WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix for building key tools to make sure target.h exists. Fix key tool warnings.

pull/189/head
David Garske 2021-08-30 12:38:33 -07:00 committed by Daniele Lacamera
parent de330fbe4f
commit cabbb5e556
3 changed files with 91 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
tools/keytools/Makefile
View File

@ -1,9 +1,17 @@
# wolfBoot KeyGen and Signing Tool # wolfBoot KeyGen and Signing Tool
-include ../../.config
V?=0
ifeq ($(V),0)
Q=@
endif
CC = gcc CC = gcc
WOLFDIR = ../../lib/wolfssl/ WOLFBOOTDIR = ../..
WOLFDIR = $(WOLFBOOTDIR)/lib/wolfssl/
CFLAGS = -Wall -Wextra -Werror CFLAGS = -Wall -Wextra -Werror
CFLAGS += -I. -DWOLFSSL_USER_SETTINGS -I$(WOLFDIR) -I../../include CFLAGS += -I. -DWOLFSSL_USER_SETTINGS -I$(WOLFDIR) -I$(WOLFBOOTDIR)/include
# option variables # option variables
DEBUG_FLAGS = -g -DDEBUG -DDEBUG_SIGNTOOL -DDEBUG_WOLFSSL -DDEBUG_WOLFSSL_VERBOSE DEBUG_FLAGS = -g -DDEBUG -DDEBUG_SIGNTOOL -DDEBUG_WOLFSSL -DDEBUG_WOLFSSL_VERBOSE
@ -36,23 +44,37 @@ SRC=$(WOLFDIR)wolfcrypt/src/asn.c \
$(WOLFDIR)wolfcrypt/src/wc_port.c \ $(WOLFDIR)wolfcrypt/src/wc_port.c \
$(WOLFDIR)wolfcrypt/src/wolfmath.c $(WOLFDIR)wolfcrypt/src/wolfmath.c
SRC+=../../src/delta.c SRC+=$(WOLFBOOTDIR)/src/delta.c
.PHONY: clean all .PHONY: clean all
all: sign keygen all: $(WOLFBOOTDIR)/include/target.h sign keygen
debug: CFLAGS+=$(DEBUG_FLAGS) debug: CFLAGS+=$(DEBUG_FLAGS)
debug: all debug: all
# Target.h is required for key tools
$(WOLFBOOTDIR)/include/target.h: $(WOLFBOOTDIR)/include/target.h.in
@cat $(WOLFBOOTDIR)/include/target.h.in | \
sed -e "s/##WOLFBOOT_PARTITION_SIZE##/$(WOLFBOOT_PARTITION_SIZE)/g" | \
sed -e "s/##WOLFBOOT_SECTOR_SIZE##/$(WOLFBOOT_SECTOR_SIZE)/g" | \
sed -e "s/##WOLFBOOT_PARTITION_BOOT_ADDRESS##/$(WOLFBOOT_PARTITION_BOOT_ADDRESS)/g" | \
sed -e "s/##WOLFBOOT_PARTITION_UPDATE_ADDRESS##/$(WOLFBOOT_PARTITION_UPDATE_ADDRESS)/g" | \
sed -e "s/##WOLFBOOT_PARTITION_SWAP_ADDRESS##/$(WOLFBOOT_PARTITION_SWAP_ADDRESS)/g" | \
sed -e "s/##WOLFBOOT_DTS_BOOT_ADDRESS##/$(WOLFBOOT_DTS_BOOT_ADDRESS)/g" | \
sed -e "s/##WOLFBOOT_DTS_UPDATE_ADDRESS##/$(WOLFBOOT_DTS_UPDATE_ADDRESS)/g" | \
sed -e "s/##WOLFBOOT_LOAD_ADDRESS##/$(WOLFBOOT_LOAD_ADDRESS)/g" | \
sed -e "s/##WOLFBOOT_LOAD_DTS_ADDRESS##/$(WOLFBOOT_LOAD_DTS_ADDRESS)/g" \
> $@
# build template # build template
sign: sign:
@echo "Building signing tool" @echo "Building signing tool"
@$(CC) -o $@ $@.c $(SRC) $< $(CFLAGS) $(Q)$(CC) -o $@ $@.c $(SRC) $< $(CFLAGS)
keygen: keygen:
@echo "Building keygen tool" @echo "Building keygen tool"
@$(CC) -o $@ $@.c $(SRC) $< $(CFLAGS) $(Q)$(CC) -o $@ $@.c $(SRC) $< $(CFLAGS)
clean: clean:
rm -f sign keygen rm -f sign keygen

5
tools/keytools/keygen.c
View File

@ -298,12 +298,13 @@ int main(int argc, char** argv)
f = fopen(kfilename, "rb"); f = fopen(kfilename, "rb");
if (!force && (f != NULL)) { if (!force && (f != NULL)) {
char reply[40]; char reply[40];
int replySz;
fclose(f); fclose(f);
printf("** Warning: key file already exist! Are you sure you want to generate a new key and overwrite the existing key? [Type 'Yes, I am sure!']: "); printf("** Warning: key file already exist! Are you sure you want to generate a new key and overwrite the existing key? [Type 'Yes, I am sure!']: ");
fflush(stdout); fflush(stdout);
scanf("%s", reply); replySz = scanf("%s", reply);
printf("Reply is [%s]\n", reply); printf("Reply is [%s]\n", reply);
if (strcmp(reply, "Yes, I am sure!") != 0) { if (replySz < 0 || strcmp(reply, "Yes, I am sure!") != 0) {
printf("Operation aborted by user."); printf("Operation aborted by user.");
exit(5); exit(5);
} }

78
tools/keytools/sign.c
View File

@ -190,6 +190,7 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
{ {
int ret = -1; int ret = -1;
uint32_t idx = 0; uint32_t idx = 0;
int io_sz;
FILE *f; FILE *f;
/* open and load key buffer */ /* open and load key buffer */
@ -203,8 +204,13 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
*key_buffer_sz = ftell(f); *key_buffer_sz = ftell(f);
fseek(f, 0, SEEK_SET); fseek(f, 0, SEEK_SET);
*key_buffer = malloc(*key_buffer_sz); *key_buffer = malloc(*key_buffer_sz);
if (*key_buffer) if (*key_buffer) {
fread(*key_buffer, 1, *key_buffer_sz, f); io_sz = fread(*key_buffer, 1, *key_buffer_sz, f);
if (io_sz != (int)*key_buffer_sz) {
printf("Key file read error!\n");
goto failure;
}
}
fclose(f); fclose(f);
if (*key_buffer == NULL) { if (*key_buffer == NULL) {
printf("Key buffer malloc error!\n"); printf("Key buffer malloc error!\n");
@ -358,6 +364,8 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, cons
uint8_t digest[48]; /* max digest */ uint8_t digest[48]; /* max digest */
uint32_t digest_sz = 0; uint32_t digest_sz = 0;
uint32_t image_sz = 0; uint32_t image_sz = 0;
int io_sz;
header_idx = 0; header_idx = 0;
header = malloc(CMD.header_sz); header = malloc(CMD.header_sz);
if (header == NULL) { if (header == NULL) {
@ -439,7 +447,10 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, cons
read_sz = image_sz - pos; read_sz = image_sz - pos;
if (read_sz > 32) if (read_sz > 32)
read_sz = 32; read_sz = 32;
fread(buf, read_sz, 1, f); io_sz = fread(buf, 1, read_sz, f);
if (io_sz != (int)read_sz) {
ret = -1; break;
}
ret = wc_Sha256Update(&sha, buf, read_sz); ret = wc_Sha256Update(&sha, buf, read_sz);
pos += read_sz; pos += read_sz;
} }
@ -481,7 +492,10 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, cons
read_sz = image_sz - pos; read_sz = image_sz - pos;
if (read_sz > 128) if (read_sz > 128)
read_sz = 128; read_sz = 128;
fread(buf, read_sz, 1, f); io_sz = fread(buf, 1, read_sz, f);
if (io_sz != (int)read_sz) {
ret = -1; break;
}
ret = wc_Sha3_384_Update(&sha, buf, read_sz); ret = wc_Sha3_384_Update(&sha, buf, read_sz);
pos += read_sz; pos += read_sz;
} }
@ -530,7 +544,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, cons
printf("Open output file %s failed\n", outfile); printf("Open output file %s failed\n", outfile);
goto failure; goto failure;
} }
fwrite(digest, digest_sz, 1, f); fwrite(digest, 1, digest_sz, f);
fclose(f); fclose(f);
printf("Digest image %s successfully created.\n", outfile); printf("Digest image %s successfully created.\n", outfile);
exit(0); exit(0);
@ -603,8 +617,12 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, cons
printf("Open signature file %s failed\n", CMD.signature_file); printf("Open signature file %s failed\n", CMD.signature_file);
goto failure; goto failure;
} }
fread(signature, CMD.signature_sz, 1, f); io_sz = fread(signature, 1, CMD.signature_sz, f);
fclose(f); fclose(f);
if (io_sz != (int)CMD.signature_sz) {
printf("Error reading file %s\n", CMD.signature_file);
goto failure;
}
} }
#ifdef DEBUG_SIGNTOOL #ifdef DEBUG_SIGNTOOL
printf("Signature %d\n", CMD.signature_sz); printf("Signature %d\n", CMD.signature_sz);
@ -626,7 +644,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, cons
printf("Open output image file %s failed\n", outfile); printf("Open output image file %s failed\n", outfile);
goto failure; goto failure;
} }
fwrite(header, header_idx, 1, f); fwrite(header, 1, header_idx, f);
/* Copy image to output */ /* Copy image to output */
f2 = fopen(image_file, "rb"); f2 = fopen(image_file, "rb");
pos = 0; pos = 0;
@ -642,8 +660,9 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, cons
} }
if (CMD.encrypt && CMD.encrypt_key_file) { if (CMD.encrypt && CMD.encrypt_key_file) {
uint8_t key[32], iv[12]; uint8_t key[CHACHA_MAX_KEY_SZ], iv[CHACHA_IV_BYTES];
uint8_t enc_buf[ENC_BLOCK_SIZE]; uint8_t enc_buf[ENC_BLOCK_SIZE];
int ivSz, keySz;
uint32_t fsize = 0; uint32_t fsize = 0;
ChaCha cha; ChaCha cha;
#ifndef HAVE_CHACHA #ifndef HAVE_CHACHA
@ -655,9 +674,14 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, cons
fprintf(stderr, "Open encryption key file %s: %s\n", CMD.encrypt_key_file, strerror(errno)); fprintf(stderr, "Open encryption key file %s: %s\n", CMD.encrypt_key_file, strerror(errno));
exit(1); exit(1);
} }
fread(key, 32, 1, fek); keySz = fread(key, 1, sizeof(key), fek);
fread(iv, 12, 1, fek); ivSz = fread(iv, 1, sizeof(iv), fek);
fclose(fek); fclose(fek);
if (keySz != sizeof(key) || ivSz != sizeof(iv)) {
fprintf(stderr, "Error reading key and iv from %s\n", CMD.encrypt_key_file);
exit(1);
}
fef = fopen(CMD.output_encrypted_image_file, "wb"); fef = fopen(CMD.output_encrypted_image_file, "wb");
if (!fef) { if (!fef) {
fprintf(stderr, "Open encrypted output file %s: %s\n", CMD.encrypt_key_file, strerror(errno)); fprintf(stderr, "Open encrypted output file %s: %s\n", CMD.encrypt_key_file, strerror(errno));
