Actions
Bug #12942
closedpkcs11_softtoken pbkdf2 key derivation can crash
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
Description
After #12856, using pkcs11_softtoken to do pbkdf2 key derivation can crash with:
core 'core' of 129424: zfs create -V 100m -o encryption=aes-256-gcm -o keyformat=passphrase t fe882e8d soft_hmac_sign_verify_init_common (90d1e08, 803b564, 4af80433, 1) + 1c fe880d89 soft_sign_init (90d1e08, 803b564, 4af80433) + d0 fe88541f do_prf (90d1e08, 803b7bc, 4af80433, 905af60, c, 90733c8, 14) + 102 fe886053 soft_generate_pkcs5_pbkdf2_key (90d1e08, 803b7b0, 90d2e08) + 144 fe8865dd soft_genkey (90d1e08, 803b7b0, 803b71c, a, 803b830) + 51c fe87222a C_GenerateKey (84af44e5, 803b7b0, 803b71c, a, 803b830) + 73 fe834346 C_GenerateKey (84af44e5, 803b7b0, 803b71c, a, 803b830) + df fe836568 pkcs11_PasswdToPBKD2Object (84af44e5, 906bc70, 8, 803b898, 8, 55730, 1f, 20, ...) + 2c6 feeefa17 pbkdf2 (906bc70, 8, 803b898, 8, 55730, 0, 9073400) + 6d feeefbed derive_key (90620c8, 3, 55730, 0, 906bc70, 8, 6c03122e) + 104 feeefd04 populate_create_encryption_params_nvlists (90620c8, 0, 0, 3, fef284c3, 9054f70, 803b968, 803b964) + da feef01b4 zfs_crypto_create (90620c8, 803bad8, 9054f70, 0, 1, 803bfdc, 803bfd8) + 169 feef7dc2 zfs_create (90620c8, 803c661, 4, 9054f70) + 60c 08060a9a zfs_do_create (8, 803c52c) + 2f8 080634c0 main (803c4bc, fe22d628) + 231 080567c7 _start_crt (9, 803c528, f1eb0781, 0, 0, 0) + 96 0805669a _start (9, 803c61c, 803c620, 803c627, 803c62a, 803c62f) + 1a
The problem is that soft_generate_pkcs5_pbkdf2_key
still treats the key handle as the address of the key object -- the google pkcs11 test suite doesn't currently test this mechanism, so it got missed by #12856.
Updated by Jason King almost 2 years ago
For testing, the person who originally encountered the issue tried the fix and verified creating an encrypted dataset w/ a passphrase no longer crashes.
Additionally, I recreated the crash:
root@pi:/ws/illumos-gate (master)# !503 zfs create -V 100m -o encryption=aes-256-gcm -o keyformat=passphrase testpool/test Enter passphrase: Re-enter passphrase: Segmentation Fault (core dumped)
With the fix, it no longer crashes:
root@pi:~# zfs create -V 100m -o encryption=aes-256-gcm -o keyformat=passphrase testpool/test Enter passphrase: Re-enter passphrase: root@pi:~#
Updated by Electric Monk almost 2 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit 4c60ecf710115cd5ae61f6b97dafc7ff963259f4
commit 4c60ecf710115cd5ae61f6b97dafc7ff963259f4 Author: Jason King <jason.king@joyent.com> Date: 2020-07-10T19:32:59.000Z 12942 pkcs11_softtoken pbkdf2 key derivation can crash Reviewed by: Robert Mustacchi <rm@fingolfin.org> Approved by: Dan McDonald <danmcd@joyent.com>
Actions