From patchwork Thu Aug 17 14:15:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Storm, Christian" X-Patchwork-Id: 802696 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:400c:c0c::23d; helo=mail-wr0-x23d.google.com; envelope-from=swupdate+bncbdd6bwv65qpbby6l23gakgqe4i4lx3y@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="gSYOrA0U"; dkim-atps=neutral Received: from mail-wr0-x23d.google.com (mail-wr0-x23d.google.com [IPv6:2a00:1450:400c:c0c::23d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3xY7d30frFz9t42 for ; Fri, 18 Aug 2017 00:19:18 +1000 (AEST) Received: by mail-wr0-x23d.google.com with SMTP id f8sf15393wrf.3 for ; Thu, 17 Aug 2017 07:19:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1502979556; cv=pass; d=google.com; s=arc-20160816; b=T7JkHZKygkTP/VSUnHajNQuAAH5G7LHpHTF9U/ezxHXv68J50CzcJN3rzdi1G46AMK RpWm6eBFGE5dUUITdeBRrDs1h7x7EArQ35FP3lxBOcRcykpKGvQPDFV2G7SGzAePQakv 7qp26YUzqiN6CjNiRIQ9ayIvLbmBcJQ5ZLkHZ66uj3rdP5OhS3kgz2aZzTFV1f7Ff1IK /BS1FvyikWHSjo7VV4lc0CHe8zyYxvwKe2PhiJTOEZ1iQQLSY/N1vsm3kHbMt4b8KQlr ACEeGka7J0bbkySHFyD6296WT4aJ4sgy91Weki+vHWkp5V/PyAMrf6zac/FMss1VS+6K LxvA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:message-id:date:subject:cc:to:from :arc-authentication-results:arc-message-signature:mime-version :sender:dkim-signature:arc-authentication-results; bh=w5L09qoVDEPfqWvSMzyW8nWvDOnDVL9ZXppiYZPL8qc=; b=DxhQ4BbFaVN+xeH0qmfX58yJzB0Tio1nviVAhJAbiqL02YZkjkpjTlVuTs7mfLjVKy vCxwPZjjGbMhWYVPNKYen0SE+QIwX6nC0crXsoOHD2PONTA7UZCKR0Cd1FmgDgs13kR6 0Be6TL65ptEOorty86uem3/justVOHn/oZI+nFvCT4MoHuceJ9DaUT5SMUuP5a4Ew+zC Y88xF00TzV+arfUK+8fs2vcNJd4QjetWAbz42eYQ6wpbI2shO9Rdc7n96jfpM3s5eEl3 KBbVbuxmy52EL/Ol3Zs2tjQzOfZtfrZxVNCna4dAE8ym/89jM77Ba1CWrYmJ2yoY6Oi1 fmkQ== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=neutral (google.com: 192.35.17.14 is neither permitted nor denied by best guess record for domain of christian.storm@siemens.com) smtp.mailfrom=christian.storm@siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:mime-version:from:to:cc:subject:date:message-id :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=w5L09qoVDEPfqWvSMzyW8nWvDOnDVL9ZXppiYZPL8qc=; b=gSYOrA0UcqW+IaW87vQI655SHFZfj9jFinFikzOtGXkIhQa2B9+/TCMmAObVXEnHbA 4kj0XxoqWW9dy6X/hiDcO/zD0u6/+DDDg7Ffsr52Cnzo+e2P+P1Q9fvHwQlj/mg6uUR5 Q8K5s7Q1QezaM0QwAmDq1SYxRGNYSQRpYjHIq2x5TXMMO5KlRfZRSbYICNS820xsJ0zL Qvsgovxr7rPCPt9C3ou+9TNzPod7RqiTJGD4/l4Ir6NgCH2Jfd+bzUJfU681t8SnZKiK SjiJDpMunLdr2hbBMU087pac/gDmhY716WTt2y/opdujOt3O9jj7xWqMt+v2eofcvUnh DGFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date :message-id:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=w5L09qoVDEPfqWvSMzyW8nWvDOnDVL9ZXppiYZPL8qc=; b=BnK3soub55BdUPb8YRylKB9/+FS0MzCeps3HBDew1PsxqMuQKWjXWHM8IUlephU5dW DNIWZ/IrbP2OrLr8FeLQqjrIdIcRcPX/6L5LiM6G2jIgzgC9JDicf1x8/8D474lBbAJS PiUC0IdhvMiGVFRClRh/fewzc/MF8yVnNmRvL4JpeSNsbnmfcO+Jdce/RnQVRuKck2Zb bBn2675GhPqhM8b2XZkVdu2p5vsK8NPXfMKvpNx8MN+8vUtBf9yIHet0aqZ9/I8ycWjS l/9gnmaR5wpqvu8m8UgVarxidpZneSp4K2uD0P0ZYuqDQgWcLw4iGzrKhQBDLdpCUPlt W9mA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AHYfb5jybr4KRMEKbL2xkkhQLOgRy6ozqbmy8n1dtfUIRU8DjSQM5mVo +l4TBoall/ZlhQ== X-Received: by 10.46.32.135 with SMTP id g7mr10630lji.18.1502979555794; Thu, 17 Aug 2017 07:19:15 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: swupdate@googlegroups.com Received: by 10.25.143.82 with SMTP id r79ls230595lfd.32.gmail; Thu, 17 Aug 2017 07:19:15 -0700 (PDT) X-Received: by 10.46.82.212 with SMTP id n81mr932156lje.9.1502979555253; Thu, 17 Aug 2017 07:19:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1502979555; cv=none; d=google.com; s=arc-20160816; b=yafKuOrqwaepKUrqzP24EfqhLMOsdNNew/aKiqqcEj0fChpLdzdgGWbjyLze4/56eJ /gz3rCiPUHo0O+lYZDgGNfNvZ1s4qN4MbqW9IsYe42RpukcHMZ4WTAAVzeIYG+9eYJz7 zynizq+DDCMxMbc8TwPEZe93sZ3JBJzLlCInIFglv+FtOmR/JQ8oqhxUdO8wDlPwjiJg 20gKCc8UkzJBOmXUr2pS/37vHzN8NUTfHmME2PDqaWuBzaFbaSezKTvoDZQ6F/OBFDdg UOecEtJf3RN6quZX9D6so5sh/T77P1GrsmBhLMQk9sTyh0sH832iA7U6DokbKnZQBF3h zvZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from:arc-authentication-results; bh=cB3QNEU8S/vTf2ME/KdAkiA3siU/9b2hQG6/xBNNYAQ=; b=DjiTMXaqIJrFfKEIOxHLL7iql7W7VP2g75szG+1kbOelH3UdEvvk4NmbYRIVk2EVPc TEBKru1x5miBhlSNYEUXqyid25QELhjZl7cqmXVIqNRInTfOlx7DtqSm/7sXtutAeS/E QYCZBGSbbC+WJmR5tEUug48Oqg8UKbmdgt8X52JSMtZIg8eXsKg8UGQ4eGaUcR1otE7w hMsPsCqYM3QNgqw8Q/FfEuQ8z3wH4Tc4olNH7xFtqXJQ56Tyaiv22uTK8tpg2XZ6Vdl7 0MLAz65nSNaIrzOSQO1jdeTSqFe7KJ9zd/Fl/ToqZfE85+pPbEkccQ7fL3+0Lo3F7zKa 6PRA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 192.35.17.14 is neither permitted nor denied by best guess record for domain of christian.storm@siemens.com) smtp.mailfrom=christian.storm@siemens.com Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id n126si1553566wma.7.2017.08.17.07.19.15 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 17 Aug 2017 07:19:15 -0700 (PDT) Received-SPF: neutral (google.com: 192.35.17.14 is neither permitted nor denied by best guess record for domain of christian.storm@siemens.com) client-ip=192.35.17.14; Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id v7HEJEGI000708 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 17 Aug 2017 16:19:14 +0200 Received: from MD1KR9XC.ww002.siemens.net ([139.25.68.253]) by mail2.siemens.de (8.15.2/8.15.2) with ESMTP id v7HEJEvc031432; Thu, 17 Aug 2017 16:19:14 +0200 From: Christian Storm To: swupdate@googlegroups.com Cc: Christian Storm Subject: [swupdate] [PATCH resent 1/2] crypt: add support for using salt Date: Thu, 17 Aug 2017 16:15:45 +0200 Message-Id: <20170817141546.31426-1-christian.storm@siemens.com> X-Mailer: git-send-email 2.14.1 X-Original-Sender: christian.storm@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 192.35.17.14 is neither permitted nor denied by best guess record for domain of christian.storm@siemens.com) smtp.mailfrom=christian.storm@siemens.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Support OpenSSL symmetric image encryption using salt. For backwards compatibility, also support symmetric image encryption without salt. Signed-off-by: Christian Storm --- core/cpio_utils.c | 4 +++- core/util.c | 53 ++++++++++++++++++++++++++++++++--------- corelib/swupdate_decrypt.c | 20 ++++++++++++++-- doc/source/encrypted_images.rst | 28 ++++++++++++++-------- include/sslapi.h | 4 ++-- include/util.h | 1 + 6 files changed, 84 insertions(+), 26 deletions(-) diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 7834a89..c3df86f 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -130,6 +130,7 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi unsigned int md_len = 0; unsigned char *aes_key; unsigned char *ivt; + unsigned char *salt; if (!callback) { callback = copy_write; @@ -166,7 +167,8 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi aes_key = get_aes_key(); ivt = get_aes_ivt(); - dcrypt = swupdate_DECRYPT_init(aes_key, ivt); + salt = get_aes_salt(); + dcrypt = swupdate_DECRYPT_init(aes_key, ivt, salt); if (!dcrypt) { ERROR("decrypt initialization failure, aborting"); ret = -EFAULT; diff --git a/core/util.c b/core/util.c index fc8e282..b714f29 100644 --- a/core/util.c +++ b/core/util.c @@ -31,9 +31,15 @@ #include "util.h" #include "generated/autoconf.h" +/* + * key is 256 bit for aes_256 + * ivt is 128 bit + * salt is 64 bit + */ struct decryption_key { unsigned char key[32]; unsigned char ivt[16]; + unsigned char salt[8]; }; static struct decryption_key *aes_key = NULL; @@ -276,6 +282,10 @@ static int ascii_to_bin(unsigned char *hash, const char *s, size_t len) unsigned int i; unsigned int val; + if (s == NULL) { + return 0; + } + if (len % 2) return -EINVAL; if (strlen(s) == len) { @@ -339,14 +349,29 @@ int count_elem_list(struct imglist *list) int load_decryption_key(char *fname) { FILE *fp; - char *b1, *b2; + char *b1 = NULL, *b2 = NULL, *b3 = NULL; int ret; fp = fopen(fname, "r"); if (!fp) return -EBADF; - ret = fscanf(fp, "%ms %ms", &b1, &b2); + ret = fscanf(fp, "%ms %ms %ms", &b1, &b2, &b3); + switch (ret) { + case 2: + b3 = NULL; + DEBUG("Read decryption key and initialization vector from file %s.", fname); + break; + case 3: + DEBUG("Read decryption key, initialization vector, and salt from file %s.", fname); + break; + default: + if (b1 != NULL) + free(b1); + fprintf(stderr, "File with decryption key is not in the format nor \n"); + fclose(fp); + return -EINVAL; + } fclose(fp); if (aes_key) @@ -356,16 +381,16 @@ int load_decryption_key(char *fname) if (!aes_key) return -ENOMEM; - if (ret != 2) { - fprintf(stderr, "File with decryption key is in the format \n"); - return -EINVAL; - } + ret = ascii_to_bin(aes_key->key, b1, sizeof(aes_key->key) * 2) | + ascii_to_bin(aes_key->ivt, b2, sizeof(aes_key->ivt) * 2) | + ascii_to_bin(aes_key->salt, b3, sizeof(aes_key->salt) * 2); - /* - * Key is for aes_256, it must be 256 bit - * and IVT is 128 bit - */ - ret = ascii_to_bin(aes_key->key, b1, 64) | ascii_to_bin(aes_key->ivt, b2, 32); + if (b1 != NULL) + free(b1); + if (b2 != NULL) + free(b2); + if (b3 != NULL) + free(b3); if (ret) { fprintf(stderr, "Keys are invalid\n"); @@ -387,6 +412,12 @@ unsigned char *get_aes_ivt(void) { return aes_key->ivt; } +unsigned char *get_aes_salt(void) { + if (!aes_key) + return NULL; + return aes_key->salt; +} + char** string_split(char* s, const char d) { char** result = 0; diff --git a/corelib/swupdate_decrypt.c b/corelib/swupdate_decrypt.c index 8e092c8..24a6c5c 100644 --- a/corelib/swupdate_decrypt.c +++ b/corelib/swupdate_decrypt.c @@ -28,7 +28,7 @@ #include "sslapi.h" #include "util.h" -struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv) +struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv, unsigned char *salt) { struct swupdate_digest *dgst; int ret; @@ -38,11 +38,27 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char return NULL; } + const EVP_CIPHER *cipher = EVP_aes_256_cbc(); + dgst = calloc(1, sizeof(*dgst)); if (!dgst) { return NULL; } + if (salt != NULL) { + unsigned char dummy_key[EVP_MAX_KEY_LENGTH]; + unsigned char dummy_iv[EVP_MAX_IV_LENGTH]; + unsigned char dummy_pwd[5] = "DUMMY"; + if (!EVP_BytesToKey(cipher, EVP_sha1(), salt, + dummy_pwd, sizeof(dummy_pwd), + 1, + (unsigned char *)&dummy_key, (unsigned char *)&dummy_iv)) { + ERROR("Cannot set salt."); + free(dgst); + return NULL; + } + } + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) EVP_CIPHER_CTX_init(&dgst->ctxdec); #else @@ -63,7 +79,7 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char /* * Check openSSL documentation for return errors */ - ret = EVP_DecryptInit_ex(SSL_GET_CTXDEC(dgst), EVP_aes_256_cbc(), NULL, key, iv); + ret = EVP_DecryptInit_ex(SSL_GET_CTXDEC(dgst), cipher, NULL, key, iv); if (ret != 1) { ERROR("Decrypt Engine not initialized, error 0x%lx\n", ERR_get_error()); free(dgst); diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst index 4358126..a7d85a2 100644 --- a/doc/source/encrypted_images.rst +++ b/doc/source/encrypted_images.rst @@ -14,35 +14,43 @@ A complete documentation can be found at the :: - openssl enc -aes-256-cbc -k -nosalt -P -md sha1 + openssl enc -aes-256-cbc -k -P -md sha1 The key and initialization vector is generated based on the given ````. The output of the above command looks like this: :: - key=B60D121B438A380C343D5EC3C2037564B82FFEF3542808AB5694FA93C3179140 - iv =20578C4FEF1AEE907B1DC95C776F8160 - + salt=CE7B0488EFBF0D1B + key=B78CC67DD3DC13042A1B575184D4E16D6A09412C242CE253ACEE0F06B5AD68FC + iv =65D793B87B6724BB27954C7664F15FF3 Then, encrypt an image using this information via :: - openssl enc -aes-256-cbc -in -out -K -iv + openssl enc -aes-256-cbc -in -out -K -iv -S where ```` is the unencrypted source image file and ```` is the encrypted output image file to be referenced in ``sw-description``. -```` is the hex value part of the first line of output from the key generation -command above and ```` is the hex value part of the second line. +```` is the hex value part of the 2nd line of output from the key generation +command above, ```` is the hex value part of the 3rd line, and ```` is +the hex value part of the 1st line. Then, create a key file to be supplied to SWUpdate via the `-K` switch by -putting the key and initialization vector hex values on one line separated by -whitespace, e.g., for above example values +putting the key, initialization vector, and salt hex values on one line +separated by whitespace, e.g., for above example values :: - B60D121B438A380C343D5EC3C2037564B82FFEF3542808AB5694FA93C3179140 20578C4FEF1AEE907B1DC95C776F8160 + B78CC67DD3DC13042A1B575184D4E16D6A09412C242CE253ACEE0F06B5AD68FC 65D793B87B6724BB27954C7664F15FF3 CE7B0488EFBF0D1B + + +Note that, while not recommended and for backwards compatibility, OpenSSL may be +used without salt. For disabling salt, add the ``-nosalt`` parameter to the key +generation command above. Accordingly, drop the ``-S `` parameter in the +encryption command and omit the 3rd field of the key file to be supplied to +SWUpdate being the salt. Example sw-description with Encrypted Image diff --git a/include/sslapi.h b/include/sslapi.h index 500db7c..1df656d 100644 --- a/include/sslapi.h +++ b/include/sslapi.h @@ -106,7 +106,7 @@ int swupdate_HASH_compare(unsigned char *hash1, unsigned char *hash2); #endif #ifdef CONFIG_ENCRYPTED_IMAGES -struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv); +struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv, unsigned char *salt); int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf, int *outlen, unsigned char *cryptbuf, int inlen); int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf, @@ -117,7 +117,7 @@ void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst); * Note: macro for swupdate_DECRYPT_init is * just to avoid compiler warnings */ -#define swupdate_DECRYPT_init(key, iv) (((key != NULL) | (ivt != NULL)) ? NULL : NULL) +#define swupdate_DECRYPT_init(key, iv, salt) (((key != NULL) | (ivt != NULL) | (salt != NULL)) ? NULL : NULL) #define swupdate_DECRYPT_update(p, buf, len, cbuf, inlen) (-1) #define swupdate_DECRYPT_final(p, buf, len) (-1) #define swupdate_DECRYPT_cleanup(p) diff --git a/include/util.h b/include/util.h index 2d6f047..70a0acc 100644 --- a/include/util.h +++ b/include/util.h @@ -173,6 +173,7 @@ int count_elem_list(struct imglist *list); int load_decryption_key(char *fname); unsigned char *get_aes_key(void); unsigned char *get_aes_ivt(void); +unsigned char *get_aes_salt(void); /* Getting global information */ int get_install_info(sourcetype *source, char *buf, size_t len);