bootutil: allow encryption key TLVs in swap status
Add a new option that when enabled, allows a swap status to store
an encrypted key TLV instead of plain keys. When a new swap operation is
started the encryption keys are saved to the swap status area to allow
for resuming (because it is challenging to find those TLV in the middle
of a swap operation).
Previously those keys were saved in plain text, so it would be easy to
dump them if the images were stored in external flash. With this new
option one can choose to save the TLV instead, which uses more flash
but does not leak secrets. The amount of flash required varies depending
on the size of the TLV, which is 48 for AES-128-KW, 512 for RSA and 240
for ECIES-P256.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index 8f143a0..06463a8 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -285,7 +285,17 @@
void
boot_status_reset(struct boot_status *bs)
{
- memset(bs, 0, sizeof *bs);
+#ifdef MCUBOOT_ENC_IMAGES
+ memset(&bs->enckey, 0xff, BOOT_NUM_SLOTS * BOOT_ENC_KEY_SIZE);
+#if MCUBOOT_SWAP_SAVE_ENCTLV
+ memset(&bs->enctlv, 0xff, BOOT_NUM_SLOTS * BOOT_ENC_TLV_ALIGN_SIZE);
+#endif
+#endif /* MCUBOOT_ENC_IMAGES */
+
+ bs->use_scratch = 0;
+ bs->swap_size = 0;
+ bs->source = 0;
+
bs->op = BOOT_STATUS_OP_MOVE;
bs->idx = BOOT_STATUS_IDX_0;
bs->state = BOOT_STATUS_STATE_0;
@@ -385,11 +395,11 @@
#ifdef MCUBOOT_ENC_IMAGES
if (MUST_DECRYPT(fap, image_index, hdr)) {
- rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs->enckey[1]);
+ rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs);
if (rc < 0) {
return BOOT_EBADIMAGE;
}
- if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), 1, bs->enckey[1])) {
+ if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), 1, bs)) {
return BOOT_EBADIMAGE;
}
}
@@ -781,12 +791,12 @@
if (IS_ENCRYPTED(boot_img_hdr(state, BOOT_SECONDARY_SLOT))) {
rc = boot_enc_load(BOOT_CURR_ENC(state), image_index,
boot_img_hdr(state, BOOT_SECONDARY_SLOT),
- fap_secondary_slot, bs->enckey[1]);
+ fap_secondary_slot, bs);
if (rc < 0) {
return BOOT_EBADIMAGE;
}
- if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), 1, bs->enckey[1])) {
+ if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), 1, bs)) {
return BOOT_EBADIMAGE;
}
}
@@ -870,11 +880,11 @@
#ifdef MCUBOOT_ENC_IMAGES
if (IS_ENCRYPTED(hdr)) {
fap = BOOT_IMG_AREA(state, BOOT_PRIMARY_SLOT);
- rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs->enckey[0]);
+ rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs);
assert(rc >= 0);
if (rc == 0) {
- rc = boot_enc_set_key(BOOT_CURR_ENC(state), 0, bs->enckey[0]);
+ rc = boot_enc_set_key(BOOT_CURR_ENC(state), 0, bs);
assert(rc == 0);
} else {
rc = 0;
@@ -894,11 +904,11 @@
hdr = boot_img_hdr(state, BOOT_SECONDARY_SLOT);
if (IS_ENCRYPTED(hdr)) {
fap = BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT);
- rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs->enckey[1]);
+ rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, hdr, fap, bs);
assert(rc >= 0);
if (rc == 0) {
- rc = boot_enc_set_key(BOOT_CURR_ENC(state), 1, bs->enckey[1]);
+ rc = boot_enc_set_key(BOOT_CURR_ENC(state), 1, bs);
assert(rc == 0);
} else {
rc = 0;
@@ -924,8 +934,8 @@
copy_size = bs->swap_size;
#ifdef MCUBOOT_ENC_IMAGES
- for (slot = 0; slot <= 1; slot++) {
- rc = boot_read_enc_key(image_index, slot, bs->enckey[slot]);
+ for (slot = 0; slot < BOOT_NUM_SLOTS; slot++) {
+ rc = boot_read_enc_key(image_index, slot, bs);
assert(rc == 0);
for (i = 0; i < BOOT_ENC_KEY_SIZE; i++) {
@@ -935,7 +945,7 @@
}
if (i != BOOT_ENC_KEY_SIZE) {
- boot_enc_set_key(BOOT_CURR_ENC(state), slot, bs->enckey[slot]);
+ boot_enc_set_key(BOOT_CURR_ENC(state), slot, bs);
}
}
#endif