From owner-svn-src-head@FreeBSD.ORG  Fri Aug 10 18:43:30 2012
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5F95A106566B;
	Fri, 10 Aug 2012 18:43:30 +0000 (UTC) (envelope-from pjd@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 3182D8FC14;
	Fri, 10 Aug 2012 18:43:30 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7AIhUDB065016;
	Fri, 10 Aug 2012 18:43:30 GMT (envelope-from pjd@svn.freebsd.org)
Received: (from pjd@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7AIhT6g065014;
	Fri, 10 Aug 2012 18:43:29 GMT (envelope-from pjd@svn.freebsd.org)
Message-Id: <201208101843.q7AIhT6g065014@svn.freebsd.org>
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Fri, 10 Aug 2012 18:43:29 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r239184 - head/sys/geom/eli
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2012 18:43:30 -0000

Author: pjd
Date: Fri Aug 10 18:43:29 2012
New Revision: 239184
URL: http://svn.freebsd.org/changeset/base/239184

Log:
  Always initialize sc_ekey, because as of r238116 it is always used.
  
  If GELI provider was created on FreeBSD HEAD r238116 or later (but before this
  change), it is using very weak keys and the data is not protected.
  The bug was introduced on 4th July 2012.
  
  One can verify if its provider was created with weak keys by running:
  
  	# geli dump <provider> | grep version
  
  If the version is 7 and the system didn't include this fix when provider was
  initialized, then the data has to be backed up, underlying provider overwritten
  with random data, system upgraded and provider recreated.
  
  Reported by:	Fabian Keil <fk@fabiankeil.de>
  Tested by:	Fabian Keil <fk@fabiankeil.de>
  Discussed with:	so
  MFC after:	3 days

Modified:
  head/sys/geom/eli/g_eli_key_cache.c

Modified: head/sys/geom/eli/g_eli_key_cache.c
==============================================================================
--- head/sys/geom/eli/g_eli_key_cache.c	Fri Aug 10 18:19:57 2012	(r239183)
+++ head/sys/geom/eli/g_eli_key_cache.c	Fri Aug 10 18:43:29 2012	(r239184)
@@ -193,24 +193,24 @@ g_eli_key_remove(struct g_eli_softc *sc,
 void
 g_eli_key_init(struct g_eli_softc *sc)
 {
+	uint8_t *mkey;
 
 	mtx_lock(&sc->sc_ekeys_lock);
-	if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) {
-		uint8_t *mkey;
 
-		mkey = sc->sc_mkey + sizeof(sc->sc_ivkey);
+	mkey = sc->sc_mkey + sizeof(sc->sc_ivkey);
+	if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0)
+		bcopy(mkey, sc->sc_ekey, G_ELI_DATAKEYLEN);
+	else {
+		/*
+		 * The encryption key is: ekey = HMAC_SHA512(Data-Key, 0x10)
+		 */
+		g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1,
+		    sc->sc_ekey, 0);
+	}
 
+	if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) {
 		sc->sc_ekeys_total = 1;
 		sc->sc_ekeys_allocated = 0;
-		if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0)
-			bcopy(mkey, sc->sc_ekey, G_ELI_DATAKEYLEN);
-		else {
-			/*
-			 * The encryption key is: ekey = HMAC_SHA512(Data-Key, 0x10)
-			 */
-			g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1,
-			    sc->sc_ekey, 0);
-		}
 	} else {
 		off_t mediasize;
 		size_t blocksize;
@@ -241,6 +241,7 @@ g_eli_key_init(struct g_eli_softc *sc)
 			    (uintmax_t)sc->sc_ekeys_allocated));
 		}
 	}
+
 	mtx_unlock(&sc->sc_ekeys_lock);
 }