Hi Paul,
On Wed, 20 Nov 2024 at 03:09, Paul HENRYS paul.henrys_ext@softathome.com wrote:
When the initialisation vector is randomly generated, its value shall be stored in the FIT together with the encrypted data. The changes allow to store the IV in the FIT also in the case where the key is not stored in the DTB but retrieved somewhere else at runtime.
Signed-off-by: Paul HENRYS paul.henrys_ext@softathome.com
lib/aes/aes-encrypt.c | 7 +++++++ tools/image-host.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-)
I see that struct cipher_algo does not have a function comment for add_cipher_data(), so it is not clear that keydest can be NULL, etc. Can you please add one?
Otherwise this seems good to me.
diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c index e74e35eaa2..90e1407b4f 100644 --- a/lib/aes/aes-encrypt.c +++ b/lib/aes/aes-encrypt.c @@ -84,6 +84,13 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest, char name[128]; int ret = 0;
if (!keydest && !info->ivname) {/* At least, store the IV in the FIT image */ret = fdt_setprop(fit, node_noffset, "iv",info->iv, info->cipher->iv_len);goto done;}/* Either create or overwrite the named cipher node */ parent = fdt_subnode_offset(keydest, 0, FIT_CIPHER_NODENAME); if (parent == -FDT_ERR_NOTFOUND) {diff --git a/tools/image-host.c b/tools/image-host.c index 5e01b853c5..16389bd488 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -535,7 +535,7 @@ fit_image_process_cipher(const char *keydir, void *keydest, void *fit, * size values * And, if needed, write the iv in the FIT file */
if (keydest) {
if (keydest || (!keydest && !info.ivname)) { ret = info.cipher->add_cipher_data(&info, keydest, fit, node_noffset); if (ret) { fprintf(stderr,-- 2.43.0
[..]
Regards, SImon