[16/42] mkfs.ubifs: Implement file contents encryption

Message ID	20181018143718.26298-17-richard@nod.at
State	Accepted
Delegated to:	David Oberhollenzer
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Richard Weinberger <richard@nod.at> To: linux-mtd@lists.infradead.org Subject: [PATCH 16/42] mkfs.ubifs: Implement file contents encryption Date: Thu, 18 Oct 2018 16:36:52 +0200 Message-Id: <20181018143718.26298-17-richard@nod.at> In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) Precedence: list Cc: Richard Weinberger <richard@nod.at>, david.oberhollenzer@sigma-star.at Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org> Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	mtd-utils: Add fscrypt support to mkfs.ubifs \| expand [00/42] mtd-utils: Add fscrypt support to mkfs.ubifs [01/42] Import latest ubifs-media.h [02/42] common: Add round functions [03/42] mkfs.ubifs: Add crypto helper functions [04/42] mkfs.ubifs: Implement UBIFS_FLG_DOUBLE_HASH [05/42] mkfs.ubifs: Make r5 hash binary string aware [06/42] mkfs.ubifs: Add fscrypto defines [07/42] mkfs.ubifs: Add basic fscrypto functions [08/42] mkfs.ubifs: Implement UBIFS_FLG_ENCRYPTION [09/42] mkfs.ubifs: Implement basic fscrypto context passing [10/42] mkfs.ubifs: Implement fscrypto context store as xattr [11/42] mkfs.ubifs: Store directory name len in the temporary index [12/42] mkfs.ubifs: Implement filename encryption [13/42] mkfs.ubifs: Add dummy setup for crypto [14/42] mkfs.ubifs: Pass source/dest key len to key derive function [15/42] mkfs.ubifs: Add encrypted symlink support [16/42] mkfs.ubifs: Implement file contents encryption [17/42] mkfs.ubifs: Move symlink data encryption to helper function [18/42] mkfs.ubifs: Make sure we catch nodes that should or should not have name [19/42] mkfs.ubifs: Free all index entry names [20/42] mkfs.ubifs: Seperate path encryption from symlink encryption helper [21/42] mkfs.ubifs: Cleanup add_dent_node, user path encryption helper [22/42] mkfs.ubifs: Replace constant values with parameters in init_fscrypt_context [23/42] mkfs.ubifs: Make encryption dependend on (not-yet-existant) command line options [24/42] mkfs.ubifs: Get key descriptor from command line and master key from file [25/42] mkfs.ubifs: Specify padding policy via command line [26/42] mkfs.ubifs: Initial support for encryption command lines [27/42] mkfs.ubifs: Remove cipher implementations from public header [28/42] mkfs.ubifs: Move fscrypt definitions and functions out of mkfs.ubifs.c [29/42] mkfs.ubifs: Cleanup over-long lines [30/42] mkfs.ubifs: Check length of master key [31/42] mkfs.ubifs: Accept 0x prefix for key descriptor [32/42] mkfs.ubifs: Correctly use iv lengths in aes-cts mode [33/42] mkfs.ubifs: Enable Cipher selection [34/42] mkfs.ubifs: Use correct sizes for keys and hash lengths [35/42] mkfs.ubifs: Fixup AES-XTS mode [36/42] mkfs.ubifs: Compute encryption key descriptor automatically [37/42] mkfs.ubifs: Fix key descriptor printing [38/42] mkfs.ubifs: More fscryptctl compatibility [39/42] mkfs.ubifs: Move RAND_poll to crypto.c [40/42] mkfs.ubifs: Enable support for building without crypto [41/42] mkfs.ubifs: Print key descriptor only when generated [42/42] mkfs.ubifs: Use AES-256-XTS as default

Message ID

20181018143718.26298-17-richard@nod.at

State

Accepted

Delegated to:

David Oberhollenzer

Headers

From: Richard Weinberger <richard@nod.at>
To: linux-mtd@lists.infradead.org
Subject: [PATCH 16/42] mkfs.ubifs: Implement file contents encryption
Date: Thu, 18 Oct 2018 16:36:52 +0200
Message-Id: <20181018143718.26298-17-richard@nod.at>
In-Reply-To: <20181018143718.26298-1-richard@nod.at>
References: <20181018143718.26298-1-richard@nod.at>
MIME-Version: 1.0
Precedence: list
Cc: Richard Weinberger <richard@nod.at>, david.oberhollenzer@sigma-star.at
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

mtd-utils: Add fscrypt support to mkfs.ubifs | expand

Commit Message

Richard Weinberger Oct. 18, 2018, 2:36 p.m. UTC

Signed-off-by: Richard Weinberger <richard@nod.at>
---
 ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 39 ++++++++++++++++++++++++++---
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
index 4ffd8fd51e41..b7d68c60d481 100644
--- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
+++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
@@ -1817,10 +1817,9 @@  static int add_file(const char *path_name, struct stat *st, ino_t inum,
 		}
 		/* Make data node */
 		memset(dn, 0, UBIFS_DATA_NODE_SZ);
-		data_key_init(&key, inum, block_no++);
+		data_key_init(&key, inum, block_no);
 		dn->ch.node_type = UBIFS_DATA_NODE;
 		key_write(&key, &dn->key);
-		dn->size = cpu_to_le32(bytes_read);
 		out_len = NODE_BUFFER_SIZE - UBIFS_DATA_NODE_SZ;
 		if (c->default_compr == UBIFS_COMPR_NONE &&
 		    (flags & FS_COMPR_FL))
@@ -1834,7 +1833,39 @@  static int add_file(const char *path_name, struct stat *st, ino_t inum,
 		compr_type = compress_data(buf, bytes_read, &dn->data,
 					   &out_len, use_compr);
 		dn->compr_type = cpu_to_le16(compr_type);
-		//TODO: encrypt
+		dn->size = cpu_to_le32(bytes_read);
+
+		if (!fctx) {
+			dn->compr_size = 0;
+		} else {
+			void *inbuf, *outbuf, *crypt_key;
+			size_t ret, pad_len = round_up(out_len, FS_CRYPTO_BLOCK_SIZE);
+
+			dn->compr_size = out_len;
+
+			inbuf = xzalloc(pad_len);
+			outbuf = xzalloc(pad_len);
+
+			memcpy(inbuf, &dn->data, out_len);
+
+			crypt_key = calc_fscrypt_subkey(fctx);
+			if (!crypt_key)
+				return err_msg("could not compute subkey");
+
+			ret = encrypt_block_aes128_cbc(inbuf, pad_len, crypt_key, block_no,
+						       outbuf);
+			if (ret != pad_len)
+				return err_msg("encrypt_block_aes128_cbc returned %zi instead of %zi", ret, pad_len);
+
+			memcpy(&dn->data, outbuf, pad_len);
+
+			out_len = pad_len;
+
+			free(inbuf);
+			free(outbuf);
+			free(crypt_key);
+		}
+
 		dn_len = UBIFS_DATA_NODE_SZ + out_len;
 		/* Add data node to file system */
 		err = add_node(&key, NULL, 0, dn, dn_len);
@@ -1842,6 +1873,8 @@  static int add_file(const char *path_name, struct stat *st, ino_t inum,
 			close(fd);
 			return err;
 		}
+
+		block_no++;
 	} while (ret != 0);
 
 	if (close(fd) == -1)

[16/42] mkfs.ubifs: Implement file contents encryption

Commit Message

Patch