bootutil: Refactor encrypted.c to have the same logic as image_validate

[RaphaelDupont]

Currently encrypted.c contains all the implementation of the functions inside enc_key.h for each configuration (RSA, EC256 and X25519).

The purpose of this pr is to adopt a logic similar to the file organization of image_validate to make it easier to add other configurations.

Note:
I'm not satisfied with the current state of fake_rng because it loses its static attribute.
I think putting it in encrypted_priv.h could solve this issue but I'm not sure if it is a good way to solve it.

[davidvincze]

Thank you for this patch. I think it's really useful.

A few initial comments and:
May I ask you to add the MCUBOOT_ENC_IMAGES and MCUBOOT_ENCRYPT_<...> config macros to the samples/mcuboot_config/mcuboot_config.template.h file with a short description? Thanks.
This is a bit out of the scope of this PR but it kind of belongs here.

[davidvincze]

Thank you for the updates!

There is a type in your last commit message, can you update that with a force push?
And please rebase your patches if required.
Sorry, I didn't intend the previous comment as a separate one, but as part of the review.

[davidvincze]

Thanks for the updates.

[davidvincze]

@nvlsianpu , @de-nordic, espressif and zephyr related files are directly affected (new files introoduced) in this change, could you approve this change if you think it won't cause any build issues?

[de-nordic]

@nvlsianpu , @de-nordic, espressif and zephyr related files are directly affected (new files introoduced) in this change, could you approve this change if you think it won't cause any build issues?

Let me test that with our code for Zephyr.
We lack espressif expert voice, but this is not unique to this PR, and I do not really know how to address this issue.

[davidvincze]

@nvlsianpu , @de-nordic, espressif and zephyr related files are directly affected (new files introoduced) in this change, could you approve this change if you think it won't cause any build issues?

Let me test that with our code for Zephyr. We lack espressif expert voice, but this is not unique to this PR, and I do not really know how to address this issue.

I guess we'll definitely have at least some kind of espressif voice if it breaks. 😅

[davidvincze]

@RaphaelDupont may I ask you to rebase the PR?
New patches have been merged recently and there are conflicting modifications in boot/bootutil/src/encrypted.c.

[RaphaelDupont]

@RaphaelDupont may I ask you to rebase the PR? New patches have been merged recently and there are conflicting modifications in boot/bootutil/src/encrypted.c.

The branch is now up-to-date.
Do you have other suggestions to make ?
Regarding the way some files are included for example.

[de-nordic]

There is some squashing needed.
I do not think that we need "bootutil : Reformat code according to suggestions" commits that look like review fixes on main.

[RaphaelDupont]

There is some squashing needed. I do not think that we need "bootutil : Reformat code according to suggestions" commits that look like review fixes on main.

Done

[RaphaelDupont]

Did you find other issues with this PR ?

[de-nordic]

I have run encryption and signature tests for ECDSA, RSA and 25519 against latest Zephyr and they seem to boot fine.
I am still trying to run test against sdk-nrf.

[de-nordic]

No hardcoded errors. Give them defines that can be used by caller.

[RaphaelDupont]

I think it can be a subject for an all other PR.
The error values of parse_ec256_enckey are hardcoded but they are also not used.

    rc = parse_ec256_enckey(&cp, cpend, private_key);
    if (rc) {
        return -1;
    }

The EC256 configuration is not the only one affected by this problem.

It would be a good opportinunity to discuss if MCUBoot should define its own error values or just propagate the one
it receives from the crypto module it uses (for example : Mbedtls).

[de-nordic]

It would be a good opportinunity to discuss if MCUBoot should define its own error values or just propagate the one it receives from the crypto module it uses (for example : Mbedtls).

The entire IT industry should figure it out, it is really annoying to be forced to debug where did the -EINVAL comes from, because everything returns it for some reason or an other.

[RaphaelDupont]

I checked how parse_ec256_enckey return value is handled on the main branch and the error is propagated when there is one.
So it is a change I made when I did the refactoring...
I reverted this.

[github-actions]

This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time.