synch with upstream 296949e

Synchronized up to:
https://github.com/JuulLabs-OSS/mcuboot/commit/@296949e

Improvements:
- hardening against hardware level fault injection and timing attacks
- Abstract crypto primitives to simplify porting.
- boot: Add ram-load upgrade mode
- renamed single-image mode to single-slot mode

- kconfig: provide logic for setting key file, simplify prj.conf

- imgtool: Print image digest during verify
- imgtool: Add possibility to set confirm flag for hex files as well
- imgtool: --confirm implies --pad

- Added single-slot Zephyr-RTOS test build

fixes:
- bootutil: fix boostrapping in swap-move
- bootutil: fix swap-move brick with padded image_0
- Disable HW stack protection (temporary hack)
- reset SPLIM registers before boot
- fixes build issue that occurs if CONF_FILE contains multiple file paths instead of single file path.
- imgtool: Fix 'custom_tlvs' argument handling
- Turn off cache for Cortex M7 before chain-loading.- hardening against hardware level fault injection and timing attacks

Conflicts:
- took upsteram boot/zephyr/sample.yaml

Signed-off-by: Andrzej Puzdrowski <[email protected]>

Author: nvlsianpu

.github/workflows/mynewt.yaml

@@ -0,0 +1,26 @@
+# For development, trigger this on any push.
+on: [pull_request]
+
+jobs:
+  environment:
+    name: Mynewt build
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Print the environment
+      run: |
+        uname -a
+        lscpu
+        free
+        pwd
+    - name: Signed commit check
+      run: |
+        ./ci/check-signed-off-by.sh
+    - name: Mynewt install
+      run: |
+        ./ci/mynewt_install.sh
+    - name: Mynewt run
+      run: |
+        ./ci/mynewt_run.sh

.github/workflows/sim.yaml

@@ -0,0 +1,50 @@
+# For development, trigger this on any push.
+on: [pull_request]
+
+jobs:
+  environment:
+    strategy:
+      matrix:
+        features:
+        - "sig-ecdsa,sig-ed25519,enc-kw,bootstrap"
+        - "sig-rsa,sig-rsa3072,overwrite-only,validate-primary-slot,swap-move"
+        - "enc-rsa"
+        - "enc-ec256"
+        - "enc-x25519"
+        - "sig-rsa overwrite-only large-write,sig-ecdsa overwrite-only large-write,multiimage overwrite-only large-write"
+        - "sig-rsa validate-primary-slot,sig-ecdsa validate-primary-slot,sig-rsa multiimage validate-primary-slot"
+        - "enc-kw overwrite-only large-write,enc-rsa overwrite-only large-write"
+        - "sig-rsa enc-rsa validate-primary-slot,swap-move enc-rsa sig-rsa validate-primary-slot bootstrap"
+        - "sig-rsa enc-kw validate-primary-slot bootstrap,sig-ed25519 enc-x25519 validate-primary-slot"
+        - "sig-ecdsa enc-kw validate-primary-slot"
+        - "sig-rsa validate-primary-slot overwrite-only large-write"
+        - "sig-ecdsa enc-ec256 validate-primary-slot"
+        - "sig-rsa validate-primary-slot overwrite-only downgrade-prevention"
+    name: Sim
+    runs-on: ubuntu-latest
+    env:
+      MULTI_FEATURES: ${{ matrix.features }}
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+        submodules: recursive
+    - name: Print the environment
+      run: |
+        uname -a
+        lscpu
+        free
+        pwd
+    - name: Signed commit check
+      run: |
+        ./ci/check-signed-off-by.sh
+    - name: Install stable Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+    - name: Sim install
+      run: |
+        ./ci/sim_install.sh
+    - name: Sim run
+      run: |
+        ./ci/sim_run.sh

