| Message ID | 20240805133520.1745316-1-paul.henrys_ext@softathome.com |
|---|---|
| State | Changes Requested |
| Delegated to: | Simon Glass |
| Headers | show |
| Series | [v2,1/3] aes: Allow to store randomly generated IV in the FIT | expand |
Hi Paul, On Mon, 5 Aug 2024 at 07:35, Paul HENRYS <paul.henrys_ext@softathome.com> wrote: > > When the initialisation vector is randomly generated, its value shall be > stored in the FIT together with the encrypted data. The changes allow to > store the IV in the FIT also in the case where the key is not stored in > the DTB but retrieved somewhere else at runtime. What is the IV? Can you please write it out in full? > > Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com> > --- > lib/aes/aes-encrypt.c | 7 +++++++ > tools/image-host.c | 2 +- > 2 files changed, 8 insertions(+), 1 deletion(-) > > diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c > index e74e35eaa28..90e1407b4f0 100644 > --- a/lib/aes/aes-encrypt.c > +++ b/lib/aes/aes-encrypt.c > @@ -84,6 +84,13 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest, > char name[128]; > int ret = 0; > > + if (!keydest && !info->ivname) { > + /* At least, store the IV in the FIT image */ > + ret = fdt_setprop(fit, node_noffset, "iv", > + info->iv, info->cipher->iv_len); > + goto done; > + } > + > /* Either create or overwrite the named cipher node */ > parent = fdt_subnode_offset(keydest, 0, FIT_CIPHER_NODENAME); > if (parent == -FDT_ERR_NOTFOUND) { > diff --git a/tools/image-host.c b/tools/image-host.c > index 49ce7436bb9..3424b8d9a1d 100644 > --- a/tools/image-host.c > +++ b/tools/image-host.c > @@ -535,7 +535,7 @@ fit_image_process_cipher(const char *keydir, void *keydest, void *fit, > * size values > * And, if needed, write the iv in the FIT file > */ > - if (keydest) { > + if (keydest || (!keydest && !info.ivname)) { > ret = info.cipher->add_cipher_data(&info, keydest, fit, node_noffset); > if (ret) { > fprintf(stderr, > -- > 2.25.1 > > -- This message and any attachments herein are confidential, intended solely for the addressees and are SoftAtHome’s ownership. Any unauthorized use or dissemination is prohibited. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. Did you mean to include this? Regards, Simon
diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c index e74e35eaa28..90e1407b4f0 100644 --- a/lib/aes/aes-encrypt.c +++ b/lib/aes/aes-encrypt.c @@ -84,6 +84,13 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest, char name[128]; int ret = 0; + if (!keydest && !info->ivname) { + /* At least, store the IV in the FIT image */ + ret = fdt_setprop(fit, node_noffset, "iv", + info->iv, info->cipher->iv_len); + goto done; + } + /* Either create or overwrite the named cipher node */ parent = fdt_subnode_offset(keydest, 0, FIT_CIPHER_NODENAME); if (parent == -FDT_ERR_NOTFOUND) { diff --git a/tools/image-host.c b/tools/image-host.c index 49ce7436bb9..3424b8d9a1d 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -535,7 +535,7 @@ fit_image_process_cipher(const char *keydir, void *keydest, void *fit, * size values * And, if needed, write the iv in the FIT file */ - if (keydest) { + if (keydest || (!keydest && !info.ivname)) { ret = info.cipher->add_cipher_data(&info, keydest, fit, node_noffset); if (ret) { fprintf(stderr,
When the initialisation vector is randomly generated, its value shall be stored in the FIT together with the encrypted data. The changes allow to store the IV in the FIT also in the case where the key is not stored in the DTB but retrieved somewhere else at runtime. Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com> --- lib/aes/aes-encrypt.c | 7 +++++++ tools/image-host.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-)