diff options
| author | Richard Weinberger <richard@nod.at> | 2018-10-18 16:36:52 +0200 | 
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2018-11-01 12:39:06 +0100 | 
| commit | dbdc4adb939c15b1b342dc0a48a994bc83148c16 (patch) | |
| tree | de038b1d8f66f0bba9d108ba58714080c3efecfa /ubifs-utils | |
| parent | a767dd3001180c0def0dbbdd789bc7f8f6197bf8 (diff) | |
mkfs.ubifs: Implement file contents encryption
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'ubifs-utils')
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 39 | 
1 files changed, 36 insertions, 3 deletions
| diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index 4ffd8fd..b7d68c6 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -1817,10 +1817,9 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum,  		}  		/* Make data node */  		memset(dn, 0, UBIFS_DATA_NODE_SZ); -		data_key_init(&key, inum, block_no++); +		data_key_init(&key, inum, block_no);  		dn->ch.node_type = UBIFS_DATA_NODE;  		key_write(&key, &dn->key); -		dn->size = cpu_to_le32(bytes_read);  		out_len = NODE_BUFFER_SIZE - UBIFS_DATA_NODE_SZ;  		if (c->default_compr == UBIFS_COMPR_NONE &&  		    (flags & FS_COMPR_FL)) @@ -1834,7 +1833,39 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum,  		compr_type = compress_data(buf, bytes_read, &dn->data,  					   &out_len, use_compr);  		dn->compr_type = cpu_to_le16(compr_type); -		//TODO: encrypt +		dn->size = cpu_to_le32(bytes_read); + +		if (!fctx) { +			dn->compr_size = 0; +		} else { +			void *inbuf, *outbuf, *crypt_key; +			size_t ret, pad_len = round_up(out_len, FS_CRYPTO_BLOCK_SIZE); + +			dn->compr_size = out_len; + +			inbuf = xzalloc(pad_len); +			outbuf = xzalloc(pad_len); + +			memcpy(inbuf, &dn->data, out_len); + +			crypt_key = calc_fscrypt_subkey(fctx); +			if (!crypt_key) +				return err_msg("could not compute subkey"); + +			ret = encrypt_block_aes128_cbc(inbuf, pad_len, crypt_key, block_no, +						       outbuf); +			if (ret != pad_len) +				return err_msg("encrypt_block_aes128_cbc returned %zi instead of %zi", ret, pad_len); + +			memcpy(&dn->data, outbuf, pad_len); + +			out_len = pad_len; + +			free(inbuf); +			free(outbuf); +			free(crypt_key); +		} +  		dn_len = UBIFS_DATA_NODE_SZ + out_len;  		/* Add data node to file system */  		err = add_node(&key, NULL, 0, dn, dn_len); @@ -1842,6 +1873,8 @@ static int add_file(const char *path_name, struct stat *st, ino_t inum,  			close(fd);  			return err;  		} + +		block_no++;  	} while (ret != 0);  	if (close(fd) == -1) | 
