* _STAND */ #define KMALLOC(size, type, flags) malloc(size) #define KFREE(ptr, type) free(ptr) #endif /* _KERNEL */ #endif /* _CRYPTO_XFORM_USERLAND_H_ */ Index: head/sys/sys/errno.h =================================================================== --- head/sys/sys/errno.h (revision 326442) +++ head/sys/sys/errno.h (revision 326443) @@ -1,208 +1,208 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 1982, 1986, 1989, 1993 * The Regents of the University of California. All rights reserved. * (c) UNIX System Laboratories, Inc. * All or some portions of this file are derived from material licensed * to the University of California by American Telephone and Telegraph * Co. or Unix System Laboratories, Inc. and are reproduced herein with * the permission of UNIX System Laboratories, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)errno.h 8.5 (Berkeley) 1/21/94 * $FreeBSD$ */ #ifndef _SYS_ERRNO_H_ #define _SYS_ERRNO_H_ -#if !defined(_KERNEL) && !defined(_STAND) +#if !defined(_KERNEL) && !defined(_STANDALONE) #include __BEGIN_DECLS int * __error(void); __END_DECLS #define errno (* __error()) #endif #define EPERM 1 /* Operation not permitted */ #define ENOENT 2 /* No such file or directory */ #define ESRCH 3 /* No such process */ #define EINTR 4 /* Interrupted system call */ #define EIO 5 /* Input/output error */ #define ENXIO 6 /* Device not configured */ #define E2BIG 7 /* Argument list too long */ #define ENOEXEC 8 /* Exec format error */ #define EBADF 9 /* Bad file descriptor */ #define ECHILD 10 /* No child processes */ #define EDEADLK 11 /* Resource deadlock avoided */ /* 11 was EAGAIN */ #define ENOMEM 12 /* Cannot allocate memory */ #define EACCES 13 /* Permission denied */ #define EFAULT 14 /* Bad address */ #ifndef _POSIX_SOURCE #define ENOTBLK 15 /* Block device required */ #endif #define EBUSY 16 /* Device busy */ #define EEXIST 17 /* File exists */ #define EXDEV 18 /* Cross-device link */ #define ENODEV 19 /* Operation not supported by device */ #define ENOTDIR 20 /* Not a directory */ #define EISDIR 21 /* Is a directory */ #define EINVAL 22 /* Invalid argument */ #define ENFILE 23 /* Too many open files in system */ #define EMFILE 24 /* Too many open files */ #define ENOTTY 25 /* Inappropriate ioctl for device */ #ifndef _POSIX_SOURCE #define ETXTBSY 26 /* Text file busy */ #endif #define EFBIG 27 /* File too large */ #define ENOSPC 28 /* No space left on device */ #define ESPIPE 29 /* Illegal seek */ #define EROFS 30 /* Read-only filesystem */ #define EMLINK 31 /* Too many links */ #define EPIPE 32 /* Broken pipe */ /* math software */ #define EDOM 33 /* Numerical argument out of domain */ #define ERANGE 34 /* Result too large */ /* non-blocking and interrupt i/o */ #define EAGAIN 35 /* Resource temporarily unavailable */ #ifndef _POSIX_SOURCE #define EWOULDBLOCK EAGAIN /* Operation would block */ #define EINPROGRESS 36 /* Operation now in progress */ #define EALREADY 37 /* Operation already in progress */ /* ipc/network software -- argument errors */ #define ENOTSOCK 38 /* Socket operation on non-socket */ #define EDESTADDRREQ 39 /* Destination address required */ #define EMSGSIZE 40 /* Message too long */ #define EPROTOTYPE 41 /* Protocol wrong type for socket */ #define ENOPROTOOPT 42 /* Protocol not available */ #define EPROTONOSUPPORT 43 /* Protocol not supported */ #define ESOCKTNOSUPPORT 44 /* Socket type not supported */ #define EOPNOTSUPP 45 /* Operation not supported */ #define ENOTSUP EOPNOTSUPP /* Operation not supported */ #define EPFNOSUPPORT 46 /* Protocol family not supported */ #define EAFNOSUPPORT 47 /* Address family not supported by protocol family */ #define EADDRINUSE 48 /* Address already in use */ #define EADDRNOTAVAIL 49 /* Can't assign requested address */ /* ipc/network software -- operational errors */ #define ENETDOWN 50 /* Network is down */ #define ENETUNREACH 51 /* Network is unreachable */ #define ENETRESET 52 /* Network dropped connection on reset */ #define ECONNABORTED 53 /* Software caused connection abort */ #define ECONNRESET 54 /* Connection reset by peer */ #define ENOBUFS 55 /* No buffer space available */ #define EISCONN 56 /* Socket is already connected */ #define ENOTCONN 57 /* Socket is not connected */ #define ESHUTDOWN 58 /* Can't send after socket shutdown */ #define ETOOMANYREFS 59 /* Too many references: can't splice */ #define ETIMEDOUT 60 /* Operation timed out */ #define ECONNREFUSED 61 /* Connection refused */ #define ELOOP 62 /* Too many levels of symbolic links */ #endif /* _POSIX_SOURCE */ #define ENAMETOOLONG 63 /* File name too long */ /* should be rearranged */ #ifndef _POSIX_SOURCE #define EHOSTDOWN 64 /* Host is down */ #define EHOSTUNREACH 65 /* No route to host */ #endif /* _POSIX_SOURCE */ #define ENOTEMPTY 66 /* Directory not empty */ /* quotas & mush */ #ifndef _POSIX_SOURCE #define EPROCLIM 67 /* Too many processes */ #define EUSERS 68 /* Too many users */ #define EDQUOT 69 /* Disc quota exceeded */ /* Network File System */ #define ESTALE 70 /* Stale NFS file handle */ #define EREMOTE 71 /* Too many levels of remote in path */ #define EBADRPC 72 /* RPC struct is bad */ #define ERPCMISMATCH 73 /* RPC version wrong */ #define EPROGUNAVAIL 74 /* RPC prog. not avail */ #define EPROGMISMATCH 75 /* Program version wrong */ #define EPROCUNAVAIL 76 /* Bad procedure for program */ #endif /* _POSIX_SOURCE */ #define ENOLCK 77 /* No locks available */ #define ENOSYS 78 /* Function not implemented */ #ifndef _POSIX_SOURCE #define EFTYPE 79 /* Inappropriate file type or format */ #define EAUTH 80 /* Authentication error */ #define ENEEDAUTH 81 /* Need authenticator */ #define EIDRM 82 /* Identifier removed */ #define ENOMSG 83 /* No message of desired type */ #define EOVERFLOW 84 /* Value too large to be stored in data type */ #define ECANCELED 85 /* Operation canceled */ #define EILSEQ 86 /* Illegal byte sequence */ #define ENOATTR 87 /* Attribute not found */ #define EDOOFUS 88 /* Programming error */ #endif /* _POSIX_SOURCE */ #define EBADMSG 89 /* Bad message */ #define EMULTIHOP 90 /* Multihop attempted */ #define ENOLINK 91 /* Link has been severed */ #define EPROTO 92 /* Protocol error */ #ifndef _POSIX_SOURCE #define ENOTCAPABLE 93 /* Capabilities insufficient */ #define ECAPMODE 94 /* Not permitted in capability mode */ #define ENOTRECOVERABLE 95 /* State not recoverable */ #define EOWNERDEAD 96 /* Previous owner died */ #endif /* _POSIX_SOURCE */ #ifndef _POSIX_SOURCE #define ELAST 96 /* Must be equal largest errno */ #endif /* _POSIX_SOURCE */ #if defined(_KERNEL) || defined(_WANT_KERNEL_ERRNO) /* pseudo-errors returned inside kernel to modify return to process */ #define ERESTART (-1) /* restart syscall */ #define EJUSTRETURN (-2) /* don't modify regs, just return */ #define ENOIOCTL (-3) /* ioctl not handled by this layer */ #define EDIRIOCTL (-4) /* do direct ioctl in GEOM */ #define ERELOOKUP (-5) /* retry the directory lookup */ #endif #ifndef _KERNEL #if __EXT1_VISIBLE /* ISO/IEC 9899:2011 K.3.2.2 */ #ifndef _ERRNO_T_DEFINED #define _ERRNO_T_DEFINED typedef int errno_t; #endif #endif /* __EXT1_VISIBLE */ #endif #endif