From e2b9919398c338ecaf0eee2d1060ef71fca7bc94 Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Wed, 15 Apr 2020 00:14:50 +0000 Subject: [PATCH] Remove support for geli(4) algorithms deprecated in r348206. This removes support for reading and writing volumes using the following algorithms: - Triple DES - Blowfish - MD5 HMAC integrity In addition, this commit adds an explicit whitelist of supported algorithms to give a better error message when an invalid or unsupported algorithm is used by an existing volume. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24343 --- lib/geom/eli/geli.8 | 29 ++-------------- lib/geom/eli/geom_eli.c | 16 --------- sys/geom/eli/g_eli.c | 26 +++++---------- sys/geom/eli/g_eli.h | 66 +++++++++++++++++-------------------- sys/geom/eli/g_eli_crypto.c | 6 ---- sys/geom/eli/g_eli_ctl.c | 5 +++ 6 files changed, 47 insertions(+), 101 deletions(-) diff --git a/lib/geom/eli/geli.8 b/lib/geom/eli/geli.8 index c56b79cfbb61..798c4ce5e2af 100644 --- a/lib/geom/eli/geli.8 +++ b/lib/geom/eli/geli.8 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 19, 2020 +.Dd April 14, 2020 .Dt GELI 8 .Os .Sh NAME @@ -172,14 +172,11 @@ will make use of it automatically. Supports many cryptographic algorithms (currently .Nm AES-XTS , .Nm AES-CBC , -.Nm Blowfish-CBC , -.Nm Camellia-CBC and -.Nm 3DES-CBC ) . +.Nm Camellia-CBC ) . .It Can optionally perform data authentication (integrity verification) utilizing one of the following algorithms: -.Nm HMAC/MD5 , .Nm HMAC/SHA1 , .Nm HMAC/RIPEMD160 , .Nm HMAC/SHA256 , @@ -259,7 +256,6 @@ For example, when using 4096 bytes sector and .Nm HMAC/SHA256 algorithm, 89% of the original provider storage will be available for use. Currently supported algorithms are: -.Nm HMAC/MD5 , .Nm HMAC/SHA1 , .Nm HMAC/RIPEMD160 , .Nm HMAC/SHA256 , @@ -303,9 +299,7 @@ Encryption algorithm to use. Currently supported algorithms are: .Nm AES-XTS , .Nm AES-CBC , -.Nm Blowfish-CBC , .Nm Camellia-CBC , -.Nm 3DES-CBC , and .Nm NULL . The default and recommended algorithm is @@ -359,11 +353,6 @@ key length. .Em 128 , 192, 256 -.It Nm Blowfish-CBC -.Em 128 -+ n * 32, for n=[0..10] -.It Nm 3DES-CBC -.Em 192 .El .It Fl P Do not use a passphrase as a component of the User Key. @@ -901,18 +890,6 @@ specified in .El .Sh EXIT STATUS Exit status is 0 on success, and 1 if the command fails. -.Sh DEPRECATION NOTICE -Support for the -.Nm Blowfish-CBC -and -.Nm 3DES-CBC -cryptographic algorithms and -.Nm HMAC/MD5 -authentication algorithm will be removed in -.Fx 13.0 . -New volumes cannot be created using these algorithms. -Existing volumes should be migrated to a new volume that uses -non-deprecated algorithms. .Sh EXAMPLES Initialize a provider which is going to be encrypted with a passphrase and random data from a file on the user's pen drive. @@ -967,7 +944,7 @@ Reenter new passphrase: Encrypted swap partition setup: .Bd -literal -offset indent # dd if=/dev/random of=/dev/ada0s1b bs=1m -# geli onetime -d -e 3des ada0s1b +# geli onetime -d ada0s1b # swapon /dev/ada0s1b.eli .Ed .Pp diff --git a/lib/geom/eli/geom_eli.c b/lib/geom/eli/geom_eli.c index d5cf3cbf3a09..8ee4643e3c91 100644 --- a/lib/geom/eli/geom_eli.c +++ b/lib/geom/eli/geom_eli.c @@ -805,22 +805,6 @@ eli_init(struct gctl_req *req) return; } } - if (md.md_flags & G_ELI_FLAG_AUTH) { - switch (md.md_aalgo) { - case CRYPTO_MD5_HMAC: - gctl_error(req, - "The %s authentication algorithm is deprecated.", - g_eli_algo2str(md.md_aalgo)); - return; - } - } - switch (md.md_ealgo) { - case CRYPTO_3DES_CBC: - case CRYPTO_BLF_CBC: - gctl_error(req, "The %s encryption algorithm is deprecated.", - g_eli_algo2str(md.md_ealgo)); - return; - } val = gctl_get_intmax(req, "keylen"); md.md_keylen = val; md.md_keylen = g_eli_keylen(md.md_ealgo, md.md_keylen); diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c index c585a665e9f5..cf787d2a8510 100644 --- a/sys/geom/eli/g_eli.c +++ b/sys/geom/eli/g_eli.c @@ -847,6 +847,8 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp, int dcw, error; G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX); + KASSERT(eli_metadata_crypto_supported(md), + ("%s: unsupported crypto for %s", __func__, bpp->name)); gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX); sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO); @@ -975,25 +977,8 @@ g_eli_create(struct gctl_req *req, struct g_class *mp, struct g_provider *bpp, G_ELI_DEBUG(0, "Device %s created.", pp->name); G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo), sc->sc_ekeylen); - switch (sc->sc_ealgo) { - case CRYPTO_3DES_CBC: - gone_in(13, - "support for GEOM_ELI volumes encrypted with 3des"); - break; - case CRYPTO_BLF_CBC: - gone_in(13, - "support for GEOM_ELI volumes encrypted with blowfish"); - break; - } - if (sc->sc_flags & G_ELI_FLAG_AUTH) { + if (sc->sc_flags & G_ELI_FLAG_AUTH) G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo)); - switch (sc->sc_aalgo) { - case CRYPTO_MD5_HMAC: - gone_in(13, - "support for GEOM_ELI volumes authenticated with hmac/md5"); - break; - } - } G_ELI_DEBUG(0, " Crypto: %s", sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware"); return (gp); @@ -1190,6 +1175,11 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) G_ELI_DEBUG(0, "No valid keys on %s.", pp->name); return (NULL); } + if (!eli_metadata_crypto_supported(&md)) { + G_ELI_DEBUG(0, "%s uses invalid or unsupported algorithms\n", + pp->name); + return (NULL); + } if (md.md_iterations == -1) { /* If there is no passphrase, we try only once. */ tries = 1; diff --git a/sys/geom/eli/g_eli.h b/sys/geom/eli/g_eli.h index dab9d13ccff7..bab8b9fb49f6 100644 --- a/sys/geom/eli/g_eli.h +++ b/sys/geom/eli/g_eli.h @@ -417,18 +417,10 @@ g_eli_str2ealgo(const char *name) return (CRYPTO_AES_CBC); else if (strcasecmp("aes-xts", name) == 0) return (CRYPTO_AES_XTS); - else if (strcasecmp("blowfish", name) == 0) - return (CRYPTO_BLF_CBC); - else if (strcasecmp("blowfish-cbc", name) == 0) - return (CRYPTO_BLF_CBC); else if (strcasecmp("camellia", name) == 0) return (CRYPTO_CAMELLIA_CBC); else if (strcasecmp("camellia-cbc", name) == 0) return (CRYPTO_CAMELLIA_CBC); - else if (strcasecmp("3des", name) == 0) - return (CRYPTO_3DES_CBC); - else if (strcasecmp("3des-cbc", name) == 0) - return (CRYPTO_3DES_CBC); return (CRYPTO_ALGORITHM_MIN - 1); } @@ -436,9 +428,7 @@ static __inline u_int g_eli_str2aalgo(const char *name) { - if (strcasecmp("hmac/md5", name) == 0) - return (CRYPTO_MD5_HMAC); - else