Re: [PATCH v2 1/3] aes: Allow to store randomly generated IV in the FIT

Tue, 06 Aug 2024 14:54:46 -0700 

Hi Paul,

On Mon, 5 Aug 2024 at 07:35, Paul HENRYS <[email protected]> wrote:
>
> When the initialisation vector is randomly generated, its value shall be
> stored in the FIT together with the encrypted data. The changes allow to
> store the IV in the FIT also in the case where the key is not stored in
> the DTB but retrieved somewhere else at runtime.

What is the IV? Can you please write it out in full?

>
> Signed-off-by: Paul HENRYS <[email protected]>
> ---
>  lib/aes/aes-encrypt.c | 7 +++++++
>  tools/image-host.c    | 2 +-
>  2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c
> index e74e35eaa28..90e1407b4f0 100644
> --- a/lib/aes/aes-encrypt.c
> +++ b/lib/aes/aes-encrypt.c
> @@ -84,6 +84,13 @@ int image_aes_add_cipher_data(struct image_cipher_info 
> *info, void *keydest,
>         char name[128];
>         int ret = 0;
>
> +       if (!keydest && !info->ivname) {
> +               /* At least, store the IV in the FIT image */
> +               ret = fdt_setprop(fit, node_noffset, "iv",
> +                                 info->iv, info->cipher->iv_len);
> +               goto done;
> +       }
> +
>         /* Either create or overwrite the named cipher node */
>         parent = fdt_subnode_offset(keydest, 0, FIT_CIPHER_NODENAME);
>         if (parent == -FDT_ERR_NOTFOUND) {
> diff --git a/tools/image-host.c b/tools/image-host.c
> index 49ce7436bb9..3424b8d9a1d 100644
> --- a/tools/image-host.c
> +++ b/tools/image-host.c
> @@ -535,7 +535,7 @@ fit_image_process_cipher(const char *keydir, void 
> *keydest, void *fit,
>          * size values
>          * And, if needed, write the iv in the FIT file
>          */
> -       if (keydest) {
> +       if (keydest || (!keydest && !info.ivname)) {
>                 ret = info.cipher->add_cipher_data(&info, keydest, fit, 
> node_noffset);
>                 if (ret) {
>                         fprintf(stderr,
> --
> 2.25.1
>
> -- This message and any attachments herein are confidential, intended solely 
> for the addressees and are SoftAtHome’s ownership. Any unauthorized use or 
> dissemination is prohibited. If you are not the intended addressee of this 
> message, please cancel it immediately and inform the sender.

Did you mean to include this?

Regards,
Simon

Reply via email to