Page MenuHomeFreeBSD
Differential D33884 Diff 101427 stand/libsa/geli/geliboot_crypto.c

Changeset View

Standalone View

View Options

stand/libsa/geli/geliboot_crypto.c

Show All 30 Lines
#include <string.h> #include <string.h>
#include <strings.h> #include <strings.h>
#include "geliboot_internal.h" #include "geliboot_internal.h"
#include "geliboot.h" #include "geliboot.h"
int int
geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize, geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
const u_char *key, size_t keysize, u_char *iv, size_t ivlen) const u_char *key, size_t keysize, u_char *iv)
{ {
keyInstance aeskey; keyInstance aeskey;
cipherInstance cipher; cipherInstance cipher;
struct aes_xts_ctx xtsctx, *ctxp; struct aes_xts_ctx xtsctx, *ctxp;
size_t xts_len; size_t xts_len;
int err, blks; int err, blks;
switch (algo) { switch (algo) {
Show All 28 Lines if (datasize != (blks / 8)) {
return (1); return (1);
} }
break; break;
case CRYPTO_AES_XTS: case CRYPTO_AES_XTS:
xts_len = keysize << 1; xts_len = keysize << 1;
ctxp = &xtsctx; ctxp = &xtsctx;
enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8); enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8);
enc_xform_aes_xts.reinit(ctxp, iv, ivlen); enc_xform_aes_xts.reinit(ctxp, iv, AES_XTS_IV_LEN);
switch (enc) { switch (enc) {
case GELI_DECRYPT: case GELI_DECRYPT:
enc_xform_aes_xts.decrypt_multi(ctxp, data, data, enc_xform_aes_xts.decrypt_multi(ctxp, data, data,
datasize); datasize);
break; break;
case GELI_ENCRYPT: case GELI_ENCRYPT:
enc_xform_aes_xts.encrypt_multi(ctxp, data, data, enc_xform_aes_xts.encrypt_multi(ctxp, data, data,
datasize); datasize);
break; break;
} }
break; break;
default: default:
printf("Unsupported crypto algorithm #%d\n", algo); printf("Unsupported crypto algorithm #%d\n", algo);
return (1); return (1);
} }
return (0); return (0);
} }
static int static int
g_eli_crypto_cipher(u_int algo, geli_op_t enc, u_char *data, size_t datasize, g_eli_crypto_cipher(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
const u_char *key, size_t keysize) const u_char *key, size_t keysize)
{ {
u_char iv[keysize]; u_char iv[G_ELI_IVKEYLEN];
explicit_bzero(iv, sizeof(iv)); explicit_bzero(iv, sizeof(iv));
return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv, return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
sizeof(iv)));
} }
int int
g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize, g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize,
const u_char *key, size_t keysize) const u_char *key, size_t keysize)
{ {
/* We prefer AES-CBC for metadata protection. */ /* We prefer AES-CBC for metadata protection. */
Show All 19 Lines