Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reapply "boot: Add MCUBOOT_HW_KEY support for image encryption" with modifications #2022

Merged
merged 2 commits into from
Jul 31, 2024

Conversation

davidvincze
Copy link
Collaborator

Reapply commit 0fa4627 with requested modification after reverting it in #1996.

Original PR: #1722

@davidvincze davidvincze requested a review from d3zd3z July 26, 2024 08:40
@davidvincze
Copy link
Collaborator Author

@DineshDK03 could you please review?

@davidvincze
Copy link
Collaborator Author

CI is failing due to the missing signoff in the original commit.

This reverts commit c06f7bb.

Signed-off-by: David Vincze <[email protected]>
Change-Id: Ic2ab2c4d3981dec3cd3c25a50b5a989000375372
Move the definition of boot_enc_retrieve_private_key() to a common file
to avoid code duplication and also endure seamless transition to this new
key handling approach for targets which don't use hardware keys.

Change-Id: I57e54e4332503c11d18762f8291c3cab53df3d20
Signed-off-by: David Vincze <[email protected]>
Copy link
Collaborator

@de-nordic de-nordic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am fine with the changes.
I think that we should have some rework here because the code for key decoding keeps repeating in one form or another.

@davidvincze
Copy link
Collaborator Author

I am fine with the changes. I think that we should have some rework here because the code for key decoding keeps repeating in one form or another.

Could you elaborate on this?
Do you mean the:

  • bootutil_rsa_oaep_decrypt,
  • key_unwrap,
  • parse_ec256_enckey
  • parse_x25519_enckey,
    functions?

@de-nordic
Copy link
Collaborator

I am fine with the changes. I think that we should have some rework here because the code for key decoding keeps repeating in one form or another.

Could you elaborate on this? Do you mean the:

* `bootutil_rsa_oaep_decrypt`,

* `key_unwrap`,

* `parse_ec256_enckey`

* `parse_x25519_enckey`,
  functions?

Yes. Since only one type of encryption is used at once, we could define some key processing API that will link same name functions, but processing different keys, depending on what algorithm is selected. This can be later extended to take MCUboot identifier for key, if we decide to support more than one alg at once.
In the end the key ends in enckey buffer anyway, in byte string form.

Which is actually a problem also: I am currently working on making the x25519 to work with PSA and have found out that the best way would be to load key to PSA storage and use key id there, this requires change in key type, as passed in boot_status.
We also lack boot_enc_ type function for key destruction.

@davidvincze
Copy link
Collaborator Author

davidvincze commented Jul 30, 2024

We also lack boot_enc_ type function for key destruction.

I believe it was not needed before as the key-encryption key is embedded as static data and the encryption key was simply decrypted from the TLV are into the boot_status struct. But it's different with PSA as you want to destroy the imported key after it's no longer needed. Correct?

Yes. Since only one type of encryption is used at once, we could define some key processing API that will link same name functions, but processing different keys, depending on what algorithm is selected.

I believe the boot_enc_load() > boot_decrypt_key() serve this purpose. boot_decrypt_key() acts as the key processing API with the difference that it's not implemented separately for the different algorithms but it's put together with the ifdef tsunami.

Would it be okay to merge this PR as this is a different topic?

I've opened #2027 as a follow-up issue.

@de-nordic
Copy link
Collaborator

We also lack boot_enc_ type function for key destruction.

I believe it was not needed before as the key-encryption key is embedded as static data and the encryption key was simply decrypted from the TLV are into the boot_status struct. But it's different with PSA as you want to destroy the imported key after it's no longer needed. Correct?

Yes and no.
Generally we do not maintain the key lifetime properly. Currently there is no clear point where key could be discarded so maintaining the proper key lifetime load->use->discard is hard to do.
In my case, once I decrypt the key with boot_decrypt_key I should import it into PSA storage and then only pass the key id, otherwise every time any encryption/decryption, with the key, starts I need to import it and destroy it afterwards to avoid fillin the key storage with unattended keys.

There is also lack of general crypto init, before any crypto start, nor general crypto deinit (if that would be required); that would also be a point where we should zero all key memory, before passing execution further.

I believe the boot_enc_load() > boot_decrypt_key() serve this purpose. boot_decrypt_key() acts as the key processing API with the difference that it's not implemented separately for the different algorithms but it's put together with the ifdef tsunami.

Yes, that is what I mean; with the separate key processing functions the boot_enc_load could be done nicer.

Another problem is that with how the boot_enc_key_load is defined there are places, like boot_image_validate_encrypted, where the boot_status variable is only defined to get the key, and there is probably a bug where the thing works only thanks to memset, but will fail with more than one image.

Would it be okay to merge this PR as this is a different topic?

Yes, yes, yes! That is why I ack the PR, let have it in and then follow with improvements.

I've opened #2027 as a follow-up issue.

Thanks.

@davidvincze davidvincze merged commit 2a7565b into mcu-tools:main Jul 31, 2024
58 checks passed
@davidvincze davidvincze deleted the re-enc-hwkey branch August 7, 2024 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crypto Encryption support
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants