Message ID | 1533734097-31833-2-git-send-email-angelo@amarulasolutions.com |
---|---|
State | Accepted |
Headers | show |
Series | None | expand |
On 08/08/2018 15:14, Angelo Compagnucci wrote: > Encryption on ubi volumes is actually broken cause a mismatch between > the size expected to be written and the actual size after decrypting. > This behavior is not related to swupdate: indeed it's kernel api for ubi > volumes that requires to declare the size to be written before to > actually write anything. > Before this patch, the size to be written on disk is retrieved from the > size of the encrypted image when the real size of a decrypted image > is instead smaller. > > This patch adds a "decrypted-size" property to the sw-description to > explicitly tell to swupdate to allocate that size for ubi volumes. > This parameter should be updated to the real size of the image just > before assembling the update. > > Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> > --- > doc/source/encrypted_images.rst | 26 ++++++++++++++++++++++++++ > handlers/ubivol_handler.c | 12 +++++++++++- > 2 files changed, 37 insertions(+), 1 deletion(-) > > diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst > index a7d85a2..a2592d8 100644 > --- a/doc/source/encrypted_images.rst > +++ b/doc/source/encrypted_images.rst > @@ -52,6 +52,32 @@ generation command above. Accordingly, drop the ``-S <SALT>`` parameter in the > encryption command and omit the 3rd field of the key file to be supplied to > SWUpdate being the salt. > > +Encryption of UBI volumes > +------------------------- > + > +Due to a limit in the Linux kernel api for UBI volumes, the size reserved to be > +written on disk should be declared before actually write anything. > +Unfortunately, the size of an encrypted image is not know until the complete > +decryption, thus preventing to correctly declare the size of the file to be > +written on disk. > + > +For this reason UBI images can declare the special property "decrypted-size" like > +this: > + > +:: > + > + images: ( { > + filename = "rootfs.ubifs.enc"; > + volume = "rootfs"; > + encrypted = true; > + properties = {decrypted-size = "104857600";} > + } > + ); > + > +The real size of the decrypted image should be calculated and written to the > +sw-description before assembling the cpio archive. > +In this example, 104857600 is the size of the rootfs after the decryption: the > +encrypted size is by the way larger. > > Example sw-description with Encrypted Image > ------------------------------------------- > diff --git a/handlers/ubivol_handler.c b/handlers/ubivol_handler.c > index 0c6fcbf..247a644 100644 > --- a/handlers/ubivol_handler.c > +++ b/handlers/ubivol_handler.c > @@ -42,9 +42,19 @@ static int update_volume(libubi_t libubi, struct img_type *img, > char node[64]; > int err; > char sbuf[128]; > + char *decrypted_size_str = NULL; > > bytes = img->size; > if (img->is_encrypted) { > + > + decrypted_size_str = dict_get_value(&img->properties, "decrypted-size"); > + > + bytes = ustrtoull(decrypted_size_str, 0); > + if (errno){ > + ERROR("decrypted-size argument: ustrtoull failed"); > + return -1; > + } > + > if (img->compressed) { > ERROR("Decryption of compressed UBI images not supported"); > return -1; > @@ -53,7 +63,7 @@ static int update_volume(libubi_t libubi, struct img_type *img, > ERROR("Encrypted image size (%lld) too small", bytes); > return -1; > } > - bytes -= AES_BLOCK_SIZE; > + TRACE("Image is crypted, decrypted size %lld bytes", bytes); > } > > if (!libubi) { > Acked-by: Stefano Babic <sbabic@denx.de> Best regards, Stefano Babic
diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst index a7d85a2..a2592d8 100644 --- a/doc/source/encrypted_images.rst +++ b/doc/source/encrypted_images.rst @@ -52,6 +52,32 @@ generation command above. Accordingly, drop the ``-S <SALT>`` parameter in the encryption command and omit the 3rd field of the key file to be supplied to SWUpdate being the salt. +Encryption of UBI volumes +------------------------- + +Due to a limit in the Linux kernel api for UBI volumes, the size reserved to be +written on disk should be declared before actually write anything. +Unfortunately, the size of an encrypted image is not know until the complete +decryption, thus preventing to correctly declare the size of the file to be +written on disk. + +For this reason UBI images can declare the special property "decrypted-size" like +this: + +:: + + images: ( { + filename = "rootfs.ubifs.enc"; + volume = "rootfs"; + encrypted = true; + properties = {decrypted-size = "104857600";} + } + ); + +The real size of the decrypted image should be calculated and written to the +sw-description before assembling the cpio archive. +In this example, 104857600 is the size of the rootfs after the decryption: the +encrypted size is by the way larger. Example sw-description with Encrypted Image ------------------------------------------- diff --git a/handlers/ubivol_handler.c b/handlers/ubivol_handler.c index 0c6fcbf..247a644 100644 --- a/handlers/ubivol_handler.c +++ b/handlers/ubivol_handler.c @@ -42,9 +42,19 @@ static int update_volume(libubi_t libubi, struct img_type *img, char node[64]; int err; char sbuf[128]; + char *decrypted_size_str = NULL; bytes = img->size; if (img->is_encrypted) { + + decrypted_size_str = dict_get_value(&img->properties, "decrypted-size"); + + bytes = ustrtoull(decrypted_size_str, 0); + if (errno){ + ERROR("decrypted-size argument: ustrtoull failed"); + return -1; + } + if (img->compressed) { ERROR("Decryption of compressed UBI images not supported"); return -1; @@ -53,7 +63,7 @@ static int update_volume(libubi_t libubi, struct img_type *img, ERROR("Encrypted image size (%lld) too small", bytes); return -1; } - bytes -= AES_BLOCK_SIZE; + TRACE("Image is crypted, decrypted size %lld bytes", bytes); } if (!libubi) {
Encryption on ubi volumes is actually broken cause a mismatch between the size expected to be written and the actual size after decrypting. This behavior is not related to swupdate: indeed it's kernel api for ubi volumes that requires to declare the size to be written before to actually write anything. Before this patch, the size to be written on disk is retrieved from the size of the encrypted image when the real size of a decrypted image is instead smaller. This patch adds a "decrypted-size" property to the sw-description to explicitly tell to swupdate to allocate that size for ubi volumes. This parameter should be updated to the real size of the image just before assembling the update. Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> --- doc/source/encrypted_images.rst | 26 ++++++++++++++++++++++++++ handlers/ubivol_handler.c | 12 +++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-)