logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0001-Port-to-BearSSL.patch (2470B)


  1. From 2bd6f119c41de4e0f1db37f6ad799d0e08e1fbd6 Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Tue, 17 Jan 2023 12:01:13 -0800
  4. Subject: [PATCH] Port to BearSSL
  5. ---
  6. lib/libzfs/libzfs_crypto.c | 52 ++++++++++++++++++++++++++++++--------
  7. 1 file changed, 42 insertions(+), 10 deletions(-)
  8. diff --git a/lib/libzfs/libzfs_crypto.c b/lib/libzfs/libzfs_crypto.c
  9. index 93dfa9cbc..1ee5d3f07 100644
  10. --- a/lib/libzfs/libzfs_crypto.c
  11. +++ b/lib/libzfs/libzfs_crypto.c
  12. @@ -25,7 +25,7 @@
  13. #include <termios.h>
  14. #include <signal.h>
  15. #include <errno.h>
  16. -#include <openssl/evp.h>
  17. +#include <bearssl.h>
  18. #if LIBFETCH_DYNAMIC
  19. #include <dlfcn.h>
  20. #endif
  21. @@ -773,6 +773,44 @@ error:
  22. return (ret);
  23. }
  24. +static void
  25. +pbkdf2_hmac_sha1(unsigned char *DK, size_t DKlen, const char *P, size_t Plen, const char *S, size_t Slen, int c)
  26. +{
  27. + br_hmac_key_context kc;
  28. + br_hmac_context hmac;
  29. + unsigned char F[br_sha1_SIZE], U[64];
  30. + int j, k;
  31. + unsigned long i;
  32. +
  33. + assert(Slen <= sizeof U - 4);
  34. + br_hmac_key_init(&kc, &br_sha1_vtable, P, Plen);
  35. + for (i = 1;; ++i) {
  36. + memcpy(U, S, Slen);
  37. + U[Slen] = i >> 24;
  38. + U[Slen + 1] = i >> 16;
  39. + U[Slen + 2] = i >> 8;
  40. + U[Slen + 3] = i;
  41. + br_hmac_init(&hmac, &kc, 0);
  42. + br_hmac_update(&hmac, U, Slen + 4);
  43. + br_hmac_out(&hmac, U);
  44. + memcpy(F, U, br_sha1_SIZE);
  45. + for (j = 1; j < c; ++j) {
  46. + br_hmac_init(&hmac, &kc, 0);
  47. + br_hmac_update(&hmac, U, br_sha1_SIZE);
  48. + br_hmac_out(&hmac, U);
  49. + for (k = 0; k < br_sha1_SIZE; k++)
  50. + F[k] ^= U[k];
  51. + }
  52. + if (DKlen < sizeof F) {
  53. + memcpy(DK, F, DKlen);
  54. + break;
  55. + }
  56. + memcpy(DK, F, sizeof F);
  57. + DK += sizeof F;
  58. + DKlen -= sizeof F;
  59. + }
  60. +}
  61. +
  62. static int
  63. derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
  64. uint8_t *key_material, uint64_t salt,
  65. @@ -801,15 +839,9 @@ derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
  66. case ZFS_KEYFORMAT_PASSPHRASE:
  67. salt = LE_64(salt);
  68. - ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,
  69. - strlen((char *)key_material), ((uint8_t *)&salt),
  70. - sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);
  71. - if (ret != 1) {
  72. - ret = EIO;
  73. - zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
  74. - "Failed to generate key from passphrase."));
  75. - goto error;
  76. - }
  77. + pbkdf2_hmac_sha1((unsigned char *)key, WRAPPING_KEY_LEN,
  78. + (char *)key_material, strlen((char *)key_material),
  79. + (char *)&salt, sizeof salt, iters);
  80. break;
  81. default:
  82. ret = EINVAL;
  83. --
  84. 2.44.0