zfs crypto discuss - Mar 2008 - [Bug 671] New: key -l needs prompts need to indicate which pool/ dataset nd what type of data

http://defect.opensolaris.org/bz/show_bug.cgi?id=671

           Summary: key -l needs prompts need to indicate which pool/dataset
                    nd what type of data
    Classification: Development
           Product: zfs-crypto
           Version: unspecified
          Platform: Other
        OS/Version: Solaris
            Status: NEW
          Severity: major
          Priority: P2
         Component: other
        AssignedTo: darrenm at opensolaris.org
        ReportedBy: darrenm at opensolaris.org
         QAContact: hua.tang at sun.com
                CC: zfs-crypto-discuss at opensolaris.org
   Estimated Hours: 0.0


If you have multiple pools that need their passphrase entered it is possible
to run zpool key -l with no pool name.

However there is no indication to the user which pool the passphrase is being
requested for.

The prompt is also wrong because it requests the user to "Enter key:"
it isn''t
a key they are entering in all cases.

This means we need to stop using pkcs11_get_pass() as it won''t give the
correct
prompts.

The following are the types of prompts required:

keysource=passphrase,prompt
# zpool key -l tank
Enter passphrase for pool "tank":

keysource=raw,prompt
# zpool key -l tank
Enter raw key for pool "tank":

keysource=hex,prompt
# zpool key -l tank
Enter hex key for pool "tank":

Multiple pools with different keysource types
# zpool key -l
Enter passphrase for pool "tank":
Enter hex key for pool "bus":
Enter raw key for pool "car":

Note that in no cases we should NOT be trying a previously entered key, eg
where there are 3 pools all with the same passphrase.

Similarly for dataset prompting:

keyscope=dataset keysource=passphrase,prompt
$ zfs key -l tank/home/bob
Enter passphrase for dataset "tank/home/bob:

I could be convinced that the "for pool" or "for dataset"
may not be necessary
since it should be implicit from which command was run but unless there is a
major issue providing it I think it is helpful to the user.

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=671


Darren J Moffat <darrenm at opensolaris.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|darrenm at opensolaris.org     |ajscarp at yahoo.com




-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

bugzilla-daemon at defect.opensolaris.org wrote:
>
> keysource=raw,prompt
> # zpool key -l tank
> Enter raw key for pool "tank":
Can raw key be prompted?

Thanks,
- Grace

Grace Tang wrote:
> bugzilla-daemon at defect.opensolaris.org wrote:
>> keysource=raw,prompt
>> # zpool key -l tank
>> Enter raw key for pool "tank":
> Can raw key be prompted?
> 
> Thanks,
> - Grace
No, only hex and passphrase will be accepted by raw..

Tony

Anthony Scarpino wrote:
> Grace Tang wrote:
>> bugzilla-daemon at defect.opensolaris.org wrote:
>>> keysource=raw,prompt
>>> # zpool key -l tank
>>> Enter raw key for pool "tank":
>> Can raw key be prompted?
>>
>> Thanks,
>> - Grace
> 
> No, only hex and passphrase will be accepted by raw..
That is not what the PSARC documents say.

All formats raw,hex,passphrase can be prompted for.

-- 
Darren J Moffat

----- Original Message -----
From: Darren J Moffat <Darren.Moffat at Sun.COM>
Date: Tuesday, March 4, 2008 6:11 pm
Subject: Re: [Bug 671] New: key -l needs prompts need to indicate which pool/
dataset nd what type of data
To: Anthony Scarpino <anthony.scarpino at sun.com>
Cc: Grace Tang <Hua.Tang at Sun.COM>, zfs-crypto-discuss at
opensolaris.org
> Anthony Scarpino wrote:
> > Grace Tang wrote:
> >> bugzilla-daemon at defect.opensolaris.org wrote:
> >>> keysource=raw,prompt
> >>> # zpool key -l tank
> >>> Enter raw key for pool "tank":
> >> Can raw key be prompted?
> >>
> >> Thanks,
> >> - Grace
> > 
> > No, only hex and passphrase will be accepted by raw..
> 
> That is not what the PSARC documents say.
> 
> All formats raw,hex,passphrase can be prompted for.
raw key file is a data file. What is the prompted raw key value?

Thanks,
- Grace
> 
> -- 
> Darren J Moffat
>

Hua Grace Tang wrote:
>> All formats raw,hex,passphrase can be prompted for.
> 
> raw key file is a data file. What is the prompted raw key value?
raw doesn''t imply it is in a file.

It is the same format of raw read from stdin as would be read from the file.

These are roughly equivalent and as far as the kernel side of ZFS is 
concerned are the same.


# zpool set keysource=raw,prompt tank
# cat tank.key | zpool key -l tank
#

# zpool set keysource=raw,file:///tank.key tank
# zpool key -l tank
#

-- 
Darren J Moffat

Darren J Moffat wrote:
> Anthony Scarpino wrote:
>> Grace Tang wrote:
>>> bugzilla-daemon at defect.opensolaris.org wrote:
>>>> keysource=raw,prompt
>>>> # zpool key -l tank
>>>> Enter raw key for pool "tank":
>>> Can raw key be prompted?
>>>
>>> Thanks,
>>> - Grace
>> No, only hex and passphrase will be accepted by raw..
> 
> That is not what the PSARC documents say.
> 
> All formats raw,hex,passphrase can be prompted for.
> 
So how is a user suppose to type a raw key on the prompt

Enter key: \0x7eA.`\0x05

or something?

If you''re thinking about redirecting or piping it in, it''s
already
sitting in a file.. it''s easier to just use the file locater..

Tony

Darren J Moffat wrote:
> Hua Grace Tang wrote:
>>> All formats raw,hex,passphrase can be prompted for.
>> raw key file is a data file. What is the prompted raw key value?
> 
> raw doesn''t imply it is in a file.
> 
> It is the same format of raw read from stdin as would be read from the
file.
> 
> These are roughly equivalent and as far as the kernel side of ZFS is 
> concerned are the same.
> 
> 
> # zpool set keysource=raw,prompt tank
> # cat tank.key | zpool key -l tank
> #
> 
> # zpool set keysource=raw,file:///tank.key tank
> # zpool key -l tank
> #
> 
This is fine for the CLI,  but two problems:

1) the word "prompt" does not make one think "pipe".  I
expect to see a
prompt, no cat it into the command.

2) As for the GUI or other similar API it would be neither a prompt or a 
pipe, it would be a load..

The term does not describe what you''re asking..  The design doc in fact
(page 7) makes no specific reference to "raw" or "hex" in
using with the
prompt locater.  The only reference is to "other formats" that it
won''t
ask twice on new or changed keys..

Tony

Anthony Scarpino wrote:
> So how is a user suppose to type a raw key on the prompt
> 
> Enter key: \0x7eA.`\0x05
> 
> or something?
They aren''t going to do that, that is why we have the "hex"
format so if
the user needs to type it in they can do.
> If you''re thinking about redirecting or piping it in,
it''s already
> sitting in a file.. it''s easier to just use the file locater..
It might not be in a file but being generated from some other program eg:

# /opt/local/bin/getzfskeys tank | zpool key -l tank


-- 
Darren J Moffat

Anthony Scarpino wrote:
> This is fine for the CLI,  but two problems:
> 
> 1) the word "prompt" does not make one think "pipe".  I
expect to see a
> prompt, no cat it into the command.
If you can find a better name please free free to suggest it.  For what 
it is worth I ran the syntax by several people who are admins and wanted 
a scripted interface to this and they understood what prompt meant.
> 2) As for the GUI or other similar API it would be neither a prompt or a 
> pipe, it would be a load..
For the GUI and some other thing using the API (eg a PAM module) they 
would be passing the raw key in via the structure to zpool_load_key() 
anyway.

-- 
Darren J Moffat

http://defect.opensolaris.org/bz/show_bug.cgi?id=671


ajscarp at yahoo.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




--- Comment #1 from ajscarp at yahoo.com  2008-03-18 16:18:04 ---
included in 3-12 build..

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.