Commit bb696a0f authored by Marek Vasut's avatar Marek Vasut

mxssb: Alloc cryptographic functions to work both ways

Rework the crypto functions so they can both encrypt and decrypt
the payload. This will make use of them easy once we implement
image verification.
Signed-off-by: Marek Vasut's avatarMarek Vasut <marex@denx.de>
parent 0d08a216
......@@ -113,18 +113,23 @@ static uint8_t image_key[16] = {0};
/*
* AES libcrypto
*/
static int sb_aes_init(struct sb_image_ctx *ictx, uint8_t *iv)
static int sb_aes_init(struct sb_image_ctx *ictx, uint8_t *iv, int enc)
{
EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
int ret;
/* If there is no init vector, init vector is all zeroes. */
if (!iv)
iv = image_key;
EVP_CIPHER_CTX_init(ctx);
return EVP_EncryptInit(ctx, EVP_aes_128_cbc(), image_key, iv);
ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), image_key, iv, enc);
if (ret == 1)
EVP_CIPHER_CTX_set_padding(ctx, 0);
return ret;
}
static int sb_aes_encrypt(struct sb_image_ctx *ictx, uint8_t *in_data,
static int sb_aes_crypt(struct sb_image_ctx *ictx, uint8_t *in_data,
uint8_t *out_data, int in_len)
{
EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
......@@ -136,7 +141,7 @@ static int sb_aes_encrypt(struct sb_image_ctx *ictx, uint8_t *in_data,
return -ENOMEM;
memset(outbuf, 0, sizeof(in_len));
ret = EVP_EncryptUpdate(ctx, outbuf, &outlen, in_data, in_len);
ret = EVP_CipherUpdate(ctx, outbuf, &outlen, in_data, in_len);
if (!ret) {
ret = -EINVAL;
goto err;
......@@ -155,7 +160,7 @@ static int sb_aes_deinit(EVP_CIPHER_CTX *ctx)
return EVP_CIPHER_CTX_cleanup(ctx);
}
static int sb_aes_reinit(struct sb_image_ctx *ictx)
static int sb_aes_reinit(struct sb_image_ctx *ictx, int enc)
{
int ret;
EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
......@@ -165,7 +170,7 @@ static int sb_aes_reinit(struct sb_image_ctx *ictx)
ret = sb_aes_deinit(ctx);
if (!ret)
return ret;
return sb_aes_init(ictx, iv);
return sb_aes_init(ictx, iv, enc);
}
/*
......@@ -213,7 +218,7 @@ static void sb_encrypt_sb_header(struct sb_image_ctx *ictx)
uint8_t *sb_header_ptr = (uint8_t *)sb_header;
/* Encrypt the header, compute the digest. */
sb_aes_encrypt(ictx, sb_header_ptr, NULL, sizeof(*sb_header));
sb_aes_crypt(ictx, sb_header_ptr, NULL, sizeof(*sb_header));
EVP_DigestUpdate(md_ctx, sb_header_ptr, sizeof(*sb_header));
}
......@@ -230,7 +235,7 @@ static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx,
shdr = &sctx->payload;
sb_sections_header_ptr = (uint8_t *)shdr;
sb_aes_encrypt(ictx, sb_sections_header_ptr, cbc_mac, size);
sb_aes_crypt(ictx, sb_sections_header_ptr, cbc_mac, size);
EVP_DigestUpdate(md_ctx, sb_sections_header_ptr, size);
sctx = sctx->sect;
......@@ -249,7 +254,7 @@ static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx,
*/
memcpy(sb_dict_key->cbc_mac, cbc_mac, sizeof(sb_dict_key->cbc_mac));
sb_aes_encrypt(ictx, image_key, sb_dict_key->key, 16);
sb_aes_crypt(ictx, image_key, sb_dict_key->key, 16);
EVP_DigestUpdate(md_ctx, sb_dict_key, sizeof(*sb_dict_key));
}
......@@ -259,7 +264,7 @@ static void sb_encrypt_tag(struct sb_image_ctx *ictx,
EVP_MD_CTX *md_ctx = &ictx->md_ctx;
struct sb_command *cmd = &cctx->payload;
sb_aes_encrypt(ictx, (uint8_t *)cmd,
sb_aes_crypt(ictx, (uint8_t *)cmd,
(uint8_t *)&cctx->c_payload, sizeof(*cmd));
EVP_DigestUpdate(md_ctx, &cctx->c_payload, sizeof(*cmd));
}
......@@ -273,7 +278,7 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
/*
* SB image header.
*/
sb_aes_init(ictx, NULL);
sb_aes_init(ictx, NULL, 1);
sb_encrypt_sb_header(ictx);
/*
......@@ -286,7 +291,7 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
/*
* Key dictionary.
*/
sb_aes_reinit(ictx);
sb_aes_reinit(ictx, 1);
sb_encrypt_key_dictionary_key(ictx, sb_section_header_cbc_mac);
......@@ -300,7 +305,7 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
while (sctx) {
cctx = sctx->cmd_head;
sb_aes_reinit(ictx);
sb_aes_reinit(ictx, 1);
while (cctx) {
ccmd = &cctx->payload;
......@@ -308,9 +313,9 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
sb_encrypt_tag(ictx, cctx);
if (ccmd->header.tag == ROM_TAG_CMD) {
sb_aes_reinit(ictx);
sb_aes_reinit(ictx, 1);
} else if (ccmd->header.tag == ROM_LOAD_CMD) {
sb_aes_encrypt(ictx, cctx->data, cctx->data, cctx->length);
sb_aes_crypt(ictx, cctx->data, cctx->data, cctx->length);
EVP_DigestUpdate(&ictx->md_ctx, cctx->data, cctx->length);
}
......@@ -323,10 +328,10 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
/*
* Dump the SHA1 of the whole image.
*/
sb_aes_reinit(ictx);
sb_aes_reinit(ictx, 1);
EVP_DigestFinal(&ictx->md_ctx, ictx->digest, NULL);
sb_aes_encrypt(ictx, ictx->digest, ictx->digest, sizeof(ictx->digest));
sb_aes_crypt(ictx, ictx->digest, ictx->digest, sizeof(ictx->digest));
/* Stop the encryption session. */
sb_aes_deinit(&ictx->cipher_ctx);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment