From: Torben Hohn <torben.hohn@linutronix.de>
To: richard@nod.at
Cc: bigeasy@linutronix.de, linux-mtd@lists.infradead.org,
tglx@linutronix.de, s.hauer@pengutronix.de
Subject: [PATCH v2 2/4] ubifs: support authentication, for ro mount, when no key is given
Date: Fri, 26 Jun 2020 13:29:05 +0200 [thread overview]
Message-ID: <20200626112907.13201-3-torben.hohn@linutronix.de> (raw)
In-Reply-To: <20200626112907.13201-1-torben.hohn@linutronix.de>
Ubifs authentication requires a hmac key, even when a
filesystem is mounted read-only.
Implement ubifs_init_authentication_read_only(),
which only allocates the structures needed for validating
the hashes.
Call ubifs_init_authentication_read_only() when no
auth_key_name is specified, and the filesystem is to be
mounted read only.
Fixup __ubifs_exit_authentication() to free c->hmac_tfm only
when !c->ro_mount.
Signed-off-by: Torben Hohn <torben.hohn@linutronix.de>
---
fs/ubifs/auth.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++-
fs/ubifs/sb.c | 4 ++++
fs/ubifs/super.c | 19 ++++++++++++++-
fs/ubifs/ubifs.h | 1 +
4 files changed, 83 insertions(+), 2 deletions(-)
diff --git a/fs/ubifs/auth.c b/fs/ubifs/auth.c
index cc5c0abfd536..52ce7a2218a5 100644
--- a/fs/ubifs/auth.c
+++ b/fs/ubifs/auth.c
@@ -248,6 +248,61 @@ int ubifs_sb_verify_signature(struct ubifs_info *c,
return err;
}
+/**
+ * ubifs_init_authentication_read_only - init only the read_only parts
+ *
+ * @c: UBIFS file-system description object
+ *
+ * This function returns 0 for success or a negative error code otherwise.
+ */
+
+int ubifs_init_authentication_read_only(struct ubifs_info *c)
+{
+ int err;
+
+ if (!c->auth_hash_name) {
+ ubifs_err(c, "authentication hash name needed with authentication");
+ return -EINVAL;
+ }
+
+ c->auth_hash_algo = match_string(hash_algo_name, HASH_ALGO__LAST,
+ c->auth_hash_name);
+ if ((int)c->auth_hash_algo < 0) {
+ ubifs_err(c, "Unknown hash algo %s specified",
+ c->auth_hash_name);
+ return -EINVAL;
+ }
+
+ c->hash_tfm = crypto_alloc_shash(c->auth_hash_name, 0, 0);
+ if (IS_ERR(c->hash_tfm)) {
+ err = PTR_ERR(c->hash_tfm);
+ ubifs_err(c, "Can not allocate %s: %d",
+ c->auth_hash_name, err);
+ goto out;
+ }
+
+ c->hash_len = crypto_shash_digestsize(c->hash_tfm);
+ if (c->hash_len > UBIFS_HASH_ARR_SZ) {
+ ubifs_err(c, "hash %s is bigger than maximum allowed hash size (%d > %d)",
+ c->auth_hash_name, c->hash_len, UBIFS_HASH_ARR_SZ);
+ err = -EINVAL;
+ goto out_free_hash;
+ }
+
+ c->authenticated = true;
+
+ c->log_hash = ubifs_hash_get_desc(c);
+ if (IS_ERR(c->log_hash))
+ goto out_free_hash;
+
+ err = 0;
+out_free_hash:
+ if (err)
+ crypto_free_shash(c->hash_tfm);
+out:
+ return err;
+}
+
/**
* ubifs_init_authentication - initialize UBIFS authentication support
* @c: UBIFS file-system description object
@@ -367,9 +422,13 @@ void __ubifs_exit_authentication(struct ubifs_info *c)
if (!ubifs_authenticated(c))
return;
- crypto_free_shash(c->hmac_tfm);
crypto_free_shash(c->hash_tfm);
kfree(c->log_hash);
+
+ if (c->ro_mount)
+ return;
+
+ crypto_free_shash(c->hmac_tfm);
}
/**
diff --git a/fs/ubifs/sb.c b/fs/ubifs/sb.c
index 4b4b65b48c57..d898ea5edd7c 100644
--- a/fs/ubifs/sb.c
+++ b/fs/ubifs/sb.c
@@ -583,6 +583,10 @@ static int authenticate_sb_node(struct ubifs_info *c,
if (ubifs_hmac_zero(c, sup->hmac)) {
err = ubifs_sb_verify_signature(c, sup);
} else {
+ if (!c->hmac_tfm) {
+ ubifs_err(c, "HMAC authenticated FS found, but no key given");
+ return -EINVAL;
+ }
err = ubifs_hmac_wkm(c, hmac_wkm);
if (err)
return err;
