www.fabiankeil.de/gehacktes/geli-key-monitor/

geli-key-monitor: DTrace script to monitor geli keys on FreeBSD

While testing zogftw's create subcommand, I noticed (with a little help from ZFS) a flaw in the master key generation for geli version 7. The problem was quickly fixed and only affected FreeBSD-CURRENT.

I used the DTrace script geli-key-monitor.d to analyze the cause of the problem. The script was also helpful to to test a potential fix and the final one.

geli-key-monitor shows parts of the keys of attached geli providers, caches them and shows a warning in case of cache hits which likely indicate weak keys (or the same provider getting attached twice while the script is running):

fk@r500 ~ $sudo ~/scripts/geli-key-monitor.d
2012 Aug  4 17:59:17: Monitoring geli keys. Press CTRL-C to exit.
2012 Aug  4 17:59:21: md0.eli: g_eli_mkey_propagate:entry : version: 7, algo: AES-XTS, flags: 0x0 (FLAG_ENC_IVKEY: 0) mkey: a2e0232b, sc_mkey: 00000000, sc_ekey: 00000000
2012 Aug  4 17:59:21: md0.eli: g_eli_key_fill:entry : key->gek_key: 00000000 (0).
2012 Aug  4 17:59:21: md0.eli: g_eli_key_fill:return: key->gek_key: 06d800ef (0). Key looks familiar!
2012 Aug  4 17:59:21: md0.eli: g_eli_mkey_propagate:return: mkey: a2e0232b, sc_mkey: a2e0232b, sc_ekey: 00000000
2012 Aug  4 17:59:22: md0.eli: g_eli_mkey_propagate:entry : version: 7, algo: AES-XTS, flags: 0x0 (FLAG_ENC_IVKEY: 0) mkey: 3e856e49, sc_mkey: 00000000, sc_ekey: 00000000
2012 Aug  4 17:59:22: md0.eli: g_eli_key_fill:entry : key->gek_key: 00000000 (0).
2012 Aug  4 17:59:22: md0.eli: g_eli_key_fill:return: key->gek_key: 06d800ef (0). Key looks familiar!
2012 Aug  4 17:59:22: md0.eli: g_eli_mkey_propagate:return: mkey: 3e856e49, sc_mkey: 3e856e49, sc_ekey: 00000000
2012 Aug  4 17:59:27: md0.eli: g_eli_mkey_propagate:entry : version: 6, algo: AES-XTS, flags: 0x400000 (FLAG_ENC_IVKEY: 1) mkey: 22d86ed8, sc_mkey: 00000000, sc_ekey: 00000000
2012 Aug  4 17:59:27: md0.eli: g_eli_key_fill:entry : key->gek_key: 00000000 (0).
2012 Aug  4 17:59:27: md0.eli: g_eli_key_fill:return: key->gek_key: eedb8233 (0).
2012 Aug  4 17:59:27: md0.eli: g_eli_mkey_propagate:return: mkey: 22d86ed8, sc_mkey: 22d86ed8, sc_ekey: 00000000
2012 Aug  4 17:59:27: md0.eli: g_eli_mkey_propagate:entry : version: 6, algo: AES-XTS, flags: 0x400000 (FLAG_ENC_IVKEY: 1) mkey: 3a8e435d, sc_mkey: 00000000, sc_ekey: 00000000
2012 Aug  4 17:59:27: md0.eli: g_eli_key_fill:entry : key->gek_key: 00000000 (0).
2012 Aug  4 17:59:27: md0.eli: g_eli_key_fill:return: key->gek_key: 46264956 (0).
2012 Aug  4 17:59:27: md0.eli: g_eli_mkey_propagate:return: mkey: 3a8e435d, sc_mkey: 3a8e435d, sc_ekey: 00000000
^C

---------------------------------------------------------
g_eli_key_hold() calls so far:
Provider             Geli version          Algorithm  mkey start  ekey start      calls
[..]
md0.eli                         6       AES-XTS (22)    22d86ed8    00000000       8713
md0.eli                         6       AES-XTS (22)    3a8e435d    00000000       8713
md0.eli                         7       AES-XTS (22)    3e856e49    00000000      11590
md0.eli                         7       AES-XTS (22)    a2e0232b    00000000      11593

g_eli_key count (only works for geli version 5 or higher):
md0.eli                   46264956          1
md0.eli                   eedb8233          1
md0.eli                   06d800ef          2

While the script is a one-trick pony and pretty much obsolete now that the issue has been fixed, it could still be useful as example when dtracing other geoms.

Of course it also shows why DTrace is awesome in general, but hopefully you already knew that.