Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 125892edfe69915a227d8d125ff0e1cd713178f4 / . / fs / ubifs / auth.c
blob: 5bf5fd08879e6b2dd0570d179c3743b646184c5b [file] [log] [blame]
Sascha Hauer49525e52018-09-07 14:36:32 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
2/*
3 * This file is part of UBIFS.
4 *
5 * Copyright (C) 2018 Pengutronix, Sascha Hauer <s.hauer@pengutronix.de>
6 */
7
8/*
9 * This file implements various helper functions for UBIFS authentication support
10 */
11
12#include <linux/crypto.h>
13#include <crypto/hash.h>
14#include <crypto/sha.h>
15#include <crypto/algapi.h>
16#include <keys/user-type.h>
17
18#include "ubifs.h"
19
20/**
21 * ubifs_node_calc_hash - calculate the hash of a UBIFS node
22 * @c: UBIFS file-system description object
23 * @node: the node to calculate a hash for
24 * @hash: the returned hash
25 *
26 * Returns 0 for success or a negative error code otherwise.
27 */
28int __ubifs_node_calc_hash(const struct ubifs_info *c, const void *node,
29 u8 *hash)
30{
31 const struct ubifs_ch *ch = node;
32 SHASH_DESC_ON_STACK(shash, c->hash_tfm);
33 int err;
34
35 shash->tfm = c->hash_tfm;
36 shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
37
38 err = crypto_shash_digest(shash, node, le32_to_cpu(ch->len), hash);
39 if (err < 0)
40 return err;
41 return 0;
42}
43
44/**
45 * ubifs_hash_calc_hmac - calculate a HMAC from a hash
46 * @c: UBIFS file-system description object
47 * @hash: the node to calculate a HMAC for
48 * @hmac: the returned HMAC
49 *
50 * Returns 0 for success or a negative error code otherwise.
51 */
52static int ubifs_hash_calc_hmac(const struct ubifs_info *c, const u8 *hash,
53 u8 *hmac)
54{
55 SHASH_DESC_ON_STACK(shash, c->hmac_tfm);
56 int err;
57
58 shash->tfm = c->hmac_tfm;
59 shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
60
61 err = crypto_shash_digest(shash, hash, c->hash_len, hmac);
62 if (err < 0)
63 return err;
64 return 0;
65}
66
67/**
68 * ubifs_prepare_auth_node - Prepare an authentication node
69 * @c: UBIFS file-system description object
70 * @node: the node to calculate a hash for
71 * @hash: input hash of previous nodes
72 *
73 * This function prepares an authentication node for writing onto flash.
74 * It creates a HMAC from the given input hash and writes it to the node.
75 *
76 * Returns 0 for success or a negative error code otherwise.
77 */
78int ubifs_prepare_auth_node(struct ubifs_info *c, void *node,
79 struct shash_desc *inhash)
80{
81 SHASH_DESC_ON_STACK(hash_desc, c->hash_tfm);
82 struct ubifs_auth_node *auth = node;
83 u8 *hash;
84 int err;
85
86 hash = kmalloc(crypto_shash_descsize(c->hash_tfm), GFP_NOFS);
87 if (!hash)
88 return -ENOMEM;
89
90 hash_desc->tfm = c->hash_tfm;
91 hash_desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
92 ubifs_shash_copy_state(c, inhash, hash_desc);
93
94 err = crypto_shash_final(hash_desc, hash);
95 if (err)
96 goto out;
97
98 err = ubifs_hash_calc_hmac(c, hash, auth->hmac);
99 if (err)
100 goto out;
101
102 auth->ch.node_type = UBIFS_AUTH_NODE;
103 ubifs_prepare_node(c, auth, ubifs_auth_node_sz(c), 0);
104
105 err = 0;
106out:
107 kfree(hash);
108
109 return err;
110}
111
112static struct shash_desc *ubifs_get_desc(const struct ubifs_info *c,
113 struct crypto_shash *tfm)
114{
115 struct shash_desc *desc;
116 int err;
117
118 if (!ubifs_authenticated(c))
119 return NULL;
120
121 desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL);
122 if (!desc)
123 return ERR_PTR(-ENOMEM);
124
125 desc->tfm = tfm;
126 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
127
128 err = crypto_shash_init(desc);
129 if (err) {
130 kfree(desc);
131 return ERR_PTR(err);
132 }
133
134 return desc;
135}
136
137/**
138 * __ubifs_hash_get_desc - get a descriptor suitable for hashing a node
139 * @c: UBIFS file-system description object
140 *
141 * This function returns a descriptor suitable for hashing a node. Free after use
142 * with kfree.
143 */
144struct shash_desc *__ubifs_hash_get_desc(const struct ubifs_info *c)
145{
146 return ubifs_get_desc(c, c->hash_tfm);
147}
148
149/**
150 * __ubifs_shash_final - finalize shash
151 * @c: UBIFS file-system description object
152 * @desc: the descriptor
153 * @out: the output hash
154 *
155 * Simple wrapper around crypto_shash_final(), safe to be called with
156 * disabled authentication.
157 */
158int __ubifs_shash_final(const struct ubifs_info *c, struct shash_desc *desc,
159 u8 *out)
160{
161 if (ubifs_authenticated(c))
162 return crypto_shash_final(desc, out);
163
164 return 0;
165}
166
167/**
168 * ubifs_bad_hash - Report hash mismatches
169 * @c: UBIFS file-system description object
170 * @node: the node
171 * @hash: the expected hash
172 * @lnum: the LEB @node was read from
173 * @offs: offset in LEB @node was read from
174 *
175 * This function reports a hash mismatch when a node has a different hash than
176 * expected.
177 */
178void ubifs_bad_hash(const struct ubifs_info *c, const void *node, const u8 *hash,
179 int lnum, int offs)
180{
181 int len = min(c->hash_len, 20);
182 int cropped = len != c->hash_len;
183 const char *cont = cropped ? "..." : "";
184
185 u8 calc[UBIFS_HASH_ARR_SZ];
186
187 __ubifs_node_calc_hash(c, node, calc);
188
189 ubifs_err(c, "hash mismatch on node at LEB %d:%d", lnum, offs);
190 ubifs_err(c, "hash expected: %*ph%s", len, hash, cont);
191 ubifs_err(c, "hash calculated: %*ph%s", len, calc, cont);
192}
193
194/**
195 * __ubifs_node_check_hash - check the hash of a node against given hash
196 * @c: UBIFS file-system description object
197 * @node: the node
198 * @expected: the expected hash
199 *
200 * This function calculates a hash over a node and compares it to the given hash.
201 * Returns 0 if both hashes are equal or authentication is disabled, otherwise a
202 * negative error code is returned.
203 */
204int __ubifs_node_check_hash(const struct ubifs_info *c, const void *node,
205 const u8 *expected)
206{
207 u8 calc[UBIFS_HASH_ARR_SZ];
208 int err;
209
210 err = __ubifs_node_calc_hash(c, node, calc);
211 if (err)
212 return err;
213
214 if (ubifs_check_hash(c, expected, calc))
215 return -EPERM;
216
217 return 0;
218}
219
220/**
221 * ubifs_init_authentication - initialize UBIFS authentication support
222 * @c: UBIFS file-system description object
223 *
224 * This function returns 0 for success or a negative error code otherwise.
225 */
226int ubifs_init_authentication(struct ubifs_info *c)
227{
228 struct key *keyring_key;
229 const struct user_key_payload *ukp;
230 int err;
231 char hmac_name[CRYPTO_MAX_ALG_NAME];
232
233 if (!c->auth_hash_name) {
234 ubifs_err(c, "authentication hash name needed with authentication");
235 return -EINVAL;
236 }
237
238 c->auth_hash_algo = match_string(hash_algo_name, HASH_ALGO__LAST,
239 c->auth_hash_name);
240 if ((int)c->auth_hash_algo < 0) {
241 ubifs_err(c, "Unknown hash algo %s specified",
242 c->auth_hash_name);
243 return -EINVAL;
244 }
245
246 snprintf(hmac_name, CRYPTO_MAX_ALG_NAME, "hmac(%s)",
247 c->auth_hash_name);
248
249 keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL);
250
251 if (IS_ERR(keyring_key)) {
252 ubifs_err(c, "Failed to request key: %ld",
253 PTR_ERR(keyring_key));
254 return PTR_ERR(keyring_key);
255 }
256
257 down_read(&keyring_key->sem);
258
259 if (keyring_key->type != &key_type_logon) {
260 ubifs_err(c, "key type must be logon");
261 err = -ENOKEY;
262 goto out;
263 }
264
265 ukp = user_key_payload_locked(keyring_key);
266 if (!ukp) {
267 /* key was revoked before we acquired its semaphore */
268 err = -EKEYREVOKED;
269 goto out;
270 }
271
Eric Biggers3d234b32018-11-14 12:21:11 -0800[diff] [blame]272 c->hash_tfm = crypto_alloc_shash(c->auth_hash_name, 0, 0);
Sascha Hauer49525e52018-09-07 14:36:32 +0200[diff] [blame]273 if (IS_ERR(c->hash_tfm)) {
274 err = PTR_ERR(c->hash_tfm);
275 ubifs_err(c, "Can not allocate %s: %d",
276 c->auth_hash_name, err);
277 goto out;
278 }
279
280 c->hash_len = crypto_shash_digestsize(c->hash_tfm);
281 if (c->hash_len > UBIFS_HASH_ARR_SZ) {
282 ubifs_err(c, "hash %s is bigger than maximum allowed hash size (%d > %d)",
283 c->auth_hash_name, c->hash_len, UBIFS_HASH_ARR_SZ);
284 err = -EINVAL;
285 goto out_free_hash;
286 }
287
Eric Biggers3d234b32018-11-14 12:21:11 -0800[diff] [blame]288 c->hmac_tfm = crypto_alloc_shash(hmac_name, 0, 0);
Sascha Hauer49525e52018-09-07 14:36:32 +0200[diff] [blame]289 if (IS_ERR(c->hmac_tfm)) {
290 err = PTR_ERR(c->hmac_tfm);
291 ubifs_err(c, "Can not allocate %s: %d", hmac_name, err);
292 goto out_free_hash;
293 }
294
295 c->hmac_desc_len = crypto_shash_digestsize(c->hmac_tfm);
296 if (c->hmac_desc_len > UBIFS_HMAC_ARR_SZ) {
297 ubifs_err(c, "hmac %s is bigger than maximum allowed hmac size (%d > %d)",
298 hmac_name, c->hmac_desc_len, UBIFS_HMAC_ARR_SZ);
299 err = -EINVAL;
300 goto out_free_hash;
301 }
302
303 err = crypto_shash_setkey(c->hmac_tfm, ukp->data, ukp->datalen);
304 if (err)
305 goto out_free_hmac;
306
307 c->authenticated = true;
308
309 c->log_hash = ubifs_hash_get_desc(c);
310 if (IS_ERR(c->log_hash))
311 goto out_free_hmac;
312
313 err = 0;
314
315out_free_hmac:
316 if (err)
317 crypto_free_shash(c->hmac_tfm);
318out_free_hash:
319 if (err)
320 crypto_free_shash(c->hash_tfm);
321out:
322 up_read(&keyring_key->sem);
323 key_put(keyring_key);
324
325 return err;
326}
327
328/**
329 * __ubifs_exit_authentication - release resource
330 * @c: UBIFS file-system description object
331 *
332 * This function releases the authentication related resources.
333 */
334void __ubifs_exit_authentication(struct ubifs_info *c)
335{
336 if (!ubifs_authenticated(c))
337 return;
338
339 crypto_free_shash(c->hmac_tfm);
340 crypto_free_shash(c->hash_tfm);
341 kfree(c->log_hash);
342}
343
344/**
345 * ubifs_node_calc_hmac - calculate the HMAC of a UBIFS node
346 * @c: UBIFS file-system description object
347 * @node: the node to insert a HMAC into.
348 * @len: the length of the node
349 * @ofs_hmac: the offset in the node where the HMAC is inserted
350 * @hmac: returned HMAC
351 *
352 * This function calculates a HMAC of a UBIFS node. The HMAC is expected to be
353 * embedded into the node, so this area is not covered by the HMAC. Also not
354 * covered is the UBIFS_NODE_MAGIC and the CRC of the node.
