Allow encrypted images in multi-image setting
Add extra encryption storage; add macro to access correct encryption
data for image being handled.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index a2e8f75..780e26e 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -59,6 +59,9 @@
#define BOOT_TMPBUF_SZ 256
+/** Number of image slots in flash; currently limited to two. */
+#define BOOT_NUM_SLOTS 2
+
/*
* Maintain state of copy progress.
*/
@@ -69,7 +72,7 @@
uint8_t swap_type; /* The type of swap in effect */
uint32_t swap_size; /* Total size of swapped image */
#ifdef MCUBOOT_ENC_IMAGES
- uint8_t enckey[2][BOOT_ENC_KEY_SIZE];
+ uint8_t enckey[BOOT_NUM_SLOTS][BOOT_ENC_KEY_SIZE];
#endif
};
@@ -171,9 +174,6 @@
#error "Too few sectors, please increase BOOT_MAX_IMG_SECTORS to at least 32"
#endif
-/** Number of image slots in flash; currently limited to two. */
-#define BOOT_NUM_SLOTS 2
-
/** Maximum number of image sectors supported by the bootloader. */
#define BOOT_STATUS_STATE_COUNT 3
#define BOOT_STATUS_MAX_ENTRIES BOOT_MAX_IMG_SECTORS
@@ -217,11 +217,7 @@
uint8_t write_sz;
#if defined(MCUBOOT_ENC_IMAGES)
- /*
- * TODO: This could later be expanded to use a different set of keys
- * per image.
- */
- struct enc_key_data enc[BOOT_NUM_SLOTS];
+ struct enc_key_data enc[BOOT_IMAGE_NUMBER][BOOT_NUM_SLOTS];
#endif
#if (BOOT_IMAGE_NUMBER > 1)
@@ -267,8 +263,10 @@
/* These are macros so they can be used as lvalues. */
#if (BOOT_IMAGE_NUMBER > 1)
#define BOOT_CURR_IMG(state) ((state)->curr_img_idx)
+#define BOOT_CURR_ENC(state) ((state)->enc[BOOT_CURR_IMG(state)])
#else
#define BOOT_CURR_IMG(state) 0
+#define BOOT_CURR_ENC(state) ((state)->enc[0])
#endif
#define BOOT_IMG(state, slot) ((state)->imgs[BOOT_CURR_IMG(state)][(slot)])
#define BOOT_IMG_AREA(state, slot) (BOOT_IMG(state, slot).area)
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index 15cefb3..0685cbb 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -783,15 +783,15 @@
#else
if ((fap->fa_id == FLASH_AREA_IMAGE_SECONDARY(image_index))
&& IS_ENCRYPTED(hdr)) {
- rc = boot_enc_load(state->enc, image_index, hdr, fap, bs->enckey[1]);
+ rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs->enckey[1]);
if (rc < 0) {
return BOOT_EBADIMAGE;
}
- if (rc == 0 && boot_enc_set_key(state->enc, 1, bs->enckey[1])) {
+ if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), 1, bs->enckey[1])) {
return BOOT_EBADIMAGE;
}
}
- if (bootutil_img_validate(state->enc, image_index, hdr, fap, tmpbuf,
+ if (bootutil_img_validate(BOOT_CURR_ENC(state), image_index, hdr, fap, tmpbuf,
BOOT_TMPBUF_SZ, NULL, 0, NULL)) {
return BOOT_EBADIMAGE;
}
@@ -1094,7 +1094,7 @@
blk_sz = BOOT_TLV_OFF(hdr) - (off + bytes_copied);
}
}
- boot_encrypt(state->enc, image_index, fap_src,
+ boot_encrypt(BOOT_CURR_ENC(state), image_index, fap_src,
(off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
blk_off, &buf[idx]);
}
@@ -1479,14 +1479,14 @@
#ifdef MCUBOOT_ENC_IMAGES
if (IS_ENCRYPTED(boot_img_hdr(state, BOOT_SECONDARY_SLOT))) {
- rc = boot_enc_load(state->enc, image_index,
+ rc = boot_enc_load(BOOT_CURR_ENC(state), image_index,
boot_img_hdr(state, BOOT_SECONDARY_SLOT),
fap_secondary_slot, bs->enckey[1]);
if (rc < 0) {
return BOOT_EBADIMAGE;
}
- if (rc == 0 && boot_enc_set_key(state->enc, 1, bs->enckey[1])) {
+ if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), 1, bs->enckey[1])) {
return BOOT_EBADIMAGE;
}
}
@@ -1577,11 +1577,11 @@
#ifdef MCUBOOT_ENC_IMAGES
if (IS_ENCRYPTED(hdr)) {
fap = BOOT_IMG_AREA(state, BOOT_PRIMARY_SLOT);
- rc = boot_enc_load(state->enc, image_index, hdr, fap, bs->enckey[0]);
+ rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs->enckey[0]);
assert(rc >= 0);
if (rc == 0) {
- rc = boot_enc_set_key(state->enc, 0, bs->enckey[0]);
+ rc = boot_enc_set_key(BOOT_CURR_ENC(state), 0, bs->enckey[0]);
assert(rc == 0);
} else {
rc = 0;
@@ -1601,11 +1601,11 @@
hdr = boot_img_hdr(state, BOOT_SECONDARY_SLOT);
if (IS_ENCRYPTED(hdr)) {
fap = BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT);
- rc = boot_enc_load(state->enc, image_index, hdr, fap, bs->enckey[1]);
+ rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs->enckey[1]);
assert(rc >= 0);
if (rc == 0) {
- rc = boot_enc_set_key(state->enc, 1, bs->enckey[1]);
+ rc = boot_enc_set_key(BOOT_CURR_ENC(state), 1, bs->enckey[1]);
assert(rc == 0);
} else {
rc = 0;
@@ -1642,7 +1642,7 @@
}
if (i != BOOT_ENC_KEY_SIZE) {
- boot_enc_set_key(state->enc, slot, bs->enckey[slot]);
+ boot_enc_set_key(BOOT_CURR_ENC(state), slot, bs->enckey[slot]);
}
}
#endif
@@ -2284,7 +2284,7 @@
* another images). Therefore, mark them as invalid to force their reload
* by boot_enc_load().
*/
- boot_enc_zeroize(state->enc);
+ boot_enc_zeroize(BOOT_CURR_ENC(state));
#endif
image_index = BOOT_CURR_IMG(state);
@@ -2330,7 +2330,7 @@
* another images). Therefore, mark them as invalid to force their reload
* by boot_enc_load().
*/
- boot_enc_zeroize(state->enc);
+ boot_enc_zeroize(BOOT_CURR_ENC(state));
#endif /* MCUBOOT_ENC_IMAGES */
/* Indicate that swap is not aborted */