PR/39525: Joachim Schueth, Frederik Sausmikat:
cgd inadvertently encrypts blkno eight times to generate IV
This commit is contained in:
parent
fc978808f9
commit
8c6fb6faa5
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: cgdconfig.8,v 1.27 2008/05/13 09:31:06 wiz Exp $
|
||||
.\" $NetBSD: cgdconfig.8,v 1.28 2008/09/12 16:51:55 christos Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
|
||||
.\" All rights reserved.
|
||||
@ -27,7 +27,7 @@
|
||||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd May 10, 2008
|
||||
.Dd September 12, 2008
|
||||
.Dt CGDCONFIG 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -97,7 +97,7 @@ This may need to prompt for multiple passphrases.
|
||||
.It Fl g
|
||||
Generate a paramsfile (to stdout).
|
||||
.It Fl i Ar ivmeth
|
||||
Specify the IV method (default: encblkno).
|
||||
Specify the IV method (default: encblkno1).
|
||||
.It Fl k Ar kgmeth
|
||||
Specify the key generation method (default: pkcs5_pbkdf2/sha1).
|
||||
.It Fl o Ar outfile
|
||||
@ -316,7 +316,7 @@ cgd configuration file.
|
||||
.Sh EXAMPLES
|
||||
To set up and configure a cgd that uses AES with a 192 bit key
|
||||
in CBC mode with the IV Method
|
||||
.Sq encblkno
|
||||
.Sq encblkno1
|
||||
(encrypted block number):
|
||||
.Bd -literal
|
||||
# cgdconfig -g -o /etc/cgd/wd0e aes-cbc 192
|
||||
@ -359,7 +359,7 @@ reads from stdin:
|
||||
An example parameters file which uses PKCS#5 PBKDF2:
|
||||
.Bd -literal
|
||||
algorithm aes-cbc;
|
||||
iv-method encblkno;
|
||||
iv-method encblkno1;
|
||||
keylength 128;
|
||||
verify_method none;
|
||||
keygen pkcs5_pbkdf2/sha1 {
|
||||
@ -372,7 +372,7 @@ An example parameters file which uses PKCS#5 PBKDF2:
|
||||
An example parameters file which stores its key locally:
|
||||
.Bd -literal
|
||||
algorithm aes-cbc;
|
||||
iv-method encblkno;
|
||||
iv-method encblkno1;
|
||||
keylength 256;
|
||||
verify_method none;
|
||||
keygen storedkey key AAABAK3QO6d7xzLfrXTdsgg4 \\
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: params.c,v 1.23 2008/05/11 03:15:21 elric Exp $ */
|
||||
/* $NetBSD: params.c,v 1.24 2008/09/12 16:51:55 christos Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
|
||||
@ -31,7 +31,7 @@
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
#ifndef lint
|
||||
__RCSID("$NetBSD: params.c,v 1.23 2008/05/11 03:15:21 elric Exp $");
|
||||
__RCSID("$NetBSD: params.c,v 1.24 2008/09/12 16:51:55 christos Exp $");
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -152,7 +152,7 @@ params_filldefaults(struct params *p)
|
||||
if (p->verify_method == VERIFY_UNKNOWN)
|
||||
p->verify_method = VERIFY_NONE;
|
||||
if (!p->ivmeth)
|
||||
p->ivmeth = string_fromcharstar("encblkno");
|
||||
p->ivmeth = string_fromcharstar("encblkno1");
|
||||
if (p->keylen == (size_t)-1) {
|
||||
i = crypt_defaults_lookup(string_tocharstar(p->algorithm));
|
||||
if (i != (size_t)-1) {
|
||||
@ -178,6 +178,11 @@ params_filldefaults(struct params *p)
|
||||
int
|
||||
params_verify(const struct params *p)
|
||||
{
|
||||
static const char *encblkno[] = {
|
||||
"encblkno", "encblkno1", "encblkno8"
|
||||
};
|
||||
static size_t i;
|
||||
const char *meth;
|
||||
|
||||
if (!p->algorithm) {
|
||||
warnx("unspecified algorithm");
|
||||
@ -196,9 +201,15 @@ params_verify(const struct params *p)
|
||||
warnx("unspecified IV method");
|
||||
return 0;
|
||||
}
|
||||
if (strcmp("encblkno", string_tocharstar(p->ivmeth)))
|
||||
warnx("unknown IV method \"%s\" (warning)",
|
||||
string_tocharstar(p->ivmeth));
|
||||
|
||||
meth = string_tocharstar(p->ivmeth);
|
||||
for (i = 0; i < __arraycount(encblkno); i++)
|
||||
if (strcmp(encblkno[i], meth) == 0)
|
||||
break;
|
||||
|
||||
if (i == __arraycount(encblkno))
|
||||
warnx("unknown IV method \"%s\" (warning)", meth);
|
||||
|
||||
if (p->keylen == (size_t)-1) {
|
||||
warnx("unspecified key length");
|
||||
return 0;
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: cgd.4,v 1.10 2008/04/30 13:10:53 martin Exp $
|
||||
.\" $NetBSD: cgd.4,v 1.11 2008/09/12 16:51:55 christos Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
|
||||
.\" All rights reserved.
|
||||
@ -27,7 +27,7 @@
|
||||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd March 11, 2006
|
||||
.Dd September 12, 2008
|
||||
.Dt CGD 4
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -76,14 +76,29 @@ There are no performance advantages of using shorter keys.
|
||||
The default key length is 128 bits.
|
||||
.El
|
||||
.Ss IV Methods
|
||||
Currently, the only IV Method supported is
|
||||
.Ar encblkno
|
||||
(Encrypted Block Number).
|
||||
This method encrypts the block number of the
|
||||
physical disk block with the cipher and key provided and uses that as the
|
||||
IV for CBC mode.
|
||||
This method should ensure that each block has a different
|
||||
IV and that the IV is reasonably unpredictable.
|
||||
Currently, the following IV Methods are supported:
|
||||
.Bl -tag -width encblkno1
|
||||
.It encblkno1
|
||||
This method encrypts the block number of the physical disk block once with
|
||||
the cipher and key provided and uses the result as the IV for CBC mode.
|
||||
This method should ensure that each block has a different IV and that the IV
|
||||
is reasonably unpredictable.
|
||||
This is the default method used by
|
||||
.Xr cgdconfig 8
|
||||
when configuring new
|
||||
.Nm Ns 's .
|
||||
.It encblkno8
|
||||
This is the original IV method used by
|
||||
.Nm
|
||||
and provided for backward compatibility. It repeatedly encrypts the block
|
||||
number of the physical disk block eight times and uses the result as the IV
|
||||
for CBC mode.
|
||||
This method should ensure that each block has a different IV and that the IV
|
||||
is reasonably unpredictable.
|
||||
The eightfold encryption was not intended and causes a notable
|
||||
performance loss with little (if any) increase in security over a
|
||||
single encryption.
|
||||
.El
|
||||
.Ss IOCTLS
|
||||
A
|
||||
.Nm
|
||||
|
Loading…
Reference in New Issue
Block a user