Commit a7ac327a authored by Marek Vasut's avatar Marek Vasut

mxssb: Pass sb_image_ctx into crypto function

Pass the sb_image_ctx context into the cryptographic functions
instead of passing the standalone cryptographic structures. This
makes the code a little cleaner.
Signed-off-by: Marek Vasut's avatarMarek Vasut <>
parent 156bf0c8
......@@ -157,8 +157,9 @@ static uint8_t image_key[16] = {0};
* AES libcrypto
static int sb_aes_init(EVP_CIPHER_CTX *ctx, uint8_t *iv)
static int sb_aes_init(struct sb_image_ctx *ictx, uint8_t *iv)
EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
/* If there is no init vector, init vector is all zeroes. */
if (!iv)
iv = image_key;
......@@ -167,9 +168,10 @@ static int sb_aes_init(EVP_CIPHER_CTX *ctx, uint8_t *iv)
return EVP_EncryptInit(ctx, EVP_aes_128_cbc(), image_key, iv);
static int sb_aes_encrypt(EVP_CIPHER_CTX *ctx, uint8_t *in_data,
static int sb_aes_encrypt(struct sb_image_ctx *ictx, uint8_t *in_data,
uint8_t *out_data, int in_len)
EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
int ret, outlen;
uint8_t *outbuf;
......@@ -197,13 +199,15 @@ static int sb_aes_deinit(EVP_CIPHER_CTX *ctx)
return EVP_CIPHER_CTX_cleanup(ctx);
static int sb_aes_reinit(EVP_CIPHER_CTX *ctx, uint8_t *iv)
static int sb_aes_reinit(struct sb_image_ctx *ictx, uint8_t *iv)
int ret;
EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
ret = sb_aes_deinit(ctx);
if (!ret)
return ret;
return sb_aes_init(ctx, iv);
return sb_aes_init(ictx, iv);
......@@ -297,23 +301,23 @@ static time_t sb_get_timestamp(void)
return seconds_to_now - seconds_to_2000;
static void sb_encrypt_sb_header(
EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *md_ctx,
static void sb_encrypt_sb_header(struct sb_image_ctx *ictx,
struct sb_boot_image_header *sb_header)
EVP_MD_CTX *md_ctx = &ictx->md_ctx;
uint8_t *sb_header_ptr = (uint8_t *)sb_header;
/* Encrypt the header, compute the digest. */
sb_aes_encrypt(cipher_ctx, sb_header_ptr, NULL, sizeof(*sb_header));
sb_aes_encrypt(ictx, sb_header_ptr, NULL, sizeof(*sb_header));
EVP_DigestUpdate(md_ctx, sb_header_ptr, sizeof(*sb_header));
static void sb_encrypt_sb_sections_header(
EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *md_ctx,
static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx,
struct sb_sections_header *sb_sections_header,
uint8_t cbc_mac[sizeof(struct sb_key_dictionary_key)],
int tag_offset)
EVP_MD_CTX *md_ctx = &ictx->md_ctx;
uint8_t *sb_sections_header_ptr = (uint8_t *)sb_sections_header;
const int size = sizeof(*sb_sections_header);
......@@ -323,22 +327,23 @@ static void sb_encrypt_sb_sections_header(
/* Section #0 is bootable. */
sb_sections_header->section_flags = SB_SECTION_FLAG_BOOTABLE;
sb_aes_encrypt(cipher_ctx, sb_sections_header_ptr, cbc_mac, size);
sb_aes_encrypt(ictx, sb_sections_header_ptr, cbc_mac, size);
EVP_DigestUpdate(md_ctx, sb_sections_header_ptr, size);
static void sb_encrypt_key_dictionary_key(
EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *md_ctx,
static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx,
struct sb_key_dictionary_key *sb_dict_key,
uint8_t cbc_mac[sizeof(struct sb_key_dictionary_key)])
EVP_MD_CTX *md_ctx = &ictx->md_ctx;
* The key in the key dictionary contains CBC-MAC from the SB image
* header and SB sections header.
memcpy(sb_dict_key->cbc_mac, cbc_mac, sizeof(sb_dict_key->cbc_mac));
sb_aes_encrypt(cipher_ctx, image_key, sb_dict_key->key, 16);
sb_aes_encrypt(ictx, image_key, sb_dict_key->key, 16);
EVP_DigestUpdate(md_ctx, sb_dict_key, sizeof(*sb_dict_key));
......@@ -404,11 +409,11 @@ unsupp:
return -ENOTSUP;
static void sb_encrypt_tag(
EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *md_ctx,
static void sb_encrypt_tag(struct sb_image_ctx *ictx,
struct sb_source_entry *src,
uint8_t result[sizeof(struct sb_command)])
EVP_MD_CTX *md_ctx = &ictx->md_ctx;
struct sb_command *cmd;
int ret;
......@@ -420,7 +425,7 @@ static void sb_encrypt_tag(
cmd->header.checksum = sb_command_checksum(cmd);
sb_aes_encrypt(cipher_ctx, (uint8_t *)cmd, (uint8_t *)cmd, sizeof(*cmd));
sb_aes_encrypt(ictx, (uint8_t *)cmd, (uint8_t *)cmd, sizeof(*cmd));
EVP_DigestUpdate(md_ctx, cmd, sizeof(*cmd));
memcpy(result, cmd, sizeof(*cmd));
......@@ -434,9 +439,9 @@ static void sb_emit_data(uint8_t *image, size_t *offset, void *data, size_t len)
*offset += len;
static int sb_create_image(struct sb_image_ctx *ctx, uint8_t **image)
static int sb_create_image(struct sb_image_ctx *ictx, uint8_t **image)
struct sb_boot_image_header *sb_header = &ctx->payload;
struct sb_boot_image_header *sb_header = &ictx->payload;
unsigned int i;
/* The currect offset in the SB image. */
......@@ -446,8 +451,8 @@ static int sb_create_image(struct sb_image_ctx *ctx, uint8_t **image)
uint32_t tag_offset = sb_header->first_boot_tag_block;
/* Start image-wide crypto. */
EVP_DigestInit(&ctx->md_ctx, EVP_sha1());
EVP_DigestInit(&ictx->md_ctx, EVP_sha1());
/* Allocate the resulting SB image. */
*image = malloc(sb_header->image_blocks * SB_BLOCK_SIZE);
......@@ -457,8 +462,8 @@ static int sb_create_image(struct sb_image_ctx *ctx, uint8_t **image)
* SB image header.
sb_aes_init(&ctx->cipher_ctx, NULL);
sb_encrypt_sb_header(&ctx->cipher_ctx, &ctx->md_ctx, sb_header);
sb_aes_init(ictx, NULL);
sb_encrypt_sb_header(ictx, sb_header);
sb_emit_data(*image, &image_offset, sb_header, sizeof(*sb_header));
......@@ -469,7 +474,7 @@ static int sb_create_image(struct sb_image_ctx *ctx, uint8_t **image)
uint8_t sb_section_header_cbc_mac[sizeof(struct sb_key_dictionary_key)];
memset(&sb_sections_header, 0, sizeof(sb_sections_header));
sb_encrypt_sb_sections_header(&ctx->cipher_ctx, &ctx->md_ctx,
&sb_sections_header, sb_section_header_cbc_mac,
sb_emit_data(*image, &image_offset, &sb_sections_header,
......@@ -481,9 +486,9 @@ static int sb_create_image(struct sb_image_ctx *ctx, uint8_t **image)
struct sb_key_dictionary_key sb_dict_key;
memset(&sb_dict_key, 0, sizeof(sb_dict_key));
sb_aes_reinit(&ctx->cipher_ctx, sb_header->iv);
sb_aes_reinit(ictx, sb_header->iv);
sb_encrypt_key_dictionary_key(&ctx->cipher_ctx, &ctx->md_ctx,
&sb_dict_key, sb_section_header_cbc_mac);
sb_emit_data(*image, &image_offset, &sb_dict_key, sizeof(sb_dict_key));
......@@ -495,20 +500,19 @@ static int sb_create_image(struct sb_image_ctx *ctx, uint8_t **image)
struct sb_source_entry *src;
struct sb_source_entry *lst = sb_get_boot_list(target_cpu);
sb_aes_reinit(&ctx->cipher_ctx, sb_header->iv);
sb_aes_reinit(ictx, sb_header->iv);
for (i = 0; i < sb_get_boot_list_size(target_cpu); i++) {
src = &lst[i];
sb_encrypt_tag(&ctx->cipher_ctx, &ctx->md_ctx,
src, encrypted_tag);
sb_encrypt_tag(ictx, src, encrypted_tag);
sb_emit_data(*image, &image_offset, encrypted_tag,
sizeof(struct sb_command));
if(src->tag == ROM_TAG_CMD) {
sb_aes_reinit(&ctx->cipher_ctx, sb_header->iv);
sb_aes_reinit(ictx, sb_header->iv);
} else if(src->tag == ROM_LOAD_CMD) {
sb_aes_encrypt(&ctx->cipher_ctx, src->payload, src->payload, src->length);
EVP_DigestUpdate(&ctx->md_ctx, src->payload, src->length);
sb_aes_encrypt(ictx, src->payload, src->payload, src->length);
EVP_DigestUpdate(&ictx->md_ctx, src->payload, src->length);
sb_emit_data(*image, &image_offset, src->payload, src->length);
......@@ -518,15 +522,15 @@ static int sb_create_image(struct sb_image_ctx *ctx, uint8_t **image)
uint8_t digest[32];
sb_aes_reinit(&ctx->cipher_ctx, sb_header->iv);
sb_aes_reinit(ictx, sb_header->iv);
memset(digest, 0, sizeof(digest));
EVP_DigestFinal(&ctx->md_ctx, digest, NULL);
sb_aes_encrypt(&ctx->cipher_ctx, digest, digest, sizeof(digest));
EVP_DigestFinal(&ictx->md_ctx, digest, NULL);
sb_aes_encrypt(ictx, digest, digest, sizeof(digest));
sb_emit_data(*image, &image_offset, digest, sizeof(digest));
/* Stop the encryption session. */
return 0;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment