From owner-svn-src-head@freebsd.org Sun Dec 11 17:01:53 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 818B8C72693; Sun, 11 Dec 2016 17:01:53 +0000 (UTC) (envelope-from chmeeedalf@gmail.com) Received: from mail-io0-x241.google.com (mail-io0-x241.google.com [IPv6:2607:f8b0:4001:c06::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49C1078B; Sun, 11 Dec 2016 17:01:53 +0000 (UTC) (envelope-from chmeeedalf@gmail.com) Received: by mail-io0-x241.google.com with SMTP id f73so16953062ioe.2; Sun, 11 Dec 2016 09:01:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8/rXCfdIG1CRTOAxEr6IHl/GkbvvREoUZ4tqMhpwRsM=; b=x/VvSeux/RTT+ay5Pw790BXmIDCkss3ZqTIij+umb+cQM1kNCcTrwepNhjSW+shqHQ 0cBF/fuVIQmNza0gSRTfrQ3SksrG9Ly/NyAU3KFxY5pudnYTgpK17b7Hs1kc9xEpghEJ aTC6duLG90FHNlUub4e1notGwBbAHAIgAsz9q1w3/c5CsT97d0ZDR9FNHWwZ24XGX3aV z1UXENWNghX14ngY6KwmjGnxT9W2uY0jc2XePvlwB55+rY7e5oq3eMB3MdZ4T6Zo+5nB BVqWmg9tmwQX2AHhosVvVZmCIkYoKpxOMrmDF56u/tc3/tBF6HA+2I0TaDE6KkGEB0on ynPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8/rXCfdIG1CRTOAxEr6IHl/GkbvvREoUZ4tqMhpwRsM=; b=l8ARrFclse8mJ1vBINtge+uJ0Ciur2pF7SEXbqzC4Mept+M4W8cnvV0QS2Prlsb0Qx bhuUpZnDQ5OxC1TptZ2qJTio9pZVxcagfjeuHlxbhOdD/qcZYUi7yYyl9I9jeCKYrzCV 1mfMhz0mkOfC1eptU/vQWoqxClggyvR9q70z6nFHz5ajgkgRW1TFdm+hiQZBJx/pCno/ ZvslgoAiN0G0ZzWS7EF4sbii0VkUE+JRUbaaFjnjFeAZs/QqVBew3dCDXUk1i6goOqvl vYK+p0DmY1WHSaWtT0pbliU5AS7tGXZa4cazPvWe+9Ici74RYBxLkesOUdegyUm8uqTu d2hQ== X-Gm-Message-State: AKaTC00ie9dPa33irQ7K6EeEFLJ0TSzOvljPeXackBUN7Pf28rCQ8KpbUPECCGhtlyL7aQ== X-Received: by 10.36.101.5 with SMTP id u5mr14973406itb.45.1481475712355; Sun, 11 Dec 2016 09:01:52 -0800 (PST) Received: from zhabar.knownspace (50-80-150-234.client.mchsi.com. [50.80.150.234]) by smtp.gmail.com with ESMTPSA id k205sm5060003ita.15.2016.12.11.09.01.51 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Dec 2016 09:01:52 -0800 (PST) Date: Sun, 11 Dec 2016 11:01:47 -0600 From: Justin Hibbits To: Konrad Witaszczyk Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r309818 - in head: etc/defaults etc/rc.d sbin sbin/decryptcore sbin/dumpon sbin/savecore share/man/man5 sys/amd64/amd64 sys/arm/arm sys/arm64/arm64 sys/conf sys/ddb sys/dev/null sys/geo... Message-ID: <20161211110147.796ab13c@zhabar.knownspace> In-Reply-To: <56f24e51-140c-5e30-08df-9ffa0bdf73bb@FreeBSD.org> References: <201612101620.uBAGKdUg033773@repo.freebsd.org> <043C7408-A0FA-4316-B24B-3A181146FE20@gmail.com> <56f24e51-140c-5e30-08df-9ffa0bdf73bb@FreeBSD.org> X-Mailer: Claws Mail 3.14.0 (GTK+ 2.24.29; powerpc64-portbld-freebsd12.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 17:01:53 -0000 On Sat, 10 Dec 2016 21:53:43 +0100 Konrad Witaszczyk wrote: > On 12/10/2016 20:20, Justin Hibbits wrote: > > On Dec 10, 2016, at 10:20 AM, Konrad Witaszczyk wrote: > >> Author: def > >> Date: Sat Dec 10 16:20:39 2016 > >> New Revision: 309818 > >> URL: https://svnweb.freebsd.org/changeset/base/309818 > >> > >> Log: > >> Add support for encrypted kernel crash dumps. > >> > >> Changes include modifications in kernel crash dump routines, > >> dumpon(8) and savecore(8). A new tool called decryptcore(8) was > >> added. > >> > >> A new DIOCSKERNELDUMP I/O control was added to send a kernel > >> crash dump configuration in the diocskerneldump_arg structure to > >> the kernel. The old DIOCSKERNELDUMP I/O control was renamed to > >> DIOCSKERNELDUMP_FREEBSD11 for > >> backward ABI compatibility. > >> > >> dumpon(8) generates an one-time random symmetric key and encrypts > >> it using an RSA public key in capability mode. Currently only > >> AES-256-CBC is supported but EKCD was designed to implement > >> support for other algorithms in the future. The public key is > >> chosen using the -k flag. The dumpon rc(8) script can do this > >> automatically during startup using the dumppubkey rc.conf(5) > >> variable. Once the keys are calculated dumpon sends them to the > >> kernel via DIOCSKERNELDUMP I/O control. > >> > >> When the kernel receives the DIOCSKERNELDUMP I/O control it > >> generates a random IV and sets up the key schedule for the > >> specified algorithm. Each time the kernel tries to write a crash > >> dump to the dump device, the IV is replaced by a SHA-256 hash of > >> the previous value. This is intended to make a possible > >> differential cryptanalysis harder since it is possible to write > >> multiple crash dumps without reboot by repeating the following > >> commands: # sysctl debug.kdb.enter=1 > >> db> call doadump(0) > >> db> continue > >> # savecore > >> > >> A kernel dump key consists of an algorithm identifier, an IV and > >> an encrypted symmetric key. The kernel dump key size is included > >> in a kernel dump header. The size is an unsigned 32-bit integer > >> and it is aligned to a block size. The header structure has 512 > >> bytes to match the block size so it was required to > >> make a panic string 4 bytes shorter to add a new field to the > >> header structure. If the kernel dump key size in the header is > >> nonzero it is assumed that the kernel dump key is placed after the > >> first header on the dump device and the core > >> dump is encrypted. > >> > >> Separate functions were implemented to write the kernel dump > >> header and the kernel dump key as they need to be unencrypted. The > >> dump_write function encrypts > >> data if the kernel was compiled with the EKCD option. Encrypted > >> kernel textdumps > >> are not supported due to the way they are constructed which makes > >> it impossible to use the CBC mode for encryption. It should be > >> also noted that textdumps don't > >> contain sensitive data by design as a user decides what > >> information should be dumped. > >> > >> savecore(8) writes the kernel dump key to a key.# file if its > >> size in the header > >> is nonzero. # is the number of the current core dump. > >> > >> decryptcore(8) decrypts the core dump using a private RSA key and > >> the kernel dump key. This is performed by a child process in > >> capability mode. If the decryption was not successful the parent > >> process removes a partially decrypted core dump. > >> > >> Description on how to encrypt crash dumps was added to the > >> decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. > >> > >> EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 > >> using QEMU. The feature still has to be tested on arm and arm64 as > >> it wasn't possible to run > >> FreeBSD due to the problems with QEMU emulation and lack of > >> hardware. > >> > >> Designed by: def, pjd > >> Reviewed by: cem, oshogbo, pjd > >> Partial review: delphij, emaste, jhb, kib > >> Approved by: pjd (mentor) > >> Differential Revision: https://reviews.freebsd.org/D4712 > >> > >> Added: > >> head/sbin/decryptcore/ > >> head/sbin/decryptcore/Makefile (contents, props changed) > >> head/sbin/decryptcore/decryptcore.8 (contents, props changed) > >> head/sbin/decryptcore/decryptcore.c (contents, props changed) > >> Modified: > >> head/etc/defaults/rc.conf > >> head/etc/rc.d/dumpon > >> head/sbin/Makefile > >> head/sbin/dumpon/Makefile > >> head/sbin/dumpon/dumpon.8 > >> head/sbin/dumpon/dumpon.c > >> head/sbin/savecore/savecore.8 > >> head/sbin/savecore/savecore.c > >> head/share/man/man5/rc.conf.5 > >> head/sys/amd64/amd64/minidump_machdep.c > >> head/sys/arm/arm/minidump_machdep.c > >> head/sys/arm64/arm64/minidump_machdep.c > >> head/sys/conf/NOTES > >> head/sys/conf/files > >> head/sys/conf/options > >> head/sys/ddb/db_textdump.c > >> head/sys/dev/null/null.c > >> head/sys/geom/geom_dev.c > >> head/sys/i386/i386/minidump_machdep.c > >> head/sys/kern/kern_dump.c > >> head/sys/kern/kern_shutdown.c > >> head/sys/mips/mips/minidump_machdep.c > >> head/sys/sparc64/sparc64/dump_machdep.c > >> head/sys/sys/conf.h > >> head/sys/sys/disk.h > >> head/sys/sys/kerneldump.h > > > > Nice! Any reason you left out PowerPC from this list though? > > The architectures that I listed implement separate minidump functions > in their MD code. I had to change them to implement EKCD. ppc and > pc98 are not the case and we don't have minidumps in riscv yet. It > means that EKCD should also work on ppc. > Of course all architectures supported by FreeBSD should be verified. > However it is mandatory to test all changes in MD code. > Ah, thanks for the explanation. I hadn't read through the diff, only saw sys/powerpc wasn't on there, but from your explanation it's already handled implicitly by the generic full dump change. Thanks! - Justin