diff options
Diffstat (limited to 'ubifs-utils')
| -rw-r--r-- | ubifs-utils/Makemodule.am | 10 | ||||
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/crypto.h | 11 | ||||
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/fscrypt.h | 65 | ||||
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/mkfs.ubifs.c | 56 |
4 files changed, 120 insertions, 22 deletions
diff --git a/ubifs-utils/Makemodule.am b/ubifs-utils/Makemodule.am index 5905a2b..b8e4075 100644 --- a/ubifs-utils/Makemodule.am +++ b/ubifs-utils/Makemodule.am @@ -10,15 +10,19 @@ mkfs_ubifs_SOURCES = \ ubifs-utils/mkfs.ubifs/crc16.c \ ubifs-utils/mkfs.ubifs/lpt.c \ ubifs-utils/mkfs.ubifs/compr.c \ - ubifs-utils/mkfs.ubifs/crypto.c \ - ubifs-utils/mkfs.ubifs/fscrypt.c \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_private.h \ ubifs-utils/mkfs.ubifs/hashtable/hashtable.c \ ubifs-utils/mkfs.ubifs/hashtable/hashtable_itr.c \ ubifs-utils/mkfs.ubifs/devtable.c -mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) -lm -lssl -lcrypto + +if WITH_CRYPTO +mkfs_ubifs_SOURCES += ubifs-utils/mkfs.ubifs/crypto.c \ + ubifs-utils/mkfs.ubifs/fscrypt.c +endif + +mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) $(OPENSSL_LIBS) -lm mkfs_ubifs_CPPFLAGS = $(AM_CPPFLAGS) $(ZLIB_CFLAGS) $(LZO_CFLAGS) $(UUID_CFLAGS) $(LIBSELINUX_CFLAGS)\ -I$(top_srcdir)/ubi-utils/include -I$(top_srcdir)/ubifs-utils/mkfs.ubifs/ diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index f275839..b6ffad1 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -41,19 +41,18 @@ struct cipher { unsigned int fscrypt_fname_mode; }; - +#ifdef WITH_CRYPTO int crypto_init(void); - void crypto_cleanup(void); - ssize_t derive_key_aes(const void *deriving_key, const void *source_key, size_t source_key_len, void *derived_key); - int derive_key_descriptor(const void *source_key, void *descriptor); - struct cipher *get_cipher(const char *name); - void list_ciphers(FILE *fp); +#else +static inline int crypto_init(void) { return 0;} +static inline void crypto_cleanup(void) {} +#endif /* WITH_CRYPTO */ #endif /* UBIFS_CRYPTO_H */ diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index e3cfee5..3b717b4 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -97,27 +97,76 @@ struct fscrypt_symlink_data { #define FS_IV_SIZE 16 #endif +#ifdef WITH_CRYPTO unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx); - struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx); - void free_fscrypt_context(struct fscrypt_context *fctx); - void print_fscrypt_master_key_descriptor(struct fscrypt_context *fctx); - unsigned int fscrypt_fname_encrypted_size(struct fscrypt_context *fctx, unsigned int ilen); - int encrypt_path(void **outbuf, void *data, unsigned int data_len, unsigned int max_namelen, struct fscrypt_context *fctx); - int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no, struct ubifs_data_node *dn, size_t length); - struct fscrypt_context *init_fscrypt_context(const char *cipher_name, unsigned int flags, const char *key_file, const char *key_descriptor); - +#else +static inline struct fscrypt_context *init_fscrypt_context( + const char *cipher_name, + unsigned int flags, + const char *key_file, + const char *key_descriptor) +{ + (void)cipher_name; + (void)flags; + (void)key_file; + (void)key_descriptor; + + assert(0); + return NULL; +} + +static inline void free_fscrypt_context(struct fscrypt_context *fctx) +{ + (void)fctx; + + assert(0); +} + +static inline int encrypt_path(void **outbuf, void *data, unsigned int data_len, + unsigned int max_namelen, struct fscrypt_context *fctx) +{ + (void)outbuf; + (void)data; + (void)data_len; + (void)max_namelen; + (void)fctx; + + assert(0); + return -1; +} + +static inline int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no, + struct ubifs_data_node *dn, size_t length) +{ + (void)fctx; + (void)block_no; + (void)dn; + (void)length; + + assert(0); + return -1; +} + +static inline struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx) +{ + (void)fctx; + + assert(0); + return NULL; +} +#endif /* WITH_CRYPTO */ #endif /* FSCRYPT_H */ diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c index e4204da..7073bf0 100644 --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c @@ -508,9 +508,12 @@ static int get_options(int argc, char**argv) { int opt, i, fscrypt_flags = FS_POLICY_FLAGS_PAD_4; const char *key_file = NULL, *key_desc = NULL; - const char *tbl_file = NULL, *cipher_name = "AES-128-CBC"; + const char *tbl_file = NULL; struct stat st; char *endp; +#ifdef WITH_CRYPTO + const char *cipher_name; +#endif c->fanout = 8; c->orph_lebs = 1; @@ -587,8 +590,10 @@ static int get_options(int argc, char**argv) exit(EXIT_SUCCESS); case '?': printf("%s", helptext); +#ifdef WITH_CRYPTO printf("\n\nSupported ciphers:\n"); list_ciphers(stdout); +#endif exit(-1); case 'v': verbose = 1; @@ -729,7 +734,11 @@ static int get_options(int argc, char**argv) break; } case 'C': +#ifdef WITH_CRYPTO cipher_name = optarg; +#else + return err_msg("mkfs.ubifs was built without crypto support."); +#endif break; } } @@ -748,20 +757,26 @@ static int get_options(int argc, char**argv) if (c->max_leb_cnt == -1) c->max_leb_cnt = c->vi.rsvd_lebs; } - if (key_file || key_desc) { +#ifdef WITH_CRYPTO if (!key_file) return err_msg("no key file specified"); c->double_hash = 1; c->encrypted = 1; + if (cipher_name == NULL) + cipher_name = "AES-128-CBC"; + root_fctx = init_fscrypt_context(cipher_name, fscrypt_flags, key_file, key_desc); if (!root_fctx) return -1; print_fscrypt_master_key_descriptor(root_fctx); +#else + return err_msg("mkfs.ubifs was built without crypto support."); +#endif } if (c->min_io_size == -1) @@ -1385,6 +1400,7 @@ static inline int inode_add_selinux_xattr(struct ubifs_ino_node *host_ino, } #endif +#ifdef WITH_CRYPTO static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, struct stat *host_st, struct fscrypt_context *fctx) @@ -1421,6 +1437,31 @@ static int encrypt_symlink(void *dst, void *data, unsigned int data_len, free(sd); return link_disk_len; } +#else +static int set_fscrypt_context(struct ubifs_ino_node *host_ino, ino_t inum, + struct stat *host_st, + struct fscrypt_context *fctx) +{ + (void)host_ino; + (void)inum; + (void)host_st; + (void)fctx; + + assert(0); + return -1; +} +static int encrypt_symlink(void *dst, void *data, unsigned int data_len, + struct fscrypt_context *fctx) +{ + (void)dst; + (void)data; + (void)data_len; + (void)fctx; + + assert(0); + return -1; +} +#endif /** * add_inode - write an inode. @@ -1582,9 +1623,11 @@ static int add_symlink_inode(const char *path_name, struct stat *st, ino_t inum, static void set_dent_cookie(struct ubifs_dent_node *dent) { +#ifdef WITH_CRYPTO if (c->double_hash) RAND_bytes((void *)&dent->cookie, sizeof(dent->cookie)); else +#endif dent->cookie = 0; } @@ -1981,7 +2024,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, inum = ++c->highest_inum; - new_fctx = inherit_fscrypt_context(fctx); + if (fctx) + new_fctx = inherit_fscrypt_context(fctx); if (S_ISDIR(dent_st.st_mode)) { err = add_directory(name, inum, &dent_st, 1, new_fctx); @@ -2006,7 +2050,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(entry->d_name) + 1, 8); - free_fscrypt_context(new_fctx); + if (new_fctx) + free_fscrypt_context(new_fctx); } /* @@ -2068,7 +2113,8 @@ static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st, size += ALIGN(UBIFS_DENT_NODE_SZ + strlen(nh_elt->name) + 1, 8); nh_elt = next_name_htbl_element(ph_elt, &itr); - free_fscrypt_context(new_fctx); + if (new_fctx) + free_fscrypt_context(new_fctx); } creat_sqnum = dir_creat_sqnum; |