socsvn commit: r257596 - soc2013/def/crashdump-head/sbin/dumpkey
def at FreeBSD.org
def at FreeBSD.org
Sun Sep 22 01:47:49 UTC 2013
Author: def
Date: Sun Sep 22 01:47:48 2013
New Revision: 257596
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257596
Log:
Use kern.dumpkey in order to transfer key's data to kernel. Refactor dumpkey.
Modified:
soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c
Modified: soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c
==============================================================================
--- soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Sun Sep 22 01:45:56 2013 (r257595)
+++ soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Sun Sep 22 01:47:48 2013 (r257596)
@@ -35,11 +35,11 @@
}
static int
-read_data(char *buf, size_t size, const char *file)
+random_data(char *buf, size_t size)
{
FILE *fp;
- fp = fopen(file, "r");
+ fp = fopen(PATH_DEVRANDOM, "r");
if (fp == NULL)
return (-1);
@@ -56,16 +56,7 @@
}
static int
-random_data(char *buf, size_t size)
-{
- if(read_data(buf, size, PATH_DEVRANDOM))
- return (-1);
-
- return (0);
-}
-
-static int
-encrypt_key(char *key, size_t keysize, char *encrypted_key, RSA *public_key, char *public_key_file)
+encrypt_key(char *key, char *encrypted_key, RSA *public_key, char *public_key_file)
{
FILE *fp;
@@ -80,61 +71,46 @@
if (public_key == NULL)
return (-1);
- if (RSA_public_encrypt(keysize, key, encrypted_key, public_key, RSA_PKCS1_PADDING) == -1)
+ if (RSA_public_encrypt(KERNELDUMP_KEY_SIZE, key, encrypted_key, public_key, RSA_PKCS1_PADDING) == -1)
return (-1);
return (0);
}
static int
-expand_key(char *key, size_t keysize, char *data_key, char *tweak_key)
+expand_key(char *masterkey, struct xts_ctx *data_ctx, struct xts_ctx *tweak_ctx)
{
struct xts_ctx ctx;
+ char key[KERNELDUMP_KEY_SIZE];
- bzero(&ctx, sizeof(ctx));
- bzero(data_key, keysize);
- bzero(tweak_key, keysize);
-
- hkdf_expand(&ctx, key, data_key, 1, kerneldump_magic, sizeof(kerneldump_magic));
- memcpy(tweak_key, data_key, keysize);
- hkdf_expand(&ctx, key, tweak_key, 2, kerneldump_magic, sizeof(kerneldump_magic));
-
- bzero(&ctx, sizeof(ctx));
+ bzero(key, KERNELDUMP_KEY_SIZE);
+ bzero(&ctx, sizeof(struct xts_ctx));
+ bzero(data_ctx, sizeof(struct xts_ctx));
+ bzero(tweak_ctx, sizeof(struct xts_ctx));
- return (0);
-}
+ hkdf_expand(&ctx, masterkey, key, 1, kerneldump_magic, sizeof(kerneldump_magic));
+ xts_alg_aes.pa_keysetup(data_ctx, key, KERNELDUMP_KEY_SIZE << 3);
-static int
-set_data_key(char *key, size_t keysize)
-{
- return (sysctlbyname("kern.dump.key.data", NULL, 0, key, keysize));
-}
+ hkdf_expand(&ctx, masterkey, key, 2, kerneldump_magic, sizeof(kerneldump_magic));
+ xts_alg_aes.pa_keysetup(tweak_ctx, key, KERNELDUMP_KEY_SIZE << 3);
-static int
-set_tweak_key(char *key, size_t keysize)
-{
- return (sysctlbyname("kern.dump.key.tweak", NULL, 0, key, keysize));
-}
+ bzero(&ctx, sizeof(struct xts_ctx));
+ bzero(key, KERNELDUMP_KEY_SIZE);
-static int
-set_encrypted_key(char *key, size_t keysize)
-{
- return (sysctlbyname("kern.dump.key.encrypted", NULL, 0, key, keysize));
+ return (0);
}
static int
-set_tweak(char *tweak, size_t tweaksize)
+sysctl_dumpkey(struct kerneldumpkey *key)
{
- return (sysctlbyname("kern.dump.tweak", NULL, 0, tweak, tweaksize));
+ return (sysctlbyname("kern.dumpkey", NULL, NULL, key, sizeof(struct kerneldumpkey)));
}
int
main(int argc, char **argv)
{
- char *public_key_file;
- char key[KERNELDUMP_KEY_SIZE], encrypted_key[KERNELDUMP_ENCRYPTED_KEY_SIZE];
- char data_key[KERNELDUMP_KEY_SIZE], tweak_key[KERNELDUMP_KEY_SIZE];
- char tweak[KERNELDUMP_TWEAK_SIZE];
+ struct kerneldumpkey key;
+ char *public_key_file, buf[KERNELDUMP_KEY_SIZE];
int ch, error;
RSA *public_key;
@@ -163,60 +139,41 @@
goto out;
}
- if (random_data(key, KERNELDUMP_KEY_SIZE)) {
- printf("Error: cannot generate a symmetric key.\n");
- error = 1;
- goto out;
- }
+ key.keysize = KERNELDUMP_KEY_SIZE;
- if (encrypt_key(key, KERNELDUMP_KEY_SIZE, encrypted_key, public_key, public_key_file)) {
- printf("Error: cannot encrypt a symmetric key.\n");
- error = 1;
- goto out;
- }
-
- if (set_encrypted_key(encrypted_key, KERNELDUMP_ENCRYPTED_KEY_SIZE)) {
- printf("Error: cannot set an encrypted symmetric key.\n");
+ if (random_data(buf, KERNELDUMP_KEY_SIZE)) {
+ printf("Error: cannot generate a symmetric key.\n");
error = 1;
goto out;
}
- if (expand_key(key, KERNELDUMP_KEY_SIZE, data_key, tweak_key)) {
+ if (expand_key(buf, &key.data_ctx, &key.tweak_ctx)) {
printf("Error: cannot expand a symmetric key.");
error = 1;
goto out;
}
- if (set_data_key(data_key, KERNELDUMP_KEY_SIZE)) {
- printf("Error: cannot set a symmetric data key.\n");
- error = 1;
- goto out;
- }
-
- if (set_tweak_key(tweak_key, KERNELDUMP_KEY_SIZE)) {
- printf("Error: cannot set a symmetric tweak key.");
+ if (encrypt_key(buf, key.encrypted_key, public_key, public_key_file)) {
+ printf("Error: cannot encrypt a symmetric key.\n");
error = 1;
goto out;
}
- if (random_data(tweak, KERNELDUMP_TWEAK_SIZE)) {
+ if (random_data(key.tweak, KERNELDUMP_TWEAK_SIZE)) {
printf("Error: cannot generate a tweak.\n");
error = 1;
goto out;
}
- if (set_tweak(tweak, KERNELDUMP_TWEAK_SIZE)) {
- printf("Error: cannot set a tweak.\n");
+ if (sysctl_dumpkey(&key)) {
+ printf("Error: cannot set a kernel crash dump key.\n");
error = 1;
goto out;
}
out:
- bzero(key, KERNELDUMP_KEY_SIZE);
- bzero(encrypted_key, KERNELDUMP_ENCRYPTED_KEY_SIZE);
- bzero(data_key, KERNELDUMP_KEY_SIZE);
- bzero(tweak_key, KERNELDUMP_KEY_SIZE);
- bzero(tweak, KERNELDUMP_TWEAK_SIZE);
+ bzero(&key, sizeof(struct kerneldumpkey));
+ bzero(buf, KERNELDUMP_KEY_SIZE);
RSA_free(public_key);
ERR_free_strings();
More information about the svn-soc-all
mailing list