From owner-svn-src-stable@freebsd.org Mon Jun 3 21:04:26 2019 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C03D315BE118; Mon, 3 Jun 2019 21:04:25 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4408F6FCC1; Mon, 3 Jun 2019 21:04:25 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1EFC7B98F; Mon, 3 Jun 2019 21:04:25 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x53L4Pwm055525; Mon, 3 Jun 2019 21:04:25 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x53L4ORr055520; Mon, 3 Jun 2019 21:04:24 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201906032104.x53L4ORr055520@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Mon, 3 Jun 2019 21:04:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r348588 - in stable/11: sbin/geom/class/eli sys/geom/eli tests/sys/geom/class/eli X-SVN-Group: stable-11 X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in stable/11: sbin/geom/class/eli sys/geom/eli tests/sys/geom/class/eli X-SVN-Commit-Revision: 348588 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4408F6FCC1 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.97)[-0.975,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jun 2019 21:04:26 -0000 Author: jhb Date: Mon Jun 3 21:04:23 2019 New Revision: 348588 URL: https://svnweb.freebsd.org/changeset/base/348588 Log: MFC 348206,348231,348454: GELI crypto deprecation warnings. 348206: Add deprecation warnings for weaker algorithms to geli(4). - Triple DES has been formally deprecated in Kerberos (RFC 8429) and is soon to be deprecated in IPsec (RFC 8221). - Blowfish is deprecated. FreeBSD doesn't support its successor (Twofish). - MD5 is generally considered a weak digest that has known attacks. geli refuses to create new volumes using these algorithms via 'geli init'. It also warns when attaching to existing volumes or creating temporary volumes via 'geli onetime' . The plan is to fully remove support for these algorithms in FreeBSD 13. Note that none of these algorithms have ever been the default algorithm used by geli(8). Users would have had to explicitly select these algorithms when creating volumes in the past. 348231: Correct the argument passed to g_eli_algo2str() 348454: Remove tests for the deprecated algorithms in r348206 The tests are failing because the return value and output have changed, but before test code structure adjusted, removing these test cases help people be able to focus on more important cases. Approved by: re (gjb) Relnotes: yes Modified: stable/11/sbin/geom/class/eli/geli.8 stable/11/sbin/geom/class/eli/geom_eli.c stable/11/sys/geom/eli/g_eli.c stable/11/tests/sys/geom/class/eli/conf.sh stable/11/tests/sys/geom/class/eli/init_test.sh Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/geom/class/eli/geli.8 ============================================================================== --- stable/11/sbin/geom/class/eli/geli.8 Mon Jun 3 21:03:28 2019 (r348587) +++ stable/11/sbin/geom/class/eli/geli.8 Mon Jun 3 21:04:23 2019 (r348588) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 9, 2018 +.Dd May 23, 2019 .Dt GELI 8 .Os .Sh NAME @@ -856,6 +856,18 @@ specified in .El .Sh EXIT STATUS Exit status is 0 on success, and 1 if the command fails. +.Sh DEPRECATION NOTICE +Support for the +.Nm Blowfish-CBC +and +.Nm 3DES-CBC +cryptographic algorithms and +.Nm HMAC/MD5 +authentication algorithm will be removed in +.Fx 13.0 . +New volumes cannot be created using these algorithms. +Existing volumes should be migrated to a new volume that uses +non-deprecated algorithms. .Sh EXAMPLES Initialize a provider which is going to be encrypted with a passphrase and random data from a file on the user's pen drive. @@ -1089,7 +1101,7 @@ utility appeared in .Fx 6.0 . Support for the .Nm Camellia -block cipher is implemented by Yoshisato Yanagisawa in +block cipher was implemented by Yoshisato Yanagisawa in .Fx 7.0 . .Pp Highest Modified: stable/11/sbin/geom/class/eli/geom_eli.c ============================================================================== --- stable/11/sbin/geom/class/eli/geom_eli.c Mon Jun 3 21:03:28 2019 (r348587) +++ stable/11/sbin/geom/class/eli/geom_eli.c Mon Jun 3 21:04:23 2019 (r348588) @@ -781,6 +781,22 @@ eli_init(struct gctl_req *req) return; } } + if (md.md_flags & G_ELI_FLAG_AUTH) { + switch (md.md_aalgo) { + case CRYPTO_MD5_HMAC: + gctl_error(req, + "The %s authentication algorithm is deprecated.", + g_eli_algo2str(md.md_aalgo)); + return; + } + } + switch (md.md_ealgo) { + case CRYPTO_3DES_CBC: + case CRYPTO_BLF_CBC: + gctl_error(req, "The %s encryption algorithm is deprecated.", + g_eli_algo2str(md.md_ealgo)); + return; + } val = gctl_get_intmax(req, "keylen"); md.md_keylen = val; md.md_keylen = g_eli_keylen(md.md_ealgo, md.md_keylen); Modified: stable/11/sys/geom/eli/g_eli.c ============================================================================== --- stable/11/sys/geom/eli/g_eli.c Mon Jun 3 21:03:28 2019 (r348587) +++ stable/11/sys/geom/eli/g_eli.c Mon Jun 3 21:04:23 2019 (r348588) @@ -873,8 +873,25 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, G_ELI_DEBUG(0, "Device %s created.", pp->name); G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo), sc->sc_ekeylen); - if (sc->sc_flags & G_ELI_FLAG_AUTH) + switch (sc->sc_ealgo) { + case CRYPTO_3DES_CBC: + gone_in(13, + "support for GEOM_ELI volumes encrypted with 3des"); + break; + case CRYPTO_BLF_CBC: + gone_in(13, + "support for GEOM_ELI volumes encrypted with blowfish"); + break; + } + if (sc->sc_flags & G_ELI_FLAG_AUTH) { G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo)); + switch (sc->sc_aalgo) { + case CRYPTO_MD5_HMAC: + gone_in(13, + "support for GEOM_ELI volumes authenticated with hmac/md5"); + break; + } + } G_ELI_DEBUG(0, " Crypto: %s", sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware"); return (gp); Modified: stable/11/tests/sys/geom/class/eli/conf.sh ============================================================================== --- stable/11/tests/sys/geom/class/eli/conf.sh Mon Jun 3 21:03:28 2019 (r348587) +++ stable/11/tests/sys/geom/class/eli/conf.sh Mon Jun 3 21:04:23 2019 (r348588) @@ -37,15 +37,10 @@ for_each_geli_config() { for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ - 3des-cbc:192 \ - blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 \ - blowfish-cbc:224 blowfish-cbc:256 blowfish-cbc:288 \ - blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \ - blowfish-cbc:416 blowfish-cbc:448 \ camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} - for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 \ + for aalgo in hmac/sha1 hmac/ripemd160 hmac/sha256 \ hmac/sha384 hmac/sha512; do for secsize in 512 1024 2048 4096 $MAX_SECSIZE; do ${func} $cipher $aalgo $secsize @@ -66,11 +61,6 @@ for_each_geli_config_nointegrity() { md=$(attach_md -t malloc -s $bytes) for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ - 3des-cbc:192 \ - blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 \ - blowfish-cbc:224 blowfish-cbc:256 blowfish-cbc:288 \ - blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \ - blowfish-cbc:416 blowfish-cbc:448 \ camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} Modified: stable/11/tests/sys/geom/class/eli/init_test.sh ============================================================================== --- stable/11/tests/sys/geom/class/eli/init_test.sh Mon Jun 3 21:03:28 2019 (r348587) +++ stable/11/tests/sys/geom/class/eli/init_test.sh Mon Jun 3 21:04:23 2019 (r348588) @@ -308,13 +308,6 @@ init_alias_body() atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \ - 3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \ - blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \ - blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \ - blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \ - blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \ - blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \ - blowfish:448:Blowfish-CBC:448 \ camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \ camellia:256:CAMELLIA-CBC:256 ; do