Skip to content

Commit fc3c2d3

Browse files
author
Howard McLauchlan
committed
Add securemode/password-setting
*BASICALLY CLEANED UP VERSION OF Drive-Trust-Alliance#271 This commit does what the linked PR says, and also fixes a few bugs in that original PR. I'm not sure what the right way to give credit is and it was very painful to resurrect CVE's original patches and roll my own on top, so the disclaimer here is that it's like 95% his code :). A few notable things: * We don't need to modify the makefiles, since we split that out in the prior commit. * We fixed his original makefile, which didn't quite work: that change is folded naturally into prior commit. * The generated makefiles don't need to change, because since CVE's original patchset, GetPassPhrase.o was introduced organically to the codebase, and ergo the makefiles. The most interesting thing here is we allow hashing to be forced off by `-n` even during secure mode. The key issue we ran into was that if a drive is originally set with no hashing, then hash'd invocations in the future will fail(obviously). As implemented, CVE's original patches will silently debug output, and then turn on hashing without telling the user. Not a domain expert in why hashing is necessary here, but in either case, I think we should support the case where a password was originally set without hashing, by allowing hashing to be turned off _if_ specified explicitly. We also do some sneaky business by ensuring -n is evaluated after -s, so -n will always override -s, if provided. Signed-off-by: Howard McLauchlan <hmclauchlan@fb.com>
1 parent b55cc39 commit fc3c2d3

File tree

11 files changed

+319
-157
lines changed

11 files changed

+319
-157
lines changed

Common/DtaDev.h

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -111,37 +111,40 @@ class DtaDev {
111111
/** User command to prepare the device for management by sedutil.
112112
* Specific to the SSC that the device supports
113113
* @param password the password that is to be assigned to the SSC master entities
114+
* @param securemode is the new password should be interactively asked
114115
*/
115-
virtual uint8_t initialSetup(char * password) = 0;
116+
virtual uint8_t initialSetup(char * password, bool securemode = false) = 0;
116117
/** User command to prepare the drive for Single User Mode and rekey a SUM locking range.
117118
* @param lockingrange locking range number to enable
118119
* @param start LBA to start locking range
119120
* @param length length (in blocks) for locking range
120121
* @param Admin1Password admin1 password for TPer
121122
* @param password User password to set for locking range
122123
*/
123-
virtual uint8_t setup_SUM(uint8_t lockingrange, uint64_t start, uint64_t length, char *Admin1Password, char * password) = 0;
124+
virtual uint8_t setup_SUM(uint8_t lockingrange, uint64_t start, uint64_t length, char *Admin1Password, char * password, bool securemode = false) = 0;
124125
/** Set the SID password.
125126
* Requires special handling because password is not always hashed.
126127
* @param oldpassword current SID password
127128
* @param newpassword value password is to be changed to
128129
* @param hasholdpwd is the old password to be hashed before being added to the bytestream
129130
* @param hashnewpwd is the new password to be hashed before being added to the bytestream
131+
* @param securemode is the new password should be interactively asked
130132
*/
131133
virtual uint8_t setSIDPassword(char * oldpassword, char * newpassword,
132-
uint8_t hasholdpwd = 1, uint8_t hashnewpwd = 1) = 0;
134+
uint8_t hasholdpwd = 1, uint8_t hashnewpwd = 1, bool securemode = false) = 0;
133135
/** Set the password of a locking SP user.
134136
* @param password current password
135137
* @param userid the userid whose password is to be changed
136138
* @param newpassword value password is to be changed to
139+
* @param securemode is the new password shoulb be interactively asked
137140
*/
138-
virtual uint8_t setPassword(char * password, char * userid, char * newpassword) = 0;
141+
virtual uint8_t setPassword(char * password, char * userid, char * newpassword, bool securemode = false) = 0;
139142
/** Set the password of a locking SP user in Single User Mode.
140143
* @param password current user password
141144
* @param userid the userid whose password is to be changed
142145
* @param newpassword value password is to be changed to
143146
*/
144-
virtual uint8_t setNewPassword_SUM(char * password, char * userid, char * newpassword) = 0;
147+
virtual uint8_t setNewPassword_SUM(char * password, char * userid, char * newpassword, bool securemode = false) = 0;
145148
/** Loads a disk image file to the shadow MBR table.
146149
* @param password the password for the administrative authority with access to the table
147150
* @param filename the filename of the disk image
@@ -230,8 +233,9 @@ class DtaDev {
230233
virtual uint8_t eraseLockingRange_SUM(uint8_t lockingrange, char * password) = 0;
231234
/** Change the SID password from it's MSID default
232235
* @param newpassword new password for SID and locking SP admins
236+
* @param securemode is the new password should be interactively asked
233237
*/
234-
virtual uint8_t takeOwnership(char * newpassword) = 0;
238+
virtual uint8_t takeOwnership(char * newpassword, bool securemode = false) = 0;
235239
/** Reset the Locking SP to its factory default condition
236240
* ERASES ALL DATA!
237241
* @param password of Administrative user

Common/DtaDevEnterprise.cpp

Lines changed: 20 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -171,12 +171,12 @@ DtaDevEnterprise::DtaDevEnterprise(const char * devref)
171171
DtaDevEnterprise::~DtaDevEnterprise()
172172
{
173173
}
174-
uint8_t DtaDevEnterprise::initialSetup(char * password)
174+
uint8_t DtaDevEnterprise::initialSetup(char * password, bool securemode)
175175
{
176176
LOG(D1) << "Entering initialSetup()";
177177
uint8_t lastRC;
178178

179-
if ((lastRC = takeOwnership(password)) != 0) {
179+
if ((lastRC = takeOwnership(password, securemode)) != 0) {
180180
LOG(E) << "Initial setup failed - unable to take ownership";
181181
return lastRC;
182182
}
@@ -196,7 +196,7 @@ uint8_t DtaDevEnterprise::initialSetup(char * password)
196196
LOG(D1) << "Exiting initialSetup()";
197197
return 0;
198198
}
199-
uint8_t DtaDevEnterprise::setup_SUM(uint8_t lockingrange, uint64_t start, uint64_t length, char *Admin1Password, char * password)
199+
uint8_t DtaDevEnterprise::setup_SUM(uint8_t lockingrange, uint64_t start, uint64_t length, char *Admin1Password, char * password, bool securemode)
200200
{
201201
LOG(D1) << "Entering DtaDevEnterprise::setup_SUM";
202202
LOG(I) << "setup_SUM not supported on DtaDevEnterprise";
@@ -377,13 +377,18 @@ uint8_t DtaDevEnterprise::revertLockingSP(char * password, uint8_t keep)
377377
LOG(D1) << "Exiting DtaDevEnterprise::revertLockingSP()";
378378
return 0;
379379
}
380-
uint8_t DtaDevEnterprise::setPassword(char * password, char * userid, char * newpassword)
380+
uint8_t DtaDevEnterprise::setPassword(char * password, char * userid, char * newpassword, bool securemode)
381381
{
382382
LOG(D1) << "Entering DtaDevEnterprise::setPassword" ;
383-
uint8_t lastRC;
383+
uint8_t lastRC = 0;
384384
string defaultPassword;
385385
char *pwd = password, *newpwd = newpassword;
386386

387+
if (securemode) {
388+
LOG(I) << "setSIDPassword in secure mode in the Enterprise SSC is not supported";
389+
return lastRC;
390+
}
391+
387392
if (11 > strnlen(userid, 15)) {
388393
LOG(E) << "Invalid Userid " << userid;
389394
return DTAERROR_INVALID_PARAMETER;
@@ -463,7 +468,7 @@ uint8_t DtaDevEnterprise::setPassword(char * password, char * userid, char * new
463468
LOG(D1) << "Exiting DtaDevEnterprise::setPassword()";
464469
return 0;
465470
}
466-
uint8_t DtaDevEnterprise::setNewPassword_SUM(char * password, char * userid, char * newpassword)
471+
uint8_t DtaDevEnterprise::setNewPassword_SUM(char * password, char * userid, char * newpassword, bool securemode)
467472
{
468473
LOG(D1) << "Entering DtaDevEnterprise::setNewPassword_SUM()";
469474
LOG(I) << "setNewPassword_SUM is not in the Enterprise SSC and not supported";
@@ -1022,7 +1027,7 @@ uint8_t DtaDevEnterprise::eraseLockingRange_SUM(uint8_t lockingrange, char * pas
10221027
LOG(D1) << "Exiting DtaDevEnterprise::eraseLockingRange_SUM()";
10231028
return DTAERROR_INVALID_PARAMETER;
10241029
}
1025-
uint8_t DtaDevEnterprise::takeOwnership(char * newpassword)
1030+
uint8_t DtaDevEnterprise::takeOwnership(char * newpassword, bool securemode)
10261031
{
10271032
string defaultPassword;
10281033
uint8_t lastRC;
@@ -1033,7 +1038,7 @@ uint8_t DtaDevEnterprise::takeOwnership(char * newpassword)
10331038
return lastRC;
10341039
}
10351040
defaultPassword = response.getString(5);
1036-
if ((lastRC = setSIDPassword((char *)defaultPassword.c_str(), newpassword, 0)) != 0) {
1041+
if ((lastRC = setSIDPassword((char *)defaultPassword.c_str(), newpassword, 0, 1, securemode)) != 0) {
10371042
LOG(E) << "takeOwnership failed unable to set new SID password";
10381043
return lastRC;
10391044
}
@@ -1270,10 +1275,15 @@ uint8_t DtaDevEnterprise::printDefaultPassword()
12701275
return 0;
12711276
}
12721277
uint8_t DtaDevEnterprise::setSIDPassword(char * oldpassword, char * newpassword,
1273-
uint8_t hasholdpwd, uint8_t hashnewpwd)
1278+
uint8_t hasholdpwd, uint8_t hashnewpwd, bool securemode)
12741279
{
12751280
LOG(D1) << "Entering DtaDevEnterprise::setSIDPassword()";
1276-
uint8_t lastRC;
1281+
uint8_t lastRC = 0;
1282+
1283+
if (securemode) {
1284+
LOG(I) << "setSIDPassword in the Enterprise SSC is not supported";
1285+
return lastRC;
1286+
}
12771287

12781288
vector<uint8_t> user;
12791289
set8(user, OPALUID[OPAL_SID_UID]);

