aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Baldwin <jhb@FreeBSD.org>2020-04-15 00:14:50 +0000
committerJohn Baldwin <jhb@FreeBSD.org>2020-04-15 00:14:50 +0000
commite2b9919398c338ecaf0eee2d1060ef71fca7bc94 (patch)
tree747ecbb592267a09a51942cda090794cb6bd0534
parent30b4df2e4a12016f961f4d4e6b8b5b361feeb96f (diff)
downloadsrc-e2b9919398c3.tar.gz
src-e2b9919398c3.zip
Remove support for geli(4) algorithms deprecated in r348206.
This removes support for reading and writing volumes using the following algorithms: - Triple DES - Blowfish - MD5 HMAC integrity In addition, this commit adds an explicit whitelist of supported algorithms to give a better error message when an invalid or unsupported algorithm is used by an existing volume. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24343
Notes
Notes: svn path=/head/; revision=359945
-rw-r--r--lib/geom/eli/geli.829
-rw-r--r--lib/geom/eli/geom_eli.c16
-rw-r--r--sys/geom/eli/g_eli.c26
-rw-r--r--sys/geom/eli/g_eli.h66
-rw-r--r--sys/geom/eli/g_eli_crypto.c6
-rw-r--r--sys/geom/eli/g_eli_ctl.c5
6 files changed, 47 insertions, 101 deletions
diff --git a/lib/geom/eli/geli.8 b/lib/geom/eli/geli.8
index c56b79cfbb61..798c4ce5e2af 100644
--- a/lib/geom/eli/geli.8
+++ b/lib/geom/eli/geli.8
@@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd March 19, 2020
+.Dd April 14, 2020
.Dt GELI 8
.Os
.Sh NAME
@@ -172,14 +172,11 @@ will make use of it automatically.
Supports many cryptographic algorithms (currently
.Nm AES-XTS ,
.Nm AES-CBC ,
-.Nm Blowfish-CBC ,
-.Nm Camellia-CBC
and
-.Nm 3DES-CBC ) .
+.Nm Camellia-CBC ) .
.It
Can optionally perform data authentication (integrity verification) utilizing
one of the following algorithms:
-.Nm HMAC/MD5 ,
.Nm HMAC/SHA1 ,
.Nm HMAC/RIPEMD160 ,
.Nm HMAC/SHA256 ,
@@ -259,7 +256,6 @@ For example, when using 4096 bytes sector and
.Nm HMAC/SHA256
algorithm, 89% of the original provider storage will be available for use.
Currently supported algorithms are:
-.Nm HMAC/MD5 ,
.Nm HMAC/SHA1 ,
.Nm HMAC/RIPEMD160 ,
.Nm HMAC/SHA256 ,
@@ -303,9 +299,7 @@ Encryption algorithm to use.
Currently supported algorithms are:
.Nm AES-XTS ,
.Nm AES-CBC ,
-.Nm Blowfish-CBC ,
.Nm Camellia-CBC ,
-.Nm 3DES-CBC ,
and
.Nm NULL .
The default and recommended algorithm is
@@ -359,11 +353,6 @@ key length.
.Em 128 ,
192,
256
-.It Nm Blowfish-CBC
-.Em 128
-+ n * 32, for n=[0..10]
-.It Nm 3DES-CBC
-.Em 192
.El
.It Fl P
Do not use a passphrase as a component of the User Key.
@@ -901,18 +890,6 @@ specified in
.El
.Sh EXIT STATUS
Exit status is 0 on success, and 1 if the command fails.
-.Sh DEPRECATION NOTICE
-Support for the
-.Nm Blowfish-CBC
-and
-.Nm 3DES-CBC
-cryptographic algorithms and
-.Nm HMAC/MD5
-authentication algorithm will be removed in
-.Fx 13.0 .
-New volumes cannot be created using these algorithms.
-Existing volumes should be migrated to a new volume that uses
-non-deprecated algorithms.
.Sh EXAMPLES
Initialize a provider which is going to be encrypted with a
passphrase and random data from a file on the user's pen drive.
@@ -967,7 +944,7 @@ Reenter new passphrase:
Encrypted swap partition setup:
.Bd -literal -offset indent
# dd if=/dev/random of=/dev/ada0s1b bs=1m
-# geli onetime -d -e 3des ada0s1b
+# geli onetime -d ada0s1b
# swapon /dev/ada0s1b.eli
.Ed
.Pp
diff --git a/lib/geom/eli/geom_eli.c b/lib/geom/eli/geom_eli.c
index d5cf3cbf3a09..8ee4643e3c91 100644
--- a/lib/geom/eli/geom_eli.c
+++ b/lib/geom/eli/geom_eli.c
@@ -805,22 +805,6 @@ eli_init(struct gctl_req *req)
return;
}
}
- if (md.md_flags & G_ELI_FLAG_AUTH) {
- switch (md.md_aalgo) {
- case CRYPTO_MD5_HMAC:
- gctl_error(req,
- "The %s authentication algorithm is deprecated.",
- g_eli_algo2str(md.md_aalgo));
- return;
- }
- }
- switch (md.md_ealgo) {
- case CRYPTO_3DES_CBC:
- case CRYPTO_BLF_CBC:
- gctl_error(req, "The %s encryption algorithm is deprecated.",
- g_eli_algo2str(md.md_ealgo));
- return;
- }
val = gctl_get_intmax(req, "keylen");
md.md_keylen = val;
md.md_keylen = g_eli_keylen(md.md_ealgo, md.md_keylen);
diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c
index c585a665e9f5..cf787d2a8510 100644
--- a/sys/geom/eli/g_eli.c
+++ b/sys/geom/eli/g_eli.c
@@ -847,6 +847,8 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp,
int dcw, error;
G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX);
+ KASSERT(eli_metadata_crypto_supported(md),
+ ("%s: unsupported crypto for %s", __func__, bpp->name));
gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX);
sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO);
@@ -975,25 +977,8 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp,
G_ELI_DEBUG(0, "Device %s created.", pp->name);
G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo),
sc->sc_ekeylen);
- switch (sc->sc_ealgo) {
- case CRYPTO_3DES_CBC:
- gone_in(13,
- "support for GEOM_ELI volumes encrypted with 3des");
- break;
- case CRYPTO_BLF_CBC:
- gone_in(13,
- "support for GEOM_ELI volumes encrypted with blowfish");
- break;
- }
- if (sc->sc_flags & G_ELI_FLAG_AUTH) {
+ if (sc->sc_flags & G_ELI_FLAG_AUTH)
G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo));
- switch (sc->sc_aalgo) {
- case CRYPTO_MD5_HMAC:
- gone_in(13,
- "support for GEOM_ELI volumes authenticated with hmac/md5");
- break;
- }
- }
G_ELI_DEBUG(0, " Crypto: %s",
sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware");
return (gp);
@@ -1190,6 +1175,11 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
G_ELI_DEBUG(0, "No valid keys on %s.", pp->name);
return (NULL);
}
+ if (!eli_metadata_crypto_supported(&md)) {
+ G_ELI_DEBUG(0, "%s uses invalid or unsupported algorithms\n",
+ pp->name);
+ return (NULL);
+ }
if (md.md_iterations == -1) {
/* If there is no passphrase, we try only once. */
tries = 1;
diff --git a/sys/geom/eli/g_eli.h b/sys/geom/eli/g_eli.h
index dab9d13ccff7..bab8b9fb49f6 100644
--- a/sys/geom/eli/g_eli.h
+++ b/sys/geom/eli/g_eli.h
@@ -417,18 +417,10 @@ g_eli_str2ealgo(const char *name)
return (CRYPTO_AES_CBC);
else if (strcasecmp("aes-xts", name) == 0)
return (CRYPTO_AES_XTS);
- else if (strcasecmp("blowfish", name) == 0)
- return (CRYPTO_BLF_CBC);
- else if (strcasecmp("blowfish-cbc", name) == 0)
- return (CRYPTO_BLF_CBC);
else if (strcasecmp("camellia", name) == 0)
return (CRYPTO_CAMELLIA_CBC);
else if (strcasecmp("camellia-cbc", name) == 0)
return (CRYPTO_CAMELLIA_CBC);
- else if (strcasecmp("3des", name) == 0)
- return (CRYPTO_3DES_CBC);
- else if (strcasecmp("3des-cbc", name) == 0)
- return (CRYPTO_3DES_CBC);
