From patchwork Thu Oct 18 14:36:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985937 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="oKn2Mzpj"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bWt84Qn5z9s9h for ; Fri, 19 Oct 2018 01:40:16 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=R9wvvW4F70MpMBUU3dV7HcBfNLKwCbRXg/CataidiVk=; b=oKn2MzpjiWnydM DlolIRW/ZCyrv3anAgTYZjSV4Cbwv26HFg5QrrrN09Zp2ksdNwG3FfT1IdS1oUbX3zDWx2o1bL/cy Jl9odYF+Rnl0Q0ab4AdYvL6IpOmWWXK7ooJbrsI2EDdsTQDIwkiY4XIxYg6juJ/oRnbMw6ZbX/Hds DOzC1ECnChDhlvQ5dNc2SgSTSQ8MiaK6THFD+I8keu3bcj+e2V+JTSqb5oqD9H9fZoXVjXzrO2JUG aIXOpWLe01YxTcIe+VI6Ceh/EGFXeoW0o86QIQjOF8XnGjgFaPTnH7uTO8HKrkI2gE+d9tODh+QzO d/9cq8DbhDAVooh8CxQQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9T1-0004sF-81; Thu, 18 Oct 2018 14:40:03 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RC-00043D-OG for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:16 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 7963C1812B800; Thu, 18 Oct 2018 16:37:57 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 01/42] Import latest ubifs-media.h Date: Thu, 18 Oct 2018 16:36:37 +0200 Message-Id: <20181018143718.26298-2-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073811_096866_CE0964F9 X-CRM114-Status: GOOD ( 20.34 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- include/mtd/ubifs-media.h | 67 +++++++++++++++++++++++++++++++++++---- 1 file changed, 60 insertions(+), 7 deletions(-) diff --git a/include/mtd/ubifs-media.h b/include/mtd/ubifs-media.h index a324e90a58d7..e69ba1687134 100644 --- a/include/mtd/ubifs-media.h +++ b/include/mtd/ubifs-media.h @@ -38,8 +38,30 @@ /* UBIFS node magic number (must not have the padding byte first or last) */ #define UBIFS_NODE_MAGIC 0x06101831 -/* UBIFS on-flash format version */ -#define UBIFS_FORMAT_VERSION 4 +/* + * UBIFS on-flash format version. This version is increased when the on-flash + * format is changing. If this happens, UBIFS is will support older versions as + * well. But older UBIFS code will not support newer formats. Format changes + * will be rare and only when absolutely necessary, e.g. to fix a bug or to add + * a new feature. + * + * UBIFS went into mainline kernel with format version 4. The older formats + * were development formats. + */ +#define UBIFS_FORMAT_VERSION 5 + +/* + * Read-only compatibility version. If the UBIFS format is changed, older UBIFS + * implementations will not be able to mount newer formats in read-write mode. + * However, depending on the change, it may be possible to mount newer formats + * in R/O mode. This is indicated by the R/O compatibility version which is + * stored in the super-block. + * + * This is needed to support boot-loaders which only need R/O mounting. With + * this flag it is possible to do UBIFS format changes without a need to update + * boot-loaders. + */ +#define UBIFS_RO_COMPAT_VERSION 0 /* Minimum logical eraseblock size in bytes */ #define UBIFS_MIN_LEB_SZ (15*1024) @@ -53,6 +75,13 @@ */ #define UBIFS_MIN_COMPR_LEN 128 +/* + * If compressed data length is less than %UBIFS_MIN_COMPRESS_DIFF bytes + * shorter than uncompressed data length, UBIFS prefers to leave this data + * node uncompress, because it'll be read faster. + */ +#define UBIFS_MIN_COMPRESS_DIFF 64 + /* Root inode number */ #define UBIFS_ROOT_INO 1 @@ -77,7 +106,6 @@ */ #define UBIFS_BLOCK_SIZE 4096 #define UBIFS_BLOCK_SHIFT 12 -#define UBIFS_BLOCK_MASK 0x00000FFF /* UBIFS padding byte pattern (must not be first or last byte of node magic) */ #define UBIFS_PADDING_BYTE 0xCE @@ -109,6 +137,13 @@ /* The key is always at the same position in all keyed nodes */ #define UBIFS_KEY_OFFSET offsetof(struct ubifs_ino_node, key) +/* Garbage collector journal head number */ +#define UBIFS_GC_HEAD 0 +/* Base journal head number */ +#define UBIFS_BASE_HEAD 1 +/* Data journal head number */ +#define UBIFS_DATA_HEAD 2 + /* * LEB Properties Tree node types. * @@ -267,6 +302,13 @@ enum { /* The largest UBIFS node */ #define UBIFS_MAX_NODE_SZ UBIFS_MAX_INO_NODE_SZ +/* + * xattr name of UBIFS encryption context, we don't use a prefix + * nor a long name to not waste space on the flash. + */ +#define UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT "c" + + /* * On-flash inode flags. * @@ -276,6 +318,7 @@ enum { * UBIFS_APPEND_FL: writes to the inode may only append data * UBIFS_DIRSYNC_FL: I/O on this directory inode has to be synchronous * UBIFS_XATTR_FL: this inode is the inode for an extended attribute value + * UBIFS_CRYPT_FL: use encryption for this inode * * Note, these are on-flash flags which correspond to ioctl flags * (@FS_COMPR_FL, etc). They have the same values now, but generally, do not @@ -288,6 +331,7 @@ enum { UBIFS_APPEND_FL = 0x08, UBIFS_DIRSYNC_FL = 0x10, UBIFS_XATTR_FL = 0x20, + UBIFS_CRYPT_FL = 0x40, }; /* Inode flag bits used by UBIFS */ @@ -376,12 +420,19 @@ enum { * * UBIFS_FLG_BIGLPT: if "big" LPT model is used if set * UBIFS_FLG_SPACE_FIXUP: first-mount "fixup" of free space within LEBs needed + * UBIFS_FLG_DOUBLE_HASH: store a 32bit cookie in directory entry nodes to + * support 64bit cookies for lookups by hash + * UBIFS_FLG_ENCRYPTION: this filesystem contains encrypted files */ enum { UBIFS_FLG_BIGLPT = 0x02, UBIFS_FLG_SPACE_FIXUP = 0x04, + UBIFS_FLG_DOUBLE_HASH = 0x08, + UBIFS_FLG_ENCRYPTION = 0x10, }; +#define UBIFS_FLG_MASK (UBIFS_FLG_BIGLPT|UBIFS_FLG_SPACE_FIXUP|UBIFS_FLG_DOUBLE_HASH|UBIFS_FLG_ENCRYPTION) + /** * struct ubifs_ch - common header node. * @magic: UBIFS node magic number (%UBIFS_NODE_MAGIC) @@ -488,7 +539,8 @@ struct ubifs_ino_node { * @padding1: reserved for future, zeroes * @type: type of the target inode (%UBIFS_ITYPE_REG, %UBIFS_ITYPE_DIR, etc) * @nlen: name length - * @padding2: reserved for future, zeroes + * @cookie: A 32bits random number, used to construct a 64bits + * identifier. * @name: zero-terminated name * * Note, do not forget to amend 'zero_dent_node_unused()' function when @@ -501,7 +553,7 @@ struct ubifs_dent_node { __u8 padding1; __u8 type; __le16 nlen; - __u8 padding2[4]; /* Watch 'zero_dent_node_unused()' if changing! */ + __le32 cookie; __u8 name[]; } __attribute__ ((packed)); @@ -511,7 +563,7 @@ struct ubifs_dent_node { * @key: node key * @size: uncompressed data size in bytes * @compr_type: compression type (%UBIFS_COMPR_NONE, %UBIFS_COMPR_LZO, etc) - * @padding: reserved for future, zeroes + * @compr_size: compressed data size in bytes, only valid when data is encrypted * @data: data * * Note, do not forget to amend 'zero_data_node_unused()' function when @@ -522,7 +574,7 @@ struct ubifs_data_node { __u8 key[UBIFS_MAX_KEY_LEN]; __le32 size; __le16 compr_type; - __u8 padding[2]; /* Watch 'zero_data_node_unused()' if changing! */ + __le16 compr_size; __u8 data[]; } __attribute__ ((packed)); @@ -584,6 +636,7 @@ struct ubifs_pad_node { * @padding2: reserved for future, zeroes * @time_gran: time granularity in nanoseconds * @uuid: UUID generated when the file system image was created + * @ro_compat_version: UBIFS R/O compatibility version */ struct ubifs_sb_node { struct ubifs_ch ch; From patchwork Thu Oct 18 14:36:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985931 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="hPp6NSG6"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bWr04N5rz9s8J for ; Fri, 19 Oct 2018 01:38:24 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=5S+J04GnRy01vzVni5McU/Taa5vcfDvBJYIte72mgPw=; b=hPp6NSG6PoqJiU k70GiS6rIt9FwiW9VSVq7WlUM1DVpCQdBUAnnPm8xt3f3vEGw5Jfr8l20D3Ucnxk3lS7xV6Ue667W OaXvIB5UqWQO1AvVReHi1ZWtmVbtrDiPD2MAhITY0dizLaL3YxheEtJ/6irG5P82fOXhR/Q9rqy6L mjpTErm6aLgtpsFBaMhnIfkMXY62P7aB8SaqdfUAZa36YpGym7aGflkh2zPRmGSJrn3blaSdAmECk Prasqpx854cTyt/9xqLvowtCTCm2FC97dzLLaYMG63RTNKwtXFTxJ31wJEaqQ/sJTG2PGg8/KWdQl wRYe6j1VWnJI7KJuQvPA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RH-00045D-Sq; Thu, 18 Oct 2018 14:38:15 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RC-00043E-Nb for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:12 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 16D491800005B; Thu, 18 Oct 2018 16:37:58 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 02/42] common: Add round functions Date: Thu, 18 Oct 2018 16:36:38 +0200 Message-Id: <20181018143718.26298-3-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073810_924015_EE5ADC34 X-CRM114-Status: GOOD ( 12.56 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- include/common.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/common.h b/include/common.h index 2f24645fe23b..72707697b170 100644 --- a/include/common.h +++ b/include/common.h @@ -65,6 +65,16 @@ extern "C" { (_x > _y) ? _x : _y; \ }) +/* + * This looks more complex than it should be. But we need to + * get the type for the ~ right in round_down (it needs to be + * as wide as the result!), and we want to evaluate the macro + * arguments just once each. + */ +#define __round_mask(x, y) ((__typeof__(x))((y)-1)) +#define round_up(x, y) ((((x)-1) | __round_mask(x, y))+1) +#define round_down(x, y) ((x) & ~__round_mask(x, y)) + #ifndef O_CLOEXEC #define O_CLOEXEC 0 #endif From patchwork Thu Oct 18 14:36:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985939 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pz82KVMe"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bWvT6xMjz9sBq for ; Fri, 19 Oct 2018 01:41:25 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=otwRJSDFkb5MY2DJgGpQL5rG//vRLSr761rNbwZQZcg=; b=pz82KVMekRPEtC tvLmomqLYYymdsM/WxZM2NUEH/kyx/o6Sh+3mDGTIPY+FEPSfbRWNMn4Vmj32FMhUes/Bb/OfTdYW KTOg+wL/v6j/kCXIzs89hGSx7ryBpACstrF2w1My05HWqheHHkrG9LmTj9Dbrbn19Vsl7RlEHAwvy yWhYvYUlU8O5+2jVs7LuyX8kJVzoY8XjalIJvlthuJIzCZ74r/m+kncMA8lMb39K00jE25gtyH6oe SJ1eiKLj/pJdyV68b2MZUccFJ9tguh0Wwi/4XtDkWhpWszDW7XAKVCpBmgff+Y/X/rgly+qV92EHG r9KXtZUReK4EPEX/3UQw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9U3-0006aa-9B; Thu, 18 Oct 2018 14:41:07 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RC-00043T-O3 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:20 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 83CB918011B64; Thu, 18 Oct 2018 16:38:01 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 03/42] mkfs.ubifs: Add crypto helper functions Date: Thu, 18 Oct 2018 16:36:39 +0200 Message-Id: <20181018143718.26298-4-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073811_095006_4667D156 X-CRM114-Status: GOOD ( 24.69 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- configure.ac | 1 + ubifs-utils/Makemodule.am | 4 +- ubifs-utils/mkfs.ubifs/crypto.c | 327 ++++++++++++++++++++++++++++ ubifs-utils/mkfs.ubifs/crypto.h | 68 ++++++ ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 6 + 5 files changed, 405 insertions(+), 1 deletion(-) create mode 100644 ubifs-utils/mkfs.ubifs/crypto.c create mode 100644 ubifs-utils/mkfs.ubifs/crypto.h diff --git a/configure.ac b/configure.ac index c596eda4a797..346fcbd26328 100644 --- a/configure.ac +++ b/configure.ac @@ -115,6 +115,7 @@ AC_ARG_ENABLE([lsmtd], esac], [AM_CONDITIONAL([BUILD_LSMTD], [true])]) +AC_CHECK_HEADER(openssl/rand.h) AC_ARG_WITH([jffs], [AS_HELP_STRING([--without-jffs], [Disable jffsX utilities])], diff --git a/ubifs-utils/Makemodule.am b/ubifs-utils/Makemodule.am index 879f91a98045..3dd299dd20cc 100644 --- a/ubifs-utils/Makemodule.am +++ b/ubifs-utils/Makemodule.am @@ -10,13 +10,14 @@ mkfs_ubifs_SOURCES = \ ubifs-utils/mkfs.ubifs/crc16.c \ ubifs-utils/mkfs.ubifs/lpt.c \ ubifs-utils/mkfs.ubifs/compr.c \ + ubifs-utils/mkfs.ubifs/crypto.c \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_private.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.c \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.c \ ubifs-utils/mkfs.ubifs/devtable.c -mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) -lm +mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) -lm -lssl -lcrypto mkfs_ubifs_CPPFLAGS = $(AM_CPPFLAGS) $(ZLIB_CFLAGS) $(LZO_CFLAGS) $(UUID_CFLAGS) $(LIBSELINUX_CFLAGS)\ -I$(top_srcdir)/ubi-utils/include -I$(top_srcdir)/ubifs-utils/mkfs.ubifs/ @@ -28,6 +29,7 @@ UBIFS_HEADER = \ ubifs-utils/mkfs.ubifs/defs.h ubifs-utils/mkfs.ubifs/key.h \ ubifs-utils/mkfs.ubifs/lpt.h ubifs-utils/mkfs.ubifs/mkfs.ubifs.h \ ubifs-utils/mkfs.ubifs/ubifs.h \ + ubifs-utils/mkfs.ubifs/crypto.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_private.h diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c new file mode 100644 index 000000000000..a20bd56ba3db --- /dev/null +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -0,0 +1,327 @@ +/* + * Copyright (C) 2017 sigma star gmbh + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + * Authors: David Oberhollenzer + */ + +#define PROGRAM_NAME "mkfs.ubifs" +#include +#include +#include +#include + +#include "crypto.h" +#include "common.h" +#include "mtd_swab.h" + + +static struct cipher ciphers[] = { + { + .name = "AES-128-CBC", + .encrypt_block = encrypt_block_aes128_cbc, + .encrypt_fname = encrypt_aes128_cbc_cts, + }, { + .name = "AES-256-XTS", + .encrypt_block = encrypt_block_aes256_xts, + .encrypt_fname = encrypt_aes256_cbc_cts, + } +}; + + + +static int do_sha256(const unsigned char *in, size_t len, unsigned char *out) +{ + unsigned int out_len; + EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); + + if (!mdctx) + return -1; + + if (EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL) != 1) + return -1; + + if(EVP_DigestUpdate(mdctx, in, len) != 1) + return -1; + + if(EVP_DigestFinal_ex(mdctx, out, &out_len) != 1) + return -1; + + EVP_MD_CTX_destroy(mdctx); + + return 0; +} + +static int check_iv_key_size(const EVP_CIPHER *cipher, size_t key_len, + size_t iv_len) +{ + if ((size_t)EVP_CIPHER_key_length(cipher) != key_len) { + errmsg("Cipher key length mismatch. Expected %lu, got %d", + (unsigned long)key_len, EVP_CIPHER_key_length(cipher)); + return -1; + } + + if (iv_len && (size_t)EVP_CIPHER_iv_length(cipher) != iv_len) { + errmsg("Cipher IV length mismatch. Expected %lu, got %d", + (unsigned long)iv_len, EVP_CIPHER_key_length(cipher)); + return -1; + } + + return 0; +} + +static ssize_t do_encrypt(const EVP_CIPHER *cipher, + const void *plaintext, size_t size, + const void *key, size_t key_len, + const void *iv, size_t iv_len, + void *ciphertext) +{ + int ciphertext_len, len; + EVP_CIPHER_CTX *ctx; + + if (check_iv_key_size(cipher, key_len, iv_len)) + return -1; + + if (!(ctx = EVP_CIPHER_CTX_new())) + goto fail; + + EVP_CIPHER_CTX_set_padding(ctx, 0); + + if (EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv) != 1) + goto fail_ctx; + + if (EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, size) != 1) + goto fail_ctx; + + ciphertext_len = len; + + EVP_CIPHER_CTX_free(ctx); + return ciphertext_len; +fail_ctx: + ERR_print_errors_fp(stderr); + EVP_CIPHER_CTX_free(ctx); + return -1; +fail: + ERR_print_errors_fp(stderr); + return -1; +} + +static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, size_t key_len, void *salt) +{ + size_t ret; + const EVP_CIPHER *cipher; + void *sha256 = xzalloc(EVP_MD_size(EVP_sha256())); + + cipher = EVP_aes_256_ecb(); + if (!cipher) { + errmsg("OpenSSL: Cipher AES-256-ECB is not supported"); + return -1; + } + + if (do_sha256(key, key_len, sha256) != 0) { + errmsg("sha256 failed"); + return -1; + } + + ret = do_encrypt(cipher, iv, iv_len, sha256, EVP_CIPHER_key_length(cipher), NULL, 0, salt); + if (ret != iv_len) + errmsg("Unable to compute ESSIV salt, return value %zi instead of %zi", ret, iv_len); + + free(sha256); + + return ret; +} + + +static ssize_t encrypt_block(const void *plaintext, size_t size, + const void *key, uint64_t block_index, + void *ciphertext, const EVP_CIPHER *cipher) +{ + size_t key_len, ret, ivsize; + void *essiv_salt, *iv; + + ivsize = EVP_CIPHER_iv_length(cipher); + key_len = EVP_CIPHER_key_length(cipher); + + iv = alloca(ivsize); + essiv_salt = alloca(ivsize); + + memset(iv, 0, ivsize); + *((uint64_t *)iv) = cpu_to_le64(block_index); + + gen_essiv_salt(iv, ivsize, key, key_len, essiv_salt); + + ret = do_encrypt(cipher, plaintext, size, key, key_len, + essiv_salt, ivsize, ciphertext); + return ret; +} + +ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size, + const void *key, uint64_t block_index, + void *ciphertext) +{ + const EVP_CIPHER *cipher = EVP_aes_128_cbc(); + + if (!cipher) { + errmsg("OpenSSL: Cipher AES-128-CBC is not supported"); + return -1; + } + return encrypt_block(plaintext, size, key, block_index, + ciphertext, cipher); +} + +ssize_t encrypt_block_aes256_xts(const void *plaintext, size_t size, + const void *key, uint64_t block_index, + void *ciphertext) +{ + const EVP_CIPHER *cipher = EVP_aes_256_xts(); + + if (!cipher) { + errmsg("OpenSSL: Cipher AES-256-XTS is not supported"); + return -1; + } + return encrypt_block(plaintext, size, key, block_index, + ciphertext, cipher); +} + +static void block_swap(uint8_t *ciphertext, size_t i0, size_t i1, + size_t size) +{ + uint8_t temp[size], *p0, *p1; + + p0 = ciphertext + i0 * size; + p1 = ciphertext + i1 * size; + + memcpy(temp, p0, size); + memcpy(p0, p1, size); + memcpy(p1, temp, size); +} + +static ssize_t encrypt_cbc_cts(const void *plaintext, size_t size, + const void *key, void *ciphertext, + const EVP_CIPHER *cipher) +{ + size_t diff, padded_size, count, ivsize; + uint8_t iv[EVP_MAX_IV_LENGTH], *padded; + ssize_t ret, key_len; + + key_len = EVP_CIPHER_key_length(cipher); + ivsize = EVP_CIPHER_iv_length(cipher); + + memset(iv, 0, ivsize); + + diff = size % key_len; + + if (diff) { + padded_size = size - diff + key_len; + padded = size > 256 ? malloc(padded_size) : alloca(padded_size); + + memcpy(padded, plaintext, size); + memset(padded + size, 0, padded_size - size); + + ret = do_encrypt(cipher, padded, padded_size, key, key_len, + iv, sizeof(iv), ciphertext); + + if (size > 256) + free(padded); + } else { + ret = do_encrypt(cipher, plaintext, size, key, key_len, + iv, sizeof(iv), ciphertext); + } + + if (ret < 0) + return ret; + + count = ret / key_len; + + if (count > 1) + block_swap(ciphertext, count - 2, count - 1, key_len); + + return size; +} + +ssize_t encrypt_aes128_cbc_cts(const void *plaintext, size_t size, + const void *key, void *ciphertext) +{ + const EVP_CIPHER *cipher = EVP_aes_128_cbc(); + if (!cipher) { + errmsg("OpenSSL: Cipher AES-128-CBC is not supported"); + return -1; + } + + return encrypt_cbc_cts(plaintext, size, key, ciphertext, cipher); +} + +ssize_t encrypt_aes256_cbc_cts(const void *plaintext, size_t size, + const void *key, void *ciphertext) +{ + const EVP_CIPHER *cipher = EVP_aes_256_cbc(); + if (!cipher) { + errmsg("OpenSSL: Cipher AES-256-CBC is not supported"); + return -1; + } + + return encrypt_cbc_cts(plaintext, size, key, ciphertext, cipher); +} + +ssize_t derive_key_aes(const void *deriving_key, const void *source_key, + void *derived_key) +{ + const EVP_CIPHER *cipher; + size_t aes_key_len; + + cipher = EVP_aes_128_ecb(); + if (!cipher) { + errmsg("OpenSSL: Cipher AES-128-ECB is not supported"); + return -1; + } + aes_key_len = EVP_CIPHER_key_length(cipher); + + return do_encrypt(cipher, source_key, aes_key_len, deriving_key, + aes_key_len, NULL, 0, derived_key); +} + +int crypto_init(void) +{ + ERR_load_crypto_strings(); + return 0; +} + +void crypto_cleanup(void) +{ + EVP_cleanup(); + ERR_free_strings(); +} + +struct cipher *get_cipher(const char *name) +{ + size_t i; + + for (i = 0; i < sizeof(ciphers) / sizeof(ciphers[0]); ++i) { + if (!strcmp(ciphers[i].name, name)) + return ciphers + i; + } + + return NULL; +} + +void list_ciphers(FILE *fp) +{ + size_t i; + + for (i = 0; i < sizeof(ciphers) / sizeof(ciphers[0]); ++i) { + fprintf(fp, "\t%s\n", ciphers[i].name); + } +} diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h new file mode 100644 index 000000000000..4e597004ec51 --- /dev/null +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2017 sigma star gmbh + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + * Authors: David Oberhollenzer + */ + +#ifndef UBIFS_CRYPTO_H +#define UBIFS_CRYPTO_H + +#include +#include +#include +#include + + +struct cipher { + const char *name; + + ssize_t (*encrypt_block)(const void *plaintext, size_t size, + const void *key, uint64_t block_index, + void *ciphertext); + + ssize_t (*encrypt_fname)(const void *plaintext, size_t size, + const void *key, void *ciphertext); +}; + + +int crypto_init(void); + +void crypto_cleanup(void); + +ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size, + const void *key, uint64_t block_index, + void *ciphertext); + +ssize_t encrypt_block_aes256_xts(const void *plaintext, size_t size, + const void *key, uint64_t block_index, + void *ciphertext); + +ssize_t encrypt_aes128_cbc_cts(const void *plaintext, size_t size, + const void *key, void *ciphertext); + +ssize_t encrypt_aes256_cbc_cts(const void *plaintext, size_t size, + const void *key, void *ciphertext); + +ssize_t derive_key_aes(const void *deriving_key, const void *source_key, + void *derived_key); + + +struct cipher *get_cipher(const char *name); + +void list_ciphers(FILE *fp); + +#endif /* UBIFS_CRYPTO_H */ + diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index c764a237135f..fd6538c6d4e1 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -35,6 +35,8 @@ #include #endif +#include "crypto.h" + /* Size (prime number) of hash table for link counting */ #define HASH_TABLE_SIZE 10099 @@ -2625,6 +2627,9 @@ int main(int argc, char *argv[]) { int err; + if (crypto_init()) + return -1; + err = get_options(argc, argv); if (err) return err; @@ -2646,5 +2651,6 @@ int main(int argc, char *argv[]) if (verbose) printf("Success!\n"); + crypto_cleanup(); return 0; } From patchwork Thu Oct 18 14:36:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985932 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="KYwR4NAq"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bWrk2PM4z9s9h for ; Fri, 19 Oct 2018 01:39:02 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Sz131ze0PM6ywa3FhI2fgcwvnUT88jvRr+heIfdfJso=; b=KYwR4NAqmHjEEp ZtU/pKMg/4hulj1zwSe7u5rvjpP4hEEfnDWuPurXFEsogtp6btrclmNyLBjxIMJioMfoqiJW5d3Sx 8TpkDVsun1jZIsAEDHDEx/aQsSdUIZq5iniYB/7jYc1CRa3ZA5ZEwk9LWd4BxDZgGbcaH8ljtIZwu YaRCoxbHJKHPYo70jkzBG//WsQ/4kJeBAPIeLYo0tNcb7vX9RatQZnmGTJ8AovvU+Wwt6eaMRkT6q P+zMzABeNz3+M/U4UFcHLPSucqswd0/ePHm6/gJE4SDJtEk2f7s5mju6zLYjf+G7aEr2KRHLRYDHh NlvJHG8jszn/wv8puupA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rm-0004Kn-JX; Thu, 18 Oct 2018 14:38:46 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RC-00043a-Ls for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:12 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 337A218011B67; Thu, 18 Oct 2018 16:38:03 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 04/42] mkfs.ubifs: Implement UBIFS_FLG_DOUBLE_HASH Date: Thu, 18 Oct 2018 16:36:40 +0200 Message-Id: <20181018143718.26298-5-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073810_861525_87F69D94 X-CRM114-Status: GOOD ( 12.95 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 13 +++++++++++++ ubifs-utils/mkfs.ubifs/mkfs.ubifs.h | 2 ++ ubifs-utils/mkfs.ubifs/ubifs.h | 2 ++ 3 files changed, 17 insertions(+) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index fd6538c6d4e1..e7acf17f6c96 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1436,6 +1436,14 @@ static int add_symlink_inode(const char *path_name, struct stat *st, ino_t inum, return add_inode(st, inum, buf, len, flags, path_name); } +static void set_dent_cookie(struct ubifs_dent_node *dent) +{ + if (c->double_hash) + RAND_bytes((void *)&dent->cookie, sizeof(dent->cookie)); + else + dent->cookie = 0; +} + /** * add_dent_node - write a directory entry node. * @dir_inum: target inode number of directory @@ -1469,6 +1477,7 @@ static int add_dent_node(ino_t dir_inum, const char *name, ino_t inum, dent->nlen = cpu_to_le16(dname.len); memcpy(dent->name, dname.name, dname.len); dent->name[dname.len] = '\0'; + set_dent_cookie(dent); len = UBIFS_DENT_NODE_SZ + dname.len + 1; @@ -2268,6 +2277,8 @@ static int write_super(void) sup.flags |= cpu_to_le32(UBIFS_FLG_BIGLPT); if (c->space_fixup) sup.flags |= cpu_to_le32(UBIFS_FLG_SPACE_FIXUP); + if (c->double_hash) + sup.flags |= cpu_to_le32(UBIFS_FLG_DOUBLE_HASH); return write_node(&sup, UBIFS_SB_NODE_SZ, UBIFS_SB_LNUM); } @@ -2630,6 +2641,8 @@ int main(int argc, char *argv[]) if (crypto_init()) return -1; + RAND_poll(); + err = get_options(argc, argv); if (err) return err; diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.h b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.h index 132119167fa5..aa032392155b 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.h +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.h @@ -46,6 +46,8 @@ #include #include +#include + #include /* common.h requires the PROGRAM_NAME macro */ diff --git a/ubifs-utils/mkfs.ubifs/ubifs.h b/ubifs-utils/mkfs.ubifs/ubifs.h index 2f080a8ce708..5a4af997e7bd 100644 --- a/ubifs-utils/mkfs.ubifs/ubifs.h +++ b/ubifs-utils/mkfs.ubifs/ubifs.h @@ -330,6 +330,7 @@ struct ubifs_znode * @nhead_offs: offset of LPT head * @big_lpt: flag that LPT is too big to write whole during commit * @space_fixup: flag indicating that free space in LEBs needs to be cleaned up + * @double_hash: flag indicating that we can do lookups by hash * @lpt_sz: LPT size * * @ltab_lnum: LEB number of LPT's own lprops table @@ -408,6 +409,7 @@ struct ubifs_info int nhead_offs; int big_lpt; int space_fixup; + int double_hash; long long lpt_sz; int ltab_lnum; From patchwork Thu Oct 18 14:36:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985944 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="tcugH6HI"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bWxz2y9tz9sBq for ; Fri, 19 Oct 2018 01:43:35 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=lXvKdIT5omeotwlYB/FIah4M/6Egi72HeQ7SbW2LuKk=; b=tcugH6HIloZdfa vAeAaN/WUsU0FOk7cfsal2paFrXXgWaPAoz297y4OIZGY1PJcooS9ayjdYCQQxRM1CFFRvuNen56c gTYQemjJpMRTMhLfRmCtSJp6vEU/4eeCGjEGEzb4rRmDuws3sW7QHhUcy31MeeTUP035yql7e5zhi q2IrCOu3RCsgvv73ttF4LIJUqdtHYWVo2aKNX5NCSKB3viEbkvdvcehpq0SSir1aywe2RcSYGqKmj Gp6wiUMVrmVr1BSMtbStcaoQuUwUA2f1lwj6AzmJHtgZwDyH+9SoBGOFYoShNvVMWTJbtuooUSUSa e563Ptfzqc3d/MYZqJog==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9WB-0007au-Ln; Thu, 18 Oct 2018 14:43:19 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RP-000451-Qs for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:43 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 0451518011B65; Thu, 18 Oct 2018 16:38:04 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 05/42] mkfs.ubifs: Make r5 hash binary string aware Date: Thu, 18 Oct 2018 16:36:41 +0200 Message-Id: <20181018143718.26298-6-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073824_099396_B6A7A3FD X-CRM114-Status: GOOD ( 13.52 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org As of now all filenames known by UBIFS are strings with a NUL terminator. With encrypted filenames a filename can be any binary string and the r5 function cannot search for the NUL terminator. UBIFS always knows how long a filename is, therefore we can change the hash function to iterate over the filename length to work correctly with binary strings. Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/key.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/key.h b/ubifs-utils/mkfs.ubifs/key.h index c16d0a85418e..0c7922b67687 100644 --- a/ubifs-utils/mkfs.ubifs/key.h +++ b/ubifs-utils/mkfs.ubifs/key.h @@ -64,9 +64,8 @@ static inline uint32_t key_r5_hash(const char *s, int len) { uint32_t a = 0; const signed char *str = (const signed char *)s; - (void)len; - while (*str) { + while (len--) { a += *str << 4; a += *str >> 4; a *= 11; From patchwork Thu Oct 18 14:36:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985946 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="NGzGW8Io"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bWyc415gz9sBq for ; Fri, 19 Oct 2018 01:44:08 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=or2noH8O0wTWDKVk5FK2Gryr0fyYhHyovQ9cOb0Uvy4=; b=NGzGW8IozGmS95 VcUy765SLipnWfLZc+z0LPc2M3NAxvVlg57RAXcb8ms9Nz/tH1Bfx75/7qvtZxnW4XAwd0qG4rISf bTnw/M4fLCvc3kMsUA51RBnddbbQenOXSz/hkgYBuczv8M0DQpceM4BmC0oXtuukU7Fk6VGaLlYnw TOw5IEqVOu6CUZIZF2/sNE/MU3obYeT/hn8nHG7UYw0qZg7X2CLrYjGl+RayphwjTV/EENnd/LPmn g2Snmmt2btzUQc+fCdstQXLdnbeMNqMoaJGfTmIqJT36fu8AV3OZJOmUA/SaG6WbK1f4BIPo1sEhH bpUgQcFphbkjLQRm1pMQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Wm-0007qZ-Qp; Thu, 18 Oct 2018 14:43:56 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RP-000450-Ry for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:49 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 70F5418011B12; Thu, 18 Oct 2018 16:38:05 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 06/42] mkfs.ubifs: Add fscrypto defines Date: Thu, 18 Oct 2018 16:36:42 +0200 Message-Id: <20181018143718.26298-7-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073824_186994_735089BF X-CRM114-Status: GOOD ( 10.79 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org most of them should be UAPI, therefore check using #ifndef Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 50 +++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index e7acf17f6c96..2649c34cdd68 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -109,6 +109,56 @@ struct inum_mapping { struct stat st; }; +#ifndef FS_KEY_DESCRIPTOR_SIZE +#define FS_KEY_DESCRIPTOR_SIZE 8 +#endif +#define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1 +#define FS_KEY_DERIVATION_NONCE_SIZE 16 + +#ifndef FS_ENCRYPTION_MODE_AES_128_CBC +#define FS_ENCRYPTION_MODE_AES_128_CBC 5 +#endif + +#ifndef FS_ENCRYPTION_MODE_AES_128_CTS +#define FS_ENCRYPTION_MODE_AES_128_CTS 6 +#endif + +#ifndef FS_POLICY_FLAGS_VALID +#define FS_POLICY_FLAGS_PAD_4 0x00 +#define FS_POLICY_FLAGS_PAD_8 0x01 +#define FS_POLICY_FLAGS_PAD_16 0x02 +#define FS_POLICY_FLAGS_PAD_32 0x03 +#define FS_POLICY_FLAGS_PAD_MASK 0x03 +#define FS_POLICY_FLAGS_VALID 0x03 +#endif + +#define FS_CRYPTO_BLOCK_SIZE 16 + +/** + * Encryption context for inode + * + * Protector format: + * 1 byte: Protector format (1 = this version) + * 1 byte: File contents encryption mode + * 1 byte: File names encryption mode + * 1 byte: Flags + * 8 bytes: Master Key descriptor + * 16 bytes: Encryption Key derivation nonce + */ +struct fscrypt_context { + __u8 format; + __u8 contents_encryption_mode; + __u8 filenames_encryption_mode; + __u8 flags; + __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; + __u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; +} __attribute__((packed)); + +#ifndef FS_MAX_KEY_SIZE +#define FS_MAX_KEY_SIZE 64 +#endif +static __u8 fscrypt_masterkey[FS_MAX_KEY_SIZE]; + /* * Because we copy functions from the kernel, we use a subset of the UBIFS * file-system description object struct ubifs_info. From patchwork Thu Oct 18 14:36:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985947 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="o0djO6Ht"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bWzH2ynvz9sCT for ; Fri, 19 Oct 2018 01:44:43 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6oBSFifRk0hbola/0bAlu1N93RMaxVb6ln123ciWH6Q=; b=o0djO6Hthaz2Ll peAsSXEEbCskRMN3w5l+AqETAXrC6ZcFkSRDYC11iM0mBR4s2iz2qXKM1NiyJv8LVRzack+COzCz0 6x2aiRx8ZhRJ4SDamtOr7Leikv4UGXeEoAvrkvfYtgzGwdhI5FVja1sEE133b72wCHndJk591yxnc JH80KIvbifBpKu6obfeTtek1WyijhL+Ma9Hw02I4uwkMl8mWooDOSakP1lGDptjr9G26qKsoIxE3H Z32EcLLH9p3WJV84nQdX7+XbC6KqqNN8fcJQxId4pvVWAP3Cp6srP4Lbq1I0jLcXMtLbNH2AsOi67 8DvEDnNyKrYH0IMVtiGQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9XL-00085p-TF; Thu, 18 Oct 2018 14:44:31 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RP-000453-Rz for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:50 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id CE73B18011B6C; Thu, 18 Oct 2018 16:38:07 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 07/42] mkfs.ubifs: Add basic fscrypto functions Date: Thu, 18 Oct 2018 16:36:43 +0200 Message-Id: <20181018143718.26298-8-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073824_184761_FDF54463 X-CRM114-Status: GOOD ( 13.32 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org ...maybe we should add them to crypto.c? Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 67 +++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 2649c34cdd68..fc1b0cb1f6cc 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -518,6 +518,73 @@ static long long get_bytes(const char *str) return bytes; } + +static unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx) +{ + int ret; + unsigned char *new_key = xmalloc(FS_MAX_KEY_SIZE); + + ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, new_key); + if (ret < 0) { + err_msg("derive_key_aes failed: %i\n", ret); + + free(new_key); + new_key = NULL; + } + + return new_key; +} + +static struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx) +{ + struct fscrypt_context *new_fctx = NULL; + + if (fctx) { + new_fctx = xmalloc(sizeof(*new_fctx)); + new_fctx->format = fctx->format; + new_fctx->contents_encryption_mode = fctx->contents_encryption_mode; + new_fctx->filenames_encryption_mode = fctx->filenames_encryption_mode; + new_fctx->flags = fctx->flags; + memcpy(new_fctx->master_key_descriptor, fctx->master_key_descriptor, + FS_KEY_DESCRIPTOR_SIZE); + RAND_bytes((void *)&new_fctx->nonce, FS_KEY_DERIVATION_NONCE_SIZE); + } + + return new_fctx; +} + +static void free_fscrypt_context(struct fscrypt_context *fctx) +{ + free(fctx); +} + +static void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx) +{ + int i; + + normsg_cont("fscrypt master key descriptor: "); + for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; i++) { + normsg_cont("%02x", fctx->master_key_descriptor[i]); + } + normsg(""); +} + +static struct fscrypt_context *init_fscrypt_context(void) +{ + struct fscrypt_context *new_fctx = xmalloc(sizeof(*new_fctx)); + + new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; + new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC; + new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS; + //TODO accept padding via a parameter + new_fctx->flags = FS_POLICY_FLAGS_PAD_4; + //TODO accept descriptor via a parameter + RAND_bytes((void *)&new_fctx->master_key_descriptor, FS_KEY_DESCRIPTOR_SIZE); + RAND_bytes((void *)&new_fctx->nonce, FS_KEY_DERIVATION_NONCE_SIZE); + + return new_fctx; +} + /** * open_ubi - open the UBI volume. * @node: name of the UBI volume character device to fetch information about From patchwork Thu Oct 18 14:36:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986006 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="BN8SSdsJ"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXMd1WPKz9sC2 for ; Fri, 19 Oct 2018 02:02:21 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=xmaPITc3lC9K+F2gRDm4pgWgY+MYgY7+CON/HT9qYY8=; b=BN8SSdsJ2YZl69 s0atV+lwhGsx8pAgh49OlyiJJEjjKu0TRpaa/PHOcHzmEVFS4Q43SiLblS5NQzf4WKKiqMvB1tLMg 9R9cxtuOXHgaCzV7VgsqJMxxFH2DXht9xvvpJJBaH5Qv5N6IJ2MjVYfzTTHwAHnPaydouLH72J2cR 3V5KEwxZ7hsMtpmJ3GSnqYYhjMw49qdkhPMCztOPHfwcS5CMJP3BRJ3o+FZKCtCdcnxr18beAwR6v 73nld/sudG5wNy8HOP/NfR6O3uQkvxEHrRJ70P4AcSVKse52hwkoErTB9LunjXBCd5HLfRQD6IjVm RqlauGZmJ7JAQkuRl3XA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9oM-0003Lb-1s; Thu, 18 Oct 2018 15:02:06 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RP-000454-R5 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:33 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 0247C18011B66; Thu, 18 Oct 2018 16:38:09 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 08/42] mkfs.ubifs: Implement UBIFS_FLG_ENCRYPTION Date: Thu, 18 Oct 2018 16:36:44 +0200 Message-Id: <20181018143718.26298-9-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073824_088279_B2261409 X-CRM114-Status: GOOD ( 14.00 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org ...and set UBIFS format version Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 13 ++++++++++++- ubifs-utils/mkfs.ubifs/ubifs.h | 1 + 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index fc1b0cb1f6cc..09c28ab0b6bd 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -2357,6 +2357,15 @@ static int finalize_leb_cnt(void) return 0; } +static int ubifs_format_version(void) +{ + if (c->double_hash || c->encrypted) + return 5; + + /* Default */ + return 4; +} + /** * write_super - write the super block. */ @@ -2379,7 +2388,7 @@ static int write_super(void) sup.jhead_cnt = cpu_to_le32(c->jhead_cnt); sup.fanout = cpu_to_le32(c->fanout); sup.lsave_cnt = cpu_to_le32(c->lsave_cnt); - sup.fmt_version = cpu_to_le32(UBIFS_FORMAT_VERSION); + sup.fmt_version = cpu_to_le32(ubifs_format_version()); sup.default_compr = cpu_to_le16(c->default_compr); sup.rp_size = cpu_to_le64(c->rp_size); sup.time_gran = cpu_to_le32(DEFAULT_TIME_GRAN); @@ -2396,6 +2405,8 @@ static int write_super(void) sup.flags |= cpu_to_le32(UBIFS_FLG_SPACE_FIXUP); if (c->double_hash) sup.flags |= cpu_to_le32(UBIFS_FLG_DOUBLE_HASH); + if (c->encrypted) + sup.flags |= cpu_to_le32(UBIFS_FLG_ENCRYPTION); return write_node(&sup, UBIFS_SB_NODE_SZ, UBIFS_SB_LNUM); } diff --git a/ubifs-utils/mkfs.ubifs/ubifs.h b/ubifs-utils/mkfs.ubifs/ubifs.h index 5a4af997e7bd..c26d0944ac50 100644 --- a/ubifs-utils/mkfs.ubifs/ubifs.h +++ b/ubifs-utils/mkfs.ubifs/ubifs.h @@ -410,6 +410,7 @@ struct ubifs_info int big_lpt; int space_fixup; int double_hash; + int encrypted; long long lpt_sz; int ltab_lnum; From patchwork Thu Oct 18 14:36:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985954 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="mMTXoa54"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX2z51QHz9sCT for ; Fri, 19 Oct 2018 01:47:55 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Iknq1r5XTzc2Jk4GtIxZPXqcZdr2uIxbpIg3o5dPP3M=; b=mMTXoa54AJezTd iNOGGYdkSJAhEU8bpF47O+cOLEg0JdWaMhFJu0FiM3iq/loL11nnEn+vUkHPLijo4q0Ydu4aurmjd t77ojTMKGlmVDMGFi5DgjCewWUwsWAPudeeL7GbOL60ufK6hvTPbmNZVQdlU5Zk0o2dPKHOpGMzwS gsCW7a350gsb8vHEC5jpoZFrkgSTZ6WFpRGa/YZAVt8rvm+FhV3WgJW1OKJ5ONdMafZ7iJT+J6kbP Yte5KQcVzqaKWhRpuatOYZYbajJUkpFZjhGcU8+pTH7oWQx8vFwELrsUCR25pN0gJePXkkBkrEQPM iw/DxcSmncTkpy2u56wQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9aP-0002FO-CR; Thu, 18 Oct 2018 14:47:41 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RP-00045f-R4 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:20 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 7C8B118011B6D; Thu, 18 Oct 2018 16:38:11 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 09/42] mkfs.ubifs: Implement basic fscrypto context passing Date: Thu, 18 Oct 2018 16:36:45 +0200 Message-Id: <20181018143718.26298-10-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073824_291957_0B4EC09A X-CRM114-Status: GOOD ( 17.29 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 64 ++++++++++++++++++----------- 1 file changed, 39 insertions(+), 25 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 09c28ab0b6bd..349f68ab8797 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -174,6 +174,7 @@ int yes; static char *root; static int root_len; +static struct fscrypt_context *root_fctx; static struct stat root_st; static char *output; static int out_fd; @@ -1423,7 +1424,8 @@ static inline int inode_add_selinux_xattr(struct ubifs_ino_node *host_ino, * @flags: source inode flags */ static int add_inode(struct stat *st, ino_t inum, void *data, - unsigned int data_len, int flags, const char *xattr_path) + unsigned int data_len, int flags, const char *xattr_path, + struct fscrypt_context *fctx) { struct ubifs_ino_node *ino = node_buf; union ubifs_key key; @@ -1441,7 +1443,8 @@ static int add_inode(struct stat *st, ino_t inum, void *data, use_flags |= UBIFS_APPEND_FL; if (flags & FS_DIRSYNC_FL && S_ISDIR(st->st_mode)) use_flags |= UBIFS_DIRSYNC_FL; - + if (fctx) + use_flags |= UBIFS_CRYPT_FL; memset(ino, 0, UBIFS_INO_NODE_SZ); ino_key_init(&key, inum); @@ -1498,7 +1501,8 @@ static int add_inode(struct stat *st, ino_t inum, void *data, * the device table. */ static int add_dir_inode(const char *path_name, DIR *dir, ino_t inum, loff_t size, - unsigned int nlink, struct stat *st) + unsigned int nlink, struct stat *st, + struct fscrypt_context *fctx) { int fd, flags = 0; @@ -1513,7 +1517,7 @@ static int add_dir_inode(const char *path_name, DIR *dir, ino_t inum, loff_t siz flags = 0; } - return add_inode(st, inum, NULL, 0, flags, path_name); + return add_inode(st, inum, NULL, 0, flags, path_name, fctx); } /** @@ -1527,7 +1531,7 @@ static int add_dev_inode(const char *path_name, struct stat *st, ino_t inum, int union ubifs_dev_desc dev; dev.huge = cpu_to_le64(makedev(major(st->st_rdev), minor(st->st_rdev))); - return add_inode(st, inum, &dev, 8, flags, path_name); + return add_inode(st, inum, &dev, 8, flags, path_name, NULL); } /** @@ -1538,7 +1542,7 @@ static int add_dev_inode(const char *path_name, struct stat *st, ino_t inum, int * @flags: source inode flags */ static int add_symlink_inode(const char *path_name, struct stat *st, ino_t inum, - int flags) + int flags, struct fscrypt_context *fctx) { char buf[UBIFS_MAX_INO_DATA + 2]; ssize_t len; @@ -1550,7 +1554,7 @@ static int add_symlink_inode(const char *path_name, struct stat *st, ino_t inum, if (len > UBIFS_MAX_INO_DATA) return err_msg("symlink too long for %s", path_name); - return add_inode(st, inum, buf, len, flags, path_name); + return add_inode(st, inum, buf, len, flags, path_name, fctx); } static void set_dent_cookie(struct ubifs_dent_node *dent) @@ -1569,7 +1573,7 @@ static void set_dent_cookie(struct ubifs_dent_node *dent) * @type: type of the target inode */ static int add_dent_node(ino_t dir_inum, const char *name, ino_t inum, - unsigned char type) + unsigned char type, struct fscrypt_context *fctx) { struct ubifs_dent_node *dent = node_buf; union ubifs_key key; @@ -1658,7 +1662,7 @@ static int all_zero(void *buf, int len) * @flags: source inode flags */ static int add_file(const char *path_name, struct stat *st, ino_t inum, - int flags) + int flags, struct fscrypt_context *fctx) { struct ubifs_data_node *dn = node_buf; void *buf = block_buf; @@ -1728,7 +1732,7 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum, return err_msg("file size changed during writing file '%s'", path_name); - return add_inode(st, inum, NULL, 0, flags, path_name); + return add_inode(st, inum, NULL, 0, flags, path_name, fctx); } /** @@ -1741,7 +1745,8 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum, * creating the UBIFS inode */ static int add_non_dir(const char *path_name, ino_t *inum, unsigned int nlink, - unsigned char *type, struct stat *st) + unsigned char *type, struct stat *st, + struct fscrypt_context *fctx) { int fd, flags = 0; @@ -1806,17 +1811,17 @@ static int add_non_dir(const char *path_name, ino_t *inum, unsigned int nlink, creat_sqnum = ++c->max_sqnum; if (S_ISREG(st->st_mode)) - return add_file(path_name, st, *inum, flags); + return add_file(path_name, st, *inum, flags, fctx); if (S_ISCHR(st->st_mode)) return add_dev_inode(path_name, st, *inum, flags); if (S_ISBLK(st->st_mode)) return add_dev_inode(path_name, st, *inum, flags); if (S_ISLNK(st->st_mode)) - return add_symlink_inode(path_name, st, *inum, flags); + return add_symlink_inode(path_name, st, *inum, flags, fctx); if (S_ISSOCK(st->st_mode)) - return add_inode(st, *inum, NULL, 0, flags, NULL); + return add_inode(st, *inum, NULL, 0, flags, NULL, NULL); if (S_ISFIFO(st->st_mode)) - return add_inode(st, *inum, NULL, 0, flags, NULL); + return add_inode(st, *inum, NULL, 0, flags, NULL, NULL); return err_msg("file '%s' has unknown inode type", path_name); } @@ -1831,7 +1836,7 @@ static int add_non_dir(const char *path_name, ino_t *inum, unsigned int nlink, * created because it is defined in the device table file. */ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, - int existing) + int existing, struct fscrypt_context *fctx) { struct dirent *entry; DIR *dir = NULL; @@ -1867,6 +1872,7 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, */ for (; existing;) { struct stat dent_st; + struct fscrypt_context *new_fctx = NULL; errno = 0; entry = readdir(dir); @@ -1922,14 +1928,16 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, inum = ++c->highest_inum; + new_fctx = inherit_fscrypt_context(fctx); + if (S_ISDIR(dent_st.st_mode)) { - err = add_directory(name, inum, &dent_st, 1); + err = add_directory(name, inum, &dent_st, 1, new_fctx); if (err) goto out_free; nlink += 1; type = UBIFS_ITYPE_DIR; } else { - err = add_non_dir(name, &inum, 0, &type, &dent_st); + err = add_non_dir(name, &inum, 0, &type, &dent_st, new_fctx); if (err) goto out_free; } @@ -1938,11 +1946,13 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, if (err) goto out_free; - err = add_dent_node(dir_inum, entry->d_name, inum, type); + err = add_dent_node(dir_inum, entry->d_name, inum, type, fctx); if (err) goto out_free; size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(entry->d_name) + 1, 8); + + free_fscrypt_context(new_fctx); } /* @@ -1952,6 +1962,7 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, nh_elt = first_name_htbl_element(ph_elt, &itr); while (nh_elt) { struct stat fake_st; + struct fscrypt_context *new_fctx = NULL; /* * We prohibit creating regular files using the device table, @@ -1978,14 +1989,16 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, name = make_path(dir_name, nh_elt->name); inum = ++c->highest_inum; + new_fctx = inherit_fscrypt_context(fctx); + if (S_ISDIR(nh_elt->mode)) { - err = add_directory(name, inum, &fake_st, 0); + err = add_directory(name, inum, &fake_st, 0, new_fctx); if (err) goto out_free; nlink += 1; type = UBIFS_ITYPE_DIR; } else { - err = add_non_dir(name, &inum, 0, &type, &fake_st); + err = add_non_dir(name, &inum, 0, &type, &fake_st, new_fctx); if (err) goto out_free; } @@ -1994,17 +2007,18 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, if (err) goto out_free; - err = add_dent_node(dir_inum, nh_elt->name, inum, type); + err = add_dent_node(dir_inum, nh_elt->name, inum, type, fctx); if (err) goto out_free; size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(nh_elt->name) + 1, 8); nh_elt = next_name_htbl_element(ph_elt, &itr); + free_fscrypt_context(new_fctx); } creat_sqnum = dir_creat_sqnum; - err = add_dir_inode(dir ? dir_name : NULL, dir, dir_inum, size, nlink, st); + err = add_dir_inode(dir ? dir_name : NULL, dir, dir_inum, size, nlink, st, fctx); if (err) goto out_free; @@ -2035,7 +2049,7 @@ static int add_multi_linked_files(void) for (im = hash_table[i]; im; im = im->next) { dbg_msg(2, "%s", im->path_name); err = add_non_dir(im->path_name, &im->use_inum, - im->use_nlink, &type, &im->st); + im->use_nlink, &type, &im->st, NULL); if (err) return err; } @@ -2083,7 +2097,7 @@ static int write_data(void) if (err) return err; - err = add_directory(root, UBIFS_ROOT_INO, &root_st, !!root); + err = add_directory(root, UBIFS_ROOT_INO, &root_st, !!root, root_fctx); if (err) return err; err = add_multi_linked_files(); From patchwork Thu Oct 18 14:36:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985953 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="swpTXjvE"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX2F1ggqz9sC2 for ; Fri, 19 Oct 2018 01:47:17 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=u8kuDLVh+CIJK0XetHft9DIhg6UdmxXlpbQqJ/DLVcc=; b=swpTXjvEB/ZugX N4kNPTfDJh0/6KMUepYKMehEwefMUFG4W4b/8mKOQs0C5gHkW+V3oN4V+aEf/Hzs1Oa+DDJZcITrK MlRTKOanPdpDvnCxgzdJCF6rjtl9R4VcmjPCzZUw6KkB0EKl513aaBYpPqa1Xe04MxDkmTwHbxtw3 OXRhsfwP1GQzvp0T2ZT4b2iNhy1Avu5SqPMksCTtDRKhWqPZYrts8F+UT2AguK/AdnWUALDTtI8GM W/Sm3uUMmhbGOiu2Ei1BYkRKdMLlAOMD3FztS3oq7KAFlrscAYyuRLdG14UzNqUSpFsgsiLVkFdjz WmipW28PBFpZNAx0mpMA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Zp-00020S-76; Thu, 18 Oct 2018 14:47:05 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RP-00045e-Qt for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:09 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id C13B31800005B; Thu, 18 Oct 2018 16:38:12 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 10/42] mkfs.ubifs: Implement fscrypto context store as xattr Date: Thu, 18 Oct 2018 16:36:46 +0200 Message-Id: <20181018143718.26298-11-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073824_282231_E766C733 X-CRM114-Status: GOOD ( 13.83 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 53 ++++++++++++++++++----------- 1 file changed, 34 insertions(+), 19 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 349f68ab8797..e391cdaae35f 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1156,36 +1156,45 @@ static int add_node(union ubifs_key *key, char *name, void *node, int len) return 0; } -static int add_xattr(struct stat *st, ino_t inum, const void *data, - unsigned int data_len, struct qstr *nm) +static int add_xattr(struct ubifs_ino_node *host_ino, struct stat *st, ino_t inum, + char *name, const void *data, unsigned int data_len) { struct ubifs_ino_node *ino; struct ubifs_dent_node *xent; + struct qstr nm; union ubifs_key xkey, nkey; int len, ret; - xent = xzalloc(sizeof(*xent) + nm->len + 1); + nm.name = name; + nm.len = strlen(name); + + host_ino->xattr_cnt++; + host_ino->xattr_size += CALC_DENT_SIZE(nm.len); + host_ino->xattr_size += CALC_XATTR_BYTES(data_len); + host_ino->xattr_names += nm.len; + + xent = xzalloc(sizeof(*xent) + nm.len + 1); ino = xzalloc(sizeof(*ino) + data_len); - xent_key_init(c, &xkey, inum, nm); + xent_key_init(c, &xkey, inum, &nm); xent->ch.node_type = UBIFS_XENT_NODE; key_write(&xkey, &xent->key); - len = UBIFS_XENT_NODE_SZ + nm->len + 1; + len = UBIFS_XENT_NODE_SZ + nm.len + 1; xent->ch.len = len; xent->padding1 = 0; xent->type = UBIFS_ITYPE_DIR; - xent->nlen = cpu_to_le16(nm->len); + xent->nlen = cpu_to_le16(nm.len); - memcpy(xent->name, nm->name, nm->len + 1); + memcpy(xent->name, nm.name, nm.len + 1); inum = ++c->highest_inum; creat_sqnum = ++c->max_sqnum; xent->inum = cpu_to_le64(inum); - ret = add_node(&xkey, nm->name, xent, len); + ret = add_node(&xkey, nm.name, xent, len); if (ret) goto out; @@ -1217,7 +1226,7 @@ static int add_xattr(struct stat *st, ino_t inum, const void *data, if (data_len) memcpy(&ino->data, data, data_len); - ret = add_node(&nkey, nm->name, ino, UBIFS_INO_NODE_SZ + data_len) ; + ret = add_node(&nkey, nm.name, ino, UBIFS_INO_NODE_SZ + data_len) ; out: free(xent); @@ -1270,7 +1279,6 @@ static int inode_add_xattr(struct ubifs_ino_node *host_ino, const char *path_name, struct stat *st, ino_t inum) { int ret; - struct qstr nm; void *buf = NULL; ssize_t len; ssize_t pos = 0; @@ -1327,15 +1335,7 @@ static int inode_add_xattr(struct ubifs_ino_node *host_ino, continue; } - nm.name = name; - nm.len = strlen(name); - - host_ino->xattr_cnt++; - host_ino->xattr_size += CALC_DENT_SIZE(nm.len); - host_ino->xattr_size += CALC_XATTR_BYTES(attrsize); - host_ino->xattr_names += nm.len; - - ret = add_xattr(st, inum, attrbuf, attrsize, &nm); + ret = add_xattr(host_ino, st, inum, name, attrbuf, attrsize); if (ret < 0) goto out_free; } @@ -1415,6 +1415,15 @@ static inline int inode_add_selinux_xattr(struct ubifs_ino_node *host_ino, } #endif +static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, + struct stat *host_st, + struct fscrypt_context *fctx) +{ + return add_xattr(host_ino, host_st, inum, + UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT, + fctx, sizeof(*fctx)); +} + /** * add_inode - write an inode. * @st: stat information of source inode @@ -1484,6 +1493,12 @@ static int add_inode(struct stat *st, ino_t inum, void *data, return ret; } + if (fctx) { + ret = set_fscrypt_context(ino, inum, st, fctx); + if (ret < 0) + return ret; + } + return add_node(&key, NULL, ino, len); } From patchwork Thu Oct 18 14:36:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985952 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="JnYaZpCp"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX1T2Q9lz9sC2 for ; Fri, 19 Oct 2018 01:46:37 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=1Y55g0OuehKUkr8u91ZX5eHaxfO9MfjEDfhIbBe1Wfg=; b=JnYaZpCpwG96QS jaLYKMpakkWgUixEHIwsAVxfNNPGCEE8ivh6I79mZ09m/i+gxbs7EBqX2j+em+nUBG8H8OfeOVKf/ BCBYJTcAtdKdKDnBR94gVipU2JzCPDMC2NlMqED2eGX9g/lwerV5mvRg3+/Uz4PL595RquoVq9Cpy hz7J4mHvuRoe45By1kPJmcvYfiRQYpSyJTAif0xS+sAgfZ+Irc6WU0edWA8tqXpBL0kMj9V9S5USl GkABXvyoGaCj8sZRxV64ggJX2KMcBQC9F+jsgXf7vklGEPSVUONHxwwNPKDtHW/G2vYK5bTSRwmfM 5mvVL8bxQogxnFasLmiQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Z8-0001fH-3W; Thu, 18 Oct 2018 14:46:22 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RP-00045j-Qp for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:02 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 1D2CF18011B6A; Thu, 18 Oct 2018 16:38:14 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 11/42] mkfs.ubifs: Store directory name len in the temporary index Date: Thu, 18 Oct 2018 16:36:47 +0200 Message-Id: <20181018143718.26298-12-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073824_281165_B0A3712D X-CRM114-Status: GOOD ( 14.93 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org since names are no longer strings, we need to know the length. Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index e391cdaae35f..469d5874eaa2 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -73,6 +73,7 @@ struct idx_entry { struct idx_entry *prev; union ubifs_key key; char *name; + int name_len; int lnum; int offs; int len; @@ -1069,7 +1070,7 @@ static void set_lprops(int lnum, int offs, int flags) * @offs: node offset * @len: node length */ -static int add_to_index(union ubifs_key *key, char *name, int lnum, int offs, +static int add_to_index(union ubifs_key *key, char *name, int name_len, int lnum, int offs, int len) { struct idx_entry *e; @@ -1080,6 +1081,7 @@ static int add_to_index(union ubifs_key *key, char *name, int lnum, int offs, e->prev = idx_list_last; e->key = *key; e->name = name; + e->name_len = name_len; e->lnum = lnum; e->offs = offs; e->len = len; @@ -1138,7 +1140,7 @@ static int reserve_space(int len, int *lnum, int *offs) * @node: node * @len: node length */ -static int add_node(union ubifs_key *key, char *name, void *node, int len) +static int add_node(union ubifs_key *key, char *name, int name_len, void *node, int len) { int err, lnum, offs; @@ -1151,7 +1153,7 @@ static int add_node(union ubifs_key *key, char *name, void *node, int len) memcpy(leb_buf + offs, node, len); memset(leb_buf + offs + len, 0xff, ALIGN(len, 8) - len); - add_to_index(key, name, lnum, offs, len); + add_to_index(key, name, name_len, lnum, offs, len); return 0; } @@ -1194,7 +1196,7 @@ static int add_xattr(struct ubifs_ino_node *host_ino, struct stat *st, ino_t inu xent->inum = cpu_to_le64(inum); - ret = add_node(&xkey, nm.name, xent, len); + ret = add_node(&xkey, nm.name, nm.len, xent, len); if (ret) goto out; @@ -1226,7 +1228,7 @@ static int add_xattr(struct ubifs_ino_node *host_ino, struct stat *st, ino_t inu if (data_len) memcpy(&ino->data, data, data_len); - ret = add_node(&nkey, nm.name, ino, UBIFS_INO_NODE_SZ + data_len) ; + ret = add_node(&nkey, nm.name, nm.len, ino, UBIFS_INO_NODE_SZ + data_len) ; out: free(xent); @@ -1499,7 +1501,7 @@ static int add_inode(struct stat *st, ino_t inum, void *data, return ret; } - return add_node(&key, NULL, ino, len); + return add_node(&key, NULL, 0, ino, len); } /** @@ -1621,7 +1623,7 @@ static int add_dent_node(ino_t dir_inum, const char *name, ino_t inum, if (!kname) return err_msg("cannot allocate memory"); - return add_node(&key, kname, dent, len); + return add_node(&key, kname, dname.len, dent, len); } /** @@ -1732,9 +1734,10 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum, compr_type = compress_data(buf, bytes_read, &dn->data, &out_len, use_compr); dn->compr_type = cpu_to_le16(compr_type); + //TODO: encrypt dn_len = UBIFS_DATA_NODE_SZ + out_len; /* Add data node to file system */ - err = add_node(&key, NULL, dn, dn_len); + err = add_node(&key, NULL, 0, dn, dn_len); if (err) { close(fd); return err; @@ -2121,13 +2124,13 @@ static int write_data(void) return flush_nodes(); } -static int namecmp(const char *name1, const char *name2) +static int namecmp(const struct idx_entry *e1, const struct idx_entry *e2) { - size_t len1 = strlen(name1), len2 = strlen(name2); + size_t len1 = e1->name_len, len2 = e2->name_len; size_t clen = (len1 < len2) ? len1 : len2; int cmp; - cmp = memcmp(name1, name2, clen); + cmp = memcmp(e1->name, e2->name, clen); if (cmp) return cmp; return (len1 < len2) ? -1 : 1; @@ -2142,7 +2145,7 @@ static int cmp_idx(const void *a, const void *b) cmp = keys_cmp(&e1->key, &e2->key); if (cmp) return cmp; - return namecmp(e1->name, e2->name); + return namecmp(e1, e2); } /** From patchwork Thu Oct 18 14:36:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985949 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ddjFqQEi"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX032tp9z9sC2 for ; Fri, 19 Oct 2018 01:45:23 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=sllhhqHDxS5AXsFohXpWXzUQrXlNhPv100zMCE8iOnE=; b=ddjFqQEiQAf2A9 XbPuEWN+5DtVCK6dW6kgj3qB8SOgUxLyQR1Vmit5Atsyndm+XtEmSdX2b4h0Z6KTi9LyYXuzvj94o 7m9CXdUqSVigsoFo6ml4VWbOncW4qWIPVwSFyf5b/37i3bTHGQLhueun6hHmJhrNDytNP5ADxU0xj 7pZdxHQtrU1hwZSLYsgThhMqxZzWl4mgtu0cc/BCQaguIs/MZpE+FugsoRmSsMUcJpUHlsnQ+i7/U my0pQzF+iOGCaVybYb5f5gmEipcLrUUaQeOaU1D4W6uvC1RnGFG/iY7M1vxMqdhfvXNUI1T2k101c lkmOKN+mrsG/F9U8joFQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Xv-0008On-2b; Thu, 18 Oct 2018 14:45:07 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RP-00045k-Qa for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:50 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id AF72318011B67; Thu, 18 Oct 2018 16:38:15 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 12/42] mkfs.ubifs: Implement filename encryption Date: Thu, 18 Oct 2018 16:36:48 +0200 Message-Id: <20181018143718.26298-13-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073824_260675_6BE8430C X-CRM114-Status: GOOD ( 13.91 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/key.h | 4 +- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 61 +++++++++++++++++++++++------ 2 files changed, 52 insertions(+), 13 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/key.h b/ubifs-utils/mkfs.ubifs/key.h index 0c7922b67687..c18e35e8f0a3 100644 --- a/ubifs-utils/mkfs.ubifs/key.h +++ b/ubifs-utils/mkfs.ubifs/key.h @@ -110,9 +110,9 @@ static inline void ino_key_init(union ubifs_key *key, ino_t inum) */ static inline void dent_key_init(const struct ubifs_info *c, union ubifs_key *key, ino_t inum, - const struct qstr *nm) + const void *name, int name_len) { - uint32_t hash = c->key_hash(nm->name, nm->len); + uint32_t hash = c->key_hash(name, name_len); assert(!(hash & ~UBIFS_S_KEY_HASH_MASK)); key->u32[0] = inum; diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 469d5874eaa2..7deca96e7953 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1596,6 +1596,7 @@ static int add_dent_node(ino_t dir_inum, const char *name, ino_t inum, union ubifs_key key; struct qstr dname; char *kname; + int kname_len; int len; dbg_msg(3, "%s ino %lu type %u dir ino %lu", name, (unsigned long)inum, @@ -1607,23 +1608,61 @@ static int add_dent_node(ino_t dir_inum, const char *name, ino_t inum, dent->ch.node_type = UBIFS_DENT_NODE; - dent_key_init(c, &key, dir_inum, &dname); - key_write(&key, dent->key); dent->inum = cpu_to_le64(inum); dent->padding1 = 0; dent->type = type; - dent->nlen = cpu_to_le16(dname.len); - memcpy(dent->name, dname.name, dname.len); - dent->name[dname.len] = '\0'; set_dent_cookie(dent); - len = UBIFS_DENT_NODE_SZ + dname.len + 1; - - kname = strdup(name); - if (!kname) - return err_msg("cannot allocate memory"); + if (!fctx) { + dent_key_init(c, &key, dir_inum, dname.name, dname.len); + dent->nlen = cpu_to_le16(dname.len); + memcpy(dent->name, dname.name, dname.len); + dent->name[dname.len] = '\0'; + len = UBIFS_DENT_NODE_SZ + dname.len + 1; + + kname_len = dname.len; + kname = strdup(name); + if (!kname) + return err_msg("cannot allocate memory"); + } else { + void *inbuf, *outbuf, *crypt_key; + unsigned int max_namelen = type == UBIFS_ITYPE_LNK ? UBIFS_MAX_INO_DATA : UBIFS_MAX_NLEN; + unsigned int padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); + unsigned int cryptlen; + + cryptlen = max_t(unsigned int, dname.len, FS_CRYPTO_BLOCK_SIZE); + cryptlen = round_up(cryptlen, padding); + cryptlen = min(cryptlen, max_namelen); + + inbuf = xmalloc(cryptlen); + outbuf = xmalloc(cryptlen + 32); + + memset(inbuf, 0, cryptlen); + memcpy(inbuf, dname.name, dname.len); + + crypt_key = calc_fscrypt_subkey(fctx); + if (!crypt_key) + return err_msg("could not compute subkey"); + if (encrypt_aes128_cbc_cts(inbuf, cryptlen, crypt_key, outbuf) < 0) + return err_msg("could not encrypt filename"); + + dent->nlen = cpu_to_le16(cryptlen); + memcpy(dent->name, outbuf, cryptlen); + dent->name[cryptlen] = '\0'; + len = UBIFS_DENT_NODE_SZ + cryptlen + 1; + + dent_key_init(c, &key, dir_inum, outbuf, cryptlen); + + kname_len = cryptlen; + kname = xmalloc(cryptlen); + memcpy(kname, outbuf, cryptlen); + free(crypt_key); + free(inbuf); + free(outbuf); + } + key_write(&key, dent->key); - return add_node(&key, kname, dname.len, dent, len); + return add_node(&key, kname, kname_len, dent, len); } /** From patchwork Thu Oct 18 14:36:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985940 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="hGDCq+RS"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bWwQ6Qs1z9sBq for ; Fri, 19 Oct 2018 01:42:14 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=bubqhQKtax4yJH3fk1sdqM/EufypHxuYVC3QQhrxa3g=; b=hGDCq+RS1wtJbC Y+/zoGcvLfw3jqk3RvT0RFwZp4qaW9b4ZosnsN2/l0Bwn9mxnX5eVX8xxvuAKcxq4XDji7ss3Swux 14AaGg8SrEJOcFZ7POryPpBaq7nc1U1puJrKBq1hn1JWyQNApzenvftim7NwO843GHpSQMFwSWZ3E nSrB9NBDGhnUJfRkTkPJmLw6eNLqDLzSZozgYvwLIpoV2Q3AGH37WPW/8TSeJEM27c18jP5fsVVMJ LzX4V+wiJ1woJr9vkdy4B7SP5MfSUhl9UW8j1VUwTBk01XTUUtpoKaCqPoHY26UMDBkswfD61e5i5 XRfMwR261xSzX4W7FYsA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Uw-00074N-92; Thu, 18 Oct 2018 14:42:02 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RP-00046v-QZ for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:32 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 6E9E418011B6B; Thu, 18 Oct 2018 16:38:16 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 13/42] mkfs.ubifs: Add dummy setup for crypto Date: Thu, 18 Oct 2018 16:36:49 +0200 Message-Id: <20181018143718.26298-14-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073824_064882_A9016308 X-CRM114-Status: GOOD ( 10.88 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 7deca96e7953..a43b2a1620b1 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -2720,6 +2720,12 @@ static int init(void) sz = sizeof(struct inum_mapping *) * HASH_TABLE_SIZE; hash_table = xzalloc(sz); + //TODO make this a parameter + root_fctx = init_fscrypt_context(); + print_fscrypt_master_key_descriptor(root_fctx); + c->double_hash = 1; + c->encrypted = 1; + err = init_compression(); if (err) return err; From patchwork Thu Oct 18 14:36:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985951 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="CBKwbyOF"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX0n05rBz9sC2 for ; Fri, 19 Oct 2018 01:46:01 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=rbiI9ndpEDF/5HgSeKX0QPGTNMcTXgQ2ZnTa8ifYRbI=; b=CBKwbyOF0M0NuS k84g6cPtpqsKaRTc4vf/rWkeSACS7ElXja5lqCpzeAbdMAm386CundK+hnKSK6sjEFKy5bAYl+sQO B6lFjuc2gx/lkvgJYY8G1B/yy7vbR3vF8OV/XJZ+Go4oJhfHlw1vlAdyW740QnrVxT1ihvVtGTBN1 HVjdYmif9oiZ73a4l7IhVh3S4+3zPVrqV3gaXxh8IEiFR5shEfOR0WP5eiPIIFeLleQzBCiEV8uwA RWq1zCveILN8cRmuFYR2dah8uODn0BqwBtli9zG8eJAD5UcfInREAVF5nbr13ViX8K3rOplvEQEKl ZmKTmuy1/W72a6T46a7A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Ya-0001PY-Um; Thu, 18 Oct 2018 14:45:48 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9RP-00046u-Qr for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:50 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 089A2180D9133; Thu, 18 Oct 2018 16:38:17 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 14/42] mkfs.ubifs: Pass source/dest key len to key derive function Date: Thu, 18 Oct 2018 16:36:50 +0200 Message-Id: <20181018143718.26298-15-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073824_209900_B4540B4D X-CRM114-Status: GOOD ( 13.08 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org fscrypto is using the max key lenth (64), so we cannot use the AES-128-ECB len. Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/crypto.c | 4 ++-- ubifs-utils/mkfs.ubifs/crypto.h | 2 +- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index a20bd56ba3db..f249b49b5b59 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -277,7 +277,7 @@ ssize_t encrypt_aes256_cbc_cts(const void *plaintext, size_t size, } ssize_t derive_key_aes(const void *deriving_key, const void *source_key, - void *derived_key) + size_t source_key_len, void *derived_key) { const EVP_CIPHER *cipher; size_t aes_key_len; @@ -289,7 +289,7 @@ ssize_t derive_key_aes(const void *deriving_key, const void *source_key, } aes_key_len = EVP_CIPHER_key_length(cipher); - return do_encrypt(cipher, source_key, aes_key_len, deriving_key, + return do_encrypt(cipher, source_key, source_key_len, deriving_key, aes_key_len, NULL, 0, derived_key); } diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index 4e597004ec51..5bff70fea29e 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -57,7 +57,7 @@ ssize_t encrypt_aes256_cbc_cts(const void *plaintext, size_t size, const void *key, void *ciphertext); ssize_t derive_key_aes(const void *deriving_key, const void *source_key, - void *derived_key); + size_t source_key_len, void *derived_key); struct cipher *get_cipher(const char *name); diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index a43b2a1620b1..c315e36dd3d3 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -526,7 +526,7 @@ static unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx) int ret; unsigned char *new_key = xmalloc(FS_MAX_KEY_SIZE); - ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, new_key); + ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, FS_MAX_KEY_SIZE, new_key); if (ret < 0) { err_msg("derive_key_aes failed: %i\n", ret); From patchwork Thu Oct 18 14:36:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985957 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="iXGxniY0"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX4Q5gTxz9sCT for ; Fri, 19 Oct 2018 01:49:10 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=mwNSLqexKyZIi98FXswY3nsd13rgb2ps9fYzPuNwZu4=; b=iXGxniY0lr/bea KBnuTBNMQYXmX4l8Gs0/WLstTNUx8am3P6tX2zTyFr/qr3JTHoWATLWgLkXWpV7ZOwiINeIQxB8j5 Xoivj5x0R9f+GSTpW9tlEV76dTOnhW4XaFYDdY2OviOhQI7rNKGXM1oPlcBlIC4zm/gzlGYYCYp5N CxJ7G/lOePED/vhv9RMOk6mNyhiqvniG6qUY6C6TY2VzVo4m8EGWSxgGrmDr0L2a+AbNT2TmlwWR3 wdWIe7qEly8VL3fgEOBs3ZOfWqcGjLDMH9bZ/SUaKO6tle/nwiSGXY5BHmJRIbn9gZla/hmg9R2wj CLKLPqO6V1V4Nz7285uw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9bc-0002k2-RZ; Thu, 18 Oct 2018 14:48:56 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rj-0004Dr-BO for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:46 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 521A818011B6E; Thu, 18 Oct 2018 16:38:18 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 15/42] mkfs.ubifs: Add encrypted symlink support Date: Thu, 18 Oct 2018 16:36:51 +0200 Message-Id: <20181018143718.26298-16-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073843_706858_F570BC56 X-CRM114-Status: GOOD ( 15.67 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 75 ++++++++++++++++++++++++++--- 1 file changed, 68 insertions(+), 7 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index c315e36dd3d3..4ffd8fd51e41 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -155,6 +155,16 @@ struct fscrypt_context { __u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; } __attribute__((packed)); +/** + * For encrypted symlinks, the ciphertext length is stored at the beginning + * of the string in little-endian format. + */ +struct fscrypt_symlink_data { + __le16 len; + char encrypted_path[1]; +} __attribute__((packed)); + + #ifndef FS_MAX_KEY_SIZE #define FS_MAX_KEY_SIZE 64 #endif @@ -578,15 +588,22 @@ static struct fscrypt_context *init_fscrypt_context(void) new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC; new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS; - //TODO accept padding via a parameter new_fctx->flags = FS_POLICY_FLAGS_PAD_4; - //TODO accept descriptor via a parameter - RAND_bytes((void *)&new_fctx->master_key_descriptor, FS_KEY_DESCRIPTOR_SIZE); RAND_bytes((void *)&new_fctx->nonce, FS_KEY_DERIVATION_NONCE_SIZE); return new_fctx; } +unsigned int fscrypt_fname_encrypted_size(struct fscrypt_context *fctx, unsigned int ilen) +{ + int padding; + + padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); + ilen = max_t(unsigned int, ilen, FS_CRYPTO_BLOCK_SIZE); + return round_up(ilen, padding); +} + + /** * open_ubi - open the UBI volume. * @node: name of the UBI volume character device to fetch information about @@ -1478,11 +1495,54 @@ static int add_inode(struct stat *st, ino_t inum, void *data, ino->gid = cpu_to_le32(st->st_gid); ino->mode = cpu_to_le32(st->st_mode); ino->flags = cpu_to_le32(use_flags); - ino->data_len = cpu_to_le32(data_len); ino->compr_type = cpu_to_le16(c->default_compr); - if (data_len) - memcpy(&ino->data, data, data_len); + if (data_len) { + if (!S_ISLNK(st->st_mode)) + return err_msg("Expected symlink"); + if (!fctx) { + memcpy(&ino->data, data, data_len); + } else { + //TODO turn this into a common helper + struct fscrypt_symlink_data *sd; + void *inbuf, *outbuf, *crypt_key; + unsigned int max_namelen = UBIFS_MAX_INO_DATA; + unsigned int padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); + unsigned int cryptlen; + unsigned int link_disk_len = fscrypt_fname_encrypted_size(fctx, data_len) + sizeof(struct fscrypt_symlink_data); + + cryptlen = max_t(unsigned int, data_len, FS_CRYPTO_BLOCK_SIZE); + cryptlen = round_up(cryptlen, padding); + cryptlen = min(cryptlen, max_namelen); + + sd = xzalloc(link_disk_len); + inbuf = xmalloc(cryptlen); + /* CTS mode needs a block size aligned buffer */ + outbuf = xmalloc(round_up(cryptlen, FS_CRYPTO_BLOCK_SIZE)); + + memset(inbuf, 0, cryptlen); + memcpy(inbuf, data, data_len); + + crypt_key = calc_fscrypt_subkey(fctx); + if (!crypt_key) + return err_msg("could not compute subkey"); + if (encrypt_aes128_cbc_cts(inbuf, cryptlen, crypt_key, outbuf) < 0) + return err_msg("could not encrypt filename"); + + memcpy(sd->encrypted_path, outbuf, cryptlen); + sd->len = cpu_to_le16(cryptlen); + memcpy(&ino->data, sd, link_disk_len); + ((char *)&ino->data)[link_disk_len - 1] = '\0'; + + data_len = link_disk_len; + + free(crypt_key); + free(inbuf); + free(outbuf); + free(sd); + } + } + ino->data_len = cpu_to_le32(data_len); len = UBIFS_INO_NODE_SZ + data_len; if (xattr_path) { @@ -1635,7 +1695,8 @@ static int add_dent_node(ino_t dir_inum, const char *name, ino_t inum, cryptlen = min(cryptlen, max_namelen); inbuf = xmalloc(cryptlen); - outbuf = xmalloc(cryptlen + 32); + /* CTS mode needs a block size aligned buffer */ + outbuf = xmalloc(round_up(cryptlen, FS_CRYPTO_BLOCK_SIZE)); memset(inbuf, 0, cryptlen); memcpy(inbuf, dname.name, dname.len); From patchwork Thu Oct 18 14:36:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985955 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="RUVRq91T"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX3h4S3Tz9sC2 for ; Fri, 19 Oct 2018 01:48:32 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=gCSNLgoyu8PvaKTsB9wdpehGEG+U0wG57NZcOz2SdFE=; b=RUVRq91TOPcvoe F5qTeSIiMFCBsOuEbe5T9ywhe4dB3yYXO7SDZYW04N4QC+1DJrcq/mgD1OmbCjZ5mAFqwWuqlScy0 jEmejczYfPBSXWOu/H2Wqs2WvqTV4DOTRua+UigMXWP14YGsGWJ4NzKVqkktie00FeuEQ5ztgO4N/ Vpm8LP0Kl0ot8ftlLtIKiUk8AhFc87D+Zha51E8k8zJdVRqSb7vRmYNuU44kzrnWsU/McGf9mD8mB zJypuRCMpb5jeSHbYMLRZ8TrxPk1Q3/D+1+jU3AOFHuBCbYK5A2w51PGo/ljwvlXn+c0WdPw76l4F T6qNy+c0cU25LoqdD34Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9b0-0002V5-F9; Thu, 18 Oct 2018 14:48:18 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rj-0004Dq-Az for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:31 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 88A0218011B70; Thu, 18 Oct 2018 16:38:19 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 16/42] mkfs.ubifs: Implement file contents encryption Date: Thu, 18 Oct 2018 16:36:52 +0200 Message-Id: <20181018143718.26298-17-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073843_603011_EB31F66D X-CRM114-Status: GOOD ( 13.48 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 39 ++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 4ffd8fd51e41..b7d68c60d481 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1817,10 +1817,9 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum, } /* Make data node */ memset(dn, 0, UBIFS_DATA_NODE_SZ); - data_key_init(&key, inum, block_no++); + data_key_init(&key, inum, block_no); dn->ch.node_type = UBIFS_DATA_NODE; key_write(&key, &dn->key); - dn->size = cpu_to_le32(bytes_read); out_len = NODE_BUFFER_SIZE - UBIFS_DATA_NODE_SZ; if (c->default_compr == UBIFS_COMPR_NONE && (flags & FS_COMPR_FL)) @@ -1834,7 +1833,39 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum, compr_type = compress_data(buf, bytes_read, &dn->data, &out_len, use_compr); dn->compr_type = cpu_to_le16(compr_type); - //TODO: encrypt + dn->size = cpu_to_le32(bytes_read); + + if (!fctx) { + dn->compr_size = 0; + } else { + void *inbuf, *outbuf, *crypt_key; + size_t ret, pad_len = round_up(out_len, FS_CRYPTO_BLOCK_SIZE); + + dn->compr_size = out_len; + + inbuf = xzalloc(pad_len); + outbuf = xzalloc(pad_len); + + memcpy(inbuf, &dn->data, out_len); + + crypt_key = calc_fscrypt_subkey(fctx); + if (!crypt_key) + return err_msg("could not compute subkey"); + + ret = encrypt_block_aes128_cbc(inbuf, pad_len, crypt_key, block_no, + outbuf); + if (ret != pad_len) + return err_msg("encrypt_block_aes128_cbc returned %zi instead of %zi", ret, pad_len); + + memcpy(&dn->data, outbuf, pad_len); + + out_len = pad_len; + + free(inbuf); + free(outbuf); + free(crypt_key); + } + dn_len = UBIFS_DATA_NODE_SZ + out_len; /* Add data node to file system */ err = add_node(&key, NULL, 0, dn, dn_len); @@ -1842,6 +1873,8 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum, close(fd); return err; } + + block_no++; } while (ret != 0); if (close(fd) == -1) From patchwork Thu Oct 18 14:36:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985958 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="OFxQiSOP"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX5C1p5Rz9sC2 for ; Fri, 19 Oct 2018 01:49:51 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=lKK079gLGzZV0Mq+akziT/X3eslhYBKZYUEN2hn8w48=; b=OFxQiSOPYj/TpN