diff options
| author | pjd <pjd@FreeBSD.org> | 2012-08-10 18:43:29 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2012-08-10 18:43:29 +0000 |
| commit | 50fe3717a6a062e999254b82b00c757ffca8f8ad (patch) | |
| tree | 57d9fc1ade18024ce1e3cf8aa4ede071116e2209 /sys/geom | |
| parent | d8898a45d742f78af7f61c3cbf0447277f2f2ac4 (diff) | |
| download | FreeBSD-src-50fe3717a6a062e999254b82b00c757ffca8f8ad.zip FreeBSD-src-50fe3717a6a062e999254b82b00c757ffca8f8ad.tar.gz | |
Always initialize sc_ekey, because as of r238116 it is always used.
If GELI provider was created on FreeBSD HEAD r238116 or later (but before this
change), it is using very weak keys and the data is not protected.
The bug was introduced on 4th July 2012.
One can verify if its provider was created with weak keys by running:
# geli dump <provider> | grep version
If the version is 7 and the system didn't include this fix when provider was
initialized, then the data has to be backed up, underlying provider overwritten
with random data, system upgraded and provider recreated.
Reported by: Fabian Keil <fk@fabiankeil.de>
Tested by: Fabian Keil <fk@fabiankeil.de>
Discussed with: so
MFC after: 3 days
Diffstat (limited to 'sys/geom')
| -rw-r--r-- | sys/geom/eli/g_eli_key_cache.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/sys/geom/eli/g_eli_key_cache.c b/sys/geom/eli/g_eli_key_cache.c index d7158e4..9530495 100644 --- a/sys/geom/eli/g_eli_key_cache.c +++ b/sys/geom/eli/g_eli_key_cache.c @@ -193,24 +193,24 @@ g_eli_key_remove(struct g_eli_softc *sc, struct g_eli_key *key) void g_eli_key_init(struct g_eli_softc *sc) { + uint8_t *mkey; mtx_lock(&sc->sc_ekeys_lock); - if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) { - uint8_t *mkey; - mkey = sc->sc_mkey + sizeof(sc->sc_ivkey); + mkey = sc->sc_mkey + sizeof(sc->sc_ivkey); + if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0) + bcopy(mkey, sc->sc_ekey, G_ELI_DATAKEYLEN); + else { + /* + * The encryption key is: ekey = HMAC_SHA512(Data-Key, 0x10) + */ + g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1, + sc->sc_ekey, 0); + } + if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) { sc->sc_ekeys_total = 1; sc->sc_ekeys_allocated = 0; - if ((sc->sc_flags & G_ELI_FLAG_AUTH) == 0) - bcopy(mkey, sc->sc_ekey, G_ELI_DATAKEYLEN); - else { - /* - * The encryption key is: ekey = HMAC_SHA512(Data-Key, 0x10) - */ - g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1, - sc->sc_ekey, 0); - } } else { off_t mediasize; size_t blocksize; @@ -241,6 +241,7 @@ g_eli_key_init(struct g_eli_softc *sc) (uintmax_t)sc->sc_ekeys_allocated)); } } + mtx_unlock(&sc->sc_ekeys_lock); } |
