bootutil: Use common type name for key exchange context (800f6e39) · Commits · Wenxi XU / Mcuboot

boot/bootutil/include/bootutil/crypto/ecdh_p256.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -35,6 +35,7 @@ extern "C" {

		#if defined(MCUBOOT_USE_TINYCRYPT)
		typedef uintptr_t bootutil_ecdh_p256_context;
		typedef bootutil_ecdh_p256_context bootutil_key_exchange_ctx;
		static inline void bootutil_ecdh_p256_init(bootutil_ecdh_p256_context *ctx)
		{
		(void)ctx;
		@@ -80,6 +81,7 @@ typedef struct bootutil_ecdh_p256_context {
		mbedtls_mpi z;
		mbedtls_mpi d;
		} bootutil_ecdh_p256_context;
		typedef bootutil_ecdh_p256_context bootutil_key_exchange_ctx;

		static inline void bootutil_ecdh_p256_init(bootutil_ecdh_p256_context *ctx)
		{

boot/bootutil/include/bootutil/crypto/ecdh_x25519.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -26,6 +26,7 @@ extern int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
		const uint8_t peer_public_value[32]);

		typedef uintptr_t bootutil_ecdh_x25519_context;
		typedef bootutil_ecdh_x25519_context bootutil_key_exchange_ctx;
		static inline void bootutil_ecdh_x25519_init(bootutil_ecdh_x25519_context *ctx)
		{
		(void)ctx;

boot/bootutil/include/bootutil/crypto/rsa.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -68,6 +68,7 @@ extern "C" {
		typedef struct {
		psa_key_id_t key_id;
		} bootutil_rsa_context;
		typedef bootutil_rsa_context bootutil_key_exchange_ctx;

		static inline void bootutil_rsa_init(bootutil_rsa_context *ctx)
		{
		@@ -176,6 +177,7 @@ static inline int bootutil_rsassa_pss_verify(const bootutil_rsa_context *ctx,
		#elif defined(MCUBOOT_USE_MBED_TLS)

		typedef mbedtls_rsa_context bootutil_rsa_context;
		typedef bootutil_rsa_context bootutil_key_exchange_ctx;

		static inline void bootutil_rsa_init(bootutil_rsa_context *ctx)
		{

boot/bootutil/src/encrypted.c

+22 −37

Original line number	Diff line number	Diff line
		@@ -380,35 +380,26 @@ static int fake_rng(void p_rng, unsigned char output, size_t len)
		int
		boot_decrypt_key(const uint8_t buf, uint8_t enckey)
		{
		#if defined(MCUBOOT_ENCRYPT_RSA)
		bootutil_rsa_context rsa;
		uint8_t *cp;
		uint8_t *cpend;
		size_t olen;
		#endif

		BOOT_LOG_DBG("boot_decrypt_key");
		#if defined(MCUBOOT_ENCRYPT_EC256)
		bootutil_ecdh_p256_context ecdh_p256;
		#endif
		#if defined(MCUBOOT_ENCRYPT_X25519)
		bootutil_ecdh_x25519_context ecdh_x25519;
		#endif
		#if defined(MCUBOOT_ENCRYPT_EC256) \|\| defined(MCUBOOT_ENCRYPT_X25519)
		bootutil_hmac_sha256_context hmac;
		bootutil_aes_ctr_context aes_ctr;
		uint8_t tag[BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
		uint8_t shared[EC_SHARED_LEN];
		uint8_t derived_key[BOOT_ENC_KEY_SIZE + BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
		uint8_t *cp;
		uint8_t *cpend;
		uint8_t private_key[EC_PRIVK_LEN];
		uint8_t counter[BOOT_ENC_BLOCK_SIZE];
		#endif
		#if !defined(MCUBOOT_ENCRYPT_KW)
		bootutil_key_exchange_ctx pk_ctx;
		uint8_t *cp;
		uint8_t *cpend;
		uint16_t len;
		#endif
		struct bootutil_key *bootutil_enc_key = NULL;
		int rc = -1;

		BOOT_LOG_DBG("boot_decrypt_key");

		rc = boot_enc_retrieve_private_key(&bootutil_enc_key);
		if (rc) {
		return rc;
		@@ -418,21 +409,23 @@ boot_decrypt_key(const uint8_t buf, uint8_t enckey)
		return rc;
		}

		#if defined(MCUBOOT_ENCRYPT_RSA)

		bootutil_rsa_init(&rsa);
		#if !defined(MCUBOOT_ENCRYPT_KW)
		cp = (uint8_t *)bootutil_enc_key->key;
		cpend = cp + *bootutil_enc_key->len;
		#endif

		#if defined(MCUBOOT_ENCRYPT_RSA)
		bootutil_rsa_init(&pk_ctx);

		/* The enckey is encrypted through RSA so for decryption we need the private key */
		rc = bootutil_rsa_parse_private_key(&rsa, &cp, cpend);
		rc = bootutil_rsa_parse_private_key(&pk_ctx, &cp, cpend);
		if (rc) {
		bootutil_rsa_drop(&rsa);
		bootutil_rsa_drop(&pk_ctx);
		return rc;
		}

		rc = bootutil_rsa_oaep_decrypt(&rsa, &olen, buf, enckey, BOOT_ENC_KEY_SIZE);
		bootutil_rsa_drop(&rsa);
		rc = bootutil_rsa_oaep_decrypt(&pk_ctx, &len, buf, enckey, BOOT_ENC_KEY_SIZE);
		bootutil_rsa_drop(&pk_ctx);
		if (rc) {
		return rc;
		}
		@@ -447,10 +440,6 @@ boot_decrypt_key(const uint8_t buf, uint8_t enckey)
		#endif /* defined(MCUBOOT_ENCRYPT_KW) */

		#if defined(MCUBOOT_ENCRYPT_EC256)

		cp = (uint8_t *)bootutil_enc_key->key;
		cpend = cp + *bootutil_enc_key->len;

		/*
		* Load the stored EC256 decryption private key
		*/
		@@ -463,10 +452,10 @@ boot_decrypt_key(const uint8_t buf, uint8_t enckey)
		/*
		* First "element" in the TLV is the curve point (public key)
		*/
		bootutil_ecdh_p256_init(&ecdh_p256);
		bootutil_ecdh_p256_init(&pk_ctx);

		rc = bootutil_ecdh_p256_shared_secret(&ecdh_p256, &buf[EC_PUBK_INDEX], private_key, shared);
		bootutil_ecdh_p256_drop(&ecdh_p256);
		rc = bootutil_ecdh_p256_shared_secret(&pk_ctx, &buf[EC_PUBK_INDEX], private_key, shared);
		bootutil_ecdh_p256_drop(&pk_ctx);
		if (rc != 0) {
		return -1;
		}
		@@ -474,10 +463,6 @@ boot_decrypt_key(const uint8_t buf, uint8_t enckey)
		#endif /* defined(MCUBOOT_ENCRYPT_EC256) */

		#if defined(MCUBOOT_ENCRYPT_X25519)

		cp = (uint8_t *)bootutil_enc_key->key;
		cpend = cp + *bootutil_enc_key->len;

		/*
		* Load the stored X25519 decryption private key
		*/
		@@ -491,10 +476,10 @@ boot_decrypt_key(const uint8_t buf, uint8_t enckey)
		* First "element" in the TLV is the curve point (public key)
		*/

		bootutil_ecdh_x25519_init(&ecdh_x25519);
		bootutil_ecdh_x25519_init(&pk_ctx);

		rc = bootutil_ecdh_x25519_shared_secret(&ecdh_x25519, &buf[EC_PUBK_INDEX], private_key, shared);
		bootutil_ecdh_x25519_drop(&ecdh_x25519);
		rc = bootutil_ecdh_x25519_shared_secret(&pk_ctx, &buf[EC_PUBK_INDEX], private_key, shared);
		bootutil_ecdh_x25519_drop(&pk_ctx);
		if (!rc) {
		return -1;
		}

Admin message