socsvn commit: r255439 - in soc2013/def/crashdump-head: sbin/savecore sys/kern sys/sys
def at FreeBSD.org
def at FreeBSD.org
Fri Aug 2 00:52:51 UTC 2013
Author: def
Date: Fri Aug 2 00:52:51 2013
New Revision: 255439
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=255439
Log:
Store cached alpha^j values. Reduce a number of #ifdef directives.
Modified:
soc2013/def/crashdump-head/sbin/savecore/decryptfile.c
soc2013/def/crashdump-head/sys/kern/kern_shutdown.c
soc2013/def/crashdump-head/sys/sys/conf.h
soc2013/def/crashdump-head/sys/sys/kerneldump.h
Modified: soc2013/def/crashdump-head/sbin/savecore/decryptfile.c
==============================================================================
--- soc2013/def/crashdump-head/sbin/savecore/decryptfile.c Fri Aug 2 00:49:48 2013 (r255438)
+++ soc2013/def/crashdump-head/sbin/savecore/decryptfile.c Fri Aug 2 00:52:51 2013 (r255439)
@@ -20,7 +20,7 @@
fd->buf_used += resid;
xts_block_decrypt(&xts_alg_aes, (struct xts_ctx *)&fd->tweak_ctx, (struct xts_ctx *)&fd->data_ctx,
- fd->offset, fd->tweak, PEFS_SECTOR_SIZE,
+ fd->offset, fd->tweak, NULL, PEFS_SECTOR_SIZE,
fd->buf, fd->buf);
if (fwrite(fd->buf, 1, PEFS_SECTOR_SIZE, fd->fp) != PEFS_SECTOR_SIZE)
@@ -106,7 +106,7 @@
if (fd->buf_used > 0) {
xts_block_decrypt(&xts_alg_aes, (struct xts_ctx *)&fd->tweak_ctx, (struct xts_ctx *)&fd->data_ctx,
- fd->offset, fd->tweak, fd->buf_used,
+ fd->offset, fd->tweak, NULL, fd->buf_used,
fd->buf, fd->buf);
if (fwrite(fd->buf, 1, fd->buf_used, fd->fp) != 1)
Modified: soc2013/def/crashdump-head/sys/kern/kern_shutdown.c
==============================================================================
--- soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Fri Aug 2 00:49:48 2013 (r255438)
+++ soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Fri Aug 2 00:52:51 2013 (r255439)
@@ -146,10 +146,8 @@
int dumping; /* system is dumping */
int rebooting; /* system is rebooting */
static struct dumperinfo dumper; /* our selected dumper */
-#ifdef ENCRYPT_CRASH
static struct kerneldumpkey dumperkey;
static struct kerneldumpbuffer dumperbuffer;
-#endif
/* Context information for dump-debuggers. */
static struct pcb dumppcb; /* Registers. */
@@ -854,10 +852,10 @@
if (dumper.dumper != NULL)
return (EBUSY);
dumper = *di;
-
-#ifdef ENCRYPT_CRASH
dumper.kdk = &dumperkey;
dumper.kdb = &dumperbuffer;
+
+#ifdef ENCRYPT_CRASH
kerneldump_crypto_init(&dumper);
#endif
@@ -869,29 +867,17 @@
return (0);
}
-/* Call dumper with bounds checking. */
+/* Call dumper with encrypted data. */
int
-dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical,
- off_t offset, size_t length)
+dump_encrypted_write(struct dumperinfo *di, void *virtual, vm_offset_t physical,
+ off_t offset, size_t length)
{
-#ifdef ENCRYPT_CRASH
struct kerneldumpkey *kdk;
struct kerneldumpbuffer *kdb;
- int error, len;
- off_t sector_index, devblk_index;
- char *ptr;
-#endif
-
- if (length != 0 && (offset < di->mediaoffset ||
- offset - di->mediaoffset + length > di->mediasize)) {
- printf("Attempt to write outside dump device boundaries.\n"
- "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n",
- (intmax_t)offset, (intmax_t)di->mediaoffset,
- (uintmax_t)length, (intmax_t)di->mediasize);
- return (ENOSPC);
- }
+ int error, sector_index, devblk_index;
+ off_t sector_offset;
+ uint64_t tweak[XTS_BLK_BYTES / 8];
-#ifdef ENCRYPT_CRASH
kdk = di->kdk;
kdb = di->kdb;
@@ -903,22 +889,28 @@
}
sector_index = (offset - kdb->kdhoffset)/KERNELDUMP_SECTOR_SIZE;
+ sector_offset = kdb->kdhoffset + sector_index*KERNELDUMP_SECTOR_SIZE;
devblk_index = (offset - kdb->kdhoffset - sector_index*KERNELDUMP_SECTOR_SIZE)/KERNELDUMP_DEVBLK_SIZE;
+ if (sector_index == kdb->sector_index) {
+ kerneldump_calc_tweak(&xts_alg_aes, &kdk->tweak_ctx, kdb->alpha_j, kdb->devblk_index, devblk_index,
+ sector_offset, kdk->tweak);
+ memcpy(tweak, kdb->alpha_j[devblk_index], sizeof(tweak));
+ }
+
while (length > 0) {
memcpy(kdb->buf, virtual, KERNELDUMP_DEVBLK_SIZE);
- if (devblk_index == 0)
- xts_start(&xts_alg_aes, &kdk->tweak_ctx, kdb->tweak, offset, kdk->tweak);
-
- ptr = kdb->buf;
- len = KERNELDUMP_DEVBLK_SIZE;
- while (len > 0) {
- xts_fullblock(xts_alg_aes.pa_encrypt, &kdk->data_ctx, kdb->tweak, ptr, ptr);
- ptr += XTS_BLK_BYTES;
- len -= XTS_BLK_BYTES;
+ if (sector_index != kdb->sector_index) {
+ kerneldump_calc_tweak(&xts_alg_aes, &kdk->tweak_ctx, kdb->alpha_j, 0, devblk_index,
+ sector_offset, kdk->tweak);
+ kdb->sector_index = sector_index;
+ memcpy(tweak, kdb->alpha_j[devblk_index], sizeof(tweak));
}
+ xts_block_encrypt(&xts_alg_aes, &kdk->tweak_ctx, &kdk->data_ctx, offset, kdk->tweak,
+ tweak, KERNELDUMP_DEVBLK_SIZE, kdb->buf, kdb->buf);
+
error = (di->dumper(di->priv, kdb->buf, physical, offset, KERNELDUMP_DEVBLK_SIZE));
if (error)
@@ -927,16 +919,60 @@
virtual = (void *)((char *)virtual + KERNELDUMP_DEVBLK_SIZE);
length -= KERNELDUMP_DEVBLK_SIZE;
offset += KERNELDUMP_DEVBLK_SIZE;
- devblk_index = (devblk_index+1)%(KERNELDUMP_SECTOR_SIZE/KERNELDUMP_DEVBLK_SIZE);
+ devblk_index = (devblk_index+1)%KERNELDUMP_SECTOR_BLKS;
+
+ if (devblk_index == 0) {
+ sector_index++;
+ sector_offset = offset;
+ } else {
+ memcpy(kdb->alpha_j[devblk_index], tweak, sizeof(tweak));
+ kdb->devblk_index = devblk_index;
+ }
}
return (0);
-#else /* ENCRYPT_CRASH */
- return (di->dumper(di->priv, virtual, physical, offset, length));
-#endif /* ENCRYPT_CRASH */
}
+/* Call dumper with bounds checking. */
+int
+dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical,
+ off_t offset, size_t length)
+{
+
+ if (length != 0 && (offset < di->mediaoffset ||
+ offset - di->mediaoffset + length > di->mediasize)) {
+ printf("Attempt to write outside dump device boundaries.\n"
+ "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n",
+ (intmax_t)offset, (intmax_t)di->mediaoffset,
+ (uintmax_t)length, (intmax_t)di->mediasize);
+ return (ENOSPC);
+ }
+
#ifdef ENCRYPT_CRASH
+ return (dump_encrypted_write(di, virtual, physical, offset, length));
+#else
+ return (di->dumper(di->priv, virtual, physical, offset, length));
+#endif
+}
+
+void
+kerneldump_calc_tweak(const struct xts_alg *alg, const struct xts_ctx *tweak_ctx,
+ uint64_t (*alpha_j)[XTS_BLK_BYTES / 8], int i, int j,
+ uint64_t sector, const uint8_t *xtweak)
+{
+ int k;
+
+ if (i == 0)
+ xts_start(alg, tweak_ctx, alpha_j[0], sector, xtweak);
+
+ for (++i ; i <= j ; i++) {
+ memcpy(alpha_j[i], alpha_j[i-1], XTS_BLK_BYTES);
+
+ for (k = 0 ; k < KERNELDUMP_DEVBLK_SIZE/XTS_BLK_BYTES ; k++)
+ gf_mul128(alpha_j[i], alpha_j[i]);
+ }
+}
+
static void
kerneldump_hkdf_expand(struct xts_ctx *ctx, const uint8_t *masterkey, uint8_t *key,
int idx, const uint8_t *magic, size_t magicsize)
@@ -959,9 +995,6 @@
return;
}
- /* In the future the tweak will be set via sysctl. */
- arc4rand(kerneldump_tweak, KERNELDUMP_TWEAK_SIZE, 0);
-
di->kdk = kerneldump_set_key(di->kdk, KERNELDUMP_KEY_SIZE, kerneldump_key, kerneldump_tweak);
di->kdb = kerneldump_set_buffer(di->kdb);
}
@@ -1004,11 +1037,12 @@
return (NULL);
}
+ kdb->sector_index = -1;
+ kdb->devblk_index = -1;
kdb->kdhoffset = 0;
return (kdb);
}
-#endif /* ENCRYPT_CRASH */
void
mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver,
@@ -1027,10 +1061,8 @@
strncpy(kdh->versionstring, version, sizeof(kdh->versionstring));
if (panicstr != NULL)
strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
-#ifdef ENCRYPT_CRASH
kdh->keysize = dumper.kdk->keysize;
strncpy(kdh->key, dumper.kdk->key, kdh->keysize);
strncpy(kdh->tweak, dumper.kdk->tweak, KERNELDUMP_TWEAK_SIZE);
-#endif
kdh->parity = kerneldump_parity(kdh);
}
Modified: soc2013/def/crashdump-head/sys/sys/conf.h
==============================================================================
--- soc2013/def/crashdump-head/sys/sys/conf.h Fri Aug 2 00:49:48 2013 (r255438)
+++ soc2013/def/crashdump-head/sys/sys/conf.h Fri Aug 2 00:52:51 2013 (r255439)
@@ -323,10 +323,8 @@
EVENTHANDLER_DECLARE(dev_clone, dev_clone_fn);
/* Stuff relating to kernel-dump */
-#ifdef ENCRYPT_CRASH
struct kerneldumpkey;
struct kerneldumpbuffer;
-#endif
struct dumperinfo {
dumper_t *dumper; /* Dumping function. */
@@ -335,14 +333,13 @@
u_int maxiosize; /* Max size allowed for an individual I/O */
off_t mediaoffset; /* Initial offset in bytes. */
off_t mediasize; /* Space available in bytes. */
-#ifdef ENCRYPT_CRASH
struct kerneldumpkey *kdk; /* Kernel dump key. */
struct kerneldumpbuffer *kdb; /* Kernel dump buffer. */
-#endif
};
int set_dumper(struct dumperinfo *, const char *_devname);
int dump_write(struct dumperinfo *, void *, vm_offset_t, off_t, size_t);
+int dump_encrypted_write(struct dumperinfo *, void *, vm_offset_t, off_t, size_t);
void dumpsys(struct dumperinfo *);
int doadump(boolean_t);
extern int dumping; /* system is dumping */
Modified: soc2013/def/crashdump-head/sys/sys/kerneldump.h
==============================================================================
--- soc2013/def/crashdump-head/sys/sys/kerneldump.h Fri Aug 2 00:49:48 2013 (r255438)
+++ soc2013/def/crashdump-head/sys/sys/kerneldump.h Fri Aug 2 00:52:51 2013 (r255439)
@@ -109,7 +109,6 @@
}
#ifdef _KERNEL
-#ifdef ENCRYPT_CRASH
/*
* Constant key for kernel crash dumps.
*/
@@ -119,7 +118,9 @@
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41
};
-static char kerneldump_tweak[KERNELDUMP_TWEAK_SIZE];
+static char kerneldump_tweak[KERNELDUMP_TWEAK_SIZE] = {
+ 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41
+};
struct kerneldumpkey {
int keysize;
@@ -132,16 +133,20 @@
struct kerneldumpbuffer {
#define KERNELDUMP_DEVBLK_SIZE 512
#define KERNELDUMP_SECTOR_SIZE 4096
+#define KERNELDUMP_SECTOR_BLKS (KERNELDUMP_SECTOR_SIZE/KERNELDUMP_DEVBLK_SIZE)
uint8_t buf[KERNELDUMP_DEVBLK_SIZE]; /* Raw data buffer. */
- uint64_t tweak[XTS_BLK_BYTES / 8]; /* Tweak value used in XTS. */
+ uint64_t alpha_j[KERNELDUMP_SECTOR_BLKS][XTS_BLK_BYTES / 8];
+ off_t sector_index;
+ off_t devblk_index;
off_t kdhoffset; /* Offset value of the first kdh. */
};
void kerneldump_crypto_init(struct dumperinfo *di);
struct kerneldumpkey *kerneldump_set_key(struct kerneldumpkey *kdk, int keysize, char *key, char *tweak);
struct kerneldumpbuffer *kerneldump_set_buffer(struct kerneldumpbuffer *kdb);
-#endif /* ENCRYPT_CRASH */
-
+void kerneldump_calc_tweak(const struct xts_alg *alg, const struct xts_ctx *tweak_ctx,
+ uint64_t (*alpha_j)[XTS_BLK_BYTES / 8], int i, int j,
+ uint64_t sector, const uint8_t *xtweak);
void mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver,
uint64_t dumplen, uint32_t blksz);
#endif
More information about the svn-soc-all
mailing list