kEK7cHSpy/MKMv0bFDaA9FN+EnEkRQIY315NCTcHUNIK+C2YeXi7AbemyQomKkHklr04kXYQ4QJ08 AePNipS7Q7dUasgBTITSY5QNOPSiQQqpHhMCluWJjDKFaUDp0dzy6EvEq2wQY4zWgyS0bqda06K1m QoUAWGBin2+WIyD2rEsihM5VI0M1Tq+jSjZwscDzabr4JG7CPeB563eeev7SsPzPwmtJ1xGij3VT/ rEP6Nd9J1OU6KBcMIkm8aCHKxsDwJibsn57CQvCZ+1LydU53/TaeSD3jKldlAoCuDvAj+BrneyEy3 VdxzuYfA23VmyVgv2MGg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9cG-0002zI-3d; Thu, 18 Oct 2018 14:49:36 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rj-0004Eg-BN for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:40:02 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 4C1A5180347E3; Thu, 18 Oct 2018 16:38:23 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 17/42] mkfs.ubifs: Move symlink data encryption to helper function Date: Thu, 18 Oct 2018 16:36:53 +0200 Message-Id: <20181018143718.26298-18-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073843_734595_614B412E X-CRM114-Status: GOOD ( 14.05 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 81 ++++++++++++++++------------- 1 file changed, 44 insertions(+), 37 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index b7d68c60d481..b402945924ac 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1443,6 +1443,46 @@ static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, fctx, sizeof(*fctx)); } +static int encrypt_symlink(void *dst, void *data, unsigned int data_len, + struct fscrypt_context *fctx) +{ + struct fscrypt_symlink_data *sd; + void *inbuf, *outbuf, *crypt_key; + unsigned int max_namelen = UBIFS_MAX_INO_DATA; + unsigned int padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); + unsigned int cryptlen; + unsigned int link_disk_len = fscrypt_fname_encrypted_size(fctx, data_len) + sizeof(struct fscrypt_symlink_data); + + cryptlen = max_t(unsigned int, data_len, FS_CRYPTO_BLOCK_SIZE); + cryptlen = round_up(cryptlen, padding); + cryptlen = min(cryptlen, max_namelen); + + sd = xzalloc(link_disk_len); + inbuf = xmalloc(cryptlen); + /* CTS mode needs a block size aligned buffer */ + outbuf = xmalloc(round_up(cryptlen, FS_CRYPTO_BLOCK_SIZE)); + + memset(inbuf, 0, cryptlen); + memcpy(inbuf, data, data_len); + + crypt_key = calc_fscrypt_subkey(fctx); + if (!crypt_key) + return err_msg("could not compute subkey"); + if (encrypt_aes128_cbc_cts(inbuf, cryptlen, crypt_key, outbuf) < 0) + return err_msg("could not encrypt filename"); + + memcpy(sd->encrypted_path, outbuf, cryptlen); + sd->len = cpu_to_le16(cryptlen); + memcpy(dst, sd, link_disk_len); + ((char *)dst)[link_disk_len - 1] = '\0'; + + free(crypt_key); + free(inbuf); + free(outbuf); + free(sd); + return link_disk_len; +} + /** * add_inode - write an inode. * @st: stat information of source inode @@ -1503,43 +1543,10 @@ static int add_inode(struct stat *st, ino_t inum, void *data, if (!fctx) { memcpy(&ino->data, data, data_len); } else { - //TODO turn this into a common helper - struct fscrypt_symlink_data *sd; - void *inbuf, *outbuf, *crypt_key; - unsigned int max_namelen = UBIFS_MAX_INO_DATA; - unsigned int padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); - unsigned int cryptlen; - unsigned int link_disk_len = fscrypt_fname_encrypted_size(fctx, data_len) + sizeof(struct fscrypt_symlink_data); - - cryptlen = max_t(unsigned int, data_len, FS_CRYPTO_BLOCK_SIZE); - cryptlen = round_up(cryptlen, padding); - cryptlen = min(cryptlen, max_namelen); - - sd = xzalloc(link_disk_len); - inbuf = xmalloc(cryptlen); - /* CTS mode needs a block size aligned buffer */ - outbuf = xmalloc(round_up(cryptlen, FS_CRYPTO_BLOCK_SIZE)); - - memset(inbuf, 0, cryptlen); - memcpy(inbuf, data, data_len); - - crypt_key = calc_fscrypt_subkey(fctx); - if (!crypt_key) - return err_msg("could not compute subkey"); - if (encrypt_aes128_cbc_cts(inbuf, cryptlen, crypt_key, outbuf) < 0) - return err_msg("could not encrypt filename"); - - memcpy(sd->encrypted_path, outbuf, cryptlen); - sd->len = cpu_to_le16(cryptlen); - memcpy(&ino->data, sd, link_disk_len); - ((char *)&ino->data)[link_disk_len - 1] = '\0'; - - data_len = link_disk_len; - - free(crypt_key); - free(inbuf); - free(outbuf); - free(sd); + ret = encrypt_symlink(&ino->data, data, data_len, fctx); + if (ret < 0) + return ret; + data_len = ret; } } ino->data_len = cpu_to_le32(data_len); From patchwork Thu Oct 18 14:36:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986022 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="KUKzt2k5"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="Zl2BTTWz"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXvH2YhCz9s8T for ; Fri, 19 Oct 2018 02:26:19 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=gGVkw2dqAKS3qoNUtQZpbErr+gTAj3zzIeCwqXqHNjI=; b=KUKzt2k5/Kv+5h JFs+7DkzQ2RJv6sHZi7GrksJELivFyYLNNvuB95FOJzz9daXs3ldLnS4oHcQGEIueYsIWNkqILUFM cj4Rzdn5oITzDM0tfkvWG2QEQadtcl3rqqFSSY1MAh3fzz+NG+lxt/cjMqmcistJFpGcZEW60a2cW /z2XWaUryzJlCFfPn6Iwu+0KzGRt6WJg7Vd2fu5URm7LdtrQphQQukxOGIprXZ+xV/rLxNkF8T09J 1+jsyTCC2AH7dVpfbN3JzV7KMcF/7pGgGSoZFIQwjJ0f4bvvEYuoFFq9PYBt6hoKs6lN21CWBQpTj xg/FIiB/xRdsNlc0KXQA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDABa-00084u-9T; Thu, 18 Oct 2018 15:26:06 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDA2m-00025V-VW for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 15:17:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=iy3ih2+cJ7npuG//Ny5FFAMJkoqFQjTJEhKu41K8FnI=; b=Zl2BTTWzPVB9t/ZLXrv98wmfYd 6n46TU13nI+8L3a5YrsAeKXyS2BXSLtHCOJWQaIT7G8wuF4zKi9YziFdF5gIsCJormw3jJOFTJFiO 0ZxtEOTpFQOqhgaMr+C4GEed1o2P+keXtsxXgRfcMd88okw1xDEhvJn5uEE5Dfe7dk7SGhc746lJn AcqMoVv7poqpzA2fC609FhmzTkzmBTyRuNkcY7go7MTazyhFySsK5DhLDFV4RBq9ZVONIHnmN1aYd VdaOV+PuR45fZCT9bBIiUjdALSGqfYApVWMBCJMGx8KiFSFOV79QX6McP6BBkS6ubC2aIVdRpnS/q bZbqYtCQ==; Received: from lilium.sigma-star.at ([109.75.188.150]) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rv-0005Id-U7 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:38:56 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 2A4A9180347EA; Thu, 18 Oct 2018 16:38:24 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 18/42] mkfs.ubifs: Make sure we catch nodes that should or should not have name Date: Thu, 18 Oct 2018 16:36:54 +0200 Message-Id: <20181018143718.26298-19-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_103856_097913_BDD4A5B7 X-CRM114-Status: GOOD ( 13.20 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/key.h | 10 ++++++++++ ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/ubifs-utils/mkfs.ubifs/key.h b/ubifs-utils/mkfs.ubifs/key.h index c18e35e8f0a3..2de530b813a2 100644 --- a/ubifs-utils/mkfs.ubifs/key.h +++ b/ubifs-utils/mkfs.ubifs/key.h @@ -209,4 +209,14 @@ static inline int keys_cmp(const union ubifs_key *key1, return 0; } +/** + * key_type - get key type. + * @c: UBIFS file-system description object + * @key: key to get type of + */ +static inline int key_type(const union ubifs_key *key) +{ + return key->u32[1] >> UBIFS_S_KEY_BLOCK_BITS; +} + #endif /* !__UBIFS_KEY_H__ */ diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index b402945924ac..8aba668f8e28 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1161,6 +1161,14 @@ static int add_node(union ubifs_key *key, char *name, int name_len, void *node, { int err, lnum, offs; + if (key_type(key) == UBIFS_DENT_KEY || key_type(key) == UBIFS_XENT_KEY) { + if (!name) + return err_msg("Directory entry or xattr without name!"); + } else { + if (name) + return err_msg("Name given for non dir/xattr node!"); + } + prepare_node(node, len); err = reserve_space(len, &lnum, &offs); From patchwork Thu Oct 18 14:36:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985968 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="hcJoa3ZA"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXD80J6Wz9sC2 for ; Fri, 19 Oct 2018 01:55:51 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=EJU1cAje/yhIa3+vaVUbMrLH3xqU2P41a6NQxG/weMI=; b=hcJoa3ZAvmHTml pdj0jH0N1f2w2e9F/AxWQlHdh2XkDANJ43mSfKvapRhmaoyClWo0yFcZjL3/DuuQAVoz32VdT6L17 P69USsgHcTx2uI/W8r3DzD7tdilNK3fjp5SYmXnvWETFYO9pFF01hszM+cRt1CBcfsprpT601BnvC 6SlQpIE5L1qxFO24hiyjgOIEu6BVtonPfZzcPkCJIz6WOvuve6D8zEg2iMHtnPJesL1uGthipQEsB fIgKrHvDyWEF050UyTEDCeglb7EAw2JY+N24wwuIBOmMsEvt37ScRDNMVaTerBUcQEj0iMUfYLwXX k73zb16v3CYpDFGP/Wmg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9i7-0007ul-Mn; Thu, 18 Oct 2018 14:55:39 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rv-0004KQ-9a for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:40:19 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 317F6180347E7; Thu, 18 Oct 2018 16:38:25 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 19/42] mkfs.ubifs: Free all index entry names Date: Thu, 18 Oct 2018 16:36:55 +0200 Message-Id: <20181018143718.26298-20-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073855_541737_D4AF9460 X-CRM114-Status: GOOD ( 12.74 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org ...and make valgrind memcheck happy Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 8aba668f8e28..66ca061cc225 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1253,7 +1253,7 @@ static int add_xattr(struct ubifs_ino_node *host_ino, struct stat *st, ino_t inu if (data_len) memcpy(&ino->data, data, data_len); - ret = add_node(&nkey, nm.name, nm.len, ino, UBIFS_INO_NODE_SZ + data_len) ; + ret = add_node(&nkey, NULL, 0, ino, UBIFS_INO_NODE_SZ + data_len); out: free(xent); @@ -1447,7 +1447,7 @@ static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, struct fscrypt_context *fctx) { return add_xattr(host_ino, host_st, inum, - UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT, + xstrdup(UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT), fctx, sizeof(*fctx)); } @@ -2470,8 +2470,10 @@ static int write_index(void) } /* Free stuff */ - for (i = 0; i < idx_cnt; i++) + for (i = 0; i < idx_cnt; i++) { + free(idx_ptr[i]->name); free(idx_ptr[i]); + } free(idx_ptr); free(idx); From patchwork Thu Oct 18 14:36:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985973 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="o6WeBp+S"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXGV5WMhz9sDn for ; Fri, 19 Oct 2018 01:57:54 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=JPrR7mDx48tlrzhmGhdNCkYc8xN3HDJUV0X1F7n1MFg=; b=o6WeBp+S2iPKF/ V7nZdqBxRztokP91Sz71S6UVmfPvDummmLmKfJUVD7PHH6yMz5ML1aXDRkIdLuUYGYrlnvh9Y5/f/ HIfx+LVgsXszfzm1cej5yh6fWEqCHaDAhwNIjs9A4b8gHCUhiD2nRYc7RluKna271SJ0ZlWCPEVht GtHyz/u8xFbP127tyyOnNmRicvGvVX7mjN5HACdgoMvMHxW3sLD4HydSkm3YIfIyZr1KuYl6rDEV2 BoFD9R4ddf3YmRAH6S7oo/tTW64V/1OvDqrDjuNrySScJPPArsUKYSoi2dArGjJHIZ/45X0GAFcY4 Yb1OSYw8Fxb4mV3Wgx+Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9jz-0000FY-7N; Thu, 18 Oct 2018 14:57:35 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rv-0004KS-98 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:40:26 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 8238018011B63; Thu, 18 Oct 2018 16:38:26 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 20/42] mkfs.ubifs: Seperate path encryption from symlink encryption helper Date: Thu, 18 Oct 2018 16:36:56 +0200 Message-Id: <20181018143718.26298-21-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073855_547441_707CF626 X-CRM114-Status: GOOD ( 12.96 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 36 ++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 66ca061cc225..49a895ae3682 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1451,24 +1451,20 @@ static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, fctx, sizeof(*fctx)); } -static int encrypt_symlink(void *dst, void *data, unsigned int data_len, - struct fscrypt_context *fctx) +static int encrypt_path(void **outbuf, void *data, unsigned int data_len, + unsigned int max_namelen, struct fscrypt_context *fctx) { - struct fscrypt_symlink_data *sd; - void *inbuf, *outbuf, *crypt_key; - unsigned int max_namelen = UBIFS_MAX_INO_DATA; + void *inbuf, *crypt_key; unsigned int padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); unsigned int cryptlen; - unsigned int link_disk_len = fscrypt_fname_encrypted_size(fctx, data_len) + sizeof(struct fscrypt_symlink_data); cryptlen = max_t(unsigned int, data_len, FS_CRYPTO_BLOCK_SIZE); cryptlen = round_up(cryptlen, padding); cryptlen = min(cryptlen, max_namelen); - sd = xzalloc(link_disk_len); inbuf = xmalloc(cryptlen); /* CTS mode needs a block size aligned buffer */ - outbuf = xmalloc(round_up(cryptlen, FS_CRYPTO_BLOCK_SIZE)); + *outbuf = xmalloc(round_up(cryptlen, FS_CRYPTO_BLOCK_SIZE)); memset(inbuf, 0, cryptlen); memcpy(inbuf, data, data_len); @@ -1476,16 +1472,34 @@ static int encrypt_symlink(void *dst, void *data, unsigned int data_len, crypt_key = calc_fscrypt_subkey(fctx); if (!crypt_key) return err_msg("could not compute subkey"); - if (encrypt_aes128_cbc_cts(inbuf, cryptlen, crypt_key, outbuf) < 0) + if (encrypt_aes128_cbc_cts(inbuf, cryptlen, crypt_key, *outbuf) < 0) return err_msg("could not encrypt filename"); + free(crypt_key); + free(inbuf); + return cryptlen; +} + +static int encrypt_symlink(void *dst, void *data, unsigned int data_len, + struct fscrypt_context *fctx) +{ + struct fscrypt_symlink_data *sd; + void *outbuf; + unsigned int link_disk_len = fscrypt_fname_encrypted_size(fctx, data_len) + sizeof(struct fscrypt_symlink_data); + unsigned int cryptlen; + int ret; + + ret = encrypt_path(&outbuf, data, data_len, UBIFS_MAX_INO_DATA, fctx); + if (ret < 0) + return ret; + cryptlen = ret; + + sd = xzalloc(link_disk_len); memcpy(sd->encrypted_path, outbuf, cryptlen); sd->len = cpu_to_le16(cryptlen); memcpy(dst, sd, link_disk_len); ((char *)dst)[link_disk_len - 1] = '\0'; - free(crypt_key); - free(inbuf); free(outbuf); free(sd); return link_disk_len; From patchwork Thu Oct 18 14:36:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986017 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="tNIL9zLE"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXZM0J1fz9sC2 for ; Fri, 19 Oct 2018 02:11:39 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=9odpoV91vzKdEV77OifP03aA6c4Ct2WY5dUn+V+0pIY=; b=tNIL9zLEqYLiCv t/1B5XXR3jv1v988/LymibHHsmZF1zj9dxsMBTj+G82dIIlYMnsftS+PUnVwoZast3lKpJby5HJoc VKse/P0pRLnHpIcfY/m0Cq7RLg2wBMPRV2fSzVz0KHPm3gW14S2mLPq64TWu1K55O+ul1Of69FjeB g8k+R4kcCcVxpVShrS/d7DHCGteYqKC35u+K75QXrF6lBFV3oXeLH5to0O6aY7vRKL/XIHNgSHUlv lxx4FOjQeQ0ZGXqTpixoi4qafexObSpWdiI0RCLphDg+6duNUmq2nhqmY808oRJ9ogqmyzWkg12lH u8PBrhnxsFzQaoO+VwUg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9xP-0007Ue-Fw; Thu, 18 Oct 2018 15:11:27 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rv-0004MX-A6 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:40:36 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 0824B18011B64; Thu, 18 Oct 2018 16:38:28 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 21/42] mkfs.ubifs: Cleanup add_dent_node, user path encryption helper Date: Thu, 18 Oct 2018 16:36:57 +0200 Message-Id: <20181018143718.26298-22-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073855_683959_012A675A X-CRM114-Status: GOOD ( 13.86 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 55 ++++++++--------------------- 1 file changed, 15 insertions(+), 40 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 49a895ae3682..ae1d26726deb 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1703,53 +1703,28 @@ static int add_dent_node(ino_t dir_inum, const char *name, ino_t inum, set_dent_cookie(dent); if (!fctx) { - dent_key_init(c, &key, dir_inum, dname.name, dname.len); - dent->nlen = cpu_to_le16(dname.len); - memcpy(dent->name, dname.name, dname.len); - dent->name[dname.len] = '\0'; - len = UBIFS_DENT_NODE_SZ + dname.len + 1; - kname_len = dname.len; kname = strdup(name); if (!kname) return err_msg("cannot allocate memory"); } else { - void *inbuf, *outbuf, *crypt_key; unsigned int max_namelen = type == UBIFS_ITYPE_LNK ? UBIFS_MAX_INO_DATA : UBIFS_MAX_NLEN; - unsigned int padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); - unsigned int cryptlen; - - cryptlen = max_t(unsigned int, dname.len, FS_CRYPTO_BLOCK_SIZE); - cryptlen = round_up(cryptlen, padding); - cryptlen = min(cryptlen, max_namelen); - - inbuf = xmalloc(cryptlen); - /* CTS mode needs a block size aligned buffer */ - outbuf = xmalloc(round_up(cryptlen, FS_CRYPTO_BLOCK_SIZE)); - - memset(inbuf, 0, cryptlen); - memcpy(inbuf, dname.name, dname.len); - - crypt_key = calc_fscrypt_subkey(fctx); - if (!crypt_key) - return err_msg("could not compute subkey"); - if (encrypt_aes128_cbc_cts(inbuf, cryptlen, crypt_key, outbuf) < 0) - return err_msg("could not encrypt filename"); - - dent->nlen = cpu_to_le16(cryptlen); - memcpy(dent->name, outbuf, cryptlen); - dent->name[cryptlen] = '\0'; - len = UBIFS_DENT_NODE_SZ + cryptlen + 1; - - dent_key_init(c, &key, dir_inum, outbuf, cryptlen); - - kname_len = cryptlen; - kname = xmalloc(cryptlen); - memcpy(kname, outbuf, cryptlen); - free(crypt_key); - free(inbuf); - free(outbuf); + int ret; + + ret = encrypt_path((void **)&kname, dname.name, dname.len, + max_namelen, fctx); + if (ret < 0) + return ret; + + kname_len = ret; } + + dent_key_init(c, &key, dir_inum, kname, kname_len); + dent->nlen = cpu_to_le16(kname_len); + memcpy(dent->name, kname, kname_len); + dent->name[kname_len] = '\0'; + len = UBIFS_DENT_NODE_SZ + kname_len + 1; + key_write(&key, dent->key); return add_node(&key, kname, kname_len, dent, len); From patchwork Thu Oct 18 14:36:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985970 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="tNB+Bh9J"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="Dbfxs9HQ"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXFm2vPhz9sCT for ; Fri, 19 Oct 2018 01:57:16 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=8myOMEKPGQ2s5bkLHxYjpSctv04B5XieyRpeU4C9My8=; b=tNB+Bh9JZmsQ+b 2cYTCQqiwjt3uvIA9e55Kb+2xCQ8r1uyHT6vFSiLWl36E/pCf/Q55zoPD8gGMrAITQUMrYF16R07X Q7qMupm7r3MCLvoCw5fvDfl9NSQDShAibtEFz4XDJ/SIHa2OaOp+ckzL5OI0xPyGflW7vIVLAYVRy 9Mz8R22PFp/0Td4TjojSHdcOvCio45GQSP6fLg6nSLFHWuIpqqy7sPJ0X1UaRpIrbzOHqLP6BAt4t GzTazl50iAjU4P1hHcN55ESYz7cRefbjHVVYIPKYUeganQFym6fSQ/zeAGUaxp/Jti86isDqlWix6 ev6xa2quOYAnOBgQ00zA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9jQ-0008Sc-0T; Thu, 18 Oct 2018 14:57:00 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9TJ-00053K-H9 for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=aoTNPjrurC6aEi5A28cKD5vMTcdqW4RF2sVTKNFV7oM=; b=Dbfxs9HQf1OBIsOeZCvBlc72nZ UlbRjOMDGBZoY6qkv2i1536A7YaqUnZ0u5jazGSptc2Mevm7rSNsJObdKe9LBA6EY9/XLjDn+njfr k58PI9XUgkWcHBn321XMyIcOWLKsbBv48jDee8NGL/9Mr3wUbeXYDos6qTbr93WVbPAxrjBwk+pUV TN8aWyTi2QxWXyGGRjgppLGmtTfh3LGAKhJh1TNz5G6mMSA/5BCgiaRKihVILNblSdl5KnZwmRZkK yYMsJtGV+EFKT+ViuPo6Oz+m8nbOwPyIPq9y0vvs8EpSUt1LIqAKJmx0oZ1XtbidhwryninPzUt2m Nz3oDj4Q==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9S6-0002Qp-IJ for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:08 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 45A8F18011B6F; Thu, 18 Oct 2018 16:38:29 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 22/42] mkfs.ubifs: Replace constant values with parameters in init_fscrypt_context Date: Thu, 18 Oct 2018 16:36:58 +0200 Message-Id: <20181018143718.26298-23-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153906_890017_00622C5D X-CRM114-Status: GOOD ( 10.46 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index ae1d26726deb..8be84ca1e99c 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -581,16 +581,20 @@ static void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx) normsg(""); } -static struct fscrypt_context *init_fscrypt_context(void) +static struct fscrypt_context *init_fscrypt_context(unsigned int flags, + void *master_key_descriptor, + void *nonce) { struct fscrypt_context *new_fctx = xmalloc(sizeof(*new_fctx)); new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC; new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS; - new_fctx->flags = FS_POLICY_FLAGS_PAD_4; - RAND_bytes((void *)&new_fctx->nonce, FS_KEY_DERIVATION_NONCE_SIZE); + new_fctx->flags = flags; + memcpy(&new_fctx->nonce, nonce, FS_KEY_DERIVATION_NONCE_SIZE); + memcpy(&new_fctx->master_key_descriptor, master_key_descriptor, + FS_KEY_DESCRIPTOR_SIZE); return new_fctx; } @@ -2779,6 +2783,8 @@ static int close_target(void) */ static int init(void) { + __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; + __u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; int err, i, main_lebs, big_lpt = 0, sz; c->highest_inum = UBIFS_FIRST_INO; @@ -2821,7 +2827,11 @@ static int init(void) hash_table = xzalloc(sz); //TODO make this a parameter - root_fctx = init_fscrypt_context(); + RAND_bytes((void *)master_key_descriptor, FS_KEY_DESCRIPTOR_SIZE); + RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); + + root_fctx = init_fscrypt_context(FS_POLICY_FLAGS_PAD_4, + master_key_descriptor, nonce); print_fscrypt_master_key_descriptor(root_fctx); c->double_hash = 1; c->encrypted = 1; From patchwork Thu Oct 18 14:36:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985978 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="en+ULv5j"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXH70ftDz9vd1 for ; Fri, 19 Oct 2018 01:58:27 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=bNKUDb4V/j5ipv971Frv3iwvwOnG3NazrOTr3falXU4=; b=en+ULv5jKyLTVB 9Mr98jtQNRaMwbc1Pa5usyHHTEp6haTm3JRfuqlbaEbhiRq51bb6ugtx+FFQ0HLEmPYaKvN1IGt7V 1IzDflR+gLwSJ5NkuCltnlKiRh/E/NdOvfF9GQt7FBwVz4foZsv0PvYXEEnxcZ6FwNTHimvWIJokJ +4pVUQBVohcLEh2LkyVPUaczoxfneSRsSp+4KgYLWP6uWCr0mPTuTEGmXoHdqoH2fjBHXwuTt0cIl q4EWpctZ8as1GkOpXOdYWVUqbeta/rIBksZdCKOSP/qdxyMCX56NClxNUgkC3Fq993DvaST6y0i+5 pClvAHYYpkqevxbwGqNQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9kc-0000Wq-Jh; Thu, 18 Oct 2018 14:58:14 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rv-0004Mk-8b for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:40:33 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 5CC2018011B71; Thu, 18 Oct 2018 16:38:33 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 23/42] mkfs.ubifs: Make encryption dependend on (not-yet-existant) command line options Date: Thu, 18 Oct 2018 16:36:59 +0200 Message-Id: <20181018143718.26298-24-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073855_680750_12AB3854 X-CRM114-Status: GOOD ( 13.81 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 8be84ca1e99c..5be390e93da9 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -217,6 +217,7 @@ static struct inum_mapping **hash_table; /* Inode creation sequence number */ static unsigned long long creat_sqnum; +//TODO: add options for double hash and encryption static const char *optstring = "d:r:m:o:D:yh?vVe:c:g:f:Fp:k:x:X:j:R:l:j:UQqa"; static const struct option longopts[] = { @@ -654,6 +655,8 @@ static int get_options(int argc, char**argv) c->max_leb_cnt = -1; c->max_bud_bytes = -1; c->log_lebs = -1; + c->double_hash = 0; + c->encrypted = 0; while (1) { opt = getopt_long(argc, argv, optstring, longopts, &i); @@ -2826,15 +2829,16 @@ static int init(void) sz = sizeof(struct inum_mapping *) * HASH_TABLE_SIZE; hash_table = xzalloc(sz); - //TODO make this a parameter - RAND_bytes((void *)master_key_descriptor, FS_KEY_DESCRIPTOR_SIZE); - RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); + if (c->encrypted) { + RAND_bytes((void *)master_key_descriptor, + FS_KEY_DESCRIPTOR_SIZE); + RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); - root_fctx = init_fscrypt_context(FS_POLICY_FLAGS_PAD_4, - master_key_descriptor, nonce); - print_fscrypt_master_key_descriptor(root_fctx); - c->double_hash = 1; - c->encrypted = 1; + root_fctx = init_fscrypt_context(FS_POLICY_FLAGS_PAD_4, + master_key_descriptor, nonce); + print_fscrypt_master_key_descriptor(root_fctx); + c->double_hash = 1; + } err = init_compression(); if (err) From patchwork Thu Oct 18 14:37:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985994 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="TJxAssi0"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXL368G3z9sCm for ; Fri, 19 Oct 2018 02:00:59 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=HIsxdKC4AaWksN8djEHf+dPd0TY1eAe/5RoTwfBOdtg=; b=TJxAssi0HO597/ oNQiKQIybSFz0QRyfU41nyYg+7oJc3aVAmc8HJShQhhvujJ33/YUKJhiBSd7OJvUSoPzLU6pUVAdg sUlt5w6T1zEEQ3F+AmpHc4oulryMu2dx7Wov6U/BcXMV/hd3l77XdWNOvLTSMOPxQ6/A+zy1GEt2g IRXB6SGWR8c5WW76TrE3SCnox8nKKrq4JH51S2Li/Ci55AW3vdcOtdB6HIYApXCS87MJB9aAA83zx iWrW5QgCFlMqTS+dFWhM7dBhnr149Cuwj6KxOAT/oi+gxx0kDb0PRYiotwI+zabrHw3fzoYthhODS gP6o/hj+aRKXcmAMDmQw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9n3-0002m4-JD; Thu, 18 Oct 2018 15:00:45 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rv-0004Mn-8c for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:40:56 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 6C2C318011B66; Thu, 18 Oct 2018 16:38:43 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 24/42] mkfs.ubifs: Get key descriptor from command line and master key from file Date: Thu, 18 Oct 2018 16:37:00 +0200 Message-Id: <20181018143718.26298-25-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073855_699134_78415669 X-CRM114-Status: GOOD ( 18.72 ) X-Spam-Note: SpamAssassin invocation failed X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 131 ++++++++++++++++++++++++---- 1 file changed, 113 insertions(+), 18 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 5be390e93da9..70c306bdf94e 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -217,8 +217,7 @@ static struct inum_mapping **hash_table; /* Inode creation sequence number */ static unsigned long long creat_sqnum; -//TODO: add options for double hash and encryption -static const char *optstring = "d:r:m:o:D:yh?vVe:c:g:f:Fp:k:x:X:j:R:l:j:UQqa"; +static const char *optstring = "d:r:m:o:D:yh?vVe:c:g:f:Fp:k:x:X:j:R:l:j:UQqaK:b:"; static const struct option longopts[] = { {"root", 1, NULL, 'r'}, @@ -244,6 +243,8 @@ static const struct option longopts[] = { {"squash-uids" , 0, NULL, 'U'}, {"set-inode-attr", 0, NULL, 'a'}, {"selinux", 1, NULL, 's'}, + {"key", 1, NULL, 'K'}, + {"key-descriptor", 1, NULL, 'b'}, {NULL, 0, NULL, 0} }; @@ -288,6 +289,8 @@ static const char *helptext = " added to the image. The attribute will contain the inode\n" " number the file has in the generated image.\n" "-s, --selinux=FILE Selinux context file\n" +"-K, --key=FILE load an encryption key from a specified file.\n" +"-b, --key-descriptor=HEX specify the key descriptor as a hex string.\n" "-h, --help display this help text\n\n" "Note, SIZE is specified in bytes, but it may also be specified in Kilobytes,\n" "Megabytes, and Gigabytes if a KiB, MiB, or GiB suffix is used.\n\n" @@ -582,11 +585,87 @@ static void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx) normsg(""); } +static int xdigit(int x) +{ + if (isupper(x)) + return x - 'A' + 0x0A; + if (islower(x)) + return x - 'a' + 0x0A; + return x - '0'; +} + +static int parse_key_descriptor(const char *desc, __u8 *dst) +{ + int i, hi, lo; + + for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; ++i) { + if (!desc[i * 2] || !desc[i * 2 + 1]) { + err_msg("key descriptor '%s' is too short", desc); + return -1; + } + if (!isxdigit(desc[i * 2]) || !isxdigit(desc[i * 2 + 1])) { + err_msg("invalid key descriptor '%s'", desc); + return -1; + } + + hi = xdigit(desc[i * 2]); + lo = xdigit(desc[i * 2 + 1]); + + dst[i] = (hi << 4) | lo; + } + + if (desc[i * 2]) { + err_msg("key descriptor '%s' is too long", desc); + return -1; + } + return 0; +} + +static int load_master_key(const char *key_file) +{ + int kf; + ssize_t keysize; + + kf = open(key_file, O_RDONLY); + if (kf < 0) { + sys_errmsg("open '%s'", key_file); + return -1; + } + + keysize = read(kf, fscrypt_masterkey, sizeof(fscrypt_masterkey)); + if (keysize < 0) { + sys_errmsg("read '%s'", key_file); + goto fail; + } + if (keysize == 0) { + err_msg("loading key from '%s': file is empty", key_file); + goto fail; + } + + close(kf); + return 0; +fail: + close(kf); + return -1; +} + static struct fscrypt_context *init_fscrypt_context(unsigned int flags, - void *master_key_descriptor, - void *nonce) + const char *key_file, + const char *key_descriptor) { - struct fscrypt_context *new_fctx = xmalloc(sizeof(*new_fctx)); + __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; + __u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; + struct fscrypt_context *new_fctx; + + if (parse_key_descriptor(key_descriptor, master_key_descriptor)) + return NULL; + + if (load_master_key(key_file)) + return NULL; + + RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); + + new_fctx = xmalloc(sizeof(*new_fctx)); new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC; @@ -635,6 +714,7 @@ static int open_ubi(const char *node) static int get_options(int argc, char**argv) { int opt, i; + const char *key_file = NULL, *key_desc = NULL; const char *tbl_file = NULL; struct stat st; char *endp; @@ -812,6 +892,18 @@ static int get_options(int argc, char**argv) return sys_err_msg("bad file context %s\n", context); break; + case 'K': + if (key_file) { + return err_msg("key file specified more than once"); + } + key_file = optarg; + break; + case 'b': + if (key_desc) { + return err_msg("key descriptor specified more than once"); + } + key_desc = optarg; + break; } } @@ -830,6 +922,22 @@ static int get_options(int argc, char**argv) c->max_leb_cnt = c->vi.rsvd_lebs; } + if (key_file || key_desc) { + if (!key_file) + return err_msg("no key file specified"); + if (!key_desc) + return err_msg("no key descriptor specified"); + + c->double_hash = 1; + c->encrypted = 1; + + root_fctx = init_fscrypt_context(FS_POLICY_FLAGS_PAD_4, + key_file, key_desc); + if (!root_fctx) + return -1; + print_fscrypt_master_key_descriptor(root_fctx); + } + if (c->min_io_size == -1) return err_msg("min. I/O unit was not specified " "(use -h for help)"); @@ -2786,8 +2894,6 @@ static int close_target(void) */ static int init(void) { - __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; - __u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; int err, i, main_lebs, big_lpt = 0, sz; c->highest_inum = UBIFS_FIRST_INO; @@ -2829,17 +2935,6 @@ static int init(void) sz = sizeof(struct inum_mapping *) * HASH_TABLE_SIZE; hash_table = xzalloc(sz); - if (c->encrypted) { - RAND_bytes((void *)master_key_descriptor, - FS_KEY_DESCRIPTOR_SIZE); - RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); - - root_fctx = init_fscrypt_context(FS_POLICY_FLAGS_PAD_4, - master_key_descriptor, nonce); - print_fscrypt_master_key_descriptor(root_fctx); - c->double_hash = 1; - } - err = init_compression(); if (err) return err; From patchwork Thu Oct 18 14:37:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986021 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="TPcKCm/m"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="HPcYmp0D"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXt725d4z9s8T for ; Fri, 19 Oct 2018 02:25:19 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=VJd6sS60d3Zv4f2MZw9I5lw7r+7yI9TtbGZhlbF2UAc=; b=TPcKCm/miVBYV+ hDgJoEX7wEqZl8O0NRy6e+ahifxOZfvlZRi0WD67YKza14KUwvBjcHSHqQzXB0o67S/zVl2wUthmi mj5w9dyNAzdX71A1FunGC0qUlIdtv7ZRky8vnmuCjI7afAKIrR7YAihc8E18La4URpE9MVHO1dTwq 1wSds/swTloaUReNzhwt5o8ENoJrFgbzpPyQaBU2DAtt29q2AnB023DQZM5a/OvFoz3Jk220G9U32 974qNKGExO1qI6Thi8voBGHPYMG2OqPkHnES8jKfkUSGqCmRXZHk/MuUm9l9rrY6Rbc8qw63v0AzD mBdCP+TOo5V94kHQURlg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDAAb-0006Xh-IA; Thu, 18 Oct 2018 15:25:05 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDA2l-00025V-Ei for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 15:16:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=+csHGi/F1l7HYxkwv5WhvDn3W40OjRRdV5WgxhCIN8s=; b=HPcYmp0DEUZvgnIIfEWW8AtJZI w9PXapfHWFrGXSc7+kWc16kW5Am1Uuso3BVMdEdbIGUDxNUOI1rWq1RIWDpRrAjdid4Z53oFes6ON KxWuGkjSDazplpSy9Qksv6crCYrzm9vHOxAIZvHYa8YKabzW4IIrrfzv91vgy7+lUL3aVeh9tYbK7 Hp6ogPlQ2SVyEmtspkdOHdL9ww1X9NyxFcnl8FTpJewpFmB/rP3xub2/xHxc+pi7WdfjmRvyCk9Q0 aOG2zf9y4NWW33OIld79RndogXJ3/+0T9FR/dzlgrvnvaZT1zmxLVdRnW3Pf4A6wRpEG8xp8k72dZ BK1zMhNg==; Received: from lilium.sigma-star.at ([109.75.188.150]) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9S1-0005J1-H8 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:02 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 854AE18011B65; Thu, 18 Oct 2018 16:38:44 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 25/42] mkfs.ubifs: Specify padding policy via command line Date: Thu, 18 Oct 2018 16:37:01 +0200 Message-Id: <20181018143718.26298-26-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_103901_703064_8CC024C7 X-CRM114-Status: GOOD ( 13.91 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 38 ++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 70c306bdf94e..9935fceafb77 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -217,7 +217,7 @@ static struct inum_mapping **hash_table; /* Inode creation sequence number */ static unsigned long long creat_sqnum; -static const char *optstring = "d:r:m:o:D:yh?vVe:c:g:f:Fp:k:x:X:j:R:l:j:UQqaK:b:"; +static const char *optstring = "d:r:m:o:D:yh?vVe:c:g:f:Fp:k:x:X:j:R:l:j:UQqaK:b:P:"; static const struct option longopts[] = { {"root", 1, NULL, 'r'}, @@ -245,6 +245,7 @@ static const struct option longopts[] = { {"selinux", 1, NULL, 's'}, {"key", 1, NULL, 'K'}, {"key-descriptor", 1, NULL, 'b'}, + {"padding", 1, NULL, 'P'}, {NULL, 0, NULL, 0} }; @@ -291,6 +292,8 @@ static const char *helptext = "-s, --selinux=FILE Selinux context file\n" "-K, --key=FILE load an encryption key from a specified file.\n" "-b, --key-descriptor=HEX specify the key descriptor as a hex string.\n" +"-P, --padding=NUM specify padding policy for encrypting filenames\n" +" (default = 4).\n" "-h, --help display this help text\n\n" "Note, SIZE is specified in bytes, but it may also be specified in Kilobytes,\n" "Megabytes, and Gigabytes if a KiB, MiB, or GiB suffix is used.\n\n" @@ -713,7 +716,7 @@ static int open_ubi(const char *node) static int get_options(int argc, char**argv) { - int opt, i; + int opt, i, fscrypt_flags = FS_POLICY_FLAGS_PAD_4; const char *key_file = NULL, *key_desc = NULL; const char *tbl_file = NULL; struct stat st; @@ -904,6 +907,35 @@ static int get_options(int argc, char**argv) } key_desc = optarg; break; + case 'P': { + int error = 0; + unsigned long num; + + num = simple_strtoul(optarg, &error); + if (error) + num = -1; + + fscrypt_flags &= ~FS_POLICY_FLAGS_PAD_MASK; + + switch (num) { + case 4: + fscrypt_flags |= FS_POLICY_FLAGS_PAD_4; + break; + case 8: + fscrypt_flags |= FS_POLICY_FLAGS_PAD_8; + break; + case 16: + fscrypt_flags |= FS_POLICY_FLAGS_PAD_16; + break; + case 32: + fscrypt_flags |= FS_POLICY_FLAGS_PAD_32; + break; + default: + return errmsg("invalid padding policy '%s'", + optarg); + } + break; + } } } @@ -931,7 +963,7 @@ static int get_options(int argc, char**argv) c->double_hash = 1; c->encrypted = 1; - root_fctx = init_fscrypt_context(FS_POLICY_FLAGS_PAD_4, + root_fctx = init_fscrypt_context(fscrypt_flags, key_file, key_desc); if (!root_fctx) return -1; From patchwork Thu Oct 18 14:37:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986007 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="gRx74i4y"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="Z8D8kzTM"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXMl0TCbz9sC2 for ; Fri, 19 Oct 2018 02:02:27 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=0n5raHhJ9oh7qNjcXf7zt9SspiX07Kz5K6rjEJS4x/g=; b=gRx74i4yLQB3a9 hfCpwP8JCXQ7ICbnOpb5BU5NpKGQ4n7KkLlgAd4gPyMMNr+ZadE2YBDhngh+A3m+K/v1+kWjAN5dr S7mXRi+yydZkz9AGK8dHtM0SCpI8RTzWEld5RaT9cjnIb9Bysy8r2ibYAg4WZN2YwVYUVsyeZI4Vw +4wdWah54eZ1+Tp8FHOVLn2Rj2g1svC3ZCXu7n7ZTjIomKavhj/n3jiZR2GIooZ9SVvoPoul9vSaE hwiasZX9HQgsHJiMZCexEZh4gAqdfPLTcuXXY6Z1kl3qYlP4vRb9nPVlqvhbiz3Ni4qmLYQ4Hnz7t AKlQKORdi0dWhvnPSmaA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9oU-0003PY-44; Thu, 18 Oct 2018 15:02:14 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9TH-00053K-E3 for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=nbM4vh1bc4GsOIBknLABUtQhC/Y9Y56QAvQXmIooMYs=; b=Z8D8kzTMUJ+1WfQETsc8UHUufr rw9f3IJbCS2HLQR/wlZpZfpqxYa3kM4PYASfSWUsQ3GDEsvr8p+t9ZCdiF+JuPES6fzaUEMT3DHJQ gcRRelVbKlkUc+C3sI8lD7N9ET/hZayA/HKF0ISMxbscZQN7d+a7nvqw9NKaAiZeOb0HXaugHz5r7 5/s6ZzQvzR4DgWe6oY7Ez6K1XQk/5/e2uDUhlVek741T3yAdigU1CU0Ee1whwSA7lTQdsNbCE2Uwm us91xCUD6uav14doL2MbYHzEY+xfA6Lma6SKCpXugjKpfKAioPBMc15pisBsUoH0JUiW30tiN/oxz 3PTicu0A==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9S6-0002Qr-II for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:10 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id A8EA5180230B4; Thu, 18 Oct 2018 16:38:47 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 26/42] mkfs.ubifs: Initial support for encryption command lines Date: Thu, 18 Oct 2018 16:37:02 +0200 Message-Id: <20181018143718.26298-27-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153907_080460_9173ADAE X-CRM114-Status: GOOD ( 15.52 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 39 +++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 9935fceafb77..707758a42f4f 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -186,6 +186,7 @@ int yes; static char *root; static int root_len; static struct fscrypt_context *root_fctx; +static struct cipher *fscrypt_cipher; static struct stat root_st; static char *output; static int out_fd; @@ -217,7 +218,7 @@ static struct inum_mapping **hash_table; /* Inode creation sequence number */ static unsigned long long creat_sqnum; -static const char *optstring = "d:r:m:o:D:yh?vVe:c:g:f:Fp:k:x:X:j:R:l:j:UQqaK:b:P:"; +static const char *optstring = "d:r:m:o:D:yh?vVe:c:g:f:Fp:k:x:X:j:R:l:j:UQqaK:b:P:C:"; static const struct option longopts[] = { {"root", 1, NULL, 'r'}, @@ -246,6 +247,7 @@ static const struct option longopts[] = { {"key", 1, NULL, 'K'}, {"key-descriptor", 1, NULL, 'b'}, {"padding", 1, NULL, 'P'}, + {"cipher", 1, NULL, 'C'}, {NULL, 0, NULL, 0} }; @@ -294,6 +296,8 @@ static const char *helptext = "-b, --key-descriptor=HEX specify the key descriptor as a hex string.\n" "-P, --padding=NUM specify padding policy for encrypting filenames\n" " (default = 4).\n" +"-C, --cipher=NAME Specify cipher to use for file level encryption\n" +" (default is \"AES-128-CBC\").\n" "-h, --help display this help text\n\n" "Note, SIZE is specified in bytes, but it may also be specified in Kilobytes,\n" "Megabytes, and Gigabytes if a KiB, MiB, or GiB suffix is used.\n\n" @@ -718,7 +722,7 @@ static int get_options(int argc, char**argv) { int opt, i, fscrypt_flags = FS_POLICY_FLAGS_PAD_4; const char *key_file = NULL, *key_desc = NULL; - const char *tbl_file = NULL; + const char *tbl_file = NULL, *cipher_name = "AES-128-CBC"; struct stat st; char *endp; @@ -797,6 +801,8 @@ static int get_options(int argc, char**argv) exit(EXIT_SUCCESS); case '?': printf("%s", helptext); + printf("\n\nSupported ciphers:\n"); + list_ciphers(stdout); exit(-1); case 'v': verbose = 1; @@ -936,6 +942,9 @@ static int get_options(int argc, char**argv) } break; } + case 'C': + cipher_name = optarg; + break; } } @@ -967,6 +976,15 @@ static int get_options(int argc, char**argv) key_file, key_desc); if (!root_fctx) return -1; + + fscrypt_cipher = get_cipher(cipher_name); + if (!fscrypt_cipher) { + fprintf(stderr, "Cannot find cipher '%s'\n" + "Try `%s --help' for more information\n", + cipher_name, PROGRAM_NAME); + return -1; + } + print_fscrypt_master_key_descriptor(root_fctx); } @@ -1604,6 +1622,7 @@ static int encrypt_path(void **outbuf, void *data, unsigned int data_len, void *inbuf, *crypt_key; unsigned int padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); unsigned int cryptlen; + int ret; cryptlen = max_t(unsigned int, data_len, FS_CRYPTO_BLOCK_SIZE); cryptlen = round_up(cryptlen, padding); @@ -1619,7 +1638,10 @@ static int encrypt_path(void **outbuf, void *data, unsigned int data_len, crypt_key = calc_fscrypt_subkey(fctx); if (!crypt_key) return err_msg("could not compute subkey"); - if (encrypt_aes128_cbc_cts(inbuf, cryptlen, crypt_key, *outbuf) < 0) + + ret = fscrypt_cipher->encrypt_fname(inbuf, cryptlen, + crypt_key, *outbuf); + if (ret < 0) return err_msg("could not encrypt filename"); free(crypt_key); @@ -2003,10 +2025,13 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum, if (!crypt_key) return err_msg("could not compute subkey"); - ret = encrypt_block_aes128_cbc(inbuf, pad_len, crypt_key, block_no, - outbuf); - if (ret != pad_len) - return err_msg("encrypt_block_aes128_cbc returned %zi instead of %zi", ret, pad_len); + ret = fscrypt_cipher->encrypt_block(inbuf, pad_len, + crypt_key, block_no, + outbuf); + if (ret != pad_len) { + return err_msg("encrypt_block returned %zi " + "instead of %zi", ret, pad_len); + } memcpy(&dn->data, outbuf, pad_len); From patchwork Thu Oct 18 14:37:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986016 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Ci003s5I"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXZF6YMyz9sC2 for ; Fri, 19 Oct 2018 02:11:33 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=NC9SshUKZgBhjl+TtgpH+d0cXG4hYr9f59v6qO40F4U=; b=Ci003s5IpOKFYW NnCHBxLw0koc3K/6DJz1n9GTZfoGQhoXj0WBuTE9lcNFk9B+dOPOnQZepGcsGMXmzV+QmGASq//AD fbIOAWpNKxuN2BMKjy8MOS4nGXhbvwDE9Hu0KEVZ0rNChE2j7oHv4Bj+PaZmRrNrX6qYi8HtkpV3p BJaRYiHjxC3wLEqxVQntRFaBsIGwmi4dl3NFfuByBvTGJNTTNfazjZqxGCCbksjqftnWDK+kJknth BldR8c6Mu6WZNnjEsfVPjMD/cPszdLUcq40Vwr6LeH85goxXBWzKFHdk2dUUL8GXg+UeT+YvDKYwg tuA9LmwCAUhN08u0RWOg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9xQ-0007V7-NX; Thu, 18 Oct 2018 15:11:28 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9Rv-0004N9-8L for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:40:48 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id DB63918011B72; Thu, 18 Oct 2018 16:38:48 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 27/42] mkfs.ubifs: Remove cipher implementations from public header Date: Thu, 18 Oct 2018 16:37:03 +0200 Message-Id: <20181018143718.26298-28-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073855_701952_E93990BB X-CRM114-Status: GOOD ( 13.23 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/crypto.c | 47 +++++++++++++++------------------ ubifs-utils/mkfs.ubifs/crypto.h | 14 ---------- 2 files changed, 22 insertions(+), 39 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index f249b49b5b59..f7b51357c04a 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -27,21 +27,6 @@ #include "common.h" #include "mtd_swab.h" - -static struct cipher ciphers[] = { - { - .name = "AES-128-CBC", - .encrypt_block = encrypt_block_aes128_cbc, - .encrypt_fname = encrypt_aes128_cbc_cts, - }, { - .name = "AES-256-XTS", - .encrypt_block = encrypt_block_aes256_xts, - .encrypt_fname = encrypt_aes256_cbc_cts, - } -}; - - - static int do_sha256(const unsigned char *in, size_t len, unsigned char *out) { unsigned int out_len; @@ -168,9 +153,9 @@ static ssize_t encrypt_block(const void *plaintext, size_t size, return ret; } -ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size, - const void *key, uint64_t block_index, - void *ciphertext) +static ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size, + const void *key, uint64_t block_index, + void *ciphertext) { const EVP_CIPHER *cipher = EVP_aes_128_cbc(); @@ -182,9 +167,9 @@ ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size, ciphertext, cipher); } -ssize_t encrypt_block_aes256_xts(const void *plaintext, size_t size, - const void *key, uint64_t block_index, - void *ciphertext) +static ssize_t encrypt_block_aes256_xts(const void *plaintext, size_t size, + const void *key, uint64_t block_index, + void *ciphertext) { const EVP_CIPHER *cipher = EVP_aes_256_xts(); @@ -252,8 +237,8 @@ static ssize_t encrypt_cbc_cts(const void *plaintext, size_t size, return size; } -ssize_t encrypt_aes128_cbc_cts(const void *plaintext, size_t size, - const void *key, void *ciphertext) +static ssize_t encrypt_aes128_cbc_cts(const void *plaintext, size_t size, + const void *key, void *ciphertext) { const EVP_CIPHER *cipher = EVP_aes_128_cbc(); if (!cipher) { @@ -264,8 +249,8 @@ ssize_t encrypt_aes128_cbc_cts(const void *plaintext, size_t size, return encrypt_cbc_cts(plaintext, size, key, ciphertext, cipher); } -ssize_t encrypt_aes256_cbc_cts(const void *plaintext, size_t size, - const void *key, void *ciphertext) +static ssize_t encrypt_aes256_cbc_cts(const void *plaintext, size_t size, + const void *key, void *ciphertext) { const EVP_CIPHER *cipher = EVP_aes_256_cbc(); if (!cipher) { @@ -293,6 +278,18 @@ ssize_t derive_key_aes(const void *deriving_key, const void *source_key, aes_key_len, NULL, 0, derived_key); } +static struct cipher ciphers[] = { + { + .name = "AES-128-CBC", + .encrypt_block = encrypt_block_aes128_cbc, + .encrypt_fname = encrypt_aes128_cbc_cts, + }, { + .name = "AES-256-XTS", + .encrypt_block = encrypt_block_aes256_xts, + .encrypt_fname = encrypt_aes256_cbc_cts, + } +}; + int crypto_init(void) { ERR_load_crypto_strings(); diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index 5bff70fea29e..b6a1e004f46d 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -42,20 +42,6 @@ int crypto_init(void); void crypto_cleanup(void); -ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size, - const void *key, uint64_t block_index, - void *ciphertext); - -ssize_t encrypt_block_aes256_xts(const void *plaintext, size_t size, - const void *key, uint64_t block_index, - void *ciphertext); - -ssize_t encrypt_aes128_cbc_cts(const void *plaintext, size_t size, - const void *key, void *ciphertext); - -ssize_t encrypt_aes256_cbc_cts(const void *plaintext, size_t size, - const void *key, void *ciphertext); - ssize_t derive_key_aes(const void *deriving_key, const void *source_key, size_t source_key_len, void *derived_key); From patchwork Thu Oct 18 14:37:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985966 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="slYnrFMH"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="FY25q+7n"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXB03gVcz9sBj for ; Fri, 19 Oct 2018 01:54:00 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=9zPjcWzaF0lAU9OEN0cLZzQwR2uJRlCX3WfAEvfQhzU=; b=slYnrFMHhhdxYI WgJJanrJ6Y+OzQSke6UVlR0/Hh3f4UqoMP4kWq8cogQeyMowCxw2dTfOe3w9oqOWCoQiCqseH0KCF 87AR/RoNgXblKnw/p9cNMlcyrjT3XRAZgdyLWlSVSk6NP5DFkthBgUwnRVsg4Zzv9N0rQXB9L6fjC mDpDTBXVhkRYb+ufofYQIjxffObB1SSZC9+sfK19oToIG4H4jnszBwiYZwH/dBR5+Le+TLcd6b9aM 4zG11kHZSY1GR+2csHYwJJOMecW6IueLMXpDDh71gOGvgEEtcz040GGJcp8Zotv/G0J16SNgNdGPy TmAjRJjZ0/9nA2A7Hq+g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9gK-0005vA-2O; Thu, 18 Oct 2018 14:53:48 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9TF-00053K-4g for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=jWmmaSXAcFpeUVr7LYoasKQNojDB8JnW6R9i6/dosv8=; b=FY25q+7nOp8N4PycIcJFtzbDKl gfdyq8NYzkEJPGson2/RU8jND9Z2+FpNEcJdRH+Qs0O5/ClyHm6CRKronVEUjeWNpALPnUiYe0NCP txUBMz7flmjZF9OKDrG3Bq73x6vj2M/hkym86zlabiex0NXMXcQEAkCAM8PwaxVtoyKRBhovCbCGJ wQvcqHhFLPs+fvy5Lssl1Y9Y2yy2CACAe0iw/TIp9M9IvuSGgVufsYe65x0BxdVTYM6THff4GUNh5 7GoZpgZchJ03R41dOyYaZveg4/pgdrr/R9qNsSM9avsDtqh2o7dHRYaaow5inntmdmoiQ8rrfA3HQ sWCnFBtw==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9S6-0002RT-IN for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:11 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 99D61180D9133; Thu, 18 Oct 2018 16:38:55 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 28/42] mkfs.ubifs: Move fscrypt definitions and functions out of mkfs.ubifs.c Date: Thu, 18 Oct 2018 16:37:04 +0200 Message-Id: <20181018143718.26298-29-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153907_106196_4975F84C X-CRM114-Status: GOOD ( 27.90 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/Makemodule.am | 2 + ubifs-utils/mkfs.ubifs/fscrypt.c | 256 ++++++++++++++++++++++++ ubifs-utils/mkfs.ubifs/fscrypt.h | 112 +++++++++++ ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 292 +--------------------------- 4 files changed, 376 insertions(+), 286 deletions(-) create mode 100644 ubifs-utils/mkfs.ubifs/fscrypt.c create mode 100644 ubifs-utils/mkfs.ubifs/fscrypt.h diff --git a/ubifs-utils/Makemodule.am b/ubifs-utils/Makemodule.am index 3dd299dd20cc..5905a2badbb6 100644 --- a/ubifs-utils/Makemodule.am +++ b/ubifs-utils/Makemodule.am @@ -11,6 +11,7 @@ mkfs_ubifs_SOURCES = \ ubifs-utils/mkfs.ubifs/lpt.c \ ubifs-utils/mkfs.ubifs/compr.c \ ubifs-utils/mkfs.ubifs/crypto.c \ + ubifs-utils/mkfs.ubifs/fscrypt.c \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_private.h \ @@ -30,6 +31,7 @@ UBIFS_HEADER = \ ubifs-utils/mkfs.ubifs/lpt.h ubifs-utils/mkfs.ubifs/mkfs.ubifs.h \ ubifs-utils/mkfs.ubifs/ubifs.h \ ubifs-utils/mkfs.ubifs/crypto.h \ + ubifs-utils/mkfs.ubifs/fscrypt.