From patchwork Thu Oct 18 14:37:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985999 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="U2FCzEzf"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXLl5HmWz9sCT for ; Fri, 19 Oct 2018 02:01:35 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=bHNe2gd3Mztj3I0nz23WKJ/RUby3mjGCesafRp+bcqw=; b=U2FCzEzftoeQAT wmTLAWAmpcDunYAAXjEdIpNrz3JwMpcGHHHUWzFqO5LCkC6RR+hfM15I2A3exbZnwmy+FdOsUZG4a 1PfBJV68SyaLWBrs7KMFiogoSBOSu94Z13ui0c+S2gY5NVni+E/fSLbl48AeFGFYvUcBDYdYCQDaT qgoYL3wAzFYQfMiNPl+ppcdDRmlI6MXVfxVwTSme7+c+kUS4CiqXURPf4kJZohBRLILoLpqI3/6Zc CgM6dai5ujOtl/1fFcXJyuXGaIt34IwpP5XHVXSPCwYH7dwC3Y66+2gzb/gcd9Z3JsnRZbX9+r76U +XVQzgt69jEXtXDEiYqQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9nd-00031q-An; Thu, 18 Oct 2018 15:01:21 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SP-0004Xh-Ls for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:41:26 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 1DE6D180230B4; Thu, 18 Oct 2018 16:39:11 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 40/42] mkfs.ubifs: Enable support for building without crypto Date: Thu, 18 Oct 2018 16:37:16 +0200 Message-Id: <20181018143718.26298-41-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073926_069749_71305EEB X-CRM114-Status: GOOD ( 16.38 ) X-Spam-Note: SpamAssassin invocation failed X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- Makefile.am | 4 ++ configure.ac | 27 ++++++++++-- ubifs-utils/Makemodule.am | 10 +++-- ubifs-utils/mkfs.ubifs/crypto.h | 11 +++-- ubifs-utils/mkfs.ubifs/fscrypt.h | 65 +++++++++++++++++++++++++---- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 56 ++++++++++++++++++++++--- 6 files changed, 148 insertions(+), 25 deletions(-) diff --git a/Makefile.am b/Makefile.am index 391edef4ee31..1bc4684b191d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,6 +14,10 @@ if WITH_SELINUX AM_CPPFLAGS += -DWITH_SELINUX endif +if WITH_CRYPTO +AM_CPPFLAGS += -DWITH_CRYPTO +endif + sbin_PROGRAMS = sbin_SCRIPTS = check_PROGRAMS = diff --git a/configure.ac b/configure.ac index 346fcbd26328..d5abb14263b5 100644 --- a/configure.ac +++ b/configure.ac @@ -69,7 +69,7 @@ need_lzo="no" need_xattr="no" need_cmocka="no" need_selinux="no" - +need_openssl="no" AM_COND_IF([UNIT_TESTS], [ need_cmocka="yes" @@ -115,8 +115,6 @@ AC_ARG_ENABLE([lsmtd], esac], [AM_CONDITIONAL([BUILD_LSMTD], [true])]) -AC_CHECK_HEADER(openssl/rand.h) - AC_ARG_WITH([jffs], [AS_HELP_STRING([--without-jffs], [Disable jffsX utilities])], [case "${withval}" in @@ -140,6 +138,7 @@ AM_COND_IF([BUILD_UBIFS], [ need_xattr="yes" need_zlib="yes" need_lzo="yes" + need_openssl="yes" ]) AM_COND_IF([BUILD_JFFSX], [ @@ -174,6 +173,15 @@ AC_ARG_WITH([selinux], *) AC_MSG_ERROR([bad value ${withval} for --with-selinux]) ;; esac]) +AC_ARG_WITH([crypto], + [AS_HELP_STRING([--without-crypto], + [Disable support for UBIFS crypto features])], + [case "${withval}" in + yes) ;; + no) need_openssl="no";; + *) AC_MSG_ERROR([bad value ${withval} for --without-crypto]) ;; + esac]) + ##### search for dependencies ##### clock_gettime_missing="no" @@ -184,6 +192,7 @@ lzo_missing="no" xattr_missing="no" cmocka_missing="no" selinux_missing="no" +openssl_missing="no" if test "x$need_zlib" = "xyes"; then PKG_CHECK_MODULES(ZLIB, [zlib], [], [zlib_missing="yes"]) @@ -226,6 +235,11 @@ if test "x$need_selinux" = "xyes"; then AC_CHECK_HEADERS([selinux/label.h], [], [selinux_missing="yes"]) fi +if test "x$need_openssl" = "xyes"; then + AC_CHECK_HEADER(openssl/rand.h) + PKG_CHECK_MODULES(OPENSSL, [openssl], [], [openssl_missing="yes"]) +fi + if test "x$need_cmocka" = "xyes"; then PKG_CHECK_MODULES(CMOCKA, [cmocka], [], [cmocka_missing="yes"]) fi @@ -281,6 +295,12 @@ if test "x$selinux_missing" = "xyes"; then need_selinux="no" fi +if test "x$openssl_missing" = "xyes"; then + AC_MSG_WARN([cannot find headers