[PATCH v2 2/4] ubifs: support authentication, for ro mount, when no key is given

Fri Jun 26 07:29:05 EDT 2020

Ubifs authentication requires a hmac key, even when a
filesystem is mounted read-only.

Implement ubifs_init_authentication_read_only(),
which only allocates the structures needed for validating
the hashes.

Call ubifs_init_authentication_read_only() when no
auth_key_name is specified, and the filesystem is to be
mounted read only.

Fixup __ubifs_exit_authentication() to free c->hmac_tfm only
when !c->ro_mount.

Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
---
 fs/ubifs/auth.c  | 61 +++++++++++++++++++++++++++++++++++++++++++++++-
 fs/ubifs/sb.c    |  4 ++++
 fs/ubifs/super.c | 19 ++++++++++++++-
 fs/ubifs/ubifs.h |  1 +
 4 files changed, 83 insertions(+), 2 deletions(-)

diff --git a/fs/ubifs/auth.c b/fs/ubifs/auth.c
index cc5c0abfd536..52ce7a2218a5 100644
--- a/fs/ubifs/auth.c
+++ b/fs/ubifs/auth.c
@@ -248,6 +248,61 @@ int ubifs_sb_verify_signature(struct ubifs_info *c,
 	return err;
 }
 
+/**
+ * ubifs_init_authentication_read_only - init only the read_only parts
+ *
+ * @c: UBIFS file-system description object
+ *
+ * This function returns 0 for success or a negative error code otherwise.
+ */
+
+int ubifs_init_authentication_read_only(struct ubifs_info *c)
+{
+	int err;
+
+	if (!c->auth_hash_name) {
+		ubifs_err(c, "authentication hash name needed with authentication");
+		return -EINVAL;
+	}
+
+	c->auth_hash_algo = match_string(hash_algo_name, HASH_ALGO__LAST,
+					 c->auth_hash_name);
+	if ((int)c->auth_hash_algo < 0) {
+		ubifs_err(c, "Unknown hash algo %s specified",
+			  c->auth_hash_name);
+		return -EINVAL;
+	}
+
+	c->hash_tfm = crypto_alloc_shash(c->auth_hash_name, 0, 0);
+	if (IS_ERR(c->hash_tfm)) {
+		err = PTR_ERR(c->hash_tfm);
+		ubifs_err(c, "Can not allocate %s: %d",
+			  c->auth_hash_name, err);
+		goto out;
+	}
+
+	c->hash_len = crypto_shash_digestsize(c->hash_tfm);
+	if (c->hash_len > UBIFS_HASH_ARR_SZ) {
+		ubifs_err(c, "hash %s is bigger than maximum allowed hash size (%d > %d)",
+			  c->auth_hash_name, c->hash_len, UBIFS_HASH_ARR_SZ);
+		err = -EINVAL;
+		goto out_free_hash;
+	}
+
+	c->authenticated = true;
+
+	c->log_hash = ubifs_hash_get_desc(c);
+	if (IS_ERR(c->log_hash))
+		goto out_free_hash;
+
+	err = 0;
+out_free_hash:
+	if (err)
+		crypto_free_shash(c->hash_tfm);
+out:
+	return err;
+}
+
 /**
  * ubifs_init_authentication - initialize UBIFS authentication support
  * @c: UBIFS file-system description object
@@ -367,9 +422,13 @@ void __ubifs_exit_authentication(struct ubifs_info *c)
 	if (!ubifs_authenticated(c))
 		return;
 
-	crypto_free_shash(c->hmac_tfm);
 	crypto_free_shash(c->hash_tfm);
 	kfree(c->log_hash);
+
+	if (c->ro_mount)
+		return;
+
+	crypto_free_shash(c->hmac_tfm);
 }
 
 /**
diff --git a/fs/ubifs/sb.c b/fs/ubifs/sb.c
index 4b4b65b48c57..d898ea5edd7c 100644
--- a/fs/ubifs/sb.c
+++ b/fs/ubifs/sb.c
@@ -583,6 +583,10 @@ static int authenticate_sb_node(struct ubifs_info *c,
 	if (ubifs_hmac_zero(c, sup->hmac)) {
 		err = ubifs_sb_verify_signature(c, sup);
 	} else {
+		if (!c->hmac_tfm) {
+			ubifs_err(c, "HMAC authenticated FS found, but no key given");
+			return -EINVAL;
+		}
 		err = ubifs_hmac_wkm(c, hmac_wkm);
 		if (err)
 			return err;
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 7fc2f3f07c16..13175da14464 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1291,6 +1291,23 @@ static int mount_ubifs(struct ubifs_info *c)
 			err = -EINVAL;
 			goto out_free;
 		}
+	} else if (c->auth_hash_name) {
+		if (!c->ro_mount) {
+			ubifs_err(c, "auth_hash_name without auth_key_name, but no ro mount");
+			err = -EINVAL;
+			goto out_free;
+		}
+
+		if (IS_ENABLED(CONFIG_UBIFS_FS_AUTHENTICATION)) {
+			err = ubifs_init_authentication_read_only(c);
+			if (err)
+				goto out_free;
+		} else {
+			ubifs_err(c, "auth_hash_name, but UBIFS is built without"
+				  " authentication support");
+			err = -EINVAL;
+			goto out_free;
+		}
 	}
 
 	err = ubifs_read_superblock(c);
@@ -1383,7 +1400,7 @@ static int mount_ubifs(struct ubifs_info *c)
 	 * in the superblock, we can update the offline signed
 	 * superblock with a HMAC version,
 	 */
-	if (ubifs_authenticated(c) && ubifs_hmac_zero(c, c->sup_node->hmac)) {
+	if (!c->ro_mount && c->authenticated && ubifs_hmac_zero(c, c->sup_node->hmac)) {
 		err = ubifs_hmac_wkm(c, c->sup_node->hmac_wkm);
 		if (err)
 			goto out_lpt;
diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h
index 95ed45022e51..80e2800927ec 100644
--- a/fs/ubifs/ubifs.h
+++ b/fs/ubifs/ubifs.h
@@ -1607,6 +1607,7 @@ static inline int ubifs_node_check_hash(const struct ubifs_info *c,
 		return 0;
 }
 
+int ubifs_init_authentication_read_only(struct ubifs_info *c);
 int ubifs_init_authentication(struct ubifs_info *c);
 void __ubifs_exit_authentication(struct ubifs_info *c);
 static inline void ubifs_exit_authentication(struct ubifs_info *c)
-- 
2.20.1


