From patchwork Mon Dec 4 10:05:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871476 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=qQZN35i8; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=ca1RqQ0+; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::13e; helo=mail-lf1-x13e.google.com; envelope-from=swupdate+bncbdy5juxlviebbjojw2vqmgqet25ztnq@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lf1-x13e.google.com (mail-lf1-x13e.google.com [IPv6:2a00:1450:4864:20::13e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK7v5ZNpz23nl for ; Mon, 4 Dec 2023 21:06:34 +1100 (AEDT) Received: by mail-lf1-x13e.google.com with SMTP id 2adb3069b0e04-50943cb2d96sf2713280e87.1 for ; Mon, 04 Dec 2023 02:06:34 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684390; cv=pass; d=google.com; s=arc-20160816; b=eag2jEXV9c7UjhmRnS42MWlmNN1lD9I8yioTJBZQJsXSpP7PqvA6t3DvCk66IlE4/E 8NkL2gLp83YQeqSuEgZpDPfmqXorNj3J6TpfxKcdjU1bWITQc2iHtOUrgK/4GhN3cEBn dFJ2G21ol8HSt6XUxlsU3VrHtVmA6qNcVHkBQaaFhh6CD8slaZlO9fR3+8vG1aHxAmXT eIoUs3Gy9IgyAxTGh6yRzcz+cybCDu/nAOJE6L3udjnp/MMg6am9m/+w8OGmILR3iZBN KoSRE3xQMVxNIti+XVL7Z8Ym82pGvV6ARZas8CD8IHBzXFQyY5n6YKWz5YYyc87gY0QV lpSg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=8orrKq26QdjzG3I4XCI4Pr0eBQhk7qoojLWym8wkwo8=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=Xpqz+/lSZYbQFPIGHWNF9SxubmJWKQpqr51Xf0pr72DiuC3r2pYq2pkh702f80+EE4 +MMWqLz+Lp0iVNKx7aPWZABtGt/NUoO7RC8LV00lX6Kf1Hth1h31ICf2rt+EDRIgGyhH 2+lMdfpmoc13jb6oB5N0qy4p0zmK+JJdVWZzE/s4RDEJaJt/X6wzgE/5qodtzKwcv97k becYhQx1Gea67q/8v+/MQBaHXF6hsyDIu02aeDd2mCoIqy4dLPZr0OBfw26GYeagx7FV Z75VMlML348QnRTvtEwxh9mzcCsGanut6ihasHkvz+YK0rUvU7ndIz8QIRn26QrAfccj 02Gg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JiUnOAPT; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684390; x=1702289190; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=8orrKq26QdjzG3I4XCI4Pr0eBQhk7qoojLWym8wkwo8=; b=qQZN35i82mwG3r8SgJR4VZ2OKx/ptdXRsfZvdrJDPCP1FFGjU/oR+bH7KV6uAgXKXK nyiAmPyJiFIuU4ruN3ZwXzfekVBqxtSvxd4N7sxZnShqmR7nWLWQiSGc/dLFC8SBOpQn jl4aPb+6tvFMtEWv8gTd6cbbUsW8FNY47xTT+thVDrgrqARgJMZMRDxS7aQYG9cNchNw SNBTesjJJzfILvqiPymFGkqMxJnlw4bMrIN8jCgrvg9g0zwzrkUhyZ1zrMyI0UVYrmUd t+FNLbwj7Qrhi9MYdoJ1QhZqvYQzulogAReTgvIJZWmSqu6oXRJvQagcggg5atOu+VTQ 4tgQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684390; x=1702289190; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=8orrKq26QdjzG3I4XCI4Pr0eBQhk7qoojLWym8wkwo8=; b=ca1RqQ0+dr337CjHZViibcmE8+4K4uSEEpsBPurZlf2byuMMWv1I/ZPiflDPF9Gu3c q/oJexeo1LMfQqJLPhd0eCPdp/SoAojobKg0xEd4zSIZ03g70aezOJxQaiE8cQzGFd7e dW6gCepA/uwSw9hazcoQ66ScVrBUeLYuEXhlwHuWIKf3qcNRYv7LpQZ6i56pzZPrU1Hg 2alM9ux02DlG82/Ldu+4b+/2OlmWjiQVFYiX+xK1/ev7ct4U5EzShxBPnlaTIRy3UtYX GYQdW4AGkPbjMQcHdc2SX0J4pHJbZo1Ji2FeyLbtfQ6jf6VBIWNFqykuw2hw4uUXLS3i CLzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684390; x=1702289190; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=8orrKq26QdjzG3I4XCI4Pr0eBQhk7qoojLWym8wkwo8=; b=nFNXL99Uc/tTAUxMaUzqfpr/po3KoBPN7I5JQJlCwCDsNoRDwsKS05QAx8+hQ03L+k gYoqlgYduBsjiCrd9FLgHXTnsH3T/cGUX0oreNPWhdR9KNn/Y174bCoKXmpZrt/4PgVa 1lKhjSFoFlutDZjQ9OR+yfiyakj+K1yvVwafgG3UxlbyU8YmpQHpGVMxBMKp6B+H8btn q8kh7oNIxZDUWpMeoqbmIaVEOIToKtp3XNvkD9wX091/BxL4NuNnRgwpCJZB5+FYq8wq NGeCvo4EMZMjQzxmIZVl+34YF1a4aSdh0cv7fLcoL0XkcqCKMkPISMksYF/lwCnCLFRI 3GSw== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YygVfEgpe9xkszvfqgdASGi5RULo26XUkIUJLjetLH4U+slCOAp 9HNaUIRNw09evDqPkKwHz8Q= X-Google-Smtp-Source: AGHT+IFDZnm3CAq78MfxhpLQSopPMpO1bFepBQ+M7CKa42TqPv55rOvS1BI9Zh9yFupXJbz1kx1K4A== X-Received: by 2002:a05:6512:33d0:b0:50b:e9d0:254 with SMTP id d16-20020a05651233d000b0050be9d00254mr1637015lfg.12.1701684389635; Mon, 04 Dec 2023 02:06:29 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:6512:238c:b0:50b:f400:a010 with SMTP id c12-20020a056512238c00b0050bf400a010ls57334lfv.1.-pod-prod-00-eu; Mon, 04 Dec 2023 02:06:27 -0800 (PST) X-Received: by 2002:ac2:5989:0:b0:50b:ec8c:a293 with SMTP id w9-20020ac25989000000b0050bec8ca293mr1407320lfn.15.1701684386705; Mon, 04 Dec 2023 02:06:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684386; cv=none; d=google.com; s=arc-20160816; b=W3VnRBVukpCO6/0VMOIIDt7bIzcKyMqzWtkLqqMv6fsxpafgpkTskrCupv9N5Hyoei 1jzVl2lfipiAVkfFep0elNd4BM83UbkwQ1HL4NebIeZStZFjzwQslg4WVLvyUDvu26U8 DjaWoRiFbUiJsBYKwFs4i9Efv0chkgRUAgxve58NE1Wd295Xsxzl0U3d/iuOY/opLnMb FR9i7C/mP/kWYAc86B3Uo6vKLMRPJwuTwq6vzNHactdPoPXgj6XJcGzqIfawgbiEFK84 czMu4KTRNBzvL2Prmr73Dk9vFIwHe6lnWLqkwgULB6Jg4i6v0YRXG8qOUQquX2b8gzMY cxjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=C9jEeXF5KAc7P4LfJD774spiTIh9ViHjMcGiy1n0wuE=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=S2f9Ki/+SgM/b6iJMIO7pslKY6JJC6YrJvAiMm3RT5r1NLicmHzqTNA5S0y6z5DuMi /JloqY+hW1UjSvnpKON++t75+lGGXk/Z4AzRJTqPGZjQRjaMJxXtX9rzBvy4Qldb8NtH P1XcU9sDia7CSvZdEi+uKRmAEzOZavoDYi7a04zIzyY7hog8AF90B2BPz1PXX1lli5gj SgZKDePRHP0sTTgV0T7M55/QZIrKKEhF3vz7JV8la7uhEZ6tvS51BmfaJLCTbpz72TQW xDzrjRL7XGH6dleJgCC5JF4dWsds6LNAyCDsYZeN9j51mOqYSjAfK7cDeIPoB9Rh1FKS ou/Q== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JiUnOAPT; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com. [2a00:1450:4864:20::636]) by gmr-mx.google.com with ESMTPS id h4-20020a056512350400b004fbcd4b8b84si473948lfs.0.2023.12.04.02.06.26 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:26 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) client-ip=2a00:1450:4864:20::636; Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-a1b7b6bf098so95316366b.1 for ; Mon, 04 Dec 2023 02:06:26 -0800 (PST) X-Received: by 2002:a17:907:110d:b0:a19:a409:37da with SMTP id qu13-20020a170907110d00b00a19a40937damr5735961ejb.51.1701684385711; Mon, 04 Dec 2023 02:06:25 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:25 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 01/10] util: BUG: set_aes_key does not fail on invalid aes key or ivt Date: Mon, 4 Dec 2023 11:05:33 +0100 Message-ID: <20231204100620.27789-2-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JiUnOAPT; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , When parsing an invalid hex string for the aes key or ivt no error is returned. Check if aes key and ivt are valid hex strings. Signed-off-by: Michael Glembotzki --- core/util.c | 25 +++++++++++++++++++++++++ include/util.h | 1 + 2 files changed, 26 insertions(+) diff --git a/core/util.c b/core/util.c index cb2cf78..e206ce7 100644 --- a/core/util.c +++ b/core/util.c @@ -520,6 +520,23 @@ unsigned char *get_aes_ivt(void) { return aes_key->ivt; } +int is_hex_str(const char *ascii) { + unsigned int i, size; + + if (!ascii) + return -1; + + size = strlen(ascii); + if (!size) + return -1; + + for (i = 0; i < size; ++i) { + if (!isxdigit(ascii[i])) + return -1; + } + return 0; +} + int set_aes_key(const char *key, const char *ivt) { int ret; @@ -534,6 +551,11 @@ int set_aes_key(const char *key, const char *ivt) return -ENOMEM; } + if (strlen(ivt) != (AES_BLK_SIZE*2) || is_hex_str(ivt)) { + ERROR("Invalid ivt"); + return -EINVAL; + } + ret = ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt); #ifdef CONFIG_PKCS11 keylen = strlen(key) + 1; @@ -551,12 +573,15 @@ int set_aes_key(const char *key, const char *ivt) aes_key->keylen = keylen / 2; break; default: + ERROR("Invalid aes_key length"); return -EINVAL; } + ret |= is_hex_str(key); ret |= ascii_to_bin(aes_key->key, aes_key->keylen, key); #endif if (ret) { + ERROR("Invalid aes_key"); return -EINVAL; } diff --git a/include/util.h b/include/util.h index dc0b957..afe3a4f 100644 --- a/include/util.h +++ b/include/util.h @@ -162,6 +162,7 @@ int ascii_to_hash(unsigned char *hash, const char *s); int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src); void hash_to_ascii(const unsigned char *hash, char *s); int IsValidHash(const unsigned char *hash); +int is_hex_str(const char *ascii); #ifndef typeof #define typeof __typeof__ From patchwork Mon Dec 4 10:05:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871475 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=csn/cq4t; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=StF++hTN; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::43e; helo=mail-wr1-x43e.google.com; envelope-from=swupdate+bncbdy5juxlviebbjojw2vqmgqet25ztnq@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wr1-x43e.google.com (mail-wr1-x43e.google.com [IPv6:2a00:1450:4864:20::43e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK7v5Tcrz23nk for ; Mon, 4 Dec 2023 21:06:34 +1100 (AEDT) Received: by mail-wr1-x43e.google.com with SMTP id ffacd0b85a97d-332e71b8841sf3357058f8f.0 for ; Mon, 04 Dec 2023 02:06:34 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684390; cv=pass; d=google.com; s=arc-20160816; b=XZrkU2r7E5DHUQiSVn4XlHKNBch0lzYb2oy0YQVfHbH6OeQuZJs0xCPEfmwgGBcSvY E0K90DLMPsA7NIbCSnc6bT6Wd9s7D7dL67T1Z8fgcQjdk0zx0SUNbthRzK6sS82yIQ4z /JNtjTrAtDwjQiysjmtEml71Bv+OcZtDNpm8wmiR5M5P0cpqTmu34gWUlitcsdY4PHql 7UPIqybXfeA8e3wLhWTHtFDiwgPA8lxKaIHfIj14kFVW9dw5WToTwNfsPWzEcojEzbLw iaJ4h9dM1XtjGWqKiyuuLMR5aFBlEJErtD0QrsqUBPIJWpPe+TIkY47r+GllaJXpMPck GfWA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=O2+lQWYOy+syo6AcJEK5NZeMjKyfpTCtl0Ys/MmLeR8=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=wjdp9KdIy0cR4QSLX4clYjeZ4NxZM8h5aou9z3+wpA/7OysZAPInUbZ/qZ5pO10Apf XHHSThwnI9ZVSFS9NrybivNB35z5ToVkxckkcFGNZDCgLlNFN5PZDCOEOmJv9NLVhDz2 5VujS0HHhVk4w37i05jsCy3wT2/mslBhEmWKrCoGUFWILECVlj82iIprkurUGn3IzM+w JDy1PCc1cwlOi6OvJ7/29e/4I1ueTAEFnWvMaDDGQbqj+Xm7NjiAay8JBDrRExt5wUtS Jvf7V5j5DnkQ+Dzc+wJGngt6rDMSkwoMPF7wiKl1SeiEDlPQJcsdDzaB++2BXlN1Xnhv r20g== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CxJkJ0oY; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62b as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684390; x=1702289190; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=O2+lQWYOy+syo6AcJEK5NZeMjKyfpTCtl0Ys/MmLeR8=; b=csn/cq4tK4/K0scTY6xp/WcnaGd3wa+Qjtug6Mm2ETCCok+pl2elG4w5nE+heoBhmK 22IpEib6rinEpjesr/QkaehvmJE4rClrlHYW3MlPxzsysfFpLTI0CFp/RIlrArXxsGxh OJpR3bfoNzXtnokRcnWQYhz0FRM65m5Zx1IZTDkXHhpCEy8NM0qn/S1hz3zPUK2GapbE eiqL3Kqq5QHkO3CQW22FrQ2IByH0N3VlchccfhCDHZ6BV+mOUvyUGI9cjIByvlacRkNY fsraks0mxmKsm5zdQJKnNhX0Te3HN6SoCkDV+qUCgXehjXOOS7GUT4/NtWX8xcU0hDD1 Og8Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684390; x=1702289190; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=O2+lQWYOy+syo6AcJEK5NZeMjKyfpTCtl0Ys/MmLeR8=; b=StF++hTNUHh8QLD9WTFZ+bCZ5qh728uW2YXYmzOyixNF5UOYURtbcuJkiD0qgEYFdW aeYcsZTHElWoHgilQoI5edqUus3PQUhOHfGmDf3fGVCArYlHMx4kqFDoykj0iPWYpgXc VgjOxF2HiDz7QOvGJuotMQIEqKn6/dRt3MxidH2hN6Uv/LOASuZ4T3hKrmGlYJQlvkcf xoKGSdt+wS3/lx6iYG6eja/W7H7If0oSDmVs16lOJPjz3sylH90HXYepQeWZEePH/5q1 AoXHzlOAjUlfRfPA1D5PA1vB0Xj+6Hs57+KKSdH56Z3XHhTPS2LjZMGnCL1eRRugS27E 0EZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684390; x=1702289190; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=O2+lQWYOy+syo6AcJEK5NZeMjKyfpTCtl0Ys/MmLeR8=; b=xAZjtBwRJ1YsRHQi6Z+V8E+QyQg55mwWEvc0/3p21r/drcE4DxrrQP1SCRfhV+87PJ S9c3f285BktIrZWUeKDLg6zesMbbacK9v+7REFiMXuz3PtbuhOVGzHJ4goCKhhUutkad +STqdWIohR33dsR98dQRrXj85vabgQb9JAS40CXC1lRf3kQFKwrxOz97T+QmciuBJ17A LKc1DQSRwvCv36RreI38RQ5Ozfs6AXA1gNWEz9x+Trvf7q1PVmOU5qoS5q/ufbHJgl/C /Mloj1Jce0cTlnciBpBEwKaDLoyko4Zl/zb34WtGWoO7VR0e/QhX2EAt5EfS45H2OTfs kBDw== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YzY4C6fHolKzWR3ka/B4ozk6ZvoAbU36rxvSzwYD4nMOI2b6vwi FWH5KCKwu40lNbvf4Ay3V4Y= X-Google-Smtp-Source: AGHT+IGG3JXLjst/jZNjtBGf91rFU0eVnElSHADNXdGsG3mel3Gx9h6YxWivZB/SmFyMOhrvmuQqnA== X-Received: by 2002:a5d:54c7:0:b0:333:1fbd:8ecd with SMTP id x7-20020a5d54c7000000b003331fbd8ecdmr3467182wrv.52.1701684389701; Mon, 04 Dec 2023 02:06:29 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a5d:4092:0:b0:333:51df:53ca with SMTP id o18-20020a5d4092000000b0033351df53cals171950wrp.1.-pod-prod-05-eu; Mon, 04 Dec 2023 02:06:27 -0800 (PST) X-Received: by 2002:adf:faca:0:b0:333:3518:c6a5 with SMTP id a10-20020adffaca000000b003333518c6a5mr2372084wrs.40.1701684387485; Mon, 04 Dec 2023 02:06:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684387; cv=none; d=google.com; s=arc-20160816; b=X1zgFIff6lz9uNif3ZSQotdE9tI0sOjN88UKVE9feQwAJZLAAc1ujnooKZ4HU3kQSj 0P9ZMO+fH6Czq9wfgmJCAXPoA457xHYdHPir64haj8Dd3a8QWjTcudAvONrdCHi0Uaqw OsRGlAlJMSh7CvX4nHwD2ypOIZ7yjsWiS4UGEweC1GsqSha4mPhfM3JrvVXmP5JB9MD0 c2RrrAehCRnK4j3CZz6wrD3S//dQw9MbchPXL2q/C8SxdgDrVJdG06bazclDzvORkayc sMkIDkXsg08BnpgsxgnGRS0uxZQzg9phH3AZ9AU9/4cqDGHfqI+5IEi1OmRlTOy3PYq3 Eg2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Dmxmbmzsg2EhhEhNmLq6u84yUQFlOgWHFAisBwRCjpo=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=KZb8dwqOl4kNSxLVxEvyTK9hdCT8YqmHzmuEE47aw0wcJqjkUZ2YeJPzSwRNjkaw2d UnTb3qM0psjgWGxInVyeapS1PgspLYLMTiR3sysd8QCpkPb5FH2i4mFas/vuKs4b1fvd F3s+8/z8sjv8TCaIUqDIcnPFKAnJuTVCd24fzOvMo1Z7nI5+XmyzzTSmjLWAxPSXpuJx v8kSk2u8cUgUm9KYKPnC0UcMFZydjU4lFDcgvCCeiOznwbAK9UUcNvfCK1VNh8i+01lh CzPnxcDNI7TWA9bfs8PPZ0syvU8hPPT7CtMLITawh3Qxwclwsf+XkSjpoVyfSVB+TIYQ VfhQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CxJkJ0oY; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62b as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com. [2a00:1450:4864:20::62b]) by gmr-mx.google.com with ESMTPS id x10-20020a5d6b4a000000b00332c094fc56si469225wrw.5.2023.12.04.02.06.27 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:27 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62b as permitted sender) client-ip=2a00:1450:4864:20::62b; Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-a195a1474easo411239966b.2 for ; Mon, 04 Dec 2023 02:06:27 -0800 (PST) X-Received: by 2002:a17:906:4816:b0:a18:9bf9:2edc with SMTP id w22-20020a170906481600b00a189bf92edcmr4556260ejq.43.1701684386634; Mon, 04 Dec 2023 02:06:26 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:25 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 02/10] util: BUG: __swupdate_copy accepts invalid ivt Date: Mon, 4 Dec 2023 11:05:34 +0100 Message-ID: <20231204100620.27789-3-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CxJkJ0oY; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62b as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Michael Glembotzki --- core/cpio_utils.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 2e5f19a..7049f73 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -514,9 +514,11 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby if (encrypted) { aes_key = get_aes_key(); - if (imgivt && strlen(imgivt)) { - if(ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { - ERROR("invalid image ivt length"); + if (imgivt) { + if (strlen(imgivt) != (AES_BLK_SIZE * 2) || + is_hex_str(imgivt) || + ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { + ERROR("invalid image ivt"); return -EINVAL; } ivt = ivtbuf; From patchwork Mon Dec 4 10:05:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871477 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=mVy0/Fc2; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=fvbMiQsv; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::13c; helo=mail-lf1-x13c.google.com; envelope-from=swupdate+bncbdy5juxlviebbjwjw2vqmgqerp7ajgi@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lf1-x13c.google.com (mail-lf1-x13c.google.com [IPv6:2a00:1450:4864:20::13c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK7w37RMz23p4 for ; Mon, 4 Dec 2023 21:06:36 +1100 (AEDT) Received: by mail-lf1-x13c.google.com with SMTP id 2adb3069b0e04-50bf00775ecsf1122137e87.0 for ; Mon, 04 Dec 2023 02:06:35 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684392; cv=pass; d=google.com; s=arc-20160816; b=yIbOkeXzXo1NlSiOpS6SWQBtFE+Tnn+xYTAPpExJU0CH+XbCMzUI1XygMz5nMH8JKa GlowTf2nG01sSpyTmoMrPRbQ1Rsv63Kolgqu7g65s340swr7pthVHRknvT0dx5S8fER0 5Jmnx0YBiswER483AEc+0uLejLOlcHQnQEAPyG3vvVEs9/Evao+hsVjp2nd8zMrL7yub PT7Jl9B325WZDTsQF4SadMYTSybLUbic31ZI5XNbj3M6aJXvva7RncV9jv08yGHWstP5 zpYpjZyZX9RDS6pmgyfRsO4yRM1dDJAIjvZ0G+H6ilxkNXKtkqX6ZAQ4zoNdUU1IzClp xtdg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=xh/uhyfWusYUXyNUjNrT6qkeGxIa/s+tAriFs6VPotA=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=vmKvF4unNj19tDtTs492BjRprQpInT8BEsZgRlh6i1sZLSwnDfy/tOmNVA+WaZ8gC4 NRpn27ozMsKUM38KHaeKTWYlAl93KC84/5lymmwWSUzBuao/IBK+eKbhqCm9tVRtA82h ScQ/3mInEMsYis0LUqTO8zZU4P3rUZBJYfqtW82uzQRfDn87VC1i1hH8nXVsvc/qV0yw 2t+D/iO9nhvJQwfIsEqcziM+1OV6kpYrTp18YgL9J9QSmQhtjmdx3szITJIPLSIBqfYx rFR2tajyiL6i6H+rf6ffaVb5ICuDMDfpBjbkUsKoD0QPdTSs+VZM/I10988FZvFPEj2T WBGw== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=dedRnovb; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::52e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684392; x=1702289192; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=xh/uhyfWusYUXyNUjNrT6qkeGxIa/s+tAriFs6VPotA=; b=mVy0/Fc2DDst36Iw/LpbuOJPVGAq4xUQ8fmL6C6fRCWuxplmCKsWJSZYCxhrB1n7Hd TT2BkDir4iA0CG/cMdP2Pc2pW+15MiJKEYoUTgHhzCZ0DZKotMhInmp30nPPjJ9NNbVG Q89XdxNuZBb5Yi1lXF0adv07rbWfOhbFeLsU+ceUreMdzBY9e3XgOOEnAcJMhZ6uoc+u VXIxbAJxACO7gEFogU14lnu4dAhO6e8ONiCVuub8sBWpWk1pdZgljt356aWwKhTf/qox RzR6Pu8ptAv0nU1IxjtBMDwTsJ7s6ZhUU3YohU+pDS6qhWzDBeUIQDdSuLn1QBlELqiv W8BA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684392; x=1702289192; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=xh/uhyfWusYUXyNUjNrT6qkeGxIa/s+tAriFs6VPotA=; b=fvbMiQsvOiZ2Jh7ycfMZJkwTd0Nd7hGfQR6qRkWYQcJJteaTsmRMrOShP3xKsrtcn8 6+SnIgjSgEPaL9j75nIvgL6GZA2PhzdiaMrp/ZpR2/jtBJ52f5ysmwQXw77SzjGW9DH3 ss69ChJ4JmvSydgVZ+7NUK5zYm9VW45r3G0N9iBGpM2QnICsTSTBrrOUhX2hslxUwov8 HXNF0vgKdVx91MsznMHllj5AcJCSqJmsgQ7+mKX0Yn+RtCENsNC/wy7JX52OdStmIABf 1nU9audvtCKMvNDR1rw3A34qY/ZDM+DF09TdHqwresY1Hy9pIKI8zU5sGDToi5BQIDW8 2Mag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684392; x=1702289192; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=xh/uhyfWusYUXyNUjNrT6qkeGxIa/s+tAriFs6VPotA=; b=aY2tET21Rl0dDhDNRO5jjJkwazTEZx7GWHL6JoDnsDPj/dDf23936edhACAKtmeyUa 9LaX7x2sjlMUgzCY9QU8h60ywr9y4m3zcb2TuQnP3T8mCwy00YoVVDOteFufG6S6nBO5 SiMn5v/nzL2KZPa/LwxR0vuVjO/wnVjSIJlPJw9sOiEFZwEOyeeWxlkx0bAGrj6c/uQz AfmhcpByZakf4PRUOsNvGsz+jvZhJLievtTLCVfEI+PmYpIW7qFN1Y+P/+INifGE5fC0 INoToZRPMIO7/5yNuJmXazNQZkvPctGS746GuPLxEXgRMnUAlLzPRjLa5/INS0kb+gdg LsLg== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YyEOW634EEQ1G3llPdpk7Y6hadF3upwwXiiZXg+dlu4eu3wWdtm s8vUBcuvk6Uf7zGb/YsGuX8= X-Google-Smtp-Source: AGHT+IGvqGcZkq1k3wgd6dA0ZcccveYwkkElD0VGllrXPQzNW+HYDAgz7imz6F2IVHFIkqOsrgznjQ== X-Received: by 2002:a05:6512:e83:b0:50b:d764:9695 with SMTP id bi3-20020a0565120e8300b0050bd7649695mr3213169lfb.121.1701684390852; Mon, 04 Dec 2023 02:06:30 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:6512:6ce:b0:50b:f483:50fa with SMTP id u14-20020a05651206ce00b0050bf48350fals452103lff.0.-pod-prod-09-eu; Mon, 04 Dec 2023 02:06:28 -0800 (PST) X-Received: by 2002:ac2:59dc:0:b0:50b:e8c4:271b with SMTP id x28-20020ac259dc000000b0050be8c4271bmr1131036lfn.7.1701684388477; Mon, 04 Dec 2023 02:06:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684388; cv=none; d=google.com; s=arc-20160816; b=fBKZmPwTUONsI9v5HAN+CzMBWrFu659tV8xbXe05hOUn5wR7kjuEOihUtE9uW6f1tV o4DdW1+ylG4Mco99xSLmSnUsYhKWpysXdH99NGg2notv6AsckgMZyoPBhmWSdikIafa2 gkTzICjlJiMe9V8dcvQRnUqh14+DdDLVhpqNH+Hw8YSBzjtyquGXeeDZzug+7oZ/5+QZ d78J0sFo2g2TA3ExlDTIIYOqx/vAu10VKo/3pvRQQFCuuRtQ0/pfGb8vaKn1Aoa4iHFX aUA1ODhMWoXPSDrks0JUm/ZrmGfR+iNho2DZXgaFJLZpVzX+PQOVpv6cRCsWYRbFHiQA uyGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=SrpAgY+l8/Oe4+9iPVltwGkeShtPSJlcuQe3hFxIX4E=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=KThXPov9EX1HrXaBHCv+EoLngqFz74FPIskk4q5Nwk7aBh+rThHn3efIobWLmyTo9N tmgzlaCHJ/xo4r1f2In+nJ8/uqOQYqzVrrfD18F2tAtyFAPmmMKk0gB5gmY5YgVCfgED dXnrJOVFr7Nbz9eHPk4Odb2WSerLUPEOuL4uexfy01W1XR3m8bqYgaLq+uJHHm+ODHVB 7C9jJ8SRFe5/lhWRxByWX1ZW0OodbVMTANEL3/yjYG+IS39/mHb755knWmo/2J3cqOlM 1fTwvEna/lxn18UkcGwwdKFP1HI1eroaIOSSJ5Gk3E5ppApz93HyvSgC3yla8Mb9BJY5 zznA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=dedRnovb; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::52e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com. [2a00:1450:4864:20::52e]) by gmr-mx.google.com with ESMTPS id p27-20020a05600c1d9b00b0040b54466ee8si536481wms.2.2023.12.04.02.06.28 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:28 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::52e as permitted sender) client-ip=2a00:1450:4864:20::52e; Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-54cde11d0f4so627282a12.2 for ; Mon, 04 Dec 2023 02:06:28 -0800 (PST) X-Received: by 2002:a17:907:3a0f:b0:a17:7de2:cf55 with SMTP id fb15-20020a1709073a0f00b00a177de2cf55mr2392860ejc.10.1701684387638; Mon, 04 Dec 2023 02:06:27 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:26 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 03/10] util: Remove unused function extract_next_file Date: Mon, 4 Dec 2023 11:05:35 +0100 Message-ID: <20231204100620.27789-4-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=dedRnovb; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::52e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , --- core/cpio_utils.c | 46 ---------------------------------------------- include/util.h | 2 -- 2 files changed, 48 deletions(-) Acked-by: Stefano Babic diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 7049f73..0a6ebc1 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -807,52 +807,6 @@ int extract_img_from_cpio(int fd, unsigned long offset, struct filehdr *fdh) return 0; } -off_t extract_next_file(int fd, int fdout, off_t start, int compressed, - int encrypted, char *ivt, unsigned char *hash) -{ - int ret; - struct filehdr fdh; - uint32_t checksum = 0; - unsigned long offset = start; - - ret = lseek(fd, offset, SEEK_SET); - if (ret < 0) { - ERROR("CPIO file corrupted : %s", - strerror(errno)); - return ret; - } - - ret = extract_cpio_header(fd, &fdh, &offset); - if (ret) { - ERROR("CPIO Header wrong"); - return ret; - } - - ret = lseek(fd, offset, SEEK_SET); - if (ret < 0) { - ERROR("CPIO file corrupted : %s", strerror(errno)); - return ret; - } - - ret = copyfile(fd, &fdout, fdh.size, &offset, 0, 0, compressed, &checksum, hash, encrypted, ivt, NULL); - if (ret < 0) { - ERROR("Error copying extracted file"); - return ret; - } - - TRACE("Copied file:\n\tfilename %s\n\tsize %u\n\tchecksum 0x%lx %s", - fdh.filename, - (unsigned int)fdh.size, - (unsigned long)checksum, - (checksum == fdh.chksum) ? "VERIFIED" : "WRONG"); - - if (!swupdate_verify_chksum(checksum, &fdh)) { - return -EINVAL; - } - - return offset; -} - int cpio_scan(int fd, struct swupdate_cfg *cfg, off_t start) { struct filehdr fdh; diff --git a/include/util.h b/include/util.h index afe3a4f..958274c 100644 --- a/include/util.h +++ b/include/util.h @@ -207,8 +207,6 @@ int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, int copyimage(void *out, struct img_type *img, writeimage callback); int copybuffer(unsigned char *inbuf, void *out, size_t nbytes, int compressed, unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback); -off_t extract_next_file(int fd, int fdout, off_t start, int compressed, - int encrypted, char *ivt, unsigned char *hash); int openfileoutput(const char *filename); int mkpath(char *dir, mode_t mode); int swupdate_file_setnonblock(int fd, bool block); From patchwork Mon Dec 4 10:05:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871478 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=YmWaizcB; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=BAJfYlVp; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::33c; helo=mail-wm1-x33c.google.com; envelope-from=swupdate+bncbdy5juxlviebbj6jw2vqmgqe47dcxkq@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wm1-x33c.google.com (mail-wm1-x33c.google.com [IPv6:2a00:1450:4864:20::33c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK7w3RTTz23p6 for ; Mon, 4 Dec 2023 21:06:36 +1100 (AEDT) Received: by mail-wm1-x33c.google.com with SMTP id 5b1f17b1804b1-40b443d698esf29908195e9.2 for ; Mon, 04 Dec 2023 02:06:36 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684392; cv=pass; d=google.com; s=arc-20160816; b=tL70a5kl0+itiYylcbnxxbFvQPfvb3sG7tJuzJFYxKCd4MQFAjFK4JBYYYlh2G55AL Mn6PRz6Qk12Nrk8l77uEQyu+BtjWyHn5y3R3xd1RaAHBcsXKcFQdPb9t0IZKvBrcGFVH oHE3UqfrVdflxWF3D9KHT1SVTWL5khTcdbBchhwCFKdrPh7NibHK5lWHOn2B3Y/uz12C FaBiZ8ZVH+WLAO5OImZCz9NQ/2twePi+aVAa4nu/eITOzzXkpOh2SfYQ8WIohLi0nKMI z2lt5DKLq+Z5Mv4LQTFqnbw8TRzDWghzl91+5oAIODt+RT0vVqhAM6Ay69RgvSwaGs1u BvQA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=DeTYjgq/RA7gE4PBxnnBnPa3GqGrnYqPchHO5oj9o54=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=U30akb31o3qTVrGlYcwrC1PGzjnUsqhgSbsGnZQCdBYuCfwPhtdzcbxaiR1xG2d5EY Y5XVu27i2ozh18hr+StD0wrIeOZMqn7a9hsrJTnZygT6IsOTzkjKz2Cnx77+Y1Yj2JO0 gHkltYv423yW28khA8Q8uT2dC52qvxyQBnB737O6OVzQI5DYOtE8sngZAKdHIBFb5IXA tHqAW5nqjplNvvy+nSpGet9jdm39fMqG2p/FlwBhT0QcCMM7fGNMD3ToziP5tsGKLeu+ CqIbftZ/7wH8NKyoM3ijHGUSyu4JGppLtOu38ecZkAIJTCH4orHrJO/5clsvwS5X2qMe iUBw== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=I9Eszmgs; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::534 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684392; x=1702289192; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=DeTYjgq/RA7gE4PBxnnBnPa3GqGrnYqPchHO5oj9o54=; b=YmWaizcBC4bRAQ9flPHwbi25oewdmCpsWPM6drks6BL4e8I+FkXNgNJ0Sb/JjldKlC iR8Y+LJpxBQn6y9CbZSX9pND0sser8B3+Y6gTB8Krfbb/5kdXclZxZIiRnZAoXnSY372 6nmUlqC/VGMVdRZCpCD+NFWRJ6fJp9u280h1fRcPzPRXoYAhRg3CHKlDJTsFUP1XApvW UfEI5D5wIyPUDgXZ3VynEc/H9tNBQBojHjSCUnO07tKVwdou841I4NMqmdwF/eiSLSUJ PaCqA6BO6iMy/b8BZMS/v+8joqtt6Ueu43PZwXJZ9scooQiwAdZOXZ+1Q7oJf+7QgEtJ rimw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684392; x=1702289192; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=DeTYjgq/RA7gE4PBxnnBnPa3GqGrnYqPchHO5oj9o54=; b=BAJfYlVpbT7/QzUZaGGOx4Q2WwkWAygwWZb9Zw9kvGohbukh0jWzn05Lv7JNrUTLC0 r/MGZby1mC4pe3oSCc3OtV08Gdtcqz27rNXpFW10Nn45PUr1XmpvcPqpriXTqgq4Ir1P OifpScSg8pNdazvkYW5j8nTqJ0wpyuXKJI722bbj0QyBC3Fxjc/rlszunWALAMKz82aE rM4GtkC900Hu7TMwi4wWp1OkxwpKpfaBntKSqlxi675I3gv9f5IK3nbL2o2QHKIm75Vi SP5JAGSMHXJOts+bi99i6/8a92jCQFw+moozKOvijx1l4Zom2QShFy5cgaqwOYvfoCuI jIoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684392; x=1702289192; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=DeTYjgq/RA7gE4PBxnnBnPa3GqGrnYqPchHO5oj9o54=; b=rE50U7Fn3Tm5sHbBV52vQZhLEDqbUkG2W3ypbwvU0/WtcV5Wmuewyj6e9ARz2LtrqX tlNmsGbzCPQDCexOlqeDFhUL7VmpuxFQWmiD5g4mh8dhWCRJixUUnmAaDakFasiyQtfK qJf+F5COM2sxx01PNxUDxD54GvDnQeSgtvZsx5/nP5mBl0UZ0h7j0xZ2etSMYdWKW5UX 6XNIQY0w5YwBcAKzX/Fi1Jx4WzMO41wZie9v7FQw1akD4Jfg93TZr2jslHk1y+QeK6w/ /TFoCizoIARUP+xQ4hIOAs4epbjPkKBIz0uv2J3rrd2EMB+6cIOfyaK5Or7BUm1/q9HK erZg== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YwMdJXAL71qTHAHxqpgfw/oR74WatOwOGnhyxkxsRpzMns891zc 3WuAnXvoHIZLa3lJUyIWwCo= X-Google-Smtp-Source: AGHT+IGLs1qglUmRI5l4aHvoB9xKGtB33WgGgety3aUdZ+gXe4zKJ11iNRTsJOfE6eeJteXf4CKvTg== X-Received: by 2002:a05:600c:16d3:b0:408:fe93:a2f7 with SMTP id l19-20020a05600c16d300b00408fe93a2f7mr2328936wmn.37.1701684391636; Mon, 04 Dec 2023 02:06:31 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:600c:3b9e:b0:40b:31e2:cf43 with SMTP id n30-20020a05600c3b9e00b0040b31e2cf43ls153726wms.1.-pod-prod-04-eu; Mon, 04 Dec 2023 02:06:29 -0800 (PST) X-Received: by 2002:a05:600c:3782:b0:40c:90b:77d4 with SMTP id o2-20020a05600c378200b0040c090b77d4mr1038912wmr.163.1701684389503; Mon, 04 Dec 2023 02:06:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684389; cv=none; d=google.com; s=arc-20160816; b=XOHa+xEk9oAhf+3/mbZfsxVgbzQEOSybhPBdJKKTFGtfLGSvTLaEzmLwaBYVB1Jvq5 CcdQsQo3zcoEltcqwTX74q2XthbZH6oZy0hsCJgGmwd0nrVU8b7KNPtJebuNDTb7XeVc b5xtCv7+HzxLN7jMlT473wxT3F/KZ50tngRrVSIjVtf30Hbqx9Ylxr2UgR+n+JIQa2Jx z4CWMnARGoLXr8ZONtdV8SeB2HPi7wWmGKYBQ7uqAMUp7OkcrzY1OaXuC16E6YgVtX4t 3ypOc/pAlsMqUvPzqvS9l6K3buAdipju66EODHQuppXkmO4FpeOJu6X1JZ9F7vwMq75e X1cQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=CLS8JDbE9P6G11xe1/SPl+uWQKqdwM89sSaMDj67i00=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=guvS4LKNOQUTiWfHDFwq27k5KQFGHPHFSERNbpCIu7nWkZwIkzOPzWljYoMFRMEe0S 6tisp1QIHjz7XeVLdIJrH2OcG20KuunBDPyDPsKtBLmP7wHN9WOOevy1lCJIWkZ0qsSJ afwCqszfaH+cXM/sCtwHnr02noFBnnV26ORk8eNDJrqg0x+Ql5I8nWiZzKhYLD0JFeLw KRfk2M1SECrfVIgpFW9NWGpVU8K+9MG229/0Nfw/Q0Q+iU836k7cTQn4ab9kHq2nzTwo C8M/6a1L9reqikUmQnyBM/5xS/kCu9xmen0TBgsABlezgKUzZn7kMUDJFE+A6Pmsi7Yv V3vA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=I9Eszmgs; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::534 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com. [2a00:1450:4864:20::534]) by gmr-mx.google.com with ESMTPS id p35-20020a05600c1da300b0040b4055397csi712244wms.1.2023.12.04.02.06.29 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:29 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::534 as permitted sender) client-ip=2a00:1450:4864:20::534; Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-54b8276361cso5190349a12.0 for ; Mon, 04 Dec 2023 02:06:29 -0800 (PST) X-Received: by 2002:a17:906:3f16:b0:a19:a19b:78bb with SMTP id c22-20020a1709063f1600b00a19a19b78bbmr3022619ejj.126.1701684388651; Mon, 04 Dec 2023 02:06:28 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:28 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 04/10] parser: Read aes-key from sw-description into struct img_type Date: Mon, 4 Dec 2023 11:05:36 +0100 Message-ID: <20231204100620.27789-5-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=I9Eszmgs; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::534 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Michael Glembotzki --- include/swupdate_image.h | 1 + parser/parser.c | 1 + 2 files changed, 2 insertions(+) diff --git a/include/swupdate_image.h b/include/swupdate_image.h index 592a886..1ba1d22 100644 --- a/include/swupdate_image.h +++ b/include/swupdate_image.h @@ -56,6 +56,7 @@ struct img_type { int preserve_attributes; /* whether to preserve attributes in archives */ bool is_encrypted; char ivt_ascii[33]; + char aeskey_ascii[65]; /* AES_256_KEY_LEN*2+1 */ int install_directly; int is_script; int is_partitioner; diff --git a/parser/parser.c b/parser/parser.c index 60f979a..0d5f03e 100644 --- a/parser/parser.c +++ b/parser/parser.c @@ -452,6 +452,7 @@ static int parse_common_attributes(parsertype p, void *elem, struct img_type *im get_field(p, elem, "install-if-higher", &image->id.install_if_higher); get_field(p, elem, "encrypted", &image->is_encrypted); GET_FIELD_STRING(p, elem, "ivt", image->ivt_ascii); + GET_FIELD_STRING(p, elem, "aes-key", image->aeskey_ascii); if (is_image_installed(&cfg->installed_sw_list, image)) { image->skip = SKIP_SAME; From patchwork Mon Dec 4 10:05:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871479 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=UqgIk63h; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=cYvMLq3I; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::33c; helo=mail-wm1-x33c.google.com; envelope-from=swupdate+bncbdy5juxlviebbkgjw2vqmgqezc3cuii@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wm1-x33c.google.com (mail-wm1-x33c.google.com [IPv6:2a00:1450:4864:20::33c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK7w6QLwz23p8 for ; Mon, 4 Dec 2023 21:06:36 +1100 (AEDT) Received: by mail-wm1-x33c.google.com with SMTP id 5b1f17b1804b1-40bd5ea7aeasf13303655e9.2 for ; Mon, 04 Dec 2023 02:06:36 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684394; cv=pass; d=google.com; s=arc-20160816; b=zFsgbyRYYqGFwmMrYefAfnNyG74QgxpI4QzYHAZFD0NFGohxz8NKJ4ktM929XxLuiA wa7BPuLXpZ9sxo4w+P7TuEHqOtMSaRI2Gu2yIzOAsbyEqetHgpBNEgrbpGEA/+lU3fUs pRimgFpXqR9SleZei3oi1yJ/R3/nrpuZbAPGEBsXuDlnGBM8hNw15Rz7SI2dxAxot3yF 8L8zv9VA8vjkNBVRLQrPDj0GOv3DOmEDAplJnu0Vrs4St5gGQV7jzNVHdTXKYbeDlWht UIFt9Swk0d/OGHCdA1n2VaCHnmZYRLSXnQ/i44EAJJ69vwm5zqTjPLWOtl775q+0RzH7 HeLw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=vamrDivdBCux1pQ1ZoodkPs0AjRcAEDvVfpTnJRr2zw=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=zGaWbEVOVKZtQrdBFb2d2KAQooLtWis7yJJG/zhiIGC6DLijopNONvcJwJkjvDiqqC T3BZd8xHVpMLHgH2CGZjyX2szAbUPTc0KSA6v7+JbswyL4XgHeiiorm669l5yDxaMyEH 36zbFFnkXzT5wjHrymkydRz+L+wMr8u+lPHGlPAM/4OhmSXz1ey0dDDXdOIxTKxe7PzL 7W9fGCvEYOhrffIufZOvGJbAFjPqicoKsosycpXZpf/GDRsjhQzh/8900IlFcka/MSu7 mrs0yJF3QBL5FdWYBRkqP80pan6i3sQRUBOSe09G9iwFTzwwNjAlxCabIE6wF3cXX1HV 3jrA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=b6nhsoAz; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684394; x=1702289194; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=vamrDivdBCux1pQ1ZoodkPs0AjRcAEDvVfpTnJRr2zw=; b=UqgIk63hEhzukKnMVY97as9JN0R6asxhCV3AkHzUkC3WqZJRQkMEFVaoopXWR6gpeO HiP3WOCqZVH8/P4p9RVizroWvy9CBOBPzFnrOrsYWbcyyO9zxu+GZ6NHDhdq0Hdpmk/r PQkCyVVotVWVxpMfS8WcRFwIU2J61DNLHTxPjfFtD4oL0q+cpL6zg9YGSc9jc7FJz58N ZQZxnWEkaVBS/+QuB54j9J+kmkYj5GAXcYkpWrUjGAJoPkx0FZMopK4AFCp6AFCMjA1Q zk0r9YrJhIzyAGAlJK7WXugNVIs4+tl6MO+OnoljpZuU45VeINTm3XjYK0vBu/ZgkO4J LdAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684394; x=1702289194; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=vamrDivdBCux1pQ1ZoodkPs0AjRcAEDvVfpTnJRr2zw=; b=cYvMLq3IVdBBr+YKeF6j8uerXkawki89Zm/20O/Wor0hCOFqd48FceskADKgzv4vZQ yTM4w1jkqmRzmF+zhzTV8mblwE65nNHLZxA7OCuGZ4QnnjJnox2EcB1YJA/MiQzkZzFH I/uWhSVxLZjh2lJqJT3QDtEHd5m0cFoOV0bfzL8LGHResK6G9G3grSOZAbq5q2oAi0n5 oIwdkArvpufcr0wjTHgYAKcExA09+vfi2U/FhNI4c3PPFYbD+M/YJJNI7MBiQz9ERXCo efWklEv9DLnT3t96+tq4Bcscuhv/JQyxsg9zAF8FCJeQBkKYHrFsXju3YVSwSM5//FWU VCgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684394; x=1702289194; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=vamrDivdBCux1pQ1ZoodkPs0AjRcAEDvVfpTnJRr2zw=; b=vj6WOMlCKpyyXmdf8pLhDUAkScWw0HjNDTcAuDrFg38OGt0YmPr/u2N55XgNliNqQL pvGIqWIf+BLmge1useeBlCYTzpavBQDbuFvhpUSQWUGDvPmyQRrYIoUuagAFq04+WMNZ CMe0crsuHYDhtzMEKqzYxQqtSLy8s4IOQJWtw4J6WXoRGPXe4anSoUufn1UpSqF+NBVO taeFJUnnU6W9J6HtOPla535rq5Im91cRE1A4FkoNzHnsUvRrTEeFbWZWGBsK5sY/8fWH ZxyKimbkWYvn3VDzMxCT0P69gXNznGqMNPWTFc6HPzVR9K8PLQD25e6MeNLYP0Ku+ywM LXTw== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0Yy+5FpG9jjGbo6u7KMS1Z0YdzvvzXW9foalHTZFcqtmy1qkyzIn IP289QBmHx/HdISYz8kuSew= X-Google-Smtp-Source: AGHT+IFGDl+AU8vHx3XycOQlIGWb9Vtq6JhV5R+pg/G23HtNofmvxn8fGPGT0qyGBxo0eyjG0Xx7DQ== X-Received: by 2002:a05:600c:3c95:b0:405:4a78:a892 with SMTP id bg21-20020a05600c3c9500b004054a78a892mr2653413wmb.9.1701684393019; Mon, 04 Dec 2023 02:06:33 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a1c:4b19:0:b0:40b:33a9:fb68 with SMTP id y25-20020a1c4b19000000b0040b33a9fb68ls818605wma.1.-pod-prod-09-eu; Mon, 04 Dec 2023 02:06:31 -0800 (PST) X-Received: by 2002:a05:600c:1c11:b0:40b:5e22:95a with SMTP id j17-20020a05600c1c1100b0040b5e22095amr2779979wms.73.1701684390727; Mon, 04 Dec 2023 02:06:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684390; cv=none; d=google.com; s=arc-20160816; b=ec7W7TJxVPr7LVRS/Gvs4YsaRt8Jtskcuv1dPJ6O2hFzkZtrDMMau1OaCZwvZnDj1y MrOS4YjyIwtczI9Ve477T4edaKht2ZT6Im8DVlFe5HPQPbUOO+fCY3h4Kx8fTDCrYb3C 5EiA3KEQlgXrsCokJE/i2CxBqn0SdR3G/6mSt+ey0wVq0+0S0907I63+YjjLos58yzWE 34pLSr7nXx6nkq/rNJxr/RoRszVXoQIERK9aKBia3ksWUYjI2UkPAJRlY5wxWgQsuVdU shXnFhbESFD+7E1VsfdB09o45UgHVp0UGBVFSK9hsoBjrwckPRlIUJIgiAxMuGExXQ5o efsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=8Vx6yh50WuxtkJ0z6n7xI7nKRYyVR9Yg78MtwrVJjCE=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=CPSxdJT2WHc681GsXEIm99+2KhP+DQd9y/djQ9HU/pr8SWXD1GxPKZ79mu+i7d4U6+ blCHROkDFVPCIhYVQ85N/ZdiiM1iCZPIow09KpqfC2uU5A/3b5t08ZsiZtuFptW1l0yA pQeOdKUo8EqY6fQL96LfeNIvbV51kFQ59R/NHeXubIGS8C5ii0OKqausKMAwykS86n64 A4lPBapC/EF6I8h58j7iSPSPN5rNJBn2oUhDbCcVQKneHUSUpPYlbFjVHnFXHrITz77b kbIbq1aQkkbmOrzlaYsx+sA78H2/1pouFTvtfRugvpIvxWqDfSTsL2LEhWpc4yJt2rWN M0nA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=b6nhsoAz; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com. [2a00:1450:4864:20::630]) by gmr-mx.google.com with ESMTPS id hg10-20020a05600c538a00b0040b347fc761si561162wmb.0.2023.12.04.02.06.30 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:30 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) client-ip=2a00:1450:4864:20::630; Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a1b03886fd7so160042566b.2 for ; Mon, 04 Dec 2023 02:06:30 -0800 (PST) X-Received: by 2002:a17:906:dc:b0:a11:2ad2:6563 with SMTP id 28-20020a17090600dc00b00a112ad26563mr3721948eji.26.1701684389658; Mon, 04 Dec 2023 02:06:29 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:28 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 05/10] sslapi: Add priv key/cert to swupdate_digest for asym decryption Date: Mon, 4 Dec 2023 11:05:37 +0100 Message-ID: <20231204100620.27789-6-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=b6nhsoAz; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Michael Glembotzki --- include/sslapi.