| Age | Commit message (Collapse) | Author |
|---|
|
gets rid of #include <sys/dkio.h> in sys/ioctl.h and adds #include
<sys/dkio.h> to the places that actually want and use the disk
ioctls.
this became an issue when krw@'s X build failed when he was testing
a change to dkio.h.
tested by krw@
help from and ok miod@
|
|
crypto optional metadata.
ok marco@
|
|
optional metadata per volume and discipline specific optional metadata
processing.
ok marco@
|
|
error path.
Found by jsg@ using the clang static analyser.
|
|
Also add a new optional metadata type for boot data. This is the first
step (of many) towards being able to boot from softraid volumes.
WARNING: This version of the softraid metadata is not compatible with
previous versions. As a result, any softraid volumes created with older
kernels will not assemble. Data on existing softraid volumes should be
backed up before upgrading. The volume should then be recreated and the
data restored.
ok marco@
|
|
else cares so it's just noise. Drivers that actually look at ITSDONE
are unchanged.
ok marco@ (for his files) dlg@ beck@
|
|
ok marco@
|
|
without using a passphrase - instead the encryption mask key is stored on
the specified key disk partition (ideally being one on a removable device).
This also enables automatic assembly of crypto volumes at boot time.
ok marco@
|
|
"in, in, in!" marco@
|
|
"shiny!!" marco@
|
|
you backup your data and lock up your pets prior to using this.
Tested by todd@
ok marco@
|
|
ok marco@
|
|
d_open/d_close.
tested by many, ok jsing, thib, krw
|
|
|
|
|
|
Found by LLVM/Clang Static Analyzer.
ok marco@
|
|
|
|
From beck with lots of squealing and ear bleeds.
Issue originally reported by todd.
ok beck
|
|
ok oga guenther
|
|
rather than initialising everything in softraid.c. This makes a discipline
more self-contained and reduces the number of function declarations needed
in softraidvar.h.
ok marco@
|
|
|
|
values in all cases.
ok marco@
|
|
copy; ok hshoexer@
|
|
that caused illegal checksums. The new metadata code is more or less ready
to deal with other vendor's metadata formats.
While here clean up the name space.
Fix thib's pool mess by adding removing bad flags in interrupt context.
tested on macppc, amd64, i386, sparc64 & hppa
sparc64 has issues with crypto however those do not seem to be softraid
specific.
help from okan@ ckuethe@ Will Backman and others
|
|
instead of malloc;
OK hshoexer@ and macro@
|
|
able to distinguish cleanly an failing ioctl (ie. return value -1) from
trying to retrieve a KDF hint from a not yet initialized volume.
ok marco djm
|
|
most 0.5TB of disk. This is well below P1619-2007's recommendation
for AES-XTS of 1TB/key, but small enough so we can test that we
actually use multiple keys with inexpensive hardware.
We allocate 32 keys, so this will do for volumes up to 16TB.
Fix a crypto session leak in sr_crypto_free_resources()
much debugging help mshoexer@; ok hshoexer@ marco@
|
|
been correctly decrypted using the masking key.
The check code is a HMAC-SHA1 over the disk keys using a hash of
the masking key. It should be slow enough to provide no useful
brute force success oracle and should not leak significant data about
the masking key or disk keys.
ok hshoexer@ marco@
|
|
reserved space in case we ever want to support a different scheme
ok hshoexer@ marco@
|
|
ok marco djm
|
|
mask key from userland. Thus, modify sr_crypto_get_kdf() do correclty handle
copying kdf hint and/or mask key.
While there, remove superflous sr_read_meta().
ok marco djm
|
|
callback.
ok marco@
|
|
generation used by user space in the meta data.
Actually use the masking key for encryption and decryption of on-disk key
at run time.
ok djm marco
|
|
disabled, of course, and still work in progress.
help by djm@, ok marco@
|
|
|
|
|
|
also use aes to generate proppper IVs
ok marco@
|
|
Sprinkle some debug while here.
|
|
|
|
|
|
ok marco@
|
|
|
|
ok tedu@ marco@
|
|
Randomize Crypto password and add salt array.
Add mock key encryption functions.
|
|
fucntion. Fix bug in the crypto code that could casuse data corruption as
a bonus, bad cut & past tedu!
|
|
same code in all disciplines. This shaves of a few bytes.
crypto 3185 -> 2690
raid 0 2843 -> 2378
raid 1 3474 -> 2689
|
|
ok tedu
|
|
Decrypt only once on entry or exit instead of on in and out regardless of
direction.
There is still room for improvement but this is the first stab.
Tested by many ok tedu
|
|
|
|
|
