From 4743fd3d70d1fce61146ff4761a1ba23af953aff Mon Sep 17 00:00:00 2001 From: Hans-Joerg Hoexer Date: Fri, 13 Jun 2008 21:03:41 +0000 Subject: Implement pbkdf2 in in bioctl to derive master key from a passphrase. ok marco djm --- sbin/bioctl/Makefile | 8 +-- sbin/bioctl/bioctl.c | 122 +++++++++++++++++++++++++++++++++++++++++++++- sys/dev/softraid_crypto.c | 8 +-- sys/dev/softraidvar.h | 19 +++++++- 4 files changed, 146 insertions(+), 11 deletions(-) diff --git a/sbin/bioctl/Makefile b/sbin/bioctl/Makefile index 85fc868369f..7de33853409 100644 --- a/sbin/bioctl/Makefile +++ b/sbin/bioctl/Makefile @@ -1,8 +1,10 @@ -# $OpenBSD: Makefile,v 1.8 2006/11/26 11:31:08 deraadt Exp $ +# $OpenBSD: Makefile,v 1.9 2008/06/13 21:03:40 hshoexer Exp $ PROG= bioctl -CFLAGS+=-Wall -LDADD= -lutil +SRCS= bioctl.c pkcs5_pbkdf2.c +.PATH: ${.CURDIR}/../mount_vnd +CFLAGS+=-Wall -I${.CURDIR}/../mount_vnd +LDADD= -lutil -lcrypto DPADD= ${LIBUTIL} MAN= bioctl.8 diff --git a/sbin/bioctl/bioctl.c b/sbin/bioctl/bioctl.c index 859b3772876..4953a03282f 100644 --- a/sbin/bioctl/bioctl.c +++ b/sbin/bioctl/bioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bioctl.c,v 1.64 2008/06/12 16:08:48 jmc Exp $ */ +/* $OpenBSD: bioctl.c,v 1.65 2008/06/13 21:03:40 hshoexer Exp $ */ /* * Copyright (c) 2004, 2005 Marco Peereboom @@ -35,6 +35,7 @@ #include #include #include +#include #include #include @@ -48,6 +49,8 @@ #include #include +#include "pkcs5_pbkdf2.h" + struct locator { int channel; int target; @@ -58,6 +61,11 @@ void usage(void); const char *str2locator(const char *, struct locator *); void cleanup(void); int bio_parse_devlist(char *, dev_t *); +void bio_kdf_derive(struct sr_crypto_kdfinfo *, + struct sr_crypto_kdf_pbkdf2 *); +void bio_kdf_generate(struct sr_crypto_kdfinfo *); +void get_pkcs_key(int, u_int8_t *, size_t, u_int8_t *, + size_t); void bio_inq(char *); void bio_alarm(char *); @@ -591,6 +599,8 @@ void bio_createraid(u_int16_t level, char *dev_list) { struct bioc_createraid create; + struct sr_crypto_kdfinfo kdfinfo; + struct sr_crypto_kdf_pbkdf2 kdfhint; int rv, no_dev; dev_t *dt; u_int16_t min_disks = 0; @@ -613,7 +623,7 @@ bio_createraid(u_int16_t level, char *dev_list) min_disks = 2; break; case 'C': - min_disks = 2; + min_disks = 1; break; case 'c': min_disks = 1; @@ -625,6 +635,11 @@ bio_createraid(u_int16_t level, char *dev_list) if (no_dev < min_disks) errx(1, "not enough disks"); + /* for crypto raid we only allow one single chunk */ + if (level == 'C' && no_dev != min_disks) + errx(1, "not exactly one disks"); + + memset(&create, 0, sizeof(create)); create.bc_cookie = bl.bl_cookie; create.bc_level = level; @@ -632,13 +647,82 @@ bio_createraid(u_int16_t level, char *dev_list) create.bc_dev_list = dt; create.bc_flags = BIOC_SCDEVT | cflags; + if (level == 'C') { + memset(&kdfinfo, 0, sizeof(kdfinfo)); + memset(&kdfhint, 0, sizeof(kdfhint)); + + create.bc_opaque = &kdfhint; + create.bc_opaque_size = sizeof(kdfhint); + create.bc_opaque_flags = BIOC_SOOUT; + + /* try to get KDF hint */ + if ((rv = ioctl(devh, BIOCCREATERAID, &create)) == 0) { + bio_kdf_derive(&kdfinfo, &kdfhint); + memset(&kdfhint, 0, sizeof(kdfhint)); + } else { + /* XXX this will kill the keys in case of an error */ + bio_kdf_generate(&kdfinfo); + /* no auto assembling */ + create.bc_flags |= BIOC_SCNOAUTOASSEMBLE; + } + + create.bc_opaque = &kdfinfo; + create.bc_opaque_size = sizeof(kdfinfo); + create.bc_opaque_flags = BIOC_SOIN; + } + rv = ioctl(devh, BIOCCREATERAID, &create); + memset(&kdfinfo, 0, sizeof(kdfinfo)); if (rv == -1) err(1, "BIOCCREATERAID"); free(dt); } +void +bio_kdf_derive(struct sr_crypto_kdfinfo *kdfinfo, struct sr_crypto_kdf_pbkdf2 + *kdfhint) +{ + if (!kdfinfo) + errx(1, "invalid KDF info"); + if (!kdfhint) + errx(1, "invalid KDF hint"); + + if (kdfhint->len != sizeof(*kdfhint)) + errx(1, "KDF hint has invalid size"); + if (kdfhint->type != SR_CRYPTOKDFT_PBKDF2) + errx(1, "unknown KDF type %d", kdfhint->type); + if (kdfhint->rounds < 1000) + errx(1, "number of KDF rounds too low: %d", kdfhint->rounds); + + kdfinfo->flags = SR_CRYPTOKDF_KEY; + kdfinfo->len = sizeof(*kdfinfo); + + get_pkcs_key(kdfhint->rounds, + kdfinfo->maskkey, sizeof(kdfinfo->maskkey), + kdfhint->salt, sizeof(kdfhint->salt)); +} + +void +bio_kdf_generate(struct sr_crypto_kdfinfo *kdfinfo) +{ + if (!kdfinfo) + errx(1, "invalid KDF info"); + + kdfinfo->pbkdf2.len = sizeof(kdfinfo->pbkdf2); + kdfinfo->pbkdf2.type = SR_CRYPTOKDFT_PBKDF2; + kdfinfo->pbkdf2.rounds = 10000; + kdfinfo->len = sizeof(*kdfinfo); + kdfinfo->flags = (SR_CRYPTOKDF_KEY | SR_CRYPTOKDF_HINT); + + /* generate salt */ + arc4random_buf(kdfinfo->pbkdf2.salt, sizeof(kdfinfo->pbkdf2.salt)); + + get_pkcs_key(kdfinfo->pbkdf2.rounds, + kdfinfo->maskkey, sizeof(kdfinfo->maskkey), + kdfinfo->pbkdf2.salt, sizeof(kdfinfo->pbkdf2.salt)); +} + int bio_parse_devlist(char *lst, dev_t *dt) { @@ -755,3 +839,37 @@ bio_diskinq(char *sd_dev) printf("%s: <%s, %s, %s>, serial %s\n", sd_dev, bio_vis(di.vendor), bio_vis(di.product), bio_vis(di.revision), bio_vis(di.serial)); } + +void +get_pkcs_key(int rounds, u_int8_t *key, size_t keysz, u_int8_t *salt, + size_t saltsz) +{ + u_int8_t *keybuf; + char *passphrase; + + if (!key) + errx(1, "Invalid key"); + if (!salt) + errx(1, "Invalid salt"); + if (rounds < 1000) + errx(1, "Too less rounds: %d", rounds); + + /* get passphrase */ + passphrase = getpass("Passphrase: "); + if (!passphrase || strlen(passphrase) == 0) + errx(1, "Need a passphrase"); + + /* derive key from passphrase */ + if (pkcs5_pbkdf2(&keybuf, keysz, passphrase, strlen(passphrase), salt, + saltsz, rounds, 0)) + errx(1, "pkcs5_pbkdf2 failed"); + + memcpy(key, keybuf, keysz); + memset(keybuf, 0, keysz); + free(keybuf); + + /* forget passphrase */ + memset(passphrase, 0, strlen(passphrase)); + + return; +} diff --git a/sys/dev/softraid_crypto.c b/sys/dev/softraid_crypto.c index 239cdeb9f38..c43f092cae2 100644 --- a/sys/dev/softraid_crypto.c +++ b/sys/dev/softraid_crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: softraid_crypto.c,v 1.22 2008/06/13 18:26:59 hshoexer Exp $ */ +/* $OpenBSD: softraid_crypto.c,v 1.23 2008/06/13 21:03:40 hshoexer Exp $ */ /* * Copyright (c) 2007 Marco Peereboom * Copyright (c) 2008 Hans-Joerg Hoexer @@ -185,11 +185,11 @@ sr_crypto_get_kdf(struct bioc_createraid *bc, struct sr_discipline *sd) /* copy KDF hint to disk meta data */ if (kdfinfo->flags & SR_CRYPTOKDF_HINT) { if (sizeof(sd->mds.mdd_crypto.scr_meta.scm_kdfhint) < - kdfinfo->kdfhint.len) + kdfinfo->genkdf.len) goto out; - bcopy(&kdfinfo->kdfhint, + bcopy(&kdfinfo->genkdf, sd->mds.mdd_crypto.scr_meta.scm_kdfhint, - kdfinfo->kdfhint.len); + kdfinfo->genkdf.len); } /* copy mask key to run-time meta data */ diff --git a/sys/dev/softraidvar.h b/sys/dev/softraidvar.h index 6999078cd27..7a2712fb79f 100644 --- a/sys/dev/softraidvar.h +++ b/sys/dev/softraidvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: softraidvar.h,v 1.54 2008/06/13 18:27:42 djm Exp $ */ +/* $OpenBSD: softraidvar.h,v 1.55 2008/06/13 21:03:40 hshoexer Exp $ */ /* * Copyright (c) 2006 Marco Peereboom * Copyright (c) 2008 Chris Kuethe @@ -107,6 +107,16 @@ struct sr_crypto_genkdf { #define SR_CRYPTOKDFT_PBKDF2 (1<<0) }; +struct sr_crypto_kdf_pbkdf2 { + u_int32_t len; + u_int32_t type; +#define SR_CRYPTOKDFT_INVALID (0) +#define SR_CRYPTOKDFT_PBKDF2 (1<<0) + u_int32_t rounds; + u_int8_t salt[128]; +}; + + struct sr_crypto_kdfinfo { u_int32_t len; u_int32_t flags; @@ -114,7 +124,12 @@ struct sr_crypto_kdfinfo { #define SR_CRYPTOKDF_KEY (1<<0) #define SR_CRYPTOKDF_HINT (1<<1) u_int8_t maskkey[SR_CRYPTO_MAXKEYBYTES]; - struct sr_crypto_genkdf kdfhint; + union { + struct sr_crypto_genkdf generic; + struct sr_crypto_kdf_pbkdf2 pbkdf2; + } _kdfhint; +#define genkdf _kdfhint.generic +#define pbkdf2 _kdfhint.pbkdf2 }; struct sr_crypto_metadata { -- cgit v1.2.3