bootutil: Move all encryption TLV helper identifiers into one place

de-nordic · nvlsianpu · commit e3a271c90b7f · 2025-06-24T14:43:00.000+02:00
Make enc_key_public.h single point of definitions for key sizes,
TLV indexes and so on.

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/boot/bootutil/include/bootutil/bootutil_macros.h b/boot/bootutil/include/bootutil/bootutil_macros.h
@@ -0,0 +1,19 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ */
+
+#ifndef H_BOOTUTIL_MACROS
+#define H_BOOTUTIL_MACROS
+
+#ifndef ALIGN_UP
+#define ALIGN_UP(num, align)    (((num) + ((align) - 1)) & ~((align) - 1))
+#endif
+
+#ifndef ALIGN_DOWN
+#define ALIGN_DOWN(num, align)  ((num) & ~((align) - 1))
+#endif
+
+#endif
diff --git a/boot/bootutil/include/bootutil/crypto/rsa.h b/boot/bootutil/include/bootutil/crypto/rsa.h
@@ -100,12 +100,12 @@ static int bootutil_rsa_oaep_decrypt(
         return -1;
     }
     size_t input_size = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attr));
-    if (input_size != TLV_ENC_RSA_SZ) {
+    if (input_size != BOOT_ENC_TLV_SIZE) {
         return -1;
     }
 
     status = psa_asymmetric_decrypt(ctx->key_id, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),
-                                    input, TLV_ENC_RSA_SZ, NULL, 0,
+                                    input, BOOT_ENC_TLV_SIZE, NULL, 0,
                                     output, output_max_len, olen);
     return (int)status;
 }
diff --git a/boot/bootutil/include/bootutil/enc_key.h b/boot/bootutil/include/bootutil/enc_key.h
@@ -39,8 +39,6 @@
 extern "C" {
 #endif
 
-#define BOOT_ENC_TLV_ALIGN_SIZE ALIGN_UP(BOOT_ENC_TLV_SIZE, BOOT_MAX_ALIGN)
-
 struct enc_key_data {
     uint8_t valid;
     bootutil_aes_ctr_context aes_ctr;
diff --git a/boot/bootutil/include/bootutil/enc_key_public.h b/boot/bootutil/include/bootutil/enc_key_public.h
@@ -28,37 +28,80 @@
 #ifndef BOOTUTIL_ENC_KEY_PUBLIC_H
 #define BOOTUTIL_ENC_KEY_PUBLIC_H
 #include <mcuboot_config/mcuboot_config.h>
+#include <bootutil/bootutil_macros.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#ifndef ALIGN_UP
-#define ALIGN_UP(num, align)    (((num) + ((align) - 1)) & ~((align) - 1))
-#endif
+/* The unit provides following system wide definitions:
+ *   BOOT_ENC_TLV_SIZE  -- is the complete size of TLV with encryption data.
+ *   BOOT_ENC_TLV       -- is the encryption TLV type, should be given value
+ *                         of one of IMAGE_TVL_ENC_ identifiers.
+ *   BOOT_ENC_KEY_SIZE  -- is the encryption key size; this includes portion
+ *                         of TLV data stream taken by key.
+ *
+ * For ECIES based key exchange there is additionally provided:
+ *   EC_PUBK_LEN        -- is the length, in bytes, of a public key; depends
+ *                         selected key exchange.
+ *   EC_PRIVK_LEN       -- is the length, in bytes, of a private key; depends
+ *                         on selected key exchange.
+ *   EC_SHARED_LEN      -- is the length, in bytes, of a shared key resulting
+ *                         from processing of private and public key; depends
+ *                         on selected key exchange parameters.
+ *
+ * ECIES TLV processing uses following TLVs, from this header:
+ *   EC_TAG_INDEX       -- is the HMAC tag of encryption key index within TLV data
+ *                         stream.
+ *   EC_TAG_LEN         -- is the HMAC tag length.
+ *   EC_PUBK_INDEX      -- is the index of shared public key within TLV data stream;
+ *                         EC_PUBK_LEN represents length in bytes.
+ *   EC_CIPHERKEY_INDEX -- is the encryption key index within TLV data stream.
+ *   EC_CIPHERKEY_LEN   -- is the length of an encryption key; depends on selected
+ *                         encryption.
+ *
+ * Note that in case of ECIES, the BOOT_ENC_TLV_SIZE will be defined as
+ * a sum of EC_*_LEN TLV components, defined for selected key exchange.
+ */
 
 #ifdef MCUBOOT_AES_256
-#define BOOT_ENC_KEY_SIZE       32
+#   define BOOT_ENC_KEY_SIZE   32
 #else
-#define BOOT_ENC_KEY_SIZE       16
+#   define BOOT_ENC_KEY_SIZE   16
 #endif
 
-#define BOOT_ENC_KEY_ALIGN_SIZE ALIGN_UP(BOOT_ENC_KEY_SIZE, BOOT_MAX_ALIGN)
-
-#define TLV_ENC_RSA_SZ    256
-#define TLV_ENC_KW_SZ     (BOOT_ENC_KEY_SIZE + 8)
-#define TLV_ENC_EC256_SZ  (65 + 32 + BOOT_ENC_KEY_SIZE)
-#define TLV_ENC_X25519_SZ (32 + 32 + BOOT_ENC_KEY_SIZE)
-
 #if defined(MCUBOOT_ENCRYPT_RSA)
-#define BOOT_ENC_TLV_SIZE TLV_ENC_RSA_SZ
+#   define BOOT_ENC_TLV_SIZE   (256)
+#   define BOOT_ENC_TLV        IMAGE_TLV_ENC_RSA2048
 #elif defined(MCUBOOT_ENCRYPT_EC256)
-#define BOOT_ENC_TLV_SIZE TLV_ENC_EC256_SZ
+#   define EC_PUBK_LEN         (65)
+#   define EC_PRIVK_LEN        (32)
+#   define EC_SHARED_LEN       (32)
+#   define BOOT_ENC_TLV        IMAGE_TLV_ENC_EC256
 #elif defined(MCUBOOT_ENCRYPT_X25519)
-#define BOOT_ENC_TLV_SIZE TLV_ENC_X25519_SZ
-#else
-#define BOOT_ENC_TLV_SIZE TLV_ENC_KW_SZ
+#   define EC_PUBK_LEN         (32)
+#   define EC_PRIVK_LEN        (32)
+#   define EC_SHARED_LEN       (32)
+#   define BOOT_ENC_TLV        IMAGE_TLV_ENC_X25519
+#elif defined(MCUBOOT_ENCRYPT_KW)
+#   define BOOT_ENC_TLV_SIZE   (BOOT_ENC_KEY_SIZE + 8)
+#   define BOOT_ENC_TLV        IMAGE_TLV_ENC_KW
 #endif
 
+/* Common ECIES definitions */
+#if defined(EC_PUBK_LEN)
+#   define EC_PUBK_INDEX       (0)
+#   define EC_TAG_LEN          (32)
+#   define EC_TAG_INDEX        (EC_PUBK_INDEX + EC_PUBK_LEN)
+#   define EC_CIPHERKEY_INDEX  (EC_TAG_INDEX + EC_TAG_LEN)
+#   define EC_CIPHERKEY_LEN    BOOT_ENC_KEY_SIZE
+#   define EC_SHARED_KEY_LEN   (32)
+#   define BOOT_ENC_TLV_SIZE   (EC_PUBK_LEN + EC_TAG_LEN + EC_CIPHERKEY_LEN)
+#endif
+
+#define BOOT_ENC_KEY_ALIGN_SIZE ALIGN_UP(BOOT_ENC_KEY_SIZE, BOOT_MAX_ALIGN)
+#define BOOT_ENC_TLV_ALIGN_SIZE ALIGN_UP(BOOT_ENC_TLV_SIZE, BOOT_MAX_ALIGN)
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c
@@ -46,28 +46,6 @@
 
 #include "bootutil_priv.h"
 
-#define EXPECTED_ENC_LEN        BOOT_ENC_TLV_SIZE
-
-#if defined(MCUBOOT_ENCRYPT_RSA)
-#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_RSA2048
-#elif defined(MCUBOOT_ENCRYPT_KW)
-#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_KW
-#elif defined(MCUBOOT_ENCRYPT_EC256)
-#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_EC256
-#    define EC_PUBK_INDEX       (0)
-#    define EC_TAG_INDEX        (65)
-#    define EC_CIPHERKEY_INDEX  (65 + 32)
-_Static_assert(EC_CIPHERKEY_INDEX + BOOT_ENC_KEY_SIZE == EXPECTED_ENC_LEN,
-        "Please fix ECIES-P256 component indexes");
-#elif defined(MCUBOOT_ENCRYPT_X25519)
-#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_X25519
-#    define EC_PUBK_INDEX       (0)
-#    define EC_TAG_INDEX        (32)
-#    define EC_CIPHERKEY_INDEX  (32 + 32)
-_Static_assert(EC_CIPHERKEY_INDEX + BOOT_ENC_KEY_SIZE == EXPECTED_ENC_LEN,
-        "Please fix ECIES-X25519 component indexes");
-#endif
-
 /* NOUP Fixme:  */
 #if !defined(CONFIG_BOOT_ED25519_PSA)
 #if defined(MCUBOOT_ENCRYPT_EC256) || defined(MCUBOOT_ENCRYPT_X25519)
@@ -104,7 +82,7 @@ key_unwrap(const uint8_t *wrapped, uint8_t *enckey, struct bootutil_key *bootuti
     if (rc != 0) {
         goto done;
     }
-    rc = bootutil_aes_kw_unwrap(&aes_kw, wrapped, TLV_ENC_KW_SZ, enckey, BOOT_ENC_KEY_SIZE);
+    rc = bootutil_aes_kw_unwrap(&aes_kw, wrapped, BOOT_ENC_TLV_SIZE, enckey, BOOT_ENC_KEY_SIZE);
     if (rc != 0) {
         goto done;
     }
@@ -618,7 +596,7 @@ boot_enc_load(struct boot_loader_state *state, int slot,
 #if MCUBOOT_SWAP_SAVE_ENCTLV
     uint8_t *buf;
 #else
-    uint8_t buf[EXPECTED_ENC_LEN];
+    uint8_t buf[BOOT_ENC_TLV_SIZE];
 #endif
     int rc;
 
@@ -638,7 +616,7 @@ boot_enc_load(struct boot_loader_state *state, int slot,
 #endif
 #endif
 
-    rc = bootutil_tlv_iter_begin(&it, hdr, fap, EXPECTED_ENC_TLV, false);
+    rc = bootutil_tlv_iter_begin(&it, hdr, fap, BOOT_ENC_TLV, false);
     if (rc) {
         return -1;
     }
@@ -648,7 +626,7 @@ boot_enc_load(struct boot_loader_state *state, int slot,
         return rc;
     }
 
-    if (len != EXPECTED_ENC_LEN) {
+    if (len != BOOT_ENC_TLV_SIZE) {
         return -1;
     }
 
@@ -657,7 +635,7 @@ boot_enc_load(struct boot_loader_state *state, int slot,
     memset(buf, 0xff, BOOT_ENC_TLV_ALIGN_SIZE);
 #endif
 
-    rc = flash_area_read(fap, off, buf, EXPECTED_ENC_LEN);
+    rc = flash_area_read(fap, off, buf, BOOT_ENC_TLV_SIZE);
     if (rc) {
         return -1;
     }
diff --git a/boot/bootutil/src/encrypted_psa.c b/boot/bootutil/src/encrypted_psa.c
@@ -27,16 +27,6 @@
 
 BOOT_LOG_MODULE_DECLARE(mcuboot_psa_enc);
 
-#define EXPECTED_ENC_LEN    BOOT_ENC_TLV_SIZE
-#define EC_PUBK_INDEX       (0)
-#define EC_PUBK_LEN         (32)
-#define EC_TAG_INDEX        (EC_PUBK_INDEX + EC_PUBK_LEN)
-#define EC_TAG_LEN          (32)
-#define EC_CIPHERKEY_INDEX  (EC_TAG_INDEX + EC_TAG_LEN)
-#define EC_CIPHERKEY_LEN    BOOT_ENC_KEY_SIZE
-_Static_assert(EC_CIPHERKEY_INDEX + BOOT_ENC_KEY_SIZE == EXPECTED_ENC_LEN,
-        "Please fix ECIES-X25519 component indexes");
-
 #define X25519_OID "\x6e"
 static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG \
                                        MBEDTLS_OID_ORG_GOV X25519_OID;

Original file line number	Diff line number	Diff line change
`@@ -100,12 +100,12 @@ static int bootutil_rsa_oaep_decrypt(`
`100`	`100`	`return -1;`
`101`	`101`	`}`
`102`	`102`	`size_t input_size = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attr));`
`103`		`- if (input_size != TLV_ENC_RSA_SZ) {`
	`103`	`+ if (input_size != BOOT_ENC_TLV_SIZE) {`
`104`	`104`	`return -1;`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`status = psa_asymmetric_decrypt(ctx->key_id, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),`
`108`		`- input, TLV_ENC_RSA_SZ, NULL, 0,`
	`108`	`+ input, BOOT_ENC_TLV_SIZE, NULL, 0,`
`109`	`109`	`output, output_max_len, olen);`
`110`	`110`	`return (int)status;`
`111`	`111`	`}`