diff options
author | Tom Caputi <tcaputi@datto.com> | 2017-09-12 16:15:11 -0400 |
---|---|---|
committer | Tom Caputi <tcaputi@datto.com> | 2017-10-11 16:54:48 -0400 |
commit | 4807c0badb130ae70cf6f0887b4be1648f217f1a (patch) | |
tree | cfc0312e79f82eceda66d142726a122191cea099 /include | |
parent | 94d49e8f9bd2e58a783066327c84b7d3b605ac0f (diff) |
Encryption patch follow-up
* PBKDF2 implementation changed to OpenSSL implementation.
* HKDF implementation moved to its own file and tests
added to ensure correctness.
* Removed libzfs's now unnecessary dependency on libzpool
and libicp.
* Ztest can now create and test encrypted datasets. This is
currently disabled until issue #6526 is resolved, but
otherwise functions as advertised.
* Several small bug fixes discovered after enabling ztest
to run on encrypted datasets.
* Fixed coverity defects added by the encryption patch.
* Updated man pages for encrypted send / receive behavior.
* Fixed a bug where encrypted datasets could receive
DRR_WRITE_EMBEDDED records.
* Minor code cleanups / consolidation.
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/sys/Makefile.am | 1 | ||||
-rw-r--r-- | include/sys/hkdf.h | 29 | ||||
-rw-r--r-- | include/sys/zio_crypt.h | 15 |
3 files changed, 33 insertions, 12 deletions
diff --git a/include/sys/Makefile.am b/include/sys/Makefile.am index 22b647a1e..d3835ca29 100644 --- a/include/sys/Makefile.am +++ b/include/sys/Makefile.am @@ -35,6 +35,7 @@ COMMON_H = \ $(top_srcdir)/include/sys/dsl_userhold.h \ $(top_srcdir)/include/sys/edonr.h \ $(top_srcdir)/include/sys/efi_partition.h \ + $(top_srcdir)/include/sys/hkdf.h \ $(top_srcdir)/include/sys/metaslab.h \ $(top_srcdir)/include/sys/metaslab_impl.h \ $(top_srcdir)/include/sys/mmp.h \ diff --git a/include/sys/hkdf.h b/include/sys/hkdf.h new file mode 100644 index 000000000..e0f7678c0 --- /dev/null +++ b/include/sys/hkdf.h @@ -0,0 +1,29 @@ +/* + * CDDL HEADER START + * + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + * + * CDDL HEADER END + */ + +/* + * Copyright (c) 2017, Datto, Inc. All rights reserved. + */ + +#ifndef _SYS_HKDF_H_ +#define _SYS_HKDF_H_ + +#include <sys/types.h> + +int hkdf_sha512(uint8_t *key_material, uint_t km_len, uint8_t *salt, + uint_t salt_len, uint8_t *info, uint_t info_len, uint8_t *output_key, + uint_t out_len); + +#endif /* _SYS_HKDF_H_ */ diff --git a/include/sys/zio_crypt.h b/include/sys/zio_crypt.h index 9ddfe4280..9cf9a17c2 100644 --- a/include/sys/zio_crypt.h +++ b/include/sys/zio_crypt.h @@ -32,18 +32,9 @@ struct zbookmark_phys; #define WRAPPING_KEY_LEN 32 #define WRAPPING_IV_LEN ZIO_DATA_IV_LEN -#define WRAPPING_MAC_LEN 16 - -#define SHA1_DIGEST_LEN 20 -#define SHA512_DIGEST_LEN 64 -#define SHA512_HMAC_KEYLEN 64 - +#define WRAPPING_MAC_LEN ZIO_DATA_MAC_LEN #define MASTER_KEY_MAX_LEN 32 -#define L2ARC_DEFAULT_CRYPT ZIO_CRYPT_AES_256_CCM - -/* utility macros */ -#define BITS_TO_BYTES(x) ((x + NBBY - 1) / NBBY) -#define BYTES_TO_BITS(x) (x * NBBY) +#define SHA512_HMAC_KEYLEN 64 typedef enum zio_crypt_type { ZC_TYPE_NONE = 0, @@ -133,7 +124,7 @@ int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf, int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd, uint_t datalen, boolean_t byteswap, uint8_t *cksum); int zio_crypt_do_hmac(zio_crypt_key_t *key, uint8_t *data, uint_t datalen, - uint8_t *digestbuf); + uint8_t *digestbuf, uint_t digestlen); int zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen, boolean_t byteswap, uint8_t *portable_mac, uint8_t *local_mac); int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key, uint8_t *salt, |