From patchwork Mon Jan 15 19:26:37 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Glembotzki <m.glembo@gmail.com>
X-Patchwork-Id: 1886822
Return-Path: <swupdate+bncBDY5JUXLVIEBB7EOS2WQMGQEPWP43GA@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20230601 header.b=EOsXN26x;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20230601 header.b=nDBjciMg;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::340; helo=mail-wm1-x340.google.com;
 envelope-from=swupdate+bncbdy5juxlviebb7eos2wqmgqepwp43ga@googlegroups.com;
 receiver=patchwork.ozlabs.org)
Received: from mail-wm1-x340.google.com (mail-wm1-x340.google.com
 [IPv6:2a00:1450:4864:20::340])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdc4tWqz1yPg
	for <incoming@patchwork.ozlabs.org>; Tue, 16 Jan 2024 06:29:07 +1100 (AEDT)
Received: by mail-wm1-x340.google.com with SMTP id
 5b1f17b1804b1-40e5f548313sf37053125e9.1
        for <incoming@patchwork.ozlabs.org>;
 Mon, 15 Jan 2024 11:29:07 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705346942; cv=pass;
        d=google.com; s=arc-20160816;
        b=nD18HbTW4pi1nwPZAFDyVAM23U9WNJwi3Zbi+xVHZB97eXHOJo7kQvnEZlk7AM4TY1
         kGQyRwqlX7Gd4Ij/GuANxQXkDKTPuXiYDQkUhN6dM+qGDcmMufTGoXsloZ/2ZX4Oq7uN
         GqOHT0NWWkXqb/BcLzKZixVruUSbMJgxbhXxXvcYKZxDPPh8ua5bpLCf0+Nunnlnkpm2
         M2i6wBTjQh9BzXSWTSN8UIh9QZXrLLAsGWznHO5RTaY6EbUYz7q9lv7emmgaxcIKaviA
         lZVHLwRGCoCk2NRS6RpZj9XbXFMg/Tx6ovsnxOwUHdyeie08yrIs2zWuClG2TC27/zop
         L5Rw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:message-id:date
         :subject:to:from:sender:dkim-signature:dkim-signature;
        bh=49sbevkpzedUxTXtScX4+um+gpELCj2hHmz9AqyVo2g=;
        fh=nvZsCFpxgpf+fsVXzjnWA8g1K3V/kNbRAKogjNDW4HY=;
        b=BDVOsXw0iZtu4D8d2mM7Hr4yIYArFvYF39VbfnBO0kHrTfqD75cpTJ+kE24WPEPSUh
         eEZ8fRYBNZ3hwSvZmWZp5Sbxohbprgvo61kXI2mh1Bd/gGhziqjl++vTGpd8N24RtOtE
         RvgRJALfIKwjFnfeSPPbBZTF9+FwixbDdNGvquXtuk+DMmVg/lvc5GPyboSoodMqNz52
         fgazrEmxmPt9NcwUGPOEJLZ3DihRdW4y2UvvDSX7T/UCGPiQq3uB2BodEAhNBRySGJDW
         bH/JcPHjLopFjnTGnf8V94QQp7COa7eX0hy+u0aroH6WY19bkeAxw6Z0d5GbUaTjhnEO
         rYhA==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=GK9TpEVP;
       spf=pass (google.com: domain of m.glembo@gmail.com designates
 2a00:1450:4864:20::633 as permitted sender) smtp.mailfrom=m.glembo@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1705346942; x=1705951742;
 darn=patchwork.ozlabs.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:message-id:date:subject:to:from
         :sender:from:to:cc:subject:date:message-id:reply-to;
        bh=49sbevkpzedUxTXtScX4+um+gpELCj2hHmz9AqyVo2g=;
        b=EOsXN26x/mUA789z/P4EMFVQguTAO2Bj+iRMYMTh2kXA2LzIU/w8g8kbxaSDORVJQP
         lUAvvHGlPdYHr/2u0ebALKwoDBKuHcjO8oyh1x8zDdJzGHDZfi5FMvzjBl2UctY6ZcjU
         RjtNhl2NgM1wd9riit/bOwj4GCdBVU/b0av8uPW4G/6G1KiXzGQpPtRfGnFym4Xq52ZE
         UHqqXxHQjSTkaAsdKzeE4hqpjkeuKrG6HUstajw2cUvqDr1IS5hpMKeOTSRgeuUr/fUt
         5hi+lMVTEA9is4M0vW/fu7rgpCmsQT1hNMFmGC6VI3WS1f7GdT+pHCxBJOuPw+Q4CaEa
         FMMw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1705346942; x=1705951742;
 darn=patchwork.ozlabs.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:message-id:date:subject:to:from:from
         :to:cc:subject:date:message-id:reply-to;
        bh=49sbevkpzedUxTXtScX4+um+gpELCj2hHmz9AqyVo2g=;
        b=nDBjciMgt4R7h5owGCF3EXVVe1Sss9tTJ00XmBPtZKLs5VldNVGIOR9m5hYS1TrxAm
         HgO/ZrbpeL5qIhSKmGWCjeYG77nMTpBgtFajeZe8JVLYVxu1SP8iA/4VfwT0BQpHRatL
         cZvaQt1NWLj0OtlSdw8iGkbmlq6s8rT+IB1YcRnQAqq5pgv8nlgakavKdoNU9U3c7DIm
         Y4BRczsnAAK/EtZNWy2JCgAkshrFk0qrAScjBABcwP2G7NsybVFiL7deIOqlw3XDw7hN
         CInklmD1ZEoUwQeziX3wZR6A9cE5FvNENna9fIiYhQC5RSytJn5oCWpP7+Vb5/IZrM6x
         8FVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1705346942; x=1705951742;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence
         :x-original-authentication-results:x-original-sender:mime-version
         :message-id:date:subject:to:from:x-beenthere:x-gm-message-state
         :sender:from:to:cc:subject:date:message-id:reply-to;
        bh=49sbevkpzedUxTXtScX4+um+gpELCj2hHmz9AqyVo2g=;
