From patchwork Mon Jan 15 19:26:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886819 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=dz1Bx5ml; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=NJN486b+; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::340; helo=mail-wm1-x340.google.com; envelope-from=swupdate+bncbdy5juxlviebb7mos2wqmgqe5yllb2i@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wm1-x340.google.com (mail-wm1-x340.google.com [IPv6:2a00:1450:4864:20::340]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdc5GYBz23dm for ; Tue, 16 Jan 2024 06:29:07 +1100 (AEDT) Received: by mail-wm1-x340.google.com with SMTP id 5b1f17b1804b1-40e74771019sf11302395e9.3 for ; Mon, 15 Jan 2024 11:29:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346942; cv=pass; d=google.com; s=arc-20160816; b=DC33GrN73Gr3PreKKCeCIVNsQ91CFbH+ZdN5EeuX4NlVxfiTvcxl5aXYWQKersCA+P Nje5WRE0STZgL+idnfAH8Emp9PavcLcyEI3MHeEgPn7A6qib1p36VVADMfxa52bdCdhZ y+V0M/p2e64qcFBRbiTEmyyslKgihZzPw6U/MPD4VcgyYLQm+jvHb+IqGieKbD1fwaQ/ sbIaBxJCW5YSwU/TgYwZ59NBJ5BQwGu9grAvqZEAZuM2ykjKDzBN/MYDTbMYldHfNVVL Wz2pyi6PLdn1sibgjc4M/gF6IkaroihFWfu6Trl/fxmFzOTOPMpBz62ImvXo1Cl6RHaj gceQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=KlNyaiyjuNtqXoCpBZcpBbk2+NjH+VzKqPObH6CpwtA=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=dYiyRssns7bL/FkBaAW4OSzTKQsfoXsA1FXEu1yUp2KIkhaWLmtmCQ3BnGEo0+5CWy 87Mn8MN/7XTjEFii4AFIRKPBk+M1Cravja90aheqHttauljsM4xeUwM6PACUTa92ZlUk dnAwG7oa4JqQd5SOz/jNnBjzKdCnp8g+BZSKsI05laQAfaeztl0v7eFMKKWlA3vfj6YA NzwOYtfy65AOFXZiF1Yy8ax04mHbbwGrsBkZb+IQUlEGmBxdL65RTGVIm40m1jhdGjXq ABrv1bvVrMekmgC8bODYwPUcbUlLUCMJOk1OPnRi6SdFhranxz3ddaB2dS+acJm+CwlZ Nieg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="Zw/45uW4"; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346942; x=1705951742; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=KlNyaiyjuNtqXoCpBZcpBbk2+NjH+VzKqPObH6CpwtA=; b=dz1Bx5mlXh0aElhJuy7ipAmv0dWrfV1youX7KO5ZkXMKKnwoFsN8evhEJLO8E5fu5I yYo9zHYNPX3bRYcUpdMBTFJBkiFYOksLCB8I1xw8IlJcaMmO2sd/BQ6zrkl4cTzgjEeQ HdS0Z2BdSdLvoXCjdwWzgByF6XyDLh7b/jlSL9YW6vWBlnZITyIx3AUkAP0JddKakJcT Pjwp8li4wr/jPn1Kb0I11KKE+wjrftuBcLLcvpH8Q26ndV7Syi7RcNlKjq7NyZdU+T6F rT0blzGLecxxd+DxHV7dCnhVz4Vo2507JdWfmbQpZJZMqwnvML+RCnb/bnYHIH2dxIKq U8rA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346942; x=1705951742; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=KlNyaiyjuNtqXoCpBZcpBbk2+NjH+VzKqPObH6CpwtA=; b=NJN486b+aS7HtSCdGswj97pZF41s3uyA+N/CAnf7WKceBc1+onoO6WBgvLkQDM21Mg 1n2Q37uv+Z6tAwJt2yeY74CNAHQJahwj1rHPkwbiU4R7RRJY6L1LQ+nho2tvk7Q30YI3 74ZmKYa8w96OvF3zn1uyx4k0fiM18mgTkhpTv61tu/BIOiuvKLeMTByMCXAfgA9U8UcI 4YIfc6U3VynxDpAR8HAxL8xD8VA+pXjmNmYuuBhOCQAtIFt8CCO9qEHHO4JcdiKRSWXA tC9EeIeehmisduhvM7sXQQd5fFmsJbuzi7TRiCHcijE5CvpZdbwhxIV92gh3wCJHP4/C 60KA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346942; x=1705951742; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=KlNyaiyjuNtqXoCpBZcpBbk2+NjH+VzKqPObH6CpwtA=; b=eb5U8wBCjrzuQP25c+5adXo87oM6VJ52L+tSJqY5HZybkTXlrKg/uwj0sYhOxJSPRT ypcq0dwrSStS3MGnIv6b6bd60L1zn7jfkoiUTvQwwQfZLQ+uCx4kSWnsSLL74gi4BREe DDMrCCKOfxakPUrUqA7hYsvn8/pf2rrIksseIWjngnvyvZZbOMBpHKAU1b5Npi2Q56JI jvuceMokNjHTCr+R5pd+uMGlJjx8tFlTqf6jHbXx4/QGykS1CvNQ1Df1dgy39LoeMfy4 i6SwiYWJ7u9HosS+qSa46p3w9OsTXKs2SXFY/nnqxpLadykQ24vWwpTGBxSzDZG5R/FU UfhA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0Yw4vkU9tcYBlf71iTP5Bwy/9BzKt8A0/z1TCpTHne58J3GLz40x C8hL2jkLSQEi/OKvfnnm0X4= X-Google-Smtp-Source: AGHT+IGae8RumaB2Noo3W0JkuD5yqdHg2Kl4XPZg77C2TyB3EvTvpTaGYPMu43pREJ8btcEaZwMkeQ== X-Received: by 2002:a1c:6a05:0:b0:40e:61f1:bc1 with SMTP id f5-20020a1c6a05000000b0040e61f10bc1mr1800570wmc.197.1705346941947; Mon, 15 Jan 2024 11:29:01 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:600c:1c16:b0:40e:6638:fb36 with SMTP id j22-20020a05600c1c1600b0040e6638fb36ls1206293wms.2.-pod-prod-08-eu; Mon, 15 Jan 2024 11:29:00 -0800 (PST) X-Received: by 2002:a7b:ca55:0:b0:40e:43d0:8a10 with SMTP id m21-20020a7bca55000000b0040e43d08a10mr1779500wml.129.1705346939715; Mon, 15 Jan 2024 11:28:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346939; cv=none; d=google.com; s=arc-20160816; b=tX6n8Z9YvSOF50uOpUCBGCjH2hT8ykqXSWmGGMYsIntBMxCdgTqVOnGrAIDes0HCjR gFL5SUHdewfT4YvF6OugpIlS0uNxCnJn26Cd1aBTzPirzz9cq9h4nWawBbKztvMAmcjp fRFclxN/Yx1DzPcooEtsDoRzBoXpvFQUR0kmDHjeADep21+IIgus5SJKvFdeJTQSHCyu 3BdmdI6tiYdAtbmtMhFGJWnN9ey0oqnF8K+hr2Ka9YBb18PC5eF1sRPVv37z3qRZlZWj mjCFPmr9qGUi8wCKRVFwEBdBGcaYSDGCR3RzDd4AO1JnPi99dyuhgZdIntAayR6sMSdE 2O3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=zHjeCMcYOLk0SvcIPdw92PypKzZvgVYBtirhIBB4gFk=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=xHS7PIWG4erEAwTqjo6nFFj+walU4G++/zJ0d/QaM1k5L4K5MTBH5nkZz3l5dWJP+S IypXYNOb9vRKyxEkVsRCbhZUKFPVhEndgdlIrjSXdQZxlZoQi3A/WpR4LMtbVQWVDGOC xWZzHieFfDM1OCnRiTzQvwrDUp0V+X8+cEYy/C/n9Ms53ItPmilWwbHUJB1tZc5+l1ka BcNHNyeF0NPbCVs2wKKwbxb91ch21SODr4S7TB2BwVBOCrISKwAYE6mQl5mBz4mwZWI2 QBw2aKForFT46uxOi5XjAeBfIbcM0jOffD1t+aOaoHvaWrzBBuBZdgVeRB9AZBOuUotN XqZg== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="Zw/45uW4"; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com. [2a00:1450:4864:20::636]) by gmr-mx.google.com with ESMTPS id co11-20020a0560000a0b00b0033776a5f33fsi316609wrb.1.2024.01.15.11.28.59 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:28:59 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) client-ip=2a00:1450:4864:20::636; Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-a293f2280c7so1068708466b.1 for ; Mon, 15 Jan 2024 11:28:59 -0800 (PST) X-Received: by 2002:a17:906:594:b0:a2c:aa85:24d9 with SMTP id 20-20020a170906059400b00a2caa8524d9mr1264709ejn.23.1705346938939; Mon, 15 Jan 2024 11:28:58 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.28.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:28:58 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 2/8] util: Add functions for set/get temporary AES key Date: Mon, 15 Jan 2024 20:26:39 +0100 Message-ID: <20240115192845.51530-3-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="Zw/45uW4"; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Enhance functionality to allow temporary storage of an additional AES key, complementing existing functions for setting default AES key. Signed-off-by: Michael Glembotzki --- core/util.c | 82 ++++++++++++++++++++++++++++++++++++++++++++------ include/util.h | 11 ++++++- 2 files changed, 82 insertions(+), 11 deletions(-) diff --git a/core/util.c b/core/util.c index 99ed628..396d7d7 100644 --- a/core/util.c +++ b/core/util.c @@ -53,6 +53,10 @@ struct decryption_key { static struct decryption_key *aes_key = NULL; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION +static struct decryption_key *tmp_aes_key = NULL; +#endif + /* * Configuration file for