Add macro to check if image must be decrypted
An image must be decrypted when it is loaded on the secondary slot and
its header flag indicates it is encrypted. Instead of checking both
things every time the image is read, add a new macro, MUST_DECRYPT, that
does both checks.
Also `BOOT_CURR_ENC` was simplified to be used directly on
`bootutil_img_validate` calls, returning NULL for no encrypted images.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index b883e44..143187b 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -71,6 +71,14 @@
(void)hdr_size;
#endif
+#ifdef MCUBOOT_ENC_IMAGES
+ /* Encrypted images only exist in the secondary slot */
+ if (MUST_DECRYPT(fap, image_index, hdr) &&
+ !boot_enc_valid(enc_state, image_index, fap)) {
+ return -1;
+ }
+#endif
+
bootutil_sha256_init(&sha256_ctx);
/* in some cases (split image) the hash is seeded with data from
@@ -79,14 +87,6 @@
bootutil_sha256_update(&sha256_ctx, seed, seed_len);
}
-#ifdef MCUBOOT_ENC_IMAGES
- /* Encrypted images only exist in the secondary slot */
- if (fap->fa_id == FLASH_AREA_IMAGE_SECONDARY(image_index) &&
- IS_ENCRYPTED(hdr) && !boot_enc_valid(enc_state, image_index, fap)) {
- return -1;
- }
-#endif
-
/* Hash is computed over image header and image itself. */
hdr_size = hdr->ih_hdr_size;
size = BOOT_TLV_OFF(hdr);
@@ -120,8 +120,7 @@
return rc;
}
#ifdef MCUBOOT_ENC_IMAGES
- if (fap->fa_id == FLASH_AREA_IMAGE_SECONDARY(image_index) &&
- IS_ENCRYPTED(hdr) && off >= hdr_size) {
+ if (MUST_DECRYPT(fap, image_index, hdr) && off >= hdr_size) {
blk_off = (off - hdr_size) & 0xf;
boot_encrypt(enc_state, image_index, fap, off - hdr_size, blk_sz,
blk_off, tmp_buf);