[07/42] mkfs.ubifs: Add basic fscrypto functions

Message ID	20181018143718.26298-8-richard@nod.at
State	Accepted
Delegated to:	David Oberhollenzer
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Richard Weinberger <richard@nod.at> To: linux-mtd@lists.infradead.org Subject: [PATCH 07/42] mkfs.ubifs: Add basic fscrypto functions Date: Thu, 18 Oct 2018 16:36:43 +0200 Message-Id: <20181018143718.26298-8-richard@nod.at> In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) Precedence: list Cc: Richard Weinberger <richard@nod.at>, david.oberhollenzer@sigma-star.at Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org> Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	mtd-utils: Add fscrypt support to mkfs.ubifs \| expand [00/42] mtd-utils: Add fscrypt support to mkfs.ubifs [01/42] Import latest ubifs-media.h [02/42] common: Add round functions [03/42] mkfs.ubifs: Add crypto helper functions [04/42] mkfs.ubifs: Implement UBIFS_FLG_DOUBLE_HASH [05/42] mkfs.ubifs: Make r5 hash binary string aware [06/42] mkfs.ubifs: Add fscrypto defines [07/42] mkfs.ubifs: Add basic fscrypto functions [08/42] mkfs.ubifs: Implement UBIFS_FLG_ENCRYPTION [09/42] mkfs.ubifs: Implement basic fscrypto context passing [10/42] mkfs.ubifs: Implement fscrypto context store as xattr [11/42] mkfs.ubifs: Store directory name len in the temporary index [12/42] mkfs.ubifs: Implement filename encryption [13/42] mkfs.ubifs: Add dummy setup for crypto [14/42] mkfs.ubifs: Pass source/dest key len to key derive function [15/42] mkfs.ubifs: Add encrypted symlink support [16/42] mkfs.ubifs: Implement file contents encryption [17/42] mkfs.ubifs: Move symlink data encryption to helper function [18/42] mkfs.ubifs: Make sure we catch nodes that should or should not have name [19/42] mkfs.ubifs: Free all index entry names [20/42] mkfs.ubifs: Seperate path encryption from symlink encryption helper [21/42] mkfs.ubifs: Cleanup add_dent_node, user path encryption helper [22/42] mkfs.ubifs: Replace constant values with parameters in init_fscrypt_context [23/42] mkfs.ubifs: Make encryption dependend on (not-yet-existant) command line options [24/42] mkfs.ubifs: Get key descriptor from command line and master key from file [25/42] mkfs.ubifs: Specify padding policy via command line [26/42] mkfs.ubifs: Initial support for encryption command lines [27/42] mkfs.ubifs: Remove cipher implementations from public header [28/42] mkfs.ubifs: Move fscrypt definitions and functions out of mkfs.ubifs.c [29/42] mkfs.ubifs: Cleanup over-long lines [30/42] mkfs.ubifs: Check length of master key [31/42] mkfs.ubifs: Accept 0x prefix for key descriptor [32/42] mkfs.ubifs: Correctly use iv lengths in aes-cts mode [33/42] mkfs.ubifs: Enable Cipher selection [34/42] mkfs.ubifs: Use correct sizes for keys and hash lengths [35/42] mkfs.ubifs: Fixup AES-XTS mode [36/42] mkfs.ubifs: Compute encryption key descriptor automatically [37/42] mkfs.ubifs: Fix key descriptor printing [38/42] mkfs.ubifs: More fscryptctl compatibility [39/42] mkfs.ubifs: Move RAND_poll to crypto.c [40/42] mkfs.ubifs: Enable support for building without crypto [41/42] mkfs.ubifs: Print key descriptor only when generated [42/42] mkfs.ubifs: Use AES-256-XTS as default

Message ID

20181018143718.26298-8-richard@nod.at

State

Accepted

Delegated to:

David Oberhollenzer

Headers

From: Richard Weinberger <richard@nod.at>
To: linux-mtd@lists.infradead.org
Subject: [PATCH 07/42] mkfs.ubifs: Add basic fscrypto functions
Date: Thu, 18 Oct 2018 16:36:43 +0200
Message-Id: <20181018143718.26298-8-richard@nod.at>
In-Reply-To: <20181018143718.26298-1-richard@nod.at>
References: <20181018143718.26298-1-richard@nod.at>
MIME-Version: 1.0
Precedence: list
Cc: Richard Weinberger <richard@nod.at>, david.oberhollenzer@sigma-star.at
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

mtd-utils: Add fscrypt support to mkfs.ubifs | expand

Commit Message

Richard Weinberger Oct. 18, 2018, 2:36 p.m. UTC

...maybe we should add them to crypto.c?

Signed-off-by: Richard Weinberger <richard@nod.at>
---
 ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 67 +++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
index 2649c34cdd68..fc1b0cb1f6cc 100644
--- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
+++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
@@ -518,6 +518,73 @@  static long long get_bytes(const char *str)
 
 	return bytes;
 }
+
+static unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx)
+{
+	int ret;
+	unsigned char *new_key = xmalloc(FS_MAX_KEY_SIZE);
+
+	ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, new_key);
+	if (ret < 0) {
+		err_msg("derive_key_aes failed: %i\n", ret);
+
+		free(new_key);
+		new_key = NULL;
+	}
+
+	return new_key;
+}
+
+static struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx)
+{
+	struct fscrypt_context *new_fctx = NULL;
+
+	if (fctx) {
+		new_fctx = xmalloc(sizeof(*new_fctx));
+		new_fctx->format = fctx->format;
+		new_fctx->contents_encryption_mode = fctx->contents_encryption_mode;
+		new_fctx->filenames_encryption_mode = fctx->filenames_encryption_mode;
+		new_fctx->flags = fctx->flags;
+		memcpy(new_fctx->master_key_descriptor, fctx->master_key_descriptor,
+		       FS_KEY_DESCRIPTOR_SIZE);
+		RAND_bytes((void *)&new_fctx->nonce, FS_KEY_DERIVATION_NONCE_SIZE);
+	}
+
+	return new_fctx;
+}
+
+static void free_fscrypt_context(struct fscrypt_context *fctx)
+{
+	free(fctx);
+}
+
+static void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx)
+{
+	int i;
+
+	normsg_cont("fscrypt master key descriptor: ");
+	for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; i++) {
+		normsg_cont("%02x", fctx->master_key_descriptor[i]);
+	}
+	normsg("");
+}
+
+static struct fscrypt_context *init_fscrypt_context(void)
+{
+	struct fscrypt_context *new_fctx = xmalloc(sizeof(*new_fctx));
+
+	new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
+	new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC;
+	new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS;
+	//TODO  accept padding via a parameter
+	new_fctx->flags = FS_POLICY_FLAGS_PAD_4;
+	//TODO  accept descriptor via a parameter
+	RAND_bytes((void *)&new_fctx->master_key_descriptor, FS_KEY_DESCRIPTOR_SIZE);
+	RAND_bytes((void *)&new_fctx->nonce, FS_KEY_DERIVATION_NONCE_SIZE);
+
+	return new_fctx;
+}
+
 /**
  * open_ubi - open the UBI volume.
  * @node: name of the UBI volume character device to fetch information about

[07/42] mkfs.ubifs: Add basic fscrypto functions

Commit Message

Patch