From aca2c0a3b70bebad27645f8d8de4dd5a74f60ad8 Mon Sep 17 00:00:00 2001
From: Stephane Le Roy <stephane.leroy@st.com>
Date: Wed, 15 Jan 2025 09:13:16 +0100
Subject: [PATCH] Improve TLV control under ALLOW_ROGUE_TLVS switch

The list of allowed unprotected tlvs is limited to expected TLV only,
depending on crypto scheme configuration. The original implementation
allows many additional TLV (related to other crypto schemes).

The allow_unprot_tlvs[] array changes requires the move of EXPECTED_ENC_TLV
definitions from encrypted.c to enc_key_public.h file.

Signed-off-by: Stephane Le Roy <stephane.leroy@st.com>
---
 .../include/bootutil/enc_key_public.h         | 22 ++++++++++++++++
 boot/bootutil/src/encrypted.c                 | 22 ----------------
 boot/bootutil/src/image_validate.c            | 26 +++++++++----------
 3 files changed, 34 insertions(+), 36 deletions(-)

diff --git a/boot/bootutil/include/bootutil/enc_key_public.h b/boot/bootutil/include/bootutil/enc_key_public.h
index 6874cfbc84..0887c8579e 100644
--- a/boot/bootutil/include/bootutil/enc_key_public.h
+++ b/boot/bootutil/include/bootutil/enc_key_public.h
@@ -59,6 +59,28 @@ extern "C" {
 #define BOOT_ENC_TLV_SIZE TLV_ENC_KW_SZ
 #endif
 
+#define EXPECTED_ENC_LEN        BOOT_ENC_TLV_SIZE
+
+#if defined(MCUBOOT_ENCRYPT_RSA)
+#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_RSA2048
+#elif defined(MCUBOOT_ENCRYPT_KW)
+#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_KW
+#elif defined(MCUBOOT_ENCRYPT_EC256)
+#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_EC256
+#    define EC_PUBK_INDEX       (0)
+#    define EC_TAG_INDEX        (65)
+#    define EC_CIPHERKEY_INDEX  (65 + 32)
+_Static_assert(EC_CIPHERKEY_INDEX + BOOT_ENC_KEY_SIZE == EXPECTED_ENC_LEN,
+        "Please fix ECIES-P256 component indexes");
+#elif defined(MCUBOOT_ENCRYPT_X25519)
+#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_X25519
+#    define EC_PUBK_INDEX       (0)
+#    define EC_TAG_INDEX        (32)
+#    define EC_CIPHERKEY_INDEX  (32 + 32)
+_Static_assert(EC_CIPHERKEY_INDEX + BOOT_ENC_KEY_SIZE == EXPECTED_ENC_LEN,
+        "Please fix ECIES-X25519 component indexes");
+#endif
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c
index 8449a28dd3..7bd38ccc6a 100644
--- a/boot/bootutil/src/encrypted.c
+++ b/boot/bootutil/src/encrypted.c
@@ -383,28 +383,6 @@ boot_enc_set_key(struct enc_key_data *enc_state, uint8_t slot,
     return 0;
 }
 
-#define EXPECTED_ENC_LEN        BOOT_ENC_TLV_SIZE
-
-#if defined(MCUBOOT_ENCRYPT_RSA)
-#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_RSA2048
-#elif defined(MCUBOOT_ENCRYPT_KW)
-#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_KW
-#elif defined(MCUBOOT_ENCRYPT_EC256)
-#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_EC256
-#    define EC_PUBK_INDEX       (0)
-#    define EC_TAG_INDEX        (65)
-#    define EC_CIPHERKEY_INDEX  (65 + 32)
-_Static_assert(EC_CIPHERKEY_INDEX + BOOT_ENC_KEY_SIZE == EXPECTED_ENC_LEN,
-        "Please fix ECIES-P256 component indexes");
-#elif defined(MCUBOOT_ENCRYPT_X25519)
-#    define EXPECTED_ENC_TLV    IMAGE_TLV_ENC_X25519
-#    define EC_PUBK_INDEX       (0)
-#    define EC_TAG_INDEX        (32)
-#    define EC_CIPHERKEY_INDEX  (32 + 32)
-_Static_assert(EC_CIPHERKEY_INDEX + BOOT_ENC_KEY_SIZE == EXPECTED_ENC_LEN,
-        "Please fix ECIES-X25519 component indexes");
-#endif
-
 #if ( (defined(MCUBOOT_ENCRYPT_RSA) && defined(MCUBOOT_USE_MBED_TLS) && !defined(MCUBOOT_USE_PSA_CRYPTO)) || \
       (defined(MCUBOOT_ENCRYPT_EC256) && defined(MCUBOOT_USE_MBED_TLS)) )
 #if MBEDTLS_VERSION_NUMBER >= 0x03000000
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index ec5d986df3..7d0cddde1d 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -358,20 +358,18 @@ bootutil_get_img_security_cnt(struct image_header *hdr,
  * TLV section.  All other TLV entries must be in the protected section.
  */
 static const uint16_t allowed_unprot_tlvs[] = {
-     IMAGE_TLV_KEYHASH,
-     IMAGE_TLV_PUBKEY,
-     IMAGE_TLV_SHA256,
-     IMAGE_TLV_SHA384,
-     IMAGE_TLV_SHA512,
-     IMAGE_TLV_RSA2048_PSS,
-     IMAGE_TLV_ECDSA224,
-     IMAGE_TLV_ECDSA_SIG,
-     IMAGE_TLV_RSA3072_PSS,
-     IMAGE_TLV_ED25519,
-     IMAGE_TLV_ENC_RSA2048,
-     IMAGE_TLV_ENC_KW,
-     IMAGE_TLV_ENC_EC256,
-     IMAGE_TLV_ENC_X25519,
+#ifdef EXPECTED_KEY_TLV
+     EXPECTED_KEY_TLV,
+#endif
+#ifdef EXPECTED_HASH_TLV
+     EXPECTED_HASH_TLV,
+#endif
+#ifdef EXPECTED_SIG_TLV
+     EXPECTED_SIG_TLV,
+#endif
+#ifdef EXPECTED_ENC_TLV
+     EXPECTED_ENC_TLV,
+#endif
      /* Mark end with ANY. */
      IMAGE_TLV_ANY,
 };