Add macro to check if image must be decrypted
An image must be decrypted when it is loaded on the secondary slot and
its header flag indicates it is encrypted. Instead of checking both
things every time the image is read, add a new macro, MUST_DECRYPT, that
does both checks.
Also `BOOT_CURR_ENC` was simplified to be used directly on
`bootutil_img_validate` calls, returning NULL for no encrypted images.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h
index cda0c47..88874ab 100644
--- a/boot/bootutil/include/bootutil/image.h
+++ b/boot/bootutil/include/bootutil/image.h
@@ -126,6 +126,8 @@
};
#define IS_ENCRYPTED(hdr) ((hdr)->ih_flags & IMAGE_F_ENCRYPTED)
+#define MUST_DECRYPT(fap, idx, hdr) \
+ ((fap)->fa_id == FLASH_AREA_IMAGE_SECONDARY(idx) && IS_ENCRYPTED(hdr))
#ifdef __ZEPHYR__
BUILD_ASSERT_MSG(sizeof(struct image_header) == IMAGE_HEADER_SIZE,
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index 780e26e..396fbf7 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -263,10 +263,13 @@
/* These are macros so they can be used as lvalues. */
#if (BOOT_IMAGE_NUMBER > 1)
#define BOOT_CURR_IMG(state) ((state)->curr_img_idx)
-#define BOOT_CURR_ENC(state) ((state)->enc[BOOT_CURR_IMG(state)])
#else
#define BOOT_CURR_IMG(state) 0
-#define BOOT_CURR_ENC(state) ((state)->enc[0])
+#endif
+#ifdef MCUBOOT_ENC_IMAGES
+#define BOOT_CURR_ENC(state) ((state)->enc[BOOT_CURR_IMG(state)])
+#else
+#define BOOT_CURR_ENC(state) NULL
#endif
#define BOOT_IMG(state, slot) ((state)->imgs[BOOT_CURR_IMG(state)][(slot)])
#define BOOT_IMG_AREA(state, slot) (BOOT_IMG(state, slot).area)
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index b883e44..143187b 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -71,6 +71,14 @@
(void)hdr_size;
#endif
+#ifdef MCUBOOT_ENC_IMAGES
+ /* Encrypted images only exist in the secondary slot */
+ if (MUST_DECRYPT(fap, image_index, hdr) &&
+ !boot_enc_valid(enc_state, image_index, fap)) {
+ return -1;
+ }
+#endif
+
bootutil_sha256_init(&sha256_ctx);
/* in some cases (split image) the hash is seeded with data from
@@ -79,14 +87,6 @@
bootutil_sha256_update(&sha256_ctx, seed, seed_len);
}
-#ifdef MCUBOOT_ENC_IMAGES
- /* Encrypted images only exist in the secondary slot */
- if (fap->fa_id == FLASH_AREA_IMAGE_SECONDARY(image_index) &&
- IS_ENCRYPTED(hdr) && !boot_enc_valid(enc_state, image_index, fap)) {
- return -1;
- }
-#endif
-
/* Hash is computed over image header and image itself. */
hdr_size = hdr->ih_hdr_size;
size = BOOT_TLV_OFF(hdr);
@@ -120,8 +120,7 @@
return rc;
}
#ifdef MCUBOOT_ENC_IMAGES
- if (fap->fa_id == FLASH_AREA_IMAGE_SECONDARY(image_index) &&
- IS_ENCRYPTED(hdr) && off >= hdr_size) {
+ if (MUST_DECRYPT(fap, image_index, hdr) && off >= hdr_size) {
blk_off = (off - hdr_size) & 0xf;
boot_encrypt(enc_state, image_index, fap, off - hdr_size, blk_sz,
blk_off, tmp_buf);
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index 0685cbb..43a6955 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -771,18 +771,13 @@
(void)state;
#endif
- image_index = BOOT_CURR_IMG(state);
-
-#ifndef MCUBOOT_ENC_IMAGES
(void)bs;
(void)rc;
- if (bootutil_img_validate(NULL, image_index, hdr, fap, tmpbuf,
- BOOT_TMPBUF_SZ, NULL, 0, NULL)) {
- return BOOT_EBADIMAGE;
- }
-#else
- if ((fap->fa_id == FLASH_AREA_IMAGE_SECONDARY(image_index))
- && IS_ENCRYPTED(hdr)) {
+
+ image_index = BOOT_CURR_IMG(state);
+
+#ifdef MCUBOOT_ENC_IMAGES
+ if (MUST_DECRYPT(fap, image_index, hdr)) {
rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs->enckey[1]);
if (rc < 0) {
return BOOT_EBADIMAGE;
@@ -791,11 +786,12 @@
return BOOT_EBADIMAGE;
}
}
+#endif
+
if (bootutil_img_validate(BOOT_CURR_ENC(state), image_index, hdr, fap, tmpbuf,
BOOT_TMPBUF_SZ, NULL, 0, NULL)) {
return BOOT_EBADIMAGE;
}
-#endif
return 0;
}