auth.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * This file is part of UBIFS.
  4. *
  5. * Copyright (C) 2018 Pengutronix, Sascha Hauer <s.hauer@pengutronix.de>
  6. */
  7. /*
  8. * This file implements various helper functions for UBIFS authentication support
  9. */
  10. #include <linux/verification.h>
  11. #include <crypto/hash.h>
  12. #include <crypto/utils.h>
  13. #include <keys/user-type.h>
  14. #include <keys/asymmetric-type.h>
  15. #include "ubifs.h"
  16. /**
  17. * __ubifs_node_calc_hash - calculate the hash of a UBIFS node
  18. * @c: UBIFS file-system description object
  19. * @node: the node to calculate a hash for
  20. * @hash: the returned hash
  21. *
  22. * Returns 0 for success or a negative error code otherwise.
  23. */
  24. int __ubifs_node_calc_hash(const struct ubifs_info *c, const void *node,
  25. u8 *hash)
  26. {
  27. const struct ubifs_ch *ch = node;
  28. return crypto_shash_tfm_digest(c->hash_tfm, node, le32_to_cpu(ch->len),
  29. hash);
  30. }
  31. /**
  32. * ubifs_hash_calc_hmac - calculate a HMAC from a hash
  33. * @c: UBIFS file-system description object
  34. * @hash: the node to calculate a HMAC for
  35. * @hmac: the returned HMAC
  36. *
  37. * Returns 0 for success or a negative error code otherwise.
  38. */
  39. static int ubifs_hash_calc_hmac(const struct ubifs_info *c, const u8 *hash,
  40. u8 *hmac)
  41. {
  42. return crypto_shash_tfm_digest(c->hmac_tfm, hash, c->hash_len, hmac);
  43. }
  44. /**
  45. * ubifs_prepare_auth_node - Prepare an authentication node
  46. * @c: UBIFS file-system description object
  47. * @node: the node to calculate a hash for
  48. * @inhash: input hash of previous nodes
  49. *
  50. * This function prepares an authentication node for writing onto flash.
  51. * It creates a HMAC from the given input hash and writes it to the node.
  52. *
  53. * Returns 0 for success or a negative error code otherwise.
  54. */
  55. int ubifs_prepare_auth_node(struct ubifs_info *c, void *node,
  56. struct shash_desc *inhash)
  57. {
  58. struct ubifs_auth_node *auth = node;
  59. u8 hash[UBIFS_HASH_ARR_SZ];
  60. int err;
  61. {
  62. SHASH_DESC_ON_STACK(hash_desc, c->hash_tfm);
  63. hash_desc->tfm = c->hash_tfm;
  64. ubifs_shash_copy_state(c, inhash, hash_desc);
  65. err = crypto_shash_final(hash_desc, hash);
  66. if (err)
  67. return err;
  68. }
  69. err = ubifs_hash_calc_hmac(c, hash, auth->hmac);
  70. if (err)
  71. return err;
  72. auth->ch.node_type = UBIFS_AUTH_NODE;
  73. ubifs_prepare_node(c, auth, ubifs_auth_node_sz(c), 0);
  74. return 0;
  75. }
  76. static struct shash_desc *ubifs_get_desc(const struct ubifs_info *c,
  77. struct crypto_shash *tfm)
  78. {
  79. struct shash_desc *desc;
  80. int err;
  81. if (!ubifs_authenticated(c))
  82. return NULL;
  83. desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL);
  84. if (!desc)
  85. return ERR_PTR(-ENOMEM);
  86. desc->tfm = tfm;
  87. err = crypto_shash_init(desc);
  88. if (err) {
  89. kfree(desc);
  90. return ERR_PTR(err);
  91. }
  92. return desc;
  93. }
  94. /**
  95. * __ubifs_hash_get_desc - get a descriptor suitable for hashing a node
  96. * @c: UBIFS file-system description object
  97. *
  98. * This function returns a descriptor suitable for hashing a node. Free after use
  99. * with kfree.
  100. */
  101. struct shash_desc *__ubifs_hash_get_desc(const struct ubifs_info *c)
  102. {
  103. return ubifs_get_desc(c, c->hash_tfm);
  104. }
  105. /**
  106. * ubifs_bad_hash - Report hash mismatches
  107. * @c: UBIFS file-system description object
  108. * @node: the node
  109. * @hash: the expected hash
  110. * @lnum: the LEB @node was read from
  111. * @offs: offset in LEB @node was read from
  112. *
  113. * This function reports a hash mismatch when a node has a different hash than
  114. * expected.
  115. */
  116. void ubifs_bad_hash(const struct ubifs_info *c, const void *node, const u8 *hash,
  117. int lnum, int offs)
  118. {
  119. int len = min(c->hash_len, 20);
  120. int cropped = len != c->hash_len;
  121. const char *cont = cropped ? "..." : "";
  122. u8 calc[UBIFS_HASH_ARR_SZ];
  123. __ubifs_node_calc_hash(c, node, calc);
  124. ubifs_err(c, "hash mismatch on node at LEB %d:%d", lnum, offs);
  125. ubifs_err(c, "hash expected: %*ph%s", len, hash, cont);
  126. ubifs_err(c, "hash calculated: %*ph%s", len, calc, cont);
  127. }
  128. /**
  129. * __ubifs_node_check_hash - check the hash of a node against given hash
  130. * @c: UBIFS file-system description object
  131. * @node: the node
  132. * @expected: the expected hash
  133. *
  134. * This function calculates a hash over a node and compares it to the given hash.
  135. * Returns 0 if both hashes are equal or authentication is disabled, otherwise a
  136. * negative error code is returned.
  137. */
  138. int __ubifs_node_check_hash(const struct ubifs_info *c, const void *node,
  139. const u8 *expected)
  140. {
  141. u8 calc[UBIFS_HASH_ARR_SZ];
  142. int err;
  143. err = __ubifs_node_calc_hash(c, node, calc);
  144. if (err)
  145. return err;
  146. if (ubifs_check_hash(c, expected, calc))
  147. return -EPERM;
  148. return 0;
  149. }
  150. /**
  151. * ubifs_sb_verify_signature - verify the signature of a superblock
  152. * @c: UBIFS file-system description object
  153. * @sup: The superblock node
  154. *
  155. * To support offline signed images the superblock can be signed with a
  156. * PKCS#7 signature. The signature is placed directly behind the superblock
  157. * node in an ubifs_sig_node.
  158. *
  159. * Returns 0 when the signature can be successfully verified or a negative
  160. * error code if not.
  161. */
  162. int ubifs_sb_verify_signature(struct ubifs_info *c,
  163. const struct ubifs_sb_node *sup)
  164. {
  165. int err;
  166. struct ubifs_scan_leb *sleb;
  167. struct ubifs_scan_node *snod;
  168. const struct ubifs_sig_node *signode;
  169. sleb = ubifs_scan(c, UBIFS_SB_LNUM, UBIFS_SB_NODE_SZ, c->sbuf, 0);
  170. if (IS_ERR(sleb)) {
  171. err = PTR_ERR(sleb);
  172. return err;
  173. }
  174. if (sleb->nodes_cnt == 0) {
  175. ubifs_err(c, "Unable to find signature node");
  176. err = -EINVAL;
  177. goto out_destroy;
  178. }
  179. snod = list_first_entry(&sleb->nodes, struct ubifs_scan_node, list);
  180. if (snod->type != UBIFS_SIG_NODE) {
  181. ubifs_err(c, "Signature node is of wrong type");
  182. err = -EINVAL;
  183. goto out_destroy;
  184. }
  185. signode = snod->node;
  186. if (le32_to_cpu(signode->len) > snod->len + sizeof(struct ubifs_sig_node)) {
  187. ubifs_err(c, "invalid signature len %d", le32_to_cpu(signode->len));
  188. err = -EINVAL;
  189. goto out_destroy;
  190. }
  191. if (le32_to_cpu(signode->type) != UBIFS_SIGNATURE_TYPE_PKCS7) {
  192. ubifs_err(c, "Signature type %d is not supported\n",
  193. le32_to_cpu(signode->type));
  194. err = -EINVAL;
  195. goto out_destroy;
  196. }
  197. err = verify_pkcs7_signature(sup, sizeof(struct ubifs_sb_node),
  198. signode->sig, le32_to_cpu(signode->len),
  199. NULL, VERIFYING_UNSPECIFIED_SIGNATURE,
  200. NULL, NULL);
  201. if (err)
  202. ubifs_err(c, "Failed to verify signature");
  203. else
  204. ubifs_msg(c, "Successfully verified super block signature");
  205. out_destroy:
  206. ubifs_scan_destroy(sleb);
  207. return err;
  208. }
  209. /**
  210. * ubifs_init_authentication - initialize UBIFS authentication support
  211. * @c: UBIFS file-system description object
  212. *
  213. * This function returns 0 for success or a negative error code otherwise.
  214. */
  215. int ubifs_init_authentication(struct ubifs_info *c)
  216. {
  217. struct key *keyring_key;
  218. const struct user_key_payload *ukp;
  219. int err;
  220. char hmac_name[CRYPTO_MAX_ALG_NAME];
  221. if (!c->auth_hash_name) {
  222. ubifs_err(c, "authentication hash name needed with authentication");
  223. return -EINVAL;
  224. }
  225. c->auth_hash_algo = match_string(hash_algo_name, HASH_ALGO__LAST,
  226. c->auth_hash_name);
  227. if ((int)c->auth_hash_algo < 0) {
  228. ubifs_err(c, "Unknown hash algo %s specified",
  229. c->auth_hash_name);
  230. return -EINVAL;
  231. }
  232. snprintf(hmac_name, CRYPTO_MAX_ALG_NAME, "hmac(%s)",
  233. c->auth_hash_name);
  234. keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL);
  235. if (IS_ERR(keyring_key)) {
  236. ubifs_err(c, "Failed to request key: %ld",
  237. PTR_ERR(keyring_key));
  238. return PTR_ERR(keyring_key);
  239. }
  240. down_read(&keyring_key->sem);
  241. if (keyring_key->type != &key_type_logon) {
  242. ubifs_err(c, "key type must be logon");
  243. err = -ENOKEY;
  244. goto out;
  245. }
  246. ukp = user_key_payload_locked(keyring_key);
  247. if (!ukp) {
  248. /* key was revoked before we acquired its semaphore */
  249. err = -EKEYREVOKED;
  250. goto out;
  251. }
  252. c->hash_tfm = crypto_alloc_shash(c->auth_hash_name, 0, 0);
  253. if (IS_ERR(c->hash_tfm)) {
  254. err = PTR_ERR(c->hash_tfm);
  255. ubifs_err(c, "Can not allocate %s: %d",
  256. c->auth_hash_name, err);
  257. goto out;
  258. }
  259. c->hash_len = crypto_shash_digestsize(c->hash_tfm);
  260. if (c->hash_len > UBIFS_HASH_ARR_SZ) {
  261. ubifs_err(c, "hash %s is bigger than maximum allowed hash size (%d > %d)",
  262. c->auth_hash_name, c->hash_len, UBIFS_HASH_ARR_SZ);
  263. err = -EINVAL;
  264. goto out_free_hash;
  265. }
  266. c->hmac_tfm = crypto_alloc_shash(hmac_name, 0, 0);
  267. if (IS_ERR(c->hmac_tfm)) {
  268. err = PTR_ERR(c->hmac_tfm);
  269. ubifs_err(c, "Can not allocate %s: %d", hmac_name, err);
  270. goto out_free_hash;
  271. }
  272. c->hmac_desc_len = crypto_shash_digestsize(c->hmac_tfm);
  273. if (c->hmac_desc_len > UBIFS_HMAC_ARR_SZ) {
  274. ubifs_err(c, "hmac %s is bigger than maximum allowed hmac size (%d > %d)",
  275. hmac_name, c->hmac_desc_len, UBIFS_HMAC_ARR_SZ);
  276. err = -EINVAL;
  277. goto out_free_hmac;
  278. }
  279. err = crypto_shash_setkey(c->hmac_tfm, ukp->data, ukp->datalen);
  280. if (err)
  281. goto out_free_hmac;
  282. c->authenticated = true;
  283. c->log_hash = ubifs_hash_get_desc(c);
  284. if (IS_ERR(c->log_hash)) {
  285. err = PTR_ERR(c->log_hash);
  286. goto out_free_hmac;
  287. }
  288. err = 0;
  289. out_free_hmac:
  290. if (err)
  291. crypto_free_shash(c->hmac_tfm);
  292. out_free_hash:
  293. if (err)
  294. crypto_free_shash(c->hash_tfm);
  295. out:
  296. up_read(&keyring_key->sem);
  297. key_put(keyring_key);
  298. return err;
  299. }
  300. /**
  301. * __ubifs_exit_authentication - release resource
  302. * @c: UBIFS file-system description object
  303. *
  304. * This function releases the authentication related resources.
  305. */
  306. void __ubifs_exit_authentication(struct ubifs_info *c)
  307. {
  308. if (!ubifs_authenticated(c))
  309. return;
  310. crypto_free_shash(c->hmac_tfm);
  311. crypto_free_shash(c->hash_tfm);
  312. kfree(c->log_hash);
  313. }
  314. /**
  315. * ubifs_node_calc_hmac - calculate the HMAC of a UBIFS node
  316. * @c: UBIFS file-system description object
  317. * @node: the node to insert a HMAC into.
  318. * @len: the length of the node
  319. * @ofs_hmac: the offset in the node where the HMAC is inserted
  320. * @hmac: returned HMAC
  321. *
  322. * This function calculates a HMAC of a UBIFS node. The HMAC is expected to be
  323. * embedded into the node, so this area is not covered by the HMAC. Also not
  324. * covered is the UBIFS_NODE_MAGIC and the CRC of the node.
  325. */
  326. static int ubifs_node_calc_hmac(const struct ubifs_info *c, const void *node,
  327. int len, int ofs_hmac, void *hmac)
  328. {
  329. SHASH_DESC_ON_STACK(shash, c->hmac_tfm);
  330. int hmac_len = c->hmac_desc_len;
  331. int err;
  332. ubifs_assert(c, ofs_hmac > 8);
  333. ubifs_assert(c, ofs_hmac + hmac_len < len);
  334. shash->tfm = c->hmac_tfm;
  335. err = crypto_shash_init(shash);
  336. if (err)
  337. return err;
  338. /* behind common node header CRC up to HMAC begin */
  339. err = crypto_shash_update(shash, node + 8, ofs_hmac - 8);
  340. if (err < 0)
  341. return err;
  342. /* behind HMAC, if any */
  343. if (len - ofs_hmac - hmac_len > 0) {
  344. err = crypto_shash_update(shash, node + ofs_hmac + hmac_len,
  345. len - ofs_hmac - hmac_len);
  346. if (err < 0)
  347. return err;
  348. }
  349. return crypto_shash_final(shash, hmac);
  350. }
  351. /**
  352. * __ubifs_node_insert_hmac - insert a HMAC into a UBIFS node
  353. * @c: UBIFS file-system description object
  354. * @node: the node to insert a HMAC into.
  355. * @len: the length of the node
  356. * @ofs_hmac: the offset in the node where the HMAC is inserted
  357. *
  358. * This function inserts a HMAC at offset @ofs_hmac into the node given in
  359. * @node.
  360. *
  361. * This function returns 0 for success or a negative error code otherwise.
  362. */
  363. int __ubifs_node_insert_hmac(const struct ubifs_info *c, void *node, int len,
  364. int ofs_hmac)
  365. {
  366. return ubifs_node_calc_hmac(c, node, len, ofs_hmac, node + ofs_hmac);
  367. }
  368. /**
  369. * __ubifs_node_verify_hmac - verify the HMAC of UBIFS node
  370. * @c: UBIFS file-system description object
  371. * @node: the node to insert a HMAC into.
  372. * @len: the length of the node
  373. * @ofs_hmac: the offset in the node where the HMAC is inserted
  374. *
  375. * This function verifies the HMAC at offset @ofs_hmac of the node given in
  376. * @node. Returns 0 if successful or a negative error code otherwise.
  377. */
  378. int __ubifs_node_verify_hmac(const struct ubifs_info *c, const void *node,
  379. int len, int ofs_hmac)
  380. {
  381. int hmac_len = c->hmac_desc_len;
  382. u8 *hmac;
  383. int err;
  384. hmac = kmalloc(hmac_len, GFP_NOFS);
  385. if (!hmac)
  386. return -ENOMEM;
  387. err = ubifs_node_calc_hmac(c, node, len, ofs_hmac, hmac);
  388. if (err) {
  389. kfree(hmac);
  390. return err;
  391. }
  392. err = crypto_memneq(hmac, node + ofs_hmac, hmac_len);
  393. kfree(hmac);
  394. if (!err)
  395. return 0;
  396. return -EPERM;
  397. }
  398. int __ubifs_shash_copy_state(const struct ubifs_info *c, struct shash_desc *src,
  399. struct shash_desc *target)
  400. {
  401. u8 *state;
  402. int err;
  403. state = kmalloc(crypto_shash_descsize(src->tfm), GFP_NOFS);
  404. if (!state)
  405. return -ENOMEM;
  406. err = crypto_shash_export(src, state);
  407. if (err)
  408. goto out;
  409. err = crypto_shash_import(target, state);
  410. out:
  411. kfree(state);
  412. return err;
  413. }
  414. /**
  415. * ubifs_hmac_wkm - Create a HMAC of the well known message
  416. * @c: UBIFS file-system description object
  417. * @hmac: The HMAC of the well known message
  418. *
  419. * This function creates a HMAC of a well known message. This is used
  420. * to check if the provided key is suitable to authenticate a UBIFS
  421. * image. This is only a convenience to the user to provide a better
  422. * error message when the wrong key is provided.
  423. *
  424. * This function returns 0 for success or a negative error code otherwise.
  425. */
  426. int ubifs_hmac_wkm(struct ubifs_info *c, u8 *hmac)
  427. {
  428. const char well_known_message[] = "UBIFS";
  429. if (!ubifs_authenticated(c))
  430. return 0;
  431. return crypto_shash_tfm_digest(c->hmac_tfm, well_known_message,
  432. sizeof(well_known_message) - 1, hmac);
  433. }
  434. /*
  435. * ubifs_hmac_zero - test if a HMAC is zero
  436. * @c: UBIFS file-system description object
  437. * @hmac: the HMAC to test
  438. *
  439. * This function tests if a HMAC is zero and returns true if it is
  440. * and false otherwise.
  441. */
  442. bool ubifs_hmac_zero(struct ubifs_info *c, const u8 *hmac)
  443. {
  444. return !memchr_inv(hmac, 0, c->hmac_desc_len);
  445. }