commit c06f7bb36782e0220b30c3d0640219d1368735d3
author David Brown <david.brown@linaro.org> Tue Jul 09 07:28:07 2024 -0600
committer David Brown <davidb@davidb.org> Tue Jul 09 09:19:43 2024 -0600
tree d89cf5c41a2dececd252cae02931cae449ab0669
parent 1d79ef35ee560e24da981d13c9414de9947b07a2

Revert "boot: Add MCUBOOT_HW_KEY support for image encryption"

This reverts commit 0fa46270c0b52b371a094042731c69e100478cbb.

This breaks:

    samples/synchronization/sample.kernel.synchronization on
    b_u585i_iot02a/stm32u585xx/ns error

as this TF-M configuration uses its own keys.  This change is an API
change that needs to be coordinated with TF-M changes.

Before this revert, compiling this test results in:

    .../encrypted.c:447: undefined reference to
    `boot_enc_retrieve_private_key`

Signed-off-by: David Brown <david.brown@linaro.org>

boot/bootutil/src/encrypted.c

diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c
index fee30dd..212774e 100644
--- a/boot/bootutil/src/encrypted.c
+++ b/boot/bootutil/src/encrypted.c
@@ -67,13 +67,13 @@
 
 #if defined(MCUBOOT_ENCRYPT_KW)
 static int
-key_unwrap(const uint8_t *wrapped, uint8_t *enckey, struct bootutil_key *bootutil_enc_key)
+key_unwrap(const uint8_t *wrapped, uint8_t *enckey)
 {
     bootutil_aes_kw_context aes_kw;
     int rc;
 
     bootutil_aes_kw_init(&aes_kw);
-    rc = bootutil_aes_kw_set_unwrap_key(&aes_kw, bootutil_enc_key->key, *bootutil_enc_key->len);
+    rc = bootutil_aes_kw_set_unwrap_key(&aes_kw, bootutil_enc_key.key, *bootutil_enc_key.len);
     if (rc != 0) {
         goto done;
     }
@@ -441,23 +441,13 @@
     uint8_t counter[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
     uint16_t len;
 #endif
-    struct bootutil_key *bootutil_enc_key = NULL;
     int rc = -1;
 
-    rc = boot_enc_retrieve_private_key(&bootutil_enc_key);
-    if (rc) {
-        return rc;
-    }
-
-    if (bootutil_enc_key == NULL) {
-        return rc;
-    }
-
 #if defined(MCUBOOT_ENCRYPT_RSA)
 
     bootutil_rsa_init(&rsa);
-    cp = (uint8_t *)bootutil_enc_key->key;
-    cpend = cp + *bootutil_enc_key->len;
+    cp = (uint8_t *)bootutil_enc_key.key;
+    cpend = cp + *bootutil_enc_key.len;
 
     /* The enckey is encrypted through RSA so for decryption we need the private key */
     rc = bootutil_rsa_parse_private_key(&rsa, &cp, cpend);
@@ -476,15 +466,15 @@
 
 #if defined(MCUBOOT_ENCRYPT_KW)
 
-    assert(*bootutil_enc_key->len == BOOT_ENC_KEY_SIZE);
-    rc = key_unwrap(buf, enckey, bootutil_enc_key);
+    assert(*bootutil_enc_key.len == BOOT_ENC_KEY_SIZE);
+    rc = key_unwrap(buf, enckey);
 
 #endif /* defined(MCUBOOT_ENCRYPT_KW) */
 
 #if defined(MCUBOOT_ENCRYPT_EC256)
 
-    cp = (uint8_t *)bootutil_enc_key->key;
-    cpend = cp + *bootutil_enc_key->len;
+    cp = (uint8_t *)bootutil_enc_key.key;
+    cpend = cp + *bootutil_enc_key.len;
 
     /*
      * Load the stored EC256 decryption private key
@@ -510,8 +500,8 @@
 
 #if defined(MCUBOOT_ENCRYPT_X25519)
 
-    cp = (uint8_t *)bootutil_enc_key->key;
-    cpend = cp + *bootutil_enc_key->len;
+    cp = (uint8_t *)bootutil_enc_key.key;
+    cpend = cp + *bootutil_enc_key.len;
 
     /*
      * Load the stored X25519 decryption private key