if (strcasecmp("hmac/sha1", name) == 0) + if (strcasecmp("hmac/sha1", name) == 0) return (CRYPTO_SHA1_HMAC); else if (strcasecmp("hmac/ripemd160", name) == 0) return (CRYPTO_RIPEMD160_HMAC); @@ -462,14 +452,8 @@ g_eli_algo2str(u_int algo) return ("AES-CBC"); case CRYPTO_AES_XTS: return ("AES-XTS"); - case CRYPTO_BLF_CBC: - return ("Blowfish-CBC"); case CRYPTO_CAMELLIA_CBC: return ("CAMELLIA-CBC"); - case CRYPTO_3DES_CBC: - return ("3DES-CBC"); - case CRYPTO_MD5_HMAC: - return ("HMAC/MD5"); case CRYPTO_SHA1_HMAC: return ("HMAC/SHA1"); case CRYPTO_RIPEMD160_HMAC: @@ -522,6 +506,36 @@ eli_metadata_dump(const struct g_eli_metadata *md) printf(" MD5 hash: %s\n", str); } +#ifdef _KERNEL +static bool +eli_metadata_crypto_supported(const struct g_eli_metadata *md) +{ + + switch (md->md_ealgo) { + case CRYPTO_NULL_CBC: + case CRYPTO_AES_CBC: + case CRYPTO_CAMELLIA_CBC: + case CRYPTO_AES_XTS: + break; + default: + return (false); + } + if (md->md_flags & G_ELI_FLAG_AUTH) { + switch (md->md_aalgo) { + case CRYPTO_SHA1_HMAC: + case CRYPTO_RIPEMD160_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: + break; + default: + return (false); + } + } + return (true); +} +#endif + static __inline u_int g_eli_keylen(u_int algo, u_int keylen) { @@ -557,18 +571,6 @@ g_eli_keylen(u_int algo, u_int keylen) default: return (0); } - case CRYPTO_BLF_CBC: - if (keylen == 0) - return (128); - if (keylen < 128 || keylen > 448) - return (0); - if ((keylen % 32) != 0) - return (0); - return (keylen); - case CRYPTO_3DES_CBC: - if (keylen == 0 || keylen == 192) - return (192); - return (0); default: return (0); } @@ -583,12 +585,8 @@ g_eli_ivlen(u_int algo) return (AES_XTS_IV_LEN); case CRYPTO_AES_CBC: return (AES_BLOCK_LEN); - case CRYPTO_BLF_CBC: - return (BLOWFISH_BLOCK_LEN); case CRYPTO_CAMELLIA_CBC: return (CAMELLIA_BLOCK_LEN); - case CRYPTO_3DES_CBC: - return (DES3_BLOCK_LEN); } return (0); } @@ -598,8 +596,6 @@ g_eli_hashlen(u_int algo) { switch (algo) { - case CRYPTO_MD5_HMAC: - return (16); case CRYPTO_SHA1_HMAC: return (20); case CRYPTO_RIPEMD160_HMAC: diff --git a/sys/geom/eli/g_eli_crypto.c b/sys/geom/eli/g_eli_crypto.c index ae88dadcaff7..b38ed7ee1db3 100644 --- a/sys/geom/eli/g_eli_crypto.c +++ b/sys/geom/eli/g_eli_crypto.c @@ -138,9 +138,6 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize, return (EINVAL); } break; - case CRYPTO_BLF_CBC: - type = EVP_bf_cbc(); - break; #ifndef OPENSSL_NO_CAMELLIA case CRYPTO_CAMELLIA_CBC: switch (keysize) { @@ -158,9 +155,6 @@ g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize, } break; #endif - case CRYPTO_3DES_CBC: - type = EVP_des_ede3_cbc(); - break; default: return (EINVAL); } diff --git a/sys/geom/eli/g_eli_ctl.c b/sys/geom/eli/g_eli_ctl.c index d95b7f49ca41..64f4fa75bf75 100644 --- a/sys/geom/eli/g_eli_ctl.c +++ b/sys/geom/eli/g_eli_ctl.c @@ -138,6 +138,11 @@ g_eli_ctl_attach(struct gctl_req *req, struct g_class *mp) gctl_error(req, "No valid keys on %s.", pp->name); return; } + if (!eli_metadata_crypto_supported(&md)) { + explicit_bzero(&md, sizeof(md)); + gctl_error(req, "Invalid or unsupported algorithms."); + return; + } key = gctl_get_param(req, "key", &keysize); if (key == NULL || keysize != G_ELI_USERKEYLEN) {