Commit 394afd3e authored by Marek Vasut's avatar Marek Vasut
Browse files

mxssb: Properly add CBC-MAC IV field into image header



Do not abuse the start of image directly as the CBC-MAC IV, but
create separate overlaid field for this purpose.
Signed-off-by: Marek Vasut's avatarMarek Vasut <marex@denx.de>
parent 88395e16
...@@ -459,8 +459,6 @@ static void sb_emit_data(uint8_t *image, size_t *offset, void *data, size_t len) ...@@ -459,8 +459,6 @@ static void sb_emit_data(uint8_t *image, size_t *offset, void *data, size_t len)
static int sb_create_image(struct sb_boot_image_header *sb_header, static int sb_create_image(struct sb_boot_image_header *sb_header,
uint8_t **image) uint8_t **image)
{ {
uint8_t *sb_header_ptr = (uint8_t *)sb_header;
unsigned int i; unsigned int i;
/* The currect offset in the SB image. */ /* The currect offset in the SB image. */
...@@ -509,7 +507,7 @@ static int sb_create_image(struct sb_boot_image_header *sb_header, ...@@ -509,7 +507,7 @@ static int sb_create_image(struct sb_boot_image_header *sb_header,
struct sb_key_dictionary_key sb_dict_key; struct sb_key_dictionary_key sb_dict_key;
memset(&sb_dict_key, 0, sizeof(sb_dict_key)); memset(&sb_dict_key, 0, sizeof(sb_dict_key));
sb_aes_reinit(&cipher_ctx, sb_header_ptr); sb_aes_reinit(&cipher_ctx, sb_header->iv);
sb_encrypt_key_dictionary_key(&cipher_ctx, &md_ctx, sb_encrypt_key_dictionary_key(&cipher_ctx, &md_ctx,
&sb_dict_key, sb_section_header_cbc_mac); &sb_dict_key, sb_section_header_cbc_mac);
...@@ -523,7 +521,7 @@ static int sb_create_image(struct sb_boot_image_header *sb_header, ...@@ -523,7 +521,7 @@ static int sb_create_image(struct sb_boot_image_header *sb_header,
struct sb_source_entry *src; struct sb_source_entry *src;
struct sb_source_entry *lst = sb_get_boot_list(target_cpu); struct sb_source_entry *lst = sb_get_boot_list(target_cpu);
sb_aes_reinit(&cipher_ctx, sb_header_ptr); sb_aes_reinit(&cipher_ctx, sb_header->iv);
for (i = 0; i < sb_get_boot_list_size(target_cpu); i++) { for (i = 0; i < sb_get_boot_list_size(target_cpu); i++) {
src = &lst[i]; src = &lst[i];
...@@ -533,7 +531,7 @@ static int sb_create_image(struct sb_boot_image_header *sb_header, ...@@ -533,7 +531,7 @@ static int sb_create_image(struct sb_boot_image_header *sb_header,
sizeof(struct sb_command)); sizeof(struct sb_command));
if(src->tag == ROM_TAG_CMD) { if(src->tag == ROM_TAG_CMD) {
sb_aes_reinit(&cipher_ctx, sb_header_ptr); sb_aes_reinit(&cipher_ctx, sb_header->iv);
} else if(src->tag == ROM_LOAD_CMD) { } else if(src->tag == ROM_LOAD_CMD) {
sb_aes_encrypt(&cipher_ctx, src->payload, src->payload, src->length); sb_aes_encrypt(&cipher_ctx, src->payload, src->payload, src->length);
EVP_DigestUpdate(&md_ctx, src->payload, src->length); EVP_DigestUpdate(&md_ctx, src->payload, src->length);
...@@ -546,7 +544,7 @@ static int sb_create_image(struct sb_boot_image_header *sb_header, ...@@ -546,7 +544,7 @@ static int sb_create_image(struct sb_boot_image_header *sb_header,
*/ */
uint8_t digest[32]; uint8_t digest[32];
sb_aes_reinit(&cipher_ctx, sb_header_ptr); sb_aes_reinit(&cipher_ctx, sb_header->iv);
memset(digest, 0, sizeof(digest)); memset(digest, 0, sizeof(digest));
EVP_DigestFinal(&md_ctx, digest, NULL); EVP_DigestFinal(&md_ctx, digest, NULL);
......
...@@ -34,7 +34,13 @@ struct sb_boot_image_version { ...@@ -34,7 +34,13 @@ struct sb_boot_image_version {
}; };
struct sb_boot_image_header { struct sb_boot_image_header {
uint8_t digest[20]; /* SHA1 of the header. */ union {
uint8_t digest[20]; /* SHA1 of the header. */
struct {
uint8_t iv[16]; /* CBC-MAC initialization vector. */
uint8_t extra[4];
};
};
uint8_t signature1[4]; /* 'STMP' */ uint8_t signature1[4]; /* 'STMP' */
uint8_t major_version; /* Major version of the image format. */ uint8_t major_version; /* Major version of the image format. */
uint8_t minor_version; /* Minor version of the image format. */ uint8_t minor_version; /* Minor version of the image format. */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment