@@ -53,6 +53,10 @@ struct decryption_key {
static struct decryption_key *aes_key = NULL;
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+static struct decryption_key *tmp_aes_key = NULL;
+#endif
+
/*
* Configuration file for fw_env.config
*/
@@ -537,6 +541,20 @@ bool is_hex_str(const char *ascii) {
return true;
}
+bool is_valid_aes_keylen(size_t keylen_ascii)
+{
+ switch (keylen_ascii) {
+ case AES_128_KEY_LEN * 2:
+ case AES_192_KEY_LEN * 2:
+ case AES_256_KEY_LEN * 2:
+ // valid hex string size for AES 128/192/256
+ return true;
+ default:
+ ERROR("Invalid AES key length");
+ return false;
+ }
+}
+
int set_aes_key(const char *key, const char *ivt)
{
int ret;
@@ -565,17 +583,12 @@ int set_aes_key(const char *key, const char *ivt)
strncpy(aes_key->key, key, keylen);
#else
keylen = strlen(key);
- switch (keylen) {
- case AES_128_KEY_LEN * 2:
- case AES_192_KEY_LEN * 2:
- case AES_256_KEY_LEN * 2:
- // valid hex string size for AES 128/192/256
- aes_key->keylen = keylen / 2;
- break;
- default:
- ERROR("Invalid aes_key length");
+
+ if (!is_valid_aes_keylen(keylen))
return -EINVAL;
- }
+
+ aes_key->keylen = keylen / 2;
+
ret |= !is_hex_str(key);
ret |= ascii_to_bin(aes_key->key, aes_key->keylen, key);
#endif
@@ -588,6 +601,55 @@ int set_aes_key(const char *key, const char *ivt)
return 0;
}
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+int set_tmp_aes_key(const char *key_ascii)
+{
+ size_t keylen;
+
+ if (!tmp_aes_key) {
+ tmp_aes_key = (struct decryption_key *)calloc(1, sizeof(*tmp_aes_key));
+ if (!tmp_aes_key)
+ return -ENOMEM;
+ }
+
+ keylen = strlen(key_ascii);
+
+ if (!is_valid_aes_keylen(keylen))
+ return -EINVAL;
+
+ tmp_aes_key->keylen = keylen / 2;
+
+ if (!is_hex_str(key_ascii) || ascii_to_bin(tmp_aes_key->key, tmp_aes_key->keylen, key_ascii)) {
+ ERROR("Invalid tmp aes_key");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+unsigned char *get_tmp_aes_key(void)
+{
+ if (!tmp_aes_key)
+ return NULL;
+ return tmp_aes_key->key;
+}
+
+char get_tmp_aes_keylen(void)
+{
+ if (!tmp_aes_key)
+ return -1;
+ return tmp_aes_key->keylen;
+}
+
+void clear_tmp_aes_key(void)
+{
+ if (!tmp_aes_key)
+ return;
+ memset(tmp_aes_key->key, 0, sizeof(tmp_aes_key->key));
+ tmp_aes_key->keylen = 0;
+}
+#endif
+
const char *get_fwenv_config(void) {
if (!fwenv_config)
#if defined(CONFIG_UBOOT)
@@ -164,6 +164,7 @@ int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src);
void hash_to_ascii(const unsigned char *hash, char *s);
int IsValidHash(const unsigned char *hash);
bool is_hex_str(const char *ascii);
+bool is_valid_aes_keylen(size_t keylen_ascii);
#ifndef typeof
#define typeof __typeof__
@@ -237,13 +238,21 @@ bool check_same_file(int fd1, int fd2);
const char *get_fwenv_config(void);
void set_fwenv_config(const char *fname);
-/* Decryption key functions */
+/* Decryption key functions for the (default) aes-key */
int load_decryption_key(char *fname);
unsigned char *get_aes_key(void);
char get_aes_keylen(void);
unsigned char *get_aes_ivt(void);
int set_aes_key(const char *key, const char *ivt);
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+/* Decryption key functions for the temporary aes-key read from the sw-description */
+unsigned char *get_tmp_aes_key(void);
+char get_tmp_aes_keylen(void);
+int set_tmp_aes_key(const char *key_ascii);
+void clear_tmp_aes_key(void);
+#endif
+
/* Getting global information */
int get_install_info(sourcetype *source, char *buf, size_t len);
void get_install_swset(char *buf, size_t len);
Enhance functionality to allow temporary storage of an additional AES key, complementing existing functions for setting default AES key. Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> --- core/util.c | 82 ++++++++++++++++++++++++++++++++++++++++++++------ include/util.h | 11 ++++++- 2 files changed, 82 insertions(+), 11 deletions(-)