boot_serial: Avoid re-initializing state in boot_image_validate_encrypted

A valid bootloader state was needed to validate encrypted images, so the
boot_image_validate_encrypted (only called from bs_list and bs_set) was
allocating and initializing a minimal state with the required content.
Now bs_list and bs_set have a valid bootloader state, the latter can be
given to boot_image_validate_encrypted, avoiding two bootloader state
allocations.

Signed-off-by: Thomas Altenbach <[email protected]>

Author: taltenbach

boot/boot_serial/include/boot_serial/boot_serial_encryption.h

@@ -11,6 +11,7 @@
 /**
  * Validate hash of a primary boot image doing on the fly decryption as well
  *
+ * @param[in]   state     bootloader state
  * @param[in]   fa_p      flash area pointer
  * @param[in]   hdr       boot image header pointer
  * @param[in]   buf       buffer which is used for validating data
@@ -20,7 +21,8 @@
  * @return                FIH_SUCCESS on success, error code otherwise
  */
 fih_ret
-boot_image_validate_encrypted(const struct flash_area *fa_p,
+boot_image_validate_encrypted(struct boot_loader_state *state,
+                              const struct flash_area *fa_p,
                               struct image_header *hdr, uint8_t *buf,
                               uint16_t buf_size
 );

boot/boot_serial/src/boot_serial.c

@@ -352,7 +352,7 @@ bs_list(struct boot_loader_state *state, char *buf, int len)
 #if defined(MCUBOOT_ENC_IMAGES)
 #if !defined(MCUBOOT_SINGLE_APPLICATION_SLOT)
                     if (IS_ENCRYPTED(&hdr) && MUST_DECRYPT(fap, image_index, &hdr)) {
-                        FIH_CALL(boot_image_validate_encrypted, fih_rc, fap,
+                        FIH_CALL(boot_image_validate_encrypted, fih_rc, state, fap,
                                  &hdr, tmpbuf, sizeof(tmpbuf));
                     } else {
 #endif
@@ -573,7 +573,7 @@ bs_set(struct boot_loader_state *state, char *buf, int len)
                     {
 #ifdef MCUBOOT_ENC_IMAGES
                         if (IS_ENCRYPTED(&hdr)) {
-                            FIH_CALL(boot_image_validate_encrypted, fih_rc, fap,
+                            FIH_CALL(boot_image_validate_encrypted, fih_rc, state, fap,
                                      &hdr, tmpbuf, sizeof(tmpbuf));
                         } else {
 #endif

boot/boot_serial/src/boot_serial_encryption.c

@@ -19,20 +19,18 @@
 BOOT_LOG_MODULE_DECLARE(serial_encryption);
 
 fih_ret
-boot_image_validate_encrypted(const struct flash_area *fa_p,
+boot_image_validate_encrypted(struct boot_loader_state *state,
+                              const struct flash_area *fa_p,
                               struct image_header *hdr, uint8_t *buf,
                               uint16_t buf_size)
 {
     FIH_DECLARE(fih_rc, FIH_FAILURE);
 
-    struct boot_loader_state boot_data;
-    struct boot_loader_state *state = &boot_data;
     struct boot_status _bs;
     struct boot_status *bs = &_bs;
     int rc;
 
-    memset(&boot_data, 0, sizeof(struct boot_loader_state));
-    if(IS_ENCRYPTED(hdr)) {
+    if (MUST_DECRYPT(fa_p, BOOT_CURR_IMG(state), hdr)) {
         rc = boot_enc_load(state, 1, hdr, fa_p, bs);
         if (rc < 0) {
             FIH_RET(fih_rc);
@@ -46,6 +44,8 @@ boot_image_validate_encrypted(const struct flash_area *fa_p,
     FIH_CALL(bootutil_img_validate, fih_rc, state,
              hdr, fa_p, buf, buf_size, NULL, 0, NULL);
 
+    boot_enc_zeroize(BOOT_CURR_ENC(state));
+
     FIH_RET(fih_rc);
 }
 
@@ -228,7 +228,7 @@ decrypt_image_inplace(const struct flash_area *fa_p,
 #if 0 //Skip this step?, the image will just not boot if it's not decrypted properly
         static uint8_t tmpbuf[BOOT_TMPBUF_SZ];
          /* First check if the encrypted image is a good image before decrypting */
-        FIH_CALL(boot_image_validate_encrypted,fih_rc,fa_p,&_hdr,tmpbuf,BOOT_TMPBUF_SZ);
+        FIH_CALL(boot_image_validate_encrypted, fih_rc, state, fa_p, &_hdr, tmpbuf, BOOT_TMPBUF_SZ);
         if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
              FIH_RET(fih_rc);
         }