bootutil: Move encryption key function to common file
Move the definition of boot_enc_retrieve_private_key() to a common file
to avoid code duplication and also endure seamless transition to this new
key handling approach for targets which don't use hardware keys.
Change-Id: I57e54e4332503c11d18762f8291c3cab53df3d20
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c
index ea73b17..08df0fe 100644
--- a/boot/bootutil/src/encrypted.c
+++ b/boot/bootutil/src/encrypted.c
@@ -2,7 +2,7 @@
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2018-2019 JUUL Labs
- * Copyright (c) 2019-2023 Arm Limited
+ * Copyright (c) 2019-2024 Arm Limited
*/
#include "mcuboot_config/mcuboot_config.h"
@@ -334,7 +334,22 @@
bootutil_hmac_sha256_drop(&hmac);
return -1;
}
-#endif
+#endif /* MCUBOOT_ENCRYPT_EC256 || MCUBOOT_ENCRYPT_X25519 */
+
+#if !defined(MCUBOOT_HW_KEY)
+extern const struct bootutil_key bootutil_enc_key;
+
+/*
+ * Default implementation to retrieve the private encryption key which is
+ * embedded in the bootloader code (when MCUBOOT_HW_KEY is not defined).
+ */
+int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
+{
+ *private_key = (struct bootutil_key *)&bootutil_enc_key;
+
+ return 0;
+}
+#endif /* !MCUBOOT_HW_KEY */
int
boot_enc_init(struct enc_key_data *enc_state, uint8_t slot)
diff --git a/boot/cypress/MCUBootApp/keys.c b/boot/cypress/MCUBootApp/keys.c
index 6f06a7d..20c0332 100644
--- a/boot/cypress/MCUBootApp/keys.c
+++ b/boot/cypress/MCUBootApp/keys.c
@@ -167,12 +167,3 @@
.key = enc_priv_key,
.len = &enc_priv_key_len,
};
-
-#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
-int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
-{
- *private_key = (struct bootutil_key *)&bootutil_enc_key;
-
- return 0;
-}
-#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */
diff --git a/boot/mbed/app_enc_keys.c b/boot/mbed/app_enc_keys.c
index be4f9cb..9bed4d8 100644
--- a/boot/mbed/app_enc_keys.c
+++ b/boot/mbed/app_enc_keys.c
@@ -69,12 +69,3 @@
#endif
#endif
-
-#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
-int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
-{
- *private_key = (struct bootutil_key *)&bootutil_enc_key;
-
- return 0;
-}
-#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */
diff --git a/boot/zephyr/keys.c b/boot/zephyr/keys.c
index f1d7e34..ab403dd 100644
--- a/boot/zephyr/keys.c
+++ b/boot/zephyr/keys.c
@@ -86,12 +86,3 @@
#elif defined(MCUBOOT_ENCRYPT_KW)
#error "Encrypted images with AES-KW is not implemented yet."
#endif
-
-#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
-int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
-{
- *private_key = (struct bootutil_key *)&bootutil_enc_key;
-
- return 0;
-}
-#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */
diff --git a/ci/mynewt_keys/enc_kw/src/keys.c b/ci/mynewt_keys/enc_kw/src/keys.c
index c53459e..ae4c5c7 100644
--- a/ci/mynewt_keys/enc_kw/src/keys.c
+++ b/ci/mynewt_keys/enc_kw/src/keys.c
@@ -28,12 +28,3 @@
.key = enc_key,
.len = &enc_key_len,
};
-
-#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
-int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
-{
- *private_key = (struct bootutil_key *)&bootutil_enc_key;
-
- return 0;
-}
-#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */
diff --git a/ci/mynewt_keys/enc_rsa/src/keys.c b/ci/mynewt_keys/enc_rsa/src/keys.c
index 1d07f5c..201d6ad 100644
--- a/ci/mynewt_keys/enc_rsa/src/keys.c
+++ b/ci/mynewt_keys/enc_rsa/src/keys.c
@@ -126,12 +126,3 @@
.key = enc_key,
.len = &enc_key_len,
};
-
-#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
-int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
-{
- *private_key = (struct bootutil_key *)&bootutil_enc_key;
-
- return 0;
-}
-#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */
diff --git a/sim/mcuboot-sys/csupport/keys.c b/sim/mcuboot-sys/csupport/keys.c
index 316d103..82a746b 100644
--- a/sim/mcuboot-sys/csupport/keys.c
+++ b/sim/mcuboot-sys/csupport/keys.c
@@ -328,12 +328,3 @@
.len = &enc_key_len,
};
#endif
-
-#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
-int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
-{
- *private_key = (struct bootutil_key *)&bootutil_enc_key;
-
- return 0;
-}
-#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */