diff options
| author | Sascha Hauer <s.hauer@pengutronix.de> | 2019-08-06 12:49:28 +0200 |
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2019-08-19 09:27:00 +0200 |
| commit | a739b59efe7996e3bdcbe8b17743dc05ac7c110a (patch) | |
| tree | 863ad65c25a5bcb9be3e5a170465ddc384d7b87b /ubifs-utils/mkfs.ubifs/ubifs.h | |
| parent | 3ef262739a826deb27262929b88f36db6f923e7f (diff) | |
mkfs.ubifs: Add authentication support
This adds support for authenticated UBIFS images. In authenticated
images all UBIFS nodes are hashed as described in the UBIFS
authentication whitepaper. Additionally the superblock node contains a
hash of the master node and itself is cryptographically signed in a node
following the superblock node. The signature is in PKCS #7 CMS format.
To generate an authenticated image these options are necessary:
--hash-algo=NAME hash algorithm to use for signed images
(Valid options include sha1, sha256, sha512)
--auth-key=FILE filename or PKCS #11 uri containing the authentication key
for signing
--auth-cert=FILE Authentication certificate filename for signing. Unused
when certificate is provided via PKCS #11
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'ubifs-utils/mkfs.ubifs/ubifs.h')
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/ubifs.h | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/ubifs-utils/mkfs.ubifs/ubifs.h b/ubifs-utils/mkfs.ubifs/ubifs.h index c26d094..55937ce 100644 --- a/ubifs-utils/mkfs.ubifs/ubifs.h +++ b/ubifs-utils/mkfs.ubifs/ubifs.h @@ -342,6 +342,15 @@ struct ubifs_znode * @lsave_offs: offset of LPT's save table * @lsave: LPT's save table * @lscan_lnum: LEB number of last LPT scan + * + * @hash_algo_name: the name of the hashing algorithm to use + * @hash_algo: The hash algo number (from include/linux/hash_info.h) + * @auth_key_filename: authentication key file name + * @x509_filename: x509 certificate file name for authentication + * @hash_len: the length of the hash + * @root_idx_hash: The hash of the root index node + * @lpt_hash: The hash of the LPT + * @mst_hash: The hash of the master node */ struct ubifs_info { @@ -423,6 +432,14 @@ struct ubifs_info int *lsave; int lscan_lnum; + char *hash_algo_name; + int hash_algo; + char *auth_key_filename; + char *auth_cert_filename; + int hash_len; + uint8_t root_idx_hash[UBIFS_MAX_HASH_LEN]; + uint8_t lpt_hash[UBIFS_MAX_HASH_LEN]; + uint8_t mst_hash[UBIFS_MAX_HASH_LEN]; }; /** @@ -432,7 +449,8 @@ struct ubifs_info */ static inline int ubifs_idx_node_sz(const struct ubifs_info *c, int child_cnt) { - return UBIFS_IDX_NODE_SZ + (UBIFS_BRANCH_SZ + c->key_len) * child_cnt; + return UBIFS_IDX_NODE_SZ + (UBIFS_BRANCH_SZ + c->key_len + c->hash_len) + * child_cnt; } /** @@ -447,7 +465,7 @@ struct ubifs_branch *ubifs_idx_branch(const struct ubifs_info *c, int bnum) { return (struct ubifs_branch *)((void *)idx->branches + - (UBIFS_BRANCH_SZ + c->key_len) * bnum); + (UBIFS_BRANCH_SZ + c->key_len + c->hash_len) * bnum); } #endif /* __UBIFS_H__ */ |