Commit Graph

277 Commits

Author SHA1 Message Date
David Brown 1997f539f7 sim: Remove extraneous static
According to clippy, `&'static` can just be `&` for static definitions,
which always have a static lifetime.  Clean this up in the arrays in the
code, as well as generation code in imgtool.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-11 07:25:43 -07:00
David Brown d602ed85cf sim: Update Cargo lock file
This incorporates changes both from the dependency changes in simflash,
as well as some minor changes that recent versions of Cargo make.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-26 10:13:57 -07:00
David Brown c51949d208 sim: simflash: Convert to thiserror
The thiserror crate seems to be getting more momentum in the community
than failure.  Switch to this for deriving our own error type.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-26 10:13:57 -07:00
David Brown 641af4530c boot: Support Mbed TLS ECDSA for signatures
Add Mbed TLS ECDSA signature verification as an option (in addition to
Tinycrypt and the CC310 hardware version).  Although the Mbed TLS ECDSA
verification code is both larger and slower, this will still save space
if there is another reason that the Mbed TLS code is already being
brought in for another reason (such as certificate management, for
example).

Mbed TLS's ECDSA verification works at a different level than the other
two libraries, so this takes a bit of reworking.  There are some
additional parameters passed to the various functions, and a new define
MCUBOOT_ECDSA_NEED_ASN1_SIG to indicate that the ecdsa verification
wants the original ASN1 signature, not a decoded key.

This adds the boot changes and simulator support to test this configuration.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-23 10:29:31 -07:00
Andrzej Puzdrowski f573b392ec bootutil: extracted app common library from bootutil_misc
Part of code of boot/bootutil/ is re-implemented in zephyr-rtos
repository.
As some code are defined here and there it becomes problem when
need to include it with outstanding feature in a build.
It is possible to mitigate problem using #fdefry - but this was
rather temporary hack.

This patch introduce new module which is common for MCUBoot build
and application build.
Common code were extracted to bootutil_public.c source file and
bootutil_public.h header

MCUboot also select DISABLE_MCUBOOT_BOOTUTIL_LIB_OWN_LOG Kconfig
option, as it must define log configuration on its own for all its
sourcecode.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2021-01-13 17:49:49 +01:00
Fabio Utzig 4b2e55f362 boot: bootutil: drop flash_area_read_is_empty
Removes the current `flash_area_read_is_empty` which lacked a bit of
clarity in its naming and error handling, as well as requiring an
extra API in the flash map, and switches to using an internal function
`bootutil_buffer_is_erased`.

Code that was previously using `flash_area_read_is_empty` must now be
updated to do a `flash_area_read` followed by a call to
`bootutil_buffer_is_erased` with the read buffer.

The proposal was previously discussed here:

https://github.com/zephyrproject-rtos/zephyr/pull/28519

Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-10-08 20:47:56 -03:00
Fabio Utzig 3c9d5c45ab sim: change MCUBOOT_OVERWRITE_ONLY_FAST usage
Remove `MCUBOOT_OVERWRITE_ONLY_FAST` from overwrite-only upgrades, to
make it compatible with `large-write` tests after the latest changes
to the fast overwrite code; make it default when bootstrapping.

Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-10-05 17:11:14 -03:00
Fabio Utzig 1edb788695 sim: update alignment (aka write_sz) to u16
The simulated alignment functions were returning u8 which would be
invalid for any alignment beyond 128; as a first step in the direction
of allowing larger alignments, make them u16 which should allow for up
to 2**15 aligment size.

Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-10-05 17:11:14 -03:00
Fabio Utzig d0157343dc sim: add bootstrap test
Add caps for bootstrap option and implement simple bootstrap test
for the simulator.

Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-10-05 17:11:14 -03:00
Raef Coles e8fe6cf259 boot: Harden critical path against fault attacks
Add fault attack mitigation measures to code vital for the correct
validation of images.

Change-Id: If6eb1110a8c2966faf105d07ad2e95482a80a8d9
Signed-off-by: Raef Coles <raef.coles@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
2020-10-02 07:31:11 -03:00
Blaž Hrastnik 4f4833d465 Abstracting mcuboot crypto functions for cleaner porting and less of an ifdef hell.
- The enc_context needs to initialize.

boot_enc_load seems to always be used to start the process, so calling
init inside makes sense.

- Handle boot_encrypt getting called with size of 0.

- No need to free contexts because Zephyr sets MBEDTLS_PLATFORM_NO_STD_FUNCTIONS.

I don't quite like this because it's implicit and will leak memory on
other ports.

Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
2020-09-28 09:08:44 -06:00
Blaž Hrastnik f62ea0c464 bootutil *should not* import assert.h
bootutil already handles ASSERT definition, allowing us to override it
with a custom implementation. Importing assert.h would pull in stdio.h
and a whole bunch of other stuff by TI compiler into the final
firmware.

Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
2020-09-28 09:08:44 -06:00
Fabio Utzig c659ec5c42 sim: add new device with unequal slots
This device allows testing swap move with a primary slot that is one
sector larger than the secondary slot. No scratch was defined. Overwrite
upgrade could easily be made compatible as well, but for now leave it
as a disabled caps.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-07-14 11:11:05 -03:00
David Brown 8a99adf0c5 sim: Update to aes-ctr 0.4 and fix for API changes
Upgrade to the latest aes-ctr package, and apply minor fixes due to
trait naming changes in this version.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
David Brown 886641b77a sim: Bump base64 dependency to 0.12
There are no API changes affecting us.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
David Brown 9637136727 sim: Bump pem to 0.8
Move to latest version of pem dependency.  No API changes affect us.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
David Brown 3327e99619 sim: Update env_logger to 0.7
Update to the newest version of this crate.  There are no API changes
affecting us, so this is just an update of the Cargo.toml file.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
David Brown cd842848c3 sim: Migrate main sim to rand 0.7
Adapt to the API changes that have happened in recent versions of the
rand crate.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
David Brown fd8b05eb6a sim: Upgrade to 0.7 API version of rand
There have been some revamping of the Rand API.  The Standard
distribution on floating point numbers will return a value in the
interval [0,1).

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
Fabio Utzig 2c3be5cfb4 Add test for erased secondary with leftover trailer
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-07-10 06:57:08 -03:00
Kumar Gala 00108fe973 sim: Fixup devicetree.h for changes to mcuboot
Fixup how we fake out devicetree.h, which is now really the flash map
API for what mcuboot is using.

Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-05-15 15:11:56 -06:00
David Brown a3a96fed85 sim: Add `--recursive` to submodule update
Now that mbed tls has its own submodules, add `--recursive` to the
sample invocation of submodule update.  Without this, building the
simulator produces difficult messages about `sha256.c` missing.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-05-12 08:38:46 -06:00
Fabio Utzig 3fa72ca12f sim: Add test support for x25519 encrypted images
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-04-10 17:56:14 -03:00
Fabio Utzig 3fc84bf686 keys: Add sample x25519 priv/pub keys
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-04-10 17:56:14 -03:00
Fabio Utzig feb6c4cd40 caps: Add cap for x25519 based image encryption
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-04-10 17:56:14 -03:00
David Brown a4c586421a sim: Remove padding from ecdsa signatures
With support for unpadded ecdsa signatures in place, always generate
unpadded signatures within the sim.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-03-18 09:05:21 -06:00
Fabio Utzig e60b12f9c5 sim: fix paths for mbed-cryto
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Fabio Utzig 03cce47291 sim: update dependencies
Updates a few sim dependencies, reducing the amount of crates
required for a build; also gets rid of cases of more than one
version required for some crates. Results in depending on 76
crates instead of 89 before the PR.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-14 06:19:51 -03:00
Fabio Utzig a1c142d168 Add Tinycrypt based SHA-512 for ED25519
Add option to build ed25519 with tinycrypt; enable tinycrypt based
sha-512 for ed25519 sim tests.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-04 06:09:01 -03:00
David Brown 2ee5f7f7f2 sim: Test software rollback protection
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-23 12:47:05 -07:00
David Brown e2acfaede5 sim: Add explicit copyright and licenses to the sim
Add an apache SPDX header and explicit license lines.  The date ranges
of the license lines is derived from the git history.  Having these
explicitly present will make contributions from other parties easier, as
they will simply be able to add their own copyright line, rather than
having to describe that it only covers modifications.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-22 10:11:13 -07:00
Ulf Magnusson e96b6873bd dts: Include devicetree.h instead of generated_dts_board.h
Needed for https://github.com/zephyrproject-rtos/zephyr/pull/20757, to
avoid a warning-turned-error.

Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
2020-01-16 11:41:28 +01:00
David Brown 3dc86c90cb sim: Compute TLV size from actual size
Instead of having lots of magic numbers to try and track the resulting
size of the TLV, just determine the size we end up with after encoding
it.  The only place the size is used is in the header within the TLV
itself.  Make this work by putting a placeholder in the TLV, and then
patching the value back after we know the full size.

In addition to removing a lot of magic numbers from the code, this will
make it easier to handle things that vary in size, such as X.509
certificates.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-09 11:29:40 -07:00
David Brown 2b73ed9440 sim: Always compute protected size
Instead of having a running size that we try to always match the encoded
size of, compute it a bit more dynamically.  The size is still needed
before the contents can be filled in, so this doesn't gain too much, but
will make it easier to compute the rest of the TLV size based on the
actual encoding rather than lots of magic numbers.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-09 11:29:40 -07:00
Fabio Utzig 4b4ed98310 sim: enable saving encrypted TLV for ECIES
This changes the simulator to save the encryption TLV itself instead
of the unecrypted AES-128 key when doing the ECIES encryption test,
to add proper test coverage of this configuration option.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 17:08:22 -03:00
Fabio Utzig 4626853d3e sim: fix RSA signature length macro usage
Update RSA-3072 test that was using old Zephyr macros to set size.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 16:03:55 -03:00
Fabio Utzig 66b4caac45 sim: allow generation of non-signed + encrypted EC images
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 16:03:55 -03:00
Fabio Utzig 3fbbdac56a sim: get status area size from bootutil
Add new bootutil function that returns the size of the status area.
The simulator was updated to remove the custom calculation and get
the size directly from bootutil, avoiding breakages the happen when
both are not in sync.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-20 14:57:06 -03:00
Fabio Utzig 272c5eb540 zephyr: sim: add minimized ECIES-P256 key
Remove public key from embedded private encryption key (it was already
ignored before).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-17 16:26:53 -03:00
Andrzej Puzdrowski f1d189c486 zephyr: switch to recent defines and include headers
In zephyr code-base some generic include patches
and defines had been deprecated since a while.
This condition was maintained until zephyr v2.1.0 inclusive.

Recently these deprecated items were removed completely from
the zephyr master branch. Zephyr current SHA of this patch is
e124c1cd34938f02bbe879533c6bd29b5ff53707

This patch switch mcuboot to using most recent items.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-12-12 11:54:44 +01:00
Fabio Utzig 6fa2d40d45 sim: log flash writes/reads/erases at highest level
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-10 16:04:44 -03:00
Fabio Utzig e92df93461 sim: log: add new level targetting simulator
* Adds a new level (BOOT_LOG_SIM) to be used only for messages that
  are interesting while debugging bootutil in the simulator. This should
  be used for extra verbose prints.

* Also added fflushs after fprints to guarantee that messages are printed
  even when assertions are raised.

* For abstraction completeness, add "do nothing" definitions of _LOG_SIM
  to the other ports.

* Make DEBUG the default level when building the simulator (one can
  still lower verbosity using any other value for RUST_LOG).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-10 16:04:44 -03:00
David Brown 3cabd927a7 sim: Fix ecdsa padding
For some reason, the ECDSA signature generation code attempted to adjust
the length of the ASN.1 of the actual signature.  It wasn't doing this
right, and was creating ASN.1 expecting many more entries than were
present.  The half-run parser in the tinycrypt ECDSA signature check
didn't care about this, but mbed TLS's signature check does care.

The intent of the padding was to be able to predict the size of the TLV
before writing it out.  Keep the padding for now, even though there is
no simple way of knowing how many pad bytes to remove (just removing
them will remove extra if there is a zero in the last byte of the
signature.

A future change will eliminate the padding, as it should no longer be
needed.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-12-10 07:40:47 -07:00
Fabio Utzig 114a64768b sim: add unsupported caps to device creation
Update `make_device` to return a slice of unsupported caps for a test.
This allows skipping tests in devices that are known to be non working
under some build configuration.

The device constructor was updated to return a `Result`, so that the
specific reason for skipping can be returned as a `String`.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-09 14:21:09 -03:00
Fabio Utzig f5480c74e9 bootutil: sim: add cap for swap using move
Add cap for swap using move and rename old swap upgrade cap to swap
using scratch. Update sim to allow swapping tests to also run using
move.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-09 14:21:09 -03:00
Fabio Utzig 031eb7de76 sim: add feature for swap move strategy
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-09 14:21:09 -03:00
David Brown e90b13f9a9 sim: Actually test invalid signatures
Currently, the tests that appear to be testing for invalid signatures
are actually just testing that images aren't used if the entire TLV
block is missing.  Fix this by being more subtle about our corruptions.
If there is no signature, corrupt that data being used to generate the
hash.  Otherwise, modify the data before it goes into the signature, but
generate a valid SHA256 in the TLV.  This way, we exercise the signature
itself being corrupt.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-12-09 09:54:15 -07:00
David Brown 4fae8b8743 sim: Use 16 bit writes for length fields
Previous changes have used 16-bit writes for calculated lengths, but are
using a pair of 8-bit writes for hard-coded values.  Change these to
also use 16-bit writes for consistency, and clarity.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-12-09 09:47:26 -07:00
David Brown 6972118ce3 sim: Change TLV tag from u8 to u16
Change the type of the TLV tag from an 8-bit unsigned value (followed by
8 bits of padding) to a 16-bit value.  Because we are storing the tag as
little endian, the encoding will end up the same, but this will later
allow us to add more tags.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-12-09 09:47:26 -07:00
David Brown a0cb24b84e sim: Remove some extraneous print
These were added during development to make sure conditional compilation
was working.  Now, they just cause excess messages to be printed.
Remove them.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-12-04 11:21:56 -07:00