Commit | Line | Data |
---|---|---|
49525e5e SH |
1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* | |
3 | * This file is part of UBIFS. | |
4 | * | |
5 | * Copyright (C) 2018 Pengutronix, Sascha Hauer <s.hauer@pengutronix.de> | |
6 | */ | |
7 | ||
8 | /* | |
9 | * This file implements various helper functions for UBIFS authentication support | |
10 | */ | |
11 | ||
12 | #include <linux/crypto.h> | |
817aa094 | 13 | #include <linux/verification.h> |
49525e5e | 14 | #include <crypto/hash.h> |
49525e5e SH |
15 | #include <crypto/algapi.h> |
16 | #include <keys/user-type.h> | |
817aa094 | 17 | #include <keys/asymmetric-type.h> |
49525e5e SH |
18 | |
19 | #include "ubifs.h" | |
20 | ||
21 | /** | |
22 | * ubifs_node_calc_hash - calculate the hash of a UBIFS node | |
23 | * @c: UBIFS file-system description object | |
24 | * @node: the node to calculate a hash for | |
25 | * @hash: the returned hash | |
26 | * | |
27 | * Returns 0 for success or a negative error code otherwise. | |
28 | */ | |
29 | int __ubifs_node_calc_hash(const struct ubifs_info *c, const void *node, | |
30 | u8 *hash) | |
31 | { | |
32 | const struct ubifs_ch *ch = node; | |
49525e5e | 33 | |
f80df385 EB |
34 | return crypto_shash_tfm_digest(c->hash_tfm, node, le32_to_cpu(ch->len), |
35 | hash); | |
49525e5e SH |
36 | } |
37 | ||
38 | /** | |
39 | * ubifs_hash_calc_hmac - calculate a HMAC from a hash | |
40 | * @c: UBIFS file-system description object | |
41 | * @hash: the node to calculate a HMAC for | |
42 | * @hmac: the returned HMAC | |
43 | * | |
44 | * Returns 0 for success or a negative error code otherwise. | |
45 | */ | |
46 | static int ubifs_hash_calc_hmac(const struct ubifs_info *c, const u8 *hash, | |
47 | u8 *hmac) | |
48 | { | |
f80df385 | 49 | return crypto_shash_tfm_digest(c->hmac_tfm, hash, c->hash_len, hmac); |
49525e5e SH |
50 | } |
51 | ||
52 | /** | |
53 | * ubifs_prepare_auth_node - Prepare an authentication node | |
54 | * @c: UBIFS file-system description object | |
55 | * @node: the node to calculate a hash for | |
f39d9f4c | 56 | * @inhash: input hash of previous nodes |
49525e5e SH |
57 | * |
58 | * This function prepares an authentication node for writing onto flash. | |
59 | * It creates a HMAC from the given input hash and writes it to the node. | |
60 | * | |
61 | * Returns 0 for success or a negative error code otherwise. | |
62 | */ | |
63 | int ubifs_prepare_auth_node(struct ubifs_info *c, void *node, | |
64 | struct shash_desc *inhash) | |
65 | { | |
49525e5e | 66 | struct ubifs_auth_node *auth = node; |
3c3c32f8 | 67 | u8 hash[UBIFS_HASH_ARR_SZ]; |
49525e5e SH |
68 | int err; |
69 | ||
f4844b35 AB |
70 | { |
71 | SHASH_DESC_ON_STACK(hash_desc, c->hash_tfm); | |
49525e5e | 72 | |
f4844b35 | 73 | hash_desc->tfm = c->hash_tfm; |
f4844b35 AB |
74 | ubifs_shash_copy_state(c, inhash, hash_desc); |
75 | ||
76 | err = crypto_shash_final(hash_desc, hash); | |
77 | if (err) | |
3c3c32f8 | 78 | return err; |
f4844b35 | 79 | } |
49525e5e SH |
80 | |
81 | err = ubifs_hash_calc_hmac(c, hash, auth->hmac); | |
82 | if (err) | |
3c3c32f8 | 83 | return err; |
49525e5e SH |
84 | |
85 | auth->ch.node_type = UBIFS_AUTH_NODE; | |
