Encrypt: API design

Author: danielinux

Makefile

@@ -258,6 +258,15 @@ factory.bin: $(BOOT_IMG) wolfboot-align.bin $(PRIVATE_KEY)
 	@echo "\t[MERGE] $@"
 	@cat wolfboot-align.bin test-app/image_v1_signed.bin > $@
 
+update.bin: $(BOOT_IMG)
+	@echo "\t[SIGN] $(BOOT_IMG)"
+	$(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 2
+
+update_enc.bin: $(BOOT_IMG)
+	@echo "\t[SIGN+ENC] $(BOOT_IMG)"
+	@printf "0123456789abcdef0123456789abcdef" | dd of=test_enc_key.bin
+	$(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) --encrypt test_enc_key.bin $(BOOT_IMG) $(PRIVATE_KEY) 2
+
 wolfboot.elf: include/target.h $(OBJS) $(LSCRIPT) FORCE
 	@echo "\t[LD] $@"
 	$(Q)$(LD) $(LDFLAGS) -Wl,--start-group $(OBJS) -Wl,--end-group -o $@

include/encrypt.h

@@ -23,6 +23,7 @@
 
 #ifndef ENCRYPT_H_INCLUDED
 #define ENCRYPT_H_INCLUDED
+#ifdef __WOLFBOOT
 #include <stdint.h>
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/sha256.h>
@@ -33,12 +34,10 @@
 #include <wolfssl/wolfcrypt/chacha.h>
 #include <wolfssl/wolfcrypt/pwdbased.h>
 
-#define ENCRYPT_BLOCK_SIZE 16 
-#define ENCRYPT_KEY_SIZE 32 /* Chacha20-256 */
 
-int ext_flash_set_encrypt_key(const uint8_t *key, int len);
-int ext_flash_set_encrypt_password(const uint8_t *pwd, int len);
+/* Internal read/write functions (not exported in the libwolfboot API) */
 int ext_flash_encrypt_write(uintptr_t address, const uint8_t *data, int len);
 int ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len);
 
+#endif /* __WOLFBOOT */
 #endif /* ENCRYPT_H_INCLUDED */

include/image.h

@@ -99,7 +99,7 @@ uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr);
 #include "hal.h"
 
 
-#ifdef EXT_ENCRYPTED
+#if defined(EXT_ENCRYPTED) && defined(__WOLFBOOT)
 #include "encrypt.h"
 #define ext_flash_check_write ext_flash_encrypt_write
 #define ext_flash_check_read ext_flash_decrypt_read

include/wolfboot/wolfboot.h

@@ -118,5 +118,10 @@ int wolfBoot_dualboot_candidate(void);
 #   error "No valid hash algorithm defined!"
 #endif
 
-
+/* Encryption support */
+#define ENCRYPT_BLOCK_SIZE 16 
+#define ENCRYPT_KEY_SIZE 32 /* Chacha20-256 */
+int wolfBoot_set_encrypt_key(const uint8_t *key, int len);
+int wolfBoot_erase_encrypt_key(void);
+int wolfBoot_set_encrypt_password(const uint8_t *pwd, int len);
 #endif /* !WOLFBOOT_H */

src/libwolfboot.c

@@ -26,8 +26,16 @@
 #include "wolfboot/wolfboot.h"
 #include "image.h"
 
-#ifdef EXT_ENCRYPTED
-#include "encrypt.h"
+#if defined(EXT_ENCRYPTED) 
+    #if defined(__WOLFBOOT)
+        #include "encrypt.h"
+    #else
+        #include <stddef.h>
+        #include <string.h>
+        #define XMEMSET memset
+        #define XMEMCPY memcpy
+        #define XMEMCMP memcmp
+    #endif
 #endif
 
 #ifndef NULL
@@ -46,15 +54,18 @@ static const uint32_t wolfboot_magic_trail = WOLFBOOT_MAGIC_TRAIL;
 #define PART_UPDATE_ENDFLAGS ((WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE) - TRAILER_SKIP)
 
 #ifdef NVM_FLASH_WRITEONCE
-
 #include <stddef.h>
-extern void *memcpy(void *dst, const void *src, size_t n);
+#include <string.h>
+#define XMEMSET memset
+#define XMEMCPY memcpy
+#define XMEMCMP memcmp
+
 static uint8_t NVM_CACHE[NVM_CACHE_SIZE];
 int RAMFUNCTION hal_trailer_write(uint32_t addr, uint8_t val) {
     uint32_t addr_align = addr & (~(WOLFBOOT_SECTOR_SIZE - 1));
     uint32_t addr_off = addr & (WOLFBOOT_SECTOR_SIZE - 1);
     int ret = 0;
-    memcpy(NVM_CACHE, (void *)addr_align, WOLFBOOT_SECTOR_SIZE);
+    XMEMCPY(NVM_CACHE, (void *)addr_align, WOLFBOOT_SECTOR_SIZE);
     ret = hal_flash_erase(addr_align, WOLFBOOT_SECTOR_SIZE);
     if (ret != 0)
         return ret;
@@ -68,11 +79,11 @@ int RAMFUNCTION hal_set_partition_magic(uint32_t addr)
     uint32_t off = addr % NVM_CACHE_SIZE;
     uint32_t base = addr - off;
     int ret;
-    memcpy(NVM_CACHE, (void *)base, NVM_CACHE_SIZE);
+    XMEMCPY(NVM_CACHE, (void *)base, NVM_CACHE_SIZE);
     ret = hal_flash_erase(base, WOLFBOOT_SECTOR_SIZE);
     if (ret != 0)
         return ret;
-    memcpy(NVM_CACHE + off, &wolfboot_magic_trail, sizeof(uint32_t));
+    XMEMCPY(NVM_CACHE + off, &wolfboot_magic_trail, sizeof(uint32_t));
     ret = hal_flash_write(base, NVM_CACHE, WOLFBOOT_SECTOR_SIZE);
     return ret;
 }
@@ -488,9 +499,6 @@ int wolfBoot_fallback_is_possible(void)
 
 #define ENCRYPT_TMP_SECRET_OFFSET (((WOLFBOOT_SECTOR_SIZE - (sizeof(uint32_t) + (2 + WOLFBOOT_SECTOR_SIZE) / (WOLFBOOT_PARTITION_SIZE * 8)) + ENCRYPT_KEY_SIZE)) / ENCRYPT_KEY_SIZE * ENCRYPT_KEY_SIZE)
 
-/* Buffer used for encryption/decryption */
-static ChaCha chacha;
-static int chacha_initialized = 0;
 
 #ifdef NVM_FLASH_WRITEONCE
 #define KEY_CACHE NVM_CACHE
@@ -505,39 +513,24 @@ static int RAMFUNCTION hal_set_key(const uint8_t *k)
     uint32_t addr_align = addr & (~(WOLFBOOT_SECTOR_SIZE - 1));
     uint32_t addr_off = addr & (WOLFBOOT_SECTOR_SIZE - 1);
     int ret = 0;
-    memcpy(KEY_CACHE, (void *)addr_align, WOLFBOOT_SECTOR_SIZE);
+    XMEMCPY(KEY_CACHE, (void *)addr_align, WOLFBOOT_SECTOR_SIZE);
     ret = hal_flash_erase(addr_align, WOLFBOOT_SECTOR_SIZE);
     if (ret != 0)
         return ret;
-    memcpy(KEY_CACHE + addr_off, k, ENCRYPT_KEY_SIZE);
+    XMEMCPY(KEY_CACHE + addr_off, k, ENCRYPT_KEY_SIZE);
     ret = hal_flash_write(addr_align, KEY_CACHE, WOLFBOOT_SECTOR_SIZE);
     return ret;
 }
 
-static int chacha_init(void)
-{
-    uint8_t *key = (uint8_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + ENCRYPT_TMP_SECRET_OFFSET);
-    uint8_t ff[ENCRYPT_KEY_SIZE];
-    XMEMSET(ff, 0xFF, ENCRYPT_KEY_SIZE);
-    if (XMEMCMP(key, ff, ENCRYPT_KEY_SIZE) == 0)
-        return -1;
-    XMEMSET(ff, 0xFF, ENCRYPT_KEY_SIZE);
-    if (XMEMCMP(key, ff, ENCRYPT_KEY_SIZE) == 0)
-        return -1;
-    wc_Chacha_SetKey(&chacha, key, ENCRYPT_KEY_SIZE);
-    chacha_initialized = 1;
-    return 0;
-}
-
-int wolfBoot_set_encrypt_key(const uint8_t *key, int len)
+int RAMFUNCTION wolfBoot_set_encrypt_key(const uint8_t *key, int len)
 {
     if (len != ENCRYPT_KEY_SIZE)
         return -1;
     hal_set_key(key);
     return 0;
 }
 
-int wolfBoot_erase_encrypt_key(void)
+int RAMFUNCTION wolfBoot_erase_encrypt_key(void)
 {
     uint8_t ff[ENCRYPT_KEY_SIZE];
     int i;
@@ -546,12 +539,33 @@ int wolfBoot_erase_encrypt_key(void)
     return 0;
 }
 
-int wolfBoot_set_encrypt_password(const uint8_t *pwd, int len)
+int RAMFUNCTION wolfBoot_set_encrypt_password(const uint8_t *pwd, int len)
 {
     /* TODO */
     return -1;
 }
 
+#ifdef __WOLFBOOT
+
+static ChaCha chacha;
+static int chacha_initialized = 0;
+
+static int chacha_init(void)
+{
+    uint8_t *key = (uint8_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + ENCRYPT_TMP_SECRET_OFFSET);
+    uint8_t ff[ENCRYPT_KEY_SIZE];
+    XMEMSET(ff, 0xFF, ENCRYPT_KEY_SIZE);
+    if (XMEMCMP(key, ff, ENCRYPT_KEY_SIZE) == 0)
+        return -1;
+    XMEMSET(ff, 0xFF, ENCRYPT_KEY_SIZE);
+    if (XMEMCMP(key, ff, ENCRYPT_KEY_SIZE) == 0)
+        return -1;
+    wc_Chacha_SetKey(&chacha, key, ENCRYPT_KEY_SIZE);
+    chacha_initialized = 1;
+    return 0;
+}
+
+
 #define PART_ADDRESS(a) ((a >= WOLFBOOT_PARTITION_UPDATE_ADDRESS) && \
         (a <= WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE))?\
         (PART_UPDATE):\
@@ -628,6 +642,7 @@ int ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len)
     }
     return len;
 }
+#endif
 
 #endif /* EXT_ENCRYPTED */
 

test-app/ARM.ld

@@ -1,7 +1,7 @@
 MEMORY
 {
     FLASH (rx) : ORIGIN = ##WOLFBOOT_TEST_APP_ADDRESS##, LENGTH = ##WOLFBOOT_TEST_APP_SIZE##
-    RAM (rwx) : ORIGIN = 0x20000000, LENGTH = 16K /* Run in lowmem */
+    RAM (rwx) : ORIGIN = 0x20000000, LENGTH = 32K /* Run in lowmem */
 }
 
 SECTIONS

test-app/Makefile

@@ -39,6 +39,10 @@ ifeq ($(V),0)
   Q=@
 endif
 
+ifeq ($(ENCRYPT),1)
+    CFLAGS+=-DEXT_ENCRYPTED=1
+endif
+
 ENTRY_POINT=`cat .entry-point-address`
 LSCRIPT:=../config/target-app.ld
 LSCRIPT_TEMPLATE:=$(ARCH).ld

test-app/app_stm32f4.c

@@ -78,6 +78,7 @@ static const char ACK='#';
 static uint8_t msg[MSGSIZE];
 
 
+
 void uart_write(const char c)
 {
     uint32_t reg;
@@ -219,6 +220,9 @@ void main(void) {
     version = wolfBoot_current_firmware_version();
     if ((version & 0x01) == 0)
         wolfBoot_success();
+#ifdef EXT_ENCRYPTED
+    wolfBoot_set_encrypt_key("0123456789abcdef0123456789abcdef", 32);
+#endif
     uart_write(START);
     for (i = 3; i >= 0; i--) {
         uart_write(v_array[i]);

tools/keytools/sign.py

@@ -58,20 +58,23 @@
 self_update=False
 sha_only=False
 manual_sign=False
+encrypt=False
 
 
 argc = len(sys.argv)
 argv = sys.argv
 hash_algo='sha256'
 
