diff --git a/esp_encrypted_img/CHANGELOG.md b/esp_encrypted_img/CHANGELOG.md new file mode 100644 index 0000000000..72bf7a423a --- /dev/null +++ b/esp_encrypted_img/CHANGELOG.md @@ -0,0 +1,4 @@ +## 2.0.4 + +- `rsa_pub_key` member of `esp_decrypt_cfg_t` structure is now deprecated. Please use `rsa_priv_key` instead. +- `rsa_pub_key_len` member of `esp_decrypt_cfg_t` structure is now deprecated. Please use `rsa_priv_key_len` instead. diff --git a/esp_encrypted_img/idf_component.yml b/esp_encrypted_img/idf_component.yml index d948664ad7..092878df56 100644 --- a/esp_encrypted_img/idf_component.yml +++ b/esp_encrypted_img/idf_component.yml @@ -1,4 +1,4 @@ -version: "2.0.3" +version: "2.0.4" description: ESP Encrypted Image Abstraction Layer url: https://github.com/espressif/idf-extra-components/tree/master/esp_encrypted_img dependencies: diff --git a/esp_encrypted_img/include/esp_encrypted_img.h b/esp_encrypted_img/include/esp_encrypted_img.h index 1f843bd12d..58acd3e126 100644 --- a/esp_encrypted_img/include/esp_encrypted_img.h +++ b/esp_encrypted_img/include/esp_encrypted_img.h @@ -6,6 +6,7 @@ #pragma once #include +#include #if 0 //High level layout for state machine @@ -42,13 +43,31 @@ ESP_FAIL --> [*] extern "C" { #endif +#if (ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(5, 2, 0)) +#define DEPRECATED_ATTRIBUTE __attribute__((deprecated)) +#else +#define DEPRECATED_ATTRIBUTE +#endif + typedef void *esp_decrypt_handle_t; typedef struct { - const char *rsa_pub_key; /*!< 3072 bit RSA key in PEM format */ - size_t rsa_pub_key_len; /*!< Length of the buffer pointed to by rsa_pub_key*/ + union { + const char *rsa_priv_key; /*!< 3072 bit RSA private key in PEM format */ + const char *rsa_pub_key DEPRECATED_ATTRIBUTE; /*!< This name is kept for backward compatibility purpose, + but it is not accurate (meaning wise) and hence it would + be removed in the next major release */ + }; + union { + size_t rsa_priv_key_len; /*!< Length of the buffer pointed to by rsa_priv_key */ + size_t rsa_pub_key_len DEPRECATED_ATTRIBUTE; /*!< This name is kept for backward compatibility purpose, + but it is not accurate (meaning wise) and hence it would + be removed in the next major release */ + }; } esp_decrypt_cfg_t; +#undef DEPRECATED_ATTRIBUTE + typedef struct { const char *data_in; /*!< Pointer to data to be decrypted */ size_t data_in_len; /*!< Input data length */ @@ -73,7 +92,7 @@ esp_decrypt_handle_t esp_encrypted_img_decrypt_start(const esp_decrypt_cfg_t *cf * @brief This function performs decryption on input data. * * This function must be called only if esp_encrypted_img_decrypt_start() returns successfully. -* This function must be called in a loop since since input data might not contain whole binary at once. +* This function must be called in a loop since input data might not contain whole binary at once. * This function must be called till it return ESP_OK. * * @note args->data_out must be freed after use provided args->data_out_len is greater than 0 @@ -83,7 +102,8 @@ esp_decrypt_handle_t esp_encrypted_img_decrypt_start(const esp_decrypt_cfg_t *cf * * @return * - ESP_FAIL On failure -* - ESP_ERR_DECRYPT_IN_PROGRESS Decryption is in process +* - ESP_ERR_INVALID_ARG Invalid arguments +* - ESP_ERR_NOT_FINISHED Decryption is in process * - ESP_OK Success */ esp_err_t esp_encrypted_img_decrypt_data(esp_decrypt_handle_t ctx, pre_enc_decrypt_arg_t *args); diff --git a/esp_encrypted_img/src/esp_encrypted_img.c b/esp_encrypted_img/src/esp_encrypted_img.c index 548bc46a30..4931d49a08 100644 --- a/esp_encrypted_img/src/esp_encrypted_img.c +++ b/esp_encrypted_img/src/esp_encrypted_img.c @@ -121,7 +121,7 @@ static int decipher_gcm_key(const char *enc_gcm, esp_encrypted_img_t *handle) esp_decrypt_handle_t esp_encrypted_img_decrypt_start(const esp_decrypt_cfg_t *cfg) { - if (cfg == NULL || cfg->rsa_pub_key == NULL) { + if (cfg == NULL || cfg->rsa_priv_key == NULL) { ESP_LOGE(TAG, "esp_encrypted_img_decrypt_start : Invalid argument"); return NULL; } @@ -133,7 +133,7 @@ esp_decrypt_handle_t esp_encrypted_img_decrypt_start(const esp_decrypt_cfg_t *cf goto failure; } - handle->rsa_pem = calloc(1, cfg->rsa_pub_key_len); + handle->rsa_pem = calloc(1, cfg->rsa_priv_key_len); if (!handle->rsa_pem) { ESP_LOGE(TAG, "Couldn't allocate memory to handle->rsa_pem"); goto failure; @@ -145,8 +145,8 @@ esp_decrypt_handle_t esp_encrypted_img_decrypt_start(const esp_decrypt_cfg_t *cf goto failure; } - memcpy(handle->rsa_pem, cfg->rsa_pub_key, cfg->rsa_pub_key_len); - handle->rsa_len = cfg->rsa_pub_key_len; + memcpy(handle->rsa_pem, cfg->rsa_priv_key, cfg->rsa_priv_key_len); + handle->rsa_len = cfg->rsa_priv_key_len; handle->state = ESP_PRE_ENC_IMG_READ_MAGIC; esp_decrypt_handle_t ctx = (esp_decrypt_handle_t)handle; diff --git a/esp_encrypted_img/test/test.c b/esp_encrypted_img/test/test.c index efb4afcf17..7a33822a3a 100644 --- a/esp_encrypted_img/test/test.c +++ b/esp_encrypted_img/test/test.c @@ -23,8 +23,8 @@ extern const uint8_t bin_end[] asm("_binary_image_bin_end"); TEST_CASE("Sending all data at once", "[encrypted_img]") { esp_decrypt_cfg_t cfg = { - .rsa_pub_key = (char *)rsa_private_pem_start, - .rsa_pub_key_len = rsa_private_pem_end - rsa_private_pem_start, + .rsa_priv_key = (char *)rsa_private_pem_start, + .rsa_priv_key_len = rsa_private_pem_end - rsa_private_pem_start, }; esp_decrypt_handle_t ctx = esp_encrypted_img_decrypt_start(&cfg); TEST_ASSERT_NOT_NULL(ctx); @@ -53,8 +53,8 @@ TEST_CASE("Sending all data at once", "[encrypted_img]") TEST_CASE("Sending 1 byte data at once", "[encrypted_img]") { esp_decrypt_cfg_t cfg = { - .rsa_pub_key = (char *)rsa_private_pem_start, - .rsa_pub_key_len = rsa_private_pem_end - rsa_private_pem_start, + .rsa_priv_key = (char *)rsa_private_pem_start, + .rsa_priv_key_len = rsa_private_pem_end - rsa_private_pem_start, }; esp_decrypt_handle_t ctx = esp_encrypted_img_decrypt_start(&cfg); TEST_ASSERT_NOT_NULL(ctx); @@ -154,8 +154,8 @@ TEST_CASE("Invalid Magic", "[encrypted_img]") }; esp_decrypt_cfg_t cfg = { - .rsa_pub_key = (char *)rsa_private_pem_start, - .rsa_pub_key_len = rsa_private_pem_end - rsa_private_pem_start, + .rsa_priv_key = (char *)rsa_private_pem_start, + .rsa_priv_key_len = rsa_private_pem_end - rsa_private_pem_start, }; esp_decrypt_handle_t ctx = esp_encrypted_img_decrypt_start(&cfg); TEST_ASSERT_NOT_NULL(ctx); @@ -247,8 +247,8 @@ TEST_CASE("Invalid Image", "[encrypted_img]") }; esp_decrypt_cfg_t cfg = { - .rsa_pub_key = (char *)rsa_private_pem_start, - .rsa_pub_key_len = rsa_private_pem_end - rsa_private_pem_start, + .rsa_priv_key = (char *)rsa_private_pem_start, + .rsa_priv_key_len = rsa_private_pem_end - rsa_private_pem_start, }; esp_decrypt_handle_t ctx = esp_encrypted_img_decrypt_start(&cfg); TEST_ASSERT_NOT_NULL(ctx); @@ -275,8 +275,8 @@ TEST_CASE("Invalid Image", "[encrypted_img]") TEST_CASE("Sending random size data at once", "[encrypted_img]") { esp_decrypt_cfg_t cfg = { - .rsa_pub_key = (char *)rsa_private_pem_start, - .rsa_pub_key_len = rsa_private_pem_end - rsa_private_pem_start, + .rsa_priv_key = (char *)rsa_private_pem_start, + .rsa_priv_key_len = rsa_private_pem_end - rsa_private_pem_start, }; esp_decrypt_handle_t ctx = esp_encrypted_img_decrypt_start(&cfg); TEST_ASSERT_NOT_NULL(ctx); @@ -314,8 +314,8 @@ TEST_CASE("Sending random size data at once", "[encrypted_img]") TEST_CASE("Test canceling decryption frees memory", "[encrypted_img]") { esp_decrypt_cfg_t cfg = { - .rsa_pub_key = (char *)rsa_private_pem_start, - .rsa_pub_key_len = rsa_private_pem_end - rsa_private_pem_start, + .rsa_priv_key = (char *)rsa_private_pem_start, + .rsa_priv_key_len = rsa_private_pem_end - rsa_private_pem_start, }; int free_bytes_start = xPortGetFreeHeapSize(); esp_decrypt_handle_t ctx = esp_encrypted_img_decrypt_start(&cfg);