WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixed unused warning fixes and missing errno.h in keygen.c. Update tools/keytools Makefile to build keygen. Cleanup to support using C version of "sign" and "keygen" after "make keytools".

iar
David Garske 2020-04-07 07:34:44 -07:00 committed by Daniele Lacamera
parent 5c6649244c
commit 3f1a18f8a9
5 changed files with 41 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -57,6 +57,7 @@ src/rsa4096_pub_key.c
# keygen binaries # keygen binaries
tools/keytools/sign tools/keytools/sign
tools/keytools/keygen
# Vim swap files # Vim swap files
.*.swp .*.swp

17
Makefile
View File

@ -217,29 +217,22 @@ standalone:
include tools/test.mk include tools/test.mk
ed25519.der: ed25519.der:
@python3 tools/keytools/keygen.py $(KEYGEN_OPTIONS) src/ed25519_pub_key.c @$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ed25519_pub_key.c
ecc256.der: ecc256.der:
@python3 tools/keytools/keygen.py $(KEYGEN_OPTIONS) src/ecc256_pub_key.c @$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ecc256_pub_key.c
rsa2048.der: rsa2048.der:
@python3 tools/keytools/keygen.py $(KEYGEN_OPTIONS) src/rsa2048_pub_key.c @$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/rsa2048_pub_key.c
rsa4096.der: rsa4096.der:
@python3 tools/keytools/keygen.py $(KEYGEN_OPTIONS) src/rsa4096_pub_key.c @$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/rsa4096_pub_key.c
keytools: keytools:
@make -C tools/keytools @make -C tools/keytools
factory.bin: $(BOOT_IMG) wolfboot-align.bin $(PRIVATE_KEY) factory.bin: $(BOOT_IMG) wolfboot-align.bin $(PRIVATE_KEY)
@echo "\t[SIGN] $(BOOT_IMG)" @echo "\t[SIGN] $(BOOT_IMG)"
ifneq ("$(wildcard ./tools/keytools/sign)","") $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 1
@echo "\n./tools/keytools/sign $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 1"
$(Q)./tools/keytools/sign $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 1
else
@echo "\npython3 tools/keytools/sign.py $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 1"
$(Q)python3 tools/keytools/sign.py $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 1
endif
@echo "\t[MERGE] $@" @echo "\t[MERGE] $@"
@cat wolfboot-align.bin test-app/image_v1_signed.bin > $@ @cat wolfboot-align.bin test-app/image_v1_signed.bin > $@

20
tools/keytools/Makefile
View File

@ -1,6 +1,5 @@
# wolfBoot Signing Tool # wolfBoot KeyGen and Signing Tool
TARGET = sign
CC = gcc CC = gcc
WOLFDIR = ../../lib/wolfssl/ WOLFDIR = ../../lib/wolfssl/
CFLAGS = -Wall -I. -DWOLFSSL_USER_SETTINGS -I$(WOLFDIR) CFLAGS = -Wall -I. -DWOLFSSL_USER_SETTINGS -I$(WOLFDIR)
@ -14,8 +13,7 @@ OPTIMIZE = -Os
CFLAGS+=$(OPTIMIZE) CFLAGS+=$(OPTIMIZE)
# Sources # Sources
SRC=sign.c \ SRC=$(WOLFDIR)wolfcrypt/src/asn.c \
$(WOLFDIR)wolfcrypt/src/asn.c \
$(WOLFDIR)wolfcrypt/src/ecc.c \ $(WOLFDIR)wolfcrypt/src/ecc.c \
$(WOLFDIR)wolfcrypt/src/coding.c \ $(WOLFDIR)wolfcrypt/src/coding.c \
$(WOLFDIR)wolfcrypt/src/ed25519.c \ $(WOLFDIR)wolfcrypt/src/ed25519.c \
@ -38,15 +36,19 @@ SRC=sign.c \
.PHONY: clean all .PHONY: clean all
all: $(TARGET) all: sign keygen
debug: CFLAGS+=$(DEBUG_FLAGS) debug: CFLAGS+=$(DEBUG_FLAGS)
debug: all debug: all
# build template # build template
$(TARGET): sign:
@echo "Building C signing tool" @echo "Building signing tool"
@$(CC) -o $(TARGET) $(SRC) $< $(CFLAGS) @$(CC) -o $@ $@.c $(SRC) $< $(CFLAGS)
keygen:
@echo "Building keygen tool"
@$(CC) -o $@ $@.c $(SRC) $< $(CFLAGS)
clean: clean:
rm -f $(TARGET) rm -f sign keygen

4
tools/keytools/keygen.c
View File

@ -51,6 +51,7 @@
#include <limits.h> #include <limits.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
#include <errno.h>
#ifdef _WIN32 #ifdef _WIN32
#define PATH_MAX 256 #define PATH_MAX 256
@ -158,9 +159,7 @@ static void keygen_ecc256(WC_RNG *rng, char *pubkfile)
uint32_t qxsize = ECC256_KEY_SIZE, uint32_t qxsize = ECC256_KEY_SIZE,
qysize = ECC256_KEY_SIZE, qysize = ECC256_KEY_SIZE,
dsize = ECC256_KEY_SIZE; dsize = ECC256_KEY_SIZE;
uint8_t priv_der[ECC256_KEY_SIZE * 4];
FILE *fpriv, *fpub; FILE *fpriv, *fpub;
uint32_t outsize = ECC256_KEY_SIZE * 4;
char priv_fname[20] = ""; char priv_fname[20] = "";
@ -250,7 +249,6 @@ static void keygen_ed25519(WC_RNG *rng, char *pubkfile)
int main(int argc, char** argv) int main(int argc, char** argv)
{ {
int ret = 0;
int i; int i;
int force = 0; int force = 0;
int keytype; int keytype;

35
tools/test.mk
View File

@ -2,31 +2,42 @@ TEST_UPDATE_VERSION?=2
WOLFBOOT_VERSION?=0 WOLFBOOT_VERSION?=0
EXPVER=tools/test-expect-version/test-expect-version EXPVER=tools/test-expect-version/test-expect-version
SPI_CHIP=SST25VF080B SPI_CHIP=SST25VF080B
SIGN_TOOL=/bin/false
SPI_OPTIONS=SPI_FLASH=1 WOLFBOOT_PARTITION_SIZE=0x80000 WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x00000 WOLFBOOT_PARTITION_SWAP_ADDRESS=0x80000 SPI_OPTIONS=SPI_FLASH=1 WOLFBOOT_PARTITION_SIZE=0x80000 WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x00000 WOLFBOOT_PARTITION_SWAP_ADDRESS=0x80000
SIGN_ARGS=
ifneq ("$(wildcard ./tools/keytools/keygen)","")
KEYGEN_TOOL=./tools/keytools/keygen
else
KEYGEN_TOOL=python3 ./tools/keytools/keygen.py
endif
ifneq ("$(wildcard ./tools/keytools/sign)","")
SIGN_TOOL=./tools/keytools/sign
else
SIGN_TOOL=python3 ./tools/keytools/sign.py
endif
ifeq ($(SIGN),ED25519) ifeq ($(SIGN),ED25519)
SIGN_TOOL=tools/keytools/sign.py --ed25519 SIGN_ARGS+= --ed25519
endif endif
ifeq ($(SIGN),ECC256) ifeq ($(SIGN),ECC256)
SIGN_TOOL=tools/keytools/sign.py --ecc256 SIGN_ARGS+= --ecc256
endif endif
ifeq ($(SIGN),RSA2048) ifeq ($(SIGN),RSA2048)
SIGN_TOOL=tools/keytools/sign.py --rsa2048 SIGN_ARGS+= --rsa2048
endif endif
ifeq ($(SIGN),RSA4096) ifeq ($(SIGN),RSA4096)
SIGN_TOOL=tools/keytools/sign.py --rsa4096 SIGN_ARGS+= --rsa4096
endif endif
ifeq ($(HASH),SHA256) ifeq ($(HASH),SHA256)
SIGN_TOOL+= --sha256 SIGN_ARGS+= --sha256
endif endif
ifeq ($(HASH),SHA3) ifeq ($(HASH),SHA3)
SIGN_TOOL+= --sha3 SIGN_ARGS+= --sha3
endif endif
$(EXPVER): $(EXPVER):
@ -86,7 +97,7 @@ test-tpm-on: FORCE
test-update: test-app/image.bin FORCE test-update: test-app/image.bin FORCE
@dd if=/dev/zero bs=131067 count=1 2>/dev/null | tr "\000" "\377" > test-update.bin @dd if=/dev/zero bs=131067 count=1 2>/dev/null | tr "\000" "\377" > test-update.bin
@python3 $(SIGN_TOOL) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
@dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.bin bs=1 conv=notrunc @dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.bin bs=1 conv=notrunc
@printf "pBOOT" >> test-update.bin @printf "pBOOT" >> test-update.bin
@make test-reset @make test-reset
@ -100,12 +111,12 @@ test-self-update: wolfboot.bin test-app/image.bin FORCE
@make clean @make clean
@rm src/*_pub_key.c @rm src/*_pub_key.c
@make factory.bin RAM_CODE=1 WOLFBOOT_VERSION=$(WOLFBOOT_VERSION) SIGN=$(SIGN) @make factory.bin RAM_CODE=1 WOLFBOOT_VERSION=$(WOLFBOOT_VERSION) SIGN=$(SIGN)
@python3 $(SIGN_TOOL) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
@st-flash --reset write test-app/image_v2_signed.bin 0x08020000 || \ @st-flash --reset write test-app/image_v2_signed.bin 0x08020000 || \
(make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) || \ (make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) || \
(make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) (make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000)
@dd if=/dev/zero bs=131067 count=1 2>/dev/null | tr "\000" "\377" > test-self-update.bin @dd if=/dev/zero bs=131067 count=1 2>/dev/null | tr "\000" "\377" > test-self-update.bin
@python3 $(SIGN_TOOL) --wolfboot-update wolfboot.bin private_key.old $(WOLFBOOT_VERSION) @$(SIGN_TOOL) $(SIGN_ARGS) --wolfboot-update wolfboot.bin private_key.old $(WOLFBOOT_VERSION)
@dd if=wolfboot_v$(WOLFBOOT_VERSION)_signed.bin of=test-self-update.bin bs=1 conv=notrunc @dd if=wolfboot_v$(WOLFBOOT_VERSION)_signed.bin of=test-self-update.bin bs=1 conv=notrunc
@printf "pBOOT" >> test-self-update.bin @printf "pBOOT" >> test-self-update.bin
@st-flash --reset write test-self-update.bin 0x08040000 || \ @st-flash --reset write test-self-update.bin 0x08040000 || \
@ -113,7 +124,7 @@ test-self-update: wolfboot.bin test-app/image.bin FORCE
(make test-reset && sleep 1 && st-flash --reset write test-self-update.bin 0x08040000) (make test-reset && sleep 1 && st-flash --reset write test-self-update.bin 0x08040000)
test-update-ext: test-app/image.bin FORCE test-update-ext: test-app/image.bin FORCE
@python3 $(SIGN_TOOL) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
@(dd if=/dev/zero bs=1M count=1 | tr '\000' '\377' > test-update.rom) @(dd if=/dev/zero bs=1M count=1 | tr '\000' '\377' > test-update.rom)
@dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.rom bs=1 count=524283 conv=notrunc @dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.rom bs=1 count=524283 conv=notrunc
@printf "pBOOT" | dd of=test-update.rom obs=1 seek=524283 count=5 conv=notrunc @printf "pBOOT" | dd of=test-update.rom obs=1 seek=524283 count=5 conv=notrunc