TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 2b73ed94406778538a0888aac209adb7b3d72a70^! / . / sim / src / tlv.rs
commit2b73ed94406778538a0888aac209adb7b3d72a70[log] [tgz]
authorDavid Brown <david.brown@linaro.org>Wed Jan 08 17:01:22 2020 -0700
committerDavid Brown <davidb@davidb.org>Thu Jan 09 11:29:40 2020 -0700
tree674c4e380523fd171807255f6b4c5ce0dc91d0d7
parentdd2b6804d9d73120e6adf29413b5e7dbdd5ac590 [diff] [blame]
sim: Always compute protected size

Instead of having a running size that we try to always match the encoded
size of, compute it a bit more dynamically.  The size is still needed
before the contents can be filled in, so this doesn't gain too much, but
will make it easier to compute the rest of the TLV size based on the
actual encoding rather than lots of magic numbers.

Signed-off-by: David Brown <david.brown@linaro.org>

diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs
index 80d82ae..ad53c27 100644
--- a/sim/src/tlv.rs
+++ b/sim/src/tlv.rs

@@ -100,8 +100,6 @@
     kinds: Vec<TlvKinds>,
     /// The total size of the payload.
     size: u16,
-    /// Extra bytes of the TLV that are protected.
-    protect_size: u16,
     payload: Vec<u8>,
     dependencies: Vec<Dependency>,
     enc_key: Vec<u8>,
@@ -256,17 +254,16 @@
     }
 
     fn protect_size(&self) -> u16 {
-        if self.protect_size == 0 {
+        if self.dependencies.is_empty() {
             0
         } else {
-            // Include the protected size, as well as the TLV header.
-            4 + self.protect_size
+            // Include the header and space for each dependency.
+            4 + (self.dependencies.len() as u16) * (4 + 4 + 8)
         }
     }
 
     fn add_dependency(&mut self, id: u8, version: &ImageVersion) {
         let my_size = 4 + 4 + 8;
-        self.protect_size += my_size;
         self.size += my_size;
         self.dependencies.push(Dependency {
             id: id,
@@ -282,10 +279,11 @@
     fn make_tlv(self: Box<Self>) -> Vec<u8> {
         let mut protected_tlv: Vec<u8> = vec![];
 
-        if self.protect_size > 0 {
+        if self.protect_size() > 0 {
             protected_tlv.push(0x08);
             protected_tlv.push(0x69);
-            protected_tlv.write_u16::<LittleEndian>(self.protect_size()).unwrap();
+            let size = self.protect_size();
+            protected_tlv.write_u16::<LittleEndian>(size).unwrap();
             for dep in &self.dependencies {
                 protected_tlv.write_u16::<LittleEndian>(TlvKinds::DEPENDENCY as u16).unwrap();
                 protected_tlv.write_u16::<LittleEndian>(12).unwrap();
@@ -300,6 +298,8 @@
                 protected_tlv.write_u16::<LittleEndian>(dep.version.revision).unwrap();
                 protected_tlv.write_u32::<LittleEndian>(dep.version.build_num).unwrap();
             }
+
+            assert_eq!(size, protected_tlv.len() as u16, "protected TLV length incorrect");
         }
 
         // Ring does the signature itself, which means that it must be