Etusivu Tutki Apua
Kirjaudu sisään
vdd
/
meta-swupdate
peilaus alkaen https://github.com/sbabic/meta-swupdate
1
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Selaa lähdekoodia

remove all references to a salt value for encryption

In release 2019.11, support for the salt encryption parameter was removed (see commit 9ce94342d3c212b06a283f95dc9c1c8c52155ce7).
Consequently, remove all references to a salt value for key creation and encryption.
The keyfile for encryption can still contain a salt value, it will simply be ignored.
Also remove obsolete cmd variable.

Signed-off-by: Christoph Lauer <christoph.lauer@xtronic.de>
Signed-off-by: Christoph Lauer <dev@online.ms>
Christoph Lauer 5 vuotta sitten
vanhempi
605a6925e5
commit
adf600d644
3 muutettua tiedostoa jossa 13 lisäystä ja 22 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 5 12
      classes/swupdate-common.bbclass
  2. 3 5
      classes/swupdate-enc.bbclass
  3. 5 5
      classes/swupdate.bbclass

+ 5 - 12
classes/swupdate-common.bbclass
Näytä tiedosto 

@@ -32,20 +32,13 @@ def swupdate_extract_keys(keyfile_path):
 
 
     key = data['key'].rstrip('\n')
 
     iv = data['iv'].rstrip('\n')
 
-    salt = data['salt'].rstrip('\n')
 
 
-    return key,iv,salt
 
+    return key,iv
 
 
-def swupdate_encrypt_file(f, out, key, ivt, salt):
 
+def swupdate_encrypt_file(f, out, key, ivt):
 
     import subprocess
 
     encargs = ["openssl", "enc", "-aes-256-cbc", "-in", f, "-out", out]
 
-    encargs += ["-K", key, "-iv", ivt, "-S", salt]
 
-    cmd = "openssl enc -aes-256-cbc -in '%s' -out '%s' -K '%s' -iv '%s' -S '%s'" % (
 
-                f,
 
-                out,
 
-                key,
 
-                ivt,
 
-                salt)
 
+    encargs += ["-K", key, "-iv", ivt, "-nosalt"]
 
     subprocess.run(encargs, check=True)
 
 
 def swupdate_write_sha256(s, filename, hash):
 
@@ -109,8 +102,8 @@ def prepare_sw_description(d, s, list_for_cpio):
 
     if encrypt:
 
         bb.note("Encryption of sw-description")
 
         shutil.copyfile(os.path.join(s, 'sw-description'), os.path.join(s, 'sw-description.plain'))
 
-        key,iv,salt = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
 
-        swupdate_encrypt_file(os.path.join(s, 'sw-description.plain'), os.path.join(s, 'sw-description'), key, iv, salt)
 
+        key,iv = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
 
+        swupdate_encrypt_file(os.path.join(s, 'sw-description.plain'), os.path.join(s, 'sw-description'), key, iv)
 
 
     signing = d.getVar('SWUPDATE_SIGNING', True)
 
     if signing == "1":

+ 3 - 5
classes/swupdate-enc.bbclass
Näytä tiedosto 

@@ -1,9 +1,8 @@
 
 #
 
 # The key must be generated as described in doc
 
 # with
 
-# openssl enc -aes-256-cbc -k <PASSPHRASE> -P -md sha1
 
+# openssl enc -aes-256-cbc -k <PASSPHRASE> -P -md sha1 -nosalt
 
 # The file is in the format
 
-# salt=
 
 # key=
 
 # iv=
 
 # parameters: $1 = input file, $2 = output file
 
@@ -12,11 +11,10 @@ swu_encrypt_file() {
 
 	output=$2
 
 	key=`cat ${SWUPDATE_AES_FILE} | grep ^key | cut -d '=' -f 2`
 
 	iv=`cat ${SWUPDATE_AES_FILE} | grep ^iv | cut -d '=' -f 2`
 
-	salt=`cat ${SWUPDATE_AES_FILE} | grep ^salt | cut -d '=' -f 2`
 
-	if [ -z ${salt} ] || [ -z ${key} ] || [ -z ${iv} ];then
 
+	if [ -z ${key} ] || [ -z ${iv} ];then
 
 		bbfatal "SWUPDATE_AES_FILE=$SWUPDATE_AES_FILE does not contain valid keys"
 
 	fi
 
-	openssl enc -aes-256-cbc -in ${input} -out ${output} -K ${key} -iv ${iv} -S ${salt}
 
+	openssl enc -aes-256-cbc -in ${input} -out ${output} -K ${key} -iv ${iv} -nosalt
 
 }
 
 
 CONVERSIONTYPES += "enc"

+ 5 - 5
classes/swupdate.bbclass
Näytä tiedosto 

@@ -100,15 +100,15 @@ python do_swuimage () {
 
         filename = os.path.basename(local)
 
         aes_file = d.getVar('SWUPDATE_AES_FILE', True)
 
         if aes_file:
 
-            key,iv,salt = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
 
+            key,iv = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
 
         if (filename != 'sw-description') and (os.path.isfile(local)):
 
             encrypted = (d.getVarFlag("SWUPDATE_IMAGES_ENCRYPTED", filename, True) or "")
 
             dst = os.path.join(s, "%s" % filename )
 
             if encrypted == '1':
 
                 bb.note("Encryption requested for %s" %(filename))
 
-                if not key or not iv or not salt:
 
+                if not key or not iv:
 
                     bb.fatal("Encryption required, but no key found")
 
-                swupdate_encrypt_file(local, dst, key, iv, salt)
 
+                swupdate_encrypt_file(local, dst, key, iv)
 
             else:
 
                 shutil.copyfile(local, dst)
 
             list_for_cpio.append(filename)
 
@@ -120,9 +120,9 @@ python do_swuimage () {
 
         target_imagename = os.path.basename(imagename)  # allow images in subfolders of DEPLOY_DIR_IMAGE
 
         dst = os.path.join(s, target_imagename)
 
         if encrypt == '1':
 
-            key,iv,salt = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
 
+            key,iv = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
 
             bb.note("Encryption requested for %s" %(imagename))
 
-            swupdate_encrypt_file(src, dst, key, iv, salt)
 
+            swupdate_encrypt_file(src, dst, key, iv)
 
         else:
 
             shutil.copyfile(src, dst)
 
         list_for_cpio.append(target_imagename)