From patchwork Wed Sep 16 13:58:10 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365329
Return-Path: <swupdate+bncBDPPPP7KYILBBDFURD5QKGQEJCNLLBA@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::23b; helo=mail-lj1-x23b.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbdfurd5qkgqejcnllba@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=KADzdio3;
	dkim-atps=neutral
Received: from mail-lj1-x23b.google.com (mail-lj1-x23b.google.com
 [IPv6:2a00:1450:4864:20::23b])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sX5QHPz9sTs
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:40 +1000 (AEST)
Received: by mail-lj1-x23b.google.com with SMTP id u5sf2268288ljl.16
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:40 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264716; cv=pass;
        d=google.com; s=arc-20160816;
        b=UND3vdaHDVmqjHTxg0KqrDlla/9xGKw0WoByaxQIaipi02mLcR1HoPRxfkhZ3J2gB8
         w6QIYpR3x1HleIHy/Xsl4Fcr77yAYbkIHaHQEmEiojP7zUAMhyRRK4H5qMLkNTtJ0rXT
         AZhetHeyTgm2QCYA2FbVuW7k3uFvOfiT6AWUUVsuD7Y0IdWLLGbvrbed6uVB214ceEFK
         S3EOgBiJ0ehbWIRqoii6G/8zXae3lm8PP0jrLVJV3MMBEyzHB71CMnvdkRUfAM92lTmC
         ddfN7fLmY4TsEQ8RDBtrSV5l9ZABHwApEdc8hqmeG1nWr1tKuXqYYgzZK6P1tDlgBNyT
         9Vjg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=HkhF/PoUMovc75w2Hhlh8LNEFg+JBRUI4732d8mIyOE=;
        b=0RVsytqeQeY/yPK3P1eMicPi1fYDoJhCpE53pO70Sze4ccP+5foJfifgP4mVZUVViJ
         WKfV2KkZPTnSv7hNhOiO/U4HUIjYnJITU8zKHdtWZKaBmLgFr6KxbPgf59GcSqjH4oeu
         mIXzad7FlXavSJpDTV2OlxN9LtDZhpzBklC1y9Pbxo1LqA4r2DUw04nZuGi7htquRdWI
         L7tsWb8HKPb2kxGMFdDkYhxz9aqFG+Wqv2H1k0WqnNF32Pfua8h+/tmugGlj83QH4Bq9
         THMQUyUqhTItu3px9wez4mqoHlxXzEu1UZVVAbiBGKkpYo7alTda2bJ65YNUTO2s0iUF
         Va4Q==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=30mCFEE2;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=HkhF/PoUMovc75w2Hhlh8LNEFg+JBRUI4732d8mIyOE=;
        b=KADzdio38Pdi2Eacm43rg6wqbwXl1F4wm08dZCdg/Z0QPvn/Bu8qWekgMmm8vGWk+F
         TFnQlfoc2t3Zp0HPodp1eViwazQUW6TxHx5eiBZq6E655FRqql09pEl9FI+pngrEYnW/
         saj0x3099J2gye+RWjpvSC71ptIqCodaFQoum7DwTGE889pBzOQ5CHGc19XLmyHbXgI4
         kuQB80JHWOOpfCdRF8MRyKRXP25mt60vYrUf2zoKrx8ca/BV11jwlqUdL2bXBCrvXHKG
         5nPS6sTwnKV82vmdtNZYgm0mhTxLOkiPfdSpSKkS8d3PFCkZxeQxHv1xvBO1mv6WXgdj
         gUoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=HkhF/PoUMovc75w2Hhlh8LNEFg+JBRUI4732d8mIyOE=;
        b=beEJ0J+gTckBTXUSVLMzSpvmnjyko2WZJRpIVc4NtBlSYTSim6pNgYZFqh3bbBZYjl
         hpumiex9cTdUTtsNMnB2iLBuNiL8q7L9eW43HOkqU/Kinu6pxAGONjOdWCorQXcq9xm/
         VZhHVH7JVGZ0byNTViu+CGyDbVxZK692uM86WsLMqJ0Vtd4O/bh3poeaWSKHh1DpA+ol
         8ILSge4NLX7OVPiAdaTP/QobhcJE51r5HzGlnh1URDS7qNm/5T0chUa584kZCgF3MXe2
         s/UIuoVduoSxcktwoCVzpCx07JFtq78fmazw6qb7SjgB9s6z/No87A5/eCSiNKkOfsSw
         R6uA==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM532nc/mOBMfQMsg0mz6QKS07QNQhlhbjxAfCkmhtzIALRiU+ba7Y
	daczgrx7hRBpfpKgPusJz2g=
X-Google-Smtp-Source: 
 ABdhPJwl9jrPqdM+7FXpfbZ8WrQ/xsc8gS7RSV38pfG5alar5tYNkV1t0/gkilNfvvuRJivLDEILUQ==
X-Received: by 2002:a2e:9992:: with SMTP id w18mr9027423lji.301.1600264716687;
        Wed, 16 Sep 2020 06:58:36 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a19:c7c8:: with SMTP id x191ls65295lff.0.gmail; Wed, 16 Sep
 2020 06:58:35 -0700 (PDT)
X-Received: by 2002:a19:e602:: with SMTP id d2mr7393550lfh.536.1600264715202;
        Wed, 16 Sep 2020 06:58:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264715; cv=none;
        d=google.com; s=arc-20160816;
        b=RDvFPn9FrSMAZFrYcfidAqAPJUPfDNm7toQLsxbjxxlFs5IseXWLJqycgV0Gasw8ny
         NEHpVJ8qjvXsJu1uaY74SOI+V/tNt+Qe91yZE/RtJRVyQ2SioEc28u4TQTjOV1kCdsyT
         exDwM7cQKSqD0Nkx/dRn0PtpjZlGpYYLKCIKY+w8G/TfMYqQIxIlANmr088rZeF44+yr
         kiAOYMU1uqWwf7WNRrY1XU+tqfIsbDIbweXlTZR0EuYme2nS5lGSKk5zpcT5QvS44u9k
         mo+uKYSJnqh1viuPqP9JrM3M0olFCllw1eaN1elbEs2sIx2y+O8C69ZkS2CSydthhhj4
         AA0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=LPSS3OmWFnPKarvbKGpZRMZX/RRCPw5IP5YyRjhDOWo=;
        b=ZR093MUvGh3wxgOxP3VtIfGYiSSVZaJs5x6q9YWnau91pmArpThIX/O+nNimrqTK5x
         jdvyJtODxklgmJYczkp1A2izf3lFMstY+DV53I/KwIuqww8zUrRbjTsPlA+WJpLWDFGq
         7zvqsSxjIzG/OVRjkkjXCRxZc6oplSaMQGC1JIj7BMi0KOZAI4THgK+duxSHpR4/HFNU
         UDJ3tc9FcD5548rLZ0206OW6cLsZiK53tQbnUbXnprSD5F6ODCXCKktRnwKrPbiS2tUL
         YkJdWNkb8PEbRr0jwewR6Oeb752T5OeO6yhXGSIWxwTMoPnd2qK7IsXsEZ80SsT8Ez5N
         ykGg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=30mCFEE2;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 t80si366403lff.9.2020.09.16.06.58.35
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 01/16] Kbuild: Add wolfSSL as SSL implementation
Date: Wed, 16 Sep 2020 15:58:10 +0200
Message-Id: <20200916135825.40367-2-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=30mCFEE2;       dkim=neutral
 (no key) header.i=@linutronix.de header.s=2020e;       spf=pass (google.com:
 domain of bage@linutronix.de designates 193.142.43.55 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

wolfSSL has an OpenSSL compatibility layer which lacks CMS support
as of version 4.5.0.  All other code can be built with wolfSSL.
Add it as a new SSL implementation.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 Kconfig             | 24 ++++++++++++++++--------
 Makefile.deps       |  4 ++++
 Makefile.flags      |  5 +++++
 corelib/Makefile    |  5 ++++-
 include/sslapi.h    |  2 +-
 mongoose/Config.in  |  4 ++--
 mongoose/Makefile   |  2 +-
 suricatta/Config.in |  4 ++--
 8 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/Kconfig b/Kconfig
index 444eb1f..2d2cca6 100644
--- a/Kconfig
+++ b/Kconfig
@@ -77,6 +77,10 @@ config HAVE_LIBCRYPTO
 	bool
 	option env="HAVE_LIBCRYPTO"
 
+config HAVE_WOLFSSL
+	bool
+	option env="HAVE_WOLFSSL"
+
 config HAVE_MBEDTLS
 	bool
 	option env="HAVE_MBEDTLS"
@@ -347,6 +351,10 @@ choice
 		bool "OpenSSL"
 		depends on HAVE_LIBSSL
 
+	config SSL_IMPL_WOLFSSL
+		bool "wolfSSL (with OpenSSL compatibility layer)"
+		depends on HAVE_WOLFSSL
+
 	config SSL_IMPL_MBEDTLS
 		bool "mbedTLS"
 		depends on HAVE_MBEDTLS
@@ -369,7 +377,7 @@ config DOWNLOAD_SSL
 	bool "Enable SSL support for image downloading"
 	default n
 	depends on DOWNLOAD
-	depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+	depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
 	select CHANNEL_CURL_SSL
 	help
 	  Enable SSL and checksum verification support in channels
@@ -383,18 +391,18 @@ config CHANNEL_CURL
 config CHANNEL_CURL_SSL
 	bool
 	depends on CHANNEL_CURL
-	depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+	depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
 	select CURL_SSL
 
 config HASH_VERIFY
 	bool "Allow to add sha256 hash to each image"
-	depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+	depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
 	help
 	  Allow to add a sha256 hash to an artifact.
 	  This is automatically set in case of Signed Image
 
 comment "Hash checking needs an SSL implementation"
-	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS
+	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
 
 config DISABLE_CPIO_CRC
 	bool "Disable cpio CRC verify if SHA 256 is enabled"
@@ -410,10 +418,10 @@ config DISABLE_CPIO_CRC
 
 config SIGNED_IMAGES
 	bool "Enable verification of signed images"
-	depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+	depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
 	select HASH_VERIFY
 comment "Image signature verification needs an SSL implementation"
-	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS
+	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
 
 choice
 	prompt "Signature verification algorithm"
@@ -450,9 +458,9 @@ endmenu
 
 config ENCRYPTED_IMAGES
 	bool "Images can be encrypted with a symmetric key"
-	depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+	depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
 comment "Image encryption needs an SSL implementation"
-	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS
+	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
 
 source suricatta/Config.in
 
diff --git a/Makefile.deps b/Makefile.deps
index b90ca0d..0949628 100644
--- a/Makefile.deps
+++ b/Makefile.deps
@@ -62,6 +62,10 @@ ifeq ($(HAVE_LIBCRYPTO),)
 export HAVE_LIBCRYPTO = y
 endif
 
+ifeq ($(HAVE_WOLFSSL),)
+export HAVE_WOLFSSL = y
+endif
+
 ifeq ($(HAVE_MBEDTLS),)
 export HAVE_MBEDTLS = y
 endif
diff --git a/Makefile.flags b/Makefile.flags
index dfd7531..a5d3b0e 100644
--- a/Makefile.flags
+++ b/Makefile.flags
@@ -149,6 +149,11 @@ ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
 LDLIBS += crypto ssl
 endif
 
+ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
+KBUILD_CPPFLAGS += -I/usr/include/wolfssl
+LDLIBS += wolfssl
+endif
+
 ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
 LDLIBS += mbedcrypto mbedtls mbedx509
 endif
diff --git a/corelib/Makefile b/corelib/Makefile
index f4dca4c..8a9fea0 100644
--- a/corelib/Makefile
+++ b/corelib/Makefile
@@ -5,11 +5,14 @@
 lib-$(CONFIG_DOWNLOAD)		+= downloader.o
 lib-$(CONFIG_MTD)		+= mtd-interface.o
 lib-$(CONFIG_LUA)		+= lua_interface.o lua_compat.o
-ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
+ifeq ($(CONFIG_SSL_IMPL_OPENSSL)$(CONFIG_SSL_IMPL_WOLFSSL),y)
 lib-$(CONFIG_HASH_VERIFY)	+= verify_signature.o
 lib-$(CONFIG_ENCRYPTED_IMAGES)	+= swupdate_decrypt.o
 lib-$(CONFIG_SIGALG_RAWRSA)	+= swupdate_rsa_verify.o
 lib-$(CONFIG_SIGALG_RSAPSS)	+= swupdate_rsa_verify.o
+endif
+ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
+# wolfSSL does not support CMS in the compatibility layer yet
 lib-$(CONFIG_SIGALG_CMS)	+= swupdate_cms_verify.o
 endif
 ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
diff --git a/include/sslapi.h b/include/sslapi.h
index 12591a3..5336920 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -18,7 +18,7 @@
  */
 #if defined(CONFIG_HASH_VERIFY) || defined(CONFIG_ENCRYPTED_IMAGES) || \
 	defined(CONFIG_CHANNEL_CURL_SSL)
-#if defined(CONFIG_SSL_IMPL_OPENSSL)
+#if defined(CONFIG_SSL_IMPL_OPENSSL) || defined(CONFIG_SSL_IMPL_WOLFSSL)
 #include <openssl/bio.h>
 #include <openssl/objects.h>
 #include <openssl/err.h>
diff --git a/mongoose/Config.in b/mongoose/Config.in
index e315eb2..e0944fd 100644
--- a/mongoose/Config.in
+++ b/mongoose/Config.in
@@ -28,11 +28,11 @@ config MONGOOSEIPV6
 config MONGOOSESSL
 	bool "SSL support"
 	depends on MONGOOSE
-	depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+	depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
 	help
 	   It enables SSL support into mongoose
 
 comment "SSL support needs an SSL implementation"
-	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS
+	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
 
 endif
diff --git a/mongoose/Makefile b/mongoose/Makefile
index 59bf508..851a476 100644
--- a/mongoose/Makefile
+++ b/mongoose/Makefile
@@ -7,7 +7,7 @@ KBUILD_CFLAGS += -DMG_ENABLE_IPV6=1
 endif
 ifneq ($(CONFIG_MONGOOSESSL),)
 KBUILD_CFLAGS += -DMG_ENABLE_SSL=1
-ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
+ifeq ($(CONFIG_SSL_IMPL_OPENSSL)$(CONFIG_SSL_IMPL_WOLFSSL),y)
 KBUILD_CFLAGS += -DMG_SSL_IF=MG_SSL_IF_OPENSSL
 endif
 ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
diff --git a/suricatta/Config.in b/suricatta/Config.in
index 8ae27e2..1e340ec 100644
--- a/suricatta/Config.in
+++ b/suricatta/Config.in
@@ -21,13 +21,13 @@ menu "Features"
 config SURICATTA_SSL
 	bool "SSL support"
 	default n
-	depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+	depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
 	select CHANNEL_CURL_SSL
 	help
 	  Enable SSL and checksum verification support in suricatta.
 
 comment "SSL support needs an SSL implementation"
-	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS
+	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
 
 
 endmenu

From patchwork Wed Sep 16 13:58:11 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365327
Return-Path: <swupdate+bncBDPPPP7KYILBBC5URD5QKGQEUGC6R5I@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::537; helo=mail-ed1-x537.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbc5urd5qkgqeugc6r5i@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=kHlBhFVi;
	dkim-atps=neutral
Received: from mail-ed1-x537.google.com (mail-ed1-x537.google.com
 [IPv6:2a00:1450:4864:20::537])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sX4kdmz9sTS
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:40 +1000 (AEST)
Received: by mail-ed1-x537.google.com with SMTP id y1sf2490539edw.16
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:40 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264716; cv=pass;
        d=google.com; s=arc-20160816;
        b=REmMMTAyNAWUsynTTSNMkMcfoiDosCizxLtfcvek1AMW/dgP8pBwx4Mn0MXldXj8q2
         4RDH7LLCHwyS0B0zD+yxRWfY5pjD/6OY94FunofV3xQ6jpbKOYEN6w+weEHpOUAu56tI
         +jWYYAw4PbxOFE7VbpFFZXRclhnCv8Gz2VmBibil0H30B1FjvfehpL2YUytyhaij0Aes
         +epMKEESvRwH1v8wMiRTIsI6ff/3SAOlsHCO7ySKuROM7YsSiq5G7latY2Ez7k3uN287
         kyQLwW93oO2yUkIcEf8L56Z9k4Rr9Iqu7rIGpvB86hYvU4sLEosnm2pjI6tXWwe7QIRD
         V71g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=6MKUY8ptlBQyCAg6L6al0lYZotEtpy9/lH/l79vZi4o=;
        b=KLlcspY7nNr6ePPKK0O1+ikuKevbWn3d9f2eS2KVrKsuuFN3z/AuFWPM1Bt2GabtpK
         kHhy5eIxH3jj23lZovOk3vuM45/qOUKAGRpUiEsPdLPA98+41LKy+TLo45Anrqrp7km4
         YTLh93MorSHHeTK6zFzCMCRrBWggIw7ef4L1gD8Qw9RKrrY9U6UOAkcSlXpN52tkZF3f
         BPK0q+yQug1Sm01VKZfN/8RY4RGgulum14ly2lPDdv5B5pmRX2gEKAG7mD2la2jRJ/HV
         KkrTDRK4oh6euFDnlf+3WeEMFX+/zHOaGvwL8dgxnfsWp9bwwnq32d+4m0/y7JwCZxx4
         9pcQ==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=qjiol4fA;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=6MKUY8ptlBQyCAg6L6al0lYZotEtpy9/lH/l79vZi4o=;
        b=kHlBhFViyPuphGwteT5yUIW+UqbU6JDN3v4tioRPVPjoZ/Ef500ufEiMUZnCyqUXqw
         NlPDMX4GtzgoUIlhgq/OGQy1TRVd6SG4s4ob8nwvlXWLhJO/lrsoPRQkyoj26/FzX6UX
         wwsXcFscV9Srirh/bUwPYrkcPysJg0DsDBd5POLyH0yMbHGr3VuUoQO81KI/aFP8sZ6I
         Wo4oUZ2MpQK9JISLIXTacSdC8UuiQW3xiLDJIQCAxiJsHRqAa8RaotuQWn4Hd+wNnTam
         EpyPHPURpg6s3u7S/uxTaxUIdC2i41vZTgQIspa1gnJUNvW4ZQt6GJ2NlQDUvkr0Rp3V
         kfiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=6MKUY8ptlBQyCAg6L6al0lYZotEtpy9/lH/l79vZi4o=;
        b=tbM2dDgM09yA8i/D0B68l5vGprBVX2l53YqXpqWAkWGJ89yTXNVwdif2z5dFm8x+Ji
         RMxp52JOcJZnUcWR/nC5mlmDacOsJZfLPpdNpZ6zsPVhq8DW/+R+JwneMfd7eZ3aPwMb
         0Qel5ZTNT3u3e38O1lwEFLFo7NcpBF0GFyLWHV8Yp4/wLLua2TZJbgXlDTVgrYdGMk0y
         psy7lM1L7yN9C44IIkakM8wBfQGQEBt+oJLWHpWJHiwl9laVxFQaWeHqPBXXBbyrW3Lg
         rXqEKt+qEjQKEtbin+ZuLnxQ+AMXGI+/+GOJ4z/006cKO4CCXnA2fgOnCKnRQZky50Yk
         PNmg==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM5318yLcvvru9uX37+siTq2F2ZBVj075JaBQYUd9eutSDfriRvI/+
	IbGRP3eUDzDOqTsKfi642OU=
X-Google-Smtp-Source: 
 ABdhPJyr9hAbOHLpjvMRwGa23Az8kafO0LGkVZkWgS6fXiQOV8xmUB9Z/j4qvAazuJPAtWXJz17W3A==
X-Received: by 2002:a17:906:c55:: with SMTP id
 t21mr26314991ejf.276.1600264716455;
        Wed, 16 Sep 2020 06:58:36 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a17:906:a20b:: with SMTP id r11ls1121740ejy.4.gmail; Wed, 16
 Sep 2020 06:58:35 -0700 (PDT)
X-Received: by 2002:a17:906:9389:: with SMTP id
 l9mr26175381ejx.537.1600264715325;
        Wed, 16 Sep 2020 06:58:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264715; cv=none;
        d=google.com; s=arc-20160816;
        b=XnFESnaVPEM9BtZyVm4HGX3zPAypb7zFK3tpxfUI9Ux2SMIXm5IcUxRT5AUxVDbekn
         ZiFUGgyniRX8S621a/NYtpOYOSJubib2iwkN6DRZZEgVdl0sprXE/cceZ8kYH3c8SF70
         GHLpGyqAwUJfvkd8e3FKl6lv9uRBh1qoGwTYkBDQutAcrQ+wrgnhxrqwpHS95hVm/5Vy
         KHoLIdAZv6q+f0e6BEeuxtZ3ybde1zKecRWR567JntiUgrw7blDXNwcUwuz61jkl9rJ8
         tA/kbMvpI6ogxISygUIq6ewcbn7T+mkgy07z6A/k6/fM9PuqRjNJMfD01i3Gs65QCeVV
         aNdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=vkKXDCpxhsXmzQpHG0xRzlEIhyXPWKRQDTMRNrMi7wY=;
        b=L/wMBnFSd29rwMoij0EVSGeR2ftrlPllNRQveEE6FWB8e0R2+YJtpLlp0Ap0Bxhhrf
         NFbV+6VJKgbCjo3rKSgumdA9dYM6d2yT0v/7I4Au28IQS7Wf+ihuBR9Mekg3QG7J9j0h
         2HAiWV1wWCXKlf3AtSYvzJyRHp50/oBGen3Q9iDPw2HVcurq6/5u8TTz2CTiVTPGP5mS
         jw8rAVUpuhbFtiGIYVCsHvvC4FJDa8NSkGF+PgkqnQiwy/TUGF/m7nKN130Vu/C9csKT
         14WwtBxazCjXKC7eqS+K8vIqR5lObB57Ur5TL9W157jT/V7NZjQdTGqdgZV5n3U8bvHV
         71CQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=qjiol4fA;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 w16si558148edq.4.2020.09.16.06.58.35
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 02/16] Rename wolfSSL incompatible definition
Date: Wed, 16 Sep 2020 15:58:11 +0200
Message-Id: <20200916135825.40367-3-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=qjiol4fA;       dkim=neutral
 (no key) header.i=@linutronix.de;       spf=pass (google.com: domain of
 bage@linutronix.de designates 193.142.43.55 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

AES_BLOCK_SIZE is an enum in wolfSSL.
Rename SWUpdate's definition in order to be compatible.
Get rid of one unnecessary definition.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 core/cpio_utils.c         | 2 +-
 handlers/ubivol_handler.c | 4 ++--
 include/sslapi.h          | 1 -
 include/util.h            | 2 +-
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/core/cpio_utils.c b/core/cpio_utils.c
index e2e857c..f9f5bbe 100644
--- a/core/cpio_utils.c
+++ b/core/cpio_utils.c
@@ -211,7 +211,7 @@ struct DecryptState
 
 	void *dcrypt;	/* use a private context for decryption */
 	uint8_t input[BUFF_SIZE];
-	uint8_t output[BUFF_SIZE + AES_BLOCK_SIZE];
+	uint8_t output[BUFF_SIZE + AES_BLK_SIZE];
 	int outlen;
 	bool eof;
 };
diff --git a/handlers/ubivol_handler.c b/handlers/ubivol_handler.c
index 5cfc0dd..941072a 100644
--- a/handlers/ubivol_handler.c
+++ b/handlers/ubivol_handler.c
@@ -173,7 +173,7 @@ static int update_volume(libubi_t libubi, struct img_type *img,
 			ERROR("Decryption of compressed UBI images not supported");
 			return -1;
 		}
-		if (bytes < AES_BLOCK_SIZE) {
+		if (bytes < AES_BLK_SIZE) {
 			ERROR("Encrypted image size (%lld) too small", bytes);
 			return -1;
 		}
@@ -448,7 +448,7 @@ static int install_ubivol_image(struct img_type *img,
 				ERROR("Decryption of compressed UBI images not supported");
 				return -1;
 			}
-			if (bytes < AES_BLOCK_SIZE) {
+			if (bytes < AES_BLK_SIZE) {
 				ERROR("Encrypted image size (%lld) too small", bytes);
 				return -1;
 			}
diff --git a/include/sslapi.h b/include/sslapi.h
index 5336920..dbdffa0 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -122,7 +122,6 @@ struct swupdate_digest {
 #endif /* CONFIG_SSL_IMPL */
 #else
 #define swupdate_crypto_init()
-#define AES_BLOCK_SIZE	16
 #endif
 
 #if defined(CONFIG_HASH_VERIFY)
diff --git a/include/util.h b/include/util.h
index 9f377c3..d77025d 100644
--- a/include/util.h
+++ b/include/util.h
@@ -23,7 +23,7 @@
 #define ENOMEM_ASPRINTF		-1
 
 #define SWUPDATE_SHA_DIGEST_LENGTH	20
-#define AES_BLOCK_SIZE	16
+#define AES_BLK_SIZE	16
 
 #define HWID_REGEXP_PREFIX	"#RE:"
 #define SWUPDATE_ALIGN(A,S)    (((A) + (S) - 1) & ~((S) - 1))

From patchwork Wed Sep 16 13:58:12 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365337
Return-Path: <swupdate+bncBDPPPP7KYILBBDNURD5QKGQEIRLDIHI@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::23f; helo=mail-lj1-x23f.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbdnurd5qkgqeirldihi@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=c2C6Vpvk;
	dkim-atps=neutral
Received: from mail-lj1-x23f.google.com (mail-lj1-x23f.google.com
 [IPv6:2a00:1450:4864:20::23f])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sZ1Wkjz9sVN
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:41 +1000 (AEST)
Received: by mail-lj1-x23f.google.com with SMTP id x24sf2281497ljh.4
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:41 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264718; cv=pass;
        d=google.com; s=arc-20160816;
        b=rvIYNeNqgOGNG1D+FvK0BoCHgqEQ1hSd9ILJIYmJGLJKt7/toCDSCpWfwS5wNpxpPw
         7Yq03NVJWfqHacIgvtmKdpgPZ1ERpQuC6nhWDF7ivuy+kVJ9IWIiGipQBMYEuZA12A2+
         Y6iF/LaXLpz+ilOjjH0Azdp2ulMP6UfE2Nrl3CgQV8Vey0bnX+d9SvMk7jhJDTHKB+HO
         uWHojcxi29MLcpWuZUjpW7qqK/Lswj7CUIwSxkYxtzUejHCvx/99/eoTmr4yq9gN/tX/
         WhkZuxOWLjPpUyMensuNKorNqG2TZuSORX5wG/+b4bmZ62DGnbEvz3/buq0ff9g7OAk/
         Z0hw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=cwZvL/X5WVZvCgDxGhBWa5qgIBN/VtggYh0ib01oc4k=;
        b=iNe2pI4h/8eCHaw4HPq+gwii3Ny+sFUupRiONgecIYq+SzRBWzpCp/chE4RqRtUXhK
         xuyG+5DNGFIffaFxgjYMaAoQZZ+DDHdMcJ6S6ddfKXUD5I3+MR4uglEhQ8XBACeDICRE
         JvBtEd3YkK4RmFEDURAD4nDDqBeP/T1Pzq7E/fubUCcNb59AwODADn3G5DrbTSbUFQCF
         4Q8sSi/dlxFY0D6+P8vDS8rrg5EtY30DoqRPO/onxisQZQaxCA0xFf+acRZo/nA44VuB
         w5QkPWaUda1EcHajH32Sc5U6Dn2hnI1Qb1GmXBrAg0+6/Llhz18+p58He3m1/VD5p9iq
         XtNQ==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=XxQJolUn;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=cwZvL/X5WVZvCgDxGhBWa5qgIBN/VtggYh0ib01oc4k=;
        b=c2C6Vpvk9gof8AnWVT5wRH99lWvKcFkoMhRhUCw6dflJlWpZ0KG0jWv+JEpIc1IP3c
         G9OuQK3Z07/p6eQLhSW0boLY1QbuAzIfVHJAeTBMfOnT92jkkjnAAHbO+8KZ0SSt6IDc
         Vp9Gwx+s4O5QdHdA25Fm05ukjPdU/lvoHhpiqvCdTHWl3R0Szgg8u/GprHTVC+EDbOOU
         yHs3yCIZoI36ci7eDGzAOz45h1b2SWFgZgzLBnuQpN+FBth81w+uz4IqpZ2SbIiuG0Aq
         z65pjC6swog15dHwR05J4wtGHooFQ2fwWKJ1iEnrOsd5Rr9sIq0RcIfNqgl2AQlXS3dQ
         OycQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=cwZvL/X5WVZvCgDxGhBWa5qgIBN/VtggYh0ib01oc4k=;
        b=DmmGqPYXf8AOcxO79NgWBHry85fgM6/1N88W1TEr6QgajPk86wyoS+OMZGQJ9Ee4PQ
         bEXUuLaBbNoM4l4PJ4WoBhl9juXZpwoqL80FOjMDGguFAz1wnGnVoJvLe/b6kSet5w+d
         xIkUlALSauuoo3lkvVLitpHKoLPctVedIVwzGyxqT7O9cJXLXORQdU4laG2VHEwmHNao
         tsP4cHsxsZWhb7tTCE2oGx1lXH5Qo0k3goleN9UvuJ0DFfG0AvOymtZxPjA8f1BouPHt
         cIBASj9zOkdh5ETdAJ9AoLUxCW0AkMO2VlB1d9ZQqQqvbBr74aMpF35MhrU+HXKYXNoa
         3bGQ==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM533OVvmwiGzkHbGRWYdnxRRCCeiaqnYoXCVn58jHyXJgcQfFBnuY
	KlvM8qo1iy2SckjQbjk6/3Q=
X-Google-Smtp-Source: 
 ABdhPJyov9hXfq8i7rOcB8akBi0+uAzepJg849eDkKxGy+twihY3T/DwKTbPWcnC8CE49XHKNSQKlg==
X-Received: by 2002:a05:6512:214c:: with SMTP id
 s12mr8794734lfr.18.1600264718577;
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:651c:555:: with SMTP id q21ls320851ljp.3.gmail; Wed, 16
 Sep 2020 06:58:35 -0700 (PDT)
X-Received: by 2002:a2e:9ada:: with SMTP id p26mr7922705ljj.54.1600264715702;
        Wed, 16 Sep 2020 06:58:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264715; cv=none;
        d=google.com; s=arc-20160816;
        b=ngP/OtuI5YAgc4cbQRkv8EMLrqjWgz5yNrvW6oNFsn+P3e/Ttsr3LasJ6IFGhrWwJO
         fifgKVhTh0iaFrCnmRxDzFLvkocBiHIzUrg0NWzCI/FTolwWdWkSJqvnTGnSj6znANKQ
         znSgeP6nlHG91nptsPr2quTeomL6w8dQz6au0bPvdF1fopWqRC0io0TwLGg3Vm2ACQv7
         fBQzVFHyN/zvnUny+z0RGi9dvzu3UPImPSJBpOESUofmvmQOG1cbOgRphLEJUmt2nsgr
         tmLtUA6ucXj+rIdiisRAjwG6qfXjDnEKxfj5dZIv5TuZAEisDEdaXC6NZQN3+42XLVxI
         UtiA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=F641eMXijWzXA/3qJMOFD6K+8xDiUWu1bA9X0+KgdTw=;
        b=0UiI/nc0muGRvBRzFT26nIYQ7HYRa6IhjgMZgkw/lVTuR0zUEdqzKYFn4K9v0fYfBZ
         L8qfm65t5/HQ1L3ojcM39AUav+9Zrqk35nVaROPPbC1VAg6w9ahlQM5XpK5ks9V16j4v
         13+bux/aExsApzFHSv/QyoSLjRjMbvY/swLj+MR4WTSoZvcObXmjVSSGoAWR/UtvnhKZ
         bhEqWBK1uHomR2Zgwb1AHEQh61UQacoCnrepN0T8ZB4an82UXFnYWhVNzL3TwnCGmrRt
         M5ADLFLcK1nCGoj1fOKculKiNWvvyxT5OvzSHhR+g653hBZGCC1AOXLmvCXwFE91Yo2z
         7Awg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=XxQJolUn;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de.
 [2a0a:51c0:0:12e:550::1])
        by gmr-mx.google.com with ESMTPS id
 t80si366405lff.9.2020.09.16.06.58.35
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) client-ip=2a0a:51c0:0:12e:550::1;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 03/16] sslapi: Move CMS-only functions to
 conditional
Date: Wed, 16 Sep 2020 15:58:12 +0200
Message-Id: <20200916135825.40367-4-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=XxQJolUn;       dkim=neutral
 (no key) header.i=@linutronix.de;       spf=pass (google.com: domain of
 bage@linutronix.de designates 2a0a:51c0:0:12e:550::1 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

The SSL_X509_get_exten* functions are only used by the CMS implementation.
Move them to the CMS conditional area to be compatible with wolfSSL.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 include/sslapi.h | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/include/sslapi.h b/include/sslapi.h
index dbdffa0..14e4397 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -28,16 +28,34 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/aes.h>
+#include <openssl/opensslv.h>
 
 #ifdef CONFIG_SIGALG_CMS
 #if defined(LIBRESSL_VERSION_NUMBER)
 #error "LibreSSL does not support CMS, please select RSA PKCS"
 #else
 #include <openssl/cms.h>
+
+static inline uint32_t SSL_X509_get_extension_flags(X509 *x)
+{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+	return x->ex_flags;
+#else
+	return X509_get_extension_flags(x);
 #endif
+}
+
+static inline uint32_t SSL_X509_get_extended_key_usage(X509 *x)
+{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+	return x->ex_xkusage;
+#else
+	return X509_get_extended_key_usage(x);
 #endif
+}
 
-#include <openssl/opensslv.h>
+#endif
+#endif /* CONFIG_SIGALG_CMS */
 
 #define X509_PURPOSE_CODE_SIGN (X509_PURPOSE_MAX + 1)
 #define SSL_PURPOSE_EMAIL_PROT X509_PURPOSE_SMIME_SIGN
@@ -79,24 +97,6 @@ struct swupdate_digest {
 #define swupdate_crypto_init()
 #endif
 
-static inline uint32_t SSL_X509_get_extension_flags(X509 *x)
-{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-	return x->ex_flags;
-#else
-	return X509_get_extension_flags(x);
-#endif
-}
-
-static inline uint32_t SSL_X509_get_extended_key_usage(X509 *x)
-{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-	return x->ex_xkusage;
-#else
-	return X509_get_extended_key_usage(x);
-#endif
-}
-
 #elif defined(CONFIG_SSL_IMPL_MBEDTLS)
 #include <mbedtls/md.h>
 #include <mbedtls/pk.h>

From patchwork Wed Sep 16 13:58:13 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365336
Return-Path: <swupdate+bncBDPPPP7KYILBBDVURD5QKGQEMPDDQ7Y@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::237; helo=mail-lj1-x237.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbdvurd5qkgqempddq7y@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=FRGN8VTf;
	dkim-atps=neutral
Received: from mail-lj1-x237.google.com (mail-lj1-x237.google.com
 [IPv6:2a00:1450:4864:20::237])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sZ2RdKz9sVT
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:41 +1000 (AEST)
Received: by mail-lj1-x237.google.com with SMTP id s22sf2272518ljp.15
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:41 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264718; cv=pass;
        d=google.com; s=arc-20160816;
        b=aOaNADXYKelQRf6RoMSOeNSxhhXNVFu1uTB20mQPAGEe6BBs92rvH+PS3hVRZykBPP
         sgqBNeNj6UxHOWJBpgx2Aj+SsjrR6MaU7RUTUqoZRNZbssNIjNFAU2b5xkKonF9r8N4P
         sWeRmAtgpMilQoHwRo4Zi8g0LCIdof3h++EYZqGAwAPO0vaayGDHlNofkqZtRzoj+5ri
         2YKehx8kjcixwXMWXHbbpCDzaYJHsvKepS7NClvnoWuOvK+B5tjv38nIUVH/hp1bcRM7
         hanZM/KloFffX3e9NsKseICh+YnlFFfh4e1gufx5lqNWHqNZpyC0NcOmHmkVpEv67cu3
         owZw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=KbPqB15QZjYnPzC5ksKXFFqo/jqgBEsQadP4jG9Z1Ss=;
        b=Rd7wQsewk1/S9xvr1ySvq62rh89YHC8xAq10gNaL/1rAhXRWDoWxsCbRHZqmcbRCw2
         5AUKvsfXFW9Al11hhb4lpVPZ0D04uC6JBdSbpPKayYN6RIQIurZpy7T1LPIXvKYz0BXv
         wmKTanTRcu9WXKK49/nabb/fx9p8AXLYzKO7qjc2c10J0eqP0YsIICPLD3JMNjDSRknY
         /Bvyb7DpLhuffCHBLFn8ebeVyYvNOa2WyNPqwQhyNijSK2Avn35GbtS4G4q925EeAYhN
         ZmCdp/YLhhl4J93T280+NJA6DHrHnrAzvp3dTuVW7dbiupvZgWYhznt9afw3OxPiUqes
         PuFQ==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=Ki0Q+GLB;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=KbPqB15QZjYnPzC5ksKXFFqo/jqgBEsQadP4jG9Z1Ss=;
        b=FRGN8VTfFd169waGZ3+J4+GCTZUQjQXm/8rJLulyckTk7lPGdAgu9y0WAyNDsnaIyC
         BNgc0mEyC7YtzRccb62sdZMyhf0sAugwYX1c1iXLvqoBKLThlC0kY6AwBhPEvUnAlntS
         2cpkhtFEIUeHv3l7gDVCPE1Z2uxA0M/4QChIxhguV5M36VcJ1WgK+yiDTzAMSvggC2Ix
         +mLske+VwAAv3M2eMpIMMSXQh+uvKmu36NUL76VttmEZeXEwxmf2A9TEyTSPz4DQFm8C
         qagmPlqBgd3BomUG843N7TKIRomX2RfrKI7+iB1qooUcv5V7AEBWTe0nZmCA3X4UF0Kn
         Vo7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=KbPqB15QZjYnPzC5ksKXFFqo/jqgBEsQadP4jG9Z1Ss=;
        b=Os/0V5aP2U7OS2IznKb1yGZNx1pQKt7UpkNst6tgl+WpiDNeppsdcpUYd8fyJZ3zJt
         KyhVchGLqA73/zJtszmUaUDu369UcvxTfSON6/9rgz0JvaF4rk1y2FAcaxH3lZgsGVog
         /nKp2zQNVReVAeN1npKTz05iDJ6Km/lUJBXuraBhfygdFCJTd8997Aj4e6uY5tr902V/
         Otw7gKZQMOVYtYWe8oWwGUeSlySG/DbBOVP7QWSouaJzu/jFqMcO5SHDCkqmvq9tvY6n
         qVNe4H6psk+bzZrD8tTsP68RbxjShva0B3v+3IJHohhAjunmUcXtgLHf3LhKNBExiWrY
         ERow==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM531jeNf9cd4eOiwHd/vuF/1wuOFdXDeCcshXov3t7X/5Pq5yWqgr
	rjEX3oo5mmYcJM1U8+0efaI=
X-Google-Smtp-Source: 
 ABdhPJym5sVGJdkWtfBekUbRWXQ4vxrde8Xx8kX78M33aaoRGs8JuZ3Ez1W9vtPYY+VoX2Ev/qUWDA==
X-Received: by 2002:a2e:8e81:: with SMTP id z1mr4601820ljk.379.1600264718758;
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a19:c7c8:: with SMTP id x191ls65329lff.0.gmail; Wed, 16 Sep
 2020 06:58:36 -0700 (PDT)
X-Received: by 2002:a19:4bd6:: with SMTP id
 y205mr8546317lfa.182.1600264716204;
        Wed, 16 Sep 2020 06:58:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264716; cv=none;
        d=google.com; s=arc-20160816;
        b=aSBP1cwXWvlHiX3HwGyCU+vM5tkZ+S6conTGhYj6L82nhFacJtnXLhC8WTvH8RwP8Q
         jfdlUwBFRlWN0Vza+wfpfxowVVey0P575mf3bTJAPCChNbQunO4/ZkcQPHWnkdnpbPym
         5lph3pkRPaQRgjGcobEca+yO9u49yPgrEcu6WtHmv1RaCWi2eZrV7t0/Ro5vINvdxxm7
         oWjqRMFs2PwKj3UaftsMTzaAjwg88JtGPOX7torK0o5Mbi/114NRozgMVLQEyqbyHO6b
         XS+Wdu7EOkNAvRyzN6UT0YaqYFROwK0esG9eufcc8qLHHep9QROg+auc8PmrxTGexkT4
         dA7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=SjlvpJSMv0bFk3YamMsa/qfej2k046vR1Vy8uFE+MSA=;
        b=zSzIvyLJ16GG3WWd0NV8RAbrQ8kd2EEBZKg8mat/Udu9DHK3ocmhxGhTUnwx/UkPBR
         i+iPywv/rJ2q4VGX3v8jE1qS99FGc3A5pvSA46hScacVzK8zB+52BGlUrxIpCw5uF+y3
         8iwDiWMndWZuW6AyrYavkIbxXS+lJUOPqJVeuWL7EqLZc9iDw2kYK2NQz1WZz6FduIW9
         IGmOl5UHtQyEw4F2WWY0v13BqLsr4e1zCT2LHG2i48OPG8EofwwfKNWwnSzTKSn2SWug
         BkSrs6PDBdWwR2JhkoTSX6H3WqTCp6U7ovH33lR2Pl51EQTCLXOhJ9SBihXY7/OcpDT+
         4pLw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=Ki0Q+GLB;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de.
 [2a0a:51c0:0:12e:550::1])
        by gmr-mx.google.com with ESMTPS id
 h22si553784ljh.7.2020.09.16.06.58.35
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) client-ip=2a0a:51c0:0:12e:550::1;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 04/16] sslapi: Add X509 related wolfSSL definitions
Date: Wed, 16 Sep 2020 15:58:13 +0200
Message-Id: <20200916135825.40367-5-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=Ki0Q+GLB;       dkim=neutral
 (no key) header.i=@linutronix.de;       spf=pass (google.com: domain of
 bage@linutronix.de designates 2a0a:51c0:0:12e:550::1 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

Some X509 definitions are not in the OpenSSL compatibility layer,
so add their native names.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 include/sslapi.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/sslapi.h b/include/sslapi.h
index 14e4397..74bd424 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -57,8 +57,13 @@ static inline uint32_t SSL_X509_get_extended_key_usage(X509 *x)
 #endif
 #endif /* CONFIG_SIGALG_CMS */
 
+#ifdef CONFIG_SSL_IMPL_WOLFSSL
+#define X509_PURPOSE_CODE_SIGN EXTKEYUSE_CODESIGN
+#define SSL_PURPOSE_EMAIL_PROT EXTKEYUSE_EMAILPROT
+#else
 #define X509_PURPOSE_CODE_SIGN (X509_PURPOSE_MAX + 1)
 #define SSL_PURPOSE_EMAIL_PROT X509_PURPOSE_SMIME_SIGN
+#endif
 #define SSL_PURPOSE_CODE_SIGN  X509_PURPOSE_CODE_SIGN
 #define SSL_PURPOSE_DEFAULT SSL_PURPOSE_EMAIL_PROT
 

From patchwork Wed Sep 16 13:58:14 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365330
Return-Path: <swupdate+bncBDPPPP7KYILBBDFURD5QKGQEJCNLLBA@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::53d; helo=mail-ed1-x53d.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbdfurd5qkgqejcnllba@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=Ym8nBbhi;
	dkim-atps=neutral
Received: from mail-ed1-x53d.google.com (mail-ed1-x53d.google.com
 [IPv6:2a00:1450:4864:20::53d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sY1bftz9sTv
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:40 +1000 (AEST)
Received: by mail-ed1-x53d.google.com with SMTP id c25sf2491104edx.11
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:40 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264717; cv=pass;
        d=google.com; s=arc-20160816;
        b=Ty/mxceHupCVYVzOkJJyg3w19DZWOZriLgd6PZmFyXZaex8IiH61G5SiTm2gthChJM
         pl/73NPLv8Da9vKM2X2QZA6M5THrzhidY4ffIFzyXJzm9BDwhD6UxMzhkjQg/NlvuE2J
         aWX0JAJuSy+njcYR9GHYyAQYQwfPoRz9PnVFzVn/Mq5s+qZv/UtHeJf/JXkxCCl+5Vv/
         7VmSzoWdSqbzVlchP8qFNZ6/UvzcP/pCGB6KkuGxesNc7yjPnj/ooKpcyAkqpy90sbUH
         7MsU/6rVzcmRdMJM2arLLuQHWq/4jQCXxQogvZkzfOCU38aO3fr0l0+Y7oKQFTYjEeUj
         j0sA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=CiRi+iJU/zlKntKzGfVLD1jWWjZcNIgWCjIpb10g9vA=;
        b=FY+USHw3/Ug8bt+4VWkyabDqUzapIzuswiiTEYqDEetb8yS9iMwb2RobSIaVkUZc+3
         nt5z+w+dY4O1duxY1vI6QyXXO1k+VvWYKhPsdFEJx+IB1AZ40eYmRFRS+cudVYNbIikO
         qZ6brXQbY+K6Al2wtK+r0SropJ7+7G8fst43ksLK2OX8NaN/K2NezgUFLWDXtVWTkSXj
         mY4t21qsfxyp+n6TbQKejkTP/Iw+mxRdyECvgCZOGsa3cDqi+oWhgDrb2otUY1moNBg1
         hU0TkZMlBBwXxo0XuuViumFI7KymPy6CMrqcp+5Kjmdb0esnqGy4YoQ8GyqmmzKasblr
         mp6A==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b="yZtNoj/B";
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=CiRi+iJU/zlKntKzGfVLD1jWWjZcNIgWCjIpb10g9vA=;
        b=Ym8nBbhi44VO+kGNGu9KLL6aN0dz0pm/A0sogn/MtE7GQe3X0xAlBPx4YVoqZFeBR1
         Bc9CMGwipEM/XGt0KFkrtLoOMeH8ZGjOmHZRc1gOjLeDDGDihnu+qSbyRQUUwHr33Azu
         UBQ10eYcVyWwayojRZlftXF1BGDWzy3aLWdcovOq+n0FhIK9rQDzc3DMMktHUoWEqKmy
         uBM3cBWiJEg7PXHSYtOdL0db6+HO3Y9ZL01XN+XYYS1UQ2SjwhX+6f6PAsheyU2AB1Re
         COCQa3K0D1NytdIerTVji4RTDuqo/b+ode4IFNipEeapRu7faFA9UBYTpVp023tJ/ewE
         Zryw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=CiRi+iJU/zlKntKzGfVLD1jWWjZcNIgWCjIpb10g9vA=;
        b=AjZbPTFmSIgZLY0MofUhvCMYYjux6YSgqdfSElTqt9N2hx6NbbwQOVSnivCHKwijp5
         sYioDnQC6Ufg8o/cBT+WfedzMQ8MlBby+qTYVUXgYZmtLulEXCEqNEYPwgL19h8RouFk
         29nv2M2sck+Dr5QA/BK8vxUwBkQFZLj3JblLLs1dzGUAqw5Ldgs4brFhRL7es8nLoXTP
         hlJUn+iroTUFH+egQ8qDYKXJgBU6ueQ2DP09WbeDkJ7a5UTZBw7ojz6WVT/JckBpNQMs
         ec9sYLWszjsMtEcexQW7SfXERngZyesRWGidl/ik9tSlqEGCyNIMsk5fQGBxLLq9wOaA
         jMdw==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM531gOBtxFW3r4l0mE6cmPDoSKAridYiIRD2xPn+du2CeNe3ez1qt
	0IMY6crSgw6vu/9tguupi1s=
X-Google-Smtp-Source: 
 ABdhPJwZJiuFl7mqc9Ev1Qhw+/FUyJ07NuC0lwtEh5kKjxb8G+r57rN7CbzOelN3C5+qUfqj6aghCA==
X-Received: by 2002:aa7:c3d4:: with SMTP id
 l20mr28290448edr.263.1600264717095;
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a17:906:71da:: with SMTP id i26ls1117792ejk.6.gmail; Wed, 16
 Sep 2020 06:58:35 -0700 (PDT)
X-Received: by 2002:a17:906:1115:: with SMTP id
 h21mr26197267eja.273.1600264715879;
        Wed, 16 Sep 2020 06:58:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264715; cv=none;
        d=google.com; s=arc-20160816;
        b=TvjqyC25Nzon0QBVXfe97CrTZiCD+oykuPz9lhArMuVQlQiUrANbDmazNq+BylNI6o
         xxpw74+BoUX3A7Vt1pgPr3waoy19d2fEi1XkPh80DKMKKZjw4bKrSenhjnxXqukkIyAz
         hVIZTiMgCU6SltDbRp5Kq6zZ4FAjMI0BT8v4GW2PgqnNpQ+ElwAaYeLlpSn93w8sRXW2
         yt2RzqClTs4FKsePrDGMX0vvB8JvtkR2gEI7LXyNFjWfFzosdJ6WrhDgWyd+RKw6bPyw
         PerTB5vtJCLeqhrXkf67VSixzVAJVvUj/XPIYVoHEHXrNtsJuV254x0Kd5TrcsFTs3zx
         UbVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=6PaKo+qvvQ0Vu2/tZExlQ+AF53ztFSgT20Y0FphQVs8=;
        b=KuU1IvX89gf4FsGuk1gKDaUSkYLhZAujXEzrgJYxN0qBfhrHbd+1WeRB82NFt2cRHR
         1zyMZyXqWiHqU5i+Pqji1baay4N5a+jlwFq3Xn8Bxeut1UfVyjq2vghKpLwqthqNLSVk
         Y21CQZbFD5B1GZAjmxPZ+iSFSNN7MxXxy+JqpJcZG1o7MCzxXTGjQQccUo3KvY135Mb9
         aUoWg01ImL84+3QR2NfNfD9xpnEwhbG11fVwx7EFfkr5/qmHu17h9GdUzEb7jNQIXd+H
         Q0T59j8ybmhfSN/gw+h2YHx3ouK11wy/fsKtzXODeJsFFaACbCiz0ms/8queV7Us3OkO
         nS/g==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b="yZtNoj/B";
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 f17si566873edx.5.2020.09.16.06.58.35
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 05/16] Makefile.flags: Add missing wolfSSL
 definitions
Date: Wed, 16 Sep 2020 15:58:14 +0200
Message-Id: <20200916135825.40367-6-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b="yZtNoj/B";       dkim=neutral
 (no key) header.i=@linutronix.de;       spf=pass (google.com: domain of
 bage@linutronix.de designates 193.142.43.55 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

The openssl compatibility layer is located in the openssl subdirectory of
the wolfssl include dir. OPENSSL_ALL is needed to enable some of the
compatibility layer's optional definitions.

WOLFSSL_APACHE_HTTPD is needed to circumvent a wolfSSL memory bug (?)
that is triggered if OPENSSL_VERSION_NUMBER is < 0x10100000L.
WOLFSSL_APACHE_HTTPD makes it raise the number. With image encryption
enabled and this undefined the bug can be triggered by running `make test`.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 Makefile.flags | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile.flags b/Makefile.flags
index a5d3b0e..0ccd841 100644
--- a/Makefile.flags
+++ b/Makefile.flags
@@ -150,7 +150,7 @@ LDLIBS += crypto ssl
 endif
 
 ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
-KBUILD_CPPFLAGS += -I/usr/include/wolfssl
+KBUILD_CPPFLAGS += -I/usr/include/wolfssl -DOPENSSL_ALL -DWOLFSSL_APACHE_HTTPD
 LDLIBS += wolfssl
 endif
 

From patchwork Wed Sep 16 13:58:15 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365331
Return-Path: <swupdate+bncBDPPPP7KYILBBDNURD5QKGQEIRLDIHI@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::240; helo=mail-lj1-x240.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbdnurd5qkgqeirldihi@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=dV/QyG8s;
	dkim-atps=neutral
Received: from mail-lj1-x240.google.com (mail-lj1-x240.google.com
 [IPv6:2a00:1450:4864:20::240])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sY2dypz9sV0
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:40 +1000 (AEST)
Received: by mail-lj1-x240.google.com with SMTP id a6sf2269536ljk.11
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:40 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264717; cv=pass;
        d=google.com; s=arc-20160816;
        b=cSuWbrBFWEzKwJXaqPkHxrzUaW2WasbxRuOGHJOdrU80sl4M5imCjasclb74lsfSm1
         zjIBD0qWaIqatNtKwc85wggi0d7akwMpJvDcOUoovqFJ93zaUjXlBauS4kqowXyvJXVu
         i7I7ZrwAe8OBYR91oeos6MwBHgzlIgJKRdUaRLQlW7DTdMWxHnG6n8wfzH3ETKCPWanr
         C10fJCXzZouPSf992npdnjOWPj23bM3lMlkmfGDx3HC8JpFHtyzOjQB6CH9mqe0Uy3rp
         ay46DEIni+qxP6OXfIQ9DTyJe20GhhEeeSPzkJhIotp4ZFo7dpYAIygllQFiQb/dp+/0
         tbaA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=xK2ceBc5JvpVjeAcEycdRyhKT3xVyZ5PLMdHmBbqBr0=;
        b=nEyaoJyXUmNsLi8iMq7c6JeMK/dBC8IKj7Odx3xnuwrl5hXafuoYBWmFXWRxVbqwOl
         dALXa159lEf2aD9YK2znXb6Dtncqqmae2WdC7dLAWJ/pkxB2XGakpW39gz9MzOIwyJxD
         s8vEChcDQh6jTlGEBDOdC0lB27drTPZ7UXDzEguouHKPnEgvDYSd1sSyGAiRUJ1giev6
         /pD7OxBJJUNSEtaXYoUGLE2sL9ia5fn7SgZGSoGKAGoSDMsOH6bmuKbkcCBuqO4i987h
         dFVpUFexrBoQC6PPhmWzMqpXP7hoRzsWZXm7c9cUTMlHtN8KBY9nq/PXieHm6EOS4r+C
         3/9g==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=INoCjUAk;
       dkim=neutral (no key) header.i=@linutronix.de header.b=cu49CyIq;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=xK2ceBc5JvpVjeAcEycdRyhKT3xVyZ5PLMdHmBbqBr0=;
        b=dV/QyG8s6T5Tmf9hh9rLRdz8fjDLYc/9rZlk1pfx+tzh9kGOWZ4QYxh8Zujt+W/72H
         7zlnJpcI7UgRTdgW+LnXEFujmMucXdTsMs4mnikidyq2L9R50aE8bHKpH7sQcThtEndq
         V4wjgLaDLWYqIlDWkrEbjXX+vimXjkVbo1uuwlSu/f7kRC3IUEa0yUxD1XqMg6Re57y7
         gq3v6k9y1Ab6Kl1CVaz7uItQJwShmqAeqP99oX3lAPwQkaOngnnjgTWxpWzYxt0ynr7q
         YEOgO2IpxyH8lHwRpwaW2KMlapGbpKIbMt5B1Kmvk5sGp1ZtNdMokkNspH6wnikydNB9
         NHSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=xK2ceBc5JvpVjeAcEycdRyhKT3xVyZ5PLMdHmBbqBr0=;
        b=ElBbP6j8pg1hORa8cBIKOTOo3JNQ+t59SkD8yooJml0F0bBuFMwjkBKO1qR54xLwd4
         PL+D5K8RqbQRJseYqV0eM+gcmayOtrq03hjQOe3Ei2Ymh+VyD4bzuqjHX7KMvACps4qj
         TIVtvEOtCt9m5octXPKi+yLO1eiCeRPsIAiw0pKAv5VpUfA6msaOGUmBVVm3yxuDMnU6
         PrTNi6ldAk8MlQbI2eIjXQbbaglsY/eMh7lb0LTQ8fUOYkTkGgto1c2kTQS2a9Rhkjzf
         xRuXxPsWgCjWLygUTWeGDzEF6ezBsGGgnAXf5MW9lh0+WrcnNHul9d893SDh06/JfcDD
         +4aQ==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM532ivGHgcHd8M+JRF6dMFKfHuOJqhKl7Sfisda04jrKGZnQSw1a+
	Dlhh2YEsol6FLDu3Y4O1avk=
X-Google-Smtp-Source: 
 ABdhPJw2Lze4hJPKs1EcVs+r5JK5x+INiwkKYEJBAMFEky9wxYLHb4Dsp706pQyXcMNr28i0cH8stg==
X-Received: by 2002:a2e:a58c:: with SMTP id m12mr9004167ljp.378.1600264717657;
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:ac2:5c44:: with SMTP id s4ls66048lfp.3.gmail; Wed, 16 Sep
 2020 06:58:36 -0700 (PDT)
X-Received: by 2002:ac2:4c88:: with SMTP id d8mr8542784lfl.445.1600264716457;
        Wed, 16 Sep 2020 06:58:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264716; cv=none;
        d=google.com; s=arc-20160816;
        b=vcNfmB8x4oOaHRqWTZ4kIwFJOneIwnIE+riOrSV9PWc5YfNHMZq7kI7rNVeUn+jPr/
         8ncbAIRCnrNaltOiG346/Dl8F0TVAY0+fnCNo7Ojf2cimNiSR4tt6Ptkk7qjiGvJwWWA
         dKXvJU65+I+YR+njGN1KPSzTRh1OoKvm971IY9iYVjQpfzhiS78r+iEGr21+vPlsRAPW
         sYbXChTnrBPDOfSJN6HsJmKXcTV7FJ4GiMiC/O+MFlK9TbvE+dGOoLy4nxx2t9tDkXVv
         AZu27rKGQyafqrBzvTEUhHusWkl3SYUOyzjLwgu454gZVfedWlSp9BFIR4zi1LYfLqww
         d8Cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=Bnv0aPXCnD5M/Ol1eWzNaZEpqgcnHCg9aHciXtA9NCc=;
        b=lg9VWMHj3RSjggcSCLiwqgRLZJ7PpCkyktsV8tZG3V8fFJ6mB+uhCKx5+yOelEknwD
         cEpHYUcfbNjlb7WJuq1rukI6OOnmaT2tvGZwKGiiBR+on8lRTPIEwZ58IMjOJ7oTshaX
         DoLDwluZbFGy4ewucDrWXsU6GzMR3IjryGL6LtpuNwIoThccSOknHD2Fi8iS4hZmQvTi
         JmegdyGDlHGBmkYiMroBA394S3weSBs9tu69nJrZKzEWksR944buM7UDNBoD5Uv2fGBr
         NbXgGJ7PGdNMdoF3P92uHwASIaMXDIk5CbhFc7DVaRbUTvzUR5nR7JbfnKmAn+enfQ8k
         4Png==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=INoCjUAk;
       dkim=neutral (no key) header.i=@linutronix.de header.b=cu49CyIq;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 14si525039lfq.5.2020.09.16.06.58.36
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 06/16] mongoose: Hide deprecated function for
 wolfSSL
Date: Wed, 16 Sep 2020 15:58:15 +0200
Message-Id: <20200916135825.40367-7-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=INoCjUAk;       dkim=neutral
 (no key) header.i=@linutronix.de header.b=cu49CyIq;       spf=pass
 (google.com: domain of bage@linutronix.de designates 193.142.43.55 as
 permitted sender) smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE
 sp=QUARANTINE dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

wolfSSL does not support SSL_CTX_set_ecdh_auto which is deprecated by
OpenSSL. Hide it with an appropriate condition from wolfSSL.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Acked-by: Torben Hohn <torben.hohn@linutronix.de>
---
 mongoose/mongoose.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mongoose/mongoose.c b/mongoose/mongoose.c
index 2f2c4b2..21598af 100644
--- a/mongoose/mongoose.c
+++ b/mongoose/mongoose.c
@@ -4780,7 +4780,7 @@ static enum mg_ssl_if_result mg_use_cert(SSL_CTX *ctx, const char *cert,
       SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
       DH_free(dh);
     }
-#if OPENSSL_VERSION_NUMBER > 0x10002000L
+#if OPENSSL_VERSION_NUMBER > 0x10002000L && !defined(LIBWOLFSSL_VERSION_STRING)
     SSL_CTX_set_ecdh_auto(ctx, 1);
 #endif
 #endif

From patchwork Wed Sep 16 13:58:16 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365333
Return-Path: <swupdate+bncBDPPPP7KYILBBDNURD5QKGQEIRLDIHI@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::33b; helo=mail-wm1-x33b.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbdnurd5qkgqeirldihi@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=TaQYk49b;
	dkim-atps=neutral
Received: from mail-wm1-x33b.google.com (mail-wm1-x33b.google.com
 [IPv6:2a00:1450:4864:20::33b])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sY3yHCz9sVC
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:41 +1000 (AEST)
Received: by mail-wm1-x33b.google.com with SMTP id u5sf1071380wme.3
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:41 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264718; cv=pass;
        d=google.com; s=arc-20160816;
        b=YJIzpk1Iwx0ftZrOFYHJlz9iqeDsdmFSBMKM+FOOfv9rSsbMUHN/C5zSm5+7c+EcpL
         t/TmMBdcGa+CzZvEGxRFn47s2AqqaK1LggKRS/FWX/t1QMppITB83OwBBnJqBQEEeYTJ
         g0W1L9pinTjEk8bd/dzR2Dy4uSIImv3tQecJ0Erc8qVZFrGBTcMyFNjUiuxigiAAPKxs
         oZ+ctpKMAiJ1hTMOX2Ek78c7lHmXmSJKlhjFD3GJAea8I+6N5lODfj58IpVrUjfQk822
         GorzOoE0zJcGZGXL4Yezq05jii+549l4E331RBuqBLlnSoR7Ci9CH3oAKJE6jMISAs2Z
         XAsQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=hoDtibDjmV5TzZWKZTB3Tlh9expY3y4X2xM6GcseQwM=;
        b=qZUIe/rOtDRTbIA8BbR0+zyZ8jkWtj0OOSMHtqSGFUgV0sSOTfaguikgXhShqJa/eT
         2DSqtSAJIiabro4lKLJVzqUGGSuLvvIcWmcPsALiLX5IoQLyYRKJcGumy4sxQALDvdGr
         3Zxry4evRamgudGLgjHOEHYGcPhaTEh0jq4348nzb1kO7DCqT9+TWx2vwTHW2CupwESd
         pTCyxaj4NMzXEs8Nlq5AV6rRYBXTPOe6yPbLecTrk6T2hPGAeBxeco5F/3VqXO1+2vbz
         kvOEV/hXuJisnxnnoL7dUDdRrD5xapMiFSgYMDAgl2EnE5iw14Qcf2smX6PN/lcbUXpr
         u4Xg==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=Dy95xJFq;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=hoDtibDjmV5TzZWKZTB3Tlh9expY3y4X2xM6GcseQwM=;
        b=TaQYk49b/jhFEEnSxirizkJliMbMKYh7BMHP3DKiowCiwTgX8SCeL4v6neNhilM31A
         YQ6UpPL51PBokc1AUgB/yh2AwL/YNNypJAMBeMYIo96+vIoOyb7HkuhT7Gnh2cbJIeBO
         iZt5TTp/nRiwmLIyzuQxhxyb/9xdmF9JE1IRS2Km+n1DBfJSuyqlfPWg6plc2bRdVwc7
         vSg7yApbHT2C9oxFB1KRU9We+riBMJTeH1PATngb+RFG/2t4CKkxMkfMbyY7iluOW/H1
         wS3y8V2F0ljLdX7mavZBp3rZeKw7hRNOsPpC7gUuEEy8naVXyY/M78ctGISuIPBV7+y2
         0wQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=hoDtibDjmV5TzZWKZTB3Tlh9expY3y4X2xM6GcseQwM=;
        b=lIzyqBd/wptGDaM0BVffaeVcsIkp84bD/Je6MdJJb/kh5zBzvYTalGjd/wower9Xou
         hpbey7vkO/9YNZZAw1F6Va+4EhX3W5w1t9BPZalqyiHLnUlw1waoN55FL7/Q1HDJX1Yq
         SCTyPbp+fydWJD/bexBZWNwkPeyujFTaChby3prCDD5LJt8DeU8PRK/DNL4wOARNLeiA
         RrB38oar+AVzajKabPXL5T1P27sVzdyFALX3Wy5L++C9LrW4xPS8ErgDNxVD5RZwCfvt
         JI8ETy4ywKTJIBlO79ynOTjWMCk05eNGuBGDaluzDVOfcYE+juW6an7dtGNtidYwr+P7
         n53Q==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM5320xiZYBZ8FmTPcJ8oETim5aZJep6bH3ptAw3fJbOOs7yBX7EYM
	Z7KXUiFoBah+fB0+TTyRN7E=
X-Google-Smtp-Source: 
 ABdhPJx4osGmd9c63XwXqkMsNsLu4f5TC4G4D+io+koN2fGPLVA4QS3nopT3WP2lCrwhotIJp7HGww==
X-Received: by 2002:a1c:e1c2:: with SMTP id
 y185mr5091857wmg.182.1600264718092;
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:adf:dd0a:: with SMTP id a10ls2595505wrm.2.gmail; Wed, 16 Sep
 2020 06:58:37 -0700 (PDT)
X-Received: by 2002:adf:f24f:: with SMTP id
 b15mr28939192wrp.301.1600264716567;
        Wed, 16 Sep 2020 06:58:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264716; cv=none;
        d=google.com; s=arc-20160816;
        b=evD+QvVofhkNMF1HwqRLkyd3sFF7Asm8F5QSHtJFWby9DNUuoy74GtMYxXxY7kzUqg
         BgHmbNG4YaCSrUYdmFXBarqx979Rrm1thUzrV1phDCoe50lebO3Evyx8snYPaPMpm9He
         D0bEXTmoAK/hyNw+oOy+/oXwr2aFF8teJQ1CTjluiXkThmXeZNIsWH9baFPPH+e8lJtB
         VCUfgs8Bq+kd+Rsasx4xtrGqqXEJz34MpfpvVxYc7JWr3DXaSATD0iZdGcgM9KmfsxIf
         T39usjf7XAoBAGBWDrQ3jm8FqfGsPjNa0zrpU2srZkTu/9Oz+JlCL5lIwJTTcwsANfO8
         /32A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=HDNZBjvnRO13/6n07uMZX8GGyqfC7Pwr6odMXqLKzC8=;
        b=y4nhUUJ0N8Ml+iJ6lS2HRlTXzYcPRS5LkrguxKb+PqaCib65ddpy9OgerTClxDgelu
         Aqntc42VRfQ952q5dNqTx8TJLNHOJDnNY1bvCNZIW3fRK1P/1jR4pyVLiIDrq5j5Ga+c
         xOHWPY/ddL02XwuRfCOkmEPRxvZT6olIbhoHmk85xeNE7M5lCHA/S2oYWp7Dh02WvjI3
         P9aISWsdckv253EqoUHrz1ovyFWSuhEyu+RyGZcc7LtaIbf9/MsfpJBgXnLOQAHKxE1g
         hfwAtttnFzv2Z7RKbYnf3rM0R/fi4yc2eoRD6kF+v3Iora7qUaBpziKWZwU7lc9DWMhx
         bnkQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=Dy95xJFq;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 s16si83900wme.2.2020.09.16.06.58.36
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 07/16] sslapi: Add wolfSSL compatibility macro
Date: Wed, 16 Sep 2020 15:58:16 +0200
Message-Id: <20200916135825.40367-8-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=Dy95xJFq;       dkim=neutral
 (no key) header.i=@linutronix.de;       spf=pass (google.com: domain of
 bage@linutronix.de designates 193.142.43.55 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

