From 42490208c2d8ada209d2bd86f6b005c282b1bba1 Mon Sep 17 00:00:00 2001
From: Martin Stein <martin.stein@genode-labs.com>
Date: Sun, 28 Mar 2021 19:16:16 +0200
Subject: [PATCH] vfs/cbe_trust_anchor: fix unlocking

The unlocking operation in the trust anchor was broken wich caused bad keys in
the CBE. This rewrites the whole operation to work as desired. Note that this
doesn't make it more safe! The private key is still almost the same as the
passphrase and stored plaintext.

Ref #4032
---
 repos/gems/include/cbe/vfs/io_job.h           |  2 +
 .../gems/src/lib/vfs/cbe_trust_anchor/vfs.cc  | 41 +++++++++++--------
 2 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/repos/gems/include/cbe/vfs/io_job.h b/repos/gems/include/cbe/vfs/io_job.h
index 9c9356ac5f..9480d6e4d9 100644
--- a/repos/gems/include/cbe/vfs/io_job.h
+++ b/repos/gems/include/cbe/vfs/io_job.h
@@ -308,6 +308,8 @@ namespace Util {
 			default:        return false;
 			}
 		}
+
+		Genode::size_t current_offset() const { return _current_offset; }
 	};
 
 } /* namespace Util */
diff --git a/repos/gems/src/lib/vfs/cbe_trust_anchor/vfs.cc b/repos/gems/src/lib/vfs/cbe_trust_anchor/vfs.cc
index bb75d42115..02ea268b84 100644
--- a/repos/gems/src/lib/vfs/cbe_trust_anchor/vfs.cc
+++ b/repos/gems/src/lib/vfs/cbe_trust_anchor/vfs.cc
@@ -208,21 +208,28 @@ class Trust_anchor
 					break;
 				}
 
-				Private_key key { };
+				if (_key_io_job_buffer.size == _passphrase_buffer.size &&
+					Genode::memcmp(_key_io_job_buffer.base,
+					               _passphrase_buffer.base,
+					               _passphrase_buffer.size) == 0) {
 
-				/* copy passphrase to key object */
-				size_t const key_len =
-					Genode::min(_key_io_job_buffer.size,
-					            sizeof (key.value));
+					Genode::memset(_private_key.value, 0xa5,
+					               sizeof (_private_key.value));
 
-				Genode::memset(key.value, 0xa5, sizeof (key.value));
-				Genode::memcpy(key.value, _key_io_job_buffer.buffer, key_len);
+					Genode::memcpy(_private_key.value,
+					               _key_io_job_buffer.buffer,
+					               _key_io_job_buffer.size);
 
-				_job_state   = Job_state::COMPLETE;
-				_job_success = Genode::memcmp(_private_key.value, key.value,
-				                              sizeof (key.value));
+					_job_state   = Job_state::COMPLETE;
+					_job_success = true;
+					progress = true;
 
-				progress |= true;
+				} else {
+
+					_job_state   = Job_state::COMPLETE;
+					_job_success = false;
+					progress = true;
+				}
 			}
 
 			[[fallthrough]];
@@ -451,6 +458,7 @@ class Trust_anchor
 		};
 
 		Key_io_job_buffer _key_io_job_buffer { };
+		Key_io_job_buffer _passphrase_buffer { };
 
 		bool _check_key_file(Path const &path)
 		{
@@ -514,6 +522,7 @@ class Trust_anchor
 			if (completed) {
 				_state = State::INITIALIZED;
 				_close_handle(&_key_handle);
+				_key_io_job_buffer.size = _key_io_job->current_offset();
 				_key_io_job.destruct();
 			}
 
@@ -790,14 +799,14 @@ class Trust_anchor
 				return true;
 			}
 
-			if (len > _key_io_job_buffer.size) {
-				len = _key_io_job_buffer.size;
+			if (len > sizeof(_passphrase_buffer.buffer)) {
+				len = sizeof(_passphrase_buffer.buffer);
 			}
 
-			_key_io_job_buffer.size = len;
+			_passphrase_buffer.size = len;
 
-			Genode::memcpy(_key_io_job_buffer.buffer, src,
-			               _key_io_job_buffer.size);
+			Genode::memcpy(_passphrase_buffer.buffer, src,
+			               _passphrase_buffer.size);
 
 			_job       = Job::UNLOCK;
 			_job_state = Job_state::PENDING;