[09/42] mkfs.ubifs: Implement basic fscrypto context passing

Message ID	20181018143718.26298-10-richard@nod.at
State	Accepted
Delegated to:	David Oberhollenzer
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Richard Weinberger <richard@nod.at> To: linux-mtd@lists.infradead.org Subject: [PATCH 09/42] mkfs.ubifs: Implement basic fscrypto context passing Date: Thu, 18 Oct 2018 16:36:45 +0200 Message-Id: <20181018143718.26298-10-richard@nod.at> In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) Precedence: list Cc: Richard Weinberger <richard@nod.at>, david.oberhollenzer@sigma-star.at Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org> Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	mtd-utils: Add fscrypt support to mkfs.ubifs \| expand [00/42] mtd-utils: Add fscrypt support to mkfs.ubifs [01/42] Import latest ubifs-media.h [02/42] common: Add round functions [03/42] mkfs.ubifs: Add crypto helper functions [04/42] mkfs.ubifs: Implement UBIFS_FLG_DOUBLE_HASH [05/42] mkfs.ubifs: Make r5 hash binary string aware [06/42] mkfs.ubifs: Add fscrypto defines [07/42] mkfs.ubifs: Add basic fscrypto functions [08/42] mkfs.ubifs: Implement UBIFS_FLG_ENCRYPTION [09/42] mkfs.ubifs: Implement basic fscrypto context passing [10/42] mkfs.ubifs: Implement fscrypto context store as xattr [11/42] mkfs.ubifs: Store directory name len in the temporary index [12/42] mkfs.ubifs: Implement filename encryption [13/42] mkfs.ubifs: Add dummy setup for crypto [14/42] mkfs.ubifs: Pass source/dest key len to key derive function [15/42] mkfs.ubifs: Add encrypted symlink support [16/42] mkfs.ubifs: Implement file contents encryption [17/42] mkfs.ubifs: Move symlink data encryption to helper function [18/42] mkfs.ubifs: Make sure we catch nodes that should or should not have name [19/42] mkfs.ubifs: Free all index entry names [20/42] mkfs.ubifs: Seperate path encryption from symlink encryption helper [21/42] mkfs.ubifs: Cleanup add_dent_node, user path encryption helper [22/42] mkfs.ubifs: Replace constant values with parameters in init_fscrypt_context [23/42] mkfs.ubifs: Make encryption dependend on (not-yet-existant) command line options [24/42] mkfs.ubifs: Get key descriptor from command line and master key from file [25/42] mkfs.ubifs: Specify padding policy via command line [26/42] mkfs.ubifs: Initial support for encryption command lines [27/42] mkfs.ubifs: Remove cipher implementations from public header [28/42] mkfs.ubifs: Move fscrypt definitions and functions out of mkfs.ubifs.c [29/42] mkfs.ubifs: Cleanup over-long lines [30/42] mkfs.ubifs: Check length of master key [31/42] mkfs.ubifs: Accept 0x prefix for key descriptor [32/42] mkfs.ubifs: Correctly use iv lengths in aes-cts mode [33/42] mkfs.ubifs: Enable Cipher selection [34/42] mkfs.ubifs: Use correct sizes for keys and hash lengths [35/42] mkfs.ubifs: Fixup AES-XTS mode [36/42] mkfs.ubifs: Compute encryption key descriptor automatically [37/42] mkfs.ubifs: Fix key descriptor printing [38/42] mkfs.ubifs: More fscryptctl compatibility [39/42] mkfs.ubifs: Move RAND_poll to crypto.c [40/42] mkfs.ubifs: Enable support for building without crypto [41/42] mkfs.ubifs: Print key descriptor only when generated [42/42] mkfs.ubifs: Use AES-256-XTS as default

diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 09c28ab0b6bd..349f68ab8797 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -174,6 +174,7 @@ int yes; static char *root; static int root_len; +static struct fscrypt_context *root_fctx; static struct stat root_st; static char *output; static int out_fd; @@ -1423,7 +1424,8 @@ static inline int inode_add_selinux_xattr(struct ubifs_ino_node *host_ino, * @flags: source inode flags */ static int add_inode(struct stat *st, ino_t inum, void *data, - unsigned int data_len, int flags, const char *xattr_path) + unsigned int data_len, int flags, const char *xattr_path, + struct fscrypt_context *fctx) { struct ubifs_ino_node *ino = node_buf; union ubifs_key key; @@ -1441,7 +1443,8 @@ static int add_inode(struct stat *st, ino_t inum, void *data, use_flags |= UBIFS_APPEND_FL; if (flags & FS_DIRSYNC_FL && S_ISDIR(st->st_mode)) use_flags |= UBIFS_DIRSYNC_FL; - + if (fctx) + use_flags |= UBIFS_CRYPT_FL; memset(ino, 0, UBIFS_INO_NODE_SZ); ino_key_init(&key, inum); @@ -1498,7 +1501,8 @@ static int add_inode(struct stat *st, ino_t inum, void *data, * the device table. */ static int add_dir_inode(const char *path_name, DIR *dir, ino_t inum, loff_t size, - unsigned int nlink, struct stat *st) + unsigned int nlink, struct stat *st, + struct fscrypt_context *fctx) { int fd, flags = 0; @@ -1513,7 +1517,7 @@ static int add_dir_inode(const char *path_name, DIR *dir, ino_t inum, loff_t siz flags = 0; } - return add_inode(st, inum, NULL, 0, flags, path_name); + return add_inode(st, inum, NULL, 0, flags, path_name, fctx); } /** @@ -1527,7 +1531,7 @@ static int add_dev_inode(const char *path_name, struct stat *st, ino_t inum, int union ubifs_dev_desc dev; dev.huge = cpu_to_le64(makedev(major(st->st_rdev), minor(st->st_rdev))); - return add_inode(st, inum, &dev, 8, flags, path_name); + return add_inode(st, inum, &dev, 8, flags, path_name, NULL); } /** @@ -1538,7 +1542,7 @@ static int add_dev_inode(const char *path_name, struct stat *st, ino_t inum, int * @flags: source inode flags */ static int add_symlink_inode(const char *path_name, struct stat *st, ino_t inum, - int flags) + int flags, struct fscrypt_context *fctx) { char buf[UBIFS_MAX_INO_DATA + 2]; ssize_t len; @@ -1550,7 +1554,7 @@ static int add_symlink_inode(const char *path_name, struct stat *st, ino_t inum, if (len > UBIFS_MAX_INO_DATA) return err_msg("symlink too long for %s", path_name); - return add_inode(st, inum, buf, len, flags, path_name); + return add_inode(st, inum, buf, len, flags, path_name, fctx); } static void set_dent_cookie(struct ubifs_dent_node *dent) @@ -1569,7 +1573,7 @@ static void set_dent_cookie(struct ubifs_dent_node *dent) * @type: type of the target inode */ static int add_dent_node(ino_t dir_inum, const char *name, ino_t inum, - unsigned char type) + unsigned char type, struct fscrypt_context *fctx) { struct ubifs_dent_node *dent = node_buf; union ubifs_key key; @@ -1658,7 +1662,7 @@ static int all_zero(void *buf, int len) * @flags: source inode flags */ static int add_file(const char *path_name, struct stat *st, ino_t inum, - int flags) + int flags, struct fscrypt_context *fctx) { struct ubifs_data_node *dn = node_buf; void *buf = block_buf; @@ -1728,7 +1732,7 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum, return err_msg("file size changed during writing file '%s'", path_name); - return add_inode(st, inum, NULL, 0, flags, path_name); + return add_inode(st, inum, NULL, 0, flags, path_name, fctx); } /** @@ -1741,7 +1745,8 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum, * creating the UBIFS inode */ static int add_non_dir(const char *path_name, ino_t *inum, unsigned int nlink, - unsigned char *type, struct stat *st) + unsigned char *type, struct stat *st, + struct fscrypt_context *fctx) { int fd, flags = 0; @@ -1806,17 +1811,17 @@ static int add_non_dir(const char *path_name, ino_t *inum, unsigned int nlink, creat_sqnum = ++c->max_sqnum; if (S_ISREG(st->st_mode)) - return add_file(path_name, st, *inum, flags); + return add_file(path_name, st, *inum, flags, fctx); if (S_ISCHR(st->st_mode)) return add_dev_inode(path_name, st, *inum, flags); if (S_ISBLK(st->st_mode)) return add_dev_inode(path_name, st, *inum, flags); if (S_ISLNK(st->st_mode)) - return add_symlink_inode(path_name, st, *inum, flags); + return add_symlink_inode(path_name, st, *inum, flags, fctx); if (S_ISSOCK(st->st_mode)) - return add_inode(st, *inum, NULL, 0, flags, NULL); + return add_inode(st, *inum, NULL, 0, flags, NULL, NULL); if (S_ISFIFO(st->st_mode)) - return add_inode(st, *inum, NULL, 0, flags, NULL); + return add_inode(st, *inum, NULL, 0, flags, NULL, NULL); return err_msg("file '%s' has unknown inode type", path_name); } @@ -1831,7 +1836,7 @@ static int add_non_dir(const char *path_name, ino_t *inum, unsigned int nlink, * created because it is defined in the device table file. */ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, - int existing) + int existing, struct fscrypt_context *fctx) { struct dirent *entry; DIR *dir = NULL; @@ -1867,6 +1872,7 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, */ for (; existing;) { struct stat dent_st; + struct fscrypt_context *new_fctx = NULL; errno = 0; entry = readdir(dir); @@ -1922,14 +1928,16 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, inum = ++c->highest_inum; + new_fctx = inherit_fscrypt_context(fctx); + if (S_ISDIR(dent_st.st_mode)) { - err = add_directory(name, inum, &dent_st, 1); + err = add_directory(name, inum, &dent_st, 1, new_fctx); if (err) goto out_free; nlink += 1; type = UBIFS_ITYPE_DIR; } else { - err = add_non_dir(name, &inum, 0, &type, &dent_st); + err = add_non_dir(name, &inum, 0, &type, &dent_st, new_fctx); if (err) goto out_free; } @@ -1938,11 +1946,13 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, if (err) goto out_free; - err = add_dent_node(dir_inum, entry->d_name, inum, type); + err = add_dent_node(dir_inum, entry->d_name, inum, type, fctx); if (err) goto out_free; size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(entry->d_name) + 1, 8); + + free_fscrypt_context(new_fctx); } /* @@ -1952,6 +1962,7 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, nh_elt = first_name_htbl_element(ph_elt, &itr); while (nh_elt) { struct stat fake_st; + struct fscrypt_context *new_fctx = NULL; /* * We prohibit creating regular files using the device table, @@ -1978,14 +1989,16 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, name = make_path(dir_name, nh_elt->name); inum = ++c->highest_inum; + new_fctx = inherit_fscrypt_context(fctx); + if (S_ISDIR(nh_elt->mode)) { - err = add_directory(name, inum, &fake_st, 0); + err = add_directory(name, inum, &fake_st, 0, new_fctx); if (err) goto out_free; nlink += 1; type = UBIFS_ITYPE_DIR; } else { - err = add_non_dir(name, &inum, 0, &type, &fake_st); + err = add_non_dir(name, &inum, 0, &type, &fake_st, new_fctx); if (err) goto out_free; } @@ -1994,17 +2007,18 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, if (err) goto out_free; - err = add_dent_node(dir_inum, nh_elt->name, inum, type); + err = add_dent_node(dir_inum, nh_elt->name, inum, type, fctx); if (err) goto out_free; size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(nh_elt->name) + 1, 8); nh_elt = next_name_htbl_element(ph_elt, &itr); + free_fscrypt_context(new_fctx); } creat_sqnum = dir_creat_sqnum; - err = add_dir_inode(dir ? dir_name : NULL, dir, dir_inum, size, nlink, st); + err = add_dir_inode(dir ? dir_name : NULL, dir, dir_inum, size, nlink, st, fctx); if (err) goto out_free; @@ -2035,7 +2049,7 @@ static int add_multi_linked_files(void) for (im = hash_table[i]; im; im = im->next) { dbg_msg(2, "%s", im->path_name); err = add_non_dir(im->path_name, &im->use_inum, - im->use_nlink, &type, &im->st); + im->use_nlink, &type, &im->st, NULL); if (err) return err; } @@ -2083,7 +2097,7 @@ static int write_data(void) if (err) return err; - err = add_directory(root, UBIFS_ROOT_INO, &root_st, !!root); + err = add_directory(root, UBIFS_ROOT_INO, &root_st, !!root, root_fctx); if (err) return err; err = add_multi_linked_files();

[09/42] mkfs.ubifs: Implement basic fscrypto context passing

Commit Message

Patch