From owner-svn-soc-all@freebsd.org Mon Oct 26 20:36:42 2015 Return-Path: Delivered-To: svn-soc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22888A1EB49 for ; Mon, 26 Oct 2015 20:36:42 +0000 (UTC) (envelope-from def@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1315C134B for ; Mon, 26 Oct 2015 20:36:42 +0000 (UTC) (envelope-from def@FreeBSD.org) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.15.2/8.15.2) with ESMTP id t9QKafUu059357 for ; Mon, 26 Oct 2015 20:36:41 GMT (envelope-from def@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.15.2/8.15.2/Submit) id t9QKafT2059345 for svn-soc-all@FreeBSD.org; Mon, 26 Oct 2015 20:36:41 GMT (envelope-from def@FreeBSD.org) Date: Mon, 26 Oct 2015 20:36:41 GMT Message-Id: <201510262036.t9QKafT2059345@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to def@FreeBSD.org using -f From: def@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r293097 - soc2013/def/crashdump-head/sbin/decryptcore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2015 20:36:42 -0000 Author: def Date: Mon Oct 26 20:36:41 2015 New Revision: 293097 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=293097 Log: Decode kernel dump key. Modified: soc2013/def/crashdump-head/sbin/decryptcore/decryptcore.c Modified: soc2013/def/crashdump-head/sbin/decryptcore/decryptcore.c ============================================================================== --- soc2013/def/crashdump-head/sbin/decryptcore/decryptcore.c Mon Oct 26 20:36:08 2015 (r293096) +++ soc2013/def/crashdump-head/sbin/decryptcore/decryptcore.c Mon Oct 26 20:36:41 2015 (r293097) @@ -1,4 +1,5 @@ #include +#include #include #include #include @@ -41,6 +42,67 @@ return (1); } +static struct kerneldumpkey * +read_key(int kfd) +{ + uint8_t *buf, *p; + struct kerneldumpkey *kdk; + ssize_t size; + size_t kdksize, bytes; + + PJDLOG_ASSERT(kfd >= 0); + + buf = NULL; + kdk = NULL; + + kdksize = sizeof(*kdk); + kdk = calloc(1, kdksize); + if (kdk == NULL) { + pjdlog_errno(LOG_ERR, "Unable to allocate kernel dump key"); + goto failed; + } + + bytes = sizeof(kdk->kdk_algorithm) + sizeof(kdk->kdk_iv) + + sizeof(kdk->kdk_encryptedkeysize); + buf = calloc(1, bytes); + if (buf == NULL) { + pjdlog_errno(LOG_ERR, "Unable to allocate buffer"); + goto failed; + } + + size = read(kfd, buf, bytes); + if (size == (ssize_t)bytes) { + p = buf; + kdk->kdk_algorithm = *p; + p += sizeof(kdk->kdk_algorithm); + bcopy(p, kdk->kdk_iv, sizeof(kdk->kdk_iv)); + p += sizeof(kdk->kdk_iv); + kdk->kdk_encryptedkeysize = le32dec(p); + p += sizeof(kdk->kdk_encryptedkeysize); + + kdksize += (size_t)kdk->kdk_encryptedkeysize; + kdk = realloc(kdk, kdksize); + if (kdk == NULL) { + pjdlog_errno(LOG_ERR, "Unable to reallocate kernel dump key"); + goto failed; + } + bytes += (size_t)kdk->kdk_encryptedkeysize; + size += read(kfd, &kdk->kdk_encryptedkey, + kdk->kdk_encryptedkeysize); + } + if (size != (ssize_t)bytes) { + pjdlog_errno(LOG_ERR, "Unable to read key"); + goto failed; + } + + free(buf); + return (kdk); +failed: + free(buf); + free(kdk); + return (NULL); +} + static bool decrypt(const char *privkeyfile, const char *keyfile, const char *input, const char *output) @@ -50,9 +112,9 @@ FILE *fp; struct kerneldumpkey *kdk; RSA *privkey; - int error, ifd, kfd, ofd, olen, privkeysize; - ssize_t bytes, size; - size_t bufused, kdksize; + int ifd, kfd, ofd, olen, privkeysize; + ssize_t bytes; + size_t bufused; pid_t pid; PJDLOG_ASSERT(privkeyfile != NULL); @@ -110,32 +172,11 @@ } EVP_CIPHER_CTX_init(&ctx); - kdksize = sizeof(*kdk); - kdk = calloc(1, kdksize); - if (kdk == NULL) { - pjdlog_errno(LOG_ERR, "Unable to allocate kernel dump key"); - goto failed; - } - - size = read(kfd, kdk, kdksize); - if (size == (ssize_t)kdksize) { - kdksize += (size_t)kdk->kdk_encryptedkeysize; - kdk = realloc(kdk, kdksize); - if (kdk == NULL) { - pjdlog_errno(LOG_ERR, "Unable to reallocate kernel dump key"); - goto failed; - } - size += read(kfd, &kdk->kdk_encryptedkey, - kdk->kdk_encryptedkeysize); - } - error = errno; + kdk = read_key(kfd); close(kfd); kfd = -1; - if (size != (ssize_t)kdksize) { - errno = error; - pjdlog_errno(LOG_ERR, "Unable to read data from %s", keyfile); + if (kdk == NULL) goto failed; - } privkey = PEM_read_RSAPrivateKey(fp, &privkey, NULL, NULL); fclose(fp); @@ -151,8 +192,9 @@ 8 * privkeysize, 8 * kdk->kdk_encryptedkeysize); goto failed; } - if (RSA_private_decrypt(kdk->kdk_encryptedkeysize, kdk->kdk_encryptedkey, - key, privkey, RSA_PKCS1_PADDING) != sizeof(key)) { + if (RSA_private_decrypt(kdk->kdk_encryptedkeysize, + kdk->kdk_encryptedkey, key, privkey, + RSA_PKCS1_PADDING) != sizeof(key)) { pjdlog_error("Unable to decrypt key. %s", ERR_error_string(ERR_get_error(), NULL)); goto failed;