        b=qVzZNyfnj1oa5itzNheRXxwK5Smkf+Tt3KFx5EnO8gyoN55ncl79Na2vUBdwIW/r4O
         UMR14WTm2s/5s8hciGhy78/uBipk/8IDbzGyJcGU1yrAZzBzTkGv6NSScY+gQlvf93DK
         HzSttmbP+MsuD4pFUAq1ro/3hEdFL131si+nlvVVlUCtFO2BJEHD7sKUR/LLWFLRSYHG
         Ym7LRpe/SsvT896PIKKKbLeGnouhkGKxqhnIkblfRjQ1olL4Ir5ffLFl2lqs82ZoMXTd
         ngr9mzeoCkA9vVaTdTNvQbc1fuKHoWxIfX7MwOs//hrDGKAFbHmNmtyahJPi5g887uUU
         83lg==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOJu0YzoV6ck+ZnyRg8BKYinhAvIXvOP7uAvdcnBloU6IDxQNk0PC3sZ
	+Me3ZBE3YTXYupSSDSAJHRc=
X-Google-Smtp-Source: 
 AGHT+IHv9iok/0udOamRWkJZJvmJJg6Zjk7a4QB2ZtjPCgD9Goiax2plOnDUIy3hwnoZ69zFXsZksg==
X-Received: by 2002:a05:600c:3b04:b0:40e:43cf:bbf0 with SMTP id
 m4-20020a05600c3b0400b0040e43cfbbf0mr3216280wms.40.1705346940518;
        Mon, 15 Jan 2024 11:29:00 -0800 (PST)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:600c:1c90:b0:40d:6f01:c37e with SMTP id
 k16-20020a05600c1c9000b0040d6f01c37els221564wms.2.-pod-prod-06-eu; Mon, 15
 Jan 2024 11:28:58 -0800 (PST)
X-Received: by 2002:a1c:770d:0:b0:40e:714a:dff5 with SMTP id
 t13-20020a1c770d000000b0040e714adff5mr1567347wmi.27.1705346938315;
        Mon, 15 Jan 2024 11:28:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1705346938; cv=none;
        d=google.com; s=arc-20160816;
        b=IKJimgEv0ZgvSInCV8uUQdC59pquMsf63JkOUxR2x3ou7c37zfhHao1VBGiHTlKn63
         qP/cohkQnJRH5Ez7T29PDrcAGkhco3IUIFBOOPjVgGSilAb1ln/r/r2vZ9hsHM7+HQoT
         kvpl9aSjZCy+qreM7ThG9EEMI63So8HYcmC3OUIj7gvC9d/8P4ivMklIYwpOx3AV8BQm
         z+3GXeIjSXurdpL5jGL3POHswqUozI1bMWSr8yNRIPRdnnfktPvDsiZgm7ZbPsh6n9Dh
         PxANXKY7O4+Abp+ik/n8UutP9fzrQ6/6sLZEVw4Mmx5rNOeci0/sIZrRj7aP8GQYBvH5
         Mlxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:dkim-signature;
        bh=OyD2Pp76KGM9ApYnFsM870HO3Bw96+EoOCaBW6G8rbM=;
        fh=nvZsCFpxgpf+fsVXzjnWA8g1K3V/kNbRAKogjNDW4HY=;
        b=qAxK6nHdFy/i6z8lNXu/Jf6ycjK81q1yKBY7avFBmGfIKEGzKQBaKfe4NlEdTtRP4M
         sfVayIMQefDymZXbk0qjyt7GiBHlPXokNsrCBY3dA5Ygem+2Lk/Fj9l1FvSKYAjlu8Yg
         zbuZABGQB6WVnNMfT4hyg1E1UpNTp9xPguFaGyD8p4IcruxpqY1Qy5myXAHBlRICQ+cu
         sgMq1DxvrDSGrOmy2KsXhycl4NmOyeTF3QvP7rSX4NcgZeTQ4tGF1/+7JF8i3uclK5ui
         PNVaILRReD85jjlYZKyTgU8qsnUv60hw6Ap7YGJ4ne6S+Ts9Zbty98gbMitI6V9kCtVs
         jK4A==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=GK9TpEVP;
       spf=pass (google.com: domain of m.glembo@gmail.com designates
 2a00:1450:4864:20::633 as permitted sender) smtp.mailfrom=m.glembo@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com.
 [2a00:1450:4864:20::633])
        by gmr-mx.google.com with ESMTPS id
 ay38-20020a05600c1e2600b0040e4a2a8890si545757wmb.1.2024.01.15.11.28.58
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 15 Jan 2024 11:28:58 -0800 (PST)
Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates
 2a00:1450:4864:20::633 as permitted sender) client-ip=2a00:1450:4864:20::633;
Received: by mail-ej1-x633.google.com with SMTP id
 a640c23a62f3a-a2bdc3a3c84so561359166b.0
        for <swupdate@googlegroups.com>; Mon, 15 Jan 2024 11:28:58 -0800 (PST)
X-Received: by 2002:a17:906:39c6:b0:a27:bac8:1000 with SMTP id
 i6-20020a17090639c600b00a27bac81000mr2554172eje.96.1705346937256;
        Mon, 15 Jan 2024 11:28:57 -0800 (PST)
Received: from PC-2635.irisgmbh.local
 (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41])
        by smtp.gmail.com with ESMTPSA id
 tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.28.56
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 15 Jan 2024 11:28:56 -0800 (PST)
From: Michael Glembotzki <m.glembo@gmail.com>
To: swupdate@googlegroups.com
Subject: [swupdate] [V4][PATCH 0/8] Add support for asymmetric decryption
Date: Mon, 15 Jan 2024 20:26:37 +0100
Message-ID: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
X-Original-Sender: m.glembo@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@gmail.com header.s=20230601 header.b=GK9TpEVP;       spf=pass
 (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::633
 as permitted sender) smtp.mailfrom=m.glembo@gmail.com;       dmarc=pass
 (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

Hi Stefano,

your requested changes have been incorporated. Kindly inform me of any
additional feedback you may have. While the patch series has undergone thorough
testing, I would welcome another tester for further assurance.

Thank you and best regards

Michael


Michael Glembotzki (8):
      parser: BUG: Image IVT with invalid size is accepted
      util: Add functions for set/get temporary AES key
      parser: Read temporary AES key from sw-description
      Add functions for asymmetric file decryption with CMS
      swupdate: Initialize the key pair for asymmetric decryption
      util: Replace bool with enum for 'encrypted' Parameter
      Add support for asymmetrical encrypted images
      doc: Add documentation for asymmetric decryption

 Kconfig                              |  12 +++
 core/cpio_utils.c                    |  69 +++++++++++++---
 core/installer.c                     |   7 ++
 core/stream_interface.c              |  31 ++++---
 core/swupdate.c                      |  35 ++++++++
 core/util.c                          |  82 ++++++++++++++++---
 corelib/Makefile                     |   3 +
 corelib/swupdate_cms_decrypt.c       | 115 ++++++++++++++++++++++++++
 doc/source/asym_encrypted_images.rst | 153 +++++++++++++++++++++++++++++++++++
 doc/source/encrypted_images.rst      |   2 +
 doc/source/index.rst                 |   1 +
 doc/source/roadmap.rst               |   5 --
 doc/source/sw-description.rst        |  13 ++-
 examples/configuration/swupdate.cfg  |   3 +
 include/sslapi.h                     |   9 +++
 include/swupdate.h                   |   1 +
 include/util.h                       |  21 ++++-
 parser/parser.c                      |  44 +++++++++-
 18 files changed, 567 insertions(+), 39 deletions(-)