lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2bea24d0-5ae9-7614-43ba-45674785e8e2@infradead.org>
Date:   Sat, 30 Dec 2017 12:20:40 -0800
From:   Randy Dunlap <rdunlap@...radead.org>
To:     Dan Aloni <dan@...nelim.com>, linux-kernel@...r.kernel.org,
        kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH 4/5] tools: add dmesg decryption program

On 12/30/2017 09:58 AM, Dan Aloni wrote:
> From: Dan Aloni <dan@...nelim.com>
> 
> Example execution:
> 
>     dmesg | dmesg-decipher <private-key.pem>
> 
> Signed-off-by: Dan Aloni <dan@...nelim.com>
> ---


> diff --git a/tools/kmsg/dmesg-decipher.c b/tools/kmsg/dmesg-decipher.c
> new file mode 100644
> index 000000000000..c7149fe7dc17
> --- /dev/null
> +++ b/tools/kmsg/dmesg-decipher.c
> @@ -0,0 +1,316 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * dmesg-decipher.c
> + *
> + * A sample utility to decrypt an encrypted dmesg output, for
> + * developement with kernels having kmsg encryption enabled.
> + *
> + * Copyright (c) Dan Aloni, 2017
> + *
> + * Compile with
> + *	gcc -I/usr/src/linux/include getdelays.c -o getdelays

	copy-paste error ^^^

> + */
> +
> +#include <openssl/pem.h>
> +#include <openssl/pkcs7.h>
> +#include <openssl/err.h>
> +
> +#include <stdbool.h>
> +#include <stdint.h>
> +#include <string.h>
> +#include <regex.h>


[snip]


> +int main(int argc, char **argv)
> +{
> +	BIO *tbio = NULL;
> +	RSA *rsa;
> +	int ret = 1;
> +	char line[0x1000];
> +	uint8_t enc_sess_key[0x200];
> +	uint8_t sess_key[0x200] = {0, };
> +	bool got_key = false;
> +
> +	OpenSSL_add_all_algorithms();
> +	ERR_load_crypto_strings();
> +
> +	regex_t session_key_regex;
> +	regex_t message_regex;
> +
> +	ret = regcomp(&session_key_regex, session_key_pattern, REG_EXTENDED);
> +	if (ret) {
> +		goto err;
> +	}
> +
> +	ret = regcomp(&message_regex, message_pattern, REG_EXTENDED);
> +	if (ret) {
> +		goto err;
> +	}
> +
> +	if (argc < 2) {
> +		fprintf(stderr, "not enough paramters\n");

		                            parameters

> +		return -1;
> +	}


-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