.travis.yml

@@ -16,39 +16,39 @@ matrix:
   include:
     # Runs each value defined in $SINGLE_FEATURES by itself in the order
     # the were defined.
-    - os: linux
-      env: SINGLE_FEATURES="sig-ecdsa sig-ed25519 enc-kw bootstrap" TEST=sim
-    - os: linux
-      env: SINGLE_FEATURES="none sig-rsa sig-rsa3072 overwrite-only validate-primary-slot swap-move" TEST=sim
-    - os: linux
-      env: SINGLE_FEATURES="enc-rsa enc-ec256 enc-x25519" TEST=sim
+    # - os: linux
+    #   env: SINGLE_FEATURES="sig-ecdsa sig-ed25519 enc-kw bootstrap" TEST=sim
+    # - os: linux
+    #   env: SINGLE_FEATURES="none sig-rsa sig-rsa3072 overwrite-only validate-primary-slot swap-move" TEST=sim
+    # - os: linux
+    #   env: SINGLE_FEATURES="enc-rsa enc-ec256 enc-x25519" TEST=sim
 
     # Values defined in $MULTI_FEATURES consist of any number of features
     # to be enabled at the same time. The list of multi-values should be
     # separated by ',' and each list of values is run sequentially in the
     # defined order.
-    - os: linux
-      env: MULTI_FEATURES="sig-rsa overwrite-only large-write,sig-ecdsa overwrite-only large-write,multiimage overwrite-only large-write" TEST=sim
-    - os: linux
-      env: MULTI_FEATURES="sig-rsa validate-primary-slot,sig-ecdsa validate-primary-slot,sig-rsa multiimage validate-primary-slot" TEST=sim
-    - os: linux
-      env: MULTI_FEATURES="enc-kw overwrite-only large-write,enc-rsa overwrite-only large-write" TEST=sim
-    - os: linux
-      env: MULTI_FEATURES="sig-rsa enc-rsa validate-primary-slot,swap-move enc-rsa sig-rsa validate-primary-slot" TEST=sim
-    - os: linux
-      env: MULTI_FEATURES="sig-rsa enc-kw validate-primary-slot bootstrap,sig-ed25519 enc-x25519 validate-primary-slot" TEST=sim
-    - os: linux
-      env: MULTI_FEATURES="sig-ecdsa enc-kw validate-primary-slot" TEST=sim
-    - os: linux
-      env: MULTI_FEATURES="sig-rsa validate-primary-slot overwrite-only large-write,sig-ecdsa enc-ec256 validate-primary-slot" TEST=sim
-    - os: linux
-      env: MULTI_FEATURES="sig-rsa validate-primary-slot overwrite-only downgrade-prevention" TEST=sim
+    # - os: linux
+    #   env: MULTI_FEATURES="sig-rsa overwrite-only large-write,sig-ecdsa overwrite-only large-write,multiimage overwrite-only large-write" TEST=sim
+    # - os: linux
+    #   env: MULTI_FEATURES="sig-rsa validate-primary-slot,sig-ecdsa validate-primary-slot,sig-rsa multiimage validate-primary-slot" TEST=sim
+    # - os: linux
+    #   env: MULTI_FEATURES="enc-kw overwrite-only large-write,enc-rsa overwrite-only large-write" TEST=sim
+    # - os: linux
+    #   env: MULTI_FEATURES="sig-rsa enc-rsa validate-primary-slot,swap-move enc-rsa sig-rsa validate-primary-slot" TEST=sim
+    # - os: linux
+    #   env: MULTI_FEATURES="sig-rsa enc-kw validate-primary-slot bootstrap,sig-ed25519 enc-x25519 validate-primary-slot" TEST=sim
+    # - os: linux
+    #   env: MULTI_FEATURES="sig-ecdsa enc-kw validate-primary-slot" TEST=sim
+    # - os: linux
+    #   env: MULTI_FEATURES="sig-rsa validate-primary-slot overwrite-only large-write,sig-ecdsa enc-ec256 validate-primary-slot" TEST=sim
+    # - os: linux
+    #   env: MULTI_FEATURES="sig-rsa validate-primary-slot overwrite-only downgrade-prevention" TEST=sim
 
-    - os: linux
-      language: go
-      env: TEST=mynewt
-      go:
-        - "1.12"
+    # - os: linux
+    #   language: go
+    #   env: TEST=mynewt
+    #   go:
+    #     - "1.12"
 
     - os: linux
       language: python

boot/bootutil/include/bootutil/bootutil.h

@@ -3,7 +3,7 @@
  *
  * Copyright (c) 2017-2019 Linaro LTD
  * Copyright (c) 2016-2019 JUUL Labs
- * Copyright (c) 2019 Arm Limited
+ * Copyright (c) 2019-2020 Arm Limited
  *
  * Original license:
  *
@@ -29,6 +29,7 @@
 #define H_BOOTUTIL_
 
 #include <inttypes.h>
+#include "bootutil/fault_injection_hardening.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -91,10 +92,10 @@ struct image_trailer {
 };
 
 /* you must have pre-allocated all the entries within this structure */
-int boot_go(struct boot_rsp *rsp);
+fih_int boot_go(struct boot_rsp *rsp);
 
 struct boot_loader_state;
-int context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp);
+fih_int context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp);
 
 int boot_swap_type_multi(int image_index);
 int boot_swap_type(void);
@@ -105,8 +106,8 @@ int boot_set_confirmed(void);
 #define SPLIT_GO_OK                 (0)
 #define SPLIT_GO_NON_MATCHING       (-1)
 #define SPLIT_GO_ERR                (-2)
-int
-split_go(int loader_slot, int split_slot, void **entry);
+
+fih_int split_go(int loader_slot, int split_slot, void **entry);
 
 #ifdef __cplusplus
 }

boot/bootutil/include/bootutil/caps.h

@@ -46,6 +46,7 @@ uint32_t bootutil_get_caps(void);
 #define BOOTUTIL_CAP_SWAP_USING_MOVE        (1<<11)
 #define BOOTUTIL_CAP_DOWNGRADE_PREVENTION   (1<<12)
 #define BOOTUTIL_CAP_ENC_X25519             (1<<13)
+#define BOOTUTIL_CAP_BOOTSTRAP              (1<<14)
 
 /*
  * Query the number of images this bootloader is configured for.  This

boot/bootutil/include/bootutil/crypto/aes_ctr.h

@@ -0,0 +1,150 @@
+/*
+ * This module provides a thin abstraction over some of the crypto
+ * primitives to make it easier to swap out the used crypto library.
+ *
+ * At this point, there are two choices: MCUBOOT_USE_MBED_TLS, or
+ * MCUBOOT_USE_TINYCRYPT.  It is a compile error there is not exactly
+ * one of these defined.
+ */
+
+#ifndef __BOOTUTIL_CRYPTO_AES_CTR_H_
+#define __BOOTUTIL_CRYPTO_AES_CTR_H_
+
+#include <string.h>
+
+#include "mcuboot_config/mcuboot_config.h"
+
+#if (defined(MCUBOOT_USE_MBED_TLS) + \
+     defined(MCUBOOT_USE_TINYCRYPT)) != 1
+    #error "One crypto backend must be defined: either MBED_TLS or TINYCRYPT"
+#endif
+
+#if defined(MCUBOOT_USE_MBED_TLS)
+    #include <mbedtls/aes.h>
+    #define BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE (16)
+    #define BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE (16)
+#endif /* MCUBOOT_USE_MBED_TLS */
+
+#if defined(MCUBOOT_USE_TINYCRYPT)
+    #include <string.h>
+    #include <tinycrypt/aes.h>
+    #include <tinycrypt/ctr_mode.h>
+    #include <tinycrypt/constants.h>
+    #define BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE TC_AES_KEY_SIZE
+    #define BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE TC_AES_BLOCK_SIZE
+#endif /* MCUBOOT_USE_TINYCRYPT */
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MCUBOOT_USE_MBED_TLS)
+typedef mbedtls_aes_context bootutil_aes_ctr_context;
+static inline void bootutil_aes_ctr_init(bootutil_aes_ctr_context *ctx)
+{
+    (void)mbedtls_aes_init(ctx);
+}
+
+static inline void bootutil_aes_ctr_drop(bootutil_aes_ctr_context *ctx)
+{
+    /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
+    /* (void)mbedtls_aes_free(ctx); */
+    (void)ctx;
+}
+
+static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context *ctx, const uint8_t *k)
+{
+    return mbedtls_aes_setkey_enc(ctx, k, BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE * 8);
+}
+
+static inline int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *m, uint32_t mlen, size_t blk_off, uint8_t *c)
+{
+    uint8_t stream_block[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
+    int rc;
+    rc = mbedtls_aes_crypt_ctr(ctx, mlen, &blk_off, counter, stream_block, m, c);
+    memset(stream_block, 0, BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE);
+    return rc;
+}
+
+static inline int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *c, uint32_t clen, size_t blk_off, uint8_t *m)
+{
+    uint8_t stream_block[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
+    int rc;
+    rc = mbedtls_aes_crypt_ctr(ctx, clen, &blk_off, counter, stream_block, c, m);
+    memset(stream_block, 0, BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE);
+    return rc;
+}
+#endif /* MCUBOOT_USE_MBED_TLS */
+
+#if defined(MCUBOOT_USE_TINYCRYPT)
+typedef struct tc_aes_key_sched_struct bootutil_aes_ctr_context;
+static inline void bootutil_aes_ctr_init(bootutil_aes_ctr_context *ctx)
+{
+    (void)ctx;
+}
+
+static inline void bootutil_aes_ctr_drop(bootutil_aes_ctr_context *ctx)
+{
+    (void)ctx;
+}
+
+static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context *ctx, const uint8_t *k)
+{
+    int rc;
+    rc = tc_aes128_set_encrypt_key(ctx, k);
+    if (rc != TC_CRYPTO_SUCCESS) {
+        return -1;
+    }
+    return 0;
+}
+
+static int _bootutil_aes_ctr_crypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *in, uint32_t inlen, uint32_t blk_off, uint8_t *out)
+{
+    uint8_t buf[16];
+    uint32_t buflen;
+    int rc;
+    if (blk_off == 0) {
+        rc = tc_ctr_mode(out, inlen, in, inlen, counter, ctx);
+        if (rc != TC_CRYPTO_SUCCESS) {
+            return -1;
+        }
+    } else if (blk_off < 16) {
+        buflen = ((inlen + blk_off <= 16) ? inlen : (16 - blk_off));
+        inlen -= buflen;
+        memcpy(&buf[blk_off], &in[0], buflen);
+        rc = tc_ctr_mode(buf, 16, buf, 16, counter, ctx);
+        if (rc != TC_CRYPTO_SUCCESS) {
+            return -1;
+        }
+        memcpy(&out[0], &buf[blk_off], buflen);
+        memset(&buf[0], 0, 16);
+        if (inlen > 0) {
+            rc = tc_ctr_mode(&out[buflen], inlen, &in[buflen], inlen, counter, ctx);
+        }
+        if (rc != TC_CRYPTO_SUCCESS) {
+            return -1;
+        }
+    } else {
+        return -1;
+    }
+    return 0;
+}
+
+static inline int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *m, uint32_t mlen, uint32_t blk_off, uint8_t *c)
+{
+    return _bootutil_aes_ctr_crypt(ctx, counter, m, mlen, blk_off, c);
+}
+
+static inline int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *c, uint32_t clen, uint32_t blk_off, uint8_t *m)
+{
+    return _bootutil_aes_ctr_crypt(ctx, counter, c, clen, blk_off, m);
+}
+#endif /* MCUBOOT_USE_TINYCRYPT */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __BOOTUTIL_CRYPTO_AES_CTR_H_ */