86 | ubifs_prepare_node(c, auth, ubifs_auth_node_sz(c), 0); | |
3c3c32f8 | 87 | return 0; |
49525e5e SH |
88 | } |
89 | ||
90 | static struct shash_desc *ubifs_get_desc(const struct ubifs_info *c, | |
91 | struct crypto_shash *tfm) | |
92 | { | |
93 | struct shash_desc *desc; | |
94 | int err; | |
95 | ||
96 | if (!ubifs_authenticated(c)) | |
97 | return NULL; | |
98 | ||
99 | desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL); | |
100 | if (!desc) | |
101 | return ERR_PTR(-ENOMEM); | |
102 | ||
103 | desc->tfm = tfm; | |
49525e5e SH |
104 | |
105 | err = crypto_shash_init(desc); | |
106 | if (err) { | |
107 | kfree(desc); | |
108 | return ERR_PTR(err); | |
109 | } | |
110 | ||
111 | return desc; | |
112 | } | |
113 | ||
114 | /** | |
115 | * __ubifs_hash_get_desc - get a descriptor suitable for hashing a node | |
116 | * @c: UBIFS file-system description object | |
117 | * | |
118 | * This function returns a descriptor suitable for hashing a node. Free after use | |
119 | * with kfree. | |
120 | */ | |
121 | struct shash_desc *__ubifs_hash_get_desc(const struct ubifs_info *c) | |
122 | { | |
123 | return ubifs_get_desc(c, c->hash_tfm); | |
124 | } | |
125 | ||
49525e5e SH |
126 | /** |
127 | * ubifs_bad_hash - Report hash mismatches | |
128 | * @c: UBIFS file-system description object | |
129 | * @node: the node | |
130 | * @hash: the expected hash | |
131 | * @lnum: the LEB @node was read from | |
132 | * @offs: offset in LEB @node was read from | |
133 | * | |
134 | * This function reports a hash mismatch when a node has a different hash than | |
135 | * expected. | |
136 | */ | |
137 | void ubifs_bad_hash(const struct ubifs_info *c, const void *node, const u8 *hash, | |
138 | int lnum, int offs) | |
139 | { | |
140 | int len = min(c->hash_len, 20); | |
141 | int cropped = len != c->hash_len; | |
142 | const char *cont = cropped ? "..." : ""; | |
143 | ||
144 | u8 calc[UBIFS_HASH_ARR_SZ]; | |
145 | ||
146 | __ubifs_node_calc_hash(c, node, calc); | |
147 | ||
148 | ubifs_err(c, "hash mismatch on node at LEB %d:%d", lnum, offs); | |
149 | ubifs_err(c, "hash expected: %*ph%s", len, hash, cont); | |
150 | ubifs_err(c, "hash calculated: %*ph%s", len, calc, cont); | |
151 | } | |
152 | ||
153 | /** | |
154 | * __ubifs_node_check_hash - check the hash of a node against given hash | |
155 | * @c: UBIFS file-system description object | |
156 | * @node: the node | |
157 | * @expected: the expected hash | |
158 | * | |
159 | * This function calculates a hash over a node and compares it to the given hash. | |
160 | * Returns 0 if both hashes are equal or authentication is disabled, otherwise a | |
161 | * negative error code is returned. | |
162 | */ | |
163 | int __ubifs_node_check_hash(const struct ubifs_info *c, const void *node, | |
164 | const u8 *expected) | |
165 | { | |
166 | u8 calc[UBIFS_HASH_ARR_SZ]; | |
167 | int err; | |
168 | ||
169 | err = __ubifs_node_calc_hash(c, node, calc); | |
170 | if (err) | |
171 | return err; | |
172 | ||
173 | if (ubifs_check_hash(c, expected, calc)) | |
174 | return -EPERM; | |
175 | ||
176 | return 0; | |
177 | } | |
178 | ||
817aa094 SH |
179 | /** |
180 | * ubifs_sb_verify_signature - verify the signature of a superblock | |
181 | * @c: UBIFS file-system description object | |
182 | * @sup: The superblock node | |
183 | * | |
184 | * To support offline signed images the superblock can be signed with a | |
185 | * PKCS#7 signature. The signature is placed directly behind the superblock | |
186 | * node in an ubifs_sig_node. | |
187 | * | |
188 | * Returns 0 when the signature can be successfully verified or a negative | |
189 | * error code if not. | |
190 | */ | |
191 | int ubifs_sb_verify_signature(struct ubifs_info *c, | |
192 | const struct ubifs_sb_node *sup) | |
193 | { | |
194 | int err; | |
195 | struct ubifs_scan_leb *sleb; | |
196 | struct ubifs_scan_node *snod; | |
197 | const struct ubifs_sig_node *signode; | |
198 | ||
199 | sleb = ubifs_scan(c, UBIFS_SB_LNUM, UBIFS_SB_NODE_SZ, c->sbuf, 0); | |
200 | if (IS_ERR(sleb)) { | |
201 | err = PTR_ERR(sleb); | |
202 | return err; | |
203 | } | |
204 | ||
205 | if (sleb->nodes_cnt == 0) { | |
206 | ubifs_err(c, "Unable to find signature node"); | |
207 | err = -EINVAL; | |
208 | goto out_destroy; | |
209 | } | |
210 | ||
211 | snod = list_first_entry(&sleb->nodes, struct ubifs_scan_node, list); | |
212 | ||
213 | if (snod->type != UBIFS_SIG_NODE) { | |
214 | ubifs_err(c, "Signature node is of wrong type"); | |
215 | err = -EINVAL; | |
216 | goto out_destroy; | |
217 | } | |
218 | ||
219 | signode = snod->node; | |
220 | ||
221 | if (le32_to_cpu(signode->len) > snod->len + sizeof(struct ubifs_sig_node)) { | |
222 | ubifs_err(c, "invalid signature len %d", le32_to_cpu(signode->len)); | |
223 | err = -EINVAL; | |
224 | goto out_destroy; | |
225 | } | |
226 | ||
227 | if (le32_to_cpu(signode->type) != UBIFS_SIGNATURE_TYPE_PKCS7) { | |
228 | ubifs_err(c, "Signature type %d is not supported\n", | |
229 | le32_to_cpu(signode->type)); | |
230 | err = -EINVAL; | |
231 | goto out_destroy; | |
232 | } | |
233 | ||
234 | err = verify_pkcs7_signature(sup, sizeof(struct ubifs_sb_node), | |
235 | signode->sig, le32_to_cpu(signode->len), | |
236 | NULL, VERIFYING_UNSPECIFIED_SIGNATURE, | |
237 | NULL, NULL); | |
238 | ||
239 | if (err) | |
240 | ubifs_err(c, "Failed to verify signature"); | |
241 | else | |
242 | ubifs_msg(c, "Successfully verified super block signature"); | |
243 | ||
244 | out_destroy: | |
245 | ubifs_scan_destroy(sleb); | |
246 | ||
247 | return err; | |
248 | } | |
249 | ||
49525e5e SH |
250 | /** |
251 | * ubifs_init_authentication - initialize UBIFS authentication support | |
252 | * @c: UBIFS file-system description object | |
253 | * | |
254 | * This function returns 0 for success or a negative error code otherwise. | |
255 | */ | |
256 | int ubifs_init_authentication(struct ubifs_info *c) | |
257 | { | |
258 | struct key *keyring_key; | |
259 | const struct user_key_payload *ukp; | |
260 | int err; | |
261 | char hmac_name[CRYPTO_MAX_ALG_NAME]; | |
262 | ||
263 | if (!c->auth_hash_name) { | |
264 | ubifs_err(c, "authentication hash name needed with authentication"); | |
265 | return -EINVAL; | |
266 | } | |
267 | ||
268 | c->auth_hash_algo = match_string(hash_algo_name, HASH_ALGO__LAST, | |
269 | c->auth_hash_name); | |
270 | if ((int)c->auth_hash_algo < 0) { | |
271 | ubifs_err(c, "Unknown hash algo %s specified", | |
272 | c->auth_hash_name); | |
273 | return -EINVAL; | |
274 | } | |
275 | ||
276 | snprintf(hmac_name, CRYPTO_MAX_ALG_NAME, "hmac(%s)", | |
277 | c->auth_hash_name); | |
278 | ||
279 | keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL); | |
280 | ||
281 | if (IS_ERR(keyring_key)) { | |
282 | ubifs_err(c, "Failed to request key: %ld", | |
283 | PTR_ERR(keyring_key)); | |
284 | return PTR_ERR(keyring_key); | |
285 | } | |
286 | ||
287 | down_read(&keyring_key->sem); | |
288 | ||
289 | if (keyring_key->type != &key_type_logon) { | |
290 | ubifs_err(c, "key type must be logon"); | |
291 | err = -ENOKEY; | |
292 | goto out; | |
293 | } | |
294 | ||
295 | ukp = user_key_payload_locked(keyring_key); | |
296 | if (!ukp) { | |
297 | /* key was revoked before we acquired its semaphore */ | |
298 | err = -EKEYREVOKED; | |
299 | goto out; | |
300 | } | |
301 | ||
3d234b33 | 302 | c->hash_tfm = crypto_alloc_shash(c->auth_hash_name, 0, 0); |
49525e5e SH |
303 | if (IS_ERR(c->hash_tfm)) { |
304 | err = PTR_ERR(c->hash_tfm); | |
305 | ubifs_err(c, "Can not allocate %s: %d", | |
306 | c->auth_hash_name, err); | |
307 | goto out; | |
308 | } | |
309 | ||
310 | c->hash_len = crypto_shash_digestsize(c->hash_tfm); | |
311 | if (c->hash_len > UBIFS_HASH_ARR_SZ) { | |
312 | ubifs_err(c, "hash %s is bigger than maximum allowed hash size (%d > %d)", | |
313 | c->auth_hash_name, c->hash_len, UBIFS_HASH_ARR_SZ); | |
314 | err = -EINVAL; | |
315 | goto out_free_hash; | |
316 | } | |
317 | ||
3d234b33 | 318 | c->hmac_tfm = crypto_alloc_shash(hmac_name, 0, 0); |
49525e5e SH |
319 | if (IS_ERR(c->hmac_tfm)) { |
320 | err = PTR_ERR(c->hmac_tfm); | |
321 | ubifs_err(c, "Can not allocate %s: %d", hmac_name, err); | |
322 | goto out_free_hash; | |
323 | } | |
324 | ||
325 | c->hmac_desc_len = crypto_shash_digestsize(c->hmac_tfm); | |
326 | if (c->hmac_desc_len > UBIFS_HMAC_ARR_SZ) { | |
327 | ubifs_err(c, "hmac %s is bigger than maximum allowed hmac size (%d > %d)", | |
328 | hmac_name, c->hmac_desc_len, UBIFS_HMAC_ARR_SZ); | |
329 | err = -EINVAL; | |
11b8ab38 | 330 | goto out_free_hmac; |
49525e5e SH |
331 | } |
332 | ||
333 | err = crypto_shash_setkey(c->hmac_tfm, ukp->data, ukp->datalen); | |
334 | if (err) | |
335 | goto out_free_hmac; | |
336 | ||
337 | c->authenticated = true; | |
338 | ||
339 | c->log_hash = ubifs_hash_get_desc(c); | |
3cded663 WS |
340 | if (IS_ERR(c->log_hash)) { |
341 | err = PTR_ERR(c->log_hash); | |
49525e5e | 342 | goto out_free_hmac; |
3cded663 | 343 | } |
49525e5e SH |
344 | |
345 | err = 0; | |
346 | ||
347 | out_free_hmac: | |
348 | if (err) | |
349 | crypto_free_shash(c->hmac_tfm); | |
350 | out_free_hash: | |
351 | if (err) | |
352 | crypto_free_shash(c->hash_tfm); | |
353 | out: | |
354 | up_read(&keyring_key->sem); | |
355 | key_put(keyring_key); | |
356 | ||
357 | return err; | |
358 | } | |
359 | ||
360 | /** | |
361 | * __ubifs_exit_authentication - release resource | |
362 | * @c: UBIFS file-system description object | |
363 | * | |
364 | * This function releases the authentication related resources. | |
365 | */ | |
366 | void __ubifs_exit_authentication(struct ubifs_info *c) | |
367 | { | |
368 | if (!ubifs_authenticated(c)) | |
369 | return; | |
370 | ||
371 | crypto_free_shash(c->hmac_tfm); | |
372 | crypto_free_shash(c->hash_tfm); | |
373 | kfree(c->log_hash); | |
374 | } | |
375 | ||
376 | /** | |
377 | * ubifs_node_calc_hmac - calculate the HMAC of a UBIFS node | |
378 | * @c: UBIFS file-system description object | |
379 | * @node: the node to insert a HMAC into. | |
380 | * @len: the length of the node | |
381 | * @ofs_hmac: the offset in the node where the HMAC is inserted | |
382 | * @hmac: returned HMAC | |
383 | * | |
384 | * This function calculates a HMAC of a UBIFS node. The HMAC is expected to be | |
385 | * embedded into the node, so this area is not covered by the HMAC. Also not | |
386 | * covered is the UBIFS_NODE_MAGIC and the CRC of the node. | |
387 | */ | |
388 | static int ubifs_node_calc_hmac(const struct ubifs_info *c, const void *node, | |
389 | int len, int ofs_hmac, void *hmac) | |
390 | { | |
391 | SHASH_DESC_ON_STACK(shash, c->hmac_tfm); | |
392 | int hmac_len = c->hmac_desc_len; | |
393 | int err; | |
394 | ||
395 | ubifs_assert(c, ofs_hmac > 8); | |
396 | ubifs_assert(c, ofs_hmac + hmac_len < len); | |
397 | ||
398 | shash->tfm = c->hmac_tfm; | |
49525e5e SH |
399 | |
400 | err = crypto_shash_init(shash); | |
401 | if (err) | |
402 | return err; | |
403 | ||
404 | /* behind common node header CRC up to HMAC begin */ | |
405 | err = crypto_shash_update(shash, node + 8, ofs_hmac - 8); | |
406 | if (err < 0) | |
407 | return err; | |
408 | ||
409 | /* behind HMAC, if any */ | |
410 | if (len - ofs_hmac - hmac_len > 0) { | |
411 | err = crypto_shash_update(shash, node + ofs_hmac + hmac_len, | |
412 | len - ofs_hmac - hmac_len); | |
413 | if (err < 0) | |
414 | return err; | |
415 | } | |
416 | ||
417 | return crypto_shash_final(shash, hmac); | |
418 | } | |
419 | ||
420 | /** | |
421 | * __ubifs_node_insert_hmac - insert a HMAC into a UBIFS node | |
422 | * @c: UBIFS file-system description object | |
423 | * @node: the node to insert a HMAC into. | |
424 | * @len: the length of the node | |
425 | * @ofs_hmac: the offset in the node where the HMAC is inserted | |
426 | * | |
427 | * This function inserts a HMAC at offset @ofs_hmac into the node given in | |
428 | * @node. | |
429 | * | |
430 | * This function returns 0 for success or a negative error code otherwise. | |
431 | */ | |
432 | int __ubifs_node_insert_hmac(const struct ubifs_info *c, void *node, int len, | |
433 | int ofs_hmac) | |
434 | { | |
435 | return ubifs_node_calc_hmac(c, node, len, ofs_hmac, node + ofs_hmac); | |
436 | } | |
437 | ||
438 | /** | |
439 | * __ubifs_node_verify_hmac - verify the HMAC of UBIFS node | |
440 | * @c: UBIFS file-system description object | |
441 | * @node: the node to insert a HMAC into. | |
442 | * @len: the length of the node | |
443 | * @ofs_hmac: the offset in the node where the HMAC is inserted | |
444 | * | |
445 | * This function verifies the HMAC at offset @ofs_hmac of the node given in | |
446 | * @node. Returns 0 if successful or a negative error code otherwise. | |
447 | */ | |
448 | int __ubifs_node_verify_hmac(const struct ubifs_info *c, const void *node, | |
449 | int len, int ofs_hmac) | |
450 | { | |
451 | int hmac_len = c->hmac_desc_len; | |
452 | u8 *hmac; | |
453 | int err; | |
454 | ||
455 | hmac = kmalloc(hmac_len, GFP_NOFS); | |
456 | if (!hmac) | |
457 | return -ENOMEM; | |
458 | ||
459 | err = ubifs_node_calc_hmac(c, node, len, ofs_hmac, hmac); | |
7992e004 WW |
460 | if (err) { |
461 | kfree(hmac); | |
49525e5e | 462 | return err; |
7992e004 | 463 | } |
49525e5e SH |
464 | |
465 | err = crypto_memneq(hmac, node + ofs_hmac, hmac_len); | |
466 | ||
467 | kfree(hmac); | |
468 | ||
469 | if (!err) | |
470 | return 0; | |
471 | ||
472 | return -EPERM; | |
473 | } | |
474 | ||
475 | int __ubifs_shash_copy_state(const struct ubifs_info *c, struct shash_desc *src, | |
476 | struct shash_desc *target) | |
477 | { | |
478 | u8 *state; | |
479 | int err; | |
480 | ||
481 | state = kmalloc(crypto_shash_descsize(src->tfm), GFP_NOFS); | |
482 | if (!state) | |
483 | return -ENOMEM; | |
484 | ||
485 | err = crypto_shash_export(src, state); | |
486 | if (err) | |
487 | goto out; | |
488 | ||
489 | err = crypto_shash_import(target, state); | |
490 | ||
491 | out: | |
492 | kfree(state); | |
493 | ||
494 | return err; | |
495 | } | |
496 | ||
497 | /** | |
498 | * ubifs_hmac_wkm - Create a HMAC of the well known message | |
499 | * @c: UBIFS file-system description object | |
500 | * @hmac: The HMAC of the well known message | |
501 | * | |
502 | * This function creates a HMAC of a well known message. This is used | |
503 | * to check if the provided key is suitable to authenticate a UBIFS | |
504 | * image. This is only a convenience to the user to provide a better | |
505 | * error message when the wrong key is provided. | |
506 | * | |
507 | * This function returns 0 for success or a negative error code otherwise. | |
508 | */ | |
509 | int ubifs_hmac_wkm(struct ubifs_info *c, u8 *hmac) | |
510 | { | |
511 | SHASH_DESC_ON_STACK(shash, c->hmac_tfm); | |
512 | int err; | |
513 | const char well_known_message[] = "UBIFS"; | |
514 | ||
515 | if (!ubifs_authenticated(c)) | |
516 | return 0; | |
517 | ||
518 | shash->tfm = c->hmac_tfm; | |
49525e5e SH |
519 | |
520 | err = crypto_shash_init(shash); | |
521 | if (err) | |
522 | return err; | |
523 | ||
524 | err = crypto_shash_update(shash, well_known_message, | |
525 | sizeof(well_known_message) - 1); | |
526 | if (err < 0) | |
527 | return err; | |
528 | ||
529 | err = crypto_shash_final(shash, hmac); | |
530 | if (err) | |
531 | return err; | |
532 | return 0; | |
533 | } | |
817aa094 SH |
534 | |
535 | /* | |
536 | * ubifs_hmac_zero - test if a HMAC is zero | |
537 | * @c: UBIFS file-system description object | |
538 | * @hmac: the HMAC to test | |
539 | * | |
540 | * This function tests if a HMAC is zero and returns true if it is | |
541 | * and false otherwise. | |
542 | */ | |
543 | bool ubifs_hmac_zero(struct ubifs_info *c, const u8 *hmac) | |
544 | { | |
545 | return !memchr_inv(hmac, 0, c->hmac_desc_len); | |
546 | } |