Date: Sun, 22 Sep 2013 01:47:48 GMT From: def@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r257596 - soc2013/def/crashdump-head/sbin/dumpkey Message-ID: <201309220147.r8M1lmRI075511@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: def Date: Sun Sep 22 01:47:48 2013 New Revision: 257596 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257596 Log: Use kern.dumpkey in order to transfer key's data to kernel. Refactor dumpkey. Modified: soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Modified: soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c ============================================================================== --- soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Sun Sep 22 01:45:56 2013 (r257595) +++ soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Sun Sep 22 01:47:48 2013 (r257596) @@ -35,11 +35,11 @@ } static int -read_data(char *buf, size_t size, const char *file) +random_data(char *buf, size_t size) { FILE *fp; - fp = fopen(file, "r"); + fp = fopen(PATH_DEVRANDOM, "r"); if (fp == NULL) return (-1); @@ -56,16 +56,7 @@ } static int -random_data(char *buf, size_t size) -{ - if(read_data(buf, size, PATH_DEVRANDOM)) - return (-1); - - return (0); -} - -static int -encrypt_key(char *key, size_t keysize, char *encrypted_key, RSA *public_key, char *public_key_file) +encrypt_key(char *key, char *encrypted_key, RSA *public_key, char *public_key_file) { FILE *fp; @@ -80,61 +71,46 @@ if (public_key == NULL) return (-1); - if (RSA_public_encrypt(keysize, key, encrypted_key, public_key, RSA_PKCS1_PADDING) == -1) + if (RSA_public_encrypt(KERNELDUMP_KEY_SIZE, key, encrypted_key, public_key, RSA_PKCS1_PADDING) == -1) return (-1); return (0); } static int -expand_key(char *key, size_t keysize, char *data_key, char *tweak_key) +expand_key(char *masterkey, struct xts_ctx *data_ctx, struct xts_ctx *tweak_ctx) { struct xts_ctx ctx; + char key[KERNELDUMP_KEY_SIZE]; - bzero(&ctx, sizeof(ctx)); - bzero(data_key, keysize); - bzero(tweak_key, keysize); - - hkdf_expand(&ctx, key, data_key, 1, kerneldump_magic, sizeof(kerneldump_magic)); - memcpy(tweak_key, data_key, keysize); - hkdf_expand(&ctx, key, tweak_key, 2, kerneldump_magic, sizeof(kerneldump_magic)); - - bzero(&ctx, sizeof(ctx)); + bzero(key, KERNELDUMP_KEY_SIZE); + bzero(&ctx, sizeof(struct xts_ctx)); + bzero(data_ctx, sizeof(struct xts_ctx)); + bzero(tweak_ctx, sizeof(struct xts_ctx)); - return (0); -} + hkdf_expand(&ctx, masterkey, key, 1, kerneldump_magic, sizeof(kerneldump_magic)); + xts_alg_aes.pa_keysetup(data_ctx, key, KERNELDUMP_KEY_SIZE << 3); -static int -set_data_key(char *key, size_t keysize) -{ - return (sysctlbyname("kern.dump.key.data", NULL, 0, key, keysize)); -} + hkdf_expand(&ctx, masterkey, key, 2, kerneldump_magic, sizeof(kerneldump_magic)); + xts_alg_aes.pa_keysetup(tweak_ctx, key, KERNELDUMP_KEY_SIZE << 3); -static int -set_tweak_key(char *key, size_t keysize) -{ - return (sysctlbyname("kern.dump.key.tweak", NULL, 0, key, keysize)); -} + bzero(&ctx, sizeof(struct xts_ctx)); + bzero(key, KERNELDUMP_KEY_SIZE); -static int -set_encrypted_key(char *key, size_t keysize) -{ - return (sysctlbyname("kern.dump.key.encrypted", NULL, 0, key, keysize)); + return (0); } static int -set_tweak(char *tweak, size_t tweaksize) +sysctl_dumpkey(struct kerneldumpkey *key) { - return (sysctlbyname("kern.dump.tweak", NULL, 0, tweak, tweaksize)); + return (sysctlbyname("kern.dumpkey", NULL, NULL, key, sizeof(struct kerneldumpkey))); } int main(int argc, char **argv) { - char *public_key_file; - char key[KERNELDUMP_KEY_SIZE], encrypted_key[KERNELDUMP_ENCRYPTED_KEY_SIZE]; - char data_key[KERNELDUMP_KEY_SIZE], tweak_key[KERNELDUMP_KEY_SIZE]; - char tweak[KERNELDUMP_TWEAK_SIZE]; + struct kerneldumpkey key; + char *public_key_file, buf[KERNELDUMP_KEY_SIZE]; int ch, error; RSA *public_key; @@ -163,60 +139,41 @@ goto out; } - if (random_data(key, KERNELDUMP_KEY_SIZE)) { - printf("Error: cannot generate a symmetric key.\n"); - error = 1; - goto out; - } + key.keysize = KERNELDUMP_KEY_SIZE; - if (encrypt_key(key, KERNELDUMP_KEY_SIZE, encrypted_key, public_key, public_key_file)) { - printf("Error: cannot encrypt a symmetric key.\n"); - error = 1; - goto out; - } - - if (set_encrypted_key(encrypted_key, KERNELDUMP_ENCRYPTED_KEY_SIZE)) { - printf("Error: cannot set an encrypted symmetric key.\n"); + if (random_data(buf, KERNELDUMP_KEY_SIZE)) { + printf("Error: cannot generate a symmetric key.\n"); error = 1; goto out; } - if (expand_key(key, KERNELDUMP_KEY_SIZE, data_key, tweak_key)) { + if (expand_key(buf, &key.data_ctx, &key.tweak_ctx)) { printf("Error: cannot expand a symmetric key."); error = 1; goto out; } - if (set_data_key(data_key, KERNELDUMP_KEY_SIZE)) { - printf("Error: cannot set a symmetric data key.\n"); - error = 1; - goto out; - } - - if (set_tweak_key(tweak_key, KERNELDUMP_KEY_SIZE)) { - printf("Error: cannot set a symmetric tweak key."); + if (encrypt_key(buf, key.encrypted_key, public_key, public_key_file)) { + printf("Error: cannot encrypt a symmetric key.\n"); error = 1; goto out; } - if (random_data(tweak, KERNELDUMP_TWEAK_SIZE)) { + if (random_data(key.tweak, KERNELDUMP_TWEAK_SIZE)) { printf("Error: cannot generate a tweak.\n"); error = 1; goto out; } - if (set_tweak(tweak, KERNELDUMP_TWEAK_SIZE)) { - printf("Error: cannot set a tweak.\n"); + if (sysctl_dumpkey(&key)) { + printf("Error: cannot set a kernel crash dump key.\n"); error = 1; goto out; } out: - bzero(key, KERNELDUMP_KEY_SIZE); - bzero(encrypted_key, KERNELDUMP_ENCRYPTED_KEY_SIZE); - bzero(data_key, KERNELDUMP_KEY_SIZE); - bzero(tweak_key, KERNELDUMP_KEY_SIZE); - bzero(tweak, KERNELDUMP_TWEAK_SIZE); + bzero(&key, sizeof(struct kerneldumpkey)); + bzero(buf, KERNELDUMP_KEY_SIZE); RSA_free(public_key); ERR_free_strings();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309220147.r8M1lmRI075511>