Skip to content

Commit 4e606d7

Browse files
committed
boot: Replace boot_encrypt by boot_enc_encrypt and boot_enc_decrypt
To be able to implement encryption with API that requires different calls for encryption and encryption, the boot_encrypt needs to be replaced with encryption/decryption specific functions. Signed-off-by: Dominik Ermel <[email protected]>
1 parent f763c5f commit 4e606d7

File tree

5 files changed

+42
-14
lines changed

5 files changed

+42
-14
lines changed

boot/boot_serial/src/boot_serial_encryption.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -171,7 +171,7 @@ decrypt_region_inplace(struct boot_loader_state *state,
171171
blk_sz = tlv_off - (off + bytes_copied);
172172
}
173173
}
174-
boot_encrypt(BOOT_CURR_ENC(state), slot,
174+
boot_enc_decrypt(BOOT_CURR_ENC(state), slot,
175175
(off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
176176
blk_off, &buf[idx]);
177177
}

boot/bootutil/include/bootutil/enc_key.h

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,9 @@ int boot_enc_load(struct enc_key_data *enc_state, int slot,
7171
struct boot_status *bs);
7272
bool boot_enc_valid(struct enc_key_data *enc_state, int image_index,
7373
const struct flash_area *fap);
74-
void boot_encrypt(struct enc_key_data *enc_state, int slot,
74+
void boot_enc_encrypt(struct enc_key_data *enc_state, int slot,
75+
uint32_t off, uint32_t sz, uint32_t blk_off, uint8_t *buf);
76+
void boot_enc_decrypt(struct enc_key_data *enc_state, int slot,
7577
uint32_t off, uint32_t sz, uint32_t blk_off, uint8_t *buf);
7678
void boot_enc_zeroize(struct enc_key_data *enc_state);
7779

boot/bootutil/src/encrypted.c

Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -698,14 +698,13 @@ boot_enc_valid(struct enc_key_data *enc_state, int image_index,
698698
}
699699

700700
void
701-
boot_encrypt(struct enc_key_data *enc_state, int slot, uint32_t off,
701+
boot_enc_encrypt(struct enc_key_data *enc_state, int slot, uint32_t off,
702702
uint32_t sz, uint32_t blk_off, uint8_t *buf)
703703
{
704-
struct enc_key_data *enc;
704+
struct enc_key_data *enc = &enc_state[slot];
705705
uint8_t nonce[16];
706706

707-
/* boot_copy_region will call boot_encrypt with sz = 0 when skipping over
708-
the TLVs. */
707+
/* Nothing to do with size == 0 */
709708
if (sz == 0) {
710709
return;
711710
}
@@ -717,11 +716,33 @@ boot_encrypt(struct enc_key_data *enc_state, int slot, uint32_t off,
717716
nonce[14] = (uint8_t)(off >> 8);
718717
nonce[15] = (uint8_t)off;
719718

720-
enc = &enc_state[slot];
721719
assert(enc->valid == 1);
722720
bootutil_aes_ctr_encrypt(&enc->aes_ctr, nonce, buf, sz, blk_off, buf);
723721
}
724722

723+
void
724+
boot_enc_decrypt(struct enc_key_data *enc_state, int slot, uint32_t off,
725+
uint32_t sz, uint32_t blk_off, uint8_t *buf)
726+
{
727+
struct enc_key_data *enc = &enc_state[slot];
728+
uint8_t nonce[16];
729+
730+
/* Nothing to do with size == 0 */
731+
if (sz == 0) {
732+
return;
733+
}
734+
735+
memset(nonce, 0, 12);
736+
off >>= 4;
737+
nonce[12] = (uint8_t)(off >> 24);
738+
nonce[13] = (uint8_t)(off >> 16);
739+
nonce[14] = (uint8_t)(off >> 8);
740+
nonce[15] = (uint8_t)off;
741+
742+
assert(enc->valid == 1);
743+
bootutil_aes_ctr_decrypt(&enc->aes_ctr, nonce, buf, sz, blk_off, buf);
744+
}
745+
725746
/**
726747
* Clears encrypted state after use.
727748
*/

boot/bootutil/src/image_validate.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -153,8 +153,8 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index,
153153

154154
if (off >= hdr_size && off < tlv_off) {
155155
blk_off = (off - hdr_size) & 0xf;
156-
boot_encrypt(enc_state, slot, off - hdr_size,
157-
blk_sz, blk_off, tmp_buf);
156+
boot_enc_decrypt(enc_state, slot, off - hdr_size,
157+
blk_sz, blk_off, tmp_buf);
158158
}
159159
}
160160
#endif

boot/bootutil/src/loader.c

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1292,7 +1292,13 @@ boot_copy_region(struct boot_loader_state *state,
12921292
blk_sz = tlv_off - abs_off;
12931293
}
12941294
}
1295-
boot_encrypt(BOOT_CURR_ENC(state), source_slot,
1295+
}
1296+
if (source_slot == 0) {
1297+
boot_enc_encrypt(BOOT_CURR_ENC(state), source_slot,
1298+
(abs_off + idx) - hdr->ih_hdr_size, blk_sz,
1299+
blk_off, &buf[idx]);
1300+
} else {
1301+
boot_enc_decrypt(BOOT_CURR_ENC(state), source_slot,
12961302
(abs_off + idx) - hdr->ih_hdr_size, blk_sz,
12971303
blk_off, &buf[idx]);
12981304
}
@@ -2773,10 +2779,9 @@ boot_decrypt_and_copy_image_to_sram(struct boot_loader_state *state,
27732779
* Part of the chunk is encrypted payload */
27742780
blk_sz = tlv_off - (bytes_copied);
27752781
}
2776-
boot_encrypt(BOOT_CURR_ENC(state), slot,
2777-
(bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
2778-
blk_off, cur_dst);
2779-
2782+
boot_enc_decrypt(BOOT_CURR_ENC(state), slot,
2783+
(bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
2784+
blk_off, cur_dst);
27802785
bytes_copied += chunk_sz;
27812786
}
27822787
rc = 0;

0 commit comments

Comments
 (0)