Message ID | 20231215142251.52393-5-Michael.Glembotzki@iris-sensing.com |
---|---|
State | Changes Requested |
Headers | show |
Series | Add support for asymmetric decryption | expand |
On 15.12.23 15:19, Michael Glembotzki wrote: > Only set the image aeskey_ascii if the key size is valid. > > Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> > --- > core/parsing_library.c | 23 +++++++++++++++++++++++ > include/parselib.h | 1 + > include/swupdate_image.h | 1 + > parser/parser.c | 1 + > 4 files changed, 26 insertions(+) > > diff --git a/core/parsing_library.c b/core/parsing_library.c > index dcb3b73..7e353ae 100644 > --- a/core/parsing_library.c > +++ b/core/parsing_library.c > @@ -224,6 +224,29 @@ void get_ivt_value(parsertype p, void *elem, char *ivt_ascii) > } > } > > +void get_aeskey_value(parsertype p, void *elem, char *key_ascii) > +{ > + size_t keylen; > + const char *s = NULL; > + s = get_field_string(p, elem, "aes-key"); > + if (s) { > + keylen = strnlen(s, SWUPDATE_GENERAL_STRING_SIZE); > + > + switch (keylen) { > + case AES_128_KEY_LEN * 2: > + case AES_192_KEY_LEN * 2: > + case AES_256_KEY_LEN * 2: > + // valid hex string size for AES 128/192/256 > + break; > + default: > + ERROR("Invalid aes_key length"); > + return; > + } > + > + get_field_string_with_size(p, elem, "aes-key", key_ascii, keylen); > + } > +} > + > bool set_find_path(const char **nodes, const char *newpath, char **tmp) > { > char **paths; > diff --git a/include/parselib.h b/include/parselib.h > index cbf13c0..789b7e4 100644 > --- a/include/parselib.h > +++ b/include/parselib.h > @@ -85,6 +85,7 @@ void get_field(parsertype p, void *e, const char *path, void *dest); > int exist_field_string(parsertype p, void *e, const char *path); > void get_hash_value(parsertype p, void *elem, unsigned char *hash); > void get_ivt_value(parsertype p, void *elem, char *ivt_ascii); > +void get_aeskey_value(parsertype p, void *elem, char *key_ascii); > void check_field_string(const char *src, char *dst, const size_t max_len); > void *find_root(parsertype p, void *root, const char **nodes); > void *get_node(parsertype p, void *root, const char **nodes); > diff --git a/include/swupdate_image.h b/include/swupdate_image.h > index 592a886..1ba1d22 100644 > --- a/include/swupdate_image.h > +++ b/include/swupdate_image.h > @@ -56,6 +56,7 @@ struct img_type { > int preserve_attributes; /* whether to preserve attributes in archives */ > bool is_encrypted; > char ivt_ascii[33]; > + char aeskey_ascii[65]; /* AES_256_KEY_LEN*2+1 */ > int install_directly; > int is_script; > int is_partitioner; > diff --git a/parser/parser.c b/parser/parser.c > index bbabae5..21cb598 100644 > --- a/parser/parser.c > +++ b/parser/parser.c > @@ -452,6 +452,7 @@ static int parse_common_attributes(parsertype p, void *elem, struct img_type *im > get_field(p, elem, "install-if-higher", &image->id.install_if_higher); > get_field(p, elem, "encrypted", &image->is_encrypted); > get_ivt_value(p, elem, image->ivt_ascii); > + get_aeskey_value(p, elem, image->aeskey_ascii); > > if (is_image_installed(&cfg->installed_sw_list, image)) { > image->skip = SKIP_SAME; Reviewed-by : Stefano Babic <stefano.Babic@swupdate.org> Best rgeards, Stefano Babic
diff --git a/core/parsing_library.c b/core/parsing_library.c index dcb3b73..7e353ae 100644 --- a/core/parsing_library.c +++ b/core/parsing_library.c @@ -224,6 +224,29 @@ void get_ivt_value(parsertype p, void *elem, char *ivt_ascii) } } +void get_aeskey_value(parsertype p, void *elem, char *key_ascii) +{ + size_t keylen; + const char *s = NULL; + s = get_field_string(p, elem, "aes-key"); + if (s) { + keylen = strnlen(s, SWUPDATE_GENERAL_STRING_SIZE); + + switch (keylen) { + case AES_128_KEY_LEN * 2: + case AES_192_KEY_LEN * 2: + case AES_256_KEY_LEN * 2: + // valid hex string size for AES 128/192/256 + break; + default: + ERROR("Invalid aes_key length"); + return; + } + + get_field_string_with_size(p, elem, "aes-key", key_ascii, keylen); + } +} + bool set_find_path(const char **nodes, const char *newpath, char **tmp) { char **paths; diff --git a/include/parselib.h b/include/parselib.h index cbf13c0..789b7e4 100644 --- a/include/parselib.h +++ b/include/parselib.h @@ -85,6 +85,7 @@ void get_field(parsertype p, void *e, const char *path, void *dest); int exist_field_string(parsertype p, void *e, const char *path); void get_hash_value(parsertype p, void *elem, unsigned char *hash); void get_ivt_value(parsertype p, void *elem, char *ivt_ascii); +void get_aeskey_value(parsertype p, void *elem, char *key_ascii); void check_field_string(const char *src, char *dst, const size_t max_len); void *find_root(parsertype p, void *root, const char **nodes); void *get_node(parsertype p, void *root, const char **nodes); diff --git a/include/swupdate_image.h b/include/swupdate_image.h index 592a886..1ba1d22 100644 --- a/include/swupdate_image.h +++ b/include/swupdate_image.h @@ -56,6 +56,7 @@ struct img_type { int preserve_attributes; /* whether to preserve attributes in archives */ bool is_encrypted; char ivt_ascii[33]; + char aeskey_ascii[65]; /* AES_256_KEY_LEN*2+1 */ int install_directly; int is_script; int is_partitioner; diff --git a/parser/parser.c b/parser/parser.c index bbabae5..21cb598 100644 --- a/parser/parser.c +++ b/parser/parser.c @@ -452,6 +452,7 @@ static int parse_common_attributes(parsertype p, void *elem, struct img_type *im get_field(p, elem, "install-if-higher", &image->id.install_if_higher); get_field(p, elem, "encrypted", &image->is_encrypted); get_ivt_value(p, elem, image->ivt_ascii); + get_aeskey_value(p, elem, image->aeskey_ascii); if (is_image_installed(&cfg->installed_sw_list, image)) { image->skip = SKIP_SAME;
Only set the image aeskey_ascii if the key size is valid. Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> --- core/parsing_library.c | 23 +++++++++++++++++++++++ include/parselib.h | 1 + include/swupdate_image.h | 1 + parser/parser.c | 1 + 4 files changed, 26 insertions(+)