mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-06 17:18:32 +00:00
Remove support for geli(4) algorithms deprecated in r348206.
This removes support for reading and writing volumes using the following algorithms: - Triple DES - Blowfish - MD5 HMAC integrity In addition, this commit adds an explicit whitelist of supported algorithms to give a better error message when an invalid or unsupported algorithm is used by an existing volume. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24343
This commit is contained in:
parent
30b4df2e4a
commit
e2b9919398
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=359945
|
@ -24,7 +24,7 @@
|
||||||
.\"
|
.\"
|
||||||
.\" $FreeBSD$
|
.\" $FreeBSD$
|
||||||
.\"
|
.\"
|
||||||
.Dd March 19, 2020
|
.Dd April 14, 2020
|
||||||
.Dt GELI 8
|
.Dt GELI 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -172,14 +172,11 @@ will make use of it automatically.
|
||||||
Supports many cryptographic algorithms (currently
|
Supports many cryptographic algorithms (currently
|
||||||
.Nm AES-XTS ,
|
.Nm AES-XTS ,
|
||||||
.Nm AES-CBC ,
|
.Nm AES-CBC ,
|
||||||
.Nm Blowfish-CBC ,
|
|
||||||
.Nm Camellia-CBC
|
|
||||||
and
|
and
|
||||||
.Nm 3DES-CBC ) .
|
.Nm Camellia-CBC ) .
|
||||||
.It
|
.It
|
||||||
Can optionally perform data authentication (integrity verification) utilizing
|
Can optionally perform data authentication (integrity verification) utilizing
|
||||||
one of the following algorithms:
|
one of the following algorithms:
|
||||||
.Nm HMAC/MD5 ,
|
|
||||||
.Nm HMAC/SHA1 ,
|
.Nm HMAC/SHA1 ,
|
||||||
.Nm HMAC/RIPEMD160 ,
|
.Nm HMAC/RIPEMD160 ,
|
||||||
.Nm HMAC/SHA256 ,
|
.Nm HMAC/SHA256 ,
|
||||||
|
@ -259,7 +256,6 @@ For example, when using 4096 bytes sector and
|
||||||
.Nm HMAC/SHA256
|
.Nm HMAC/SHA256
|
||||||
algorithm, 89% of the original provider storage will be available for use.
|
algorithm, 89% of the original provider storage will be available for use.
|
||||||
Currently supported algorithms are:
|
Currently supported algorithms are:
|
||||||
.Nm HMAC/MD5 ,
|
|
||||||
.Nm HMAC/SHA1 ,
|
.Nm HMAC/SHA1 ,
|
||||||
.Nm HMAC/RIPEMD160 ,
|
.Nm HMAC/RIPEMD160 ,
|
||||||
.Nm HMAC/SHA256 ,
|
.Nm HMAC/SHA256 ,
|
||||||
|
@ -303,9 +299,7 @@ Encryption algorithm to use.
|
||||||
Currently supported algorithms are:
|
Currently supported algorithms are:
|
||||||
.Nm AES-XTS ,
|
.Nm AES-XTS ,
|
||||||
.Nm AES-CBC ,
|
.Nm AES-CBC ,
|
||||||
.Nm Blowfish-CBC ,
|
|
||||||
.Nm Camellia-CBC ,
|
.Nm Camellia-CBC ,
|
||||||
.Nm 3DES-CBC ,
|
|
||||||
and
|
and
|
||||||
.Nm NULL .
|
.Nm NULL .
|
||||||
The default and recommended algorithm is
|
The default and recommended algorithm is
|
||||||
|
@ -359,11 +353,6 @@ key length.
|
||||||
.Em 128 ,
|
.Em 128 ,
|
||||||
192,
|
192,
|
||||||
256
|
256
|
||||||
.It Nm Blowfish-CBC
|
|
||||||
.Em 128
|
|
||||||
+ n * 32, for n=[0..10]
|
|
||||||
.It Nm 3DES-CBC
|
|
||||||
.Em 192
|
|
||||||
.El
|
.El
|
||||||
.It Fl P
|
.It Fl P
|
||||||
Do not use a passphrase as a component of the User Key.
|
Do not use a passphrase as a component of the User Key.
|
||||||
|
@ -901,18 +890,6 @@ specified in
|
||||||
.El
|
.El
|
||||||
.Sh EXIT STATUS
|
.Sh EXIT STATUS
|
||||||
Exit status is 0 on success, and 1 if the command fails.
|
Exit status is 0 on success, and 1 if the command fails.
|
||||||
.Sh DEPRECATION NOTICE
|
|
||||||
Support for the
|
|
||||||
.Nm Blowfish-CBC
|
|
||||||
and
|
|
||||||
.Nm 3DES-CBC
|
|
||||||
cryptographic algorithms and
|
|
||||||
.Nm HMAC/MD5
|
|
||||||
authentication algorithm will be removed in
|
|
||||||
.Fx 13.0 .
|
|
||||||
New volumes cannot be created using these algorithms.
|
|
||||||
Existing volumes should be migrated to a new volume that uses
|
|
||||||
non-deprecated algorithms.
|
|
||||||
.Sh EXAMPLES
|
.Sh EXAMPLES
|
||||||
Initialize a provider which is going to be encrypted with a
|
Initialize a provider which is going to be encrypted with a
|
||||||
passphrase and random data from a file on the user's pen drive.
|
passphrase and random data from a file on the user's pen drive.
|
||||||
|
@ -967,7 +944,7 @@ Reenter new passphrase:
|
||||||
Encrypted swap partition setup:
|
Encrypted swap partition setup:
|
||||||
.Bd -literal -offset indent
|
.Bd -literal -offset indent
|
||||||
# dd if=/dev/random of=/dev/ada0s1b bs=1m
|
# dd if=/dev/random of=/dev/ada0s1b bs=1m
|
||||||
# geli onetime -d -e 3des ada0s1b
|
# geli onetime -d ada0s1b
|
||||||
# swapon /dev/ada0s1b.eli
|
# swapon /dev/ada0s1b.eli
|
||||||
.Ed
|
.Ed
|
||||||
.Pp
|
.Pp
|
||||||
|
|
|
@ -805,22 +805,6 @@ eli_init(struct gctl_req *req)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (md.md_flags & G_ELI_FLAG_AUTH) {
|
|
||||||
switch (md.md_aalgo) {
|
|
||||||
case CRYPTO_MD5_HMAC:
|
|
||||||
gctl_error(req,
|
|
||||||
"The %s authentication algorithm is deprecated.",
|
|
||||||
g_eli_algo2str(md.md_aalgo));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
switch (md.md_ealgo) {
|
|
||||||
case CRYPTO_3DES_CBC:
|
|
||||||
case CRYPTO_BLF_CBC:
|
|
||||||
gctl_error(req, "The %s encryption algorithm is deprecated.",
|
|
||||||
g_eli_algo2str(md.md_ealgo));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
val = gctl_get_intmax(req, "keylen");
|
val = gctl_get_intmax(req, "keylen");
|
||||||
md.md_keylen = val;
|
md.md_keylen = val;
|
||||||
md.md_keylen = g_eli_keylen(md.md_ealgo, md.md_keylen);
|
md.md_keylen = g_eli_keylen(md.md_ealgo, md.md_keylen);
|
||||||
|
|
|
@ -847,6 +847,8 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp,
|
||||||
int dcw, error;
|
int dcw, error;
|
||||||
|
|
||||||
G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX);
|
G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX);
|
||||||
|
KASSERT(eli_metadata_crypto_supported(md),
|
||||||
|
("%s: unsupported crypto for %s", __func__, bpp->name));
|
||||||
|
|
||||||
gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX);
|
gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX);
|
||||||
sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO);
|
sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO);
|
||||||
|
@ -975,25 +977,8 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp,
|
||||||
G_ELI_DEBUG(0, "Device %s created.", pp->name);
|
G_ELI_DEBUG(0, "Device %s created.", pp->name);
|
||||||
G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo),
|
G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo),
|
||||||
sc->sc_ekeylen);
|
sc->sc_ekeylen);
|
||||||
switch (sc->sc_ealgo) {
|
if (sc->sc_flags & G_ELI_FLAG_AUTH)
|
||||||
case CRYPTO_3DES_CBC:
|
|
||||||
gone_in(13,
|
|
||||||
"support for GEOM_ELI volumes encrypted with 3des");
|
|
||||||
break;
|
|
||||||
case CRYPTO_BLF_CBC:
|
|
||||||
gone_in(13,
|
|
||||||
"support for GEOM_ELI volumes encrypted with blowfish");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (sc->sc_flags & G_ELI_FLAG_AUTH) {
|
|
||||||
G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo));
|
G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo));
|
||||||
switch (sc->sc_aalgo) {
|
|
||||||
case CRYPTO_MD5_HMAC:
|
|
||||||
gone_in(13,
|
|
||||||
"support for GEOM_ELI volumes authenticated with hmac/md5");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
G_ELI_DEBUG(0, " Crypto: %s",
|
G_ELI_DEBUG(0, " Crypto: %s",
|
||||||
sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware");
|
sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware");
|
||||||
return (gp);
|
return (gp);
|
||||||
|
@ -1190,6 +1175,11 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
|
||||||
G_ELI_DEBUG(0, "No valid keys on %s.", pp->name);
|
G_ELI_DEBUG(0, "No valid keys on %s.", pp->name);
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
if (!eli_metadata_crypto_supported(&md)) {
|
||||||
|
G_ELI_DEBUG(0, "%s uses invalid or unsupported algorithms\n",
|
||||||
|
pp->name);
|
||||||
|
return (NULL);
|
||||||
|
}
|
||||||
if (md.md_iterations == -1) {
|
if (md.md_iterations == -1) {
|
||||||
/* If there is no passphrase, we try only once. */
|
/* If there is no passphrase, we try only once. */
|
||||||
tries = 1;
|
tries = 1;
|
||||||
|
|
|
@ -417,18 +417,10 @@ g_eli_str2ealgo(const char *name)
|
||||||
return (CRYPTO_AES_CBC);
|
return (CRYPTO_AES_CBC);
|
||||||
else if (strcasecmp("aes-xts", name) == 0)
|
else if (strcasecmp("aes-xts", name) == 0)
|
||||||
return (CRYPTO_AES_XTS);
|
return (CRYPTO_AES_XTS);
|
||||||
else if (strcasecmp("blowfish", name) == 0)
|
|
||||||
return (CRYPTO_BLF_CBC);
|
|
||||||
else if (strcasecmp("blowfish-cbc", name) == 0)
|
|
||||||
return (CRYPTO_BLF_CBC);
|
|
||||||
else if (strcasecmp("camellia", name) == 0)
|
else if (strcasecmp("camellia", name) == 0)
|
||||||
return (CRYPTO_CAMELLIA_CBC);
|
return (CRYPTO_CAMELLIA_CBC);
|
||||||
else if (strcasecmp("camellia-cbc", name) == 0)
|
else if (strcasecmp("camellia-cbc", name) == 0)
|
||||||
return (CRYPTO_CAMELLIA_CBC);
|
return (CRYPTO_CAMELLIA_CBC);
|
||||||
else if (strcasecmp("3des", name) == 0)
|
|
||||||
return (CRYPTO_3DES_CBC);
|
|
||||||
else if (strcasecmp("3des-cbc", name) == 0)
|
|
||||||
return (CRYPTO_3DES_CBC);
|
|
||||||
return (CRYPTO_ALGORITHM_MIN - 1);
|
return (CRYPTO_ALGORITHM_MIN - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -436,9 +428,7 @@ static __inline u_int
|
||||||
g_eli_str2aalgo(const char *name)
|
g_eli_str2aalgo(const char *name)
|
||||||
{
|
{
|
||||||
|
|
||||||
if (strcasecmp("hmac/md5", name) == 0)
|
if (strcasecmp("hmac/sha1", name) == 0)
|
||||||
return (CRYPTO_MD5_HMAC);
|
|
||||||
else if (strcasecmp("hmac/sha1", name) == 0)
|
|
||||||
return (CRYPTO_SHA1_HMAC);
|
return (CRYPTO_SHA1_HMAC);
|
||||||
else if (strcasecmp("hmac/ripemd160", name) == 0)
|
else if (strcasecmp("hmac/ripemd160", name) == 0)
|
||||||
return (CRYPTO_RIPEMD160_HMAC);
|
return (CRYPTO_RIPEMD160_HMAC);
|
||||||
|
@ -462,14 +452,8 @@ g_eli_algo2str(u_int algo)
|
||||||
return ("AES-CBC");
|
return ("AES-CBC");
|
||||||
case CRYPTO_AES_XTS:
|
case CRYPTO_AES_XTS:
|
||||||
return ("AES-XTS");
|
return ("AES-XTS");
|
||||||
case CRYPTO_BLF_CBC:
|
|
||||||
return ("Blowfish-CBC");
|
|
||||||
case CRYPTO_CAMELLIA_CBC:
|
case CRYPTO_CAMELLIA_CBC:
|
||||||
return ("CAMELLIA-CBC");
|
return ("CAMELLIA-CBC");
|
||||||
case CRYPTO_3DES_CBC:
|
|
||||||
return ("3DES-CBC");
|
|
||||||
case CRYPTO_MD5_HMAC:
|
|
||||||
return ("HMAC/MD5");
|
|
||||||
case CRYPTO_SHA1_HMAC:
|
case CRYPTO_SHA1_HMAC:
|
||||||
return ("HMAC/SHA1");
|
return ("HMAC/SHA1");
|
||||||
case CRYPTO_RIPEMD160_HMAC:
|
case CRYPTO_RIPEMD160_HMAC:
|
||||||
|
@ -522,6 +506,36 @@ eli_metadata_dump(const struct g_eli_metadata *md)
|
||||||
printf(" MD5 hash: %s\n", str);
|
printf(" MD5 hash: %s\n", str);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef _KERNEL
|
||||||
|
static bool
|
||||||
|
eli_metadata_crypto_supported(const struct g_eli_metadata *md)
|
||||||
|
{
|
||||||
|
|
||||||
|
switch (md->md_ealgo) {
|
||||||
|
case CRYPTO_NULL_CBC:
|
||||||
|
case CRYPTO_AES_CBC:
|
||||||
|
case CRYPTO_CAMELLIA_CBC:
|
||||||
|
case CRYPTO_AES_XTS:
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return (false);
|
||||||
|
}
|
||||||
|
if (md->md_flags & G_ELI_FLAG_AUTH) {
|
||||||
|
switch (md->md_aalgo) {
|
||||||
|
case CRYPTO_SHA1_HMAC:
|
||||||
|
case CRYPTO_RIPEMD160_HMAC:
|
||||||
|
case CRYPTO_SHA2_256_HMAC:
|
||||||
|
case CRYPTO_SHA2_384_HMAC:
|
||||||
|
case CRYPTO_SHA2_512_HMAC:
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return (false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return (true);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static __inline u_int
|
static __inline u_int
|
||||||
g_eli_keylen(u_int algo, u_int keylen)
|
g_eli_keylen(u_int algo, u_int keylen)
|
||||||
{
|
{
|
||||||
|
@ -557,18 +571,6 @@ g_eli_keylen(u_int algo, u_int keylen)
|
||||||
default:
|
default:
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
case CRYPTO_BLF_CBC:
|
|
||||||
if (keylen == 0)
|
|
||||||
return (128);
|
|
||||||
if (keylen < 128 || keylen > 448)
|
|
||||||
return (0);
|
|
||||||
if ((keylen % 32) != 0)
|
|
||||||
return (0);
|
|
||||||
return (keylen);
|
|
||||||
case CRYPTO_3DES_CBC:
|
|
||||||
if (keylen == 0 || keylen == 192)
|
|
||||||
return (192);
|
|
||||||
return (0);
|
|
||||||
default:
|
default:
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
@ -583,12 +585,8 @@ g_eli_ivlen(u_int algo)
|
||||||
return (AES_XTS_IV_LEN);
|
return (AES_XTS_IV_LEN);
|
||||||
case CRYPTO_AES_CBC:
|
case CRYPTO_AES_CBC:
|
||||||
return (AES_BLOCK_LEN);
|
return (AES_BLOCK_LEN);
|
||||||
case CRYPTO_BLF_CBC:
|
|
||||||
return (BLOWFISH_BLOCK_LEN);
|
|
||||||
case CRYPTO_CAMELLIA_CBC:
|
case CRYPTO_CAMELLIA_CBC:
|
||||||
return (CAMELLIA_BLOCK_LEN);
|
return (CAMELLIA_BLOCK_LEN);
|
||||||
case CRYPTO_3DES_CBC:
|
|
||||||
return (DES3_BLOCK_LEN);
|
|
||||||
}
|
}
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
@ -598,8 +596,6 @@ g_eli_hashlen(u_int algo)
|
||||||
{
|
{
|
||||||
|
|
||||||
switch (algo) {
|
switch (algo) {
|
||||||
case CRYPTO_MD5_HMAC:
|
|
||||||
return (16);
|
|
||||||
case CRYPTO_SHA1_HMAC:
|
case CRYPTO_SHA1_HMAC:
|
||||||
return (20);
|
return (20);
|
||||||
case CRYPTO_RIPEMD160_HMAC:
|
case CRYPTO_RIPEMD160_HMAC:
|
||||||
|
|
|
@ -138,9 +138,6 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
|
||||||
return (EINVAL);
|
return (EINVAL);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case CRYPTO_BLF_CBC:
|
|
||||||
type = EVP_bf_cbc();
|
|
||||||
break;
|
|
||||||
#ifndef OPENSSL_NO_CAMELLIA
|
#ifndef OPENSSL_NO_CAMELLIA
|
||||||
case CRYPTO_CAMELLIA_CBC:
|
case CRYPTO_CAMELLIA_CBC:
|
||||||
switch (keysize) {
|
switch (keysize) {
|
||||||
|
@ -158,9 +155,6 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
case CRYPTO_3DES_CBC:
|
|
||||||
type = EVP_des_ede3_cbc();
|
|
||||||
break;
|
|
||||||
default:
|
default:
|
||||||
return (EINVAL);
|
return (EINVAL);
|
||||||
}
|
}
|
||||||
|
|
|
@ -138,6 +138,11 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class *mp)
|
||||||
gctl_error(req, "No valid keys on %s.", pp->name);
|
gctl_error(req, "No valid keys on %s.", pp->name);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if (!eli_metadata_crypto_supported(&md)) {
|
||||||
|
explicit_bzero(&md, sizeof(md));
|
||||||
|
gctl_error(req, "Invalid or unsupported algorithms.");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
key = gctl_get_param(req, "key", &keysize);
|
key = gctl_get_param(req, "key", &keysize);
|
||||||
if (key == NULL || keysize != G_ELI_USERKEYLEN) {
|
if (key == NULL || keysize != G_ELI_USERKEYLEN) {
|
||||||
|
|
Loading…
Reference in a new issue