Commit 502a46ec authored by Marek Vasut's avatar Marek Vasut

mxssb: Use the CBC-MAC from the dictionary key

Instead of passing an array to compute the CBC-MAC of the section
table, use directly the one in the key dictionary.
Signed-off-by: Marek Vasut's avatarMarek Vasut <marex@denx.de>
parent 0d0911a3
......@@ -235,8 +235,7 @@ static void sb_encrypt_sb_header(struct sb_image_ctx *ictx)
EVP_DigestUpdate(md_ctx, sb_header_ptr, sizeof(*sb_header));
}
static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx,
uint8_t cbc_mac[sizeof(struct sb_key_dictionary_key)])
static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx)
{
EVP_MD_CTX *md_ctx = &ictx->md_ctx;
struct sb_section_ctx *sctx = ictx->sect_head;
......@@ -248,27 +247,21 @@ static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx,
shdr = &sctx->payload;
sb_sections_header_ptr = (uint8_t *)shdr;
sb_aes_crypt(ictx, sb_sections_header_ptr, cbc_mac, size);
sb_aes_crypt(ictx, sb_sections_header_ptr,
ictx->sb_dict_key.cbc_mac, size);
EVP_DigestUpdate(md_ctx, sb_sections_header_ptr, size);
sctx = sctx->sect;
};
}
static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx,
uint8_t cbc_mac[sizeof(struct sb_key_dictionary_key)])
static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx)
{
EVP_MD_CTX *md_ctx = &ictx->md_ctx;
struct sb_key_dictionary_key *sb_dict_key = &ictx->sb_dict_key;
/*
* The key in the key dictionary contains CBC-MAC from the SB image
* header and SB sections header.
*/
memcpy(sb_dict_key->cbc_mac, cbc_mac, sizeof(sb_dict_key->cbc_mac));
sb_aes_crypt(ictx, image_key, sb_dict_key->key, 16);
EVP_DigestUpdate(md_ctx, sb_dict_key, sizeof(*sb_dict_key));
sb_aes_crypt(ictx, image_key, ictx->sb_dict_key.key,
sizeof(ictx->sb_dict_key.key));
EVP_DigestUpdate(md_ctx, &ictx->sb_dict_key, sizeof(ictx->sb_dict_key));
}
static void sb_encrypt_tag(struct sb_image_ctx *ictx,
......@@ -297,16 +290,13 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
/*
* SB sections header.
*/
uint8_t sb_section_header_cbc_mac[sizeof(struct sb_key_dictionary_key)];
sb_encrypt_sb_sections_header(ictx, sb_section_header_cbc_mac);
sb_encrypt_sb_sections_header(ictx);
/*
* Key dictionary.
*/
sb_aes_reinit(ictx, 1);
sb_encrypt_key_dictionary_key(ictx, sb_section_header_cbc_mac);
sb_encrypt_key_dictionary_key(ictx);
/*
* Section tags.
......@@ -1639,7 +1629,6 @@ static int sb_verify_sections_cmds(struct sb_image_ctx *ictx, FILE *fp)
}
}
uint8_t sb_section_header_cbc_mac[sizeof(struct sb_key_dictionary_key)];
struct sb_key_dictionary_key key;
size = fread(&key, 1, sizeof(key), fp);
......@@ -1648,9 +1637,9 @@ static int sb_verify_sections_cmds(struct sb_image_ctx *ictx, FILE *fp)
return -EINVAL;
}
sb_encrypt_sb_sections_header(ictx, sb_section_header_cbc_mac);
sb_encrypt_sb_sections_header(ictx);
sb_aes_reinit(ictx, 1);
sb_encrypt_key_dictionary_key(ictx, sb_section_header_cbc_mac);
sb_encrypt_key_dictionary_key(ictx);
if (memcmp(&key, &ictx->sb_dict_key, sizeof(key))) {
fprintf(stderr,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment