Project

General

Profile

Actions

Bug #12942

closed

pkcs11_softtoken pbkdf2 key derivation can crash

Added by Jason King almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
lib - userland libraries
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

After #12856, using pkcs11_softtoken to do pbkdf2 key derivation can crash with:

core 'core' of 129424:  zfs create -V 100m -o encryption=aes-256-gcm -o keyformat=passphrase t
 fe882e8d soft_hmac_sign_verify_init_common (90d1e08, 803b564, 4af80433, 1) + 1c
 fe880d89 soft_sign_init (90d1e08, 803b564, 4af80433) + d0
 fe88541f do_prf   (90d1e08, 803b7bc, 4af80433, 905af60, c, 90733c8, 14) + 102
 fe886053 soft_generate_pkcs5_pbkdf2_key (90d1e08, 803b7b0, 90d2e08) + 144
 fe8865dd soft_genkey (90d1e08, 803b7b0, 803b71c, a, 803b830) + 51c
 fe87222a C_GenerateKey (84af44e5, 803b7b0, 803b71c, a, 803b830) + 73
 fe834346 C_GenerateKey (84af44e5, 803b7b0, 803b71c, a, 803b830) + df
 fe836568 pkcs11_PasswdToPBKD2Object (84af44e5, 906bc70, 8, 803b898, 8, 55730, 1f, 20, ...) + 2c6
 feeefa17 pbkdf2   (906bc70, 8, 803b898, 8, 55730, 0, 9073400) + 6d
 feeefbed derive_key (90620c8, 3, 55730, 0, 906bc70, 8, 6c03122e) + 104
 feeefd04 populate_create_encryption_params_nvlists (90620c8, 0, 0, 3, fef284c3, 9054f70, 803b968, 803b964) + da
 feef01b4 zfs_crypto_create (90620c8, 803bad8, 9054f70, 0, 1, 803bfdc, 803bfd8) + 169
 feef7dc2 zfs_create (90620c8, 803c661, 4, 9054f70) + 60c
 08060a9a zfs_do_create (8, 803c52c) + 2f8
 080634c0 main     (803c4bc, fe22d628) + 231
 080567c7 _start_crt (9, 803c528, f1eb0781, 0, 0, 0) + 96
 0805669a _start   (9, 803c61c, 803c620, 803c627, 803c62a, 803c62f) + 1a

The problem is that soft_generate_pkcs5_pbkdf2_key still treats the key handle as the address of the key object -- the google pkcs11 test suite doesn't currently test this mechanism, so it got missed by #12856.

Actions #1

Updated by Electric Monk almost 2 years ago

  • Gerrit CR set to 785
Actions #2

Updated by Jason King almost 2 years ago

For testing, the person who originally encountered the issue tried the fix and verified creating an encrypted dataset w/ a passphrase no longer crashes.

Additionally, I recreated the crash:

root@pi:/ws/illumos-gate (master)# !503
zfs create -V 100m -o encryption=aes-256-gcm -o keyformat=passphrase testpool/test
Enter passphrase:
Re-enter passphrase:
Segmentation Fault (core dumped)

With the fix, it no longer crashes:

root@pi:~# zfs create -V 100m -o encryption=aes-256-gcm -o keyformat=passphrase testpool/test
Enter passphrase:
Re-enter passphrase:
root@pi:~#

Actions #3

Updated by Electric Monk almost 2 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 4c60ecf710115cd5ae61f6b97dafc7ff963259f4

commit  4c60ecf710115cd5ae61f6b97dafc7ff963259f4
Author: Jason King <jason.king@joyent.com>
Date:   2020-07-10T19:32:59.000Z

    12942 pkcs11_softtoken pbkdf2 key derivation can crash
    Reviewed by: Robert Mustacchi <rm@fingolfin.org>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions

Also available in: Atom PDF