Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 10 Aug 2012 18:43:29 +0000 (UTC)
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r239184 - head/sys/geom/eli
Message-ID:  <201208101843.q7AIhT6g065014@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: pjd
Date: Fri Aug 10 18:43:29 2012
New Revision: 239184
URL: http://svn.freebsd.org/changeset/base/239184

Log:
  Always initialize sc_ekey, because as of r238116 it is always used.
  
  If GELI provider was created on FreeBSD HEAD r238116 or later (but before this
  change), it is using very weak keys and the data is not protected.
  The bug was introduced on 4th July 2012.
  
  One can verify if its provider was created with weak keys by running:
  
  	# geli dump <provider> | grep version
  
  If the version is 7 and the system didn't include this fix when provider was
  initialized, then the data has to be backed up, underlying provider overwritten
  with random data, system upgraded and provider recreated.
  
  Reported by:	Fabian Keil <fk@fabiankeil.de>
  Tested by:	Fabian Keil <fk@fabiankeil.de>
  Discussed with:	so
  MFC after:	3 days

Modified:
  head/sys/geom/eli/g_eli_key_cache.c

Modified: head/sys/geom/eli/g_eli_key_cache.c
==============================================================================
--- head/sys/geom/eli/g_eli_key_cache.c	Fri Aug 10 18:19:57 2012	(r239183)
+++ head/sys/geom/eli/g_eli_key_cache.c	Fri Aug 10 18:43:29 2012	(r239184)
@@ -193,24 +193,24 @@ g_eli_key_remove(struct g_eli_softc *sc,
 void
 g_eli_key_init(struct g_eli_softc *sc)
 {
+	uint8_t *mkey;
 
 	mtx_lock(&sc->sc_ekeys_lock);
-	if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) {
-		uint8_t *mkey;
 
-		mkey = sc->sc_mkey + sizeof(sc->sc_ivkey);
+	mkey = sc->sc_mkey + sizeof(sc->sc_ivkey);
+	if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0)
+		bcopy(mkey, sc->sc_ekey, G_ELI_DATAKEYLEN);
+	else {
+		/*
+		 * The encryption key is: ekey = HMAC_SHA512(Data-Key, 0x10)
+		 */
+		g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1,
+		    sc->sc_ekey, 0);
+	}
 
+	if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) {
 		sc->sc_ekeys_total = 1;
 		sc->sc_ekeys_allocated = 0;
-		if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0)
-			bcopy(mkey, sc->sc_ekey, G_ELI_DATAKEYLEN);
-		else {
-			/*
-			 * The encryption key is: ekey = HMAC_SHA512(Data-Key, 0x10)
-			 */
-			g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1,
-			    sc->sc_ekey, 0);
-		}
 	} else {
 		off_t mediasize;
 		size_t blocksize;
@@ -241,6 +241,7 @@ g_eli_key_init(struct g_eli_softc *sc)
 			    (uintmax_t)sc->sc_ekeys_allocated));
 		}
 	}
+
 	mtx_unlock(&sc->sc_ekeys_lock);
 }
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208101843.q7AIhT6g065014>