From: Richard Weinberger <richard@nod.at>
To: linux-mtd@lists.infradead.org
Cc: david.oberhollenzer@sigma-star.at, Richard Weinberger <richard@nod.at>
Subject: [PATCH 07/42] mkfs.ubifs: Add basic fscrypto functions
Date: Thu, 18 Oct 2018 16:36:43 +0200 [thread overview]
Message-ID: <20181018143718.26298-8-richard@nod.at> (raw)
In-Reply-To: <20181018143718.26298-1-richard@nod.at>
...maybe we should add them to crypto.c?
Signed-off-by: Richard Weinberger <richard@nod.at>
---
ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 67 +++++++++++++++++++++++++++++
1 file changed, 67 insertions(+)
diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
index 2649c34cdd68..fc1b0cb1f6cc 100644
--- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
+++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
@@ -518,6 +518,73 @@ static long long get_bytes(const char *str)
return bytes;
}
+
+static unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx)
+{
+ int ret;
+ unsigned char *new_key = xmalloc(FS_MAX_KEY_SIZE);
+
+ ret = derive_key_aes(fctx->nonce, fscrypt_masterkey, new_key);
+ if (ret < 0) {
+ err_msg("derive_key_aes failed: %i\n", ret);
+
+ free(new_key);
+ new_key = NULL;
+ }
+
+ return new_key;
+}
+
+static struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx)
+{
+ struct fscrypt_context *new_fctx = NULL;
+
+ if (fctx) {
+ new_fctx = xmalloc(sizeof(*new_fctx));
+ new_fctx->format = fctx->format;
+ new_fctx->contents_encryption_mode = fctx->contents_encryption_mode;
+ new_fctx->filenames_encryption_mode = fctx->filenames_encryption_mode;
+ new_fctx->flags = fctx->flags;
+ memcpy(new_fctx->master_key_descriptor, fctx->master_key_descriptor,
+ FS_KEY_DESCRIPTOR_SIZE);
+ RAND_bytes((void *)&new_fctx->nonce, FS_KEY_DERIVATION_NONCE_SIZE);
+ }
+
+ return new_fctx;
+}
+
+static void free_fscrypt_context(struct fscrypt_context *fctx)
+{
+ free(fctx);
+}
+
+static void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx)
+{
+ int i;
+
+ normsg_cont("fscrypt master key descriptor: ");
+ for (i = 0; i < FS_KEY_DESCRIPTOR_SIZE; i++) {
+ normsg_cont("%02x", fctx->master_key_descriptor[i]);
+ }
+ normsg("");
+}
+
+static struct fscrypt_context *init_fscrypt_context(void)
+{
+ struct fscrypt_context *new_fctx = xmalloc(sizeof(*new_fctx));
+
+ new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
+ new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC;
+ new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS;
+ //TODO accept padding via a parameter
+ new_fctx->flags = FS_POLICY_FLAGS_PAD_4;
+ //TODO accept descriptor via a parameter
+ RAND_bytes((void *)&new_fctx->master_key_descriptor, FS_KEY_DESCRIPTOR_SIZE);
+ RAND_bytes((void *)&new_fctx->nonce, FS_KEY_DERIVATION_NONCE_SIZE);
+
+ return new_fctx;
+}
+
/**
* open_ubi - open the UBI volume.
* @node: name of the UBI volume character device to fetch information about
--
2.19.1
next prev parent reply other threads:[~2018-10-18 14:38 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-18 14:36 [PATCH 00/42] mtd-utils: Add fscrypt support to mkfs.ubifs Richard Weinberger
2018-10-18 14:36 ` [PATCH 01/42] Import latest ubifs-media.h Richard Weinberger
2018-10-18 14:36 ` [PATCH 02/42] common: Add round functions Richard Weinberger
2018-10-18 14:36 ` [PATCH 03/42] mkfs.ubifs: Add crypto helper functions Richard Weinberger
2018-10-18 14:36 ` [PATCH 04/42] mkfs.ubifs: Implement UBIFS_FLG_DOUBLE_HASH Richard Weinberger
2018-10-18 14:36 ` [PATCH 05/42] mkfs.ubifs: Make r5 hash binary string aware Richard Weinberger
2018-10-18 14:36 ` [PATCH 06/42] mkfs.ubifs: Add fscrypto defines Richard Weinberger
2018-10-18 14:36 ` Richard Weinberger [this message]
2018-10-18 14:36 ` [PATCH 08/42] mkfs.ubifs: Implement UBIFS_FLG_ENCRYPTION Richard Weinberger
2018-10-18 14:36 ` [PATCH 09/42] mkfs.ubifs: Implement basic fscrypto context passing Richard Weinberger
2018-10-18 14:36 ` [PATCH 10/42] mkfs.ubifs: Implement fscrypto context store as xattr Richard Weinberger
2018-10-18 14:36 ` [PATCH 11/42] mkfs.ubifs: Store directory name len in the temporary index Richard Weinberger
2018-10-18 14:36 ` [PATCH 12/42] mkfs.ubifs: Implement filename encryption Richard Weinberger
2018-10-18 14:36 ` [PATCH 13/42] mkfs.ubifs: Add dummy setup for crypto Richard Weinberger
2018-10-18 14:36 ` [PATCH 14/42] mkfs.ubifs: Pass source/dest key len to key derive function Richard Weinberger
2018-10-18 14:36 ` [PATCH 15/42] mkfs.ubifs: Add encrypted symlink support Richard Weinberger
2018-10-18 14:36 ` [PATCH 16/42] mkfs.ubifs: Implement file contents encryption Richard Weinberger
2018-10-18 14:36 ` [PATCH 17/42] mkfs.ubifs: Move symlink data encryption to helper function Richard Weinberger
2018-10-18 14:36 ` [PATCH 18/42] mkfs.ubifs: Make sure we catch nodes that should or should not have name Richard Weinberger
2018-10-18 14:36 ` [PATCH 19/42] mkfs.ubifs: Free all index entry names Richard Weinberger
2018-10-18 14:36 ` [PATCH 20/42] mkfs.ubifs: Seperate path encryption from symlink encryption helper Richard Weinberger
2018-10-18 14:36 ` [PATCH 21/42] mkfs.ubifs: Cleanup add_dent_node, user path " Richard Weinberger
2018-10-18 14:36 ` [PATCH 22/42] mkfs.ubifs: Replace constant values with parameters in init_fscrypt_context Richard Weinberger
2018-10-18 14:36 ` [PATCH 23/42] mkfs.ubifs: Make encryption dependend on (not-yet-existant) command line options Richard Weinberger
2018-10-18 14:37 ` [PATCH 24/42] mkfs.ubifs: Get key descriptor from command line and master key from file Richard Weinberger
2018-10-18 14:37 ` [PATCH 25/42] mkfs.ubifs: Specify padding policy via command line Richard Weinberger
2018-10-18 14:37 ` [PATCH 26/42] mkfs.ubifs: Initial support for encryption command lines Richard Weinberger
2018-10-18 14:37 ` [PATCH 27/42] mkfs.ubifs: Remove cipher implementations from public header Richard Weinberger
2018-10-18 14:37 ` [PATCH 28/42] mkfs.ubifs: Move fscrypt definitions and functions out of mkfs.ubifs.c Richard Weinberger
2018-10-18 14:37 ` [PATCH 29/42] mkfs.ubifs: Cleanup over-long lines Richard Weinberger
2018-10-18 14:37 ` [PATCH 30/42] mkfs.ubifs: Check length of master key Richard Weinberger
2018-10-18 14:37 ` [PATCH 31/42] mkfs.ubifs: Accept 0x prefix for key descriptor Richard Weinberger
2018-10-18 14:37 ` [PATCH 32/42] mkfs.ubifs: Correctly use iv lengths in aes-cts mode Richard Weinberger
2018-10-18 14:37 ` [PATCH 33/42] mkfs.ubifs: Enable Cipher selection Richard Weinberger
2018-10-18 14:37 ` [PATCH 34/42] mkfs.ubifs: Use correct sizes for keys and hash lengths Richard Weinberger
2018-10-18 14:37 ` [PATCH 35/42] mkfs.ubifs: Fixup AES-XTS mode Richard Weinberger
2018-10-18 14:37 ` [PATCH 36/42] mkfs.ubifs: Compute encryption key descriptor automatically Richard Weinberger
2018-10-18 14:37 ` [PATCH 37/42] mkfs.ubifs: Fix key descriptor printing Richard Weinberger
2018-10-18 14:37 ` [PATCH 38/42] mkfs.ubifs: More fscryptctl compatibility Richard Weinberger
2018-10-18 14:37 ` [PATCH 39/42] mkfs.ubifs: Move RAND_poll to crypto.c Richard Weinberger
2018-10-18 14:37 ` [PATCH 40/42] mkfs.ubifs: Enable support for building without crypto Richard Weinberger
2018-10-18 14:37 ` [PATCH 41/42] mkfs.ubifs: Print key descriptor only when generated Richard Weinberger
2018-10-18 14:37 ` [PATCH 42/42] mkfs.ubifs: Use AES-256-XTS as default Richard Weinberger
2018-11-02 16:41 ` [PATCH 00/42] mtd-utils: Add fscrypt support to mkfs.ubifs David Oberhollenzer
2018-11-02 16:43 ` Richard Weinberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181018143718.26298-8-richard@nod.at \
--to=richard@nod.at \
--cc=david.oberhollenzer@sigma-star.at \
--cc=linux-mtd@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox