diff options
Diffstat (limited to 'sbin/dumpon')
| -rw-r--r-- | sbin/dumpon/dumpon.8 | 16 | ||||
| -rw-r--r-- | sbin/dumpon/dumpon.c | 36 |
2 files changed, 42 insertions, 10 deletions
diff --git a/sbin/dumpon/dumpon.8 b/sbin/dumpon/dumpon.8 index 0379042b528e..57a75f78057a 100644 --- a/sbin/dumpon/dumpon.8 +++ b/sbin/dumpon/dumpon.8 @@ -28,7 +28,7 @@ .\" From: @(#)swapon.8 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd May 21, 2019 +.Dd May 23, 2019 .Dt DUMPON 8 .Os .Sh NAME @@ -39,6 +39,7 @@ .Op Fl i Ar index .Op Fl r .Op Fl v +.Op Fl C Ar cipher .Op Fl k Ar pubkey .Op Fl Z .Op Fl z @@ -47,6 +48,7 @@ .Op Fl i Ar index .Op Fl r .Op Fl v +.Op Fl C Ar cipher .Op Fl k Ar pubkey .Op Fl Z .Op Fl z @@ -129,6 +131,14 @@ The goal of the mechanism is to provide confidentiality. The .Va pubkey file should be a PEM-formatted RSA key of at least 1024 bits. +.It Fl C Ar cipher +Select the symmetric algorithm used for encrypted kernel crash dump. +The default is +.Dq chacha20 +but +.Dq aes256-cbc +is also available. +(AES256-CBC mode does not work in conjunction with compression.) .It Fl l List the currently configured dump device(s), or /dev/null if no devices are configured. @@ -420,10 +430,6 @@ requires the .Dv GZIO option. .Sh BUGS -It is currently not possible to configure both compression and encryption. -The encrypted dump format assumes that the kernel dump size is a multiple -of the cipher block size, which may not be true when the dump is compressed. -.Pp Netdump only supports IPv4 at this time. .Sh SECURITY CONSIDERATIONS The current encrypted kernel core dump scheme does not provide integrity nor diff --git a/sbin/dumpon/dumpon.c b/sbin/dumpon/dumpon.c index 3eec6495b215..e1d8bd57b9dc 100644 --- a/sbin/dumpon/dumpon.c +++ b/sbin/dumpon/dumpon.c @@ -276,7 +276,16 @@ genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap) if (kdap->kda_encryptedkey == NULL) err(1, "Unable to allocate encrypted key"); - kdap->kda_encryption = KERNELDUMP_ENC_AES_256_CBC; + /* + * If no cipher was specified, choose a reasonable default. + */ + if (kdap->kda_encryption == KERNELDUMP_ENC_NONE) + kdap->kda_encryption = KERNELDUMP_ENC_CHACHA20; + else if (kdap->kda_encryption == KERNELDUMP_ENC_AES_256_CBC && + kdap->kda_compression != KERNELDUMP_COMP_NONE) + errx(EX_USAGE, "Unpadded AES256-CBC mode cannot be used " + "with compression."); + arc4random_buf(kdap->kda_key, sizeof(kdap->kda_key)); if (RSA_public_encrypt(sizeof(kdap->kda_key), kdap->kda_key, kdap->kda_encryptedkey, pubkey, @@ -378,7 +387,7 @@ main(int argc, char *argv[]) struct diocskerneldump_arg ndconf, *kdap; struct addrinfo hints, *res; const char *dev, *pubkeyfile, *server, *client, *gateway; - int ch, error, fd; + int ch, error, fd, cipher; bool gzip, list, netdump, zstd, insert, rflag; uint8_t ins_idx; @@ -387,9 +396,21 @@ main(int argc, char *argv[]) pubkeyfile = NULL; server = client = gateway = NULL; ins_idx = KDA_APPEND; + cipher = KERNELDUMP_ENC_NONE; - while ((ch = getopt(argc, argv, "c:g:i:k:lrs:vZz")) != -1) + while ((ch = getopt(argc, argv, "C:c:g:i:k:lrs:vZz")) != -1) switch ((char)ch) { + case 'C': + if (strcasecmp(optarg, "chacha") == 0 || + strcasecmp(optarg, "chacha20") == 0) + cipher = KERNELDUMP_ENC_CHACHA20; + else if (strcasecmp(optarg, "aes-cbc") == 0 || + strcasecmp(optarg, "aes256-cbc") == 0) + cipher = KERNELDUMP_ENC_AES_256_CBC; + else + errx(EX_USAGE, "Unrecognized cipher algorithm " + "'%s'", optarg); + break; case 'c': client = optarg; break; @@ -451,7 +472,10 @@ main(int argc, char *argv[]) if (argc != 1) usage(); -#ifndef HAVE_CRYPTO +#ifdef HAVE_CRYPTO + if (cipher != KERNELDUMP_ENC_NONE && pubkeyfile == NULL) + errx(EX_USAGE, "-C option requires a public key file."); +#else if (pubkeyfile != NULL) errx(EX_UNAVAILABLE,"Unable to use the public key." " Recompile dumpon with OpenSSL support."); @@ -526,8 +550,10 @@ main(int argc, char *argv[]) } #ifdef HAVE_CRYPTO - if (pubkeyfile != NULL) + if (pubkeyfile != NULL) { + kdap->kda_encryption = cipher; genkey(pubkeyfile, kdap); + } #endif error = ioctl(fd, DIOCSKERNELDUMP, kdap); if (error != 0) |