mxssb: Alloc cryptographic functions to work both ways

Rework the crypto functions so they can both encrypt and decrypt the payload. This will make use of them easy once we implement image verification. Signed-off-by: Marek Vasut <marex@denx.de>

mxssb: Alloc cryptographic functions to work both ways
Rework the crypto functions so they can both encrypt and decrypt the payload. This will make use of them easy once we implement image verification. Signed-off-by: Marek Vasut <marex@denx.de>
bb696a0f · Marek Vasut · 0d08a216 · bb696a0f
Commit bb696a0f authored Jul 17, 2013 by Marek Vasut
--- a/mxssb.c
+++ b/mxssb.c
@@ -113,18 +113,23 @@ static uint8_t image_key[16] = {0};
 /*
 * AES libcrypto
 */
-static int sb_aes_init(struct sb_image_ctx *ictx, uint8_t *iv)
+static int sb_aes_init(struct sb_image_ctx *ictx, uint8_t *iv, int enc)
 {
 	EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
+	int ret;
+
 	/* If there is no init vector, init vector is all zeroes. */
 	if (!iv)
 		iv = image_key;

 	EVP_CIPHER_CTX_init(ctx);
-	return EVP_EncryptInit(ctx, EVP_aes_128_cbc(), image_key, iv);
+	ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), image_key, iv, enc);
+	if (ret == 1)
+		EVP_CIPHER_CTX_set_padding(ctx, 0);
+	return ret;
 }

-static int sb_aes_encrypt(struct sb_image_ctx *ictx, uint8_t *in_data,
+static int sb_aes_crypt(struct sb_image_ctx *ictx, uint8_t *in_data,
 			uint8_t *out_data, int in_len)
 {
 	EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
@@ -136,7 +141,7 @@ static int sb_aes_encrypt(struct sb_image_ctx *ictx, uint8_t *in_data,
 		return -ENOMEM;
 	memset(outbuf, 0, sizeof(in_len));

-	ret = EVP_EncryptUpdate(ctx, outbuf, &outlen, in_data, in_len);
+	ret = EVP_CipherUpdate(ctx, outbuf, &outlen, in_data, in_len);
 	if (!ret) {
 		ret = -EINVAL;
 		goto err;
@@ -155,7 +160,7 @@ static int sb_aes_deinit(EVP_CIPHER_CTX *ctx)
 	return EVP_CIPHER_CTX_cleanup(ctx);
 }

-static int sb_aes_reinit(struct sb_image_ctx *ictx)
+static int sb_aes_reinit(struct sb_image_ctx *ictx, int enc)
 {
 	int ret;
 	EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
@@ -165,7 +170,7 @@ static int sb_aes_reinit(struct sb_image_ctx *ictx)
 	ret = sb_aes_deinit(ctx);
 	if (!ret)
 		return ret;
-	return sb_aes_init(ictx, iv);
+	return sb_aes_init(ictx, iv, enc);
 }

 /*
@@ -213,7 +218,7 @@ static void sb_encrypt_sb_header(struct sb_image_ctx *ictx)
 	uint8_t *sb_header_ptr = (uint8_t *)sb_header;

 	/* Encrypt the header, compute the digest. */
-	sb_aes_encrypt(ictx, sb_header_ptr, NULL, sizeof(*sb_header));
+	sb_aes_crypt(ictx, sb_header_ptr, NULL, sizeof(*sb_header));
 	EVP_DigestUpdate(md_ctx, sb_header_ptr, sizeof(*sb_header));
 }

@@ -230,7 +235,7 @@ static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx,
 		shdr = &sctx->payload;
 		sb_sections_header_ptr = (uint8_t *)shdr;

-		sb_aes_encrypt(ictx, sb_sections_header_ptr, cbc_mac, size);
+		sb_aes_crypt(ictx, sb_sections_header_ptr, cbc_mac, size);
 		EVP_DigestUpdate(md_ctx, sb_sections_header_ptr, size);

 		sctx = sctx->sect;
@@ -249,7 +254,7 @@ static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx,
 	 */
 	memcpy(sb_dict_key->cbc_mac, cbc_mac, sizeof(sb_dict_key->cbc_mac));

-	sb_aes_encrypt(ictx, image_key, sb_dict_key->key, 16);
+	sb_aes_crypt(ictx, image_key, sb_dict_key->key, 16);
 	EVP_DigestUpdate(md_ctx, sb_dict_key, sizeof(*sb_dict_key));
 }

@@ -259,7 +264,7 @@ static void sb_encrypt_tag(struct sb_image_ctx *ictx,
 	EVP_MD_CTX *md_ctx = &ictx->md_ctx;
 	struct sb_command *cmd = &cctx->payload;

-	sb_aes_encrypt(ictx, (uint8_t *)cmd,
+	sb_aes_crypt(ictx, (uint8_t *)cmd,
 		(uint8_t *)&cctx->c_payload, sizeof(*cmd));
 	EVP_DigestUpdate(md_ctx, &cctx->c_payload, sizeof(*cmd));
 }
@@ -273,7 +278,7 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
 	/*
 	 * SB image header.
 	 */
-	sb_aes_init(ictx, NULL);
+	sb_aes_init(ictx, NULL, 1);
 	sb_encrypt_sb_header(ictx);

 	/*
@@ -286,7 +291,7 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
 	/*
 	 * Key dictionary.
 	 */
-	sb_aes_reinit(ictx);
+	sb_aes_reinit(ictx, 1);

 	sb_encrypt_key_dictionary_key(ictx, sb_section_header_cbc_mac);

@@ -300,7 +305,7 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
 	while (sctx) {
 		cctx = sctx->cmd_head;

-		sb_aes_reinit(ictx);
+		sb_aes_reinit(ictx, 1);

 		while (cctx) {
 			ccmd = &cctx->payload;
@@ -308,9 +313,9 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
 			sb_encrypt_tag(ictx, cctx);

 			if (ccmd->header.tag == ROM_TAG_CMD) {
-				sb_aes_reinit(ictx);
+				sb_aes_reinit(ictx, 1);
 			} else if (ccmd->header.tag == ROM_LOAD_CMD) {
-				sb_aes_encrypt(ictx, cctx->data, cctx->data, cctx->length);
+				sb_aes_crypt(ictx, cctx->data, cctx->data, cctx->length);
 				EVP_DigestUpdate(&ictx->md_ctx, cctx->data, cctx->length);
 			}

@@ -323,10 +328,10 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
 	/*
 	 * Dump the SHA1 of the whole image.
 	 */
-	sb_aes_reinit(ictx);
+	sb_aes_reinit(ictx, 1);

 	EVP_DigestFinal(&ictx->md_ctx, ictx->digest, NULL);
-	sb_aes_encrypt(ictx, ictx->digest, ictx->digest, sizeof(ictx->digest));
+	sb_aes_crypt(ictx, ictx->digest, ictx->digest, sizeof(ictx->digest));

 	/* Stop the encryption session. */
 	sb_aes_deinit(&ictx->cipher_ctx);