From patchwork Mon Jan 15 19:26:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886821 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=iDu5fNR0; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=JcYfU86Q; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::239; helo=mail-lj1-x239.google.com; envelope-from=swupdate+bncbdy5juxlviebb7eos2wqmgqepwp43ga@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lj1-x239.google.com (mail-lj1-x239.google.com [IPv6:2a00:1450:4864:20::239]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdc686qz23ds for ; Tue, 16 Jan 2024 06:29:07 +1100 (AEDT) Received: by mail-lj1-x239.google.com with SMTP id 38308e7fff4ca-2cd0804c5e6sf12132581fa.0 for ; Mon, 15 Jan 2024 11:29:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346942; cv=pass; d=google.com; s=arc-20160816; b=eXvg+ypFF0Dt9F6+6O0Wr/2cWK/inr4eNgKmcp1+lwe2xknvgFal/53/Xowo3zEXqS h2BU610INfnVv0kOEQgZJaGvscNYhX48FcHcW5tNmo8Z0BLzMpd0FwRUN0R3NQBwx44V 7FZd2lzGeF3o52/f8hIWu8ljkdYVrj54sy78TG+8/jzLHuqLHw/8PtCr2Muz37Jr+DTP hz9xOrccoHZLzXCQOThZd+AzYNjSjwsesrDWwKstYR/WHdltX716Fj4+Ht1c1VVkF0ku yiOocL80YIBzQ8EZRYvWfccCq5XeAJVaL0sV5TA0N94LTH2/CJv1DnvPlbw+x91+hSK6 zvxw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=qVehcbU1dkDu9Dn4lPGr8az4mgozLElhAGPbPJwNDPk=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=YbtNDkoBCwjZYHDv6d+AlUtlfZaS82m8KfKtD/n4BaDIqcpABut5m18D1OTYzDpgPg OYRIHbtLV1fYwIkSZJTdRjtjAL7YqGdFRTeG2VZF4ZfRcu8EQTLgYZAIZauqTQnauN1p YmXCBcMcnT3ifFt6dolqF8HN09EsflzlzB+UbkNWzVzVZpwVgkrOfNPkkZ8AiG6L7TfP IzlOz1ItStKzhl1BPnDl9cJ7JTnTUoK7XToZebgUEQfyqAbmeDJ3goYdhatSIylK9tJr uMK9u4/lSW6WAtqTSAT+7N3fAY5/mVbEr8afsqfF+dJptNvx8IKElbIgwlyF1MQHF2ip zQdg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NLBtFDy3; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12a as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346942; x=1705951742; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=qVehcbU1dkDu9Dn4lPGr8az4mgozLElhAGPbPJwNDPk=; b=iDu5fNR0tTTFQDEx/zW1t/LTzI6pGwQrS12VeGoLUpc+KcvKMDLHyNX1sf4jDLgyYZ 2Y2SOzXrdNh3DKAe5ipRZkihnRaRK9TOf3EnqQiD7dejkGnr1ur+YHwAC3u6A8qZRYIa fAj6gAT18NQxwPnDm8Aj+26rrgGqxhQfzxxg6yGoI75Q63TojbAzafE9TMvLJOv1w+QA trB79YvOg24b30PWBQnktG5gDHeFeJJXaybQfFKoyjWI9WQ3MLucgt0vKX+oKL46wyAC lmv/KVNZWLhHlO21y0+3wT6DX99YX77P9TVojs+eITkRrOCQUaHiGYwybp0nnE51Ej+Z xJsg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346942; x=1705951742; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=qVehcbU1dkDu9Dn4lPGr8az4mgozLElhAGPbPJwNDPk=; b=JcYfU86QuQM/WMIjbPqbzFFpkJnl4Swiyx8B6SdNrFh3eGLUqHJ7OjDwkTvHpi8dbF rxFz7giK0ig3ErDIuCldxy5ZZ2XdGudAawtJbx2C7pVXx7f3Imi+KfY3N9yI4yw66Btr UXRnUPMDSAyKVBCimA2espnzqesvFGk20hkwnLeyckqz8iJHAZmgrjm37w/H5bfDpcRZ od3ocJ4W3y29MZEUdYkwvyakv8kKExcpR6nrZS+1yNRCOjVQx4SYLHAhql5CYh3+qf1x lOqYgFdpzDSUapeCKALC36Qmlpgyn1rWbggDWNat/pdngP+BvrsF1s2YdiZ3GO49dw+g J7DA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346942; x=1705951742; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=qVehcbU1dkDu9Dn4lPGr8az4mgozLElhAGPbPJwNDPk=; b=kDoMLAVQz3DWS2tGa+n9vejZajY4JWhJlDHvDerpCdwLyS+y0uJbKi2Bpg+jan9SZv wx0RsTULX0d5/EhaLf5qBgb4QvlscGd2UjPSXugCBWZWNau/4mDBK4xT2h2tGCQFcOU2 0YpL7CdiLbIykSp9exvnII+6qXN/A7CkZDBz7z4G1Nvy2PA/0bWDyoBocYBZDr+VqtIQ +C6ugbe3mUtiRB52YMpi9mDJnjx6oZVkSzuWBwHH3wWPQ/bi5g7Z1veML2Qpskqw51Gx kXYFrwPIiDCEfV2HuchlsDfLrydnaD8B1lHGAKZ/qnupRvW/CVoPARG+Ap/0s0av7SXu 8eTw== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YzfJ3cgNFkheWQT57XFeXMVngqGF3XYSZxb/Tfse1vuZpUatdCw tm4p3TRulTXcTBw1mQwOVyY= X-Google-Smtp-Source: AGHT+IH6F9CqlZiB9ClfIl4bQANr+B+bLuQQoPpfbcXcFKvrMTYUUuOqmrIJdkXH/b21l+M68nKTtA== X-Received: by 2002:a2e:8094:0:b0:2cc:7103:6b21 with SMTP id i20-20020a2e8094000000b002cc71036b21mr3010987ljg.53.1705346941206; Mon, 15 Jan 2024 11:29:01 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a2e:a992:0:b0:2cc:ea42:1d66 with SMTP id x18-20020a2ea992000000b002ccea421d66ls102298ljq.1.-pod-prod-05-eu; Mon, 15 Jan 2024 11:28:59 -0800 (PST) X-Received: by 2002:a05:651c:168f:b0:2cc:effb:cbb2 with SMTP id bd15-20020a05651c168f00b002cceffbcbb2mr2755695ljb.52.1705346938716; Mon, 15 Jan 2024 11:28:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346938; cv=none; d=google.com; s=arc-20160816; b=CpBolyFoPukaKR+BMza+A9Yw+JLeh4WJqc1bIhAwdMrtI1MHv7NT7cFCU0F1T/wSm8 LzLqYRtEAKqf4YdZhTi9GPvX1jpvGvaZcd9k7WcasjyeV7q0tzfYoPEs8ETzXyiEBU/F 0adq6RVv12wPJpoQ/wlWsXOeChXJWSfHR7WkrQOnRlQjGhtNwmGz2EiviG8r1UmXe8u/ JJnTAX15MoJDbrZgNtL8Lm0IUmvms9xGbjIq+nYT88p7Giy1YIjAig7cvOWZunFYFsdE fFa04EqX2FasvspXaoLBNJRBDvkuVhc0TafkBu/dmeZyN7ySlz9hgWsTFn3WCu6igp9w Z+jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=tyCz6ocQg83n7YWHMsCZvZFv582BUejHqC2Oya4n994=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=YxV6QcJzL74DGXA+Pv/TD4m6XQZ3CYShpBUeHHwCuNwdfLnT045cU/b8LEkM3306/a 4hWq+h/UNP3dx3KBbngWXAqJp6IisBfIVS6YfElDWp8aYCWFwdNZXWmRYsSVE9ETTXqP 3iH3JN5c1Yhf7c3aCfSRvZH9NOTgOmQOs9il5czXsDD5sJ385EilF7+CokK5e6b/GexU IbTeJsHRopebYXunnsqumDIxQjX/AgF7/jSnunDADKPr4za42mawYuKdQi00A5tgHmt6 eP9qfrSHLHpZI/zFkgghzUeiAnY0H8m0bzPJSzklJd9cYZEvtkwyhtS3b23mFUanVrDi 6SHw== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NLBtFDy3; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12a as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com. [2a00:1450:4864:20::12a]) by gmr-mx.google.com with ESMTPS id w25-20020a2e9999000000b002cd6347ba65si322598lji.5.2024.01.15.11.28.58 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:28:58 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12a as permitted sender) client-ip=2a00:1450:4864:20::12a; Received: by mail-lf1-x12a.google.com with SMTP id 2adb3069b0e04-50e5a9bcec9so11079179e87.3 for ; Mon, 15 Jan 2024 11:28:58 -0800 (PST) X-Received: by 2002:a05:6512:551:b0:50e:75fc:35be with SMTP id h17-20020a056512055100b0050e75fc35bemr2920297lfl.90.1705346937934; Mon, 15 Jan 2024 11:28:57 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.28.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:28:57 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 1/8] parser: BUG: Image IVT with invalid size is accepted Date: Mon, 15 Jan 2024 20:26:38 +0100 Message-ID: <20240115192845.51530-2-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NLBtFDy3; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12a as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , An IVT with invalid size is currently accepted. Make an explicit size check before setting the image IVT. Signed-off-by: Michael Glembotzki --- parser/parser.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/parser/parser.c b/parser/parser.c index e13992e..67ae1b3 100644 --- a/parser/parser.c +++ b/parser/parser.c @@ -393,6 +393,22 @@ static int run_embscript(parsertype p, void *elem, struct img_type *img, return lua_parser_fn(L, embfcn, img); } +static void get_ivt_value(parsertype p, void *elem, char *ivt_ascii) +{ + size_t ivtlen; + const char *s = NULL; + + s = get_field_string(p, elem, "ivt"); + if (s) { + ivtlen = strnlen(s, SWUPDATE_GENERAL_STRING_SIZE); + if (ivtlen != (AES_BLK_SIZE * 2)) { + ERROR("Invalid ivt length"); + return; + } + strncpy(ivt_ascii, s, ivtlen); + } +} + static int parse_common_attributes(parsertype p, void *elem, struct img_type *image, struct swupdate_cfg *cfg) { char seek_str[MAX_SEEK_STRING_SIZE]; @@ -451,7 +467,7 @@ static int parse_common_attributes(parsertype p, void *elem, struct img_type *im get_field(p, elem, "install-if-different", &image->id.install_if_different); get_field(p, elem, "install-if-higher", &image->id.install_if_higher); get_field(p, elem, "encrypted", &image->is_encrypted); - GET_FIELD_STRING(p, elem, "ivt", image->ivt_ascii); + get_ivt_value(p, elem, image->ivt_ascii); if (is_image_installed(&cfg->installed_sw_list, image)) { image->skip = SKIP_SAME; From patchwork Mon Jan 15 19:26:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886819 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=dz1Bx5ml; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=NJN486b+; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::340; helo=mail-wm1-x340.google.com; envelope-from=swupdate+bncbdy5juxlviebb7mos2wqmgqe5yllb2i@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wm1-x340.google.com (mail-wm1-x340.google.com [IPv6:2a00:1450:4864:20::340]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdc5GYBz23dm for ; Tue, 16 Jan 2024 06:29:07 +1100 (AEDT) Received: by mail-wm1-x340.google.com with SMTP id 5b1f17b1804b1-40e74771019sf11302395e9.3 for ; Mon, 15 Jan 2024 11:29:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346942; cv=pass; d=google.com; s=arc-20160816; b=DC33GrN73Gr3PreKKCeCIVNsQ91CFbH+ZdN5EeuX4NlVxfiTvcxl5aXYWQKersCA+P Nje5WRE0STZgL+idnfAH8Emp9PavcLcyEI3MHeEgPn7A6qib1p36VVADMfxa52bdCdhZ y+V0M/p2e64qcFBRbiTEmyyslKgihZzPw6U/MPD4VcgyYLQm+jvHb+IqGieKbD1fwaQ/ sbIaBxJCW5YSwU/TgYwZ59NBJ5BQwGu9grAvqZEAZuM2ykjKDzBN/MYDTbMYldHfNVVL Wz2pyi6PLdn1sibgjc4M/gF6IkaroihFWfu6Trl/fxmFzOTOPMpBz62ImvXo1Cl6RHaj gceQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=KlNyaiyjuNtqXoCpBZcpBbk2+NjH+VzKqPObH6CpwtA=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=dYiyRssns7bL/FkBaAW4OSzTKQsfoXsA1FXEu1yUp2KIkhaWLmtmCQ3BnGEo0+5CWy 87Mn8MN/7XTjEFii4AFIRKPBk+M1Cravja90aheqHttauljsM4xeUwM6PACUTa92ZlUk dnAwG7oa4JqQd5SOz/jNnBjzKdCnp8g+BZSKsI05laQAfaeztl0v7eFMKKWlA3vfj6YA NzwOYtfy65AOFXZiF1Yy8ax04mHbbwGrsBkZb+IQUlEGmBxdL65RTGVIm40m1jhdGjXq ABrv1bvVrMekmgC8bODYwPUcbUlLUCMJOk1OPnRi6SdFhranxz3ddaB2dS+acJm+CwlZ Nieg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="Zw/45uW4"; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346942; x=1705951742; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=KlNyaiyjuNtqXoCpBZcpBbk2+NjH+VzKqPObH6CpwtA=; b=dz1Bx5mlXh0aElhJuy7ipAmv0dWrfV1youX7KO5ZkXMKKnwoFsN8evhEJLO8E5fu5I yYo9zHYNPX3bRYcUpdMBTFJBkiFYOksLCB8I1xw8IlJcaMmO2sd/BQ6zrkl4cTzgjEeQ HdS0Z2BdSdLvoXCjdwWzgByF6XyDLh7b/jlSL9YW6vWBlnZITyIx3AUkAP0JddKakJcT Pjwp8li4wr/jPn1Kb0I11KKE+wjrftuBcLLcvpH8Q26ndV7Syi7RcNlKjq7NyZdU+T6F rT0blzGLecxxd+DxHV7dCnhVz4Vo2507JdWfmbQpZJZMqwnvML+RCnb/bnYHIH2dxIKq U8rA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346942; x=1705951742; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=KlNyaiyjuNtqXoCpBZcpBbk2+NjH+VzKqPObH6CpwtA=; b=NJN486b+aS7HtSCdGswj97pZF41s3uyA+N/CAnf7WKceBc1+onoO6WBgvLkQDM21Mg 1n2Q37uv+Z6tAwJt2yeY74CNAHQJahwj1rHPkwbiU4R7RRJY6L1LQ+nho2tvk7Q30YI3 74ZmKYa8w96OvF3zn1uyx4k0fiM18mgTkhpTv61tu/BIOiuvKLeMTByMCXAfgA9U8UcI 4YIfc6U3VynxDpAR8HAxL8xD8VA+pXjmNmYuuBhOCQAtIFt8CCO9qEHHO4JcdiKRSWXA tC9EeIeehmisduhvM7sXQQd5fFmsJbuzi7TRiCHcijE5CvpZdbwhxIV92gh3wCJHP4/C 60KA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346942; x=1705951742; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=KlNyaiyjuNtqXoCpBZcpBbk2+NjH+VzKqPObH6CpwtA=; b=eb5U8wBCjrzuQP25c+5adXo87oM6VJ52L+tSJqY5HZybkTXlrKg/uwj0sYhOxJSPRT ypcq0dwrSStS3MGnIv6b6bd60L1zn7jfkoiUTvQwwQfZLQ+uCx4kSWnsSLL74gi4BREe DDMrCCKOfxakPUrUqA7hYsvn8/pf2rrIksseIWjngnvyvZZbOMBpHKAU1b5Npi2Q56JI jvuceMokNjHTCr+R5pd+uMGlJjx8tFlTqf6jHbXx4/QGykS1CvNQ1Df1dgy39LoeMfy4 i6SwiYWJ7u9HosS+qSa46p3w9OsTXKs2SXFY/nnqxpLadykQ24vWwpTGBxSzDZG5R/FU UfhA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0Yw4vkU9tcYBlf71iTP5Bwy/9BzKt8A0/z1TCpTHne58J3GLz40x C8hL2jkLSQEi/OKvfnnm0X4= X-Google-Smtp-Source: AGHT+IGae8RumaB2Noo3W0JkuD5yqdHg2Kl4XPZg77C2TyB3EvTvpTaGYPMu43pREJ8btcEaZwMkeQ== X-Received: by 2002:a1c:6a05:0:b0:40e:61f1:bc1 with SMTP id f5-20020a1c6a05000000b0040e61f10bc1mr1800570wmc.197.1705346941947; Mon, 15 Jan 2024 11:29:01 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:600c:1c16:b0:40e:6638:fb36 with SMTP id j22-20020a05600c1c1600b0040e6638fb36ls1206293wms.2.-pod-prod-08-eu; Mon, 15 Jan 2024 11:29:00 -0800 (PST) X-Received: by 2002:a7b:ca55:0:b0:40e:43d0:8a10 with SMTP id m21-20020a7bca55000000b0040e43d08a10mr1779500wml.129.1705346939715; Mon, 15 Jan 2024 11:28:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346939; cv=none; d=google.com; s=arc-20160816; b=tX6n8Z9YvSOF50uOpUCBGCjH2hT8ykqXSWmGGMYsIntBMxCdgTqVOnGrAIDes0HCjR gFL5SUHdewfT4YvF6OugpIlS0uNxCnJn26Cd1aBTzPirzz9cq9h4nWawBbKztvMAmcjp fRFclxN/Yx1DzPcooEtsDoRzBoXpvFQUR0kmDHjeADep21+IIgus5SJKvFdeJTQSHCyu 3BdmdI6tiYdAtbmtMhFGJWnN9ey0oqnF8K+hr2Ka9YBb18PC5eF1sRPVv37z3qRZlZWj mjCFPmr9qGUi8wCKRVFwEBdBGcaYSDGCR3RzDd4AO1JnPi99dyuhgZdIntAayR6sMSdE 2O3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=zHjeCMcYOLk0SvcIPdw92PypKzZvgVYBtirhIBB4gFk=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=xHS7PIWG4erEAwTqjo6nFFj+walU4G++/zJ0d/QaM1k5L4K5MTBH5nkZz3l5dWJP+S IypXYNOb9vRKyxEkVsRCbhZUKFPVhEndgdlIrjSXdQZxlZoQi3A/WpR4LMtbVQWVDGOC xWZzHieFfDM1OCnRiTzQvwrDUp0V+X8+cEYy/C/n9Ms53ItPmilWwbHUJB1tZc5+l1ka BcNHNyeF0NPbCVs2wKKwbxb91ch21SODr4S7TB2BwVBOCrISKwAYE6mQl5mBz4mwZWI2 QBw2aKForFT46uxOi5XjAeBfIbcM0jOffD1t+aOaoHvaWrzBBuBZdgVeRB9AZBOuUotN XqZg== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="Zw/45uW4"; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com. [2a00:1450:4864:20::636]) by gmr-mx.google.com with ESMTPS id co11-20020a0560000a0b00b0033776a5f33fsi316609wrb.1.2024.01.15.11.28.59 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:28:59 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) client-ip=2a00:1450:4864:20::636; Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-a293f2280c7so1068708466b.1 for ; Mon, 15 Jan 2024 11:28:59 -0800 (PST) X-Received: by 2002:a17:906:594:b0:a2c:aa85:24d9 with SMTP id 20-20020a170906059400b00a2caa8524d9mr1264709ejn.23.1705346938939; Mon, 15 Jan 2024 11:28:58 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.28.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:28:58 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 2/8] util: Add functions for set/get temporary AES key Date: Mon, 15 Jan 2024 20:26:39 +0100 Message-ID: <20240115192845.51530-3-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="Zw/45uW4"; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Enhance functionality to allow temporary storage of an additional AES key, complementing existing functions for setting default AES key. Signed-off-by: Michael Glembotzki --- core/util.c | 82 ++++++++++++++++++++++++++++++++++++++++++++------ include/util.h | 11 ++++++- 2 files changed, 82 insertions(+), 11 deletions(-) diff --git a/core/util.c b/core/util.c index 99ed628..396d7d7 100644 --- a/core/util.c +++ b/core/util.c @@ -53,6 +53,10 @@ struct decryption_key { static struct decryption_key *aes_key = NULL; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION +static struct decryption_key *tmp_aes_key = NULL; +#endif + /* * Configuration file for fw_env.config */ @@ -537,6 +541,20 @@ bool is_hex_str(const char *ascii) { return true; } +bool is_valid_aes_keylen(size_t keylen_ascii) +{ + switch (keylen_ascii) { + case AES_128_KEY_LEN * 2: + case AES_192_KEY_LEN * 2: + case AES_256_KEY_LEN * 2: + // valid hex string size for AES 128/192/256 + return true; + default: + ERROR("Invalid AES key length"); + return false; + } +} + int set_aes_key(const char *key, const char *ivt) { int ret; @@ -565,17 +583,12 @@ int set_aes_key(const char *key, const char *ivt) strncpy(aes_key->key, key, keylen); #else keylen = strlen(key); - switch (keylen) { - case AES_128_KEY_LEN * 2: - case AES_192_KEY_LEN * 2: - case AES_256_KEY_LEN * 2: - // valid hex string size for AES 128/192/256 - aes_key->keylen = keylen / 2; - break; - default: - ERROR("Invalid aes_key length"); + + if (!is_valid_aes_keylen(keylen)) return -EINVAL; - } + + aes_key->keylen = keylen / 2; + ret |= !is_hex_str(key); ret |= ascii_to_bin(aes_key->key, aes_key->keylen, key); #endif @@ -588,6 +601,55 @@ int set_aes_key(const char *key, const char *ivt) return 0; } +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION +int set_tmp_aes_key(const char *key_ascii) +{ + size_t keylen; + + if (!tmp_aes_key) { + tmp_aes_key = (struct decryption_key *)calloc(1, sizeof(*tmp_aes_key)); + if (!tmp_aes_key) + return -ENOMEM; + } + + keylen = strlen(key_ascii); + + if (!is_valid_aes_keylen(keylen)) + return -EINVAL; + + tmp_aes_key->keylen = keylen / 2; + + if (!is_hex_str(key_ascii) || ascii_to_bin(tmp_aes_key->key, tmp_aes_key->keylen, key_ascii)) { + ERROR("Invalid tmp aes_key"); + return -EINVAL; + } + + return 0; +} + +unsigned char *get_tmp_aes_key(void) +{ + if (!tmp_aes_key) + return NULL; + return tmp_aes_key->key; +} + +char get_tmp_aes_keylen(void) +{ + if (!tmp_aes_key) + return -1; + return tmp_aes_key->keylen; +} + +void clear_tmp_aes_key(void) +{ + if (!tmp_aes_key) + return; + memset(tmp_aes_key->key, 0, sizeof(tmp_aes_key->key)); + tmp_aes_key->keylen = 0; +} +#endif + const char *get_fwenv_config(void) { if (!fwenv_config) #if defined(CONFIG_UBOOT) diff --git a/include/util.h b/include/util.h index 062840f..f4a67ef 100644 --- a/include/util.h +++ b/include/util.h @@ -164,6 +164,7 @@ int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src); void hash_to_ascii(const unsigned char *hash, char *s); int IsValidHash(const unsigned char *hash); bool is_hex_str(const char *ascii); +bool is_valid_aes_keylen(size_t keylen_ascii); #ifndef typeof #define typeof __typeof__ @@ -237,13 +238,21 @@ bool check_same_file(int fd1, int fd2); const char *get_fwenv_config(void); void set_fwenv_config(const char *fname); -/* Decryption key functions */ +/* Decryption key functions for the (default) aes-key */ int load_decryption_key(char *fname); unsigned char *get_aes_key(void); char get_aes_keylen(void); unsigned char *get_aes_ivt(void); int set_aes_key(const char *key, const char *ivt); +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION +/* Decryption key functions for the temporary aes-key read from the sw-description */ +unsigned char *get_tmp_aes_key(void); +char get_tmp_aes_keylen(void); +int set_tmp_aes_key(const char *key_ascii); +void clear_tmp_aes_key(void); +#endif + /* Getting global information */ int get_install_info(sourcetype *source, char *buf, size_t len); void get_install_swset(char *buf, size_t len); From patchwork Mon Jan 15 19:26:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886820 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=JJG4m1Cr; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=MPEE8Xby; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::339; helo=mail-wm1-x339.google.com; envelope-from=swupdate+bncbdy5juxlviebb7uos2wqmgqewfyhkia@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wm1-x339.google.com (mail-wm1-x339.google.com [IPv6:2a00:1450:4864:20::339]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdc6BN6z23dt for ; Tue, 16 Jan 2024 06:29:07 +1100 (AEDT) Received: by mail-wm1-x339.google.com with SMTP id 5b1f17b1804b1-40e5332f6e4sf48479605e9.2 for ; Mon, 15 Jan 2024 11:29:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346943; cv=pass; d=google.com; s=arc-20160816; b=0M18imwPWD++mO5e6AAAgYSuTwMIYT4Ka5xGqS2HOajFeAANIsdJzbG5xtuFQVhvdy PHOv239QsfIn5rzry6pH+TcqS6mAa7J4zR+AUuZCHl3Aw4bZ3mB6yN8MK9MEPHMnXPWA KJ5FEWBBndBgiZ42sDbqvnmaKxoXczhnZh0mLaHlSsdfaJwDZP+NZ7w+/1ydpiSnhP4u AmLMnEYj1kqYVeYS3eY0NMj57aJwLCro+lNnO23E6buM56Tx+XLIz5umq/L18+6VF/9Y wNa3L0Gq7mAW7FsXBIVS8Ojn8x9Kk+X4abNI380BxfceVGJl4rF+z/5/1GkB6wgfCgBK 1RUA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=py4osy6e9lUNEvEu1fUFssnK2e3EqEFatfy4JFPbD0U=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=LxC5eqpHjoo9nOzPpzWQBiAryZmbItRfzKIdHzKk+9owV3tEKZ6N+hbo2KlYLgeDcT +Uz0RiOSa0SpWpUSp7CXAMRDvFjafszH7fXhX2voeRJt0aeh8TaBxjU8VbWCloLHZGPC 7XCLuP1+dURyC7YKIFpvs1j3wvQSHg+Gx1Xbx4/4xnGk/rkPjgkaKLYM4WLMdx7aEH56 YFD/nMqK5ouZM8t6ijizf8nuldAtNN6WPY9UrIxjDSle5Cd43Wihh6n7gG+ByQJE+e4F TgdHK2m6JU9na0zsbc/5W5nxb5QCWDg4M/QTIeSU4BNOeOfFjJ3yJL6huiNL9rEOS5wY cCkw== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=BVWg9axG; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62c as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346943; x=1705951743; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=py4osy6e9lUNEvEu1fUFssnK2e3EqEFatfy4JFPbD0U=; b=JJG4m1Crb9H8NX+s8Td80Jd4YlRGG2a0STtqrVIMjF18vLIG7MsRSp4tBEe1T1ABvh 41JYqgAh0hnpXuu/bIuNuEhM+qcwvZ96ZeMNWrN8DVTFe7DDpHwseZC0Fo5WS1Jb7pYX hpZeLAUrGLnHfgznAoX9Wmv5SK+2YgMR3Tof5S9EwL4MksD7bCx2QDGahbcB5naVkHpI QYTJ1W5ZIhaO3MiTDwHQhn83xHB9yrKN9ONAFtcdSblNuwOZlcYpHsVZidT420ctVVRz hJbS6yEVjSn8kl3XXc5bkdKMbzWP3p6AffGO8GrPw4HAasHgzoP6oNFFGdkoXPeg5OdM SfmA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346943; x=1705951743; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=py4osy6e9lUNEvEu1fUFssnK2e3EqEFatfy4JFPbD0U=; b=MPEE8Xby5yMUOb9uBB7G+I0bKFOAYBF/f0oBOBnIxXDvYr6FVA85IBaz0J8HZG46X8 riNiUBGQuZN1rr50rUZc4pw5Mr0jBsEtvq7Ys9CapLMwaoHPb06eGyTXExrFiaZBR2Li MwMWuhLh7QI0opZ2L/XXO5O1TBHeYNzI2j3F+OSyvrgBXMHfnsDIhbzCRmfUD4Bs4tHJ iE/1EJAhu7b4bM+YBNDy1HbSOi8A1LJGEBzj28p96GIpzSXxkdX25jUIIKfLdhEBCvof wBko2n6mlFRLAQ9M28V41KotcHTxP+Et0nL3F42D/SVO3UJITt3OtwDqrp/3ews5eofZ 3DOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346943; x=1705951743; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=py4osy6e9lUNEvEu1fUFssnK2e3EqEFatfy4JFPbD0U=; b=Y0lBrO+QNkev491VywYUANuZOFXkN7YnRA17bSTWIHVH8lb/6lM0wqID45vaRVschY NcASX2fmoG1K88ME/8xRd6xLjHrSPu3GdfO3uBebjs1p70sJVymO+f8aJryRJWU28YEd 4zzK+IryoUoT2HWIaBO8ZFGfD5c7GdqkfCDDB5p7em1t4qmKY4b2eZUEn9eDow5cBn+8 iti2TX+NCekUbsInlQ2UXqKXH7ngcCdXbM6EuUMixt5oOHUSWJunM9kGCthscNEZE2ue 4IjybFrsF+l9IdkCF11KgXeI4MEbjQciQZCvpNSVYR9Jmmt6YHCB4Std99aAIsG9Mumz mxdg== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0Yz05gtQrQee1mfO2daAhwpBFgVrTfJTKV1bZLv1vX74lQMw4QYc gQ1jcNTsXOx3ELsrcR/dnMc= X-Google-Smtp-Source: AGHT+IGjujyc+fbhXLISmJSaGq0nCkjv8uwIVpmLmTypWDPg7TbdcrV07I53bbfgvuxz0hkOtENzMg== X-Received: by 2002:a05:600c:4b10:b0:40d:5d53:b8ec with SMTP id i16-20020a05600c4b1000b0040d5d53b8ecmr1745118wmp.351.1705346942743; Mon, 15 Jan 2024 11:29:02 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:600c:548c:b0:40e:6273:a607 with SMTP id iv12-20020a05600c548c00b0040e6273a607ls1206671wmb.1.-pod-prod-08-eu; Mon, 15 Jan 2024 11:29:01 -0800 (PST) X-Received: by 2002:a05:600c:2046:b0:40d:477c:197 with SMTP id p6-20020a05600c204600b0040d477c0197mr1522556wmg.130.1705346940741; Mon, 15 Jan 2024 11:29:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346940; cv=none; d=google.com; s=arc-20160816; b=BeKpyo0txn5zikthwaGuWGtgvOyTfn4yR6hzG9LnSphg5CkTnN7ts3l4PGDM6l6jx6 5C5AYQPZBxsKwVbsYbEo0i6AUZR1R9VTVr2lJLL53wGtaxgWlG1rpzsAKu6UbHDR4jbB gSbrYiyIr7P2PMtK3ehzUtZAJEVQ0JfrfUeYR2yCUVWyq6u+1q563k4wyB6BfeG4CCnV 8L8FOw+WE+Bs01QaFe65aSj9P4m7RUDcCYlWhoKxINRYqxFvTAB4Kc/kmtWk/9F8DDBG XBJ7sEUSSW+2RprIVp38F1E+KX699HN/QTbS5JK0kd6nDKkOE685zl5Z3SM604ZaBSrr sRCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=2xPrVy01wnLQI9aZHCv+PR9zM38UiTlN/TklOOktv20=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=mrPRgHoSWq4gubGCMGIvbRPcp1QRz6Ge8h/0FN17QrEtNAAWGW4CpYnoMSql6/QDyy CTi6WVGavhcZlh0caIMkvl1joB5E73a1xd47S0tPXmBaItH16594rBKTyrhytPXA3r80 5cgIR5GaVJuxPlGBTy0zYQ08rOxyt7hulDHf4s/73M69NMKhcNcPkn3hS1ToSX3qP/w1 aVX39GyX4Io4Z7iLHoJyr8X05GS7oaNnYr8tMFQzXHOA753iwImBKiiwo/4DOnixZWYL 06UdteFHAwCm4YWjkVed/12D+HP2bZ8mTCFE0rvALG9J8O4Y/ppwA+TrDDJyWyjv+gdW jntA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=BVWg9axG; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62c as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com. [2a00:1450:4864:20::62c]) by gmr-mx.google.com with ESMTPS id ay37-20020a05600c1e2500b0040e6faed82asi170325wmb.0.2024.01.15.11.29.00 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:29:00 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62c as permitted sender) client-ip=2a00:1450:4864:20::62c; Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-a27733ae1dfso1054614066b.3 for ; Mon, 15 Jan 2024 11:29:00 -0800 (PST) X-Received: by 2002:a17:906:4716:b0:a2b:63ca:cee0 with SMTP id y22-20020a170906471600b00a2b63cacee0mr1603688ejq.11.1705346939948; Mon, 15 Jan 2024 11:28:59 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.28.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:28:59 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 3/8] parser: Read temporary AES key from sw-description Date: Mon, 15 Jan 2024 20:26:40 +0100 Message-ID: <20240115192845.51530-4-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=BVWg9axG; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62c as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , With CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION, a temporary AES key can be provided with the sw-description file. Make an explicit size check of the field string before setting the temporary AES key. Only set the image AES key if a valid key length is given. Clear the temporary AES key after the update is done. Signed-off-by: Michael Glembotzki --- core/stream_interface.c | 4 ++++ parser/parser.c | 26 ++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/core/stream_interface.c b/core/stream_interface.c index 0b78329..1cd148f 100644 --- a/core/stream_interface.c +++ b/core/stream_interface.c @@ -703,6 +703,10 @@ void *network_initializer(void *data) /* release temp files we may have created */ cleanup_files(software); +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + clear_tmp_aes_key(); +#endif + #ifndef CONFIG_NOCLEANUP swupdate_remove_directory(SCRIPTS_DIR_SUFFIX); swupdate_remove_directory(DATADST_DIR_SUFFIX); diff --git a/parser/parser.c b/parser/parser.c index 67ae1b3..70cc548 100644 --- a/parser/parser.c +++ b/parser/parser.c @@ -240,6 +240,32 @@ static bool get_common_fields(parsertype p, void *cfg, struct swupdate_cfg *swcf TRACE("Namespaced used to store SWUpdate's vars: %s", swcfg->namespace_for_vars); } +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + /* + * Set sw-description aes-key, if present + */ + if ((setting = find_node(p, cfg, "aes-key", swcfg)) != NULL) { + char aeskey_ascii[AES_256_KEY_LEN * 2 + 1] = {0}; + size_t keylen; + const char *s = get_field_string(p, setting, NULL); + + if (s) { + keylen = strnlen(s, SWUPDATE_GENERAL_STRING_SIZE); + + if (!is_valid_aes_keylen(keylen)) + return false; + + strncpy(aeskey_ascii, s, keylen); + } + if (!s || !strlen(aeskey_ascii) || set_tmp_aes_key(aeskey_ascii)) { + ERROR("Provided aes-key in the sw-description file is invalid!"); + return false; + } + } else { + TRACE("No AES key in the sw-description file."); + } +#endif + return true; } From patchwork Mon Jan 15 19:26:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886823 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=xrlHw6f9; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=MdtZFRRd; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::23b; helo=mail-lj1-x23b.google.com; envelope-from=swupdate+bncbdy5juxlviebbaeps2wqmgqe2vbcrwi@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lj1-x23b.google.com (mail-lj1-x23b.google.com [IPv6:2a00:1450:4864:20::23b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdd2wl3z23dv for ; Tue, 16 Jan 2024 06:29:09 +1100 (AEDT) Received: by mail-lj1-x23b.google.com with SMTP id 38308e7fff4ca-2cd84e8c959sf36162821fa.3 for ; Mon, 15 Jan 2024 11:29:08 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346945; cv=pass; d=google.com; s=arc-20160816; b=Z6sN/C10pBlKXGQvs02QwHXj/Kz2WkEf//QwWdsqwYndUA8Ye64eLDeqpT3CdRCEgf 6SOSroBlZtiJ4KmVz5uuhaBxaFc1apc1KhAGVbMkgKJCnOlOBM1pBYFtOjIuD4navt2B Cbfv0zo7MdkTnOnoeZDjK0ahWpzjijlp3atINDj5JVh4eF40edSqlH6emLhjqDn8ZHkx tSGv6W7xRJkFYV36vvvaJnXMdWyWIN1fo2MYle86nluaeNNALKNVMHAusyKV/TwpVr2s /F1GpaZ0BQ9cSCyuWDkYbjrQDym/8+aIgQQMin2FrLPxoRvQdNB4iBX7za64IMgfzXF6 QexA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=g/SoXrEQBNKD4kdm5znjxdv2FA11uZFHQY8NEs3k0+s=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=GLjl+Ga0bEloTRSxwecki1dcjEAUABrvGBAvcyRGAipGtBG5yriHV01J9VZXUoRvaA 34sUiZAsJc5xnl309FQl1FR0JYiK4pdVk09KVLCf5IYzsn1/b353Ti2bf0x/xP5Xk1wA DP4bsxpO/xCRsDEHCk5v0kAJpD+szFqv+IS2IuWSB4DujaFWKK5RkAd/IEaKQ6oUoHwY OK7OfsCm7YJPGkcMpFOCWI05ExaynFQg+h+hBpNKGczLL6yfiLQ13IESZZpIBGNByiEB UxvJiILhcIjhjKYmwPKh3+tyFa9xJBhMg+o2iF6mo35bP9yJxprLvMkAgL9SUAdKwhJW dSjQ== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kU6Fw6Hf; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::131 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346945; x=1705951745; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=g/SoXrEQBNKD4kdm5znjxdv2FA11uZFHQY8NEs3k0+s=; b=xrlHw6f92a0jN2574q9RgQ20XB8Rfxqbb9YLnPSMCKKwRSjQQrC9v/3JX0suqsSfW8 QO6WABDJdY12ahBdHNHX6jGwMn3TrLv27kgY9a31XR/+LLVJBu2R0o9OG/MGsoFE4JhZ QHgcI0au5Kwq2f7c7sWaqbkCCmn8bm0ua1F042LzPT/fYqIJ1rpcRPIEKm+SlYQh/huA c0jI3u0uf8xNk8QZBvANjEL8oCo0MqMomFB8LS0wXVOrYp505YRGXids/k6gNqdHCgmY H5opP42QwHj6/SO/TrNzD/N96Gg5Efc6Gu0unppESQW0iNRmVq447uj6ZRt0TNV6NGGk ConQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346945; x=1705951745; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=g/SoXrEQBNKD4kdm5znjxdv2FA11uZFHQY8NEs3k0+s=; b=MdtZFRRdiroeOyaKGKdsONW2tsl9ieiysRbmZaDji1UB80/pS0mGgfpXpdn+LRA8Qc lF2rABO/i4rDFGSeu+7qdm9A1aF9OvFk46bgrpuXAks61e5mBiPxvovGGbSOanGas+Ri sVyJXn2dY5NkhSyqegjEugV5yLP+7cQK+Cp7bvHhuKMv7iKecBovZ0Oz71QFmfy8cDtm vkDCN6qxBiPoS2n57Gt11Vx6FgwcCw0aCBcieh23GHXSAs7dyNivm8e/wexrMjSPM7rI 0qcyohnfST9ZF/NXkcQZyoG2Jy68emKvSA2YuVjbRNO3yfSTUR3+BkIjIDd0C6+hc9rt zGHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346945; x=1705951745; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=g/SoXrEQBNKD4kdm5znjxdv2FA11uZFHQY8NEs3k0+s=; b=BIP4kGWH+xRerzxRLg7wLL63LCjuh70BALKUZe/0oXMlF71N79sVhZHlAwLap/+7dy xDI8xwN7KmntYePxIj+tio0MpURLqmAgmm03zrcxjCvarrEDcCusMY2HL3J7mW6Tlnvn Hq65Eq78oOvIWfPujLrWH8OKKcingDoXnbs/dah0JaJZmtlntIwdCKRMPu5WXN5qqahg 3mRKkFh0jNE6j7av0hiVT3Z5QBlD4HTDnVIA70tAhaZU8inPBzoYHRCxOhfLWAG+/nm2 LSUZ4jlPn+WD8SwZWJLQgxd2saK2VEbe7JCcb+ICMZmT2mTZvzjNY85NyvvgnkQlsmt0 Ts3w== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YzyAWS0X5cvyJonzeApO9nApjDwFmAjwInPMMNnM1Ee4F1A07Dj BYeoShzNPDUO1dGZjUUMHFE= X-Google-Smtp-Source: AGHT+IEeu/e642sldK5kdl8X3t1phGRKSPeKFsdLcBU8BrE754iqGdEx35mwG+ddZyRrAJpcteh0Fw== X-Received: by 2002:a2e:86da:0:b0:2cd:11f9:a629 with SMTP id n26-20020a2e86da000000b002cd11f9a629mr2821825ljj.16.1705346944576; Mon, 15 Jan 2024 11:29:04 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a2e:300a:0:b0:2cd:613a:8cc3 with SMTP id w10-20020a2e300a000000b002cd613a8cc3ls149676ljw.0.-pod-prod-04-eu; Mon, 15 Jan 2024 11:29:02 -0800 (PST) X-Received: by 2002:a05:651c:1075:b0:2cc:7db2:acb6 with SMTP id y21-20020a05651c107500b002cc7db2acb6mr2576130ljm.7.1705346941779; Mon, 15 Jan 2024 11:29:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346941; cv=none; d=google.com; s=arc-20160816; b=ndoC9q1BCINf/xeb/uiAc7IALaVGRwvQwbyV4egBv9UhJmcpF7k9i2RXDiwFc1DIri mT3al1FRzO2BiaCrKyEivwIAQZmj4oy4NNkOXDKq9JIbAhQhTq6OAYDtFGoQsnYXsdfv 5upiGrEzzWzKzi/vqjcy6KAlVXeK8iosISNlN2o7c89sYF6fFlG5vzrgmP0gnnYfzkIW BF0Mlylc+KSp8g3dDDOMyn2X3UCtC7BEaamOCIXVkgsaS3+x4XoR/81ru3MX0wvO/gLq 4uUM+NT4vW1vQYcLuOnlDOlMFPMfGaW2bbDH7vEe6PDxK7bFPKowmoEFTiXXUET555Mt gmXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=hWqzP31Fy8CrWNa3dJjVH+oEwnEdiC3ER1srbVO8cqY=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=Nhit5Yhs/nSbsQ1WNenKZgdzxNHuG3uwoOsDlZyvKRoKHFhfvoW+kYbjxt8GUVC2V+ Ge4Xjlxt2S21yYA8+qLtjW6By8aK/PG9V8O0DiKwxx2KZz9Uf0n4rjiexEVaMF/hYJxW 4W7aUBt4i0Vv0or4Y63KdzL0aTxQprYj2jd6CoEGirOzIGRYVQ2eeHLB/OMKr1aybEUD S7/LXoO7CjBQZoIc0N5l+p/LYAnYkLIgv8FC6Q7wHDXC2Cl5jF19U4ZJDNnJbTMl/q4c AKeWy5iiiWVQfepZDshSRr7zNJmD4MR8//OTCjlLu3oZFjHIhwFevlJq/02ktop83O4F DV/Q== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kU6Fw6Hf; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::131 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com. [2a00:1450:4864:20::131]) by gmr-mx.google.com with ESMTPS id e9-20020a2e8189000000b002cd6569c00asi311891ljg.0.2024.01.15.11.29.01 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:29:01 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::131 as permitted sender) client-ip=2a00:1450:4864:20::131; Received: by mail-lf1-x131.google.com with SMTP id 2adb3069b0e04-50e7d6565b5so10723907e87.0 for ; Mon, 15 Jan 2024 11:29:01 -0800 (PST) X-Received: by 2002:a05:6512:239c:b0:50b:e724:62a8 with SMTP id c28-20020a056512239c00b0050be72462a8mr3312183lfv.92.1705346940952; Mon, 15 Jan 2024 11:29:00 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.29.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:29:00 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 4/8] Add functions for asymmetric file decryption with CMS Date: Mon, 15 Jan 2024 20:26:41 +0100 Message-ID: <20240115192845.51530-5-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kU6Fw6Hf; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::131 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Decryption with OpenSSL CMS is limited to entire files, preventing the ability to decrypt data in chunks, as is possible with symmetric decryption. Signed-off-by: Michael Glembotzki --- corelib/Makefile | 3 + corelib/swupdate_cms_decrypt.c | 115 +++++++++++++++++++++++++++++++++ include/sslapi.h | 9 +++ 3 files changed, 127 insertions(+) create mode 100644 corelib/swupdate_cms_decrypt.c diff --git a/corelib/Makefile b/corelib/Makefile index c9ca4aa..06690d8 100644 --- a/corelib/Makefile +++ b/corelib/Makefile @@ -18,6 +18,9 @@ endif lib-$(CONFIG_SIGALG_RAWRSA) += swupdate_rsa_verify.o lib-$(CONFIG_SIGALG_RSAPSS) += swupdate_rsa_verify.o endif +ifeq ($(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION),y) +lib-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_cms_decrypt.o +endif ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y) lib-$(CONFIG_SIGALG_CMS) += swupdate_cms_verify.o endif diff --git a/corelib/swupdate_cms_decrypt.c b/corelib/swupdate_cms_decrypt.c new file mode 100644 index 0000000..45aa596 --- /dev/null +++ b/corelib/swupdate_cms_decrypt.c @@ -0,0 +1,115 @@ +/* + * (C) Copyright 2024 + * Michael Glembotzki, iris-GmbH infrared & intelligent sensors, michael.glembotzki@iris-sensing.com + * + * SPDX-License-Identifier: GPL-2.0-only + * + * Code mostly taken from openssl examples + */ +#include +#include "swupdate.h" +#include "sslapi.h" +#include "util.h" + +int swupdate_dgst_add_asym_keypair(struct swupdate_cfg *sw, const char *keypair_file) +{ + X509 *asym_decryption_cert = NULL; + EVP_PKEY *asym_decryption_key = NULL; + BIO *tbio = NULL; + struct swupdate_digest *dgst = sw->dgst; + int ret = 0; + + if (!dgst) { + dgst = calloc(1, sizeof(*dgst)); + if (!dgst) { + ret = 1; + goto err; + } + } + + tbio = BIO_new_file(keypair_file, "r"); + + if (!tbio) { + ERROR("%s cannot be opened", keypair_file); + ret = 1; + goto err; + } + + asym_decryption_cert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + if (!asym_decryption_cert) + WARN("Decryption cert not found"); + + BIO_reset(tbio); + + asym_decryption_key = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + BIO_free(tbio); + if (!asym_decryption_key) { + ERROR("Decryption key not found"); + ret = 1; + goto err; + } + + dgst->asym_decryption_cert = asym_decryption_cert; + dgst->asym_decryption_key = asym_decryption_key; + + return ret; + +err: + if (dgst) + free(dgst); + + return ret; +} + +int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, const char *outfile) +{ + BIO *in = NULL, *out = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 0; + + if (!dgst || !infile || !outfile) + return 1; + + /* Open CMS message to decrypt */ + in = BIO_new_file(infile, "rb"); + if (!in) { + ERROR("%s cannot be opened", infile); + ret = 1; + goto err; + } + + /* Parse message */ + cms = d2i_CMS_bio(in, NULL); + if (!cms) { + ERROR("%s cannot be parsed as DER-encoded CMS blob", infile); + ret = 1; + goto err; + } + + out = BIO_new_file(outfile, "wb"); + if (!out) { + ERROR("%s cannot be opened", outfile); + ret = 1; + goto err; + } + + if (chmod(outfile, 0600)) { + ERROR("Setting file permissions"); + ret = 1; + goto err; + } + + /* Decrypt CMS message */ + if (!CMS_decrypt(cms, dgst->asym_decryption_key, dgst->asym_decryption_cert, NULL, out, 0)) { + ERR_print_errors_fp(stderr); + ERROR("Decrypting %s failed", infile); + ret = 1; + goto err; + } + +err: + BIO_free(in); + BIO_free(out); + CMS_ContentInfo_free(cms); + return ret; +} diff --git a/include/sslapi.h b/include/sslapi.h index 83efd9f..d27a23c 100644 --- a/include/sslapi.h +++ b/include/sslapi.h @@ -113,6 +113,10 @@ struct swupdate_digest { int verbose; char *gpgme_protocol; #endif +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + EVP_PKEY *asym_decryption_key; + X509 *asym_decryption_cert; +#endif }; #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -222,6 +226,11 @@ UNUSED static inline struct swupdate_digest *swupdate_DECRYPT_init( #define swupdate_DECRYPT_cleanup(p) #endif +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION +int swupdate_dgst_add_asym_keypair(struct swupdate_cfg *sw, const char *keypair_file); +int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, const char *outfile); +#endif + #ifndef SSL_PURPOSE_DEFAULT #define SSL_PURPOSE_EMAIL_PROT -1 #define SSL_PURPOSE_CODE_SIGN -1 From patchwork Mon Jan 15 19:26:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886824 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=PXMhNtPi; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=HVB++hOA; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::13e; helo=mail-lf1-x13e.google.com; envelope-from=swupdate+bncbdy5juxlviebbamps2wqmgqedcp5ohq@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lf1-x13e.google.com (mail-lf1-x13e.google.com [IPv6:2a00:1450:4864:20::13e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdf6fXjz23dm for ; Tue, 16 Jan 2024 06:29:10 +1100 (AEDT) Received: by mail-lf1-x13e.google.com with SMTP id 2adb3069b0e04-50e7b7c85easf7273131e87.0 for ; Mon, 15 Jan 2024 11:29:10 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346946; cv=pass; d=google.com; s=arc-20160816; b=Ltem9kPevlFFjI6maf5KBYEjnzGMpWwLDmKFldtMJynXDOOjCNr+lIJYf/AvE1arzj nxtjdmI/sLVpFXl9BXqphR3G/qro1JE0fxhJs8CrAwYKgMrqOHNzuMiiTAou7sTPnkWI LY1mFpHzMG7YeZehHVzf3J0VseszLASIcpkKcX5bJj2UYzJscBKEDZhoUV2Yb/YSjKR+ oTw7OuLvmHvpUkwbPEnuZz/1vn+c6W89XcwEs31N8sPqEq2h5nO2Id76Rd0mUFqC6AUy uVfK3BLa7bVXDrXYoX/axO67ag5PKoONoK25kpzeDa8tXgx1m2gstRvuST9rCyAm4qJI 1XNA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=gJspD30sygKqlmgIFrLV8DZ+OhLDu3TZHFk7vlHOeAg=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=drgx7ph6NprPwVIWueN/QETYq5G4eq12phbsZWU98JK2fbv7CL92JEmdXc3nM4q7An MHPOtV/GdoErdP50Vsyw6Q+uSxoF4B6AH3eJo1WoocI/BezPXp5pS/AOmUc74Uj+x+J/ JZSK3FJ8da+q7AFf56IWZGQwiwyjUZ+CLGXoay7XrzLvGtf8R1SI14i+epUrtqCEsg8y NZrjP1dBegY61X31ujxGV8rXCamKxodFNT8Qk4Ss+Pr1TbjyIyh3FeRuFHqrSGEIAPSg 3m3yjDqi7MbhIQ4/TNQ/vX3Fb69slfotrha/1z/UhnBji+R3opeFSstBOwTb10tme8S7 1lOg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lAGLH9L5; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346946; x=1705951746; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=gJspD30sygKqlmgIFrLV8DZ+OhLDu3TZHFk7vlHOeAg=; b=PXMhNtPiyv9ds9vRWk0Qz2XBoF/mLbvQ+7Tl1hcAeJIS8XKklSsAfWJikmDqlAet+l KA53HNbRKVATvudRnwzh2KlsbmQhov7QTyaDnSVBxUst5O/6PhYy3a7s/tKlLOmIj63f 2ERSpoK9lPRARwXYRdd9v9HLrkpMze1ZRr6qXa9p+3LRX96SwtF8aD7/yN5alp616zMz MfRs9A1LG1RqmzKVk5SIv48k7yrDhMcxGMeu0ipCS2hiFzguxsqAErOgmMRbZ8VUj8eh BGOKGm/bUGN9YNWPzxBatLmECLVAReF0R9Wh28y1/uXQqqh2hRUKR7aPi6CelZ7Ek0dM l+EQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346946; x=1705951746; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=gJspD30sygKqlmgIFrLV8DZ+OhLDu3TZHFk7vlHOeAg=; b=HVB++hOAxv+ccosuxlfcsD4dVf7+YTAsX6pk0oJsWKyqyAMBOAncq5MDcAOUGNtqhy xTPx5Oaq4TK3910v2NZl7uOuZsDfzv1LbSbMeqUR/eCsxVKa/pXIf0y7gASaE7TQbrcM cI0L4CSOSs/tva3NmilkekaQKV4te97FN9x/yZYr9+7PZX9KbIXeO3Aze6s6dg6n2lBG xt0NgOSQhDAMeuezh2L2B5/5FaB1tkpm0DaLUUKoK/9dOQuqhblB1rtubfRF6ZUmwjyb eIl0ry4YgTRGLaod8oQzKfDraA4Do+wPnRDcsW8ESkRtlrAVTFmgBv8ACUKIywJTVN4q pBiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346946; x=1705951746; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=gJspD30sygKqlmgIFrLV8DZ+OhLDu3TZHFk7vlHOeAg=; b=GWkmQI2RR5m4PSt+HpGP6nYjNEMleWB78EPO0a+09diNGEooM0hapN8F1dMk+kWA7r gXwcdJEzLVE/LY70sgidUXTnUDOWSXsrxijsarmcx0tyxy/o6Xb9ebcAXTv9y9cndgpB JbyXArBDhdjdt4VZKYSywDCi7Xfvq20xPmEYYZkwz+HM+ftJX75a58tSqygRFnQoIJfc U66LbCNDUTF+YrK7Aw8YO8S0Iwumv6i9dam4+6g7WoS9upZQC/k51j3C67CxcVYYK2sg 2eNkrnxJ/qDdewTEDA6HQO4Udgc03FHj7UpjEiHScMsU/wXCo0fPF7hesI+8NQ79uV7X dMvQ== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YxhVAS1Ow7pmZzRExTzu81fE1ET91Vr2GtCxmsbvQjlrxhBPhmf FhsBNDFkpOOpNsvNaE7ZSpw= X-Google-Smtp-Source: AGHT+IEIbDLCFQhGjjbpRiQFd+t/NsYgje0QAnEiO79WI7Zuuk0CRaPQlck1d1d2sHpxWzkkHVvLGQ== X-Received: by 2002:ac2:4adb:0:b0:50e:935a:b682 with SMTP id m27-20020ac24adb000000b0050e935ab682mr2153530lfp.45.1705346945694; Mon, 15 Jan 2024 11:29:05 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:6512:a8f:b0:50e:7eb7:bab8 with SMTP id m15-20020a0565120a8f00b0050e7eb7bab8ls1620381lfu.1.-pod-prod-01-eu; Mon, 15 Jan 2024 11:29:03 -0800 (PST) X-Received: by 2002:a19:915d:0:b0:50e:74f3:9c5a with SMTP id y29-20020a19915d000000b0050e74f39c5amr2269461lfj.38.1705346943255; Mon, 15 Jan 2024 11:29:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346943; cv=none; d=google.com; s=arc-20160816; b=fn5klOWH86vqhCBRqAr7MKmJgvVdh4yfPUMlfwiqvbFDge4hc01me5CFOwSZeLriCT Jcr2T/LR9brsKU2IuEs0W3nz/dJs5IXjn3lmtIKdSs04qoOIBKx5bemeMiZRdexqdz2T enZS5bcotpihM4NY4qWw9zZfEs7p3mWsPke+A6BwNRdZxKnDz/S4mHli+oFbmHmD/MkH ynnLUJeTd0hA0JsYbTUnFyBa2e9cFPtWDjocz2hvZVL/EHoQNAoKcyk+6sqoQ8JNkFJZ ADcmhE2ljjiwfGU38dmZnyTIjvQwwnEfOn1SIzyT4LMeQ7Yq8abERdaQP9vPnHAHVDqT 5LnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=+z9+jyRx6pYGV2YkaSoJKxuXzTfTdQeCCshtXh8cd4g=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=Ht/OM/poExyua07sLUPFxrVxpdSAjKnnvtgkHBPm3dHwdb6e8BHTmKHypGuVYw4QrQ YANx+w6tY7hFdJYotMVZuutJbIjpgbEQ6jzb0qTaY0WUBYft5yNyhZ17FgF5TNinYjwf /YYkniogDBPV55Y9+uKg7vsyPqu+iDyAzAdOWkLHfYCJv6gUu722t2SlX2wMIBzGfQZK 1RoOm0XbEu+2WYyjbAM4H5ESHHaL775HAJhQ9fWMOxQjzQta3k1JLrrFovkhnnApqcRJ CEIHvV58yZ5S+kUpqxXKWshl77B0FQhT9ZMT4YDHDjV5pYL+GsyaQMFVM7zAtjdlnud/ Skag== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lAGLH9L5; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com. [2a00:1450:4864:20::630]) by gmr-mx.google.com with ESMTPS id m18-20020a0565120a9200b0050ed4c7fd46si313865lfu.7.2024.01.15.11.29.03 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:29:03 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) client-ip=2a00:1450:4864:20::630; Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a28bd9ca247so1088616066b.1 for ; Mon, 15 Jan 2024 11:29:03 -0800 (PST) X-Received: by 2002:a17:906:c281:b0:a27:f2b7:bfde with SMTP id r1-20020a170906c28100b00a27f2b7bfdemr2803986ejz.130.1705346941950; Mon, 15 Jan 2024 11:29:01 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.29.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:29:01 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 5/8] swupdate: Initialize the key pair for asymmetric decryption Date: Mon, 15 Jan 2024 20:26:42 +0100 Message-ID: <20240115192845.51530-6-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lAGLH9L5; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Add asymmetric decryption key pair fname to swupdate_cfg. Read and initialize the asym decryption key pair from argument -a or configuration file. Signed-off-by: Michael Glembotzki --- core/swupdate.c | 35 +++++++++++++++++++++++++++++ examples/configuration/swupdate.cfg | 3 +++ include/swupdate.h | 1 + 3 files changed, 39 insertions(+) diff --git a/core/swupdate.c b/core/swupdate.c index 6f9938e..9c3f289 100644 --- a/core/swupdate.c +++ b/core/swupdate.c @@ -103,6 +103,9 @@ static struct option long_options[] = { #endif #ifdef CONFIG_ENCRYPTED_IMAGES {"key-aes", required_argument, NULL, 'K'}, +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + {"asym-decryption-keypair", required_argument, NULL, 'a'}, +#endif #endif {"loglevel", required_argument, NULL, 'l'}, {"max-version", required_argument, NULL, '3'}, @@ -165,6 +168,10 @@ static void usage(char *programname) #ifdef CONFIG_ENCRYPTED_IMAGES " -K, --key-aes : the file contains the symmetric key to be used\n" " to decrypt images\n" +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + " -a, --asym-decryption-keypair\n" + " : path to the asym decryption key pair (PEM)\n" +#endif #endif " -n, --dry-run : run SWUpdate without installing the software\n" " -N, --no-downgrading : not install a release older as \n" @@ -312,6 +319,10 @@ static int read_globals_settings(void *elem, void *data) "ca-path", sw->publickeyfname); GET_FIELD_STRING(LIBCFG_PARSER, elem, "aes-key-file", sw->aeskeyfname); +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + GET_FIELD_STRING(LIBCFG_PARSER, elem, + "asym-decryption-keypair", sw->asym_decryption_keypair_fname); +#endif GET_FIELD_STRING(LIBCFG_PARSER, elem, "mtd-blacklist", sw->mtdblacklist); GET_FIELD_STRING(LIBCFG_PARSER, elem, @@ -499,6 +510,9 @@ int main(int argc, char **argv) #endif #ifdef CONFIG_ENCRYPTED_IMAGES strcat(main_options, "K:"); +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + strcat(main_options, "a:"); +#endif #endif memset(fname, 0, sizeof(fname)); @@ -662,6 +676,13 @@ int main(int argc, char **argv) optarg, sizeof(swcfg.aeskeyfname)); break; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + case 'a': + strlcpy(swcfg.asym_decryption_keypair_fname, + optarg, + sizeof(swcfg.asym_decryption_keypair_fname)); + break; +#endif #endif case 'N': swcfg.no_downgrading = true; @@ -854,6 +875,20 @@ int main(int argc, char **argv) } } +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if (strlen(swcfg.asym_decryption_keypair_fname)) { + if (swupdate_dgst_add_asym_keypair(&swcfg, swcfg.asym_decryption_keypair_fname)) { + fprintf(stderr, + "Error: Asym decryption key pair cannot be initialized.\n"); + exit(EXIT_FAILURE); + } + } else { + fprintf(stderr, + "Error: SWUpdate is built for asym encrypted images, provide a decryption key pair.\n"); + exit(EXIT_FAILURE); + } +#endif + lua_handlers_init(); if(!get_hw_revision(&swcfg.hw)) diff --git a/examples/configuration/swupdate.cfg b/examples/configuration/swupdate.cfg index 8b8a6b1..844cdc5 100644 --- a/examples/configuration/swupdate.cfg +++ b/examples/configuration/swupdate.cfg @@ -25,6 +25,9 @@ # aes-key-file : string # file containing the symmetric key for # image decryption +# asym-decryption-keypair : string +# file containing the key pair (private key and cert) in PEM for +# asymmetric image decryption # preupdatecmd : string # command to be executed right before the update # is installed diff --git a/include/swupdate.h b/include/swupdate.h index c1f86b3..c54647e 100644 --- a/include/swupdate.h +++ b/include/swupdate.h @@ -57,6 +57,7 @@ struct swupdate_cfg { char output[SWUPDATE_GENERAL_STRING_SIZE]; char publickeyfname[SWUPDATE_GENERAL_STRING_SIZE]; char aeskeyfname[SWUPDATE_GENERAL_STRING_SIZE]; + char asym_decryption_keypair_fname[SWUPDATE_GENERAL_STRING_SIZE]; char postupdatecmd[SWUPDATE_GENERAL_STRING_SIZE]; char preupdatecmd[SWUPDATE_GENERAL_STRING_SIZE]; char minimum_version[SWUPDATE_GENERAL_STRING_SIZE]; From patchwork Mon Jan 15 19:26:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886826 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=U0/1zYCd; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=jM1njP8R; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::43e; helo=mail-wr1-x43e.google.com; envelope-from=swupdate+bncbdy5juxlviebbaups2wqmgqezpzkcfq@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wr1-x43e.google.com (mail-wr1-x43e.google.com [IPv6:2a00:1450:4864:20::43e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdg2x00z23ds for ; Tue, 16 Jan 2024 06:29:11 +1100 (AEDT) Received: by mail-wr1-x43e.google.com with SMTP id ffacd0b85a97d-337a9795c5csf829790f8f.2 for ; Mon, 15 Jan 2024 11:29:11 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346948; cv=pass; d=google.com; s=arc-20160816; b=BCf3tbhPOuVCJdus6cBgCMjO1ZY2xqLI9RRRYNjeHTnTCtzzMpNUdUbPdRqYb7/e1V cJbfcPMsLcIVdvlYvYxtGttCTtbPsJZc0t4ldlOlWoeqKdFaGorZuevDOm5Zhm7dsU61 Zi9J0l3zg/OHhn/zisDv44j8kPkAF9HhkdZT3JOX6rzC0y2bqX2Rj7K3zDWdG/KhbjKk azXBZcXvMJJAaqvvg0iXn/4cdS0QntBuk6eJNF6Rk8D0gG7lmngULAAEvdNUrinqBYyu QAffb/PUKQz71IVGHKxJuvr+hT9AGC5ZtjXJzBBxD6y+KHvs3FYFengJBMv4oUCMFIW3 mtTw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=LO3IRRhyBnh43tyj4EcXqhdpQNizW2vSsJR72NWrsbo=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=Zppgdo+3lyfJoIKkeVgK4QOELbuBArwKS9Qtjys/6p+iMuvyCKz8S7mZ3fifjwCyM6 DRDrSHc+vFxYxl0lMPMsCtk0jnkwAgyBzKmIxWMvr1XYamQv5RbBiSp3rHKwK61Ie9Vs IVkKIwgtCBaOY51y8Rphmpc5bhT3MHeIoGy5rz42m4X+peIzWlJ55In53XfTvSil49Fk lUH5YQJIz1N8xmn0T6pJBYaBujioJXfRttNU7R1gWunRAGMwxAGSc112KKcPzWzJLjaD aaGOYKmKyw22iUVY/J2vW7nIl98UQsEItp/jQaz2z0cZ3haZtCD138Xkf10nO/nEh9t3 1mSA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=UokViDac; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62b as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346948; x=1705951748; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=LO3IRRhyBnh43tyj4EcXqhdpQNizW2vSsJR72NWrsbo=; b=U0/1zYCdKUwo6rnEQEfjY7Dn9chslMcADLtNuCISGQFtbU1TvpH1qcQyWaYXlugkkh /bD94Od3coKUS5wVwK0Wj/8yo3GsxEyZTkTFf5IDPSXiz1hOTPpUbm36XsXUHTcXXSRz vGg5j+1F+LKvoeeFfzD7iobyQptVZPeGU+N1dQzmNTlOBDqztfHL4s+PxSBvGndoBMgQ HDbCdT2WIr0X6cHCukUJzwtNUbQ6ObyiN1hixTzANuaAY0MJkNfyZYIvo79zx+xvOkXQ XUy4YLH/PA5MGvN5QcVs7yleytM+V2qXciGUQPVrvmHE/uRhVdnnzV3+DeGZHqR7h72r U0eA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346948; x=1705951748; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=LO3IRRhyBnh43tyj4EcXqhdpQNizW2vSsJR72NWrsbo=; b=jM1njP8RrAqkRFSmB7C1EVINbT/xozUVim4MVzLsdJziLuFVkf7DoOHhDSicB/ZPZv 47hitzrDNYWozLVoupzcGVEXlJ560uf3zzjIUzyiH9diAPDcX6zza7Bq/WFZhY6/RlzI 1rP4990ByQeOCeTElbvN3zEqjLQwfO5dlQhWOhWHNAzOuS4g6Kz9pbzrZNzyKBB4JvgB pCI6emT4AaIYpTgrQjXROj4vF7pOiL5EDuTm1LIM7nSa2g5QcDoKLdH19pbePPP7kh3g TItuod8vgQYiN9OHKgNdkWpmoaOOI7xaM78P32iPube0KJjMpTfCpRQ8DxoM7PkczE19 rfIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346948; x=1705951748; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=LO3IRRhyBnh43tyj4EcXqhdpQNizW2vSsJR72NWrsbo=; b=PVrLZLBV10aEzrzedMuj0vB8xkpBCbWcPNZjku9XtP/cr6lsZKrwjJnhlLpCoGDE7A d4Z6eIpJnjXbC/04ussHsGBM7sFNUmwVdyhgkb6FUEviwJFY9GbijeZ9mtRBA3OMJZeX zS+DH3sbhREGtR0JywMjc/JS9cdGBb8mEcvwbNW8iiUM3ozb2zqIQxVCqBuVFBWqphKl dtGn2zqLDmMUWy24dzirfxhH6lHN/VygIduKh1HVm6Qk5jPRcQ3IuZe7rsopq9ZtqJus lGuOOBlsovM5KV6vQSADltS1FEVuxBd8O6Tu/HX7fq9jQljUOZbVYYizAEjv7ZMTAIWL ihSw== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YyJfS5xV0bR9JK+2Gn1FFh6ifeKOu+pCmAr5W1brJ42rRFfiVoj uHwl7Rmxrwgm14CJO+wfa7w= X-Google-Smtp-Source: AGHT+IFf73zVXqo0uMtlvjuxOm7nqrGdoDokvmm0+51fpKxj61du3h0/iytwltZ3R7fzywdbYDqdZA== X-Received: by 2002:a7b:c5cb:0:b0:40e:4921:5038 with SMTP id n11-20020a7bc5cb000000b0040e49215038mr2267692wmk.91.1705346946630; Mon, 15 Jan 2024 11:29:06 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:600c:4f85:b0:40e:6522:eed8 with SMTP id n5-20020a05600c4f8500b0040e6522eed8ls164025wmq.2.-pod-prod-02-eu; Mon, 15 Jan 2024 11:29:04 -0800 (PST) X-Received: by 2002:a05:600c:3793:b0:40d:5b0e:2f5c with SMTP id o19-20020a05600c379300b0040d5b0e2f5cmr2240680wmr.52.1705346944603; Mon, 15 Jan 2024 11:29:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346944; cv=none; d=google.com; s=arc-20160816; b=EtuK9TzltVF9Lkz8hzQqcDpRHw9SX7U/6SP5bY7ATJ2QmJwVsrRHRay49lIv0PzM0v OkpPo9zXlmJT7fmrnOdGEBqKjvq+027w0tXJotNIpw9+uCa03pI7HmTVtFuxqgDYkrzF W866A/na4qu22/Wh+Chvx3KRE9pAZ2ahl5uxvJXucB+ZAz0WVQ/StnY14my6ZH1eD0r2 5h3PJobuZ4Ci53NpdroooC6qzjEO6cn4R4UWmlWidzAE17M/N8SUwtu+VI+wMKuH/wZz RaYM2qOxb77cL7gbNZTr3ZgW8rFaoGTD3lgg7E3Lm/6IYs2LXjgwqYPknSNMI8pz+kSl Lp5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=XS7xgNYxVnUg6QuwSt8AY1GwPY52drqu0O0gUiyleZs=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=EnpRBmzPUDddGjzwz1beJJPdH1uFOfZ2QJC7xQtL1fNv5fuj4OCgUzdIWnZQ0qx/Nd GmMkDSmkJj648xWPmaxXz4qVHwOZZrv7Ty2ur5Cy+AouJFwxIEkYnfYeTUKPuIbA5G87 AHYV22k5w3pjLKzVh4lMGwvp/PaNya7zHgkLEx8yepHZ/S1iM7NBetAi02QjU40WPtYw F/CTMuS6HJgVUOcFgUqaRmDzAWrEyg/uzJxgymhSS2puDaswK7XCRPmkocw+MMZUHGZI UhKq3VfvBDBpzOsMOnheyn89kkJC2dGEyBWKogOG77cJfl6VosXx/pVwHxrfYrkMvnUY 7CVA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=UokViDac; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62b as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com. [2a00:1450:4864:20::62b]) by gmr-mx.google.com with ESMTPS id co11-20020a0560000a0b00b0033776a5f33fsi316628wrb.1.2024.01.15.11.29.04 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:29:04 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62b as permitted sender) client-ip=2a00:1450:4864:20::62b; Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-a26ed1e05c7so1086755566b.2 for ; Mon, 15 Jan 2024 11:29:04 -0800 (PST) X-Received: by 2002:a17:906:2b43:b0:a2d:4c1f:9831 with SMTP id b3-20020a1709062b4300b00a2d4c1f9831mr1189460ejg.27.1705346943652; Mon, 15 Jan 2024 11:29:03 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.29.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:29:02 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 6/8] util: Replace bool with enum for 'encrypted' Parameter Date: Mon, 15 Jan 2024 20:26:43 +0100 Message-ID: <20240115192845.51530-7-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=UokViDac; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62b as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Previously, artifacts were limited to symmetric encryption, requiring a boolean. To enable __swupdate_copy for asymmetrically encrypted artifacts, the boolean has been replaced with an enum. Signed-off-by: Michael Glembotzki --- core/cpio_utils.c | 14 +++++++------- core/stream_interface.c | 27 ++++++++++++++++++--------- include/util.h | 10 ++++++++-- 3 files changed, 33 insertions(+), 18 deletions(-) diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 5b99904..03d43c9 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -431,7 +431,7 @@ static int zstd_step(void* state, void* buffer, size_t size) static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nbytes, unsigned long *offs, unsigned long long seek, int skip_file, int __attribute__ ((__unused__)) compressed, - uint32_t *checksum, unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback) + uint32_t *checksum, unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback) { unsigned int percent, prevpercent = 0; int ret = 0; @@ -512,7 +512,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby return -EFAULT; } - if (encrypted) { + if (encrypted == SYMMETRIC) { aes_key = get_aes_key(); if (imgivt) { if (!strlen(imgivt) || !is_hex_str(imgivt) || ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { @@ -587,7 +587,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby #if defined(CONFIG_GUNZIP) || defined(CONFIG_ZSTD) if (compressed) { - if (encrypted) { + if (encrypted == SYMMETRIC) { decrypt_state.upstream_step = &input_step; decrypt_state.upstream_state = &input_state; decompress_state.upstream_step = &decrypt_step; @@ -600,7 +600,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby state = &decompress_state; } else { #endif - if (encrypted) { + if (encrypted == SYMMETRIC) { decrypt_state.upstream_step = &input_step; decrypt_state.upstream_state = &input_state; step = &decrypt_step; @@ -705,7 +705,7 @@ copyfile_exit: int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, unsigned long long seek, int skip_file, int __attribute__ ((__unused__)) compressed, - uint32_t *checksum, unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback) + uint32_t *checksum, unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback) { return __swupdate_copy(fdin, NULL, @@ -723,7 +723,7 @@ int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, unsigned l } int copybuffer(unsigned char *inbuf, void *out, size_t nbytes, int __attribute__ ((__unused__)) compressed, - unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback) + unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback) { return __swupdate_copy(-1, inbuf, @@ -837,7 +837,7 @@ int cpio_scan(int fd, struct swupdate_cfg *cfg, off_t start) * we do not have to provide fdout */ if (copyfile(fd, NULL, fdh.size, &offset, 0, 1, 0, &checksum, img ? img->sha256 : NULL, - false, NULL, NULL) != 0) { + NO_ENCRYPTION, NULL, NULL) != 0) { ERROR("invalid archive"); return -1; } diff --git a/core/stream_interface.c b/core/stream_interface.c index 1cd148f..557cc5d 100644 --- a/core/stream_interface.c +++ b/core/stream_interface.c @@ -73,7 +73,7 @@ pthread_cond_t stream_cond = PTHREAD_COND_INITIALIZER; static struct installer inst; -static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs, bool encrypted) +static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs, encrypted_t encrypted) { char output_file[MAX_IMAGE_FNAME]; struct filehdr fdh; @@ -146,10 +146,14 @@ static int extract_files(int fd, struct swupdate_cfg *software) char output_file[MAX_IMAGE_FNAME]; const char* TMPDIR = get_tmpdir(); bool installed_directly = false; - bool encrypted_sw_desc = false; + encrypted_t encrypted_sw_desc = NO_ENCRYPTION; #ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION - encrypted_sw_desc = true; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + encrypted_sw_desc = ASYMMETRIC; +#else + encrypted_sw_desc = SYMMETRIC; +#endif #endif /* preset the info about the install parts */ @@ -174,7 +178,7 @@ static int extract_files(int fd, struct swupdate_cfg *software) case STREAM_WAIT_SIGNATURE: #ifdef CONFIG_SIGNED_IMAGES snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME); - if (extract_file_to_tmp(fd, output_file, &offset, false) < 0 ) + if (extract_file_to_tmp(fd, output_file, &offset, NO_ENCRYPTION) < 0) return -1; #endif snprintf(output_file, sizeof(output_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME); @@ -243,7 +247,7 @@ static int extract_files(int fd, struct swupdate_cfg *software) close(fdout); return -1; } - if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, img->sha256, false, NULL, NULL) < 0) { + if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, img->sha256, NO_ENCRYPTION, NULL, NULL) < 0) { close(fdout); return -1; } @@ -255,7 +259,7 @@ static int extract_files(int fd, struct swupdate_cfg *software) break; case SKIP_FILE: - if (copyfile(fd, &fdout, fdh.size, &offset, 0, skip, 0, &checksum, NULL, false, NULL, NULL) < 0) { + if (copyfile(fd, &fdout, fdh.size, &offset, 0, skip, 0, &checksum, NULL, NO_ENCRYPTION, NULL, NULL) < 0) { return -1; } if (!swupdate_verify_chksum(checksum, &fdh)) { @@ -382,11 +386,16 @@ static int save_stream(int fdin, struct swupdate_cfg *software) unsigned long offset; char output_file[MAX_IMAGE_FNAME]; const char* TMPDIR = get_tmpdir(); - bool encrypted_sw_desc = false; + encrypted_t encrypted_sw_desc = NO_ENCRYPTION; #ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION - encrypted_sw_desc = true; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + encrypted_sw_desc = ASYMMETRIC; +#else + encrypted_sw_desc = SYMMETRIC; #endif +#endif + if (fdin < 0) return -EINVAL; @@ -454,7 +463,7 @@ static int save_stream(int fdin, struct swupdate_cfg *software) } #ifdef CONFIG_SIGNED_IMAGES snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME); - if (extract_file_to_tmp(tmpfd, output_file, &offset, false) < 0 ) { + if (extract_file_to_tmp(tmpfd, output_file, &offset, NO_ENCRYPTION) < 0) { ERROR("Signature cannot be extracted:%s", output_file); ret = -EINVAL; goto no_copy_output; diff --git a/include/util.h b/include/util.h index f4a67ef..f995520 100644 --- a/include/util.h +++ b/include/util.h @@ -79,6 +79,12 @@ typedef enum { LASTLOGLEVEL=DEBUGLEVEL } LOGLEVEL; +typedef enum { + NO_ENCRYPTION, + SYMMETRIC, + ASYMMETRIC +} encrypted_t; + /* * Following are used for notification from another process */ @@ -205,10 +211,10 @@ strlcpy(char *dst, const char * src, size_t size); int copyfile(int fdin, void *out, size_t nbytes, unsigned long *offs, unsigned long long seek, int skip_file, int compressed, uint32_t *checksum, - unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback); + unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback); int copyimage(void *out, struct img_type *img, writeimage callback); int copybuffer(unsigned char *inbuf, void *out, size_t nbytes, int compressed, - unsigned char *hash, bool encrypted, const char *imgivt, writeimage callback); + unsigned char *hash, encrypted_t encrypted, const char *imgivt, writeimage callback); int openfileoutput(const char *filename); int mkpath(char *dir, mode_t mode); int swupdate_file_setnonblock(int fd, bool block); From patchwork Mon Jan 15 19:26:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886825 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=O6uQYr6R; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=IcSLx5mm; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::43e; helo=mail-wr1-x43e.google.com; envelope-from=swupdate+bncbdy5juxlviebba4ps2wqmgqectk66zi@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wr1-x43e.google.com (mail-wr1-x43e.google.com [IPv6:2a00:1450:4864:20::43e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdg2mHyz1yPg for ; Tue, 16 Jan 2024 06:29:11 +1100 (AEDT) Received: by mail-wr1-x43e.google.com with SMTP id ffacd0b85a97d-3368698f0casf5655908f8f.1 for ; Mon, 15 Jan 2024 11:29:11 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346947; cv=pass; d=google.com; s=arc-20160816; b=lT1+xIa7H2wnKrntbTrOYWngD8eyVMuHRx9fBEC0Kz5rL/NdJutSWkBeYZg80AYjF8 mYhpiTdsS3f+jPZD2H63Qbh8XrYpwgJHw/zR5wIBIGjcQxoGG7KuDlgqA0EG669G+3w3 Le61GjamFP+20Yq+Hc+sE9K42WDCjn9Y9LsmfT8qF2cnM3wAFw0iNH6F9yIfmtxp/0C4 r4cijxgdyrZwlP35+KBmqshmE9RMlNCTjOfzzTj21/FA48ZjPtegYUg6gXiHbhBavNz6 lC0yBWj3xvCn1xQofpAimEU2XIrOGreQcaRXyz1SSQ5CzO7bHHVHq3l2n9AccFmcFh3Q fV/g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=+sITOAYZwQY/ffGz9PwDTYErnHi3z3pKUjzeWTASPhs=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=xrLwg7SpSjZUWhkwIfO6QnHvEd9UfK+gh7Sfs24rOYgos+1ySd3evDjmYFouzVK652 iFKK0Xn0p1jYDk37JCUKkesvdDS/tQSTfphh+/TRdyWydWMCB4weGc72uVNa/MJEl7wz oIdbYOKcdFtp7rURjOkvy+T/bWZkH1hDw7j9vHMWvlvnEMAJA5R2NLLdHkgzDXmZWqDB QNRaZzYoyRxaYF/IdVSmh1J0tUNkGDQQceeCtlGuQaJaPjDp5tjIObNXWpHu0nHdanXj YpPDZeWD0rIcaI5n+udPNOuIPzePDyTTr6Z1cb+pzp0LZEnTvB2IYH1+JtDYsrI7gEv0 uFbg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=LhWdj9XE; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::631 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346947; x=1705951747; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=+sITOAYZwQY/ffGz9PwDTYErnHi3z3pKUjzeWTASPhs=; b=O6uQYr6R4Z1vOU6hQqoUg28vymrudgm8gRvobBoriKBd6GRkYb5C9mxVypb0ZOTNy4 md0B/43QXNdS6YqIhW6CGK45AP4KuY3x1+cbmbQOQdr2FLI+OLya+I6+Vhz5l0/tdBri ei4hJHld4aF+KU/kcQnXbjGeRypZXHVeTKKqc8aiwGgBjG5F4aWmg50LiOcIj9x6hwGV pXdLDd7Fp39OGhUK9qpQz7Dd1P0g5UFDqkbwOE2dgFb8/KUemAD44Dm2q2Cg6Bj9g3jX YPE4ws/1z8tAFUVYTP85nOt1I0cTmYsuzsh2nQxIKdnSRlYfH4DYfYii5/OpiRN6Z3rJ 96vQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346947; x=1705951747; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=+sITOAYZwQY/ffGz9PwDTYErnHi3z3pKUjzeWTASPhs=; b=IcSLx5mm5zgyoyJWjkhAFpu1kE44zgbJlNioLOJAP6x5GoCd0U3dg6DU1mdFz0fFCb quAxp4P6vJmPR57lL1k4LM1MPSTNii57pwJnVKM9Na2SAIblGb23gXgu893A5W4otsHV j5BwchVjCmzaOJxtCgUJm9axZDlgwYPwFWn+wd8upVAhs9YkEOWi6uyX0mC/Nl6jMunX c9gVd0kww3QPHaoFAes8t9vE7KoeUIspaQrV+kFw6+nblw/4l87Mh2X4svn3zLSCWlWY 2ADvdsyRGzaqE0AI+LBaLm+NGiVv8C+2rPsqQ5vgpBEe1fwvVf0fw5gF8Oly4EoJ4tVO AIdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346947; x=1705951747; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=+sITOAYZwQY/ffGz9PwDTYErnHi3z3pKUjzeWTASPhs=; b=dEE/Whx/wWeYCiKXyG74uaH7PqzOV9Q96D46+6D2x9OhSWExljLVmx7cmgV8/+FEaH SyWkXHsiEgWESz25iOeJwAHlthehONCq448d9BFHKSwYy22+LHmBIsClpl97tLyLcW2A WFFQ0QA+PfYt9hVtXFh304jHkCgnztLwdbkVb41B2nW23N6rHYAq49Axh28qy9REn4wo 2MBbSaIpygH0T+Vy0hbTDQq57xIfBTi3bHAA7nTVgm2cvS6gH4PtPFvmncjSjloNRZce vo1WOidcSOI4YD2LXj6O4Rz1lg50whDk3viGxd7TSLRcfe4wlAb/jq5Cn5dovyIrpgde TDMA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0Yyf44ZLS4VD7Zebh5R0nhVmpkbe7YjKnrqxJ5CyhOLZNVv+x71p s+SjC2f9JW4LnVIdPLZkUpo= X-Google-Smtp-Source: AGHT+IHK8LE2UlZfallYm/wUvfVaWZZTXDDeaXMyUrnw74JOFvHqX5EAC3wrXAHXlwwlxGzMfQlaxg== X-Received: by 2002:a05:6000:14b:b0:337:5baa:ec9d with SMTP id r11-20020a056000014b00b003375baaec9dmr1872952wrx.8.1705346947498; Mon, 15 Jan 2024 11:29:07 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:adf:db05:0:b0:337:8317:7170 with SMTP id s5-20020adfdb05000000b0033783177170ls2198613wri.2.-pod-prod-08-eu; Mon, 15 Jan 2024 11:29:05 -0800 (PST) X-Received: by 2002:a5d:5709:0:b0:337:a6fc:1d8a with SMTP id a9-20020a5d5709000000b00337a6fc1d8amr710736wrv.84.1705346945498; Mon, 15 Jan 2024 11:29:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346945; cv=none; d=google.com; s=arc-20160816; b=WBqcn5rXIXkifd9E/XLeSvPGIgV+Z+wJ7DnSBVq70hl5xO9B9S3zRQOdeoT49GNarm POW/04qQLl36TyOgMAJ/nGUMFGAJlBZkbTg0G6jit5p70l2EWoTFO1vJTBE4IGg3Z0xo SqTVZolC4PTSKOe5+ON2bJ25YBFqeezOMvUQUoGzh93XN/bE2cURBBZpKv7nhU0n7Rxm +HiNOpMBvjq2K6Tiyp02YkzLMJ2DpyQJNCPyi21z3FJCV84Q5RCCd1pau1LHG+NVh5+l emvoE8qDXawtZErLwp9WLqidCDI2YTMaSOSlKoss/1Us7Hxxr7P8oGzN4yPEFxlfyzEE Qpog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=JH6rgdhAMqOHQhjCcldEykNfiGwDThoglXaTp5cXxDo=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=nIqLBJetV/hX7FSNMCWEb6roYVkI/HgNULa1oLCjIhhJIoXvmVWmujgXE3VeOizToX pTpRd+Fq0oxJoLNmYGpMWaT9AJtQdBzB19Wbz/CAcg5bBglh1PuIRas+BicWmfX5bccA jrXwK9hYPd7Bq9Jam+VtXuSQr4LLEkZK9s4Zc8HRfLt8Y0K38dkOkHSHFb8lRZYE+59P 9k7eVlRnBoHr/I/T/lrPwkaaS1p+8m+pgC5402CcT2rFp264I3RUFCqf9ugXKnCl5NGK zvUPmWnnnGIiB1YKYcxqKlMl6PKUEOnD8i1tuR/zaQW0g7Z+hYwZi7FcBPZuRTG28aUC A7VA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=LhWdj9XE; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::631 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com. [2a00:1450:4864:20::631]) by gmr-mx.google.com with ESMTPS id l8-20020a5d6d88000000b003367f2ef462si282284wrs.8.2024.01.15.11.29.05 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:29:05 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::631 as permitted sender) client-ip=2a00:1450:4864:20::631; Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-a28b1095064so1019290966b.2 for ; Mon, 15 Jan 2024 11:29:05 -0800 (PST) X-Received: by 2002:a17:907:7244:b0:a2d:9a0c:27f0 with SMTP id ds4-20020a170907724400b00a2d9a0c27f0mr776846ejc.42.1705346944757; Mon, 15 Jan 2024 11:29:04 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.29.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:29:04 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 7/8] Add support for asymmetrical encrypted images Date: Mon, 15 Jan 2024 20:26:44 +0100 Message-ID: <20240115192845.51530-8-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=LhWdj9XE; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::631 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Asymmetric decryption is now supported exclusively for the sw-description file. Applying asymmetric decryption to other artifacts is deemed impractical. Hence, when 'encrypted == ASYMMETRIC,' an asymmetrically encrypted sw-description file is anticipated and written to fdout. The __swupdate_copy function decrypts the sw-description file from a temporary copy named 'sw-description.enc,' which is subsequently removed post-update. Signed-off-by: Michael Glembotzki --- Kconfig | 12 +++++++++++ core/cpio_utils.c | 55 +++++++++++++++++++++++++++++++++++++++++++++-- core/installer.c | 7 ++++++ 3 files changed, 72 insertions(+), 2 deletions(-) diff --git a/Kconfig b/Kconfig index 5a3dc9a..a6f0671 100644 --- a/Kconfig +++ b/Kconfig @@ -507,6 +507,18 @@ config ENCRYPTED_SW_DESCRIPTION if this is set. It is a compile time option, and mix of plain and encrypted sw-descriptions is not possible. +config ASYM_ENCRYPTED_SW_DESCRIPTION + bool "Asymmetrical encrypted sw-description" + depends on ENCRYPTED_SW_DESCRIPTION && !PKCS11 + depends on SSL_IMPL_OPENSSL + default n + help + This option enables support for asymmetrical encrypted sw-description, + making it possible to decrypt images device specific. The artifacts + themselves are still encrypted symmetrically. An AES key can optionally + be provided in the sw-description, or the default AES key will be used. + Cryptographic Message Syntax (CMS) is used for decryption. + config ENCRYPTED_IMAGES_HARDEN_LOGGING bool "Harden logging for encrypted images" default n diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 03d43c9..2310156 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -26,6 +26,7 @@ #include "util.h" #include "sslapi.h" #include "progress.h" +#include "parsers.h" #define MODULE_NAME "cpio" @@ -444,6 +445,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby unsigned char *aes_key = NULL; unsigned char *ivt = NULL; unsigned char ivtbuf[AES_BLK_SIZE]; + char keylen; struct InputState input_state = { .fdin = fdin, @@ -513,7 +515,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby } if (encrypted == SYMMETRIC) { - aes_key = get_aes_key(); + /* Use default ivt, if no image ivt is provided */ if (imgivt) { if (!strlen(imgivt) || !is_hex_str(imgivt) || ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { ERROR("Invalid image ivt"); @@ -522,7 +524,19 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby ivt = ivtbuf; } else ivt = get_aes_ivt(); - decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, get_aes_keylen(), ivt); + +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + aes_key = get_tmp_aes_key(); + keylen = get_tmp_aes_keylen(); +#endif + + /* Use default aes-key, if no aes-key is provided within the sw-description */ + if (!aes_key) { + aes_key = get_aes_key(); + keylen = get_aes_keylen(); + } + + decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, keylen, ivt); if (!decrypt_state.dcrypt) { ERROR("decrypt initialization failure, aborting"); ret = -EFAULT; @@ -680,6 +694,43 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby *checksum = input_state.checksum; } +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if (encrypted == ASYMMETRIC) { + char sw_desc_file[MAX_IMAGE_FNAME]; + char sw_desc_file_enc[MAX_IMAGE_FNAME]; + const char *TMPDIR = get_tmpdir(); + /* + * Assume the asym encrypted sw-description file is written to fdout + */ + int fdout = out ? *(int *)out : -1; + + if (fdout < 0) { + ERROR("out argument: invalid fd or pointer"); + ret = -EFAULT; + goto copyfile_exit; + } + close(fdout); + + snprintf(sw_desc_file, sizeof(sw_desc_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME); + snprintf(sw_desc_file_enc, sizeof(sw_desc_file_enc), "%s.enc", sw_desc_file); + + if (rename(sw_desc_file, sw_desc_file_enc)) { + ERROR("Renaming %s to %s failed", sw_desc_file, sw_desc_file_enc); + ret = -EFAULT; + goto copyfile_exit; + } + + /* + * Decrypt the asym encrypted sw-description file + */ + if (swupdate_decrypt_file(get_swupdate_cfg()->dgst, sw_desc_file_enc, sw_desc_file)) { + ERROR("Decrypting %s failed", sw_desc_file); + ret = -EFAULT; + goto copyfile_exit; + } + } +#endif + ret = 0; copyfile_exit: diff --git a/core/installer.c b/core/installer.c index 20b5b51..7707672 100644 --- a/core/installer.c +++ b/core/installer.c @@ -497,6 +497,13 @@ void cleanup_files(struct swupdate_cfg *software) { free(fn); } #endif + +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if (asprintf(&fn, "%s%s.enc", TMPDIR, SW_DESCRIPTION_FILENAME) != ENOMEM_ASPRINTF) { + remove_sw_file(fn); + free(fn); + } +#endif } int preupdatecmd(struct swupdate_cfg *swcfg) From patchwork Mon Jan 15 19:26:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886827 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=nqNnV5Ha; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=hxLXmh9F; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::337; helo=mail-wm1-x337.google.com; envelope-from=swupdate+bncbdy5juxlviebbbeps2wqmgqel44xsly@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wm1-x337.google.com (mail-wm1-x337.google.com [IPv6:2a00:1450:4864:20::337]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdh3thdz23dm for ; Tue, 16 Jan 2024 06:29:12 +1100 (AEDT) Received: by mail-wm1-x337.google.com with SMTP id 5b1f17b1804b1-40e4caa37f5sf53140415e9.0 for ; Mon, 15 Jan 2024 11:29:12 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346949; cv=pass; d=google.com; s=arc-20160816; b=jFi18X/KJ3ZTGkcIAoPuOo6Cvzwc58hfYrgVcLyslP2j5s8KVC4WQD6zasIuj/r6Sb 53xM6eIsZLg9iYD3FcI/l6MSgsC+cKE+EQBBA1o1RmaI+pawqmSVv/BmYm/9exUTq6XF Kw1Dj03OK62pGmdcyvL1BfYUrAM29KNjuvZ9CzykRGOCLqe0aB5wcY7jSCVUlh8+sqp6 AUyaFHivU1sey4xET7tXgQ3RqkfzjJ6sWJQ5pKMIoV+TqWAnINwlp+XrshGC9l+rdOmJ RGBAC+wpXJojlAH8xAn5AdkQZGNLeFDDEHebVCb7EdZ+1pO43Hp6uhkyMIDEmQmXDWI/ NRvQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=IKeUWx4WNMNGwY3rH9tdj4cxY+80mevxsCJ3XplJ4wI=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=prk+rF1lG1lvyYUtzVkIaAfIz7VnfjGlYmuHbxX3qYClwwlKr4RCfENSL/UeeEqPHH xfmgs53SWUFoCjtDd/66zg8knnbYPctUuLDUId0PNlc/Zj0iXVvkrR/gCXTb6ICSwT5S NyjytxGIzRFpxzQV02XIcrnEV3PbqyptEpWbY3TV45AN8oHHUIuAPG2cTeZi9iHcesXD TIRUqX6xL1wUKgJ49BHFceD54m+MUpMnvFV/ZqHwoNU8uz/bfHr7HAo/09o/iWEBxel2 xDqoDuaEb8GrHBAIPDoONdhcJ5px4BTHPve0Z/9+lLfIX9H1k/tVjq0zimV3rgQfIdgK qqVg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=WvE4WsMz; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346949; x=1705951749; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=IKeUWx4WNMNGwY3rH9tdj4cxY+80mevxsCJ3XplJ4wI=; b=nqNnV5HaS/i3EDj4VP6fd/BfV4/h2iOcqRmG42jT715fBB+DUUd9CT42XEO97Q0mxI dVjpRLmCc7/Gk9lbu83xjcnw5CeVsCWkZYdH8XoOwZwpAvQ7uqe1+9bX9+xiZ5IQ7MG7 umGI0PwXW2iGicV5himNkbGmhiKJ4CKgSu4xPZuq5oT1dEl2L2Mcrghrp2EA1mhLLStf I0gyu/X0ZQYNa9RVqBYmLvMC9ZYGHNKthG+TL7o+5uvfZNUtBUdQ4Uo0p0GfSEuEhgKk 1Ciqm2CRWojqIALDCvkg1TJQCEiWvLf9TmZ9xABuR2IYH0WkS3vN2VNwr2VAMai2+ebq DCgQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346949; x=1705951749; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=IKeUWx4WNMNGwY3rH9tdj4cxY+80mevxsCJ3XplJ4wI=; b=hxLXmh9FxK+9Ax03yABX7EGkuTjXn+wupfd8A4Hvk+Ed/zy2yiPZLvEBYRhat8smtY bba7lWiKc3krJ9C2RlC/7fU3STB5fD7xUqt/FgwaNm2KqoZMOK1K6OwWmWc3fz9B8d90 ZscWxO51rvp9KYy8ZUELUNw3GsgqRxh1WSh+OChh6/e+INrZ81rpkGXaDUfk6E9+lAfM t6opHEpOv1UWs65W2+dZjf2Sn4y2mkKVRmk+i1tch9JFNDcV5x6wu9ZeW4lZRFLSTxGh 16FRWA37hBMZWIcZHlaDqZQMg9o6fMIEPVEYbIyFf6kLzL+hTwEc6NlFogpPBS0kOIGN sVag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346949; x=1705951749; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=IKeUWx4WNMNGwY3rH9tdj4cxY+80mevxsCJ3XplJ4wI=; b=TYwPQRTm6kJhlAYeYk0DRK9pRtnGppOT7eUaHdvBP39jh/kr1KInC342vKpmGbi/BW T35+0nlXsydIi0NR1nVn7VrJJn7V6QC3GQpuVeeO7xiMu4v54ixF8MpqPc/CHCiMGkgD eaeXRQR/QLn8jhSrGUqHsYMK43sSi8R05gS1f038BLtxFI2ZF1KOwxtPiyvD/7U27XXH 96trG3xkiA4MToAu70lJFJn9b4lDqEy1kuPRDO1OaSumc53DTE/HrfevEFC/aA1Nbi4e zaEpu5Zuh/4MUw7i/swCXRdtWfLz+2IOAZsB+ewIfAnH3ecArc+sJxEVGaKxBWqSbCzR GieA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YyeMKEt0ZiPy5aUwQYYQkI4xvWWBriv8xATJUa+71E70eOhbfp1 nw+OaHSJvf9KRyWIYBZT2aE= X-Google-Smtp-Source: AGHT+IGekKkNZA4DcQfXo7XFfHWsqUj4lYdwu7ERgJGEpNAFyQjEt6meANQB3lSEWPNYQapq9oGkXg== X-Received: by 2002:a05:600c:2a48:b0:40e:4dc1:fbc0 with SMTP id x8-20020a05600c2a4800b0040e4dc1fbc0mr2967819wme.60.1705346948783; Mon, 15 Jan 2024 11:29:08 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:600c:3c88:b0:40d:839d:e5d6 with SMTP id bg8-20020a05600c3c8800b0040d839de5d6ls1318404wmb.1.-pod-prod-07-eu; Mon, 15 Jan 2024 11:29:07 -0800 (PST) X-Received: by 2002:a05:600c:468b:b0:40e:5118:5046 with SMTP id p11-20020a05600c468b00b0040e51185046mr3374937wmo.21.1705346946731; Mon, 15 Jan 2024 11:29:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346946; cv=none; d=google.com; s=arc-20160816; b=U4Qj1ALCkLIPLix8PDD8W9s3/trQFfB0mfLTOEpGIjmTt0IAUWKuU6xbp+1wJi2WPO AigUJ84hX0QSTGS6E/CL2ipelyAhazEjb2F7X5NCBYV9u2zzQNFJ6zr7GVInnlLNMez+ QjurfpRTb2ZHQ+/ad1/CCbz1ddALuUANFE4LjwCSBcsbr7e9TYAwACw47maeM+Yuph3n AceSe7LC5oUbx0krFv6xyDKc2SqjArhW4RPY6rS74qsh1jxtlF3rVxBESdxF9lYJ/ToH 2etRinJJIljFC5TNLFow9BmD7IrKMlay5//FRo9kvqYhkcPRVol6u7yruetNnkE8Gizp XovA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=aYuPuYseKS/b/sHB00vtpsf3DrPPtACcMQKcYREvtAU=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=WMIBHPr9hFyOCmOnzLEG8xiOIXeKxzQSMSaJumxouC0J6o/JUofHc2N+1/MNsfq5zH iueH/yC1+0eLEZPeujex1dHWV4oZtM8fo2jtR+Xsug7U7wiiZu+1e9bm5znJQE70cNHZ k8PQe+fLpw4ubMQLcbuO9F+qw0N53D7KJqNYYJhupjbnRTE8xIT8QxqbJP6vaUbZiVB7 yUpfAn8dWuLkbvce97fZcPWZCrm5IUakF3M5iFa24ZOnuDLCBSr+y7SLlNQBmViABPQA qbZSPByYm35rPKpaQYfLXTjBfV0yajGABX4it76fSv4E/gMi2XDlY0XJg6GHBwDGuLAu dPmw== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=WvE4WsMz; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com. [2a00:1450:4864:20::636]) by gmr-mx.google.com with ESMTPS id k1-20020a05600c1c8100b0040e5a5b0b63si336441wms.0.2024.01.15.11.29.06 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:29:06 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) client-ip=2a00:1450:4864:20::636; Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-a2d348d213dso231560666b.0 for ; Mon, 15 Jan 2024 11:29:06 -0800 (PST) X-Received: by 2002:a17:907:c209:b0:a2c:be05:92af with SMTP id ti9-20020a170907c20900b00a2cbe0592afmr3223744ejc.57.1705346945659; Mon, 15 Jan 2024 11:29:05 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.29.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:29:05 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 8/8] doc: Add documentation for asymmetric decryption Date: Mon, 15 Jan 2024 20:26:45 +0100 Message-ID: <20240115192845.51530-9-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=WvE4WsMz; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Michael Glembotzki --- doc/source/asym_encrypted_images.rst | 153 +++++++++++++++++++++++++++ doc/source/encrypted_images.rst | 2 + doc/source/index.rst | 1 + doc/source/roadmap.rst | 5 - doc/source/sw-description.rst | 13 ++- 5 files changed, 167 insertions(+), 7 deletions(-) create mode 100644 doc/source/asym_encrypted_images.rst diff --git a/doc/source/asym_encrypted_images.rst b/doc/source/asym_encrypted_images.rst new file mode 100644 index 0000000..aa7bc5c --- /dev/null +++ b/doc/source/asym_encrypted_images.rst @@ -0,0 +1,153 @@ +.. SPDX-FileCopyrightText: 2023 Michael Glembotzki +.. SPDX-License-Identifier: GPL-2.0-only + +Asymmetrically Encrypted Update Images +====================================== + +Asymmetrically encrypted update images are realized by an asymmetrical +encrypted sw-description, making it possible to decrypt images device specific. +The artifacts themselves are still encrypted symmetrically. An AES key can +optionally be provided in the sw-description, or the default AES key will be +used. Cryptographic Message Syntax (CMS) is used for decryption. + + +Use Cases +--------- + +- Asymmetrically encrypted update images, with individual device key pairs, are + inherently more secure than a purely symmetrical solution, because one + compromised private device key does not affect the security of the others. +- If ``CONFIG_SIGNED_IMAGES`` is enabled too and a device's private key is + compromised, the key pair can be excluded from the list of eligible devices + for receiving new update images. +- The AES key can be securely **exchanged** with each new update image, as it is + part of the sw-description, even in the absence of direct access to the + device. + + +Create a Self-Signed Device Key Pair +------------------------------------ + +As an example, an elliptic curve key pair (PEM) is generated for a single +device. These steps must be repeated for all other devices. An RSA key pair +could be used in the same way. + +:: + + # Create a private key and a self-signed certificate + openssl ecparam -name secp521r1 -genkey -noout -out device-key-001.pem + openssl req -new -x509 -key device-key-001.pem -out device-cert-001.pem -subj "/O=SWUpdate /CN=target" + + # Combine the private key and the certificate into a single file + cat device-key-001.pem device-cert-001.pem > device-001.pem + + +Symmetric Encryption of Artifacts +--------------------------------- + +Generate an AES key and IV, as familiar from +:ref:`symmetric image encryption `. The encryption +process for the artifacts remains unchanged. + + +Encryption of sw-description for Multiple Devices +------------------------------------------------- + +All device certificates togther are used for encryption. + +:: + + # Encrypt sw-description for multiple devices + openssl cms -encrypt -aes-256-cbc -in -out -outform DER -recip + +Replace ```` with the plain `sw-description` (e.g. +`sw-description.in`) and the encrypted ```` with `sw-description`. +````, ````, [...] ```` constitute the comprehensive +list of devices intended for encryption. + + +Decryption of sw-description for a Single Device +------------------------------------------------ + +The combined key pair (private key and certificate) is used for decryption. +SWUpdate handles the decryption process autonomously. Manually executing this +step is not necessary and is provided here solely for development purposes. + +:: + + # Decrypt sw-description for a single device + openssl cms -decrypt -in -out ```` -inform DER -inkey -recip + +Replace the encrypted ```` with `sw-description` and the +```` with plain `sw-description` (e.g. `sw-description.in`). +```` and ```` are used for the decryption. + + +Example Asymmetrically Encrypted Image +-------------------------------------- + +The image artifacts should be symmetrically encrypted and signed in advance. +Now, create a plain `sw-description.in` file. The ``encrypted`` attribute is +necessary for encrypted artifacts. While it is strongly recommended to provide +the attributes ``aes-key`` (global) and ``ivt`` (artifact-specific), they are +not mandatory. If no ``aes-key`` or ``ivt`` is provided, the provided default +``aes-key``/``ivt`` will be used. + +:: + + software = + { + version = "0.0.1"; + aes-key = "ed73b9d3bf9c655d5a0b04836d8be48660a4a4bb6f4aa07c6778e00e342881ac"; + images: ({ + filename = "rootfs.ext4.enc"; + device = "/dev/mmcblk0p3"; + sha256 = "131159df3a4efaa890ff80173664a125c496c458dd432a8a6acae18872e35822"; + encrypted = true; + ivt = "ea34a55a0c3476ed78f238ac87a7970c"; + }); + } + + +Asymmetrically encrypt the `sw-description` for multiple devices: +:: + + openssl cms -encrypt -aes-256-cbc -in sw-description.in -out sw-description -outform DER -recip device-cert-001.pem device-cert-002.pem device-cert-003.pem + + +Create the new update image (SWU): + +:: + + #!/bin/sh + + FILES="sw-description sw-description.sig rootfs.ext4.enc" + + for i in $FILES; do + echo $i;done | cpio -ov -H crc > firmware.swu + + +Running SWUpdate with Asymmetrically Encrypted Images +----------------------------------------------------- + +Asymmetric encryption support can be enabled by configuring the compile-time +option ``CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION``. To pass the combined key pair +(PEM) generated earlier to SWUpdate, use the ``-a`` argument. Alternatively, +use the ``asym-decryption-keypair`` parameter in the ``swupdate.cfg``. + + +Security Considerations +----------------------- +- Ideally, generate the private key on the device during factory provisioning, + ensuring it never leaves the device. Only the public certificate leaves the + device for encrypting future update packages. +- This feature should be used in conjunction with signature verification + (``CONFIG_SIGNED_IMAGES``) to ensure data integrity. In principle, anyone + with the corresponding device certificate can create update packages. +- As a side effect, the size of the update package may significantly increase + in a large-scale deployment. To enhance scalability, consider using group + keys. Smaller groups should be preferred over larger ones. +- Exchange the AES key in the sw-description with each update package. +- Avoid encrypting new update packages for compromised devices, if there is no + direct access to the device or if unauthorized users have access to new update + packages. diff --git a/doc/source/encrypted_images.rst b/doc/source/encrypted_images.rst index 2b7c1ee..bc23681 100644 --- a/doc/source/encrypted_images.rst +++ b/doc/source/encrypted_images.rst @@ -1,6 +1,8 @@ .. SPDX-FileCopyrightText: 2013-2021 Stefano Babic .. SPDX-License-Identifier: GPL-2.0-only +.. _sym-encrypted-images: + Symmetrically Encrypted Update Images ===================================== diff --git a/doc/source/index.rst b/doc/source/index.rst index c3a8e88..3ed531a 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -41,6 +41,7 @@ SWUpdate Documentation sw-description.rst signed_images.rst encrypted_images.rst + asym_encrypted_images.rst handlers.rst mongoose.rst suricatta.rst diff --git a/doc/source/roadmap.rst b/doc/source/roadmap.rst index dc7d547..4e6caf4 100644 --- a/doc/source/roadmap.rst +++ b/doc/source/roadmap.rst @@ -138,11 +138,6 @@ BTRFS supports subvolume and delta backup for volumes - supporting subvolumes is to move the delta approach to filesystems, while SWUpdate should apply the deltas generated by BTRFS utilities. -Security -======== - -- add support for asymmetryc decryption - Support for evaluation boards ============================= diff --git a/doc/source/sw-description.rst b/doc/source/sw-description.rst index 480ff4d..6e7e9bb 100644 --- a/doc/source/sw-description.rst +++ b/doc/source/sw-description.rst @@ -1441,8 +1441,17 @@ There are 4 main sections inside sw-description: | | | scripts | and must be decrypted before | | | | | installing. | +-------------+----------+------------+---------------------------------------+ - | ivt | string | images | IVT in case of encrypted artefact | - | | | files | It has no value if "encrypted" is not | + | aes-key | string | | Optional AES key for encrypted | + | | | | artefacts. It has no effect if not | + | | | | compiled with | + | | | | `CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION`| + | | | | or if attribute "encrypted" is not | + | | | | set. If no AES key is provided the | + | | | | default AES key is used. It is an | + | | | | ASCII hex string of 16/24/32 chars. | + +-------------+----------+------------+---------------------------------------+ + | ivt | string | images | Optional IVT for encrypted artefacts. | + | | | files | It has no effect if "encrypted" is not| | | | scripts | set. Each artefact can have an own | | | | | IVT to avoid attacker can guess the | | | | | the key. |