355 */
356static int ubifs_node_calc_hmac(const struct ubifs_info *c, const void *node,
357 int len, int ofs_hmac, void *hmac)
358{
359 SHASH_DESC_ON_STACK(shash, c->hmac_tfm);
360 int hmac_len = c->hmac_desc_len;
361 int err;
362
363 ubifs_assert(c, ofs_hmac > 8);
364 ubifs_assert(c, ofs_hmac + hmac_len < len);
365
366 shash->tfm = c->hmac_tfm;
367 shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
368
369 err = crypto_shash_init(shash);
370 if (err)
371 return err;
372
373 /* behind common node header CRC up to HMAC begin */
374 err = crypto_shash_update(shash, node + 8, ofs_hmac - 8);
375 if (err < 0)
376 return err;
377
378 /* behind HMAC, if any */
379 if (len - ofs_hmac - hmac_len > 0) {
380 err = crypto_shash_update(shash, node + ofs_hmac + hmac_len,
381 len - ofs_hmac - hmac_len);
382 if (err < 0)
383 return err;
384 }
385
386 return crypto_shash_final(shash, hmac);
387}
388
389/**
390 * __ubifs_node_insert_hmac - insert a HMAC into a UBIFS node
391 * @c: UBIFS file-system description object
392 * @node: the node to insert a HMAC into.
393 * @len: the length of the node
394 * @ofs_hmac: the offset in the node where the HMAC is inserted
395 *
396 * This function inserts a HMAC at offset @ofs_hmac into the node given in
397 * @node.
398 *
399 * This function returns 0 for success or a negative error code otherwise.
400 */
401int __ubifs_node_insert_hmac(const struct ubifs_info *c, void *node, int len,
402 int ofs_hmac)
403{
404 return ubifs_node_calc_hmac(c, node, len, ofs_hmac, node + ofs_hmac);
405}
406
407/**
408 * __ubifs_node_verify_hmac - verify the HMAC of UBIFS node
409 * @c: UBIFS file-system description object
410 * @node: the node to insert a HMAC into.
411 * @len: the length of the node
412 * @ofs_hmac: the offset in the node where the HMAC is inserted
413 *
414 * This function verifies the HMAC at offset @ofs_hmac of the node given in
415 * @node. Returns 0 if successful or a negative error code otherwise.
416 */
417int __ubifs_node_verify_hmac(const struct ubifs_info *c, const void *node,
418 int len, int ofs_hmac)
419{
420 int hmac_len = c->hmac_desc_len;
421 u8 *hmac;
422 int err;
423
424 hmac = kmalloc(hmac_len, GFP_NOFS);
425 if (!hmac)
426 return -ENOMEM;
427
428 err = ubifs_node_calc_hmac(c, node, len, ofs_hmac, hmac);
429 if (err)
430 return err;
431
432 err = crypto_memneq(hmac, node + ofs_hmac, hmac_len);
433
434 kfree(hmac);
435
436 if (!err)
437 return 0;
438
439 return -EPERM;
440}
441
442int __ubifs_shash_copy_state(const struct ubifs_info *c, struct shash_desc *src,
443 struct shash_desc *target)
444{
445 u8 *state;
446 int err;
447
448 state = kmalloc(crypto_shash_descsize(src->tfm), GFP_NOFS);
449 if (!state)
450 return -ENOMEM;
451
452 err = crypto_shash_export(src, state);
453 if (err)
454 goto out;
455
456 err = crypto_shash_import(target, state);
457
458out:
459 kfree(state);
460
461 return err;
462}
463
464/**
465 * ubifs_hmac_wkm - Create a HMAC of the well known message
466 * @c: UBIFS file-system description object
467 * @hmac: The HMAC of the well known message
468 *
469 * This function creates a HMAC of a well known message. This is used
470 * to check if the provided key is suitable to authenticate a UBIFS
471 * image. This is only a convenience to the user to provide a better
472 * error message when the wrong key is provided.
473 *
474 * This function returns 0 for success or a negative error code otherwise.
475 */
476int ubifs_hmac_wkm(struct ubifs_info *c, u8 *hmac)
477{
478 SHASH_DESC_ON_STACK(shash, c->hmac_tfm);
479 int err;
480 const char well_known_message[] = "UBIFS";
481
482 if (!ubifs_authenticated(c))
483 return 0;
484
485 shash->tfm = c->hmac_tfm;
486 shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
487
488 err = crypto_shash_init(shash);
489 if (err)
490 return err;
491
492 err = crypto_shash_update(shash, well_known_message,
493 sizeof(well_known_message) - 1);
494 if (err < 0)
495 return err;
496
497 err = crypto_shash_final(shash, hmac);
498 if (err)
499 return err;
500 return 0;
501}