-if (argc < 4) or (argc > 8):
-    print("Usage: %s [--ed25519 | --ecc256 | --rsa2048 | --rsa4096 ] [--sha256 | --sha3] [--wolfboot-update] image key.der fw_version\n" % sys.argv[0])
+if (argc < 4) or (argc > 10):
+    print("Usage: %s [--ed25519 | --ecc256 | --rsa2048 | --rsa4096 ] [--sha256 | --sha3] [--wolfboot-update] [--encrypt key.bin] image key.der fw_version\n" % sys.argv[0])
     print("  - or - ")
-    print("       %s [--sha256 | --sha3] [--sha-only] [--wolfboot-update] image pub_key.der fw_version\n" % sys.argv[0])
+    print("       %s [--sha256 | --sha3] [--sha-only] [--wolfboot-update] [--encrypt key.bin] image pub_key.der fw_version\n" % sys.argv[0])
     print("  - or - ")
-    print("       %s [--ed25519 | --ecc256 | --rsa2048 | --rsa4096 ] [--sha256 | --sha3] [--manual-sign] image pub_key.der fw_version signature.sig\n" % sys.argv[0])
+    print("       %s [--ed25519 | --ecc256 | --rsa2048 | --rsa4096 ] [--sha256 | --sha3] [--manual-sign] [--encrypt key.bin] image pub_key.der fw_version signature.sig\n" % sys.argv[0])
     sys.exit(1)
-for i in range(1, len(argv)):
+
+i = 1
+while (i < len(argv)):
     if (argv[i] == '--ed25519'):
         sign='ed25519'
     elif (argv[i] == '--ecc256'):
@@ -90,10 +93,14 @@
         sha_only = True
     elif (argv[i] == '--manual-sign'):
         manual_sign = True
-
+    elif (argv[i] == '--encrypt'):
+        encrypt = True
+        i += 1
+        encrypt_key_file = argv[i]
     else:
         i-=1
         break
+    i += 1
 
 image_file = argv[i+1]
 key_file = argv[i+2]
@@ -117,6 +124,14 @@
     else:
         output_image_file = image_file + "_v" + str(fw_version) + "_digest.bin"
 
+if encrypt:
+    if '.' in image_file:
+        tokens = image_file.split('.')
+        encrypted_output_image_file = image_file.rstrip('.' + tokens[-1])
+        encrypted_output_image_file += "_v" + str(fw_version) + "_signed_and_encrypted.bin"
+    else:
+        encrypted_output_image_file = image_file + "_v" + str(fw_version) + "_signed_and_encrypted.bin"
+
 if (self_update):
     print("Update type:          wolfBoot")
 else:
@@ -132,6 +147,11 @@
 else:
     print ("Output digest:        " + output_image_file)
 
+if not encrypt:
+    print ("Not Encrypted")
+else:
+    print ("Encrypted using:      " + encrypt_key_file)
+
 kf = open(key_file, "rb")
 wolfboot_key_buffer = kf.read(4096)
 wolfboot_key_buffer_len = len(wolfboot_key_buffer)
@@ -364,6 +384,26 @@
 
 infile.close()
 outfile.close()
+if (encrypt):
+    sz = 0
+    off = 0
+    outfile = open(output_image_file, 'rb')
+    ekeyfile = open(encrypt_key_file, 'rb')
+    key = ekeyfile.read(32)
+    enc_outfile = open(encrypted_output_image_file, 'wb')
+    cha = ciphers.ChaCha(key, 32)
+    while(True):
+        cha.set_iv(off)
+        buf = outfile.read(16)
+        if len(buf) == 0:
+            break
+        enc_outfile.write(cha.encrypt(buf))
+        off += 1
+    outfile.close()
+    ekeyfile.close()
+    enc_outfile.close()
+
+
 print ("Output image successfully created.")
 sys.exit(0)