diff options
| author | Sascha Hauer <s.hauer@pengutronix.de> | 2019-08-06 12:49:28 +0200 |
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2019-08-19 09:27:00 +0200 |
| commit | a739b59efe7996e3bdcbe8b17743dc05ac7c110a (patch) | |
| tree | 863ad65c25a5bcb9be3e5a170465ddc384d7b87b /ubifs-utils/mkfs.ubifs/lpt.c | |
| parent | 3ef262739a826deb27262929b88f36db6f923e7f (diff) | |
mkfs.ubifs: Add authentication support
This adds support for authenticated UBIFS images. In authenticated
images all UBIFS nodes are hashed as described in the UBIFS
authentication whitepaper. Additionally the superblock node contains a
hash of the master node and itself is cryptographically signed in a node
following the superblock node. The signature is in PKCS #7 CMS format.
To generate an authenticated image these options are necessary:
--hash-algo=NAME hash algorithm to use for signed images
(Valid options include sha1, sha256, sha512)
--auth-key=FILE filename or PKCS #11 uri containing the authentication key
for signing
--auth-cert=FILE Authentication certificate filename for signing. Unused
when certificate is provided via PKCS #11
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'ubifs-utils/mkfs.ubifs/lpt.c')
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/lpt.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/ubifs-utils/mkfs.ubifs/lpt.c b/ubifs-utils/mkfs.ubifs/lpt.c index 6aa0b88..7ee739a 100644 --- a/ubifs-utils/mkfs.ubifs/lpt.c +++ b/ubifs-utils/mkfs.ubifs/lpt.c @@ -22,6 +22,10 @@ #include "mkfs.ubifs.h" +#ifdef WITH_CRYPTO +#include <openssl/evp.h> +#endif + /** * do_calc_lpt_geom - calculate sizes for the LPT area. * @c: the UBIFS file-system description object @@ -374,6 +378,7 @@ int create_lpt(struct ubifs_info *c) struct ubifs_nnode *nnode = NULL; void *buf = NULL, *p; int *lsave = NULL; + unsigned int md_len; pnode = malloc(sizeof(struct ubifs_pnode)); nnode = malloc(sizeof(struct ubifs_nnode)); @@ -386,6 +391,8 @@ int create_lpt(struct ubifs_info *c) memset(pnode, 0 , sizeof(struct ubifs_pnode)); memset(nnode, 0 , sizeof(struct ubifs_nnode)); + hash_digest_init(); + c->lscan_lnum = c->main_first; lnum = c->lpt_first; @@ -429,6 +436,9 @@ int create_lpt(struct ubifs_info *c) } } pack_pnode(c, p, pnode); + + hash_digest_update(p, c->pnode_sz); + p += c->pnode_sz; len += c->pnode_sz; /* @@ -439,6 +449,8 @@ int create_lpt(struct ubifs_info *c) pnode->num += 1; } + hash_digest_final(c->lpt_hash, &md_len); + row = c->lpt_hght - 1; /* Add all nnodes, one level at a time */ while (1) { |