diff options
| author | Tom Caputi <[email protected]> | 2017-09-12 16:15:11 -0400 |
|---|---|---|
| committer | Tom Caputi <[email protected]> | 2017-10-11 16:54:48 -0400 |
| commit | 4807c0badb130ae70cf6f0887b4be1648f217f1a (patch) | |
| tree | cfc0312e79f82eceda66d142726a122191cea099 /include/sys/zio_crypt.h | |
| parent | 94d49e8f9bd2e58a783066327c84b7d3b605ac0f (diff) | |
Encryption patch follow-up
* PBKDF2 implementation changed to OpenSSL implementation.
* HKDF implementation moved to its own file and tests
added to ensure correctness.
* Removed libzfs's now unnecessary dependency on libzpool
and libicp.
* Ztest can now create and test encrypted datasets. This is
currently disabled until issue #6526 is resolved, but
otherwise functions as advertised.
* Several small bug fixes discovered after enabling ztest
to run on encrypted datasets.
* Fixed coverity defects added by the encryption patch.
* Updated man pages for encrypted send / receive behavior.
* Fixed a bug where encrypted datasets could receive
DRR_WRITE_EMBEDDED records.
* Minor code cleanups / consolidation.
Signed-off-by: Tom Caputi <[email protected]>
Diffstat (limited to 'include/sys/zio_crypt.h')
| -rw-r--r-- | include/sys/zio_crypt.h | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/include/sys/zio_crypt.h b/include/sys/zio_crypt.h index 9ddfe4280..9cf9a17c2 100644 --- a/include/sys/zio_crypt.h +++ b/include/sys/zio_crypt.h @@ -32,18 +32,9 @@ struct zbookmark_phys; #define WRAPPING_KEY_LEN 32 #define WRAPPING_IV_LEN ZIO_DATA_IV_LEN -#define WRAPPING_MAC_LEN 16 - -#define SHA1_DIGEST_LEN 20 -#define SHA512_DIGEST_LEN 64 -#define SHA512_HMAC_KEYLEN 64 - +#define WRAPPING_MAC_LEN ZIO_DATA_MAC_LEN #define MASTER_KEY_MAX_LEN 32 -#define L2ARC_DEFAULT_CRYPT ZIO_CRYPT_AES_256_CCM - -/* utility macros */ -#define BITS_TO_BYTES(x) ((x + NBBY - 1) / NBBY) -#define BYTES_TO_BITS(x) (x * NBBY) +#define SHA512_HMAC_KEYLEN 64 typedef enum zio_crypt_type { ZC_TYPE_NONE = 0, @@ -133,7 +124,7 @@ int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf, int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd, uint_t datalen, boolean_t byteswap, uint8_t *cksum); int zio_crypt_do_hmac(zio_crypt_key_t *key, uint8_t *data, uint_t datalen, - uint8_t *digestbuf); + uint8_t *digestbuf, uint_t digestlen); int zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen, boolean_t byteswap, uint8_t *portable_mac, uint8_t *local_mac); int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key, uint8_t *salt, |