Page MenuHomeFreeBSD

eli: Zero pad bytes that arise when certain auth algos are used
ClosedPublic

Authored by markj on Jul 13 2021, 11:05 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Oct 24, 5:15 AM
Unknown Object (File)
Tue, Oct 22, 1:14 PM
Unknown Object (File)
Sun, Oct 13, 5:39 PM
Unknown Object (File)
Sep 23 2024, 5:30 PM
Unknown Object (File)
Sep 23 2024, 3:27 PM
Unknown Object (File)
Sep 18 2024, 4:47 AM
Unknown Object (File)
Sep 18 2024, 12:22 AM
Unknown Object (File)
Sep 17 2024, 2:39 AM
Subscribers

Details

Summary

When authentication is configured, GELI ensures that the amount of data
per sector is a multiple of 16 bytes. This is done in
eli_metadata_softc(). When the digest size is not a multiple of 16
bytes, this leaves some extra pad bytes at the end of every sector.
This change ensures that they are zeroed before being written to disk.

Reported by: KMSAN
MFC after: 2 weeks

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 40461
Build 37350: arc lint + arc unit

Event Timeline

LGTM, but would it be possible to add a test for this in the geli test suite?

This revision is now accepted and ready to land.Jul 13 2021, 11:27 PM

LGTM, but would it be possible to add a test for this in the geli test suite?

FWIW, the test suite is how I found this - I just had to run it with KMSAN configured. Once KMSAN is committed to head I'll work on getting a KMSAN CI job added.

I suppose I could add a test to explicitly check the pad bytes. The idea would be to, for each auth algorithm, create a vnode-backed md, configure a GELI volume on it, overwrite the provider with zeros, detach GELI, and check the pad bytes. I'm not sure how best to do the last part.

Note that this seems to be quite SA worthy as it might leave sensitive data on the drive when these auth algorithms are used (it seems to be HMAC/RIPEMD160 and HMAC/SHA384; is there any other algorithms that are affected), and the fix would be to read in and write every sectors of the provider?

Note that this seems to be quite SA worthy as it might leave sensitive data on the drive when these auth algorithms are used (it seems to be HMAC/RIPEMD160 and HMAC/SHA384; is there any other algorithms that are affected), and the fix would be to read in and write every sectors of the provider?

Yes, I was planning on requesting at least an EN. HMAC/SHA1 is also affected. And yes I think the only simple way to clear those bytes is to read the entire volume and write it back.