bootutil: Drop slot number and boot_state from most boot_enc functions

de-nordic · de-nordic · commit 2fc1bd843db8 · 2025-10-21T09:30:45.000+02:00
Step forward in reducing entanglement between internal APIs.

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/boot/boot_serial/src/boot_serial_encryption.c b/boot/boot_serial/src/boot_serial_encryption.c
@@ -35,7 +35,7 @@ boot_image_validate_encrypted(struct boot_loader_state *state,
         if (rc < 0) {
             FIH_RET(fih_rc);
         }
-        rc = boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_SECONDARY, bs);
+        rc = boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_SECONDARY), bs->enckey[BOOT_SLOT_SECONDARY]);
         if (rc < 0) {
             FIH_RET(fih_rc);
         }
@@ -169,7 +169,7 @@ decrypt_region_inplace(struct boot_loader_state *state,
                     blk_sz = tlv_off - (off + bytes_copied);
                 }
             }
-            boot_enc_decrypt(BOOT_CURR_ENC(state), slot,
+            boot_enc_decrypt(BOOT_CURR_ENC_SLOT(state, slot),
                     (off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
                     blk_off, &buf[idx]);
         }
@@ -239,7 +239,7 @@ decrypt_image_inplace(const struct flash_area *fa_p,
         if (rc < 0) {
             FIH_RET(fih_rc);
         }
-        if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_PRIMARY, bs)) {
+        if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_PRIMARY), bs->enckey[BOOT_SLOT_PRIMARY])) {
             FIH_RET(fih_rc);
         }
     }
diff --git a/boot/bootutil/include/bootutil/enc_key.h b/boot/bootutil/include/bootutil/enc_key.h
@@ -61,18 +61,18 @@ struct boot_loader_state;
 /* Decrypt random, symmetric encryption key */
 int boot_decrypt_key(const uint8_t *buf, uint8_t *enckey);
 
-int boot_enc_init(struct enc_key_data *enc_state, uint8_t slot);
-int boot_enc_drop(struct enc_key_data *enc_state, uint8_t slot);
-int boot_enc_set_key(struct enc_key_data *enc_state, uint8_t slot,
-                     const struct boot_status *bs);
+int boot_enc_init(struct enc_key_data *enc_state);
+int boot_enc_drop(struct enc_key_data *enc_state);
+int boot_enc_set_key(struct enc_key_data *enc_state, const uint8_t *key);
 int boot_enc_load(struct boot_loader_state *state, int slot,
                   const struct image_header *hdr, const struct flash_area *fap,
                   struct boot_status *bs);
-bool boot_enc_valid(struct enc_key_data *enc_state, int slot);
-void boot_enc_encrypt(struct enc_key_data *enc_state, int slot,
+bool boot_enc_valid(const struct enc_key_data *enc_state);
+void boot_enc_encrypt(struct enc_key_data *enc_state,
         uint32_t off, uint32_t sz, uint32_t blk_off, uint8_t *buf);
-void boot_enc_decrypt(struct enc_key_data *enc_state, int slot,
+void boot_enc_decrypt(struct enc_key_data *enc_state,
         uint32_t off, uint32_t sz, uint32_t blk_off, uint8_t *buf);
+/* Note that boot_enc_zeorize takes BOOT_CURR_ENC, not BOOT_CURR_ENC_SLOT */
 void boot_enc_zeroize(struct enc_key_data *enc_state);
 
 #ifdef __cplusplus
diff --git a/boot/bootutil/src/bootutil_img_hash.c b/boot/bootutil/src/bootutil_img_hash.c
@@ -65,7 +65,6 @@ bootutil_img_hash(struct boot_loader_state *state,
     int fa_ret;
 #endif
 #if defined(MCUBOOT_ENC_IMAGES)
-    struct enc_key_data *enc_state;
     int image_index;
 #endif
 #if defined(MCUBOOT_SWAP_USING_OFFSET)
@@ -91,16 +90,14 @@ bootutil_img_hash(struct boot_loader_state *state,
 