Common/DtaDevEnterprise.h

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -57,8 +57,9 @@ class DtaDevEnterprise : public DtaDevOS {
5757
uint16_t comID();
5858
/** Change the SID password from it's MSID default
5959
* @param newpassword new password for SID
60+
* @param securemode is the new password should be interactively asked
6061
*/
61-
uint8_t takeOwnership(char * newpassword);
62+
uint8_t takeOwnership(char * newpassword, bool securemode = false);
6263
/** Change the passwords for the enabled Bandmasters and the Erasemaster
6364
* from the MSID default.
6465
* @param defaultPassword the MSID password
@@ -80,9 +81,10 @@ class DtaDevEnterprise : public DtaDevOS {
8081
* @param newpassword value password is to be changed to
8182
* @param hasholdpwd is the old password to be hashed before being added to the bytestream
8283
* @param hashnewpwd is the new password to be hashed before being added to the bytestream
84+
* @param securemode is the new password should be interactively asked
8385
*/
8486
uint8_t setSIDPassword(char * oldpassword, char * newpassword,
85-
uint8_t hasholdpwd = 1, uint8_t hashnewpwd = 1);
87+
uint8_t hasholdpwd = 1, uint8_t hashnewpwd = 1, bool securemode = false);
8688
/** set a single column in an object table
8789
* @param table the UID of the table
8890
* @param name the column name to be set
@@ -124,10 +126,11 @@ class DtaDevEnterprise : public DtaDevOS {
124126
* @param password current password
125127
* @param userid the userid whose password is to be changed
126128
* @param newpassword value password is to be changed to
129+
* @param securemode is the new password should be interactively asked
127130
*/
128-
uint8_t setPassword(char * password, char * userid, char * newpassword);
131+
uint8_t setPassword(char * password, char * userid, char * newpassword, bool securemode = false);
129132
/** dummy code not implemented in the enterprise SSC*/
130-
uint8_t setNewPassword_SUM(char * password, char * userid, char * newpassword);
133+
uint8_t setNewPassword_SUM(char * password, char * userid, char * newpassword, bool securemode = false);
131134
uint8_t setLockingRange(uint8_t lockingrange, uint8_t lockingstate,
132135
char * password);
133136
/** dummy code not implemented in the enterprise SSC*/
@@ -180,10 +183,11 @@ class DtaDevEnterprise : public DtaDevOS {
180183
/** User command to prepare the device for management by sedutil.
181184
* Specific to the SSC that the device supports
182185
* @param password the password that is to be assigned to the SSC master entities
186+
* @param securemode is the new password should be interactively asked
183187
*/
184-
uint8_t initialSetup(char * password);
188+
uint8_t initialSetup(char * password, bool securemode = false);
185189
/** dummy code not implemented in the enterprise SSC*/
186-
uint8_t setup_SUM(uint8_t lockingrange, uint64_t start, uint64_t length, char *Admin1Password, char * password);
190+
uint8_t setup_SUM(uint8_t lockingrange, uint64_t start, uint64_t length, char *Admin1Password, char * password, bool securemode = false);
187191
/** Displays the identify and discovery 0 information */
188192
void puke();
189193
/** Dumps an object for diagnostic purposes

Common/DtaDevGeneric.cpp

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -62,13 +62,13 @@ DtaDevGeneric::~DtaDevGeneric()
6262
void DtaDevGeneric::init(const char * devref)
6363
{
6464
}
65-
uint8NOCODE(initialSetup, char *password)
65+
uint8NOCODE(initialSetup, char *password, bool securemode)
6666
uint8NOCODE(configureLockingRange,uint8_t lockingrange,
6767
uint8_t enabled, char * password)
6868
uint8NOCODE(revertLockingSP,char * password, uint8_t keep)
69-
uint8NOCODE(setup_SUM, uint8_t lockingrange, uint64_t start, uint64_t length, char *Admin1Password, char * password)
70-
uint8NOCODE(setPassword,char * password, char * userid, char * newpassword)
71-
uint8NOCODE(setNewPassword_SUM,char * password, char * userid, char * newpassword)
69+
uint8NOCODE(setup_SUM, uint8_t lockingrange, uint64_t start, uint64_t length, char *Admin1Password, char * password, bool securemode)
70+
uint8NOCODE(setPassword,char * password, char * userid, char * newpassword, bool securemode)
71+
uint8NOCODE(setNewPassword_SUM,char * password, char * userid, char * newpassword, bool securemode)
7272
uint8NOCODE(setMBREnable,uint8_t mbrstate, char * Admin1Password)
7373
uint8NOCODE(setMBRDone,uint8_t mbrstate, char * Admin1Password)
7474
uint8NOCODE(setLockingRange,uint8_t lockingrange, uint8_t lockingstate,
@@ -90,9 +90,9 @@ uint8NOCODE(loadPBA,char * password, char * filename)
9090
uint8NOCODE(activateLockingSP,char * password)
9191
uint8NOCODE(activateLockingSP_SUM,uint8_t lockingrange, char * password)
9292
uint8NOCODE(eraseLockingRange_SUM, uint8_t lockingrange, char * password)
93-
uint8NOCODE(takeOwnership, char * newpassword)
93+
uint8NOCODE(takeOwnership, char * newpassword, bool securemode)
9494
uint8NOCODE(setSIDPassword,char * oldpassword, char * newpassword,
95-
uint8_t hasholdpwd, uint8_t hashnewpwd)
95+
uint8_t hasholdpwd, uint8_t hashnewpwd, bool securemode)
9696
uint16_t DtaDevGeneric::comID()
9797
{
9898
LOG(E) << "Generic Device class does not support function " << "comID" << std::endl;

Common/DtaDevGeneric.h

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -56,36 +56,40 @@ class DtaDevGeneric : public DtaDevOS {
5656
* Specific to the SSC that the device supports
5757
* @param password the password that is to be assigned to the SSC master entities
5858
*/
59-
uint8_t initialSetup(char * password) ;
59+
uint8_t initialSetup(char * password, bool securemode) ;
6060
/** User command to prepare the drive for Single User Mode and rekey a SUM locking range.
6161
* @param lockingrange locking range number to enable
6262
* @param start LBA to start locking range
6363
* @param length length (in blocks) for locking range
6464
* @param Admin1Password admin1 password for TPer
6565
* @param password User password to set for locking range
66+
* @param securemode is the new password shoulb be interactively asked
6667
*/
67-
uint8_t setup_SUM(uint8_t lockingrange, uint64_t start, uint64_t length, char *Admin1Password, char * password);
68+
uint8_t setup_SUM(uint8_t lockingrange, uint64_t start, uint64_t length, char *Admin1Password, char * password, bool securemode = false);
6869
/** Set the SID password.
6970
* Requires special handling because password is not always hashed.
7071
* @param oldpassword current SID password
7172
* @param newpassword value password is to be changed to
7273
* @param hasholdpwd is the old password to be hashed before being added to the bytestream
7374
* @param hashnewpwd is the new password to be hashed before being added to the bytestream
75+
* @param securemode is the new password shoulb be interactively asked
7476
*/
7577
uint8_t setSIDPassword(char * oldpassword, char * newpassword,
76-
uint8_t hasholdpwd = 1, uint8_t hashnewpwd = 1) ;
78+
uint8_t hasholdpwd = 1, uint8_t hashnewpwd = 1, bool securemode = false) ;
7779
/** Set the password of a locking SP user.
7880
* @param password current password
7981
* @param userid the userid whose password is to be changed
8082
* @param newpassword value password is to be changed to
83+
* @param securemode is the new password should be interactively asked
8184
*/
82-
uint8_t setPassword(char * password, char * userid, char * newpassword) ;
85+
uint8_t setPassword(char * password, char * userid, char * newpassword, bool securemode = false) ;
8386
/** Set the password of a locking SP user in Single User Mode.
8487
* @param password current user password
8588
* @param userid the userid whose password is to be changed
8689
* @param newpassword value password is to be changed to
90+
* @param securemode is the new password should be interactively asked
8791
*/
88-
uint8_t setNewPassword_SUM(char * password, char * userid, char * newpassword) ;
92+
uint8_t setNewPassword_SUM(char * password, char * userid, char * newpassword, bool securemode = false) ;
8993
/** Loads a disk image file to the shadow MBR table.
9094
* @param password the password for the administrative authority with access to the table
9195
* @param filename the filename of the disk image
@@ -174,8 +178,9 @@ class DtaDevGeneric : public DtaDevOS {
174178
uint8_t eraseLockingRange_SUM(uint8_t lockingrange, char * password);
175179
/** Change the SID password from it's MSID default
176180
* @param newpassword new password for SID and locking SP admins
181+
* @param securemode is the new password should be interactively asked
177182
*/
178-
uint8_t takeOwnership(char * newpassword) ;
183+
uint8_t takeOwnership(char * newpassword, bool securemode = false) ;
179184
/** Reset the Locking SP to its factory default condition
180185
* ERASES ALL DATA!
181186
* @param password of Administrative user

0 commit comments

Comments
 (0)