From owner-svn-soc-all@FreeBSD.ORG Fri Aug 2 00:52:51 2013 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 9BEEFA5C for ; Fri, 2 Aug 2013 00:52:51 +0000 (UTC) (envelope-from def@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 7A841232F for ; Fri, 2 Aug 2013 00:52:51 +0000 (UTC) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.14.7/8.14.7) with ESMTP id r720qpja017099 for ; Fri, 2 Aug 2013 00:52:51 GMT (envelope-from def@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.14.7/8.14.6/Submit) id r720qpQY017084 for svn-soc-all@FreeBSD.org; Fri, 2 Aug 2013 00:52:51 GMT (envelope-from def@FreeBSD.org) Date: Fri, 2 Aug 2013 00:52:51 GMT Message-Id: <201308020052.r720qpQY017084@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to def@FreeBSD.org using -f From: def@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r255439 - in soc2013/def/crashdump-head: sbin/savecore sys/kern sys/sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 00:52:51 -0000 Author: def Date: Fri Aug 2 00:52:51 2013 New Revision: 255439 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=255439 Log: Store cached alpha^j values. Reduce a number of #ifdef directives. Modified: soc2013/def/crashdump-head/sbin/savecore/decryptfile.c soc2013/def/crashdump-head/sys/kern/kern_shutdown.c soc2013/def/crashdump-head/sys/sys/conf.h soc2013/def/crashdump-head/sys/sys/kerneldump.h Modified: soc2013/def/crashdump-head/sbin/savecore/decryptfile.c ============================================================================== --- soc2013/def/crashdump-head/sbin/savecore/decryptfile.c Fri Aug 2 00:49:48 2013 (r255438) +++ soc2013/def/crashdump-head/sbin/savecore/decryptfile.c Fri Aug 2 00:52:51 2013 (r255439) @@ -20,7 +20,7 @@ fd->buf_used += resid; xts_block_decrypt(&xts_alg_aes, (struct xts_ctx *)&fd->tweak_ctx, (struct xts_ctx *)&fd->data_ctx, - fd->offset, fd->tweak, PEFS_SECTOR_SIZE, + fd->offset, fd->tweak, NULL, PEFS_SECTOR_SIZE, fd->buf, fd->buf); if (fwrite(fd->buf, 1, PEFS_SECTOR_SIZE, fd->fp) != PEFS_SECTOR_SIZE) @@ -106,7 +106,7 @@ if (fd->buf_used > 0) { xts_block_decrypt(&xts_alg_aes, (struct xts_ctx *)&fd->tweak_ctx, (struct xts_ctx *)&fd->data_ctx, - fd->offset, fd->tweak, fd->buf_used, + fd->offset, fd->tweak, NULL, fd->buf_used, fd->buf, fd->buf); if (fwrite(fd->buf, 1, fd->buf_used, fd->fp) != 1) Modified: soc2013/def/crashdump-head/sys/kern/kern_shutdown.c ============================================================================== --- soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Fri Aug 2 00:49:48 2013 (r255438) +++ soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Fri Aug 2 00:52:51 2013 (r255439) @@ -146,10 +146,8 @@ int dumping; /* system is dumping */ int rebooting; /* system is rebooting */ static struct dumperinfo dumper; /* our selected dumper */ -#ifdef ENCRYPT_CRASH static struct kerneldumpkey dumperkey; static struct kerneldumpbuffer dumperbuffer; -#endif /* Context information for dump-debuggers. */ static struct pcb dumppcb; /* Registers. */ @@ -854,10 +852,10 @@ if (dumper.dumper != NULL) return (EBUSY); dumper = *di; - -#ifdef ENCRYPT_CRASH dumper.kdk = &dumperkey; dumper.kdb = &dumperbuffer; + +#ifdef ENCRYPT_CRASH kerneldump_crypto_init(&dumper); #endif @@ -869,29 +867,17 @@ return (0); } -/* Call dumper with bounds checking. */ +/* Call dumper with encrypted data. */ int -dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, - off_t offset, size_t length) +dump_encrypted_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, + off_t offset, size_t length) { -#ifdef ENCRYPT_CRASH struct kerneldumpkey *kdk; struct kerneldumpbuffer *kdb; - int error, len; - off_t sector_index, devblk_index; - char *ptr; -#endif - - if (length != 0 && (offset < di->mediaoffset || - offset - di->mediaoffset + length > di->mediasize)) { - printf("Attempt to write outside dump device boundaries.\n" - "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n", - (intmax_t)offset, (intmax_t)di->mediaoffset, - (uintmax_t)length, (intmax_t)di->mediasize); - return (ENOSPC); - } + int error, sector_index, devblk_index; + off_t sector_offset; + uint64_t tweak[XTS_BLK_BYTES / 8]; -#ifdef ENCRYPT_CRASH kdk = di->kdk; kdb = di->kdb; @@ -903,22 +889,28 @@ } sector_index = (offset - kdb->kdhoffset)/KERNELDUMP_SECTOR_SIZE; + sector_offset = kdb->kdhoffset + sector_index*KERNELDUMP_SECTOR_SIZE; devblk_index = (offset - kdb->kdhoffset - sector_index*KERNELDUMP_SECTOR_SIZE)/KERNELDUMP_DEVBLK_SIZE; + if (sector_index == kdb->sector_index) { + kerneldump_calc_tweak(&xts_alg_aes, &kdk->tweak_ctx, kdb->alpha_j, kdb->devblk_index, devblk_index, + sector_offset, kdk->tweak); + memcpy(tweak, kdb->alpha_j[devblk_index], sizeof(tweak)); + } + while (length > 0) { memcpy(kdb->buf, virtual, KERNELDUMP_DEVBLK_SIZE); - if (devblk_index == 0) - xts_start(&xts_alg_aes, &kdk->tweak_ctx, kdb->tweak, offset, kdk->tweak); - - ptr = kdb->buf; - len = KERNELDUMP_DEVBLK_SIZE; - while (len > 0) { - xts_fullblock(xts_alg_aes.pa_encrypt, &kdk->data_ctx, kdb->tweak, ptr, ptr); - ptr += XTS_BLK_BYTES; - len -= XTS_BLK_BYTES; + if (sector_index != kdb->sector_index) { + kerneldump_calc_tweak(&xts_alg_aes, &kdk->tweak_ctx, kdb->alpha_j, 0, devblk_index, + sector_offset, kdk->tweak); + kdb->sector_index = sector_index; + memcpy(tweak, kdb->alpha_j[devblk_index], sizeof(tweak)); } + xts_block_encrypt(&xts_alg_aes, &kdk->tweak_ctx, &kdk->data_ctx, offset, kdk->tweak, + tweak, KERNELDUMP_DEVBLK_SIZE, kdb->buf, kdb->buf); + error = (di->dumper(di->priv, kdb->buf, physical, offset, KERNELDUMP_DEVBLK_SIZE)); if (error) @@ -927,16 +919,60 @@ virtual = (void *)((char *)virtual + KERNELDUMP_DEVBLK_SIZE); length -= KERNELDUMP_DEVBLK_SIZE; offset += KERNELDUMP_DEVBLK_SIZE; - devblk_index = (devblk_index+1)%(KERNELDUMP_SECTOR_SIZE/KERNELDUMP_DEVBLK_SIZE); + devblk_index = (devblk_index+1)%KERNELDUMP_SECTOR_BLKS; + + if (devblk_index == 0) { + sector_index++; + sector_offset = offset; + } else { + memcpy(kdb->alpha_j[devblk_index], tweak, sizeof(tweak)); + kdb->devblk_index = devblk_index; + } } return (0); -#else /* ENCRYPT_CRASH */ - return (di->dumper(di->priv, virtual, physical, offset, length)); -#endif /* ENCRYPT_CRASH */ } +/* Call dumper with bounds checking. */ +int +dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, + off_t offset, size_t length) +{ + + if (length != 0 && (offset < di->mediaoffset || + offset - di->mediaoffset + length > di->mediasize)) { + printf("Attempt to write outside dump device boundaries.\n" + "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n", + (intmax_t)offset, (intmax_t)di->mediaoffset, + (uintmax_t)length, (intmax_t)di->mediasize); + return (ENOSPC); + } + #ifdef ENCRYPT_CRASH + return (dump_encrypted_write(di, virtual, physical, offset, length)); +#else + return (di->dumper(di->priv, virtual, physical, offset, length)); +#endif +} + +void +kerneldump_calc_tweak(const struct xts_alg *alg, const struct xts_ctx *tweak_ctx, + uint64_t (*alpha_j)[XTS_BLK_BYTES / 8], int i, int j, + uint64_t sector, const uint8_t *xtweak) +{ + int k; + + if (i == 0) + xts_start(alg, tweak_ctx, alpha_j[0], sector, xtweak); + + for (++i ; i <= j ; i++) { + memcpy(alpha_j[i], alpha_j[i-1], XTS_BLK_BYTES); + + for (k = 0 ; k < KERNELDUMP_DEVBLK_SIZE/XTS_BLK_BYTES ; k++) + gf_mul128(alpha_j[i], alpha_j[i]); + } +} + static void kerneldump_hkdf_expand(struct xts_ctx *ctx, const uint8_t *masterkey, uint8_t *key, int idx, const uint8_t *magic, size_t magicsize) @@ -959,9 +995,6 @@ return; } - /* In the future the tweak will be set via sysctl. */ - arc4rand(kerneldump_tweak, KERNELDUMP_TWEAK_SIZE, 0); - di->kdk = kerneldump_set_key(di->kdk, KERNELDUMP_KEY_SIZE, kerneldump_key, kerneldump_tweak); di->kdb = kerneldump_set_buffer(di->kdb); } @@ -1004,11 +1037,12 @@ return (NULL); } + kdb->sector_index = -1; + kdb->devblk_index = -1; kdb->kdhoffset = 0; return (kdb); } -#endif /* ENCRYPT_CRASH */ void mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver, @@ -1027,10 +1061,8 @@ strncpy(kdh->versionstring, version, sizeof(kdh->versionstring)); if (panicstr != NULL) strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); -#ifdef ENCRYPT_CRASH kdh->keysize = dumper.kdk->keysize; strncpy(kdh->key, dumper.kdk->key, kdh->keysize); strncpy(kdh->tweak, dumper.kdk->tweak, KERNELDUMP_TWEAK_SIZE); -#endif kdh->parity = kerneldump_parity(kdh); } Modified: soc2013/def/crashdump-head/sys/sys/conf.h ============================================================================== --- soc2013/def/crashdump-head/sys/sys/conf.h Fri Aug 2 00:49:48 2013 (r255438) +++ soc2013/def/crashdump-head/sys/sys/conf.h Fri Aug 2 00:52:51 2013 (r255439) @@ -323,10 +323,8 @@ EVENTHANDLER_DECLARE(dev_clone, dev_clone_fn); /* Stuff relating to kernel-dump */ -#ifdef ENCRYPT_CRASH struct kerneldumpkey; struct kerneldumpbuffer; -#endif struct dumperinfo { dumper_t *dumper; /* Dumping function. */ @@ -335,14 +333,13 @@ u_int maxiosize; /* Max size allowed for an individual I/O */ off_t mediaoffset; /* Initial offset in bytes. */ off_t mediasize; /* Space available in bytes. */ -#ifdef ENCRYPT_CRASH struct kerneldumpkey *kdk; /* Kernel dump key. */ struct kerneldumpbuffer *kdb; /* Kernel dump buffer. */ -#endif }; int set_dumper(struct dumperinfo *, const char *_devname); int dump_write(struct dumperinfo *, void *, vm_offset_t, off_t, size_t); +int dump_encrypted_write(struct dumperinfo *, void *, vm_offset_t, off_t, size_t); void dumpsys(struct dumperinfo *); int doadump(boolean_t); extern int dumping; /* system is dumping */ Modified: soc2013/def/crashdump-head/sys/sys/kerneldump.h ============================================================================== --- soc2013/def/crashdump-head/sys/sys/kerneldump.h Fri Aug 2 00:49:48 2013 (r255438) +++ soc2013/def/crashdump-head/sys/sys/kerneldump.h Fri Aug 2 00:52:51 2013 (r255439) @@ -109,7 +109,6 @@ } #ifdef _KERNEL -#ifdef ENCRYPT_CRASH /* * Constant key for kernel crash dumps. */ @@ -119,7 +118,9 @@ 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }; -static char kerneldump_tweak[KERNELDUMP_TWEAK_SIZE]; +static char kerneldump_tweak[KERNELDUMP_TWEAK_SIZE] = { + 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 +}; struct kerneldumpkey { int keysize; @@ -132,16 +133,20 @@ struct kerneldumpbuffer { #define KERNELDUMP_DEVBLK_SIZE 512 #define KERNELDUMP_SECTOR_SIZE 4096 +#define KERNELDUMP_SECTOR_BLKS (KERNELDUMP_SECTOR_SIZE/KERNELDUMP_DEVBLK_SIZE) uint8_t buf[KERNELDUMP_DEVBLK_SIZE]; /* Raw data buffer. */ - uint64_t tweak[XTS_BLK_BYTES / 8]; /* Tweak value used in XTS. */ + uint64_t alpha_j[KERNELDUMP_SECTOR_BLKS][XTS_BLK_BYTES / 8]; + off_t sector_index; + off_t devblk_index; off_t kdhoffset; /* Offset value of the first kdh. */ }; void kerneldump_crypto_init(struct dumperinfo *di); struct kerneldumpkey *kerneldump_set_key(struct kerneldumpkey *kdk, int keysize, char *key, char *tweak); struct kerneldumpbuffer *kerneldump_set_buffer(struct kerneldumpbuffer *kdb); -#endif /* ENCRYPT_CRASH */ - +void kerneldump_calc_tweak(const struct xts_alg *alg, const struct xts_ctx *tweak_ctx, + uint64_t (*alpha_j)[XTS_BLK_BYTES / 8], int i, int j, + uint64_t sector, const uint8_t *xtweak); void mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver, uint64_t dumplen, uint32_t blksz); #endif