logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0001-Port-to-BearSSL.patch (2470B)

    

  1. From 2bd6f119c41de4e0f1db37f6ad799d0e08e1fbd6 Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Tue, 17 Jan 2023 12:01:13 -0800
  4. Subject: [PATCH] Port to BearSSL
  6. ---
  7.  lib/libzfs/libzfs_crypto.c | 52 ++++++++++++++++++++++++++++++--------
  8.  1 file changed, 42 insertions(+), 10 deletions(-)
  10. diff --git a/lib/libzfs/libzfs_crypto.c b/lib/libzfs/libzfs_crypto.c
  11. index 93dfa9cbc..1ee5d3f07 100644
  12. --- a/lib/libzfs/libzfs_crypto.c
  13. +++ b/lib/libzfs/libzfs_crypto.c
  14. @@ -25,7 +25,7 @@
  15.  #include <termios.h>
  16.  #include <signal.h>
  17.  #include <errno.h>
  18. -#include <openssl/evp.h>
  19. +#include <bearssl.h>
  20.  #if LIBFETCH_DYNAMIC
  21.  #include <dlfcn.h>
  22.  #endif
  23. @@ -773,6 +773,44 @@ error:
  24.  	return (ret);
  25.  }
  26.  
  27. +static void
  28. +pbkdf2_hmac_sha1(unsigned char *DK, size_t DKlen, const char *P, size_t Plen, const char *S, size_t Slen, int c)
  29. +{
  30. +	br_hmac_key_context kc;
  31. +	br_hmac_context hmac;
  32. +	unsigned char F[br_sha1_SIZE], U[64];
  33. +	int j, k;
  34. +	unsigned long i;
  35. +
  36. +	assert(Slen <= sizeof U - 4);
  37. +	br_hmac_key_init(&kc, &br_sha1_vtable, P, Plen);
  38. +	for (i = 1;; ++i) {
  39. +		memcpy(U, S, Slen);
  40. +		U[Slen] = i >> 24;
  41. +		U[Slen + 1] = i >> 16;
  42. +		U[Slen + 2] = i >> 8;
  43. +		U[Slen + 3] = i;
  44. +		br_hmac_init(&hmac, &kc, 0);
  45. +		br_hmac_update(&hmac, U, Slen + 4);
  46. +		br_hmac_out(&hmac, U);
  47. +		memcpy(F, U, br_sha1_SIZE);
  48. +		for (j = 1; j < c; ++j) {
  49. +			br_hmac_init(&hmac, &kc, 0);
  50. +			br_hmac_update(&hmac, U, br_sha1_SIZE);
  51. +			br_hmac_out(&hmac, U);
  52. +			for (k = 0; k < br_sha1_SIZE; k++)
  53. +				F[k] ^= U[k];
  54. +		}
  55. +		if (DKlen < sizeof F) {
  56. +			memcpy(DK, F, DKlen);
  57. +			break;
  58. +		}
  59. +		memcpy(DK, F, sizeof F);
  60. +		DK += sizeof F;
  61. +		DKlen -= sizeof F;
  62. +	}
  63. +}
  64. +
  65.  static int
  66.  derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
  67.      uint8_t *key_material, uint64_t salt,
  68. @@ -801,15 +839,9 @@ derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
  69.  	case ZFS_KEYFORMAT_PASSPHRASE:
  70.  		salt = LE_64(salt);
  71.  
  72. -		ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,
  73. -		    strlen((char *)key_material), ((uint8_t *)&salt),
  74. -		    sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);
  75. -		if (ret != 1) {
  76. -			ret = EIO;
  77. -			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
  78. -			    "Failed to generate key from passphrase."));
  79. -			goto error;
  80. -		}
  81. +		pbkdf2_hmac_sha1((unsigned char *)key, WRAPPING_KEY_LEN,
  82. +		    (char *)key_material, strlen((char *)key_material),
  83. +		    (char *)&salt, sizeof salt, iters);
  84.  		break;
  85.  	default:
  86.  		ret = EINVAL;
  87. -- 
  88. 2.44.0