Page MenuHomeFreeBSD
Files F149100961

D17322.id48470.diff
No OneTemporary
Actions

D17322.id48470.diff
View Options

Index: sbin/decryptcore/decryptcore.c
===================================================================
--- sbin/decryptcore/decryptcore.c
+++ sbin/decryptcore/decryptcore.c
@@ -119,7 +119,8 @@
decrypt(int ofd, const char *privkeyfile, const char *keyfile,
const char *input)
{
- uint8_t buf[KERNELDUMP_BUFFER_SIZE], key[KERNELDUMP_KEY_MAX_SIZE];
+ uint8_t buf[KERNELDUMP_BUFFER_SIZE], key[KERNELDUMP_KEY_MAX_SIZE],
+ chachaiv[4 * 4];
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *cipher;
FILE *fp;
@@ -206,6 +207,9 @@
case KERNELDUMP_ENC_AES_256_CBC:
cipher = EVP_aes_256_cbc();
break;
+ case KERNELDUMP_ENC_CHACHA20:
+ cipher = EVP_chacha20();
+ break;
default:
pjdlog_error("Invalid encryption algorithm.");
goto failed;
@@ -221,7 +225,12 @@
RSA_free(privkey);
privkey = NULL;
- EVP_DecryptInit_ex(ctx, cipher, NULL, key, kdk->kdk_iv);
+ if (kdk->kdk_encryption == KERNELDUMP_ENC_CHACHA20) {
+ memset(chachaiv, 0, 4 * 2);
+ memcpy(&chachaiv[4 * 2], kdk->kdk_iv, 4 * 2);
+ EVP_DecryptInit_ex(ctx, cipher, NULL, key, chachaiv);
+ } else
+ EVP_DecryptInit_ex(ctx, cipher, NULL, key, kdk->kdk_iv);
EVP_CIPHER_CTX_set_padding(ctx, 0);
explicit_bzero(key, sizeof(key));
Index: sbin/dumpon/dumpon.c
===================================================================
--- sbin/dumpon/dumpon.c
+++ sbin/dumpon/dumpon.c
@@ -253,7 +253,7 @@
if (kdap->kda_encryptedkey == NULL)
err(1, "Unable to allocate encrypted key");
- kdap->kda_encryption = KERNELDUMP_ENC_AES_256_CBC;
+ kdap->kda_encryption = KERNELDUMP_ENC_CHACHA20;
arc4random_buf(kdap->kda_key, sizeof(kdap->kda_key));
if (RSA_public_encrypt(sizeof(kdap->kda_key), kdap->kda_key,
kdap->kda_encryptedkey, pubkey,
Index: sys/kern/kern_shutdown.c
===================================================================
--- sys/kern/kern_shutdown.c
+++ sys/kern/kern_shutdown.c
@@ -77,6 +77,7 @@
#include <sys/vnode.h>
#include <sys/watchdog.h>
+#include <crypto/chacha20/chacha.h>
#include <crypto/rijndael/rijndael-api-fst.h>
#include <crypto/sha2/sha256.h>
@@ -172,8 +173,13 @@
struct kerneldumpcrypto {
uint8_t kdc_encryption;
uint8_t kdc_iv[KERNELDUMP_IV_MAX_SIZE];
+ /* XXX Proof of concept */
+#if 0
keyInstance kdc_ki;
cipherInstance kdc_ci;
+#else
+ struct chacha_ctx kdc_chacha;
+#endif
uint32_t kdc_dumpkeysize;
struct kerneldumpkey kdc_dumpkey[];
};
@@ -970,10 +976,17 @@
kdc->kdc_encryption = encryption;
switch (kdc->kdc_encryption) {
+ /* XXX Proof of concept */
+#if 0
case KERNELDUMP_ENC_AES_256_CBC:
if (rijndael_makeKey(&kdc->kdc_ki, DIR_ENCRYPT, 256, key) <= 0)
goto failed;
break;
+#else
+ case KERNELDUMP_ENC_CHACHA20:
+ chacha_keysetup(&kdc->kdc_chacha, key, 256);
+ break;
+#endif
default:
goto failed;
}
@@ -1015,6 +1028,8 @@
bcopy(hash, kdc->kdc_iv, sizeof(kdc->kdc_iv));
switch (kdc->kdc_encryption) {
+ /* XXX Proof of concept */
+#if 0
case KERNELDUMP_ENC_AES_256_CBC:
if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC,
kdc->kdc_iv) <= 0) {
@@ -1022,6 +1037,11 @@
goto out;
}
break;
+#else
+ case KERNELDUMP_ENC_CHACHA20:
+ chacha_ivsetup(&kdc->kdc_chacha, kdc->kdc_iv, NULL);
+ break;
+#endif
default:
error = EINVAL;
goto out;
@@ -1128,6 +1148,7 @@
}
if (compression != KERNELDUMP_COMP_NONE) {
+#if 0
/*
* We currently can't support simultaneous encryption and
* compression.
@@ -1136,6 +1157,7 @@
error = EOPNOTSUPP;
goto cleanup;
}
+#endif
dumper.kdcomp = kerneldumpcomp_create(&dumper, compression);
if (dumper.kdcomp == NULL) {
error = EINVAL;
@@ -1221,6 +1243,8 @@
{
switch (kdc->kdc_encryption) {
+ /* XXX Proof of concept */
+#if 0
case KERNELDUMP_ENC_AES_256_CBC:
if (rijndael_blockEncrypt(&kdc->kdc_ci, &kdc->kdc_ki, buf,
8 * size, buf) <= 0) {
@@ -1231,6 +1255,11 @@
return (EIO);
}
break;
+#else
+ case KERNELDUMP_ENC_CHACHA20:
+ chacha_encrypt_bytes(&kdc->kdc_chacha, buf, buf, size);
+ break;
+#endif
default:
return (EINVAL);
}
Index: sys/sys/kerneldump.h
===================================================================
--- sys/sys/kerneldump.h
+++ sys/sys/kerneldump.h
@@ -63,6 +63,7 @@
#define KERNELDUMP_ENC_NONE 0
#define KERNELDUMP_ENC_AES_256_CBC 1
+#define KERNELDUMP_ENC_CHACHA20 2
#define KERNELDUMP_BUFFER_SIZE 4096
#define KERNELDUMP_IV_MAX_SIZE 32

File Metadata

Mime Type
text/plain
Expires
Mon, Mar 23, 7:20 AM (8 h, 24 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
30170464
Default Alt Text
D17322.id48470.diff (4 KB)

Event Timeline