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 7fc2f3f07c16..13175da14464 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1291,6 +1291,23 @@ static int mount_ubifs(struct ubifs_info *c)
err = -EINVAL;
goto out_free;
}
+ } else if (c->auth_hash_name) {
+ if (!c->ro_mount) {
+ ubifs_err(c, "auth_hash_name without auth_key_name, but no ro mount");
+ err = -EINVAL;
+ goto out_free;
+ }
+
+ if (IS_ENABLED(CONFIG_UBIFS_FS_AUTHENTICATION)) {
+ err = ubifs_init_authentication_read_only(c);
+ if (err)
+ goto out_free;
+ } else {
+ ubifs_err(c, "auth_hash_name, but UBIFS is built without"
+ " authentication support");
+ err = -EINVAL;
+ goto out_free;
+ }
}
err = ubifs_read_superblock(c);
@@ -1383,7 +1400,7 @@ static int mount_ubifs(struct ubifs_info *c)
* in the superblock, we can update the offline signed
* superblock with a HMAC version,
*/
- if (ubifs_authenticated(c) && ubifs_hmac_zero(c, c->sup_node->hmac)) {
+ if (!c->ro_mount && c->authenticated && ubifs_hmac_zero(c, c->sup_node->hmac)) {
err = ubifs_hmac_wkm(c, c->sup_node->hmac_wkm);
if (err)
goto out_lpt;
diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h
index 95ed45022e51..80e2800927ec 100644
--- a/fs/ubifs/ubifs.h
+++ b/fs/ubifs/ubifs.h
@@ -1607,6 +1607,7 @@ static inline int ubifs_node_check_hash(const struct ubifs_info *c,
return 0;
}
+int ubifs_init_authentication_read_only(struct ubifs_info *c);
int ubifs_init_authentication(struct ubifs_info *c);
void __ubifs_exit_authentication(struct ubifs_info *c);
static inline void ubifs_exit_authentication(struct ubifs_info *c)
--
2.20.1
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
next prev parent reply other threads:[~2020-06-26 12:16 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-25 15:59 [PATCH 0/1] ubifs: support authentication without hmac Torben Hohn
2020-06-25 15:59 ` [PATCH 1/1] ubifs: support authentication, for ro mount, when no key is given Torben Hohn
2020-06-26 4:31 ` Sascha Hauer
2020-06-26 7:27 ` Torben Hohn
2020-06-26 7:53 ` Richard Weinberger
2020-06-26 8:10 ` Sascha Hauer
2020-06-26 9:39 ` Torben Hohn
2020-06-26 8:09 ` [PATCH 0/1] ubifs: support authentication without hmac Richard Weinberger
2020-06-29 6:46 ` Alexander Dahl
2020-06-29 7:04 ` Richard Weinberger
2020-06-29 7:48 ` Wolfgang Denk
2020-06-29 7:51 ` Richard Weinberger
2020-06-30 5:50 ` Wolfgang Denk
2020-06-30 13:36 ` Richard Weinberger
2020-06-30 14:36 ` Alexander Dahl
2020-06-26 11:29 ` [PATCH v2 0/4] " Torben Hohn
2020-06-26 11:29 ` [PATCH v2 1/4] ubifs: move #include "debug.h" above auth.c Torben Hohn
2020-06-26 11:29 ` Torben Hohn [this message]
2020-06-26 11:29 ` [PATCH v2 3/4] ubifs: sprinkle ubifs_assert(c, !c->ro_mount) in hmac auth Torben Hohn
2020-06-26 11:29 ` [PATCH v2 4/4] ubifs: prevent remounting rw when no hmac key was given Torben Hohn
2020-06-26 12:27 ` Richard Weinberger
2020-06-29 8:53 ` Torben Hohn
2020-06-29 10:52 ` Richard Weinberger
2020-06-26 14:16 ` [PATCH v2 0/4] ubifs: support authentication without hmac Richard Weinberger
2020-06-26 14:36 ` Richard Weinberger
2020-06-29 9:13 ` Torben Hohn
2020-06-29 9:07 ` Torben Hohn
2020-06-29 10:46 ` Richard Weinberger
2020-07-02 14:40 ` Thomas Gleixner
2020-07-02 15:00 ` Richard Weinberger
2020-07-02 18:48 ` Thomas Gleixner
2020-07-02 19:03 ` Richard Weinberger
2020-07-03 8:16 ` bigeasy
2020-07-03 8:20 ` Richard Weinberger
2020-07-03 9:12 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200626112907.13201-3-torben.hohn@linutronix.de \
--to=torben.hohn@linutronix.de \
--cc=bigeasy@linutronix.de \
--cc=linux-mtd@lists.infradead.org \
--cc=richard@nod.at \
--cc=s.hauer@pengutronix.de \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).