Fixes for IAR. Switch to new `src/keystore.c` for keys. Fixes for building keytools in Visual Studio.

IDE/IAR/generate_key.bat

@@ -1,2 +1,4 @@
-keytools\keygen.exe --ecc256 ..\..\src\ecc256_pub_key.c
-move ecc256.der ..\..\
+cd ..\..
+REM Build the src/keystore.c
+IDE\IAR\keytools\keygen.exe --ecc256 -g wolfboot_signing_private_key.der
+cd IDE\IAR

IDE/IAR/keys/ecc256.der

@@ -1 +0,0 @@
-úw®ÆJ>ß‘`+.ƒl‘Œ]Â)|¸‘êZàŽ6@i<>áÜöDÙIIUFG·ƒ4/›#+„g	?üÎU3dËè*›¢³—„júKó1Ô·Þ´[”ô8à/Ér÷<72>}Ñ©ÈÂ

IDE/IAR/keys/ecc256_pub_key.c

@@ -1,20 +0,0 @@
-/*
- * This file has been generated and contains the public key which is
- * used by wolfBoot to verify the updates.
- */
-#include <stdint.h>
-
-#warning "USING PRE-GENERATED EXAMPLE ECC KEY -- BOOTLOADER IS NOT SECURE!"
-
-
-const uint8_t ecc256_pub_key[64] = {
-	0xFA, 0x77, 0xAE, 0xC6, 0x4A, 0x3E, 0xDF, 0x91, 
-0x60, 0x2B, 0x2E, 0x83, 0x12, 0x0C, 0x6C, 0x91, 
-0x8C, 0x5D, 0xC2, 0x29, 0x7C, 0xB8, 0x91, 0xEA, 
-0x5A, 0x12, 0xE0, 0x8E, 0x36, 0x40, 0x69, 0x8D, 
-0xE1, 0xDC, 0xF6, 0x44, 0x7F, 0xD9, 0x16, 0x49, 
-0x49, 0x55, 0x1F, 0x46, 0x47, 0xB7, 0x83, 0x34, 
-0x04, 0x2F, 0x9B, 0x23, 0x2B, 0x84, 0x67, 0x09, 
-0x3F, 0xFC, 0xCE, 0x55, 0x33, 0x64, 0xCB, 0xE8
-};
-const uint32_t ecc256_pub_key_len = 64;

IDE/IAR/wolfboot.ewp

@@ -2198,10 +2198,10 @@
             <name>$PROJ_DIR$\..\..\src\boot_arm.c</name>
         </file>
         <file>
-            <name>$PROJ_DIR$\keys\ecc256_pub_key.c</name>
+            <name>$PROJ_DIR$\..\..\src\image.c</name>
         </file>
         <file>
-            <name>$PROJ_DIR$\..\..\src\image.c</name>
+            <name>$PROJ_DIR$\..\..\src\keystore.c</name>
         </file>
         <file>
             <name>$PROJ_DIR$\..\..\src\libwolfboot.c</name>

include/image.h

@@ -526,7 +526,7 @@ static void wolfBoot_image_confirm_signature_ok(struct wolfBoot_image *img)
     if ((mask & (1UL << id)) != (1UL << id)) \
         wolfBoot_panic()
 
-#define VERIFY_VERSION_ALLOWED do{} while(0);
+#define VERIFY_VERSION_ALLOWED(fb_ok) do{} while(0)
 
 #endif
 

src/image.c

@@ -836,8 +836,9 @@ int wolfBoot_get_dts_size(void *dts_addr)
 #ifdef WOLFBOOT_FIXED_PARTITIONS
 int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part)
 {
+#ifdef MMU
     int ret;
-    uint32_t size;
+#endif
     uint8_t *image;
     if (!img)
         return -1;
@@ -867,7 +868,7 @@ int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part)
             return -1;
         img->hdr_ok = 1;
         img->fw_base = img->hdr;
-        img->fw_size = (uint32_t)size;
+        img->fw_size = (uint32_t)ret;
         return 0;
     }
 #endif
@@ -924,7 +925,6 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img)
 #else
 int wolfBoot_verify_authenticity(struct wolfBoot_image *img)
 {
-    int ret;
     uint8_t *stored_signature;
     uint16_t stored_signature_size;
     uint8_t *pubkey_hint;

tools/keytools/Makefile

@@ -11,7 +11,7 @@ CC      = gcc
 WOLFBOOTDIR = ../..
 WOLFDIR = $(WOLFBOOTDIR)/lib/wolfssl/
 CFLAGS  = -Wall -Wextra -Werror
-CFLAGS  += -I. -DWOLFSSL_USER_SETTINGS -I$(WOLFDIR) -I$(WOLFBOOTDIR)/include -DWOLFBOOT_KEYTOOLS -DWOLFSSL_AES_DIRECT -DWOLFSSL_AES_COUNTER
+CFLAGS  += -I. -DWOLFSSL_USER_SETTINGS -I$(WOLFDIR) -I$(WOLFBOOTDIR)/include -DWOLFBOOT_KEYTOOLS
 
 # option variables
 DEBUG_FLAGS     = -g -DDEBUG -DDEBUG_SIGNTOOL -DDEBUG_WOLFSSL -DDEBUG_WOLFSSL_VERBOSE -fsanitize=address

tools/keytools/keygen.c

@@ -36,7 +36,9 @@
 #include <sys/types.h>
 #include <errno.h>
 #include <fcntl.h>
-#include <unistd.h>
+#ifndef _WIN32
+    #include <unistd.h>
+#endif
 
 #include <wolfssl/wolfcrypt/settings.h>
 #ifndef NO_RSA

tools/keytools/sign.c

@@ -254,7 +254,7 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
     fseek(f, 0, SEEK_SET);
     *key_buffer = malloc(*key_buffer_sz);
     if (*key_buffer) {
-        io_sz = fread(*key_buffer, 1, *key_buffer_sz, f);
+        io_sz = (int)fread(*key_buffer, 1, *key_buffer_sz, f);
         if (io_sz != (int)*key_buffer_sz) {
             printf("Key file read error!\n");
             goto failure;
@@ -554,7 +554,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                 read_sz = image_sz - pos;
                 if (read_sz > 32)
                     read_sz = 32;
-                io_sz = fread(buf, 1, read_sz, f);
+                io_sz = (int)fread(buf, 1, read_sz, f);
                 if ((io_sz < 0) && !feof(f)) {
                     ret = -1;
                     break;
@@ -598,7 +598,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                 read_sz = image_sz - pos;
                 if (read_sz > 32)
                     read_sz = 32;
-                io_sz = fread(buf, 1, read_sz, f);
+                io_sz = (int)fread(buf, 1, read_sz, f);
                 if ((io_sz < 0) && !feof(f)) {
                     ret = -1;
                     break;
@@ -644,7 +644,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                 read_sz = image_sz - pos;
                 if (read_sz > 128)
                     read_sz = 128;
-                io_sz = fread(buf, 1, read_sz, f);
+                io_sz = (int)fread(buf, 1, read_sz, f);
                 if ((io_sz < 0) && !feof(f)) {
                     ret = -1;
                     break;
@@ -801,7 +801,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                 printf("Open signature file %s failed\n", CMD.signature_file);
                 goto failure;
             }
-            io_sz = fread(signature, 1, CMD.signature_sz, f);
+            io_sz = (int)fread(signature, 1, CMD.signature_sz, f);
             fclose(f);
             if (io_sz != (int)CMD.signature_sz) {
                 printf("Error reading file %s\n", CMD.signature_file);
@@ -837,7 +837,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
         read_sz = image_sz;
         if (read_sz > sizeof(buf))
             read_sz = sizeof(buf);
-        read_sz = fread(buf, 1, read_sz, f2);
+        read_sz = (uint32_t)fread(buf, 1, read_sz, f2);
         if ((read_sz == 0) && (feof(f2)))
             break;
         fwrite(buf, 1, read_sz, f);
@@ -873,12 +873,12 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                     CMD.encrypt_key_file, strerror(errno));
             exit(1);
         }
-        ret = fread(key, 1, keySz, fek);
+        ret = (int)fread(key, 1, keySz, fek);
         if (ret != keySz) {
             fprintf(stderr, "Error reading key from %s\n", CMD.encrypt_key_file);
             exit(1);
         }
-        ret = fread(iv, 1, ivSz, fek);
+        ret = (int)fread(iv, 1, ivSz, fek);
         if (ret != ivSz) {
             fprintf(stderr, "Error reading IV from %s\n", CMD.encrypt_key_file);
             exit(1);
@@ -904,7 +904,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
             wc_Chacha_SetIV(&cha, iv, 0);
             for (pos = 0; pos < fsize; pos += ENC_BLOCK_SIZE) {
                 int fread_retval;
-                fread_retval = fread(buf, 1, ENC_BLOCK_SIZE, f);
+                fread_retval = (int)fread(buf, 1, ENC_BLOCK_SIZE, f);
                 if ((fread_retval == 0) && feof(f)) {
                     break;
                 }
@@ -917,7 +917,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
             wc_AesSetKeyDirect(&aes_e, key, keySz, iv, AES_ENCRYPTION);
             for (pos = 0; pos < fsize; pos += ENC_BLOCK_SIZE) {
                 int fread_retval;
-                fread_retval = fread(buf, 1, ENC_BLOCK_SIZE, f);
+                fread_retval = (int)fread(buf, 1, ENC_BLOCK_SIZE, f);
                 if ((fread_retval == 0) && feof(f)) {
                     break;
                 }

tools/keytools/user_settings.h

@@ -70,6 +70,10 @@
 /* Chacha stream cipher */
 #define HAVE_CHACHA
 
+/* AES */
+#define WOLFSSL_AES_COUNTER
+#define WOLFSSL_AES_DIRECT
+
 /* Disables */
 #define NO_CMAC
 #define NO_HMAC

tools/keytools/wolfBootKeygenTool.vcxproj

@@ -92,8 +92,8 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;WOLFSSL_USER_SETTINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>..\..\lib\wolfssl;.;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.;../../lib/wolfssl;../../include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -106,8 +106,8 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);WOLFSSL_USER_SETTINGS</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>.;..\..\lib\wolfssl;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.;../../lib/wolfssl;../../include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -122,8 +122,8 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;WOLFSSL_USER_SETTINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>..\..\lib\wolfssl;.;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.;../../lib/wolfssl;../../include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -140,8 +140,8 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions);WOLFSSL_USER_SETTINGS</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>.;..\..\lib\wolfssl;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.;../../lib/wolfssl;../../include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>

tools/keytools/wolfBootSignTool.vcxproj

@@ -92,8 +92,8 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;WOLFSSL_USER_SETTINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>..\..\lib\wolfssl;..\..\include;.;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;DELTA_UPDATES;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>.;../../lib/wolfssl;../../include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -106,8 +106,8 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);WOLFSSL_USER_SETTINGS</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>.;..\..\lib\wolfssl;..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;DELTA_UPDATES;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>.;../../lib/wolfssl;../../include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -122,8 +122,8 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;WOLFSSL_USER_SETTINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>..\..\lib\wolfssl;.;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;DELTA_UPDATES;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>.;../../lib/wolfssl;../../include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -140,8 +140,8 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions);WOLFSSL_USER_SETTINGS</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>.;..\..\lib\wolfssl;..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;DELTA_UPDATES;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>.;../../lib/wolfssl;../../include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -151,6 +151,7 @@
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
+    <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\aes.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\asn.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\chacha.c" />
     <ClCompile Include="..\..\lib\wolfssl\wolfcrypt\src\coding.c" />