aboutsummaryrefslogtreecommitdiffstats
path: root/sbin/decryptcore
diff options
context:
space:
mode:
authorConrad Meyer <cem@FreeBSD.org>2019-05-23 20:12:24 +0000
committerConrad Meyer <cem@FreeBSD.org>2019-05-23 20:12:24 +0000
commit8298529226ff732083fd0392a78855997cbd5f14 (patch)
tree419e7f17651af918e328d1ba5d6983bebd48ddd2 /sbin/decryptcore
parent8a2ad0aec8df73b085fb7d066e66cff6fc7380d8 (diff)
downloadsrc-8298529226ff732083fd0392a78855997cbd5f14.tar.gz
src-8298529226ff732083fd0392a78855997cbd5f14.zip
EKCD: Add Chacha20 encryption mode
Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
Notes
Notes: svn path=/head/; revision=348197
Diffstat (limited to 'sbin/decryptcore')
-rw-r--r--sbin/decryptcore/decryptcore.c24
1 files changed, 22 insertions, 2 deletions
diff --git a/sbin/decryptcore/decryptcore.c b/sbin/decryptcore/decryptcore.c
index 6957e847b419..6a6c362011fb 100644
--- a/sbin/decryptcore/decryptcore.c
+++ b/sbin/decryptcore/decryptcore.c
@@ -119,7 +119,8 @@ static bool
decrypt(int ofd, const char *privkeyfile, const char *keyfile,
const char *input)
{
- uint8_t buf[KERNELDUMP_BUFFER_SIZE], key[KERNELDUMP_KEY_MAX_SIZE];
+ uint8_t buf[KERNELDUMP_BUFFER_SIZE], key[KERNELDUMP_KEY_MAX_SIZE],
+ chachaiv[4 * 4];
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *cipher;
FILE *fp;
@@ -207,6 +208,9 @@ decrypt(int ofd, const char *privkeyfile, const char *keyfile,
case KERNELDUMP_ENC_AES_256_CBC:
cipher = EVP_aes_256_cbc();
break;
+ case KERNELDUMP_ENC_CHACHA20:
+ cipher = EVP_chacha20();
+ break;
default:
pjdlog_error("Invalid encryption algorithm.");
goto failed;
@@ -222,7 +226,23 @@ decrypt(int ofd, const char *privkeyfile, const char *keyfile,
RSA_free(privkey);
privkey = NULL;
- EVP_DecryptInit_ex(ctx, cipher, NULL, key, kdk->kdk_iv);
+ if (kdk->kdk_encryption == KERNELDUMP_ENC_CHACHA20) {
+ /*
+ * OpenSSL treats the IV as 4 little-endian 32 bit integers.
+ *
+ * The first two represent a 64-bit counter, where the low half
+ * is the first 32-bit word.
+ *
+ * Start at counter block zero...
+ */
+ memset(chachaiv, 0, 4 * 2);
+ /*
+ * And use the IV specified by the dump.
+ */
+ memcpy(&chachaiv[4 * 2], kdk->kdk_iv, 4 * 2);
+ EVP_DecryptInit_ex(ctx, cipher, NULL, key, chachaiv);
+ } else
+ EVP_DecryptInit_ex(ctx, cipher, NULL, key, kdk->kdk_iv);
EVP_CIPHER_CTX_set_padding(ctx, 0);
explicit_bzero(key, sizeof(key));