commit ba829049eac9fd3be72b526d96c4bf4d75bb691d
author Fabio Utzig <utzig@apache.org> Tue Sep 18 08:29:34 2018 -0300
committer Fabio Utzig <utzig@utzig.org> Fri Oct 12 13:36:13 2018 -0300
tree c7306086614184bfed07cdd5b5b01a3ee80da92e
parent 9d306d20dc3f5840cc2a8c8cf281c53bbef020cc

Add bootutil support for encrypted images

This allows storing encrypted images in slot1, that are automatically
decrypted when copying to slot0 and re-encrypted when copying from slot0
to slot1.

The encryption works by applying AES-CTR-128 on the image blocks
(excluding the header and TLVs) using a random key. This random key
is itself encrypted using either RSA-OAEP-2048 or AES-KW-128 (AES keywrap
as defined by RFC3394), and appended to the image as newly defined TLVs.

AES-CTR-128 was chosen primarily for having stream cipher proporties,
which basically means that any block being encrypted/decrypted does not
depend on any other previous blocks results.

The TLV adds about 256 bytes to the image in RSA-OAEP-2048 mode, and 24
bytes in AES-KW-128 mode. Resulting sizes for a Mynewt generated mcuboot
(frdm-k64f):

- swap mode and no signing: 12KB
- adding encryption with RSA-OAEP-2048: 28KB
- adding encryption with AES-KW-128: 20KB

Some extra comments:

- AES-KW-128 requires a fairly new mbedtls with nist_kw support.
- An alternative methods which could be added later are ECIES.
- Key-wrapping seems easy enough to implement using just standard
  AES-ECB mode that it should be straight-forward to also add support to
  tinycrypt.

Signed-off-by: Fabio Utzig <utzig@apache.org>

boot/bootutil/src/bootutil_priv.h

diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index 8cb7533..163d5e9 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -27,6 +27,10 @@
 #include "bootutil/image.h"
 #include "mcuboot_config/mcuboot_config.h"
 
+#ifdef MCUBOOT_ENC_IMAGES
+#include "bootutil/enc_key.h"
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -57,6 +61,9 @@
     uint8_t state;        /* Which part of the swapping process are we at */
     uint8_t use_scratch;  /* Are status bytes ever written to scratch? */
     uint32_t swap_size;   /* Total size of swapped image */
+#ifdef MCUBOOT_ENC_IMAGES
+    uint8_t enckey[2][BOOT_ENC_KEY_SIZE];
+#endif
 };
 
 #define BOOT_MAGIC_GOOD     1
@@ -179,6 +186,11 @@
 int boot_write_image_ok(const struct flash_area *fap);
 int boot_write_swap_size(const struct flash_area *fap, uint32_t swap_size);
 int boot_read_swap_size(uint32_t *swap_size);
+#ifdef MCUBOOT_ENC_IMAGES
+int boot_write_enc_key(const struct flash_area *fap, uint8_t slot,
+                       const uint8_t *enckey);
+int boot_read_enc_key(uint8_t slot, uint8_t *enckey);
+#endif
 
 /*
  * Accessors for the contents of struct boot_loader_state.