diff mbox series

[V4,2/8] util: Add functions for set/get temporary AES key

Message ID 20240115192845.51530-3-Michael.Glembotzki@iris-sensing.com
State New
Delegated to: Stefano Babic
Headers show
Series Add support for asymmetric decryption | expand

Commit Message

Michael Glembotzki Jan. 15, 2024, 7:26 p.m. UTC
Enhance functionality to allow temporary storage of an additional AES key,
complementing existing functions for setting default AES key.

Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com>
---
 core/util.c    | 82 ++++++++++++++++++++++++++++++++++++++++++++------
 include/util.h | 11 ++++++-
 2 files changed, 82 insertions(+), 11 deletions(-)
diff mbox series

Patch

diff --git a/core/util.c b/core/util.c
index 99ed628..396d7d7 100644
--- a/core/util.c
+++ b/core/util.c
@@ -53,6 +53,10 @@  struct decryption_key {
 
 static struct decryption_key *aes_key = NULL;
 
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+static struct decryption_key *tmp_aes_key = NULL;
+#endif
+
 /*
  * Configuration file for fw_env.config
  */
@@ -537,6 +541,20 @@  bool is_hex_str(const char *ascii) {
 	return true;
 }
 
+bool is_valid_aes_keylen(size_t keylen_ascii)
+{
+	switch (keylen_ascii) {
+	case AES_128_KEY_LEN * 2:
+	case AES_192_KEY_LEN * 2:
+	case AES_256_KEY_LEN * 2:
+		// valid hex string size for AES 128/192/256
+		return true;
+	default:
+		ERROR("Invalid AES key length");
+		return false;
+	}
+}
+
 int set_aes_key(const char *key, const char *ivt)
 {
 	int ret;
@@ -565,17 +583,12 @@  int set_aes_key(const char *key, const char *ivt)
 	strncpy(aes_key->key, key, keylen);
 #else
 	keylen = strlen(key);
-	switch (keylen) {
-	case AES_128_KEY_LEN * 2:
-	case AES_192_KEY_LEN * 2:
-	case AES_256_KEY_LEN * 2:
-		// valid hex string size for AES 128/192/256
-		aes_key->keylen = keylen / 2;
-		break;
-	default:
-		ERROR("Invalid aes_key length");
+
+	if (!is_valid_aes_keylen(keylen))
 		return -EINVAL;
-	}
+
+	aes_key->keylen = keylen / 2;
+
 	ret |= !is_hex_str(key);
 	ret |= ascii_to_bin(aes_key->key, aes_key->keylen, key);
 #endif
@@ -588,6 +601,55 @@  int set_aes_key(const char *key, const char *ivt)
 	return 0;
 }
 
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+int set_tmp_aes_key(const char *key_ascii)
+{
+	size_t keylen;
+
+	if (!tmp_aes_key) {
+		tmp_aes_key = (struct decryption_key *)calloc(1, sizeof(*tmp_aes_key));
+		if (!tmp_aes_key)
+			return -ENOMEM;
+	}
+
+	keylen = strlen(key_ascii);
+
+	if (!is_valid_aes_keylen(keylen))
+		return -EINVAL;
+
+	tmp_aes_key->keylen = keylen / 2;
+
+	if (!is_hex_str(key_ascii) || ascii_to_bin(tmp_aes_key->key, tmp_aes_key->keylen, key_ascii)) {
+		ERROR("Invalid tmp aes_key");
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+unsigned char *get_tmp_aes_key(void)
+{
+	if (!tmp_aes_key)
+		return NULL;
+	return tmp_aes_key->key;
+}
+
+char get_tmp_aes_keylen(void)
+{
+	if (!tmp_aes_key)
+		return -1;
+	return tmp_aes_key->keylen;
+}
+
+void clear_tmp_aes_key(void)
+{
+	if (!tmp_aes_key)
+		return;
+	memset(tmp_aes_key->key, 0, sizeof(tmp_aes_key->key));
+	tmp_aes_key->keylen = 0;
+}
+#endif
+
 const char *get_fwenv_config(void) {
 	if (!fwenv_config)
 #if defined(CONFIG_UBOOT)
diff --git a/include/util.h b/include/util.h
index 062840f..f4a67ef 100644
--- a/include/util.h
+++ b/include/util.h
@@ -164,6 +164,7 @@  int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src);
 void hash_to_ascii(const unsigned char *hash, char *s);
 int IsValidHash(const unsigned char *hash);
 bool is_hex_str(const char *ascii);
+bool is_valid_aes_keylen(size_t keylen_ascii);
 
 #ifndef typeof
 #define typeof __typeof__
@@ -237,13 +238,21 @@  bool check_same_file(int fd1, int fd2);
 const char *get_fwenv_config(void);
 void set_fwenv_config(const char *fname);
 
-/* Decryption key functions */
+/* Decryption key functions for the (default) aes-key */
 int load_decryption_key(char *fname);
 unsigned char *get_aes_key(void);
 char get_aes_keylen(void);
 unsigned char *get_aes_ivt(void);
 int set_aes_key(const char *key, const char *ivt);
 
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+/* Decryption key functions for the temporary aes-key read from the sw-description */
+unsigned char *get_tmp_aes_key(void);
+char get_tmp_aes_keylen(void);
+int set_tmp_aes_key(const char *key_ascii);
+void clear_tmp_aes_key(void);
+#endif
+
 /* Getting global information */
 int get_install_info(sourcetype *source, char *buf, size_t len);
 void get_install_swset(char *buf, size_t len);