Changeset View
Changeset View
Standalone View
Standalone View
sys/geom/eli/g_eli_crypto.c
- This file was copied to sys/geom/eli/g_eli_hmac.c.
Show First 20 Lines • Show All 215 Lines • ▼ Show 20 Lines | |||||
{ | { | ||||
/* We prefer AES-CBC for metadata protection. */ | /* We prefer AES-CBC for metadata protection. */ | ||||
if (algo == CRYPTO_AES_XTS) | if (algo == CRYPTO_AES_XTS) | ||||
algo = CRYPTO_AES_CBC; | algo = CRYPTO_AES_CBC; | ||||
return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize)); | return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize)); | ||||
} | } | ||||
void | |||||
g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey, | |||||
size_t hkeylen) | |||||
{ | |||||
u_char k_ipad[128], key[128]; | |||||
SHA512_CTX lctx; | |||||
u_int i; | |||||
bzero(key, sizeof(key)); | |||||
if (hkeylen == 0) | |||||
; /* do nothing */ | |||||
else if (hkeylen <= 128) | |||||
bcopy(hkey, key, hkeylen); | |||||
else { | |||||
/* If key is longer than 128 bytes reset it to key = SHA512(key). */ | |||||
SHA512_Init(&lctx); | |||||
SHA512_Update(&lctx, hkey, hkeylen); | |||||
SHA512_Final(key, &lctx); | |||||
} | |||||
/* XOR key with ipad and opad values. */ | |||||
for (i = 0; i < sizeof(key); i++) { | |||||
k_ipad[i] = key[i] ^ 0x36; | |||||
ctx->k_opad[i] = key[i] ^ 0x5c; | |||||
} | |||||
bzero(key, sizeof(key)); | |||||
/* Perform inner SHA512. */ | |||||
SHA512_Init(&ctx->shactx); | |||||
SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad)); | |||||
bzero(k_ipad, sizeof(k_ipad)); | |||||
} | |||||
void | |||||
g_eli_crypto_hmac_update(struct hmac_ctx *ctx, const uint8_t *data, | |||||
size_t datasize) | |||||
{ | |||||
SHA512_Update(&ctx->shactx, data, datasize); | |||||
} | |||||
void | |||||
g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize) | |||||
{ | |||||
u_char digest[SHA512_MDLEN]; | |||||
SHA512_CTX lctx; | |||||
SHA512_Final(digest, &ctx->shactx); | |||||
/* Perform outer SHA512. */ | |||||
SHA512_Init(&lctx); | |||||
SHA512_Update(&lctx, ctx->k_opad, sizeof(ctx->k_opad)); | |||||
bzero(ctx, sizeof(*ctx)); | |||||
SHA512_Update(&lctx, digest, sizeof(digest)); | |||||
SHA512_Final(digest, &lctx); | |||||
bzero(&lctx, sizeof(lctx)); | |||||
/* mdsize == 0 means "Give me the whole hash!" */ | |||||
if (mdsize == 0) | |||||
mdsize = SHA512_MDLEN; | |||||
bcopy(digest, md, mdsize); | |||||
bzero(digest, sizeof(digest)); | |||||
} | |||||
void | |||||
g_eli_crypto_hmac(const uint8_t *hkey, size_t hkeysize, const uint8_t *data, | |||||
size_t datasize, uint8_t *md, size_t mdsize) | |||||
{ | |||||
struct hmac_ctx ctx; | |||||
g_eli_crypto_hmac_init(&ctx, hkey, hkeysize); | |||||
g_eli_crypto_hmac_update(&ctx, data, datasize); | |||||
g_eli_crypto_hmac_final(&ctx, md, mdsize); | |||||
} |