Date: Sun, 22 Sep 2013 14:36:27 GMT From: def@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r257606 - in soc2013/def/crashdump-head/sys: kern sys Message-ID: <201309221436.r8MEaRoI061658@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: def Date: Sun Sep 22 14:36:27 2013 New Revision: 257606 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257606 Log: Remove key and tweak constants. Remove HKDF. Include an encrypted key in a kernel dump hader. Modified: soc2013/def/crashdump-head/sys/kern/kern_shutdown.c soc2013/def/crashdump-head/sys/sys/kerneldump.h Modified: soc2013/def/crashdump-head/sys/kern/kern_shutdown.c ============================================================================== --- soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Sun Sep 22 13:54:08 2013 (r257605) +++ soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Sun Sep 22 14:36:27 2013 (r257606) @@ -857,11 +857,9 @@ if (dumper.dumper != NULL) return (EBUSY); dumper = *di; - dumper.kdk = &dumperkey; - dumper.kdb = &dumperbuffer; #ifdef ENCRYPT_CRASH - kerneldump_crypto_init(&dumper); + kerneldump_crypto_init(&dumper, &dumperkey, &dumperbuffer); #endif wantcopy = strlcpy(dumpdevname, devname, sizeof(dumpdevname)); @@ -942,73 +940,17 @@ #endif } -static void -kerneldump_hkdf_expand(struct xts_ctx *ctx, const uint8_t *masterkey, uint8_t *key, - int idx, const uint8_t *magic, size_t magicsize) -{ - uint8_t byte_idx = idx; - - hmac_init(&ctx->o.pctx_hmac, CRYPTO_SHA2_512_HMAC, - masterkey, KERNELDUMP_KEY_SIZE); - hmac_update(&ctx->o.pctx_hmac, key, KERNELDUMP_KEY_SIZE); - hmac_update(&ctx->o.pctx_hmac, magic, magicsize); - hmac_update(&ctx->o.pctx_hmac, &byte_idx, sizeof(byte_idx)); - hmac_final(&ctx->o.pctx_hmac, key, KERNELDUMP_KEY_SIZE); -} - void -kerneldump_crypto_init(struct dumperinfo *di) +kerneldump_crypto_init(struct dumperinfo *di, struct kerneldumpkey *kdk, + struct kerneldumpbuffer *kdb) { - if (di->kdk == NULL || di->kdb == NULL) { + if (kdk == NULL || kdb == NULL) { printf("Attempt to initialize a non-existing kernel dump key and buffer."); return; } - di->kdk = kerneldump_set_key(di->kdk, KERNELDUMP_KEY_SIZE, kerneldump_key, kerneldump_tweak); - di->kdb = kerneldump_set_buffer(di->kdb); -} - -struct kerneldumpkey * -kerneldump_set_key(struct kerneldumpkey *kdk, int keysize, char *masterkey, char *tweak) -{ - uint8_t key[KERNELDUMP_KEY_SIZE]; - struct xts_ctx ctx; - - if (kdk == NULL) { - printf("Cannot initialize kernel dump key."); - return (NULL); - } - - kdk->keysize = keysize; - memcpy(kdk->key, masterkey, kdk->keysize); - memcpy(kdk->tweak, tweak, KERNELDUMP_TWEAK_SIZE); - bzero(&kdk->tweak_ctx, sizeof(kdk->tweak_ctx)); - bzero(&kdk->data_ctx, sizeof(kdk->data_ctx)); - bzero(key, KERNELDUMP_KEY_SIZE); - - kerneldump_hkdf_expand(&ctx, kdk->key, key, 1, kerneldump_magic, sizeof(kerneldump_magic)); - xts_alg_aes.pa_keysetup(&kdk->data_ctx, key, kdk->keysize << 3); - - kerneldump_hkdf_expand(&ctx, kdk->key, key, 2, kerneldump_magic, sizeof(kerneldump_magic)); - xts_alg_aes.pa_keysetup(&kdk->tweak_ctx, key, kdk->keysize << 3); - - bzero(&ctx, sizeof(ctx)); - bzero(key, KERNELDUMP_KEY_SIZE); - - return (kdk); -} - -struct kerneldumpbuffer * -kerneldump_set_buffer(struct kerneldumpbuffer *kdb) -{ - if (kdb == NULL) { - printf("Cannot initialize kernel dump buffer."); - return (NULL); - } - - kdb->kdhoffset = 0; - - return (kdb); + di->kdk = kdk; + di->kdb = kdb; } void @@ -1029,7 +971,7 @@ if (panicstr != NULL) strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); kdh->keysize = dumper.kdk->keysize; - strncpy(kdh->key, dumper.kdk->key, kdh->keysize); + strncpy(kdh->encrypted_key, dumper.kdk->encrypted_key, KERNELDUMP_ENCRYPTED_KEY_SIZE); strncpy(kdh->tweak, dumper.kdk->tweak, KERNELDUMP_TWEAK_SIZE); kdh->parity = kerneldump_parity(kdh); } Modified: soc2013/def/crashdump-head/sys/sys/kerneldump.h ============================================================================== --- soc2013/def/crashdump-head/sys/sys/kerneldump.h Sun Sep 22 13:54:08 2013 (r257605) +++ soc2013/def/crashdump-head/sys/sys/kerneldump.h Sun Sep 22 14:36:27 2013 (r257606) @@ -83,10 +83,10 @@ uint64_t dumptime; uint32_t blocksize; char hostname[64]; - char versionstring[170]; - char panicstring[170]; + char versionstring[58]; + char panicstring[58]; int keysize; - char key[KERNELDUMP_KEY_SIZE]; + char encrypted_key[KERNELDUMP_ENCRYPTED_KEY_SIZE]; char tweak[KERNELDUMP_TWEAK_SIZE]; uint32_t parity; }; @@ -111,7 +111,6 @@ struct kerneldumpkey { int keysize; - char key[KERNELDUMP_KEY_SIZE]; char encrypted_key[KERNELDUMP_ENCRYPTED_KEY_SIZE]; char tweak[KERNELDUMP_TWEAK_SIZE]; struct xts_ctx data_ctx; @@ -119,19 +118,6 @@ }; #ifdef _KERNEL -/* - * Constant key for kernel crash dumps. - */ -static char kerneldump_key[KERNELDUMP_KEY_SIZE] = { - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 -}; - -static char kerneldump_tweak[KERNELDUMP_TWEAK_SIZE] = { - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 -}; - struct kerneldumpbuffer { #define KERNELDUMP_DEVBLK_SIZE 512 #define KERNELDUMP_SECTOR_SIZE 4096 @@ -141,9 +127,8 @@ off_t kdhoffset; /* Offset value of the first kdh. */ }; -void kerneldump_crypto_init(struct dumperinfo *di); -struct kerneldumpkey *kerneldump_set_key(struct kerneldumpkey *kdk, int keysize, char *key, char *tweak); -struct kerneldumpbuffer *kerneldump_set_buffer(struct kerneldumpbuffer *kdb); +void kerneldump_crypto_init(struct dumperinfo *di, struct kerneldumpkey *kdk, + struct kerneldumpbuffer *kdb); void mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver, uint64_t dumplen, uint32_t blksz); #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309221436.r8MEaRoI061658>