Bug 254966

Summary: geli setkey not working with detached provider
Product: Base System Reporter: rob2g2 <rob2g2-freebsd>
Component: binAssignee: Mark Johnston <markj>
Status: Closed FIXED    
Severity: Affects Many People CC: freebsd, freebsd, freebsd, grahamperrin, markj, pjd
Priority: ---    
Version: 12.2-RELEASE   
Hardware: amd64   
OS: Any   
URL: https://github.com/freebsd/freebsd-src/pull/780

Description rob2g2 2021-04-10 22:58:37 UTC 
trying to run "geli setkey -n 1 gpt/hd01" on a detached geli provider asks me for the master password, and after entering the right password just prints "Note, that the master key encrypted with old keys and/or passphrase may still exists in a metadata backup file." - so it does not ask me for the userpassword I want to set to slot 1 (as one woud expect). So either the man page should be changed to inform the user that setkey only works with attached providers or the program should be adapted so that after entering the right master password the user is asked for the user password. (IIRC this has already worked the last time - quite some time ago - when I used it)

"geli setkey -n 1 gpt/hd01" works when the provider is already attached - the dialogue:

Enter new passphrase: 
Reenter new passphrase: 
Note, that the master key encrypted with old keys and/or passphrase may still exists in a metadata backup file.

System: FreeBSD mach2020 12.2-RELEASE-p6 FreeBSD 12.2-RELEASE-p6 GENERIC  amd64
Comment 1 rob2g2 2021-04-10 23:18:43 UTC 
same behaviour on 13.0-RC5
Comment 2 Michael Büker 2021-05-08 20:49:15 UTC 
I can confirm this bug. It exists in 12.2-RELEASE-p6 and 13.0-RELEASE, but _not_ in 11.4-RELEASE-p9.

Steps to reproduce:

# mdconfig -a -t malloc -s 10M -u md10
# echo aaa | geli init -J - md10
# echo aaa | geli attach -j - md10
# geli status md10.eli
# geli detach md10

At this point, md10 is a geli volume with passphrase "aaa". Now, observe the failure of geli setkey:

# geli setkey -n0 md10

This command asks for the existing passphrase and then does nothing. It _should_ ask for the new passphrase (and correctly does so on 11.4-RELEASE).

The same happens when using passfiles:

# echo aaa > oldkey
# echo bbb > newkey
# geli setkey -n0 -j oldkey -J newkey md10

At this point, "aaa" is still the passphrase in slot 1 of md10.eli, even though it should be "bbb". Confirm this by:

# geli attach -j newkey md10

... which fails, and:

# geli attach -j oldkey md10

... which succeeds (but shouldn't).

Note that all is well when using geli setkey on md10.eli when it is attached. This bug only affect unattached volumes.
Comment 3 Arjan de Vet 2021-05-24 19:55:36 UTC 
I might have found the problem. It seems to be caused by the use of cached_passphrase (to attach multiple providers with the same passphrase). However, when using geli setkey on a detached provider it does not make any sense. This patch (13.0) works for me:

--- geom_eli.c.ORIG     2021-05-24 21:11:15.718321000 +0200
+++ geom_eli.c  2021-05-24 21:30:47.511489000 +0200
@@ -1387,6 +1387,12 @@
        bcopy(mkey, mkeydst, sizeof(mkey));
        explicit_bzero(mkey, sizeof(mkey));

+       /*
+        * The previous eli_genkey() set cached_passphrase, we do not want
+        * to use that for the new passphrase so always prompt for it
+        */
+       explicit_bzero(cached_passphrase, sizeof(cached_passphrase));
+
        /* Generate key for Master Key encryption. */
        if (eli_genkey(req, md, key, true) == NULL) {
                explicit_bzero(key, sizeof(key));
Comment 4 Mina Galić freebsd_triage 2023-06-19 09:13:09 UTC 
(In reply to Arjan de Vet from comment #3)

Arjan, this patch looks plausible to me, I'm submitted it to github so it can get broader exposure: https://github.com/freebsd/freebsd-src/pull/780
Comment 5 commit-hook freebsd_committer freebsd_triage 2023-08-28 15:08:51 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=2b7b09ac9675023869fddbae4911c9b674b1155a

commit 2b7b09ac9675023869fddbae4911c9b674b1155a
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-08-28 14:58:43 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-08-28 15:06:42 +0000

    geli tests: Add a regression test for geli setkey -J

    Make sure that it can be used to change the passphrase of both attached
    and detached providers.

    PR:             254966
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation

 tests/sys/geom/class/eli/setkey_test.sh | 59 +++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
Comment 6 commit-hook freebsd_committer freebsd_triage 2023-08-28 15:08:53 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=88d13bf33754bd4b0c5df92eef83d6fadb9b4944

commit 88d13bf33754bd4b0c5df92eef83d6fadb9b4944
Author:     Arjan de Vet <freebsd@devet.org>
AuthorDate: 2023-08-28 14:54:18 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-08-28 15:03:55 +0000

    geli: Fix geli setkey -J for detached providers

    Clear cached_passphrase before generating a new key, otherwise the
    operation nonsensically tries to reuse the old passphrase.

    PR:             254966
    Pull Request:   https://github.com/freebsd/freebsd-src/pull/780
    MFC after:      1 week

 lib/geom/eli/geom_eli.c | 6 ++++++
 1 file changed, 6 insertions(+)
Comment 7 Mina Galić freebsd_triage 2023-08-28 15:11:11 UTC 
thank you very much, mark.
Will this be MFC'd to 14 or 13, or even 12, where it was reported on?
Comment 8 Mark Johnston freebsd_committer freebsd_triage 2023-08-28 15:18:36 UTC 
(In reply to Mina Galić from comment #7)
Yes, I set the MFC timeout period to 1 week.
Comment 9 commit-hook freebsd_committer freebsd_triage 2023-09-04 12:56:33 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=472fce62bb536b00d7af98d4be73bb8efbdb169b

commit 472fce62bb536b00d7af98d4be73bb8efbdb169b
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-08-28 14:58:43 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-09-04 12:55:17 +0000

    geli tests: Add a regression test for geli setkey -J

    Make sure that it can be used to change the passphrase of both attached
    and detached providers.

    PR:             254966
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation

    (cherry picked from commit 2b7b09ac9675023869fddbae4911c9b674b1155a)

 tests/sys/geom/class/eli/setkey_test.sh | 59 +++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
Comment 10 commit-hook freebsd_committer freebsd_triage 2023-09-04 12:56:35 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=b785ac18c7d36cfa84ce8ff8705dc10edd7d2013

commit b785ac18c7d36cfa84ce8ff8705dc10edd7d2013
Author:     Arjan de Vet <freebsd@devet.org>
AuthorDate: 2023-08-28 14:54:18 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-09-04 12:55:15 +0000

    geli: Fix geli setkey -J for detached providers

    Clear cached_passphrase before generating a new key, otherwise the
    operation nonsensically tries to reuse the old passphrase.

    PR:             254966
    Pull Request:   https://github.com/freebsd/freebsd-src/pull/780
    MFC after:      1 week

    (cherry picked from commit 88d13bf33754bd4b0c5df92eef83d6fadb9b4944)

 lib/geom/eli/geom_eli.c | 6 ++++++
 1 file changed, 6 insertions(+)
Comment 11 commit-hook freebsd_committer freebsd_triage 2023-09-04 14:12:49 UTC 
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=134d36676e94a42bb280a010bf36b31163fccc65

commit 134d36676e94a42bb280a010bf36b31163fccc65
Author:     Arjan de Vet <freebsd@devet.org>
AuthorDate: 2023-08-28 14:54:18 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-09-04 14:11:01 +0000

    geli: Fix geli setkey -J for detached providers

    Clear cached_passphrase before generating a new key, otherwise the
    operation nonsensically tries to reuse the old passphrase.

    Approved by:    re (kib)
    PR:             254966
    Pull Request:   https://github.com/freebsd/freebsd-src/pull/780
    MFC after:      1 week

    (cherry picked from commit 88d13bf33754bd4b0c5df92eef83d6fadb9b4944)

 lib/geom/eli/geom_eli.c | 6 ++++++
 1 file changed, 6 insertions(+)
Comment 12 commit-hook freebsd_committer freebsd_triage 2023-09-04 14:12:51 UTC 
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=34e146632e623b5f208b745a99e2fdbed22bd942

commit 34e146632e623b5f208b745a99e2fdbed22bd942
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-08-28 14:58:43 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-09-04 14:11:04 +0000

    geli tests: Add a regression test for geli setkey -J

    Make sure that it can be used to change the passphrase of both attached
    and detached providers.

    Approved by:    re (kib)
    PR:             254966
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation

    (cherry picked from commit 2b7b09ac9675023869fddbae4911c9b674b1155a)

 tests/sys/geom/class/eli/setkey_test.sh | 59 +++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)