From patchwork Tue Apr 2 14:44:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Babic X-Patchwork-Id: 1074519 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::339; helo=mail-wm1-x339.google.com; envelope-from=swupdate+bncbcxploxj6ikrb2pkrxsqkgqeuznuwpa@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=denx.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="sntV6gA8"; dkim-atps=neutral Received: from mail-wm1-x339.google.com (mail-wm1-x339.google.com [IPv6:2a00:1450:4864:20::339]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44YX710TQzz9sTF for ; Wed, 3 Apr 2019 01:45:00 +1100 (AEDT) Received: by mail-wm1-x339.google.com with SMTP id 7sf2228810wmj.9 for ; Tue, 02 Apr 2019 07:45:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1554216297; cv=pass; d=google.com; s=arc-20160816; b=MMDF8Te04cOq/Y5U/Xyi7ChyPJJWfGGTxRtai0sFf3EYEYJ3PInXPb+mkxfzzMH8/r vRIt84VEJCkaQNxe+OlkwkHZKrMbVOQW0BVsdHX7UnEhFyXytWgTuFBM/dJicdVR0qcO R9U1Dmtzgn8EabfvQFUGF/g5FwPRPdJnx+EQvlQ8wZFdpnBkfcQm1ijZJ5fcgbmSGlos 5q8LPnTVxIyxUj6u43oan5Sir5VTPRyvw2jyYV+Oky0XEu0MwTsHGMtINFY7Ub33BqqY ZskkL9jfdcxEVxaFCWn7TNSRshwmSz95glsXaVd5x7VffWxscHrpfnu9n948rbDv202T ITeA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:message-id:date:subject:cc:to:from :mime-version:sender:dkim-signature; bh=oiUOGqPPluQw7z3owNqb8ZjY2FFUDs3NOdLr30+vIgw=; b=tbZMKrH/dVawCX9b1GP4tJyDg/0pd5OE5uWSVjDCwGBl1wIDJpyuqShl7gZrzBxqBl bkRqmnVsU0bRk/80OordbBAfcs0kP6LLLhvTNAnS+Z9YQaT9aASgVozqBqALJLpJ+yqK DjXJbQReMZTsHAZ7r0FdKN4vUipMDjpqFxfNJdqJe3KV9blPIPO1Mt4fCxvgX0qWCFd0 3/yBIq50ra9qccDCqzo7MYLvgNT1LbKOFAmmlklUPutPm3XT5BzWdWcTNkJ91G3mImLs o/Yx9+vtldHSXCMWdsXxOjCwGI7oiVUQxLzLWY18kgFoLsPlDJlojMdRCj+J89jSojNR P9Pw== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:mime-version:from:to:cc:subject:date:message-id :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=oiUOGqPPluQw7z3owNqb8ZjY2FFUDs3NOdLr30+vIgw=; b=sntV6gA857xAEM1TOy154sSyzZ9s+2r307xwGlBStYl5rVjClLMHiT6YYTnQ0TqNjq S+MmXqXeZDw+H3YUdWytooNgFSfJWL8iSKbGmPvY4H6g9Np+5B58EQxGz3FmZPfo7JEo iJvRyoDMJCz/dBgOVsH9FfrCMXUzslIiTz3SUmzvCCJGUecWUTQQnX81kQlbM25q37OL Sx5gkmQXw0bdFiwjRor3Aor1qDs+7m5AuYNIjd8ENbsQGYY/gTdE6oiZgFOf0sutLBEB an3g7GvBFTnwYUFmL7+31gTqNM/hD4gFU3g9AdOP8sKcwrlUitYjRwkWd3tPoORBVsrk fMsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date :message-id:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=oiUOGqPPluQw7z3owNqb8ZjY2FFUDs3NOdLr30+vIgw=; b=Bs+6TKW4TCybAHpAl1zj5XRLX7Wtg4GUkdQHORI/EvunZ2oV+ZeT3diAMl3XBtsVeJ FOWgbKBbFFRrhe3Hwi6T7r0Yq4lGgAXAERjqgzqO5ULSdEAmfQ3Zu/RG18rN/FqN8ViQ 0/P0knDP5OCTAyskZoF4/+MucQpJpVoxOQMefexAGqQLKB2d5OLn12m///NrYgU5E90d o7saFPQ1tBiJfRuKxbh0DaFcm3hREg+cUsdvBgQfBB2fioOxT0FK8Vy+5fnvfFMmttR8 myBUYfROTVs320703P9F2W72V/y6IIJNgM9nS9AXmts/h/s/0HgTFmeEKbcl+hoLZ7ti dwWw== Sender: swupdate@googlegroups.com X-Gm-Message-State: APjAAAWJIAemkYcFNa2lMffh67w7dp4UgqeJvoShGeVQwFVXCObyZIGF 0U5tISoVcVcYmzl9Oohd1R8= X-Google-Smtp-Source: APXvYqw9V514HE4Cw2oTmV+a3TmXxuoyWHXojjVtFKUC7JJqXsw//5D3BBFkYhHdydVYqpYIMy96nw== X-Received: by 2002:a1c:c287:: with SMTP id s129mr4167304wmf.63.1554216297276; Tue, 02 Apr 2019 07:44:57 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: swupdate@googlegroups.com Received: by 2002:a1c:7014:: with SMTP id l20ls211284wmc.0.canary-gmail; Tue, 02 Apr 2019 07:44:56 -0700 (PDT) X-Received: by 2002:a1c:200e:: with SMTP id g14mr1555857wmg.15.1554216296781; Tue, 02 Apr 2019 07:44:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554216296; cv=none; d=google.com; s=arc-20160816; b=livt8up5MsGg4pQWHOl+pALsryVnZPQFEfUmaUFyDlzNVfxpEQEU532rY5tqrXJZmG CMlJSIPPPXcGOnR5SRl5tqfg1Pq899eDytIBorQWb63XNKcGvQTa6RSaJvukwPPHoN5X W6rzohaqWL8jqPD9w1XnGGmWXR0hJwaSAugUpOy40SeN0X0ZBBkIOU2+6s1oZ0M4spnE SBxAyiEoCqdslf7ykhoZREE/SqxG7940bBMj9sPbBN/uRh3X5KPe7gAijGMIc3VOPY9O 