| Message ID | 20240115192845.51530-4-Michael.Glembotzki@iris-sensing.com |
|---|---|
| State | New |
| Delegated to: | Stefano Babic |
| Headers | show
Return-Path: <swupdate+bncBDY5JUXLVIEBB7UOS2WQMGQEWFYHKIA@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
unprotected) header.d=googlegroups.com header.i=@googlegroups.com
header.a=rsa-sha256 header.s=20230601 header.b=JJG4m1Cr;
dkim=pass (2048-bit key;
unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
header.s=20230601 header.b=MPEE8Xby;
dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
(client-ip=2a00:1450:4864:20::339; helo=mail-wm1-x339.google.com;
envelope-from=swupdate+bncbdy5juxlviebb7uos2wqmgqewfyhkia@googlegroups.com;
receiver=patchwork.ozlabs.org)
Received: from mail-wm1-x339.google.com (mail-wm1-x339.google.com
[IPv6:2a00:1450:4864:20::339])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdc6BN6z23dt
for <incoming@patchwork.ozlabs.org>; Tue, 16 Jan 2024 06:29:07 +1100 (AEDT)
Received: by mail-wm1-x339.google.com with SMTP id
5b1f17b1804b1-40e5332f6e4sf48479605e9.2
for <incoming@patchwork.ozlabs.org>;
Mon, 15 Jan 2024 11:29:07 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705346943; cv=pass;
d=google.com; s=arc-20160816;
b=0M18imwPWD++mO5e6AAAgYSuTwMIYT4Ka5xGqS2HOajFeAANIsdJzbG5xtuFQVhvdy
PHOv239QsfIn5rzry6pH+TcqS6mAa7J4zR+AUuZCHl3Aw4bZ3mB6yN8MK9MEPHMnXPWA
KJ5FEWBBndBgiZ42sDbqvnmaKxoXczhnZh0mLaHlSsdfaJwDZP+NZ7w+/1ydpiSnhP4u
AmLMnEYj1kqYVeYS3eY0NMj57aJwLCro+lNnO23E6buM56Tx+XLIz5umq/L18+6VF/9Y
wNa3L0Gq7mAW7FsXBIVS8Ojn8x9Kk+X4abNI380BxfceVGJl4rF+z/5/1GkB6wgfCgBK
1RUA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:sender:dkim-signature
:dkim-signature;
bh=py4osy6e9lUNEvEu1fUFssnK2e3EqEFatfy4JFPbD0U=;
fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=;
b=LxC5eqpHjoo9nOzPpzWQBiAryZmbItRfzKIdHzKk+9owV3tEKZ6N+hbo2KlYLgeDcT
+Uz0RiOSa0SpWpUSp7CXAMRDvFjafszH7fXhX2voeRJt0aeh8TaBxjU8VbWCloLHZGPC
7XCLuP1+dURyC7YKIFpvs1j3wvQSHg+Gx1Xbx4/4xnGk/rkPjgkaKLYM4WLMdx7aEH56
YFD/nMqK5ouZM8t6ijizf8nuldAtNN6WPY9UrIxjDSle5Cd43Wihh6n7gG+ByQJE+e4F
TgdHK2m6JU9na0zsbc/5W5nxb5QCWDg4M/QTIeSU4BNOeOfFjJ3yJL6huiNL9rEOS5wY
cCkw==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=BVWg9axG;
spf=pass (google.com: domain of m.glembo@gmail.com designates
2a00:1450:4864:20::62c as permitted sender) smtp.mailfrom=m.glembo@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1705346943; x=1705951743;
darn=patchwork.ozlabs.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:mime-version:references:in-reply-to:message-id
:date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=py4osy6e9lUNEvEu1fUFssnK2e3EqEFatfy4JFPbD0U=;
b=JJG4m1Crb9H8NX+s8Td80Jd4YlRGG2a0STtqrVIMjF18vLIG7MsRSp4tBEe1T1ABvh
41JYqgAh0hnpXuu/bIuNuEhM+qcwvZ96ZeMNWrN8DVTFe7DDpHwseZC0Fo5WS1Jb7pYX
hpZeLAUrGLnHfgznAoX9Wmv5SK+2YgMR3Tof5S9EwL4MksD7bCx2QDGahbcB5naVkHpI
QYTJ1W5ZIhaO3MiTDwHQhn83xHB9yrKN9ONAFtcdSblNuwOZlcYpHsVZidT420ctVVRz
hJbS6yEVjSn8kl3XXc5bkdKMbzWP3p6AffGO8GrPw4HAasHgzoP6oNFFGdkoXPeg5OdM
SfmA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1705346943; x=1705951743;
darn=patchwork.ozlabs.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:mime-version:references:in-reply-to:message-id
:date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=py4osy6e9lUNEvEu1fUFssnK2e3EqEFatfy4JFPbD0U=;
b=MPEE8Xby5yMUOb9uBB7G+I0bKFOAYBF/f0oBOBnIxXDvYr6FVA85IBaz0J8HZG46X8
riNiUBGQuZN1rr50rUZc4pw5Mr0jBsEtvq7Ys9CapLMwaoHPb06eGyTXExrFiaZBR2Li
MwMWuhLh7QI0opZ2L/XXO5O1TBHeYNzI2j3F+OSyvrgBXMHfnsDIhbzCRmfUD4Bs4tHJ
iE/1EJAhu7b4bM+YBNDy1HbSOi8A1LJGEBzj28p96GIpzSXxkdX25jUIIKfLdhEBCvof
wBko2n6mlFRLAQ9M28V41KotcHTxP+Et0nL3F42D/SVO3UJITt3OtwDqrp/3ews5eofZ
3DOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1705346943; x=1705951743;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:x-spam-checked-in-group:list-id:mailing-list:precedence
:x-original-authentication-results:x-original-sender:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=py4osy6e9lUNEvEu1fUFssnK2e3EqEFatfy4JFPbD0U=;
b=Y0lBrO+QNkev491VywYUANuZOFXkN7YnRA17bSTWIHVH8lb/6lM0wqID45vaRVschY
NcASX2fmoG1K88ME/8xRd6xLjHrSPu3GdfO3uBebjs1p70sJVymO+f8aJryRJWU28YEd
4zzK+IryoUoT2HWIaBO8ZFGfD5c7GdqkfCDDB5p7em1t4qmKY4b2eZUEn9eDow5cBn+8
iti2TX+NCekUbsInlQ2UXqKXH7ngcCdXbM6EuUMixt5oOHUSWJunM9kGCthscNEZE2ue
4IjybFrsF+l9IdkCF11KgXeI4MEbjQciQZCvpNSVYR9Jmmt6YHCB4Std99aAIsG9Mumz
mxdg==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOJu0Yz05gtQrQee1mfO2daAhwpBFgVrTfJTKV1bZLv1vX74lQMw4QYc
gQ1jcNTsXOx3ELsrcR/dnMc=
X-Google-Smtp-Source:
AGHT+IGjujyc+fbhXLISmJSaGq0nCkjv8uwIVpmLmTypWDPg7TbdcrV07I53bbfgvuxz0hkOtENzMg==
X-Received: by 2002:a05:600c:4b10:b0:40d:5d53:b8ec with SMTP id
i16-20020a05600c4b1000b0040d5d53b8ecmr1745118wmp.351.1705346942743;
Mon, 15 Jan 2024 11:29:02 -0800 (PST)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:600c:548c:b0:40e:6273:a607 with SMTP id
iv12-20020a05600c548c00b0040e6273a607ls1206671wmb.1.-pod-prod-08-eu; Mon, 15
Jan 2024 11:29:01 -0800 (PST)
X-Received: by 2002:a05:600c:2046:b0:40d:477c:197 with SMTP id
p6-20020a05600c204600b0040d477c0197mr1522556wmg.130.1705346940741;
Mon, 15 Jan 2024 11:29:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1705346940; cv=none;
d=google.com; s=arc-20160816;
b=BeKpyo0txn5zikthwaGuWGtgvOyTfn4yR6hzG9LnSphg5CkTnN7ts3l4PGDM6l6jx6
5C5AYQPZBxsKwVbsYbEo0i6AUZR1R9VTVr2lJLL53wGtaxgWlG1rpzsAKu6UbHDR4jbB
gSbrYiyIr7P2PMtK3ehzUtZAJEVQ0JfrfUeYR2yCUVWyq6u+1q563k4wyB6BfeG4CCnV
8L8FOw+WE+Bs01QaFe65aSj9P4m7RUDcCYlWhoKxINRYqxFvTAB4Kc/kmtWk/9F8DDBG
XBJ7sEUSSW+2RprIVp38F1E+KX699HN/QTbS5JK0kd6nDKkOE685zl5Z3SM604ZaBSrr
sRCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:dkim-signature;
bh=2xPrVy01wnLQI9aZHCv+PR9zM38UiTlN/TklOOktv20=;
fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=;
b=mrPRgHoSWq4gubGCMGIvbRPcp1QRz6Ge8h/0FN17QrEtNAAWGW4CpYnoMSql6/QDyy
CTi6WVGavhcZlh0caIMkvl1joB5E73a1xd47S0tPXmBaItH16594rBKTyrhytPXA3r80
5cgIR5GaVJuxPlGBTy0zYQ08rOxyt7hulDHf4s/73M69NMKhcNcPkn3hS1ToSX3qP/w1
aVX39GyX4Io4Z7iLHoJyr8X05GS7oaNnYr8tMFQzXHOA753iwImBKiiwo/4DOnixZWYL
06UdteFHAwCm4YWjkVed/12D+HP2bZ8mTCFE0rvALG9J8O4Y/ppwA+TrDDJyWyjv+gdW
jntA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=BVWg9axG;
spf=pass (google.com: domain of m.glembo@gmail.com designates
2a00:1450:4864:20::62c as permitted sender) smtp.mailfrom=m.glembo@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com.
[2a00:1450:4864:20::62c])
by gmr-mx.google.com with ESMTPS id
ay37-20020a05600c1e2500b0040e6faed82asi170325wmb.0.2024.01.15.11.29.00
for <swupdate@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Mon, 15 Jan 2024 11:29:00 -0800 (PST)
Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates
2a00:1450:4864:20::62c as permitted sender) client-ip=2a00:1450:4864:20::62c;
Received: by mail-ej1-x62c.google.com with SMTP id
a640c23a62f3a-a27733ae1dfso1054614066b.3
for <swupdate@googlegroups.com>; Mon, 15 Jan 2024 11:29:00 -0800 (PST)
X-Received: by 2002:a17:906:4716:b0:a2b:63ca:cee0 with SMTP id
y22-20020a170906471600b00a2b63cacee0mr1603688ejq.11.1705346939948;
Mon, 15 Jan 2024 11:28:59 -0800 (PST)
Received: from PC-2635.irisgmbh.local
(dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41])
by smtp.gmail.com with ESMTPSA id
tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.28.59
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 15 Jan 2024 11:28:59 -0800 (PST)
From: Michael Glembotzki <m.glembo@gmail.com>
To: swupdate@googlegroups.com
Cc: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com>
Subject: [swupdate] [V4][PATCH 3/8] parser: Read temporary AES key from
sw-description
Date: Mon, 15 Jan 2024 20:26:40 +0100
Message-ID: <20240115192845.51530-4-Michael.Glembotzki@iris-sensing.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com>
References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com>
MIME-Version: 1.0
X-Original-Sender: m.glembo@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b=BVWg9axG; spf=pass
(google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62c
as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass
(p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
<mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
<mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
<mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe:
<mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/swupdate/subscribe>
|
| Series |
Add support for asymmetric decryption
|
expand
|
diff --git a/core/stream_interface.c b/core/stream_interface.c index 0b78329..1cd148f 100644 --- a/core/stream_interface.c +++ b/core/stream_interface.c @@ -703,6 +703,10 @@ void *network_initializer(void *data) /* release temp files we may have created */ cleanup_files(software); +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + clear_tmp_aes_key(); +#endif + #ifndef CONFIG_NOCLEANUP swupdate_remove_directory(SCRIPTS_DIR_SUFFIX); swupdate_remove_directory(DATADST_DIR_SUFFIX); diff --git a/parser/parser.c b/parser/parser.c index 67ae1b3..70cc548 100644 --- a/parser/parser.c +++ b/parser/parser.c @@ -240,6 +240,32 @@ static bool get_common_fields(parsertype p, void *cfg, struct swupdate_cfg *swcf TRACE("Namespaced used to store SWUpdate's vars: %s", swcfg->namespace_for_vars); } +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + /* + * Set sw-description aes-key, if present + */ + if ((setting = find_node(p, cfg, "aes-key", swcfg)) != NULL) { + char aeskey_ascii[AES_256_KEY_LEN * 2 + 1] = {0}; + size_t keylen; + const char *s = get_field_string(p, setting, NULL); + + if (s) { + keylen = strnlen(s, SWUPDATE_GENERAL_STRING_SIZE); + + if (!is_valid_aes_keylen(keylen)) + return false; + + strncpy(aeskey_ascii, s, keylen); + } + if (!s || !strlen(aeskey_ascii) || set_tmp_aes_key(aeskey_ascii)) { + ERROR("Provided aes-key in the sw-description file is invalid!"); + return false; + } + } else { + TRACE("No AES key in the sw-description file."); + } +#endif + return true; }
With CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION, a temporary AES key can be provided with the sw-description file. Make an explicit size check of the field string before setting the temporary AES key. Only set the image AES key if a valid key length is given. Clear the temporary AES key after the update is done. Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> --- core/stream_interface.c | 4 ++++ parser/parser.c | 26 ++++++++++++++++++++++++++ 2 files changed, 30 insertions(+)