From owner-svn-src-all@FreeBSD.ORG Tue Sep 16 16:10:14 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 147BA19C for ; Tue, 16 Sep 2014 16:10:14 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E687034E for ; Tue, 16 Sep 2014 16:10:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s8GGADuh088966 for ; Tue, 16 Sep 2014 16:10:13 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s8GGADdI088962 for svn-src-all@freebsd.org; Tue, 16 Sep 2014 16:10:13 GMT (envelope-from bdrewery) Received: (qmail 72404 invoked from network); 16 Sep 2014 11:10:09 -0500 Received: from unknown (HELO blah) (freebsd@shatow.net@10.10.1.90) by sweb.xzibition.com with ESMTPA; 16 Sep 2014 11:10:09 -0500 Message-ID: <541860E1.30800@FreeBSD.org> Date: Tue, 16 Sep 2014 11:10:09 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Colin Percival , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org, Glen Barber Subject: Re: svn commit: r271664 - head/sys/geom/eli References: <201409160840.s8G8eqR7033140@svn.freebsd.org> In-Reply-To: <201409160840.s8G8eqR7033140@svn.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2014 16:10:14 -0000 Relnotes: yes! On 9/16/14, 3:40 AM, Colin Percival wrote: > Author: cperciva > Date: Tue Sep 16 08:40:52 2014 > New Revision: 271664 > URL: http://svnweb.freebsd.org/changeset/base/271664 > > Log: > Cache GELI passphrases entered at the console during the boot process, > in order to improve user-friendliness when a system has multiple disks > encrypted using the same passphrase. > > When examining a new GELI provider, the most recently used passphrase > will be attempted before prompting for a passphrase; and whenever a > passphrase is entered, it is cached for later reference. When the root > disk is mounted, the cached passphrase is zeroed (triggered by the > "mountroot" event), in order to minimize the possibility of leakage > of passphrases. (After root is mounted, the "taste and prompt for > passphrases on the console" code path is disabled, so there is no > potential for a passphrase to be stored after the zeroing takes place.) > > This behaviour can be disabled by setting kern.geom.eli.boot_passcache=0. > > Reviewed by: pjd, dteske, allanjude > MFC after: 7 days > > Modified: > head/sys/geom/eli/g_eli.c > > Modified: head/sys/geom/eli/g_eli.c > ============================================================================== > --- head/sys/geom/eli/g_eli.c Tue Sep 16 05:45:38 2014 (r271663) > +++ head/sys/geom/eli/g_eli.c Tue Sep 16 08:40:52 2014 (r271664) > @@ -82,6 +82,24 @@ u_int g_eli_batch = 0; > SYSCTL_UINT(_kern_geom_eli, OID_AUTO, batch, CTLFLAG_RWTUN, &g_eli_batch, 0, > "Use crypto operations batching"); > > +/* > + * Passphrase cached during boot, in order to be more user-friendly if > + * there are multiple providers using the same passphrase. > + */ > +static char cached_passphrase[256]; > +static u_int g_eli_boot_passcache = 1; > +TUNABLE_INT("kern.geom.eli.boot_passcache", &g_eli_boot_passcache); > +SYSCTL_UINT(_kern_geom_eli, OID_AUTO, boot_passcache, CTLFLAG_RD, > + &g_eli_boot_passcache, 0, > + "Passphrases are cached during boot process for possible reuse"); > +static void > +zero_boot_passcache(void * dummy) > +{ > + > + memset(cached_passphrase, 0, sizeof(cached_passphrase)); > +} > +EVENTHANDLER_DEFINE(mountroot, zero_boot_passcache, NULL, 0); > + > static eventhandler_tag g_eli_pre_sync = NULL; > > static int g_eli_destroy_geom(struct gctl_req *req, struct g_class *mp, > @@ -1059,7 +1077,7 @@ g_eli_taste(struct g_class *mp, struct g > tries = g_eli_tries; > } > > - for (i = 0; i < tries; i++) { > + for (i = 0; i <= tries; i++) { > g_eli_crypto_hmac_init(&ctx, NULL, 0); > > /* > @@ -1083,9 +1101,19 @@ g_eli_taste(struct g_class *mp, struct g > > /* Ask for the passphrase if defined. */ > if (md.md_iterations >= 0) { > - printf("Enter passphrase for %s: ", pp->name); > - cngets(passphrase, sizeof(passphrase), > - g_eli_visible_passphrase); > + /* Try first with cached passphrase. */ > + if (i == 0) { > + if (!g_eli_boot_passcache) > + continue; > + memcpy(passphrase, cached_passphrase, > + sizeof(passphrase)); > + } else { > + printf("Enter passphrase for %s: ", pp->name); > + cngets(passphrase, sizeof(passphrase), > + g_eli_visible_passphrase); > + memcpy(cached_passphrase, passphrase, > + sizeof(passphrase)); > + } > } > > /* > @@ -1115,15 +1143,18 @@ g_eli_taste(struct g_class *mp, struct g > error = g_eli_mkey_decrypt(&md, key, mkey, &nkey); > bzero(key, sizeof(key)); > if (error == -1) { > - if (i == tries - 1) { > + if (i == tries) { > G_ELI_DEBUG(0, > "Wrong key for %s. No tries left.", > pp->name); > g_eli_keyfiles_clear(pp->name); > return (NULL); > } > - G_ELI_DEBUG(0, "Wrong key for %s. Tries left: %u.", > - pp->name, tries - i - 1); > + if (i > 0) { > + G_ELI_DEBUG(0, > + "Wrong key for %s. Tries left: %u.", > + pp->name, tries - i); > + } > /* Try again. */ > continue; > } else if (error > 0) { > -- Regards, Bryan Drewery