diff options
author | pjd <pjd@FreeBSD.org> | 2010-09-23 11:58:36 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2010-09-23 11:58:36 +0000 |
commit | 32404b11979d7d886c84895c1b0b06b8c9469715 (patch) | |
tree | 73db891c07464764eacc7abbb29cff5603bdcf11 /sys/geom/eli/g_eli_crypto.c | |
parent | 419759c0891b860115ff2a5b26f97d64cb7ec91e (diff) | |
download | FreeBSD-src-32404b11979d7d886c84895c1b0b06b8c9469715.zip FreeBSD-src-32404b11979d7d886c84895c1b0b06b8c9469715.tar.gz |
Add support for AES-XTS. This will be the default now.
MFC after: 1 week
Diffstat (limited to 'sys/geom/eli/g_eli_crypto.c')
-rw-r--r-- | sys/geom/eli/g_eli_crypto.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/geom/eli/g_eli_crypto.c b/sys/geom/eli/g_eli_crypto.c index b247efc..ac8c571 100644 --- a/sys/geom/eli/g_eli_crypto.c +++ b/sys/geom/eli/g_eli_crypto.c @@ -69,6 +69,9 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize, u_char *p; int error; + KASSERT(algo != CRYPTO_AES_XTS, + ("%s: CRYPTO_AES_XTS unexpected here", __func__)); + bzero(&cri, sizeof(cri)); cri.cri_alg = algo; cri.cri_key = __DECONST(void *, key); @@ -136,6 +139,8 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize, u_char iv[keysize]; int outsize; + assert(algo != CRYPTO_AES_XTS); + switch (algo) { case CRYPTO_NULL_CBC: type = EVP_enc_null(); @@ -212,6 +217,10 @@ g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize, const u_char *key, size_t keysize) { + /* We prefer AES-CBC for metadata protection. */ + if (algo == CRYPTO_AES_XTS) + algo = CRYPTO_AES_CBC; + return (g_eli_crypto_cipher(algo, 1, data, datasize, key, keysize)); } @@ -220,6 +229,10 @@ g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize, const u_char *key, size_t keysize) { + /* We prefer AES-CBC for metadata protection. */ + if (algo == CRYPTO_AES_XTS) + algo = CRYPTO_AES_CBC; + return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize)); } |