summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2000-05-26 15:18:30 +0000
committerNiels Provos <provos@cvs.openbsd.org>2000-05-26 15:18:30 +0000
commit1c568619bea108353fc15db2ed86f63489561a9b (patch)
tree90c930143e3c16d155a0926884d49fad0b25bc09 /sys
parent1b77450cc05780590e0f5a75dd6b82b3e066db5b (diff)
use encrypted blocknumber as IV
Diffstat (limited to 'sys')
-rw-r--r--sys/uvm/uvm_swap.c10
-rw-r--r--sys/uvm/uvm_swap_encrypt.c14
-rw-r--r--sys/uvm/uvm_swap_encrypt.h4
3 files changed, 20 insertions, 8 deletions
diff --git a/sys/uvm/uvm_swap.c b/sys/uvm/uvm_swap.c
index a96536cc9ba..ae519285c46 100644
--- a/sys/uvm/uvm_swap.c
+++ b/sys/uvm/uvm_swap.c
@@ -1943,6 +1943,7 @@ uvm_swap_io(pps, startslot, npages, flags)
if ((flags & B_READ) == 0) {
int i, opages;
caddr_t src, dst;
+ u_int64_t block;
/*
* Check if we need to do swap encryption on old pages.
@@ -1969,12 +1970,14 @@ uvm_swap_io(pps, startslot, npages, flags)
src = (caddr_t) kva;
dst = (caddr_t) dstkva;
+ block = startblk;
for (i = 0; i < npages; i++) {
/* mark for async writes */
tpps[i]->pqflags |= PQ_ENCRYPT;
- swap_encrypt(src, dst, 1 << PAGE_SHIFT);
+ swap_encrypt(src, dst, block, 1 << PAGE_SHIFT);
src += 1 << PAGE_SHIFT;
dst += 1 << PAGE_SHIFT;
+ block += btodb(1 << PAGE_SHIFT);
}
uvm_pagermapout(kva, npages);
@@ -2117,11 +2120,14 @@ uvm_swap_io(pps, startslot, npages, flags)
(bp->b_flags & B_READ) && !(bp->b_flags & B_ERROR)) {
int i;
caddr_t data = bp->b_data;
+ u_int64_t block = startblk;
for (i = 0; i < npages; i++) {
/* Check if we need to decrypt */
if (uvm_swap_needdecrypt(sdp, startslot + i))
- swap_decrypt(data, data, 1 << PAGE_SHIFT);
+ swap_decrypt(data, data, block,
+ 1 << PAGE_SHIFT);
data += 1 << PAGE_SHIFT;
+ block += btodb(1 << PAGE_SHIFT);
}
}
#endif
diff --git a/sys/uvm/uvm_swap_encrypt.c b/sys/uvm/uvm_swap_encrypt.c
index c09a9b027b0..c995bef8240 100644
--- a/sys/uvm/uvm_swap_encrypt.c
+++ b/sys/uvm/uvm_swap_encrypt.c
@@ -66,10 +66,11 @@ swap_encrypt_init(caddr_t data, size_t len)
*/
void
-swap_encrypt(caddr_t src, caddr_t dst, size_t count)
+swap_encrypt(caddr_t src, caddr_t dst, u_int64_t block, size_t count)
{
u_int32_t *dsrc = (u_int32_t *)src;
u_int32_t *ddst = (u_int32_t *)dst;
+ u_int32_t iv[2];
u_int32_t iv1, iv2;
if (!swap_encrypt_initalized)
@@ -77,7 +78,9 @@ swap_encrypt(caddr_t src, caddr_t dst, size_t count)
count /= sizeof(u_int32_t);
- iv1 = iv2 = 0;
+ iv[0] = block >> 32; iv[1] = block;
+ Blowfish_encipher(&swap_key, iv);
+ iv1 = iv[0]; iv2 = iv[1];
for (; count > 0; count -= 2) {
ddst[0] = dsrc[0] ^ iv1;
ddst[1] = dsrc[1] ^ iv2;
@@ -99,10 +102,11 @@ swap_encrypt(caddr_t src, caddr_t dst, size_t count)
*/
void
-swap_decrypt(caddr_t src, caddr_t dst, size_t count)
+swap_decrypt(caddr_t src, caddr_t dst, u_int64_t block, size_t count)
{
u_int32_t *dsrc = (u_int32_t *)src;
u_int32_t *ddst = (u_int32_t *)dst;
+ u_int32_t iv[2];
u_int32_t iv1, iv2, niv1, niv2;
if (!swap_encrypt_initalized)
@@ -110,7 +114,9 @@ swap_decrypt(caddr_t src, caddr_t dst, size_t count)
count /= sizeof(u_int32_t);
- iv1 = iv2 = 0;
+ iv[0] = block >> 32; iv[1] = block;
+ Blowfish_encipher(&swap_key, iv);
+ iv1 = iv[0]; iv2 = iv[1];
for (; count > 0; count -= 2) {
ddst[0] = niv1 = dsrc[0];
ddst[1] = niv2 = dsrc[1];
diff --git a/sys/uvm/uvm_swap_encrypt.h b/sys/uvm/uvm_swap_encrypt.h
index b89ce4bd187..1eb03550158 100644
--- a/sys/uvm/uvm_swap_encrypt.h
+++ b/sys/uvm/uvm_swap_encrypt.h
@@ -32,8 +32,8 @@
#define _UVM_SWAP_ENCRYPT_H
void swap_encrypt_init __P((caddr_t, size_t));
-void swap_encrypt __P((caddr_t, caddr_t, size_t));
-void swap_decrypt __P((caddr_t, caddr_t, size_t));
+void swap_encrypt __P((caddr_t, caddr_t, u_int64_t, size_t));
+void swap_decrypt __P((caddr_t, caddr_t, u_int64_t, size_t));
extern int uvm_doswapencrypt; /* swapencrypt enabled/disabled */
extern int swap_encrypt_initalized;