The EVP_PKEY_CTX_set_rsa_pss_saltlen function is not implemented in wolfSSL
even though RSA PSS is. So define a compatibility macro for it.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 include/sslapi.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/sslapi.h b/include/sslapi.h
index 74bd424..97e1f5c 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -58,6 +58,8 @@ static inline uint32_t SSL_X509_get_extended_key_usage(X509 *x)
 #endif /* CONFIG_SIGALG_CMS */
 
 #ifdef CONFIG_SSL_IMPL_WOLFSSL
+#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) (1)
+
 #define X509_PURPOSE_CODE_SIGN EXTKEYUSE_CODESIGN
 #define SSL_PURPOSE_EMAIL_PROT EXTKEYUSE_EMAILPROT
 #else

From patchwork Wed Sep 16 13:58:17 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365343
Return-Path: <swupdate+bncBDPPPP7KYILBBD5URD5QKGQENBZLCUA@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::13c; helo=mail-lf1-x13c.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbd5urd5qkgqenbzlcua@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=Go3DFdnH;
	dkim-atps=neutral
Received: from mail-lf1-x13c.google.com (mail-lf1-x13c.google.com
 [IPv6:2a00:1450:4864:20::13c])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sc1fGNz9sTv
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:43 +1000 (AEST)
Received: by mail-lf1-x13c.google.com with SMTP id 23sf1174098lfy.15
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:43 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264720; cv=pass;
        d=google.com; s=arc-20160816;
        b=cUUbFBoSYG7sk4OhIGkBEM7gQ0eAHwb9x9/PaZIg8IdySw67PpjqnwCh/PdQCHkGcL
         zP0KI2YjEJYdBDJiU+BCzbMIWxdTUNpET6/oL9Atv1oUVCWNw+mmBUMXL1oGFZcud53k
         g4Rmx2sdG4jlj3+Umpp78gQaoewPNR10JdrRbStqpop7w+j7zJF6h4Ay8C/TWrSKOO+d
         ffsu+zGEKepOZH4XKRTnVw5vRXPdRbyUm2UgJHikL0DxEE0oAwP7TWjiShowLy+ZncpP
         ArTNanUnVD6CXJs1j3pkCB94fRjteUBEZkWR6s/kqxfHD9nwBfN4cRxd+X0cAMxKpf0O
         X5AA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=RiWNm2xoO/kqrwlpJ4EtWyX0dBgkvCCPtzlxCZPNTlI=;
        b=VKvkBGirtCAK2/npOjeBuli5gIzi/wwtLFqKZGWs/vqXmADaPFA3vgnp2FKgmrlfbp
         UHyc8uI05zomVpuaMClt7gH8nDLDcjuswQZoIyPFKOMBjrwxrqhpgsgj9Nthw5bI7Zzt
         hn6sIu8EMLuKqC5QDeFhXTfXzPEmxSbDmCBgKYT/YpsaOgIzZ8pzldNPmajqSmFeC7ZK
         koiT/hoRJvuV+Ugd9AUWJAZwz78iaP23INRjJozPcgTi+8WA15pigeEK4Sqbnq0BydNy
         r6Oq2+MBr0w30DfAYXfhcRkqLx0bas41/iEfd5eu5dOOSAy8bnMH2II0MDrQUVHRmtYr
         XNyA==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=U13iUQZb;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=RiWNm2xoO/kqrwlpJ4EtWyX0dBgkvCCPtzlxCZPNTlI=;
        b=Go3DFdnH7MiSD3zuA3QIwB653Y6DviTJq5XpJefCICuaBrpxTpQKXAlUjmMgjr7Ele
         N97xOg2FIC/Mbm8Uh2RDxLLopep8/+AkiqkbjphOddGjAdLVJhJ5CFuWDyL1nvje6b5F
         58T94mRZM7DKmVan7qemS2Bv8d2HqcweKLFYxkDc4HqH34LdtCRS7rjL4tRsbBLJIFDf
         0HFJoeWu0117Xrgz0OU6xH+ZzNDvvY/dzbtSZXBbsZTRIXAUnvBHVJcFAxrvX9xHPGN5
         TpJhciyWPMzaimNm+1ZlaZRKm2yobMzdZqxoK2oDaqJfg0aAFrnhwKsoDd+OERjq1lH/
         8vow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=RiWNm2xoO/kqrwlpJ4EtWyX0dBgkvCCPtzlxCZPNTlI=;
        b=oG+M3xxTmC9QbrQ6HEFxQWyG6tZOrrDivr8czsPONG8wWD1qvRNae+tUQal612ThId
         0EJmjC5AJ5fL14gAqkheI6SovgDZdM4rhZmHpEK+rMmnukXL1pgRPMOPOSMOsVH5OdZL
         jbYE2guyNaZ0zpOVkdb+V0+Ezwq87b7hOYgtaASAhR3rdJ7dHwUeh8qqbUTgs8yIwr8x
         ruLKzh33TMSmmgQCbEKZLO9oessgm6nl9GFLaHrzcSCK6eOuBFD+H1B4JnL6ito2ysvi
         k4cEIMNvb+jChEmlDKhlz2ePi/vQEL/iHSf1oemRj/6mBU+u7cVFqeUinVhcMxJmeLCU
         dn/A==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM533oRqKvZPkYDi21uwv66IChgHuZ5xDAFUIpKg7WId1sgys25rKV
	5dVJhpo/Caqis5CUCbtvkoY=
X-Google-Smtp-Source: 
 ABdhPJxoL1oIIHvwKzTFLHh84KQ+KxZ0ivt6AFqJSdRZZD7TUsOq8BL22xhvOLo7H/gcwmurUhuGJw==
X-Received: by 2002:a2e:a48c:: with SMTP id h12mr9302826lji.221.1600264720116;
        Wed, 16 Sep 2020 06:58:40 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:ac2:544e:: with SMTP id d14ls66232lfn.2.gmail; Wed, 16 Sep
 2020 06:58:37 -0700 (PDT)
X-Received: by 2002:ac2:4477:: with SMTP id y23mr8390856lfl.378.1600264717434;
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264717; cv=none;
        d=google.com; s=arc-20160816;
        b=G3xB7vxRbxKVHFIM5+hOjTJ9zbx2N/yhm2tx9xRvoBwf8BtVQvqRA4Jk8JGZ/V3QHs
         0zwtSGVPxFh62VRMxLhIf0dDFgC2qTGhg8kUeOqAQzCbrwrQ1yXDLl+nS/fCtpSNAIeI
         qE6NJ6G29gg5+hkIc9wncMyYmeLT7kS3p50l1TGQnj+8KwwCaXG5SJium4GDetUPCCzE
         UQpIcjBRE3uXuiaH28uCnWsnsZuSizQk80aNSeIUffqKOwNMzpbyyLd5eYlteFo2UEoC
         2BHiszQlYDmyRlkMkipQL+/K2kzO0O6F+IbDxuKZ75h9IhYHwp6jzWYMaG0uueS+3v/9
         OlzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=ioWrTMm4S4vy4mUot02cRx345RDEhCotJP6DoF9X0MQ=;
        b=Udqyv6uuAukxs5n5+DeOutUQ2qZ5KE4/vsXUy069zcq2qjlrUp7w4Zd2TF5BC/HT4R
         3nCa005bF0NQG8th+4vOyaSV/MT8zJsnMCvPbBgdv1RFzjkkZ2SS+jwcR4qnuNKKmoq4
         O//Gfc1ShoIHCUBiMvqYFZofiBHRKFyOqoe97Py0fcAniOctT9x5pNlzc42YnaZVahWd
         0cwRinp4ZiGXAyP+z2AIOBXGjonW3T907uzOPBe3TdpWI5HRflh8idQ5e0Qhqk01ZOH+
         WmQk0aHsNhSoX0elzVmYIGgDwdkG9QCIwtYNNlNXpG5EEf74jFGHgrw8+Tz7SsQnpjf8
         yQDA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=U13iUQZb;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de.
 [2a0a:51c0:0:12e:550::1])
        by gmr-mx.google.com with ESMTPS id
 m11si310963ljp.6.2020.09.16.06.58.37
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) client-ip=2a0a:51c0:0:12e:550::1;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 08/16] pkcs11: Implement based on wolfSSL and
 p11-kit
Date: Wed, 16 Sep 2020 15:58:17 +0200
Message-Id: <20200916135825.40367-9-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=U13iUQZb;       dkim=neutral
 (no key) header.i=@linutronix.de;       spf=pass (google.com: domain of
 bage@linutronix.de designates 2a0a:51c0:0:12e:550::1 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

Add a PKCS#11 implementation for encrypted images. This replaces the
image decryption once activated. The interface stays the same but the key
is interpreted as PKCS#11 URI, which is first parsed via p11-kit. This
seems to be the most advanced parser implementation out there.

For the PKCS#11 abstraction, wolfSSL is used because it has first-class
support and AES is supported well, as opposed to OpenSSL that needs an
engine loaded at run time with the most prominent PKCS#11 engine not
supporting AES.

wolfSSL comes up with the concept of a crypto device that you register so
that the normal AES operations can be outsourced to them.

wolfSSL does not implement PKCS#7 padding in the AES operations, which is
needed because the encrypted images use it.  Implement the unpadding in
swupdate_DECRYPT_final which operates on one block that is remembered from
the last AES decryption.

The decryption and PKCS#11 handling need context structs to live during
all decryption steps. Extend the existing decryption_key struct with them.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Acked-by: Torben Hohn <torben.hohn@linutronix.de>
---
 corelib/swupdate_decrypt_pkcs11.c | 183 ++++++++++++++++++++++++++++++
 include/sslapi.h                  |  28 ++++-
 2 files changed, 208 insertions(+), 3 deletions(-)
 create mode 100644 corelib/swupdate_decrypt_pkcs11.c

diff --git a/corelib/swupdate_decrypt_pkcs11.c b/corelib/swupdate_decrypt_pkcs11.c
new file mode 100644
index 0000000..1ca0a93
--- /dev/null
+++ b/corelib/swupdate_decrypt_pkcs11.c
@@ -0,0 +1,183 @@
+/*
+ * (C) Copyright 2020, Linutronix GmbH
+ * Author: Bastian Germann
+ *
+ * SPDX-License-Identifier:     GPL-2.0-or-later
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "swupdate.h"
+#include "sslapi.h"
+#include "util.h"
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
+#ifdef DEBUG_WOLFSSL
+static void wolfssl_debug(int __attribute__ ((__unused__)) level, const char *const msg)
+{
+	DEBUG("%s", msg);
+}
+#endif
+
+struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *uri, unsigned char *iv)
+{
+	struct swupdate_digest *dgst;
+	const char *library;
+	const char *pin;
+	const char *msg;
+	CK_ATTRIBUTE_PTR key_id;
+	int slot_id;
+	int err = 0;
+	int dev_id = 1;
+
+	if ((uri == NULL) || (iv == NULL)) {
+		ERROR("PKCS#11 URI or AES IV missing for decryption!");
+		return NULL;
+	}
+
+	dgst = calloc(1, sizeof(*dgst));
+	if (!dgst) {
+		return NULL;
+	}
+
+	dgst->p11uri = p11_kit_uri_new();
+	err = p11_kit_uri_parse(uri, P11_KIT_URI_FOR_ANY, dgst->p11uri);
+	if (err) {
+		msg = p11_kit_uri_message(err);
+		ERROR("PKCS#11 URI: %s", msg);
+		return NULL;
+	}
+
+	slot_id = p11_kit_uri_get_slot_id(dgst->p11uri);
+	key_id  = p11_kit_uri_get_attribute(dgst->p11uri, CKA_ID);
+	pin     = p11_kit_uri_get_pin_value(dgst->p11uri);
+	library = p11_kit_uri_get_module_path(dgst->p11uri);
+	if (slot_id == -1 || key_id == NULL || pin == NULL || library == NULL) {
+		ERROR("PKCS#11 URI must contain slot-id, id, pin-value, and module-path.");
+		goto err_free;
+	}
+
+	// Set up a valid PKCS#7 block plus one state octet
+	for (int i = 0; i <= AES_BLK_SIZE; i++) {
+		dgst->last_decr[i] = AES_BLK_SIZE;
+	}
+
+#ifdef DEBUG_WOLFSSL
+	wolfSSL_SetLoggingCb(wolfssl_debug);
+	wolfSSL_Debugging_ON();
+#endif
+	wolfCrypt_Init();
+	err = wc_Pkcs11_Initialize(&dgst->pkdev, library, NULL);
+	if (err)
+		goto err_msg;
+
+	err = wc_Pkcs11Token_Init(&dgst->pktoken, &dgst->pkdev, slot_id,
+					"unspecified", pin, strlen(pin));
+	if (err)
+		goto err_msg;
+
+	err = wc_CryptoCb_RegisterDevice(dev_id, wc_Pkcs11_CryptoDevCb, &dgst->pktoken);
+	if (err)
+		goto err_msg;
+
+	err = wc_AesInit_Id(&dgst->ctxdec, key_id->pValue, key_id->ulValueLen, NULL, dev_id);
+	if (err)
+		goto err_msg;
+
+	err = wc_AesSetIV(&dgst->ctxdec, iv);
+	if (err)
+		goto err_msg;
+
+	INFO("PKCS#11 key set up successfully.");
+	return dgst;
+
+err_msg:
+	msg = wc_GetErrorString(err);
+	ERROR("PKCS#11 initialization failed: %s", msg);
+
+err_free:
+	if (&dgst->pktoken)
+		wc_Pkcs11Token_Final(&dgst->pktoken);
+	if (&dgst->pkdev)
+		wc_Pkcs11_Finalize(&dgst->pkdev);
+
+	p11_kit_uri_free(dgst->p11uri);
+	free(dgst);
+
+	return NULL;
+}
+
+int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf,
+				int *outlen, const unsigned char *cryptbuf, int inlen)
+{
+	unsigned char pad_buf[inlen];
+	const char *msg;
+	int err;
+	int one_off_sz = inlen - AES_BLK_SIZE;
+
+	if (inlen < AES_BLK_SIZE)
+		return -EFAULT;
+
+	err = wc_AesCbcDecrypt(&dgst->ctxdec, pad_buf, cryptbuf, inlen);
+	if (err) {
+		msg = wc_GetErrorString(err);
+		ERROR("PKCS#11 AES decryption failed: %s", msg);
+		return -EFAULT;
+	}
+
+	if (dgst->last_decr[AES_BLK_SIZE]) {
+		// This is for the first decryption operation
+		memcpy(buf, pad_buf, one_off_sz);
+		dgst->last_decr[AES_BLK_SIZE] = 0;
+		*outlen = one_off_sz;
+	} else {
+		memcpy(buf, dgst->last_decr, AES_BLK_SIZE);
+		memcpy(buf[AES_BLK_SIZE], pad_buf, one_off_sz);
+		*outlen = inlen;
+	}
+	// Remember the last decrypted block which might contain padding
+	memcpy(dgst->last_decr, &pad_buf[one_off_sz], AES_BLK_SIZE);
+
+	return 0;
+}
+
+// Gets rid of PKCS#7 padding
+int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf, int *outlen)
+{
+	unsigned char last_oct = dgst->last_decr[AES_BLK_SIZE - 1];
+	if (last_oct > AES_BLK_SIZE || last_oct == 0) {
+		ERROR("AES: Invalid PKCS#7 padding.");
+		return -EFAULT;
+	}
+
+	for (int i = 2; i <= last_oct; i++) {
+		if (dgst->last_decr[AES_BLK_SIZE - i] != last_oct) {
+			ERROR("AES: Invalid PKCS#7 padding.");
+			return -EFAULT;
+		}
+	}
+
+	*outlen = AES_BLK_SIZE - last_oct;
+	memcpy(buf, dgst->last_decr, *outlen);
+
+	return 0;
+}
+
+void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst)
+{
+	if (dgst) {
+		if (&dgst->pktoken)
+			wc_Pkcs11Token_Final(&dgst->pktoken);
+		if (&dgst->pkdev)
+			wc_Pkcs11_Finalize(&dgst->pkdev);
+		p11_kit_uri_free(dgst->p11uri);
+
+		free(dgst);
+		dgst = NULL;
+	}
+
+	wolfCrypt_Cleanup();
+}
diff --git a/include/sslapi.h b/include/sslapi.h
index 97e1f5c..5a3236a 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -18,6 +18,16 @@
  */
 #if defined(CONFIG_HASH_VERIFY) || defined(CONFIG_ENCRYPTED_IMAGES) || \
 	defined(CONFIG_CHANNEL_CURL_SSL)
+
+#ifdef CONFIG_PKCS11
+#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/wc_pkcs11.h>
+// Exclude p11-kit's pkcs11.h to prevent conflicting with wolfssl's
+#define PKCS11_H 1
+#include <p11-kit/uri.h>
+#endif
+
 #if defined(CONFIG_SSL_IMPL_OPENSSL) || defined(CONFIG_SSL_IMPL_WOLFSSL)
 #include <openssl/bio.h>
 #include <openssl/objects.h>
@@ -74,7 +84,13 @@ struct swupdate_digest {
 	EVP_PKEY_CTX *ckey;	/* this is used for RSA key */
 	X509_STORE *certs;	/* this is used if CMS is set */
 	EVP_MD_CTX *ctx;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#ifdef CONFIG_PKCS11
+	unsigned char last_decr[AES_BLOCK_SIZE + 1];
+	P11KitUri *p11uri;
+	Aes ctxdec;
+	Pkcs11Dev pkdev;
+	Pkcs11Token pktoken;
+#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 	EVP_CIPHER_CTX ctxdec;
 #else
 	EVP_CIPHER_CTX *ctxdec;
@@ -119,9 +135,15 @@ struct swupdate_digest {
 #ifdef CONFIG_SIGNED_IMAGES
 	mbedtls_pk_context mbedtls_pk_context;
 #endif /* CONFIG_SIGNED_IMAGES */
-#ifdef CONFIG_ENCRYPTED_IMAGES
+#ifdef CONFIG_PKCS11
+	unsigned char last_decr[AES_BLOCK_SIZE + 1];
+	P11KitUri *p11uri;
+	Aes ctxdec;
+	Pkcs11Dev pkdev;
+	Pkcs11Token pktoken;
+#elif defined(CONFIG_ENCRYPTED_IMAGES)
 	mbedtls_cipher_context_t mbedtls_cipher_context;
-#endif /* CONFIG_ENCRYPTED_IMAGES */
+#endif /* CONFIG_PKCS11 */
 };
 
