diff options
author | Niels Provos <provos@cvs.openbsd.org> | 2000-05-26 15:18:30 +0000 |
---|---|---|
committer | Niels Provos <provos@cvs.openbsd.org> | 2000-05-26 15:18:30 +0000 |
commit | 1c568619bea108353fc15db2ed86f63489561a9b (patch) | |
tree | 90c930143e3c16d155a0926884d49fad0b25bc09 /sys | |
parent | 1b77450cc05780590e0f5a75dd6b82b3e066db5b (diff) |
use encrypted blocknumber as IV
Diffstat (limited to 'sys')
-rw-r--r-- | sys/uvm/uvm_swap.c | 10 | ||||
-rw-r--r-- | sys/uvm/uvm_swap_encrypt.c | 14 | ||||
-rw-r--r-- | sys/uvm/uvm_swap_encrypt.h | 4 |
3 files changed, 20 insertions, 8 deletions
diff --git a/sys/uvm/uvm_swap.c b/sys/uvm/uvm_swap.c index a96536cc9ba..ae519285c46 100644 --- a/sys/uvm/uvm_swap.c +++ b/sys/uvm/uvm_swap.c @@ -1943,6 +1943,7 @@ uvm_swap_io(pps, startslot, npages, flags) if ((flags & B_READ) == 0) { int i, opages; caddr_t src, dst; + u_int64_t block; /* * Check if we need to do swap encryption on old pages. @@ -1969,12 +1970,14 @@ uvm_swap_io(pps, startslot, npages, flags) src = (caddr_t) kva; dst = (caddr_t) dstkva; + block = startblk; for (i = 0; i < npages; i++) { /* mark for async writes */ tpps[i]->pqflags |= PQ_ENCRYPT; - swap_encrypt(src, dst, 1 << PAGE_SHIFT); + swap_encrypt(src, dst, block, 1 << PAGE_SHIFT); src += 1 << PAGE_SHIFT; dst += 1 << PAGE_SHIFT; + block += btodb(1 << PAGE_SHIFT); } uvm_pagermapout(kva, npages); @@ -2117,11 +2120,14 @@ uvm_swap_io(pps, startslot, npages, flags) (bp->b_flags & B_READ) && !(bp->b_flags & B_ERROR)) { int i; caddr_t data = bp->b_data; + u_int64_t block = startblk; for (i = 0; i < npages; i++) { /* Check if we need to decrypt */ if (uvm_swap_needdecrypt(sdp, startslot + i)) - swap_decrypt(data, data, 1 << PAGE_SHIFT); + swap_decrypt(data, data, block, + 1 << PAGE_SHIFT); data += 1 << PAGE_SHIFT; + block += btodb(1 << PAGE_SHIFT); } } #endif diff --git a/sys/uvm/uvm_swap_encrypt.c b/sys/uvm/uvm_swap_encrypt.c index c09a9b027b0..c995bef8240 100644 --- a/sys/uvm/uvm_swap_encrypt.c +++ b/sys/uvm/uvm_swap_encrypt.c @@ -66,10 +66,11 @@ swap_encrypt_init(caddr_t data, size_t len) */ void -swap_encrypt(caddr_t src, caddr_t dst, size_t count) +swap_encrypt(caddr_t src, caddr_t dst, u_int64_t block, size_t count) { u_int32_t *dsrc = (u_int32_t *)src; u_int32_t *ddst = (u_int32_t *)dst; + u_int32_t iv[2]; u_int32_t iv1, iv2; if (!swap_encrypt_initalized) @@ -77,7 +78,9 @@ swap_encrypt(caddr_t src, caddr_t dst, size_t count) count /= sizeof(u_int32_t); - iv1 = iv2 = 0; + iv[0] = block >> 32; iv[1] = block; + Blowfish_encipher(&swap_key, iv); + iv1 = iv[0]; iv2 = iv[1]; for (; count > 0; count -= 2) { ddst[0] = dsrc[0] ^ iv1; ddst[1] = dsrc[1] ^ iv2; @@ -99,10 +102,11 @@ swap_encrypt(caddr_t src, caddr_t dst, size_t count) */ void -swap_decrypt(caddr_t src, caddr_t dst, size_t count) +swap_decrypt(caddr_t src, caddr_t dst, u_int64_t block, size_t count) { u_int32_t *dsrc = (u_int32_t *)src; u_int32_t *ddst = (u_int32_t *)dst; + u_int32_t iv[2]; u_int32_t iv1, iv2, niv1, niv2; if (!swap_encrypt_initalized) @@ -110,7 +114,9 @@ swap_decrypt(caddr_t src, caddr_t dst, size_t count) count /= sizeof(u_int32_t); - iv1 = iv2 = 0; + iv[0] = block >> 32; iv[1] = block; + Blowfish_encipher(&swap_key, iv); + iv1 = iv[0]; iv2 = iv[1]; for (; count > 0; count -= 2) { ddst[0] = niv1 = dsrc[0]; ddst[1] = niv2 = dsrc[1]; diff --git a/sys/uvm/uvm_swap_encrypt.h b/sys/uvm/uvm_swap_encrypt.h index b89ce4bd187..1eb03550158 100644 --- a/sys/uvm/uvm_swap_encrypt.h +++ b/sys/uvm/uvm_swap_encrypt.h @@ -32,8 +32,8 @@ #define _UVM_SWAP_ENCRYPT_H void swap_encrypt_init __P((caddr_t, size_t)); -void swap_encrypt __P((caddr_t, caddr_t, size_t)); -void swap_decrypt __P((caddr_t, caddr_t, size_t)); +void swap_encrypt __P((caddr_t, caddr_t, u_int64_t, size_t)); +void swap_decrypt __P((caddr_t, caddr_t, u_int64_t, size_t)); extern int uvm_doswapencrypt; /* swapencrypt enabled/disabled */ extern int swap_encrypt_initalized; |