[30/42] mkfs.ubifs: Check length of master key

Message ID	20181018143718.26298-31-richard@nod.at
State	Accepted
Delegated to:	David Oberhollenzer
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Richard Weinberger <richard@nod.at> To: linux-mtd@lists.infradead.org Subject: [PATCH 30/42] mkfs.ubifs: Check length of master key Date: Thu, 18 Oct 2018 16:37:06 +0200 Message-Id: <20181018143718.26298-31-richard@nod.at> In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) Precedence: list Cc: Richard Weinberger <richard@nod.at>, david.oberhollenzer@sigma-star.at Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org> Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	mtd-utils: Add fscrypt support to mkfs.ubifs \| expand [00/42] mtd-utils: Add fscrypt support to mkfs.ubifs [01/42] Import latest ubifs-media.h [02/42] common: Add round functions [03/42] mkfs.ubifs: Add crypto helper functions [04/42] mkfs.ubifs: Implement UBIFS_FLG_DOUBLE_HASH [05/42] mkfs.ubifs: Make r5 hash binary string aware [06/42] mkfs.ubifs: Add fscrypto defines [07/42] mkfs.ubifs: Add basic fscrypto functions [08/42] mkfs.ubifs: Implement UBIFS_FLG_ENCRYPTION [09/42] mkfs.ubifs: Implement basic fscrypto context passing [10/42] mkfs.ubifs: Implement fscrypto context store as xattr [11/42] mkfs.ubifs: Store directory name len in the temporary index [12/42] mkfs.ubifs: Implement filename encryption [13/42] mkfs.ubifs: Add dummy setup for crypto [14/42] mkfs.ubifs: Pass source/dest key len to key derive function [15/42] mkfs.ubifs: Add encrypted symlink support [16/42] mkfs.ubifs: Implement file contents encryption [17/42] mkfs.ubifs: Move symlink data encryption to helper function [18/42] mkfs.ubifs: Make sure we catch nodes that should or should not have name [19/42] mkfs.ubifs: Free all index entry names [20/42] mkfs.ubifs: Seperate path encryption from symlink encryption helper [21/42] mkfs.ubifs: Cleanup add_dent_node, user path encryption helper [22/42] mkfs.ubifs: Replace constant values with parameters in init_fscrypt_context [23/42] mkfs.ubifs: Make encryption dependend on (not-yet-existant) command line options [24/42] mkfs.ubifs: Get key descriptor from command line and master key from file [25/42] mkfs.ubifs: Specify padding policy via command line [26/42] mkfs.ubifs: Initial support for encryption command lines [27/42] mkfs.ubifs: Remove cipher implementations from public header [28/42] mkfs.ubifs: Move fscrypt definitions and functions out of mkfs.ubifs.c [29/42] mkfs.ubifs: Cleanup over-long lines [30/42] mkfs.ubifs: Check length of master key [31/42] mkfs.ubifs: Accept 0x prefix for key descriptor [32/42] mkfs.ubifs: Correctly use iv lengths in aes-cts mode [33/42] mkfs.ubifs: Enable Cipher selection [34/42] mkfs.ubifs: Use correct sizes for keys and hash lengths [35/42] mkfs.ubifs: Fixup AES-XTS mode [36/42] mkfs.ubifs: Compute encryption key descriptor automatically [37/42] mkfs.ubifs: Fix key descriptor printing [38/42] mkfs.ubifs: More fscryptctl compatibility [39/42] mkfs.ubifs: Move RAND_poll to crypto.c [40/42] mkfs.ubifs: Enable support for building without crypto [41/42] mkfs.ubifs: Print key descriptor only when generated [42/42] mkfs.ubifs: Use AES-256-XTS as default

Message ID

20181018143718.26298-31-richard@nod.at

State

Accepted

Delegated to:

David Oberhollenzer

Headers

From: Richard Weinberger <richard@nod.at>
To: linux-mtd@lists.infradead.org
Subject: [PATCH 30/42] mkfs.ubifs: Check length of master key
Date: Thu, 18 Oct 2018 16:37:06 +0200
Message-Id: <20181018143718.26298-31-richard@nod.at>
In-Reply-To: <20181018143718.26298-1-richard@nod.at>
References: <20181018143718.26298-1-richard@nod.at>
MIME-Version: 1.0
Precedence: list
Cc: Richard Weinberger <richard@nod.at>, david.oberhollenzer@sigma-star.at
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

mtd-utils: Add fscrypt support to mkfs.ubifs | expand

Commit Message

Richard Weinberger Oct. 18, 2018, 2:37 p.m. UTC

From: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
---
 ubifs-utils/mkfs.ubifs/crypto.c  | 2 ++
 ubifs-utils/mkfs.ubifs/crypto.h  | 1 +
 ubifs-utils/mkfs.ubifs/fscrypt.c | 9 +++++++--
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c
index f7b51357c04a..bd3273767a5b 100644
--- a/ubifs-utils/mkfs.ubifs/crypto.c
+++ b/ubifs-utils/mkfs.ubifs/crypto.c
@@ -281,10 +281,12 @@  ssize_t derive_key_aes(const void *deriving_key, const void *source_key,
 static struct cipher ciphers[] = {
 	{
 		.name = "AES-128-CBC",
+		.key_length = 16,
 		.encrypt_block = encrypt_block_aes128_cbc,
 		.encrypt_fname = encrypt_aes128_cbc_cts,
 	}, {
 		.name = "AES-256-XTS",
+		.key_length = 64,
 		.encrypt_block = encrypt_block_aes256_xts,
 		.encrypt_fname = encrypt_aes256_cbc_cts,
 	}
diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h
index b6a1e004f46d..7fb2d3b8d005 100644
--- a/ubifs-utils/mkfs.ubifs/crypto.h
+++ b/ubifs-utils/mkfs.ubifs/crypto.h
@@ -28,6 +28,7 @@ 
 
 struct cipher {
 	const char *name;
+	unsigned int key_length;
 
 	ssize_t (*encrypt_block)(const void *plaintext, size_t size,
 				 const void *key, uint64_t block_index,
diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c
index 68001e1d88f4..6d1fa4ba9d3f 100644
--- a/ubifs-utils/mkfs.ubifs/fscrypt.c
+++ b/ubifs-utils/mkfs.ubifs/fscrypt.c
@@ -188,7 +188,7 @@  static int parse_key_descriptor(const char *desc, __u8 *dst)
 	return 0;
 }
 
-static int load_master_key(const char *key_file)
+static int load_master_key(const char *key_file, struct cipher *fsc)
 {
 	int kf;
 	ssize_t keysize;
@@ -208,6 +208,11 @@  static int load_master_key(const char *key_file)
 		err_msg("loading key from '%s': file is empty", key_file);
 		goto fail;
 	}
+	if (keysize < fsc->key_length) {
+		err_msg("key '%s' is too short (at least %u bytes required)",
+			key_file, fsc->key_length);
+		goto fail;
+	}
 
 	close(kf);
 	return 0;
@@ -237,7 +242,7 @@  struct fscrypt_context *init_fscrypt_context(const char *cipher_name,
 	if (parse_key_descriptor(key_descriptor, master_key_descriptor))
 		return NULL;
 
-	if (load_master_key(key_file))
+	if (load_master_key(key_file, fscrypt_cipher))
 		return NULL;
 
 	RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE);

[30/42] mkfs.ubifs: Check length of master key

Commit Message

Patch