diff mbox series

[V4,6/8] util: Replace bool with enum for 'encrypted' Parameter

Message ID 20240115192845.51530-7-Michael.Glembotzki@iris-sensing.com
State New
Delegated to: Stefano Babic
Headers show
Series Add support for asymmetric decryption | expand

Commit Message

Michael Glembotzki Jan. 15, 2024, 7:26 p.m. UTC
Previously, artifacts were limited to symmetric encryption, requiring a
boolean. To enable __swupdate_copy for asymmetrically encrypted artifacts,
the boolean has been replaced with an enum.

Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com>
---
 core/cpio_utils.c       | 14 +++++++-------
 core/stream_interface.c | 27 ++++++++++++++++++---------
 include/util.h          | 10 ++++++++--
 3 files changed, 33 insertions(+), 18 deletions(-)
diff mbox series

Patch

diff --git a/core/cpio_utils.c b/core/cpio_utils.c
index 5b99904..03d43c9 100644
--- a/core/cpio_utils.c
+++ b/core/cpio_utils.c
@@ -431,7 +431,7 @@  static int zstd_step(void* state, void* buffer, size_t size)
 
 static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nbytes, unsigned long *offs, unsigned long long seek,
 	int skip_file, int __attribute__ ((__unused__)) compressed,
-	uint32_t *checksum, unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback)
+	uint32_t *checksum, unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback)
 {
 	unsigned int percent, prevpercent = 0;
 	int ret = 0;
@@ -512,7 +512,7 @@  static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby
 			return -EFAULT;
 	}
 
-	if (encrypted) {
+	if (encrypted == SYMMETRIC) {
 		aes_key = get_aes_key();
 		if (imgivt) {
 			if (!strlen(imgivt) || !is_hex_str(imgivt) || ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) {
@@ -587,7 +587,7 @@  static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby
 
 #if defined(CONFIG_GUNZIP) || defined(CONFIG_ZSTD)
 	if (compressed) {
-		if (encrypted) {
+		if (encrypted == SYMMETRIC) {
 			decrypt_state.upstream_step = &input_step;
 			decrypt_state.upstream_state = &input_state;
 			decompress_state.upstream_step = &decrypt_step;
@@ -600,7 +600,7 @@  static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby
 		state = &decompress_state;
 	} else {
 #endif
-		if (encrypted) {
+		if (encrypted == SYMMETRIC) {
 			decrypt_state.upstream_step = &input_step;
 			decrypt_state.upstream_state = &input_state;
 			step = &decrypt_step;
@@ -705,7 +705,7 @@  copyfile_exit:
 
 int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, unsigned long long seek,
 	int skip_file, int __attribute__ ((__unused__)) compressed,
-	uint32_t *checksum, unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback)
+	uint32_t *checksum, unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback)
 {
 	return __swupdate_copy(fdin,
 				NULL,
@@ -723,7 +723,7 @@  int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, unsigned l
 }
 
 int copybuffer(unsigned char *inbuf, void *out, size_t nbytes, int __attribute__ ((__unused__)) compressed,
-	unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback)
+	unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback)
 {
 	return __swupdate_copy(-1,
 				inbuf,
@@ -837,7 +837,7 @@  int cpio_scan(int fd, struct swupdate_cfg *cfg, off_t start)
 		 * we do not have to provide fdout
 		 */
 		if (copyfile(fd, NULL, fdh.size, &offset, 0, 1, 0, &checksum, img ? img->sha256 : NULL,
-				false, NULL, NULL) != 0) {
+				NO_ENCRYPTION, NULL, NULL) != 0) {
 			ERROR("invalid archive");
 			return -1;
 		}
diff --git a/core/stream_interface.c b/core/stream_interface.c
index 1cd148f..557cc5d 100644
--- a/core/stream_interface.c
+++ b/core/stream_interface.c
@@ -73,7 +73,7 @@  pthread_cond_t stream_cond = PTHREAD_COND_INITIALIZER;
 
 static struct installer inst;
 
-static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs, bool encrypted)
+static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs, encrypted_t encrypted)
 {
 	char output_file[MAX_IMAGE_FNAME];
 	struct filehdr fdh;
@@ -146,10 +146,14 @@  static int extract_files(int fd, struct swupdate_cfg *software)
 	char output_file[MAX_IMAGE_FNAME];
 	const char* TMPDIR = get_tmpdir();
 	bool installed_directly = false;
-	bool encrypted_sw_desc = false;
+	encrypted_t encrypted_sw_desc = NO_ENCRYPTION;
 
 #ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION
-	encrypted_sw_desc = true;
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+	encrypted_sw_desc = ASYMMETRIC;
+#else
+	encrypted_sw_desc = SYMMETRIC;
+#endif
 #endif
 
 	/* preset the info about the install parts */
@@ -174,7 +178,7 @@  static int extract_files(int fd, struct swupdate_cfg *software)
 		case STREAM_WAIT_SIGNATURE:
 #ifdef CONFIG_SIGNED_IMAGES
 			snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME);
-			if (extract_file_to_tmp(fd, output_file, &offset, false) < 0 )
+			if (extract_file_to_tmp(fd, output_file, &offset, NO_ENCRYPTION) < 0)
 				return -1;
 #endif
 			snprintf(output_file, sizeof(output_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME);
@@ -243,7 +247,7 @@  static int extract_files(int fd, struct swupdate_cfg *software)
 					close(fdout);
 					return -1;
 				}
-				if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, img->sha256, false, NULL, NULL) < 0) {
+				if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, img->sha256, NO_ENCRYPTION, NULL, NULL) < 0) {
 					close(fdout);
 					return -1;
 				}
@@ -255,7 +259,7 @@  static int extract_files(int fd, struct swupdate_cfg *software)
 				break;
 
 			case SKIP_FILE:
-				if (copyfile(fd, &fdout, fdh.size, &offset, 0, skip, 0, &checksum, NULL, false, NULL, NULL) < 0) {
+				if (copyfile(fd, &fdout, fdh.size, &offset, 0, skip, 0, &checksum, NULL, NO_ENCRYPTION, NULL, NULL) < 0) {
 					return -1;
 				}
 				if (!swupdate_verify_chksum(checksum, &fdh)) {
@@ -382,11 +386,16 @@  static int save_stream(int fdin, struct swupdate_cfg *software)
 	unsigned long offset;
 	char output_file[MAX_IMAGE_FNAME];
 	const char* TMPDIR = get_tmpdir();
-	bool encrypted_sw_desc = false;
+	encrypted_t encrypted_sw_desc = NO_ENCRYPTION;
 
 #ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION
-	encrypted_sw_desc = true;
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+	encrypted_sw_desc = ASYMMETRIC;
+#else
+	encrypted_sw_desc = SYMMETRIC;
 #endif
+#endif
+
 	if (fdin < 0)
 		return -EINVAL;
 
@@ -454,7 +463,7 @@  static int save_stream(int fdin, struct swupdate_cfg *software)
 	}
 #ifdef CONFIG_SIGNED_IMAGES
 	snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME);
-	if (extract_file_to_tmp(tmpfd, output_file, &offset, false) < 0 ) {
+	if (extract_file_to_tmp(tmpfd, output_file, &offset, NO_ENCRYPTION) < 0) {
 		ERROR("Signature cannot be extracted:%s", output_file);
 		ret = -EINVAL;
 		goto no_copy_output;
diff --git a/include/util.h b/include/util.h
index f4a67ef..f995520 100644
--- a/include/util.h
+++ b/include/util.h
@@ -79,6 +79,12 @@  typedef enum {
 	LASTLOGLEVEL=DEBUGLEVEL
 } LOGLEVEL;
 
+typedef enum {
+	NO_ENCRYPTION,
+	SYMMETRIC,
+	ASYMMETRIC
+} encrypted_t;
+
 /*
  * Following are used for notification from another process
  */
@@ -205,10 +211,10 @@  strlcpy(char *dst, const char * src, size_t size);
 int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs,
 	unsigned long long seek,
 	int skip_file, int compressed, uint32_t *checksum,
-	unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback);
+	unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback);
 int copyimage(void *out, struct img_type *img, writeimage callback);
 int copybuffer(unsigned char *inbuf, void *out, size_t nbytes, int compressed,
-	unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback);
+	unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback);
 int openfileoutput(const char *filename);
 int mkpath(char *dir, mode_t mode);
 int swupdate_file_setnonblock(int fd, bool block);