@ -665,7 +689,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, cons
fsize = ftell(f); fsize = ftell(f);
fseek(f, 0, SEEK_SET); /* restart the _signed file from 0 */ fseek(f, 0, SEEK_SET); /* restart the _signed file from 0 */
wc_Chacha_SetKey(&cha, key, 32); wc_Chacha_SetKey(&cha, key, sizeof(key));
for (pos = 0; pos < fsize; pos += ENC_BLOCK_SIZE) { for (pos = 0; pos < fsize; pos += ENC_BLOCK_SIZE) {
int fread_retval; int fread_retval;
fread_retval = fread(buf, 1, ENC_BLOCK_SIZE, f); fread_retval = fread(buf, 1, ENC_BLOCK_SIZE, f);
@ -719,6 +743,7 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz)
char *base_ver_p, *base_ver_e; char *base_ver_p, *base_ver_e;
WB_DIFF_CTX diff_ctx; WB_DIFF_CTX diff_ctx;
int ret = -1; int ret = -1;
int io_sz;
/* Get source file size */ /* Get source file size */
if (stat(f_base, &st) < 0) { if (stat(f_base, &st) < 0) {
@ -793,7 +818,10 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz)
goto cleanup; goto cleanup;
} }
lseek(fd3, MAX_SRC_SIZE -1, SEEK_SET); lseek(fd3, MAX_SRC_SIZE -1, SEEK_SET);
write(fd3, &ff, 1); io_sz = write(fd3, &ff, 1);
if (io_sz != 1) {
goto cleanup;
}
lseek(fd3, 0, SEEK_SET); lseek(fd3, 0, SEEK_SET);
len3 = 0; len3 = 0;
@ -805,13 +833,19 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz)
r = wb_diff(&diff_ctx, dest, blksz); r = wb_diff(&diff_ctx, dest, blksz);
if (r < 0) if (r < 0)
goto cleanup; goto cleanup;
write(fd3, dest, r); io_sz = write(fd3, dest, r);
if (io_sz != r) {
goto cleanup;
}
len3 += r; len3 += r;
} while (r > 0); } while (r > 0);
patch_sz = len3; patch_sz = len3;
while ((len3 % 16) != 0) { while ((len3 % 16) != 0) {
uint8_t zero = 0; uint8_t zero = 0;
write(fd3, &zero, 1); io_sz = write(fd3, &zero, 1);
if (io_sz != 1) {
goto cleanup;
}
len3++; len3++;
} }
patch_inv_off = (uint32_t)len3 + CMD.header_sz; patch_inv_off = (uint32_t)len3 + CMD.header_sz;
@ -825,11 +859,17 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz)
r = wb_diff(&diff_ctx, dest, blksz); r = wb_diff(&diff_ctx, dest, blksz);
if (r < 0) if (r < 0)
goto cleanup; goto cleanup;
write(fd3, dest, r); io_sz = write(fd3, dest, r);
if (io_sz != r) {
goto cleanup;
}
patch_inv_sz += r; patch_inv_sz += r;
len3 += r; len3 += r;
} while (r > 0); } while (r > 0);
ftruncate(fd3, len3); io_sz = ftruncate(fd3, len3);
if (io_sz != len3) {
goto cleanup;
}
close(fd3); close(fd3);
fd3 = -1; fd3 = -1;
printf("Successfully created output file %s\n", wolfboot_delta_file); printf("Successfully created output file %s\n", wolfboot_delta_file);
@ -840,8 +880,10 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz)
cleanup: cleanup:
if (fd3 >= 0) { if (fd3 >= 0) {
if (len3 > 0) if (len3 > 0) {
ftruncate(fd3, len3); io_sz = ftruncate(fd3, len3);
(void)io_sz; /* ignore failure */
}
close(fd3); close(fd3);
fd3 = -1; fd3 = -1;
} }