 #ifdef MCUBOOT_ENC_IMAGES
     if (state == NULL) {
-        enc_state = NULL;
         image_index = 0;
     } else {
-        enc_state = BOOT_CURR_ENC(state);
         image_index = BOOT_CURR_IMG(state);
     }
 
     /* Encrypted images only exist in the secondary slot */
     if (MUST_DECRYPT(fap, image_index, hdr) &&
-            !boot_enc_valid(enc_state, 1)) {
+            !boot_enc_valid(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_SECONDARY))) {
         BOOT_LOG_DBG("bootutil_img_hash: error encrypted image found in primary slot");
         return -1;
     }
@@ -182,7 +179,7 @@ bootutil_img_hash(struct boot_loader_state *state,
 
             if (off >= hdr_size && off < tlv_off) {
                 blk_off = (off - hdr_size) & 0xf;
-                boot_enc_decrypt(enc_state, slot, off - hdr_size,
+                boot_enc_decrypt(BOOT_CURR_ENC_SLOT(state, slot), off - hdr_size,
                                  blk_sz, blk_off, tmp_buf);
             }
         }
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
@@ -483,8 +483,10 @@ static inline bool boot_u16_safe_add(uint16_t *dest, uint16_t a, uint16_t b)
 #endif
 #ifdef MCUBOOT_ENC_IMAGES
 #define BOOT_CURR_ENC(state) ((state)->enc[BOOT_CURR_IMG(state)])
+#define BOOT_CURR_ENC_SLOT(state, slot) (&((state)->enc[BOOT_CURR_IMG(state)][slot]))
 #else
 #define BOOT_CURR_ENC(state) NULL
+#define BOOT_CURR_ENC_SLOT(state, slot) NULL
 #endif
 #define BOOT_IMG(state, slot) ((state)->imgs[BOOT_CURR_IMG(state)][(slot)])
 #define BOOT_IMG_AREA(state, slot) (BOOT_IMG(state, slot).area)
diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c
@@ -573,7 +573,7 @@ boot_enc_load(struct boot_loader_state *state, int slot,
               const struct image_header *hdr, const struct flash_area *fap,
               struct boot_status *bs)
 {
-    struct enc_key_data *enc_state = BOOT_CURR_ENC(state);
+    struct enc_key_data *enc_state = BOOT_CURR_ENC_SLOT(state, slot);
     uint32_t off;
     uint16_t len;
     struct image_tlv_iter it;
@@ -587,13 +587,13 @@ boot_enc_load(struct boot_loader_state *state, int slot,
     BOOT_LOG_DBG("boot_enc_load: slot %d", slot);
 
     /* Already loaded... */
-    if (enc_state[slot].valid) {
+    if (boot_enc_valid(enc_state)) {
         BOOT_LOG_DBG("boot_enc_load: already loaded");
         return 1;
     }
 
     /* Initialize the AES context */
-    boot_enc_init(enc_state, slot);
+    boot_enc_init(enc_state);
 
 #if defined(MCUBOOT_SWAP_USING_OFFSET)
     it.start_off = boot_get_state_secondary_offset(state, fap);
@@ -627,48 +627,46 @@ boot_enc_load(struct boot_loader_state *state, int slot,
 }
 
 int
-boot_enc_init(struct enc_key_data *enc_state, uint8_t slot)
+boot_enc_init(struct enc_key_data *enc_state)
 {
-    bootutil_aes_ctr_init(&enc_state[slot].aes_ctr);
+    bootutil_aes_ctr_init(&enc_state->aes_ctr);
     return 0;
 }
 
 int
-boot_enc_drop(struct enc_key_data *enc_state, uint8_t slot)
+boot_enc_drop(struct enc_key_data *enc_state)
 {
-    bootutil_aes_ctr_drop(&enc_state[slot].aes_ctr);
-    enc_state[slot].valid = 0;
+    bootutil_aes_ctr_drop(&enc_state->aes_ctr);
+    enc_state->valid = 0;
     return 0;
 }
 
 int
-boot_enc_set_key(struct enc_key_data *enc_state, uint8_t slot,
-        const struct boot_status *bs)
+boot_enc_set_key(struct enc_key_data *enc_state, const uint8_t *key)
 {
     int rc;
 
-    rc = bootutil_aes_ctr_set_key(&enc_state[slot].aes_ctr, bs->enckey[slot]);
+    rc = bootutil_aes_ctr_set_key(&enc_state->aes_ctr, key);
     if (rc != 0) {
-        boot_enc_drop(enc_state, slot);
+        boot_enc_drop(enc_state);
         return -1;
     }
 
-    enc_state[slot].valid = 1;
+    enc_state->valid = 1;
 
     return 0;
 }
 
 bool
-boot_enc_valid(struct enc_key_data *enc_state, int slot)
+boot_enc_valid(const struct enc_key_data *enc_state)
 {
-    return enc_state[slot].valid;
+    return enc_state->valid;
 }
 
 void
-boot_enc_encrypt(struct enc_key_data *enc_state, int slot, uint32_t off,
+boot_enc_encrypt(struct enc_key_data *enc, uint32_t off,
              uint32_t sz, uint32_t blk_off, uint8_t *buf)
 {
-    struct enc_key_data *enc = &enc_state[slot];
     uint8_t nonce[16];
 
     /* Nothing to do with size == 0 */
@@ -688,10 +686,9 @@ boot_enc_encrypt(struct enc_key_data *enc_state, int slot, uint32_t off,
 }
 
 void
-boot_enc_decrypt(struct enc_key_data *enc_state, int slot, uint32_t off,
+boot_enc_decrypt(struct enc_key_data *enc, uint32_t off,
              uint32_t sz, uint32_t blk_off, uint8_t *buf)
 {
-    struct enc_key_data *enc = &enc_state[slot];
     uint8_t nonce[16];
 
     /* Nothing to do with size == 0 */
@@ -718,7 +715,7 @@ boot_enc_zeroize(struct enc_key_data *enc_state)
 {
     uint8_t slot;
     for (slot = 0; slot < BOOT_NUM_SLOTS; slot++) {
-        (void)boot_enc_drop(enc_state, slot);
+        (void)boot_enc_drop(&enc_state[slot]);
     }
     memset(enc_state, 0, sizeof(struct enc_key_data) * BOOT_NUM_SLOTS);
 }
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
@@ -645,7 +645,7 @@ boot_image_check(struct boot_loader_state *state, struct image_header *hdr,
         if (rc < 0) {
             FIH_RET(fih_rc);
         }
-        if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_SECONDARY, bs)) {
+        if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_SECONDARY), bs->enckey[BOOT_SLOT_SECONDARY])) {
             FIH_RET(fih_rc);
         }
     }
@@ -1378,11 +1378,11 @@ boot_copy_region(struct boot_loader_state *state,
                     }
                 }
                 if (source_slot == 0) {
-                    boot_enc_encrypt(BOOT_CURR_ENC(state), source_slot,
+                    boot_enc_encrypt(BOOT_CURR_ENC_SLOT(state, source_slot),
                             (abs_off + idx) - hdr->ih_hdr_size, blk_sz,
                             blk_off, &buf[idx]);
                 } else {
-                    boot_enc_decrypt(BOOT_CURR_ENC(state), source_slot,
+                    boot_enc_decrypt(BOOT_CURR_ENC_SLOT(state, source_slot),
                             (abs_off + idx) - hdr->ih_hdr_size, blk_sz,
                             blk_off, &buf[idx]);
                 }
@@ -1496,7 +1496,7 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs)
         if (rc < 0) {
             return BOOT_EBADIMAGE;
         }
-        if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_SECONDARY, bs)) {
+        if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_SECONDARY), bs->enckey[BOOT_SLOT_SECONDARY])) {
             return BOOT_EBADIMAGE;
         }
     }
@@ -1618,7 +1618,7 @@ boot_swap_image(struct boot_loader_state *state, struct boot_status *bs)
             assert(rc >= 0);
 
             if (rc == 0) {
-                rc = boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_PRIMARY, bs);
+                rc = boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_PRIMARY), bs->enckey[BOOT_SLOT_PRIMARY]);
                 assert(rc == 0);
             } else {
                 rc = 0;
@@ -1642,7 +1642,7 @@ boot_swap_image(struct boot_loader_state *state, struct boot_status *bs)
             assert(rc >= 0);
 
             if (rc == 0) {
-                rc = boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_SECONDARY, bs);
+                rc = boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_SECONDARY), bs->enckey[BOOT_SLOT_SECONDARY]);
                 assert(rc == 0);
             } else {
                 rc = 0;
@@ -1673,7 +1673,7 @@ boot_swap_image(struct boot_loader_state *state, struct boot_status *bs)
 #ifdef MCUBOOT_ENC_IMAGES
         for (slot = 0; slot < BOOT_NUM_SLOTS; slot++) {
 
-            boot_enc_init(BOOT_CURR_ENC(state), slot);
+            boot_enc_init(BOOT_CURR_ENC_SLOT(state, slot));
 
             rc = boot_read_enc_key(fap, slot, bs);
             assert(rc == 0);
@@ -1685,7 +1685,7 @@ boot_swap_image(struct boot_loader_state *state, struct boot_status *bs)
             }
 
             if (i != BOOT_ENC_KEY_SIZE) {
-                boot_enc_set_key(BOOT_CURR_ENC(state), slot, bs);
+                boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, slot), bs->enckey[slot]);
             }
         }
 #endif
diff --git a/boot/bootutil/src/ram_load.c b/boot/bootutil/src/ram_load.c
@@ -155,7 +155,7 @@ boot_decrypt_and_copy_image_to_sram(struct boot_loader_state *state,
     }
 
     /* if rc > 0 then the key has already been loaded */
-    if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), slot, &bs)) {
+    if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, slot), bs.enckey[slot])) {
         goto done;
     }
 
@@ -176,7 +176,7 @@ boot_decrypt_and_copy_image_to_sram(struct boot_loader_state *state,
              * Part of the chunk is encrypted payload */
             blk_sz = tlv_off - (bytes_copied);
         }
-        boot_enc_decrypt(BOOT_CURR_ENC(state), slot,
+        boot_enc_decrypt(BOOT_CURR_ENC_SLOT(state, slot),
                 (bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
                 blk_off, cur_dst);
         bytes_copied += chunk_sz;

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ boot_image_validate_encrypted(struct boot_loader_state *state,`
`35`	`35`	`if (rc < 0) {`
`36`	`36`	`FIH_RET(fih_rc);`
`37`	`37`	`}`
`38`		`- rc = boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_SECONDARY, bs);`
	`38`	`+ rc = boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_SECONDARY), bs->enckey[BOOT_SLOT_SECONDARY]);`
`39`	`39`	`if (rc < 0) {`
`40`	`40`	`FIH_RET(fih_rc);`
`41`	`41`	`}`
`@@ -169,7 +169,7 @@ decrypt_region_inplace(struct boot_loader_state *state,`
`169`	`169`	`blk_sz = tlv_off - (off + bytes_copied);`
`170`	`170`	`}`
`171`	`171`	`}`
`172`		`- boot_enc_decrypt(BOOT_CURR_ENC(state), slot,`
	`172`	`+ boot_enc_decrypt(BOOT_CURR_ENC_SLOT(state, slot),`
`173`	`173`	`(off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,`
`174`	`174`	`blk_off, &buf[idx]);`
`175`	`175`	`}`
`@@ -239,7 +239,7 @@ decrypt_image_inplace(const struct flash_area *fa_p,`
`239`	`239`	`if (rc < 0) {`
`240`	`240`	`FIH_RET(fih_rc);`
`241`	`241`	`}`
`242`		`- if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_PRIMARY, bs)) {`
	`242`	`+ if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_PRIMARY), bs->enckey[BOOT_SLOT_PRIMARY])) {`
`243`	`243`	`FIH_RET(fih_rc);`
`244`	`244`	`}`
`245`	`245`	`}`
Original file line number	Diff line number	Diff line change
`@@ -573,7 +573,7 @@ boot_enc_load(struct boot_loader_state *state, int slot,`
`573`	`573`	`const struct image_header hdr, const struct flash_area fap,`
`574`	`574`	`struct boot_status *bs)`
`575`	`575`	`{`
`576`		`- struct enc_key_data *enc_state = BOOT_CURR_ENC(state);`
	`576`	`+ struct enc_key_data *enc_state = BOOT_CURR_ENC_SLOT(state, slot);`
`577`	`577`	`uint32_t off;`
`578`	`578`	`uint16_t len;`
`579`	`579`	`struct image_tlv_iter it;`
`@@ -587,13 +587,13 @@ boot_enc_load(struct boot_loader_state *state, int slot,`
`587`	`587`	`BOOT_LOG_DBG("boot_enc_load: slot %d", slot);`
`588`	`588`
`589`	`589`	`/* Already loaded... */`
`590`		`- if (enc_state[slot].valid) {`
	`590`	`+ if (boot_enc_valid(enc_state)) {`
`591`	`591`	`BOOT_LOG_DBG("boot_enc_load: already loaded");`
`592`	`592`	`return 1;`
`593`	`593`	`}`
`594`	`594`
`595`	`595`	`/* Initialize the AES context */`
`596`		`- boot_enc_init(enc_state, slot);`
	`596`	`+ boot_enc_init(enc_state);`
`597`	`597`
`598`	`598`	`#if defined(MCUBOOT_SWAP_USING_OFFSET)`
`599`	`599`	`it.start_off = boot_get_state_secondary_offset(state, fap);`
`@@ -627,48 +627,46 @@ boot_enc_load(struct boot_loader_state *state, int slot,`
`627`	`627`	`}`
`628`	`628`
`629`	`629`	`int`
`630`		`-boot_enc_init(struct enc_key_data *enc_state, uint8_t slot)`
	`630`	`+boot_enc_init(struct enc_key_data *enc_state)`
`631`	`631`	`{`
`632`		`- bootutil_aes_ctr_init(&enc_state[slot].aes_ctr);`
	`632`	`+ bootutil_aes_ctr_init(&enc_state->aes_ctr);`
`633`	`633`	`return 0;`
`634`	`634`	`}`
`635`	`635`
`636`	`636`	`int`
`637`		`-boot_enc_drop(struct enc_key_data *enc_state, uint8_t slot)`
	`637`	`+boot_enc_drop(struct enc_key_data *enc_state)`
`638`	`638`	`{`
`639`		`- bootutil_aes_ctr_drop(&enc_state[slot].aes_ctr);`
`640`		`- enc_state[slot].valid = 0;`
	`639`	`+ bootutil_aes_ctr_drop(&enc_state->aes_ctr);`
	`640`	`+ enc_state->valid = 0;`
`641`	`641`	`return 0;`
`642`	`642`	`}`
`643`	`643`
`644`	`644`	`int`
`645`		`-boot_enc_set_key(struct enc_key_data *enc_state, uint8_t slot,`
`646`		`- const struct boot_status *bs)`
	`645`	`+boot_enc_set_key(struct enc_key_data enc_state, const uint8_t key)`
`647`	`646`	`{`
`648`	`647`	`int rc;`
`649`	`648`
`650`		`- rc = bootutil_aes_ctr_set_key(&enc_state[slot].aes_ctr, bs->enckey[slot]);`
	`649`	`+ rc = bootutil_aes_ctr_set_key(&enc_state->aes_ctr, key);`
`651`	`650`	`if (rc != 0) {`
`652`		`- boot_enc_drop(enc_state, slot);`
	`651`	`+ boot_enc_drop(enc_state);`
`653`	`652`	`return -1;`
`654`	`653`	`}`
`655`	`654`
`656`		`- enc_state[slot].valid = 1;`
	`655`	`+ enc_state->valid = 1;`
`657`	`656`
`658`	`657`	`return 0;`
`659`	`658`	`}`
`660`	`659`
`661`	`660`	`bool`
`662`		`-boot_enc_valid(struct enc_key_data *enc_state, int slot)`
	`661`	`+boot_enc_valid(const struct enc_key_data *enc_state)`
`663`	`662`	`{`
`664`		`- return enc_state[slot].valid;`
	`663`	`+ return enc_state->valid;`
`665`	`664`	`}`
`666`	`665`
`667`	`666`	`void`
`668`		`-boot_enc_encrypt(struct enc_key_data *enc_state, int slot, uint32_t off,`
	`667`	`+boot_enc_encrypt(struct enc_key_data *enc, uint32_t off,`
`669`	`668`	`uint32_t sz, uint32_t blk_off, uint8_t *buf)`
`670`	`669`	`{`
`671`		`- struct enc_key_data *enc = &enc_state[slot];`
`672`	`670`	`uint8_t nonce[16];`
`673`	`671`
`674`	`672`	`/* Nothing to do with size == 0 */`
`@@ -688,10 +686,9 @@ boot_enc_encrypt(struct enc_key_data *enc_state, int slot, uint32_t off,`
`688`	`686`	`}`
`689`	`687`
`690`	`688`	`void`
`691`		`-boot_enc_decrypt(struct enc_key_data *enc_state, int slot, uint32_t off,`
	`689`	`+boot_enc_decrypt(struct enc_key_data *enc, uint32_t off,`
`692`	`690`	`uint32_t sz, uint32_t blk_off, uint8_t *buf)`
`693`	`691`	`{`
`694`		`- struct enc_key_data *enc = &enc_state[slot];`
`695`	`692`	`uint8_t nonce[16];`
`696`	`693`
`697`	`694`	`/* Nothing to do with size == 0 */`
`@@ -718,7 +715,7 @@ boot_enc_zeroize(struct enc_key_data *enc_state)`
`718`	`715`	`{`
`719`	`716`	`uint8_t slot;`
`720`	`717`	`for (slot = 0; slot < BOOT_NUM_SLOTS; slot++) {`
`721`		`- (void)boot_enc_drop(enc_state, slot);`
	`718`	`+ (void)boot_enc_drop(&enc_state[slot]);`
`722`	`719`	`}`
`723`	`720`	`memset(enc_state, 0, sizeof(struct enc_key_data) * BOOT_NUM_SLOTS);`
`724`	`721`	`}`
Original file line number	Diff line number	Diff line change
`@@ -645,7 +645,7 @@ boot_image_check(struct boot_loader_state state, struct image_header hdr,`
`645`	`645`	`if (rc < 0) {`
`646`	`646`	`FIH_RET(fih_rc);`
`647`	`647`	`}`
`648`		`- if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_SECONDARY, bs)) {`
	`648`	`+ if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_SECONDARY), bs->enckey[BOOT_SLOT_SECONDARY])) {`
`649`	`649`	`FIH_RET(fih_rc);`
`650`	`650`	`}`
`651`	`651`	`}`
`@@ -1378,11 +1378,11 @@ boot_copy_region(struct boot_loader_state *state,`
`1378`	`1378`	`}`
`1379`	`1379`	`}`
`1380`	`1380`	`if (source_slot == 0) {`
`1381`		`- boot_enc_encrypt(BOOT_CURR_ENC(state), source_slot,`
	`1381`	`+ boot_enc_encrypt(BOOT_CURR_ENC_SLOT(state, source_slot),`
`1382`	`1382`	`(abs_off + idx) - hdr->ih_hdr_size, blk_sz,`
`1383`	`1383`	`blk_off, &buf[idx]);`
`1384`	`1384`	`} else {`
`1385`		`- boot_enc_decrypt(BOOT_CURR_ENC(state), source_slot,`
	`1385`	`+ boot_enc_decrypt(BOOT_CURR_ENC_SLOT(state, source_slot),`
`1386`	`1386`	`(abs_off + idx) - hdr->ih_hdr_size, blk_sz,`
`1387`	`1387`	`blk_off, &buf[idx]);`
`1388`	`1388`	`}`
`@@ -1496,7 +1496,7 @@ boot_copy_image(struct boot_loader_state state, struct boot_status bs)`
`1496`	`1496`	`if (rc < 0) {`
`1497`	`1497`	`return BOOT_EBADIMAGE;`
`1498`	`1498`	`}`
`1499`		`- if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_SECONDARY, bs)) {`
	`1499`	`+ if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_SECONDARY), bs->enckey[BOOT_SLOT_SECONDARY])) {`
`1500`	`1500`	`return BOOT_EBADIMAGE;`
`1501`	`1501`	`}`
`1502`	`1502`	`}`
`@@ -1618,7 +1618,7 @@ boot_swap_image(struct boot_loader_state state, struct boot_status bs)`
`1618`	`1618`	`assert(rc >= 0);`
`1619`	`1619`
`1620`	`1620`	`if (rc == 0) {`
`1621`		`- rc = boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_PRIMARY, bs);`
	`1621`	`+ rc = boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_PRIMARY), bs->enckey[BOOT_SLOT_PRIMARY]);`
`1622`	`1622`	`assert(rc == 0);`
`1623`	`1623`	`} else {`
`1624`	`1624`	`rc = 0;`
`@@ -1642,7 +1642,7 @@ boot_swap_image(struct boot_loader_state state, struct boot_status bs)`
`1642`	`1642`	`assert(rc >= 0);`
`1643`	`1643`
`1644`	`1644`	`if (rc == 0) {`
`1645`		`- rc = boot_enc_set_key(BOOT_CURR_ENC(state), BOOT_SLOT_SECONDARY, bs);`
	`1645`	`+ rc = boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_SECONDARY), bs->enckey[BOOT_SLOT_SECONDARY]);`
`1646`	`1646`	`assert(rc == 0);`
`1647`	`1647`	`} else {`
`1648`	`1648`	`rc = 0;`
`@@ -1673,7 +1673,7 @@ boot_swap_image(struct boot_loader_state state, struct boot_status bs)`
`1673`	`1673`	`#ifdef MCUBOOT_ENC_IMAGES`
`1674`	`1674`	`for (slot = 0; slot < BOOT_NUM_SLOTS; slot++) {`
`1675`	`1675`
`1676`		`- boot_enc_init(BOOT_CURR_ENC(state), slot);`
	`1676`	`+ boot_enc_init(BOOT_CURR_ENC_SLOT(state, slot));`
`1677`	`1677`
`1678`	`1678`	`rc = boot_read_enc_key(fap, slot, bs);`
`1679`	`1679`	`assert(rc == 0);`
`@@ -1685,7 +1685,7 @@ boot_swap_image(struct boot_loader_state state, struct boot_status bs)`
`1685`	`1685`	`}`
`1686`	`1686`
`1687`	`1687`	`if (i != BOOT_ENC_KEY_SIZE) {`
`1688`		`- boot_enc_set_key(BOOT_CURR_ENC(state), slot, bs);`
	`1688`	`+ boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, slot), bs->enckey[slot]);`
`1689`	`1689`	`}`
`1690`	`1690`	`}`
`1691`	`1691`	`#endif`
Original file line number	Diff line number	Diff line change
`@@ -155,7 +155,7 @@ boot_decrypt_and_copy_image_to_sram(struct boot_loader_state *state,`
`155`	`155`	`}`
`156`	`156`
`157`	`157`	`/* if rc > 0 then the key has already been loaded */`
`158`		`- if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC(state), slot, &bs)) {`
	`158`	`+ if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, slot), bs.enckey[slot])) {`
`159`	`159`	`goto done;`
`160`	`160`	`}`
`161`	`161`
`@@ -176,7 +176,7 @@ boot_decrypt_and_copy_image_to_sram(struct boot_loader_state *state,`
`176`	`176`	`* Part of the chunk is encrypted payload */`
`177`	`177`	`blk_sz = tlv_off - (bytes_copied);`
`178`	`178`	`}`
`179`		`- boot_enc_decrypt(BOOT_CURR_ENC(state), slot,`
	`179`	`+ boot_enc_decrypt(BOOT_CURR_ENC_SLOT(state, slot),`
`180`	`180`	`(bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,`
`181`	`181`	`blk_off, cur_dst);`
`182`	`182`	`bytes_copied += chunk_sz;`