Commit 6dbeda34 authored by Sami Tolvanen's avatar Sami Tolvanen Committed by Mike Snitzer

dm verity: clean up duplicate hashing code

Handle dm-verity salting in one place to simplify the code.
Signed-off-by: default avatarSami Tolvanen <samitolvanen@google.com>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
parent ba503835
...@@ -172,6 +172,84 @@ static sector_t verity_position_at_level(struct dm_verity *v, sector_t block, ...@@ -172,6 +172,84 @@ static sector_t verity_position_at_level(struct dm_verity *v, sector_t block,
return block >> (level * v->hash_per_block_bits); return block >> (level * v->hash_per_block_bits);
} }
/*
* Wrapper for crypto_shash_init, which handles verity salting.
*/
static int verity_hash_init(struct dm_verity *v, struct shash_desc *desc)
{
int r;
desc->tfm = v->tfm;
desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
r = crypto_shash_init(desc);
if (unlikely(r < 0)) {
DMERR("crypto_shash_init failed: %d", r);
return r;
}
if (likely(v->version >= 1)) {
r = crypto_shash_update(desc, v->salt, v->salt_size);
if (unlikely(r < 0)) {
DMERR("crypto_shash_update failed: %d", r);
return r;
}
}
return 0;
}
static int verity_hash_update(struct dm_verity *v, struct shash_desc *desc,
const u8 *data, size_t len)
{
int r = crypto_shash_update(desc, data, len);
if (unlikely(r < 0))
DMERR("crypto_shash_update failed: %d", r);
return r;
}
static int verity_hash_final(struct dm_verity *v, struct shash_desc *desc,
u8 *digest)
{
int r;
if (unlikely(!v->version)) {
r = crypto_shash_update(desc, v->salt, v->salt_size);
if (r < 0) {
DMERR("crypto_shash_update failed: %d", r);
return r;
}
}
r = crypto_shash_final(desc, digest);
if (unlikely(r < 0))
DMERR("crypto_shash_final failed: %d", r);
return r;
}
static int verity_hash(struct dm_verity *v, struct shash_desc *desc,
const u8 *data, size_t len, u8 *digest)
{
int r;
r = verity_hash_init(v, desc);
if (unlikely(r < 0))
return r;
r = verity_hash_update(v, desc, data, len);
if (unlikely(r < 0))
return r;
return verity_hash_final(v, desc, digest);
}
static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level, static void verity_hash_at_level(struct dm_verity *v, sector_t block, int level,
sector_t *hash_block, unsigned *offset) sector_t *hash_block, unsigned *offset)
{ {
...@@ -252,10 +330,10 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, ...@@ -252,10 +330,10 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type,
* If "skip_unverified" is false, unverified buffer is hashed and verified * If "skip_unverified" is false, unverified buffer is hashed and verified
* against current value of io_want_digest(v, io). * against current value of io_want_digest(v, io).
*/ */
static int verity_verify_level(struct dm_verity_io *io, sector_t block, static int verity_verify_level(struct dm_verity *v, struct dm_verity_io *io,
int level, bool skip_unverified) sector_t block, int level, bool skip_unverified,
u8 *want_digest)
{ {
struct dm_verity *v = io->v;
struct dm_buffer *buf; struct dm_buffer *buf;
struct buffer_aux *aux; struct buffer_aux *aux;
u8 *data; u8 *data;
...@@ -272,74 +350,71 @@ static int verity_verify_level(struct dm_verity_io *io, sector_t block, ...@@ -272,74 +350,71 @@ static int verity_verify_level(struct dm_verity_io *io, sector_t block,
aux = dm_bufio_get_aux_data(buf); aux = dm_bufio_get_aux_data(buf);
if (!aux->hash_verified) { if (!aux->hash_verified) {
struct shash_desc *desc;
u8 *result;
if (skip_unverified) { if (skip_unverified) {
r = 1; r = 1;
goto release_ret_r; goto release_ret_r;
} }
desc = io_hash_desc(v, io); r = verity_hash(v, io_hash_desc(v, io),
desc->tfm = v->tfm; data, 1 << v->hash_dev_block_bits,
desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; io_real_digest(v, io));
r = crypto_shash_init(desc); if (unlikely(r < 0))
if (r < 0) {
DMERR("crypto_shash_init failed: %d", r);
goto release_ret_r; goto release_ret_r;
}
if (likely(v->version >= 1)) {
r = crypto_shash_update(desc, v->salt, v->salt_size);
if (r < 0) {
DMERR("crypto_shash_update failed: %d", r);
goto release_ret_r;
}
}
r = crypto_shash_update(desc, data, 1 << v->hash_dev_block_bits); if (likely(memcmp(io_real_digest(v, io), want_digest,
if (r < 0) { v->digest_size) == 0))
DMERR("crypto_shash_update failed: %d", r); aux->hash_verified = 1;
goto release_ret_r; else if (verity_handle_err(v,
} DM_VERITY_BLOCK_TYPE_METADATA,
hash_block)) {
if (!v->version) { r = -EIO;
r = crypto_shash_update(desc, v->salt, v->salt_size);
if (r < 0) {
DMERR("crypto_shash_update failed: %d", r);
goto release_ret_r;
}
}
result = io_real_digest(v, io);
r = crypto_shash_final(desc, result);
if (r < 0) {
DMERR("crypto_shash_final failed: %d", r);
goto release_ret_r; goto release_ret_r;
} }
if (unlikely(memcmp(result, io_want_digest(v, io), v->digest_size))) {
if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_METADATA,
hash_block)) {
r = -EIO;
goto release_ret_r;
}
} else
aux->hash_verified = 1;
} }
data += offset; data += offset;
memcpy(want_digest, data, v->digest_size);
memcpy(io_want_digest(v, io), data, v->digest_size); r = 0;
dm_bufio_release(buf);
return 0;
release_ret_r: release_ret_r:
dm_bufio_release(buf); dm_bufio_release(buf);
return r; return r;
} }
/*
* Find a hash for a given block, write it to digest and verify the integrity
* of the hash tree if necessary.
*/
static int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
sector_t block, u8 *digest)
{
int i;
int r;
if (likely(v->levels)) {
/*
* First, we try to get the requested hash for
* the current block. If the hash block itself is
* verified, zero is returned. If it isn't, this
* function returns 1 and we fall back to whole
* chain verification.
*/
r = verity_verify_level(v, io, block, 0, true, digest);
if (likely(r <= 0))
return r;
}
memcpy(digest, v->root_digest, v->digest_size);
for (i = v->levels - 1; i >= 0; i--) {
r = verity_verify_level(v, io, block, i, false, digest);
if (unlikely(r))
return r;
}
return 0;
}
/* /*
* Verify one "dm_verity_io" structure. * Verify one "dm_verity_io" structure.
*/ */
...@@ -349,54 +424,21 @@ static int verity_verify_io(struct dm_verity_io *io) ...@@ -349,54 +424,21 @@ static int verity_verify_io(struct dm_verity_io *io)
struct bio *bio = dm_bio_from_per_bio_data(io, struct bio *bio = dm_bio_from_per_bio_data(io,
v->ti->per_bio_data_size); v->ti->per_bio_data_size);
unsigned b; unsigned b;
int i;
for (b = 0; b < io->n_blocks; b++) { for (b = 0; b < io->n_blocks; b++) {
struct shash_desc *desc;
u8 *result;
int r; int r;
unsigned todo; unsigned todo;
struct shash_desc *desc = io_hash_desc(v, io);
if (likely(v->levels)) { r = verity_hash_for_block(v, io, io->block + b,
/* io_want_digest(v, io));
* First, we try to get the requested hash for if (unlikely(r < 0))
* the current block. If the hash block itself is return r;
* verified, zero is returned. If it isn't, this
* function returns 0 and we fall back to whole
* chain verification.
*/
int r = verity_verify_level(io, io->block + b, 0, true);
if (likely(!r))
goto test_block_hash;
if (r < 0)
return r;
}
memcpy(io_want_digest(v, io), v->root_digest, v->digest_size);
for (i = v->levels - 1; i >= 0; i--) {
int r = verity_verify_level(io, io->block + b, i, false);
if (unlikely(r))
return r;
}
test_block_hash: r = verity_hash_init(v, desc);
desc = io_hash_desc(v, io); if (unlikely(r < 0))
desc->tfm = v->tfm;
desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
r = crypto_shash_init(desc);
if (r < 0) {
DMERR("crypto_shash_init failed: %d", r);
return r; return r;
}
if (likely(v->version >= 1)) {
r = crypto_shash_update(desc, v->salt, v->salt_size);
if (r < 0) {
DMERR("crypto_shash_update failed: %d", r);
return r;
}
}
todo = 1 << v->data_dev_block_bits; todo = 1 << v->data_dev_block_bits;
do { do {
u8 *page; u8 *page;
...@@ -407,37 +449,27 @@ static int verity_verify_io(struct dm_verity_io *io) ...@@ -407,37 +449,27 @@ static int verity_verify_io(struct dm_verity_io *io)
len = bv.bv_len; len = bv.bv_len;
if (likely(len >= todo)) if (likely(len >= todo))
len = todo; len = todo;
r = crypto_shash_update(desc, page + bv.bv_offset, len); r = verity_hash_update(v, desc, page + bv.bv_offset,
len);
kunmap_atomic(page); kunmap_atomic(page);
if (r < 0) { if (unlikely(r < 0))
DMERR("crypto_shash_update failed: %d", r);
return r; return r;
}
bio_advance_iter(bio, &io->iter, len); bio_advance_iter(bio, &io->iter, len);
todo -= len; todo -= len;
} while (todo); } while (todo);
if (!v->version) { r = verity_hash_final(v, desc, io_real_digest(v, io));
r = crypto_shash_update(desc, v->salt, v->salt_size); if (unlikely(r < 0))
if (r < 0) {
DMERR("crypto_shash_update failed: %d", r);
return r;
}
}
result = io_real_digest(v, io);
r = crypto_shash_final(desc, result);
if (r < 0) {
DMERR("crypto_shash_final failed: %d", r);
return r; return r;
}
if (unlikely(memcmp(result, io_want_digest(v, io), v->digest_size))) { if (likely(memcmp(io_real_digest(v, io),
if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA, io_want_digest(v, io), v->digest_size) == 0))
io->block + b)) continue;
return -EIO; else if (verity_handle_err(v, DM_VERITY_BLOCK_TYPE_DATA,
} io->block + b))
return -EIO;
} }
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment