Commit b8baf3b0 authored by Marek Vasut's avatar Marek Vasut

mxssb: Add image key readback during verification

When verifying the image, read the key from the image instead of expecting
a zero key. The FSL tool, even if explicitly told to use zero key, uses a
random key.
Signed-off-by: Marek Vasut's avatarMarek Vasut <marex@denx.de>
parent 502a46ec
......@@ -264,6 +264,15 @@ static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx)
EVP_DigestUpdate(md_ctx, &ictx->sb_dict_key, sizeof(ictx->sb_dict_key));
}
static void sb_decrypt_key_dictionary_key(struct sb_image_ctx *ictx)
{
EVP_MD_CTX *md_ctx = &ictx->md_ctx;
EVP_DigestUpdate(md_ctx, &ictx->sb_dict_key, sizeof(ictx->sb_dict_key));
sb_aes_crypt(ictx, ictx->sb_dict_key.key, image_key,
sizeof(ictx->sb_dict_key.key));
}
static void sb_encrypt_tag(struct sb_image_ctx *ictx,
struct sb_cmd_ctx *cctx)
{
......@@ -1629,23 +1638,15 @@ static int sb_verify_sections_cmds(struct sb_image_ctx *ictx, FILE *fp)
}
}
struct sb_key_dictionary_key key;
size = fread(&key, 1, sizeof(key), fp);
if (size != sizeof(key)) {
size = fread(&ictx->sb_dict_key, 1, sizeof(ictx->sb_dict_key), fp);
if (size != sizeof(ictx->sb_dict_key)) {
fprintf(stderr, "ERR: SB key dictionary too short!\n");
return -EINVAL;
}
sb_encrypt_sb_sections_header(ictx);
sb_aes_reinit(ictx, 1);
sb_encrypt_key_dictionary_key(ictx);
if (memcmp(&key, &ictx->sb_dict_key, sizeof(key))) {
fprintf(stderr,
"ERR: Key dict entry for section header is invalid!\n");
return -EINVAL;
}
sb_aes_reinit(ictx, 0);
sb_decrypt_key_dictionary_key(ictx);
sb_aes_reinit(ictx, 0);
......@@ -1672,7 +1673,7 @@ static int sb_verify_sections_cmds(struct sb_image_ctx *ictx, FILE *fp)
ret = sb_verify_commands(ictx, sctx, fp);
if (ret)
goto exit;
return ret;
sctx = sctx->sect;
}
......@@ -1681,8 +1682,6 @@ static int sb_verify_sections_cmds(struct sb_image_ctx *ictx, FILE *fp)
* FIXME IDEA:
* check if the first TAG command is at sctx->section_offset
*/
exit:
sb_aes_reinit(ictx, 1);
return 0;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment