kenny/cyber.scope
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source 
Initial commit.
This commit is contained in:
kntran1
2026-03-23 14:40:39 -05:00
parent e84b2b4166
commit 4e2a5258a5
872 changed files with 165227 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bootloader/mcuboot/sim/mcuboot-sys/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
Cargo.lock

104
bootloader/mcuboot/sim/mcuboot-sys/Cargo.toml Normal file
View File

@@ -0,0 +1,104 @@
[package]
name = "mcuboot-sys"
version = "0.1.0"
authors = ["David Brown <david.brown@linaro.org>"]
description = "A simple wrapper around the mcuboot code."
build = "build.rs"
publish = false
edition = "2021"
[features]
# By default, build with simplistic signature verification.
default = []
# Verify RSA signatures. Note that at this time, the C code will not
# compile with both sig-rsa and sig-ecdsa enabled.
sig-rsa = []
# Verify RSA-3072 signatures.
sig-rsa3072 = []
# Verify ECDSA (secp256r1) signatures.
sig-ecdsa = []
# Verify ECDSA (secp256r1) signatures using mbed TLS
sig-ecdsa-mbedtls = []
# Verify ECDSA (p256 or p384) signatures using PSA Crypto API
sig-ecdsa-psa = []
# Enable P384 Curve support (instead of P256) for PSA Crypto
sig-p384 = []
# Verify ED25519 signatures.
sig-ed25519 = []
# Overwrite only upgrade
overwrite-only = []
swap-move = []
# Disable validation of the primary slot
validate-primary-slot = []
# Encrypt image in the secondary slot using RSA-OAEP-2048
enc-rsa = []
# Encrypt image in the secondary slot using AES-256-CTR and RSA-OAEP-2048
enc-aes256-rsa = []
# Encrypt image in the secondary slot using AES-KW-128
enc-kw = []
# Encrypt image in the secondary slot using AES-256-CTR and AES-KW-256
enc-aes256-kw = []
# Encrypt image in the secondary slot using ECIES-P256
enc-ec256 = []
# Encrypt image in the secondary slot using AES-256-CTR and ECIES-P256
enc-aes256-ec256 = []
# Encrypt image in the secondary slot using ECIES-P256 using Mbed TLS
enc-ec256-mbedtls = []
# Encrypt image in the secondary slot using ECIES-X25519
enc-x25519 = []
# Encrypt image in the secondary slot using AES-256-CTR and ECIES-X25519
enc-aes256-x25519 = []
# Allow bootstrapping an empty/invalid primary slot from a valid secondary slot
bootstrap = []
# Support multiple images (currently 2 instead of 1).
multiimage = []
# Support simulation of ram-loading. No swaps are performed, and the
# image is copied to RAM before loading it.
ram-load = []
# Support simulation of direct XIP. No swaps are performed, the image
# is directly executed out of whichever partition contains the most
# appropriate image.
direct-xip = []
# Check (in software) against version downgrades.
downgrade-prevention = []
# Support images with 32-byte maximum write alignment value.
max-align-32 = []
# Enable hardware rollback protection
hw-rollback-protection = []
# Enable the PSA Crypto APIs where supported for cryptography related operations.
psa-crypto-api = []
[build-dependencies]
cc = "1.0.25"
[dependencies]
libc = "0.2"
log = "0.4"
simflash = { path = "../simflash" }

532
bootloader/mcuboot/sim/mcuboot-sys/build.rs Normal file
View File

@@ -0,0 +1,532 @@
// Build mcuboot as a library, based on the requested features.
extern crate cc;
use std::collections::BTreeSet;
use std::env;
use std::fs;
use std::io;
use std::path::{Path, PathBuf};
fn main() {
// Feature flags.
let psa_crypto_api = env::var("CARGO_FEATURE_PSA_CRYPTO_API").is_ok();
let sig_rsa = env::var("CARGO_FEATURE_SIG_RSA").is_ok();
let sig_rsa3072 = env::var("CARGO_FEATURE_SIG_RSA3072").is_ok();
let sig_ecdsa = env::var("CARGO_FEATURE_SIG_ECDSA").is_ok();
let sig_ecdsa_mbedtls = env::var("CARGO_FEATURE_SIG_ECDSA_MBEDTLS").is_ok();
let sig_ecdsa_psa = env::var("CARGO_FEATURE_SIG_ECDSA_PSA").is_ok();
let sig_p384 = env::var("CARGO_FEATURE_SIG_P384").is_ok();
let sig_ed25519 = env::var("CARGO_FEATURE_SIG_ED25519").is_ok();
let overwrite_only = env::var("CARGO_FEATURE_OVERWRITE_ONLY").is_ok();
let swap_move = env::var("CARGO_FEATURE_SWAP_MOVE").is_ok();
let validate_primary_slot =
env::var("CARGO_FEATURE_VALIDATE_PRIMARY_SLOT").is_ok();
let enc_rsa = env::var("CARGO_FEATURE_ENC_RSA").is_ok();
let enc_aes256_rsa = env::var("CARGO_FEATURE_ENC_AES256_RSA").is_ok();
let enc_kw = env::var("CARGO_FEATURE_ENC_KW").is_ok();
let enc_aes256_kw = env::var("CARGO_FEATURE_ENC_AES256_KW").is_ok();
let enc_ec256 = env::var("CARGO_FEATURE_ENC_EC256").is_ok();
let enc_ec256_mbedtls = env::var("CARGO_FEATURE_ENC_EC256_MBEDTLS").is_ok();
let enc_aes256_ec256 = env::var("CARGO_FEATURE_ENC_AES256_EC256").is_ok();
let enc_x25519 = env::var("CARGO_FEATURE_ENC_X25519").is_ok();
let enc_aes256_x25519 = env::var("CARGO_FEATURE_ENC_AES256_X25519").is_ok();
let bootstrap = env::var("CARGO_FEATURE_BOOTSTRAP").is_ok();
let multiimage = env::var("CARGO_FEATURE_MULTIIMAGE").is_ok();
let downgrade_prevention = env::var("CARGO_FEATURE_DOWNGRADE_PREVENTION").is_ok();
let ram_load = env::var("CARGO_FEATURE_RAM_LOAD").is_ok();
let direct_xip = env::var("CARGO_FEATURE_DIRECT_XIP").is_ok();
let max_align_32 = env::var("CARGO_FEATURE_MAX_ALIGN_32").is_ok();
let hw_rollback_protection = env::var("CARGO_FEATURE_HW_ROLLBACK_PROTECTION").is_ok();
let mut conf = CachedBuild::new();
conf.conf.define("__BOOTSIM__", None);
conf.conf.define("MCUBOOT_HAVE_LOGGING", None);
conf.conf.define("MCUBOOT_USE_FLASH_AREA_GET_SECTORS", None);
conf.conf.define("MCUBOOT_HAVE_ASSERT_H", None);
conf.conf.define("MCUBOOT_MAX_IMG_SECTORS", Some("128"));
if max_align_32 {
conf.conf.define("MCUBOOT_BOOT_MAX_ALIGN", Some("32"));
} else {
conf.conf.define("MCUBOOT_BOOT_MAX_ALIGN", Some("8"));
}
conf.conf.define("MCUBOOT_IMAGE_NUMBER", Some(if multiimage { "2" } else { "1" }));
if downgrade_prevention && !overwrite_only {
panic!("Downgrade prevention requires overwrite only");
}
if bootstrap {
conf.conf.define("MCUBOOT_BOOTSTRAP", None);
conf.conf.define("MCUBOOT_OVERWRITE_ONLY_FAST", None);
}
if validate_primary_slot {
conf.conf.define("MCUBOOT_VALIDATE_PRIMARY_SLOT", None);
}
if downgrade_prevention {
conf.conf.define("MCUBOOT_DOWNGRADE_PREVENTION", None);
}
if ram_load {
conf.conf.define("MCUBOOT_RAM_LOAD", None);
}
if direct_xip {
conf.conf.define("MCUBOOT_DIRECT_XIP", None);
}
if hw_rollback_protection {
conf.conf.define("MCUBOOT_HW_ROLLBACK_PROT", None);
conf.file("csupport/security_cnt.c");
}
// Currently no more than one sig type can be used simultaneously.
if vec![sig_rsa, sig_rsa3072, sig_ecdsa, sig_ed25519].iter()
.fold(0, |sum, &v| sum + v as i32) > 1 {
panic!("mcuboot does not support more than one sig type at the same time");
}
if psa_crypto_api {
if sig_ecdsa || enc_ec256 || enc_x25519 ||
enc_aes256_ec256 || sig_ecdsa_mbedtls || enc_aes256_x25519 ||
enc_kw || enc_aes256_kw {
conf.file("csupport/psa_crypto_init_stub.c");
} else {
conf.conf.define("MCUBOOT_USE_PSA_CRYPTO", None);
conf.file("../../ext/mbedtls/library/aes.c");
conf.file("../../ext/mbedtls/library/aesni.c");
conf.file("../../ext/mbedtls/library/aria.c");
conf.file("../../ext/mbedtls/library/asn1write.c");
conf.file("../../ext/mbedtls/library/base64.c");
conf.file("../../ext/mbedtls/library/camellia.c");
conf.file("../../ext/mbedtls/library/ccm.c");
conf.file("../../ext/mbedtls/library/chacha20.c");
conf.file("../../ext/mbedtls/library/chachapoly.c");
conf.file("../../ext/mbedtls/library/cipher.c");
conf.file("../../ext/mbedtls/library/cipher_wrap.c");
conf.file("../../ext/mbedtls/library/ctr_drbg.c");
conf.file("../../ext/mbedtls/library/des.c");
conf.file("../../ext/mbedtls/library/ecdsa.c");
conf.file("../../ext/mbedtls/library/ecp.c");
conf.file("../../ext/mbedtls/library/ecp_curves.c");
conf.file("../../ext/mbedtls/library/entropy.c");
conf.file("../../ext/mbedtls/library/entropy_poll.c");
conf.file("../../ext/mbedtls/library/gcm.c");
conf.file("../../ext/mbedtls/library/md5.c");
conf.file("../../ext/mbedtls/library/nist_kw.c");
conf.file("../../ext/mbedtls/library/oid.c");
conf.file("../../ext/mbedtls/library/pem.c");
conf.file("../../ext/mbedtls/library/pk.c");
conf.file("../../ext/mbedtls/library/pkcs5.c");
conf.file("../../ext/mbedtls/library/pkcs12.c");
conf.file("../../ext/mbedtls/library/pkparse.c");
conf.file("../../ext/mbedtls/library/pk_wrap.c");
conf.file("../../ext/mbedtls/library/pkwrite.c");
conf.file("../../ext/mbedtls/library/poly1305.c");
conf.file("../../ext/mbedtls/library/psa_crypto.c");
conf.file("../../ext/mbedtls/library/psa_crypto_cipher.c");
conf.file("../../ext/mbedtls/library/psa_crypto_client.c");
conf.file("../../ext/mbedtls/library/psa_crypto_driver_wrappers.c");
conf.file("../../ext/mbedtls/library/psa_crypto_ecp.c");
conf.file("../../ext/mbedtls/library/psa_crypto_hash.c");
conf.file("../../ext/mbedtls/library/psa_crypto_mac.c");
conf.file("../../ext/mbedtls/library/psa_crypto_rsa.c");
conf.file("../../ext/mbedtls/library/psa_crypto_slot_management.c");
conf.file("../../ext/mbedtls/library/psa_crypto_storage.c");
conf.file("../../ext/mbedtls/library/psa_its_file.c");
conf.file("../../ext/mbedtls/library/ripemd160.c");
conf.file("../../ext/mbedtls/library/rsa_alt_helpers.c");
conf.file("../../ext/mbedtls/library/sha1.c");
conf.file("../../ext/mbedtls/library/sha512.c");
conf.file("../../ext/mbedtls/tests/src/random.c");
conf.conf.include("../../ext/mbedtls/library");
}
conf.conf.include("../../ext/mbedtls/tests/include/");
conf.file("../../ext/mbedtls/tests/src/fake_external_rng_for_test.c");
}
if sig_rsa || sig_rsa3072 {
conf.conf.define("MCUBOOT_SIGN_RSA", None);
// The Kconfig style defines must be added here as well because
// they are used internally by "config-rsa.h"
if sig_rsa {
conf.conf.define("MCUBOOT_SIGN_RSA_LEN", "2048");
conf.conf.define("CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN", "2048");
} else {
conf.conf.define("MCUBOOT_SIGN_RSA_LEN", "3072");
conf.conf.define("CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN", "3072");
}
conf.conf.define("MCUBOOT_USE_MBED_TLS", None);
conf.conf.include("../../ext/mbedtls/include");
conf.file("../../ext/mbedtls/library/sha256.c");
conf.file("csupport/keys.c");
conf.file("../../ext/mbedtls/library/rsa.c");
conf.file("../../ext/mbedtls/library/bignum.c");
conf.file("../../ext/mbedtls/library/platform.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
conf.file("../../ext/mbedtls/library/asn1parse.c");
conf.file("../../ext/mbedtls/library/md.c");
} else if sig_ecdsa {
conf.conf.define("MCUBOOT_SIGN_EC256", None);
conf.conf.define("MCUBOOT_USE_TINYCRYPT", None);
if !enc_kw {
conf.conf.include("../../ext/mbedtls/include");
}
conf.conf.include("../../ext/tinycrypt/lib/include");
conf.file("csupport/keys.c");
conf.file("../../ext/tinycrypt/lib/source/utils.c");
conf.file("../../ext/tinycrypt/lib/source/sha256.c");
conf.file("../../ext/tinycrypt/lib/source/ecc.c");
conf.file("../../ext/tinycrypt/lib/source/ecc_dsa.c");
conf.file("../../ext/tinycrypt/lib/source/ecc_platform_specific.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
conf.file("../../ext/mbedtls/library/asn1parse.c");
} else if sig_ecdsa_mbedtls {
conf.conf.define("MCUBOOT_SIGN_EC256", None);
conf.conf.define("MCUBOOT_USE_MBED_TLS", None);
conf.conf.include("../../ext/mbedtls/include");
conf.file("../../ext/mbedtls/library/sha256.c");
conf.file("csupport/keys.c");
conf.file("../../ext/mbedtls/library/asn1parse.c");
conf.file("../../ext/mbedtls/library/bignum.c");
conf.file("../../ext/mbedtls/library/ecdsa.c");
conf.file("../../ext/mbedtls/library/ecp.c");
conf.file("../../ext/mbedtls/library/ecp_curves.c");
conf.file("../../ext/mbedtls/library/platform.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
} else if sig_ecdsa_psa {
conf.conf.include("../../ext/mbedtls/include");
if sig_p384 {
conf.conf.define("MCUBOOT_SIGN_EC384", None);
conf.file("../../ext/mbedtls/library/sha512.c");
} else {
conf.conf.define("MCUBOOT_SIGN_EC256", None);
conf.file("../../ext/mbedtls/library/sha256.c");
}
conf.file("csupport/keys.c");
conf.file("../../ext/mbedtls/library/asn1parse.c");
conf.file("../../ext/mbedtls/library/bignum.c");
conf.file("../../ext/mbedtls/library/ecp.c");
conf.file("../../ext/mbedtls/library/ecp_curves.c");
conf.file("../../ext/mbedtls/library/platform.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
} else if sig_ed25519 {
conf.conf.define("MCUBOOT_SIGN_ED25519", None);
conf.conf.define("MCUBOOT_USE_TINYCRYPT", None);
conf.conf.include("../../ext/tinycrypt/lib/include");
conf.conf.include("../../ext/tinycrypt-sha512/lib/include");
conf.conf.include("../../ext/mbedtls/include");
conf.file("../../ext/tinycrypt/lib/source/sha256.c");
conf.file("../../ext/tinycrypt-sha512/lib/source/sha512.c");
conf.file("../../ext/tinycrypt/lib/source/utils.c");
conf.file("csupport/keys.c");
conf.file("../../ext/fiat/src/curve25519.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
conf.file("../../ext/mbedtls/library/asn1parse.c");
} else if !enc_ec256 && !enc_x25519 {
// No signature type, only sha256 validation. The default
// configuration file bundled with mbedTLS is sufficient.
// When using ECIES-P256 rely on Tinycrypt.
conf.conf.define("MCUBOOT_USE_MBED_TLS", None);
conf.conf.include("../../ext/mbedtls/include");
conf.file("../../ext/mbedtls/library/sha256.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
}
if overwrite_only {
conf.conf.define("MCUBOOT_OVERWRITE_ONLY", None);
}
if swap_move {
conf.conf.define("MCUBOOT_SWAP_USING_MOVE", None);
} else if !overwrite_only && !direct_xip && !ram_load {
conf.conf.define("CONFIG_BOOT_SWAP_USING_SCRATCH", None);
conf.conf.define("MCUBOOT_SWAP_USING_SCRATCH", None);
}
if enc_rsa || enc_aes256_rsa {
if enc_aes256_rsa {
conf.conf.define("MCUBOOT_AES_256", None);
}
conf.conf.define("MCUBOOT_ENCRYPT_RSA", None);
conf.conf.define("MCUBOOT_ENC_IMAGES", None);
conf.conf.define("MCUBOOT_USE_MBED_TLS", None);
conf.file("../../boot/bootutil/src/encrypted.c");
conf.file("csupport/keys.c");
conf.conf.include("../../ext/mbedtls/include");
conf.conf.include("../../ext/mbedtls/library");
conf.file("../../ext/mbedtls/library/sha256.c");
conf.file("../../ext/mbedtls/library/platform.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
conf.file("../../ext/mbedtls/library/rsa.c");
conf.file("../../ext/mbedtls/library/rsa_alt_helpers.c");
conf.file("../../ext/mbedtls/library/md.c");
conf.file("../../ext/mbedtls/library/aes.c");
conf.file("../../ext/mbedtls/library/bignum.c");
conf.file("../../ext/mbedtls/library/asn1parse.c");
}
if enc_kw || enc_aes256_kw {
if enc_aes256_kw {
conf.conf.define("MCUBOOT_AES_256", None);
}
conf.conf.define("MCUBOOT_ENCRYPT_KW", None);
conf.conf.define("MCUBOOT_ENC_IMAGES", None);
conf.file("../../boot/bootutil/src/encrypted.c");
conf.file("csupport/keys.c");
if sig_rsa || sig_rsa3072 {
conf.file("../../ext/mbedtls/library/sha256.c");
}
/* Simulator uses Mbed-TLS to wrap keys */
conf.conf.include("../../ext/mbedtls/include");
conf.file("../../ext/mbedtls/library/platform.c");
conf.conf.include("../../ext/mbedtls/library");
conf.file("../../ext/mbedtls/library/platform_util.c");
conf.file("../../ext/mbedtls/library/nist_kw.c");
conf.file("../../ext/mbedtls/library/cipher.c");
conf.file("../../ext/mbedtls/library/cipher_wrap.c");
conf.file("../../ext/mbedtls/library/aes.c");
if sig_ecdsa {
conf.conf.define("MCUBOOT_USE_TINYCRYPT", None);
conf.conf.include("../../ext/tinycrypt/lib/include");
conf.file("../../ext/tinycrypt/lib/source/utils.c");
conf.file("../../ext/tinycrypt/lib/source/sha256.c");
conf.file("../../ext/tinycrypt/lib/source/aes_encrypt.c");
conf.file("../../ext/tinycrypt/lib/source/aes_decrypt.c");
conf.file("../../ext/tinycrypt/lib/source/ctr_mode.c");
}
if sig_ed25519 {
panic!("ed25519 does not support image encryption with KW yet");
}
}
if enc_ec256 {
conf.conf.define("MCUBOOT_ENCRYPT_EC256", None);
conf.conf.define("MCUBOOT_ENC_IMAGES", None);
conf.conf.define("MCUBOOT_USE_TINYCRYPT", None);
conf.conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None);
conf.file("../../boot/bootutil/src/encrypted.c");
conf.file("csupport/keys.c");
conf.conf.include("../../ext/mbedtls/include");
conf.conf.include("../../ext/tinycrypt/lib/include");
/* FIXME: fail with other signature schemes ? */
conf.file("../../ext/tinycrypt/lib/source/utils.c");
conf.file("../../ext/tinycrypt/lib/source/sha256.c");
conf.file("../../ext/tinycrypt/lib/source/ecc.c");
conf.file("../../ext/tinycrypt/lib/source/ecc_dsa.c");
conf.file("../../ext/tinycrypt/lib/source/ecc_platform_specific.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
conf.file("../../ext/mbedtls/library/asn1parse.c");
conf.file("../../ext/tinycrypt/lib/source/aes_encrypt.c");
conf.file("../../ext/tinycrypt/lib/source/aes_decrypt.c");
conf.file("../../ext/tinycrypt/lib/source/ctr_mode.c");
conf.file("../../ext/tinycrypt/lib/source/hmac.c");
conf.file("../../ext/tinycrypt/lib/source/ecc_dh.c");
} else if enc_ec256_mbedtls || enc_aes256_ec256 {
if enc_aes256_ec256 {
conf.conf.define("MCUBOOT_AES_256", None);
}
conf.conf.define("MCUBOOT_ENCRYPT_EC256", None);
conf.conf.define("MCUBOOT_ENC_IMAGES", None);
conf.conf.define("MCUBOOT_USE_MBED_TLS", None);
conf.conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None);
conf.conf.include("../../ext/mbedtls/include");
conf.file("../../boot/bootutil/src/encrypted.c");
conf.file("../../ext/mbedtls/library/sha256.c");
conf.file("../../ext/mbedtls/library/asn1parse.c");
conf.file("../../ext/mbedtls/library/bignum.c");
conf.file("../../ext/mbedtls/library/ecdh.c");
conf.file("../../ext/mbedtls/library/md.c");
conf.file("../../ext/mbedtls/library/aes.c");
conf.file("../../ext/mbedtls/library/ecp.c");
conf.file("../../ext/mbedtls/library/ecp_curves.c");
conf.file("../../ext/mbedtls/library/platform.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
conf.file("csupport/keys.c");
}
if enc_x25519 {
conf.conf.define("MCUBOOT_ENCRYPT_X25519", None);
conf.conf.define("MCUBOOT_ENC_IMAGES", None);
conf.conf.define("MCUBOOT_USE_TINYCRYPT", None);
conf.conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None);
conf.file("../../boot/bootutil/src/encrypted.c");
conf.file("csupport/keys.c");
conf.conf.include("../../ext/mbedtls/include");
conf.conf.include("../../ext/tinycrypt/lib/include");
conf.conf.include("../../ext/tinycrypt-sha512/lib/include");
conf.file("../../ext/fiat/src/curve25519.c");
conf.file("../../ext/tinycrypt/lib/source/utils.c");
conf.file("../../ext/tinycrypt/lib/source/sha256.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
conf.file("../../ext/mbedtls/library/asn1parse.c");
conf.file("../../ext/tinycrypt/lib/source/aes_encrypt.c");
conf.file("../../ext/tinycrypt/lib/source/aes_decrypt.c");
conf.file("../../ext/tinycrypt/lib/source/ctr_mode.c");
conf.file("../../ext/tinycrypt/lib/source/hmac.c");
}
else if enc_aes256_x25519 {
conf.conf.define("MCUBOOT_AES_256", None);
conf.conf.define("MCUBOOT_ENCRYPT_X25519", None);
conf.conf.define("MCUBOOT_ENC_IMAGES", None);
conf.conf.define("MCUBOOT_USE_MBED_TLS", None);
conf.conf.define("MCUBOOT_SWAP_SAVE_ENCTLV", None);
conf.file("../../boot/bootutil/src/encrypted.c");
conf.file("csupport/keys.c");
conf.conf.include("../../ext/mbedtls/include");
conf.file("../../ext/fiat/src/curve25519.c");
conf.file("../../ext/mbedtls/library/asn1parse.c");
conf.file("../../ext/mbedtls/library/platform.c");
conf.file("../../ext/mbedtls/library/platform_util.c");
conf.file("../../ext/mbedtls/library/aes.c");
conf.file("../../ext/mbedtls/library/sha256.c");
conf.file("../../ext/mbedtls/library/md.c");
conf.file("../../ext/mbedtls/library/sha512.c");
}
if sig_rsa && enc_kw {
conf.conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa-kw.h>"));
} else if sig_rsa || sig_rsa3072 || enc_rsa || enc_aes256_rsa {
conf.conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa.h>"));
} else if sig_ecdsa_mbedtls || enc_ec256_mbedtls || enc_aes256_ec256 {
conf.conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ec.h>"));
} else if (sig_ecdsa || enc_ec256) && !enc_kw {
conf.conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
} else if sig_ed25519 || enc_x25519 {
conf.conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
} else if enc_kw || enc_aes256_kw {
conf.conf.define("MBEDTLS_CONFIG_FILE", Some("<config-kw.h>"));
} else if enc_aes256_x25519 {
conf.conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ed25519.h>"));
} else if sig_ecdsa_psa {
conf.conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ec-psa.h>"));
}
conf.file("../../boot/bootutil/src/image_validate.c");
if sig_rsa || sig_rsa3072 {
conf.file("../../boot/bootutil/src/image_rsa.c");
} else if sig_ecdsa || sig_ecdsa_mbedtls || sig_ecdsa_psa {
conf.file("../../boot/bootutil/src/image_ecdsa.c");
} else if sig_ed25519 {
conf.file("../../boot/bootutil/src/image_ed25519.c");
}
conf.file("../../boot/bootutil/src/loader.c");
conf.file("../../boot/bootutil/src/swap_misc.c");
conf.file("../../boot/bootutil/src/swap_scratch.c");
conf.file("../../boot/bootutil/src/swap_move.c");
conf.file("../../boot/bootutil/src/caps.c");
conf.file("../../boot/bootutil/src/bootutil_misc.c");
conf.file("../../boot/bootutil/src/bootutil_public.c");
conf.file("../../boot/bootutil/src/tlv.c");
conf.file("../../boot/bootutil/src/fault_injection_hardening.c");
conf.file("csupport/run.c");
conf.conf.include("../../boot/bootutil/include");
conf.conf.include("csupport");
conf.conf.debug(true);
conf.conf.flag("-Wall");
conf.conf.flag("-Werror");
// FIXME: travis-ci still uses gcc 4.8.4 which defaults to std=gnu90.
// It has incomplete std=c11 and std=c99 support but std=c99 was checked
// to build correctly so leaving it here to updated in the future...
conf.conf.flag("-std=c99");
conf.conf.compile("libbootutil.a");
walk_dir("../../boot").unwrap();
walk_dir("../../ext/tinycrypt/lib/source").unwrap();
walk_dir("../../ext/mbedtls-asn1").unwrap();
walk_dir("csupport").unwrap();
walk_dir("../../ext/mbedtls/include").unwrap();
walk_dir("../../ext/mbedtls/library").unwrap();
}
// Output the names of all files within a directory so that Cargo knows when to rebuild.
fn walk_dir<P: AsRef<Path>>(path: P) -> io::Result<()> {
for ent in fs::read_dir(path.as_ref())? {
let ent = ent?;
let p = ent.path();
if p.is_dir() {
walk_dir(p)?;
} else {
// Note that non-utf8 names will fail.
let name = p.to_str().unwrap();
if name.ends_with(".c") || name.ends_with(".h") {
println!("cargo:rerun-if-changed={}", name);
}
}
}
Ok(())
}
/// Wrap the cc::Build type so that we can make sure that files are only added a single time.
/// Other methods can be passed through as needed.
struct CachedBuild {
conf: cc::Build,
seen: BTreeSet<PathBuf>,
}
impl CachedBuild {
fn new() -> CachedBuild {
CachedBuild {
conf: cc::Build::new(),
seen: BTreeSet::new(),
}
}
/// Works like `file` in the Build, but doesn't add a file if the same path has already been
/// given.
fn file<P: AsRef<Path>>(&mut self, p: P) -> &mut CachedBuild {
let p = p.as_ref();
if !self.seen.contains(p) {
self.conf.file(p);
self.seen.insert(p.to_owned());
}
self
}
}

26
bootloader/mcuboot/sim/mcuboot-sys/csupport/bootsim.h Normal file
View File

@@ -0,0 +1,26 @@
// SPDX-License-Identifier: Apache-2.0
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#ifndef H_BOOTSIM_
#define H_BOOTSIM_
#include "mcuboot_config/mcuboot_assert.h"
#endif

47
bootloader/mcuboot/sim/mcuboot-sys/csupport/config-add-psa-crypto.h Normal file
View File

@@ -0,0 +1,47 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023 Arm Limited
*/
#ifndef MCUBOOT_MBEDTLS_CONFIG_ADD_PSA_CRYPTO_H
#define MCUBOOT_MBEDTLS_CONFIG_ADD_PSA_CRYPTO_H
#include "mbedtls/build_info.h"
/* Enable PSA Crypto Core without support for the permanent storage
* Don't define MBEDTLS_PSA_CRYPTO_STORAGE_C to make sure that support
* for permanent keys is not enabled, as it is not usually required during boot
*/
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
#if defined(MCUBOOT_ENCRYPT_RSA) || defined(MCUBOOT_SIGN_RSA)
#define MBEDTLS_PK_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_WRITE_C
#endif /* MCUBOOT_ENCRYPT_RSA || MCUBOOT_SIGN_RSA */
#if defined(MCUBOOT_ENCRYPT_EC256) || defined(MCUBOOT_ENCRYPT_X25519)
#define MBEDTLS_PLATFORM_FREE_MACRO free
#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc
#endif /* MCUBOOT_ENCRYPT_EC256 || MCUBOOT_ENCRYPT_X25519 */
#if !defined(MCUBOOT_ENCRYPT_X25519)
#define MBEDTLS_PSA_BUILTIN_CIPHER 1
#endif /* MCUBOOT_ENCRYPT_X25519 */
#if defined(MCUBOOT_ENCRYPT_KW)
#define MBEDTLS_PSA_CRYPTO_CONFIG
#define MBEDTLS_POLY1305_C
#endif /* MCUBOOT_ENCRYPT_KW */
#if MBEDTLS_VERSION_NUMBER == 0x03000000
/* This PSA define is available only with more recent versions of 3.x */
#define PSA_KEY_ID_NULL ((psa_key_id_t)0) // not overly happy with this being here
#endif /* MBEDTLS_VERSION_NUMBER == 0x03000000 */
#endif /* MCUBOOT_MBEDTLS_CONFIG_ADD_PSA_CRYPTO_H */

44
bootloader/mcuboot/sim/mcuboot-sys/csupport/config-asn1.h Normal file
View File

@@ -0,0 +1,44 @@
/*
* Configuration of mbedTLS containing only the ASN.1 parser.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Copyright (C) 2016, Linaro Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* Minimal configuration for using TLS in the bootloader
*
* - RSA or ECDSA signature verification
*/
#ifndef MBEDTLS_CONFIG_ASN1_H
#define MBEDTLS_CONFIG_ASN1_H
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
/* mbed TLS modules */
#define MBEDTLS_ASN1_PARSE_C
// #define MBEDTLS_ASN1_WRITE_C
// #define MBEDTLS_BIGNUM_C
// #define MBEDTLS_MD_C
// #define MBEDTLS_OID_C
// #define MBEDTLS_SHA256_C
#endif /* MBEDTLS_CONFIG_ASN1_H */

35
bootloader/mcuboot/sim/mcuboot-sys/csupport/config-ec-psa.h Normal file
View File

@@ -0,0 +1,35 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023 Arm Limited
*/
#ifndef MCUBOOT_PSA_CRYPTO_CONFIG_ECDSA
#define MCUBOOT_PSA_CRYPTO_CONFIG_ECDSA
#if defined(MCUBOOT_USE_PSA_CRYPTO)
#include "config-add-psa-crypto.h"
#endif
#define MBEDTLS_ECP_C
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_ECDSA_C
/* mbed TLS modules */
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_AES_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#if defined(MCUBOOT_SIGN_EC384)
#define MBEDTLS_SHA384_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#else
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#endif /* MCUBOOT_SIGN_EC384 */
#endif /* MCUBOOT_PSA_CRYPTO_CONFIG_ECDSA */

95
bootloader/mcuboot/sim/mcuboot-sys/csupport/config-ec.h Normal file
View File

@@ -0,0 +1,95 @@
/*
* Minimal configuration for using TLS in the bootloader
*
* Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* Copyright (C) 2016, Linaro Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* Minimal configuration for using TLS in the bootloader
*
* - RSA or ECDSA signature verification
*/
#ifndef MCUBOOT_MBEDTLS_CONFIG_ECDSA
#define MCUBOOT_MBEDTLS_CONFIG_ECDSA
#ifdef CONFIG_MCUBOOT_SERIAL
/* Mcuboot uses mbedts-base64 for serial protocol encoding. */
#define MBEDTLS_BASE64_C
#endif
/* System support */
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/* STD functions */
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
#define MBEDTLS_PLATFORM_EXIT_ALT
#define MBEDTLS_PLATFORM_PRINTF_ALT
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
#if !defined(CONFIG_ARM)
#define MBEDTLS_HAVE_ASM
#endif
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECDH_C
/* mbed TLS modules */
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_AES_C
/* Bring in support for x509. */
#define MBEDTLS_X509_USE_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_X509_CRT_PARSE_C
/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_ECP_MAX_BITS 256
#define MBEDTLS_MPI_MAX_SIZE 32
#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
/* If encryption is being used, also enable the features needed for
* that. */
#if defined(MCUBOOT_ENC_IMAGES)
#define MBEDTLS_CIPHER_MODE_CTR
#define MBEDTLS_CIPHER_C
#define MBEDTLS_NIST_KW_C
#endif /* MCUBOOT_ENC_IMAGES */
#endif /* MCUBOOT_MBEDTLS_CONFIG_ECDSA */

77
bootloader/mcuboot/sim/mcuboot-sys/csupport/config-ed25519.h Normal file
View File

@@ -0,0 +1,77 @@
/*
* Configuration of mbedTLS containing only the ASN.1 parser.
*
* Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* Copyright (C) 2016, Linaro Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* Minimal configuration for using TLS in the bootloader
*
* - ed25519 signature verification
*/
#ifndef MCUBOOT_MBEDTLS_CONFIG_ED25519
#define MCUBOOT_MBEDTLS_CONFIG_ED25519
#ifdef CONFIG_MCUBOOT_SERIAL
/* Mcuboot uses mbedts-base64 for serial protocol encoding. */
#define MBEDTLS_BASE64_C
#endif
/* System support */
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/* STD functions */
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
#define MBEDTLS_PLATFORM_EXIT_ALT
#define MBEDTLS_PLATFORM_PRINTF_ALT
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
#if !defined(CONFIG_ARM)
#define MBEDTLS_HAVE_ASM
#endif
#define MBEDTLS_CIPHER_MODE_CTR
/* mbed TLS modules */
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_AES_C
/* Save RAM by adjusting to our exact needs */
//#define MBEDTLS_ECP_MAX_BITS 2048
#define MBEDTLS_MPI_MAX_SIZE 64
//#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
#endif /* MCUBOOT_MBEDTLS_CONFIG_RSA */

65
bootloader/mcuboot/sim/mcuboot-sys/csupport/config-kw.h Normal file
View File

@@ -0,0 +1,65 @@
/*
* Minimal configuration for using TLS in the bootloader
*
* Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* Copyright (C) 2016, Linaro Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* Minimal configuration for using TLS in the bootloader
*
* - RSA or ECDSA signature verification
*/
#ifndef MCUBOOT_MBEDTLS_CONFIG_KW
#define MCUBOOT_MBEDTLS_CONFIG_KW
#ifdef CONFIG_MCUBOOT_SERIAL
/* Mcuboot uses mbedts-base64 for serial protocol encoding. */
#define MBEDTLS_BASE64_C
#endif
/* System support */
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/* STD functions */
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
#define MBEDTLS_PLATFORM_EXIT_ALT
#define MBEDTLS_PLATFORM_PRINTF_ALT
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
#define MBEDTLS_ASN1_PARSE_C
#if !defined(CONFIG_ARM)
#define MBEDTLS_HAVE_ASM
#endif
#define MBEDTLS_CIPHER_MODE_CTR
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_AES_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_NIST_KW_C
#endif /* MCUBOOT_MBEDTLS_CONFIG_KW */

84
bootloader/mcuboot/sim/mcuboot-sys/csupport/config-rsa-kw.h Normal file
View File

@@ -0,0 +1,84 @@
/*
* Minimal configuration for using TLS in the bootloader
*
* Copyright (C) 2006-2023, ARM Limited, All Rights Reserved
* Copyright (C) 2016, Linaro Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* Minimal configuration for using TLS in the bootloader
*
* - RSA signature verification + NIST Keywrapping support
*/
#ifndef MCUBOOT_MBEDTLS_CONFIG_RSA_KW
#define MCUBOOT_MBEDTLS_CONFIG_RSA_KW
#if defined(MCUBOOT_USE_PSA_CRYPTO)
#include "config-add-psa-crypto.h"
#endif /* defined(MCUBOOT_USE_PSA_CRYPTO) */
#ifdef CONFIG_MCUBOOT_SERIAL
/* Mcuboot uses mbedts-base64 for serial protocol encoding. */
#define MBEDTLS_BASE64_C
#endif
/* System support */
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/* STD functions */
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
#define MBEDTLS_PLATFORM_EXIT_ALT
#define MBEDTLS_PLATFORM_PRINTF_ALT
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
#if !defined(CONFIG_ARM)
#define MBEDTLS_HAVE_ASM
#endif
#define MBEDTLS_RSA_C
#define MBEDTLS_PKCS1_V21
#define MBEDTLS_CIPHER_MODE_CTR
/* mbed TLS modules */
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_AES_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_NIST_KW_C
/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_ECP_MAX_BITS 2048
#define MBEDTLS_MPI_MAX_SIZE 256
#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
#endif /* MCUBOOT_MBEDTLS_CONFIG_RSA_KW */

85
bootloader/mcuboot/sim/mcuboot-sys/csupport/config-rsa.h Normal file
View File

@@ -0,0 +1,85 @@
/*
* Minimal configuration for using TLS in the bootloader
*
* Copyright (C) 2006-2023, ARM Limited, All Rights Reserved
* Copyright (C) 2016, Linaro Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
/*
* Minimal configuration for using TLS in the bootloader
*
* - RSA or ECDSA signature verification
*/
#ifndef MCUBOOT_MBEDTLS_CONFIG_RSA
#define MCUBOOT_MBEDTLS_CONFIG_RSA
#if defined(MCUBOOT_USE_PSA_CRYPTO)
#include "config-add-psa-crypto.h"
#endif
#ifdef CONFIG_MCUBOOT_SERIAL
/* Mcuboot uses mbedts-base64 for serial protocol encoding. */
#define MBEDTLS_BASE64_C
#endif
/* System support */
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/* STD functions */
#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
#define MBEDTLS_PLATFORM_EXIT_ALT
#define MBEDTLS_PLATFORM_PRINTF_ALT
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
#if !defined(CONFIG_ARM)
#define MBEDTLS_HAVE_ASM
#endif
#define MBEDTLS_RSA_C
#define MBEDTLS_PKCS1_V21
#define MBEDTLS_CIPHER_MODE_CTR
/* mbed TLS modules */
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_AES_C
#if (CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN == 3072)
#define MBEDTLS_MPI_MAX_SIZE 384
#else
#define MBEDTLS_MPI_MAX_SIZE 256
#endif
#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
#endif /* MCUBOOT_MBEDTLS_CONFIG_RSA */

20
bootloader/mcuboot/sim/mcuboot-sys/csupport/devicetree.h Normal file
View File

@@ -0,0 +1,20 @@
/*
* Copyright (c) 2019 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
/* This file mocks zephyr's flash map / DT macro */
#ifndef __DEVICETREE_H__
#define __DEVICETREE_H__
#define FLASH_AREA_ID(x) FLASH_AREA_ID_##x
#define FLASH_AREA_ID_image_0 1
#define FLASH_AREA_ID_image_1 2
#define FLASH_AREA_ID_image_scratch 3
#define FLASH_AREA_ID_image_2 4
#define FLASH_AREA_ID_image_3 5
#endif /*__DEVICETREE_H__*/

38
bootloader/mcuboot/sim/mcuboot-sys/csupport/flash_map_backend/flash_map_backend.h Normal file
View File

@@ -0,0 +1,38 @@
#ifndef __FLASH_MAP_BACKEND_H__
#define __FLASH_MAP_BACKEND_H__
#include <storage/flash_map.h>
static inline uint32_t flash_area_get_off(const struct flash_area *fa)
{
return (uint32_t)fa->fa_off;
}
static inline uint32_t flash_area_get_size(const struct flash_area *fa)
{
return (uint32_t)fa->fa_size;
}
static inline uint32_t flash_sector_get_off(const struct flash_sector *fs)
{
return fs->fs_off;
}
static inline uint32_t flash_sector_get_size(const struct flash_sector *fs)
{
return fs->fs_size;
}
#define FLASH_DEVICE_ID 0
static inline uint8_t flash_area_get_device_id(const struct flash_area *fa)
{
return fa->fa_device_id;
}
static inline uint8_t flash_area_get_id(const struct flash_area *fa)
{
return fa->fa_id;
}
#endif /* __FLASH_MAP_BACKEND_H__*/

330
bootloader/mcuboot/sim/mcuboot-sys/csupport/keys.c Normal file
View File

@@ -0,0 +1,330 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include <bootutil/sign_key.h>
#include <mcuboot_config/mcuboot_config.h>
#if defined(MCUBOOT_SIGN_RSA)
#if MCUBOOT_SIGN_RSA_LEN == 2048
#define HAVE_KEYS
const unsigned char root_pub_der[] = {
0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd1, 0x06, 0x08,
0x1a, 0x18, 0x44, 0x2c, 0x18, 0xe8, 0xfb, 0xfd, 0xf7, 0x0d, 0xa3, 0x4f,
0x1f, 0xbb, 0xee, 0x5e, 0xf9, 0xaa, 0xd2, 0x4b, 0x18, 0xd3, 0x5a, 0xe9,
0x6d, 0x18, 0x80, 0x19, 0xf9, 0xf0, 0x9c, 0x34, 0x1b, 0xcb, 0xf3, 0xbc,
0x74, 0xdb, 0x42, 0xe7, 0x8c, 0x7f, 0x10, 0x53, 0x7e, 0x43, 0x5e, 0x0d,
0x57, 0x2c, 0x44, 0xd1, 0x67, 0x08, 0x0f, 0x0d, 0xbb, 0x5c, 0xee, 0xec,
0xb3, 0x99, 0xdf, 0xe0, 0x4d, 0x84, 0x0b, 0xaa, 0x77, 0x41, 0x60, 0xed,
0x15, 0x28, 0x49, 0xa7, 0x01, 0xb4, 0x3c, 0x10, 0xe6, 0x69, 0x8c, 0x2f,
0x5f, 0xac, 0x41, 0x4d, 0x9e, 0x5c, 0x14, 0xdf, 0xf2, 0xf8, 0xcf, 0x3d,
0x1e, 0x6f, 0xe7, 0x5b, 0xba, 0xb4, 0xa9, 0xc8, 0x88, 0x7e, 0x47, 0x3c,
0x94, 0xc3, 0x77, 0x67, 0x54, 0x4b, 0xaa, 0x8d, 0x38, 0x35, 0xca, 0x62,
0x61, 0x7e, 0xb7, 0xe1, 0x15, 0xdb, 0x77, 0x73, 0xd4, 0xbe, 0x7b, 0x72,
0x21, 0x89, 0x69, 0x24, 0xfb, 0xf8, 0x65, 0x6e, 0x64, 0x3e, 0xc8, 0x0e,
0xd7, 0x85, 0xd5, 0x5c, 0x4a, 0xe4, 0x53, 0x0d, 0x2f, 0xff, 0xb7, 0xfd,
0xf3, 0x13, 0x39, 0x83, 0x3f, 0xa3, 0xae, 0xd2, 0x0f, 0xa7, 0x6a, 0x9d,
0xf9, 0xfe, 0xb8, 0xce, 0xfa, 0x2a, 0xbe, 0xaf, 0xb8, 0xe0, 0xfa, 0x82,
0x37, 0x54, 0xf4, 0x3e, 0xe1, 0x2b, 0xd0, 0xd3, 0x08, 0x58, 0x18, 0xf6,
0x5e, 0x4c, 0xc8, 0x88, 0x81, 0x31, 0xad, 0x5f, 0xb0, 0x82, 0x17, 0xf2,
0x8a, 0x69, 0x27, 0x23, 0xf3, 0xab, 0x87, 0x3e, 0x93, 0x1a, 0x1d, 0xfe,
0xe8, 0xf8, 0x1a, 0x24, 0x66, 0x59, 0xf8, 0x1c, 0xab, 0xdc, 0xce, 0x68,
0x1b, 0x66, 0x64, 0x35, 0xec, 0xfa, 0x0d, 0x11, 0x9d, 0xaf, 0x5c, 0x3a,
0xa7, 0xd1, 0x67, 0xc6, 0x47, 0xef, 0xb1, 0x4b, 0x2c, 0x62, 0xe1, 0xd1,
0xc9, 0x02, 0x03, 0x01, 0x00, 0x01
};
const unsigned int root_pub_der_len = 270;
#elif MCUBOOT_SIGN_RSA_LEN == 3072
#define HAVE_KEYS
const unsigned char root_pub_der[] = {
0x30, 0x82, 0x01, 0x8a, 0x02, 0x82, 0x01, 0x81,
0x00, 0xb4, 0x2c, 0x0e, 0x98, 0x58, 0x10, 0xa4,
0xa7, 0x58, 0x99, 0x7c, 0x01, 0xdd, 0x08, 0x2a,
0x28, 0x34, 0x33, 0xf8, 0x96, 0x1a, 0x34, 0x20,
0x5d, 0x45, 0xc8, 0x71, 0x26, 0x25, 0xe5, 0xd2,
0x96, 0xea, 0x7b, 0xb1, 0x15, 0xaa, 0xa6, 0x8a,
0x63, 0x22, 0x8b, 0x2d, 0x4e, 0x81, 0x73, 0xbf,
0x6e, 0x15, 0x68, 0x8c, 0x1a, 0xf4, 0xef, 0x2a,
0x8f, 0x8c, 0x22, 0x9e, 0x71, 0x57, 0x4b, 0xde,
0x0f, 0x7e, 0x72, 0xd3, 0x7a, 0xb8, 0xa7, 0x1d,
0x44, 0xad, 0x87, 0x00, 0x83, 0x5c, 0xfd, 0x73,
0x05, 0x72, 0x46, 0x3f, 0x8b, 0xf9, 0x10, 0x00,
0xd8, 0x6e, 0xcc, 0x85, 0xed, 0xf9, 0x49, 0xdb,
0x78, 0x36, 0x80, 0x49, 0x38, 0x76, 0xdd, 0x5f,
0x54, 0x04, 0xda, 0x8c, 0x34, 0xa7, 0x2b, 0x13,
0x25, 0x6f, 0xd1, 0x15, 0x4f, 0xad, 0xc2, 0xe1,
0xa5, 0xd2, 0x4e, 0x57, 0x0c, 0x7e, 0x9c, 0x9b,
0xba, 0x4e, 0x68, 0xb2, 0xe0, 0x25, 0x02, 0xaa,
0x00, 0xd3, 0xb4, 0xcc, 0x2f, 0x78, 0xe5, 0xbe,
0x47, 0x67, 0x1f, 0xc8, 0x6e, 0x22, 0x6c, 0x5e,
0x61, 0xb6, 0x9a, 0xcd, 0xe5, 0xa8, 0xba, 0x7a,
0x80, 0x13, 0x1b, 0x17, 0x2e, 0x96, 0xed, 0xcf,
0xb3, 0x9b, 0xe4, 0x1c, 0xe8, 0xad, 0xa7, 0xf6,
0x3a, 0x51, 0x66, 0x5e, 0x99, 0x8e, 0x87, 0xee,
0x60, 0x25, 0xf8, 0x8d, 0xbe, 0xce, 0xa4, 0xa8,
0xca, 0x93, 0x6c, 0xd7, 0xbf, 0xd4, 0x73, 0x33,
0x8d, 0x44, 0x85, 0xcc, 0x73, 0x30, 0x08, 0x9c,
0x4d, 0xb2, 0xaa, 0x5a, 0x6c, 0x6f, 0x7b, 0xab,
0xb7, 0xb3, 0x7c, 0xc3, 0xfb, 0xe7, 0xca, 0xc4,
0xf8, 0x9a, 0x6f, 0xcb, 0xbb, 0x5b, 0x82, 0xe7,
0x7a, 0xe8, 0x19, 0xfd, 0x2f, 0x11, 0x22, 0xfb,
0x7f, 0x76, 0x8c, 0x6b, 0x94, 0xa4, 0x09, 0x4f,
0xa5, 0x6a, 0x77, 0x51, 0xeb, 0xa7, 0x7e, 0xda,
0x87, 0x06, 0xee, 0xdc, 0xbe, 0xd1, 0xea, 0x1a,
0x40, 0x1d, 0x1b, 0xff, 0x1a, 0xb1, 0x51, 0x7c,
0x12, 0xb0, 0xf3, 0xf6, 0x83, 0x01, 0x9c, 0xe7,
0x0c, 0x99, 0xbf, 0xac, 0x68, 0x58, 0x72, 0xa4,
0xb0, 0x59, 0x85, 0xee, 0x85, 0xac, 0x2a, 0x22,
0xf4, 0xcf, 0x15, 0x08, 0x80, 0x1f, 0x0d, 0xd0,
0x1e, 0xa0, 0xa0, 0x94, 0xc8, 0xf7, 0xfa, 0x65,
0xdd, 0x52, 0xe8, 0x96, 0x37, 0x23, 0x30, 0x57,
0x36, 0xe6, 0x9d, 0xf4, 0x0c, 0x4a, 0x05, 0x75,
0x1f, 0xad, 0x01, 0xca, 0xb7, 0x6d, 0x8c, 0x43,
0x74, 0x06, 0x0a, 0x81, 0xf3, 0x01, 0x62, 0xff,
0xf7, 0xf5, 0x5f, 0xaf, 0xe7, 0x2b, 0x0e, 0xf8,
0x81, 0xb5, 0x65, 0xdd, 0x01, 0xd9, 0x9f, 0x07,
0x17, 0x8a, 0x18, 0xcf, 0x23, 0x6e, 0x88, 0x65,
0x91, 0xb5, 0x7b, 0xd3, 0xb0, 0x2d, 0xaf, 0x93,
0x66, 0x63, 0x74, 0xac, 0x5a, 0xe6, 0x73, 0xde,
0x3b, 0x02, 0x03, 0x01, 0x00, 0x01,
};
const unsigned int root_pub_der_len = 398;
#endif
#elif defined(MCUBOOT_SIGN_EC256) || \
defined(MCUBOOT_SIGN_EC384)
#define HAVE_KEYS
#ifndef MCUBOOT_SIGN_EC384
const unsigned char root_pub_der[] = {
0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
0x42, 0x00, 0x04, 0x2a, 0xcb, 0x40, 0x3c, 0xe8,
0xfe, 0xed, 0x5b, 0xa4, 0x49, 0x95, 0xa1, 0xa9,
0x1d, 0xae, 0xe8, 0xdb, 0xbe, 0x19, 0x37, 0xcd,
0x14, 0xfb, 0x2f, 0x24, 0x57, 0x37, 0xe5, 0x95,
0x39, 0x88, 0xd9, 0x94, 0xb9, 0xd6, 0x5a, 0xeb,
0xd7, 0xcd, 0xd5, 0x30, 0x8a, 0xd6, 0xfe, 0x48,
0xb2, 0x4a, 0x6a, 0x81, 0x0e, 0xe5, 0xf0, 0x7d,
0x8b, 0x68, 0x34, 0xcc, 0x3a, 0x6a, 0xfc, 0x53,
0x8e, 0xfa, 0xc1, };
const unsigned int root_pub_der_len = 91;
#else /* MCUBOOT_SIGN_EC384 */
const unsigned char root_pub_der[] = {
0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b,
0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04,
0x0c, 0x76, 0xca, 0xae, 0x72, 0x3a, 0xa5, 0xe8,
0xf0, 0xd4, 0xf1, 0x16, 0xb5, 0x02, 0xef, 0x77,
0xa1, 0x1b, 0x93, 0x61, 0x78, 0xc0, 0x09, 0x26,
0x7b, 0x3b, 0x40, 0x9c, 0xee, 0x49, 0x85, 0xe0,
0xc9, 0x4f, 0xe7, 0xf2, 0xba, 0x97, 0x6c, 0xf3,
0x82, 0x65, 0x14, 0x2c, 0xf5, 0x0c, 0x73, 0x33,
0x4d, 0x32, 0xe7, 0x9b, 0xd3, 0x42, 0xcc, 0x95,
0x5a, 0xe5, 0xe2, 0xf5, 0xf4, 0x6e, 0x45, 0xe0,
0xed, 0x20, 0x35, 0x5c, 0xaf, 0x52, 0x35, 0x81,
0xd4, 0xdc, 0x9c, 0xe3, 0x9e, 0x22, 0x3e, 0xfb,
0x3f, 0x22, 0x10, 0xda, 0x70, 0x03, 0x37, 0xad,
0xa8, 0xf2, 0x48, 0xfe, 0x3a, 0x60, 0x69, 0xa5,
};
const unsigned int root_pub_der_len = 120;
#endif /* MCUBOOT_SIGN_EC384 */
#elif defined(MCUBOOT_SIGN_ED25519)
#define HAVE_KEYS
const unsigned char root_pub_der[] = {
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x70, 0x03, 0x21, 0x00, 0xd4, 0xb3, 0x1b, 0xa4,
0x9a, 0x3a, 0xdd, 0x3f, 0x82, 0x5d, 0x10, 0xca,
0x7f, 0x31, 0xb5, 0x0b, 0x0d, 0xe8, 0x7f, 0x37,
0xcc, 0xc4, 0x9f, 0x1a, 0x40, 0x3a, 0x5c, 0x13,
0x20, 0xff, 0xb4, 0xe0,
};
const unsigned int root_pub_der_len = 44;
#endif
#if defined(HAVE_KEYS)
const struct bootutil_key bootutil_keys[] = {
{
.key = root_pub_der,
.len = &root_pub_der_len,
},
};
const int bootutil_key_cnt = 1;
#endif
#if defined(MCUBOOT_ENCRYPT_RSA)
unsigned char enc_key[] = {
0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
0xb4, 0x26, 0x14, 0x49, 0x3d, 0x16, 0x13, 0x3a, 0x6d, 0x9c, 0x84, 0xa9,
0x8b, 0x6a, 0x10, 0x20, 0x61, 0xef, 0x48, 0x04, 0xa4, 0x4b, 0x24, 0xf3,
0x00, 0x32, 0xac, 0x22, 0xe0, 0x30, 0x27, 0x70, 0x18, 0xe5, 0x55, 0xc8,
0xb8, 0x05, 0x34, 0x03, 0xb0, 0xf8, 0xa5, 0x96, 0xd2, 0x48, 0x58, 0xef,
0x70, 0xb0, 0x09, 0xdb, 0xe3, 0x58, 0x62, 0xef, 0x99, 0x63, 0x01, 0xb2,
0x89, 0xc4, 0xb3, 0xf6, 0x9e, 0x62, 0xbf, 0x4d, 0xc2, 0x8a, 0xd0, 0xc9,
0x4d, 0x43, 0xa3, 0xd8, 0xe5, 0x1d, 0xec, 0x62, 0x63, 0x08, 0xe2, 0x20,
0xa5, 0xfc, 0x78, 0xd0, 0x3e, 0x74, 0xc8, 0xa4, 0x1b, 0x36, 0xad, 0x7b,
0xf5, 0x06, 0xae, 0x4d, 0x51, 0x9b, 0x40, 0xce, 0x30, 0x4f, 0x6c, 0xea,
0xf9, 0xe9, 0x74, 0xea, 0x06, 0xee, 0x9c, 0xe4, 0x14, 0x68, 0x20, 0xb9,
0x3d, 0xe7, 0x11, 0x14, 0x8b, 0x25, 0xa3, 0xff, 0x4c, 0x8a, 0xf3, 0x53,
0xee, 0x6b, 0x3e, 0xef, 0x34, 0xcd, 0x6a, 0x3f, 0x62, 0x68, 0xc0, 0xff,
0x78, 0x4c, 0xb0, 0xc3, 0xe6, 0x96, 0x61, 0xfc, 0x1f, 0x18, 0xf1, 0x7a,
0x82, 0xe2, 0x8f, 0x35, 0xa8, 0x2b, 0x86, 0x16, 0xa4, 0x46, 0xfb, 0xac,
0x7e, 0x41, 0xdb, 0x02, 0x05, 0x91, 0x6d, 0xdf, 0xc1, 0xde, 0x13, 0x95,
0x9c, 0xf9, 0x9e, 0x5e, 0x72, 0xba, 0xa7, 0x25, 0x93, 0xfb, 0xdc, 0xe8,
0xab, 0x86, 0x45, 0x88, 0x47, 0x2d, 0xed, 0xee, 0xee, 0x97, 0x9e, 0xce,
0x5d, 0x9b, 0x04, 0x04, 0x40, 0x7c, 0xcb, 0x7c, 0x3d, 0x2c, 0x74, 0xab,
0xa4, 0xcc, 0x64, 0xa3, 0x5c, 0x95, 0x3d, 0xd4, 0xa2, 0xdc, 0x92, 0xb2,
0xc8, 0x18, 0xcb, 0xf9, 0x00, 0x39, 0x81, 0x8f, 0x8f, 0x40, 0xc2, 0xdf,
0x99, 0x29, 0xac, 0x8a, 0xc2, 0x3b, 0xd8, 0xa4, 0xf2, 0xad, 0xaf, 0x74,
0xc0, 0x11, 0xc7, 0x99, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
0x00, 0x42, 0x47, 0x80, 0x4f, 0x31, 0xda, 0x5d, 0x58, 0xb1, 0xdb, 0x54,
0x33, 0xcc, 0xc7, 0x49, 0x07, 0xa1, 0x00, 0x98, 0x4e, 0x9c, 0xe3, 0xc8,
0xc4, 0x5e, 0xde, 0x45, 0xd6, 0xcf, 0x04, 0xe8, 0x7d, 0xa5, 0xab, 0x3a,
0xd4, 0x8e, 0x5f, 0xdb, 0xb3, 0x3f, 0xf9, 0x3b, 0x73, 0x32, 0x0a, 0xcc,
0x2d, 0xcc, 0x17, 0xf8, 0x88, 0x9e, 0x2c, 0x76, 0xba, 0x10, 0x85, 0x0c,
0xaa, 0xd3, 0x65, 0x3b, 0x91, 0x10, 0xd4, 0xe3, 0xed, 0x88, 0x15, 0xea,
0x9b, 0x25, 0x82, 0x2d, 0x56, 0x2f, 0x75, 0xc2, 0xf2, 0xaf, 0xdd, 0x24,
0xd5, 0x3e, 0x3c, 0x95, 0x76, 0x88, 0x84, 0x0f, 0x0d, 0xd1, 0xb5, 0x5c,
0x3e, 0xae, 0xf7, 0xb6, 0x49, 0x5c, 0x2c, 0xf2, 0xba, 0xe9, 0xab, 0x4f,
0x37, 0x64, 0x9b, 0x30, 0x18, 0xaa, 0x54, 0x40, 0x04, 0xea, 0x3d, 0x25,
0x4d, 0x02, 0x29, 0x71, 0x6f, 0x4d, 0x82, 0x9b, 0xc3, 0x44, 0x2a, 0x9d,
0x0c, 0x98, 0xd3, 0xc8, 0x15, 0x0d, 0x04, 0x93, 0x60, 0x30, 0xc7, 0x5e,
0x79, 0xea, 0x53, 0x9d, 0xc0, 0x0e, 0x81, 0xac, 0x90, 0xbc, 0x9e, 0x1e,
0xd2, 0x28, 0x0f, 0x10, 0xf5, 0x1f, 0xdf, 0x38, 0x7f, 0x8a, 0x90, 0x8d,
0x49, 0x07, 0x7d, 0x78, 0xcb, 0xa7, 0xef, 0x92, 0x6d, 0x3b, 0x13, 0x95,
0x9b, 0xba, 0x83, 0xc6, 0xb3, 0x71, 0x25, 0x27, 0x07, 0x99, 0x54, 0x82,
0x3d, 0xec, 0xc5, 0xf8, 0xb4, 0xa0, 0x38, 0x7a, 0x59, 0x6a, 0x0b, 0xca,
0x69, 0x6c, 0x17, 0xa4, 0x18, 0xe0, 0xb4, 0xaa, 0x89, 0x99, 0x8f, 0xcb,
0x71, 0x34, 0x09, 0x1b, 0x6e, 0xe6, 0x87, 0x00, 0xb5, 0xba, 0x70, 0x8a,
0x29, 0x3d, 0x9a, 0x06, 0x18, 0x2d, 0x66, 0x5e, 0x61, 0x37, 0xeb, 0xdd,
0x5e, 0xc8, 0x28, 0x92, 0x05, 0x30, 0xfd, 0xb8, 0x65, 0xb1, 0x7f, 0xbf,
0x2d, 0x55, 0x12, 0x91, 0xc1, 0x02, 0x81, 0x81, 0x00, 0xda, 0x65, 0xda,
0x38, 0x7c, 0x18, 0xfb, 0x00, 0x11, 0x60, 0xeb, 0x37, 0x65, 0xb8, 0x83,
0x62, 0x88, 0xc4, 0x3a, 0x4e, 0x64, 0x6a, 0xf3, 0x3e, 0x4e, 0xc0, 0x34,
0x19, 0x8a, 0xcb, 0x4a, 0xca, 0x2f, 0x5d, 0x50, 0x7a, 0xac, 0xf7, 0x9e,
0x87, 0x5a, 0xfc, 0x4d, 0x49, 0xd7, 0xf9, 0x21, 0xf5, 0x0b, 0x6f, 0x57,
0x41, 0x3d, 0x8f, 0xb8, 0xec, 0x7f, 0xcc, 0x92, 0x09, 0xbe, 0xd3, 0xa4,
0xc3, 0x14, 0x85, 0x21, 0x5d, 0x05, 0xa3, 0xaa, 0x20, 0xf6, 0x62, 0x44,
0x50, 0x03, 0x5e, 0x53, 0x4a, 0xcd, 0x6a, 0xb6, 0x65, 0x8e, 0x4e, 0x4b,
0x3f, 0x25, 0xc6, 0x16, 0x31, 0xf5, 0x99, 0x13, 0x77, 0x42, 0xda, 0xdc,
0x70, 0x4d, 0x65, 0xb0, 0x99, 0x0f, 0xdf, 0x5a, 0xb1, 0x45, 0xf0, 0xb9,
0x8e, 0xa0, 0xae, 0x4f, 0x4d, 0x65, 0x09, 0x84, 0xb5, 0x38, 0x29, 0xbf,
0x69, 0xe0, 0x88, 0x1f, 0x27, 0x02, 0x81, 0x81, 0x00, 0xd3, 0x2a, 0x59,
0xec, 0x28, 0xc3, 0x0d, 0x4f, 0x92, 0x96, 0xca, 0x67, 0x94, 0xfc, 0x2e,
0xa6, 0x86, 0x68, 0x45, 0x53, 0x92, 0xcc, 0x86, 0x7f, 0x8a, 0xe1, 0x5d,
0xe8, 0x1d, 0x9e, 0xbb, 0x1e, 0x00, 0x26, 0x1d, 0x80, 0x12, 0xff, 0x9c,
0x11, 0x0a, 0xbd, 0xa6, 0xc3, 0x8d, 0x48, 0xda, 0xfc, 0x10, 0xf7, 0x7a,
0x16, 0x07, 0x15, 0xa0, 0x3a, 0xd3, 0x94, 0xfb, 0x52, 0x87, 0x39, 0xee,
0xe7, 0xc4, 0x26, 0x49, 0x16, 0xc6, 0xc0, 0x83, 0x25, 0xbf, 0x6a, 0x4e,
0x8c, 0x0b, 0x10, 0x85, 0x66, 0xab, 0x7e, 0xae, 0xac, 0x4c, 0x69, 0x3c,
0x44, 0xeb, 0xcd, 0xe9, 0xf6, 0x64, 0x8b, 0x4a, 0xd8, 0x6a, 0x4d, 0x6d,
0x47, 0xa9, 0xb8, 0x55, 0x72, 0xc1, 0xfd, 0xf4, 0x81, 0x4c, 0x66, 0xbe,
0x49, 0xf2, 0x75, 0x4f, 0x80, 0xf1, 0x20, 0x38, 0xb8, 0x6a, 0x1b, 0x75,
0x41, 0x30, 0x0f, 0x1b, 0x3f, 0x02, 0x81, 0x80, 0x09, 0x35, 0xfa, 0x7a,
0x1f, 0x61, 0xbe, 0x54, 0x46, 0x67, 0x5c, 0x04, 0x3e, 0x1a, 0x06, 0x10,
0x85, 0xcc, 0x20, 0xd9, 0x65, 0x8a, 0xcd, 0x2f, 0x77, 0x8a, 0xcb, 0xa7,
0xb8, 0x1e, 0xd2, 0xcc, 0xac, 0x2a, 0xb7, 0x56, 0x35, 0x2d, 0x4c, 0x56,
0x51, 0x14, 0x0a, 0xfe, 0x6e, 0x49, 0x67, 0x91, 0x3a, 0x26, 0x3b, 0xfb,
0xd8, 0x68, 0xd3, 0x57, 0xc6, 0x1c, 0x0e, 0x9c, 0xb2, 0x9b, 0xa2, 0x7b,
0x47, 0xc6, 0x45, 0x9d, 0xf2, 0xba, 0xf0, 0x55, 0xeb, 0x8e, 0x41, 0x6b,
0x4e, 0x79, 0x0f, 0xf2, 0x3b, 0xaf, 0xa0, 0x79, 0xb0, 0x02, 0xc5, 0x51,
0xa8, 0x7a, 0x2e, 0x3d, 0x75, 0x2a, 0x3b, 0x93, 0xf0, 0x11, 0xe2, 0xf2,
0x29, 0x91, 0x7c, 0x5d, 0x38, 0x3a, 0x27, 0x4d, 0x0a, 0xb2, 0x18, 0x61,
0x57, 0x8d, 0x82, 0x72, 0xb5, 0x2c, 0x2d, 0x98, 0xa7, 0x01, 0xbb, 0xbc,
0xef, 0x67, 0x4e, 0x49, 0x02, 0x81, 0x81, 0x00, 0xb2, 0x70, 0x53, 0x54,
0x70, 0x8d, 0x82, 0xad, 0xff, 0x1d, 0x55, 0x24, 0x7a, 0x8d, 0x2f, 0x8e,
0xa0, 0x7d, 0x74, 0x37, 0xcf, 0x10, 0xed, 0x86, 0xd1, 0x80, 0xe7, 0xad,
0xc1, 0x79, 0xe4, 0x7c, 0xd1, 0x7b, 0x63, 0xea, 0x5a, 0x23, 0x8d, 0x6a,
0x09, 0x3d, 0x81, 0xb2, 0x35, 0xad, 0x9e, 0xfe, 0xea, 0x07, 0x76, 0x2f,
0x2f, 0x05, 0x63, 0x44, 0xd2, 0x8e, 0x4e, 0x61, 0xca, 0xcb, 0x75, 0xca,
0x7b, 0xc2, 0x2e, 0x79, 0x04, 0xb2, 0xa1, 0x20, 0x40, 0xc4, 0x40, 0x63,
0xae, 0xe5, 0xe3, 0x14, 0x83, 0x4e, 0xa5, 0xa4, 0x0b, 0x5d, 0xd2, 0x04,
0x1b, 0x8f, 0x01, 0x69, 0xa8, 0x44, 0xdc, 0x96, 0x4c, 0x1d, 0xe9, 0x7e,
0x69, 0x38, 0xcf, 0x5c, 0x0d, 0xf9, 0xdf, 0xa7, 0x73, 0x3c, 0x4f, 0x08,
0x85, 0xce, 0x03, 0xc4, 0xdd, 0xfd, 0x70, 0x70, 0xc5, 0x99, 0x36, 0x58,
0x43, 0x98, 0x40, 0x59, 0x02, 0x81, 0x81, 0x00, 0xd5, 0xaa, 0xfb, 0xec,
0x8d, 0xc6, 0xdd, 0xfa, 0x2b, 0x5a, 0x24, 0xd0, 0xda, 0x58, 0xbd, 0x87,
0x92, 0x1a, 0x29, 0x62, 0x13, 0x1d, 0x4b, 0x79, 0x1b, 0xbe, 0x79, 0x7d,
0xad, 0x79, 0xca, 0x17, 0x75, 0xda, 0xe8, 0x32, 0xe8, 0xa0, 0x9e, 0xa8,
0x77, 0x53, 0xac, 0x38, 0xd6, 0xeb, 0xe6, 0x22, 0x65, 0xc4, 0xaa, 0x4c,
0xc8, 0xd0, 0x33, 0x1a, 0x1e, 0xbe, 0xbd, 0x73, 0x09, 0x4a, 0xfa, 0x85,
0x5c, 0xf3, 0x0c, 0x9c, 0x81, 0x56, 0x30, 0xa7, 0xf7, 0x9b, 0xf4, 0x92,
0x9c, 0x6b, 0x93, 0x6a, 0x00, 0x33, 0xdc, 0x2f, 0x54, 0x1e, 0x78, 0xd4,
0x97, 0xec, 0x24, 0xa2, 0xdb, 0x3d, 0x03, 0x33, 0x09, 0xb2, 0x2c, 0x03,
0x05, 0x40, 0xde, 0x52, 0xf2, 0x9b, 0xfa, 0x00, 0x8d, 0x4b, 0xfe, 0x5b,
0x9b, 0x9c, 0x73, 0xad, 0xfb, 0x7a, 0x00, 0x42, 0x62, 0x9e, 0xa0, 0x95,
0x55, 0x50, 0x32, 0x87
};
static unsigned int enc_key_len = 1192;
const struct bootutil_key bootutil_enc_key = {
.key = enc_key,
.len = &enc_key_len,
};
#endif
#if defined(MCUBOOT_ENCRYPT_KW)
#if defined(MCUBOOT_AES_256)
unsigned char enc_key[] = {
0xE4, 0x5C, 0x51, 0x46, 0xD2, 0x1C, 0x82, 0x35, 0xCC, 0x1A, 0x19, 0xAF,
0xA1, 0xF2, 0xAA, 0x20, 0xC8, 0x8C, 0x7F, 0x40, 0x6C, 0xDB, 0x22, 0xAA,
0x6A, 0xB5, 0xCB, 0xAA, 0xF8, 0xB1, 0x5B, 0xB4
};
static unsigned int enc_key_len = 32;
#else
unsigned char enc_key[] = {
0xd1, 0x5a, 0x04, 0x95, 0xc4, 0xc2, 0xa8, 0xff, 0x30, 0x78, 0xce, 0x49,
0xb5, 0xfc, 0xb2, 0xdd
};
static unsigned int enc_key_len = 16;
#endif
const struct bootutil_key bootutil_enc_key = {
.key = enc_key,
.len = &enc_key_len,
};
#endif
#if defined(MCUBOOT_ENCRYPT_EC256)
unsigned char enc_key[] = {
0x30, 0x81, 0x43, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
0x03, 0x01, 0x07, 0x04, 0x29, 0x30, 0x27, 0x02, 0x01, 0x01, 0x04, 0x20,
0xf6, 0x1e, 0x51, 0x9d, 0xf8, 0xfa, 0xdd, 0xa1, 0xb7, 0xd9, 0xa9, 0x64,
0x64, 0x3b, 0x54, 0xd0, 0x3d, 0xd0, 0x1f, 0xe5, 0x78, 0xd9, 0x17, 0x98,
0xa5, 0x28, 0xca, 0xcc, 0x6b, 0x67, 0x9e, 0x06, 0xa1, 0x44,
};
static unsigned int enc_key_len = 70;
const struct bootutil_key bootutil_enc_key = {
.key = enc_key,
.len = &enc_key_len,
};
#endif
#if defined(MCUBOOT_ENCRYPT_X25519)
unsigned char enc_key[] = {
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
0x04, 0x22, 0x04, 0x20, 0x28, 0x80, 0x2f, 0xef, 0xef, 0x82, 0x95, 0x50,
0xf1, 0x41, 0x93, 0x03, 0x6c, 0x1b, 0xb9, 0x49, 0x6c, 0x51, 0xe5, 0x26,
0x87, 0x8f, 0x77, 0x07, 0xf8, 0xb4, 0x1f, 0x04, 0x45, 0x6d, 0x84, 0x4f,
};
static unsigned int enc_key_len = 48;
const struct bootutil_key bootutil_enc_key = {
.key = enc_key,
.len = &enc_key_len,
};
#endif

28
bootloader/mcuboot/sim/mcuboot-sys/csupport/mcuboot_config/mcuboot_assert.h Normal file
View File

@@ -0,0 +1,28 @@
// SPDX-License-Identifier: Apache-2.0
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#ifndef __MCUBOOT_ASSERT_H__
#define __MCUBOOT_ASSERT_H__
#include <assert.h>
void sim_assert(int, const char *test, const char *, unsigned int, const char *);
#define ASSERT(x) sim_assert((x), #x, __FILE__, __LINE__, __func__)
#endif /* __MCUBOOT_ASSERT_H__ */

28
bootloader/mcuboot/sim/mcuboot-sys/csupport/mcuboot_config/mcuboot_config.h Normal file
View File

@@ -0,0 +1,28 @@
/*
* Copyright (c) 2022 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef __MCUBOOT_CONFIG_H__
#define __MCUBOOT_CONFIG_H__
/*
* This file is included by the simulator, but we don't want to
* define almost anything here.
*
* Instead of using mcuboot_config.h, the simulator adds MCUBOOT_xxx
* configuration flags to the compiler command lines based on the
* values of environment variables. However, the file still must
* exist, or bootutil won't build.
*/
#define MCUBOOT_WATCHDOG_FEED() \
do { \
} while (0)
#define MCUBOOT_CPU_IDLE() \
do { \
} while (0)
#endif /* __MCUBOOT_CONFIG_H__ */

107
bootloader/mcuboot/sim/mcuboot-sys/csupport/mcuboot_config/mcuboot_logging.h Normal file
View File

@@ -0,0 +1,107 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#ifndef __MCUBOOT_LOGGING_H__
#define __MCUBOOT_LOGGING_H__
#include <stdio.h>
#define MCUBOOT_LOG_LEVEL_OFF 0
#define MCUBOOT_LOG_LEVEL_ERROR 1
#define MCUBOOT_LOG_LEVEL_WARNING 2
#define MCUBOOT_LOG_LEVEL_INFO 3
#define MCUBOOT_LOG_LEVEL_DEBUG 4
#define MCUBOOT_LOG_LEVEL_SIM 5 /* RUST_LOG=trace */
/*
* The compiled log level determines the maximum level that can be
* printed. Messages at or below this level can be printed, provided
* they are also enabled through the Rust logging system, such as by
* setting RUST_LOG to bootsim::api=info.
*/
#ifndef MCUBOOT_LOG_LEVEL
#define MCUBOOT_LOG_LEVEL MCUBOOT_LOG_LEVEL_DEBUG
#endif
#define MCUBOOT_LOG_MODULE_DECLARE(domain) /* ignore */
#define MCUBOOT_LOG_MODULE_REGISTER(domain) /* ignore */
int sim_log_enabled(int level);
#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_ERROR
#define MCUBOOT_LOG_ERR(_fmt, ...) \
do { \
if (sim_log_enabled(MCUBOOT_LOG_LEVEL_ERROR)) { \
fprintf(stderr, "[ERR] " _fmt "\n", ##__VA_ARGS__); \
fflush(stderr); \
} \
} while (0)
#else
#define MCUBOOT_LOG_ERR(...) IGNORE(__VA_ARGS__)
#endif
#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_WARNING
#define MCUBOOT_LOG_WRN(_fmt, ...) \
do { \
if (sim_log_enabled(MCUBOOT_LOG_LEVEL_WARNING)) { \
fprintf(stderr, "[WRN] " _fmt "\n", ##__VA_ARGS__); \
fflush(stderr); \
} \
} while (0)
#else
#define MCUBOOT_LOG_WRN(...) IGNORE(__VA_ARGS__)
#endif
#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_INFO
#define MCUBOOT_LOG_INF(_fmt, ...) \
do { \
if (sim_log_enabled(MCUBOOT_LOG_LEVEL_INFO)) { \
fprintf(stderr, "[INF] " _fmt "\n", ##__VA_ARGS__); \
fflush(stderr); \
} \
} while (0)
#else
#define MCUBOOT_LOG_INF(...) IGNORE(__VA_ARGS__)
#endif
#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_DEBUG
#define MCUBOOT_LOG_DBG(_fmt, ...) \
do { \
if (sim_log_enabled(MCUBOOT_LOG_LEVEL_DEBUG)) { \
fprintf(stderr, "[DBG] " _fmt "\n", ##__VA_ARGS__); \
fflush(stderr); \
} \
} while (0)
#else
#define MCUBOOT_LOG_DBG(...) IGNORE(__VA_ARGS__)
#endif
#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_SIM
#define MCUBOOT_LOG_SIM(_fmt, ...) \
do { \
if (sim_log_enabled(MCUBOOT_LOG_LEVEL_SIM)) { \
fprintf(stderr, "[SIM] " _fmt "\n", ##__VA_ARGS__); \
fflush(stderr); \
} \
} while (0)
#else
#define MCUBOOT_LOG_SIM(...) IGNORE(__VA_ARGS__)
#endif
#endif /* __MCUBOOT_LOGGING_H__ */

10
bootloader/mcuboot/sim/mcuboot-sys/csupport/os/os_heap.h Normal file
View File

@@ -0,0 +1,10 @@
/*
* Copyright (c) 2022 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef H_OS_HEAP_
#define H_OS_HEAP_
#endif

10
bootloader/mcuboot/sim/mcuboot-sys/csupport/os/os_malloc.h Normal file
View File

@@ -0,0 +1,10 @@
/*
* Copyright (c) 2022 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef H_OS_MALLOC_
#define H_OS_MALLOC_
#endif

22
bootloader/mcuboot/sim/mcuboot-sys/csupport/psa_crypto_init_stub.c Normal file
View File

@@ -0,0 +1,22 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023 Arm Limited
*/
/* This file, and the methods within are required when PSA Crypto API is enabled
* (--features psa-crypto-api), but the selected combination of features does
* not rely on any PSA Crypto APIs, and will not be adding any of them to the build.
*/
#include <bootutil/bootutil_log.h>
int psa_crypto_init()
{
BOOT_LOG_SIM("psa_crypto_init() is being stubbed.\n");
return 0;
}
void mbedtls_test_enable_insecure_external_rng(){
BOOT_LOG_SIM("mbedtls_test_enable_insecure_external_rng() is being stubbed.\n");
}

543
bootloader/mcuboot/sim/mcuboot-sys/csupport/run.c Normal file
View File

@@ -0,0 +1,543 @@
/* Run the boot image. */
#include <assert.h>
#include <setjmp.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <bootutil/bootutil.h>
#include <bootutil/image.h>
#include <flash_map_backend/flash_map_backend.h>
#include "../../../boot/bootutil/src/bootutil_priv.h"
#include "bootsim.h"
#ifdef MCUBOOT_ENCRYPT_RSA
#include "mbedtls/rsa.h"
#include "mbedtls/asn1.h"
#endif
#ifdef MCUBOOT_ENCRYPT_KW
#include "mbedtls/nist_kw.h"
#endif
#define BOOT_LOG_LEVEL BOOT_LOG_LEVEL_ERROR
#include <bootutil/bootutil_log.h>
#include "bootutil/crypto/common.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
struct area_desc;
extern struct area_desc *sim_get_flash_areas(void);
extern void sim_set_flash_areas(struct area_desc *areas);
extern void sim_reset_flash_areas(void);
struct sim_context;
extern struct sim_context *sim_get_context(void);
extern void sim_set_context(struct sim_context *ctx);
extern void sim_reset_context(void);
extern int sim_flash_erase(uint8_t flash_id, uint32_t offset, uint32_t size);
extern int sim_flash_read(uint8_t flash_id, uint32_t offset, uint8_t *dest,
uint32_t size);
extern int sim_flash_write(uint8_t flash_id, uint32_t offset, const uint8_t *src,
uint32_t size);
extern uint32_t sim_flash_align(uint8_t flash_id);
extern uint8_t sim_flash_erased_val(uint8_t flash_id);
struct sim_context {
int flash_counter;
int jumped;
uint8_t c_asserts;
uint8_t c_catch_asserts;
jmp_buf boot_jmpbuf;
};
#ifdef MCUBOOT_ENCRYPT_RSA
static int
parse_pubkey(mbedtls_rsa_context *ctx, uint8_t **p, uint8_t *end)
{
int rc;
size_t len;
if ((rc = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return -1;
}
if (*p + len != end) {
return -2;
}
if ((rc = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return -3;
}
*p += len;
if ((rc = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
return -4;
}
if (**p != MBEDTLS_ASN1_PRIMITIVE) {
return -5;
}
*p += 1;
if ((rc = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return -6;
}
if (mbedtls_asn1_get_mpi(p, end, &ctx->MBEDTLS_CONTEXT_MEMBER(N)) != 0) {
return -7;
}
if (mbedtls_asn1_get_mpi(p, end, &ctx->MBEDTLS_CONTEXT_MEMBER(E)) != 0) {
return -8;
}
ctx->MBEDTLS_CONTEXT_MEMBER(len) = mbedtls_mpi_size(&ctx->MBEDTLS_CONTEXT_MEMBER(N));
if (*p != end) {
return -9;
}
if (mbedtls_rsa_check_pubkey(ctx) != 0) {
return -10;
}
return 0;
}
static int
fake_rng(void *p_rng, unsigned char *output, size_t len)
{
size_t i;
(void)p_rng;
for (i = 0; i < len; i++) {
output[i] = (char)i;
}
return 0;
}
#endif
int mbedtls_platform_set_calloc_free(void * (*calloc_func)(size_t, size_t),
void (*free_func)(void *));
int rsa_oaep_encrypt_(const uint8_t *pubkey, unsigned pubkey_len,
const uint8_t *seckey, unsigned seckey_len,
uint8_t *encbuf)
{
#ifdef MCUBOOT_ENCRYPT_RSA
mbedtls_rsa_context ctx;
uint8_t *cp;
uint8_t *cpend;
int rc;
mbedtls_platform_set_calloc_free(calloc, free);
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
mbedtls_rsa_init(&ctx);
mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
#else
mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
#endif
cp = (uint8_t *)pubkey;
cpend = cp + pubkey_len;
rc = parse_pubkey(&ctx, &cp, cpend);
if (rc) {
goto done;
}
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
rc = mbedtls_rsa_rsaes_oaep_encrypt(&ctx, fake_rng, NULL,
NULL, 0, seckey_len, seckey, encbuf);
#else
rc = mbedtls_rsa_rsaes_oaep_encrypt(&ctx, fake_rng, NULL, MBEDTLS_RSA_PUBLIC,
NULL, 0, seckey_len, seckey, encbuf);
#endif
if (rc) {
goto done;
}
done:
mbedtls_rsa_free(&ctx);
return rc;
#else
(void)pubkey;
(void)pubkey_len;
(void)seckey;
(void)seckey_len;
(void)encbuf;
return 0;
#endif
}
int kw_encrypt_(const uint8_t *kek, const uint8_t *seckey, uint8_t *encbuf)
{
#ifdef MCUBOOT_ENCRYPT_KW
#ifdef MCUBOOT_AES_256
int key_len = 256;
int out_size = 40;
int in_len = 32;
#else
int key_len = 128;
int out_size = 24;
int in_len = 16;
#endif
mbedtls_nist_kw_context kw;
size_t olen;
int rc;
mbedtls_platform_set_calloc_free(calloc, free);
mbedtls_nist_kw_init(&kw);
rc = mbedtls_nist_kw_setkey(&kw, MBEDTLS_CIPHER_ID_AES, kek, key_len, 1);
if (rc) {
goto done;
}
rc = mbedtls_nist_kw_wrap(&kw, MBEDTLS_KW_MODE_KW, seckey, in_len, encbuf,
&olen, out_size);
done:
mbedtls_nist_kw_free(&kw);
return rc;
#else
(void)kek;
(void)seckey;
(void)encbuf;
return 0;
#endif
}
uint32_t flash_area_align(const struct flash_area *area)
{
return sim_flash_align(area->fa_device_id);
}
uint8_t flash_area_erased_val(const struct flash_area *area)
{
return sim_flash_erased_val(area->fa_device_id);
}
struct area {
struct flash_area whole;
struct flash_area *areas;
uint32_t num_areas;
uint8_t id;
};
struct area_desc {
struct area slots[16];
uint32_t num_slots;
};
int invoke_boot_go(struct sim_context *ctx, struct area_desc *adesc,
struct boot_rsp *rsp, int image_id)
{
int res;
struct boot_loader_state *state;
#if defined(MCUBOOT_SIGN_RSA) || \
(defined(MCUBOOT_SIGN_EC256) && defined(MCUBOOT_USE_MBED_TLS)) ||\
(defined(MCUBOOT_ENCRYPT_EC256) && defined(MCUBOOT_USE_MBED_TLS)) ||\
(defined(MCUBOOT_ENCRYPT_X25519) && defined(MCUBOOT_USE_MBED_TLS))
mbedtls_platform_set_calloc_free(calloc, free);
#endif
state = malloc(sizeof(struct boot_loader_state));
sim_set_flash_areas(adesc);
sim_set_context(ctx);
if (setjmp(ctx->boot_jmpbuf) == 0) {
boot_state_clear(state);
#if BOOT_IMAGE_NUMBER > 1
if (image_id >= 0) {
memset(state->img_mask, 1, sizeof(state->img_mask));
state->img_mask[image_id] = 0;
}
#else
(void) image_id;
#endif /* BOOT_IMAGE_NUMBER > 1 */
res = context_boot_go(state, rsp);
sim_reset_flash_areas();
sim_reset_context();
free(state);
/* printf("boot_go off: %d (0x%08x)\n", res, rsp.br_image_off); */
return res;
} else {
sim_reset_flash_areas();
sim_reset_context();
free(state);
return -0x13579;
}
}
void *os_malloc(size_t size)
{
// printf("os_malloc 0x%x bytes\n", size);
return malloc(size);
}
int flash_area_id_from_multi_image_slot(int image_index, int slot)
{
switch (slot) {
case 0: return FLASH_AREA_IMAGE_PRIMARY(image_index);
case 1: return FLASH_AREA_IMAGE_SECONDARY(image_index);
case 2: return FLASH_AREA_IMAGE_SCRATCH;
}
printf("Image flash area ID not found\n");
return -1; /* flash_area_open will fail on that */
}
int flash_area_open(uint8_t id, const struct flash_area **area)
{
uint32_t i;
struct area_desc *flash_areas;
flash_areas = sim_get_flash_areas();
for (i = 0; i < flash_areas->num_slots; i++) {
if (flash_areas->slots[i].id == id)
break;
}
if (i == flash_areas->num_slots) {
printf("Unsupported area\n");
abort();
}
/* Unsure if this is right, just returning the first area. */
*area = &flash_areas->slots[i].whole;
return 0;
}
void flash_area_close(const struct flash_area *area)
{
(void)area;
}
/*
* Read/write/erase. Offset is relative from beginning of flash area.
*/
int flash_area_read(const struct flash_area *area, uint32_t off, void *dst,
uint32_t len)
{
BOOT_LOG_SIM("%s: area=%d, off=%x, len=%x",
__func__, area->fa_id, off, len);
return sim_flash_read(area->fa_device_id, area->fa_off + off, dst, len);
}
int flash_area_write(const struct flash_area *area, uint32_t off, const void *src,
uint32_t len)
{
BOOT_LOG_SIM("%s: area=%d, off=%x, len=%x", __func__,
area->fa_id, off, len);
struct sim_context *ctx = sim_get_context();
if (--(ctx->flash_counter) == 0) {
ctx->jumped++;
longjmp(ctx->boot_jmpbuf, 1);
}
return sim_flash_write(area->fa_device_id, area->fa_off + off, src, len);
}
int flash_area_erase(const struct flash_area *area, uint32_t off, uint32_t len)
{
BOOT_LOG_SIM("%s: area=%d, off=%x, len=%x", __func__,
area->fa_id, off, len);
struct sim_context *ctx = sim_get_context();
if (--(ctx->flash_counter) == 0) {
ctx->jumped++;
longjmp(ctx->boot_jmpbuf, 1);
}
return sim_flash_erase(area->fa_device_id, area->fa_off + off, len);
}
int flash_area_to_sectors(int idx, int *cnt, struct flash_area *ret)
{
uint32_t i;
struct area *slot;
struct area_desc *flash_areas;
flash_areas = sim_get_flash_areas();
for (i = 0; i < flash_areas->num_slots; i++) {
if (flash_areas->slots[i].id == idx)
break;
}
if (i == flash_areas->num_slots) {
printf("Unsupported area\n");
abort();
}
slot = &flash_areas->slots[i];
if (slot->num_areas > (uint32_t)*cnt) {
printf("Too many areas in slot\n");
abort();
}
*cnt = slot->num_areas;
memcpy(ret, slot->areas, slot->num_areas * sizeof(struct flash_area));
return 0;
}
int flash_area_get_sectors(int fa_id, uint32_t *count,
struct flash_sector *sectors)
{
uint32_t i;
struct area *slot;
struct area_desc *flash_areas;
flash_areas = sim_get_flash_areas();
for (i = 0; i < flash_areas->num_slots; i++) {
if (flash_areas->slots[i].id == fa_id)
break;
}
if (i == flash_areas->num_slots) {
printf("Unsupported area\n");
abort();
}
slot = &flash_areas->slots[i];
if (slot->num_areas > *count) {
printf("Too many areas in slot\n");
abort();
}
for (i = 0; i < slot->num_areas; i++) {
sectors[i].fs_off = slot->areas[i].fa_off -
slot->whole.fa_off;
sectors[i].fs_size = slot->areas[i].fa_size;
}
*count = slot->num_areas;
return 0;
}
int flash_area_id_to_multi_image_slot(int image_index, int area_id)
{
if (area_id == FLASH_AREA_IMAGE_PRIMARY(image_index)) {
return 0;
}
if (area_id == FLASH_AREA_IMAGE_SECONDARY(image_index)) {
return 1;
}
printf("Unsupported image area ID\n");
abort();
}
int flash_area_id_from_image_slot(int slot) {
/* For single image cases, just use the first image. */
return flash_area_id_from_multi_image_slot(0, slot);
}
int flash_area_sector_from_off(uint32_t off, struct flash_sector *sector)
{
uint32_t i, sec_off, sec_size;
struct area *slot;
struct area_desc *flash_areas;
flash_areas = sim_get_flash_areas();
for (i = 0; i < flash_areas->num_slots; i++) {
if (flash_areas->slots[i].id == FLASH_AREA_ID(image_0))
break;
}
if (i == flash_areas->num_slots) {
printf("Unsupported area\n");
abort();
}
slot = &flash_areas->slots[i];
for (i = 0; i < slot->num_areas; i++) {
sec_off = slot->areas[i].fa_off - slot->whole.fa_off;
sec_size = slot->areas[i].fa_size;
if (off >= sec_off && off < (sec_off + sec_size)) {
sector->fs_off = sec_off;
sector->fs_size = sec_size;
break;
}
}
return (i < slot->num_areas) ? 0 : -1;
}
int flash_area_get_sector(const struct flash_area *fa, uint32_t off,
struct flash_sector *sector)
{
uint32_t i, sec_off, sec_size;
struct area *slot;
struct area_desc *flash_areas;
flash_areas = sim_get_flash_areas();
for (i = 0; i < flash_areas->num_slots; i++) {
if (&flash_areas->slots[i].whole == fa)
break;
}
if (i == flash_areas->num_slots) {
printf("Unsupported area\n");
abort();
}
slot = &flash_areas->slots[i];
for (i = 0; i < slot->num_areas; i++) {
sec_off = slot->areas[i].fa_off - slot->whole.fa_off;
sec_size = slot->areas[i].fa_size;
if (off >= sec_off && off < (sec_off + sec_size)) {
sector->fs_off = sec_off;
sector->fs_size = sec_size;
break;
}
}
return (i < slot->num_areas) ? 0 : -1;
}
void sim_assert(int x, const char *assertion, const char *file, unsigned int line, const char *function)
{
if (!(x)) {
struct sim_context *ctx = sim_get_context();
if (ctx->c_catch_asserts) {
ctx->c_asserts++;
} else {
BOOT_LOG_ERR("%s:%d: %s: Assertion `%s' failed.", file, line, function, assertion);
/* NOTE: if the assert below is triggered, the place where it was originally
* asserted is printed by the message above...
*/
assert(x);
}
}
}
uint32_t boot_max_align(void)
{
return BOOT_MAX_ALIGN;
}
uint32_t boot_magic_sz(void)
{
return BOOT_MAGIC_ALIGN_SIZE;
}

43
bootloader/mcuboot/sim/mcuboot-sys/csupport/security_cnt.c Normal file
View File

@@ -0,0 +1,43 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023 Arm Limited
*/
#include "bootutil/security_cnt.h"
#include "mcuboot_config/mcuboot_logging.h"
#include "bootutil/fault_injection_hardening.h"
/*
* Since the simulator is executing unit tests in parallel,
* the storage area where the security counter values reside
* has to be managed per thread from Rust's side.
*/
#ifdef MCUBOOT_HW_ROLLBACK_PROT
int sim_set_nv_counter_for_image(uint32_t image_index, uint32_t security_counter_value);
int sim_get_nv_counter_for_image(uint32_t image_index, uint32_t* data);
fih_ret boot_nv_security_counter_init(void) {
return FIH_SUCCESS;
}
fih_ret boot_nv_security_counter_get(uint32_t image_id, fih_int *security_cnt) {
uint32_t counter = 0;
FIH_DECLARE(fih_rc, FIH_FAILURE);
fih_rc = fih_ret_encode_zero_equality(sim_get_nv_counter_for_image(image_id, &counter));
MCUBOOT_LOG_INF("Read security counter value (%d) for image: %d\n", counter, image_id);
*security_cnt = fih_int_encode(counter);
FIH_RET(fih_rc);
}
int32_t boot_nv_security_counter_update(uint32_t image_id, uint32_t img_security_cnt) {
MCUBOOT_LOG_INF("Writing security counter value (%d) for image: %d\n", img_security_cnt, image_id);
return sim_set_nv_counter_for_image(image_id, img_security_cnt);
}
#endif /* MCUBOOT_HW_ROLLBACK_PROT */

171
bootloader/mcuboot/sim/mcuboot-sys/csupport/storage/flash_map.h Normal file
View File

@@ -0,0 +1,171 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#ifndef H_UTIL_FLASH_MAP_
#define H_UTIL_FLASH_MAP_
#ifdef __cplusplus
extern "C" {
#endif
/**
*
* Provides abstraction of flash regions for type of use.
* I.e. dude where's my image?
*
* System will contain a map which contains flash areas. Every
* region will contain flash identifier, offset within flash and length.
*
* 1. This system map could be in a file within filesystem (Initializer
* must know/figure out where the filesystem is at).
* 2. Map could be at fixed location for project (compiled to code)
* 3. Map could be at specific place in flash (put in place at mfg time).
*
* Note that the map you use must be valid for BSP it's for,
* match the linker scripts when platform executes from flash,
* and match the target offset specified in download script.
*/
#include <inttypes.h>
/**
* @brief Structure describing an area on a flash device.
*
* Multiple flash devices may be available in the system, each of
* which may have its own areas. For this reason, flash areas track
* which flash device they are part of.
*/
struct flash_area {
/**
* This flash area's ID; unique in the system.
*/
uint8_t fa_id;
/**
* ID of the flash device this area is a part of.
*/
uint8_t fa_device_id;
uint16_t pad16;
/**
* This area's offset, relative to the beginning of its flash
* device's storage.
*/
uint32_t fa_off;
/**
* This area's size, in bytes.
*/
uint32_t fa_size;
};
/**
* @brief Structure describing a sector within a flash area.
*
* Each sector has an offset relative to the start of its flash area
* (NOT relative to the start of its flash device), and a size. A
* flash area may contain sectors with different sizes.
*/
struct flash_sector {
/**
* Offset of this sector, from the start of its flash area (not device).
*/
uint32_t fs_off;
/**
* Size of this sector, in bytes.
*/
uint32_t fs_size;
};
/*
* Retrieve a memory-mapped flash device's base address.
*
* On success, the address will be stored in the value pointed to by
* ret.
*
* Returns 0 on success, or an error code on failure.
*/
int flash_device_base(uint8_t fd_id, uintptr_t *ret);
/*
* Start using flash area.
*/
int flash_area_open(uint8_t id, const struct flash_area **);
void flash_area_close(const struct flash_area *);
/*
* Read/write/erase. Offset is relative from beginning of flash area.
*/
int flash_area_read(const struct flash_area *, uint32_t off, void *dst,
uint32_t len);
int flash_area_write(const struct flash_area *, uint32_t off, const void *src,
uint32_t len);
int flash_area_erase(const struct flash_area *, uint32_t off, uint32_t len);
/*
* Alignment restriction for flash writes.
*/
uint32_t flash_area_align(const struct flash_area *);
/*
* What is value is read from erased flash bytes.
*/
uint8_t flash_area_erased_val(const struct flash_area *);
/*
* Given flash area ID, return info about sectors within the area.
*/
int flash_area_get_sectors(int fa_id, uint32_t *count,
struct flash_sector *sectors);
/* Retrieve the flash sector a given offset belongs to.
*
* Returns 0 on success, or an error code on failure.
*/
int flash_area_sector_from_off(uint32_t off, struct flash_sector *sector);
/* Retrieve the flash sector a given offset, within flash area.
*
* @param fa flash area.
* @param off offset of sector.
* @param sector pointer to structure for obtained information.
* Returns 0 on success, or an error code on failure.
*/
int flash_area_get_sector(const struct flash_area *fa, uint32_t off,
struct flash_sector *sector);
/*
* Similar to flash_area_get_sectors(), but return the values in an
* array of struct flash_area instead.
*/
__attribute__((deprecated))
int flash_area_to_sectors(int idx, int *cnt, struct flash_area *ret);
int flash_area_id_from_image_slot(int slot);
int flash_area_id_from_multi_image_slot(int image_index, int slot);
int flash_area_id_to_multi_image_slot(int image_index, int area_id);
#ifdef __cplusplus
}
#endif
#endif /* H_UTIL_FLASH_MAP_ */

46
bootloader/mcuboot/sim/mcuboot-sys/csupport/sysflash/sysflash.h Normal file
View File

@@ -0,0 +1,46 @@
/*
* Copyright (c) 2022 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef __SYSFLASH_H__
#define __SYSFLASH_H__
#include <devicetree.h>
#include <mcuboot_config/mcuboot_config.h>
#if (MCUBOOT_IMAGE_NUMBER == 1)
/*
* NOTE: the definition below returns the same values for true/false on
* purpose, to avoid having to mark x as non-used by all callers when
* running in single image mode.
*/
#define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? \
FLASH_AREA_ID(image_0) : \
FLASH_AREA_ID(image_0))
#define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? \
FLASH_AREA_ID(image_1) : \
FLASH_AREA_ID(image_1))
#elif (MCUBOOT_IMAGE_NUMBER == 2)
/* MCUBoot currently supports only up to 2 updateable firmware images.
* If the number of the current image is greater than MCUBOOT_IMAGE_NUMBER - 1
* then a dummy value will be assigned to the flash area macros.
*/
#define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? \
FLASH_AREA_ID(image_0) : \
((x) == 1) ? \
FLASH_AREA_ID(image_2) : \
255)
#define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? \
FLASH_AREA_ID(image_1) : \
((x) == 1) ? \
FLASH_AREA_ID(image_3) : \
255)
#else
#error "Image slot and flash area mapping is not defined"
#endif
#define FLASH_AREA_IMAGE_SCRATCH FLASH_AREA_ID(image_scratch)
#endif /* __SYSFLASH_H__ */

390
bootloader/mcuboot/sim/mcuboot-sys/src/api.rs Normal file
View File

@@ -0,0 +1,390 @@
// Copyright (c) 2017-2021 Linaro LTD
// Copyright (c) 2018-2019 JUUL Labs
// Copyright (c) 2023 Arm Limited
//
// SPDX-License-Identifier: Apache-2.0
//! HAL api for MyNewt applications
use crate::area::CAreaDesc;
use log::{Level, log_enabled, warn};
use simflash::{Result, Flash, FlashPtr};
use std::{
cell::RefCell,
collections::HashMap,
mem,
ptr,
slice,
};
/// A FlashMap maintain a table of [device_id -> Flash trait]
pub type FlashMap = HashMap<u8, FlashPtr>;
pub struct FlashParamsStruct {
align: u32,
erased_val: u8,
}
pub type FlashParams = HashMap<u8, FlashParamsStruct>;
/// The `boot_rsp` structure used by boot_go.
#[repr(C)]
#[derive(Debug)]
pub struct BootRsp {
pub br_hdr: *const ImageHeader,
pub flash_dev_id: u8,
pub image_off: u32,
}
// TODO: Don't duplicate this image header declaration.
#[repr(C)]
#[derive(Debug)]
pub struct ImageHeader {
magic: u32,
load_addr: u32,
hdr_size: u16,
protect_tlv_size: u16,
img_size: u32,
flags: u32,
ver: ImageVersion,
_pad2: u32,
}
#[repr(C)]
#[derive(Debug)]
pub struct ImageVersion {
pub major: u8,
pub minor: u8,
pub revision: u16,
pub build_num: u32,
}
pub struct CAreaDescPtr {
pub ptr: *const CAreaDesc,
}
pub struct FlashContext {
flash_map: FlashMap,
flash_params: FlashParams,
flash_areas: CAreaDescPtr,
}
impl FlashContext {
pub fn new() -> FlashContext {
FlashContext {
flash_map: HashMap::new(),
flash_params: HashMap::new(),
flash_areas: CAreaDescPtr{ptr: ptr::null()},
}
}
}
impl Default for FlashContext {
fn default() -> FlashContext {
FlashContext {
flash_map: HashMap::new(),
flash_params: HashMap::new(),
flash_areas: CAreaDescPtr{ptr: ptr::null()},
}
}
}
#[repr(C)]
#[derive(Debug)]
pub struct CSimContext {
pub flash_counter: libc::c_int,
pub jumped: libc::c_int,
pub c_asserts: u8,
pub c_catch_asserts: u8,
// NOTE: Always leave boot_jmpbuf declaration at the end; this should
// store a "jmp_buf" which is arch specific and not defined by libc crate.
// The size below is enough to store data on a x86_64 machine.
pub boot_jmpbuf: [u64; 48],
}
impl Default for CSimContext {
fn default() -> Self {
CSimContext {
flash_counter: 0,
jumped: 0,
c_asserts: 0,
c_catch_asserts: 0,
boot_jmpbuf: [0; 48],
}
}
}
pub struct CSimContextPtr {
pub ptr: *const CSimContext,
}
impl CSimContextPtr {
pub fn new() -> CSimContextPtr {
CSimContextPtr {
ptr: ptr::null(),
}
}
}
impl Default for CSimContextPtr {
fn default() -> CSimContextPtr {
CSimContextPtr {
ptr: ptr::null(),
}
}
}
/// This struct describes the RAM layout of the current device. It will be stashed, per test
/// thread, and queried by the C code.
#[repr(C)]
#[derive(Debug, Default)]
pub struct BootsimRamInfo {
pub start: u32,
pub size: u32,
pub base: usize,
}
/// This struct stores the non-volatile security counter per image. It will be stored per test thread,
/// and the C code will set / get the values here.
#[repr(C)]
#[derive(Debug, Default)]
pub struct NvCounterStorage {
pub storage: Vec<u32>,
}
impl NvCounterStorage {
pub fn new() -> Self {
let count = if cfg!(feature = "multiimage") {
2
} else {
1
};
Self {
storage: vec![0; count]
}
}
}
thread_local! {
pub static THREAD_CTX: RefCell<FlashContext> = RefCell::new(FlashContext::new());
pub static SIM_CTX: RefCell<CSimContextPtr> = RefCell::new(CSimContextPtr::new());
pub static RAM_CTX: RefCell<BootsimRamInfo> = RefCell::new(BootsimRamInfo::default());
pub static NV_COUNTER_CTX: RefCell<NvCounterStorage> = RefCell::new(NvCounterStorage::new());
}
/// Set the flash device to be used by the simulation. The pointer is unsafely stashed away.
///
/// # Safety
///
/// This uses mem::transmute to stash a Rust pointer into a C value to
/// retrieve later. It should be safe to use this.
pub fn set_flash(dev_id: u8, dev: &mut dyn Flash) {
THREAD_CTX.with(|ctx| {
ctx.borrow_mut().flash_params.insert(dev_id, FlashParamsStruct {
align: dev.align() as u32,
erased_val: dev.erased_val(),
});
unsafe {
let dev: &'static mut dyn Flash = mem::transmute(dev);
ctx.borrow_mut().flash_map.insert(
dev_id, FlashPtr{ptr: dev as *mut dyn Flash});
}
});
}
pub fn clear_flash(dev_id: u8) {
THREAD_CTX.with(|ctx| {
ctx.borrow_mut().flash_map.remove(&dev_id);
});
}
// This isn't meant to call directly, but by a wrapper.
#[no_mangle]
pub extern "C" fn sim_get_flash_areas() -> *const CAreaDesc {
THREAD_CTX.with(|ctx| {
ctx.borrow().flash_areas.ptr
})
}
#[no_mangle]
pub extern "C" fn sim_set_flash_areas(areas: *const CAreaDesc) {
THREAD_CTX.with(|ctx| {
ctx.borrow_mut().flash_areas.ptr = areas;
});
}
#[no_mangle]
pub extern "C" fn sim_reset_flash_areas() {
THREAD_CTX.with(|ctx| {
ctx.borrow_mut().flash_areas.ptr = ptr::null();
});
}
#[no_mangle]
pub extern "C" fn sim_get_context() -> *const CSimContext {
SIM_CTX.with(|ctx| {
ctx.borrow().ptr
})
}
#[no_mangle]
pub extern "C" fn sim_set_context(ptr: *const CSimContext) {
SIM_CTX.with(|ctx| {
ctx.borrow_mut().ptr = ptr;
});
}
#[no_mangle]
pub extern "C" fn sim_reset_context() {
SIM_CTX.with(|ctx| {
ctx.borrow_mut().ptr = ptr::null();
});
}
#[no_mangle]
pub extern "C" fn bootsim_get_ram_info() -> *const BootsimRamInfo {
RAM_CTX.with(|ctx| {
if ctx.borrow().base == 0 {
// Option is messier to get a pointer out of, so just check if the base has been set to
// anything.
panic!("ram info not set, but being used");
}
ctx.as_ptr()
})
}
/// Store a copy of this RAM info.
pub fn set_ram_info(info: BootsimRamInfo) {
RAM_CTX.with(|ctx| {
ctx.replace(info);
});
}
/// Clear out the ram info.
pub fn clear_ram_info() {
RAM_CTX.with(|ctx| {
ctx.borrow_mut().base = 0;
});
}
#[no_mangle]
pub extern "C" fn sim_flash_erase(dev_id: u8, offset: u32, size: u32) -> libc::c_int {
let mut rc: libc::c_int = -19;
THREAD_CTX.with(|ctx| {
if let Some(flash) = ctx.borrow().flash_map.get(&dev_id) {
let dev = unsafe { &mut *(flash.ptr) };
rc = map_err(dev.erase(offset as usize, size as usize));
}
});
rc
}
#[no_mangle]
pub extern "C" fn sim_flash_read(dev_id: u8, offset: u32, dest: *mut u8, size: u32) -> libc::c_int {
let mut rc: libc::c_int = -19;
THREAD_CTX.with(|ctx| {
if let Some(flash) = ctx.borrow().flash_map.get(&dev_id) {
let mut buf: &mut[u8] = unsafe { slice::from_raw_parts_mut(dest, size as usize) };
let dev = unsafe { &mut *(flash.ptr) };
rc = map_err(dev.read(offset as usize, &mut buf));
}
});
rc
}
#[no_mangle]
pub extern "C" fn sim_flash_write(dev_id: u8, offset: u32, src: *const u8, size: u32) -> libc::c_int {
let mut rc: libc::c_int = -19;
THREAD_CTX.with(|ctx| {
if let Some(flash) = ctx.borrow().flash_map.get(&dev_id) {
let buf: &[u8] = unsafe { slice::from_raw_parts(src, size as usize) };
let dev = unsafe { &mut *(flash.ptr) };
rc = map_err(dev.write(offset as usize, &buf));
}
});
rc
}
#[no_mangle]
pub extern "C" fn sim_flash_align(id: u8) -> u32 {
THREAD_CTX.with(|ctx| {
ctx.borrow().flash_params.get(&id).unwrap().align
})
}
#[no_mangle]
pub extern "C" fn sim_flash_erased_val(id: u8) -> u8 {
THREAD_CTX.with(|ctx| {
ctx.borrow().flash_params.get(&id).unwrap().erased_val
})
}
fn map_err(err: Result<()>) -> libc::c_int {
match err {
Ok(()) => 0,
Err(e) => {
warn!("{}", e);
-1
},
}
}
/// Called by C code to determine if we should log at this level. Levels are defined in
/// bootutil/bootutil_log.h. This makes the logging from the C code controlled by bootsim::api, so
/// for example, it can be enabled with something like:
/// RUST_LOG=bootsim::api=info cargo run --release runall
/// or
/// RUST_LOG=bootsim=info cargo run --release runall
#[no_mangle]
pub extern "C" fn sim_log_enabled(level: libc::c_int) -> libc::c_int {
let res = match level {
1 => log_enabled!(Level::Error),
2 => log_enabled!(Level::Warn),
3 => log_enabled!(Level::Info),
4 => log_enabled!(Level::Debug),
5 => log_enabled!(Level::Trace), // log level == SIM
_ => false,
};
if res {
1
} else {
0
}
}
#[no_mangle]
pub extern "C" fn sim_set_nv_counter_for_image(image_index: u32, security_counter_value: u32) -> libc::c_int {
let mut rc = 0;
NV_COUNTER_CTX.with(|ctx| {
let mut counter_storage = ctx.borrow_mut();
if image_index as usize >= counter_storage.storage.len() {
rc = -1;
return;
}
if counter_storage.storage[image_index as usize] > security_counter_value {
rc = -2;
warn!("Failed to set security counter value ({}) for image index {}", security_counter_value, image_index);
return;
}
counter_storage.storage[image_index as usize] = security_counter_value;
});
return rc;
}
#[no_mangle]
pub extern "C" fn sim_get_nv_counter_for_image(image_index: u32, security_counter_value: *mut u32) -> libc::c_int {
let mut rc = 0;
NV_COUNTER_CTX.with(|ctx| {
let counter_storage = ctx.borrow();
if image_index as usize >= counter_storage.storage.len() {
rc = -1;
return;
}
unsafe { *security_counter_value = counter_storage.storage[image_index as usize] };
});
return rc;
}

210
bootloader/mcuboot/sim/mcuboot-sys/src/area.rs Normal file
View File

@@ -0,0 +1,210 @@
// Copyright (c) 2017-2021 Linaro LTD
// Copyright (c) 2018-2019 JUUL Labs
// Copyright (c) 2019 Arm Limited
//
// SPDX-License-Identifier: Apache-2.0
//! Describe flash areas.
use simflash::{Flash, SimFlash, Sector};
use std::ptr;
use std::collections::HashMap;
use std::borrow::BorrowMut;
/// Structure to build up the boot area table.
#[derive(Debug, Default, Clone)]
pub struct AreaDesc {
areas: Vec<Vec<FlashArea>>,
whole: Vec<FlashArea>,
sectors: HashMap<u8, Vec<Sector>>,
}
impl AreaDesc {
pub fn new() -> AreaDesc {
AreaDesc {
areas: vec![],
whole: vec![],
sectors: HashMap::new(),
}
}
pub fn add_flash_sectors(&mut self, id: u8, flash: &SimFlash) {
self.sectors.insert(id, flash.sector_iter().collect());
}
/// Add a slot to the image. The slot must align with erasable units in the flash device.
/// Panics if the description is not valid. There are also bootloader assumptions that the
/// slots are PRIMARY_SLOT, SECONDARY_SLOT, and SCRATCH in that order.
pub fn add_image(&mut self, base: usize, len: usize, id: FlashId, dev_id: u8) {
let nid = id as usize;
let orig_base = base;
let orig_len = len;
let mut base = base;
let mut len = len;
while nid > self.areas.len() {
self.areas.push(vec![]);
self.whole.push(Default::default());
}
if nid != self.areas.len() {
panic!("Flash areas not added in order");
}
let mut area = vec![];
for sector in &self.sectors[&dev_id] {
if len == 0 {
break;
};
if base > sector.base + sector.size - 1 {
continue;
}
if sector.base != base {
panic!("Image does not start on a sector boundary");
}
area.push(FlashArea {
flash_id: id,
device_id: dev_id,
pad16: 0,
off: sector.base as u32,
size: sector.size as u32,
});
base += sector.size;
len -= sector.size;
}
if len != 0 {
panic!("Image goes past end of device");
}
self.areas.push(area);
self.whole.push(FlashArea {
flash_id: id,
device_id: dev_id,
pad16: 0,
off: orig_base as u32,
size: orig_len as u32,
});
}
// Add a simple slot to the image. This ignores the device layout, and just adds the area as a
// single unit. It assumes that the image lines up with image boundaries. This tests
// configurations where the partition table uses larger sectors than the underlying flash
// device.
pub fn add_simple_image(&mut self, base: usize, len: usize, id: FlashId, dev_id: u8) {
let area = vec![FlashArea {
flash_id: id,
device_id: dev_id,
pad16: 0,
off: base as u32,
size: len as u32,
}];
self.areas.push(area);
self.whole.push(FlashArea {
flash_id: id,
device_id: dev_id,
pad16: 0,
off: base as u32,
size: len as u32,
});
}
// Look for the image with the given ID, and return its offset, size and
// device id. Returns None if the area is not present.
pub fn find(&self, id: FlashId) -> Option<(usize, usize, u8)> {
for area in &self.whole {
// FIXME: should we ensure id is not duplicated over multiple devices?
if area.flash_id == id {
return Some((area.off as usize, area.size as usize, area.device_id));
}
}
None
}
pub fn get_c(&self) -> Box<CAreaDesc> {
let mut areas_box: Box<CAreaDesc> = Box::new(Default::default());
let areas: &mut CAreaDesc = areas_box.borrow_mut();
assert_eq!(self.areas.len(), self.whole.len());
for (i, area) in self.areas.iter().enumerate() {
if !area.is_empty() {
areas.slots[i].areas = &area[0];
areas.slots[i].whole = self.whole[i].clone();
areas.slots[i].num_areas = area.len() as u32;
areas.slots[i].id = area[0].flash_id;
}
}
areas.num_slots = self.areas.len() as u32;
areas_box
}
/// Return an iterator over all `FlashArea`s present.
pub fn iter_areas(&self) -> impl Iterator<Item = &FlashArea> {
self.whole.iter()
}
}
/// The area descriptor, C format.
#[repr(C)]
#[derive(Debug, Default)]
pub struct CAreaDesc {
slots: [CArea; 16],
num_slots: u32,
}
#[repr(C)]
#[derive(Debug)]
pub struct CArea {
whole: FlashArea,
areas: *const FlashArea,
num_areas: u32,
// FIXME: is this not already available on whole/areas?
id: FlashId,
}
impl Default for CArea {
fn default() -> CArea {
CArea {
areas: ptr::null(),
whole: Default::default(),
id: FlashId::BootLoader,
num_areas: 0,
}
}
}
/// Flash area map.
#[repr(u8)]
#[derive(Copy, Clone, Debug, Eq, PartialEq)]
#[allow(dead_code)]
pub enum FlashId {
BootLoader = 0,
Image0 = 1,
Image1 = 2,
ImageScratch = 3,
Image2 = 4,
Image3 = 5,
}
impl Default for FlashId {
fn default() -> FlashId {
FlashId::BootLoader
}
}
#[repr(C)]
#[derive(Debug, Clone, Default)]
pub struct FlashArea {
pub flash_id: FlashId,
pub device_id: u8,
pad16: u16,
pub off: u32,
pub size: u32,
}

226
bootloader/mcuboot/sim/mcuboot-sys/src/c.rs Normal file
View File

@@ -0,0 +1,226 @@
// Copyright (c) 2017-2021 Linaro LTD
// Copyright (c) 2017-2019 JUUL Labs
// Copyright (c) 2019-2023 Arm Limited
//
// SPDX-License-Identifier: Apache-2.0
//! Interface wrappers to C API entering to the bootloader
use crate::area::AreaDesc;
use simflash::SimMultiFlash;
use crate::api;
#[allow(unused)]
use std::sync::Once;
use std::borrow::Borrow;
/// The result of an invocation of `boot_go`. This is intentionally opaque so that we can provide
/// accessors for everything we need from this.
#[derive(Debug)]
pub enum BootGoResult {
/// This run was stopped by the flash simulation mechanism.
Stopped,
/// The bootloader ran to completion with the following data.
Normal {
result: i32,
asserts: u8,
resp: api::BootRsp,
},
}
impl BootGoResult {
/// Was this run interrupted.
pub fn interrupted(&self) -> bool {
matches!(self, BootGoResult::Stopped)
}
/// Was this boot run successful (returned 0)
pub fn success(&self) -> bool {
matches!(self, BootGoResult::Normal { result: 0, .. })
}
/// Success, but also no asserts.
pub fn success_no_asserts(&self) -> bool {
matches!(self, BootGoResult::Normal {
result: 0,
asserts: 0,
..
})
}
/// Get the asserts count. An interrupted run will be considered to have no asserts.
pub fn asserts(&self) -> u8 {
match self {
BootGoResult::Normal { asserts, .. } => *asserts,
_ => 0,
}
}
/// Retrieve the 'resp' field that is filled in.
pub fn resp(&self) -> Option<&api::BootRsp> {
match self {
BootGoResult::Normal { resp, .. } => Some(resp),
_ => None,
}
}
}
/// Invoke the bootloader on this flash device.
pub fn boot_go(multiflash: &mut SimMultiFlash, areadesc: &AreaDesc,
counter: Option<&mut i32>, image_index: Option<i32>,
catch_asserts: bool) -> BootGoResult {
init_crypto();
for (&dev_id, flash) in multiflash.iter_mut() {
api::set_flash(dev_id, flash);
}
let mut sim_ctx = api::CSimContext {
flash_counter: match counter {
None => 0,
Some(ref c) => **c as libc::c_int
},
c_catch_asserts: if catch_asserts { 1 } else { 0 },
.. Default::default()
};
let mut rsp = api::BootRsp {
br_hdr: std::ptr::null(),
flash_dev_id: 0,
image_off: 0,
};
let result: i32 = unsafe {
let adesc = areadesc.get_c();
match image_index {
None => raw::invoke_boot_go(&mut sim_ctx as *mut _,
adesc.borrow() as *const _,
&mut rsp as *mut _, -1) as i32,
Some(i) => raw::invoke_boot_go(&mut sim_ctx as *mut _,
adesc.borrow() as *const _,
&mut rsp as *mut _,
i as i32) as i32
}
};
let asserts = sim_ctx.c_asserts;
if let Some(c) = counter {
*c = sim_ctx.flash_counter;
}
for &dev_id in multiflash.keys() {
api::clear_flash(dev_id);
}
if result == -0x13579 {
BootGoResult::Stopped
} else {
BootGoResult::Normal { result, asserts, resp: rsp }
}
}
pub fn boot_trailer_sz(align: u32) -> u32 {
unsafe { raw::boot_trailer_sz(align) }
}
pub fn boot_status_sz(align: u32) -> u32 {
unsafe { raw::boot_status_sz(align) }
}
pub fn boot_magic_sz() -> usize {
unsafe { raw::boot_magic_sz() as usize }
}
pub fn boot_max_align() -> usize {
unsafe { raw::boot_max_align() as usize }
}
pub fn rsa_oaep_encrypt(pubkey: &[u8], seckey: &[u8]) -> Result<[u8; 256], &'static str> {
unsafe {
let mut encbuf: [u8; 256] = [0; 256];
if raw::rsa_oaep_encrypt_(pubkey.as_ptr(), pubkey.len() as u32,
seckey.as_ptr(), seckey.len() as u32,
encbuf.as_mut_ptr()) == 0 {
return Ok(encbuf);
}
Err("Failed to encrypt buffer")
}
}
pub fn kw_encrypt(kek: &[u8], seckey: &[u8], keylen: u32) -> Result<Vec<u8>, &'static str> {
unsafe {
let mut encbuf = vec![0u8; 24];
if keylen == 32 {
encbuf = vec![0u8; 40];
}
if raw::kw_encrypt_(kek.as_ptr(), seckey.as_ptr(), encbuf.as_mut_ptr()) == 0 {
return Ok(encbuf);
}
Err("Failed to encrypt buffer")
}
}
pub fn set_security_counter(image_index: u32, security_counter_value: u32) {
api::sim_set_nv_counter_for_image(image_index, security_counter_value);
}
pub fn get_security_counter(image_index: u32) -> u32 {
let mut counter_val: u32 = 0;
api::sim_get_nv_counter_for_image(image_index, &mut counter_val as *mut u32);
return counter_val;
}
mod raw {
use crate::area::CAreaDesc;
use crate::api::{BootRsp, CSimContext};
extern "C" {
// This generates a warning about `CAreaDesc` not being foreign safe. There doesn't appear to
// be any way to get rid of this warning. See https://github.com/rust-lang/rust/issues/34798
// for information and tracking.
pub fn invoke_boot_go(sim_ctx: *mut CSimContext, areadesc: *const CAreaDesc,
rsp: *mut BootRsp, image_index: libc::c_int) -> libc::c_int;
pub fn boot_trailer_sz(min_write_sz: u32) -> u32;
pub fn boot_status_sz(min_write_sz: u32) -> u32;
pub fn boot_magic_sz() -> u32;
pub fn boot_max_align() -> u32;
pub fn rsa_oaep_encrypt_(pubkey: *const u8, pubkey_len: libc::c_uint,
seckey: *const u8, seckey_len: libc::c_uint,
encbuf: *mut u8) -> libc::c_int;
pub fn kw_encrypt_(kek: *const u8, seckey: *const u8,
encbuf: *mut u8) -> libc::c_int;
#[allow(unused)]
pub fn psa_crypto_init() -> u32;
#[allow(unused)]
pub fn mbedtls_test_enable_insecure_external_rng();
}
}
#[allow(unused)]
static PSA_INIT_SYNC: Once = Once::new();
#[allow(unused)]
static MBEDTLS_EXTERNAL_RNG_ENABLE_SYNC: Once = Once::new();
#[cfg(feature = "psa-crypto-api")]
fn init_crypto() {
PSA_INIT_SYNC.call_once(|| {
assert_eq!(unsafe { raw::psa_crypto_init() }, 0);
});
/* The PSA APIs require properly initialisation of the entropy subsystem
* The configuration adds the option MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG when the
* psa-crypto-api feature is enabled. As a result the tests use the implementation
* of the test external rng that needs to be initialised before being able to use it
*/
MBEDTLS_EXTERNAL_RNG_ENABLE_SYNC.call_once(|| {
unsafe { raw::mbedtls_test_enable_insecure_external_rng() }
});
}
#[cfg(not(feature = "psa-crypto-api"))]
fn init_crypto() {
// When the feature is not enabled, the init is just empty
}

52
bootloader/mcuboot/sim/mcuboot-sys/src/lib.rs Normal file
View File

@@ -0,0 +1,52 @@
// Copyright (c) 2017-2019 Linaro LTD
//
// SPDX-License-Identifier: Apache-2.0
mod area;
pub mod c;
// The API needs to be public, even though it isn't intended to be called by Rust code, but the
// functions are exported to C code.
pub mod api;
pub use crate::area::{AreaDesc, FlashId};
/// For testing the ram load feature, we need to emulate a block of RAM and be able to pass that
/// down to the C code. The call down to boot_go should go through this object so that the buffer
/// itself is managed properly.
pub struct RamBlock {
ram: Vec<u8>,
offset: u32, // 32-bit offset.
}
impl RamBlock {
pub fn new(size: u32, offset: u32) -> RamBlock {
RamBlock {
ram: vec![0; size as usize],
offset: offset,
}
}
/// Borrow the RAM buffer, with 'offset' being the beginning of the buffer.
pub fn borrow(&self) -> &[u8] {
&self.ram
}
/// Borrow a piece of the ram, with 'offset' being the beginning of the buffer.
pub fn borrow_part(&self, base: usize, size: usize) -> &[u8] {
&self.ram[base..base+size]
}
pub fn invoke<F, R>(&self, act: F) -> R
where F: FnOnce() -> R
{
api::set_ram_info(api::BootsimRamInfo {
start: self.offset,
size: self.ram.len() as u32,
base: &self.ram[0] as *const u8 as usize - self.offset as usize,
});
let result = act();
api::clear_ram_info();
result
}
}