Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/contrib/openzfs/module/os/freebsd/zfs/hkdf.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * CDDL HEADER START 3 * 4 * This file and its contents are supplied under the terms of the 5 * Common Development and Distribution License ("CDDL"), version 1.0. 6 * You may only use this file in accordance with the terms of version 7 * 1.0 of the CDDL. 8 * 9 * A full copy of the text of the CDDL should have accompanied this 10 * source. A copy of the CDDL is also available via the Internet at 11 * http://www.illumos.org/license/CDDL. 12 * 13 * CDDL HEADER END 14 */ 15 16 /* 17 * Copyright (c) 2017, Datto, Inc. All rights reserved. 18 */ 19 20 #include <sys/dmu.h> 21 #include <sys/hkdf.h> 22 #include <sys/freebsd_crypto.h> 23 #include <sys/hkdf.h> 24 25 static int 26 hkdf_sha512_extract(uint8_t *salt, uint_t salt_len, uint8_t *key_material, 27 uint_t km_len, uint8_t *out_buf) 28 { 29 crypto_key_t key; 30 31 /* initialize the salt as a crypto key */ 32 key.ck_length = CRYPTO_BYTES2BITS(salt_len); 33 key.ck_data = salt; 34 35 crypto_mac(&key, key_material, km_len, out_buf, SHA512_DIGEST_LENGTH); 36 37 return (0); 38 } 39 40 static int 41 hkdf_sha512_expand(uint8_t *extract_key, uint8_t *info, uint_t info_len, 42 uint8_t *out_buf, uint_t out_len) 43 { 44 struct hmac_ctx ctx; 45 crypto_key_t key; 46 uint_t i, T_len = 0, pos = 0; 47 uint8_t c; 48 uint_t N = (out_len + SHA512_DIGEST_LENGTH) / SHA512_DIGEST_LENGTH; 49 uint8_t T[SHA512_DIGEST_LENGTH]; 50 51 if (N > 255) 52 return (SET_ERROR(EINVAL)); 53 54 /* initialize the salt as a crypto key */ 55 key.ck_length = CRYPTO_BYTES2BITS(SHA512_DIGEST_LENGTH); 56 key.ck_data = extract_key; 57 58 for (i = 1; i <= N; i++) { 59 c = i; 60 61 crypto_mac_init(&ctx, &key); 62 crypto_mac_update(&ctx, T, T_len); 63 crypto_mac_update(&ctx, info, info_len); 64 crypto_mac_update(&ctx, &c, 1); 65 crypto_mac_final(&ctx, T, SHA512_DIGEST_LENGTH); 66 memcpy(out_buf + pos, T, 67 (i != N) ? SHA512_DIGEST_LENGTH : (out_len - pos)); 68 pos += SHA512_DIGEST_LENGTH; 69 } 70 71 return (0); 72 } 73 74 /* 75 * HKDF is designed to be a relatively fast function for deriving keys from a 76 * master key + a salt. We use this function to generate new encryption keys 77 * so as to avoid hitting the cryptographic limits of the underlying 78 * encryption modes. Note that, for the sake of deriving encryption keys, the 79 * info parameter is called the "salt" everywhere else in the code. 80 */ 81 int 82 hkdf_sha512(uint8_t *key_material, uint_t km_len, uint8_t *salt, 83 uint_t salt_len, uint8_t *info, uint_t info_len, uint8_t *output_key, 84 uint_t out_len) 85 { 86 int ret; 87 uint8_t extract_key[SHA512_DIGEST_LENGTH]; 88 89 ret = hkdf_sha512_extract(salt, salt_len, key_material, km_len, 90 extract_key); 91 if (ret != 0) 92 return (ret); 93 94 ret = hkdf_sha512_expand(extract_key, info, info_len, output_key, 95 out_len); 96 if (ret != 0) 97 return (ret); 98 99 return (0); 100 }
Cache object: fa8c4b0aca25197b63f6093e278918c9
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]