From 6154d5a1623211ee839e85d5dd8c7314eb38700d Mon Sep 17 00:00:00 2001 From: David Vincze Date: Thu, 25 Jul 2024 17:14:28 +0200 Subject: [PATCH] bootutil: Move encryption key function to common file Move the definition of boot_enc_retrieve_private_key() to a common file to avoid code duplication and also endure seamless transition to this new key handling approach for targets which don't use hardware keys. Change-Id: I57e54e4332503c11d18762f8291c3cab53df3d20 Signed-off-by: David Vincze --- boot/bootutil/src/encrypted.c | 19 +++++++++++++++++-- boot/cypress/MCUBootApp/keys.c | 9 --------- boot/mbed/app_enc_keys.c | 9 --------- boot/zephyr/keys.c | 9 --------- ci/mynewt_keys/enc_kw/src/keys.c | 9 --------- ci/mynewt_keys/enc_rsa/src/keys.c | 9 --------- sim/mcuboot-sys/csupport/keys.c | 9 --------- 7 files changed, 17 insertions(+), 56 deletions(-) diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c index ea73b172f..08df0fe08 100644 --- a/boot/bootutil/src/encrypted.c +++ b/boot/bootutil/src/encrypted.c @@ -2,7 +2,7 @@ * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2018-2019 JUUL Labs - * Copyright (c) 2019-2023 Arm Limited + * Copyright (c) 2019-2024 Arm Limited */ #include "mcuboot_config/mcuboot_config.h" @@ -334,7 +334,22 @@ hkdf(uint8_t *ikm, uint16_t ikm_len, uint8_t *info, uint16_t info_len, bootutil_hmac_sha256_drop(&hmac); return -1; } -#endif +#endif /* MCUBOOT_ENCRYPT_EC256 || MCUBOOT_ENCRYPT_X25519 */ + +#if !defined(MCUBOOT_HW_KEY) +extern const struct bootutil_key bootutil_enc_key; + +/* + * Default implementation to retrieve the private encryption key which is + * embedded in the bootloader code (when MCUBOOT_HW_KEY is not defined). + */ +int boot_enc_retrieve_private_key(struct bootutil_key **private_key) +{ + *private_key = (struct bootutil_key *)&bootutil_enc_key; + + return 0; +} +#endif /* !MCUBOOT_HW_KEY */ int boot_enc_init(struct enc_key_data *enc_state, uint8_t slot) diff --git a/boot/cypress/MCUBootApp/keys.c b/boot/cypress/MCUBootApp/keys.c index 6f06a7d99..20c0332f6 100644 --- a/boot/cypress/MCUBootApp/keys.c +++ b/boot/cypress/MCUBootApp/keys.c @@ -167,12 +167,3 @@ const struct bootutil_key bootutil_enc_key = { .key = enc_priv_key, .len = &enc_priv_key_len, }; - -#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES) -int boot_enc_retrieve_private_key(struct bootutil_key **private_key) -{ - *private_key = (struct bootutil_key *)&bootutil_enc_key; - - return 0; -} -#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */ diff --git a/boot/mbed/app_enc_keys.c b/boot/mbed/app_enc_keys.c index be4f9cb55..9bed4d80f 100644 --- a/boot/mbed/app_enc_keys.c +++ b/boot/mbed/app_enc_keys.c @@ -69,12 +69,3 @@ const struct bootutil_key bootutil_enc_key = { #endif #endif - -#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES) -int boot_enc_retrieve_private_key(struct bootutil_key **private_key) -{ - *private_key = (struct bootutil_key *)&bootutil_enc_key; - - return 0; -} -#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */ diff --git a/boot/zephyr/keys.c b/boot/zephyr/keys.c index f1d7e3475..ab403ddc3 100644 --- a/boot/zephyr/keys.c +++ b/boot/zephyr/keys.c @@ -86,12 +86,3 @@ const struct bootutil_key bootutil_enc_key = { #elif defined(MCUBOOT_ENCRYPT_KW) #error "Encrypted images with AES-KW is not implemented yet." #endif - -#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES) -int boot_enc_retrieve_private_key(struct bootutil_key **private_key) -{ - *private_key = (struct bootutil_key *)&bootutil_enc_key; - - return 0; -} -#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */ diff --git a/ci/mynewt_keys/enc_kw/src/keys.c b/ci/mynewt_keys/enc_kw/src/keys.c index c53459ef7..ae4c5c7bb 100644 --- a/ci/mynewt_keys/enc_kw/src/keys.c +++ b/ci/mynewt_keys/enc_kw/src/keys.c @@ -28,12 +28,3 @@ const struct bootutil_key bootutil_enc_key = { .key = enc_key, .len = &enc_key_len, }; - -#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES) -int boot_enc_retrieve_private_key(struct bootutil_key **private_key) -{ - *private_key = (struct bootutil_key *)&bootutil_enc_key; - - return 0; -} -#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */ diff --git a/ci/mynewt_keys/enc_rsa/src/keys.c b/ci/mynewt_keys/enc_rsa/src/keys.c index 1d07f5cc1..201d6ad12 100644 --- a/ci/mynewt_keys/enc_rsa/src/keys.c +++ b/ci/mynewt_keys/enc_rsa/src/keys.c @@ -126,12 +126,3 @@ const struct bootutil_key bootutil_enc_key = { .key = enc_key, .len = &enc_key_len, }; - -#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES) -int boot_enc_retrieve_private_key(struct bootutil_key **private_key) -{ - *private_key = (struct bootutil_key *)&bootutil_enc_key; - - return 0; -} -#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */ diff --git a/sim/mcuboot-sys/csupport/keys.c b/sim/mcuboot-sys/csupport/keys.c index 316d10385..82a746ba0 100644 --- a/sim/mcuboot-sys/csupport/keys.c +++ b/sim/mcuboot-sys/csupport/keys.c @@ -328,12 +328,3 @@ const struct bootutil_key bootutil_enc_key = { .len = &enc_key_len, }; #endif - -#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES) -int boot_enc_retrieve_private_key(struct bootutil_key **private_key) -{ - *private_key = (struct bootutil_key *)&bootutil_enc_key; - - return 0; -} -#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */