Currently, UBIFS auth_key can only be a logon key: This is a user key that's provided to the kernel in plaintext and that then remains within the kernel. Linux also supports trusted and encrypted keys, which have stronger guarantees: They are only exposed to userspace in encrypted form and, in the case of trusted keys, can be directly rooted to a trust source like a TPM chip. Add support for auth_key to be either a logon, encrypted or trusted key. At mount time, the keyring will be searched for a key with the supplied name in that order. Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> --- To: David Howells <dhowells@xxxxxxxxxx> To: Jarkko Sakkinen <jarkko@xxxxxxxxxx> To: James Morris <jmorris@xxxxxxxxx> To: "Serge E. Hallyn" <serge@xxxxxxxxxx> To: Alasdair Kergon <agk@xxxxxxxxxx> To: Mike Snitzer <snitzer@xxxxxxxxxx> To: dm-devel@xxxxxxxxxx To: Song Liu <song@xxxxxxxxxx> To: Richard Weinberger <richard@xxxxxx> To: Jonathan Corbet <corbet@xxxxxxx> Cc: linux-kernel@xxxxxxxxxxxxxxx Cc: linux-doc@xxxxxxxxxxxxxxx Cc: linux-raid@xxxxxxxxxxxxxxx Cc: keyrings@xxxxxxxxxxxxxxx Cc: linux-mtd@xxxxxxxxxxxxxxxxxxx Cc: linux-security-module@xxxxxxxxxxxxxxx Cc: linux-integrity@xxxxxxxxxxxxxxx --- Documentation/filesystems/ubifs.rst | 2 +- fs/ubifs/auth.c | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/Documentation/filesystems/ubifs.rst b/Documentation/filesystems/ubifs.rst index e6ee99762534..12d08458b3d7 100644 --- a/Documentation/filesystems/ubifs.rst +++ b/Documentation/filesystems/ubifs.rst @@ -101,7 +101,7 @@ compr=zlib override default compressor and set it to "zlib" auth_key= specify the key used for authenticating the filesystem. Passing this option makes authentication mandatory. The passed key must be present in the kernel keyring - and must be of type 'logon' + and must be of type 'logon', 'encrypted' or 'trusted'. auth_hash_name= The hash algorithm used for authentication. Used for both hashing and for creating HMACs. Typical values include "sha256" or "sha512" diff --git a/fs/ubifs/auth.c b/fs/ubifs/auth.c index 6a0b8d858d81..af8e9eb58a60 100644 --- a/fs/ubifs/auth.c +++ b/fs/ubifs/auth.c @@ -14,6 +14,8 @@ #include <crypto/hash.h> #include <crypto/algapi.h> #include <keys/user-type.h> +#include <keys/trusted-type.h> +#include <keys/encrypted-type.h> #include <keys/asymmetric-type.h> #include "ubifs.h" @@ -256,9 +258,10 @@ out_destroy: int ubifs_init_authentication(struct ubifs_info *c) { struct key *keyring_key; - const struct user_key_payload *ukp; int err; + unsigned int len; char hmac_name[CRYPTO_MAX_ALG_NAME]; + const void *key_material; if (!c->auth_hash_name) { ubifs_err(c, "authentication hash name needed with authentication"); @@ -277,6 +280,10 @@ int ubifs_init_authentication(struct ubifs_info *c) c->auth_hash_name); keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL); + if (IS_ERR(keyring_key) && IS_REACHABLE(CONFIG_ENCRYPTED_KEYS)) + keyring_key = request_key(&key_type_encrypted, c->auth_key_name, NULL); + if (IS_ERR(keyring_key) && IS_REACHABLE(CONFIG_TRUSTED_KEYS)) + keyring_key = request_key(&key_type_trusted, c->auth_key_name, NULL); if (IS_ERR(keyring_key)) { ubifs_err(c, "Failed to request key: %ld", @@ -286,12 +293,10 @@ int ubifs_init_authentication(struct ubifs_info *c) down_read(&keyring_key->sem); - ukp = user_key_payload_locked(keyring_key); - if (!ukp) { - /* key was revoked before we acquired its semaphore */ - err = -EKEYREVOKED; + key_material = key_extract_material(keyring_key, &len); + err = PTR_ERR_OR_ZERO(key_material); + if (err < 0) goto out; - } c->hash_tfm = crypto_alloc_shash(c->auth_hash_name, 0, 0); if (IS_ERR(c->hash_tfm)) { @@ -324,7 +329,7 @@ int ubifs_init_authentication(struct ubifs_info *c) goto out_free_hmac; } - err = crypto_shash_setkey(c->hmac_tfm, ukp->data, ukp->datalen); + err = crypto_shash_setkey(c->hmac_tfm, key_material, len); if (err) goto out_free_hmac; -- git-series 0.9.1 -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel