From patchwork Mon Jan 15 19:26:43 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Glembotzki <m.glembo@gmail.com>
X-Patchwork-Id: 1886826
X-Patchwork-Delegate: sbabic@denx.de
Return-Path: <swupdate+bncBDY5JUXLVIEBBAUPS2WQMGQEZPZKCFQ@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20230601 header.b=U0/1zYCd;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20230601 header.b=jM1njP8R;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::43e; helo=mail-wr1-x43e.google.com;
 envelope-from=swupdate+bncbdy5juxlviebbaups2wqmgqezpzkcfq@googlegroups.com;
 receiver=patchwork.ozlabs.org)
Received: from mail-wr1-x43e.google.com (mail-wr1-x43e.google.com
 [IPv6:2a00:1450:4864:20::43e])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdg2x00z23ds
	for <incoming@patchwork.ozlabs.org>; Tue, 16 Jan 2024 06:29:11 +1100 (AEDT)
Received: by mail-wr1-x43e.google.com with SMTP id
 ffacd0b85a97d-337a9795c5csf829790f8f.2
        for <incoming@patchwork.ozlabs.org>;
 Mon, 15 Jan 2024 11:29:11 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705346948; cv=pass;
        d=google.com; s=arc-20160816;
        b=BCf3tbhPOuVCJdus6cBgCMjO1ZY2xqLI9RRRYNjeHTnTCtzzMpNUdUbPdRqYb7/e1V
         cJbfcPMsLcIVdvlYvYxtGttCTtbPsJZc0t4ldlOlWoeqKdFaGorZuevDOm5Zhm7dsU61
         Zi9J0l3zg/OHhn/zisDv44j8kPkAF9HhkdZT3JOX6rzC0y2bqX2Rj7K3zDWdG/KhbjKk
         azXBZcXvMJJAaqvvg0iXn/4cdS0QntBuk6eJNF6Rk8D0gG7lmngULAAEvdNUrinqBYyu
         QAffb/PUKQz71IVGHKxJuvr+hT9AGC5ZtjXJzBBxD6y+KHvs3FYFengJBMv4oUCMFIW3
         mtTw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature
         :dkim-signature;
        bh=LO3IRRhyBnh43tyj4EcXqhdpQNizW2vSsJR72NWrsbo=;
        fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=;
        b=Zppgdo+3lyfJoIKkeVgK4QOELbuBArwKS9Qtjys/6p+iMuvyCKz8S7mZ3fifjwCyM6
         DRDrSHc+vFxYxl0lMPMsCtk0jnkwAgyBzKmIxWMvr1XYamQv5RbBiSp3rHKwK61Ie9Vs
         IVkKIwgtCBaOY51y8Rphmpc5bhT3MHeIoGy5rz42m4X+peIzWlJ55In53XfTvSil49Fk
         lUH5YQJIz1N8xmn0T6pJBYaBujioJXfRttNU7R1gWunRAGMwxAGSc112KKcPzWzJLjaD
         aaGOYKmKyw22iUVY/J2vW7nIl98UQsEItp/jQaz2z0cZ3haZtCD138Xkf10nO/nEh9t3
         1mSA==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=UokViDac;
       spf=pass (google.com: domain of m.glembo@gmail.com designates
 2a00:1450:4864:20::62b as permitted sender) smtp.mailfrom=m.glembo@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1705346948; x=1705951748;
 darn=patchwork.ozlabs.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LO3IRRhyBnh43tyj4EcXqhdpQNizW2vSsJR72NWrsbo=;
        b=U0/1zYCdKUwo6rnEQEfjY7Dn9chslMcADLtNuCISGQFtbU1TvpH1qcQyWaYXlugkkh
         /bD94Od3coKUS5wVwK0Wj/8yo3GsxEyZTkTFf5IDPSXiz1hOTPpUbm36XsXUHTcXXSRz
         vGg5j+1F+LKvoeeFfzD7iobyQptVZPeGU+N1dQzmNTlOBDqztfHL4s+PxSBvGndoBMgQ
         HDbCdT2WIr0X6cHCukUJzwtNUbQ6ObyiN1hixTzANuaAY0MJkNfyZYIvo79zx+xvOkXQ
         XUy4YLH/PA5MGvN5QcVs7yleytM+V2qXciGUQPVrvmHE/uRhVdnnzV3+DeGZHqR7h72r
         U0eA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1705346948; x=1705951748;
 darn=patchwork.ozlabs.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=LO3IRRhyBnh43tyj4EcXqhdpQNizW2vSsJR72NWrsbo=;
        b=jM1njP8RrAqkRFSmB7C1EVINbT/xozUVim4MVzLsdJziLuFVkf7DoOHhDSicB/ZPZv
         47hitzrDNYWozLVoupzcGVEXlJ560uf3zzjIUzyiH9diAPDcX6zza7Bq/WFZhY6/RlzI
         1rP4990ByQeOCeTElbvN3zEqjLQwfO5dlQhWOhWHNAzOuS4g6Kz9pbzrZNzyKBB4JvgB
         pCI6emT4AaIYpTgrQjXROj4vF7pOiL5EDuTm1LIM7nSa2g5QcDoKLdH19pbePPP7kh3g
         TItuod8vgQYiN9OHKgNdkWpmoaOOI7xaM78P32iPube0KJjMpTfCpRQ8DxoM7PkczE19
         rfIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1705346948; x=1705951748;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence
         :x-original-authentication-results:x-original-sender:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date
         :message-id:reply-to;
        bh=LO3IRRhyBnh43tyj4EcXqhdpQNizW2vSsJR72NWrsbo=;
        b=PVrLZLBV10aEzrzedMuj0vB8xkpBCbWcPNZjku9XtP/cr6lsZKrwjJnhlLpCoGDE7A
         d4Z6eIpJnjXbC/04ussHsGBM7sFNUmwVdyhgkb6FUEviwJFY9GbijeZ9mtRBA3OMJZeX
         zS+DH3sbhREGtR0JywMjc/JS9cdGBb8mEcvwbNW8iiUM3ozb2zqIQxVCqBuVFBWqphKl
         dtGn2zqLDmMUWy24dzirfxhH6lHN/VygIduKh1HVm6Qk5jPRcQ3IuZe7rsopq9ZtqJus
         lGuOOBlsovM5KV6vQSADltS1FEVuxBd8O6Tu/HX7fq9jQljUOZbVYYizAEjv7ZMTAIWL
         ihSw==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOJu0YyJfS5xV0bR9JK+2Gn1FFh6ifeKOu+pCmAr5W1brJ42rRFfiVoj
	uHwl7Rmxrwgm14CJO+wfa7w=
X-Google-Smtp-Source: 
 AGHT+IFf73zVXqo0uMtlvjuxOm7nqrGdoDokvmm0+51fpKxj61du3h0/iytwltZ3R7fzywdbYDqdZA==
X-Received: by 2002:a7b:c5cb:0:b0:40e:4921:5038 with SMTP id
 n11-20020a7bc5cb000000b0040e49215038mr2267692wmk.91.1705346946630;
        Mon, 15 Jan 2024 11:29:06 -0800 (PST)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:600c:4f85:b0:40e:6522:eed8 with SMTP id
 n5-20020a05600c4f8500b0040e6522eed8ls164025wmq.2.-pod-prod-02-eu; Mon, 15 Jan
 2024 11:29:04 -0800 (PST)
X-Received: by 2002:a05:600c:3793:b0:40d:5b0e:2f5c with SMTP id
 o19-20020a05600c379300b0040d5b0e2f5cmr2240680wmr.52.1705346944603;
        Mon, 15 Jan 2024 11:29:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1705346944; cv=none;
        d=google.com; s=arc-20160816;
        b=EtuK9TzltVF9Lkz8hzQqcDpRHw9SX7U/6SP5bY7ATJ2QmJwVsrRHRay49lIv0PzM0v
         OkpPo9zXlmJT7fmrnOdGEBqKjvq+027w0tXJotNIpw9+uCa03pI7HmTVtFuxqgDYkrzF
         W866A/na4qu22/Wh+Chvx3KRE9pAZ2ahl5uxvJXucB+ZAz0WVQ/StnY14my6ZH1eD0r2
         5h3PJobuZ4Ci53NpdroooC6qzjEO6cn4R4UWmlWidzAE17M/N8SUwtu+VI+wMKuH/wZz
         RaYM2qOxb77cL7gbNZTr3ZgW8rFaoGTD3lgg7E3Lm/6IYs2LXjgwqYPknSNMI8pz+kSl
         Lp5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=XS7xgNYxVnUg6QuwSt8AY1GwPY52drqu0O0gUiyleZs=;
        fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=;
        b=EnpRBmzPUDddGjzwz1beJJPdH1uFOfZ2QJC7xQtL1fNv5fuj4OCgUzdIWnZQ0qx/Nd
         GmMkDSmkJj648xWPmaxXz4qVHwOZZrv7Ty2ur5Cy+AouJFwxIEkYnfYeTUKPuIbA5G87
         AHYV22k5w3pjLKzVh4lMGwvp/PaNya7zHgkLEx8yepHZ/S1iM7NBetAi02QjU40WPtYw
         F/CTMuS6HJgVUOcFgUqaRmDzAWrEyg/uzJxgymhSS2puDaswK7XCRPmkocw+MMZUHGZI
         UhKq3VfvBDBpzOsMOnheyn89kkJC2dGEyBWKogOG77cJfl6VosXx/pVwHxrfYrkMvnUY
         7CVA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=UokViDac;
       spf=pass (google.com: domain of m.glembo@gmail.com designates
 2a00:1450:4864:20::62b as permitted sender) smtp.mailfrom=m.glembo@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com.
 [2a00:1450:4864:20::62b])
        by gmr-mx.google.com with ESMTPS id
 co11-20020a0560000a0b00b0033776a5f33fsi316628wrb.1.2024.01.15.11.29.04
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 15 Jan 2024 11:29:04 -0800 (PST)
Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates
 2a00:1450:4864:20::62b as permitted sender) client-ip=2a00:1450:4864:20::62b;
Received: by mail-ej1-x62b.google.com with SMTP id
 a640c23a62f3a-a26ed1e05c7so1086755566b.2
        for <swupdate@googlegroups.com>; Mon, 15 Jan 2024 11:29:04 -0800 (PST)
X-Received: by 2002:a17:906:2b43:b0:a2d:4c1f:9831 with SMTP id
 b3-20020a1709062b4300b00a2d4c1f9831mr1189460ejg.27.1705346943652;
        Mon, 15 Jan 2024 11:29:03 -0800 (PST)
Received: from PC-2635.irisgmbh.local
 (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41])
        by smtp.gmail.com with ESMTPSA id
 tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.29.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 15 Jan 2024 11:29:02 -0800 (PST)
From: Michael Glembotzki <m.glembo@gmail.com>
To: swupdate@googlegroups.com
Cc: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com>
Subject: [swupdate] [V4][PATCH 6/8] util: Replace bool with enum for
 'encrypted' Parameter
Date: Mon, 15 Jan 2024 20:26:43 +0100
Message-ID: <20240115192845.51530-7-Michael.Glembotzki@iris-sensing.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com>
References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com>
MIME-Version: 1.0
X-Original-Sender: m.glembo@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@gmail.com header.s=20230601 header.b=UokViDac;       spf=pass
 (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62b
 as permitted sender) smtp.mailfrom=m.glembo@gmail.com;       dmarc=pass
 (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

Previously, artifacts were limited to symmetric encryption, requiring a
boolean. To enable __swupdate_copy for asymmetrically encrypted artifacts,
the boolean has been replaced with an enum.

Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com>
---
 core/cpio_utils.c       | 14 +++++++-------
 core/stream_interface.c | 27 ++++++++++++++++++---------
 include/util.h          | 10 ++++++++--
 3 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/core/cpio_utils.c b/core/cpio_utils.c
index 5b99904..03d43c9 100644
--- a/core/cpio_utils.c
+++ b/core/cpio_utils.c
@@ -431,7 +431,7 @@ static int zstd_step(void* state, void* buffer, size_t size)
 
 static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nbytes, unsigned long *offs, unsigned long long seek,
 	int skip_file, int __attribute__ ((__unused__)) compressed,
-	uint32_t *checksum, unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback)
+	uint32_t *checksum, unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback)
 {
 	unsigned int percent, prevpercent = 0;
 	int ret = 0;
@@ -512,7 +512,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby
 			return -EFAULT;
 	}
 
-	if (encrypted) {
+	if (encrypted == SYMMETRIC) {
 		aes_key = get_aes_key();
 		if (imgivt) {
 			if (!strlen(imgivt) || !is_hex_str(imgivt) || ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) {
@@ -587,7 +587,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby
 
 #if defined(CONFIG_GUNZIP) || defined(CONFIG_ZSTD)
 	if (compressed) {
-		if (encrypted) {
+		if (encrypted == SYMMETRIC) {
 			decrypt_state.upstream_step = &input_step;
 			decrypt_state.upstream_state = &input_state;
 			decompress_state.upstream_step = &decrypt_step;
@@ -600,7 +600,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby
 		state = &decompress_state;
 	} else {
 #endif
-		if (encrypted) {
+		if (encrypted == SYMMETRIC) {
 			decrypt_state.upstream_step = &input_step;
 			decrypt_state.upstream_state = &input_state;
 			step = &decrypt_step;
@@ -705,7 +705,7 @@ copyfile_exit:
 
 int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, unsigned long long seek,
 	int skip_file, int __attribute__ ((__unused__)) compressed,
-	uint32_t *checksum, unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback)
+	uint32_t *checksum, unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback)
 {
 	return __swupdate_copy(fdin,
 				NULL,
@@ -723,7 +723,7 @@ int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, unsigned l
 }
 
 int copybuffer(unsigned char *inbuf, void *out, size_t nbytes, int __attribute__ ((__unused__)) compressed,
-	unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback)
+	unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback)
 {
 	return __swupdate_copy(-1,
 				inbuf,
@@ -837,7 +837,7 @@ int cpio_scan(int fd, struct swupdate_cfg *cfg, off_t start)
 		 * we do not have to provide fdout
 		 */
 		if (copyfile(fd, NULL, fdh.size, &offset, 0, 1, 0, &checksum, img ? img->sha256 : NULL,
-				false, NULL, NULL) != 0) {
+				NO_ENCRYPTION, NULL, NULL) != 0) {
 			ERROR("invalid archive");
 			return -1;
 		}
diff --git a/core/stream_interface.c b/core/stream_interface.c
index 1cd148f..557cc5d 100644
--- a/core/stream_interface.c
+++ b/core/stream_interface.c
@@ -73,7 +73,7 @@ pthread_cond_t stream_cond = PTHREAD_COND_INITIALIZER;
 
 static struct installer inst;
 
-static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs, bool encrypted)
+static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs, encrypted_t encrypted)
 {
 	char output_file[MAX_IMAGE_FNAME];
 	struct filehdr fdh;
@@ -146,10 +146,14 @@ static int extract_files(int fd, struct swupdate_cfg *software)
 	char output_file[MAX_IMAGE_FNAME];
 	const char* TMPDIR = get_tmpdir();
 	bool installed_directly = false;
-	bool encrypted_sw_desc = false;
+	encrypted_t encrypted_sw_desc = NO_ENCRYPTION;
 
 #ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION
-	encrypted_sw_desc = true;
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+	encrypted_sw_desc = ASYMMETRIC;
+#else
+	encrypted_sw_desc = SYMMETRIC;
+#endif
 #endif
 
 	/* preset the info about the install parts */
@@ -174,7 +178,7 @@ static int extract_files(int fd, struct swupdate_cfg *software)
 		case STREAM_WAIT_SIGNATURE:
 #ifdef CONFIG_SIGNED_IMAGES
 			snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME);
-			if (extract_file_to_tmp(fd, output_file, &offset, false) < 0 )
+			if (extract_file_to_tmp(fd, output_file, &offset, NO_ENCRYPTION) < 0)
 				return -1;
 #endif
 			snprintf(output_file, sizeof(output_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME);
@@ -243,7 +247,7 @@ static int extract_files(int fd, struct swupdate_cfg *software)
 					close(fdout);
 					return -1;
 				}
-				if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, img->sha256, false, NULL, NULL) < 0) {
+				if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, img->sha256, NO_ENCRYPTION, NULL, NULL) < 0) {
 					close(fdout);
 					return -1;
 				}
@@ -255,7 +259,7 @@ static int extract_files(int fd, struct swupdate_cfg *software)
 				break;
 
 			case SKIP_FILE:
-				if (copyfile(fd, &fdout, fdh.size, &offset, 0, skip, 0, &checksum, NULL, false, NULL, NULL) < 0) {
+				if (copyfile(fd, &fdout, fdh.size, &offset, 0, skip, 0, &checksum, NULL, NO_ENCRYPTION, NULL, NULL) < 0) {
 					return -1;
 				}
 				if (!swupdate_verify_chksum(checksum, &fdh)) {
@@ -382,11 +386,16 @@ static int save_stream(int fdin, struct swupdate_cfg *software)
 	unsigned long offset;
 	char output_file[MAX_IMAGE_FNAME];
 	const char* TMPDIR = get_tmpdir();
-	bool encrypted_sw_desc = false;
+	encrypted_t encrypted_sw_desc = NO_ENCRYPTION;
 
 #ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION
-	encrypted_sw_desc = true;
+#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION
+	encrypted_sw_desc = ASYMMETRIC;
+#else
+	encrypted_sw_desc = SYMMETRIC;
 #endif
+#endif
+
 	if (fdin < 0)
 		return -EINVAL;
 
@@ -454,7 +463,7 @@ static int save_stream(int fdin, struct swupdate_cfg *software)
 	}
 #ifdef CONFIG_SIGNED_IMAGES
 	snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME);
-	if (extract_file_to_tmp(tmpfd, output_file, &offset, false) < 0 ) {
+	if (extract_file_to_tmp(tmpfd, output_file, &offset, NO_ENCRYPTION) < 0) {
 		ERROR("Signature cannot be extracted:%s", output_file);
 		ret = -EINVAL;
 		goto no_copy_output;
diff --git a/include/util.h b/include/util.h
index f4a67ef..f995520 100644
--- a/include/util.h
+++ b/include/util.h
@@ -79,6 +79,12 @@ typedef enum {
 	LASTLOGLEVEL=DEBUGLEVEL
 } LOGLEVEL;
 
+typedef enum {
+	NO_ENCRYPTION,
+	SYMMETRIC,
+	ASYMMETRIC
+} encrypted_t;
+
 /*
  * Following are used for notification from another process
  */
@@ -205,10 +211,10 @@ strlcpy(char *dst, const char * src, size_t size);
 int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs,
 	unsigned long long seek,
 	int skip_file, int compressed, uint32_t *checksum,
-	unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback);
+	unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback);
 int copyimage(void *out, struct img_type *img, writeimage callback);
 int copybuffer(unsigned char *inbuf, void *out, size_t nbytes, int compressed,
-	unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback);
+	unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback);
 int openfileoutput(const char *filename);
 int mkpath(char *dir, mode_t mode);
 int swupdate_file_setnonblock(int fd, bool block);