1 /*- 2 * Copyright (c) 2005-2011 Pawel Jakub Dawidek <pawel@dawidek.net> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 #ifndef _G_ELI_H_ 30 #define _G_ELI_H_ 31 32 #include <sys/endian.h> 33 #include <sys/errno.h> 34 #include <sys/malloc.h> 35 #include <crypto/sha2/sha2.h> 36 #include <opencrypto/cryptodev.h> 37 #ifdef _KERNEL 38 #include <sys/bio.h> 39 #include <sys/libkern.h> 40 #include <sys/lock.h> 41 #include <sys/mutex.h> 42 #include <sys/queue.h> 43 #include <sys/tree.h> 44 #include <geom/geom.h> 45 #else 46 #include <stdio.h> 47 #include <string.h> 48 #include <strings.h> 49 #endif 50 #ifndef _OpenSSL_ 51 #include <sys/md5.h> 52 #endif 53 54 #define G_ELI_CLASS_NAME "ELI" 55 #define G_ELI_MAGIC "GEOM::ELI" 56 #define G_ELI_SUFFIX ".eli" 57 58 /* 59 * Version history: 60 * 0 - Initial version number. 61 * 1 - Added data authentication support (md_aalgo field and 62 * G_ELI_FLAG_AUTH flag). 63 * 2 - Added G_ELI_FLAG_READONLY. 64 * 3 - Added 'configure' subcommand. 65 * 4 - IV is generated from offset converted to little-endian 66 * (the G_ELI_FLAG_NATIVE_BYTE_ORDER flag will be set for older versions). 67 * 5 - Added multiple encrypton keys and AES-XTS support. 68 * 6 - Fixed usage of multiple keys for authenticated providers (the 69 * G_ELI_FLAG_FIRST_KEY flag will be set for older versions). 70 */ 71 #define G_ELI_VERSION_00 0 72 #define G_ELI_VERSION_01 1 73 #define G_ELI_VERSION_02 2 74 #define G_ELI_VERSION_03 3 75 #define G_ELI_VERSION_04 4 76 #define G_ELI_VERSION_05 5 77 #define G_ELI_VERSION_06 6 78 #define G_ELI_VERSION G_ELI_VERSION_06 79 80 /* ON DISK FLAGS. */ 81 /* Use random, onetime keys. */ 82 #define G_ELI_FLAG_ONETIME 0x00000001 83 /* Ask for the passphrase from the kernel, before mounting root. */ 84 #define G_ELI_FLAG_BOOT 0x00000002 85 /* Detach on last close, if we were open for writing. */ 86 #define G_ELI_FLAG_WO_DETACH 0x00000004 87 /* Detach on last close. */ 88 #define G_ELI_FLAG_RW_DETACH 0x00000008 89 /* Provide data authentication. */ 90 #define G_ELI_FLAG_AUTH 0x00000010 91 /* Provider is read-only, we should deny all write attempts. */ 92 #define G_ELI_FLAG_RO 0x00000020 93 /* RUNTIME FLAGS. */ 94 /* Provider was open for writing. */ 95 #define G_ELI_FLAG_WOPEN 0x00010000 96 /* Destroy device. */ 97 #define G_ELI_FLAG_DESTROY 0x00020000 98 /* Provider uses native byte-order for IV generation. */ 99 #define G_ELI_FLAG_NATIVE_BYTE_ORDER 0x00040000 100 /* Provider uses single encryption key. */ 101 #define G_ELI_FLAG_SINGLE_KEY 0x00080000 102 /* Device suspended. */ 103 #define G_ELI_FLAG_SUSPEND 0x00100000 104 /* Provider uses first encryption key. */ 105 #define G_ELI_FLAG_FIRST_KEY 0x00200000 106 107 #define G_ELI_NEW_BIO 255 108 109 #define SHA512_MDLEN 64 110 #define G_ELI_AUTH_SECKEYLEN SHA256_DIGEST_LENGTH 111 112 #define G_ELI_MAXMKEYS 2 113 #define G_ELI_MAXKEYLEN 64 114 #define G_ELI_USERKEYLEN G_ELI_MAXKEYLEN 115 #define G_ELI_DATAKEYLEN G_ELI_MAXKEYLEN 116 #define G_ELI_AUTHKEYLEN G_ELI_MAXKEYLEN 117 #define G_ELI_IVKEYLEN G_ELI_MAXKEYLEN 118 #define G_ELI_SALTLEN 64 119 #define G_ELI_DATAIVKEYLEN (G_ELI_DATAKEYLEN + G_ELI_IVKEYLEN) 120 /* Data-Key, IV-Key, HMAC_SHA512(Derived-Key, Data-Key+IV-Key) */ 121 #define G_ELI_MKEYLEN (G_ELI_DATAIVKEYLEN + SHA512_MDLEN) 122 #define G_ELI_OVERWRITES 5 123 /* Switch data encryption key every 2^20 blocks. */ 124 #define G_ELI_KEY_SHIFT 20 125 126 #ifdef _KERNEL 127 extern int g_eli_debug; 128 extern u_int g_eli_overwrites; 129 extern u_int g_eli_batch; 130 131 #define G_ELI_CRYPTO_UNKNOWN 0 132 #define G_ELI_CRYPTO_HW 1 133 #define G_ELI_CRYPTO_SW 2 134 135 #define G_ELI_DEBUG(lvl, ...) do { \ 136 if (g_eli_debug >= (lvl)) { \ 137 printf("GEOM_ELI"); \ 138 if (g_eli_debug > 0) \ 139 printf("[%u]", lvl); \ 140 printf(": "); \ 141 printf(__VA_ARGS__); \ 142 printf("\n"); \ 143 } \ 144 } while (0) 145 #define G_ELI_LOGREQ(lvl, bp, ...) do { \ 146 if (g_eli_debug >= (lvl)) { \ 147 printf("GEOM_ELI"); \ 148 if (g_eli_debug > 0) \ 149 printf("[%u]", lvl); \ 150 printf(": "); \ 151 printf(__VA_ARGS__); \ 152 printf(" "); \ 153 g_print_bio(bp); \ 154 printf("\n"); \ 155 } \ 156 } while (0) 157 158 struct g_eli_worker { 159 struct g_eli_softc *w_softc; 160 struct proc *w_proc; 161 u_int w_number; 162 uint64_t w_sid; 163 boolean_t w_active; 164 LIST_ENTRY(g_eli_worker) w_next; 165 }; 166 167 struct g_eli_softc { 168 struct g_geom *sc_geom; 169 u_int sc_crypto; 170 uint8_t sc_mkey[G_ELI_DATAIVKEYLEN]; 171 uint8_t sc_ekey[G_ELI_DATAKEYLEN]; 172 TAILQ_HEAD(, g_eli_key) sc_ekeys_queue; 173 RB_HEAD(g_eli_key_tree, g_eli_key) sc_ekeys_tree; 174 struct mtx sc_ekeys_lock; 175 uint64_t sc_ekeys_total; 176 uint64_t sc_ekeys_allocated; 177 u_int sc_ealgo; 178 u_int sc_ekeylen; 179 uint8_t sc_akey[G_ELI_AUTHKEYLEN]; 180 u_int sc_aalgo; 181 u_int sc_akeylen; 182 u_int sc_alen; 183 SHA256_CTX sc_akeyctx; 184 uint8_t sc_ivkey[G_ELI_IVKEYLEN]; 185 SHA256_CTX sc_ivctx; 186 int sc_nkey; 187 uint32_t sc_flags; 188 int sc_inflight; 189 off_t sc_mediasize; 190 size_t sc_sectorsize; 191 u_int sc_bytes_per_sector; 192 u_int sc_data_per_sector; 193 194 /* Only for software cryptography. */ 195 struct bio_queue_head sc_queue; 196 struct mtx sc_queue_mtx; 197 LIST_HEAD(, g_eli_worker) sc_workers; 198 }; 199 #define sc_name sc_geom->name 200 #endif /* _KERNEL */ 201 202 struct g_eli_metadata { 203 char md_magic[16]; /* Magic value. */ 204 uint32_t md_version; /* Version number. */ 205 uint32_t md_flags; /* Additional flags. */ 206 uint16_t md_ealgo; /* Encryption algorithm. */ 207 uint16_t md_keylen; /* Key length. */ 208 uint16_t md_aalgo; /* Authentication algorithm. */ 209 uint64_t md_provsize; /* Provider's size. */ 210 uint32_t md_sectorsize; /* Sector size. */ 211 uint8_t md_keys; /* Available keys. */ 212 int32_t md_iterations; /* Number of iterations for PKCS#5v2. */ 213 uint8_t md_salt[G_ELI_SALTLEN]; /* Salt. */ 214 /* Encrypted master key (IV-key, Data-key, HMAC). */ 215 uint8_t md_mkeys[G_ELI_MAXMKEYS * G_ELI_MKEYLEN]; 216 u_char md_hash[16]; /* MD5 hash. */ 217 } __packed; 218 #ifndef _OpenSSL_ 219 static __inline void 220 eli_metadata_encode(struct g_eli_metadata *md, u_char *data) 221 { 222 MD5_CTX ctx; 223 u_char *p; 224 225 p = data; 226 bcopy(md->md_magic, p, sizeof(md->md_magic)); p += sizeof(md->md_magic); 227 le32enc(p, md->md_version); p += sizeof(md->md_version); 228 le32enc(p, md->md_flags); p += sizeof(md->md_flags); 229 le16enc(p, md->md_ealgo); p += sizeof(md->md_ealgo); 230 le16enc(p, md->md_keylen); p += sizeof(md->md_keylen); 231 le16enc(p, md->md_aalgo); p += sizeof(md->md_aalgo); 232 le64enc(p, md->md_provsize); p += sizeof(md->md_provsize); 233 le32enc(p, md->md_sectorsize); p += sizeof(md->md_sectorsize); 234 *p = md->md_keys; p += sizeof(md->md_keys); 235 le32enc(p, md->md_iterations); p += sizeof(md->md_iterations); 236 bcopy(md->md_salt, p, sizeof(md->md_salt)); p += sizeof(md->md_salt); 237 bcopy(md->md_mkeys, p, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); 238 MD5Init(&ctx); 239 MD5Update(&ctx, data, p - data); 240 MD5Final(md->md_hash, &ctx); 241 bcopy(md->md_hash, p, sizeof(md->md_hash)); 242 } 243 static __inline int 244 eli_metadata_decode_v0(const u_char *data, struct g_eli_metadata *md) 245 { 246 MD5_CTX ctx; 247 const u_char *p; 248 249 p = data + sizeof(md->md_magic) + sizeof(md->md_version); 250 md->md_flags = le32dec(p); p += sizeof(md->md_flags); 251 md->md_ealgo = le16dec(p); p += sizeof(md->md_ealgo); 252 md->md_keylen = le16dec(p); p += sizeof(md->md_keylen); 253 md->md_provsize = le64dec(p); p += sizeof(md->md_provsize); 254 md->md_sectorsize = le32dec(p); p += sizeof(md->md_sectorsize); 255 md->md_keys = *p; p += sizeof(md->md_keys); 256 md->md_iterations = le32dec(p); p += sizeof(md->md_iterations); 257 bcopy(p, md->md_salt, sizeof(md->md_salt)); p += sizeof(md->md_salt); 258 bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); 259 MD5Init(&ctx); 260 MD5Update(&ctx, data, p - data); 261 MD5Final(md->md_hash, &ctx); 262 if (bcmp(md->md_hash, p, 16) != 0) 263 return (EINVAL); 264 return (0); 265 } 266 267 static __inline int 268 eli_metadata_decode_v1v2v3v4v5v6(const u_char *data, struct g_eli_metadata *md) 269 { 270 MD5_CTX ctx; 271 const u_char *p; 272 273 p = data + sizeof(md->md_magic) + sizeof(md->md_version); 274 md->md_flags = le32dec(p); p += sizeof(md->md_flags); 275 md->md_ealgo = le16dec(p); p += sizeof(md->md_ealgo); 276 md->md_keylen = le16dec(p); p += sizeof(md->md_keylen); 277 md->md_aalgo = le16dec(p); p += sizeof(md->md_aalgo); 278 md->md_provsize = le64dec(p); p += sizeof(md->md_provsize); 279 md->md_sectorsize = le32dec(p); p += sizeof(md->md_sectorsize); 280 md->md_keys = *p; p += sizeof(md->md_keys); 