fw_env.config */ @@ -537,6 +541,20 @@ bool is_hex_str(const char *ascii) { return true; } +bool is_valid_aes_keylen(size_t keylen_ascii) +{ + switch (keylen_ascii) { + case AES_128_KEY_LEN * 2: + case AES_192_KEY_LEN * 2: + case AES_256_KEY_LEN * 2: + // valid hex string size for AES 128/192/256 + return true; + default: + ERROR("Invalid AES key length"); + return false; + } +} + int set_aes_key(const char *key, const char *ivt) { int ret; @@ -565,17 +583,12 @@ int set_aes_key(const char *key, const char *ivt) strncpy(aes_key->key, key, keylen); #else keylen = strlen(key); - switch (keylen) { - case AES_128_KEY_LEN * 2: - case AES_192_KEY_LEN * 2: - case AES_256_KEY_LEN * 2: - // valid hex string size for AES 128/192/256 - aes_key->keylen = keylen / 2; - break; - default: - ERROR("Invalid aes_key length"); + + if (!is_valid_aes_keylen(keylen)) return -EINVAL; - } + + aes_key->keylen = keylen / 2; + ret |= !is_hex_str(key); ret |= ascii_to_bin(aes_key->key, aes_key->keylen, key); #endif @@ -588,6 +601,55 @@ int set_aes_key(const char *key, const char *ivt) return 0; } +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION +int set_tmp_aes_key(const char *key_ascii) +{ + size_t keylen; + + if (!tmp_aes_key) { + tmp_aes_key = (struct decryption_key *)calloc(1, sizeof(*tmp_aes_key)); + if (!tmp_aes_key) + return -ENOMEM; + } + + keylen = strlen(key_ascii); + + if (!is_valid_aes_keylen(keylen)) + return -EINVAL; + + tmp_aes_key->keylen = keylen / 2; + + if (!is_hex_str(key_ascii) || ascii_to_bin(tmp_aes_key->key, tmp_aes_key->keylen, key_ascii)) { + ERROR("Invalid tmp aes_key"); + return -EINVAL; + } + + return 0; +} + +unsigned char *get_tmp_aes_key(void) +{ + if (!tmp_aes_key) + return NULL; + return tmp_aes_key->key; +} + +char get_tmp_aes_keylen(void) +{ + if (!tmp_aes_key) + return -1; + return tmp_aes_key->keylen; +} + +void clear_tmp_aes_key(void) +{ + if (!tmp_aes_key) + return; + memset(tmp_aes_key->key, 0, sizeof(tmp_aes_key->key)); + tmp_aes_key->keylen = 0; +} +#endif + const char *get_fwenv_config(void) { if (!fwenv_config) #if defined(CONFIG_UBOOT) diff --git a/include/util.h b/include/util.h index 062840f..f4a67ef 100644 --- a/include/util.h +++ b/include/util.h @@ -164,6 +164,7 @@ int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src); void hash_to_ascii(const unsigned char *hash, char *s); int IsValidHash(const unsigned char *hash); bool is_hex_str(const char *ascii); +bool is_valid_aes_keylen(size_t keylen_ascii); #ifndef typeof #define typeof __typeof__ @@ -237,13 +238,21 @@ bool check_same_file(int fd1, int fd2); const char *get_fwenv_config(void); void set_fwenv_config(const char *fname); -/* Decryption key functions */ +/* Decryption key functions for the (default) aes-key */ int load_decryption_key(char *fname); unsigned char *get_aes_key(void); char get_aes_keylen(void); unsigned char *get_aes_ivt(void); int set_aes_key(const char *key, const char *ivt); +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION +/* Decryption key functions for the temporary aes-key read from the sw-description */ +unsigned char *get_tmp_aes_key(void); +char get_tmp_aes_keylen(void); +int set_tmp_aes_key(const char *key_ascii); +void clear_tmp_aes_key(void); +#endif + /* Getting global information */ int get_install_info(sourcetype *source, char *buf, size_t len); void get_install_swset(char *buf, size_t len);