From owner-svn-src-all@freebsd.org Wed Apr 15 00:14:52 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AAC092CDA57; Wed, 15 Apr 2020 00:14:52 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4922t43q9cz40lq; Wed, 15 Apr 2020 00:14:52 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7E228E1A0; Wed, 15 Apr 2020 00:14:52 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03F0EqA2039767; Wed, 15 Apr 2020 00:14:52 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03F0EpQt039761; Wed, 15 Apr 2020 00:14:51 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202004150014.03F0EpQt039761@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Wed, 15 Apr 2020 00:14:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r359945 - in head: lib/geom/eli sys/geom/eli X-SVN-Group: head X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in head: lib/geom/eli sys/geom/eli X-SVN-Commit-Revision: 359945 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Apr 2020 00:14:52 -0000 Author: jhb Date: Wed Apr 15 00:14:50 2020 New Revision: 359945 URL: https://svnweb.freebsd.org/changeset/base/359945 Log: Remove support for geli(4) algorithms deprecated in r348206. This removes support for reading and writing volumes using the following algorithms: - Triple DES - Blowfish - MD5 HMAC integrity In addition, this commit adds an explicit whitelist of supported algorithms to give a better error message when an invalid or unsupported algorithm is used by an existing volume. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24343 Modified: head/lib/geom/eli/geli.8 head/lib/geom/eli/geom_eli.c head/sys/geom/eli/g_eli.c head/sys/geom/eli/g_eli.h head/sys/geom/eli/g_eli_crypto.c head/sys/geom/eli/g_eli_ctl.c Modified: head/lib/geom/eli/geli.8 ============================================================================== --- head/lib/geom/eli/geli.8 Tue Apr 14 23:36:03 2020 (r359944) +++ head/lib/geom/eli/geli.8 Wed Apr 15 00:14:50 2020 (r359945) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 19, 2020 +.Dd April 14, 2020 .Dt GELI 8 .Os .Sh NAME @@ -172,14 +172,11 @@ will make use of it automatically. Supports many cryptographic algorithms (currently .Nm AES-XTS , .Nm AES-CBC , -.Nm Blowfish-CBC , -.Nm Camellia-CBC and -.Nm 3DES-CBC ) . +.Nm Camellia-CBC ) . .It Can optionally perform data authentication (integrity verification) utilizing one of the following algorithms: -.Nm HMAC/MD5 , .Nm HMAC/SHA1 , .Nm HMAC/RIPEMD160 , .Nm HMAC/SHA256 , @@ -259,7 +256,6 @@ For example, when using 4096 bytes sector and .Nm HMAC/SHA256 algorithm, 89% of the original provider storage will be available for use. Currently supported algorithms are: -.Nm HMAC/MD5 , .Nm HMAC/SHA1 , .Nm HMAC/RIPEMD160 , .Nm HMAC/SHA256 , @@ -303,9 +299,7 @@ Encryption algorithm to use. Currently supported algorithms are: .Nm AES-XTS , .Nm AES-CBC , -.Nm Blowfish-CBC , .Nm Camellia-CBC , -.Nm 3DES-CBC , and .Nm NULL . The default and recommended algorithm is @@ -359,11 +353,6 @@ key length. .Em 128 , 192, 256 -.It Nm Blowfish-CBC -.Em 128 -+ n * 32, for n=[0..10] -.It Nm 3DES-CBC -.Em 192 .El .It Fl P Do not use a passphrase as a component of the User Key. @@ -901,18 +890,6 @@ specified in .El .Sh EXIT STATUS Exit status is 0 on success, and 1 if the command fails. -.Sh DEPRECATION NOTICE -Support for the -.Nm Blowfish-CBC -and -.Nm 3DES-CBC -cryptographic algorithms and -.Nm HMAC/MD5 -authentication algorithm will be removed in -.Fx 13.0 . -New volumes cannot be created using these algorithms. -Existing volumes should be migrated to a new volume that uses -non-deprecated algorithms. .Sh EXAMPLES Initialize a provider which is going to be encrypted