[Bug 283043] gptboot fails to read the encrypted rootfs if geli authentication (geli -a) is used

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 283043] gptboot fails to read the encrypted rootfs if geli authentication (geli -a) is used"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 06 Dec 2024 17:19:17 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283043

John Baldwin <jhb@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jhb@FreeBSD.org

--- Comment #2 from John Baldwin <jhb@FreeBSD.org> ---
Hmm, I think we aren't deriving the encryption key correctly when auth is
configured.  The code in the kernel for this case in sys/geom/eli/g_eli_key.c:


/*
 * Find and decrypt Master Key encrypted with 'key' at slot 'nkey'.
 * Return 0 on success, > 0 on failure, -1 on bad key.
 */
int
g_eli_mkey_decrypt(const struct g_eli_metadata *md, const unsigned char *key,
    unsigned char *mkey, unsigned nkey)
{
        unsigned char tmpmkey[G_ELI_MKEYLEN];
        unsigned char enckey[SHA512_MDLEN];     /* Key for encryption. */
        const unsigned char *mmkey;
        int bit, error;

        if (nkey > G_ELI_MKEYLEN)
                return (-1);

        /*
         * The key for encryption is: enckey = HMAC_SHA512(Derived-Key, 1)
         */
        g_eli_crypto_hmac(key, G_ELI_USERKEYLEN, "\x01", 1, enckey, 0);
...

but in geliboot.c we have:

        if ((gdev->sc.sc_flags & G_ELI_FLAG_AUTH) == 0) {
                bcopy(mkp, gdev->sc.sc_ekey, G_ELI_DATAKEYLEN);
        } else {
                /*
                 * The encryption key is: ekey = HMAC_SHA512(Data-Key, 0x10)
                 */
                g_eli_crypto_hmac(mkp, G_ELI_MAXKEYLEN, (const uint8_t
*)"\x10", 1,
                    gdev->sc.sc_ekey, 0);
        }

Try this change to see if it works:

diff --git a/stand/libsa/geli/geliboot.c b/stand/libsa/geli/geliboot.c
index 04c53e73b29a..bdb288d2733c 100644
--- a/stand/libsa/geli/geliboot.c
+++ b/stand/libsa/geli/geliboot.c
@@ -286,9 +286,9 @@ geli_probe(struct geli_dev *gdev, const char *passphrase,
u_char *mkeyp)
                bcopy(mkp, gdev->sc.sc_ekey, G_ELI_DATAKEYLEN);
        } else {
                /*
-                * The encryption key is: ekey = HMAC_SHA512(Data-Key, 0x10)
+                * The encryption key is: ekey = HMAC_SHA512(Derived-Key, 1)
                 */
-               g_eli_crypto_hmac(mkp, G_ELI_MAXKEYLEN, (const uint8_t
*)"\x10", 1,
+               g_eli_crypto_hmac(mkp, G_ELI_MAXKEYLEN, (const uint8_t
*)"\x01", 1,
                    gdev->sc.sc_ekey, 0);
        }
        explicit_bzero(mkey, sizeof(mkey));

-- 
You are receiving this mail because:
You are the assignee for the bug.