[nrf noup] bootutil: Provide support for embedded AES keys

Commit provides support for MCUBOOT_EMBEDDED_ENC_KEY config
option, that allows to compile code with embedded key.
When this option is enabled, compilation requires
definition of boot_take_enc_key function to be provided by user;
prototype for the function is provided.

The boot_take_enc_key function is supposed to provide encryption
AES key to be used for image encryption and decryption.

Signed-off-by: Dominik Ermel <[email protected]>

Author: de-nordic

boot/boot_serial/src/boot_serial_encryption.c

@@ -31,7 +31,11 @@ boot_image_validate_encrypted(struct boot_loader_state *state,
     int rc;
 
     if (MUST_DECRYPT(fa_p, BOOT_CURR_IMG(state), hdr)) {
+#ifdef MCUBOOT_EMBEDDED_ENC_KEY
+        rc = boot_en_take_key(bs->enckey[BOOT_SLOT_SECONDARY], BOOT_CUR_IMG(state), BOOT_SLOT_SECONDARY);
+#else
         rc = boot_enc_load(state, BOOT_SLOT_SECONDARY, hdr, fa_p, bs);
+#endif
         if (rc < 0) {
             FIH_RET(fih_rc);
         }
@@ -235,7 +239,11 @@ decrypt_image_inplace(const struct flash_area *fa_p,
 #endif
         memset(&boot_data, 0, sizeof(struct boot_loader_state));
         /* Load the encryption keys into cache */
+#ifdef MCUBOOT_EMBEDDED_ENC_KEY
+        rc = boot_take_enc_key(bs->enckey[BOOT_SLOT_PRIMARY], BOOT_CURR_IMG(state), BOOT_SLOT_PRIMARY);
+#else
         rc = boot_enc_load(state, BOOT_SLOT_PRIMARY, hdr, fa_p, bs);
+#endif
         if (rc < 0) {
             FIH_RET(fih_rc);
         }

boot/bootutil/include/bootutil/enc_key.h

@@ -75,6 +75,9 @@ void boot_enc_decrypt(struct enc_key_data *enc_state,
 /* Note that boot_enc_zeorize takes BOOT_CURR_ENC, not BOOT_CURR_ENC_SLOT */
 void boot_enc_zeroize(struct enc_key_data *enc_state);
 
+/* Retrieve key for a slot */
+int boot_take_enc_key(uint8_t *key, int image, int slot);
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/include/bootutil/enc_key_public.h

@@ -70,6 +70,7 @@ extern "C" {
 #   define BOOT_ENC_KEY_SIZE   16
 #endif
 
+#if !defined(CONFIG_BOOT_ENCRYPT_IMAGE_WITH_EMBEDDED_KEY)
 #ifdef MCUBOOT_HMAC_SHA512
 #   define BOOT_HMAC_SIZE      64
 #else
@@ -100,6 +101,7 @@ extern "C" {
 #   define BOOT_ENC_TLV_SIZE   (BOOT_ENC_KEY_SIZE + 8)
 #   define BOOT_ENC_TLV        IMAGE_TLV_ENC_KW
 #endif
+#endif
 
 /* Common ECIES definitions */
 #if defined(EC_PUBK_LEN)

boot/bootutil/src/bootutil_loader.c

@@ -197,7 +197,11 @@ boot_check_image(struct boot_loader_state *state, struct boot_status *bs, int sl
      */
 #if defined(MCUBOOT_ENC_IMAGES) && !defined(MCUBOOT_RAM_LOAD)
     if (MUST_DECRYPT(fap, BOOT_CURR_IMG(state), hdr)) {
+#ifdef MCUBOOT_EMBEDDED_ENC_KEY
+        rc = boot_take_enc_key(bs->enckey[BOOT_SLOT_SECONDARY], BOOT_CURR_IMG(state), BOOT_SLOT_SECONDARY);
+#else
         rc = boot_enc_load(state, BOOT_SLOT_SECONDARY, hdr, fap, bs);
+#endif
         if (rc < 0) {
             FIH_RET(fih_rc);
         }

boot/bootutil/src/bootutil_misc.c

@@ -240,7 +240,7 @@ boot_read_unprotected_tlv_sizes(const struct flash_area *fap, uint16_t *tlv_size
 }
 #endif
 
-#ifdef MCUBOOT_ENC_IMAGES
+#if defined(MCUBOOT_ENC_IMAGES) && !defined(MCUBOOT_EMBEDDED_ENC_KEY)
 int
 boot_read_enc_key(const struct flash_area *fap, uint8_t slot, struct boot_status *bs)
 {

boot/bootutil/src/encrypted.c

@@ -370,6 +370,7 @@ static int fake_rng(void *p_rng, unsigned char *output, size_t len)
 #endif /* (MCUBOOT_ENCRYPT_RSA && MCUBOOT_USE_MBED_TLS && !MCUBOOT_USE_PSA_CRYPTO) ||
           (MCUBOOT_ENCRYPT_EC256 && MCUBOOT_USE_MBED_TLS) */
 
+#if !defined(MCUBOOT_EMBEDDED_ENC_KEY)
 /*
  * Decrypt an encryption key TLV.
  *
@@ -564,7 +565,9 @@ boot_decrypt_key(const uint8_t *buf, uint8_t *enckey)
     return rc;
 }
 #endif /* CONFIG_BOOT_ED25519_PSA  && CONFIG_BOOT_ECDSA_PSA */
+#endif /* defined(MCUBOOT_EMBEDDED_ENC_KEY) */
 
+#if !defined(MCUBOOT_EMBEDDED_ENC_KEY)
 /*
  * Load encryption key.
  */
@@ -625,6 +628,7 @@ boot_enc_load(struct boot_loader_state *state, int slot,
 
     return boot_decrypt_key(buf, bs->enckey[slot]);
 }
+#endif /* defined(MCUBOOT_EMBEDDED_ENC_KEY */
 
 int
 boot_enc_init(struct enc_key_data *enc_state)

boot/bootutil/src/encrypted_psa.c

@@ -231,7 +231,7 @@ int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context *ctx, const uint8_t *k)
     return 0;
 }
 
-#if defined(MCUBOOT_ENC_IMAGES)
+#if defined(MCUBOOT_ENC_IMAGES) && !defined(CONFIG_BOOT_ENCRYPT_IMAGE_WITH_EMBEDDED_KEY)
 extern const struct bootutil_key bootutil_enc_key;
 /*
  * Decrypt an encryption key TLV.
@@ -421,6 +421,7 @@ boot_decrypt_key(const uint8_t *buf, uint8_t *enckey)
 
     return 0;
 }
+#endif /* defined(MCUBOOT_ENC_IMAGES) && !defined(CONFIG_BOOT_ENCRYPT_IMAGE_WITH_EMBEDDED_KEY) */
 
 int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter,
         const uint8_t *m, uint32_t mlen, size_t blk_off, uint8_t *c)
@@ -535,4 +536,3 @@ int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter,
 gone:
     return ret;
 }
-#endif /* defined(MCUBOOT_ENC_IMAGES) */

boot/bootutil/src/loader.c

@@ -1421,9 +1421,13 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs)
 
 #ifdef MCUBOOT_ENC_IMAGES
     if (IS_ENCRYPTED(boot_img_hdr(state, BOOT_SLOT_SECONDARY))) {
+#ifdef MCUBOOT_EMBEDDED_ENC_KEY
+        rc = boot_take_enc_key(bs->enckey[BOOT_SLOT_SECONDARY], BOOT_CURR_IMG(state), BOOT_SLOT_SECONDARY);
+#else
         rc = boot_enc_load(state, BOOT_SLOT_SECONDARY,
                 boot_img_hdr(state, BOOT_SLOT_SECONDARY),
                 fap_secondary_slot, bs);
+#endif /* MCUBOOT_EMBEDDED_ENC_KEY */
 
         if (rc < 0) {
             return BOOT_EBADIMAGE;
@@ -1545,7 +1549,11 @@ boot_swap_image(struct boot_loader_state *state, struct boot_status *bs)
 #ifdef MCUBOOT_ENC_IMAGES
         if (IS_ENCRYPTED(hdr)) {
             fap = BOOT_IMG_AREA(state, BOOT_SLOT_PRIMARY);
+#ifdef MCUBOOT_EMBEDDED_ENC_KEY
+            rc = boot_take_enc_key(bs->enckey[BOOT_SLOT_PRIMARY], BOOT_CURR_IMG(state), BOOT_SLOT_PRIMARY);
+#else
             rc = boot_enc_load(state, BOOT_SLOT_PRIMARY, hdr, fap, bs);
+#endif /* MCUBOOT_EMBEDDED_ENC_KEY */
             assert(rc >= 0);
 
             if (rc == 0) {
@@ -1569,7 +1577,11 @@ boot_swap_image(struct boot_loader_state *state, struct boot_status *bs)
         hdr = boot_img_hdr(state, BOOT_SLOT_SECONDARY);
         if (IS_ENCRYPTED(hdr)) {
             fap = BOOT_IMG_AREA(state, BOOT_SLOT_SECONDARY);
+#ifdef MCUBOOT_EMBEDDED_ENC_KEY
+            rc = boot_take_enc_key(bs->enckey[BOOT_SLOT_SECONDARY], BOOT_CURR_IMG(state), BOOT_SLOT_SECONDARY);
+#else
             rc = boot_enc_load(state, BOOT_SLOT_SECONDARY, hdr, fap, bs);
+#endif /* MCUBOOT_EMBEDDED_ENC_KEY */
             assert(rc >= 0);
 
             if (rc == 0) {
@@ -1606,15 +1618,19 @@ boot_swap_image(struct boot_loader_state *state, struct boot_status *bs)
 
             boot_enc_init(BOOT_CURR_ENC_SLOT(state, slot));
 
+#ifdef MCUBOOT_EMBEDDED_ENC_KEY
+            rc = boot_take_enc_key(bs->enckey[slot], image_index, slot);
+#else
             rc = boot_read_enc_key(fap, slot, bs);
+#endif /* MCUBOOT_EMBEDDED_ENC_KEY */
             if (rc) {
                 BOOT_LOG_DBG("boot_swap_image: Failed loading key (%d, %d)",
                               image_index, slot);
             } else {
                 boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, slot), bs->enckey[slot]);
             }
         }
-#endif
+#endif /* MCUBOOT_ENC_IMAGES */
         flash_area_close(fap);
     }
 

boot/mynewt/src/single_loader.c

@@ -49,6 +49,7 @@ boot_image_validate(const struct flash_area *fa_p,
          * was performed. We will try to validate the image, and if still
          * encrypted the validation will fail, and go in panic mode
          */
+        BOOT_LOG_DBG("boot_image_validate: clearing encryption flags");
         hdr->ih_flags &= ~(ENCRYPTIONFLAGS);
     }
     FIH_CALL(bootutil_img_validate, fih_rc, NULL, hdr, fa_p, tmpbuf,