aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorTom Caputi <tcaputi@datto.com>2017-09-12 16:15:11 -0400
committerTom Caputi <tcaputi@datto.com>2017-10-11 16:54:48 -0400
commit4807c0badb130ae70cf6f0887b4be1648f217f1a (patch)
treecfc0312e79f82eceda66d142726a122191cea099 /include
parent94d49e8f9bd2e58a783066327c84b7d3b605ac0f (diff)
Encryption patch follow-up
* PBKDF2 implementation changed to OpenSSL implementation. * HKDF implementation moved to its own file and tests added to ensure correctness. * Removed libzfs's now unnecessary dependency on libzpool and libicp. * Ztest can now create and test encrypted datasets. This is currently disabled until issue #6526 is resolved, but otherwise functions as advertised. * Several small bug fixes discovered after enabling ztest to run on encrypted datasets. * Fixed coverity defects added by the encryption patch. * Updated man pages for encrypted send / receive behavior. * Fixed a bug where encrypted datasets could receive DRR_WRITE_EMBEDDED records. * Minor code cleanups / consolidation. Signed-off-by: Tom Caputi <tcaputi@datto.com>
Diffstat (limited to 'include')
-rw-r--r--include/sys/Makefile.am1
-rw-r--r--include/sys/hkdf.h29
-rw-r--r--include/sys/zio_crypt.h15
3 files changed, 33 insertions, 12 deletions
diff --git a/include/sys/Makefile.am b/include/sys/Makefile.am
index 22b647a1e..d3835ca29 100644
--- a/include/sys/Makefile.am
+++ b/include/sys/Makefile.am
@@ -35,6 +35,7 @@ COMMON_H = \
$(top_srcdir)/include/sys/dsl_userhold.h \
$(top_srcdir)/include/sys/edonr.h \
$(top_srcdir)/include/sys/efi_partition.h \
+ $(top_srcdir)/include/sys/hkdf.h \
$(top_srcdir)/include/sys/metaslab.h \
$(top_srcdir)/include/sys/metaslab_impl.h \
$(top_srcdir)/include/sys/mmp.h \
diff --git a/include/sys/hkdf.h b/include/sys/hkdf.h
new file mode 100644
index 000000000..e0f7678c0
--- /dev/null
+++ b/include/sys/hkdf.h
@@ -0,0 +1,29 @@
+/*
+ * CDDL HEADER START
+ *
+ * This file and its contents are supplied under the terms of the
+ * Common Development and Distribution License ("CDDL"), version 1.0.
+ * You may only use this file in accordance with the terms of version
+ * 1.0 of the CDDL.
+ *
+ * A full copy of the text of the CDDL should have accompanied this
+ * source. A copy of the CDDL is also available via the Internet at
+ * http://www.illumos.org/license/CDDL.
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2017, Datto, Inc. All rights reserved.
+ */
+
+#ifndef _SYS_HKDF_H_
+#define _SYS_HKDF_H_
+
+#include <sys/types.h>
+
+int hkdf_sha512(uint8_t *key_material, uint_t km_len, uint8_t *salt,
+ uint_t salt_len, uint8_t *info, uint_t info_len, uint8_t *output_key,
+ uint_t out_len);
+
+#endif /* _SYS_HKDF_H_ */
diff --git a/include/sys/zio_crypt.h b/include/sys/zio_crypt.h
index 9ddfe4280..9cf9a17c2 100644
--- a/include/sys/zio_crypt.h
+++ b/include/sys/zio_crypt.h
@@ -32,18 +32,9 @@ struct zbookmark_phys;
#define WRAPPING_KEY_LEN 32
#define WRAPPING_IV_LEN ZIO_DATA_IV_LEN
-#define WRAPPING_MAC_LEN 16
-
-#define SHA1_DIGEST_LEN 20
-#define SHA512_DIGEST_LEN 64
-#define SHA512_HMAC_KEYLEN 64
-
+#define WRAPPING_MAC_LEN ZIO_DATA_MAC_LEN
#define MASTER_KEY_MAX_LEN 32
-#define L2ARC_DEFAULT_CRYPT ZIO_CRYPT_AES_256_CCM
-
-/* utility macros */
-#define BITS_TO_BYTES(x) ((x + NBBY - 1) / NBBY)
-#define BYTES_TO_BITS(x) (x * NBBY)
+#define SHA512_HMAC_KEYLEN 64
typedef enum zio_crypt_type {
ZC_TYPE_NONE = 0,
@@ -133,7 +124,7 @@ int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf,
int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd,
uint_t datalen, boolean_t byteswap, uint8_t *cksum);
int zio_crypt_do_hmac(zio_crypt_key_t *key, uint8_t *data, uint_t datalen,
- uint8_t *digestbuf);
+ uint8_t *digestbuf, uint_t digestlen);
int zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen,
boolean_t byteswap, uint8_t *portable_mac, uint8_t *local_mac);
int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key, uint8_t *salt,