 #else /* CONFIG_SSL_IMPL */

From patchwork Wed Sep 16 13:58:18 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365335
Return-Path: <swupdate+bncBDPPPP7KYILBBDNURD5QKGQEIRLDIHI@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::440; helo=mail-wr1-x440.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbdnurd5qkgqeirldihi@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=r8V6bkk1;
	dkim-atps=neutral
Received: from mail-wr1-x440.google.com (mail-wr1-x440.google.com
 [IPv6:2a00:1450:4864:20::440])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sY6khDz9sVM
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:41 +1000 (AEST)
Received: by mail-wr1-x440.google.com with SMTP id d9sf2579061wrv.16
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:41 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264718; cv=pass;
        d=google.com; s=arc-20160816;
        b=WBLbfSNDfwYzayPtUI39u1ZvMP0JfkKvqbaFKYlJUyqQF+mawokxuPWX+gVVHD0pQV
         uba36IFLpzV8F+WDpG7BUtBnlTPZnH1exX07rA0Ium5apLli+a+672dhmibw0EmS9sZo
         7sN9HMxL5cAauTNEGmKwISt3DVrbt+CGw2Du6VY1oIpZ2WmboPbboAVAQE/9KiALWrk7
         1/vJuichi4C4DR4aiLwKyBRer4WaD2i3G89/XUQNsAn8ZyJvi59GJe86i3PFTOEjaOov
         XsSYsAm8Cru/0RQSn83jHHRgKE688lPOVBKpjC0aCJeTCwogw+lQvxuQGYpW6QzRFbfh
         OXrg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=vLUqLL+r/5nfSDJMijLUCuPV90ZRcxN69X0eyfFHpQM=;
        b=tsQBa5ShSErlgFvFlD5IVGWK6qCYvKHOFx8KILY1xQsAjI4dKBpACWd4ALHzPUFO/N
         hFNP/ivIB+SXBEGbBTHptivsdmapE8q9UO4SQzDxaw2xwg3xCqHhNEOQ3uMtuY3LxTBb
         8Pv8+gHHeDAsnQwVCI6GdN49VBpNdUZzjQF0bcdlB0cCoO9XymdkgkVFbsosRsD8lhig
         Jo7oF21hQlb9hyzPDhgM1b46d+x8nhyWq+0GpLmhoSumA83jsN3YSJfacmTYv/OwF2h6
         noTshqO0oSy/0TdFfngyz+qtBMDPZzzFeJyGDFrQQ4S3K8Vwrm6VcKifBo2YsvRxiK/7
         Mz/w==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=kAKR3k9U;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e
 header.b=65KsakF0;
       spf=pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=vLUqLL+r/5nfSDJMijLUCuPV90ZRcxN69X0eyfFHpQM=;
        b=r8V6bkk1RtdSx4IrXfR1WYvIXFscOlRa+isAFv04jVOHYRNVrrQJYrAHPvCk/H4ZUv
         vYYWRWJA70VCKwgGKKXLS/J8+RO+lxMMruGWwd5H4M4kiQlhV2O7SE9Rq8Dh97hRkPic
         pPKPa6j84qhaJqDexX4BOjoCmPnG1Z3Z0TIdaOB+zMc10AHNyZXQcgHhjkUeKjp1jRCK
         sfhdTZBc1w+fuw/hdD1klTXxfh5ExscjdVNnuzR8vJCBbZ6w6c0l5h5sGBBJHojZjK5M
         ekgaXY1adjrWWpObCn7OFh/cRc1b+ILqfYIVTy9qPajevp/WbKjn4N6WusgRRC+AQwtt
         LDMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=vLUqLL+r/5nfSDJMijLUCuPV90ZRcxN69X0eyfFHpQM=;
        b=oDD94tFfXqUifph4Er6vk/AlM4PCQHPlbb6GWlLV5KogRsRyOAbpIM5pn0xOEmAqie
         51CGZHrk9ahCym7bKJ/d4rXqljZAPaI/xhhmMji6rBUdSOSnPgSjdiM+pPrhlXGLo2LN
         ihMBbVyiv+iyabR9pYLBO2W2cj4PvLidg1PwJnSbkftJfNFiHcsLiGwVeX40f8t1Qr4f
         DWaPsgFgNEamcEanxQjxfKd8ZTBTvQiseDeQOJ0LOoOb99HddDkyXOuZcAAzsm0kjk8S
         WZKWSOAgIgkOOS6dQq94p5/QrmWkca5EpNFBicU29Q4ZqesN9M23yMnbGRhsQWJ/X15+
         8WAA==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM532Vkg9rugKRXU4mA3ak/GP9MSRVQvcfRbsDtlRsbwm2TwciMZso
	lErNg7AdjtU0Vn9uhkzAazo=
X-Google-Smtp-Source: 
 ABdhPJyAoR96GGBpGYzAVxZCbr5OTvyIRUhOqR4YTXldlPwn4xbNdERVltyyJctRqMj/1T7sKYyIMQ==
X-Received: by 2002:a5d:43cf:: with SMTP id
 v15mr29232195wrr.149.1600264718212;
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a5d:428e:: with SMTP id k14ls2602492wrq.0.gmail; Wed, 16 Sep
 2020 06:58:37 -0700 (PDT)
X-Received: by 2002:adf:f207:: with SMTP id p7mr28820389wro.152.1600264717169;
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264717; cv=none;
        d=google.com; s=arc-20160816;
        b=ksRefQLwZ9pbvoTrgsBFJqnuxCmI3uud/jtKiAJ6gNlMdERoUNSzKtzod/GKlc0rxO
         q2F2ZeNk5Q+KA/9ZNXkQTGEmcbEBWy1hOh9mmYs0DeXqlWg5JHRUlklND43Kg5jkLgKH
         u1DhBW7jMgQyxC6JVgS6+shBI2TD2qNid4Jt7UxIPqWU4Ev2NKo3A/VhRE80OTZK1H3t
         bdBQOXbdnxKt3gFVkoAbppuGt5rydNmiKzDbYxd3a7rTRIIQBtHr2tbkIC4VBGZiSXf3
         UBpBpy6LEypEWlbRZvPF61rzwPhD/MHNg9VBugegumfhA2kOuk0H99EY5if9OEhC4w2W
         +loQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=qmGLMcANH0F5HfFa8ea57lm78Xe3ksBJajgO6ZhDyZg=;
        b=TJhRLj1RJ3FIjRe3peiFRAnFzFRjceSWUMoI7fwPqvvLKZW4j7s11yqEkw4stQvwzC
         Vu+LjE6zK6l4HXs+KkrIV91nn2kk7ebDjhZ3/vCPmYt5pmEA/tjpWUlsDErxuiz37nT/
         21wAL69qLRcGdw/mewCJGWdyaQxnKegm/8RwXdAz45fFju0wuJpvtxg8CiK8BO0H1sfi
         cklZ5m/RjJEMcV1rUQ3YX5RcEsIF2AJrXVkZ8p5qi6xAjZgTSKQR1X3nKM0agvcYK0fm
         LoCeqyjMO07WGd1y+Srn0n+6zAxjdmqRXwWQSpeVIWUpIPW92o++/kYmiVbvxHu6czmV
         PWvg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=kAKR3k9U;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e
 header.b=65KsakF0;
       spf=pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de.
 [2a0a:51c0:0:12e:550::1])
        by gmr-mx.google.com with ESMTPS id
 s16si83903wme.2.2020.09.16.06.58.37
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) client-ip=2a0a:51c0:0:12e:550::1;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 09/16] Kbuild: Add PKCS11 option
Date: Wed, 16 Sep 2020 15:58:18 +0200
Message-Id: <20200916135825.40367-10-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=kAKR3k9U;       dkim=neutral
 (no key) header.i=@linutronix.de header.s=2020e header.b=65KsakF0;
       spf=pass (google.com: domain of bage@linutronix.de designates
 2a0a:51c0:0:12e:550::1 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

Add an option to enable PKCS#11-based image encryption with wolfSSL's
PKCS#11 support. p11-kit is used for PKCS#11 URI parsing.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Acked-by: Torben Hohn <torben.hohn@linutronix.de>
---
 Kconfig          | 13 +++++++++++++
 Makefile.deps    |  4 ++++
 Makefile.flags   |  7 +++++++
 corelib/Makefile |  8 ++++++++
 test/Makefile    |  2 ++
 5 files changed, 34 insertions(+)

diff --git a/Kconfig b/Kconfig
index 2d2cca6..9c4e520 100644
--- a/Kconfig
+++ b/Kconfig
@@ -85,6 +85,10 @@ config HAVE_MBEDTLS
 	bool
 	option env="HAVE_MBEDTLS"
 
+config HAVE_P11KIT
+	bool
+	option env="HAVE_P11KIT"
+
 config HAVE_JSON_C
 	bool
 	option env="HAVE_JSON_C"
@@ -462,6 +466,15 @@ config ENCRYPTED_IMAGES
 comment "Image encryption needs an SSL implementation"
 	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
 
+config PKCS11
+	bool "Enable PKCS#11 cryptographic operations"
+	default n
+	depends on HAVE_WOLFSSL && HAVE_P11KIT && ENCRYPTED_IMAGES
+	help
+	  Enable using PKCS#11 for AES decryption instead of having the plain
+	  key available in a file. This is implemented with wolfSSL independent
+	  from the SSL implementation and replaces the plain key method.
+
 source suricatta/Config.in
 
 source mongoose/Config.in
diff --git a/Makefile.deps b/Makefile.deps
index 0949628..e93367f 100644
--- a/Makefile.deps
+++ b/Makefile.deps
@@ -70,6 +70,10 @@ ifeq ($(HAVE_MBEDTLS),)
 export HAVE_MBEDTLS = y
 endif
 
+ifeq ($(HAVE_P11KIT),)
+export HAVE_P11KIT = y
+endif
+
 ifeq ($(HAVE_JSON_C),)
 export HAVE_JSON_C = y
 endif
diff --git a/Makefile.flags b/Makefile.flags
index 0ccd841..8b4a95c 100644
--- a/Makefile.flags
+++ b/Makefile.flags
@@ -152,6 +152,13 @@ endif
 ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
 KBUILD_CPPFLAGS += -I/usr/include/wolfssl -DOPENSSL_ALL -DWOLFSSL_APACHE_HTTPD
 LDLIBS += wolfssl
+else ifeq ($(CONFIG_PKCS11),y)
+LDLIBS += wolfssl
+endif
+
+ifeq ($(CONFIG_PKCS11),y)
+KBUILD_CPPFLAGS += -I/usr/include/p11-kit-1
+LDLIBS += p11-kit
 endif
 
 ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
diff --git a/corelib/Makefile b/corelib/Makefile
index 8a9fea0..526dad5 100644
--- a/corelib/Makefile
+++ b/corelib/Makefile
@@ -7,7 +7,11 @@ lib-$(CONFIG_MTD)		+= mtd-interface.o
 lib-$(CONFIG_LUA)		+= lua_interface.o lua_compat.o
 ifeq ($(CONFIG_SSL_IMPL_OPENSSL)$(CONFIG_SSL_IMPL_WOLFSSL),y)
 lib-$(CONFIG_HASH_VERIFY)	+= verify_signature.o
+ifeq ($(CONFIG_PKCS11),y)
+lib-$(CONFIG_ENCRYPTED_IMAGES)	+= swupdate_decrypt_pkcs11.o
+else
 lib-$(CONFIG_ENCRYPTED_IMAGES)	+= swupdate_decrypt.o
+endif
 lib-$(CONFIG_SIGALG_RAWRSA)	+= swupdate_rsa_verify.o
 lib-$(CONFIG_SIGALG_RSAPSS)	+= swupdate_rsa_verify.o
 endif
@@ -17,7 +21,11 @@ lib-$(CONFIG_SIGALG_CMS)	+= swupdate_cms_verify.o
 endif
 ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
 lib-$(CONFIG_HASH_VERIFY)	+= verify_signature_mbedtls.o
+ifeq ($(CONFIG_PKCS11),y)
+lib-$(CONFIG_ENCRYPTED_IMAGES)	+= swupdate_decrypt_pkcs11.o
+else
 lib-$(CONFIG_ENCRYPTED_IMAGES)	+= swupdate_decrypt_mbedtls.o
+endif
 lib-$(CONFIG_SIGALG_RAWRSA)	+= swupdate_rsa_verify_mbedtls.o
 lib-$(CONFIG_SIGALG_RSAPSS)	+= swupdate_rsa_verify_mbedtls.o
 endif
diff --git a/test/Makefile b/test/Makefile
index 2b2070a..747d973 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -15,7 +15,9 @@
 ## along with this program; if not, write to the Free Software
 ## Foundation, Inc.
 
+ifneq ($(CONFIG_PKCS11),y)
 tests-$(CONFIG_ENCRYPTED_IMAGES) += test_crypt
+endif
 tests-$(CONFIG_HASH_VERIFY) += test_hash
 ifeq ($(CONFIG_SIGALG_RAWRSA),y)
 tests-$(CONFIG_SIGNED_IMAGES) += test_verify

From patchwork Wed Sep 16 13:58:19 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365332
Return-Path: <swupdate+bncBDPPPP7KYILBBDNURD5QKGQEIRLDIHI@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::53e; helo=mail-ed1-x53e.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbdnurd5qkgqeirldihi@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=GJyvbZFY;
	dkim-atps=neutral
Received: from mail-ed1-x53e.google.com (mail-ed1-x53e.google.com
 [IPv6:2a00:1450:4864:20::53e])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sY3Lrpz9sV6
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:41 +1000 (AEST)
Received: by mail-ed1-x53e.google.com with SMTP id d27sf2484144edj.21
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:41 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264718; cv=pass;
        d=google.com; s=arc-20160816;
        b=Ul4ARLBNFGJf6T9yDTKYhTyMfnhKacAgpiL0T0bXJfNiH09850p0l2mF1G9mJio4od
         APZGU4g5rlyRYGnjgm83AdEHRvkjPYYwD66dPMlAKRp6hsGyiCtCXD+daSKgDROLmpkS
         Mm6CRm6ksEcjzONoqcWcjDCZ6+4RXOhYpJzL90p5wxX+Beq9Spz1LuwY2Oi3TGnTnX4W
         ZqLgCKqd++pV2ZRc+v16Ozs1ThpdRAvZr80ZCXQuF9Pwi793d0rPEJP/eZTmUhW3aduu
         BQWymrpat9HUz1h+HQBYnGrCj/LoJeH9sg0ecb/7qvYn3ya3tSkLWchWSL2aIllu7x4B
         UTQQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=ps5m18b+T01292yQgIQIyhRM6jNaF6w2x41SDkARLIY=;
        b=C1xsPSa34Q2lwRZ/LnvdRG1zmQXGbJflWX7/x4RZ+H+TiAt8EXoniainTfgpPYcr8n
         Hd+R+jFs+sbB4FzoXQoCAAH2toGnwi9zOD5pPNCYPADs5LfjXy/jW1xQ2tmGuKbiSbnk
         WLMawpH60A5/SNEmZurfcgvYDucalPii340Kpr0xAafXjp9G5cSHB1nViYTr3tON7PFQ
         ugM/CPPnbhk1RJLBm/im0OAQJOWvrMp5u57x6FQixe91900uY7+7cNcwNxnrFl9vmasq
         HRZ7hftQFORsQero/dSq13XtuJL23AiqaqESl0EGj9XcC9IMucWiI3AQdvdh363tLUYw
         F8jw==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=S5u5htPm;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e
 header.b=HVlkHEIX;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=ps5m18b+T01292yQgIQIyhRM6jNaF6w2x41SDkARLIY=;
        b=GJyvbZFYYeZemTlWHVg4O5+OBPo9D/JO0yDuA8UKeR8bwc4/rAFyCQm6y7FnYgIOau
         H420IHpWjPelFcZuIukQsYbaS4kNg2XqclActUpiah43Gv47FUysC65tlkvNWzBtYWqe
         rKMO1tKnj1xo/bka+TNMZgqkQzhzbEwUXlz4HZX4g+N+ijcrD7R471ykjDiVvmQ4WSJl
         c3SAj3VDCDdaxg957d8lVZexmE8BHw8d+onroLR0Rvh6e+GXnWT7/xRTwvAIqv9LGOa0
         YvraTCC1KPeAaSqdgzwxijbns0VAmCCPh6umN5qnqk2DKmWp9fMxSVg9idDQYVmM9dap
         O/xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=ps5m18b+T01292yQgIQIyhRM6jNaF6w2x41SDkARLIY=;
        b=Y2d5BcRzAkQ2Gq67h9v1K2F6Zcxu9Ke1xy6Iip9elvO7ej07CuuwBvrIB4LTqShfC3
         oNifQQ81igYqQ43FTmackh+G+g/R4Ag5p2USIA8byXMlBis7qPSYLcdZCLoHbw/jF+/D
         fFCpSOEFqDbkEcL1QXFkUfEaIWvL/63AQbgfixa/JYM8EpSfi+FIgk6QfeJK6UQY/7bW
         Xa1cRu7UBLouL6z/c8EnCHm37+fKxq9S91weoIpBztVadY5iCjCE3jnQ3JxBIp/MUK6n
         qAaa7xCZCfmeukkk7q/LLTdVTWffry0LO5PT4BL/aXoru7d9u5bNt85UaWerkXcOlW8p
         Zopw==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM531vi8To4H7SZFJ8xmyJqkxBE1DO43BekXUl5CZJPsNvnPAtQira
	vy0v1+4Xx3K5Ggt4mgkVKuA=
X-Google-Smtp-Source: 
 ABdhPJwuPPF1tNmkTcaA3zj0ZZPdTJVB8BVTCa5+/JZEhPWMwDx/CvEYzpR81IUlqoGto7BOg0Rjhg==
X-Received: by 2002:a17:906:2818:: with SMTP id
 r24mr26835513ejc.100.1600264718377;
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a17:906:4c8c:: with SMTP id q12ls1124823eju.2.gmail; Wed, 16
 Sep 2020 06:58:37 -0700 (PDT)
X-Received: by 2002:a17:906:3955:: with SMTP id
 g21mr25918743eje.69.1600264717326;
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264717; cv=none;
        d=google.com; s=arc-20160816;
        b=L7/P2CAyTuzcEy772djxDayr3u4B1wYiYR5HJ2met/Q9dU7XM9lfSNtjYi5cemKdJy
         BgToJA3uqGxDy/YaJdpunBdpNTAFrG7RHXIxinrQFrh8jecKoZ0wPsszvszx28rV17w6
         oBNveSM7P2nQGwUsbjLor1ddcn4ZgcuKL+ljkDl5YTpHQA29zqpCzIZ4eNKBPLldlwFI
         LSl4+8LZaNio67LspG363w4iYey/fF0STh9ajSG/mrNcnmioRUEHKpe84oFj/s//xFrs
         LHro+x3kdeFQrN9XsdDwZPkuOstw+snDaUJ0rTprODXaaVboSDOBF2N9cT5iSoJzMhhw
         1e3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=7h3XFl0/OHYvJ4ZPv/I1M0ug8PxVKESj10FtMefz4L0=;
        b=yjfBXGQolCXKGKSwBfWPF9RvdBJMVcA5c0Kbou3sIl4jNy69ID955QWEsi96+UUAHi
         GjZMTEIxR6Eukq5Bk7SP7TX5IsSuHVcgfi4I0a8ortPlIV9bmIgVffsQZgvdemTNfy2S
         xHk7RjZd9C+osQFz8Fe8Z1VXrNPnhen2E0pKnxF4zvYHpZTy44ipo91ay8S8t3yP+5Ut
         c6RsZthNNykebuLsQgYApvGjy2PZSnmZqRkJPnRVbyvJ1Zqu7ntMnwMcZuqCypYqjlK6
         0Zsm4eXinHMQStl2sbZTjbl7r6YlMteAelpt3Z/diHXD0X+JlBh8uB1/x1b097BoS/fD
         vJfw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=S5u5htPm;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e
 header.b=HVlkHEIX;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 f17si566876edx.5.2020.09.16.06.58.37
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 10/16] pkcs11: Differentiate key handling based on
 config
Date: Wed, 16 Sep 2020 15:58:19 +0200
Message-Id: <20200916135825.40367-11-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=S5u5htPm;       dkim=neutral
 (no key) header.i=@linutronix.de header.s=2020e header.b=HVlkHEIX;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

If CONFIG_PKCS11 is enabled, interpret the <key> place in the decryption
key file as PKCS#11 URI and reserve memory for it.
The URI is typically longer than 64 characters, so do not support the IPC
SET_AES_KEY operation with it.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 core/network_thread.c |  2 ++
 core/util.c           | 17 +++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/core/network_thread.c b/core/network_thread.c
index 7b2d796..882b989 100644
--- a/core/network_thread.c
+++ b/core/network_thread.c
@@ -402,8 +402,10 @@ void *network_thread (void *data)
 
 				break;
 			case SET_AES_KEY:
+#ifndef CONFIG_PKCS11
 				msg.type = ACK;
 				if (set_aes_key(msg.data.aeskeymsg.key_ascii, msg.data.aeskeymsg.ivt_ascii))
+#endif
 					msg.type = NACK;
 				break;
 			case SET_UPDATE_STATE:
diff --git a/core/util.c b/core/util.c
index 88dd8ac..d0db48a 100644
--- a/core/util.c
+++ b/core/util.c
@@ -33,7 +33,11 @@
  * ivt  is 128 bit
  */
 struct decryption_key {
+#ifdef CONFIG_PKCS11
+	char * key;
+#else
 	unsigned char key[32];
+#endif
 	unsigned char ivt[16];
 };
 
@@ -565,6 +569,7 @@ unsigned char *get_aes_ivt(void) {
 int set_aes_key(const char *key, const char *ivt)
 {
 	int ret;
+	size_t keylen;
 
 	/*
 	 * Allocates the global structure just once
@@ -575,8 +580,16 @@ int set_aes_key(const char *key, const char *ivt)
 			return -ENOMEM;
 	}
 
-	ret = ascii_to_bin(aes_key->key, sizeof(aes_key->key), key) |
-	      ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt);
+	ret = ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt);
+#ifdef CONFIG_PKCS11
+	keylen = strlen(key) + 1;
+	aes_key->key = malloc(keylen);
+	if (!aes_key->key)
+		return -ENOMEM;
+	strncpy(aes_key->key, key, keylen);
+#else
+	ret |= ascii_to_bin(aes_key->key, sizeof(aes_key->key), key);
+#endif
 
 	if (ret) {
 		return -EINVAL;

From patchwork Wed Sep 16 13:58:20 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365341
Return-Path: <swupdate+bncBDPPPP7KYILBBEFURD5QKGQES24GMRQ@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::23b; helo=mail-lj1-x23b.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbefurd5qkgqes24gmrq@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=JkvYnfg9;
	dkim-atps=neutral
Received: from mail-lj1-x23b.google.com (mail-lj1-x23b.google.com
 [IPv6:2a00:1450:4864:20::23b])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sb48G8z9sTq
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:43 +1000 (AEST)
Received: by mail-lj1-x23b.google.com with SMTP id f22sf2284004ljh.0
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:43 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264720; cv=pass;
        d=google.com; s=arc-20160816;
        b=Omjz9x6KNrZ+7G7Au7F5g1RbK+2e+sEwJ1fiTOorGCAPiBtlSiPCZlKYMdF7La8GGJ
         83kUmg1qGK+eX3ADgz842yw1CuuhyGjZNjuafqL2LX3Jh+ck5MuwOR8MQRGclJKoI4lH
         QIqO1Os1+7jWqVqNtuMlS51e1Q8DoUsxejtwivxOrDI/tvn/mdXv/RJvSMietG1xUgAT
         noiHiLA1KJQHXFcTT7WApGljcIWblUO7SM3mB5GMZ4Yh1FXC/9F4kiuQyAMKB9L0GXYp
         yycl/Ca3jyMKPkRt+Cm8RbP5maXJbBR2qJGNK/c+mSDT3ph4SU2GgDxlqQx52KZBQsr/
         mELA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=NEZiH7Q2aw+V3mFgFuUePUH7kKDSe444Hn9YQ+6I49o=;
        b=bVzT2d/DTX0bfUs+/gr7ongf4l4kt5HtOCqghQMNtT5x08YjFV8MNFPSY8Sa4ES0xg
         UQJTwm9EwL4bSxlYf2FfPjEX3/9pJzxfFR3IZsF/GY/bNhPDDPPgw4P4Vfz52vZ+1jM2
         zrevwCphDaSmKfuYsOgPsY6ixqENF4Y7oJLj7/MhVnempBTLKUvFBOuwjbb+DZ8UrT1W
         0vSKvZYd92rq8fqAQw+NF1uFMJh+60HG2093Z8eezZ9VawAtlssiFV5UBxKBrl42FKLN
         b7szqsIy2fEdc7wdYEv4wsMIMkfldHzszXHcVZs2J90tamudZmTVluF/y29G9ljfAk4G
         OFCg==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=Xyfo6zSC;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=NEZiH7Q2aw+V3mFgFuUePUH7kKDSe444Hn9YQ+6I49o=;
        b=JkvYnfg9eJORvr/dIuvbK7pVNid2JxF5ETJLtK2lA12KRxpqQMQlLOQTR4iSo9DM7w
         N4NTHgWMwZqQ+p9Igt4Ch6bIoNdJMLdBzM2pylA1qGztFSwq7Fhwk0YItgfXC9gxzQSR
         ZLCnSt2yTu+KGRSafb+bKiMZm04kHQvSvpn3DM873MF+LdaakipYgYwQelZRQMHMD9F8
         3B2T3dEnOKLu1RvbkxVncsXs6n5T4MzTJ3bYfoNfaWtIvvkouJrL81NpxtaVADsPRDSC
         6UvCSLn5CvsvakTAcEeFU7/TX/KlNebKypvO08ucmt168w7POt11F1XcP8Eb6yOPr8Sn
         IhaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=NEZiH7Q2aw+V3mFgFuUePUH7kKDSe444Hn9YQ+6I49o=;
        b=iRK9e/bzmSyaanrAbyz5ogEA6kmahc/bHc61wcU31WVZUA04fg0q/SyCBV2JkF1h33
         c8C1dYtuR05bswJ5BEpySaQwxZMm48eWi1xEnRKRw9B6lBaqO9UWui50KcZj1BRQtZsQ
         LILv502LVzau32MAs/XRr1XG35agr82DkEAZK91PItABc9YN42lj9G/kfY406xl4SEiF
         ymZGBBuoAH8/Bcvza42yg0CCPNUWG6IeG9uJ3dercuOa7RHoqWYq9Sraa9CBwXlqRjDe
         NF1rxnya82IPUguenTQ4XEm+Nd19RTgleIODGVv65lhqsLxbaa1ObMfXp3P6m4piYKPG
         Gi4A==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM530RoHhvzecQgACDjEy70o1xWE/xU6BxmVzOye0NCGsjwUpQkcLY
	L+bqkhjS/V+v+/l++Rnu8gY=
X-Google-Smtp-Source: 
 ABdhPJxViXVBVuexjU6zRwQ8YO4C8lfD9O0VI1VIpZZ2MwQl8TNQqHoZWD+jR2TiYVXncn2JlXaqtw==
X-Received: by 2002:a19:ed17:: with SMTP id y23mr8537906lfy.595.1600264720541;
        Wed, 16 Sep 2020 06:58:40 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a19:c7c8:: with SMTP id x191ls65393lff.0.gmail; Wed, 16 Sep
 2020 06:58:37 -0700 (PDT)
X-Received: by 2002:a19:c154:: with SMTP id r81mr7838146lff.424.1600264717873;
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264717; cv=none;
        d=google.com; s=arc-20160816;
        b=uI85SUCQlEFXAKmv1siHygsJz94rsmP17ODWur4+7Fjxg8jgPDRQqmqp2ATPcuZSQO
         fb5xL+0Z6yMaDZ3djOYbHacZCIjrTXAf6YyUuwdnE2yhNBgH4RGsuA2Dd59VcFQlKQFa
         vpuBJG0Jp+WI1fBzFqwmqeyD4UZ6iqHBHvEpCk5X+Ywlf5HNqHxaxYMZF4cn62CEPydO
         jn/bFRsSh1iRzhVaEYVK5bpcYdCZ94rORBj92Wlql4yG1JTnJgQfVZhnV42nGCNWR0fE
         NADPvAn0r9fS1VnCJsYa/umTkdLniBT2YKg/JHrzQfQSygs0nDwrkKgJSCFZOuJW32zc
         3HQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=cQDzktWg6znF23cXU1eOWJlQqVmsrTwvCaehQhGDgIs=;
        b=yDOjarRrZ9OpEm4z0OsvvOboTiljEHlAyk7l9kwExFi55dUKntgkEUVmf9db5ZllI0
         Kp8GBcDej8QuWvESurKHJ8jR4ySe853eFzVsFQaLObugOnv32hx2ocOwdx3zaV3mJsCA
         pI4jA0kVgJAVEdllxTj5FEf2e/mTRXvZ+sEwWiopJyi+cUQt5fs/BXAT5RfOM9a+No4Y
         na5PUxDuwsXwBJotMCJVbr1M0IiufUJbjl2zWkksaTviIQCRahJ9eUnkH8HQCoJZDEXd
         k2NkFi3HVTcXNPcFNSn37POJWh+7Yuj66QLiQ7c58IqNLj17YREouzlnETLDLamUONm6
         XyCA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=Xyfo6zSC;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 c20si162498lfb.7.2020.09.16.06.58.37
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 11/16] doc: Add note on the PKCS#11 libraries
Date: Wed, 16 Sep 2020 15:58:20 +0200
Message-Id: <20200916135825.40367-12-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=Xyfo6zSC;       dkim=neutral
 (no key) header.i=@linutronix.de;       spf=pass (google.com: domain of
 bage@linutronix.de designates 193.142.43.55 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

The library information is outdated.
Fix obvious desinformation and add p11-kit and wolfssl for PKCS#11.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 doc/source/swupdate.rst | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/doc/source/swupdate.rst b/doc/source/swupdate.rst
index 9ab6bbf..5301693 100644
--- a/doc/source/swupdate.rst
+++ b/doc/source/swupdate.rst
@@ -207,10 +207,11 @@ There are only a few libraries that are required to compile SWUpdate.
   They are commonly not exported and not installed, but they are
   linked by SWUpdate to reuse the same functions for upgrading
   MTD and UBI volumes.
-- openssl: required with the Webserver
+- openssl / wolfssl / mbedtls (optional) for cryptographic operations
+- p11-kit & wolfssl (optional) for PKCS#11 support
 - Lua: liblua and the development headers.
-- libz, libcrypto are always linked.
-- libconfig: it is used by the default parser.
+- libz is always linked.
+- libconfig (optional) for the default parser
 - libarchive (optional) for archive handler
 - librsync (optional) for support to apply rdiff patches
 - libjson (optional) for JSON parser and Hawkbit

From patchwork Wed Sep 16 13:58:21 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365334
Return-Path: <swupdate+bncBDPPPP7KYILBBDVURD5QKGQEMPDDQ7Y@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::440; helo=mail-wr1-x440.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbdvurd5qkgqempddq7y@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=FJh0ryTL;
	dkim-atps=neutral
Received: from mail-wr1-x440.google.com (mail-wr1-x440.google.com
 [IPv6:2a00:1450:4864:20::440])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sY5nKBz9sVK
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:41 +1000 (AEST)
Received: by mail-wr1-x440.google.com with SMTP id v5sf2555538wrs.17
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:41 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264719; cv=pass;
        d=google.com; s=arc-20160816;
        b=wAHoh8GHz7ye74YOHJ/WqEz+n9ul3ugEEcpgiPfKxEGcQYe8Ipyr5c/roiNkc1QUtp
         npSOsdmIULslA0S8hNIEjZ1Y1X4/NqId4bxoTtrfG+rGWb/k3/YOrNmSwEz3ajauOZUa
         WkF0RLMXCH0PsOIesh5qV3Xcf8hjCNsEY9sD6Lau5ZiCaNjvorn48NbCp139O3cGCQdI
         D0Z2Ty6sy4JhoPNZOS2kzQ0SmWhCy6OzWl1dGRIjzAef9zWvq4r+x+6Ww2OVdHzzn4E5
         qqUehcy687ky5SNwdGOtJfbe9tEqpReGGLUXm3qJhQa1+33dDWXAqvRsDBYzM3ggYWW6
         awnQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=1lFOx/tb40lEnsRe54xsYE7VQXseWX16CxQW3gS7omE=;
        b=SbJ1T6GSzBhsOx8yfulLnw3Fpk+HB1JEGyn1zvPW1NKWTyWKysR646CdmFzkPZvq+9
         jxW6n9rb46ey0GdW8V/aygJ8n0sblWLQVgxvoK2XaZ275YzivED/TdnhUF6XoUkl11aS
         sZSm02dhl40/6NGDd0P+jJ+Z0BKgZY0MSBOkc+VB+5CN9VDZ+Y4wZ7q+Zvek7kmRaXfT
         3uT6ZS2oWFACN0ge97HZhwe6SPeYjuvvN9a4vyEJNYBXzi2geIlk+UyozYk7Sb80gJCB
         peIPA0bEnbUh1g6u+fN+GuB7cY//t62PtF0jI8zpfJJ9lPXFJgzQyk5DwYaS7U9Lmx7g
         AGnA==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=M6Kr35Zr;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=1lFOx/tb40lEnsRe54xsYE7VQXseWX16CxQW3gS7omE=;
        b=FJh0ryTLPCZO/oYxanGdKAskY0FWUCNad41kTMS7efv5+wAInH1z6x+hzxn6eMMAOE
         0YJx5Ih+Ojog0pPtm3+zWHbBvuWr3X7VU7BiNFLYsC886gJatO5gISzflDx79UnjoBLx
         9c/MFiLsC3ZfnOBF7VVVoWmXA0405M5YAieRLkWIbOjqQ3TjdotEbuCg+rUX0ezi+aSM
         NniUP1pujTWTyRtWTS6SOIrf47BbQDS7Bmy/W2XEv75gZNxZ8b8kebsTLbArS49u8Fwl
         nbq5t8//22DTWxmONVK8KG2Tk/D3CGkdPMwkoA6r273mwyVcUkoIyRPJdCYehI62KBkh
         aPQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=1lFOx/tb40lEnsRe54xsYE7VQXseWX16CxQW3gS7omE=;
        b=mDkUBTmVY81L310VSZuwrId1FgobAhBjqNSFszQ7bvHlovEzmy0dTgrzEl8My+jdX2
         2qkFgotEUUfYdAsIIFFFo0CoQp8E0Rzaitboh/GCJbTcPPjc9gziazy1joVS6RaaxZcQ
         RLVx5DnY5xYaH8vL+UWnp49bazREA4k5goYvG4uD2Gb7DHB6YigjNTh8EgAly2JhONdi
         NYNFWTzfFsaesbNfhqmcvu2p0jZ0r7rJh2yP+QrmzutIVThiPv4bc+EhHObXkeF/vufR
         OCBYmk3ao0Uld2OtuaoPu/B+32AUZlE4E/ZdalKeGE+p24WDkdBG1plD5sdYzUb9Uh0n
         2F7w==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM530qmUkkSIBEWSV18MsJbkFXdYQAmTvwy6By85vTh44Ucc+S7adH
	fFwZ7HmlFzRqkit4P/OOm2U=
X-Google-Smtp-Source: 
 ABdhPJy8uyPFjFP70JD2N8jgJVvtNOnUGdJloDt8GdIFVLxNxmEvsPdHzzfbPbJUv53ts+EJ+tMNxw==
X-Received: by 2002:a5d:6784:: with SMTP id v4mr4189925wru.132.1600264718918;
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:6000:8:: with SMTP id h8ls2585173wrx.3.gmail; Wed, 16
 Sep 2020 06:58:37 -0700 (PDT)
X-Received: by 2002:adf:ab46:: with SMTP id r6mr24832689wrc.360.1600264717831;
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264717; cv=none;
        d=google.com; s=arc-20160816;
        b=UK/8DtzvMudSo3HSr0FyqqAQ0tLlI0aQbvwQ0/xV19R8BCdlW3xuujx0bgtXPDBxBj
         Yrue6UhfjcYUXkxS6Izs7cysX4ROBNbnYrPbwcOmwgLGPkD3UPevzFZYGsVMIolcYFbG
         Wg0BUUE2Pbtsy5AK2rhCX7JHBAgiqIJAyPjOz5OvZ/VDdI1OhVoJLwnPJIz+TbYAhcDu
         MxZLBMMElsO9ap2DNkYPKYZTRIqlav0fpMkP05nFy4k1sUjZYkCodAOkROmKlDi1HwHe
         qdEUhq0myOQCYabM9v1sS8NuzQSJX7FJHiHz5qOoa8kzw9uvtwohzNOIfrEMbN9KHuSu
         Visw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=MLSrxkHgMVnWFpe+VTxqfOJh3bICiXcs4wZO56dJ1/s=;
        b=HReZd4d82g2o/YqMyk9Mrxfj1lYftSAsfKm+PFDfNDlLcEc+GfolJwuy8maWz7Rvm3
         TVaAjqHg7YQGJ/zBZa6KGOEhuowXjFBfGCou28IoOsIoCYbKaOdZrxCCdtIa9h8VuqoX
         h90n4JgJcE86kKyii8F+w9OQcyNWjct9UTMjHmgSALMeZpIXB3NUqwQw6fgcRTmlUpn1
         R67zQ/TIv+gPaHfAdGseP9FMGUGx3PXSJ8Xn//7h1XFmUeqjFEZLkrxFlfNR469FT3/V
         GbJQaRPdCGhMG0DHiCToxy9rZFLqxHPG4oy2f+N7tmqD2GvaxghNSIBVk1At8TKiugUW
         HTig==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=M6Kr35Zr;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 s16si83906wme.2.2020.09.16.06.58.37
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 12/16] doc: encrypted images: Add a PKCS#11 section
Date: Wed, 16 Sep 2020 15:58:21 +0200
Message-Id: <20200916135825.40367-13-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=M6Kr35Zr;       dkim=neutral
 (no key) header.i=@linutronix.de;       spf=pass (google.com: domain of
 bage@linutronix.de designates 193.142.43.55 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

The section explains which option to enable and how to set the PKCS#11 URI.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Acked-by: Torben Hohn <torben.hohn@linutronix.de>
---
 doc/source/encrypted_images.rst | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst
index e71cdd8..822012d 100644
--- a/doc/source/encrypted_images.rst
+++ b/doc/source/encrypted_images.rst
@@ -109,3 +109,14 @@ Running SWUpdate with Encrypted Images
 Symmetric encryption support is activated by setting the ``ENCRYPTED_IMAGES``
 option in SWUpdate's configuration. Use the `-K` parameter to provide the
 symmetric key file generated above to SWUpdate.
+
+Decrypting with a PKCS#11 token
+-------------------------------
+
+PKCS#11 support is activated by setting the ``PKCS11`` option in SWUpdate's
+configuration. The key file has to have a PKCS#11 URL instead of the key then,
+containing at least the elements of this example:
+
+::
+
+        pkcs11:slot-id=42;id=%CA%FE%BA%BE?pin-value=1234&module-path=/usr/lib/libsofthsm2.so 65D793B87B6724BB27954C7664F15FF3

From patchwork Wed Sep 16 13:58:22 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365339
Return-Path: <swupdate+bncBDPPPP7KYILBBDVURD5QKGQEMPDDQ7Y@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::43a; helo=mail-wr1-x43a.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbdvurd5qkgqempddq7y@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=aYr7IYjJ;
	dkim-atps=neutral
Received: from mail-wr1-x43a.google.com (mail-wr1-x43a.google.com
 [IPv6:2a00:1450:4864:20::43a])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sZ5PmPz9sVV
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:42 +1000 (AEST)
Received: by mail-wr1-x43a.google.com with SMTP id l15sf2581175wro.10
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:42 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264719; cv=pass;
        d=google.com; s=arc-20160816;
        b=BBJzc/1C2eTKvez7fi26YXolK3G7pQ89GaArMG95V50t85v3m0MdnGiLTL7nGhbHGm
         T7KnsbeaqjPoI1CUiKjUP260O3jiuNbvzL2JWgGHhY/hnfJ/1g6aiq0HfN9eyE4u1hUO
         jWRAeH0eKGSwRPc4PRkP2TCF/odsuygkkBGTqJrRRz48ajmSdHPUx5dxTvT2sZL9Ifng
         r3Hcx2BsOQhtr0V3N8jK7BNuFaouR91aijQL8NopxcI1147lXZ5iH9UnCY18MbI9NxUs
         w+CUd6NhHsIZvu4YuOHrmqs3EUgK6ryupTXVajRsHKknWghLMTnVWWmSceNmqLxgY5E0
         tujQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=vDAYIrYW7d7VSXS2ZaIgxl4AXPWSxTHSh4uVmryON6s=;
        b=NIwP1t8bmW7R00Cijwm+M8v9ewQQCOADXdJwFgCC6Ozxrdat1H/Pz6MDoAFKqxfkn+
         RwuxYlcBZBTMBbCkIF1NDz/V4rHAfBQlKFErPTu/noNlKUEvypdKc6V2ITPP9Qz1eWk4
         wLZpTuMsHSRiEKwzeGUf9TVhrCeEfEi2lTKJOYf8i6ScsoQh+6OneXJ8tQOoVEmVIM0Y
         SMq+9vI/7p8Tb23XnG0jQiivfdWcFsyIw9304TWkydeXdti0aorWqkdg0UGiQXjfqkAd
         pZBbUk23FiImJErT/Liha0CZ6RMAu78TDkRTUT9cjxChq322mTQQYHiNX8FvUzmAIYen
         MjzQ==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=K+1yg3Qv;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e
 header.b=eqpyVUcW;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=vDAYIrYW7d7VSXS2ZaIgxl4AXPWSxTHSh4uVmryON6s=;
        b=aYr7IYjJvpnUQFav/yNHrRctk4v6W7/M9mIYcltUK+Bl91xEzmXUYnUjCUji6HVVxK
         KlPHExjrAm4XQZsrq9mkA2NdfNdbYtY3CuoJ1aVTelkGR6p4SdYgcAW92FpmhD4ZWZYl
         7bJFLO5ztFOpD3nnyPnl1Sa4CCxV/7xM1wgkMAa8T/wmUE+s9D/y1oNu+J7MyzdwvYnC
         xir/22adkdMYx22vSwGjT6bvish/TiWPi2ILOK97r8yJJbv9RS9lW8Frs3Ljo+wGZo8I
         hHmDUTZNHN8Z9FqzE0f/uWn7AvLwn77yrtUx3N+60WAgpOXlI4pVCTkbXmGO/Zv7Rs9Z
         tlVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=vDAYIrYW7d7VSXS2ZaIgxl4AXPWSxTHSh4uVmryON6s=;
        b=Vp51051lXk+3srFGbBueyRjg0PaWNvLuBi0r5FOkQyFGNlrBmQwgrwdpvo3o4sYNDt
         AnkWVG40tDnRXhYjr3duFtMgVL+3VUMQ+GRYxUhieu2Eibbm6C37cmJRtq/uQdu7Yt7i
         5Czfs5Xry665cKLiiROMc+r6trcMsG8fwMk2mAt+Fqwr5TVAtB9f29aBNu2s0dwNiYIT
         Pr11Mgbmn6JLM3SfD17tyX2lZuR+m7zuRL/C5kIyBjrNvWidqu3JRBsKnfRyt+imoDZP
         L4nL8TkllihTgT8l036LvBgi542MLvhQNGl4Xufm+PNFWiGuj1quhIvpI4SX7NjpKAzL
         ZulQ==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM531QXdiyDb2cq0hgDDVwpkAe/V/PbKi3uttmA+1bLLnaw9sJeo/R
	xraLfPIr4lmql/eWapQb62g=
X-Google-Smtp-Source: 
 ABdhPJx2o0Ivr90MRgMnWZgJ5dQ1i8b/+ANUJkXflvbIzScgZ97ttO/J+vZPSCDio/4v1LZAZxyN2Q==
X-Received: by 2002:a1c:6145:: with SMTP id v66mr5084737wmb.171.1600264719237;
        Wed, 16 Sep 2020 06:58:39 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:600c:230d:: with SMTP id 13ls1167662wmo.0.canary-gmail;
 Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
X-Received: by 2002:a1c:f208:: with SMTP id s8mr5096815wmc.85.1600264718130;
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264718; cv=none;
        d=google.com; s=arc-20160816;
        b=yDBonL4uPMCbdQEiuqGEGRL3XAIkFe0bZjPVZtfUl83QiBC0FU/CxBnRu+OvBQhEXJ
         1cD9UYX7TQWmtT2UN6P71EMBbQjBD3NWbdQvtWpYG2QQWiSVJzlgzk1Wz6BxQy2Ex4er
         eft9flxzGNHwuBK47Zu2+vDIENfmydVxDrT7rI75xvCmaLaZg841/jDodPaWOTtXShH2
         vXKYkfD9TOEyY10mMljIvErxKECNJ0lLz7Pu42PSVRWsB8lUH3ERMN5GpUli+A/HWPUJ
         id3giRpyl3gzDV5ffd24lxQUSY91KiTnNGjCUr7veSofI3pNY60tvzkKZn50wXWovNC+
         smTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=tPytWr6tHuz1VvFuF817aL66JPo0/P/z/EuXXZGU+CA=;
        b=OHp0oIyW98mpX4yk7t8KwEJvlfW+I/koF3MFkrmYXUv6SY8hL3tPKT3EG1Su5eWvqK
         xq3PUIb2twnb+nwnwzqmFZBwW3tehIk8NShIxvNirlJD/8ly95Us/d6Wvb1ojiVQkPi9
         NsX/G3EVLudyjwpps8AWiE1Umag0jPsqH7M+0WN9Lvn8A1LD7QHegIGfGjdfjKw/eoxU
         9bEs0kDVHU5NLF4778UypoTE/mkmTIC3xej+geKRGI5fMG7xGq8SLuAkK8OJzcqfFc+V
         mAaT0e0tMc2I5hqF3gbT8PoczIR8jJIQjpaGgmwyoTkQxuk3lUrrjODoxLsDrABvyBl9
         2Arg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=K+1yg3Qv;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e
 header.b=eqpyVUcW;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 x1si114296wmk.2.2020.09.16.06.58.38
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 13/16] encrypted images: Accept other AES key
 lengths
Date: Wed, 16 Sep 2020 15:58:22 +0200
Message-Id: <20200916135825.40367-14-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=K+1yg3Qv;       dkim=neutral
 (no key) header.i=@linutronix.de header.s=2020e header.b=eqpyVUcW;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

Accept AES128 and AES192 keys in addition to AES256.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 core/util.c    | 29 ++++++++++++++++++++++++-----
 include/util.h |  4 ++++
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/core/util.c b/core/util.c
index d0db48a..7c0d417 100644
--- a/core/util.c
+++ b/core/util.c
@@ -29,16 +29,18 @@
 #include "generated/autoconf.h"
 
 /*
- * key  is 256 bit for aes_256
- * ivt  is 128 bit
+ * key    is 256 bit for max aes_256
+ * keylen is the actual aes key length
+ * ivt    is 128 bit
  */
 struct decryption_key {
 #ifdef CONFIG_PKCS11
 	char * key;
 #else
-	unsigned char key[32];
+	unsigned char key[AES_256_KEY_LEN];
 #endif
-	unsigned char ivt[16];
+	char keylen;
+	unsigned char ivt[AES_BLK_SIZE];
 };
 
 static struct decryption_key *aes_key = NULL;
@@ -560,6 +562,12 @@ unsigned char *get_aes_key(void) {
 	return aes_key->key;
 }
 
+char get_aes_keylen(void) {
+	if (!aes_key)
+		return -1;
+	return aes_key->keylen;
+}
+
 unsigned char *get_aes_ivt(void) {
 	if (!aes_key)
 		return NULL;
@@ -588,7 +596,18 @@ int set_aes_key(const char *key, const char *ivt)
 		return -ENOMEM;
 	strncpy(aes_key->key, key, keylen);
 #else
-	ret |= ascii_to_bin(aes_key->key, sizeof(aes_key->key), key);
+	keylen = strlen(key);
+	switch (keylen) {
+	case AES_128_KEY_LEN * 2:
+	case AES_192_KEY_LEN * 2:
+	case AES_256_KEY_LEN * 2:
+		// valid hex string size for AES 128/192/256
+		aes_key->keylen = keylen / 2;
+		break;
+	default:
+		return -EINVAL;
+	}
+	ret |= ascii_to_bin(aes_key->key, aes_key->keylen, key);
 #endif
 
 	if (ret) {
diff --git a/include/util.h b/include/util.h
index d77025d..bf8d8a0 100644
--- a/include/util.h
+++ b/include/util.h
@@ -24,6 +24,9 @@
 
 #define SWUPDATE_SHA_DIGEST_LENGTH	20
 #define AES_BLK_SIZE	16
+#define AES_128_KEY_LEN	16
+#define AES_192_KEY_LEN	24
+#define AES_256_KEY_LEN	32
 
 #define HWID_REGEXP_PREFIX	"#RE:"
 #define SWUPDATE_ALIGN(A,S)    (((A) + (S) - 1) & ~((S) - 1))
@@ -227,6 +230,7 @@ void free_string_array(char **nodes);
 /* Decryption key functions */
 int load_decryption_key(char *fname);
 unsigned char *get_aes_key(void);
+char get_aes_keylen(void);
 unsigned char *get_aes_ivt(void);
 int set_aes_key(const char *key, const char *ivt);
 int set_aes_ivt(const char *ivt);

From patchwork Wed Sep 16 13:58:23 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365340
Return-Path: <swupdate+bncBDPPPP7KYILBBD5URD5QKGQENBZLCUA@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::540; helo=mail-ed1-x540.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbd5urd5qkgqenbzlcua@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=hwbVQnKP;
	dkim-atps=neutral
Received: from mail-ed1-x540.google.com (mail-ed1-x540.google.com
 [IPv6:2a00:1450:4864:20::540])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sb1WTDz9sTS
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:42 +1000 (AEST)
Received: by mail-ed1-x540.google.com with SMTP id n25sf2507659edr.13
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:42 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264719; cv=pass;
        d=google.com; s=arc-20160816;
        b=LxdTv7xD2kQxehkaIM9ip3K2sHgBwh9gh4WE39qwkXgwodwS7LKr4XjjkmLkdy+Dm7
         PyKjYg/lNEjCIB+DMR1YZkIIx64RuJnp3dlMUlWEK62Pws0oUIL9ie9/4l02EyB0GcBx
         gWvzizMcnIJTQMhjiAQG/4tedlUQEl6rGVRd+lgJJNviVvGqrLcVwnZw7dt9nVRoPBfK
         jbNQ8IQ6nixpD5w94iJXVq0gkh9u1KCfwTPfKxdKjEWsXVBLy7jgOxApxtY89O9gkjPa
         9OaSFzSJWnb3JvS/2Thrb2q0cY/aegBYXlcsXYWRMen8Dfi/DtnFh3nfNOeWSQw/qmvb
         PMFA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=vAar+Bb2+oYNDQIwNwEwBeKG46bbeS2AGft+1BJj2gc=;
        b=XMG4P+wPW6qVb8BHFQYO2eB2aJDi0Jm81tkEuMfYQsY4n9gjXfANuIEFYadnKrGl9p
         tq6kpdkntoG2IfoaS0m/DaCtyUJ+v9d4h12XgejJXVOAC8PRinIIkhJTJJHLRTh1np5q
         rG6P1UthGO+x3xNZZSXfM8zmk9ExUtz2N51oMJNuDQMBkclJ61wtdOKVMPvJ19qr/5Z9
         W2Yi3dxClGGTQ4wJyqpQIPsXqWoK06OYEg4dIDOwvEBKLnbujXdPx6Rp84Md2r8PDrce
         qRa8SzqKs/XW+tEib6pyl15tDJ2MB9AWu1SDb6xkWYkWJ3A9i9CHCGNhNra8SoEsZT98
         aahg==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=xi6vd9PL;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=vAar+Bb2+oYNDQIwNwEwBeKG46bbeS2AGft+1BJj2gc=;
        b=hwbVQnKPZRN4ZWHqGSSfciwVyDTMa2o63Ssq941eelUarJuMoFgzmNI1CcTyVUamsh
         uQjtwDiQL6H6gtz5jSGKraRECurFEGiYRuj1Ryq/xK1MSXjPyni9V5YetO+Iemz/T65Y
         4EgrLNTn2W7/GbKNTIAYCRNTjFErlq/3Ux8e4pM2bimTyVT07T94Xx903NRte1wZTJwc
         blTTo4D3BjMoEzoIzcrSZ28oEyVt1EzVsRyIGTo3JqDRVdEP58iSIocfLkdh3flS4LIS
         laYK5eW7HRQ63/Jk7v6Nh54roIdZiFQt+mAO4PQ8ORpjWe0kc4mEm45KOWZ4sFhGAqT3
         t4Kg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=vAar+Bb2+oYNDQIwNwEwBeKG46bbeS2AGft+1BJj2gc=;
        b=oFBAFYaoxiUJJNfa32t87kWQf5HgJThtL8bo+mmJMmHT0/0m+RIP1ZHbFeUSfhA54P
         +5ZdQxFb//FuPdeUMVdTWEqK1dhy8detPZYWqD6lcnH/wUhOAKAAtCHfag/x8C8QUl3k
         10ZoiJXn0eZ2hOWrhZI8N8zm1J3ZFxfQ8ON/gfnr6/2EQkSvOBsnNnfJdkCepVILKbdL
         K8EGMyqihARDoLNIOpVx/TCn9VFavmR9f1P/SjtAYtkLUN5Oz0XMUdD4wjNJN8r02jKl
         g2WmIV87JvPofbKSi50yblUWus2T/XAeQ9db+oXjGSqt/jMVtQMo41PKclq9DLtRhyrc
         Ejtg==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM533QJhSOGXCskOXBDrYPKtA45SxUS5sczWbfXv4lBPx5KgELupSr
	Bmo+v0jXwMTWwjTU76XENHQ=
X-Google-Smtp-Source: 
 ABdhPJztlRKA+disxx6+PENG9mC9e4Z/x09U+JVO5rJzzbFObIRuAFpqxdKGL0iWcZ2GW6lNPBrssw==
X-Received: by 2002:a05:6402:3075:: with SMTP id
 bs21mr28159412edb.236.1600264719656;
        Wed, 16 Sep 2020 06:58:39 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a17:907:387:: with SMTP id ss7ls1119681ejb.5.gmail; Wed, 16
 Sep 2020 06:58:38 -0700 (PDT)
X-Received: by 2002:a17:906:660f:: with SMTP id
 b15mr26715027ejp.333.1600264718490;
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264718; cv=none;
        d=google.com; s=arc-20160816;
        b=IXbJwa9JXL6L9L6gF7CIjJsg4j+Mm3ocDcB2c0+y4lSlG/Y0v6dD6GvHAjUV7teUX7
         kGeJ0zNn0RFs+YiLNHOui9CbJE+zUH+qwQRtHkYa/X5QMjilGaf2+E2UxgLPeYwC5JNc
         olmOTMKiArNE8gxFuspoRnT4ngF+z2I0IeOkjoL2gks0ULhCSYqrdM1nziUBCvywyC6F
         M/TnN4stp3/WdKkr4GECvWYNWJrcyGzdjxEfhiqS1mnyGyLxla+2ETpwM24arUeIBotL
         bnuvRl/iJRGWnELHRSqYNyiaetCJ40pAWP6Lw/m4H0eb7ZLG6CY7PAC/UKljkm8CcJQ2
         UpHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=ADh6JQfEZbaj03LWAOOUXpXW64IMZLQGR7qsnbBKO/E=;
        b=p3HOJbCEuyWTHgQvJ9SU6CMkxwcGIkFlyzW2TiEhE5qHWT0lHFmUh/p7LDf/DxJMn1
         VkwO7b6bubR0QkJdJrElMOcNzAdQw8W4UsG2a6l5Gk1R3Ks+cJhkR9claSUKNlSODh2N
         e999DQSQIgaM8YpbsjNARDr3wmb4QmrBB+pdhupwuZj0XrXkSvg2s3ZD6c4A2VCxk/HV
         /DrfAkT/LKjg9fGs4ZqPfnn7ihOHwU8YLXZnRwA+VJEbxaTO2Va20It83bYiw+YdokEe
         J2Zjhc23R5wnGbx694p3ZrndPb31wyB1fnFkxc+GB0GaHynqQpeMarrvMFGIxfqsXnhT
         /PJA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=xi6vd9PL;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 f17si566880edx.5.2020.09.16.06.58.38
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 14/16] encrypted images: Implement other key
 lengths in providers
Date: Wed, 16 Sep 2020 15:58:23 +0200
Message-Id: <20200916135825.40367-15-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=xi6vd9PL;       dkim=neutral
 (no key) header.i=@linutronix.de header.s=2020e;       spf=pass (google.com:
 domain of bage@linutronix.de designates 193.142.43.55 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

Each SSL implementation used to have only AES256 support.
Implement AES128 and AES192 for all SSL implementations with all key sizes
possible at runtime.

The PKCS#11 operations are bound to the stored key size anyway.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 core/cpio_utils.c                  |  2 +-
 corelib/swupdate_decrypt.c         | 17 +++++++++++++++--
 corelib/swupdate_decrypt_mbedtls.c | 25 ++++++++++++++++++++++---
 corelib/swupdate_decrypt_pkcs11.c  |  3 ++-
 include/sslapi.h                   |  4 ++--
 test/test_crypt.c                  |  4 ++--
 6 files changed, 44 insertions(+), 11 deletions(-)

diff --git a/core/cpio_utils.c b/core/cpio_utils.c
index f9f5bbe..465a473 100644
--- a/core/cpio_utils.c
+++ b/core/cpio_utils.c
@@ -453,7 +453,7 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi
 			ivt = ivtbuf;
 		} else
 			ivt = get_aes_ivt();
-		decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, ivt);
+		decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, get_aes_keylen(), ivt);
 		if (!decrypt_state.dcrypt) {
 			ERROR("decrypt initialization failure, aborting");
 			ret = -EFAULT;
diff --git a/corelib/swupdate_decrypt.c b/corelib/swupdate_decrypt.c
index f14ca9c..2d1fedb 100644
--- a/corelib/swupdate_decrypt.c
+++ b/corelib/swupdate_decrypt.c
@@ -17,9 +17,10 @@
 #include "sslapi.h"
 #include "util.h"
 
-struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv)
+struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, unsigned char *iv)
 {
 	struct swupdate_digest *dgst;
+	const EVP_CIPHER *cipher;
 	int ret;
 
 	if ((key == NULL) || (iv == NULL)) {
@@ -27,7 +28,19 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char
 		return NULL;
 	}
 
-	const EVP_CIPHER *cipher = EVP_aes_256_cbc();
+	switch (keylen) {
+	case AES_128_KEY_LEN:
+		cipher = EVP_aes_128_cbc();
+		break;
+	case AES_192_KEY_LEN:
+		cipher = EVP_aes_192_cbc();
+		break;
+	case AES_256_KEY_LEN:
+		cipher = EVP_aes_256_cbc();
+		break;
+	default:
+		return NULL;
+	}
 
 	dgst = calloc(1, sizeof(*dgst));
 	if (!dgst) {
diff --git a/corelib/swupdate_decrypt_mbedtls.c b/corelib/swupdate_decrypt_mbedtls.c
index c970b9b..c282cb5 100644
--- a/corelib/swupdate_decrypt_mbedtls.c
+++ b/corelib/swupdate_decrypt_mbedtls.c
@@ -3,10 +3,12 @@
 #include "sslapi.h"
 #include "util.h"
 
-struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv)
+struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, unsigned char *iv)
 {
 	struct swupdate_digest *dgst;
+	mbedtls_cipher_type_t cipher_type;
 	const mbedtls_cipher_info_t *cipher_info;
+	int key_bitlen;
 	int error;
 
 	if ((key == NULL) || (iv == NULL)) {
@@ -14,7 +16,24 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char
 		return NULL;
 	}
 
-	cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_CBC);
+	switch (keylen) {
+	case AES_128_KEY_LEN:
+		cipher_type = MBEDTLS_CIPHER_AES_128_CBC;
+		key_bitlen = 128;
+		break;
+	case AES_192_KEY_LEN:
+		cipher_type = MBEDTLS_CIPHER_AES_192_CBC;
+		key_bitlen = 192;
+		break;
+	case AES_256_KEY_LEN:
+		cipher_type = MBEDTLS_CIPHER_AES_256_CBC;
+		key_bitlen = 256;
+		break;
+	default:
+		return NULL;
+	}
+
+	cipher_info = mbedtls_cipher_info_from_type(cipher_type);
 	if (!cipher_info) {
 		ERROR("mbedtls_cipher_info_from_type");
 		return NULL;
@@ -33,7 +52,7 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char
 		goto fail;
 	}
 
-	error = mbedtls_cipher_setkey(&dgst->mbedtls_cipher_context, key, 256, MBEDTLS_DECRYPT);
+	error = mbedtls_cipher_setkey(&dgst->mbedtls_cipher_context, key, key_bitlen, MBEDTLS_DECRYPT);
 	if (error) {
 		ERROR("mbedtls_cipher_setkey: %d", error);
 		goto fail;
diff --git a/corelib/swupdate_decrypt_pkcs11.c b/corelib/swupdate_decrypt_pkcs11.c
index 1ca0a93..203eea6 100644
--- a/corelib/swupdate_decrypt_pkcs11.c
+++ b/corelib/swupdate_decrypt_pkcs11.c
@@ -22,7 +22,8 @@ static void wolfssl_debug(int __attribute__ ((__unused__)) level, const char *co
 }
 #endif
 
-struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *uri, unsigned char *iv)
+struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *uri,
+					char __attribute__ ((__unused__)) keylen, unsigned char *iv)
 {
 	struct swupdate_digest *dgst;
 	const char *library;
diff --git a/include/sslapi.h b/include/sslapi.h
index 5a3236a..9a6af4f 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -179,7 +179,7 @@ int swupdate_HASH_compare(const unsigned char *hash1, const unsigned char *hash2
 #endif
 
 #ifdef CONFIG_ENCRYPTED_IMAGES
-struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, unsigned char *iv);
+struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, unsigned char *iv);
 int swupdate_DECRYPT_update(struct swupdate_digest *dgst, unsigned char *buf, 
 				int *outlen, const unsigned char *cryptbuf, int inlen);
 int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf,
@@ -190,7 +190,7 @@ void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst);
  * Note: macro for swupdate_DECRYPT_init is
  * just to avoid compiler warnings
  */
-#define swupdate_DECRYPT_init(key, iv) (((key != NULL) | (ivt != NULL)) ? NULL : NULL)
+#define swupdate_DECRYPT_init(key, keylen, iv) (((key != NULL) | (ivt != NULL)) ? NULL : NULL)
 #define swupdate_DECRYPT_update(p, buf, len, cbuf, inlen) (-1)
 #define swupdate_DECRYPT_final(p, buf, len) (-1)
 #define swupdate_DECRYPT_cleanup(p)
diff --git a/test/test_crypt.c b/test/test_crypt.c
index 2481d69..4a28874 100644
--- a/test/test_crypt.c
+++ b/test/test_crypt.c
@@ -43,7 +43,7 @@ static void hex2bin(unsigned char *dest, const unsigned char *source)
 static void do_crypt(struct cryptdata *crypt, unsigned char *CRYPTTEXT, unsigned char *PLAINTEXT)
 {
 	int len;
-	void *dcrypt = swupdate_DECRYPT_init(crypt->key, crypt->iv);
+	void *dcrypt = swupdate_DECRYPT_init(crypt->key, 32, crypt->iv);
 	assert_non_null(dcrypt);
 
 	unsigned char *buffer = calloc(1, strlen((const char *)CRYPTTEXT) + EVP_MAX_BLOCK_LENGTH);
@@ -114,7 +114,7 @@ static void test_crypt_failure(void **state)
 	hex2bin((crypt.crypttext = calloc(1, strlen((const char *)CRYPTTEXT))), CRYPTTEXT);
 
 	int len;
-	void *dcrypt = swupdate_DECRYPT_init(crypt.key, crypt.iv);
+	void *dcrypt = swupdate_DECRYPT_init(crypt.key, 32, crypt.iv);
 	assert_non_null(dcrypt);
 
 	unsigned char *buffer = calloc(1, strlen((const char *)CRYPTTEXT) + EVP_MAX_BLOCK_LENGTH);

