Encrypted image build issue with PSA and serial recovery #2629
Description
Hi
I have tried to build the encrypted image feature with serial recovery enabled and got several build issues.
mcuboot_opensource/boot/boot_serial/src/boot_serial_encryption.c:115:31: error: 'struct enc_data' declared inside parameter list will not be visible outside of this definition or declaration [-Werror]
115 | decrypt_region_inplace(struct enc_data *enc_data,
| ^~~~~~~~
mcuboot_opensource/boot/boot_serial/src/boot_serial_encryption.c: In function 'decrypt_region_inplace':
/mcuboot_opensource/boot/boot_serial/src/boot_serial_encryption.c:170:30: error: passing argument 1 of 'boot_enc_decrypt' from incompatible pointer type [-Wincompatible-pointer-types]
170 | boot_enc_decrypt(enc_data,
| ^~~~~~~~
| |
| struct enc_data *
In file included from mcuboot_opensource/boot/bootutil/src/bootutil_priv.h:44,
from /mcuboot_opensource/boot/boot_serial/src/boot_serial_encryption.c:10:
mcuboot_opensource/boot/bootutil/include/bootutil/enc_key.h:73:44: note: expected 'struct enc_key_data *' but argument is of type 'struct enc_data *'
73 | void boot_enc_decrypt(struct enc_key_data *enc_state,
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
mcuboot_opensource/boot/boot_serial/src/boot_serial_encryption.c: In function 'decrypt_image_inplace':
mcuboot_opensource/boot/boot_serial/src/boot_serial_encryption.c:266:37: error: incompatible type for argument 1 of 'decrypt_region_inplace'
266 | rc = decrypt_region_inplace(enc_data, fa_p, hdr, size, sect_size);
| ^~~~~~~~
| |
| struct enc_key_data
mcuboot_opensource/boot/boot_serial/src/boot_serial_encryption.c:115:41: note: expected 'struct enc_data *' but argument is of type 'struct enc_key_data'
115 | decrypt_region_inplace(struct enc_data *enc_data,
| ~~~~~~~~~~~~~~~~~^~~~~~~~
mcuboot_opensource/boot/boot_serial/src/boot_serial_encryption.c:275:5: error: implicit declaration of function 'boot_enc_zeorize'; did you mean 'boot_enc_zeroize'? [-Wimplicit-function-declaration]
275 | boot_enc_zeorize(&enc_data);
| ^~~~~~~~~~~~~~~~
| boot_enc_zeroize
mcuboot_opensource/boot/boot_serial/src/boot_serial_encryption.c:276:22: error: passing argument 1 of 'boot_state_clear' from incompatible pointer type [-Wincompatible-pointer-types]
276 | boot_state_clear(&state);
| ^~~~~~
| |
| struct boot_loader_state **
In file included from mcuboot_opensource/boot/bootutil/src/bootutil_priv.h:37:
mcuboot_opensource/boot/bootutil/include/bootutil/bootutil.h:89:49: note: expected 'struct boot_loader_state *' but argument is of type 'struct boot_loader_state **'
89 | void boot_state_clear(struct boot_loader_state *state);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~
cc1.exe: all warnings being treated as errors
Same goes for encrypted.c module if PSA crypto backend is selected.
mcuboot_opensource/boot/bootutil/src/encrypted.c:100:40: error: 'MBEDTLS_OID_EC_ALG_UNRESTRICTED' undeclared here (not in a function)
100 | static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c:101:43: error: 'MBEDTLS_OID_EC_GRP_SECP256R1' undeclared here (not in a function); did you mean 'MBEDTLS_ECP_DP_SECP256R1'?
101 | static const uint8_t ec_secp256r1_oid[] = MBEDTLS_OID_EC_GRP_SECP256R1;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| MBEDTLS_ECP_DP_SECP256R1
mcuboot_opensource/boot/bootutil/src/encrypted.c: In function 'parse_priv_enckey':
mcuboot_opensource/boot/bootutil/src/encrypted.c:112:5: error: unknown type name 'mbedtls_asn1_buf'
112 | mbedtls_asn1_buf alg;
| ^~~~~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c:113:5: error: unknown type name 'mbedtls_asn1_buf'
113 | mbedtls_asn1_buf param;
| ^~~~~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c:115:9: error: implicit declaration of function 'mbedtls_asn1_get_tag'; did you mean 'mbedtls_psa_get_stats'? [-Wimplicit-function-declaration]
115 | if (mbedtls_asn1_get_tag(p, end, &len,
| ^~~~~~~~~~~~~~~~~~~~
| mbedtls_psa_get_stats
mcuboot_opensource/boot/bootutil/src/encrypted.c:116:30: error: 'MBEDTLS_ASN1_CONSTRUCTED' undeclared (first use in this function)
116 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) {
| ^~~~~~~~~~~~~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c:116:30: note: each undeclared identifier is reported only once for each function it appears in
mcuboot_opensource/boot/bootutil/src/encrypted.c:116:57: error: 'MBEDTLS_ASN1_SEQUENCE' undeclared (first use in this function); did you mean 'MBEDTLS_ASN1_WRITE_C'?
116 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0) {
| ^~~~~~~~~~~~~~~~~~~~~
| MBEDTLS_ASN1_WRITE_C
mcuboot_opensource/boot/bootutil/src/encrypted.c:125:9: error: implicit declaration of function 'mbedtls_asn1_get_int'; did you mean 'mbedtls_mpi_get_bit'? [-Wimplicit-function-declaration]
125 | if (mbedtls_asn1_get_int(p, end, &version) || version != 0) {
| ^~~~~~~~~~~~~~~~~~~~
| mbedtls_mpi_get_bit
mcuboot_opensource/boot/bootutil/src/encrypted.c:129:9: error: implicit declaration of function 'mbedtls_asn1_get_alg'; did you mean 'mbedtls_psa_get_stats'? [-Wimplicit-function-declaration]
129 | if (mbedtls_asn1_get_alg(p, end, &alg, ¶m) != 0) {
| ^~~~~~~~~~~~~~~~~~~~
| mbedtls_psa_get_stats
mcuboot_opensource/boot/bootutil/src/encrypted.c:133:12: error: request for member 'len' in something not a structure or union
133 | if (alg.ASN1_CONTEXT_MEMBER(len) != sizeof(ec_pubkey_oid) - 1 ||
| ^
mcuboot_opensource/boot/bootutil/src/encrypted.c:134:19: error: request for member 'p' in something not a structure or union
134 | memcmp(alg.ASN1_CONTEXT_MEMBER(p), ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
| ^
mcuboot_opensource/boot/bootutil/src/encrypted.c:137:14: error: request for member 'len' in something not a structure or union
137 | if (param.ASN1_CONTEXT_MEMBER(len) != sizeof(ec_secp256r1_oid) - 1 ||
| ^
mcuboot_opensource/boot/bootutil/src/encrypted.c:138:21: error: request for member 'p' in something not a structure or union
138 | memcmp(param.ASN1_CONTEXT_MEMBER(p), ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
| ^
mcuboot_opensource/boot/bootutil/src/encrypted.c:142:44: error: 'MBEDTLS_ASN1_OCTET_STRING' undeclared (first use in this function); did you mean 'MBEDTLS_VERSION_STRING'?
142 | if (mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING) != 0) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| MBEDTLS_VERSION_STRING
mcuboot_opensource/boot/bootutil/src/encrypted.c:164:16: error: 'NUM_ECC_BYTES' undeclared (first use in this function)
164 | if (len != NUM_ECC_BYTES) {
| ^~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c: In function 'hkdf':
mcuboot_opensource/boot/bootutil/src/encrypted.c:244:5: error: unknown type name 'bootutil_hmac_sha256_context'; did you mean 'bootutil_aes_ctr_context'?
244 | bootutil_hmac_sha256_context hmac;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| bootutil_aes_ctr_context
mcuboot_opensource/boot/bootutil/src/encrypted.c:245:18: error: 'BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE' undeclared (first use in this function)
245 | uint8_t salt[BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c:262:5: error: implicit declaration of function 'bootutil_hmac_sha256_init'; did you mean 'bootutil_aes_ctr_init'? [-Wimplicit-function-declaration]
262 | bootutil_hmac_sha256_init(&hmac);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| bootutil_aes_ctr_init
mcuboot_opensource/boot/bootutil/src/encrypted.c:265:10: error: implicit declaration of function 'bootutil_hmac_sha256_set_key'; did you mean 'bootutil_aes_ctr_set_key'? [-Wimplicit-function-declaration]
265 | rc = bootutil_hmac_sha256_set_key(&hmac, salt, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| bootutil_aes_ctr_set_key
mcuboot_opensource/boot/bootutil/src/encrypted.c:270:10: error: implicit declaration of function 'bootutil_hmac_sha256_update' [-Wimplicit-function-declaration]
270 | rc = bootutil_hmac_sha256_update(&hmac, ikm, ikm_len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c:275:10: error: implicit declaration of function 'bootutil_hmac_sha256_finish' [-Wimplicit-function-declaration]
275 | rc = bootutil_hmac_sha256_finish(&hmac, prk, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c:280:5: error: implicit declaration of function 'bootutil_hmac_sha256_drop'; did you mean 'bootutil_aes_ctr_drop'? [-Wimplicit-function-declaration]
280 | bootutil_hmac_sha256_drop(&hmac);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| bootutil_aes_ctr_drop
mcuboot_opensource/boot/bootutil/src/encrypted.c:289:69: error: left-hand operand of comma expression has no effect [-Werror=unused-value]
289 | for (off = 0; len > 0; off += BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE, ++counter) {
| ^
mcuboot_opensource/boot/bootutil/src/encrypted.c: In function 'boot_decrypt_key':
mcuboot_opensource/boot/bootutil/src/encrypted.c:383:5: error: unknown type name 'bootutil_hmac_sha256_context'; did you mean 'bootutil_aes_ctr_context'?
383 | bootutil_hmac_sha256_context hmac;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| bootutil_aes_ctr_context
mcuboot_opensource/boot/bootutil/src/encrypted.c:385:17: error: 'BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE' undeclared (first use in this function)
385 | uint8_t tag[BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c:389:21: error: 'BOOT_ENC_BLOCK_SIZE' undeclared (first use in this function); did you mean 'BOOT_ENC_TLV_SIZE'?
389 | uint8_t counter[BOOT_ENC_BLOCK_SIZE];
| ^~~~~~~~~~~~~~~~~~~
| BOOT_ENC_TLV_SIZE
mcuboot_opensource/boot/bootutil/src/encrypted.c:392:5: error: unknown type name 'bootutil_key_exchange_ctx'
392 | bootutil_key_exchange_ctx pk_ctx;
| ^~~~~~~~~~~~~~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c:455:5: error: implicit declaration of function 'bootutil_ecdh_p256_init'; did you mean 'bootutil_aes_ctr_init'? [-Wimplicit-function-declaration]
455 | bootutil_ecdh_p256_init(&pk_ctx);
| ^~~~~~~~~~~~~~~~~~~~~~~
| bootutil_aes_ctr_init
mcuboot_opensource/boot/bootutil/src/encrypted.c:457:10: error: implicit declaration of function 'bootutil_ecdh_p256_shared_secret' [-Wimplicit-function-declaration]
457 | rc = bootutil_ecdh_p256_shared_secret(&pk_ctx, &buf[EC_PUBK_INDEX], private_key, shared);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mcuboot_opensource/boot/bootutil/src/encrypted.c:458:5: error: implicit declaration of function 'bootutil_ecdh_p256_drop'; did you mean 'bootutil_aes_ctr_drop'? [-Wimplicit-function-declaration]
458 | bootutil_ecdh_p256_drop(&pk_ctx);
| ^~~~~~~~~~~~~~~~~~~~~~~
| bootutil_aes_ctr_drop
cc1.exe: all warnings being treated as errors
I assume the support of encrypted image is not fully enabled for these configurations. Do you have a plan to fix it in next release?