for OpenSSL library]) + AC_MSG_WARN([disabling OpenSSL support]) + need_openssl="no" +fi + if test "x$cmocka_missing" = "xyes"; then AC_MSG_WARN([cannot find CMocka library required for unit tests]) AC_MSG_NOTICE([unit tests can optionally be disabled]) @@ -296,6 +316,7 @@ fi AM_CONDITIONAL([WITHOUT_LZO], [test "x$need_lzo" != "xyes"]) AM_CONDITIONAL([WITHOUT_XATTR], [test "x$need_xattr" != "xyes"]) AM_CONDITIONAL([WITH_SELINUX], [test "x$need_selinux" == "xyes"]) +AM_CONDITIONAL([WITH_CRYPTO], [test "x$need_openssl" == "xyes"]) AC_CHECK_SIZEOF([off_t]) AC_CHECK_SIZEOF([loff_t]) diff --git a/ubifs-utils/Makemodule.am b/ubifs-utils/Makemodule.am index 5905a2badbb6..b8e4075c9d2a 100644 --- a/ubifs-utils/Makemodule.am +++ b/ubifs-utils/Makemodule.am @@ -10,15 +10,19 @@ mkfs_ubifs_SOURCES = \ ubifs-utils/mkfs.ubifs/crc16.c \ ubifs-utils/mkfs.ubifs/lpt.c \ ubifs-utils/mkfs.ubifs/compr.c \ - ubifs-utils/mkfs.ubifs/crypto.c \ - ubifs-utils/mkfs.ubifs/fscrypt.c \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_private.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.c \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.c \ ubifs-utils/mkfs.ubifs/devtable.c -mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) -lm -lssl -lcrypto + +if WITH_CRYPTO +mkfs_ubifs_SOURCES += ubifs-utils/mkfs.ubifs/crypto.c \ + ubifs-utils/mkfs.ubifs/fscrypt.c +endif + +mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) $(OPENSSL_LIBS) -lm mkfs_ubifs_CPPFLAGS = $(AM_CPPFLAGS) $(ZLIB_CFLAGS) $(LZO_CFLAGS) $(UUID_CFLAGS) $(LIBSELINUX_CFLAGS)\ -I$(top_srcdir)/ubi-utils/include -I$(top_srcdir)/ubifs-utils/mkfs.ubifs/ diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index f275839aa77d..b6ffad19b72d 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -41,19 +41,18 @@ struct cipher { unsigned int fscrypt_fname_mode; }; - +#ifdef WITH_CRYPTO int crypto_init(void); - void crypto_cleanup(void); - ssize_t derive_key_aes(const void *deriving_key, const void *source_key, size_t source_key_len, void *derived_key); - int derive_key_descriptor(const void *source_key, void *descriptor); - struct cipher *get_cipher(const char *name); - void list_ciphers(FILE *fp); +#else +static inline int crypto_init(void) { return 0;} +static inline void crypto_cleanup(void) {} +#endif /* WITH_CRYPTO */ #endif /* UBIFS_CRYPTO_H */ diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index e3cfee50290a..3b717b4359c6 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -97,27 +97,76 @@ struct fscrypt_symlink_data { #define FS_IV_SIZE 16 #endif +#ifdef WITH_CRYPTO unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx); - struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx); - void free_fscrypt_context(struct fscrypt_context *fctx); - void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx); - unsigned int fscrypt_fname_encrypted_size(struct fscrypt_context *fctx, unsigned int ilen); - int encrypt_path(void **outbuf, void *data, unsigned int data_len, unsigned int max_namelen, struct fscrypt_context *fctx); - int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no, struct ubifs_data_node *dn, size_t length); - struct fscrypt_context *init_fscrypt_context(const char *cipher_name, unsigned int flags, const char *key_file, const char *key_descriptor); - +#else +static inline struct fscrypt_context *init_fscrypt_context( + const char *cipher_name, + unsigned int flags, + const char *key_file, + const char *key_descriptor) +{ + (void)cipher_name; + (void)flags; + (void)key_file; + (void)key_descriptor; + + assert(0); + return NULL; +} + +static inline void free_fscrypt_context(struct fscrypt_context *fctx) +{ + (void)fctx; + + assert(0); +} + +static inline int encrypt_path(void **outbuf, void *data, unsigned int data_len, + unsigned int max_namelen, struct fscrypt_context *fctx) +{ + (void)outbuf; + (void)data; + (void)data_len; + (void)max_namelen; + (void)fctx; + + assert(0); + return -1; +} + +static inline int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no, + struct ubifs_data_node *dn, size_t length) +{ + (void)fctx; + (void)block_no; + (void)dn; + (void)length; + + assert(0); + return -1; +} + +static inline struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx) +{ + (void)fctx; + + assert(0); + return NULL; +} +#endif /* WITH_CRYPTO */ #endif /* FSCRYPT_H */ diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index e4204dae07cb..7073bf052688 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -508,9 +508,12 @@ static int get_options(int argc, char**argv) { int opt, i, fscrypt_flags = FS_POLICY_FLAGS_PAD_4; const char *key_file = NULL, *key_desc = NULL; - const char *tbl_file = NULL, *cipher_name = "AES-128-CBC"; + const char *tbl_file = NULL; struct stat st; char *endp; +#ifdef WITH_CRYPTO + const char *cipher_name; +#endif c->fanout = 8; c->orph_lebs = 1; @@ -587,8 +590,10 @@ static int get_options(int argc, char**argv) exit(EXIT_SUCCESS); case '?': printf("%s", helptext); +#ifdef WITH_CRYPTO printf("\n\nSupported ciphers:\n"); list_ciphers(stdout); +#endif exit(-1); case 'v': verbose = 1; @@ -729,7 +734,11 @@ static int get_options(int argc, char**argv) break; } case 'C': +#ifdef WITH_CRYPTO cipher_name = optarg; +#else + return err_msg("mkfs.ubifs was built without crypto support."); +#endif break; } } @@ -748,20 +757,26 @@ static int get_options(int argc, char**argv) if (c->max_leb_cnt == -1) c->max_leb_cnt = c->vi.rsvd_lebs; } - if (key_file || key_desc) { +#ifdef WITH_CRYPTO if (!key_file) return err_msg("no key file specified"); c->double_hash = 1; c->encrypted = 1; + if (cipher_name == NULL) + cipher_name = "AES-128-CBC"; + root_fctx = init_fscrypt_context(cipher_name, fscrypt_flags, key_file, key_desc); if (!root_fctx) return -1; print_fscrypt_master_key_descriptor(root_fctx); +#else + return err_msg("mkfs.ubifs was built without crypto support."); +#endif } if (c->min_io_size == -1) @@ -1385,6 +1400,7 @@ static inline int inode_add_selinux_xattr(struct ubifs_ino_node *host_ino, } #endif +#ifdef WITH_CRYPTO static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, struct stat *host_st, struct fscrypt_context *fctx) @@ -1421,6 +1437,31 @@ static int encrypt_symlink(void *dst, void *data, unsigned int data_len, free(sd); return link_disk_len; } +#else +static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, + struct stat *host_st, + struct fscrypt_context *fctx) +{ + (void)host_ino; + (void)inum; + (void)host_st; + (void)fctx; + + assert(0); + return -1; +} +static int encrypt_symlink(void *dst, void *data, unsigned int data_len, + struct fscrypt_context *fctx) +{ + (void)dst; + (void)data; + (void)data_len; + (void)fctx; + + assert(0); + return -1; +} +#endif /** * add_inode - write an inode. @@ -1582,9 +1623,11 @@ static int add_symlink_inode(const char *path_name, struct stat *st, ino_t inum, static void set_dent_cookie(struct ubifs_dent_node *dent) { +#ifdef WITH_CRYPTO if (c->double_hash) RAND_bytes((void *)&dent->cookie, sizeof(dent->cookie)); else +#endif dent->cookie = 0; } @@ -1981,7 +2024,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, inum = ++c->highest_inum; - new_fctx = inherit_fscrypt_context(fctx); + if (fctx) + new_fctx = inherit_fscrypt_context(fctx); if (S_ISDIR(dent_st.st_mode)) { err = add_directory(name, inum, &dent_st, 1, new_fctx); @@ -2006,7 +2050,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(entry->d_name) + 1, 8); - free_fscrypt_context(new_fctx); + if (new_fctx) + free_fscrypt_context(new_fctx); } /* @@ -2068,7 +2113,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(nh_elt->name) + 1, 8); nh_elt = next_name_htbl_element(ph_elt, &itr); - free_fscrypt_context(new_fctx); + if (new_fctx) + free_fscrypt_context(new_fctx); } creat_sqnum = dir_creat_sqnum;