diff --git a/boot/bootutil/include/bootutil/enc_key.h b/boot/bootutil/include/bootutil/enc_key.h index 768dd8e7ed..deb4fb8674 100644 --- a/boot/bootutil/include/bootutil/enc_key.h +++ b/boot/bootutil/include/bootutil/enc_key.h @@ -32,6 +32,7 @@ #include #include "bootutil/crypto/aes_ctr.h" #include "bootutil/image.h" +#include "bootutil/sign_key.h" #include "bootutil/enc_key_public.h" #ifdef __cplusplus @@ -45,7 +46,17 @@ struct enc_key_data { bootutil_aes_ctr_context aes_ctr; }; -extern const struct bootutil_key bootutil_enc_key; +/** + * Retrieve the private key for image encryption. + * + * @param[out] private_key structure to store the private key and + * its length. + * + * @return 0 on success; nonzero on failure. + * + */ +int boot_retrieve_private_key(const struct bootutil_key *private_key); + struct boot_status; int boot_enc_init(struct enc_key_data *enc_state, uint8_t slot); diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c index 82435a425a..3b2b00d0c6 100644 --- a/boot/bootutil/src/encrypted.c +++ b/boot/bootutil/src/encrypted.c @@ -67,7 +67,7 @@ static int bootutil_constant_time_compare(const uint8_t *a, const uint8_t *b, si #if defined(MCUBOOT_ENCRYPT_KW) static int -key_unwrap(const uint8_t *wrapped, uint8_t *enckey) +key_unwrap(const uint8_t *wrapped, uint8_t *enckey, const struct bootutil_enc_key) { bootutil_aes_kw_context aes_kw; int rc; @@ -438,8 +438,14 @@ boot_enc_decrypt(const uint8_t *buf, uint8_t *enckey) uint8_t counter[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE]; uint16_t len; #endif + const struct bootutil_key bootutil_enc_key = {0}; int rc = -1; + rc = boot_retrieve_private_key(&bootutil_enc_key); + if (rc) { + return rc; + } + #if defined(MCUBOOT_ENCRYPT_RSA) bootutil_rsa_init(&rsa); @@ -464,7 +470,7 @@ boot_enc_decrypt(const uint8_t *buf, uint8_t *enckey) #if defined(MCUBOOT_ENCRYPT_KW) assert(*bootutil_enc_key.len == BOOT_ENC_KEY_SIZE); - rc = key_unwrap(buf, enckey); + rc = key_unwrap(buf, enckey, bootutil_enc_key); #endif /* defined(MCUBOOT_ENCRYPT_KW) */ diff --git a/boot/cypress/MCUBootApp/keys.c b/boot/cypress/MCUBootApp/keys.c index 20c0332f65..4bdfcbc729 100644 --- a/boot/cypress/MCUBootApp/keys.c +++ b/boot/cypress/MCUBootApp/keys.c @@ -167,3 +167,12 @@ const struct bootutil_key bootutil_enc_key = { .key = enc_priv_key, .len = &enc_priv_key_len, }; + +#if !defined(MCUBOOT_HW_KEY) +int boot_retrieve_private_key(const struct bootutil_key *private_key) +{ + private_key = &bootutil_enc_key; + + return 0; +} +#endif /* !MCUBOOT_HW_KEY */ diff --git a/boot/mbed/app_enc_keys.c b/boot/mbed/app_enc_keys.c index 9bed4d80fd..30dde3c965 100644 --- a/boot/mbed/app_enc_keys.c +++ b/boot/mbed/app_enc_keys.c @@ -69,3 +69,12 @@ const struct bootutil_key bootutil_enc_key = { #endif #endif + +#if !defined(MCUBOOT_HW_KEY) +int boot_retrieve_private_key(const struct bootutil_key *private_key) +{ + private_key = &bootutil_enc_key; + + return 0; +} +#endif /* !MCUBOOT_HW_KEY */ diff --git a/boot/zephyr/keys.c b/boot/zephyr/keys.c index b7a9edf791..5b6b7f964e 100644 --- a/boot/zephyr/keys.c +++ b/boot/zephyr/keys.c @@ -186,7 +186,7 @@ const struct bootutil_key bootutil_enc_key = { .len = &enc_priv_key_len, }; #elif defined(MCUBOOT_ENCRYPT_EC256) -extern const unsigned char enc_priv_key[]; +extern unsigned char enc_priv_key[]; extern unsigned int enc_priv_key_len; const struct bootutil_key bootutil_enc_key = { .key = enc_priv_key, @@ -207,3 +207,12 @@ const struct bootutil_key bootutil_enc_key = { #elif defined(MCUBOOT_ENCRYPT_KW) #error "Encrypted images with AES-KW is not implemented yet." #endif + +#if !defined(MCUBOOT_HW_KEY) +int boot_retrieve_private_key(const struct bootutil_key *private_key) +{ + private_key = &bootutil_enc_key; + + return 0; +} +#endif /* !MCUBOOT_HW_KEY */