Commit Graph

36 Commits

Author SHA1 Message Date
David Brown 8a99adf0c5 sim: Update to aes-ctr 0.4 and fix for API changes
Upgrade to the latest aes-ctr package, and apply minor fixes due to
trait naming changes in this version.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
David Brown 886641b77a sim: Bump base64 dependency to 0.12
There are no API changes affecting us.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
David Brown 9637136727 sim: Bump pem to 0.8
Move to latest version of pem dependency.  No API changes affect us.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
David Brown 3327e99619 sim: Update env_logger to 0.7
Update to the newest version of this crate.  There are no API changes
affecting us, so this is just an update of the Cargo.toml file.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
David Brown cd842848c3 sim: Migrate main sim to rand 0.7
Adapt to the API changes that have happened in recent versions of the
rand crate.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
David Brown fd8b05eb6a sim: Upgrade to 0.7 API version of rand
There have been some revamping of the Rand API.  The Standard
distribution on floating point numbers will return a value in the
interval [0,1).

Signed-off-by: David Brown <david.brown@linaro.org>
2020-07-10 11:14:15 -06:00
Fabio Utzig 03cce47291 sim: update dependencies
Updates a few sim dependencies, reducing the amount of crates
required for a build; also gets rid of cases of more than one
version required for some crates. Results in depending on 76
crates instead of 89 before the PR.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-14 06:19:51 -03:00
Fabio Utzig cbd58e3f83 sim: cargo: update dependencies
Update ring to latest (`0.16.9`) and update crates (`cargo update`).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
Fabio Utzig 8000e325f1 Remove global test thread locking
With the recent changes in bootutil, now there is no need to lock the
test threads to run sequentially, so the global lock was removed. The
locking now happens to access resources such as flash, flash params,
simulator context, etc on a per thread basis. Some of the global
variables that were used by the simulator itself (FFI) were made into a
context struct passed in to invoke_go.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-08-07 14:33:36 -03:00
David Brown 91d6863edc sim: Use byteorder for multi-byte values
Instead of manually expanding multi-byte encoding, use the byteorder
crate which has its own extension methods to do this.  This both makes
the code a bit clearer, and also makes it clear that these encodings are
specific to little endian platforms.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-08-06 11:26:09 -05:00
David Brown 1e1be9b368 Update Cargo.lock files
Recent versions of the Rust compile tool `cargo` insert a comment at the
top of `Cargo.lock` indicating that this file is auto-generated.  Commit
versions of these files with this comment in, so that users of recent
versions of Rust will not have sprious diffs everytime they compile.

Older versions of Rust will remove these lines.  However, this is less
likely to be an issue, as we now depend on at least Rust 1.31 in order
to have Rust 2018 support.  We recommend using 'rustup' to keep the Rust
install up to date.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-07-25 16:24:20 -05:00
David Brown 96eb0deb76 sim: simflash: Transition to failure
The Rust community has decided that 'failure' is the future, instead of
'error-chain'.  Migrate the flash simulator to this new error handling
package.  The changes are relatively minor, and the end result is a
similar `FlashError` type.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-04-17 11:20:21 +07:00
Fabio Utzig 05ab014e36 Update sim ecdsa testing to use ring signing
This removes the unsafe Tinycrypt bindings previously used for signing
with ECDSA, and relies on ring native support.

The ring library was updated to 0.14.1.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-18 09:44:48 -07:00
Fabio Utzig 25d7b0fa9f Update simulator dependencies
Since logging was broken due to incompatibility between log and
env_logger versions, those crates were updated to known to be compatible
versions. Update initialization of env_logger that does not return a
Result<> anymore.

Other crates were updated to remove duplicated versions as much as
possible.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-11 10:24:09 -07:00
David Brown e24244b632 sim: Update a few dependencies for Rust 2018
A few packages have updates that make them more convient to use with
Rust 2018's 'use macro'.  This is convenient as it allows control over
what macros are imported, but without these updates, these packages
require you to know the names of internal macros to import.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
Fabio Utzig 455cad5aca Move from gcc to cc crate
gcc create has become deprecated: https://crates.io/crates/gcc

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00
Fabio Utzig 1e48b914a9 Add encrypted image support on sim
This adds new cargo features to allow running tests of encrypted
images with both RSA-OAEP and AES-128-KW.

When installing images on the simulated flash, both a plain and an
encrypted images are created. When encrypted image support is enabled,
verification of images in slot1 match against the encrypted image,
otherwise plain images are used.

PS: Also fixes ImageHeader to match bootutil definition.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-10-12 13:36:13 -03:00
Fabio Utzig c354e4ac5e Update sim dependencies
This updates error-chain to remove a warning on recent rust distros.
`pem` was update to get fairly recent `error-chain` as well.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-07-10 11:11:29 -03:00
David Brown 3df2a0ea15 sim: Update some dependencies
Move to newer versions of some upstream packages, lazy_static, which is
now at 1.0 (no api change), and error-chain (0.11), which eliminates a
warning during compilation.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-04 10:36:07 -07:00
Fabio Utzig 9b0ee9034a Enable capturing asserts inside simulator
When building in simulator mode, mock assert() to call an simulator
function which will enable other code to check if some path failed.

The assert checking interface, was added to boot_go which now
returns the low-level invocation results as well as the number of
asserts triggered.

Some new added tests check for assert() and expect it to happen. To not
abort tests, assert() was changed under sim env to not call c assert()
and instead just do some internal calculation which could be checked
by the simulator after a bootloader run and assert() catching behavior
was made optional (each test choses the behavior it needs).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-21 13:36:34 -07:00
Fabio Utzig 43685c211a Enable extra crates in simflash
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-21 13:36:34 -07:00
Fabio Utzig 181e54c382 Update cargo lock
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-13 14:26:08 -07:00
Fabio Utzig 8b619bda54 Update ring+gcc crates and declare sig-ecdsa feature
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-13 14:26:08 -07:00
David Brown 353610dea2 sim: Prevent reentrancy on simulation
Lock the simulation with a mutex to prevent concurrent access.  The C
code being tested uses globals, and can only be run in one context at a
time.  The Rust test framework may run tests concurrently, so use the
mutex to prevent this.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-11-07 09:39:45 -07:00
David Brown 43cda33c5a Move key_id from header into TLV
Remove the key_id field from the image header.  There are two problems
with this field.  First, it is only an integer offset, and so causes an
unnecessarily tight coupling between the particular keys built into the
bootloader, and the key that is used to sign.  Second, it makes the
key_id part of the image header, which is included in the signature.
This makes it impossible to later sign the image with a different
signature.

Instead of the key-id, add a TLV KEYHASH entry.  This will hold the
SHA256 of the public key that the signature is against.  Each signature
placed in the TLV should be preceeded by this entry to indicate the
public key used.

The signature check will check each signature, and if the KEYHASH is
known and the signature type is supported, it will be checked.  As long
as at least one signature is considered valid, the image will be
considered signed.  This also allows the image to be signed with
multiple signatures to support having different devices with possibly
different keys compiled into the bootloaders.

Based on work by Marko Kiiskila <marko@runtime.io>

Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-06 16:16:58 -06:00
David Brown 046a0a6224 sim: Upgrade docopt dependency
The docopt package has moved from rustc-serialize to serde.  Move to
this version, upgrading the custom deserialize we use for the alignment
argument.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 19:04:18 -06:00
David Brown ccb2a1dd5e sim: Update most dependencies
Move most dependencies to the latest version at the time of this commit.
docopt is left at the current version as there is an api change in the
newer version.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 19:04:18 -06:00
David Brown 6390277f64 sim: Naive move of binding into mcuboot-sys
Create a crate `mcuboot-sys` to hold the building and binding of the
mcuboot code.  There aren't any substantive code changes here, just
moving the code into a separate crate.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 7e701d8ca3 sim: Add RSA signature verification to simulator
Using the published debug keypair, generate a signature with it, to add
to the TLV.  This verifies that signature verification works as
expected.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 1e15859951 sim: Switch to bitflags from enumflags
The bitflags crate seems to be better supported, and doesn't have the
problems getting the results back into the enum type.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 8054ce281a sim: Change to `ring` instead of `rust-crypto`
The ring crate's SHA256 is slightly slower than the one from
rust-crypto, but is much cleaner to use.  It also has all of the hashing
operations we need.

This crate is somewhat opinionated, e.g. will not sign messages without
also performing the signature itself.  Unfortunately, this means we'll
end up computing signatures of the same data many times, and perhaps
this should be improved, since we're always using the same data.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 187dd889dc sim: Validate the SHA256 verification
Instead of stubbing out the image validation code, compile it, and add
the SHA256 TLV to the buffer.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 2cbc4708e9 sim: Move simflash to be its own crate
In preparation for moving the bootutil binding into a separate crate,
move the flash simulator into its own crate.  This will allow the
binding to have access to the simulator without creating a circular
dependency.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 2784a2e2f2 sim: Update gcc dependency
Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 4440af8f59 sim: Use logging to control output
Use the Rust logging so that normal messaging isn't overwhelmed by
messages printed.  The default level is 'error' which will only print
full errors (including the failures at the end).

To run with warnings:

   RUST_LOG=warn ./target/release/bootsim ...

This will print warnings, showing the particular failures in mind.
Using 'info' instead of 'warn' will print lots of progress as it runs.
2017-01-09 12:28:10 -07:00
David Brown de7729e6ec sim: Add simulator code
'sim' is a small simulator for the bootloader's update code.  It tests
untimely powerdowns to ensure that the bootloader will recover from a
power loss or reset at any time during the boot.

Note that, as of this commit, there are some failures in the test that
need to be investigated.

Also note that this build script does not output proper dependencies for
source files outside of the simulator directory, and won't rebuild the C
files if they or headers are modified.
2017-01-09 12:28:10 -07:00