boot_serial: Avoid re-initializing state in boot_image_validate_encrypted (07222c19) · Commits · Wenxi XU / Mcuboot

boot/boot_serial/include/boot_serial/boot_serial_encryption.h

+3 −1

Original line number	Diff line number	Diff line
		@@ -11,6 +11,7 @@
		/**
		* Validate hash of a primary boot image doing on the fly decryption as well
		*
		* @param[in] state bootloader state
		* @param[in] fa_p flash area pointer
		* @param[in] hdr boot image header pointer
		* @param[in] buf buffer which is used for validating data
		@@ -20,7 +21,8 @@
		* @return FIH_SUCCESS on success, error code otherwise
		*/
		fih_ret
		boot_image_validate_encrypted(const struct flash_area *fa_p,
		boot_image_validate_encrypted(struct boot_loader_state *state,
		const struct flash_area *fa_p,
		struct image_header hdr, uint8_t buf,
		uint16_t buf_size
		);

+2 −2

Original line number	Diff line number	Diff line
		@@ -352,7 +352,7 @@ bs_list(struct boot_loader_state state, char buf, int len)
		#if defined(MCUBOOT_ENC_IMAGES)
		#if !defined(MCUBOOT_SINGLE_APPLICATION_SLOT)
		if (IS_ENCRYPTED(&hdr) && MUST_DECRYPT(fap, image_index, &hdr)) {
		FIH_CALL(boot_image_validate_encrypted, fih_rc, fap,
		FIH_CALL(boot_image_validate_encrypted, fih_rc, state, fap,
		&hdr, tmpbuf, sizeof(tmpbuf));
		} else {
		#endif
		@@ -573,7 +573,7 @@ bs_set(struct boot_loader_state state, char buf, int len)
		{
		#ifdef MCUBOOT_ENC_IMAGES
		if (IS_ENCRYPTED(&hdr)) {
		FIH_CALL(boot_image_validate_encrypted, fih_rc, fap,
		FIH_CALL(boot_image_validate_encrypted, fih_rc, state, fap,
		&hdr, tmpbuf, sizeof(tmpbuf));
		} else {
		#endif

+6 −6

Original line number	Diff line number	Diff line
		@@ -19,20 +19,18 @@
		BOOT_LOG_MODULE_DECLARE(serial_encryption);

		fih_ret
		boot_image_validate_encrypted(const struct flash_area *fa_p,
		boot_image_validate_encrypted(struct boot_loader_state *state,
		const struct flash_area *fa_p,
		struct image_header hdr, uint8_t buf,
		uint16_t buf_size)
		{
		FIH_DECLARE(fih_rc, FIH_FAILURE);

		struct boot_loader_state boot_data;
		struct boot_loader_state *state = &boot_data;
		struct boot_status _bs;
		struct boot_status *bs = &_bs;
		int rc;

		memset(&boot_data, 0, sizeof(struct boot_loader_state));
		if(IS_ENCRYPTED(hdr)) {
		if (MUST_DECRYPT(fa_p, BOOT_CURR_IMG(state), hdr)) {
		rc = boot_enc_load(state, 1, hdr, fa_p, bs);
		if (rc < 0) {
		FIH_RET(fih_rc);
		@@ -46,6 +44,8 @@ boot_image_validate_encrypted(const struct flash_area *fa_p,
		FIH_CALL(bootutil_img_validate, fih_rc, state,
		hdr, fa_p, buf, buf_size, NULL, 0, NULL);

		boot_enc_zeroize(BOOT_CURR_ENC(state));

		FIH_RET(fih_rc);
		}

		@@ -228,7 +228,7 @@ decrypt_image_inplace(const struct flash_area *fa_p,
		#if 0 //Skip this step?, the image will just not boot if it's not decrypted properly
		static uint8_t tmpbuf[BOOT_TMPBUF_SZ];
		/* First check if the encrypted image is a good image before decrypting */
		FIH_CALL(boot_image_validate_encrypted,fih_rc,fa_p,&_hdr,tmpbuf,BOOT_TMPBUF_SZ);
		FIH_CALL(boot_image_validate_encrypted, fih_rc, state, fa_p, &_hdr, tmpbuf, BOOT_TMPBUF_SZ);
		if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
		FIH_RET(fih_rc);
		}