From patchwork Fri May 24 11:23:18 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul HENRYS <paul.henrys_ext@softathome.com>
X-Patchwork-Id: 1938940
X-Patchwork-Delegate: sjg@chromium.org
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=softathome1.onmicrosoft.com
 header.i=@softathome1.onmicrosoft.com
 header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com
 header.b=uHXgUv+a;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Vm2jb3qvmz20Q0
	for <incoming@patchwork.ozlabs.org>; Fri, 24 May 2024 21:23:47 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id B059188442;
	Fri, 24 May 2024 13:23:34 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=softathome.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=softathome1.onmicrosoft.com
 header.i=@softathome1.onmicrosoft.com
 header.b="uHXgUv+a";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 9139E8865F; Fri, 24 May 2024 13:23:32 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no
 version=3.4.2
Received: from MRZP264CU002.outbound.protection.outlook.com
 (mail-francesouthazlp170100001.outbound.protection.outlook.com
 [IPv6:2a01:111:f403:c207::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 784A2885B7
 for <u-boot@lists.denx.de>; Fri, 24 May 2024 13:23:29 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none)
 header.from=softathome.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=paul.henrys_ext@softathome.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=IyT5joAaX7GIotJNZFjQdDw6Eq3Bw8u13132iXTA/Nw9dLvfkuUgD8dDQM8t635g8JXBaNoBHQvu4QbjeNK8gSBuBI21IaFsGbl2J8IZFOwlO6/hS5iEMaf1NjkYZSztORyzWyNvN1V5h4iRZotXQpGIDFkWNXGIwq80wqa2mB2g5VQArMQrF7+XQ2RhOOjNqD7ktYJt34mRPpgtkOVUu2/zJVaMFIAYxDVBAipxvcfLYagtzjAcBbr043xrVGb8TRp081OYQVzb9NxLysbidBNAZrrGeDDWYWAsLUlkGRQqprFEjOm8/Mc0g1LBEp8UeLqqbmnHWM+G0f6ALsHlLw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=GEwgTJSptyXqklQpy6vVwhKQYl4CGYDSLTuAMPWoCRk=;
 b=J55QN6UNdBsuk10gkU8SA8r+QZ2aFdntqGHogK18n9bCXnKSuU5Ia2wOwdQqxsPmmm3FtVmf3gJNol9Kn2bHRY/afE2mPENAiHXDsabO1qbKlIhNYYjLv3yEZvs2SR+jo1tD2tG0W2dADkxz+SzHuAcdQvOCpXTDP77PwLbWcDZ7/yA3yfKfvLzmhauAwhoDo/5lNTHHZ7ooFmIacP+DICVTk0V16kGvhdwvIUAx7/ml/LU/S1B6ZDd5hZgmfDSXdC1hDLN24LALNkn9odIup9drVlrZT8chqiqqcL6t+XbhApMIXd3GXl9Qwx3fGqwOOVdgdw4lNRkmiJOja6iLJg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 149.6.166.170) smtp.rcpttodomain=lists.denx.de smtp.mailfrom=softathome.com;
 dmarc=bestguesspass action=none header.from=softathome.com; dkim=none
 (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=GEwgTJSptyXqklQpy6vVwhKQYl4CGYDSLTuAMPWoCRk=;
 b=uHXgUv+aBSmFRI+4AA6st9vJCZE6BjYbpNk9EIj+4GLRnOD/YkJgCiZzw0T43UUXsWu4c+z3dJ895wXpZi6+qGL0saeUay6plXnVK8GYYKTz/hfpr+aZSONuad9+Kp7PFu+CmuR4xmXk4doCpExmLIOcF+rMTXIl8A0mGKxXlG3tdYdRim4usG8Ex0PrlqcIZ15+UswjBo58wydMflrN1y65KkdJSq49xdBik+kYk0hkIxTSsSomKc648hJd05R/9EKkdtiCQl+ZW6gZ3WPNsIjmalzXT7sgJLiTsRQJ0a8OXhgriCwmk4mxpRR9uFver3BjBV+hMmiUh2J3xLbU7w==
Received: from MR2P264CA0118.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:33::34)
 by PR0P264MB2567.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1e2::13) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.22; Fri, 24 May
 2024 11:23:27 +0000
Received: from MR1PEPF00000D57.FRAP264.PROD.OUTLOOK.COM
 (2603:10a6:500:33:cafe::e4) by MR2P264CA0118.outlook.office365.com
 (2603:10a6:500:33::34) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.22 via Frontend
 Transport; Fri, 24 May 2024 11:23:27 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170)
 smtp.mailfrom=softathome.com; dkim=none (message not signed)
 header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;
Received-SPF: Pass (protection.outlook.com: domain of softathome.com
 designates 149.6.166.170 as permitted sender)
 receiver=protection.outlook.com; client-ip=149.6.166.170;
 helo=proxy.softathome.com; pr=C
Received: from proxy.softathome.com (149.6.166.170) by
 MR1PEPF00000D57.mail.protection.outlook.com (10.167.241.4) with Microsoft
 SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7611.14
 via Frontend Transport; Fri, 24 May 2024 11:23:27 +0000
Received: from sahess08-ThinkPad-T580.softathome.com (unknown
 [192.168.72.220])
 by proxy.softathome.com (Postfix) with ESMTPSA id 9F2A920080;
 Fri, 24 May 2024 13:23:26 +0200 (CEST)
From: Paul HENRYS <paul.henrys_ext@softathome.com>
To: u-boot@lists.denx.de
Cc: Paul HENRYS <paul.henrys_ext@softathome.com>
Subject: [PATCH 1/3] aes: Allow to store randomly generated IV in the FIT
Date: Fri, 24 May 2024 13:23:18 +0200
Message-Id: <20240524112320.103304-2-paul.henrys_ext@softathome.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240524112320.103304-1-paul.henrys_ext@softathome.com>
References: <20240524112320.103304-1-paul.henrys_ext@softathome.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MR1PEPF00000D57:EE_|PR0P264MB2567:EE_
X-MS-Office365-Filtering-Correlation-Id: 391a8bb8-03e0-4232-cfe9-08dc7be3eea1
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230031|82310400017|1800799015|376005|36860700004;
X-Microsoft-Antispam-Message-Info: 
 5hH0Ydtez1ulbJBr3h1327XhTiI37bxmBnG4fxOeospR0z+h86NijwJreJCzUsMfVFEX8tofftf6MIuWeNMFw1gYZ9OfMwh7SYlCYvyP8PAXZ02Y84nbwOu15H5vbyXgXB7qN9nHW4s67Wvb2Ofk4E/ppFih33iUA+MUBjtJV/mCTCSaJCxBERzVsUgqIJdeW/KRKq4vSz++MMDOLxALLZBb5J1pyD5JXqlAnGmWdgnfzy4RgevNrO6XceOyCY34ArGfu63mmVhHLaN4JzNUY65GW7QmMOgmfcJqOtRN17hRyvXu7tWuSMCg/4XMlBYpIEKoDRUgAocqhQsURPw+r1sT14jiTZT7PVTJVZKWc80FBXkMO6hqMcoWiwMkKsr+HP7HxK5Rja/LLlXIOha3CgQbwGY3PpmKsdxRsC0RZAGXj7MXZSf9OVfFI/0We4ufvHL6F3AO2dIfCh4Tg1gGN+EsQF71WjcE5ZMMKqG8i9hQPYgumfzpo3PjKnH2Aj0+bXPb1jHAAK2LumYyHiQk1VYjlISeM4vEvTE0ivriqZ53IpDUUpa3wqIZVt6kukhRfTVUqOMK/5cCDUOhYyFzndhppz+x6FTnjftERTYpH99l8kMi3H7uQ2wcEwQkUYhQBwun+02QyL++8XBPoZc7fKpb/Qgek8KT3hMITNK3jK0GomO3k3Se4U1qQHyOeV631LH1/7vYQD8QQjEMpRIK7J+OFCTEZeoWDhPy0Eqtfcq4YxA7BP7lpzooYNKop7ZcrCZePdRr+HV5CUuFa97A74y0Xn6FRc7IlnxgnRI9tT2v188IO99bwlwoht8J8VmoqSXy2T91eZnmIV/lbSZ4DpJO+Nm0PSzC8QQsz0WLgXBu1U6/tqZzfP9mqIq1nCUF4c9KYTRtpdByiu1y92N+U8G0dxI49SpeFWxOjpjaLJCjf695fR21VsiTZo+RW7l4LsYjmYlyPEA8kJZwnhVaAYCOjBDian3iwmVrcfqjUBwqfvr2hAspYbMoY/UiLV6MjtEr0zMDpKB5ka5ea0L6/jQxQnxuI1j/0pkr79jwyZQeEgu9J3c82U4ejjceAg233ZgoYrs3vfLSHGWiI1BFLRm1u6zsST15d6E/nPOpdQpjVDYaJDHTXSwzapudAeSYA2tg61fbDR/o599AVRrs+dhXF2BXOrI8Jo3KBpbRxDUnHAVQtXGc8j/xaK+QC/KkxOi+wD74k/1SLQzV7shoFzDTT9gJWQD/LOfSgzhhrch4Y5BMBx+vYedqn1/LAsmTWSi9rb6w1dHx3e77TdMgRXYroY0T408vPRi84Lkz/McxeoleFU2vkUS7ui+JGCNPMsiptgg7kmv3hfEtQp7XtBUnKO0xAcA9I5AWTNccFK1OsWXKp0+h5UGK/Jc+Q4Q/
X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:; SCL:1; SRV:;
 IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;
 CAT:NONE;
 SFS:(13230031)(82310400017)(1800799015)(376005)(36860700004); DIR:OUT;
 SFP:1101;
X-OriginatorOrg: softathome.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2024 11:23:27.0517 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 391a8bb8-03e0-4232-cfe9-08dc7be3eea1
X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];
 Helo=[proxy.softathome.com]
X-MS-Exchange-CrossTenant-AuthSource: MR1PEPF00000D57.FRAP264.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB2567
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

When the initialisation vector is randomly generated, its value shall be
stored in the FIT together with the encrypted data. The changes allow to
store the IV in the FIT also in the case where the key is not stored in
the DTB but retrieved somewhere else at runtime.

Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
---
 lib/aes/aes-encrypt.c | 7 +++++++
 tools/image-host.c    | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c
index e74e35eaa28..90e1407b4f0 100644
--- a/lib/aes/aes-encrypt.c
+++ b/lib/aes/aes-encrypt.c
@@ -84,6 +84,13 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest,
 	char name[128];
 	int ret = 0;
 
+	if (!keydest && !info->ivname) {
+		/* At least, store the IV in the FIT image */
+		ret = fdt_setprop(fit, node_noffset, "iv",
+				  info->iv, info->cipher->iv_len);
+		goto done;
+	}
+
 	/* Either create or overwrite the named cipher node */
 	parent = fdt_subnode_offset(keydest, 0, FIT_CIPHER_NODENAME);
 	if (parent == -FDT_ERR_NOTFOUND) {
diff --git a/tools/image-host.c b/tools/image-host.c
index 7bfc0cb6b18..03173dec5f9 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -535,7 +535,7 @@ fit_image_process_cipher(const char *keydir, void *keydest, void *fit,
 	 * size values
 	 * And, if needed, write the iv in the FIT file
 	 */
-	if (keydest) {
+	if (keydest || (!keydest && !info.ivname)) {
 		ret = info.cipher->add_cipher_data(&info, keydest, fit, node_noffset);
 		if (ret) {
 			fprintf(stderr,