From patchwork Fri Jun 21 13:25:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: 'Darko Komljenovic' via swupdate X-Patchwork-Id: 1120233 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::13e; helo=mail-lf1-x13e.google.com; envelope-from=swupdate+bncbcj4pko5sipbbvvvwpuakgqejz72usq@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=googlegroups.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="IVp8Xb/v"; dkim-atps=neutral Received: from mail-lf1-x13e.google.com (mail-lf1-x13e.google.com [IPv6:2a00:1450:4864:20::13e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45VfZj50xnz9s5c for ; Fri, 21 Jun 2019 23:25:47 +1000 (AEST) Received: by mail-lf1-x13e.google.com with SMTP id a1sf1070799lfi.16 for ; Fri, 21 Jun 2019 06:25:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1561123542; cv=pass; d=google.com; s=arc-20160816; b=VYtOITl+HCEER4PCXUoWd8W0XXg9VJhdA1M1/evS5U14HYGOMjIlgKZhNTiXaxWsjV C6KXtEKiF0vLisppbRBcmkwwBew+uSiqqQ1CZuJO82IJoiOSPPVfdTeN+XJK3piElEm6 kBOBJtnSmLPTlE1cd6WKs+dLQtuegWKxaEGdy6gOvI7CMislI/O7sRdjvAI58zi28j7w x+k2r0KPPUv+Tmts8UgxP4g96b4L/MRac+Zb9w56MrY3Xsd2gaGBS9/WGTAdFZX5wa9b fuHNJV/nj9yA2XHXXDNlo7GZ4VxiUUFtdg+X8JhxpXG8Pp5QeXo9EuwL4w85fHesXR7a VR2A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=HcEdYwd7dqtMIpVjDmGh9r9PtE06dq6uq0NXTVN20ds=; b=cKEHYV1RgcNi3Yg6aHBmrv0Yr7Arg6AITYGPXHl2swGqNsdYjPWO6a1SNgDACYNytJ jJ411IVJObxhGmFE0MhfQhZAZwxjHPkPWJ6eYdW2zUfPnDH+Z+mYnzx8Gl5M1KQKgc9r TWEDBq7eGJTLHIrMNy1TUahoBHbrKqb+N5dAJk/bkU0tgsDhV4/Irq4jvjba0HKp7X02 3OrTbeBXwq/AFpEwgJKnsnOduf0GVFucQvHVvcXijSmWPG/d7h5c2Vs3F+1vlnJ+uFuE MofCjhQ4TXpW+n8cP5U7uWvX9ek9v0IR/o/93aly5tEm/W5/tpFX/1ZgjK16gnlDwQGR MmgQ== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@ashin.hu header.s=mail header.b=cm8TOTnq; spf=pass (google.com: domain of laszlo@ashin.hu designates 45.32.159.235 as permitted sender) smtp.mailfrom=laszlo@ashin.hu; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ashin.hu DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:x-original-sender:x-original-authentication-results :reply-to:precedence:mailing-list:list-id:list-post:list-help :list-archive:list-subscribe:list-unsubscribe; bh=HcEdYwd7dqtMIpVjDmGh9r9PtE06dq6uq0NXTVN20ds=; b=IVp8Xb/vzBVKFa/aJm2/Wr2P+RJkd/p7T6O3zRfKQwyoMAYXXFGlUBztvNNipageQr zPnYVR+zEkdPXkb/Zv4KHR2mTX639Js8iSMSUp/Xa9ywpXhdIVZCxux8jUiyNfDCK9ow 9kchX0OBlYYZhg7U7hej2fMygs4FxOXHTjUlu+dTyLHaZe0BPBeFqJhcTOGr3TFKeYUm YqFz/XM6n4GDtKzTOLShMAKCyAK0EPTUt9TyC/HldMHP0LBHVCNrhE4il6v/9CINmYGB shxZRvloOEbSnNaTCeJuW16brJjOSewLeL4sm2IBUTg9lW+NzA3uyxZitRjUwEYfOxLT iyNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=HcEdYwd7dqtMIpVjDmGh9r9PtE06dq6uq0NXTVN20ds=; b=Yg8pmLAaUmaHsSg88GNoA9Di5PgXpGB7cDyxyh7Y469tXMiKdIRTiRoHxHpS3N+hjF KNduYoKw4BHP6pmIK5mjb44ZKD731jaCVT7i5TMBlEim0e3L1jqZkLuFzNOrHS0CTE2y xRYdQRgtsz0oUHT9ihdbf0QwdBWyt+D+7rw8bwzm9EXloR0UBYGnUlNB81PUBrxvUk60 j4iyYn9oPjyp3PE33GxAIRDucn1wyt55IrsZJMJItVzShHVDHXTelZiAmQM+huX6VDUz WfnXCKb74qC5lj5plPSfi2OMOpSZtroaQaCoxQlmSCAGKBsH5eLTsdfieFW8EIHQSBwY Y/Zg== X-Gm-Message-State: APjAAAUAnm722q34HxuAVB2T/gJGWLv/h9dnGNLHWuvXI9wROUBew3IZ wf3NkXqHPW2zSXGQteuzh0U= X-Google-Smtp-Source: APXvYqwo7/ZWZMrvY4Mgmknize3RMZq3YeomSnfHOzoNvG2sMr09QMA4SxtOTQjDEJv5Ax+4cGWd8A== X-Received: by 2002:a2e:9c85:: with SMTP id x5mr2271215lji.139.1561123542341; Fri, 21 Jun 2019 06:25:42 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:ac2:4a67:: with SMTP id q7ls861242lfp.2.gmail; Fri, 21 Jun 2019 06:25:41 -0700 (PDT) X-Received: by 2002:a19:7616:: with SMTP id c22mr14230388lff.115.1561123541694; Fri, 21 Jun 2019 06:25:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561123541; cv=none; d=google.com; s=arc-20160816; b=ku8Uxl1fTngQAmpgzNsLQUluQQ5QQdw+TZ4q+KIpyK2s49Qm3RSV/8zxxAWTfmG6Tm 5bXkD0vmkxg7dbobZkIWVEWoLRgIlT17GnSakmITBbCHbEoomFTLmVE0HJsD1l/7QmSd q5UcIGE5TrdYzAlD+4FhYPvgJg7dJn0y0d1S2A7IyabV7nv7yvfg+7w9Ql5YU6+1315v nFuFPBxzoLBO9JX+z1MnZfwQtbFvaJcpoHtp/h0N2qjymCHThhBbRtxfOptTl8HlZwuS 58E7i6m+Ms8qUi+V6QkbT+5zAx4zCxsS1AnpMbY7AsUgPiYVT9tEJhaR0BHUwd2iHGOL gB8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=kvBI9HXyq6gesK72NrqR1ls/P/1c+B7/A9sGnfuclHo=; b=t5HW7+tN1hZaU/2ZX+xc03NK533ksKqjTOzV0P1tcBMTaHXQWhocHofVE3WrCZ/VLF d//+dW59B4Uw7WLy/Yr+5/vVxL3ncUPAJEZscVDg94qSs6dbaWzp27UPm7pLnnCC2pGY Wy7cf5L3QGyUAi2G/MmBZ1S4XSW1BEKrUNOQI5NuT5kGpYi9wOkxoiP6qhcLwxrmRPD2 /OpCeod6eYhG7q4kDoysH34jiHboEmbHtbYaKcsGRr7S/XMqZafaFsu/saXRS0TZp+1W iRzaHV//tvgv3bGGzdQB7nio3wW77rP72/6tyUp5Z2uwXYQ1AH7wIuYmM0zatLFm67Q1 2e5Q== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@ashin.hu header.s=mail header.b=cm8TOTnq; spf=pass (google.com: domain of laszlo@ashin.hu designates 45.32.159.235 as permitted sender) smtp.mailfrom=laszlo@ashin.hu; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ashin.hu Received: from box.ashin.hu (box.ashin.hu. [45.32.159.235]) by gmr-mx.google.com with ESMTPS id z18si221973lfh.1.2019.06.21.06.25.41 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Jun 2019 06:25:41 -0700 (PDT) Received-SPF: pass (google.com: domain of laszlo@ashin.hu designates 45.32.159.235 as permitted sender) client-ip=45.32.159.235; Received: from authenticated-user (box.ashin.hu [45.32.159.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by box.ashin.hu (Postfix) with ESMTPSA id 168E23E8C9; Fri, 21 Jun 2019 15:25:40 +0200 (CEST) X-Patchwork-Original-From: "'Laszlo Ashin' via swupdate" From: 'Darko Komljenovic' via swupdate To: swupdate@googlegroups.com Cc: Laszlo Ashin Subject: [swupdate] [PATCH v3] Remove the superfluous salt parameter Date: Fri, 21 Jun 2019 15:25:28 +0200 Message-Id: <20190621132528.4616-1-laszlo@ashin.hu> In-Reply-To: <20190620201452.28712-1-laszlo@ashin.hu> References: <20190620201452.28712-1-laszlo@ashin.hu> MIME-Version: 1.0 X-Original-Sender: laszlo@ashin.hu X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@ashin.hu header.s=mail header.b=cm8TOTnq; spf=pass (google.com: domain of laszlo@ashin.hu designates 45.32.159.235 as permitted sender) smtp.mailfrom=laszlo@ashin.hu; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ashin.hu X-Original-From: Laszlo Ashin Reply-To: Laszlo Ashin Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , As it turned out salt is not needed for decryption of encrypted files or images. Using salt is still recommended for generating keys and IVs from passwords but was always unneeded for doing actual encryption and decryption. Best is to not start with a password at the first place, just random generate the key and IV like this: ``` key=$(dd if=/dev/random bs=32 count=1 | xxd -ps -cols 64) iv=$(dd if=/dev/random bs=16 count=1 | xxd -ps -cols 32) ``` Refer to the following discussion for more info: https://groups.google.com/forum/#!topic/swupdate/JBopZ5LNZis Signed-off-by: Laszlo Ashin --- core/cpio_utils.c | 4 +--- core/util.c | 23 ++++------------------- corelib/swupdate_decrypt.c | 16 +--------------- corelib/test/test_crypt.c | 19 ++++++------------- doc/source/encrypted_images.rst | 17 +++++++---------- include/sslapi.h | 4 ++-- include/util.h | 1 - 7 files changed, 21 insertions(+), 63 deletions(-) diff --git a/core/cpio_utils.c b/core/cpio_utils.c index a464108..182ff1a 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -299,7 +299,6 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi unsigned int md_len = 0; unsigned char *aes_key = NULL; unsigned char *ivt = NULL; - unsigned char *salt; struct InputState input_state = { .fdin = fdin, @@ -348,8 +347,7 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi if (encrypted) { aes_key = get_aes_key(); ivt = get_aes_ivt(); - salt = get_aes_salt(); - decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, ivt, salt); + decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, ivt); if (!decrypt_state.dcrypt) { ERROR("decrypt initialization failure, aborting"); ret = -EFAULT; diff --git a/core/util.c b/core/util.c index ea4ad8a..3a72b29 100644 --- a/core/util.c +++ b/core/util.c @@ -30,12 +30,10 @@ /* * key is 256 bit for aes_256 * ivt is 128 bit - * salt is 64 bit */ struct decryption_key { unsigned char key[32]; unsigned char ivt[16]; - unsigned char salt[8]; }; static struct decryption_key *aes_key = NULL; @@ -416,26 +414,22 @@ int count_elem_list(struct imglist *list) int load_decryption_key(char *fname) { FILE *fp; - char *b1 = NULL, *b2 = NULL, *b3 = NULL; + char *b1 = NULL, *b2 = NULL; int ret; fp = fopen(fname, "r"); if (!fp) return -EBADF; - ret = fscanf(fp, "%ms %ms %ms", &b1, &b2, &b3); + ret = fscanf(fp, "%ms %ms", &b1, &b2); switch (ret) { case 2: - b3 = NULL; DEBUG("Read decryption key and initialization vector from file %s.", fname); break; - case 3: - DEBUG("Read decryption key, initialization vector, and salt from file %s.", fname); - break; default: if (b1 != NULL) free(b1); - fprintf(stderr, "File with decryption key is not in the format nor \n"); + fprintf(stderr, "File with decryption key is not in the format \n"); fclose(fp); return -EINVAL; } @@ -449,15 +443,12 @@ int load_decryption_key(char *fname) return -ENOMEM; ret = ascii_to_bin(aes_key->key, b1, sizeof(aes_key->key) * 2) | - ascii_to_bin(aes_key->ivt, b2, sizeof(aes_key->ivt) * 2) | - ascii_to_bin(aes_key->salt, b3, sizeof(aes_key->salt) * 2); + ascii_to_bin(aes_key->ivt, b2, sizeof(aes_key->ivt) * 2); if (b1 != NULL) free(b1); if (b2 != NULL) free(b2); - if (b3 != NULL) - free(b3); if (ret) { fprintf(stderr, "Keys are invalid\n"); @@ -479,12 +470,6 @@ unsigned char *get_aes_ivt(void) { return aes_key->ivt; } -unsigned char *get_aes_salt(void) { - if (!aes_key) - return NULL; - return aes_key->salt; -} - char** string_split(const char* in, const char d) { char** result = 0; diff --git a/corelib/swupdate_decrypt.c b/corelib/swupdate_decrypt.c index 273196e..e1043d8 100644 --- a/corelib/swupdate_decrypt.c +++ b/corelib/swupdate_decrypt.c @@ -17,7 +17,7 @@ #include "sslapi.h" #include "util.h" -struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv, unsigned char *salt) +struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv) { struct swupdate_digest *dgst; int ret; @@ -34,20 +34,6 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char return NULL; } - if (salt != NULL) { - unsigned char dummy_key[EVP_MAX_KEY_LENGTH]; - unsigned char dummy_iv[EVP_MAX_IV_LENGTH]; - unsigned char dummy_pwd[5] = "DUMMY"; - if (!EVP_BytesToKey(cipher, EVP_sha1(), salt, - dummy_pwd, sizeof(dummy_pwd), - 1, - (unsigned char *)&dummy_key, (unsigned char *)&dummy_iv)) { - ERROR("Cannot set salt."); - free(dgst); - return NULL; - } - } - #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) EVP_CIPHER_CTX_init(&dgst->ctxdec); #else diff --git a/corelib/test/test_crypt.c b/corelib/test/test_crypt.c index 84ac6ed..f3b39c6 100644 --- a/corelib/test/test_crypt.c +++ b/corelib/test/test_crypt.c @@ -28,7 +28,6 @@ struct cryptdata { unsigned char *key; unsigned char *iv; - unsigned char *salt; unsigned char *crypttext; }; @@ -44,7 +43,7 @@ static void hex2bin(unsigned char *dest, const unsigned char *source) static void do_crypt(struct cryptdata *crypt, unsigned char *CRYPTTEXT, unsigned char *PLAINTEXT) { int len; - void *dcrypt = swupdate_DECRYPT_init(crypt->key, crypt->iv, crypt->salt); + void *dcrypt = swupdate_DECRYPT_init(crypt->key, crypt->iv); assert_non_null(dcrypt); unsigned char *buffer = calloc(1, strlen((const char *)CRYPTTEXT) + EVP_MAX_BLOCK_LENGTH); @@ -59,7 +58,7 @@ static void do_crypt(struct cryptdata *crypt, unsigned char *CRYPTTEXT, unsigned free(buffer); } -static void test_crypt_nosalt(void **state) +static void test_crypt_1(void **state) { (void)state; @@ -71,7 +70,6 @@ static void test_crypt_nosalt(void **state) struct cryptdata crypt; hex2bin((crypt.key = calloc(1, strlen((const char *)KEY))), KEY); hex2bin((crypt.iv = calloc(1, strlen((const char *)IV))), IV); - crypt.salt = NULL; hex2bin((crypt.crypttext = calloc(1, strlen((const char *)CRYPTTEXT))), CRYPTTEXT); do_crypt(&crypt, &CRYPTTEXT[0], &PLAINTEXT[0]); @@ -81,27 +79,24 @@ static void test_crypt_nosalt(void **state) free(crypt.crypttext); } -static void test_crypt_salt(void **state) +static void test_crypt_2(void **state) { (void)state; unsigned char KEY[] = "69D54287F856D30B51B812FDF714556778CF31E1B104D9C68BD90C669C37D1AB"; unsigned char IV[] = "E7039ABFCA63EB8EB1D320F7918275B2"; - unsigned char SALT[] = "F75A9C11F7F63C08"; unsigned char CRYPTTEXT[] = "A17EBBB1A28459352FE3A994404E35AA"; unsigned char PLAINTEXT[] = "CRYPTTEST"; struct cryptdata crypt; hex2bin((crypt.key = calloc(1, strlen((const char *)KEY))), KEY); hex2bin((crypt.iv = calloc(1, strlen((const char *)IV))), IV); - hex2bin((crypt.salt = calloc(1, strlen((const char *)SALT))), SALT); hex2bin((crypt.crypttext = calloc(1, strlen((const char *)CRYPTTEXT))), CRYPTTEXT); do_crypt(&crypt, &CRYPTTEXT[0], &PLAINTEXT[0]); free(crypt.key); free(crypt.iv); - free(crypt.salt); free(crypt.crypttext); } @@ -116,11 +111,10 @@ static void test_crypt_failure(void **state) struct cryptdata crypt; hex2bin((crypt.key = calloc(1, strlen((const char *)KEY))), KEY); hex2bin((crypt.iv = calloc(1, strlen((const char *)IV))), IV); - crypt.salt = NULL; hex2bin((crypt.crypttext = calloc(1, strlen((const char *)CRYPTTEXT))), CRYPTTEXT); int len; - void *dcrypt = swupdate_DECRYPT_init(crypt.key, crypt.iv, crypt.salt); + void *dcrypt = swupdate_DECRYPT_init(crypt.key, crypt.iv); assert_non_null(dcrypt); unsigned char *buffer = calloc(1, strlen((const char *)CRYPTTEXT) + EVP_MAX_BLOCK_LENGTH); @@ -131,7 +125,6 @@ static void test_crypt_failure(void **state) free(crypt.key); free(crypt.iv); - free(crypt.salt); free(crypt.crypttext); } @@ -139,9 +132,9 @@ int main(void) { int error_count = 0; const struct CMUnitTest crypt_tests[] = { - cmocka_unit_test(test_crypt_nosalt), + cmocka_unit_test(test_crypt_1), cmocka_unit_test(test_crypt_failure), - cmocka_unit_test(test_crypt_salt) + cmocka_unit_test(test_crypt_2) }; error_count += cmocka_run_group_tests_name("crypt", crypt_tests, NULL, NULL); return error_count; diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst index 113fdd3..781f484 100644 --- a/doc/source/encrypted_images.rst +++ b/doc/source/encrypted_images.rst @@ -29,28 +29,25 @@ Then, encrypt an image using this information via :: - openssl enc -aes-256-cbc -in -out -K -iv -S + openssl enc -aes-256-cbc -in -out -K -iv where ```` is the unencrypted source image file and ```` is the encrypted output image file to be referenced in ``sw-description``. ```` is the hex value part of the 2nd line of output from the key generation -command above, ```` is the hex value part of the 3rd line, and ```` is -the hex value part of the 1st line. +command above and ```` is the hex value part of the 3rd line. Then, create a key file to be supplied to SWUpdate via the `-K` switch by -putting the key, initialization vector, and salt hex values on one line +putting the key and initialization vector hex values on one line separated by whitespace, e.g., for above example values :: - B78CC67DD3DC13042A1B575184D4E16D6A09412C242CE253ACEE0F06B5AD68FC 65D793B87B6724BB27954C7664F15FF3 CE7B0488EFBF0D1B + B78CC67DD3DC13042A1B575184D4E16D6A09412C242CE253ACEE0F06B5AD68FC 65D793B87B6724BB27954C7664F15FF3 -Note that, while not recommended and for backwards compatibility, OpenSSL may be -used without salt. For disabling salt, add the ``-nosalt`` parameter to the key -generation command above. Accordingly, drop the ``-S `` parameter in the -encryption command and omit the 3rd field of the key file to be supplied to -SWUpdate being the salt. +For earlier versions of SWUpdate it was falsely noted that passing the SALT as a +3rd parameter would increase security. Key and IV are enough for maximum security, +salt doesn't add any value. Encryption of UBI volumes ------------------------- diff --git a/include/sslapi.h b/include/sslapi.h index 6f03ece..c66e005 100644 --- a/include/sslapi.h +++ b/include/sslapi.h @@ -124,7 +124,7 @@ int swupdate_HASH_compare(unsigned char *hash1, unsigned char *hash2); #endif #ifdef CONFIG_ENCRYPTED_IMAGES -struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv, unsigned char *salt); +struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv); int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf, int *outlen, unsigned char *cryptbuf, int inlen); int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf, @@ -135,7 +135,7 @@ void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst); * Note: macro for swupdate_DECRYPT_init is * just to avoid compiler warnings */ -#define swupdate_DECRYPT_init(key, iv, salt) (((key != NULL) | (ivt != NULL) | (salt != NULL)) ? NULL : NULL) +#define swupdate_DECRYPT_init(key, iv) (((key != NULL) | (ivt != NULL)) ? NULL : NULL) #define swupdate_DECRYPT_update(p, buf, len, cbuf, inlen) (-1) #define swupdate_DECRYPT_final(p, buf, len) (-1) #define swupdate_DECRYPT_cleanup(p) diff --git a/include/util.h b/include/util.h index 445e9f2..31c97b6 100644 --- a/include/util.h +++ b/include/util.h @@ -194,7 +194,6 @@ void free_string_array(char **nodes); int load_decryption_key(char *fname); unsigned char *get_aes_key(void); unsigned char *get_aes_ivt(void); -unsigned char *get_aes_salt(void); /* Getting global information */ int get_install_info(sourcetype *source, char *buf, size_t len);