From 75a55b62a30b479e7deba68d62e05b65d9a29fc2 Mon Sep 17 00:00:00 2001
From: Martin Stein <martin.stein@genode-labs.com>
Date: Fri, 9 Apr 2021 11:38:50 +0200
Subject: [PATCH] vfs/cbe_trust_anchor: use hash of passphrase

Instead of using the user passphrase directly, use its SHA256 hash calculated
using libcrypto. The passphrase hash is still stored in the key file to be
used as base for the very primitive way of generating the private key.

Ref #4032
---
 .../mk/spec/x86_64/vfs_cbe_trust_anchor.mk    |  6 ++++
 .../gems/src/lib/vfs/cbe_trust_anchor/vfs.cc  | 34 ++++++++-----------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/repos/gems/lib/mk/spec/x86_64/vfs_cbe_trust_anchor.mk b/repos/gems/lib/mk/spec/x86_64/vfs_cbe_trust_anchor.mk
index 7a7c332696..8edb1c8571 100644
--- a/repos/gems/lib/mk/spec/x86_64/vfs_cbe_trust_anchor.mk
+++ b/repos/gems/lib/mk/spec/x86_64/vfs_cbe_trust_anchor.mk
@@ -1,5 +1,11 @@
+OPENSSL_DIR = $(call select_from_ports,openssl)
+
 SRC_CC = vfs.cc
 
+INC_DIR += $(OPENSSL_DIR)/include
+
+LIBS += libcrypto
+
 vpath % $(REP_DIR)/src/lib/vfs/cbe_trust_anchor
 
 SHARED_LIB := yes
diff --git a/repos/gems/src/lib/vfs/cbe_trust_anchor/vfs.cc b/repos/gems/src/lib/vfs/cbe_trust_anchor/vfs.cc
index e46382347c..f7a3bb72f8 100644
--- a/repos/gems/src/lib/vfs/cbe_trust_anchor/vfs.cc
+++ b/repos/gems/src/lib/vfs/cbe_trust_anchor/vfs.cc
@@ -18,6 +18,9 @@
 #include <util/arg_string.h>
 #include <util/xml_generator.h>
 
+/* OpenSSL includes */
+#include <openssl/sha.h>
+
 /* CBE includes */
 #include <cbe/vfs/io_job.h>
 
@@ -216,10 +219,10 @@ class Trust_anchor
 					break;
 				}
 
-				if (_key_io_job_buffer.size == _passphrase_buffer.size &&
+				if (_key_io_job_buffer.size == _passphrase_hash_buffer.size &&
 					Genode::memcmp(_key_io_job_buffer.base,
-					               _passphrase_buffer.base,
-					               _passphrase_buffer.size) == 0) {
+					               _passphrase_hash_buffer.base,
+					               _passphrase_hash_buffer.size) == 0) {
 
 					Genode::memset(_private_key.value, 0xa5,
 					               sizeof (_private_key.value));
@@ -482,7 +485,7 @@ class Trust_anchor
 
 		struct Key_io_job_buffer : Util::Io_job::Buffer
 		{
-			char buffer[64] { };
+			char buffer[SHA256_DIGEST_LENGTH] { };
 
 			Key_io_job_buffer()
 			{
@@ -492,7 +495,7 @@ class Trust_anchor
 		};
 
 		Key_io_job_buffer _key_io_job_buffer { };
-		Key_io_job_buffer _passphrase_buffer { };
+		Key_io_job_buffer _passphrase_hash_buffer { };
 
 		bool _check_key_file(Path const &path)
 		{
@@ -848,15 +851,10 @@ class Trust_anchor
 			if (_state != State::UNINITIALIZED) {
 				return false;
 			}
+			SHA256((unsigned char const *)src, len,
+			       (unsigned char *)_key_io_job_buffer.base);
 
-			if (len > _key_io_job_buffer.size) {
-				len = _key_io_job_buffer.size;
-			}
-
-			_key_io_job_buffer.size = len;
-
-			Genode::memcpy(_key_io_job_buffer.buffer, src,
-			               _key_io_job_buffer.size);
+			_key_io_job_buffer.size = SHA256_DIGEST_LENGTH;
 
 			_job       = Job::INIT;
 			_job_state = Job_state::PENDING;
@@ -893,14 +891,10 @@ class Trust_anchor
 				return true;
 			}
 
-			if (len > sizeof(_passphrase_buffer.buffer)) {
-				len = sizeof(_passphrase_buffer.buffer);
-			}
+			SHA256((unsigned char const *)src, len,
+			       (unsigned char *)_passphrase_hash_buffer.base);
 
-			_passphrase_buffer.size = len;
-
-			Genode::memcpy(_passphrase_buffer.buffer, src,
-			               _passphrase_buffer.size);
+			_passphrase_hash_buffer.size = SHA256_DIGEST_LENGTH;
 
 			_job       = Job::UNLOCK;
 			_job_state = Job_state::PENDING;