commit 233af7d7b30b53c99427ab4db077c6081b12559f
author Fabio Utzig <utzig@apache.org> Mon Aug 26 12:06:16 2019 -0300
committer Fabio Utzig <utzig@utzig.org> Mon Sep 09 10:00:09 2019 -0300
tree aebcf196b300ed08da8b4ec05288b36dac7468e3
parent a87cc7d98c4512e86ac012538cbd499158819d85

Add utility function to find offset/len of TLVs

Add a new function, boot_find_tlv_offs, that loads the beginning and end
offset of the TLV region.

Signed-off-by: Fabio Utzig <utzig@apache.org>

boot/bootutil/src/encrypted.c

diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c
index 72e1481..b4c5727 100644
--- a/boot/bootutil/src/encrypted.c
+++ b/boot/bootutil/src/encrypted.c
@@ -224,7 +224,6 @@
 #endif
     uint32_t off;
     uint32_t end;
-    struct image_tlv_info info;
     struct image_tlv tlv;
     uint8_t buf[TLV_ENC_RSA_SZ];
     uint8_t slot;
@@ -242,20 +241,12 @@
         return 1;
     }
 
-    off = BOOT_TLV_OFF(hdr);
-
-    rc = flash_area_read(fap, off, &info, sizeof(info));
+    rc = boot_find_tlv_offs(hdr, fap, &off, &end);
     if (rc) {
-        return rc;
-    }
-    if (info.it_magic != IMAGE_TLV_INFO_MAGIC) {
         return -1;
     }
-    end = off + info.it_tlv_tot;
-    off += sizeof(info);
 
-    enckey_type = 0;
-    for (; off < end; off += sizeof(tlv) + tlv.it_len) {
+    for (enckey_type = 0; off < end; off += sizeof(tlv) + tlv.it_len) {
         rc = flash_area_read(fap, off, &tlv, sizeof tlv);
         if (rc) {
             return rc;
@@ -267,7 +258,7 @@
             }
             rc = flash_area_read(fap, off + sizeof(tlv), buf, EXPECTED_ENC_LEN);
             if (rc) {
-                return rc;
+                return -1;
             }
             enckey_type = EXPECTED_ENC_TLV;
             break;
@@ -276,30 +267,30 @@
 
     if (enckey_type == 0) {
         return -1;
+    } else if (enckey_type != EXPECTED_ENC_TLV) {
+        return 0;
     }
 
-    if (enckey_type == EXPECTED_ENC_TLV) {
 #if defined(MCUBOOT_ENCRYPT_RSA)
-        mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
+    mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
 
-        cp = (uint8_t *)bootutil_enc_key.key;
-        cpend = cp + *bootutil_enc_key.len;
+    cp = (uint8_t *)bootutil_enc_key.key;
+    cpend = cp + *bootutil_enc_key.len;
 
-        rc = parse_enckey(&rsa, &cp, cpend);
-        if (rc) {
-            mbedtls_rsa_free(&rsa);
-            return rc;
-        }
-
-        rc = mbedtls_rsa_rsaes_oaep_decrypt(&rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE,
-                NULL, 0, &olen, buf, enckey, BOOT_ENC_KEY_SIZE);
+    rc = parse_enckey(&rsa, &cp, cpend);
+    if (rc) {
         mbedtls_rsa_free(&rsa);
+        return rc;
+    }
+
+    rc = mbedtls_rsa_rsaes_oaep_decrypt(&rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE,
+            NULL, 0, &olen, buf, enckey, BOOT_ENC_KEY_SIZE);
+    mbedtls_rsa_free(&rsa);
 
 #elif defined(MCUBOOT_ENCRYPT_KW)
-        assert(*bootutil_enc_key.len == 16);
-        rc = key_unwrap(buf, enckey);
+    assert(*bootutil_enc_key.len == 16);
+    rc = key_unwrap(buf, enckey);
 #endif
-    }
 
     return rc;
 }