aboutsummaryrefslogtreecommitdiff
path: root/ubifs-utils
AgeCommit message (Collapse)Author
2019-04-03mkfs.ubifs: fix regression when trying to store device special filesDavid Oberhollenzer
Commit a767dd30 added a check to add_inode that bails when trying to store extra data in anything other than a symlink. The symlink encryption support added by that commit relies on the assumption. Unfortionately it was overlooked that device special files also store the device number as additional data in the inode. The check added in commit a767dd30 broke support for device files in mkfs.ubifs. This commit adds a quick and dirty fix, moving the check into the fscrypt branch, breaking only the fscrypt version but restoring old functionality for unencrypted file systems. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2019-03-29mkfs.ubifs: fix build without opensslBaruch Siach
Exclude openssl headers when WITH_CRYPTO is not defined. Fixes this build failure: In file included from ubifs-utils/mkfs.ubifs/mkfs.ubifs.c:25:0: ubifs-utils/mkfs.ubifs/mkfs.ubifs.h:49:10: fatal error: openssl/rand.h: No such file or directory #include <openssl/rand.h> ^~~~~~~~~~~~~~~~ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2019-02-11mtd-utils: fixes double free in mkfs.ubifsYufen Yu
In inode_add_xattr(), it malloc a buffer for name, and then passes the bufffer ptr to add_xattr(). The ptr will be used to create a new idx_entry in add_to_index(). However, inode_add_xattr() will free the buffer before return. which can cause double free in write_index(): free(idx_ptr[i]->name) *** Error in `./mkfs.ubifs': double free or corruption (fasttop): 0x0000000000aae220 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7cbac)[0x7f4881ff5bac] /lib64/libc.so.6(+0x87a59)[0x7f4882000a59] /lib64/libc.so.6(cfree+0x16e)[0x7f48820063be] ./mkfs.ubifs[0x402fbf] /lib64/libc.so.6(__libc_start_main+0xea)[0x7f4881f9988a] ./mkfs.ubifs[0x40356a] Signed-off-by: Yufen Yu <yuyufen@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-12-17mkfs.ubifs: fix default cipher in help outputDavid Gstir
AES-256-XTS is the default since dd0d9c623e22 ("mkfs.ubifs: Use AES-256-XTS as default"), we want that to be correctly reflected in the help output as well. Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-09mkfs.ubifs: Don't compress by default if filesystem is encryptedRichard Weinberger
Encryption and compression are not friends. Enable compression in encryption mode only if the user explicitly sets a compressor. Signed-off-by: Richard Weinberger <richard@nod.at> Tested-by: Heiko Schocher <hsdenx.de> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-09mkfs.ubifs: Store compr_size in correct endianness.Richard Weinberger
compr_size has to be in LE16. Signed-off-by: Richard Weinberger <richard@nod.at> Tested-by: Heiko Schocher <hsdenx.de> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-09mkfs.ubifs: Fix IV selectionRichard Weinberger
We need to check for AES being in 128-cbc mode and not 256-cbc. fscrypt supports only 128-cbc and 256-xts so far. Signed-off-by: Richard Weinberger <richard@nod.at> Tested-by: Heiko Schocher <hsdenx.de> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Use AES-256-XTS as defaultRichard Weinberger
AES-128-CBC should only being used when 256-XTS is too slow on low end hardware. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Print key descriptor only when generatedRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Enable support for building without cryptoRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Move RAND_poll to crypto.cRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: More fscryptctl compatibilityRichard Weinberger
fscryptctl reads up to FS_MAX_KEY_SIZE bytes from the source key to compute the descriptor. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Fix key descriptor printingRichard Weinberger
normsg() sucks. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Compute encryption key descriptor automaticallyRichard Weinberger
...if none is given. To be compatible with fscryptctl. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Fixup AES-XTS modeRichard Weinberger
In XTS mode we don't need ESSIV, just use the block number as tweak. Also apply EVP_EncryptFinal(). Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Use correct sizes for keys and hash lengthsRichard Weinberger
This works currently by chance since the sizes match, but that might change with different cipher setups. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Enable Cipher selectionRichard Weinberger
No longer hard code AES-128-CBC, we support AES-256-XTS too. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Correctly use iv lengths in aes-cts modeRichard Weinberger
The key length can be very long, for example in xts mode. So we have to use the right sizes for block and iv lengths. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Accept 0x prefix for key descriptorDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Check length of master keyDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Cleanup over-long linesDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Move fscrypt definitions and functions out of mkfs.ubifs.cDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Remove cipher implementations from public headerDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Initial support for encryption command linesDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Specify padding policy via command lineDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Get key descriptor from command line and master key from fileDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Make encryption dependend on (not-yet-existant) command line optionsDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Replace constant values with parameters in init_fscrypt_contextDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Cleanup add_dent_node, user path encryption helperDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Seperate path encryption from symlink encryption helperDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Free all index entry namesRichard Weinberger
...and make valgrind memcheck happy Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Make sure we catch nodes that should or should not have nameRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Move symlink data encryption to helper functionDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-11-01mkfs.ubifs: Implement file contents encryptionRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Add encrypted symlink supportRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Pass source/dest key len to key derive functionRichard Weinberger
fscrypto is using the max key lenth (64), so we cannot use the AES-128-ECB len. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Add dummy setup for cryptoRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Implement filename encryptionRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Store directory name len in the temporary indexRichard Weinberger
since names are no longer strings, we need to know the length. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Implement fscrypto context store as xattrRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Implement basic fscrypto context passingRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Implement UBIFS_FLG_ENCRYPTIONRichard Weinberger
...and set UBIFS format version Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Add basic fscrypto functionsRichard Weinberger
...maybe we should add them to crypto.c? Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Add fscrypto definesRichard Weinberger
most of them should be UAPI, therefore check using #ifndef Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Make r5 hash binary string awareRichard Weinberger
As of now all filenames known by UBIFS are strings with a NUL terminator. With encrypted filenames a filename can be any binary string and the r5 function cannot search for the NUL terminator. UBIFS always knows how long a filename is, therefore we can change the hash function to iterate over the filename length to work correctly with binary strings. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Implement UBIFS_FLG_DOUBLE_HASHDavid Oberhollenzer
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-11-01mkfs.ubifs: Add crypto helper functionsDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2018-10-02mkfs.ubifs: Fix xattr nlink valueSascha Hauer
The nlink value of a xattr node must always be one, it has nothing to do with the nlink value of the inode the attribute belongs to. The bug can be observed when mounting a mkfs.ubifs generated image which contains xattrs on directories or files with hardlinks to them. When mounting such an image with chk_fs = 1 it fails with: UBIFS error (ubi0:0 pid 1833): dbg_check_filesystem: inode 3308 nlink is 3, but calculated nlink is 1 Another bug that can be triggered is an assertion in ubifs_xattr_remove() which assures that the xattr i_nlink count should be one when the xattr is removed. Fixes: 50044ef ("mkfs.ubifs: Add extended attribute support") Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-10-02mtd-utils: Instead of doing preprocessor magic, just output off_t as long longThorsten Glaser
Fix warnings abot PRIdoff_t in libmtd.c, in mtd_read (and mtd_write): In file included from ../git/lib/libmtd.c:40:0: ../git/lib/libmtd.c: In function 'mtd_read': ../git/include/common.h:110:18: warning: format '%ld' expects argument of type 'long int', but argument 5 has type 'off_t {aka long long int}' [-Wformat=] ../git/include/common.h:120:2: note: in expansion of macro 'errmsg' errmsg(fmt, ##__VA_ARGS__); \ ^~~~~~ ../git/lib/libmtd.c:1082:10: note: in expansion of macro 'sys_errmsg' return sys_errmsg("cannot seek mtd%d to offset %"PRIdoff_t, ^~~~~~~~~~ /usr/lib/klibc/include/inttypes.h:28:17: note: format string is defined here #define PRId32 "d" Signed-off-by: Thorsten Glaser <tg@mirbsd.org> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2018-06-14mkfs.ubifs: Implement selinux labelling support in mkfs.ubifs.Ritesh Harjani
This implements/adds selinux labelling support to mkfs.ubifs utility. It adds an extra option in configure to enable selinux labelling support and then finally in mkfs.ubifs adds an extra option to pass the file_contexts which is looked up for filesystem file labels. - Default behavior is kept without selinux so as to not break existing support where selinux library/headers may not be present. - If this is configured with --with-selinux then XATTR from the file_contexts(passed with --selinux option while mkfs.ubifs) will be taken and not from the host file's xattr. This is done to avoid the problem where the host OS may have selinux enabled and hence same xattr names will be present in both host filesystem files and from the --selinux=file passed. So the existing behavior is kept mutually exclusive and preference is given to selinux xattrs (if configured with --with-selinux). Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>