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/sslapi.h b/include/sslapi.h index 0dce615..de86695 100644 --- a/include/sslapi.h +++ b/include/sslapi.h @@ -108,6 +108,10 @@ struct swupdate_digest { #else EVP_CIPHER_CTX *ctxdec; #endif +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + EVP_PKEY *rkey; /* recipient private key */ + X509 *rcert; /* recipient cert */ +#endif }; #if OPENSSL_VERSION_NUMBER < 0x10100000L From patchwork Mon Dec 4 10:05:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871480 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=l5xz3AkF; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=A+YFtXUJ; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::23d; helo=mail-lj1-x23d.google.com; envelope-from=swupdate+bncbdy5juxlviebbkojw2vqmgqe6xn5y3a@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lj1-x23d.google.com (mail-lj1-x23d.google.com [IPv6:2a00:1450:4864:20::23d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK7z08G0z1yST for ; Mon, 4 Dec 2023 21:06:38 +1100 (AEDT) Received: by mail-lj1-x23d.google.com with SMTP id 38308e7fff4ca-2c9f975784fsf9602421fa.2 for ; Mon, 04 Dec 2023 02:06:38 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684395; cv=pass; d=google.com; s=arc-20160816; b=yahhBpJh3TJxEmM1oN86foezPpnWqXQVH3+3dPa3O7ngstvJqhKeSXVwWqpipaDE8g ibois32jzCb+JdzjVaPvf4d1fm6Y3+qgvu9gqfiS+pE3o0ZXC2oAiuALND7NMVEAZ2m+ DiE9s3oaMbigIpC/lvGWvGMPpfrBB7f7e3NlW2TcqtfZv1zja+JBGsCo8smvxzWzFlm8 Jk3IOkq1wKSRREXwNtQjZNIzuywUxcuBnkeAh0qFRyp2l+CXXfud08CfvfIQiFSvLn3Z jKVt4qZKTwVLcoxIUDHjG/uhbdCcaKTSRZQ928n79kGtIKlUSJFnaz0WbQuZuGwk6IEF tjUg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=AoWzXQ0Ga/uCUjwQYRlaYgVoJa9qnQKoRGrwsjCVKcc=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=as0rIHXtLIC1Xw/NNIIGiO7Ef+A2H1W24N3aECaOJBe6+mWpWC8BdljYC7bjrdvRvF 5smqzTCrrfw/RSmoAZMgqNRUahOBXXhz0yK6B9Jyky208G8Av4jCluMCjcHopMckradH aPyqu5jwgAoL5BJN+LjXgewYg/cysf2xkVJb1BAg0Qt8DGdyUGtmIWisOlv3RndoWIcH kbyUIcRNvAJDeXcx0OiI32YmMcV2lWw60K4+SJoHJl/XHgnTsTJO5qSieUJY9jrZadMa QKvgGSEOfTN2MMVl/DoySUbYyS9uwJiJAmlXuPNZnUbvPN5aim4+EgIXw493P0l24/WQ 9q8Q== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Dr0MIpZE; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12d as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684395; x=1702289195; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=AoWzXQ0Ga/uCUjwQYRlaYgVoJa9qnQKoRGrwsjCVKcc=; b=l5xz3AkFvK+rYxq9nz6kR8MpR7oUOLx/7xIrZl/o8biSE3EpeyooWAVE1QITgmY/ph 8H4OXGW9VMDNBz6x/9AjFqdiyU2JqWyzXo0jutfGilaJBw5F2E7ARgQfpoGQb01SoXma MamThXiR05U8PwGSeipqLgBAxZm/we1+UlZCw45wbVAQJRvHBP5gs6zXaLiCl4FSf1em gedSrkTQZWoaonXtcPoS6t3FW4WLGH1z6xB1+ZxpBh7a0X3gdZyB95THqnr35xmYyE9Z UaLREocKQtNCjGpNAPxEshAd9Xw8CY5rt+t3aebMu6KYtK06+PdQ91gPVcpjpl/cQOkX HH4Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684395; x=1702289195; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=AoWzXQ0Ga/uCUjwQYRlaYgVoJa9qnQKoRGrwsjCVKcc=; b=A+YFtXUJ1iGtCcXIWIFR0PFbgGFs73mjqybjjOk+vas5TRCaKMaNoV7Hlu4AGP081C tlR7l6YhwmD54w1OrqcdpBfSe/I7nSe8wHC1Pqt7sSU6yCLgO+1Lk0I5IDeFSRBRANUK HWEMr8+5M50I+AA8dLlPMS/qj+t+BPQ301nWiwMHw3TnUqtVkkiAi8W7CqzH82pmf3hR Iln9hVoQSMHEr+YBMgt8fz+Z/Z1d2bTaja6K0BUS7ExXMEffuPzORepdWZv81s9pWKje goV2zI8SsQlSZGzYH9RTXDIUz8UeZbjR6Rt3DRk3WsS57WIN3SEK9ifwcSiC56Tzzcya vXfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684395; x=1702289195; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=AoWzXQ0Ga/uCUjwQYRlaYgVoJa9qnQKoRGrwsjCVKcc=; b=Bzy5WgsxqrCLRRRg+QM6sK8x4FivbdGXpbobu1q/sNRnSclnlcJENWnyGkKpHvLNLj ijfoUsRETYJ6QAbve8otGYTd2wj9p8GHImGHKQSmmkVnhijx0GlCBNn3fpUncDiqiFLs Dh8PRtB/oB9eZbuVBvPKoUeSRoaLWtNKXcGwU4EmmdoXPT/vO4MzPtOpFd8/k2Gek/VP TThBDaJ4+85gc1vD2Tgo3XQPf4sotMAcQV8UFrXbEzrZ6BmekRF6AULrDdFKTkiXmPe+ kynO2ppoV3/KEHdyMh/ujvQOKILe8rVSF59WFbbj3gk0XF2oVTb/+kT8q0bWysh6HjtP 56Ow== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YzZZMPcpGYIdNQ4ULF0jojIVAh3bFzDCv1kFPinmUZctImrCTOe 3unaMHzbVLzi6VbSU+dlPhE= X-Google-Smtp-Source: AGHT+IFDiTRu3WSeHmyycDgx+93zLlOsJh96fSZoTz+YGfIANGd4Mv7Ny+EFZy/7kpZScBdF3RmPKg== X-Received: by 2002:a05:651c:b27:b0:2c9:c6c3:444c with SMTP id b39-20020a05651c0b2700b002c9c6c3444cmr3341116ljr.16.1701684393636; Mon, 04 Dec 2023 02:06:33 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a2e:bcc3:0:b0:2c9:c5dc:451a with SMTP id z3-20020a2ebcc3000000b002c9c5dc451als181567ljp.0.-pod-prod-07-eu; Mon, 04 Dec 2023 02:06:31 -0800 (PST) X-Received: by 2002:a05:6512:743:b0:50b:f0b2:70d8 with SMTP id c3-20020a056512074300b0050bf0b270d8mr791365lfs.101.1701684391284; Mon, 04 Dec 2023 02:06:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684391; cv=none; d=google.com; s=arc-20160816; b=MGq7o+/ptKOvXTGqGETRxOrS9/DLrTaEMhEGzw+Eh70AEt+oAhIU9LzfgLOp71oFK6 MiUIdPRN8B7FDlMjyER2ukqADUwnLy7U1Xa0UMXm+JIULMPfe/o8DvQ4cxYQKXRyYCVd kVpvvq05ITSEqZWNL3/2sCAbhRX6I1utZmUzB+doFa2uXkvQ1zCuKPUMNWUuSCSc6IVp 1CqCBmwzM/R6NyP2XetlhqUMVUublUzi4sVHQkeXS63+PCHc9bsyVxNIwilx2PnycQDj GtNzxFRSxn7xt/achtVuTt5s2IgpAc6ZO1Ty4gWWDI4NM3JhbBVz3uozYjsdnvbQlbgJ s9eQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=hL8cK+tr1S2RJO257uxfSfvnLFrtloFkPLcC1QEnT4Y=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=emj3PG+htPC/q20jmE9iaJqyK/RAXvmDuvU7K+GzjsncwiG/xIelxfgm1dbvs3kGhb CCvawV6zcCCNEdXNYyljJGGP9NR6OeRfp7W+hUsl5ihT0O7PfnFdiv+t5kaBIpn+1o/b qhW93CgLrd6oSAP+SFeFKDI4bQ3NfInzJ0L1sW+30THJZ4b5QaUd9VyTzex9g51jOsmi cWV+EMMQYueVveJo8HF1Ih6p8c5KnaKLDBD/FNj7TZ+7PkpToOIos9tS7hWhKjw9BAAF TKRiGwtlFpv51usdv/iuzk/MkyILCTpmdZeQBlRY08bVOTYZ3+vgXlm2oGDNF118Hby6 eeQw== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Dr0MIpZE; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12d as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com. [2a00:1450:4864:20::12d]) by gmr-mx.google.com with ESMTPS id o12-20020ac24bcc000000b0050be62d2e04si261727lfq.7.2023.12.04.02.06.31 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:31 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12d as permitted sender) client-ip=2a00:1450:4864:20::12d; Received: by mail-lf1-x12d.google.com with SMTP id 2adb3069b0e04-50be3611794so2367519e87.0 for ; Mon, 04 Dec 2023 02:06:31 -0800 (PST) X-Received: by 2002:a2e:9b8e:0:b0:2ca:ad:8811 with SMTP id z14-20020a2e9b8e000000b002ca00ad8811mr684932lji.57.1701684390319; Mon, 04 Dec 2023 02:06:30 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:29 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 06/10] Add support for asymmetric file decryption with CMS Date: Mon, 4 Dec 2023 11:05:38 +0100 Message-ID: <20231204100620.27789-7-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Dr0MIpZE; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12d as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Michael Glembotzki --- corelib/Makefile | 3 + corelib/swupdate_cms_decrypt.c | 112 +++++++++++++++++++++++++++++++++ include/sslapi.h | 5 ++ 3 files changed, 120 insertions(+) create mode 100644 corelib/swupdate_cms_decrypt.c diff --git a/corelib/Makefile b/corelib/Makefile index c9ca4aa..06690d8 100644 --- a/corelib/Makefile +++ b/corelib/Makefile @@ -18,6 +18,9 @@ endif lib-$(CONFIG_SIGALG_RAWRSA) += swupdate_rsa_verify.o lib-$(CONFIG_SIGALG_RSAPSS) += swupdate_rsa_verify.o endif +ifeq ($(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION),y) +lib-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_cms_decrypt.o +endif ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y) lib-$(CONFIG_SIGALG_CMS) += swupdate_cms_verify.o endif diff --git a/corelib/swupdate_cms_decrypt.c b/corelib/swupdate_cms_decrypt.c new file mode 100644 index 0000000..5af2508 --- /dev/null +++ b/corelib/swupdate_cms_decrypt.c @@ -0,0 +1,112 @@ +/* + * (C) Copyright 2023 + * Michael Glembotzki, iris-GmbH infrared & intelligent sensors, michael.glembotzki@iris-sensing.com. + * + * SPDX-License-Identifier: GPL-2.0-only + * + * Code mostly taken from openssl examples + */ +#include +#include "swupdate.h" +#include "sslapi.h" +#include "util.h" + +int swupdate_dgst_add_recipient_keypair(struct swupdate_cfg *sw, const char *keypair_file) { + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + struct swupdate_digest *dgst = sw->dgst; + int ret = 0; + + if (!dgst) { + dgst = calloc(1, sizeof(*dgst)); + if (!dgst) { + ret = 1; + goto err; + } + } + + BIO *tbio = BIO_new_file(keypair_file, "r"); + if (!tbio) { + ERROR("%s cannot be opened", keypair_file); + ret = 1; + goto err; + } + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + if (!rcert) { + WARN("Recipient cert not found"); + } + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + BIO_free(tbio); + if (!rkey) { + ERROR("Recipient private key not found"); + ret = 1; + goto err; + } + + dgst->rcert = rcert; + dgst->rkey = rkey; + + return ret; + +err: + if (dgst) { + free(dgst); + } + return ret; +} + +int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, const char *outfile) { + BIO *in = NULL, *out = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 0; + + if (!dgst || !infile || !outfile) { + return 1; + } + + /* Open CMS message to decrypt */ + in = BIO_new_file(infile, "rb"); + if (!in) { + ERROR("%s cannot be opened", infile); + ret = 1; + goto err; + } + + /* Parse message */ + cms = d2i_CMS_bio(in, NULL); + if (!cms) { + ERROR("%s cannot be parsed as DER-encoded CMS blob", infile); + ret = 1; + goto err; + } + + out = BIO_new_file(outfile, "wb"); + if (!out) { + ERROR("%s cannot be opened", outfile); + ret = 1; + goto err; + } + + if (chmod(outfile, S_IRUSR | S_IWUSR)) { + ERROR("Setting file permissions"); + ret = 1; + goto err; + } + + /* Decrypt CMS message */ + if (!CMS_decrypt(cms, dgst->rkey, dgst->rcert, NULL, out, 0)) { + ERR_print_errors_fp(stderr); + ERROR("Decrypting %s failed", infile); + ret = 1; + goto err; + } + +err: + BIO_free(in); + BIO_free(out); + CMS_ContentInfo_free(cms); + return ret; +} diff --git a/include/sslapi.h b/include/sslapi.h index de86695..0330b31 100644 --- a/include/sslapi.h +++ b/include/sslapi.h @@ -221,6 +221,11 @@ UNUSED static inline struct swupdate_digest *swupdate_DECRYPT_init( #define swupdate_DECRYPT_cleanup(p) #endif +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION +int swupdate_dgst_add_recipient_keypair(struct swupdate_cfg *sw, const char *keypair_file); +int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, const char *outfile); +#endif + #ifndef SSL_PURPOSE_DEFAULT #define SSL_PURPOSE_EMAIL_PROT -1 #define SSL_PURPOSE_CODE_SIGN -1 From patchwork Mon Dec 4 10:05:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871481 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=QtidfrPG; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=A1bxFpji; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::13f; helo=mail-lf1-x13f.google.com; envelope-from=swupdate+bncbdy5juxlviebbkwjw2vqmgqe6dv7zhi@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lf1-x13f.google.com (mail-lf1-x13f.google.com [IPv6:2a00:1450:4864:20::13f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK7z0KT1z23nk for ; Mon, 4 Dec 2023 21:06:38 +1100 (AEDT) Received: by mail-lf1-x13f.google.com with SMTP id 2adb3069b0e04-50be79e7f71sf1007478e87.2 for ; Mon, 04 Dec 2023 02:06:38 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684395; cv=pass; d=google.com; s=arc-20160816; b=f/YITZZORG5tQL91D9i0E7ddJA6Th3Ct6rrBTff0I9Y8ob5gGB51SGuAzcTUGSJI+w 9KVhz0cL71SBheh9WwPBvKq3zP3OVFyn2fT7eeg5T1OGANQV+qSTJ1MTaq3i8akT52BE 2wanMnYcG2dx4zLDEZ2j9XU33x5hSJ0Rvt+wHAXLOHvh5koNeEmkRA9Lff+fec/ajBGK NZWFFixtwVFqrIyG1SXJ/qmuDarn0Pgtzoz8PcKeU2hMP0jL7rg/WFIE8KEcHE/sqiPR +b7jqDjIBSaVYOh+0Bjte4rHaZGMyusZy/Xy2VImWK3OmpbFa/KpMrk8SEMYdtiF5yJS QGPg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=DBL1Q1gztfR0nwOp/VxFASbziwHXEiNYN7zZ87HAdR8=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=zUdUqlUWpO4yHuKY0RsTykVeB2AGSAmR9rLaLwOvCocgaEtDGT3eOt13zWtYEAexaH 4r67ANU16v5EO/Kj56VUzoRX9daPXueVeHlsGvy9MnVwkM5lbmi9bBqgnUz3NHCZTKYA vp1bDUNS1ect33TquCpkgvvZss9OemiO6WoRXeKrjxmu5o117DXmVPb0sNOjSczwcYZH qX4UtGKczoSp4/ggBjCkJVRQcw2uIMMXeOC/3a365BesjIWhMifIaV0rGwOa4NbMD67z RnbIYK7jyMC5KceKgQbJ+Seh1RgnlOS44QintiziNUDnoYy5V1+G+uzLbK4TR142QAYu GddA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=dNv3CO73; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62d as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684395; x=1702289195; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=DBL1Q1gztfR0nwOp/VxFASbziwHXEiNYN7zZ87HAdR8=; b=QtidfrPGdV+HBtivBimH74P80BZJaB2SW67BymEu5fOJIiHlM60YRR+ldvG1Obdeke DcCfA7VvAqf2r1qooL/nSbDkayLY07KvvZs7l4rzvoQFiq9wTxj/s4IAB5vYOXtt2gTg n0EXSG4m3mmxh+Ng3ph03oZSWzLmhedvr2rcbl5WP4JetFwVEm014IWL1NPoEZhoP3HP vjfNhgIXuCSYmocIYTP7KgDRMdvC8Sf+M7eqcBO7cshUgYgO6wNiOwNm40rDGA0Hr0rY qfHA4N19WcwXvCkqvutRkhrUEQ2zneW8ZqjLQG5w39i48mqm8OM1lipj4H4P59kQiqfN rCPQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684395; x=1702289195; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=DBL1Q1gztfR0nwOp/VxFASbziwHXEiNYN7zZ87HAdR8=; b=A1bxFpjildgTRKF5p5f4jInbA/nggbo2PLETC2Qo2ZYiag+IMzNt5pgQWGKWeVFLkK YIPoaAKkWHOXc+N+yetJuSrGIiIluAKLrNRv13O3MHZRl6PU5kbFgXSoh7HSpXTKyGzE 7cO3pkV3GCKFjvNSBzdUFg+TIR6rlsDenSgWM0KINnIjS0p2m6rhWEMNud15FayOGFb+ Ik/ylAR+TZykhVSCie3bxZY/Mm8ejcGyYKhhDBqo3cIGhgDaUco956mMWR2dXj7W+scX e66R/9gQeasa4ATkdDDUq5yA1D2foOMaR9iZ0yk47rgc7XIoZ5xVNeElR01+zLWlbh5R jCfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684395; x=1702289195; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=DBL1Q1gztfR0nwOp/VxFASbziwHXEiNYN7zZ87HAdR8=; b=sPBeLQOl6EjllONAaPfwI7GM3Ljl3POU4Fq+v1j55HUnpHya7qA1LZxg3FxUv2z3BG bpFIgH0NEbWmAJjQMZsGH+Apu0u8hs+FAnkdKe5TR3mUzOD8iQv06FDiVTb6Ic/jAkWP 2wiSX1vDbr5ECKGFFUioQfScUUImUHARwZY8PQLjSjQt9MVKid31+nnUUAo9iGvgCiFW Hdv1Thyr5sU24cObhs47eNzU7YgiUjVecSS/yyFN+8hY5c6bi27OKxCAuCbiDPMRfpoF a0GHpD11wS/1meuk8csTxzl97MSneN0Kt4BGdXd/OirgbNmqMm2XfM/i4UAoTS5vpc2g 6p/A== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YwE/CQN8PtOVA10eHaytGdsbcB7Sjmqde09eLOJHq1/5oeEY/K+ VSnHcwJXU8hTv+WhC0OlRBw= X-Google-Smtp-Source: AGHT+IHHPBYB3kxLaHT+tv4GAME6gP/Y2inxg7rkxYF8smaH72Y8gKWZfRgYiL3ZPNdzThU/dG+HKA== X-Received: by 2002:a19:ad42:0:b0:50b:fd53:1706 with SMTP id s2-20020a19ad42000000b0050bfd531706mr244410lfd.138.1701684395119; Mon, 04 Dec 2023 02:06:35 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:6512:e95:b0:50a:aac1:d1bf with SMTP id bi21-20020a0565120e9500b0050aaac1d1bfls39596lfb.1.-pod-prod-01-eu; Mon, 04 Dec 2023 02:06:32 -0800 (PST) X-Received: by 2002:a05:6512:2347:b0:50b:d763:fe47 with SMTP id p7-20020a056512234700b0050bd763fe47mr3330753lfu.98.1701684392140; Mon, 04 Dec 2023 02:06:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684392; cv=none; d=google.com; s=arc-20160816; b=NIg9Cl+87jKJQN2QPtbGb823EC4IZTYmL6pyQt0BBKvmmC9a7Whxxaj7Gj30IRngXs DIJ4AhVADj58dkNITKsxHDAyEBWXRyCJ4YP9iI5YGbij7S2taRJ427iSiQPkSqn1h/3+ LXE91ekA1J4i5cemII68Wx0fY3mThJh0+ejsJGsFCm/jsKS6tJNPBnnsH63RcVOSfzPN UH7c0DF1z/rogLvrDJ4c9u5eKYHCo9DvHvruZBL2huGDzDhsGnwho/Ge2Oxca5TscgD1 wnDbS7wCQGCgD+xPk25aJDgFp3jgpApWDqm7oVhnN9JkGWPf4MDskFMb83r0Jns7gR2h PZOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=D0fITVUykwtwGQmkJriUJLGWk0GcMDObuZo1TjgMul0=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=i2h1deOM/FzG4giwlTeFj+3F4V8B8xpp0SWkiMZ5bLtmDmAyCjovfJDxt39OgLO5L5 Yvkt6bTO33Nb+F68tUS8EwFzFl/47rCkY+UbQCZJYKmXpIbQTSrhhI3hOLMyIirzZRqB aEXsbjiV1tzYbsFSstN12hxHHKsjsK2m3AChl4EVFka658Du1P9NHgAiXWv9K89wU3qv rbhylaFTWxFRXj42MVd1ytAyIVlqPnjD0F/gonATegAh3Dd3w0tQzpDm63ggiaXsEIpP HhwfPZqiIMDlYRFoucHg5xEECQvgG1L3QTBj/z6lWC/Vhqy4inqE+kmfuEumtKy/9nRL 76+w== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=dNv3CO73; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62d as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com. [2a00:1450:4864:20::62d]) by gmr-mx.google.com with ESMTPS id dw25-20020a0565122c9900b0050bfb2c1afdsi57694lfb.11.2023.12.04.02.06.32 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:32 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62d as permitted sender) client-ip=2a00:1450:4864:20::62d; Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-a1b6d183fb8so101507566b.3 for ; Mon, 04 Dec 2023 02:06:32 -0800 (PST) X-Received: by 2002:a17:906:20d9:b0:9d4:2080:61dc with SMTP id c25-20020a17090620d900b009d4208061dcmr3093503ejc.22.1701684390968; Mon, 04 Dec 2023 02:06:30 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:30 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 07/10] swupdate: Initalize the recipient key pair for asym decryption Date: Mon, 4 Dec 2023 11:05:39 +0100 Message-ID: <20231204100620.27789-8-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=dNv3CO73; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62d as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Add recipient key fname to swupdate_cfg for asym decryption. Read and initalize the recip-keypair from argument -r or configuration file. Signed-off-by: Michael Glembotzki --- core/swupdate.c | 44 ++++++++++++++++++++++++++--- examples/configuration/swupdate.cfg | 3 ++ include/swupdate.h | 1 + 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/core/swupdate.c b/core/swupdate.c index 6f9938e..5e03846 100644 --- a/core/swupdate.c +++ b/core/swupdate.c @@ -101,8 +101,11 @@ static struct option long_options[] = { {"forced-signer-name", required_argument, NULL, '2'}, #endif #endif -#ifdef CONFIG_ENCRYPTED_IMAGES +#if defined(CONFIG_ENCRYPTED_IMAGES) && !defined(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION) {"key-aes", required_argument, NULL, 'K'}, +#endif +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + {"recip-keypair", required_argument, NULL, 'r'}, #endif {"loglevel", required_argument, NULL, 'l'}, {"max-version", required_argument, NULL, '3'}, @@ -162,9 +165,12 @@ static void usage(char *programname) " --ca-path : path to the Certificate Authority (PEM)\n" #endif #endif -#ifdef CONFIG_ENCRYPTED_IMAGES +#if defined(CONFIG_ENCRYPTED_IMAGES) && !defined(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION) " -K, --key-aes : the file contains the symmetric key to be used\n" " to decrypt images\n" +#endif +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + " -r, --recip-keypair : path to the recipient keypair (PEM)\n" #endif " -n, --dry-run : run SWUpdate without installing the software\n" " -N, --no-downgrading : not install a release older as \n" @@ -310,8 +316,14 @@ static int read_globals_settings(void *elem, void *data) "public-key-file", sw->publickeyfname); GET_FIELD_STRING(LIBCFG_PARSER, elem, "ca-path", sw->publickeyfname); +#if defined(CONFIG_ENCRYPTED_IMAGES) && !defined(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION) GET_FIELD_STRING(LIBCFG_PARSER, elem, "aes-key-file", sw->aeskeyfname); +#endif +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + GET_FIELD_STRING(LIBCFG_PARSER, elem, + "recip-keypair", sw->recipkeypairfname); +#endif GET_FIELD_STRING(LIBCFG_PARSER, elem, "mtd-blacklist", sw->mtdblacklist); GET_FIELD_STRING(LIBCFG_PARSER, elem, @@ -497,9 +509,12 @@ int main(int argc, char **argv) public_key_mandatory = 1; #endif #endif -#ifdef CONFIG_ENCRYPTED_IMAGES +#if defined(CONFIG_ENCRYPTED_IMAGES) && !defined(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION) strcat(main_options, "K:"); #endif +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + strcat(main_options, "r:"); +#endif memset(fname, 0, sizeof(fname)); @@ -656,12 +671,19 @@ int main(int argc, char **argv) strlcpy(swcfg.maximum_version, optarg, sizeof(swcfg.maximum_version)); break; -#ifdef CONFIG_ENCRYPTED_IMAGES +#if defined(CONFIG_ENCRYPTED_IMAGES) && !defined(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION) case 'K': strlcpy(swcfg.aeskeyfname, optarg, sizeof(swcfg.aeskeyfname)); break; +#endif +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + case 'r': + strlcpy(swcfg.recipkeypairfname, + optarg, + sizeof(swcfg.recipkeypairfname)); + break; #endif case 'N': swcfg.no_downgrading = true; @@ -842,6 +864,19 @@ int main(int argc, char **argv) mtd_set_ubiblacklist(swcfg.mtdblacklist); #endif +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if (strlen(swcfg.recipkeypairfname)) { + if (swupdate_dgst_add_recipient_keypair(&swcfg, swcfg.recipkeypairfname)) { + fprintf(stderr, + "Error: Recipient keypair cannot be initialized.\n"); + exit(EXIT_FAILURE); + } + } else { + fprintf(stderr, + "Error: SWUpdate is built for asym encrypted images, provide a recipient key pair.\n"); + exit(EXIT_FAILURE); + } +#else /* * If an AES key is passed, load it to allow * to decrypt images @@ -853,6 +888,7 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } } +#endif lua_handlers_init(); diff --git a/examples/configuration/swupdate.cfg b/examples/configuration/swupdate.cfg index 8b8a6b1..8e2c8cb 100644 --- a/examples/configuration/swupdate.cfg +++ b/examples/configuration/swupdate.cfg @@ -25,6 +25,9 @@ # aes-key-file : string # file containing the symmetric key for # image decryption +# recip-keypair : string +# file containing the key pair (private key and cert) in PEM for +# asymmetric image decryption # preupdatecmd : string # command to be executed right before the update # is installed diff --git a/include/swupdate.h b/include/swupdate.h index c1f86b3..cdfb971 100644 --- a/include/swupdate.h +++ b/include/swupdate.h @@ -57,6 +57,7 @@ struct swupdate_cfg { char output[SWUPDATE_GENERAL_STRING_SIZE]; char publickeyfname[SWUPDATE_GENERAL_STRING_SIZE]; char aeskeyfname[SWUPDATE_GENERAL_STRING_SIZE]; + char recipkeypairfname[SWUPDATE_GENERAL_STRING_SIZE]; char postupdatecmd[SWUPDATE_GENERAL_STRING_SIZE]; char preupdatecmd[SWUPDATE_GENERAL_STRING_SIZE]; char minimum_version[SWUPDATE_GENERAL_STRING_SIZE]; From patchwork Mon Dec 4 10:05:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871482 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=ZyEs542l; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=dMoHYoTo; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::23f; helo=mail-lj1-x23f.google.com; envelope-from=swupdate+bncbdy5juxlviebbkwjw2vqmgqe6dv7zhi@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lj1-x23f.google.com (mail-lj1-x23f.google.com [IPv6:2a00:1450:4864:20::23f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK8006hFz23nl for ; Mon, 4 Dec 2023 21:06:39 +1100 (AEDT) Received: by mail-lj1-x23f.google.com with SMTP id 38308e7fff4ca-2c9f9389c35sf7992881fa.1 for ; Mon, 04 Dec 2023 02:06:39 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684396; cv=pass; d=google.com; s=arc-20160816; b=faUgPEDYUXRecEGMw160a3HUtTxo4Rme9JLNVxPyA6Vi8GIS4OlrlkCaZFhRDLNrwi vSigK6xM7mSeSFxbHjT2v7aUFGHT0CqaPlPMb0lu1W92UcmjmiDaXiW3J0Ik0WpeZ9al oFeJIZerYBLOmewPE/sVMZYCWpG87o+eavsbeR8wx0aPWcFbuVb0teTZf9k6hzJ2lx7P +PpPe8LopwhiHisCpiILkSL8b1YKFsTX0f2ayUWlprs1xcj5Hu1sM//kFRsQC8LmJuO2 h132z0oXhoKPXZ4EvKaViYMuuH7lpKwccT2NCUHJV4WLR7F9Vc4pntZjuGgPBwVyJba/ 3IdA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=QIMvIUYoCzC8RgktA+96BJ5H79MFuqSFpUG8FME9kAc=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=TW4+Vsy3NpbQX/ihkMTuhwYbiYE8tVI0Hy4t0lco+u4t97VeFHpbieaLk24Cq0wsyF g8oMmCQKpSz5/FQjrXjB1RbGpJbMm0sYJTmROUZAZtPHVogrEU8LJNQOlDi/HmF1JnIE +XopSb2SHydEI6sMjowq2ySKzQioOT/j2jLjYM5CwGA3wXsswyOloemVBDJG1cG2oLyZ K0IwasDrHnsNfWYUsXi40wbKpqInuN5kv8kVbrAtOOYKgo50pZnIKMVR1JYiVBDzCy0k XMPmX567O7DYvk/+2Orrq5kPP358ICa7IGx0YYWFuE1aNW6QlvEtJs/uEn0OqAQlV2zx naIA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=MajbmvXJ; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684396; x=1702289196; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=QIMvIUYoCzC8RgktA+96BJ5H79MFuqSFpUG8FME9kAc=; b=ZyEs542lLvNWSAN4f2pLiMPlwsyRH+2Su5EfHraa7/fB9itR8WErvJbxMNlGUYiMVc H+GgrxNZZPpHdljRERjRaWykItv3jD8Jgn/k/NDVAXHLxQUbPigMzP46vEeXq1HPxy0h ACkRpohj7pp19hhMd6MFL+Fe9eEJJAbXTAXqZa5RxDh0c3b5MZ75Pm73BJKspPG/Qm1o vaKjuHNAuOxN8EQFAxV2o+leHVKjlKNx8wETmJuwMhdKXKZ7J/EmGUfgMOyam8jnU0Oj Ubv7wiWeW0wXf6cDMQ7SLIj5Q9x6Xj3WElR72eKyFu7KHu9cyOkA6y7VPs+ig4lw0g2V VyTQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684396; x=1702289196; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=QIMvIUYoCzC8RgktA+96BJ5H79MFuqSFpUG8FME9kAc=; b=dMoHYoTo2blf5YjoqkSEvUBtlrHMdu7mcPJYGXyjJYmx21pQ7Bc6wANHeyf+yzlcbn DW0ISW1tWo2/PqkI3ms9oQRHJ56BDL0dizy6pKJCCebCeIbKkVc+NClzS7rWAjLVuKRh AmGO/Us5B79G3lNr1lo45pyqQ1jo3Jb/pzYGTdGZyVUtmxU3CVSVFjY+Q/u1/mN07Tcu z8Dw2L0EdSnmRE1m1caXQ/a/mXEVsWE4Ala4og+W4I9S2LEvreIuzzjoyee5ivJmiy8f I02tHa7exBVAnan03muXcA/6JXQ9JclIsooth7IqopwiYDifxweVaFcDYM2k+KNn9vQN lamg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684396; x=1702289196; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=QIMvIUYoCzC8RgktA+96BJ5H79MFuqSFpUG8FME9kAc=; b=IQXcixEAkoI0K3EvVW7yt8dBJ/jJmndcZPQ92MFfOZfJ+THr2wf9PwGK8wMTgnfNlk +zS0zfwovvb5UxIqWmPPL60Q3xAxusUg9QZjdWhZH4qJagdSaRnp8CmsG+1iilsUvqNy 6JTeaoctkaso+bQUO/quecIOzyCs4rwmVsbAgMWKsjwC55qoYrhRFzaVDsZwe7kCv7jH k3WSAN+pyBc7kZXuix2gr9+ISjXZKzRgGH5Qgbxnlly5xHUQrabyyvZA9qGugqG9tlY5 PdqAb8ykhghzPryeJ3KuMzE/lYgDqZPGdWLvmoaXatzYVrB7FD2u0AZpeXuEKSTtEitM r7DA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YwAkE7+gYVNluvMdoeVwlb+XFZYJslwr31GzYH4OMT3v+d2NG8B 495LTQ/UU6Oet5uXNEI3qPg= X-Google-Smtp-Source: AGHT+IFEbZEvFpmPX0n2Xu77T5s6cnpqLDT7r4yJQ5WYB06MRHjUI4HQWfm/MIPuIoJ8yRT/TmVg6g== X-Received: by 2002:a2e:780f:0:b0:2c9:f94a:8aac with SMTP id t15-20020a2e780f000000b002c9f94a8aacmr618178ljc.81.1701684395222; Mon, 04 Dec 2023 02:06:35 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a2e:bcc3:0:b0:2c9:bc63:abcd with SMTP id z3-20020a2ebcc3000000b002c9bc63abcdls1391839ljp.0.-pod-prod-02-eu; Mon, 04 Dec 2023 02:06:33 -0800 (PST) X-Received: by 2002:a2e:a202:0:b0:2c9:d874:4b51 with SMTP id h2-20020a2ea202000000b002c9d8744b51mr2494450ljm.65.1701684392678; Mon, 04 Dec 2023 02:06:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684392; cv=none; d=google.com; s=arc-20160816; b=VasTybUMllEtDLdtKBuE/AnGQkMRztMlcJeZ5obXVocCgBE+YV+Nwf5tXISvq5Jmuy Ql04M19/kUI2/rmgsyxSPpJMwR1Omg12XAVhsl/O6oKov8+Zai7hWajj+OKnvigiTI6D AZgER7xpaAGyua7ZrfW5ctRNwNJZl/vbDZI11UB3WqdtFJXAjrgbsce53rvxyenozBzo Yu2ozjrUYfRvZsPyKPf9SecTN1tN5vvWCvzOYjicFJAU/50nrtJfJfZMdTHeP+53S3y4 VZrIVHc4quJytKIGxJMy7QVG9FDc3IiuKujCC106+tp8BT7LeQuy9GrfDgYL1jkkOxpj ShNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=es4kiLO8CPaPvzRP1fd5qa/rUvF6hXdpRoP9KHQGIIE=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=lItL81vuFKknZenCq7ZarWm91jLSplmmbCtWw1RXhY+a/jpyEfrWivGe83xu8/N+7T wfmYkNUxUCDFOIMCcT8NFqW/Vd+l5xMpwWBbrvXCFGiu3AO7Qp+z5zDabxEDt8aAQ5u+ UpCPjqmcxJXxNca3Q2Z+DXQ7i65wCXoFFm0MF2hhr220u3CHwjbjCYb/60Td3yZOz7yB p5UNBSeIk+Sxi9joTrUXCX7yhqsY2RjC7qPts2MlPidM3eWvwyFX1Q/ffMsPZS1mAnaE cheI7usW0L0+Adbetrpy1CkRcROe3wUDHYDkAJzi2bRor4cQUnWd8zHTKTgz6DEi6ygD RAvw== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=MajbmvXJ; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com. [2a00:1450:4864:20::62e]) by gmr-mx.google.com with ESMTPS id v23-20020a2e9f57000000b002c9f6a36a65si212878ljk.1.2023.12.04.02.06.32 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:32 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) client-ip=2a00:1450:4864:20::62e; Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a1b6b65923eso109849466b.3 for ; Mon, 04 Dec 2023 02:06:32 -0800 (PST) X-Received: by 2002:a17:906:8da:b0:a18:8757:fa79 with SMTP id o26-20020a17090608da00b00a188757fa79mr2063220eje.63.1701684391558; Mon, 04 Dec 2023 02:06:31 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:31 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 08/10] cpio_utils: Add argument imgaeskey to __swupdate_copy interface Date: Mon, 4 Dec 2023 11:05:40 +0100 Message-ID: <20231204100620.27789-9-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=MajbmvXJ; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Michael Glembotzki --- core/cpio_utils.c | 13 +++++++++---- core/installer.c | 1 + core/stream_interface.c | 6 +++--- corelib/lua_interface.c | 2 ++ handlers/copy_handler.c | 1 + handlers/delta_handler.c | 1 + handlers/rdiff_handler.c | 1 + handlers/readback_handler.c | 1 + include/util.h | 6 ++++-- 9 files changed, 23 insertions(+), 9 deletions(-) diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 0a6ebc1..4556033 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -431,7 +431,8 @@ static int zstd_step(void* state, void* buffer, size_t size) static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nbytes, unsigned long *offs, unsigned long long seek, int skip_file, int __attribute__ ((__unused__)) compressed, - uint32_t *checksum, unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback) + uint32_t *checksum, unsigned char *hash, bool encrypted, + const char __attribute__ ((__unused__)) *imgaeskey, const char *imgivt, writeimage callback) { unsigned int percent, prevpercent = 0; int ret = 0; @@ -707,7 +708,8 @@ copyfile_exit: int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, unsigned long long seek, int skip_file, int __attribute__ ((__unused__)) compressed, - uint32_t *checksum, unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback) + uint32_t *checksum, unsigned char *hash, bool encrypted, + const char *imgaeskey, const char *imgivt, writeimage callback) { return __swupdate_copy(fdin, NULL, @@ -720,12 +722,13 @@ int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, unsigned l checksum, hash, encrypted, + imgaeskey, imgivt, callback); } int copybuffer(unsigned char *inbuf, void *out, size_t nbytes, int __attribute__ ((__unused__)) compressed, - unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback) + unsigned char *hash, bool encrypted, const char *imgaeskey, const char *imgivt, writeimage callback) { return __swupdate_copy(-1, inbuf, @@ -738,6 +741,7 @@ int copybuffer(unsigned char *inbuf, void *out, size_t nbytes, int __attribute__ NULL, hash, encrypted, + imgaeskey, imgivt, callback); } @@ -754,6 +758,7 @@ int copyimage(void *out, struct img_type *img, writeimage callback) &img->checksum, img->sha256, img->is_encrypted, + img->aeskey_ascii, img->ivt_ascii, callback); } @@ -839,7 +844,7 @@ int cpio_scan(int fd, struct swupdate_cfg *cfg, off_t start) * we do not have to provide fdout */ if (copyfile(fd, NULL, fdh.size, &offset, 0, 1, 0, &checksum, img ? img->sha256 : NULL, - false, NULL, NULL) != 0) { + false, NULL, NULL, NULL) != 0) { ERROR("invalid archive"); return -1; } diff --git a/core/installer.c b/core/installer.c index 20b5b51..db86075 100644 --- a/core/installer.c +++ b/core/installer.c @@ -145,6 +145,7 @@ static int extract_scripts(struct imglist *head) &checksum, script->sha256, script->is_encrypted, + script->aeskey_ascii, script->ivt_ascii, NULL); close(fdin); diff --git a/core/stream_interface.c b/core/stream_interface.c index 0b78329..bfafa30 100644 --- a/core/stream_interface.c +++ b/core/stream_interface.c @@ -104,7 +104,7 @@ static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs, return -1; if (copyfile(fd, &fdout, fdh.size, poffs, 0, 0, 0, &checksum, NULL, - encrypted, NULL, NULL) < 0) { + encrypted, NULL, NULL, NULL) < 0) { close(fdout); return -1; } @@ -243,7 +243,7 @@ static int extract_files(int fd, struct swupdate_cfg *software) close(fdout); return -1; } - if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, img->sha256, false, NULL, NULL) < 0) { + if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, img->sha256, false, NULL, NULL, NULL) < 0) { close(fdout); return -1; } @@ -255,7 +255,7 @@ static int extract_files(int fd, struct swupdate_cfg *software) break; case SKIP_FILE: - if (copyfile(fd, &fdout, fdh.size, &offset, 0, skip, 0, &checksum, NULL, false, NULL, NULL) < 0) { + if (copyfile(fd, &fdout, fdh.size, &offset, 0, skip, 0, &checksum, NULL, false, NULL, NULL, NULL) < 0) { return -1; } if (!swupdate_verify_chksum(checksum, &fdh)) { diff --git a/corelib/lua_interface.c b/corelib/lua_interface.c index af7b554..1533e9d 100644 --- a/corelib/lua_interface.c +++ b/corelib/lua_interface.c @@ -401,6 +401,7 @@ static int l_copy2file(lua_State *L) &checksum, img.sha256, img.is_encrypted, + img.aeskey_ascii, img.ivt_ascii, NULL); update_table(L, &img); @@ -473,6 +474,7 @@ static int l_istream_read(lua_State* L) &checksum, img.sha256, img.is_encrypted, + img.aeskey_ascii, img.ivt_ascii, istream_read_callback); diff --git a/handlers/copy_handler.c b/handlers/copy_handler.c index e463bb5..d09ca52 100644 --- a/handlers/copy_handler.c +++ b/handlers/copy_handler.c @@ -131,6 +131,7 @@ static int copy_single_file(const char *path, ssize_t size, struct img_type *img &checksum, 0, /* no sha256 */ false, /* no encrypted */ + NULL, /* no AES Key */ NULL, /* no IVT */ NULL); diff --git a/handlers/delta_handler.c b/handlers/delta_handler.c index d1ff783..a5ee2a6 100644 --- a/handlers/delta_handler.c +++ b/handlers/delta_handler.c @@ -169,6 +169,7 @@ static int network_process_data(multipart_parser* p, const char *at, size_t leng hash, 0, NULL, + NULL, NULL); } else ret = 0; /* skipping, nothing to be copied */ diff --git a/handlers/rdiff_handler.c b/handlers/rdiff_handler.c index e01a127..3f09ec2 100644 --- a/handlers/rdiff_handler.c +++ b/handlers/rdiff_handler.c @@ -347,6 +347,7 @@ static int apply_rdiff_patch(struct img_type *img, &img->checksum, img->sha256, img->is_encrypted, + img->aeskey_ascii, img->ivt_ascii, apply_rdiff_chunk_cb); if (ret != 0) { diff --git a/handlers/readback_handler.c b/handlers/readback_handler.c index 4b910bd..6d2eefa 100644 --- a/handlers/readback_handler.c +++ b/handlers/readback_handler.c @@ -113,6 +113,7 @@ static int readback_postinst(struct img_type *img) NULL, /* no checksum */ hash, false, /* no encrypted */ + NULL, /* no AES Key */ NULL, /* no IVT */ NULL); /* no callback */ if (status == 0) { diff --git a/include/util.h b/include/util.h index 958274c..7ad588d 100644 --- a/include/util.h +++ b/include/util.h @@ -203,10 +203,12 @@ strlcpy(char *dst, const char * src, size_t size); int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, unsigned long long seek, int skip_file, int compressed, uint32_t *checksum, - unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback); + unsigned char *hash, bool encrypted, const char *imgaeskey, const char *imgivt, + writeimage callback); int copyimage(void *out, struct img_type *img, writeimage callback); int copybuffer(unsigned char *inbuf, void *out, size_t nbytes, int compressed, - unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback); + unsigned char *hash, bool encrypted, const char *imgaeskey, const char *imgivt, + writeimage callback); int openfileoutput(const char *filename); int mkpath(char *dir, mode_t mode); int swupdate_file_setnonblock(int fd, bool block); From patchwork Mon Dec 4 10:05:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871484 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=S0rG/5vw; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=fgQzOkiv; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::43d; helo=mail-wr1-x43d.google.com; envelope-from=swupdate+bncbdy5juxlviebbk6jw2vqmgqest7bxvi@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wr1-x43d.google.com (mail-wr1-x43d.google.com [IPv6:2a00:1450:4864:20::43d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK805bqXz23nk for ; Mon, 4 Dec 2023 21:06:40 +1100 (AEDT) Received: by mail-wr1-x43d.google.com with SMTP id ffacd0b85a97d-33342edbd15sf806631f8f.0 for ; Mon, 04 Dec 2023 02:06:40 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684397; cv=pass; d=google.com; s=arc-20160816; b=AA+au0nvW7CaFzh9kKRhWNDBeRqd51tiO9vC4K9H/C/4W8kvIzeFwuzRpLj2++kMWq QMXwFrpebVoh4EMLlCZwKMQhMNEqdpT1e0R131k4C0T2vI1zky+xx+9Q39xur+kKZ6VX cJUQ4tBq6cMvOH/9SMc6hi2+2ma/yoX0oIMLqPiZv9Zv5UjAvn3lz39085Kc5z4F7aIb xeKZNk9M03N/nMgn6RSvVTiXlNaNOrjn61yZoFgC2cFNSDzHXtigtqyI4IctG4w4FZgy 4dLswNfRdGTcnE3/Q1LbuihW7CTqy+X9Zz4aj0GZpcOpTNp/8XWxYy1Q0BN18Tg8gc0g Flgg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=i4zQoLHF+5wMUqGjsLSOAETTt3O0QlT+TRD4bw1VCHs=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=dStzCnoSivGRsR1rI1MIo7NkMIusPcvKOHb40Ki/P0ceKgKayREliAxL6rGJReqld2 PBTB/2Y+PMIHRL+NS0qXtgQ2o1Lf39ZDFr1tPslxPocdwqtOYSf5tYnyS7txqLNl42fT 22n/bJ765YnaH+a/AOy0SDhtoOOCJJOf5IGXE637NDBFwbEyWecZChF2dIiZ7fT1qpBv 6A47OHs3nr1a38zcmC5+sW817cFdqsRbqCEq2g7muH+kHK7VtWUWu98lpO/97QYyWGCd +3xpN/ctT+FgMtdPs3FsJPcVE8/hGlPCB0U3liSLygB6xFpRnaYv+/xwX6pQjGfBjExD xPiw== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FbFFIHCT; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::634 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684397; x=1702289197; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=i4zQoLHF+5wMUqGjsLSOAETTt3O0QlT+TRD4bw1VCHs=; b=S0rG/5vw3G7oX3MdAMDcF031i68yzd0NdY4UuQ8aqe7u5AlCS5X7ZIQys+fntslsOB qhnRdzX9cM3nsvdjinpBzSOQHodtatJnWJqVj9oxK4LuT3Pu7dmhiiOcNeZd8rxEp0aN /TvgIhyD2iKWfpuOFxVTdgC7E701O7zuhbZhyMxFUtIJ+Fr6oTOT+0OzkADsRaFF6h9D P/C4+GGJRYkjruL/poPWAxdR6H3j2pTzEeNFUO5woLj7obSBQE4hY3U9t3lY+GfD4VNJ GFS9AN0/8fulhQJIS3uQ7z7mFe5EJMoSVjkTIbJp3lUtRDqhdZCANkgFhgl1vnkzuMC6 x+JQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684397; x=1702289197; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=i4zQoLHF+5wMUqGjsLSOAETTt3O0QlT+TRD4bw1VCHs=; b=fgQzOkiv8s/L6qMA719JbLSK2My5d/w/HDUwM0KczarBja3RyPHqCEtpbB00U9Ui2L uMxN21WexnEQiLJu6tcWM83a7CIfDJfLA4jEo7RsRrgX2eQUORLGokkaYyF9RFFzZRrz HeufO5n94s3cC9nxYmxghvYUi5BFC82908eSY/YfL+VakijtvirXQGpoSCF/Hwt8NuCI kgzDbcsrVBEuo0gO2f5pkVTta9whvDBOeNVP4eaXChqGPyTbN0Ab1K33CU2dprUlPC5K E/74bXh/JX/2KZpsd16GwkH8Okxqe8XaK5Y6voGUYDlWXCgNViYCCualglCqdzwNEp34 dnlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684397; x=1702289197; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=i4zQoLHF+5wMUqGjsLSOAETTt3O0QlT+TRD4bw1VCHs=; b=eGspfFQr4oKYo3UcCbJM228FXDUQw/f6zaUx13VbFILo05qyPwKLfkVNFMGu8NwWH/ gTdIoaxVm3tiKpOHbGoh6cJXJFfmgyObb3iWOK9BrCG38GUIm6fYDIrOtwsG1t+WhdyG a5Qc0fxB+jVblxym7q9Ds5LRKxWs6qeIrd7PofWI3WjzwJ3Uf5uoNpuKOtLGNzKS2yan WUWXlbRJDXGf+wx9Lkqi/mxcC03xUk3JcVzjBI7m3zldSFSmFj6sPyQrSskJ4Bkqd9tl 9oJ46wLDMXM5Ued4NKt7WG/CQevOA3cjeDcvU6AuJjnRQapRlBgdT/nBUiTALLjUMetc qH2g== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0Yw7iH+3qtEnRFU2xWv+pEVrBLnxt5stv4Xz+rnSlC/owFVkWCvJ /9SGJaaxap+0Wwd8UJVxcGQ= X-Google-Smtp-Source: AGHT+IECuF5x7AJa5xPOLjJ1YLOri3QLOfIaRBois+Tn06FXvkfw++rIA9IRcHdCI/ffnlDEgSt/gQ== X-Received: by 2002:a5d:54c6:0:b0:333:2fd2:816d with SMTP id x6-20020a5d54c6000000b003332fd2816dmr2697767wrv.138.1701684396163; Mon, 04 Dec 2023 02:06:36 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:6000:1e88:b0:333:3450:aeb7 with SMTP id dd8-20020a0560001e8800b003333450aeb7ls1138704wrb.1.-pod-prod-09-eu; Mon, 04 Dec 2023 02:06:34 -0800 (PST) X-Received: by 2002:a05:6000:184d:b0:333:4052:bfef with SMTP id c13-20020a056000184d00b003334052bfefmr1805038wri.52.1701684393637; Mon, 04 Dec 2023 02:06:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684393; cv=none; d=google.com; s=arc-20160816; b=YXd2/WqKCE9LK6S+IPhfJG624hFomlHmC17v7wEMUbT+slEmEe/xayQTdrDcsplHeN DkDJbFffRrZFp1L1Kpt2LgzZXW5kuZ7ufi39oX+6pmFr/kH+PMBK2QEAFZG4ci73Etzb MIrYlp0dEhhWm7azVEEqPGjuM6CcPEKrKiuSBoK4KnKQRgx1Uh0xVrJJt7XnlPzEfrkL BUIsLzrWlKP5BVVPzhy2f0vMDWPs03oiyCOHKNjE6HWlYQ5Yk6/uy1UILUXtEg+xgv3F Tv9e7EstQhCJbkhkaYq2puaBoRKFNQbZvB1i79D+FIyBtrtto+L1K+4gB3p5yNj4eEcd U7Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=7FGd3M+/eCP1GVRU/y1FEz69TE/uY9l4fs6eONGF4uE=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=eTTVNqLaJqBza/2+Qe2KRmZ6YGrRIKs+SBAScmdCZpEVxt4xXrxaL489UbPjEwrxPR i6wg3EorYDHuLjhcvD1yw4R51Rr2jBNrEwnB1tN7551R2BtLw/uOMGudEImQwTwIFkVH A/Sl37eUL65D0RScfQR+bamlTzV0NfJfJuCoorOs5/gaanp1MDVgrVfKvmnpuqkBW3ny RKBCImqcTia/rfVI3B7Em14wBxk6Rs2NebHYvEx2lUQnABmnyS58y5MWgbXYkCY0qtpV P96OjfuDChZFIjyuPjYV8KYAD1v2P04ySTdE7wemDETQ+9b+PE/W4dCSPiUZ5UGqDEfl bhRA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FbFFIHCT; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::634 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com. [2a00:1450:4864:20::634]) by gmr-mx.google.com with ESMTPS id r13-20020a5d494d000000b0033333a0a592si301140wrs.7.2023.12.04.02.06.33 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:33 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::634 as permitted sender) client-ip=2a00:1450:4864:20::634; Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-a19ce1404e1so383076366b.3 for ; Mon, 04 Dec 2023 02:06:33 -0800 (PST) X-Received: by 2002:a17:906:718a:b0:a01:b8c6:7724 with SMTP id h10-20020a170906718a00b00a01b8c67724mr3180325ejk.73.1701684392621; Mon, 04 Dec 2023 02:06:32 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:31 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 09/10] Add support for asymmetrical encrypted images Date: Mon, 4 Dec 2023 11:05:41 +0100 Message-ID: <20231204100620.27789-10-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FbFFIHCT; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::634 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Michael Glembotzki --- Kconfig | 12 ++++++++++++ core/cpio_utils.c | 41 ++++++++++++++++++++++++++++++++++++++++- core/installer.c | 7 +++++++ core/stream_interface.c | 35 +++++++++++++++++++++++++++++++++-- 4 files changed, 92 insertions(+), 3 deletions(-) diff --git a/Kconfig b/Kconfig index 5a3dc9a..d3412b3 100644 --- a/Kconfig +++ b/Kconfig @@ -507,6 +507,18 @@ config ENCRYPTED_SW_DESCRIPTION if this is set. It is a compile time option, and mix of plain and encrypted sw-descriptions is not possible. +config ASYM_ENCRYPTED_SW_DESCRIPTION + bool "Asymmetrical encrypted sw-description" + depends on ENCRYPTED_SW_DESCRIPTION && !PKCS11 + depends on SSL_IMPL_OPENSSL + default n + help + This option enables support for asymmetrical encrypted sw-description, + making it possible to encrypt images device specific. The artifacts + persist in being symmetrically encrypted by retrieving an AES key from + the sw-description, which may be the same or distinct for each artifact. + Cryptographic Message Syntax (CMS) with OpenSSL is used for encryption. + config ENCRYPTED_IMAGES_HARDEN_LOGGING bool "Harden logging for encrypted images" default n diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 4556033..cfd4bbe 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -445,6 +445,11 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby unsigned char *aes_key = NULL; unsigned char *ivt = NULL; unsigned char ivtbuf[AES_BLK_SIZE]; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + unsigned char aeskeybuf[AES_256_KEY_LEN]; + char keylen_ascii; +#endif + char keylen; struct InputState input_state = { .fdin = fdin, @@ -514,7 +519,40 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby } if (encrypted) { +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if(!imgaeskey) { + return -EINVAL; + } + + keylen_ascii = strlen(imgaeskey); + switch (keylen_ascii) { + case AES_128_KEY_LEN * 2: + case AES_192_KEY_LEN * 2: + case AES_256_KEY_LEN * 2: + // valid hex string size for AES 128/192/256 + keylen = keylen_ascii / 2; + break; + default: + ERROR("Invalid image aes_key length"); + return -EINVAL; + } + + if (!imgivt || strlen(imgivt) != (AES_BLK_SIZE*2)) { + ERROR("Invalid image ivt length"); + return -EINVAL; + } + + if (is_hex_str(imgivt) || ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt) || + is_hex_str(imgaeskey) || ascii_to_bin(aeskeybuf, keylen, imgaeskey)) { + ERROR("Setting aes_key or ivt"); + return -EINVAL; + } + + aes_key = aeskeybuf; + ivt = ivtbuf; +#else aes_key = get_aes_key(); + keylen = get_aes_keylen(); if (imgivt) { if (strlen(imgivt) != (AES_BLK_SIZE * 2) || is_hex_str(imgivt) || @@ -525,7 +563,8 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby ivt = ivtbuf; } else ivt = get_aes_ivt(); - decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, get_aes_keylen(), ivt); +#endif + decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, keylen, ivt); if (!decrypt_state.dcrypt) { ERROR("decrypt initialization failure, aborting"); ret = -EFAULT; diff --git a/core/installer.c b/core/installer.c index db86075..ba85f98 100644 --- a/core/installer.c +++ b/core/installer.c @@ -498,6 +498,13 @@ void cleanup_files(struct swupdate_cfg *software) { free(fn); } #endif + +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if (asprintf(&fn, "%s%s.enc", TMPDIR, SW_DESCRIPTION_FILENAME) != ENOMEM_ASPRINTF) { + remove_sw_file(fn); + free(fn); + } +#endif } int preupdatecmd(struct swupdate_cfg *swcfg) diff --git a/core/stream_interface.c b/core/stream_interface.c index bfafa30..ba88193 100644 --- a/core/stream_interface.c +++ b/core/stream_interface.c @@ -45,6 +45,7 @@ #include "state.h" #include "bootloader.h" #include "hw-compatibility.h" +#include "sslapi.h" #define BUFF_SIZE 4096 #define PERCENT_LB_INDEX 4 @@ -144,11 +145,14 @@ static int extract_files(int fd, struct swupdate_cfg *software) int fdout; struct img_type *img, *part; char output_file[MAX_IMAGE_FNAME]; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + char enc_output_file[MAX_IMAGE_FNAME]; +#endif const char* TMPDIR = get_tmpdir(); bool installed_directly = false; bool encrypted_sw_desc = false; -#ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION +#if defined(CONFIG_ENCRYPTED_SW_DESCRIPTION) && !defined(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION) encrypted_sw_desc = true; #endif @@ -168,6 +172,16 @@ static int extract_files(int fd, struct swupdate_cfg *software) if (extract_file_to_tmp(fd, SW_DESCRIPTION_FILENAME, &offset, encrypted_sw_desc) < 0 ) return -1; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + snprintf(output_file, sizeof(output_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME); + snprintf(enc_output_file, sizeof(enc_output_file), "%s.enc", output_file); + if (rename(output_file, enc_output_file)) + return -1; + + if (swupdate_decrypt_file(software->dgst, enc_output_file, output_file)) + return -1; +#endif + status = STREAM_WAIT_SIGNATURE; break; @@ -381,10 +395,13 @@ static int save_stream(int fdin, struct swupdate_cfg *software) unsigned int tmpsize; unsigned long offset; char output_file[MAX_IMAGE_FNAME]; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + char enc_output_file[MAX_IMAGE_FNAME]; +#endif const char* TMPDIR = get_tmpdir(); bool encrypted_sw_desc = false; -#ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION +#if defined(CONFIG_ENCRYPTED_SW_DESCRIPTION) && !defined(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION) encrypted_sw_desc = true; #endif if (fdin < 0) @@ -452,6 +469,20 @@ static int save_stream(int fdin, struct swupdate_cfg *software) ret = -EINVAL; goto no_copy_output; } + +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + snprintf(output_file, sizeof(output_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME); + snprintf(enc_output_file, sizeof(enc_output_file), "%s.enc", output_file); + if (rename(output_file, enc_output_file)) { + ret = -EINVAL; + goto no_copy_output; + } + if (swupdate_decrypt_file(software->dgst, enc_output_file, output_file)) { + ret = -EINVAL; + goto no_copy_output; + } +#endif + #ifdef CONFIG_SIGNED_IMAGES snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME); if (extract_file_to_tmp(tmpfd, output_file, &offset, false) < 0 ) { From patchwork Mon Dec 4 10:05:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871483 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=J3sLHkVL; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=EUzvnwSB; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::337; helo=mail-wm1-x337.google.com; envelope-from=swupdate+bncbdy5juxlviebbk6jw2vqmgqest7bxvi@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wm1-x337.google.com (mail-wm1-x337.google.com [IPv6:2a00:1450:4864:20::337]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK803cHGz1yST for ; Mon, 4 Dec 2023 21:06:40 +1100 (AEDT) Received: by mail-wm1-x337.google.com with SMTP id 5b1f17b1804b1-40b3dbe99d9sf34479795e9.1 for ; Mon, 04 Dec 2023 02:06:40 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684397; cv=pass; d=google.com; s=arc-20160816; b=SPissP26BrpnXWZXAovROd8BzgUciLOayKtNxX/KEgJHwjWt8pzHAJZ61Bl6ecm5p+ wB8jkwFF9iB5rjsfcRrFUUrCuKVQnXV5myDhgzWLhsp6tkJBK7So81/tX6WKXt4+8XhR ocqq8xylDwH2HRBcPcAWaSRK2WG05Rb7wtJQ9/vYEx4OlnXyEolaO/CgJ8PBIPDiXhww 9cBnR4asWR1/Zjxjk578lp+jRBI/mdtYO3kU2hG84KJx5j4mbRflAMTnUvLk15FDuDw7 tB0y+IPx/MKBAx7Q6TFAP+OGSPJvv8b5buYqNPOdl2A5i4RUz/D61WKRYZp9TAFEAwI0 EmFQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=yoXZTVeMxAtMalz60jEkth/JWskKEUE4+6cafea0Wf8=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=bU0d+rZMJOJN10XQ3Lyt4jpM9kByWCFSyIzDvhyWPChogsbU0rDN4HuE0DH2bCJdWy G6cFrcydVxwAQvZRMnJQ+M30AveocJ8nhfpoqG9ewVairHVmRDHT3SaHkFJlTv/VprUo FxO7LaTMfbkJDCyYzCicw7PTm5lD6VFEmNAqcCOdXzLK+fbhAHZAA7DYmgPGl5PFEhBI pfu8ScLyuxQwaKALz82znLmdYy/ULurvAT1v/J66MCIdtJeJIx6KMtkPzAQTI4q7zC52 suqHA1Q8F22w6PMLBgIVDq1FTbp9GsrKw0Ln6oyGSjcKyZ62frexCyKQZfTB99OwNJKR ajYA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=QntKOSH4; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::633 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684397; x=1702289197; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=yoXZTVeMxAtMalz60jEkth/JWskKEUE4+6cafea0Wf8=; b=J3sLHkVLvpFrinljpl0UoeWAMQqtamTcjyAnXvjqLeStYIB+8pW3ojcVy+u9u57W16 MMCqbXpsn6geuRr41oCZfrWUuIaILtKm3PFQ27RdWdHe6qFoshlFXKNXc7xKxbR3Qk3T UNzHiNkVma+yu8t5pAAZ9pj+h59xvC+B5racMHPDfNGsVHSFA9w8JfEytrdNtwlkwpT0 bIU66JUvDturyzWeqhfpUBt5RY7D09Fd/amZ9mE5vWaXnzwuLEJY9qeMDS2uOLeGNam8 TU7y73j7Apkautp/8/r1LpzRB1njjHOjJYllI489lnSsYkvCKK+Q7sKpO3IcCPYtVyBr kY6Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684397; x=1702289197; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=yoXZTVeMxAtMalz60jEkth/JWskKEUE4+6cafea0Wf8=; b=EUzvnwSBdEUTcTv0FkBklGQN8TIhPXJgQdVR/luZi8yT+KxsdLO+axCCvs2PUxY/HH 43Ysfd+4XZUlySB+thIg0z/lFyJGKMGOJ3uwJaOGI/diLhbUnRWEf93A4EVpWEucd971 fMRNooUZy2wL/621DvKo1hys6JPCNPPVdVB/CG3pO0wVjRp58jerA8RZieHfCThZ4Vi1 XDQv0SiUP3doAqakJxsB2rFKRG+Wbxeg1ggrG84ZyKatEvRU+43uz6LAD4HeVRFj8k7E O1Jevr73JFoApo341Wbtmy/MMQSCmQ6xd0tq8Kgjhz2h4r7BqH5SLHnmNK5/E6vll3U5 GUyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684397; x=1702289197; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=yoXZTVeMxAtMalz60jEkth/JWskKEUE4+6cafea0Wf8=; b=V4vde5Kv2k6L0IanMxATkWIvAzHBrRbeYgO2qyazEJ5wkx7FjKEumKBiqn8lSYkRW/ eK/JAMLwP0r5wVEhPtLdQ6e+7ZOy+SfLhscvrOBik/739wsLxR0ay2g6tX2x3BSOt/pN oXDJzNkXhlUEWkmAaW/Z5ezxT6Xa+zgjB4H+NkwqzhvDZVftM3ckAdsKzdGKx5zbTouL 0NpywtN2vKg64wUqke+wVpyXiqVnMuWuNGqejO97cyuddsV1GzJ3mIvsPbbIii1V2mco UsBbGcBn+09Zs1xTWOve9C8k18oO17d4kI826jx8XvZ/0trLOCGMf/kxnBAZcRitb4Cr yFOQ== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YwNcfp8G8TP4UZ04KC+susK/GHda+n8ltlswEyL6TvMqlGVmtU9 tVAkQML85PyzHKN/zcDfPqM= X-Google-Smtp-Source: AGHT+IF+Ue7oRyCersftruRa+GNVtJEUvk67HFZkFOQXXWYbkanuYpA8zZWCsjUxQsGoe+s4U/vhbw== X-Received: by 2002:a05:600c:3d8d:b0:40b:5e21:cc18 with SMTP id bi13-20020a05600c3d8d00b0040b5e21cc18mr2198601wmb.67.1701684396482; Mon, 04 Dec 2023 02:06:36 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:600c:1e20:b0:40b:3148:1b7e with SMTP id ay32-20020a05600c1e2000b0040b31481b7els2640720wmb.2.-pod-prod-03-eu; Mon, 04 Dec 2023 02:06:34 -0800 (PST) X-Received: by 2002:a05:600c:929:b0:40b:5e59:b7c7 with SMTP id m41-20020a05600c092900b0040b5e59b7c7mr2308508wmp.164.1701684394224; Mon, 04 Dec 2023 02:06:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684394; cv=none; d=google.com; s=arc-20160816; b=Zkiszj7pRhLGY++duNBRGPtM6FAW0vm3n4pmSkb57y3UqfKvo5NhJs0OJlPATfvku4 YyAF/IOfTAE7ucYtzfz1YhSUpnAbCOMR8jKcg5VrLJjktXcc2j0txvBDXFw2MlgQ41kQ TSQylmFVcZD2Z2YRRMxpg7P/5rP04571VpXni59Aj0zUWN16/DdvtNzS9rEqRWgjcdHC PuUZDbmmxJIIHUqc8KhhfynQzLc9KxNZxNmCecj3VuLMULK3lkNXIUv2O1M50JEaqbVV eCZ3Qp5tOLXSGGnnPb0VNZlKjEgw9YvQVxqM8k6H8rJINh7AQCNsA16rO/phk4/3Xdn+ NWVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=lfqyX1vuiekBtNRykJNUPF7eKuSnJrvo/3SPEagdkpI=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=KmRs3frzKJKGgL6NdlaHh7IXrf7CzYmQYCEk1St+c8/RzaoAR2A6cY7j4saPtAkOoU KMRK+HP3jnJt3mM2n2Pic9AyiP0g7uQOQPTu0LYN/4psKYwabOcOIR6eyu70KJCNzZAa B+cpZaedQmEeMNtqVIdNd5VFNWSj5rxJOqEm7dOhrWJLJ8AZiCoJttag9m3xP3MwBNvH 2UaGk7HP5b0mXQLiB+uW7IbDlyaaABKZ5qd/2lG8wyFbfop7M03bK+10hUnrmL9dtp7U Pb0bARmiXnkg5JGssT+7QcEa/koJDyqF3huA91O0DAfwh/kJt+SXvUzFn1JgwfCx3Mpc nV+g== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=QntKOSH4; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::633 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com. [2a00:1450:4864:20::633]) by gmr-mx.google.com with ESMTPS id u20-20020a05600c139400b0040b47a6405bsi560676wmf.1.2023.12.04.02.06.34 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:34 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::633 as permitted sender) client-ip=2a00:1450:4864:20::633; Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-a186e5d1056so547042466b.0 for ; Mon, 04 Dec 2023 02:06:34 -0800 (PST) X-Received: by 2002:a17:906:208d:b0:a17:d9c8:d9d3 with SMTP id 13-20020a170906208d00b00a17d9c8d9d3mr3440790ejq.12.1701684393253; Mon, 04 Dec 2023 02:06:33 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:32 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 10/10] doc: Add documentation for asymmetric decryption Date: Mon, 4 Dec 2023 11:05:42 +0100 Message-ID: <20231204100620.27789-11-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=QntKOSH4; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::633 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Michael Glembotzki --- doc/source/asym_encrypted_images.rst | 154 +++++++++++++++++++++++++++ doc/source/encrypted_images.rst | 2 + doc/source/index.rst | 1 + doc/source/roadmap.rst | 5 - doc/source/sw-description.rst | 13 ++- 5 files changed, 168 insertions(+), 7 deletions(-) create mode 100644 doc/source/asym_encrypted_images.rst diff --git a/doc/source/asym_encrypted_images.rst b/doc/source/asym_encrypted_images.rst new file mode 100644 index 0000000..7906479 --- /dev/null +++ b/doc/source/asym_encrypted_images.rst @@ -0,0 +1,154 @@ +.. SPDX-FileCopyrightText: 2023 Michael Glembotzki +.. SPDX-License-Identifier: GPL-2.0-only + +Asymmetrically Encrypted Update Images +====================================== + +Asymmetrically encrypted update images are realized by an asymmetrical +encrypted sw-description, making it possible to encrypt images device specific. +The artifacts persist in being symmetrically encrypted by retrieving an AES key +from the sw-description, which may be the same or distinct for each artifact. +Cryptographic Message Syntax (CMS) with OpenSSL is used for encryption. + + +Use Cases +--------- + +- Asymmetrically encrypted update images, with individual device key pairs, are + inherently more secure than a purely symmetrical solution, because one + compromised device does not affect the security of the other devices. +- If a device with its private key has been compromised, the key pair can be + removed from the list of devices (in the new CMS) eligible to receive a new + update image. +- The AES key can be exchanged with each new update image, because it is part + of the sw-description. +- The AES key may be the same or distinct for each artifact in the + sw-description. + + +Create a Self-signed Device Key Pair +------------------------------------ + +As an example, an elliptic curve key pair (PEM) is generated for a single +device. These steps must be repeated for all other recipient devices. An RSA +key pair functions equally effectively. + +:: + + # Create a private key and a self-signed certificate + openssl ecparam -name secp521r1 -genkey -noout -out device-key-001.pem + openssl req -new -x509 -key device-key-001.pem -out device-cert-001.pem -subj "/O=SWUpdate /CN=target" + + # Combine the private key and certificate into a single file + cat device-key-001.pem device-cert-001.pem > device-001.pem + + +Symmetric Encryption of Artifacts +--------------------------------- + +Generate an AES key and IV, as familiar from +:ref:`symmetric image encryption `. The encryption +process for the artifacts remains unchanged. + + +Encryption of sw-description for Multiple Devices +------------------------------------------------- + +All device certificates are used for encryption. + +:: + + # Encrypt sw-description for multiple recipient devices + openssl cms -encrypt -aes-256-cbc -in -out -outform DER -recip + +Replace ```` with the plain `sw-description` (e.g. +`sw-description.in`) and the encrypted ```` with `sw-description`. +````, ````, [...] ```` constitute the comprehensive +list of recipient devices intended for encryption. + + +Decryption of sw-description for a Single Device +------------------------------------------------ + +The combined key pair (private key and certificate) is used for decryption. +SWUpdate handles the decryption process autonomously. Manually executing this +step is not necessary and is provided here solely for development purposes. + +:: + + # Decrypt sw-description for a single recipient device + openssl cms -decrypt -in -out ```` -inform DER -inkey -recip + +Replace the encrypted ```` with `sw-description` and the +```` with plain `sw-description` (e.g. `sw-description.in`). +```` and ```` are used for the decryption. + + + + +Example Asymmetrically Encrypted Image +-------------------------------------- + +The image artifacts should be symmetrically encrypted and signed in advance. +Now, create a plain `sw-description.in` file. The attributes ``encrypted``, +``aes-key`` and ``ivt`` are required for encrypted artifacts. + +:: + + software = + { + version = "0.0.1"; + images: ( { + filename = "rootfs.ext4.enc"; + device = "/dev/mmcblk0p3"; + sha256 = "131159df3a4efaa890ff80173664a125c496c458dd432a8a6acae18872e35822"; + encrypted = true; + aes-key = "ed73b9d3bf9c655d5a0b04836d8be48660a4a4bb6f4aa07c6778e00e342881ac"; + ivt = "ea34a55a0c3476ed78f238ac87a7970c"; + }); + } + + +Asymmetrically encrypt the `sw-description` for multiple recipient devices: +:: + + openssl cms -encrypt -aes-256-cbc -in sw-description.in -out sw-description -outform DER -recip device-cert-001.pem device-cert-002.pem device-cert-003.pem + + + +Create the new update image (SWU): + +:: + + #!/bin/sh + + FILES="sw-description sw-description.sig rootfs.ext4.enc" + + for i in $FILES; do + echo $i;done | cpio -ov -H crc > firmware.swu + + +Running SWUpdate with Asymmetrically Encrypted Images +----------------------------------------------------- + +Asymmetric encryption support can be enabled by configuring the compile-time +option ``CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION``. To supply the combined +recipient key pair (PEM) generated earlier to SWUpdate, use the ``-r`` +parameter. Alternatively, the ``recip-keypair`` parameter in the +``swupdate.cfg`` can be used. + + +Security Considerations +----------------------- +- Ideally, generate the private key on the device during factory provisioning, + ensuring it never leaves the device. Only the public certificate leaves the + device for encrypting future update packages. +- This feature should be used in conjunction with signature verification + (``CONFIG_SIGNED_IMAGES``) to ensure data integrity. In principle, anyone + with the corresponding device certificate can create update packages. +- As a side effect, the size of the update package may significantly increase + in a large-scale deployment. To enhance scalability, consider using group + keys. +- Exchange the AES key with each update package. +- Refrain from encrypting new update images for compromised device. + diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst index 2b7c1ee..bc23681 100644 --- a/doc/source/encrypted_images.rst +++ b/doc/source/encrypted_images.rst @@ -1,6 +1,8 @@ .. SPDX-FileCopyrightText: 2013-2021 Stefano Babic .. SPDX-License-Identifier: GPL-2.0-only +.. _sym-encrypted-images: + Symmetrically Encrypted Update Images ===================================== diff --git a/doc/source/index.rst b/doc/source/index.rst index c3a8e88..3ed531a 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -41,6 +41,7 @@ SWUpdate Documentation sw-description.rst signed_images.rst encrypted_images.rst + asym_encrypted_images.rst handlers.rst mongoose.rst suricatta.rst diff --git a/doc/source/roadmap.rst b/doc/source/roadmap.rst index dc7d547..4e6caf4 100644 --- a/doc/source/roadmap.rst +++ b/doc/source/roadmap.rst @@ -138,11 +138,6 @@ BTRFS supports subvolume and delta backup for volumes - supporting subvolumes is to move the delta approach to filesystems, while SWUpdate should apply the deltas generated by BTRFS utilities. -Security -======== - -- add support for asymmetryc decryption - Support for evaluation boards ============================= diff --git a/doc/source/sw-description.rst b/doc/source/sw-description.rst index 480ff4d..ecc6405 100644 --- a/doc/source/sw-description.rst +++ b/doc/source/sw-description.rst @@ -1441,8 +1441,17 @@ There are 4 main sections inside sw-description: | | | scripts | and must be decrypted before | | | | | installing. | +-------------+----------+------------+---------------------------------------+ - | ivt | string | images | IVT in case of encrypted artefact | - | | | files | It has no value if "encrypted" is not | + | aes-key | string | images | AES key in case of an encrypted | + | | | files | artefact. It has no effect if not | + | | | scripts | compiled with | + | | | | `CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION`| + | | | | or if attribute "encrypted" is not | + | | | | set. Each artefact can have an own | + | | | | AES key. It is an ASCII hex string | + | | | | of 16/24/32 chars. | + +-------------+----------+------------+---------------------------------------+ + | ivt | string | images | IVT in case of an encrypted artefact. | + | | | files | It has no effect if "encrypted" is not| | | | scripts | set. Each artefact can have an own | | | | | IVT to avoid attacker can guess the | | | | | the key. |