commit e38b0afa6a1f2808395424eccb8769ddf1438bab
author Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Thu Nov 04 13:34:11 2021 +0100
committer Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Mon Nov 15 13:48:03 2021 +0100
tree 58a8eaf1a197144a390417c502caf1867a3824c0
parent 21f0376faa3d14dea6a193723698fba70f8bef64

loader: Allow image header bigger than 1 KB for encrypted images

boot_copy_region() was written so it assumes that the image header
must fit int the intermediary buffer of 1 KB size. A bigger header
will cause a overflow in calculation of size of data chunk to be
decrypted.

This patch allow to use header bigger than that buffer size and
mitigate the limitation described above.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>

boot/bootutil/src/loader.c

diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index ac449a4..1fd2934 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -950,28 +950,39 @@
             }
 #endif
             if (IS_ENCRYPTED(hdr)) {
-                blk_sz = chunk_sz;
-                idx = 0;
                 if (off + bytes_copied < hdr->ih_hdr_size) {
                     /* do not decrypt header */
-                    blk_off = 0;
-                    blk_sz = chunk_sz - hdr->ih_hdr_size;
-                    idx = hdr->ih_hdr_size;
+                    if (off + bytes_copied + chunk_sz > hdr->ih_hdr_size) {
+                        /* The lower part of the chunk contains header data */
+                        blk_off = 0;
+                        blk_sz = chunk_sz - (hdr->ih_hdr_size - off -
+                                 bytes_copied);
+                        idx = hdr->ih_hdr_size  - off - bytes_copied;
+                    } else {
+                        /* The chunk contains exclusively header data */
+                        blk_sz = 0; /* nothing to decrypt */
+                    }
                 } else {
+                    idx = 0;
+                    blk_sz = chunk_sz;
                     blk_off = ((off + bytes_copied) - hdr->ih_hdr_size) & 0xf;
                 }
-                tlv_off = BOOT_TLV_OFF(hdr);
-                if (off + bytes_copied + chunk_sz > tlv_off) {
-                    /* do not decrypt TLVs */
-                    if (off + bytes_copied >= tlv_off) {
-                        blk_sz = 0;
-                    } else {
-                        blk_sz = tlv_off - (off + bytes_copied);
+
+                if (blk_sz > 0)
+                {
+                    tlv_off = BOOT_TLV_OFF(hdr);
+                    if (off + bytes_copied + chunk_sz > tlv_off) {
+                        /* do not decrypt TLVs */
+                        if (off + bytes_copied >= tlv_off) {
+                            blk_sz = 0;
+                        } else {
+                            blk_sz = tlv_off - (off + bytes_copied);
+                        }
                     }
+                    boot_encrypt(BOOT_CURR_ENC(state), image_index, fap_src,
+                            (off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
+                            blk_off, &buf[idx]);
                 }
-                boot_encrypt(BOOT_CURR_ENC(state), image_index, fap_src,
-                        (off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
-                        blk_off, &buf[idx]);
             }
         }
 #endif