From patchwork Wed Sep 16 13:58:24 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365338
Return-Path: <swupdate+bncBDPPPP7KYILBBD5URD5QKGQENBZLCUA@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::339; helo=mail-wm1-x339.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbd5urd5qkgqenbzlcua@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=huzu+6uy;
	dkim-atps=neutral
Received: from mail-wm1-x339.google.com (mail-wm1-x339.google.com
 [IPv6:2a00:1450:4864:20::339])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sZ6Wz6z9sVX
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:42 +1000 (AEST)
Received: by mail-wm1-x339.google.com with SMTP id x6sf1075833wmi.1
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:42 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264719; cv=pass;
        d=google.com; s=arc-20160816;
        b=g9ux9NEORZWvRzHM3k1x4nk39DgWmHeHtTOPtUVD06MJ/KUwzc34VfFUN00I+DXt2F
         Xj5TN5EvB22azn6nCbwfCagBcbFNTnmwEhb0rV8b8h5H7REMavuTKGmYPqm4jEHyblNT
         c6+KCDY2Am6FyNMkYcmFnjieaa596odYr31by1zKth4iWrmfT1hc8awi8R2c1qVqp6Hr
         5uoA9x+qrpOmB/TftZeHH0o2+WiObhebP5R1aVJUDp1FECN0S2AtgsnrMWBFZ0I9G8KL
         8xdNd4ML7SGBVy3XuMRhkCkOAhliMgCD7FP540kxOVTi+N7roUcWp+eRSfmk4zmPoiS7
         Nq2A==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=J6+YWQwR68X1eqBkonCRsRftTVJqVQ4t/TIBh8OkPW8=;
        b=hbvgfs0/G2SyEsjdejgoe2rVvIFSdVgCfG3/eggRDMDks5jDZ8fX+Yog0UpWzfUXbB
         s3viZ+7VUBy88ePVR9WE48Wb++RCGxqIqVJ17eDaRCzbddi5DUufHp64uiFQfi0U/eW7
         m6g6katwSC95CrZp9zpAAVXscvcX7q/5QxaHPm/hWCAWjl9wdBndp/ajFqBQYdy2BB/K
         5WtuRXCoOdBhRILXCXL3ljxqYVKIV405+k3Fz1SOWieUHqBEKmNbZJzJChYSZjGEhrRb
         blqH1EV5CbElTGkvmxIz+VuJAED/QBVvVbye/VJTs6qs1XrjC7ozioJcWWKV9aTWKq+S
         eEbw==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=08SWT8iq;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=J6+YWQwR68X1eqBkonCRsRftTVJqVQ4t/TIBh8OkPW8=;
        b=huzu+6uy/AtQfqc4AHHLO4mjsVuGZh1OfORghx5pkBfb9BQcyocHWAlFNKiRqOHdtD
         WsS9U54L1DfO58DzYu8O2DS6LNpACw2dLuZISTjlHW5/RWDF7EsAFfxidY7NgWYuSJEa
         wsHXW9S7FMpcwWeGkg1Txm6fj4TWw6nIvMAdqqZEbmkpAeN2N6XrLoH3zKfss8Joi5rR
         4xAaakhhwSaJ5iOTax2rYtGuPDRgblV+qaHoeC+Z2liyX0pjwvBtVHer8q8M5C/GRz2X
         yCbexUZfhqI01QJyje9+M6hOf/u7saZy2lEDnB9u242b5xin+dYX/JyD9kGm1pn5MmfB
         XoNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=J6+YWQwR68X1eqBkonCRsRftTVJqVQ4t/TIBh8OkPW8=;
        b=g8e6Aa0MEWGcOu0Z60rXHs+xtyjKsLEbQSWJNeBWF90SyMqE0aWbICU2hBhYOXDHEU
         16ZjEcaEr2sPhk6jwzfay1tfIhqbC6i33wZ4QwWVNnUENS0cgpXNZKD5t1C/uGnJnAM7
         QgK+Mb5+j8ogNXHciwX24Vdb7UDELY8mCUQuDr7X/xdlEXQdkOBptlatOm3RQDDf1pJ/
         13xLIM1CwfLXW6ka9sUU5MTNIrDQ+0pBJ/WV60jc9sWhy6Q6/Ifz2R+RxU2Qe43/QnCY
         IRmyW7wDy4Qn0F/4rHNDx1PGNEPyk9hrcvocF0FmilkAB674BDIa59pi0XzSf2rRqS/O
         pmOA==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM532J3ar5pxsBZ0kcL4SiQ06nEQbRCS6rliwrUeCg36BVWskbYUy2
	xuLfSkM7ptMJZBoNOipiUHk=
X-Google-Smtp-Source: 
 ABdhPJyEFfWdK97TdNODeuxQNi0SlYdaaZ9py3R1d6s/5gEcQdPHJQPTL2JTAtB2TrTQhM1FgTvppQ==
X-Received: by 2002:adf:a3d4:: with SMTP id m20mr23142866wrb.29.1600264719636;
        Wed, 16 Sep 2020 06:58:39 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:6000:8:: with SMTP id h8ls2585228wrx.3.gmail; Wed, 16
 Sep 2020 06:58:38 -0700 (PDT)
X-Received: by 2002:adf:dcd1:: with SMTP id
 x17mr28837783wrm.150.1600264718695;
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264718; cv=none;
        d=google.com; s=arc-20160816;
        b=DbiC9OwaNXTCh7ZLxzvTRyiXNYrCuF5lJayNEuyjjkrhj9DGiyd+axlEwWdbcl8znP
         bPhA39FXvw/clPMS274Qb7e3O7hs1FdJIk+8RGGZfwQhav0rC2R7dOnnO/x0FWG6E2kB
         tihTy02tLHVW/rpPG3TkHFyv2SHKs2HWCTUuJ4Oz9sxKns5dV60dgM0r/ucMsyX8L8a9
         cSY/3Yyx6Y7josm1DXqJFtquhzysWeMERWudvIFk+srRdRUA+Mn6MY5RngqBiK2DzWvy
         npSxLhWmqK2mmMRu9oqvXMhYIPCBLBzY+1MloYPPNgCs9Ir1Vry6lNLZCU4Tw40UdXvA
         4YAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=TuD31jgwx3ArrcNzRwKb2RBV2knhKCsFUwY9UX8eTBs=;
        b=lZrqcX2/+N3hxJdyEd9+ysaVpikleLvCuQpRl1AZ5UA5iXvyMUnFAp2lIjwCmVLcRL
         CJp8caNIBoilVG2XYrEM+htKZsDdHRIPydy/fNbPuFe2axMw/IHnArm0HhY3rO08L5NV
         DSVzuDwGs46xC6zriRUpkOMu3yHyzgjCSsoc9dKTcytbs0OGYASVJqsTCAxlp5F1W4zJ
         2AkbcFYm4uRHT8UWmq9fNtl8CKl2PBNfXv4v1pSepD7SQvm/y4SVtsN5qEMCO+fpk/Xv
         xckPC3qnLY2pDx7FtP1C+AvxgJIT/McuuN73Du3aH43dFvt5TRx3Gq1O77adONOiHMnU
         4vuQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=08SWT8iq;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 x1si114297wmk.2.2020.09.16.06.58.38
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 15/16] doc: encrypted images: Using different key
 lenghts
Date: Wed, 16 Sep 2020 15:58:24 +0200
Message-Id: <20200916135825.40367-16-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=08SWT8iq;       dkim=neutral
 (no key) header.i=@linutronix.de;       spf=pass (google.com: domain of
 bage@linutronix.de designates 193.142.43.55 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 doc/source/encrypted_images.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst
index 822012d..b155590 100644
--- a/doc/source/encrypted_images.rst
+++ b/doc/source/encrypted_images.rst
@@ -2,7 +2,8 @@ Symmetrically Encrypted Update Images
 =====================================
 
 SWUpdate allows one to symmetrically encrypt update images using the
-256 bit AES block cipher in CBC mode.
+AES block cipher in CBC mode. The following shows encryption with 256
+bit key length but you may use other key lengths as well.
 
 
 Building an Encrypted SWU Image

From patchwork Wed Sep 16 13:58:25 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@linutronix.de>
X-Patchwork-Id: 1365342
Return-Path: <swupdate+bncBDPPPP7KYILBBD5URD5QKGQENBZLCUA@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::63b; helo=mail-ej1-x63b.google.com;
 envelope-from=swupdate+bncbdpppp7kyilbbd5urd5qkgqenbzlcua@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=linutronix.de
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=BfOwhvjT;
	dkim-atps=neutral
Received: from mail-ej1-x63b.google.com (mail-ej1-x63b.google.com
 [IPv6:2a00:1450:4864:20::63b])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Bs1sb6D6Nz9sTs
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Sep 2020 23:58:43 +1000 (AEST)
Received: by mail-ej1-x63b.google.com with SMTP id w27sf2923867ejb.12
        for <incoming@patchwork.ozlabs.org>;
 Wed, 16 Sep 2020 06:58:43 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600264720; cv=pass;
        d=google.com; s=arc-20160816;
        b=MrR9FtEYDsRJkH9soREvRkLvk7r40ib3k+k9ZtQjIfWBDYtYMbrSAQxpo4r7xJ1eXi
         pPG5dKnGJ7QF5De7nHKb6J2ezSPNhG0EvpoIjsudRJVJxZKr8TvaHykk7bWFvw8P0ETC
         wPaPH818PTCdxgeq3ul3wd7Uy/n1NzfK4O6htEEaDz45Cbf5bghAxRVtk0onMcdbg6E9
         mAe0pc2d/Rei8ck+Ab9Js2LClF46zbxfVYDfm+kxF1XjLVpoVU39isX35F2lklHAOOOK
         ohVBqoa+45P/BzTiFLyfZNbZYTZcXnt5rBd8EFXz2inrTbNVytQjWLB+/TA8M6yPKsqd
         FJKA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature;
        bh=7APKFi9pcgPSpiPPTl1/K8MFSKKw4DcSy5rBowstsII=;
        b=ei9O0dyo32RYMyrAlk+QyKsTdhaMbE0ZmY3eaKhMKZwlR0lFXU5JLQYuHMqKXjrWLw
         QueoyV78V2KQjHOvoKeJ1Yg3wnhsK9BKwbVP1Ao7JHUdF+5hpfSP48SxWdEnPaxOMU2z
         RAAhep7RMqpvf1Qj1E3R96iCc6ONW+0JdwmNcZzqL0JF7b1rVeLkbE79BkwnPe+DzmcW
         GEWNov7zkcpNykSNecYcsr6gqeEMZQxizkqenlC1GCeFDVcB25RoKz16B0KUk5h9JkYQ
         1c7GmhiwzBXmNGGd9qf9n9yScl8EoiexQ6esBbXPj6y1u8rUFOX86Et0zJK22i+7uson
         L8Vw==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=U74SlOwa;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=7APKFi9pcgPSpiPPTl1/K8MFSKKw4DcSy5rBowstsII=;
        b=BfOwhvjT1L9wYfNPrSS2y+yLTrJ/zIP4rPx+ZxMqTcd28LN9S22CvZKw/9EcYd2A+R
         sD+mCY5zyombHaPwr+iqUKZ2eXsw8JiNmeTURF09V1ksswTI8xMBDbNQf5n2LxRMy743
         XCdZvVormn5IPM2PlBJXluA1YGYhAjk3LnGAXUcZ9RIr9sICSEIGKUJTmppyuQ7CxzJC
         HIB+zPJTZknQ6mXnYjCiPnJOSG5lIPlDPFD8RFauHVebq7NkGFgRgYoi7qrTFqwr8sfw
         6dC+684IRjJSbEfemAE8MLFdQKezqp0vfhRk9rfudCIlRsG2rpRoYl66hSi77GyT1CvD
         30Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :in-reply-to:references:mime-version:x-original-sender
         :x-original-authentication-results:precedence:mailing-list:list-id
         :x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=7APKFi9pcgPSpiPPTl1/K8MFSKKw4DcSy5rBowstsII=;
        b=jpDvNAC1NxoDTr0Ms9LiLA2L/6MGBW9l8QmKYgm6jtveQKnnsr6rBnNAhvBaf7Qj42
         XR/EuZC8RxQDdmRX01vlcQpgo2+qRqKIA4f4BRn5dzdDj9KFYyIQfBk0PsokL1RSIzfL
         gesl5kD0XCBQprp4kBtjmNMpdVSgNKVXT+m8nYfneDtF4zsKO1fzdbzNs71OT5odoDVm
         0lcgVvXgvRcfWxMS6/Vx83F4gC4NTK5WnN3eKzEYtewhmnWngQ0iEL38w64HUGjo0SR2
         iHd/XGXNdCSHqMRqRq5iuccjELamoa5qOaBI9UvD11HhRsIsJbudQtO6yZGnIJH6qzzU
         ajAQ==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM532t/7T7vA+2SGaGqOTijqkZpwg6VEb2oCu1kJgzuRYC7ApFzTQR
	33CMQmL7C2SJZPCltpqRikY=
X-Google-Smtp-Source: 
 ABdhPJynIXz3OvvyaD5tqOdVz4NqEQyF/HyRVrnNzmxCYdKGIqtDHbZ8rS1MswUH0eVVuPjP+K/hSA==
X-Received: by 2002:a17:906:b156:: with SMTP id
 bt22mr25162160ejb.481.1600264720196;
        Wed, 16 Sep 2020 06:58:40 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a17:906:f849:: with SMTP id ks9ls1108195ejb.11.gmail; Wed,
 16 Sep 2020 06:58:39 -0700 (PDT)
X-Received: by 2002:a17:906:2c01:: with SMTP id
 e1mr26094442ejh.128.1600264719012;
        Wed, 16 Sep 2020 06:58:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600264719; cv=none;
        d=google.com; s=arc-20160816;
        b=Wplm2fY5SS4znUbieUYPepkdsbiRfVqRkng8ND5dyz7qfxRNefd0kXz1oOgUaIZ83R
         F+l8bj/Qcn8OrzJRWUdnvBoYzY3NmtP2wqIUzIXysmhoiGmxAwSUx/GSeYodjl6Selyj
         04shI7bwifNkYYC0ofCW2YD9h2gpyIsY9ROI5Bq105D1mBauXV0J8x7jLfM/qWZS1djm
         sE5C5SEqbMwpf98macETENdo7138gwJdLEoWxxfIv9ozXzoJf0IMBJ8mFhknWbt+xDav
         iIzqkDHkjxjawYpnzOK3amFEFd+AdoBxmR52EE0zU1vMOLAGW+At1KhT2bdJMzUAVkLS
         GmIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=FsqLQZmVndglJE2AAwPtPrPvewrxrIwwItYfpQdb7uA=;
        b=G9VUOFTikBWw44uWAiVR6uVZB1etdYP4LVXVL19LCN0uVTjfV0BhCxmK3YixdvKBXp
         jL21tqNmiyDy+vXOscTCuMSPKCPCz9675Gd4QHy+mynivmuq/Gmnma1lqbWvRUfrcKqy
         yhoIG4bvPWO39jOmrZOEmt/RsNgTy3ocFWDOzccWmM0wiIKWLcu3T4U0tedzZXJ9bXSv
         O8HlEA+tSFXpO851maFr8lrhiojwK9rpDQVM2lmpcDmbQ3DHXrKF0s1fVVJbLX27hAH5
         mxi1I8+qZCrVwOLmQ4leqo4typcncInjtn1hDjDnW5ScVXq8Hx6AP8/r/XdJOouEa3ea
         bYDg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=U74SlOwa;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) smtp.mailfrom=bage@linutronix.de;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from galois.linutronix.de (Galois.linutronix.de. [193.142.43.55])
        by gmr-mx.google.com with ESMTPS id
 w16si558152edq.4.2020.09.16.06.58.38
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Sep 2020 06:58:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of bage@linutronix.de designates
 193.142.43.55 as permitted sender) client-ip=193.142.43.55;
From: bage@linutronix.de
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@linutronix.de>,
	Torben Hohn <torben.hohn@linutronix.de>
Subject: [swupdate] [PATCH 16/16] encrypted images: Test other key lengths
Date: Wed, 16 Sep 2020 15:58:25 +0200
Message-Id: <20200916135825.40367-17-bage@linutronix.de>
In-Reply-To: <20200916135825.40367-1-bage@linutronix.de>
References: <20200916135825.40367-1-bage@linutronix.de>
MIME-Version: 1.0
X-Original-Sender: bage@linutronix.de
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@linutronix.de header.s=2020 header.b=U74SlOwa;       dkim=neutral
 (no key) header.i=@linutronix.de;       spf=pass (google.com: domain of
 bage@linutronix.de designates 193.142.43.55 as permitted sender)
 smtp.mailfrom=bage@linutronix.de;       dmarc=pass (p=NONE sp=QUARANTINE
 dis=NONE) header.from=linutronix.de
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

From: Bastian Germann <bage@linutronix.de>

Rework the test_crypt to test each AES key length.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Reviewed-by: Torben Hohn <torben.hohn@linutronix.de>
---
 test/test_crypt.c | 44 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/test/test_crypt.c b/test/test_crypt.c
index 4a28874..7d82bc5 100644
--- a/test/test_crypt.c
+++ b/test/test_crypt.c
@@ -40,10 +40,10 @@ static void hex2bin(unsigned char *dest, const unsigned char *source)
 	}
 }
 
-static void do_crypt(struct cryptdata *crypt, unsigned char *CRYPTTEXT, unsigned char *PLAINTEXT)
+static void do_crypt(struct cryptdata *crypt, char keylen, unsigned char *CRYPTTEXT, unsigned char *PLAINTEXT)
 {
 	int len;
-	void *dcrypt = swupdate_DECRYPT_init(crypt->key, 32, crypt->iv);
+	void *dcrypt = swupdate_DECRYPT_init(crypt->key, keylen, crypt->iv);
 	assert_non_null(dcrypt);
 
 	unsigned char *buffer = calloc(1, strlen((const char *)CRYPTTEXT) + EVP_MAX_BLOCK_LENGTH);
@@ -58,13 +58,34 @@ static void do_crypt(struct cryptdata *crypt, unsigned char *CRYPTTEXT, unsigned
 	free(buffer);
 }
 
-static void test_crypt_1(void **state)
+static void test_crypt_128(void **state)
 {
 	(void)state;
 
-	unsigned char KEY[] = "E5E9FA1BA31ECD1AE84F75CAAA474F3A663F05F412028F81DA65D26EE56424B2";
+	unsigned char KEY[] = "E5E9FA1BA31ECD1AE84F75CAAA474FB2";
 	unsigned char IV[] = "E93DA465B309C53FEC5FF93C9637DA58";
-	unsigned char CRYPTTEXT[] = "E4B7745CA14039555CECD548BB33E0C3";
+	unsigned char CRYPTTEXT[] = "a68148be39f9c60175ccc31c19ab92e7";
+	unsigned char PLAINTEXT[] = "CRYPTTEST";
+
+	struct cryptdata crypt;
+	hex2bin((crypt.key = calloc(1, strlen((const char *)KEY))), KEY);
+	hex2bin((crypt.iv = calloc(1, strlen((const char *)IV))), IV);
+	hex2bin((crypt.crypttext = calloc(1, strlen((const char *)CRYPTTEXT))), CRYPTTEXT);
+
+	do_crypt(&crypt, 16, &CRYPTTEXT[0], &PLAINTEXT[0]);
+
+	free(crypt.key);
+	free(crypt.iv);
+	free(crypt.crypttext);
+}
+
+static void test_crypt_192(void **state)
+{
+	(void)state;
+
+	unsigned char KEY[] = "F8A4B2D01A4A28C39E50D789C5B3CC386E56B63F16A7211A";
+	unsigned char IV[] = "08E8E00743E98EE82B90BBCC0DE83A77";
+	unsigned char CRYPTTEXT[] = "b5adf128eed12c9f13bd85cfdbe2d0fc";
 	unsigned char PLAINTEXT[] = "CRYPTTEST";
 
 	struct cryptdata crypt;
@@ -72,14 +93,14 @@ static void test_crypt_1(void **state)
 	hex2bin((crypt.iv = calloc(1, strlen((const char *)IV))), IV);
 	hex2bin((crypt.crypttext = calloc(1, strlen((const char *)CRYPTTEXT))), CRYPTTEXT);
 
-	do_crypt(&crypt, &CRYPTTEXT[0], &PLAINTEXT[0]);
+	do_crypt(&crypt, 24, &CRYPTTEXT[0], &PLAINTEXT[0]);
 
 	free(crypt.key);
 	free(crypt.iv);
 	free(crypt.crypttext);
 }
 
-static void test_crypt_2(void **state)
+static void test_crypt_256(void **state)
 {
 	(void)state;
 
@@ -93,7 +114,7 @@ static void test_crypt_2(void **state)
 	hex2bin((crypt.iv = calloc(1, strlen((const char *)IV))), IV);
 	hex2bin((crypt.crypttext = calloc(1, strlen((const char *)CRYPTTEXT))), CRYPTTEXT);
 
-	do_crypt(&crypt, &CRYPTTEXT[0], &PLAINTEXT[0]);
+	do_crypt(&crypt, 32, &CRYPTTEXT[0], &PLAINTEXT[0]);
 
 	free(crypt.key);
 	free(crypt.iv);
@@ -132,9 +153,10 @@ int main(void)
 {
 	int error_count = 0;
 	const struct CMUnitTest crypt_tests[] = {
-		cmocka_unit_test(test_crypt_1),
-		cmocka_unit_test(test_crypt_failure),
-		cmocka_unit_test(test_crypt_2)
+		cmocka_unit_test(test_crypt_128),
+		cmocka_unit_test(test_crypt_192),
+		cmocka_unit_test(test_crypt_256),
+		cmocka_unit_test(test_crypt_failure)
 	};
 	error_count += cmocka_run_group_tests_name("crypt", crypt_tests, NULL, NULL);
 	return error_count;