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_private.h diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c new file mode 100644 index 000000000000..68001e1d88f4 --- /dev/null +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -0,0 +1,256 @@ +/* + * Copyright (C) 2017 sigma star gmbh + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + * Authors: Richard Weinberger + * David Oberhollenzer + */ + +#define PROGRAM_NAME "mkfs.ubifs" +#include "fscrypt.h" + + +static __u8 fscrypt_masterkey[FS_MAX_KEY_SIZE]; +static struct cipher *fscrypt_cipher; + + +unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx) +{ + int ret; + unsigned char *new_key = xmalloc(FS_MAX_KEY_SIZE); + + ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, FS_MAX_KEY_SIZE, new_key); + if (ret < 0) { + err_msg("derive_key_aes failed: %i\n", ret); + + free(new_key); + new_key = NULL; + } + + return new_key; +} + +struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx) +{ + struct fscrypt_context *new_fctx = NULL; + + if (fctx) { + new_fctx = xmalloc(sizeof(*new_fctx)); + new_fctx->format = fctx->format; + new_fctx->contents_encryption_mode = fctx->contents_encryption_mode; + new_fctx->filenames_encryption_mode = fctx->filenames_encryption_mode; + new_fctx->flags = fctx->flags; + memcpy(new_fctx->master_key_descriptor, fctx->master_key_descriptor, + FS_KEY_DESCRIPTOR_SIZE); + RAND_bytes((void *)&new_fctx->nonce, FS_KEY_DERIVATION_NONCE_SIZE); + } + + return new_fctx; +} + +void free_fscrypt_context(struct fscrypt_context *fctx) +{ + free(fctx); +} + +void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx) +{ + int i; + + normsg_cont("fscrypt master key descriptor: "); + for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; i++) { + normsg_cont("%02x", fctx->master_key_descriptor[i]); + } + normsg(""); +} + +unsigned int fscrypt_fname_encrypted_size(struct fscrypt_context *fctx, + unsigned int ilen) +{ + int padding; + + padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); + ilen = max_t(unsigned int, ilen, FS_CRYPTO_BLOCK_SIZE); + return round_up(ilen, padding); +} + +int encrypt_path(void **outbuf, void *data, unsigned int data_len, + unsigned int max_namelen, struct fscrypt_context *fctx) +{ + void *inbuf, *crypt_key; + unsigned int padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); + unsigned int cryptlen; + int ret; + + cryptlen = max_t(unsigned int, data_len, FS_CRYPTO_BLOCK_SIZE); + cryptlen = round_up(cryptlen, padding); + cryptlen = min(cryptlen, max_namelen); + + inbuf = xmalloc(cryptlen); + /* CTS mode needs a block size aligned buffer */ + *outbuf = xmalloc(round_up(cryptlen, FS_CRYPTO_BLOCK_SIZE)); + + memset(inbuf, 0, cryptlen); + memcpy(inbuf, data, data_len); + + crypt_key = calc_fscrypt_subkey(fctx); + if (!crypt_key) + return err_msg("could not compute subkey"); + + ret = fscrypt_cipher->encrypt_fname(inbuf, cryptlen, + crypt_key, *outbuf); + if (ret < 0) + return err_msg("could not encrypt filename"); + + free(crypt_key); + free(inbuf); + return cryptlen; +} + +int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no, + struct ubifs_data_node *dn, size_t length) +{ + void *inbuf, *outbuf, *crypt_key; + size_t ret, pad_len = round_up(length, FS_CRYPTO_BLOCK_SIZE); + + dn->compr_size = length; + + inbuf = xzalloc(pad_len); + outbuf = xzalloc(pad_len); + + memcpy(inbuf, &dn->data, length); + + crypt_key = calc_fscrypt_subkey(fctx); + if (!crypt_key) + return err_msg("could not compute subkey"); + + ret = fscrypt_cipher->encrypt_block(inbuf, pad_len, + crypt_key, block_no, + outbuf); + if (ret != pad_len) { + return err_msg("encrypt_block returned %zi " + "instead of %zi", ret, pad_len); + } + + memcpy(&dn->data, outbuf, pad_len); + + free(inbuf); + free(outbuf); + free(crypt_key); + return pad_len; +} + +static int xdigit(int x) +{ + if (isupper(x)) + return x - 'A' + 0x0A; + if (islower(x)) + return x - 'a' + 0x0A; + return x - '0'; +} + +static int parse_key_descriptor(const char *desc, __u8 *dst) +{ + int i, hi, lo; + + for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; ++i) { + if (!desc[i * 2] || !desc[i * 2 + 1]) { + err_msg("key descriptor '%s' is too short", desc); + return -1; + } + if (!isxdigit(desc[i * 2]) || !isxdigit(desc[i * 2 + 1])) { + err_msg("invalid key descriptor '%s'", desc); + return -1; + } + + hi = xdigit(desc[i * 2]); + lo = xdigit(desc[i * 2 + 1]); + + dst[i] = (hi << 4) | lo; + } + + if (desc[i * 2]) { + err_msg("key descriptor '%s' is too long", desc); + return -1; + } + return 0; +} + +static int load_master_key(const char *key_file) +{ + int kf; + ssize_t keysize; + + kf = open(key_file, O_RDONLY); + if (kf < 0) { + sys_errmsg("open '%s'", key_file); + return -1; + } + + keysize = read(kf, fscrypt_masterkey, sizeof(fscrypt_masterkey)); + if (keysize < 0) { + sys_errmsg("read '%s'", key_file); + goto fail; + } + if (keysize == 0) { + err_msg("loading key from '%s': file is empty", key_file); + goto fail; + } + + close(kf); + return 0; +fail: + close(kf); + return -1; +} + +struct fscrypt_context *init_fscrypt_context(const char *cipher_name, + unsigned int flags, + const char *key_file, + const char *key_descriptor) +{ + __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; + __u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; + struct fscrypt_context *new_fctx; + + fscrypt_cipher = get_cipher(cipher_name); + + if (!fscrypt_cipher) { + fprintf(stderr, "Cannot find cipher '%s'\n" + "Try `%s --help' for more information\n", + cipher_name, PROGRAM_NAME); + return NULL; + } + + if (parse_key_descriptor(key_descriptor, master_key_descriptor)) + return NULL; + + if (load_master_key(key_file)) + return NULL; + + RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); + + new_fctx = xmalloc(sizeof(*new_fctx)); + + new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; + new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC; + new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS; + new_fctx->flags = flags; + + memcpy(&new_fctx->nonce, nonce, FS_KEY_DERIVATION_NONCE_SIZE); + memcpy(&new_fctx->master_key_descriptor, master_key_descriptor, + FS_KEY_DESCRIPTOR_SIZE); + return new_fctx; +} diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h new file mode 100644 index 000000000000..b6fb6d136e58 --- /dev/null +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -0,0 +1,112 @@ +/* + * Copyright (C) 2017 sigma star gmbh + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + * Authors: Richard Weinberger + * David Oberhollenzer + */ + +#ifndef FSCRYPT_H +#define FSCRYPT_H + + +#include "mkfs.ubifs.h" +#include +#include "crypto.h" + + +#ifndef FS_KEY_DESCRIPTOR_SIZE +#define FS_KEY_DESCRIPTOR_SIZE 8 +#endif +#define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1 +#define FS_KEY_DERIVATION_NONCE_SIZE 16 + +#ifndef FS_ENCRYPTION_MODE_AES_128_CBC +#define FS_ENCRYPTION_MODE_AES_128_CBC 5 +#endif + +#ifndef FS_ENCRYPTION_MODE_AES_128_CTS +#define FS_ENCRYPTION_MODE_AES_128_CTS 6 +#endif + +#ifndef FS_POLICY_FLAGS_VALID +#define FS_POLICY_FLAGS_PAD_4 0x00 +#define FS_POLICY_FLAGS_PAD_8 0x01 +#define FS_POLICY_FLAGS_PAD_16 0x02 +#define FS_POLICY_FLAGS_PAD_32 0x03 +#define FS_POLICY_FLAGS_PAD_MASK 0x03 +#define FS_POLICY_FLAGS_VALID 0x03 +#endif + +#define FS_CRYPTO_BLOCK_SIZE 16 + +/** + * Encryption context for inode + * + * Protector format: + * 1 byte: Protector format (1 = this version) + * 1 byte: File contents encryption mode + * 1 byte: File names encryption mode + * 1 byte: Flags + * 8 bytes: Master Key descriptor + * 16 bytes: Encryption Key derivation nonce + */ +struct fscrypt_context { + __u8 format; + __u8 contents_encryption_mode; + __u8 filenames_encryption_mode; + __u8 flags; + __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; + __u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; +} __attribute__((packed)); + +/** + * For encrypted symlinks, the ciphertext length is stored at the beginning + * of the string in little-endian format. + */ +struct fscrypt_symlink_data { + __le16 len; + char encrypted_path[1]; +} __attribute__((packed)); + + +#ifndef FS_MAX_KEY_SIZE +#define FS_MAX_KEY_SIZE 64 +#endif + +unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx); + +struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx); + +void free_fscrypt_context(struct fscrypt_context *fctx); + +void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx); + +unsigned int fscrypt_fname_encrypted_size(struct fscrypt_context *fctx, + unsigned int ilen); + +int encrypt_path(void **outbuf, void *data, unsigned int data_len, + unsigned int max_namelen, struct fscrypt_context *fctx); + +int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no, + struct ubifs_data_node *dn, size_t length); + +struct fscrypt_context *init_fscrypt_context(const char *cipher_name, + unsigned int flags, + const char *key_file, + const char *key_descriptor); + +#endif /* FSCRYPT_H */ + diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 707758a42f4f..1710e25b88ee 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -36,6 +36,7 @@ #endif #include "crypto.h" +#include "fscrypt.h" /* Size (prime number) of hash table for link counting */ #define HASH_TABLE_SIZE 10099 @@ -110,66 +111,6 @@ struct inum_mapping { struct stat st; }; -#ifndef FS_KEY_DESCRIPTOR_SIZE -#define FS_KEY_DESCRIPTOR_SIZE 8 -#endif -#define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1 -#define FS_KEY_DERIVATION_NONCE_SIZE 16 - -#ifndef FS_ENCRYPTION_MODE_AES_128_CBC -#define FS_ENCRYPTION_MODE_AES_128_CBC 5 -#endif - -#ifndef FS_ENCRYPTION_MODE_AES_128_CTS -#define FS_ENCRYPTION_MODE_AES_128_CTS 6 -#endif - -#ifndef FS_POLICY_FLAGS_VALID -#define FS_POLICY_FLAGS_PAD_4 0x00 -#define FS_POLICY_FLAGS_PAD_8 0x01 -#define FS_POLICY_FLAGS_PAD_16 0x02 -#define FS_POLICY_FLAGS_PAD_32 0x03 -#define FS_POLICY_FLAGS_PAD_MASK 0x03 -#define FS_POLICY_FLAGS_VALID 0x03 -#endif - -#define FS_CRYPTO_BLOCK_SIZE 16 - -/** - * Encryption context for inode - * - * Protector format: - * 1 byte: Protector format (1 = this version) - * 1 byte: File contents encryption mode - * 1 byte: File names encryption mode - * 1 byte: Flags - * 8 bytes: Master Key descriptor - * 16 bytes: Encryption Key derivation nonce - */ -struct fscrypt_context { - __u8 format; - __u8 contents_encryption_mode; - __u8 filenames_encryption_mode; - __u8 flags; - __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; - __u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; -} __attribute__((packed)); - -/** - * For encrypted symlinks, the ciphertext length is stored at the beginning - * of the string in little-endian format. - */ -struct fscrypt_symlink_data { - __le16 len; - char encrypted_path[1]; -} __attribute__((packed)); - - -#ifndef FS_MAX_KEY_SIZE -#define FS_MAX_KEY_SIZE 64 -#endif -static __u8 fscrypt_masterkey[FS_MAX_KEY_SIZE]; - /* * Because we copy functions from the kernel, we use a subset of the UBIFS * file-system description object struct ubifs_info. @@ -186,7 +127,6 @@ int yes; static char *root; static int root_len; static struct fscrypt_context *root_fctx; -static struct cipher *fscrypt_cipher; static struct stat root_st; static char *output; static int out_fd; @@ -541,160 +481,6 @@ static long long get_bytes(const char *str) return bytes; } - -static unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx) -{ - int ret; - unsigned char *new_key = xmalloc(FS_MAX_KEY_SIZE); - - ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, FS_MAX_KEY_SIZE, new_key); - if (ret < 0) { - err_msg("derive_key_aes failed: %i\n", ret); - - free(new_key); - new_key = NULL; - } - - return new_key; -} - -static struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx) -{ - struct fscrypt_context *new_fctx = NULL; - - if (fctx) { - new_fctx = xmalloc(sizeof(*new_fctx)); - new_fctx->format = fctx->format; - new_fctx->contents_encryption_mode = fctx->contents_encryption_mode; - new_fctx->filenames_encryption_mode = fctx->filenames_encryption_mode; - new_fctx->flags = fctx->flags; - memcpy(new_fctx->master_key_descriptor, fctx->master_key_descriptor, - FS_KEY_DESCRIPTOR_SIZE); - RAND_bytes((void *)&new_fctx->nonce, FS_KEY_DERIVATION_NONCE_SIZE); - } - - return new_fctx; -} - -static void free_fscrypt_context(struct fscrypt_context *fctx) -{ - free(fctx); -} - -static void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx) -{ - int i; - - normsg_cont("fscrypt master key descriptor: "); - for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; i++) { - normsg_cont("%02x", fctx->master_key_descriptor[i]); - } - normsg(""); -} - -static int xdigit(int x) -{ - if (isupper(x)) - return x - 'A' + 0x0A; - if (islower(x)) - return x - 'a' + 0x0A; - return x - '0'; -} - -static int parse_key_descriptor(const char *desc, __u8 *dst) -{ - int i, hi, lo; - - for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; ++i) { - if (!desc[i * 2] || !desc[i * 2 + 1]) { - err_msg("key descriptor '%s' is too short", desc); - return -1; - } - if (!isxdigit(desc[i * 2]) || !isxdigit(desc[i * 2 + 1])) { - err_msg("invalid key descriptor '%s'", desc); - return -1; - } - - hi = xdigit(desc[i * 2]); - lo = xdigit(desc[i * 2 + 1]); - - dst[i] = (hi << 4) | lo; - } - - if (desc[i * 2]) { - err_msg("key descriptor '%s' is too long", desc); - return -1; - } - return 0; -} - -static int load_master_key(const char *key_file) -{ - int kf; - ssize_t keysize; - - kf = open(key_file, O_RDONLY); - if (kf < 0) { - sys_errmsg("open '%s'", key_file); - return -1; - } - - keysize = read(kf, fscrypt_masterkey, sizeof(fscrypt_masterkey)); - if (keysize < 0) { - sys_errmsg("read '%s'", key_file); - goto fail; - } - if (keysize == 0) { - err_msg("loading key from '%s': file is empty", key_file); - goto fail; - } - - close(kf); - return 0; -fail: - close(kf); - return -1; -} - -static struct fscrypt_context *init_fscrypt_context(unsigned int flags, - const char *key_file, - const char *key_descriptor) -{ - __u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; - __u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE]; - struct fscrypt_context *new_fctx; - - if (parse_key_descriptor(key_descriptor, master_key_descriptor)) - return NULL; - - if (load_master_key(key_file)) - return NULL; - - RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); - - new_fctx = xmalloc(sizeof(*new_fctx)); - - new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; - new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC; - new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS; - new_fctx->flags = flags; - - memcpy(&new_fctx->nonce, nonce, FS_KEY_DERIVATION_NONCE_SIZE); - memcpy(&new_fctx->master_key_descriptor, master_key_descriptor, - FS_KEY_DESCRIPTOR_SIZE); - return new_fctx; -} - -unsigned int fscrypt_fname_encrypted_size(struct fscrypt_context *fctx, unsigned int ilen) -{ - int padding; - - padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); - ilen = max_t(unsigned int, ilen, FS_CRYPTO_BLOCK_SIZE); - return round_up(ilen, padding); -} - - /** * open_ubi - open the UBI volume. * @node: name of the UBI volume character device to fetch information about @@ -972,19 +758,11 @@ static int get_options(int argc, char**argv) c->double_hash = 1; c->encrypted = 1; - root_fctx = init_fscrypt_context(fscrypt_flags, + root_fctx = init_fscrypt_context(cipher_name, fscrypt_flags, key_file, key_desc); if (!root_fctx) return -1; - fscrypt_cipher = get_cipher(cipher_name); - if (!fscrypt_cipher) { - fprintf(stderr, "Cannot find cipher '%s'\n" - "Try `%s --help' for more information\n", - cipher_name, PROGRAM_NAME); - return -1; - } - print_fscrypt_master_key_descriptor(root_fctx); } @@ -1616,39 +1394,6 @@ static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, fctx, sizeof(*fctx)); } -static int encrypt_path(void **outbuf, void *data, unsigned int data_len, - unsigned int max_namelen, struct fscrypt_context *fctx) -{ - void *inbuf, *crypt_key; - unsigned int padding = 4 << (fctx->flags & FS_POLICY_FLAGS_PAD_MASK); - unsigned int cryptlen; - int ret; - - cryptlen = max_t(unsigned int, data_len, FS_CRYPTO_BLOCK_SIZE); - cryptlen = round_up(cryptlen, padding); - cryptlen = min(cryptlen, max_namelen); - - inbuf = xmalloc(cryptlen); - /* CTS mode needs a block size aligned buffer */ - *outbuf = xmalloc(round_up(cryptlen, FS_CRYPTO_BLOCK_SIZE)); - - memset(inbuf, 0, cryptlen); - memcpy(inbuf, data, data_len); - - crypt_key = calc_fscrypt_subkey(fctx); - if (!crypt_key) - return err_msg("could not compute subkey"); - - ret = fscrypt_cipher->encrypt_fname(inbuf, cryptlen, - crypt_key, *outbuf); - if (ret < 0) - return err_msg("could not encrypt filename"); - - free(crypt_key); - free(inbuf); - return cryptlen; -} - static int encrypt_symlink(void *dst, void *data, unsigned int data_len, struct fscrypt_context *fctx) { @@ -2011,35 +1756,10 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum, if (!fctx) { dn->compr_size = 0; } else { - void *inbuf, *outbuf, *crypt_key; - size_t ret, pad_len = round_up(out_len, FS_CRYPTO_BLOCK_SIZE); - - dn->compr_size = out_len; - - inbuf = xzalloc(pad_len); - outbuf = xzalloc(pad_len); - - memcpy(inbuf, &dn->data, out_len); - - crypt_key = calc_fscrypt_subkey(fctx); - if (!crypt_key) - return err_msg("could not compute subkey"); - - ret = fscrypt_cipher->encrypt_block(inbuf, pad_len, - crypt_key, block_no, - outbuf); - if (ret != pad_len) { - return err_msg("encrypt_block returned %zi " - "instead of %zi", ret, pad_len); - } - - memcpy(&dn->data, outbuf, pad_len); - - out_len = pad_len; - - free(inbuf); - free(outbuf); - free(crypt_key); + ret = encrypt_data_node(fctx, block_no, dn, out_len); + if (ret < 0) + return ret; + out_len = ret; } dn_len = UBIFS_DATA_NODE_SZ + out_len; From patchwork Thu Oct 18 14:37:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985967 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="tjMITsH7"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="O0a1oLWi"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXBl0X9fz9sC2 for ; Fri, 19 Oct 2018 01:54:39 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=icSqhDimOPyAddsh8iJSDAbpHTygwW94wZ9q5xTVajo=; b=tjMITsH71pR+1i oTZqO8Pl62hbJ60cgTJU7/nE3ic0f/WPSruEdSqtlCdEJEC/Q0YiOoyN/yHyG3SwkjIEWOxBYIYiJ /cjdg+tKn676IrZN1uBdWeF00tKPPJHOcttrMv2VFMKMRoxy+8wM8JkUO1/wpWJ9gV67STQSX75nK 0YXHDOH/Cz+3r9f6HxiUyn0VqqrTFzJbaHhjf0pMg6+CfHLG7JQkrOgea1VB5fbYnn1pmLzZLGCZX QZb1DM0Agk1qfUm1g/YNlYxZ+Qy8XB4Kqui/11VEi2bzkVDEwJG99IJgJaUzUzgRinjQRi7i82qDg Ln/irniUIw27utcHe0dg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9gv-0006BW-HO; Thu, 18 Oct 2018 14:54:25 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9TG-00053K-E0 for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=fGiUbBuUqz6FJ1AA1Lu4FoDPkYPaGn6aY52CJX9IZHo=; b=O0a1oLWiKmGB3TwqjQWOr0DADB JICxvche3w5ZiXOjgtpsirQvTay1psXtLGO2YIwMGHF9cqpjYXQIBp6Os0fRD/WHR/SL76VaOQnka n96xKd/Ay+YRX5XJ+ZQg8YqDReTtQtfJHC17Pq+OZV4n/nLCiHAMYqJ45qxGJb44pkLHY42+HcwUw YST1F+Mm+13kG41ljep74J/TtQOABxGgKITDimym6mMxBf65DTE1/sU0c+4+cLxvh9xaO3vukE0Jj wB6MEzL6pfITMlfQPL5IQI2GFUCRUzlQtF7BH4bQxFskN8Uy1cEZlEpuv3ylPVOEMTFPirsjc200t y+WJ73tA==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9S6-0002RX-IH for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:10 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 5616818011B6C; Thu, 18 Oct 2018 16:38:56 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 29/42] mkfs.ubifs: Cleanup over-long lines Date: Thu, 18 Oct 2018 16:37:05 +0200 Message-Id: <20181018143718.26298-30-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153907_082696_028F96B3 X-CRM114-Status: GOOD ( 12.40 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 35 +++++++++++++++++++---------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 1710e25b88ee..9bd15a2f047a 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1030,8 +1030,8 @@ static void set_lprops(int lnum, int offs, int flags) * @offs: node offset * @len: node length */ -static int add_to_index(union ubifs_key *key, char *name, int name_len, int lnum, int offs, - int len) +static int add_to_index(union ubifs_key *key, char *name, int name_len, + int lnum, int offs, int len) { struct idx_entry *e; @@ -1102,11 +1102,12 @@ static int reserve_space(int len, int *lnum, int *offs) */ static int add_node(union ubifs_key *key, char *name, int name_len, void *node, int len) { - int err, lnum, offs; + int err, lnum, offs, type = key_type(key); - if (key_type(key) == UBIFS_DENT_KEY || key_type(key) == UBIFS_XENT_KEY) { + if (type == UBIFS_DENT_KEY || type == UBIFS_XENT_KEY) { if (!name) - return err_msg("Directory entry or xattr without name!"); + return err_msg("Directory entry or xattr " + "without name!"); } else { if (name) return err_msg("Name given for non dir/xattr node!"); @@ -1126,8 +1127,9 @@ static int add_node(union ubifs_key *key, char *name, int name_len, void *node, return 0; } -static int add_xattr(struct ubifs_ino_node *host_ino, struct stat *st, ino_t inum, - char *name, const void *data, unsigned int data_len) +static int add_xattr(struct ubifs_ino_node *host_ino, struct stat *st, + ino_t inum, char *name, const void *data, + unsigned int data_len) { struct ubifs_ino_node *ino; struct ubifs_dent_node *xent; @@ -1399,10 +1401,13 @@ static int encrypt_symlink(void *dst, void *data, unsigned int data_len, { struct fscrypt_symlink_data *sd; void *outbuf; - unsigned int link_disk_len = fscrypt_fname_encrypted_size(fctx, data_len) + sizeof(struct fscrypt_symlink_data); + unsigned int link_disk_len; unsigned int cryptlen; int ret; + link_disk_len = sizeof(struct fscrypt_symlink_data); + link_disk_len += fscrypt_fname_encrypted_size(fctx, data_len); + ret = encrypt_path(&outbuf, data, data_len, UBIFS_MAX_INO_DATA, fctx); if (ret < 0) return ret; @@ -1622,9 +1627,12 @@ static int add_dent_node(ino_t dir_inum, const char *name, ino_t inum, if (!kname) return err_msg("cannot allocate memory"); } else { - unsigned int max_namelen = type == UBIFS_ITYPE_LNK ? UBIFS_MAX_INO_DATA : UBIFS_MAX_NLEN; + unsigned int max_namelen = UBIFS_MAX_NLEN; int ret; + if (type == UBIFS_ITYPE_LNK) + max_namelen = UBIFS_MAX_INO_DATA; + ret = encrypt_path((void **)&kname, dname.name, dname.len, max_namelen, fctx); if (ret < 0) @@ -1984,7 +1992,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, nlink += 1; type = UBIFS_ITYPE_DIR; } else { - err = add_non_dir(name, &inum, 0, &type, &dent_st, new_fctx); + err = add_non_dir(name, &inum, 0, &type, + &dent_st, new_fctx); if (err) goto out_free; } @@ -2045,7 +2054,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, nlink += 1; type = UBIFS_ITYPE_DIR; } else { - err = add_non_dir(name, &inum, 0, &type, &fake_st, new_fctx); + err = add_non_dir(name, &inum, 0, &type, + &fake_st, new_fctx); if (err) goto out_free; } @@ -2065,7 +2075,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, creat_sqnum = dir_creat_sqnum; - err = add_dir_inode(dir ? dir_name : NULL, dir, dir_inum, size, nlink, st, fctx); + err = add_dir_inode(dir ? dir_name : NULL, dir, dir_inum, size, + nlink, st, fctx); if (err) goto out_free; From patchwork Thu Oct 18 14:37:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985969 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="U68KhdCm"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="qMvJbn8D"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXDs0GHdz9sC2 for ; Fri, 19 Oct 2018 01:56:29 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=exZa88Xmb5xxd0hUAn4O0AF7icBt/tiRW/ADJ01yVWI=; b=U68KhdCmiz3jCd MPa44yXK4zEDkUfJHitmNTIRGaGj4cnM5xnijadmfiEiZsEmVu2V8jcwO4dr7EfkpgoqiXpwosC74 uS4Jctzuo2whwVtFIKFU/lHf8LonQYK0rHGih4BjzU2yB0mvu8nAcfcR43gS46FWRUi6poVXCdJUK oQZ/ZIQTjH90/qa+gPJnB2z/bzWIDSrSaG4uVOTQ4wpa0MTUdluU2bqe6GWyuGK+ORcOTt4C3V9Dd FUg17pxnFyLkSoAbNTpmDyk/JaG9QPHdJZPaaf/RiVCpeqygnnkzrYdsQtQxjrWzlGLWBSp3P4oyD QfFr6kjund9a8oqkzCDg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9ih-00089U-Hc; Thu, 18 Oct 2018 14:56:15 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9TI-00053K-Ed for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ETiB81A7oOy+9YR+ndvYVUVoY7jRUAIItQRmkx/VP2A=; b=qMvJbn8DdVXe4GM7WVSFza+7gW d/tB+ONUyMQM3y/cm07spe+jZUDcVFjU7hf51RoONUg5SsDRuxNmpsbzhdplkFb+uatmt9HCmWc99 E9BS7Szx756AzQN2CcfgS9EJ2TvtkPM0FnbtoMfoeKkHBb6Dc70mejT/vase9e9DGODdeb4hwXHIN GZba6rWTZNYdcjG9c5zlyb8ocEHypxU/gS5aebHdBYCkx9KHEDbppiDLaSWHKRxpxGtHlLPPmmWFB 58sBMFf0CbJBpt9Lp6szt7mzDUOfl9JdN3ucIDEWjsmzg/10GlpEoXpypCgxJzsu1t3efCLTALNy4 fQ7LOr/Q==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9S6-0002RY-IF for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:08 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 4C61018011B73; Thu, 18 Oct 2018 16:38:57 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 30/42] mkfs.ubifs: Check length of master key Date: Thu, 18 Oct 2018 16:37:06 +0200 Message-Id: <20181018143718.26298-31-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153906_889965_A31261A8 X-CRM114-Status: GOOD ( 13.13 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/crypto.c | 2 ++ ubifs-utils/mkfs.ubifs/crypto.h | 1 + ubifs-utils/mkfs.ubifs/fscrypt.c | 9 +++++++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index f7b51357c04a..bd3273767a5b 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -281,10 +281,12 @@ ssize_t derive_key_aes(const void *deriving_key, const void *source_key, static struct cipher ciphers[] = { { .name = "AES-128-CBC", + .key_length = 16, .encrypt_block = encrypt_block_aes128_cbc, .encrypt_fname = encrypt_aes128_cbc_cts, }, { .name = "AES-256-XTS", + .key_length = 64, .encrypt_block = encrypt_block_aes256_xts, .encrypt_fname = encrypt_aes256_cbc_cts, } diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index b6a1e004f46d..7fb2d3b8d005 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -28,6 +28,7 @@ struct cipher { const char *name; + unsigned int key_length; ssize_t (*encrypt_block)(const void *plaintext, size_t size, const void *key, uint64_t block_index, diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 68001e1d88f4..6d1fa4ba9d3f 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -188,7 +188,7 @@ static int parse_key_descriptor(const char *desc, __u8 *dst) return 0; } -static int load_master_key(const char *key_file) +static