[nrf fromlist] zephyr: Add support for AES256

ahasztag · ahasztag · commit 059657a83d7f · 2025-07-29T11:55:53.000+02:00
This commit adds the parts in the tooling allowing
AES256 to work with MCUBoot.
Currently only in combination PSA + ED25519

Upstream PR #: 2406

Signed-off-by: Artur Hadasz &lt;artur.hadasz@nordicsemi.no&gt;
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
@@ -717,6 +717,22 @@ config BOOT_ENCRYPT_X25519
 	help
 	  Hidden option selecting x25519 encryption.
 
+if BOOT_ENCRYPT_IMAGE
+
+choice BOOT_ENCRYPT_ALG
+	prompt "Algorithm used for image encryption"
+	default BOOT_ENCRYPT_ALG_AES_128
+
+config BOOT_ENCRYPT_ALG_AES_128
+	bool "Use AES-128 for image encryption"
+
+config BOOT_ENCRYPT_ALG_AES_256
+	bool "Use AES-256 for image encryption"
+
+endchoice # BOOT_ENCRYPT_ALG
+
+endif # BOOT_ENCRYPT_IMAGE
+
 if BOOT_ENCRYPT_X25519 && BOOT_USE_PSA_CRYPTO
 
 choice BOOT_HMAC_SHA
diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h
@@ -159,6 +159,14 @@
 #define MCUBOOT_ENCRYPT_X25519
 #endif
 
+#ifdef CONFIG_BOOT_ENCRYPT_ALG_AES_128
+#define MCUBOOT_AES_128
+#endif
+
+#ifdef CONFIG_BOOT_ENCRYPT_ALG_AES_256
+#define MCUBOOT_AES_256
+#endif
+
 /* Support for HMAC/HKDF using SHA512; this is used in key exchange where
  * HKDF is used for key expansion and HMAC is used for key verification.
  */
diff --git a/scripts/imgtool/image.py b/scripts/imgtool/image.py
@@ -443,14 +443,23 @@ def ecies_hkdf(self, enckey, plainkey, hmac_sha_alg):
         else:
             newpk = X25519PrivateKey.generate()
             shared = newpk.exchange(enckey._get_public())
+
+        # Detect AES key length from plainkey size
+        key_len = len(plainkey)  # 16 for AES-128, 32 for AES-256
+
+        # Generate derived key with appropriate length (key_len + 32 bytes for HMAC)
         derived_key = HKDF(
-            algorithm=hmac_sha_alg, length=48, salt=None,
+            algorithm=hmac_sha_alg, length=key_len + 32, salt=None,
             info=b'MCUBoot_ECIES_v1', backend=default_backend()).derive(shared)
-        encryptor = Cipher(algorithms.AES(derived_key[:16]),
+
+        # Use appropriate key length for AES encryption
+        encryptor = Cipher(algorithms.AES(derived_key[:key_len]),
                            modes.CTR(bytes([0] * 16)),
                            backend=default_backend()).encryptor()
         cipherkey = encryptor.update(plainkey) + encryptor.finalize()
-        mac = hmac.HMAC(derived_key[16:], hmac_sha_alg,
+
+        # Use remaining bytes for HMAC (after the AES key)
+        mac = hmac.HMAC(derived_key[key_len:], hmac_sha_alg,
                         backend=default_backend())
         mac.update(cipherkey)
         ciphermac = mac.finalize()
