Date: Fri, 10 Aug 2012 18:43:29 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r239184 - head/sys/geom/eli Message-ID: <201208101843.q7AIhT6g065014@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pjd Date: Fri Aug 10 18:43:29 2012 New Revision: 239184 URL: http://svn.freebsd.org/changeset/base/239184 Log: Always initialize sc_ekey, because as of r238116 it is always used. If GELI provider was created on FreeBSD HEAD r238116 or later (but before this change), it is using very weak keys and the data is not protected. The bug was introduced on 4th July 2012. One can verify if its provider was created with weak keys by running: # geli dump <provider> | grep version If the version is 7 and the system didn't include this fix when provider was initialized, then the data has to be backed up, underlying provider overwritten with random data, system upgraded and provider recreated. Reported by: Fabian Keil <fk@fabiankeil.de> Tested by: Fabian Keil <fk@fabiankeil.de> Discussed with: so MFC after: 3 days Modified: head/sys/geom/eli/g_eli_key_cache.c Modified: head/sys/geom/eli/g_eli_key_cache.c ============================================================================== --- head/sys/geom/eli/g_eli_key_cache.c Fri Aug 10 18:19:57 2012 (r239183) +++ head/sys/geom/eli/g_eli_key_cache.c Fri Aug 10 18:43:29 2012 (r239184) @@ -193,24 +193,24 @@ g_eli_key_remove(struct g_eli_softc *sc, void g_eli_key_init(struct g_eli_softc *sc) { + uint8_t *mkey; mtx_lock(&sc->sc_ekeys_lock); - if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) { - uint8_t *mkey; - mkey = sc->sc_mkey + sizeof(sc->sc_ivkey); + mkey = sc->sc_mkey + sizeof(sc->sc_ivkey); + if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0) + bcopy(mkey, sc->sc_ekey, G_ELI_DATAKEYLEN); + else { + /* + * The encryption key is: ekey = HMAC_SHA512(Data-Key, 0x10) + */ + g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1, + sc->sc_ekey, 0); + } + if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) { sc->sc_ekeys_total = 1; sc->sc_ekeys_allocated = 0; - if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0) - bcopy(mkey, sc->sc_ekey, G_ELI_DATAKEYLEN); - else { - /* - * The encryption key is: ekey = HMAC_SHA512(Data-Key, 0x10) - */ - g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1, - sc->sc_ekey, 0); - } } else { off_t mediasize; size_t blocksize; @@ -241,6 +241,7 @@ g_eli_key_init(struct g_eli_softc *sc) (uintmax_t)sc->sc_ekeys_allocated)); } } + mtx_unlock(&sc->sc_ekeys_lock); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208101843.q7AIhT6g065014>