Added support for custom TLVs in manifest header

Author: danielinux

README.md

@@ -90,6 +90,7 @@ For more detailed information about firmware update implementation, see [Firmwar
 ### Additional features
    - [Remote external flash interface](docs/remote_flash.md)
    - [External encrypted partitions](docs/encrypted_partitions.md)
+   - [Delta updates](docs/firmware_update.md#incremental-updates-aka-delta-updates)
 
 ## Building
 

docs/Signing.md

@@ -177,6 +177,18 @@ Provides a PCR mask and digest to be signed and included in the header. The sign
   A copy of the final signed policy (including 4 byte PCR mask) will be output to `[inputname].sig`.
   Note: This may require increasing the `IMAGE_HEADER_SIZE` as two signatures will be stored in the header.
 
+#### Adding custom fields to the manifest header
+
+Provides a value to be set with a custom tag
+
+   * `--custom-tlv tag len val`: Adds a TLV entry to the manifest header, corresponding
+   to the type identified by `tag`, with lenght `len` bytes, and assigns the value `val`.
+   Values can be decimal or hex numbers (prefixed by '0x').  The tag is a 16-bit number.
+   Valid tags are in the range between 0x0030 and 0xFEFE.
+
+   The extra numeric field (can be 1, 2, 4, or 8 bytes long) is stored in the manifest
+   header and can be retrieved at runtime by wolfBoot, using `wolfBoot_find_header()`.
+
 #### Three-steps signing using external provisioning tools
 
 If the private key is not accessible, while it's possible to sign payloads using

docs/firmware_image.md

@@ -42,15 +42,53 @@ Each **Type** has a different meaning, and integrate information about the firmw
 
   - A 'version' Tag (type: 0x0001, size: 4 Bytes) indicating the version number for the firmware stored in the image
   - A 'timestamp' Tag (type: 0x0002, size 8 Bytes) indicating the timestamp in unix seconds for the creation of the firmware
-  - A 'sha256 digest' Tag (type: 0x0003, size: 32 Bytes) used for integrity check of the firmware
+  - A 'sha digest' Tag (type: 0x0003, size: digest size (32 Bytes for SHA256)) used for integrity check of the firmware
   - A 'firmware signature' Tag (type: 0x0020, size: 64 Bytes) used to validate the signature stored with the firmware against a known public key
   - A 'firmware type' Tag (type: 0x0030, size: 2 Bytes) used to identify the type of firmware, and the authentication mechanism in use.
 
-Optionally, a 'public key hint digest' Tag can be transmitted in the header (type: 0x10, size:32 Bytes). This Tag contains the SHA256 digest of the public key used 
+A 'public key hint digest' tag is transmitted in the header (type: 0x10, size:32 Bytes). This tag contains the SHA digest of the public key used 
 by the signing tool. The bootloader may use this field to locate the correct public key in case of multiple keys available.
 
 wolfBoot will, in all cases, refuse to boot an image that cannot be verified and authenticated using the built-in digital signature authentication mechanism.
 
+### Adding custom fields to the manifest header
+
+It is possible to add custom fields to the manifest header, by using the `--custom-tlv` option in the signing tool.
+
+In order for the fields to be secured (checked by wolfBoot for integrity and authenticity),
+their value is placed in the manifest header before the signature is calculated. The signing tool takes care of the alignment and padding of the fields.
+
+The custom fields are identified by a 16-bit tag, and their size is indicated by a 16-bit length field. The tag and length fields are stored in little-endian format.
+
+At runtime, the values stored in the manifest header can be accessed using the `wolfBoot_find_header` function.
+
+The syntax for `--custom-tlv` option is also documented in [docs/Signing.md](/docs/Signing.md#adding-custom-fields-to-the-manifest-header).
+
+### Image header: Example
+
+This example adds a custom field when the signing tool is used to sign the firmware image:
+
+```bash
+./tools/keytools/sign --ed25519 --custom-tlv 0x34 4 0xAABBCCDD test-app/image.bin wolfboot_signing_private_key.der 4
+```
+
+The output image `test-app/image_v4_signed.bin` will contain the custom field with tag `0x34` with length `4` and value `0xAABBCCDD`.
+
+From the bootloader code, we can then retrieve the value of the custom field using the `wolfBoot_find_header` function:
+
+```c
+uint32_t custom_code34_field;
+const uint16_t custom_code34_field_size = 4;
+const uint16_t custom_code34_tag = 0x34;
+int size;
+
+size = wolfBoot_find_header(0x34, &custom_code34_field, sizeof(custom_code34_value));
+if (size != custom_code34_field_size) {
+    /* Error: the field is not present or has the wrong size */
+}
+
+/* From here, the value 0xAABBCCDD is stored in custom_code34_value */
+```
 
 ### Image signing tool
 

tools/keytools/sign.c

@@ -41,6 +41,7 @@
 #include <sys/types.h>
 #include <fcntl.h>
 #include <stddef.h>
+#include <inttypes.h>
 /* target.h is a generated file based on .config (see target.h.in)
  * Provides: WOLFBOOT_SECTOR_SIZE */
 #include <target.h>
@@ -68,6 +69,8 @@ static inline int fp_truncate(FILE *f, size_t len)
 
 #define MAX_SRC_SIZE (1 << 24)
 
+#define MAX_CUSTOM_TLVS (16)
+
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/aes.h>
@@ -265,6 +268,12 @@ struct cmd_options {
     uint32_t signature_sz;
     uint32_t policy_sz;
     uint8_t partition_id;
+    uint32_t custom_tlvs;
+    struct cmd_tlv {
+        uint16_t tag;
+        uint16_t len;
+        uint64_t val;
+    } custom_tlv[MAX_CUSTOM_TLVS];
 };
 
 static struct cmd_options CMD = {
@@ -273,6 +282,7 @@ static struct cmd_options CMD = {
     .hash_algo = HASH_SHA256,
     .header_sz = IMAGE_HEADER_SIZE,
     .partition_id = HDR_IMG_TYPE_APP
+
 };
 
 static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
@@ -1067,6 +1077,23 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                 &patch_inv_len);
     }
 
+    /* Add custom TLVs */
+    if (CMD.custom_tlvs > 0) {
+        uint32_t i;
+        for (i = 0; i < CMD.custom_tlvs; i++) {
+            if (CMD.custom_tlv[i].len == 8) {
+                /* This field requires 8-byte alignment */
+                while((header_idx % 8) != 4)
+                    header_idx++;
+            }
+            header_append_tag(header, &header_idx, CMD.custom_tlv[i].tag,
+                CMD.custom_tlv[i].len, &CMD.custom_tlv[i].val);
+        }
+        /* Align for next field */
+        while ((header_idx % 4) != 0)
+            header_idx++;
+    }
+
     /* Add padding bytes. Sha-3 val field requires 8-byte alignment */
     while ((header_idx % 8) != 4)
         header_idx++;
@@ -1789,6 +1816,31 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz, in
     return ret;
 }
 
+uint64_t arg2num(const char *arg, size_t len)
+{
+    uint64_t ret = (uint64_t) -1;
+    if (strncmp(arg, "0x", 2) == 0) {
+       ret = strtoll(arg + 2, NULL, 16);
+    } else {
+        ret = strtoll(arg, NULL, 10);
+    }
+    switch (len) {
+        case 1:
+            ret &= 0xFF;
+            break;
+        case 2:
+            ret &= 0xFFFF;
+            break;
+        case 4:
+            ret &= 0xFFFFFFFF;
+        case 8:
+            break;
+        default:
+            ret = (uint64_t) (-1);
+    }
+    return ret;
+}
+
 int main(int argc, char** argv)
 {
     int ret = 0;
@@ -1936,6 +1988,35 @@ int main(int argc, char** argv)
             CMD.policy_sign = 1;
             CMD.policy_file = argv[++i];
         }
+        else if (strcmp(argv[i], "--custom-tlv") == 0) {
+            int p = CMD.custom_tlvs;
+            uint16_t tag, len;
+            if (p >= MAX_CUSTOM_TLVS) {
+                fprintf(stderr, "Too many custom TLVs.\n");
+                exit(16);
+            }
+            if (argc < (i + 3)) {
+                fprintf(stderr, "Invalid custom TLV fields. \n");
+                exit(16);
+            }
+            tag = (uint16_t)arg2num(argv[i + 1], 2);
+            len = (uint16_t)arg2num(argv[i + 2], 2);
+
+            if ((tag < 0x0030) || (tag > 0xFEFE)) {
+                fprintf(stderr, "Invalid custom tag: %s\n", argv[i + 1]);
+                exit(16);
+            }
+            if ((len != 1) && (len != 2) && (len != 4) && (len != 8)) {
+                fprintf(stderr, "Invalid custom tag len: %s\n", argv[i + 2]);
+                fprintf(stderr, "Accepted len: 1, 2, 4 or 8\n");
+                exit(16);
+            }
+            CMD.custom_tlv[p].tag = tag;
+            CMD.custom_tlv[p].len = len;
+            CMD.custom_tlv[p].val = arg2num(argv[i+3], len);
+            CMD.custom_tlvs++;
+            i += 3;
+        }
         else {
             i--;
             break;
@@ -2010,6 +2091,18 @@ int main(int argc, char** argv)
         printf("(bootloader)");
     printf("\n");
 
+    if (CMD.custom_tlvs > 0) {
+        uint32_t i;
+        printf("Custom TLVS: %u\n", CMD.custom_tlvs);
+        for (i = 0; i < CMD.custom_tlvs; i++) {
+            printf("TLV %u\n", i);
+            printf("----\n");
+            printf("Tag: %04X Len: %hu Val: %" PRIu64 "\n", CMD.custom_tlv[i].tag,
+                CMD.custom_tlv[i].len, CMD.custom_tlv[i].val);
+            printf("-----\n");
+        }
+    }
+
     /* get header and signature sizes */
     if (CMD.sign == SIGN_ED25519) {
         if (CMD.header_sz < 256)