int load_master_key(const char *key_file, struct cipher *fsc) { int kf; ssize_t keysize; @@ -208,6 +208,11 @@ static int load_master_key(const char *key_file) err_msg("loading key from '%s': file is empty", key_file); goto fail; } + if (keysize < fsc->key_length) { + err_msg("key '%s' is too short (at least %u bytes required)", + key_file, fsc->key_length); + goto fail; + } close(kf); return 0; @@ -237,7 +242,7 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name, if (parse_key_descriptor(key_descriptor, master_key_descriptor)) return NULL; - if (load_master_key(key_file)) + if (load_master_key(key_file, fscrypt_cipher)) return NULL; RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); From patchwork Thu Oct 18 14:37:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985990 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pgT5u0b9"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXKH369xz9sCm for ; Fri, 19 Oct 2018 02:00:17 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=soyLEfTzK2cycHRbkkv9XfJ39knUHhOH19P0sF0Kuoc=; b=pgT5u0b9spe8Gq qSK3GWpJ2KzzluZ8QnZnNVNxWcYEWmbSzPZWCCkaC10ZnksnI2UWhIW1aFZntvqZk1tljyXXnPiBb OIK2PD8P4zckEaSmd4uFDGjwYZIWKpuEqIm4F/o+BwwyByy5dnot//VVqyFnuY7RdFpHu7LPrj5o8 8LADJYOkGFyHDDGJnObjXzLK2Lg0Xpf94dWH+CPFz1IfDkFhPSbgzdR6KyvzClV6IcITIq6g0bQa6 L6FIYcmcBudCMDgOLYqWPtvLKTd2+i9r3ZVVmBLQvu5xlZcCv7ocU1Yho8R4WyB1qzX/locvQKZZh FAo3wogOlR47vVvfVmDg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9mL-0001Ei-0F; Thu, 18 Oct 2018 15:00:01 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SD-0004T0-MF for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:40:52 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id A9C52180347EB; Thu, 18 Oct 2018 16:38:57 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 31/42] mkfs.ubifs: Accept 0x prefix for key descriptor Date: Thu, 18 Oct 2018 16:37:07 +0200 Message-Id: <20181018143718.26298-32-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073913_928290_4FEDE73C X-CRM114-Status: GOOD ( 11.59 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: David Oberhollenzer Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/fscrypt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 6d1fa4ba9d3f..02132e205a35 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -165,6 +165,9 @@ static int parse_key_descriptor(const char *desc, __u8 *dst) { int i, hi, lo; + if (desc[0] == '0' && (desc[1] == 'x' || desc[1] == 'X')) + desc += 2; + for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; ++i) { if (!desc[i * 2] || !desc[i * 2 + 1]) { err_msg("key descriptor '%s' is too short", desc); From patchwork Thu Oct 18 14:37:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986015 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Zk9ipLez"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="pRnIyUlK"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXZ96zC5z9sC2 for ; Fri, 19 Oct 2018 02:11:29 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=ZU6as34rX7ClFpGKNVBQgy2JzHY46Gxe0Fcv/8EohK0=; b=Zk9ipLezIz5wwK NuJaVW37inY3HnpGnJSqqQFip6xFdpN3F0g7OW4nmcjz2flcX9dGLFpa4lArfktiW7FV4b7g3KtID BElSbb9pwiuCNZTqmD5jHPRvSkwGxQwUXAKtV8bwSC58eEvg+mv9aSLXvbjzE1+2gBzJnH7UgLDMx Vn8b8hW0cn+l1KxUeWy07N5J+2PYck89BEIP88TguNSrXTbjk4WpYpVyfZwvtcgr6iby2dMN7K+Ma 5Cs/IDr/tOkFMJqzMHpKhUiBabINA2IJJP5hAGv974B1UcvJAzMGp2jK3Euj0PRDWJh+ef3YYb8O2 wEu0xPOhj+R2q0xx5UNw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9xI-0007RX-RS; Thu, 18 Oct 2018 15:11:20 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9T9-00053K-Qz for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:11 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=CO3J8RlbL3sjIFgG6FUQb/JvF1crc8OeiMhVGuRIPU8=; b=pRnIyUlKnh2OolNdfAoZ/Cif0m Qi4h7nvvZa7/9RGBitSwfybKPnTx875yQRL/1Gig0I2MFW4dqByKwqtXfFwMeBzhL/P/gm2f2h7OS 5HE+Xi7BC9GzM3uxJWVu7IHPNdWQVwGhmDea0FqB2WBQ8YiDO+gqmTIuzoTahdXYa56UlTmaD8ltW 4ejMTZTPtc2ybPpJn56pSaeNdBVnq5i2F+GIYQuavQAJXV2VkqDe6aOm6GoVTzpEy0QRBLGs2VoNz eksb32eEronRH6sw9wk/sDdEwAGQqhqSw9+KhLTK26RA2Sqb53bIn0DbCqOkGiv4Ko6qiAmLzoxXS 1Fb/Fb+A==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SC-0002Rg-Pr for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:15 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 8FA9618011B7B; Thu, 18 Oct 2018 16:38:58 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 32/42] mkfs.ubifs: Correctly use iv lengths in aes-cts mode Date: Thu, 18 Oct 2018 16:37:08 +0200 Message-Id: <20181018143718.26298-33-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153913_003171_95E59B2F X-CRM114-Status: GOOD ( 11.21 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org The key length can be very long, for example in xts mode. So we have to use the right sizes for block and iv lengths. Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/crypto.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index bd3273767a5b..8d113f198bb2 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -207,32 +207,32 @@ static ssize_t encrypt_cbc_cts(const void *plaintext, size_t size, memset(iv, 0, ivsize); - diff = size % key_len; + diff = size % ivsize; if (diff) { - padded_size = size - diff + key_len; + padded_size = size - diff + ivsize; padded = size > 256 ? malloc(padded_size) : alloca(padded_size); memcpy(padded, plaintext, size); memset(padded + size, 0, padded_size - size); ret = do_encrypt(cipher, padded, padded_size, key, key_len, - iv, sizeof(iv), ciphertext); + iv, ivsize, ciphertext); if (size > 256) free(padded); } else { ret = do_encrypt(cipher, plaintext, size, key, key_len, - iv, sizeof(iv), ciphertext); + iv, ivsize, ciphertext); } if (ret < 0) return ret; - count = ret / key_len; + count = ret / ivsize; if (count > 1) - block_swap(ciphertext, count - 2, count - 1, key_len); + block_swap(ciphertext, count - 2, count - 1, ivsize); return size; } From patchwork Thu Oct 18 14:37:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985962 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Sl/9EuLh"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="dJsARecg"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX7v6jw7z9sCm for ; Fri, 19 Oct 2018 01:52:11 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=zmMeEdxI38Z2F6xnlgrPnbMJ5F7OfGbcTslW8n29S8w=; b=Sl/9EuLhJgSPyn Oj8y9iDaRTeb7/Xw7rDAgiZXm96oJfW1/AVFo+6ax9PZQ/PjLmKwWOiSxph4TO3Ymkb6Ptj4BMJgB A1Uq/4Dm+OJ6YujxvkdBZ+GjsAa+VFHJalFrng0d3ZEftFmvzs6ED4iR6OPVE/kOu6BytQwy/T7s7 NUCR0INwzU01UNvHj8E3LDKP0UqCfOuEGii/aoXHsBNI+XWuyGTrUEDyJ7OXwSfw0S9Nr8hsyPuUl copD7HSwo5vDRIzzLSM7MdUtwDHCrLathLlrnboDIv3/Rifw4YxES+EXT91/7gWdro+uDLDuMM/4S 7+iN+Kg3EMC+vif078Rw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9ea-00059c-OV; Thu, 18 Oct 2018 14:52:00 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9TB-00053K-0T for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=FRPwLRE3YV50RuURgYLkEQGfvHj6trGaf3d0F/yTgBY=; b=dJsARecg2J5q3Og/D8PRypRDF6 uTsm2womntpaYrdscXgzT8Zdh7ixkYIalvhDm/cRKofuBSZzfKk6D4sJim14J2tqhIai++88VBin5 pjKaes9UTrI0xG8izAoNOvOs/hXbLySqzgyUcbtC5449lP4L8QIK4UBsJLz8rfMme+s8roeC/GM1i d/W33ordzlJZu0i/psFA1/QwMxhTrUIj+TMyghBpSykxj9ScAQHGVxLYFhGCQc8c39XnyNlZ0wZV1 3EB5+eSg56m5z4Lu6clCXNmhT9i3P1rg56x6IkhkEs1y+ocDHmQyT2k4+BsiydNxtwIf4MP4SNUue 7o3YChNg==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SC-0002Ri-Pq for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:14 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id AD8A218011B7C; Thu, 18 Oct 2018 16:38:59 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 33/42] mkfs.ubifs: Enable Cipher selection Date: Thu, 18 Oct 2018 16:37:09 +0200 Message-Id: <20181018143718.26298-34-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153913_009396_CB8D890C X-CRM114-Status: GOOD ( 12.34 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org No longer hard code AES-128-CBC, we support AES-256-XTS too. Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/crypto.c | 7 +++++-- ubifs-utils/mkfs.ubifs/crypto.h | 3 +++ ubifs-utils/mkfs.ubifs/fscrypt.c | 4 ++-- ubifs-utils/mkfs.ubifs/fscrypt.h | 9 ++++++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index 8d113f198bb2..ec414531e94a 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -23,9 +23,8 @@ #include #include -#include "crypto.h" +#include "fscrypt.h" #include "common.h" -#include "mtd_swab.h" static int do_sha256(const unsigned char *in, size_t len, unsigned char *out) { @@ -284,11 +283,15 @@ static struct cipher ciphers[] = { .key_length = 16, .encrypt_block = encrypt_block_aes128_cbc, .encrypt_fname = encrypt_aes128_cbc_cts, + .fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_128_CBC, + .fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_128_CTS, }, { .name = "AES-256-XTS", .key_length = 64, .encrypt_block = encrypt_block_aes256_xts, .encrypt_fname = encrypt_aes256_cbc_cts, + .fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_256_XTS, + .fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_256_CTS, } }; diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index 7fb2d3b8d005..c2631dd0fd89 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -36,6 +36,9 @@ struct cipher { ssize_t (*encrypt_fname)(const void *plaintext, size_t size, const void *key, void *ciphertext); + + unsigned int fscrypt_block_mode; + unsigned int fscrypt_fname_mode; }; diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 02132e205a35..2fc0ae8b3509 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -253,8 +253,8 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name, new_fctx = xmalloc(sizeof(*new_fctx)); new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; - new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC; - new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS; + new_fctx->contents_encryption_mode = fscrypt_cipher->fscrypt_block_mode; + new_fctx->filenames_encryption_mode = fscrypt_cipher->fscrypt_fname_mode; new_fctx->flags = flags; memcpy(&new_fctx->nonce, nonce, FS_KEY_DERIVATION_NONCE_SIZE); diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index b6fb6d136e58..e39d7e105fda 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -26,13 +26,20 @@ #include #include "crypto.h" - #ifndef FS_KEY_DESCRIPTOR_SIZE #define FS_KEY_DESCRIPTOR_SIZE 8 #endif #define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1 #define FS_KEY_DERIVATION_NONCE_SIZE 16 +#ifndef FS_ENCRYPTION_MODE_AES_256_XTS +#define FS_ENCRYPTION_MODE_AES_256_XTS 1 +#endif + +#ifndef FS_ENCRYPTION_MODE_AES_256_CTS +#define FS_ENCRYPTION_MODE_AES_256_CTS 4 +#endif + #ifndef FS_ENCRYPTION_MODE_AES_128_CBC #define FS_ENCRYPTION_MODE_AES_128_CBC 5 #endif From patchwork Thu Oct 18 14:37:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986014 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="fHdDQa10"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="CY5UdUe2"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXZ70l1dz9sC2 for ; Fri, 19 Oct 2018 02:11:27 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=zT5Ypyf/MlTFQb47yZW4plY1JccxwLi0ZS4dvCwvaMA=; b=fHdDQa10Cy+UAT GZjbz2Vu3lLbNSOK8TrNciKRGoVnEUoqGurPXw9ITW6oOjG3mdzOie8hUMZsriZcftVZbOb+AlE0P bB94N0uUC3/SpLcSFy/xER55l/NQyvSI7FEsJL4U1wZXXpRfPa1QziF5US5H/sjsl93Ji1d27R5kU w+QYXJY+3bgrdCQ6XbJiWGwNWUYwNUgBxlim9XqpkAL0D5B5G47XywMFmX7M/qoCOfxb6vSH10+1I ylyOt/xKBfosXt85t1wGAVpVC+zL429rAEj6axQX/MlbeAtWqyEBTHP9uPRT6JvF/dbxQQgFkx6Tk PFIaF6Z91hdLh5DiKi5w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9xI-0007RG-9A; Thu, 18 Oct 2018 15:11:20 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9T8-00053K-L3 for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=rtN9VzHejRurZbzlqqvSu5alsxrvdhD5fxR4+vW+Y0o=; b=CY5UdUe2SvuMjV6BSh6zD9GfSs 0tYdQTYBFab/OlsC4hoMKcVIAtAE4xMGgp5v/JsYfk6vWN3zano/g5ykXMtij4YllQJ3Dxsh0e0im G4R1omNqNAm+6120UWOHt+a6h3b+wx9kjqdqUZ6/siN/meHfsoPDLbTJGJ8Oj5SoG0Uropwosuc8e q+KaZSeEUYWbZBCB9TSBxiSPP9EUDYq6J732BqAvR58Evx6YORRkZfPIBxmkyZWGU6r6+kJlrtFbN AdZuFbcyo5gqX5AklWtvIxhd1wRQdOZmd2W0TbxUvkFuRVDK8Ee87Ef9KNbrhGCjc5ebQX7fjEGNn Gwgg1odw==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SC-0002Rh-Pm for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:15 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id AFC8A1801A344; Thu, 18 Oct 2018 16:39:00 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 34/42] mkfs.ubifs: Use correct sizes for keys and hash lengths Date: Thu, 18 Oct 2018 16:37:10 +0200 Message-Id: <20181018143718.26298-35-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153913_013324_7B97E83C X-CRM114-Status: GOOD ( 11.09 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This works currently by chance since the sizes match, but that might change with different cipher setups. Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/crypto.c | 2 +- ubifs-utils/mkfs.ubifs/fscrypt.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index ec414531e94a..7d35ae7473ba 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -119,7 +119,7 @@ static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, siz return -1; } - ret = do_encrypt(cipher, iv, iv_len, sha256, EVP_CIPHER_key_length(cipher), NULL, 0, salt); + ret = do_encrypt(cipher, iv, iv_len, sha256, EVP_MD_size(EVP_sha256()), NULL, 0, salt); if (ret != iv_len) errmsg("Unable to compute ESSIV salt, return value %zi instead of %zi", ret, iv_len); diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 2fc0ae8b3509..b9f9acc17c17 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -31,7 +31,7 @@ unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx) int ret; unsigned char *new_key = xmalloc(FS_MAX_KEY_SIZE); - ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, FS_MAX_KEY_SIZE, new_key); + ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, fscrypt_cipher->key_length, new_key); if (ret < 0) { err_msg("derive_key_aes failed: %i\n", ret); @@ -202,7 +202,7 @@ static int load_master_key(const char *key_file, struct cipher *fsc) return -1; } - keysize = read(kf, fscrypt_masterkey, sizeof(fscrypt_masterkey)); + keysize = read(kf, fscrypt_masterkey, fsc->key_length); if (keysize < 0) { sys_errmsg("read '%s'", key_file); goto fail; From patchwork Thu Oct 18 14:37:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985965 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Ev23ecbP"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="Qwlwx4ae"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX9H2QFJz9sBj for ; Fri, 19 Oct 2018 01:53:23 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=KtikZF4VTU31z40roVs13GH7bW8aUQtt4boRpBQNExY=; b=Ev23ecbPJ/AjG0 VD6iB3r94/w2FmJPzYE95rwZK6Hyl8SoRCNXzC5VpT40Zf6EEMoBPlWqP8DzNaTD77XlHkpO35anH cMsu9aAGr7kELnEFigbmwGXuqGWvzUXiXKvI7JEPZSVvmYgNe+G0p8gEmDuTIURRYz8h3wTbshIQP c4Uqr4gZWgLGBcQaQD98h1a5ATCZQC3/OJCCwQzZaM30S4m+6ha5HMvH9oEcaJoPdLxMF/bKd0wKs 38QGGapPmacLng8+PeBFiVovBDjmfQmT/F0TYSSpGyfzJ0X3Pi7cmiQwboEw44PWRoCRMBYMX9cMG rzR3/rYvyWawI5w4Kfqg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9fi-0005gD-Pn; Thu, 18 Oct 2018 14:53:10 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9TD-00053K-3I for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=9/8Iuyz62aYHgrZIA4S/ZslMn+o61PsmuWX4OghUZtI=; b=Qwlwx4aeDkppqVT5UOw5f5pIWZ xnCWSTbjxMGNBDQDeBAiBgeMqJG+Fg62wvE2cizE3hTkv+rjBaAE6Uj/ipRaB94Yvt37ql9hLBuKe yp+ZM2R4YFktGkZQVQweuAGIMMx9vBKlAKj/atgyeWqXKrzftdanQsE4hsXsNipwDSClsPjpfe/xG k7mckwPCNvWKDdDriadcBlIQrayYU4yGM5JzhdeF5nduPqkYddAYbn6OxFtC8qgZfOpOHGFGdnWaE /gpKvR7W92lcqT+1IX/uI8GzIS2t3mZWZR0B1a7gLsADWIl7912IXHktkJvar4LzwcOGAADWsV3+6 CoBtBIkw==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SC-0002Sx-Pq for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:14 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 24328180347EA; Thu, 18 Oct 2018 16:39:02 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 35/42] mkfs.ubifs: Fixup AES-XTS mode Date: Thu, 18 Oct 2018 16:37:11 +0200 Message-Id: <20181018143718.26298-36-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153912_978798_31BD7C3F X-CRM114-Status: GOOD ( 12.45 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org In XTS mode we don't need ESSIV, just use the block number as tweak. Also apply EVP_EncryptFinal(). Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/crypto.c | 35 +++++++++++++++++++++----------- ubifs-utils/mkfs.ubifs/fscrypt.h | 4 ++++ 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index 7d35ae7473ba..d0f24e1a5f6f 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -91,6 +91,13 @@ static ssize_t do_encrypt(const EVP_CIPHER *cipher, ciphertext_len = len; + if (cipher == EVP_aes_256_xts()) { + if (EVP_EncryptFinal(ctx, ciphertext + ciphertext_len, &len) != 1) + goto fail_ctx; + + ciphertext_len += len; + } + EVP_CIPHER_CTX_free(ctx); return ciphertext_len; fail_ctx: @@ -128,28 +135,32 @@ static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, siz return ret; } - static ssize_t encrypt_block(const void *plaintext, size_t size, const void *key, uint64_t block_index, void *ciphertext, const EVP_CIPHER *cipher) { - size_t key_len, ret, ivsize; - void *essiv_salt, *iv; + size_t key_len, ivsize; + void *tweak; + struct { + uint64_t index; + uint8_t padding[FS_IV_SIZE - sizeof(uint64_t)]; + } iv; ivsize = EVP_CIPHER_iv_length(cipher); key_len = EVP_CIPHER_key_length(cipher); - iv = alloca(ivsize); - essiv_salt = alloca(ivsize); + iv.index = cpu_to_le64(block_index); + memset(iv.padding, 0, sizeof(iv.padding)); - memset(iv, 0, ivsize); - *((uint64_t *)iv) = cpu_to_le64(block_index); - - gen_essiv_salt(iv, ivsize, key, key_len, essiv_salt); + if (cipher == EVP_aes_256_cbc()) { + tweak = alloca(ivsize); + gen_essiv_salt(&iv, FS_IV_SIZE, key, key_len, tweak); + } else { + tweak = &iv; + } - ret = do_encrypt(cipher, plaintext, size, key, key_len, - essiv_salt, ivsize, ciphertext); - return ret; + return do_encrypt(cipher, plaintext, size, key, key_len, tweak, + ivsize, ciphertext); } static ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size, diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index e39d7e105fda..e3cfee50290a 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -93,6 +93,10 @@ struct fscrypt_symlink_data { #define FS_MAX_KEY_SIZE 64 #endif +#ifndef FS_IV_SIZE +#define FS_IV_SIZE 16 +#endif + unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx); struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx); From patchwork Thu Oct 18 14:37:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986023 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="UT1infKT"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="M6gWRtDC"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXwJ0ZkDz9s8T for ; Fri, 19 Oct 2018 02:27:11 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=FEhblreezPKMinQA7rsbZD4JZk4PdoKzBvevncy0Ygg=; b=UT1infKTsMrL9m RhdJHeA2j88WTGuZ9d8TQIGSP2ul6PmMmiFc7iTG59nwSajm55Wzvvynjneu/O+Tx/9kZQ5SBTgeP PR4RTQSeXNqFQQOt2Jzse9i+82ehfv5NB2+HDy3bHDzPcRql17Ww3WOGPAmJRtX1qIaJapVmetxo0 /rH8g8cPMGudjd9TK1kAH4hakEVIPicvdk7Vroklex2T6G3vCgKmK9jAC4QFWpoO/TEKahDOYMLYA VkLtRsHFlIOSi6SLr+tz5he27qTJxsdU7enWIB/aY+MHyIFbNftZA67vwFEGFYmGfDrFANcFPdAY9 TinhbHbbmI/pNGVv/I3w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDACL-0008QF-QD; Thu, 18 Oct 2018 15:26:53 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDA2c-00025V-Bj for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 15:16:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=kfvvOpsNn2dSQa/WCqNYLYpvrFodg487DyhKxf8061k=; b=M6gWRtDC8ygB2rRiRewFdYIXgX SzDHdfZpSixDWFarIHIeFYcc68beBVNW0H2+5swMIaLbN8PBOgRy5d+39LcZ7V8rA3Nj2GFq4URZE R55BvlNOfB98bbMLyypSdDtWikbsbz5mxHpoobuAcKCBLfWiaWB513B4NNZyqvSAwFnrLRhvvMYh/ vgdJ00OWxLZiIl3ERXQ6M9cyM6zOCwq0+QkkCI9/XR5VDiiTc9ZSYQZGyzhm2aG1B9VC8YgH+Vjiw vbIXgQ6jfGHVmoPfFRwB4LM8AFd+LAE96Gn3WRF0Eu/lAYAk4CWwkNg6wdTQlegBb7gEUuBjoFtYn B7yVcLrw==; Received: from lilium.sigma-star.at ([109.75.188.150]) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SJ-0005Jl-T4 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:21 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 4482C180347E9; Thu, 18 Oct 2018 16:39:04 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 36/42] mkfs.ubifs: Compute encryption key descriptor automatically Date: Thu, 18 Oct 2018 16:37:12 +0200 Message-Id: <20181018143718.26298-37-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_103920_247207_045A784C X-CRM114-Status: GOOD ( 15.92 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org ...if none is given. To be compatible with fscryptctl. Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/crypto.c | 27 ++++++++++++++++++++++++--- ubifs-utils/mkfs.ubifs/crypto.h | 1 + ubifs-utils/mkfs.ubifs/fscrypt.c | 11 ++++++++--- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 2 -- 4 files changed, 33 insertions(+), 8 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index d0f24e1a5f6f..50a09b53ebfe 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -26,7 +26,7 @@ #include "fscrypt.h" #include "common.h" -static int do_sha256(const unsigned char *in, size_t len, unsigned char *out) +static int do_hash(const EVP_MD *md, const unsigned char *in, size_t len, unsigned char *out) { unsigned int out_len; EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); @@ -34,7 +34,7 @@ static int do_sha256(const unsigned char *in, size_t len, unsigned char *out) if (!mdctx) return -1; - if (EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL) != 1) + if (EVP_DigestInit_ex(mdctx, md, NULL) != 1) return -1; if(EVP_DigestUpdate(mdctx, in, len) != 1) @@ -121,7 +121,7 @@ static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, siz return -1; } - if (do_sha256(key, key_len, sha256) != 0) { + if (do_hash(EVP_sha256(), key, key_len, sha256) != 0) { errmsg("sha256 failed"); return -1; } @@ -288,6 +288,27 @@ ssize_t derive_key_aes(const void *deriving_key, const void *source_key, aes_key_len, NULL, 0, derived_key); } +int derive_key_descriptor(const void *source_key, void *descriptor) +{ + int ret = -1; + void *hash1 = xzalloc(EVP_MD_size(EVP_sha512())); + void *hash2 = xzalloc(EVP_MD_size(EVP_sha512())); + + if (do_hash(EVP_sha512(), source_key, FS_MAX_KEY_SIZE, hash1) != 0) + goto out; + + if (do_hash(EVP_sha512(), hash1, EVP_MD_size(EVP_sha512()), hash2) != 0) + goto out; + + memcpy(descriptor, hash2, FS_KEY_DESCRIPTOR_SIZE); + + ret = 0; +out: + free(hash1); + free(hash2); + return ret; +} + static struct cipher ciphers[] = { { .name = "AES-128-CBC", diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index c2631dd0fd89..f275839aa77d 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -49,6 +49,7 @@ void crypto_cleanup(void); ssize_t derive_key_aes(const void *deriving_key, const void *source_key, size_t source_key_len, void *derived_key); +int derive_key_descriptor(const void *source_key, void *descriptor); struct cipher *get_cipher(const char *name); diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index b9f9acc17c17..ce6e2fc29ce0 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -242,12 +242,17 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name, return NULL; } - if (parse_key_descriptor(key_descriptor, master_key_descriptor)) - return NULL; - if (load_master_key(key_file, fscrypt_cipher)) return NULL; + if (!key_descriptor) { + if (derive_key_descriptor(fscrypt_masterkey, master_key_descriptor)) + return NULL; + } else { + if (parse_key_descriptor(key_descriptor, master_key_descriptor)) + return NULL; + } + RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); new_fctx = xmalloc(sizeof(*new_fctx)); diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 9bd15a2f047a..f8d8e52f1bae 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -752,8 +752,6 @@ static int get_options(int argc, char**argv) if (key_file || key_desc) { if (!key_file) return err_msg("no key file specified"); - if (!key_desc) - return err_msg("no key descriptor specified"); c->double_hash = 1; c->encrypted = 1; From patchwork Thu Oct 18 14:37:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985963 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="LotlufKq"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="ZvpC59SK"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX8c2z4Pz9s1x for ; Fri, 19 Oct 2018 01:52:48 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=LN3pIboRLLS0dCPBGlUP0UaxZrt35IOf6mCOFH3QGYk=; b=LotlufKqkqYg6+ 3d/Zp9yo90XagCq4N6Nh/9HWsmTfxPhPBsUhfMAlzQ403oLYpGAx8suq+28UXtD2S81FdoVLH6HFz zRfYboUIubNMDu5bncDDj74MeiWkf081yIWLeZLaD0cnrvfVI4Y6R777+rw7ALwtepAbA8LXCMgGe e8bStBDwcSBZWhTCiLMYRj6n8GM8o98Skpy/mFVxSfFuLfexG7awLy639bnjNhaRL0nWDHRhvzdex jYxx9q2Iz5kraUVAT2cyLnnY8cdgCEDq0JpvcyAXaxHPR2KD8CYANpZxsBwP/CQwGKPVctfbcIB4I bllEYMB6enR0ZjY5tuyg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9fB-0005PK-CG; Thu, 18 Oct 2018 14:52:37 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9TE-00053K-3Q for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=236vCke3nyqeSbiL5vQtgASqmL7kti/hqMQlB620JP8=; b=ZvpC59SKmOHiqdA1OFG8kd/83j EnR8Hqgx1Lcl/OVrGW9dHARF4Tsow4HJn9C9GGwc1JPi3uQ75NGK+Fz1zgdXC4mPOyxzTR3XYD38T 0yV5q+Ri3g6CvnXV9JivTFYYq5iV4T5FF7nixxYxbB5maMd293ZYtlE1Q4iGpjcDiytopisak9MZ/ m1knG1zuIp6siGP94HSPcXjGVmsFSBZq3s6jzP6y4Jn5Z6JBi6Fsca5/0OgiZEzk2gviK0wBc6uRO jRsT7wRPVe0vSiPlKElGQ5ataQB+WhBq03oVGXNqkoATaIlpWN/C56u7aKCxLPQfhgVBbOf8ik2RC H9Rrlnkg==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SC-0002TJ-Pp for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:14 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 27D9B180347EF; Thu, 18 Oct 2018 16:39:05 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 37/42] mkfs.ubifs: Fix key descriptor printing Date: Thu, 18 Oct 2018 16:37:13 +0200 Message-Id: <20181018143718.26298-38-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153912_982921_9B280287 X-CRM114-Status: UNSURE ( 9.51 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org normsg() sucks. Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/fscrypt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index ce6e2fc29ce0..29dad1b039e7 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -69,11 +69,11 @@ void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx) { int i; - normsg_cont("fscrypt master key descriptor: "); + normsg_cont("fscrypt master key descriptor: 0x"); for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; i++) { - normsg_cont("%02x", fctx->master_key_descriptor[i]); + printf("%02x", fctx->master_key_descriptor[i]); } - normsg(""); + printf("\n"); } unsigned int fscrypt_fname_encrypted_size(struct fscrypt_context *fctx, From patchwork Thu Oct 18 14:37:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985960 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Ea5GfDU9"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="fqEhN4JS"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX7K0Wp5z9sC2 for ; Fri, 19 Oct 2018 01:51:40 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=LhahjZdeG/INFYDdEivR5OwzQP73kv2uW5afXjVh3sk=; b=Ea5GfDU9vT560N lIRK5BwZ2llz5kIB0IdBGPqvzu5l7o5dco0Ez4a53p8vmBGEuC7D/e3COalbuQo5VOzH2tLZDTBS1 pfm6pYaVnNf1tk1IlWsqIQNz1XdvZGwPsKCvEeGg7ueTQ1CJGuJBDVkm30NPLDX090IjbC8DKLmTF 6S9XuZ1zYWsEumoFi0ERjb65Ngw6vt9cKy9wXGNAwMMd7brauGL3g3PeG3SKyFO7ck34+QgdBNGBM N1BzJHjeIFGaMeTUeRPFna3D6mXE26hh2uU1H+B2/kTEaWRTiRv4pFRVssf3XxLxiPvkk7dSnt1RJ qqFtzm+tyCMvxXpvCdIQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9e3-0004vQ-BH; Thu, 18 Oct 2018 14:51:27 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9TC-00053K-1n for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4RdDgbrPXwcSFzENT0r02Kcgyp/j87H1XTcIzS2eI9g=; b=fqEhN4JSb3PEeOCHUfMY6BWxCz z/a+DSGye1Y4LgVwpgy0eZNGq8EDxhEo5hONt5ajNPA6EzfHEiEjfgtpGBRK7rESHw1xRPBcZ15s4 4da2AwDhnSUyGGHbnOqz5nMH3oWam+nDjiC6fOCmTH/iIC2nHmgMHHBUcfZ/+wFMytDLVd53m/LQT fRIHh1D+0JgthBDqou1h6dRTBj/t3tg6etAUlaNqC5sRzQlo6PGY9HLLO06BPuEzhRfSP98qCRcGy lsmqvBLg0gjXf+aWcmBi3jUHWXmpuO5fmKJ2mT7CPc7Mcq7qUTeZj/7iOUQ9tOpniyEH8+fcWq+J8 +zwUIKlA==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SC-0002TQ-Pl for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:14 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 88F4218011B65; Thu, 18 Oct 2018 16:39:06 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 38/42] mkfs.ubifs: More fscryptctl compatibility Date: Thu, 18 Oct 2018 16:37:14 +0200 Message-Id: <20181018143718.26298-39-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153912_984874_AF2688D0 X-CRM114-Status: GOOD ( 10.72 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org fscryptctl reads up to FS_MAX_KEY_SIZE bytes from the source key to compute the descriptor. Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/fscrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 29dad1b039e7..3d4bff618050 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -202,7 +202,7 @@ static int load_master_key(const char *key_file, struct cipher *fsc) return -1; } - keysize = read(kf, fscrypt_masterkey, fsc->key_length); + keysize = read(kf, fscrypt_masterkey, FS_MAX_KEY_SIZE); if (keysize < 0) { sys_errmsg("read '%s'", key_file); goto fail; From patchwork Thu Oct 18 14:37:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986020 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ZAzbeWp9"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="AcgnQCB/"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXr83BBcz9s8T for ; Fri, 19 Oct 2018 02:23:36 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=VJuBRJWUP9dlTxnJc5Obr37nIpuIunK204mlnTmxyqM=; b=ZAzbeWp9m66sNB y4s5I3PjUmxyHdrV9g9Bj29eWYF8mHcEBNAs7/nWDE0sxP1S+/3DJiN4A9NujxBttCSdWKKYB21bY oko1u8eP2sRQipeAgpck8ZoYAwff5UyXV/1JJjOQik6ZJv4aCF7VXshs/KBWB2/m0sGLYP7Hwx1J/ 6Z0fY0jh86tJgDj5U3h52CGQuBriw4gmxwSZrwsyhZKbe5pzNFxjZrzZ4FoIz2bZyTYWAC3F7ch0I dZh1ewxc9zZkFYc7oODk4wQjyjDCBeDwZ6bfAf1uRnWEmZZ5PvS/5djGQrbgFyRYCL7I3H9vhriUh EGqCgbwABGpfQWwye2Xg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDA8v-0005je-GH; Thu, 18 Oct 2018 15:23:21 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDA2e-00025V-6Z for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 15:16:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Hs2qPDFUfakpeVcvbqgRHx6hpgfaawfvq2cE1aAATuo=; b=AcgnQCB/BCVvNGhXkUqrcJgUA7 nRomHBgLSA0Wfr2j1uYTOzpEoCANZ+NLOvi1CKHbbLbj81D4p55vk+CNt3SVkWAuMTAx++UNDL9dD b7CPEbtjEpxbSguTj641eW1GWnIcYMFJpEv8C9rV/ScLQ8cniAHGyUxxtiQaWjwR8hi9+v75Jfkje CV65oncE5qHA6x+UbaOTivf0y/xoxzPLQaf3X5g2M9oCiXagDoN9urHnVfi9d/dCtX2lrGvBkbGpb 6fjrdIxhXC77+1wPgxdFebFYgu2S7OYzW9SpngtAR1zQYaTkB+VZXdwVVjz987KQiRwealhnW5OGM 4h3G9EyQ==; Received: from lilium.sigma-star.at ([109.75.188.150]) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SJ-0005Jm-T6 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:21 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 6277A18011B6B; Thu, 18 Oct 2018 16:39:07 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 39/42] mkfs.ubifs: Move RAND_poll to crypto.c Date: Thu, 18 Oct 2018 16:37:15 +0200 Message-Id: <20181018143718.26298-40-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_103920_117248_F9898300 X-CRM114-Status: GOOD ( 11.43 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/crypto.c | 1 + ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index 50a09b53ebfe..9c6073ec00f9 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -330,6 +330,7 @@ static struct cipher ciphers[] = { int crypto_init(void) { ERR_load_crypto_strings(); + RAND_poll(); return 0; } diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index f8d8e52f1bae..e4204dae07cb 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -2841,8 +2841,6 @@ int main(int argc, char *argv[]) if (crypto_init()) return -1; - RAND_poll(); - err = get_options(argc, argv); if (err) return err; From patchwork Thu Oct 18 14:37:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985999 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="U2FCzEzf"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXLl5HmWz9sCT for ; Fri, 19 Oct 2018 02:01:35 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=bHNe2gd3Mztj3I0nz23WKJ/RUby3mjGCesafRp+bcqw=; b=U2FCzEzftoeQAT wmTLAWAmpcDunYAAXjEdIpNrz3JwMpcGHHHUWzFqO5LCkC6RR+hfM15I2A3exbZnwmy+FdOsUZG4a 1PfBJV68SyaLWBrs7KMFiogoSBOSu94Z13ui0c+S2gY5NVni+E/fSLbl48AeFGFYvUcBDYdYCQDaT qgoYL3wAzFYQfMiNPl+ppcdDRmlI6MXVfxVwTSme7+c+kUS4CiqXURPf4kJZohBRLILoLpqI3/6Zc CgM6dai5ujOtl/1fFcXJyuXGaIt34IwpP5XHVXSPCwYH7dwC3Y66+2gzb/gcd9Z3JsnRZbX9+r76U +XVQzgt69jEXtXDEiYqQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9nd-00031q-An; Thu, 18 Oct 2018 15:01:21 +0000 Received: from lilium.sigma-star.at ([109.75.188.150]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SP-0004Xh-Ls for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:41:26 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 1DE6D180230B4; Thu, 18 Oct 2018 16:39:11 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 40/42] mkfs.ubifs: Enable support for building without crypto Date: Thu, 18 Oct 2018 16:37:16 +0200 Message-Id: <20181018143718.26298-41-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_073926_069749_71305EEB X-CRM114-Status: GOOD ( 16.38 ) X-Spam-Note: SpamAssassin invocation failed X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- Makefile.am | 4 ++ configure.ac | 27 ++++++++++-- ubifs-utils/Makemodule.am | 10 +++-- ubifs-utils/mkfs.ubifs/crypto.h | 11 +++-- ubifs-utils/mkfs.ubifs/fscrypt.h | 65 +++++++++++++++++++++++++---- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 56 ++++++++++++++++++++++--- 6 files changed, 148 insertions(+), 25 deletions(-) diff --git a/Makefile.am b/Makefile.am index 391edef4ee31..1bc4684b191d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,6 +14,10 @@ if WITH_SELINUX AM_CPPFLAGS += -DWITH_SELINUX endif +if WITH_CRYPTO +AM_CPPFLAGS += -DWITH_CRYPTO +endif + sbin_PROGRAMS = sbin_SCRIPTS = check_PROGRAMS = diff --git a/configure.ac b/configure.ac index 346fcbd26328..d5abb14263b5 100644 --- a/configure.ac +++ b/configure.ac @@ -69,7 +69,7 @@ need_lzo="no" need_xattr="no" need_cmocka="no" need_selinux="no" - +need_openssl="no" AM_COND_IF([UNIT_TESTS], [ need_cmocka="yes" @@ -115,8 +115,6 @@ AC_ARG_ENABLE([lsmtd], esac], [AM_CONDITIONAL([BUILD_LSMTD], [true])]) -AC_CHECK_HEADER(openssl/rand.h) - AC_ARG_WITH([jffs], [AS_HELP_STRING([--without-jffs], [Disable jffsX utilities])], [case "${withval}" in @@ -140,6 +138,7 @@ AM_COND_IF([BUILD_UBIFS], [ need_xattr="yes" need_zlib="yes" need_lzo="yes" + need_openssl="yes" ]) AM_COND_IF([BUILD_JFFSX], [ @@ -174,6 +173,15 @@ AC_ARG_WITH([selinux], *) AC_MSG_ERROR([bad value ${withval} for --with-selinux]) ;; esac]) +AC_ARG_WITH([crypto], + [AS_HELP_STRING([--without-crypto], + [Disable support for UBIFS crypto features])], + [case "${withval}" in + yes) ;; + no) need_openssl="no";; + *) AC_MSG_ERROR([bad value ${withval} for --without-crypto]) ;; + esac]) + ##### search for dependencies ##### clock_gettime_missing="no" @@ -184,6 +192,7 @@ lzo_missing="no" xattr_missing="no" cmocka_missing="no" selinux_missing="no" +openssl_missing="no" if test "x$need_zlib" = "xyes"; then PKG_CHECK_MODULES(ZLIB, [zlib], [], [zlib_missing="yes"]) @@ -226,6 +235,11 @@ if test "x$need_selinux" = "xyes"; then AC_CHECK_HEADERS([selinux/label.h], [], [selinux_missing="yes"]) fi +if test "x$need_openssl" = "xyes"; then + AC_CHECK_HEADER(openssl/rand.h) + PKG_CHECK_MODULES(OPENSSL, [openssl], [], [openssl_missing="yes"]) +fi + if test "x$need_cmocka" = "xyes"; then PKG_CHECK_MODULES(CMOCKA, [cmocka], [], [cmocka_missing="yes"]) fi @@ -281,6 +295,12 @@ if test "x$selinux_missing" = "xyes"; then need_selinux="no" fi +if test "x$openssl_missing" = "xyes"; then + AC_MSG_WARN([cannot find headers for OpenSSL library]) + AC_MSG_WARN([disabling OpenSSL support]) + need_openssl="no" +fi + if test "x$cmocka_missing" = "xyes"; then AC_MSG_WARN([cannot find CMocka library required for unit tests]) AC_MSG_NOTICE([unit tests can optionally be disabled]) @@ -296,6 +316,7 @@ fi AM_CONDITIONAL([WITHOUT_LZO], [test "x$need_lzo" != "xyes"]) AM_CONDITIONAL([WITHOUT_XATTR], [test "x$need_xattr" != "xyes"]) AM_CONDITIONAL([WITH_SELINUX], [test "x$need_selinux" == "xyes"]) +AM_CONDITIONAL([WITH_CRYPTO], [test "x$need_openssl" == "xyes"]) AC_CHECK_SIZEOF([off_t]) AC_CHECK_SIZEOF([loff_t]) diff --git a/ubifs-utils/Makemodule.am b/ubifs-utils/Makemodule.am index 5905a2badbb6..b8e4075c9d2a 100644 --- a/ubifs-utils/Makemodule.am +++ b/ubifs-utils/Makemodule.am @@ -10,15 +10,19 @@ mkfs_ubifs_SOURCES = \ ubifs-utils/mkfs.ubifs/crc16.c \ ubifs-utils/mkfs.ubifs/lpt.c \ ubifs-utils/mkfs.ubifs/compr.c \ - ubifs-utils/mkfs.ubifs/crypto.c \ - ubifs-utils/mkfs.ubifs/fscrypt.c \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_private.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.c \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.c \ ubifs-utils/mkfs.ubifs/devtable.c -mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) -lm -lssl -lcrypto + +if WITH_CRYPTO +mkfs_ubifs_SOURCES += ubifs-utils/mkfs.ubifs/crypto.c \ + ubifs-utils/mkfs.ubifs/fscrypt.c +endif + +mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) $(OPENSSL_LIBS) -lm mkfs_ubifs_CPPFLAGS = $(AM_CPPFLAGS) $(ZLIB_CFLAGS) $(LZO_CFLAGS) $(UUID_CFLAGS) $(LIBSELINUX_CFLAGS)\ -I$(top_srcdir)/ubi-utils/include -I$(top_srcdir)/ubifs-utils/mkfs.ubifs/ diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index f275839aa77d..b6ffad19b72d 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -41,19 +41,18 @@ struct cipher { unsigned int fscrypt_fname_mode; }; - +#ifdef WITH_CRYPTO int crypto_init(void); - void crypto_cleanup(void); - ssize_t derive_key_aes(const void *deriving_key, const void *source_key, size_t source_key_len, void *derived_key); - int derive_key_descriptor(const void *source_key, void *descriptor); - struct cipher *get_cipher(const char *name); - void list_ciphers(FILE *fp); +#else +static inline int crypto_init(void) { return 0;} +static inline void crypto_cleanup(void) {} +#endif /* WITH_CRYPTO */ #endif /* UBIFS_CRYPTO_H */ diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index e3cfee50290a..3b717b4359c6 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -97,27 +97,76 @@ struct fscrypt_symlink_data { #define FS_IV_SIZE 16 #endif +#ifdef WITH_CRYPTO unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx); - struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx); - void free_fscrypt_context(struct fscrypt_context *fctx); - void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx); - unsigned int fscrypt_fname_encrypted_size(struct fscrypt_context *fctx, unsigned int ilen); - int encrypt_path(void **outbuf, void *data, unsigned int data_len, unsigned int max_namelen, struct fscrypt_context *fctx); - int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no, struct ubifs_data_node *dn, size_t length); - struct fscrypt_context *init_fscrypt_context(const char *cipher_name, unsigned int flags, const char *key_file, const char *key_descriptor); - +#else +static inline struct fscrypt_context *init_fscrypt_context( + const char *cipher_name, + unsigned int flags, + const char *key_file, + const char *key_descriptor) +{ + (void)cipher_name; + (void)flags; + (void)key_file; + (void)key_descriptor; + + assert(0); + return NULL; +} + +static inline void free_fscrypt_context(struct fscrypt_context *fctx) +{ + (void)fctx; + + assert(0); +} + +static inline int encrypt_path(void **outbuf, void *data, unsigned int data_len, + unsigned int max_namelen, struct fscrypt_context *fctx) +{ + (void)outbuf; + (void)data; + (void)data_len; + (void)max_namelen; + (void)fctx; + + assert(0); + return -1; +} + +static inline int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no, + struct ubifs_data_node *dn, size_t length) +{ + (void)fctx; + (void)block_no; + (void)dn; + (void)length; + + assert(0); + return -1; +} + +static inline struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx) +{ + (void)fctx; + + assert(0); + return NULL; +} +#endif /* WITH_CRYPTO */ #endif /* FSCRYPT_H */ diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index e4204dae07cb..7073bf052688 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -508,9 +508,12 @@ static int get_options(int argc, char**argv) { int opt, i, fscrypt_flags = FS_POLICY_FLAGS_PAD_4; const char *key_file = NULL, *key_desc = NULL; - const char *tbl_file = NULL, *cipher_name = "AES-128-CBC"; + const char *tbl_file = NULL; struct stat st; char *endp; +#ifdef WITH_CRYPTO + const char *cipher_name; +#endif c->fanout = 8; c->orph_lebs = 1; @@ -587,8 +590,10 @@ static int get_options(int argc, char**argv) exit(EXIT_SUCCESS); case '?': printf("%s", helptext); +#ifdef WITH_CRYPTO printf("\n\nSupported ciphers:\n"); list_ciphers(stdout); +#endif exit(-1); case 'v': verbose = 1; @@ -729,7 +734,11 @@ static int get_options(int argc, char**argv) break; } case 'C': +#ifdef WITH_CRYPTO cipher_name = optarg; +#else + return err_msg("mkfs.ubifs was built without crypto support."); +#endif break; } } @@ -748,20 +757,26 @@ static int get_options(int argc, char**argv) if (c->max_leb_cnt == -1) c->max_leb_cnt = c->vi.rsvd_lebs; } - if (key_file || key_desc) { +#ifdef WITH_CRYPTO if (!key_file) return err_msg("no key file specified"); c->double_hash = 1; c->encrypted = 1; + if (cipher_name == NULL) + cipher_name = "AES-128-CBC"; + root_fctx = init_fscrypt_context(cipher_name, fscrypt_flags, key_file, key_desc); if (!root_fctx) return -1; print_fscrypt_master_key_descriptor(root_fctx); +#else + return err_msg("mkfs.ubifs was built without crypto support."); +#endif } if (c->min_io_size == -1) @@ -1385,6 +1400,7 @@ static inline int inode_add_selinux_xattr(struct ubifs_ino_node *host_ino, } #endif +#ifdef WITH_CRYPTO static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, struct stat *host_st, struct fscrypt_context *fctx) @@ -1421,6 +1437,31 @@ static int encrypt_symlink(void *dst, void *data, unsigned int data_len, free(sd); return link_disk_len; } +#else +static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, + struct stat *host_st, + struct fscrypt_context *fctx) +{ + (void)host_ino; + (void)inum; + (void)host_st; + (void)fctx; + + assert(0); + return -1; +} +static int encrypt_symlink(void *dst, void *data, unsigned int data_len, + struct fscrypt_context *fctx) +{ + (void)dst; + (void)data; + (void)data_len; + (void)fctx; + + assert(0); + return -1; +} +#endif /** * add_inode - write an inode. @@ -1582,9 +1623,11 @@ static int add_symlink_inode(const char *path_name, struct stat *st, ino_t inum, static void set_dent_cookie(struct ubifs_dent_node *dent) { +#ifdef WITH_CRYPTO if (c->double_hash) RAND_bytes((void *)&dent->cookie, sizeof(dent->cookie)); else +#endif dent->cookie = 0; } @@ -1981,7 +2024,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, inum = ++c->highest_inum; - new_fctx = inherit_fscrypt_context(fctx); + if (fctx) + new_fctx = inherit_fscrypt_context(fctx); if (S_ISDIR(dent_st.st_mode)) { err = add_directory(name, inum, &dent_st, 1, new_fctx); @@ -2006,7 +2050,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(entry->d_name) + 1, 8); - free_fscrypt_context(new_fctx); + if (new_fctx) + free_fscrypt_context(new_fctx); } /* @@ -2068,7 +2113,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(nh_elt->name) + 1, 8); nh_elt = next_name_htbl_element(ph_elt, &itr); - free_fscrypt_context(new_fctx); + if (new_fctx) + free_fscrypt_context(new_fctx); } creat_sqnum = dir_creat_sqnum; From patchwork Thu Oct 18 14:37:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986024 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="IoEml6CL"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="L44fWImY"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXwM0qlGz9s8T for ; Fri, 19 Oct 2018 02:27:15 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=bgr8W028LxOuWtYouXBJsEnmQNOCHV8pp/ny/HSMp2U=; b=IoEml6CLN/GiBu 5WlSvvBQprrCxwWC2fQyexHEtgJnEC4E0soarptGc5Tq+bPuqMLoalv2qt1AkmUDGNs8i5VMrLGBB vKZYHgXrq+cZtaxiyn9/fImith6c20203gmVAY8nN0ncqLY7EwLAh7tccYOLDO4AP4wv+5DdeQr1L rLKqdq///eccrpjpe9/x2EpDMphFo1/tGDyKkc9NaFG0wQCdpYZvg9XyiqluU+r3Sf1t4cplCrw7N waqjVfmyT92LU+95/Ft6q9Ou+h0BrN64J2MkN+weQImdp6rZqes9+DfUK2xdczUw72yz+xZhan3zw 0He9g0skW3Fl+lj/pIgQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDACV-0008St-G6; Thu, 18 Oct 2018 15:27:03 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDA2j-00025V-AK for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 15:16:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=P3pmgPEIFURFkOg/6QfeZLOsRjiL4I88zE3Sh/FU1tQ=; b=L44fWImYSh3lY+DbVZ9BpELDzG +cOsBB4T2c3P3fJSLA07nI3apFxO2gIYcug+fKFiU7ADMQzjO9Zd9pPYtjuxZwvnkccTIq/DDHto2 6EUIh4eCeDIH/o25qMQ5/IQsLDECamDGk5OHR3ZVsWOSSV4nuykCXuDoIrf4tCFST8Ft4af9mulTL V0upTMWIja/Tn85n/ZoagVV9Z7BqUJ00Wzj+mTRNacQ/1deqSiT4JB5RezR3FvqRmKjLoIWsWberf IMeaKf7TcRRYG23ErCeM+9JbgL/tjMQK3VwlaK2OnfC5wA+6YCVKKXgTmswh8LcyBlRdZB1ylNzE+ gqHp1yLQ==; Received: from lilium.sigma-star.at ([109.75.188.150]) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SJ-0005Jn-T7 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:20 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 1BF7F1812B800; Thu, 18 Oct 2018 16:39:10 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 41/42] mkfs.ubifs: Print key descriptor only when generated Date: Thu, 18 Oct 2018 16:37:17 +0200 Message-Id: <20181018143718.26298-42-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_103920_096840_F52CD37E X-CRM114-Status: GOOD ( 12.73 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/fscrypt.c | 5 +++-- ubifs-utils/mkfs.ubifs/fscrypt.h | 1 - ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 2 -- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 3d4bff618050..6d2b650d626d 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -65,13 +65,13 @@ void free_fscrypt_context(struct fscrypt_context *fctx) free(fctx); } -void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx) +static void print_fscrypt_master_key_descriptor(__u8 *master_key_descriptor) { int i; normsg_cont("fscrypt master key descriptor: 0x"); for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; i++) { - printf("%02x", fctx->master_key_descriptor[i]); + printf("%02x", master_key_descriptor[i]); } printf("\n"); } @@ -248,6 +248,7 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name, if (!key_descriptor) { if (derive_key_descriptor(fscrypt_masterkey, master_key_descriptor)) return NULL; + print_fscrypt_master_key_descriptor(master_key_descriptor); } else { if (parse_key_descriptor(key_descriptor, master_key_descriptor)) return NULL; diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index 3b717b4359c6..34b799c94c2b 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -101,7 +101,6 @@ struct fscrypt_symlink_data { unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx); struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx); void free_fscrypt_context(struct fscrypt_context *fctx); -void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx); unsigned int fscrypt_fname_encrypted_size(struct fscrypt_context *fctx, unsigned int ilen); int encrypt_path(void **outbuf, void *data, unsigned int data_len, diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 7073bf052688..a60d392bbc81 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -772,8 +772,6 @@ static int get_options(int argc, char**argv) key_file, key_desc); if (!root_fctx) return -1; - - print_fscrypt_master_key_descriptor(root_fctx); #else return err_msg("mkfs.ubifs was built without crypto support."); #endif From patchwork Thu Oct 18 14:37:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 986025 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="G5mEs/M6"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="lnI75Upx"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXwM1YLfz9sC2 for ; Fri, 19 Oct 2018 02:27:15 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6RYWr9oyjAY1pOGt17bkbxsMC8Cb7OxrSMPr1jIOBpc=; b=G5mEs/M61Q9gCu VafCorDn50RbZl4xE4p/t0CGQpWSjF3XFT4jpIDp1wMCxYUcLaa5cqm6QmrS1vNV8SUROUpAL/ngj tMBz46QsMvdaHLbcnsy47kAl/NsmRVy3m+V7k4qoTrzSHOVrW1kGCPsFnXE4rkxSjhaC80ZhucXT6 0lcsoWFnXeEqZfa5IdXnewcbWGRGFiZGLM5sC/5lA3iCX4/2RZsM/7AM0D35zXvRSYhK7GRPOjtD7 QvvKuQeCogb6mLoGKhiPAQLhEw7iVcE6UBXMDsRAE4Ox2u6frcVnEAw5KuKfsqbl37SR5SLnn+SY6 umY0WXBK5SrJGx8XwpDw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDACS-0008S5-PP; Thu, 18 Oct 2018 15:27:00 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gDA2g-00025V-Lc for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 15:16:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=9YCq/8YW/EWAQ7AF49VBklOyLlubQs+zyNyXEl+ErSk=; b=lnI75Upxynh4UoX8N3wlqjPYi9 YSgbRRDJKQXIjBbNnChMxbDd23DZK9O8i0260RcPSO/uDn5EMW/gMwukyi1C84rwGoBARnIa7iEiB EIfcvjQsd0RHWBHXPKx+p73+1Ic8oMA8fAkfcvEycn4S2v09wmBHwb+DuX9//lUpci6Ou6uxt31Ao /g2DTzSbk7oru7i4BP2g0cSpyUhc7yRwXJ4CSr1dAihjlWJ4eLWc8fC5iMeNdTutMfs2bn8JhD53m VZmKZVLv8CrSeU0x2fAaWN++a1xepIRddyKutglkEvUImzkGpuof9z3Yfm9aGqkz8sD67B0jK4oXi rO1KsE6w==; Received: from lilium.sigma-star.at ([109.75.188.150]) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SJ-0005K4-T9 for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:21 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id B505F18011B6A; Thu, 18 Oct 2018 16:39:11 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 42/42] mkfs.ubifs: Use AES-256-XTS as default Date: Thu, 18 Oct 2018 16:37:18 +0200 Message-Id: <20181018143718.26298-43-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_103920_120335_BFC6DECD X-CRM114-Status: GOOD ( 10.89 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org AES-128-CBC should only being used when 256-XTS is too slow on low end hardware. Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index a60d392bbc81..5847b352038a 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -766,7 +766,7 @@ static int get_options(int argc, char**argv) c->encrypted = 1; if (cipher_name == NULL) - cipher_name = "AES-128-CBC"; + cipher_name = "AES-256-XTS"; root_fctx = init_fscrypt_context(cipher_name, fscrypt_flags, key_file, key_desc);