Changeset View
Changeset View
Standalone View
Standalone View
stand/libsa/geli/geliboot_crypto.c
Show All 30 Lines | |||||
#include <string.h> | #include <string.h> | ||||
#include <strings.h> | #include <strings.h> | ||||
#include "geliboot_internal.h" | #include "geliboot_internal.h" | ||||
#include "geliboot.h" | #include "geliboot.h" | ||||
int | int | ||||
geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize, | geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize, | ||||
const u_char *key, size_t keysize, u_char *iv, size_t ivlen) | const u_char *key, size_t keysize, u_char *iv) | ||||
{ | { | ||||
keyInstance aeskey; | keyInstance aeskey; | ||||
cipherInstance cipher; | cipherInstance cipher; | ||||
struct aes_xts_ctx xtsctx, *ctxp; | struct aes_xts_ctx xtsctx, *ctxp; | ||||
size_t xts_len; | size_t xts_len; | ||||
int err, blks; | int err, blks; | ||||
switch (algo) { | switch (algo) { | ||||
Show All 28 Lines | if (datasize != (blks / 8)) { | ||||
return (1); | return (1); | ||||
} | } | ||||
break; | break; | ||||
case CRYPTO_AES_XTS: | case CRYPTO_AES_XTS: | ||||
xts_len = keysize << 1; | xts_len = keysize << 1; | ||||
ctxp = &xtsctx; | ctxp = &xtsctx; | ||||
enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8); | enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8); | ||||
enc_xform_aes_xts.reinit(ctxp, iv, ivlen); | enc_xform_aes_xts.reinit(ctxp, iv, AES_XTS_IV_LEN); | ||||
switch (enc) { | switch (enc) { | ||||
case GELI_DECRYPT: | case GELI_DECRYPT: | ||||
enc_xform_aes_xts.decrypt_multi(ctxp, data, data, | enc_xform_aes_xts.decrypt_multi(ctxp, data, data, | ||||
datasize); | datasize); | ||||
break; | break; | ||||
case GELI_ENCRYPT: | case GELI_ENCRYPT: | ||||
enc_xform_aes_xts.encrypt_multi(ctxp, data, data, | enc_xform_aes_xts.encrypt_multi(ctxp, data, data, | ||||
datasize); | datasize); | ||||
break; | break; | ||||
} | } | ||||
break; | break; | ||||
default: | default: | ||||
printf("Unsupported crypto algorithm #%d\n", algo); | printf("Unsupported crypto algorithm #%d\n", algo); | ||||
return (1); | return (1); | ||||
} | } | ||||
return (0); | return (0); | ||||
} | } | ||||
static int | static int | ||||
g_eli_crypto_cipher(u_int algo, geli_op_t enc, u_char *data, size_t datasize, | g_eli_crypto_cipher(u_int algo, geli_op_t enc, u_char *data, size_t datasize, | ||||
const u_char *key, size_t keysize) | const u_char *key, size_t keysize) | ||||
{ | { | ||||
u_char iv[keysize]; | u_char iv[G_ELI_IVKEYLEN]; | ||||
explicit_bzero(iv, sizeof(iv)); | explicit_bzero(iv, sizeof(iv)); | ||||
return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv, | return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv)); | ||||
sizeof(iv))); | |||||
} | } | ||||
int | int | ||||
g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize, | g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize, | ||||
const u_char *key, size_t keysize) | const u_char *key, size_t keysize) | ||||
{ | { | ||||
/* We prefer AES-CBC for metadata protection. */ | /* We prefer AES-CBC for metadata protection. */ | ||||
Show All 19 Lines |