-
Notifications
You must be signed in to change notification settings - Fork 697
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Code restructuring: bootutil/encrypted #2027
Comments
Copying further conversations:
Yes and no. There is also lack of general crypto init, before any crypto start, nor general crypto deinit (if that would be required); that would also be a point where we should zero all key memory, before passing execution further.
Yes, that is what I mean; with the separate key processing functions the boot_enc_load could be done nicer. Another problem is that with how the boot_enc_key_load is defined there are places, like boot_image_validate_encrypted, where the boot_status variable is only defined to get the key, and there is probably a bug where the thing works only thanks to memset, but will fail with more than one image. |
@de-nordic you obviously have a better understanding of the current situation :)
|
Yes, regarding the encryption. But I would rather start with defining, at least, minimal API for handling To discard the array, you have to call the Regarding the Maybe then boot_enc API should completely discard usage of Additional problem is with the I also do not think that |
We need to clean up mess in key length definitions.
The Additionally ,for example within operations like |
Original comments (from #2022):
Yes. Since only one type of encryption is used at once, we could define some key processing API that will link same name functions, but processing different keys, depending on what algorithm is selected. This can be later extended to take MCUboot identifier for key, if we decide to support more than one alg at once.
In the end the key ends in enckey buffer anyway, in byte string form.
Which is actually a problem also: I am currently working on making the x25519 to work with PSA and have found out that the best way would be to load key to PSA storage and use key id there, this requires change in key type, as passed in boot_status.
We also lack boot_enc_ type function for key destruction.
I believe it was not needed before as the key-encryption key is embedded as static data and the encryption key was simply decrypted from the TLV are into the boot_status struct. But it's different with PSA as you want to destroy the imported key after it's no longer needed. Correct?
I believe the boot_enc_load() > boot_decrypt_key() serve this purpose. boot_decrypt_key() acts as the key processing API with the difference that it's not implemented separately for the different algorithms but it's put together with the ifdef tsunami.
The text was updated successfully, but these errors were encountered: