socsvn commit: r257606 - in soc2013/def/crashdump-head/sys: kern sys
def at FreeBSD.org
def at FreeBSD.org
Sun Sep 22 14:36:28 UTC 2013
Author: def
Date: Sun Sep 22 14:36:27 2013
New Revision: 257606
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257606
Log:
Remove key and tweak constants. Remove HKDF. Include an encrypted key in a kernel dump hader.
Modified:
soc2013/def/crashdump-head/sys/kern/kern_shutdown.c
soc2013/def/crashdump-head/sys/sys/kerneldump.h
Modified: soc2013/def/crashdump-head/sys/kern/kern_shutdown.c
==============================================================================
--- soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Sun Sep 22 13:54:08 2013 (r257605)
+++ soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Sun Sep 22 14:36:27 2013 (r257606)
@@ -857,11 +857,9 @@
if (dumper.dumper != NULL)
return (EBUSY);
dumper = *di;
- dumper.kdk = &dumperkey;
- dumper.kdb = &dumperbuffer;
#ifdef ENCRYPT_CRASH
- kerneldump_crypto_init(&dumper);
+ kerneldump_crypto_init(&dumper, &dumperkey, &dumperbuffer);
#endif
wantcopy = strlcpy(dumpdevname, devname, sizeof(dumpdevname));
@@ -942,73 +940,17 @@
#endif
}
-static void
-kerneldump_hkdf_expand(struct xts_ctx *ctx, const uint8_t *masterkey, uint8_t *key,
- int idx, const uint8_t *magic, size_t magicsize)
-{
- uint8_t byte_idx = idx;
-
- hmac_init(&ctx->o.pctx_hmac, CRYPTO_SHA2_512_HMAC,
- masterkey, KERNELDUMP_KEY_SIZE);
- hmac_update(&ctx->o.pctx_hmac, key, KERNELDUMP_KEY_SIZE);
- hmac_update(&ctx->o.pctx_hmac, magic, magicsize);
- hmac_update(&ctx->o.pctx_hmac, &byte_idx, sizeof(byte_idx));
- hmac_final(&ctx->o.pctx_hmac, key, KERNELDUMP_KEY_SIZE);
-}
-
void
-kerneldump_crypto_init(struct dumperinfo *di)
+kerneldump_crypto_init(struct dumperinfo *di, struct kerneldumpkey *kdk,
+ struct kerneldumpbuffer *kdb)
{
- if (di->kdk == NULL || di->kdb == NULL) {
+ if (kdk == NULL || kdb == NULL) {
printf("Attempt to initialize a non-existing kernel dump key and buffer.");
return;
}
- di->kdk = kerneldump_set_key(di->kdk, KERNELDUMP_KEY_SIZE, kerneldump_key, kerneldump_tweak);
- di->kdb = kerneldump_set_buffer(di->kdb);
-}
-
-struct kerneldumpkey *
-kerneldump_set_key(struct kerneldumpkey *kdk, int keysize, char *masterkey, char *tweak)
-{
- uint8_t key[KERNELDUMP_KEY_SIZE];
- struct xts_ctx ctx;
-
- if (kdk == NULL) {
- printf("Cannot initialize kernel dump key.");
- return (NULL);
- }
-
- kdk->keysize = keysize;
- memcpy(kdk->key, masterkey, kdk->keysize);
- memcpy(kdk->tweak, tweak, KERNELDUMP_TWEAK_SIZE);
- bzero(&kdk->tweak_ctx, sizeof(kdk->tweak_ctx));
- bzero(&kdk->data_ctx, sizeof(kdk->data_ctx));
- bzero(key, KERNELDUMP_KEY_SIZE);
-
- kerneldump_hkdf_expand(&ctx, kdk->key, key, 1, kerneldump_magic, sizeof(kerneldump_magic));
- xts_alg_aes.pa_keysetup(&kdk->data_ctx, key, kdk->keysize << 3);
-
- kerneldump_hkdf_expand(&ctx, kdk->key, key, 2, kerneldump_magic, sizeof(kerneldump_magic));
- xts_alg_aes.pa_keysetup(&kdk->tweak_ctx, key, kdk->keysize << 3);
-
- bzero(&ctx, sizeof(ctx));
- bzero(key, KERNELDUMP_KEY_SIZE);
-
- return (kdk);
-}
-
-struct kerneldumpbuffer *
-kerneldump_set_buffer(struct kerneldumpbuffer *kdb)
-{
- if (kdb == NULL) {
- printf("Cannot initialize kernel dump buffer.");
- return (NULL);
- }
-
- kdb->kdhoffset = 0;
-
- return (kdb);
+ di->kdk = kdk;
+ di->kdb = kdb;
}
void
@@ -1029,7 +971,7 @@
if (panicstr != NULL)
strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
kdh->keysize = dumper.kdk->keysize;
- strncpy(kdh->key, dumper.kdk->key, kdh->keysize);
+ strncpy(kdh->encrypted_key, dumper.kdk->encrypted_key, KERNELDUMP_ENCRYPTED_KEY_SIZE);
strncpy(kdh->tweak, dumper.kdk->tweak, KERNELDUMP_TWEAK_SIZE);
kdh->parity = kerneldump_parity(kdh);
}
Modified: soc2013/def/crashdump-head/sys/sys/kerneldump.h
==============================================================================
--- soc2013/def/crashdump-head/sys/sys/kerneldump.h Sun Sep 22 13:54:08 2013 (r257605)
+++ soc2013/def/crashdump-head/sys/sys/kerneldump.h Sun Sep 22 14:36:27 2013 (r257606)
@@ -83,10 +83,10 @@
uint64_t dumptime;
uint32_t blocksize;
char hostname[64];
- char versionstring[170];
- char panicstring[170];
+ char versionstring[58];
+ char panicstring[58];
int keysize;
- char key[KERNELDUMP_KEY_SIZE];
+ char encrypted_key[KERNELDUMP_ENCRYPTED_KEY_SIZE];
char tweak[KERNELDUMP_TWEAK_SIZE];
uint32_t parity;
};
@@ -111,7 +111,6 @@
struct kerneldumpkey {
int keysize;
- char key[KERNELDUMP_KEY_SIZE];
char encrypted_key[KERNELDUMP_ENCRYPTED_KEY_SIZE];
char tweak[KERNELDUMP_TWEAK_SIZE];
struct xts_ctx data_ctx;
@@ -119,19 +118,6 @@
};
#ifdef _KERNEL
-/*
- * Constant key for kernel crash dumps.
- */
-static char kerneldump_key[KERNELDUMP_KEY_SIZE] = {
- 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
- 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
- 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41
-};
-
-static char kerneldump_tweak[KERNELDUMP_TWEAK_SIZE] = {
- 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41
-};
-
struct kerneldumpbuffer {
#define KERNELDUMP_DEVBLK_SIZE 512
#define KERNELDUMP_SECTOR_SIZE 4096
@@ -141,9 +127,8 @@
off_t kdhoffset; /* Offset value of the first kdh. */
};
-void kerneldump_crypto_init(struct dumperinfo *di);
-struct kerneldumpkey *kerneldump_set_key(struct kerneldumpkey *kdk, int keysize, char *key, char *tweak);
-struct kerneldumpbuffer *kerneldump_set_buffer(struct kerneldumpbuffer *kdb);
+void kerneldump_crypto_init(struct dumperinfo *di, struct kerneldumpkey *kdk,
+ struct kerneldumpbuffer *kdb);
void mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver,
uint64_t dumplen, uint32_t blksz);
#endif
More information about the svn-soc-all
mailing list