Date: Mon, 23 Jun 2014 22:16:01 GMT From: def@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r269949 - in soc2013/def/crashdump-head: sbin/dumpkey sys/kern sys/sys Message-ID: <201406232216.s5NMG1aK066556@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: def Date: Mon Jun 23 22:16:00 2014 New Revision: 269949 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269949 Log: Use CBC mode instead of XTS. Modified: soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c soc2013/def/crashdump-head/sys/kern/kern_shutdown.c soc2013/def/crashdump-head/sys/sys/kerneldump.h Modified: soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c ============================================================================== --- soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Mon Jun 23 19:47:25 2014 (r269948) +++ soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Mon Jun 23 22:16:00 2014 (r269949) @@ -3,7 +3,7 @@ #include <string.h> #include <sys/sysctl.h> #include <sys/kerneldump.h> -#include <crypto/xts.h> +#include <crypto/rijndael/rijndael-api-fst.h> #include <opencrypto/cryptodev.h> #define OPENSSL_NO_SHA @@ -13,23 +13,7 @@ #include <openssl/pem.h> #define PATH_DEVRANDOM "/dev/random" -#define PEFS_SECTOR_SIZE 4096 - -static const char kerneldump_magic[] = "PEFSKEY-V1"; - -static void -hkdf_expand(struct xts_ctx *ctx, const uint8_t *masterkey, uint8_t *key, - int idx, const uint8_t *magic, size_t magicsize) -{ - uint8_t byte_idx = idx; - - hmac_init(&ctx->o.pctx_hmac, CRYPTO_SHA2_512_HMAC, - masterkey, KERNELDUMP_KEY_SIZE); - hmac_update(&ctx->o.pctx_hmac, key, KERNELDUMP_KEY_SIZE); - hmac_update(&ctx->o.pctx_hmac, magic, magicsize); - hmac_update(&ctx->o.pctx_hmac, &byte_idx, sizeof(byte_idx)); - hmac_final(&ctx->o.pctx_hmac, key, KERNELDUMP_KEY_SIZE); -} +#define DEVBLK_SIZE 512 static void usage(void) @@ -67,7 +51,8 @@ } static int -encrypt_key(char *plainkey, struct kerneldumpkey *key, RSA *public_key, char *public_key_file) +encrypt_key(char *plain_dumpkey, struct kerneldumpkey *dumpkey, RSA *public_key, + char *public_key_file) { FILE *fp; @@ -82,20 +67,20 @@ if (public_key == NULL) return (-1); - memcpy(plainkey + KERNELDUMP_KEY_SIZE, key->tweak, KERNELDUMP_TWEAK_SIZE); - - if (RSA_public_encrypt(KERNELDUMP_KEY_SIZE + KERNELDUMP_TWEAK_SIZE, plainkey, - key->encrypted_key, public_key, RSA_PKCS1_PADDING) == -1) + if (RSA_public_encrypt(KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE, + plain_dumpkey, dumpkey->ciphertext, public_key, + RSA_PKCS1_PADDING) == -1) { return (-1); + } return (0); } static int -decrypt_key(char *cipherkey, char *key, char *tweak, RSA *private_key, char *private_key_file) +decrypt_key(char *cipherkey, char *key, char *iv, RSA *private_key, char *private_key_file) { FILE *fp; - char buf[KERNELDUMP_KEY_SIZE + KERNELDUMP_TWEAK_SIZE]; + char buf[KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE]; fp = fopen(private_key_file, "r"); @@ -108,35 +93,13 @@ if (private_key == NULL) return (-1); - if (RSA_private_decrypt(KERNELDUMP_ENCRYPTED_KEY_SIZE, cipherkey, buf, - private_key, RSA_PKCS1_PADDING) == -1) + if (RSA_private_decrypt(KERNELDUMP_CIPHERTEXT_SIZE, cipherkey, buf, + private_key, RSA_PKCS1_PADDING) == -1) { return (-1); + } memcpy(key, buf, KERNELDUMP_KEY_SIZE); - memcpy(tweak, buf + KERNELDUMP_KEY_SIZE, KERNELDUMP_TWEAK_SIZE); - - return (0); -} - -static int -expand_key(char *masterkey, struct xts_ctx *data_ctx, struct xts_ctx *tweak_ctx) -{ - struct xts_ctx ctx; - char key[KERNELDUMP_KEY_SIZE]; - - bzero(key, KERNELDUMP_KEY_SIZE); - bzero(&ctx, sizeof(struct xts_ctx)); - bzero(data_ctx, sizeof(struct xts_ctx)); - bzero(tweak_ctx, sizeof(struct xts_ctx)); - - hkdf_expand(&ctx, masterkey, key, 1, kerneldump_magic, sizeof(kerneldump_magic)); - xts_alg_aes.pa_keysetup(data_ctx, key, KERNELDUMP_KEY_SIZE << 2); - - hkdf_expand(&ctx, masterkey, key, 2, kerneldump_magic, sizeof(kerneldump_magic)); - xts_alg_aes.pa_keysetup(tweak_ctx, key, KERNELDUMP_KEY_SIZE << 2); - - bzero(&ctx, sizeof(struct xts_ctx)); - bzero(key, KERNELDUMP_KEY_SIZE); + memcpy(iv, buf + KERNELDUMP_KEY_SIZE, KERNELDUMP_IV_SIZE); return (0); } @@ -150,51 +113,47 @@ static void generate_key(char *public_key_file) { - char buf[KERNELDUMP_KEY_SIZE + KERNELDUMP_TWEAK_SIZE]; - struct kerneldumpkey key; + char buf[KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE]; + struct kerneldumpkey dumpkey; RSA *public_key; + int error; public_key = RSA_new(); - if (random_data(buf, KERNELDUMP_KEY_SIZE)) { + if (random_data(buf, KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE)) { printf("Error: cannot generate a symmetric key.\n"); goto out; } - if (random_data(key.tweak, KERNELDUMP_TWEAK_SIZE)) { - printf("Error: cannot generate a tweak.\n"); - goto out; - } + error = rijndael_makeKey(&dumpkey.ki, DIR_ENCRYPT, + 8 * KERNELDUMP_KEY_SIZE, buf); + error = rijndael_cipherInit(&dumpkey.ci, MODE_CBC, + buf + KERNELDUMP_KEY_SIZE); - if (expand_key(buf, &key.data_ctx, &key.tweak_ctx)) { - printf("Error: cannot expand a symmetric key.\n"); - goto out; - } - - if (encrypt_key(buf, &key, public_key, public_key_file)) { + if (encrypt_key(buf, &dumpkey, public_key, public_key_file)) { printf("Error: cannot encrypt a key.\n"); goto out; } - if (sysctl_dumpkey(&key)) { + if (sysctl_dumpkey(&dumpkey)) { printf("Error: cannot set a kernel crash dump key.\n"); goto out; } out: - bzero(&key, sizeof(struct kerneldumpkey)); - bzero(buf, KERNELDUMP_KEY_SIZE + KERNELDUMP_TWEAK_SIZE); + bzero(&dumpkey, sizeof(struct kerneldumpkey)); + bzero(buf, KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE); RSA_free(public_key); } static void decrypt_core(char *encrypted_core, char *private_key_file, char *encrypted_key_file) { - char key[KERNELDUMP_KEY_SIZE], tweak[KERNELDUMP_TWEAK_SIZE]; - char buf[PEFS_SECTOR_SIZE]; - struct xts_ctx data_ctx, tweak_ctx; + char buf[DEVBLK_SIZE]; + char key[KERNELDUMP_KEY_SIZE], iv[KERNELDUMP_IV_SIZE]; + struct kerneldumpkey dumpkey; RSA *private_key; - int offset; + int error, offset; size_t buf_used, bytes; FILE *fp, *fp_w; @@ -209,28 +168,43 @@ if (fp == NULL || fp_w == NULL) goto out; - if (read_data(buf, KERNELDUMP_ENCRYPTED_KEY_SIZE, encrypted_key_file)) { + if (read_data(buf, KERNELDUMP_CIPHERTEXT_SIZE, encrypted_key_file)) { printf("Error: cannot read an encrypted key.\n"); goto out; } - if (decrypt_key(buf, key, tweak, private_key, private_key_file)) { + if (decrypt_key(buf, key, iv, private_key, private_key_file)) { printf("Error: cannot decrypt a key.\n"); goto out; } - if (expand_key(key, &data_ctx, &tweak_ctx)) { - printf("Error: cannot expand a symmetric key.\n"); + error = rijndael_makeKey(&dumpkey.ki, DIR_DECRYPT, + 8 * KERNELDUMP_KEY_SIZE, key); + if (error <= 0) { + printf("Error: cannot initialize a key.\n"); goto out; } offset = buf_used = 0; do { - bytes = fread(buf + buf_used, 1, PEFS_SECTOR_SIZE - buf_used, fp); + bytes = fread(buf + buf_used, 1, DEVBLK_SIZE - buf_used, fp); buf_used += bytes; - if (buf_used == PEFS_SECTOR_SIZE || (buf_used > 0 && bytes == 0)) { - xts_block_decrypt(&xts_alg_aes, &tweak_ctx, &data_ctx, offset, tweak, 0, buf_used, buf, buf); + if (buf_used == DEVBLK_SIZE) { + error = rijndael_cipherInit(&dumpkey.ci, MODE_CBC, iv); + if (error <= 0) { + printf("Error: cannot initialize a cipher.\n"); + goto out; + } + if (buf_used >= KERNELDUMP_IV_SIZE) + memcpy(iv, buf + buf_used - KERNELDUMP_IV_SIZE, + KERNELDUMP_IV_SIZE); + error = rijndael_blockDecrypt(&dumpkey.ci, &dumpkey.ki, + buf, 8 * buf_used, buf); + if (error <= 0) { + printf("Error: cannot decrypt data.\n"); + goto out; + } if (fwrite(buf, 1, buf_used, fp_w) != buf_used) { printf("Error: cannot write a decrypted core.\n"); @@ -245,11 +219,10 @@ out: fclose(fp_w); fclose(fp); - bzero(&buf, sizeof(buf)); + bzero(&iv, sizeof(iv)); bzero(&key, sizeof(key)); - bzero(&tweak, sizeof(tweak)); - bzero(&data_ctx, sizeof(struct xts_ctx)); - bzero(&tweak_ctx, sizeof(struct xts_ctx)); + bzero(&buf, sizeof(buf)); + bzero(&dumpkey, sizeof(struct kerneldumpkey)); RSA_free(private_key); } Modified: soc2013/def/crashdump-head/sys/kern/kern_shutdown.c ============================================================================== --- soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Mon Jun 23 19:47:25 2014 (r269948) +++ soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Mon Jun 23 22:16:00 2014 (r269949) @@ -879,8 +879,7 @@ { struct kerneldumpkey *kdk; struct kerneldumpbuffer *kdb; - int error, sector_index, devblk_index; - off_t sector_offset; + int error; kdk = di->kdk; kdb = di->kdb; @@ -892,17 +891,17 @@ return (di->dumper(di->priv, virtual, physical, offset, length)); } - sector_index = (offset - kdb->kdhoffset)/KERNELDUMP_SECTOR_SIZE; - sector_offset = kdb->kdhoffset + sector_index*KERNELDUMP_SECTOR_SIZE; - devblk_index = (offset - sector_offset)/KERNELDUMP_DEVBLK_SIZE; - sector_offset -= kdb->kdhoffset; - while (length > 0) { memcpy(kdb->buf, virtual, KERNELDUMP_DEVBLK_SIZE); - xts_block_encrypt(&xts_alg_aes, &kdk->tweak_ctx, &kdk->data_ctx, - sector_offset, kdk->tweak, devblk_index*KERNELDUMP_DEVBLK_BLKS, - KERNELDUMP_DEVBLK_SIZE, kdb->buf, kdb->buf); + error = rijndael_blockEncrypt(&kdk->ci, &kdk->ki, kdb->buf, + KERNELDUMP_DEVBLK_SIZE * 8, kdb->buf); + if (error <= 0) + return (-1); + error = rijndael_cipherInit(&kdk->ci, MODE_CBC, kdb->buf + + KERNELDUMP_DEVBLK_SIZE - KERNELDUMP_IV_SIZE); + if (error <= 0) + return (-1); error = (di->dumper(di->priv, kdb->buf, physical, offset, KERNELDUMP_DEVBLK_SIZE)); @@ -912,10 +911,6 @@ virtual = (void *)((char *)virtual + KERNELDUMP_DEVBLK_SIZE); length -= KERNELDUMP_DEVBLK_SIZE; offset += KERNELDUMP_DEVBLK_SIZE; - devblk_index = (devblk_index+1)%KERNELDUMP_SECTOR_BLKS; - - if (devblk_index == 0) - sector_offset = offset - kdb->kdhoffset; } return (0); @@ -975,6 +970,7 @@ strncpy(kdh->versionstring, version, sizeof(kdh->versionstring)); if (panicstr != NULL) strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); - memcpy(kdh->encrypted_key, dumper.kdk->encrypted_key, KERNELDUMP_ENCRYPTED_KEY_SIZE); + memcpy(kdh->ciphertext, dumper.kdk->ciphertext, + KERNELDUMP_CIPHERTEXT_SIZE); kdh->parity = kerneldump_parity(kdh); } Modified: soc2013/def/crashdump-head/sys/sys/kerneldump.h ============================================================================== --- soc2013/def/crashdump-head/sys/sys/kerneldump.h Mon Jun 23 19:47:25 2014 (r269948) +++ soc2013/def/crashdump-head/sys/sys/kerneldump.h Mon Jun 23 22:16:00 2014 (r269949) @@ -38,8 +38,8 @@ #ifndef _SYS_KERNELDUMP_H #define _SYS_KERNELDUMP_H +#include <crypto/rijndael/rijndael-api-fst.h> #include <machine/endian.h> -#include <crypto/xts.h> #if BYTE_ORDER == LITTLE_ENDIAN #define dtoh32(x) __bswap32(x) @@ -76,16 +76,16 @@ #define KERNELDUMP_POWERPC_VERSION 1 #define KERNELDUMP_SPARC64_VERSION 1 #define KERNELDUMP_TEXT_VERSION 1 -#define KERNELDUMP_KEY_SIZE 64 -#define KERNELDUMP_ENCRYPTED_KEY_SIZE 256 -#define KERNELDUMP_TWEAK_SIZE 8 +#define KERNELDUMP_KEY_SIZE 32 +#define KERNELDUMP_IV_SIZE 16 +#define KERNELDUMP_CIPHERTEXT_SIZE 256 uint64_t dumplength; /* excl headers */ uint64_t dumptime; uint32_t blocksize; char hostname[64]; char versionstring[64]; char panicstring[64]; - char encrypted_key[KERNELDUMP_ENCRYPTED_KEY_SIZE]; + char ciphertext[KERNELDUMP_CIPHERTEXT_SIZE]; uint32_t parity; }; @@ -106,18 +106,14 @@ } struct kerneldumpkey { - char encrypted_key[KERNELDUMP_ENCRYPTED_KEY_SIZE]; - char tweak[KERNELDUMP_TWEAK_SIZE]; - struct xts_ctx data_ctx; - struct xts_ctx tweak_ctx; + char ciphertext[KERNELDUMP_CIPHERTEXT_SIZE]; + keyInstance ki; + cipherInstance ci; }; #ifdef _KERNEL struct kerneldumpbuffer { #define KERNELDUMP_DEVBLK_SIZE 512 -#define KERNELDUMP_SECTOR_SIZE 4096 -#define KERNELDUMP_DEVBLK_BLKS (KERNELDUMP_DEVBLK_SIZE/XTS_BLK_BYTES) -#define KERNELDUMP_SECTOR_BLKS (KERNELDUMP_SECTOR_SIZE/KERNELDUMP_DEVBLK_SIZE) uint8_t buf[KERNELDUMP_DEVBLK_SIZE]; /* Raw data buffer. */ off_t kdhoffset; /* Offset value of the first kdh. */ };
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406232216.s5NMG1aK066556>