diff options
| author | Sascha Hauer <s.hauer@pengutronix.de> | 2019-08-06 12:49:28 +0200 |
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2019-08-19 09:27:00 +0200 |
| commit | a739b59efe7996e3bdcbe8b17743dc05ac7c110a (patch) | |
| tree | 863ad65c25a5bcb9be3e5a170465ddc384d7b87b /ubifs-utils/mkfs.ubifs/sign.h | |
| parent | 3ef262739a826deb27262929b88f36db6f923e7f (diff) | |
mkfs.ubifs: Add authentication support
This adds support for authenticated UBIFS images. In authenticated
images all UBIFS nodes are hashed as described in the UBIFS
authentication whitepaper. Additionally the superblock node contains a
hash of the master node and itself is cryptographically signed in a node
following the superblock node. The signature is in PKCS #7 CMS format.
To generate an authenticated image these options are necessary:
--hash-algo=NAME hash algorithm to use for signed images
(Valid options include sha1, sha256, sha512)
--auth-key=FILE filename or PKCS #11 uri containing the authentication key
for signing
--auth-cert=FILE Authentication certificate filename for signing. Unused
when certificate is provided via PKCS #11
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'ubifs-utils/mkfs.ubifs/sign.h')
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/sign.h | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/ubifs-utils/mkfs.ubifs/sign.h b/ubifs-utils/mkfs.ubifs/sign.h new file mode 100644 index 0000000..fe9fdd8 --- /dev/null +++ b/ubifs-utils/mkfs.ubifs/sign.h @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2018 Pengutronix + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + * Author: Sascha Hauer + */ + +#ifndef __UBIFS_SIGN_H__ +#define __UBIFS_SIGN_H__ + +#ifdef WITH_CRYPTO +#include <openssl/evp.h> + +void ubifs_node_calc_hash(const void *node, uint8_t *hash); +void mst_node_calc_hash(const void *node, uint8_t *hash); +void hash_digest_init(void); +void hash_digest_update(const void *buf, int len); +void hash_digest_final(void *hash, unsigned int *len); +int init_authentication(void); +int sign_superblock_node(void *node); +int authenticated(void); + +extern EVP_MD_CTX *hash_md; +extern const EVP_MD *md; + +#else +static inline void ubifs_node_calc_hash(__attribute__((unused)) const void *node, + __attribute__((unused)) uint8_t *hash) +{ +} + +static inline void mst_node_calc_hash(__attribute__((unused)) const void *node, + __attribute__((unused)) uint8_t *hash) +{ +} + +static inline void hash_digest_init(void) +{ +} + +static inline void hash_digest_update(__attribute__((unused)) const void *buf, + __attribute__((unused)) int len) +{ +} + +static inline void hash_digest_final(__attribute__((unused)) void *hash, + __attribute__((unused)) unsigned int *len) +{ +} + +static inline int init_authentication(void) +{ + return 0; +} + +static inline int sign_superblock_node(__attribute__((unused)) void *node) +{ + return 0; +} + +static inline int authenticated(void) +{ + return 0; +} + +#endif + +#endif /* __UBIFS_SIGN_H__ */ |