return (CRYPTO_ALGORITHM_MIN - 1);
}
@@ -436,9 +428,7 @@ static __inline u_int
g_eli_str2aalgo(const char *name)
{
- if (strcasecmp("hmac/md5", name) == 0)
- return (CRYPTO_MD5_HMAC);
- else if (strcasecmp("hmac/sha1", name) == 0)
+ if (strcasecmp("hmac/sha1", name) == 0)
return (CRYPTO_SHA1_HMAC);
else if (strcasecmp("hmac/ripemd160", name) == 0)
return (CRYPTO_RIPEMD160_HMAC);
@@ -462,14 +452,8 @@ g_eli_algo2str(u_int algo)
return ("AES-CBC");
case CRYPTO_AES_XTS:
return ("AES-XTS");
- case CRYPTO_BLF_CBC:
- return ("Blowfish-CBC");
case CRYPTO_CAMELLIA_CBC:
return ("CAMELLIA-CBC");
- case CRYPTO_3DES_CBC:
- return ("3DES-CBC");
- case CRYPTO_MD5_HMAC:
- return ("HMAC/MD5");
case CRYPTO_SHA1_HMAC:
return ("HMAC/SHA1");
case CRYPTO_RIPEMD160_HMAC:
@@ -522,6 +506,36 @@ eli_metadata_dump(const struct g_eli_metadata *md)
printf(" MD5 hash: %s\n", str);
}
+#ifdef _KERNEL
+static bool
+eli_metadata_crypto_supported(const struct g_eli_metadata *md)
+{
+
+ switch (md->md_ealgo) {
+ case CRYPTO_NULL_CBC:
+ case CRYPTO_AES_CBC:
+ case CRYPTO_CAMELLIA_CBC:
+ case CRYPTO_AES_XTS:
+ break;
+ default:
+ return (false);
+ }
+ if (md->md_flags & G_ELI_FLAG_AUTH) {
+ switch (md->md_aalgo) {
+ case CRYPTO_SHA1_HMAC:
+ case CRYPTO_RIPEMD160_HMAC:
+ case CRYPTO_SHA2_256_HMAC:
+ case CRYPTO_SHA2_384_HMAC:
+ case CRYPTO_SHA2_512_HMAC:
+ break;
+ default:
+ return (false);
+ }
+ }
+ return (true);
+}
+#endif
+
static __inline u_int
g_eli_keylen(u_int algo, u_int keylen)
{
@@ -557,18 +571,6 @@ g_eli_keylen(u_int algo, u_int keylen)
default:
return (0);
}
- case CRYPTO_BLF_CBC:
- if (keylen == 0)
- return (128);
- if (keylen < 128 || keylen > 448)
- return (0);
- if ((keylen % 32) != 0)
- return (0);
- return (keylen);
- case CRYPTO_3DES_CBC:
- if (keylen == 0 || keylen == 192)
- return (192);
- return (0);
default:
return (0);
}
@@ -583,12 +585,8 @@ g_eli_ivlen(u_int algo)
return (AES_XTS_IV_LEN);
case CRYPTO_AES_CBC:
return (AES_BLOCK_LEN);
- case CRYPTO_BLF_CBC:
- return (BLOWFISH_BLOCK_LEN);
case CRYPTO_CAMELLIA_CBC:
return (CAMELLIA_BLOCK_LEN);
- case CRYPTO_3DES_CBC:
- return (DES3_BLOCK_LEN);
}
return (0);
}
@@ -598,8 +596,6 @@ g_eli_hashlen(u_int algo)
{
switch (algo) {
- case CRYPTO_MD5_HMAC:
- return (16);
case CRYPTO_SHA1_HMAC:
return (20);
case CRYPTO_RIPEMD160_HMAC:
diff --git a/sys/geom/eli/g_eli_crypto.c b/sys/geom/eli/g_eli_crypto.c
index ae88dadcaff7..b38ed7ee1db3 100644
--- a/sys/geom/eli/g_eli_crypto.c
+++ b/sys/geom/eli/g_eli_crypto.c
@@ -138,9 +138,6 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
return (EINVAL);
}
break;
- case CRYPTO_BLF_CBC:
- type = EVP_bf_cbc();
- break;
#ifndef OPENSSL_NO_CAMELLIA
case CRYPTO_CAMELLIA_CBC:
switch (keysize) {
@@ -158,9 +155,6 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
}
break;
#endif
- case CRYPTO_3DES_CBC:
- type = EVP_des_ede3_cbc();
- break;
default:
return (EINVAL);
}
diff --git a/sys/geom/eli/g_eli_ctl.c b/sys/geom/eli/g_eli_ctl.c
index d95b7f49ca41..64f4fa75bf75 100644
--- a/sys/geom/eli/g_eli_ctl.c
+++ b/sys/geom/eli/g_eli_ctl.c
@@ -138,6 +138,11 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class *mp)
gctl_error(req, "No valid keys on %s.", pp->name);
return;
}
+ if (!eli_metadata_crypto_supported(&md)) {
+ explicit_bzero(&md, sizeof(md));
+ gctl_error(req, "Invalid or unsupported algorithms.");
+ return;
+ }
key = gctl_get_param(req, "key", &keysize);
if (key == NULL || keysize != G_ELI_USERKEYLEN) {