sim: Conditionalize rsa signature checking
Allow a build with sig-rsa set or not set. Only add the signature to
the TLV if we are building with the signature checking.
diff --git a/.travis.yml b/.travis.yml
index 9cd03d1..c20c63e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,3 +4,4 @@
script:
- cd sim; cargo build --release
- cd sim; cargo run --release -- runall
+ - cd sim; cargo run --release --features sig-rsa -- runall
diff --git a/sim/Cargo.toml b/sim/Cargo.toml
index 24b186d..13d2727 100644
--- a/sim/Cargo.toml
+++ b/sim/Cargo.toml
@@ -3,6 +3,11 @@
version = "0.1.0"
authors = ["David Brown <davidb@davidb.org>"]
+[features]
+default = []
+
+sig-rsa = ["mcuboot-sys/sig-rsa"]
+
[build-dependencies]
gcc = "0.3.38"
@@ -14,7 +19,7 @@
log = "0.3"
env_logger = "0.3"
simflash = { path = "simflash" }
-mcuboot-sys = { path = "mcuboot-sys", features = ["sig-rsa"] }
+mcuboot-sys = { path = "mcuboot-sys" }
bitflags = "0.9"
ring = { version = "0.11", features = ["rsa_signing"] }
untrusted = "0.5"
diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs
index 1b3c7d4..c4eb61d 100644
--- a/sim/mcuboot-sys/build.rs
+++ b/sim/mcuboot-sys/build.rs
@@ -20,38 +20,43 @@
conf.define("MCUBOOT_USE_FLASH_AREA_GET_SECTORS", None);
conf.define("MCUBOOT_VALIDATE_SLOT0", None);
- if sig_rsa {
- if sig_ecdsa {
- panic!("mcuboot does not support RSA and ECDSA at the same time");
- }
+ // Currently, mbed TLS cannot build with both RSA and ECDSA.
+ if sig_rsa && sig_ecdsa {
+ panic!("mcuboot does not support RSA and ECDSA at the same time");
+ }
+ if sig_rsa {
conf.define("MCUBOOT_SIGN_RSA", None);
conf.define("MCUBOOT_USE_MBED_TLS", None);
- conf.file("../../boot/bootutil/src/image_validate.c");
- conf.file("../../boot/bootutil/src/image_rsa.c");
- conf.file("../../boot/zephyr/keys.c");
-
conf.define("MCUBOOT_USE_MBED_TLS", None);
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-boot.h>"));
conf.include("mbedtls/include");
conf.file("mbedtls/library/sha256.c");
+ conf.file("../../boot/zephyr/keys.c");
conf.file("mbedtls/library/rsa.c");
conf.file("mbedtls/library/bignum.c");
conf.file("mbedtls/library/asn1parse.c");
- }
- if sig_ecdsa {
+ } else if sig_ecdsa {
conf.define("MCUBOOT_SIGN_ECDSA", None);
conf.define("MCUBOOT_USE_TINYCRYPT", None);
// TODO: Compile files + tinycrypt.
panic!("ECDSA not yet implemented in sim");
+ } else {
+ // Neither signature type, only verify sha256.
+ conf.define("MCUBOOT_USE_MBED_TLS", None);
+ conf.define("MBEDTLS_CONFIG_FILE", Some("<config-boot.h>"));
+ conf.include("mbedtls/include");
+ conf.file("mbedtls/library/sha256.c");
}
if overwrite_only {
conf.define("MCUBOOT_OVERWRITE_ONLY", None);
}
+ conf.file("../../boot/bootutil/src/image_validate.c");
+ conf.file("../../boot/bootutil/src/image_rsa.c");
conf.file("../../boot/bootutil/src/loader.c");
conf.file("../../boot/bootutil/src/caps.c");
conf.file("../../boot/bootutil/src/bootutil_misc.c");
diff --git a/sim/src/main.rs b/sim/src/main.rs
index 3156b9c..1bf6e88 100644
--- a/sim/src/main.rs
+++ b/sim/src/main.rs
@@ -601,7 +601,7 @@
fn install_image(flash: &mut Flash, offset: usize, len: usize) -> Vec<u8> {
let offset0 = offset;
- let mut tlv = TlvGen::new_rsa_pss();
+ let mut tlv = make_tlv();
// Generate a boot header. Note that the size doesn't include the header.
let header = ImageHeader {
@@ -655,6 +655,17 @@
copy
}
+// The TLV in use depends on what kind of signature we are verifying.
+#[cfg(feature = "sig-rsa")]
+fn make_tlv() -> TlvGen {
+ TlvGen::new_rsa_pss()
+}
+
+#[cfg(not(feature = "sig-rsa"))]
+fn make_tlv() -> TlvGen {
+ TlvGen::new_hash_only()
+}
+
/// Verify that given image is present in the flash at the given offset.
fn verify_image(flash: &Flash, offset: usize, buf: &[u8]) -> bool {
let mut copy = vec![0u8; buf.len()];