TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 90f449ee5cfd526222a242b1d7f8d1d1d242a5e8^! / . / sim / src / image.rs
commit90f449ee5cfd526222a242b1d7f8d1d1d242a5e8[log] [tgz]
authorFabio Utzig <utzig@apache.org>Thu Oct 24 07:43:53 2019 -0300
committerFabio Utzig <utzig@utzig.org>Wed Nov 06 06:55:25 2019 -0300
tree345b6acb577436673daf4fc8e411d2baa8f40e5e
parentcbd58e3f834fe1d298960bae4ec89efbfa8ed89d [diff] [blame]
sim: add testing of ECIES-P256 images

Signed-off-by: Fabio Utzig <utzig@apache.org>

diff --git a/sim/src/image.rs b/sim/src/image.rs
index aa4b070..60369ef 100644
--- a/sim/src/image.rs
+++ b/sim/src/image.rs

@@ -42,7 +42,7 @@
     PairDep,
     UpgradeInfo,
 };
-use crate::tlv::{ManifestGen, TlvGen, TlvFlags, AES_SEC_KEY};
+use crate::tlv::{ManifestGen, TlvGen, TlvFlags};
 
 /// A builder for Images.  This describes a single run of the simulator,
 /// capturing the configuration of a particular set of devices, including
@@ -652,7 +652,8 @@
 
     // FIXME: could get status sz from bootloader
     fn status_sz(&self, align: usize) -> usize {
-        let bias = if Caps::EncRsa.present() || Caps::EncKw.present() {
+        let bias = if Caps::EncRsa.present() || Caps::EncKw.present() ||
+                Caps::EncEc256.present() {
             32
         } else {
             0
@@ -1138,7 +1139,9 @@
     let is_encrypted = (tlv.get_flags() & flag) == flag;
     let mut b_encimg = vec![];
     if is_encrypted {
-        let key = GenericArray::from_slice(AES_SEC_KEY);
+        tlv.generate_enc_key();
+        let enc_key = tlv.get_enc_key();
+        let key = GenericArray::from_slice(enc_key.as_slice());
         let nonce = GenericArray::from_slice(&[0; 16]);
         let mut cipher = Aes128Ctr::new(&key, &nonce);
         b_encimg = b_img.clone();
@@ -1258,6 +1261,9 @@
         } else {
             TlvGen::new_enc_rsa()
         }
+    } else if Caps::EncEc256.present() {
+        //FIXME: should fail with RSA signature?
+        TlvGen::new_ecdsa_ecies_p256()
     } else {
         // The non-encrypted configuration.
         if Caps::RSA2048.present() {
@@ -1278,7 +1284,8 @@
     /// Find the image contents for the given slot.  This assumes that slot 0
     /// is unencrypted, and slot 1 is encrypted.
     fn find(&self, slot: usize) -> &Vec<u8> {
-        let encrypted = Caps::EncRsa.present() || Caps::EncKw.present();
+        let encrypted = Caps::EncRsa.present() || Caps::EncKw.present() ||
+            Caps::EncEc256.present();
         match (encrypted, slot) {
             (false, _) => &self.plain,
             (true, 0) => &self.plain,