1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * This file is part of UBIFS. 4 * 5 * Copyright (C) 2018 Pengutronix, Sascha Hauer <s.hauer@pengutronix.de> 6 */ 7 8 /* 9 * This file implements various helper functions for UBIFS authentication support 10 */ 11 12 #include <linux/crypto.h> 13 #include <crypto/hash.h> 14 #include <crypto/sha.h> 15 #include <crypto/algapi.h> 16 #include <keys/user-type.h> 17 18 #include "ubifs.h" 19 20 /** 21 * ubifs_node_calc_hash - calculate the hash of a UBIFS node 22 * @c: UBIFS file-system description object 23 * @node: the node to calculate a hash for 24 * @hash: the returned hash 25 * 26 * Returns 0 for success or a negative error code otherwise. 27 */ 28 int __ubifs_node_calc_hash(const struct ubifs_info *c, const void *node, 29 u8 *hash) 30 { 31 const struct ubifs_ch *ch = node; 32 SHASH_DESC_ON_STACK(shash, c->hash_tfm); 33 int err; 34 35 shash->tfm = c->hash_tfm; 36 shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 37 38 err = crypto_shash_digest(shash, node, le32_to_cpu(ch->len), hash); 39 if (err < 0) 40 return err; 41 return 0; 42 } 43 44 /** 45 * ubifs_hash_calc_hmac - calculate a HMAC from a hash 46 * @c: UBIFS file-system description object 47 * @hash: the node to calculate a HMAC for 48 * @hmac: the returned HMAC 49 * 50 * Returns 0 for success or a negative error code otherwise. 51 */ 52 static int ubifs_hash_calc_hmac(const struct ubifs_info *c, const u8 *hash, 53 u8 *hmac) 54 { 55 SHASH_DESC_ON_STACK(shash, c->hmac_tfm); 56 int err; 57 58 shash->tfm = c->hmac_tfm; 59 shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 60 61 err = crypto_shash_digest(shash, hash, c->hash_len, hmac); 62 if (err < 0) 63 return err; 64 return 0; 65 } 66 67 /** 68 * ubifs_prepare_auth_node - Prepare an authentication node 69 * @c: UBIFS file-system description object 70 * @node: the node to calculate a hash for 71 * @hash: input hash of previous nodes 72 * 73 * This function prepares an authentication node for writing onto flash. 74 * It creates a HMAC from the given input hash and writes it to the node. 75 * 76 * Returns 0 for success or a negative error code otherwise. 77 */ 78 int ubifs_prepare_auth_node(struct ubifs_info *c, void *node, 79 struct shash_desc *inhash) 80 { 81 SHASH_DESC_ON_STACK(hash_desc, c->hash_tfm); 82 struct ubifs_auth_node *auth = node; 83 u8 *hash; 84 int err; 85 86 hash = kmalloc(crypto_shash_descsize(c->hash_tfm), GFP_NOFS); 87 if (!hash) 88 return -ENOMEM; 89 90 hash_desc->tfm = c->hash_tfm; 91 hash_desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 92 ubifs_shash_copy_state(c, inhash, hash_desc); 93 94 err = crypto_shash_final(hash_desc, hash); 95 if (err) 96 goto out; 97 98 err = ubifs_hash_calc_hmac(c, hash, auth->hmac); 99 if (err) 100 goto out; 101 102 auth->ch.node_type = UBIFS_AUTH_NODE; 103 ubifs_prepare_node(c, auth, ubifs_auth_node_sz(c), 0); 104 105 err = 0; 106 out: 107 kfree(hash); 108 109 return err; 110 } 111 112 static struct shash_desc *ubifs_get_desc(const struct ubifs_info *c, 113 struct crypto_shash *tfm) 114 { 115 struct shash_desc *desc; 116 int err; 117 118 if (!ubifs_authenticated(c)) 119 return NULL; 120 121 desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL); 122 if (!desc) 123 return ERR_PTR(-ENOMEM); 124 125 desc->tfm = tfm; 126 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 127 128 err = crypto_shash_init(desc); 129 if (err) { 130 kfree(desc); 131 return ERR_PTR(err); 132 } 133 134 return desc; 135 } 136 137 /** 138 * __ubifs_hash_get_desc - get a descriptor suitable for hashing a node 139 * @c: UBIFS file-system description object 140 * 141 * This function returns a descriptor suitable for hashing a node. Free after use 142 * with kfree. 143 */ 144 struct shash_desc *__ubifs_hash_get_desc(const struct ubifs_info *c) 145 { 146 return ubifs_get_desc(c, c->hash_tfm); 147 } 148 149 /** 150 * __ubifs_shash_final - finalize shash 151 * @c: UBIFS file-system description object 152 * @desc: the descriptor 153 * @out: the output hash 154 * 155 * Simple wrapper around crypto_shash_final(), safe to be called with 156 * disabled authentication. 157 */ 158 int __ubifs_shash_final(const struct ubifs_info *c, struct shash_desc *desc, 159 u8 *out) 160 { 161 if (ubifs_authenticated(c)) 162 return crypto_shash_final(desc, out); 163 164 return 0; 165 } 166 167 /** 168 * ubifs_bad_hash - Report hash mismatches 169 * @c: UBIFS file-system description object 170 * @node: the node 171 * @hash: the expected hash 172 * @lnum: the LEB @node was read from 173 * @offs: offset in LEB @node was read from 174 * 175 * This function reports a hash mismatch when a node has a different hash than 176 * expected. 177 */ 178 void ubifs_bad_hash(const struct ubifs_info *c, const void *node, const u8 *hash, 179 int lnum, int offs) 180 { 181 int len = min(c->hash_len, 20); 182 int cropped = len != c->hash_len; 183 const char *cont = cropped ? "..." : ""; 184 185 u8 calc[UBIFS_HASH_ARR_SZ]; 186 187 __ubifs_node_calc_hash(c, node, calc); 188 189 ubifs_err(c, "hash mismatch on node at LEB %d:%d", lnum, offs); 190 ubifs_err(c, "hash expected: %*ph%s", len, hash, cont); 191 ubifs_err(c, "hash calculated: %*ph%s", len, calc, cont); 192 } 193 194 /** 195 * __ubifs_node_check_hash - check the hash of a node against given hash 196 * @c: UBIFS file-system description object 197 * @node: the node 198 * @expected: the expected hash 199 * 200 * This function calculates a hash over a node and compares it to the given hash. 201 * Returns 0 if both hashes are equal or authentication is disabled, otherwise a 202 * negative error code is returned. 203 */ 204 int __ubifs_node_check_hash(const struct ubifs_info *c, const void *node, 205 const u8 *expected) 206 { 207 u8 calc[UBIFS_HASH_ARR_SZ]; 208 int err; 209 210 err = __ubifs_node_calc_hash(c, node, calc); 211 if (err) 212 return err; 213 214 if (ubifs_check_hash(c, expected, calc)) 215 return -EPERM; 216 217 return 0; 218 } 219 220 /** 221 * ubifs_init_authentication - initialize UBIFS authentication support 222 * @c: UBIFS file-system description object 223 * 224 * This function returns 0 for success or a negative error code otherwise. 225 */ 226 int ubifs_init_authentication(struct ubifs_info *c) 227 { 228 struct key *keyring_key; 229 const struct user_key_payload *ukp; 230 int err; 231 char hmac_name[CRYPTO_MAX_ALG_NAME]; 232 233 if (!c->auth_hash_name) { 234 ubifs_err(c, "authentication hash name needed with authentication"); 235 return -EINVAL; 236 } 237 238 c->auth_hash_algo = match_string(hash_algo_name, HASH_ALGO__LAST, 239 c->auth_hash_name); 240 if ((int)c->auth_hash_algo < 0) { 241 ubifs_err(c, "Unknown hash algo %s specified", 242 c->auth_hash_name); 243 return -EINVAL; 244 } 245 246 snprintf(hmac_name, CRYPTO_MAX_ALG_NAME, "hmac(%s)", 247 c->auth_hash_name); 248 249 keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL); 250 251 if (IS_ERR(keyring_key)) { 252 ubifs_err(c, "Failed