summaryrefslogtreecommitdiff
path: root/ubifs-utils/mkfs.ubifs/lpt.c
diff options
context:
space:
mode:
authorSascha Hauer <s.hauer@pengutronix.de>2019-08-06 12:49:28 +0200
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-08-19 09:27:00 +0200
commita739b59efe7996e3bdcbe8b17743dc05ac7c110a (patch)
tree863ad65c25a5bcb9be3e5a170465ddc384d7b87b /ubifs-utils/mkfs.ubifs/lpt.c
parent3ef262739a826deb27262929b88f36db6f923e7f (diff)
mkfs.ubifs: Add authentication support
This adds support for authenticated UBIFS images. In authenticated images all UBIFS nodes are hashed as described in the UBIFS authentication whitepaper. Additionally the superblock node contains a hash of the master node and itself is cryptographically signed in a node following the superblock node. The signature is in PKCS #7 CMS format. To generate an authenticated image these options are necessary: --hash-algo=NAME hash algorithm to use for signed images (Valid options include sha1, sha256, sha512) --auth-key=FILE filename or PKCS #11 uri containing the authentication key for signing --auth-cert=FILE Authentication certificate filename for signing. Unused when certificate is provided via PKCS #11 Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'ubifs-utils/mkfs.ubifs/lpt.c')
-rw-r--r--ubifs-utils/mkfs.ubifs/lpt.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/ubifs-utils/mkfs.ubifs/lpt.c b/ubifs-utils/mkfs.ubifs/lpt.c
index 6aa0b88..7ee739a 100644
--- a/ubifs-utils/mkfs.ubifs/lpt.c
+++ b/ubifs-utils/mkfs.ubifs/lpt.c
@@ -22,6 +22,10 @@
#include "mkfs.ubifs.h"
+#ifdef WITH_CRYPTO
+#include <openssl/evp.h>
+#endif
+
/**
* do_calc_lpt_geom - calculate sizes for the LPT area.
* @c: the UBIFS file-system description object
@@ -374,6 +378,7 @@ int create_lpt(struct ubifs_info *c)
struct ubifs_nnode *nnode = NULL;
void *buf = NULL, *p;
int *lsave = NULL;
+ unsigned int md_len;
pnode = malloc(sizeof(struct ubifs_pnode));
nnode = malloc(sizeof(struct ubifs_nnode));
@@ -386,6 +391,8 @@ int create_lpt(struct ubifs_info *c)
memset(pnode, 0 , sizeof(struct ubifs_pnode));
memset(nnode, 0 , sizeof(struct ubifs_nnode));
+ hash_digest_init();
+
c->lscan_lnum = c->main_first;
lnum = c->lpt_first;
@@ -429,6 +436,9 @@ int create_lpt(struct ubifs_info *c)
}
}
pack_pnode(c, p, pnode);
+
+ hash_digest_update(p, c->pnode_sz);
+
p += c->pnode_sz;
len += c->pnode_sz;
/*
@@ -439,6 +449,8 @@ int create_lpt(struct ubifs_info *c)
pnode->num += 1;
}
+ hash_digest_final(c->lpt_hash, &md_len);
+
row = c->lpt_hght - 1;
/* Add all nnodes, one level at a time */
while (1) {