with a passphrase and random data from a file on the user's pen drive. @@ -967,7 +944,7 @@ Reenter new passphrase: Encrypted swap partition setup: .Bd -literal -offset indent # dd if=/dev/random of=/dev/ada0s1b bs=1m -# geli onetime -d -e 3des ada0s1b +# geli onetime -d ada0s1b # swapon /dev/ada0s1b.eli .Ed .Pp Modified: head/lib/geom/eli/geom_eli.c ============================================================================== --- head/lib/geom/eli/geom_eli.c Tue Apr 14 23:36:03 2020 (r359944) +++ head/lib/geom/eli/geom_eli.c Wed Apr 15 00:14:50 2020 (r359945) @@ -805,22 +805,6 @@ eli_init(struct gctl_req *req) return; } } - if (md.md_flags & G_ELI_FLAG_AUTH) { - switch (md.md_aalgo) { - case CRYPTO_MD5_HMAC: - gctl_error(req, - "The %s authentication algorithm is deprecated.", - g_eli_algo2str(md.md_aalgo)); - return; - } - } - switch (md.md_ealgo) { - case CRYPTO_3DES_CBC: - case CRYPTO_BLF_CBC: - gctl_error(req, "The %s encryption algorithm is deprecated.", - g_eli_algo2str(md.md_ealgo)); - return; - } val = gctl_get_intmax(req, "keylen"); md.md_keylen = val; md.md_keylen = g_eli_keylen(md.md_ealgo, md.md_keylen); Modified: head/sys/geom/eli/g_eli.c ============================================================================== --- head/sys/geom/eli/g_eli.c Tue Apr 14 23:36:03 2020 (r359944) +++ head/sys/geom/eli/g_eli.c Wed Apr 15 00:14:50 2020 (r359945) @@ -847,6 +847,8 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, int dcw, error; G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX); + KASSERT(eli_metadata_crypto_supported(md), + ("%s: unsupported crypto for %s", __func__, bpp->name)); gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX); sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO); @@ -975,25 +977,8 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, G_ELI_DEBUG(0, "Device %s created.", pp->name); G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo), sc->sc_ekeylen); - switch (sc->sc_ealgo) { - case CRYPTO_3DES_CBC: - gone_in(13, - "support for GEOM_ELI volumes encrypted with 3des"); - break; - case CRYPTO_BLF_CBC: - gone_in(13, - "support for GEOM_ELI volumes encrypted with blowfish"); - break; - } - if (sc->sc_flags & G_ELI_FLAG_AUTH) { + if (sc->sc_flags & G_ELI_FLAG_AUTH) G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo)); - switch (sc->sc_aalgo) { - case CRYPTO_MD5_HMAC: - gone_in(13, - "support for GEOM_ELI volumes authenticated with hmac/md5"); - break; - } - } G_ELI_DEBUG(0, " Crypto: %s", sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware"); return (gp); @@ -1188,6 +1173,11 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, return (NULL); if (md.md_keys == 0x00) { G_ELI_DEBUG(0, "No valid keys on %s.", pp->name); + return (NULL); + } + if (!eli_metadata_crypto_supported(&md)) { + G_ELI_DEBUG(0, "%s uses invalid or unsupported algorithms\n", + pp->name); return (NULL); } if (md.md_iterations == -1) { Modified: head/sys/geom/eli/g_eli.h ============================================================================== --- head/sys/geom/eli/g_eli.h Tue Apr 14 23:36:03 2020 (r359944) +++ head/sys/geom/eli/g_eli.h Wed Apr 15 00:14:50 2020 (r359945) @@ -417,18 +417,10 @@ g_eli_str2ealgo(const char *name) return (CRYPTO_AES_CBC); else if (strcasecmp("aes-xts", name) == 0) return (CRYPTO_AES_XTS); - else if (strcasecmp("blowfish", name) == 0) - return (CRYPTO_BLF_CBC); - else if (strcasecmp("blowfish-cbc", name) == 0) - return (CRYPTO_BLF_CBC); else if (strcasecmp("camellia", name) == 0) return (CRYPTO_CAMELLIA_CBC); else if (strcasecmp("camellia-cbc", name) == 0) return (CRYPTO_CAMELLIA_CBC); - else if (strcasecmp("3des", name) == 0) - return (CRYPTO_3DES_CBC); - else if (strcasecmp("3des-cbc", name) == 0) - return (CRYPTO_3DES_CBC); return (CRYPTO_ALGORITHM_MIN - 1); } @@ -436,9 +428,7 @@ static __inline u_int g_eli_str2aalgo(const char *name) { - if (strcasecmp("hmac/md5", name) == 0) - return (CRYPTO_MD5_HMAC); - else if (strcasecmp("hmac/sha1", name) == 0) + if (strcasecmp("hmac/sha1", name) == 0) return (CRYPTO_SHA1_HMAC); else if (strcasecmp("hmac/ripemd160", name) == 0) return (CRYPTO_RIPEMD160_HMAC); @@ -462,14 +452,8 @@ g_eli_algo2str(u_int algo) return ("AES-CBC"); case CRYPTO_AES_XTS: return ("AES-XTS"); - case CRYPTO_BLF_CBC: - return ("Blowfish-CBC"); case CRYPTO_CAMELLIA_CBC: return ("CAMELLIA-CBC"); - case CRYPTO_3DES_CBC: - return ("3DES-CBC"); - case CRYPTO_MD5_HMAC: - return ("HMAC/MD5"); case CRYPTO_SHA1_HMAC: return ("HMAC/SHA1"); case CRYPTO_RIPEMD160_HMAC: @@ -522,6 +506,36 @@ eli_metadata_dump(const struct g_eli_metadata *md) printf(" MD5 hash: %s\n", str); } +#ifdef _KERNEL +static bool +eli_metadata_crypto_supported(const struct g_eli_metadata *md) +{ + + switch (md->md_ealgo) { + case CRYPTO_NULL_CBC: + case CRYPTO_AES_CBC: + case CRYPTO_CAMELLIA_CBC: + case CRYPTO_AES_XTS: + break; + default: + return (false); + } + if (md->md_flags & G_ELI_FLAG_AUTH) { + switch (md->md_aalgo) { + case CRYPTO_SHA1_HMAC: + case CRYPTO_RIPEMD160_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: + break; + default: + return (false); + } + } + return (true); +} +#endif + static __inline u_int g_eli_keylen(u_int algo, u_int keylen) { @@ -557,18 +571,6 @@ g_eli_keylen(u_int algo, u_int keylen) default: return (0); } - case CRYPTO_BLF_CBC: - if (keylen == 0) - return (128); - if (keylen < 128 || keylen > 448) - return (0); - if ((keylen % 32) != 0) - return (0); - return (keylen); - case CRYPTO_3DES_CBC: - if (keylen == 0 || keylen == 192) - return (192); - return (0); default: return (0); } @@ -583,12 +585,8 @@ g_eli_ivlen(u_int algo) return (AES_XTS_IV_LEN); case CRYPTO_AES_CBC: return (AES_BLOCK_LEN); - case CRYPTO_BLF_CBC: - return (BLOWFISH_BLOCK_LEN); case CRYPTO_CAMELLIA_CBC: return (CAMELLIA_BLOCK_LEN); - case CRYPTO_3DES_CBC: - return (DES3_BLOCK_LEN); } return (0); } @@ -598,8 +596,6 @@ g_eli_hashlen(u_int algo) { switch (algo) { - case CRYPTO_MD5_HMAC: - return (16); case CRYPTO_SHA1_HMAC: return (20); case CRYPTO_RIPEMD160_HMAC: Modified: head/sys/geom/eli/g_eli_crypto.c ============================================================================== --- head/sys/geom/eli/g_eli_crypto.c Tue Apr 14 23:36:03 2020 (r359944) +++ head/sys/geom/eli/g_eli_crypto.c Wed Apr 15 00:14:50 2020 (r359945) @@ -138,9 +138,6 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, return (EINVAL); } break; - case CRYPTO_BLF_CBC: - type = EVP_bf_cbc(); - break; #ifndef OPENSSL_NO_CAMELLIA case CRYPTO_CAMELLIA_CBC: switch (keysize) { @@ -158,9 +155,6 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, } break; #endif - case CRYPTO_3DES_CBC: - type = EVP_des_ede3_cbc(); - break; default: return (EINVAL); } Modified: head/sys/geom/eli/g_eli_ctl.c ============================================================================== --- head/sys/geom/eli/g_eli_ctl.c Tue Apr 14 23:36:03 2020 (r359944) +++ head/sys/geom/eli/g_eli_ctl.c Wed Apr 15 00:14:50 2020 (r359945) @@ -138,6 +138,11 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class gctl_error(req, "No valid keys on %s.", pp->name); return; } + if (!eli_metadata_crypto_supported(&md)) { + explicit_bzero(&md, sizeof(md)); + gctl_error(req, "Invalid or unsupported algorithms."); + return; + } key = gctl_get_param(req, "key", &keysize); if (key == NULL || keysize != G_ELI_USERKEYLEN) {