vfs/cbe_trust_anchor: fix unlocking

The unlocking operation in the trust anchor was broken wich caused bad keys in the CBE. This rewrites the whole operation to work as desired. Note that this doesn't make it more safe! The private key is still almost the same as the passphrase and stored plaintext. Ref #4032
2025-04-08 20:05:54 +00:00 · 2021-03-28 19:16:16 +02:00 · 2021-03-28 19:16:16 +02:00 · 42490208c2
commit 42490208c2
parent 95639a7492
2 changed files with 27 additions and 16 deletions
--- a/repos/gems/include/cbe/vfs/io_job.h
+++ b/repos/gems/include/cbe/vfs/io_job.h
@ -308,6 +308,8 @@ namespace Util {
 			default:        return false;
 			}
 		}
+
+		Genode::size_t current_offset() const { return _current_offset; }
 	};

 } /* namespace Util */
--- a/repos/gems/src/lib/vfs/cbe_trust_anchor/vfs.cc
+++ b/repos/gems/src/lib/vfs/cbe_trust_anchor/vfs.cc
@ -208,21 +208,28 @@ class Trust_anchor
 					break;
 				}

-				Private_key key { };
+				if (_key_io_job_buffer.size == _passphrase_buffer.size &&
+					Genode::memcmp(_key_io_job_buffer.base,
+					               _passphrase_buffer.base,
+					               _passphrase_buffer.size) == 0) {

-				/* copy passphrase to key object */
-				size_t const key_len =
-					Genode::min(_key_io_job_buffer.size,
-					            sizeof (key.value));
+					Genode::memset(_private_key.value, 0xa5,
+					               sizeof (_private_key.value));

-				Genode::memset(key.value, 0xa5, sizeof (key.value));
-				Genode::memcpy(key.value, _key_io_job_buffer.buffer, key_len);
+					Genode::memcpy(_private_key.value,
+					               _key_io_job_buffer.buffer,
+					               _key_io_job_buffer.size);

-				_job_state   = Job_state::COMPLETE;
-				_job_success = Genode::memcmp(_private_key.value, key.value,
-				                              sizeof (key.value));
+					_job_state   = Job_state::COMPLETE;
+					_job_success = true;
+					progress = true;

-				progress |= true;
+				} else {
+
+					_job_state   = Job_state::COMPLETE;
+					_job_success = false;
+					progress = true;
+				}
 			}

 			[[fallthrough]];
@ -451,6 +458,7 @@ class Trust_anchor
 		};

 		Key_io_job_buffer _key_io_job_buffer { };
+		Key_io_job_buffer _passphrase_buffer { };

 		bool _check_key_file(Path const &path)
 		{
@ -514,6 +522,7 @@ class Trust_anchor
 			if (completed) {
 				_state = State::INITIALIZED;
 				_close_handle(&_key_handle);
+				_key_io_job_buffer.size = _key_io_job->current_offset();
 				_key_io_job.destruct();
 			}

@ -790,14 +799,14 @@ class Trust_anchor
 				return true;
 			}

-			if (len > _key_io_job_buffer.size) {
-				len = _key_io_job_buffer.size;
+			if (len > sizeof(_passphrase_buffer.buffer)) {
+				len = sizeof(_passphrase_buffer.buffer);
 			}

-			_key_io_job_buffer.size = len;
+			_passphrase_buffer.size = len;

-			Genode::memcpy(_key_io_job_buffer.buffer, src,
-			               _key_io_job_buffer.size);
+			Genode::memcpy(_passphrase_buffer.buffer, src,
+			               _passphrase_buffer.size);

 			_job       = Job::UNLOCK;
 			_job_state = Job_state::PENDING;