281 md->md_iterations = le32dec(p); p += sizeof(md->md_iterations); 282 bcopy(p, md->md_salt, sizeof(md->md_salt)); p += sizeof(md->md_salt); 283 bcopy(p, md->md_mkeys, sizeof(md->md_mkeys)); p += sizeof(md->md_mkeys); 284 MD5Init(&ctx); 285 MD5Update(&ctx, data, p - data); 286 MD5Final(md->md_hash, &ctx); 287 if (bcmp(md->md_hash, p, 16) != 0) 288 return (EINVAL); 289 return (0); 290 } 291 static __inline int 292 eli_metadata_decode(const u_char *data, struct g_eli_metadata *md) 293 { 294 int error; 295 296 bcopy(data, md->md_magic, sizeof(md->md_magic)); 297 md->md_version = le32dec(data + sizeof(md->md_magic)); 298 switch (md->md_version) { 299 case G_ELI_VERSION_00: 300 error = eli_metadata_decode_v0(data, md); 301 break; 302 case G_ELI_VERSION_01: 303 case G_ELI_VERSION_02: 304 case G_ELI_VERSION_03: 305 case G_ELI_VERSION_04: 306 case G_ELI_VERSION_05: 307 case G_ELI_VERSION_06: 308 error = eli_metadata_decode_v1v2v3v4v5v6(data, md); 309 break; 310 default: 311 error = EINVAL; 312 break; 313 } 314 return (error); 315 } 316 #endif /* !_OpenSSL */ 317 318 static __inline u_int 319 g_eli_str2ealgo(const char *name) 320 { 321 322 if (strcasecmp("null", name) == 0) 323 return (CRYPTO_NULL_CBC); 324 else if (strcasecmp("null-cbc", name) == 0) 325 return (CRYPTO_NULL_CBC); 326 else if (strcasecmp("aes", name) == 0) 327 return (CRYPTO_AES_XTS); 328 else if (strcasecmp("aes-cbc", name) == 0) 329 return (CRYPTO_AES_CBC); 330 else if (strcasecmp("aes-xts", name) == 0) 331 return (CRYPTO_AES_XTS); 332 else if (strcasecmp("blowfish", name) == 0) 333 return (CRYPTO_BLF_CBC); 334 else if (strcasecmp("blowfish-cbc", name) == 0) 335 return (CRYPTO_BLF_CBC); 336 else if (strcasecmp("camellia", name) == 0) 337 return (CRYPTO_CAMELLIA_CBC); 338 else if (strcasecmp("camellia-cbc", name) == 0) 339 return (CRYPTO_CAMELLIA_CBC); 340 else if (strcasecmp("3des", name) == 0) 341 return (CRYPTO_3DES_CBC); 342 else if (strcasecmp("3des-cbc", name) == 0) 343 return (CRYPTO_3DES_CBC); 344 return (CRYPTO_ALGORITHM_MIN - 1); 345 } 346 347 static __inline u_int 348 g_eli_str2aalgo(const char *name) 349 { 350 351 if (strcasecmp("hmac/md5", name) == 0) 352 return (CRYPTO_MD5_HMAC); 353 else if (strcasecmp("hmac/sha1", name) == 0) 354 return (CRYPTO_SHA1_HMAC); 355 else if (strcasecmp("hmac/ripemd160", name) == 0) 356 return (CRYPTO_RIPEMD160_HMAC); 357 else if (strcasecmp("hmac/sha256", name) == 0) 358 return (CRYPTO_SHA2_256_HMAC); 359 else if (strcasecmp("hmac/sha384", name) == 0) 360 return (CRYPTO_SHA2_384_HMAC); 361 else if (strcasecmp("hmac/sha512", name) == 0) 362 return (CRYPTO_SHA2_512_HMAC); 363 return (CRYPTO_ALGORITHM_MIN - 1); 364 } 365 366 static __inline const char * 367 g_eli_algo2str(u_int algo) 368 { 369 370 switch (algo) { 371 case CRYPTO_NULL_CBC: 372 return ("NULL"); 373 case CRYPTO_AES_CBC: 374 return ("AES-CBC"); 375 case CRYPTO_AES_XTS: 376 return ("AES-XTS"); 377 case CRYPTO_BLF_CBC: 378 return ("Blowfish-CBC"); 379 case CRYPTO_CAMELLIA_CBC: 380 return ("CAMELLIA-CBC"); 381 case CRYPTO_3DES_CBC: 382 return ("3DES-CBC"); 383 case CRYPTO_MD5_HMAC: 384 return ("HMAC/MD5"); 385 case CRYPTO_SHA1_HMAC: 386 return ("HMAC/SHA1"); 387 case CRYPTO_RIPEMD160_HMAC: 388 return ("HMAC/RIPEMD160"); 389 case CRYPTO_SHA2_256_HMAC: 390 return ("HMAC/SHA256"); 391 case CRYPTO_SHA2_384_HMAC: 392 return ("HMAC/SHA384"); 393 case CRYPTO_SHA2_512_HMAC: 394 return ("HMAC/SHA512"); 395 } 396 return ("unknown"); 397 } 398 399 static __inline void 400 eli_metadata_dump(const struct g_eli_metadata *md) 401 { 402 static const char hex[] = "0123456789abcdef"; 403 char str[sizeof(md->md_mkeys) * 2 + 1]; 404 u_int i; 405 406 printf(" magic: %s\n", md->md_magic); 407 printf(" version: %u\n", (u_int)md->md_version); 408 printf(" flags: 0x%x\n", (u_int)md->md_flags); 409 printf(" ealgo: %s\n", g_eli_algo2str(md->md_ealgo)); 410 printf(" keylen: %u\n", (u_int)md->md_keylen); 411 if (md->md_flags & G_ELI_FLAG_AUTH) 412 printf(" aalgo: %s\n", g_eli_algo2str(md->md_aalgo)); 413 printf(" provsize: %ju\n", (uintmax_t)md->md_provsize); 414 printf("sectorsize: %u\n", (u_int)md->md_sectorsize); 415 printf(" keys: 0x%02x\n", (u_int)md->md_keys); 416 printf("iterations: %u\n", (u_int)md->md_iterations); 417 bzero(str, sizeof(str)); 418 for (i = 0; i < sizeof(md->md_salt); i++) { 419 str[i * 2] = hex[md->md_salt[i] >> 4]; 420 str[i * 2 + 1] = hex[md->md_salt[i] & 0x0f]; 421 } 422 printf(" Salt: %s\n", str); 423 bzero(str, sizeof(str)); 424 for (i = 0; i < sizeof(md->md_mkeys); i++) { 425 str[i * 2] = hex[md->md_mkeys[i] >> 4]; 426 str[i * 2 + 1] = hex[md->md_mkeys[i] & 0x0f]; 427 } 428 printf("Master Key: %s\n", str); 429 bzero(str, sizeof(str)); 430 for (i = 0; i < 16; i++) { 431 str[i * 2] = hex[md->md_hash[i] >> 4]; 432 str[i * 2 + 1] = hex[md->md_hash[i] & 0x0f]; 433 } 434 printf(" MD5 hash: %s\n", str); 435 } 436 437 static __inline u_int 438 g_eli_keylen(u_int algo, u_int keylen) 439 { 440 441 switch (algo) { 442 case CRYPTO_NULL_CBC: 443 if (keylen == 0) 444 keylen = 64 * 8; 445 else { 446 if (keylen > 64 * 8) 447 keylen = 0; 448 } 449 return (keylen); 450 case CRYPTO_AES_CBC: 451 case CRYPTO_CAMELLIA_CBC: 452 switch (keylen) { 453 case 0: 454 return (128); 455 case 128: 456 case 192: 457 case 256: 458 return (keylen); 459 default: 460 return (0); 461 } 462 case CRYPTO_AES_XTS: 463 switch (keylen) { 464 case 0: 465 return (128); 466 case 128: 467 case 256: 468 return (keylen); 469 default: 470 return (0); 471 } 472 case CRYPTO_BLF_CBC: 473 if (keylen == 0) 474 return (128); 475 if (keylen < 128 || keylen > 448) 476 return (0); 477 if ((keylen % 32) != 0) 478 return (0); 479 return (keylen); 480 case CRYPTO_3DES_CBC: 481 if (keylen == 0 || keylen == 192) 482 return (192); 483 return (0); 484 default: 485 return (0); 486 } 487 } 488 489 static __inline u_int 490 g_eli_hashlen(u_int algo) 491 { 492 493 switch (algo) { 494 case CRYPTO_MD5_HMAC: 495 return (16); 496 case CRYPTO_SHA1_HMAC: 497 return (20); 498 case CRYPTO_RIPEMD160_HMAC: 499 return (20); 500 case CRYPTO_SHA2_256_HMAC: 501 return (32); 502 case CRYPTO_SHA2_384_HMAC: 503 return (48); 504 case CRYPTO_SHA2_512_HMAC: 505 return (64); 506 } 507 return (0); 508 } 509 510 #ifdef _KERNEL 511 int g_eli_read_metadata(struct g_class *mp, struct g_provider *pp, 512 struct g_eli_metadata *md); 513 struct g_geom *g_eli_create(struct gctl_req *req, struct g_class *mp, 514 struct g_provider *bpp, const struct g_eli_metadata *md, 515 const u_char *mkey, int nkey); 516 int g_eli_destroy(struct g_eli_softc *sc, boolean_t force); 517 518 int g_eli_access(struct g_provider *pp, int dr, int dw, int de); 519 void g_eli_config(struct gctl_req *req, struct g_class *mp, const char *verb); 520 521 void g_eli_read_done(struct bio *bp); 522 void g_eli_write_done(struct bio *bp); 523 int g_eli_crypto_rerun(struct cryptop *crp); 524 void g_eli_crypto_ivgen(struct g_eli_softc *sc, off_t offset, u_char *iv, 525 size_t size); 526 527 void g_eli_crypto_read(struct g_eli_softc *sc, struct bio *bp, boolean_t fromworker); 528 void g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp); 529 530 void g_eli_auth_read(struct g_eli_softc *sc, struct bio *bp); 531 void g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp); 532 #endif 533 534 void g_eli_mkey_hmac(unsigned char *mkey, const unsigned char *key); 535 int g_eli_mkey_decrypt(const struct g_eli_metadata *md, 536 const unsigned char *key, unsigned char *mkey, unsigned *nkeyp); 537 int g_eli_mkey_encrypt(unsigned algo, const unsigned char *key, unsigned keylen, 538 unsigned char *mkey); 539 #ifdef _KERNEL 540 void g_eli_mkey_propagate(struct g_eli_softc *sc, const unsigned char *mkey); 541 #endif 542 543 int g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize, 544 const u_char *key, size_t keysize); 545 int g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize, 546 const u_char *key, size_t keysize); 547 548 struct hmac_ctx { 549 SHA512_CTX shactx; 550 u_char k_opad[128]; 551 }; 552 553 void g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey, 554 size_t hkeylen); 555 void g_eli_crypto_hmac_update(struct hmac_ctx *ctx, const uint8_t *data, 556 size_t datasize); 557 void g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize); 558 void g_eli_crypto_hmac(const uint8_t *hkey, size_t hkeysize, 559 const uint8_t *data, size_t datasize, uint8_t *md, size_t mdsize); 560 561 #ifdef _KERNEL 562 void g_eli_key_init(struct g_eli_softc *sc); 563 void g_eli_key_destroy(struct g_eli_softc *sc); 564 uint8_t *g_eli_key_hold(struct g_eli_softc *sc, off_t offset, size_t blocksize); 565 void g_eli_key_drop(struct g_eli_softc *sc, uint8_t *rawkey); 566 #endif 567 #endif /* !_G_ELI_H_ */ 568