Page MenuHomeFreeBSD
Differential D4699 Diff 11708 sys/geom/eli/g_eli_crypto.c

Changeset View

Standalone View

View Options

sys/geom/eli/g_eli_crypto.c

  • This file was copied to sys/geom/eli/g_eli_hmac.c.
Show First 20 LinesShow All 215 Lines▼ Show 20 Lines
{ {
/* We prefer AES-CBC for metadata protection. */ /* We prefer AES-CBC for metadata protection. */
if (algo == CRYPTO_AES_XTS) if (algo == CRYPTO_AES_XTS)
algo = CRYPTO_AES_CBC; algo = CRYPTO_AES_CBC;
return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize)); return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize));
} }
void
g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey,
size_t hkeylen)
{
u_char k_ipad[128], key[128];
SHA512_CTX lctx;
u_int i;
bzero(key, sizeof(key));
if (hkeylen == 0)
; /* do nothing */
else if (hkeylen <= 128)
bcopy(hkey, key, hkeylen);
else {
/* If key is longer than 128 bytes reset it to key = SHA512(key). */
SHA512_Init(&lctx);
SHA512_Update(&lctx, hkey, hkeylen);
SHA512_Final(key, &lctx);
}
/* XOR key with ipad and opad values. */
for (i = 0; i < sizeof(key); i++) {
k_ipad[i] = key[i] ^ 0x36;
ctx->k_opad[i] = key[i] ^ 0x5c;
}
bzero(key, sizeof(key));
/* Perform inner SHA512. */
SHA512_Init(&ctx->shactx);
SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad));
bzero(k_ipad, sizeof(k_ipad));
}
void
g_eli_crypto_hmac_update(struct hmac_ctx *ctx, const uint8_t *data,
size_t datasize)
{
SHA512_Update(&ctx->shactx, data, datasize);
}
void
g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize)
{
u_char digest[SHA512_MDLEN];
SHA512_CTX lctx;
SHA512_Final(digest, &ctx->shactx);
/* Perform outer SHA512. */
SHA512_Init(&lctx);
SHA512_Update(&lctx, ctx->k_opad, sizeof(ctx->k_opad));
bzero(ctx, sizeof(*ctx));
SHA512_Update(&lctx, digest, sizeof(digest));
SHA512_Final(digest, &lctx);
bzero(&lctx, sizeof(lctx));
/* mdsize == 0 means "Give me the whole hash!" */
if (mdsize == 0)
mdsize = SHA512_MDLEN;
bcopy(digest, md, mdsize);
bzero(digest, sizeof(digest));
}
void
g_eli_crypto_hmac(const uint8_t *hkey, size_t hkeysize, const uint8_t *data,
size_t datasize, uint8_t *md, size_t mdsize)
{
struct hmac_ctx ctx;
g_eli_crypto_hmac_init(&ctx, hkey, hkeysize);
g_eli_crypto_hmac_update(&ctx, data, datasize);
g_eli_crypto_hmac_final(&ctx, md, mdsize);
}