Support for CUSTOM_ENCRYPT_KEY that allows customer to supply their own implementation

Author: dgarske

docs/Targets.md

@@ -1047,23 +1047,20 @@ int wolfBoot_get_encrypt_key(uint8_t *key, uint8_t *nonce);
 int wolfBoot_erase_encrypt_key(void);  /* called automatically by wolfBoot_success() */
 ```
 
+To use your own implementation for getting the encryption key use `CUSTOM_ENCRYPT_KEY` and `OBJS_EXTRA=src/my_custom_encrypt_key.o`. Then provide your own implementation of `int wolfBoot_get_encrypt_key(uint8_t *key, uint8_t *nonce);`
+
 To sign and encrypt an image, create a key file with the concatenated key and nonce, then use the sign tool:
 
 ```sh
-# Create key file (32-byte key + 16-byte IV for AES-256)
-echo -n "0123456789abcdef0123456789abcdef0123456789abcdef" > enc_key.der
+# Create key file (32-byte key + 16-byte nonce for AES-256)
+printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der
 
 # Sign and encrypt
-./tools/keytools/sign --ecc384 --sha384 --aes256 --encrypt enc_key.der \
+./tools/keytools/sign --ecc384 --sha384 --aes256 --encrypt /tmp/enc_key.der \
     fitImage wolfboot_signing_private_key.der 1
 ```
 
-In your application, set the encryption key before triggering an update:
-
-```c
-wolfBoot_set_encrypt_key(enc_key, enc_iv);
-wolfBoot_update_trigger();
-```
+The result is `fitImage_v1_signed_and_encrypted.bin`, which gets placed into your OFP_A or OFP_B partitions.
 
 During boot, wolfBoot decrypts the image headers from disk to select the best candidate, loads and decrypts the full image to RAM, then verifies integrity and authenticity before booting. On successful boot, `wolfBoot_success()` clears the key from RAM.
 

docs/encrypted_partitions.md

@@ -36,6 +36,55 @@ wolfBoot upon next boot.
 Aside from setting the temporary key, the update mechanism remains the same for distributing, uploading and
 installing firmware updates through wolfBoot.
 
+### Custom encryption key storage
+
+You can use the `CUSTOM_ENCRYPT_KEY` option to implement your own functions for:
+`wolfBoot_get_encrypt_key`, `wolfBoot_set_encrypt_key` and
+`wolfBoot_erase_encrypt_key`.
+
+To enable:
+
+1) Add `CUSTOM_ENCRYPT_KEY=1` to your `.config`
+2) Add your own .c file using `OBJS_EXTRA`. For example, for your own
+   `src/custom_encrypt_key.c` add this to your `.config`:
+   `OBJS_EXTRA=src/custom_encrypt_key.o`
+
+Your custom implementation must provide these functions:
+
+```c
+int wolfBoot_set_encrypt_key(const uint8_t *key, const uint8_t *nonce);
+int wolfBoot_get_encrypt_key(uint8_t *key, uint8_t *nonce);
+int wolfBoot_erase_encrypt_key(void);
+```
+
+Example custom function for testing:
+
+```c
+#include "wolfboot/wolfboot.h"
+#include "image.h"
+
+int RAMFUNCTION wolfBoot_get_encrypt_key(uint8_t *key, uint8_t *nonce)
+{
+    int i;
+    /* Test key: "0123456789abcdef0123456789abcdef" (32 bytes for AES-256) */
+    const char test_key[] = "0123456789abcdef0123456789abcdef";
+    /* Test nonce: "0123456789abcdef" (16 bytes) */
+    const char test_nonce[] = "0123456789abcdef";
+
+    for (i = 0; i < ENCRYPT_KEY_SIZE && i < (int)sizeof(test_key); i++) {
+        key[i] = (uint8_t)test_key[i];
+    }
+    for (i = 0; i < ENCRYPT_NONCE_SIZE && i < (int)sizeof(test_nonce); i++) {
+        nonce[i] = (uint8_t)test_nonce[i];
+    }
+    return 0;
+}
+```
+
+Note: On platforms that use the src/update_disk.c loader it only reads from a
+GPT partition and with ENCRYPT=1 it only needs `wolfBoot_get_encrypt_key` implemented.
+
+
 ### Libwolfboot API
 
 The API to communicate with the bootloader from the application is expanded when this feature is enabled,

hal/mpfs250.c

@@ -1605,7 +1605,7 @@ int disk_read(int drv, uint64_t start, uint32_t count, uint8_t *buf)
     uint32_t start_offset = (start % EMMC_SD_BLOCK_SIZE);
     (void)drv; /* only one drive supported */
 
-#if 1 //def DEBUG_MMC
+#ifdef DEBUG_MMC
     wolfBoot_printf("disk_read: drv:%d, start:%llu, count:%d, dst:%p\n",
         drv, start, count, buf);
 #endif
@@ -1657,7 +1657,7 @@ int disk_write(int drv, uint64_t start, uint32_t count, const uint8_t *buf)
     uint32_t start_offset = (start % EMMC_SD_BLOCK_SIZE);
     (void)drv; /* only one drive supported */
 
-#if 1 //def DEBUG_MMC
+#ifdef DEBUG_MMC
     wolfBoot_printf("disk_write: drv:%d, start:%llu, count:%d, src:%p\n",
         drv, start, count, buf);
 #endif

options.mk

@@ -563,6 +563,9 @@ ifeq ($(ENCRYPT),1)
       endif
     endif
   endif
+  ifeq ($(CUSTOM_ENCRYPT_KEY),1)
+    CFLAGS+=-D"CUSTOM_ENCRYPT_KEY"
+  endif
 endif
 
 ifeq ($(EXT_FLASH),1)

src/libwolfboot.c

@@ -1491,6 +1491,7 @@ static int RAMFUNCTION hal_set_key(const uint8_t *k, const uint8_t *nonce)
     return ret;
 #endif
 }
+#ifndef CUSTOM_ENCRYPT_KEY
 /**
  * @brief Set the encryption key.
  *
@@ -1545,7 +1546,8 @@ int RAMFUNCTION wolfBoot_get_encrypt_key(uint8_t *k, uint8_t *nonce)
 #endif
     return 0;
 }
-#endif
+#endif /* UNIT_TEST */
+
 /**
  * @brief Erase the encryption key.
  *
@@ -1575,6 +1577,7 @@ int RAMFUNCTION wolfBoot_erase_encrypt_key(void)
 #endif
     return 0;
 }
+#endif /* !CUSTOM_ENCRYPT_KEY */
 
 #if defined(__WOLFBOOT) || defined(UNIT_TEST)
 
@@ -1585,20 +1588,31 @@ ChaCha chacha;
 
 int RAMFUNCTION chacha_init(void)
 {
-#if defined(MMU) || defined(UNIT_TEST)
-    const uint8_t *key = ENCRYPT_KEY;
+#ifdef CUSTOM_ENCRYPT_KEY
+    uint8_t stored_nonce[ENCRYPT_NONCE_SIZE];
+    uint8_t key[ENCRYPT_KEY_SIZE];
 #else
-    const uint8_t *key = (uint8_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS +
-        ENCRYPT_TMP_SECRET_OFFSET);
-#endif
-    uint8_t ff[ENCRYPT_KEY_SIZE];
     const uint8_t* stored_nonce;
-
-#ifdef NVM_FLASH_WRITEONCE
-    key -= WOLFBOOT_SECTOR_SIZE * nvm_select_fresh_sector(PART_BOOT);
+    uint8_t *key;
 #endif
+    uint8_t ff[ENCRYPT_KEY_SIZE];
 
+#ifdef CUSTOM_ENCRYPT_KEY
+    int ret = wolfBoot_get_encrypt_key(key, stored_nonce);
+    if (ret != 0)
+        return ret;
+#else
+    #if defined(MMU) || defined(UNIT_TEST)
+        key = ENCRYPT_KEY;
+    #else
+        key = (uint8_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS +
+            ENCRYPT_TMP_SECRET_OFFSET);
+    #endif
+    #ifdef NVM_FLASH_WRITEONCE
+        key -= WOLFBOOT_SECTOR_SIZE * nvm_select_fresh_sector(PART_BOOT);
+    #endif
     stored_nonce = key + ENCRYPT_KEY_SIZE;
+#endif
 
     XMEMSET(&chacha, 0, sizeof(chacha));
 
@@ -1632,9 +1646,14 @@ Aes aes_dec, aes_enc;
  */
 int aes_init(void)
 {
-    int devId;
+    int devId = INVALID_DEVID;
+#if defined(CUSTOM_ENCRYPT_KEY) && !defined(WOLFBOOT_RENESAS_TSIP)
+    uint8_t stored_nonce[ENCRYPT_NONCE_SIZE];
+    uint8_t key[ENCRYPT_KEY_SIZE];
+#else
     uint8_t *stored_nonce;
     uint8_t *key;
+#endif
     uint8_t ff[ENCRYPT_KEY_SIZE];
 
 #ifdef WOLFBOOT_RENESAS_TSIP
@@ -1645,19 +1664,20 @@ int aes_init(void)
     key = enc_key->encrypted_user_key;
     stored_nonce = enc_key->initial_vector;
     wolfCrypt_Init(); /* required to setup the crypto callback defaults */
-#else  /* non TSIP */
-    devId = INVALID_DEVID;
-#if defined(MMU) || defined(UNIT_TEST)
-    key = ENCRYPT_KEY;
+#elif defined(CUSTOM_ENCRYPT_KEY)
+    wolfBoot_get_encrypt_key(key, stored_nonce);
 #else
-    key = (uint8_t*)(WOLFBOOT_PARTITION_BOOT_ADDRESS +
-        ENCRYPT_TMP_SECRET_OFFSET);
-#endif
-#ifdef NVM_FLASH_WRITEONCE
-    key -= WOLFBOOT_SECTOR_SIZE * nvm_select_fresh_sector(PART_BOOT);
-#endif
-    stored_nonce = key + ENCRYPT_KEY_SIZE;
-#endif /* WOLFBOOT_RENESAS_TSIP */
+    #if defined(MMU) || defined(UNIT_TEST)
+        key = ENCRYPT_KEY;
+    #else
+        key = (uint8_t*)(WOLFBOOT_PARTITION_BOOT_ADDRESS +
+            ENCRYPT_TMP_SECRET_OFFSET);
+    #endif
+    #ifdef NVM_FLASH_WRITEONCE
+        key -= WOLFBOOT_SECTOR_SIZE * nvm_select_fresh_sector(PART_BOOT);
+    #endif
+        stored_nonce = key + ENCRYPT_KEY_SIZE;
+#endif /* non TSIP */
 
     XMEMSET(&aes_enc, 0, sizeof(aes_enc));
     XMEMSET(&aes_dec, 0, sizeof(aes_dec));