From patchwork Fri Dec 15 14:19:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1876650 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=SJKHsPkO; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=nSmYINkH; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::340; helo=mail-wm1-x340.google.com; envelope-from=swupdate+bncbdy5juxlviebbsoc6gvqmgqe2nfpdiq@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wm1-x340.google.com (mail-wm1-x340.google.com [IPv6:2a00:1450:4864:20::340]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SsBJt6Sqpz23nt for ; Sat, 16 Dec 2023 01:23:10 +1100 (AEDT) Received: by mail-wm1-x340.google.com with SMTP id 5b1f17b1804b1-40c28da6667sf4470245e9.3 for ; Fri, 15 Dec 2023 06:23:10 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1702650186; cv=pass; d=google.com; s=arc-20160816; b=M+8AFAJvoNIO5RUU/xpgDXX3WNEVIurvZi9EojTnSBQ7qkK71ZfaZeDi0GK6tcZ3Rg gTVo54sCYpN5clHT3jUq464cOSzj5COhkTh5g+q5PnYWUxiuctL0DErSUMGRtX1UfiM6 gGf2aX+20oc7hQl0wGDTGvmpl0bEhTHkbi/gVk0bFF1KZOtWSQjUyOi6R24iI6CGCmLz JzrAZZb0aVASS2V1pKTgKRulz4oVNreFyux6ELyNd3ZJnbnMtaKnKQ56ENOfjBobFh/t 4p1CYWO2H8C7jV/LmXgGwMB7ry3pke/qzeB7pYguQd7MMZVjnepZhoGxwqWZUEQdZuZU nE2Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:to:from:sender:dkim-signature:dkim-signature; bh=3O1Td7cxvT/0yY1qSoZgmbFR6TUdk1d3s2EzTHsMjCw=; fh=nvZsCFpxgpf+fsVXzjnWA8g1K3V/kNbRAKogjNDW4HY=; b=v8/PYSxaEKy85zqPFcowXOJccvLtpaBfwIYclrH66CaWB5wB9gIs2AxhTRORVxSgxJ Fwi4CPeClwUTkOzgi+K+PslQtEYBbyQr+uR/ebXfL4u8at5RrVFAwEa6m4PnZKIBFDJa q2vQevcI50+pHLaEesuKQYgkaTkwmfexFGma1RSvsxZt1mGzT1UltpFtbkzmdo4E7vhh cy39cxt44lpjQ6wSa/FdDpqc0HYnoVdB9jsJSxXVt0Yeah8kjIPRvx7iqO04sTGBCla1 77QaAX6tbMS6G0AhMnzP1IuCH0T/AASyNOoWYwcfogSOtpDvIdpAGC/5D2QRWSAjB4i0 5yyA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Qef6VwLO; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1702650186; x=1703254986; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:to:from :sender:from:to:cc:subject:date:message-id:reply-to; bh=3O1Td7cxvT/0yY1qSoZgmbFR6TUdk1d3s2EzTHsMjCw=; b=SJKHsPkOGNziP5HN4QpKYb1It5gW9+RI/qRyalq08oTd7CBa4VW58Ufly+GhRO+xvD IMrEiG0YgoXosDS+FLdirb5O3pPaaO3bMOvnlvjU04XpXRIrKkm2TFECaJB22RdlmWPH hobd54lp/y2C4EskF9h/4RouDvN1a0SxMoD+9opOBQeli7a1UMAdjSwM1cgKxNbB4JNW ZQofXAlW01Hd+MKLXhwG+SLYtWaOAvr6eWtMseCoJ01GDN07YBbwDUgh+1sBoejxIC9Q AWoHeeTmZsG12SwfrGf1VQmgEKGLqQH+vp2c/nNbZVFkRvQE61p1YP/L8q6NrW109eP/ FTqQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702650186; x=1703254986; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:to:from:from :to:cc:subject:date:message-id:reply-to; bh=3O1Td7cxvT/0yY1qSoZgmbFR6TUdk1d3s2EzTHsMjCw=; b=nSmYINkHW05k2GLtGvE06o7PTa/oZ+FNzmyVe2xhwSPziEdlCFTiRkzclhTluPys6K BTWTzkPjTtvNi4m6FKuv/R/TVBdPCwz0divKrYsj54lURDV73GGcjKKs8TChoaKcIQGn J8HhlYaR4AHhOWZfFRaluXv8cSnjanXVm11xxSET2wshI9Rsh6Iw3Hj/23dLeYPHeDiC Bac+BFzlJ1VJY0QvrYzyvoQtcL+RWfDkxu6IJ0WkXCWW+SRJ1wk0kdKgxvAPICuh9DXG lzSCqgKgHWTPkV42I5hBPq+zXY0zCyE0Mv/YhVkuzMGzEB2Mv5YiQYrWMz1N7mMctRhb Z5hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702650186; x=1703254986; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:to:from:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=3O1Td7cxvT/0yY1qSoZgmbFR6TUdk1d3s2EzTHsMjCw=; b=WgdJuPpvwas7/VV9AUoWdhu7RVJa1oIvc0HCneqIYw7cn8PJn+x68DTDlqz00hIYeM 3ENJqTcLgg+UelB1PMIT86PfjPbbYS6JSR74JvzCxvcBUlOy/4ya2lLWvGXHfv9kOweD wCA/k4NBsikc6E/4LoKz8LipI+nIB4If9GBv98gkUs4RrNpCprErT/G8ZrSs8nfqdsIy hyKpEj2EMffCutsnJKhrtVLOH51LiXXMsvY86CRZ1AIkYUo8W3HQ/gEFM/E9/F7GMsxS 2EjffkSD08oAZN6fZbHT/W3iUcF7in4CRlGxlw1atAkiPd/WioSXHeU0U63ia4cnIHb9 1r3A== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0Yxk5GSOX2j4eaiyTwPnkjRc3Ii7lUVLV/yORFI9R9UObJRjPSmR XMngkfW4Tlz9FlhCx5LecyQ= X-Google-Smtp-Source: AGHT+IFYCarMLGPPOvaEZuS8h62u0kNgRsFNjy7C1JNBfx5FI0OrGZc43GPxKB5Z1hJELcLgv/pisQ== X-Received: by 2002:a7b:c416:0:b0:40c:33f2:dc87 with SMTP id k22-20020a7bc416000000b0040c33f2dc87mr3066117wmi.351.1702650185545; Fri, 15 Dec 2023 06:23:05 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:600c:1c06:b0:40c:6025:3c4c with SMTP id j6-20020a05600c1c0600b0040c60253c4cls129720wms.1.-pod-prod-08-eu; Fri, 15 Dec 2023 06:23:03 -0800 (PST) X-Received: by 2002:a05:600c:214d:b0:40c:2aeb:a7e0 with SMTP id v13-20020a05600c214d00b0040c2aeba7e0mr2936078wml.376.1702650183266; Fri, 15 Dec 2023 06:23:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702650183; cv=none; d=google.com; s=arc-20160816; b=Tb5Hum5geV1/2Hn99h1Z89fmvnhxg9D/ZpxbS+IDhGA4SED8Zs8LV6D20MidOihCkd I4p4nl2UKC0F8AINDCBx6R7B8GGqOD7PTBgVbnhzfo2Pwl7ugdHjSEvmbyLDfpHXW2rq IWZQIESeSe0eO9nJaKqGYhredK49KeZ7C0R4lfzBYejiaHIVTjVK/kdvILMgaQEJ7mQ8 I/FzRlFNi+VyyE14cj0jUR1fHLXkj7XwDBNx1jiL2+J4FWy3tJO2dEHJf1IatNrV9z3c Y+x7g1afjetGpDqHEBCWyi9GCMlM81gVPCOjuDWKD1k0J53l5pagmdmBs3Xv+gobjAYI +uiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:dkim-signature; bh=dhxjuGp01q6RXw9sTOaubWnnVBgnFAG52+hrRzWxz3w=; fh=nvZsCFpxgpf+fsVXzjnWA8g1K3V/kNbRAKogjNDW4HY=; b=C0cSVY84kdCyovaGs9fPLItVPgalEYTMEsoRsBBqhQafP3yVYoxU4g/HKuO1Dl+UTr e1kgXF3l2IjVWWWUTJOzQycSaQM+iJcQ0MgquJ7Sk06TE7J2qZNvlK4W2icmeGva/twR 5B91oI75SZtnkNeNvdytapXQu9yReq4LAKcxQ91CdUN6annvMFRF65zyfidClf0YDQYG ACdxqvNI+xMLXpI5jlEUNH1j/M+cX9wcK0dsa0QLftTy3Ku1npUtmXOja6jdhLrMQ7xl ff8eeLgznXC/Is5/aPPmCaBuGkdgN2qVio7IP7doWQR+ltO3MJizID02HWgZWi3CeYWr meDQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Qef6VwLO; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com. [2a00:1450:4864:20::62e]) by gmr-mx.google.com with ESMTPS id p37-20020a05600c1da500b0040c37c4c22asi738317wms.0.2023.12.15.06.23.03 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 15 Dec 2023 06:23:03 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) client-ip=2a00:1450:4864:20::62e; Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a1ef2f5ed01so97663566b.0 for ; Fri, 15 Dec 2023 06:23:03 -0800 (PST) X-Received: by 2002:a17:906:c141:b0:a12:7a14:5355 with SMTP id dp1-20020a170906c14100b00a127a145355mr3256672ejc.39.1702650182211; Fri, 15 Dec 2023 06:23:02 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id vx6-20020a170907a78600b00a1e852ab3f0sm10944029ejc.15.2023.12.15.06.23.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Dec 2023 06:23:01 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Subject: [swupdate] [V3][PATCH 0/10] Add support for asymmetric decryption Date: Fri, 15 Dec 2023 15:19:37 +0100 Message-ID: <20231215142251.52393-1-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Qef6VwLO; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Hi Stefano, I wasn't sure if you were done with the review. Here comes the V3. The return type of is_hex_str has been adjusted. Another new fix is that the ivt and the aes-key are only set if the length is valid. Previously it was possible to send ivt/aes-key strings that were too long. Please note that patch file: [V2,03/10] util: Remove unused function extract_next_file was not sent again, but should also be applied, too. Please let me know if there are any further change requests. Best regards Michael Michael Glembotzki (10): util: BUG: set_aes_key does not fail on invalid aes key or ivt util: BUG: __swupdate_copy accepts invalid ivt parser: BUG: Invalid image ivt size parser: Read aes-key from sw-description into struct img_type sslapi: Add priv key/cert to swupdate_digest for asym decryption Add support for asymmetric file decryption with CMS swupdate: Initalize the recipient key pair for asym decryption cpio_utils: Add argument imgaeskey to __swupdate_copy interface Add support for asymmetrical encrypted images doc: Add documentation for asymmetric decryption Kconfig | 12 +++ core/cpio_utils.c | 45 +++++++++-- core/installer.c | 8 ++ core/parsing_library.c | 38 +++++++++ core/stream_interface.c | 41 ++++++++-- core/swupdate.c | 44 +++++++++- core/util.c | 25 ++++++ corelib/Makefile | 3 + corelib/lua_interface.c | 2 + corelib/swupdate_cms_decrypt.c | 112 +++++++++++++++++++++++++ doc/source/asym_encrypted_images.rst | 153 +++++++++++++++++++++++++++++++++++ doc/source/encrypted_images.rst | 2 + doc/source/index.rst | 1 + doc/source/roadmap.rst | 5 -- doc/source/sw-description.rst | 13 ++- examples/configuration/swupdate.cfg | 3 + handlers/copy_handler.c | 1 + handlers/delta_handler.c | 1 + handlers/rdiff_handler.c | 1 + handlers/readback_handler.c | 1 + include/parselib.h | 2 + include/sslapi.h | 9 +++ include/swupdate.h | 1 + include/swupdate_image.h | 1 + include/util.h | 7 +- parser/parser.c | 3 +- 26 files changed, 507 insertions(+), 27 deletions(-)