diff --git a/boot/boot_serial/src/boot_serial_encryption.c b/boot/boot_serial/src/boot_serial_encryption.c index 51d25024e..c7020187f 100644 --- a/boot/boot_serial/src/boot_serial_encryption.c +++ b/boot/boot_serial/src/boot_serial_encryption.c @@ -129,10 +129,11 @@ decrypt_region_inplace(struct boot_loader_state *state, size_t blk_off; uint16_t idx; uint32_t blk_sz; - uint8_t image_index; - + int slot = flash_area_id_to_multi_image_slot(BOOT_CURR_IMG(state), + flash_area_get_id(fap)); uint8_t buf[sz] __attribute__((aligned)); assert(sz <= sizeof buf); + assert(slot >= 0); bytes_copied = 0; while (bytes_copied < sz) { @@ -147,7 +148,6 @@ decrypt_region_inplace(struct boot_loader_state *state, return BOOT_EFLASH; } - image_index = BOOT_CURR_IMG(state); if (IS_ENCRYPTED(hdr)) { blk_sz = chunk_sz; idx = 0; @@ -175,7 +175,7 @@ decrypt_region_inplace(struct boot_loader_state *state, blk_sz = tlv_off - (off + bytes_copied); } } - boot_encrypt(BOOT_CURR_ENC(state), image_index, flash_area_get_id(fap), + boot_encrypt(BOOT_CURR_ENC(state), slot, (off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz, blk_off, &buf[idx]); } diff --git a/boot/bootutil/include/bootutil/enc_key.h b/boot/bootutil/include/bootutil/enc_key.h index d8dab9013..51c9d40cc 100644 --- a/boot/bootutil/include/bootutil/enc_key.h +++ b/boot/bootutil/include/bootutil/enc_key.h @@ -58,9 +58,8 @@ int boot_enc_load(struct enc_key_data *enc_state, int image_index, int boot_enc_decrypt(const uint8_t *buf, uint8_t *enckey); bool boot_enc_valid(struct enc_key_data *enc_state, int image_index, const struct flash_area *fap); -void boot_encrypt(struct enc_key_data *enc_state, int image_index, - int fa_id, uint32_t off, uint32_t sz, - uint32_t blk_off, uint8_t *buf); +void boot_encrypt(struct enc_key_data *enc_state, int slot, + uint32_t off, uint32_t sz, uint32_t blk_off, uint8_t *buf); void boot_enc_zeroize(struct enc_key_data *enc_state); #ifdef __cplusplus diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c index 44975cc49..ce48b689d 100644 --- a/boot/bootutil/src/encrypted.c +++ b/boot/bootutil/src/encrypted.c @@ -680,13 +680,11 @@ boot_enc_valid(struct enc_key_data *enc_state, int image_index, } void -boot_encrypt(struct enc_key_data *enc_state, int image_index, - int fa_id, uint32_t off, uint32_t sz, - uint32_t blk_off, uint8_t *buf) +boot_encrypt(struct enc_key_data *enc_state, int slot, uint32_t off, + uint32_t sz, uint32_t blk_off, uint8_t *buf) { struct enc_key_data *enc; uint8_t nonce[16]; - int rc; /* boot_copy_region will call boot_encrypt with sz = 0 when skipping over the TLVs. */ @@ -701,13 +699,7 @@ boot_encrypt(struct enc_key_data *enc_state, int image_index, nonce[14] = (uint8_t)(off >> 8); nonce[15] = (uint8_t)off; - rc = flash_area_id_to_multi_image_slot(image_index, fa_id); - if (rc < 0) { - assert(0); - return; - } - - enc = &enc_state[rc]; + enc = &enc_state[slot]; assert(enc->valid == 1); bootutil_aes_ctr_encrypt(&enc->aes_ctr, nonce, buf, sz, blk_off, buf); } diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index b4e8b7983..911322b13 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -150,8 +150,8 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, /* Only payload is encrypted (area between header and TLVs) */ if (off >= hdr_size && off < tlv_off) { blk_off = (off - hdr_size) & 0xf; - boot_encrypt(enc_state, image_index, flash_area_get_id(fap), off - hdr_size, - blk_sz, blk_off, tmp_buf); + boot_encrypt(enc_state, 1, off - hdr_size, + blk_sz, blk_off, tmp_buf); } } #endif diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index ef1dfe897..a90669253 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -1218,13 +1218,14 @@ boot_copy_region(struct boot_loader_state *state, uint32_t off; uint32_t tlv_off; size_t blk_off; - int enc_area_id; struct image_header *hdr; uint16_t idx; uint32_t blk_sz; uint8_t image_index; bool encrypted_src; bool encrypted_dst; + /* Assuming the secondary slot is source and needs decryption */ + int source_slot = 1; #endif TARGET_STATIC uint8_t buf[BUF_SZ] __attribute__((aligned(4))); @@ -1257,11 +1258,11 @@ boot_copy_region(struct boot_loader_state *state, if (encrypted_dst) { /* Need encryption, metadata from the primary slot */ hdr = boot_img_hdr(state, BOOT_PRIMARY_SLOT); - enc_area_id = FLASH_AREA_IMAGE_PRIMARY(image_index); + source_slot = 0; } else { /* Need decryption, metadata from the secondary slot */ hdr = boot_img_hdr(state, BOOT_SECONDARY_SLOT); - enc_area_id = FLASH_AREA_IMAGE_SECONDARY(image_index); + source_slot = 1; } if (IS_ENCRYPTED(hdr)) { @@ -1294,7 +1295,7 @@ boot_copy_region(struct boot_loader_state *state, blk_sz = tlv_off - abs_off; } } - boot_encrypt(BOOT_CURR_ENC(state), image_index, enc_area_id, + boot_encrypt(BOOT_CURR_ENC(state), source_slot, (abs_off + idx) - hdr->ih_hdr_size, blk_sz, blk_off, &buf[idx]); } @@ -2774,13 +2775,13 @@ boot_decrypt_and_copy_image_to_sram(struct boot_loader_state *state, * Part of the chunk is encrypted payload */ blk_off = ((bytes_copied) - hdr->ih_hdr_size) & 0xf; blk_sz = tlv_off - (bytes_copied); - boot_encrypt(BOOT_CURR_ENC(state), image_index, area_id, + boot_encrypt(BOOT_CURR_ENC(state), slot, (bytes_copied + idx) - hdr->ih_hdr_size, blk_sz, blk_off, cur_dst); } else { /* Image encrypted payload section */ blk_off = ((bytes_copied) - hdr->ih_hdr_size) & 0xf; - boot_encrypt(BOOT_CURR_ENC(state), image_index, area_id, + boot_encrypt(BOOT_CURR_ENC(state), slot, (bytes_copied + idx) - hdr->ih_hdr_size, blk_sz, blk_off, cur_dst); }