8fXAxh1YiEJsz7VlT6b4h5faWUjZl8e/c2zGG+jl9hjQA5DXgMytTiBLQnVYTIi9d2UQ d+rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from; bh=SCPb2r0kWOgoq97BsW+8nSl7tpUNVOIv4T+DqTADMak=; b=XVI4sGE1EnopyciofC8SXNZn4WIzVFPcX65vcuaXK+lV3ADcDqjOpk/TpfWsz+/EYl UGMeNvpIUmyc3pWQUnNPTu59CwCAO3uv5UxVgopWsdIZ/scixFIDMsn7I/q/SbH6H2Sv LZLe6Ee+UKGK9IMPN8ztpO9OPcFcWDkERqnD6cI5PkEfLfzIU9N1ZL4LaayJUu08KZuD Kap8dwTndvkK5yXDDtskmLgqH2OHF6h3GeNaT8W/TSR/a9AKB52cBwqBi7Hu4FszRbxZ LDTdBj8ILcvQs1R0ALuHediFelhFDTO01Y15q0CZoZ4acYp4hCBsmd9EeSWXrGFvCXgl S45A== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9]) by gmr-mx.google.com with ESMTPS id d14si347490wrj.3.2019.04.02.07.44.56 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Apr 2019 07:44:56 -0700 (PDT) Received-SPF: neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) client-ip=212.18.0.9; Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 44YX6w4HXYz1rD8q; Tue, 2 Apr 2019 16:44:56 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 44YX6w45Nvz1qvXG; Tue, 2 Apr 2019 16:44:56 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id qf1Mg81ME_MI; Tue, 2 Apr 2019 16:44:55 +0200 (CEST) Received: from babic.homelinux.org (host-88-217-136-221.customer.m-online.net [88.217.136.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPS; Tue, 2 Apr 2019 16:44:55 +0200 (CEST) Received: from localhost (mail.babic.homelinux.org [127.0.0.1]) by babic.homelinux.org (Postfix) with ESMTP id 671DC45403E5; Tue, 2 Apr 2019 16:44:55 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at babic.homelinux.org Received: from babic.homelinux.org ([IPv6:::1]) by localhost (mail.babic.homelinux.org [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id dSfJrt5yQxJE; Tue, 2 Apr 2019 16:44:52 +0200 (CEST) Received: from papero.fritz.box (papero.fritz.box [192.168.178.132]) by babic.homelinux.org (Postfix) with ESMTP id B70334540325; Tue, 2 Apr 2019 16:44:52 +0200 (CEST) From: Stefano Babic To: swupdate@googlegroups.com Cc: Stefano Babic Subject: [swupdate] [PATCH V2] Add class to encrypt (AES-CBC) an artifact Date: Tue, 2 Apr 2019 16:44:50 +0200 Message-Id: <20190402144450.31305-1-sbabic@denx.de> X-Mailer: git-send-email 2.17.1 X-Original-Sender: sbabic@denx.de X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , This add a new conversion type (enc) to encrypt during the build an artifact. Add to your image recipe : IMAGE_FSTYPES += ".enc" SWUpdate supports encription of compressed images. You can add the FSTYPE to your last filesystem type, for example ".ext4.gz.enc" is a valid value. Signed-off-by: Stefano Babic Tested-by: Austin Phillips --- classes/swupdate-enc.bbclass | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 classes/swupdate-enc.bbclass diff --git a/classes/swupdate-enc.bbclass b/classes/swupdate-enc.bbclass new file mode 100644 index 0000000..5e3fe79 --- /dev/null +++ b/classes/swupdate-enc.bbclass @@ -0,0 +1,25 @@ +# +# The key must be generated as described in doc +# with +# openssl enc -aes-256-cbc -k -P -md sha1 +# The file is in the format +# salt= +# key= +# iv= +# parameters: $1 = input file, $2 = output file +swu_encrypt_file() { + input=$1 + output=$2 + key=`cat ${SWUPDATE_AES_FILE} | grep ^key | cut -d '=' -f 2` + iv=`cat ${SWUPDATE_AES_FILE} | grep ^iv | cut -d '=' -f 2` + salt=`cat ${SWUPDATE_AES_FILE} | grep ^salt | cut -d '=' -f 2` + if [ -z ${salt} ] || [ -z ${key} ] || [ -z {iv} ];then + bbfatal "SWUPDATE_AES_FILE=$SWUPDATE_AES_FILE does not contain valid keys" + fi + openssl enc -aes-256-cbc -in ${input} -out ${output} -K ${key} -iv ${iv} -S ${salt} +} + +CONVERSIONTYPES += "enc" + +CONVERSION_DEPENDS_enc = "openssl-native coreutils-native" +CONVERSION_CMD_enc="swu_encrypt_file ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.enc"