From patchwork Mon Jan 15 19:26:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886824 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=PXMhNtPi; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=HVB++hOA; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::13e; helo=mail-lf1-x13e.google.com; envelope-from=swupdate+bncbdy5juxlviebbamps2wqmgqedcp5ohq@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lf1-x13e.google.com (mail-lf1-x13e.google.com [IPv6:2a00:1450:4864:20::13e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdf6fXjz23dm for ; Tue, 16 Jan 2024 06:29:10 +1100 (AEDT) Received: by mail-lf1-x13e.google.com with SMTP id 2adb3069b0e04-50e7b7c85easf7273131e87.0 for ; Mon, 15 Jan 2024 11:29:10 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346946; cv=pass; d=google.com; s=arc-20160816; b=Ltem9kPevlFFjI6maf5KBYEjnzGMpWwLDmKFldtMJynXDOOjCNr+lIJYf/AvE1arzj nxtjdmI/sLVpFXl9BXqphR3G/qro1JE0fxhJs8CrAwYKgMrqOHNzuMiiTAou7sTPnkWI LY1mFpHzMG7YeZehHVzf3J0VseszLASIcpkKcX5bJj2UYzJscBKEDZhoUV2Yb/YSjKR+ oTw7OuLvmHvpUkwbPEnuZz/1vn+c6W89XcwEs31N8sPqEq2h5nO2Id76Rd0mUFqC6AUy uVfK3BLa7bVXDrXYoX/axO67ag5PKoONoK25kpzeDa8tXgx1m2gstRvuST9rCyAm4qJI 1XNA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=gJspD30sygKqlmgIFrLV8DZ+OhLDu3TZHFk7vlHOeAg=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=drgx7ph6NprPwVIWueN/QETYq5G4eq12phbsZWU98JK2fbv7CL92JEmdXc3nM4q7An MHPOtV/GdoErdP50Vsyw6Q+uSxoF4B6AH3eJo1WoocI/BezPXp5pS/AOmUc74Uj+x+J/ JZSK3FJ8da+q7AFf56IWZGQwiwyjUZ+CLGXoay7XrzLvGtf8R1SI14i+epUrtqCEsg8y NZrjP1dBegY61X31ujxGV8rXCamKxodFNT8Qk4Ss+Pr1TbjyIyh3FeRuFHqrSGEIAPSg 3m3yjDqi7MbhIQ4/TNQ/vX3Fb69slfotrha/1z/UhnBji+R3opeFSstBOwTb10tme8S7 1lOg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lAGLH9L5; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346946; x=1705951746; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=gJspD30sygKqlmgIFrLV8DZ+OhLDu3TZHFk7vlHOeAg=; b=PXMhNtPiyv9ds9vRWk0Qz2XBoF/mLbvQ+7Tl1hcAeJIS8XKklSsAfWJikmDqlAet+l KA53HNbRKVATvudRnwzh2KlsbmQhov7QTyaDnSVBxUst5O/6PhYy3a7s/tKlLOmIj63f 2ERSpoK9lPRARwXYRdd9v9HLrkpMze1ZRr6qXa9p+3LRX96SwtF8aD7/yN5alp616zMz MfRs9A1LG1RqmzKVk5SIv48k7yrDhMcxGMeu0ipCS2hiFzguxsqAErOgmMRbZ8VUj8eh BGOKGm/bUGN9YNWPzxBatLmECLVAReF0R9Wh28y1/uXQqqh2hRUKR7aPi6CelZ7Ek0dM l+EQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346946; x=1705951746; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=gJspD30sygKqlmgIFrLV8DZ+OhLDu3TZHFk7vlHOeAg=; b=HVB++hOAxv+ccosuxlfcsD4dVf7+YTAsX6pk0oJsWKyqyAMBOAncq5MDcAOUGNtqhy xTPx5Oaq4TK3910v2NZl7uOuZsDfzv1LbSbMeqUR/eCsxVKa/pXIf0y7gASaE7TQbrcM cI0L4CSOSs/tva3NmilkekaQKV4te97FN9x/yZYr9+7PZX9KbIXeO3Aze6s6dg6n2lBG xt0NgOSQhDAMeuezh2L2B5/5FaB1tkpm0DaLUUKoK/9dOQuqhblB1rtubfRF6ZUmwjyb eIl0ry4YgTRGLaod8oQzKfDraA4Do+wPnRDcsW8ESkRtlrAVTFmgBv8ACUKIywJTVN4q pBiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346946; x=1705951746; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=gJspD30sygKqlmgIFrLV8DZ+OhLDu3TZHFk7vlHOeAg=; b=GWkmQI2RR5m4PSt+HpGP6nYjNEMleWB78EPO0a+09diNGEooM0hapN8F1dMk+kWA7r gXwcdJEzLVE/LY70sgidUXTnUDOWSXsrxijsarmcx0tyxy/o6Xb9ebcAXTv9y9cndgpB JbyXArBDhdjdt4VZKYSywDCi7Xfvq20xPmEYYZkwz+HM+ftJX75a58tSqygRFnQoIJfc U66LbCNDUTF+YrK7Aw8YO8S0Iwumv6i9dam4+6g7WoS9upZQC/k51j3C67CxcVYYK2sg 2eNkrnxJ/qDdewTEDA6HQO4Udgc03FHj7UpjEiHScMsU/wXCo0fPF7hesI+8NQ79uV7X dMvQ== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YxhVAS1Ow7pmZzRExTzu81fE1ET91Vr2GtCxmsbvQjlrxhBPhmf FhsBNDFkpOOpNsvNaE7ZSpw= X-Google-Smtp-Source: AGHT+IEIbDLCFQhGjjbpRiQFd+t/NsYgje0QAnEiO79WI7Zuuk0CRaPQlck1d1d2sHpxWzkkHVvLGQ== X-Received: by 2002:ac2:4adb:0:b0:50e:935a:b682 with SMTP id m27-20020ac24adb000000b0050e935ab682mr2153530lfp.45.1705346945694; Mon, 15 Jan 2024 11:29:05 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:6512:a8f:b0:50e:7eb7:bab8 with SMTP id m15-20020a0565120a8f00b0050e7eb7bab8ls1620381lfu.1.-pod-prod-01-eu; Mon, 15 Jan 2024 11:29:03 -0800 (PST) X-Received: by 2002:a19:915d:0:b0:50e:74f3:9c5a with SMTP id y29-20020a19915d000000b0050e74f39c5amr2269461lfj.38.1705346943255; Mon, 15 Jan 2024 11:29:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346943; cv=none; d=google.com; s=arc-20160816; b=fn5klOWH86vqhCBRqAr7MKmJgvVdh4yfPUMlfwiqvbFDge4hc01me5CFOwSZeLriCT Jcr2T/LR9brsKU2IuEs0W3nz/dJs5IXjn3lmtIKdSs04qoOIBKx5bemeMiZRdexqdz2T enZS5bcotpihM4NY4qWw9zZfEs7p3mWsPke+A6BwNRdZxKnDz/S4mHli+oFbmHmD/MkH ynnLUJeTd0hA0JsYbTUnFyBa2e9cFPtWDjocz2hvZVL/EHoQNAoKcyk+6sqoQ8JNkFJZ ADcmhE2ljjiwfGU38dmZnyTIjvQwwnEfOn1SIzyT4LMeQ7Yq8abERdaQP9vPnHAHVDqT 5LnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=+z9+jyRx6pYGV2YkaSoJKxuXzTfTdQeCCshtXh8cd4g=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=Ht/OM/poExyua07sLUPFxrVxpdSAjKnnvtgkHBPm3dHwdb6e8BHTmKHypGuVYw4QrQ YANx+w6tY7hFdJYotMVZuutJbIjpgbEQ6jzb0qTaY0WUBYft5yNyhZ17FgF5TNinYjwf /YYkniogDBPV55Y9+uKg7vsyPqu+iDyAzAdOWkLHfYCJv6gUu722t2SlX2wMIBzGfQZK 1RoOm0XbEu+2WYyjbAM4H5ESHHaL775HAJhQ9fWMOxQjzQta3k1JLrrFovkhnnApqcRJ CEIHvV58yZ5S+kUpqxXKWshl77B0FQhT9ZMT4YDHDjV5pYL+GsyaQMFVM7zAtjdlnud/ Skag== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lAGLH9L5; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com. [2a00:1450:4864:20::630]) by gmr-mx.google.com with ESMTPS id m18-20020a0565120a9200b0050ed4c7fd46si313865lfu.7.2024.01.15.11.29.03 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:29:03 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) client-ip=2a00:1450:4864:20::630; Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a28bd9ca247so1088616066b.1 for ; Mon, 15 Jan 2024 11:29:03 -0800 (PST) X-Received: by 2002:a17:906:c281:b0:a27:f2b7:bfde with SMTP id r1-20020a170906c28100b00a27f2b7bfdemr2803986ejz.130.1705346941950; Mon, 15 Jan 2024 11:29:01 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.29.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:29:01 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 5/8] swupdate: Initialize the key pair for asymmetric decryption Date: Mon, 15 Jan 2024 20:26:42 +0100 Message-ID: <20240115192845.51530-6-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lAGLH9L5; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Add asymmetric decryption key pair fname to swupdate_cfg. Read and initialize the asym decryption key pair from argument -a or configuration file. Signed-off-by: Michael Glembotzki --- core/swupdate.c | 35 +++++++++++++++++++++++++++++ examples/configuration/swupdate.cfg | 3 +++ include/swupdate.h | 1 + 3 files changed, 39 insertions(+) diff --git a/core/swupdate.c b/core/swupdate.c index 6f9938e..9c3f289 100644 --- a/core/swupdate.c +++ b/core/swupdate.c @@ -103,6 +103,9 @@ static struct option long_options[] = { #endif #ifdef CONFIG_ENCRYPTED_IMAGES {"key-aes", required_argument, NULL, 'K'}, +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + {"asym-decryption-keypair", required_argument, NULL, 'a'}, +#endif #endif {"loglevel", required_argument, NULL, 'l'}, {"max-version", required_argument, NULL, '3'}, @@ -165,6 +168,10 @@ static void usage(char *programname) #ifdef CONFIG_ENCRYPTED_IMAGES " -K, --key-aes : the file contains the symmetric key to be used\n" " to decrypt images\n" +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + " -a, --asym-decryption-keypair\n" + " : path to the asym decryption key pair (PEM)\n" +#endif #endif " -n, --dry-run : run SWUpdate without installing the software\n" " -N, --no-downgrading : not install a release older as \n" @@ -312,6 +319,10 @@ static int read_globals_settings(void *elem, void *data) "ca-path", sw->publickeyfname); GET_FIELD_STRING(LIBCFG_PARSER, elem, "aes-key-file", sw->aeskeyfname); +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + GET_FIELD_STRING(LIBCFG_PARSER, elem, + "asym-decryption-keypair", sw->asym_decryption_keypair_fname); +#endif GET_FIELD_STRING(LIBCFG_PARSER, elem, "mtd-blacklist", sw->mtdblacklist); GET_FIELD_STRING(LIBCFG_PARSER, elem, @@ -499,6 +510,9 @@ int main(int argc, char **argv) #endif #ifdef CONFIG_ENCRYPTED_IMAGES strcat(main_options, "K:"); +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + strcat(main_options, "a:"); +#endif #endif memset(fname, 0, sizeof(fname)); @@ -662,6 +676,13 @@ int main(int argc, char **argv) optarg, sizeof(swcfg.aeskeyfname)); break; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + case 'a': + strlcpy(swcfg.asym_decryption_keypair_fname, + optarg, + sizeof(swcfg.asym_decryption_keypair_fname)); + break; +#endif #endif case 'N': swcfg.no_downgrading = true; @@ -854,6 +875,20 @@ int main(int argc, char **argv) } } +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if (strlen(swcfg.asym_decryption_keypair_fname)) { + if (swupdate_dgst_add_asym_keypair(&swcfg, swcfg.asym_decryption_keypair_fname)) { + fprintf(stderr, + "Error: Asym decryption key pair cannot be initialized.\n"); + exit(EXIT_FAILURE); + } + } else { + fprintf(stderr, + "Error: SWUpdate is built for asym encrypted images, provide a decryption key pair.\n"); + exit(EXIT_FAILURE); + } +#endif + lua_handlers_init(); if(!get_hw_revision(&swcfg.hw)) diff --git a/examples/configuration/swupdate.cfg b/examples/configuration/swupdate.cfg index 8b8a6b1..844cdc5 100644 --- a/examples/configuration/swupdate.cfg +++ b/examples/configuration/swupdate.cfg @@ -25,6 +25,9 @@ # aes-key-file : string # file containing the symmetric key for # image decryption +# asym-decryption-keypair : string +# file containing the key pair (private key and cert) in PEM for +# asymmetric image decryption # preupdatecmd : string # command to be executed right before the update # is installed diff --git a/include/swupdate.h b/include/swupdate.h index c1f86b3..c54647e 100644 --- a/include/swupdate.h +++ b/include/swupdate.h @@ -57,6 +57,7 @@ struct swupdate_cfg { char output[SWUPDATE_GENERAL_STRING_SIZE]; char publickeyfname[SWUPDATE_GENERAL_STRING_SIZE]; char aeskeyfname[SWUPDATE_GENERAL_STRING_SIZE]; + char asym_decryption_keypair_fname[SWUPDATE_GENERAL_STRING_SIZE]; char postupdatecmd[SWUPDATE_GENERAL_STRING_SIZE]; char preupdatecmd[SWUPDATE_GENERAL_STRING_SIZE]; char minimum_version[SWUPDATE_GENERAL_STRING_SIZE];