boot_serial: Use struct enc_data in decrypt_region_inplace

de-nordic · de-nordic · commit df8bd50ae47a · 2025-10-28T08:52:22.000Z
It does not have to know boot_loader_state object,
it only has to have encryption context.

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/boot/boot_serial/src/boot_serial_encryption.c b/boot/boot_serial/src/boot_serial_encryption.c
@@ -111,7 +111,7 @@ read_image_size(const struct flash_area *fa_p,
  * @return                      0 on success; nonzero on failure.
  */
 static int
-decrypt_region_inplace(struct boot_loader_state *state,
+decrypt_region_inplace(struct enc_data *enc_data,
                        const struct flash_area *fap,
                        struct image_header *hdr,
                        uint32_t off, uint32_t sz)
@@ -123,11 +123,8 @@ decrypt_region_inplace(struct boot_loader_state *state,
     size_t blk_off;
     uint16_t idx;
     uint32_t blk_sz;
-    int slot = flash_area_id_to_multi_image_slot(BOOT_CURR_IMG(state),
-                                                 flash_area_get_id(fap));
     uint8_t buf[sz] __attribute__((aligned));
     assert(sz <= sizeof buf);
-    assert(slot >= 0);
 
     bytes_copied = 0;
     while (bytes_copied < sz) {
@@ -169,7 +166,7 @@ decrypt_region_inplace(struct boot_loader_state *state,
                     blk_sz = tlv_off - (off + bytes_copied);
                 }
             }
-            boot_enc_decrypt(BOOT_CURR_ENC_SLOT(state, slot),
+            boot_enc_decrypt(enc_data,
                     (off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
                     blk_off, &buf[idx]);
         }
@@ -217,6 +214,7 @@ decrypt_image_inplace(const struct flash_area *fa_p,
     size_t sect_count;
     size_t sect;
     struct flash_sector sector;
+    struct enc_key_data enc_data;
 
     boot_state_clear(state);
     memset(&_bs, 0, sizeof(struct boot_status));
@@ -236,22 +234,25 @@ decrypt_image_inplace(const struct flash_area *fa_p,
         /* Load the encryption keys into cache */
         rc = boot_enc_load(state, BOOT_SLOT_PRIMARY, hdr, fa_p, bs);
         if (rc < 0) {
-            FIH_RET(fih_rc);
+            goto total_out;
         }
-        if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_PRIMARY), bs->enckey[BOOT_SLOT_PRIMARY])) {
-            FIH_RET(fih_rc);
+
+        boot_enc_init(&enc_data);
+
+        if (rc == 0 && boot_enc_set_key(&enc_data, bs->enckey[BOOT_SLOT_PRIMARY])) {
+            goto total_out;
         }
     }
     else
     {
         /* Expected encrypted image! */
-        FIH_RET(fih_rc);
+        goto total_out;
     }
 
     uint32_t src_size = 0;
     rc = read_image_size(fa_p,hdr, &src_size);
     if (rc != 0) {
-        FIH_RET(fih_rc);
+        goto total_out;
     }
 
     /* TODO: This assumes every sector has an equal size, should instead use
@@ -261,14 +262,16 @@ decrypt_image_inplace(const struct flash_area *fa_p,
     sect_size = sector.fs_size;
     sect_count = fa_p->fa_size / sect_size;
     for (sect = 0, size = 0; size < src_size && sect < sect_count; sect++) {
-        rc = decrypt_region_inplace(state, fa_p,hdr, size, sect_size);
+        rc = decrypt_region_inplace(enc_data, fa_p, hdr, size, sect_size);
         if (rc != 0) {
             FIH_RET(fih_rc);
         }
         size += sect_size;
     }
 
     fih_rc = FIH_SUCCESS;
+total_out:
+    boot_enc_deinit(&enc_data);
     FIH_RET(fih_rc);
 }
 
