socsvn commit: r293097 - soc2013/def/crashdump-head/sbin/decryptcore

Mon Oct 26 20:36:42 UTC 2015

Author: def
Date: Mon Oct 26 20:36:41 2015
New Revision: 293097
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=293097

Log:
  Decode kernel dump key.

Modified:
  soc2013/def/crashdump-head/sbin/decryptcore/decryptcore.c

Modified: soc2013/def/crashdump-head/sbin/decryptcore/decryptcore.c
==============================================================================

--- soc2013/def/crashdump-head/sbin/decryptcore/decryptcore.c	Mon Oct 26 20:36:08 2015	(r293096)
+++ soc2013/def/crashdump-head/sbin/decryptcore/decryptcore.c	Mon Oct 26 20:36:41 2015	(r293097)
@@ -1,4 +1,5 @@
 #include <sys/capsicum.h>
+#include <sys/endian.h>
 #include <sys/types.h>
 #include <sys/event.h>
 #include <sys/kerneldump.h>
@@ -41,6 +42,67 @@
 	return (1);
 }
 
+static struct kerneldumpkey *
+read_key(int kfd)
+{
+	uint8_t *buf, *p;
+	struct kerneldumpkey *kdk;
+	ssize_t size;
+	size_t kdksize, bytes;
+
+	PJDLOG_ASSERT(kfd >= 0);
+
+	buf = NULL;
+	kdk = NULL;
+
+	kdksize = sizeof(*kdk);
+	kdk = calloc(1, kdksize);
+	if (kdk == NULL) {
+		pjdlog_errno(LOG_ERR, "Unable to allocate kernel dump key");
+		goto failed;
+	}
+
+	bytes = sizeof(kdk->kdk_algorithm) + sizeof(kdk->kdk_iv) +
+	    sizeof(kdk->kdk_encryptedkeysize);
+	buf = calloc(1, bytes);
+	if (buf == NULL) {
+		pjdlog_errno(LOG_ERR, "Unable to allocate buffer");
+		goto failed;
+	}
+
+	size = read(kfd, buf, bytes);
+	if (size == (ssize_t)bytes) {
+		p = buf;
+		kdk->kdk_algorithm = *p;
+		p += sizeof(kdk->kdk_algorithm);
+		bcopy(p, kdk->kdk_iv, sizeof(kdk->kdk_iv));
+		p += sizeof(kdk->kdk_iv);
+		kdk->kdk_encryptedkeysize = le32dec(p);
+		p += sizeof(kdk->kdk_encryptedkeysize);
+
+		kdksize += (size_t)kdk->kdk_encryptedkeysize;
+		kdk = realloc(kdk, kdksize);
+		if (kdk == NULL) {
+			pjdlog_errno(LOG_ERR, "Unable to reallocate kernel dump key");
+			goto failed;
+		}
+		bytes += (size_t)kdk->kdk_encryptedkeysize;
+		size += read(kfd, &kdk->kdk_encryptedkey,
+		    kdk->kdk_encryptedkeysize);
+	}
+	if (size != (ssize_t)bytes) {
+		pjdlog_errno(LOG_ERR, "Unable to read key");
+		goto failed;
+	}
+
+	free(buf);
+	return (kdk);
+failed:
+	free(buf);
+	free(kdk);
+	return (NULL);
+}
+
 static bool
 decrypt(const char *privkeyfile, const char *keyfile, const char *input,
     const char *output)
@@ -50,9 +112,9 @@
 	FILE *fp;
 	struct kerneldumpkey *kdk;
 	RSA *privkey;
-	int error, ifd, kfd, ofd, olen, privkeysize;
-	ssize_t bytes, size;
-	size_t bufused, kdksize;
+	int ifd, kfd, ofd, olen, privkeysize;
+	ssize_t bytes;
+	size_t bufused;
 	pid_t pid;
 
 	PJDLOG_ASSERT(privkeyfile != NULL);
@@ -110,32 +172,11 @@
 	}
 	EVP_CIPHER_CTX_init(&ctx);
 
-	kdksize = sizeof(*kdk);
-	kdk = calloc(1, kdksize);
-	if (kdk == NULL) {
-		pjdlog_errno(LOG_ERR, "Unable to allocate kernel dump key");
-		goto failed;
-	}
-
-	size = read(kfd, kdk, kdksize);
-	if (size == (ssize_t)kdksize) {
-		kdksize += (size_t)kdk->kdk_encryptedkeysize;
-		kdk = realloc(kdk, kdksize);
-		if (kdk == NULL) {
-			pjdlog_errno(LOG_ERR, "Unable to reallocate kernel dump key");
-			goto failed;
-		}
-		size += read(kfd, &kdk->kdk_encryptedkey,
-		    kdk->kdk_encryptedkeysize);
-	}
-	error = errno;
+	kdk = read_key(kfd);
 	close(kfd);
 	kfd = -1;
-	if (size != (ssize_t)kdksize) {
-		errno = error;
-		pjdlog_errno(LOG_ERR, "Unable to read data from %s", keyfile);
+	if (kdk == NULL)
 		goto failed;
-	}
 
 	privkey = PEM_read_RSAPrivateKey(fp, &privkey, NULL, NULL);
 	fclose(fp);
@@ -151,8 +192,9 @@
 		    8 * privkeysize, 8 * kdk->kdk_encryptedkeysize);
 		goto failed;
 	}
-	if (RSA_private_decrypt(kdk->kdk_encryptedkeysize, kdk->kdk_encryptedkey,
-	    key, privkey, RSA_PKCS1_PADDING) != sizeof(key)) {
+	if (RSA_private_decrypt(kdk->kdk_encryptedkeysize,
+	    kdk->kdk_encryptedkey, key, privkey,
+	    RSA_PKCS1_PADDING) != sizeof(key)) {
 		pjdlog_error("Unable to decrypt key. %s",
 		    ERR_error_string(ERR_get_error(), NULL));
 		goto failed;