to request key: %ld", 253 PTR_ERR(keyring_key)); 254 return PTR_ERR(keyring_key); 255 } 256 257 down_read(&keyring_key->sem); 258 259 if (keyring_key->type != &key_type_logon) { 260 ubifs_err(c, "key type must be logon"); 261 err = -ENOKEY; 262 goto out; 263 } 264 265 ukp = user_key_payload_locked(keyring_key); 266 if (!ukp) { 267 /* key was revoked before we acquired its semaphore */ 268 err = -EKEYREVOKED; 269 goto out; 270 } 271 272 c->hash_tfm = crypto_alloc_shash(c->auth_hash_name, 0, 0); 273 if (IS_ERR(c->hash_tfm)) { 274 err = PTR_ERR(c->hash_tfm); 275 ubifs_err(c, "Can not allocate %s: %d", 276 c->auth_hash_name, err); 277 goto out; 278 } 279 280 c->hash_len = crypto_shash_digestsize(c->hash_tfm); 281 if (c->hash_len > UBIFS_HASH_ARR_SZ) { 282 ubifs_err(c, "hash %s is bigger than maximum allowed hash size (%d > %d)", 283 c->auth_hash_name, c->hash_len, UBIFS_HASH_ARR_SZ); 284 err = -EINVAL; 285 goto out_free_hash; 286 } 287 288 c->hmac_tfm = crypto_alloc_shash(hmac_name, 0, 0); 289 if (IS_ERR(c->hmac_tfm)) { 290 err = PTR_ERR(c->hmac_tfm); 291 ubifs_err(c, "Can not allocate %s: %d", hmac_name, err); 292 goto out_free_hash; 293 } 294 295 c->hmac_desc_len = crypto_shash_digestsize(c->hmac_tfm); 296 if (c->hmac_desc_len > UBIFS_HMAC_ARR_SZ) { 297 ubifs_err(c, "hmac %s is bigger than maximum allowed hmac size (%d > %d)", 298 hmac_name, c->hmac_desc_len, UBIFS_HMAC_ARR_SZ); 299 err = -EINVAL; 300 goto out_free_hash; 301 } 302 303 err = crypto_shash_setkey(c->hmac_tfm, ukp->data, ukp->datalen); 304 if (err) 305 goto out_free_hmac; 306 307 c->authenticated = true; 308 309 c->log_hash = ubifs_hash_get_desc(c); 310 if (IS_ERR(c->log_hash)) 311 goto out_free_hmac; 312 313 err = 0; 314 315 out_free_hmac: 316 if (err) 317 crypto_free_shash(c->hmac_tfm); 318 out_free_hash: 319 if (err) 320 crypto_free_shash(c->hash_tfm); 321 out: 322 up_read(&keyring_key->sem); 323 key_put(keyring_key); 324 325 return err; 326 } 327 328 /** 329 * __ubifs_exit_authentication - release resource 330 * @c: UBIFS file-system description object 331 * 332 * This function releases the authentication related resources. 333 */ 334 void __ubifs_exit_authentication(struct ubifs_info *c) 335 { 336 if (!ubifs_authenticated(c)) 337 return; 338 339 crypto_free_shash(c->hmac_tfm); 340 crypto_free_shash(c->hash_tfm); 341 kfree(c->log_hash); 342 } 343 344 /** 345 * ubifs_node_calc_hmac - calculate the HMAC of a UBIFS node 346 * @c: UBIFS file-system description object 347 * @node: the node to insert a HMAC into. 348 * @len: the length of the node 349 * @ofs_hmac: the offset in the node where the HMAC is inserted 350 * @hmac: returned HMAC 351 * 352 * This function calculates a HMAC of a UBIFS node. The HMAC is expected to be 353 * embedded into the node, so this area is not covered by the HMAC. Also not 354 * covered is the UBIFS_NODE_MAGIC and the CRC of the node. 355 */ 356 static int ubifs_node_calc_hmac(const struct ubifs_info *c, const void *node, 357 int len, int ofs_hmac, void *hmac) 358 { 359 SHASH_DESC_ON_STACK(shash, c->hmac_tfm); 360 int hmac_len = c->hmac_desc_len; 361 int err; 362 363 ubifs_assert(c, ofs_hmac > 8); 364 ubifs_assert(c, ofs_hmac + hmac_len < len); 365 366 shash->tfm = c->hmac_tfm; 367 shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 368 369 err = crypto_shash_init(shash); 370 if (err) 371 return err; 372 373 /* behind common node header CRC up to HMAC begin */ 374 err = crypto_shash_update(shash, node + 8, ofs_hmac - 8); 375 if (err < 0) 376 return err; 377 378 /* behind HMAC, if any */ 379 if (len - ofs_hmac - hmac_len > 0) { 380 err = crypto_shash_update(shash, node + ofs_hmac + hmac_len, 381 len - ofs_hmac - hmac_len); 382 if (err < 0) 383 return err; 384 } 385 386 return crypto_shash_final(shash, hmac); 387 } 388 389 /** 390 * __ubifs_node_insert_hmac - insert a HMAC into a UBIFS node 391 * @c: UBIFS file-system description object 392 * @node: the node to insert a HMAC into. 393 * @len: the length of the node 394 * @ofs_hmac: the offset in the node where the HMAC is inserted 395 * 396 * This function inserts a HMAC at offset @ofs_hmac into the node given in 397 * @node. 398 * 399 * This function returns 0 for success or a negative error code otherwise. 400 */ 401 int __ubifs_node_insert_hmac(const struct ubifs_info *c, void *node, int len, 402 int ofs_hmac) 403 { 404 return ubifs_node_calc_hmac(c, node, len, ofs_hmac, node + ofs_hmac); 405 } 406 407 /** 408 * __ubifs_node_verify_hmac - verify the HMAC of UBIFS node 409 * @c: UBIFS file-system description object 410 * @node: the node to insert a HMAC into. 411 * @len: the length of the node 412 * @ofs_hmac: the offset in the node where the HMAC is inserted 413 * 414 * This function verifies the HMAC at offset @ofs_hmac of the node given in 415 * @node. Returns 0 if successful or a negative error code otherwise. 416 */ 417 int __ubifs_node_verify_hmac(const struct ubifs_info *c, const void *node, 418 int len, int ofs_hmac) 419 { 420 int hmac_len = c->hmac_desc_len; 421 u8 *hmac; 422 int err; 423 424 hmac = kmalloc(hmac_len, GFP_NOFS); 425 if (!hmac) 426 return -ENOMEM; 427 428 err = ubifs_node_calc_hmac(c, node, len, ofs_hmac, hmac); 429 if (err) 430 return err; 431 432 err = crypto_memneq(hmac, node + ofs_hmac, hmac_len); 433 434 kfree(hmac); 435 436 if (!err) 437 return 0; 438 439 return -EPERM; 440 } 441 442 int __ubifs_shash_copy_state(const struct ubifs_info *c, struct shash_desc *src, 443 struct shash_desc *target) 444 { 445 u8 *state; 446 int err; 447 448 state = kmalloc(crypto_shash_descsize(src->tfm), GFP_NOFS); 449 if (!state) 450 return -ENOMEM; 451 452 err = crypto_shash_export(src, state); 453 if (err) 454 goto out; 455 456 err = crypto_shash_import(target, state); 457 458 out: 459 kfree(state); 460 461 return err; 462 } 463 464 /** 465 * ubifs_hmac_wkm - Create a HMAC of the well known message 466 * @c: UBIFS file-system description object 467 * @hmac: The HMAC of the well known message 468 * 469 * This function creates a HMAC of a well known message. This is used 470 * to check if the provided key is suitable to authenticate a UBIFS 471 * image. This is only a convenience to the user to provide a better 472 * error message when the wrong key is provided. 473 * 474 * This function returns 0 for success or a negative error code otherwise. 475 */ 476 int ubifs_hmac_wkm(struct ubifs_info *c, u8 *hmac) 477 { 478 SHASH_DESC_ON_STACK(shash, c->hmac_tfm); 479 int err; 480 const char well_known_message[] = "UBIFS"; 481 482 if (!ubifs_authenticated(c)) 483 return 0; 484 485 shash->tfm = c->hmac_tfm; 486 shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 487 488 err = crypto_shash_init(shash); 489 if (err) 490 return err; 491 492 err = crypto_shash_update(shash, well_known_message, 493 sizeof(well_known_message) - 1); 494 if (err < 0) 495 return err; 496 497 err = crypto_shash_final(shash, hmac); 498 if (err) 499 return err; 500 return 0; 501 } 502