blob: 3061e78f923f68a4d53a1b23328e3775cfad91c6 [file] [log] [blame]
Carles Cufi37d052f2018-01-30 16:40:10 +01001# Copyright 2018 Nordic Semiconductor ASA
David Vinczeb2a1a482020-09-18 11:54:30 +02002# Copyright 2017-2020 Linaro Limited
David Vincze1a7a6902020-02-18 15:05:16 +01003# Copyright 2019-2020 Arm Limited
David Brown1314bf32017-12-20 11:10:55 -07004#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
David Brown23f91ad2017-05-16 11:38:17 -060017"""
18Image signing and management.
19"""
20
21from . import version as versmod
David Vincze71b8f982020-03-17 19:08:12 +010022from .boot_record import create_sw_component_data
Fabio Utzig9a492d52020-01-15 11:31:52 -030023import click
Fabio Utzig4a5477a2019-05-27 15:45:08 -030024from enum import Enum
Carles Cufi37d052f2018-01-30 16:40:10 +010025from intelhex import IntelHex
David Brown23f91ad2017-05-16 11:38:17 -060026import hashlib
27import struct
Carles Cufi37d052f2018-01-30 16:40:10 +010028import os.path
Fabio Utzig960b4c52020-04-02 13:07:12 -030029from .keys import rsa, ecdsa, x25519
Fabio Utzig7a3b2602019-10-22 09:56:44 -030030from cryptography.hazmat.primitives.asymmetric import ec, padding
Fabio Utzig960b4c52020-04-02 13:07:12 -030031from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
Fabio Utzig06b77b82018-08-23 16:01:16 -030032from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
Fabio Utzig7a3b2602019-10-22 09:56:44 -030033from cryptography.hazmat.primitives.kdf.hkdf import HKDF
34from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
Fabio Utzig06b77b82018-08-23 16:01:16 -030035from cryptography.hazmat.backends import default_backend
Fabio Utzig7a3b2602019-10-22 09:56:44 -030036from cryptography.hazmat.primitives import hashes, hmac
Fabio Utzig4a5477a2019-05-27 15:45:08 -030037from cryptography.exceptions import InvalidSignature
David Brown23f91ad2017-05-16 11:38:17 -060038
David Brown72e7a512017-09-01 11:08:23 -060039IMAGE_MAGIC = 0x96f3b83d
David Brown23f91ad2017-05-16 11:38:17 -060040IMAGE_HEADER_SIZE = 32
Carles Cufi37d052f2018-01-30 16:40:10 +010041BIN_EXT = "bin"
42INTEL_HEX_EXT = "hex"
Fabio Utzig519285f2018-06-04 11:11:53 -030043DEFAULT_MAX_SECTORS = 128
Fabio Utzig649d80f2019-09-12 10:26:23 -030044MAX_ALIGN = 8
David Vinczeda8c9192019-03-26 17:17:41 +010045DEP_IMAGES_KEY = "images"
46DEP_VERSIONS_KEY = "versions"
David Vincze71b8f982020-03-17 19:08:12 +010047MAX_SW_TYPE_LENGTH = 12 # Bytes
David Brown23f91ad2017-05-16 11:38:17 -060048
49# Image header flags.
50IMAGE_F = {
51 'PIC': 0x0000001,
Dominik Ermel50820b12020-12-14 13:16:46 +000052 'ENCRYPTED': 0x0000004,
Fabio Utzig06b77b82018-08-23 16:01:16 -030053 'NON_BOOTABLE': 0x0000010,
David Vincze1e0c5442020-04-07 14:12:33 +020054 'RAM_LOAD': 0x0000020,
Dominik Ermel50820b12020-12-14 13:16:46 +000055 'ROM_FIXED': 0x0000100,
Fabio Utzig06b77b82018-08-23 16:01:16 -030056}
David Brown23f91ad2017-05-16 11:38:17 -060057
58TLV_VALUES = {
David Brown43cda332017-09-01 09:53:23 -060059 'KEYHASH': 0x01,
David Vinczedde178d2020-03-26 20:06:01 +010060 'PUBKEY': 0x02,
David Brown27648b82017-08-31 10:40:29 -060061 'SHA256': 0x10,
62 'RSA2048': 0x20,
63 'ECDSA224': 0x21,
Fabio Utzig06b77b82018-08-23 16:01:16 -030064 'ECDSA256': 0x22,
Fabio Utzig19fd79a2019-05-08 18:20:39 -030065 'RSA3072': 0x23,
Fabio Utzig8101d1f2019-05-09 15:03:22 -030066 'ED25519': 0x24,
Fabio Utzig06b77b82018-08-23 16:01:16 -030067 'ENCRSA2048': 0x30,
68 'ENCKW128': 0x31,
Fabio Utzig7a3b2602019-10-22 09:56:44 -030069 'ENCEC256': 0x32,
Fabio Utzig960b4c52020-04-02 13:07:12 -030070 'ENCX25519': 0x33,
David Vincze1a7a6902020-02-18 15:05:16 +010071 'DEPENDENCY': 0x40,
72 'SEC_CNT': 0x50,
David Vincze71b8f982020-03-17 19:08:12 +010073 'BOOT_RECORD': 0x60,
Fabio Utzig06b77b82018-08-23 16:01:16 -030074}
David Brown23f91ad2017-05-16 11:38:17 -060075
Fabio Utzig4a5477a2019-05-27 15:45:08 -030076TLV_SIZE = 4
David Brownf5b33d82017-09-01 10:58:27 -060077TLV_INFO_SIZE = 4
78TLV_INFO_MAGIC = 0x6907
Fabio Utzig510fddb2019-09-12 12:15:36 -030079TLV_PROT_INFO_MAGIC = 0x6908
David Brown23f91ad2017-05-16 11:38:17 -060080
David Brown23f91ad2017-05-16 11:38:17 -060081boot_magic = bytes([
82 0x77, 0xc2, 0x95, 0xf3,
83 0x60, 0xd2, 0xef, 0x7f,
84 0x35, 0x52, 0x50, 0x0f,
85 0x2c, 0xb6, 0x79, 0x80, ])
86
Mark Schultea66c6872018-09-26 17:24:40 -070087STRUCT_ENDIAN_DICT = {
88 'little': '<',
89 'big': '>'
90}
91
Fabio Utzig4a5477a2019-05-27 15:45:08 -030092VerifyResult = Enum('VerifyResult',
93 """
94 OK INVALID_MAGIC INVALID_TLV_INFO_MAGIC INVALID_HASH
95 INVALID_SIGNATURE
96 """)
97
98
David Brown23f91ad2017-05-16 11:38:17 -060099class TLV():
Fabio Utzig510fddb2019-09-12 12:15:36 -0300100 def __init__(self, endian, magic=TLV_INFO_MAGIC):
101 self.magic = magic
David Brown23f91ad2017-05-16 11:38:17 -0600102 self.buf = bytearray()
Mark Schultea66c6872018-09-26 17:24:40 -0700103 self.endian = endian
David Brown23f91ad2017-05-16 11:38:17 -0600104
Fabio Utzig510fddb2019-09-12 12:15:36 -0300105 def __len__(self):
106 return TLV_INFO_SIZE + len(self.buf)
107
David Brown23f91ad2017-05-16 11:38:17 -0600108 def add(self, kind, payload):
Fabio Utzig510fddb2019-09-12 12:15:36 -0300109 """
110 Add a TLV record. Kind should be a string found in TLV_VALUES above.
111 """
Mark Schultea66c6872018-09-26 17:24:40 -0700112 e = STRUCT_ENDIAN_DICT[self.endian]
Ihor Slabkyy24d93732020-03-10 15:33:57 +0200113 if isinstance(kind, int):
114 buf = struct.pack(e + 'BBH', kind, 0, len(payload))
115 else:
116 buf = struct.pack(e + 'BBH', TLV_VALUES[kind], 0, len(payload))
David Brown23f91ad2017-05-16 11:38:17 -0600117 self.buf += buf
118 self.buf += payload
119
120 def get(self):
Fabio Utzig510fddb2019-09-12 12:15:36 -0300121 if len(self.buf) == 0:
122 return bytes()
Mark Schultea66c6872018-09-26 17:24:40 -0700123 e = STRUCT_ENDIAN_DICT[self.endian]
Fabio Utzig510fddb2019-09-12 12:15:36 -0300124 header = struct.pack(e + 'HH', self.magic, len(self))
David Brownf5b33d82017-09-01 10:58:27 -0600125 return header + bytes(self.buf)
David Brown23f91ad2017-05-16 11:38:17 -0600126
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200127
David Brown23f91ad2017-05-16 11:38:17 -0600128class Image():
Carles Cufi37d052f2018-01-30 16:40:10 +0100129
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200130 def __init__(self, version=None, header_size=IMAGE_HEADER_SIZE,
Henrik Brix Andersen0ce958e2020-03-11 14:04:11 +0100131 pad_header=False, pad=False, confirm=False, align=1,
132 slot_size=0, max_sectors=DEFAULT_MAX_SECTORS,
133 overwrite_only=False, endian="little", load_addr=0,
Dominik Ermel50820b12020-12-14 13:16:46 +0000134 rom_fixed=None, erased_val=None, save_enctlv=False,
135 security_counter=None):
136
137 if load_addr and rom_fixed:
138 raise click.UsageError("Can not set rom_fixed and load_addr at the same time")
139
David Brown23f91ad2017-05-16 11:38:17 -0600140 self.version = version or versmod.decode_version("0")
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200141 self.header_size = header_size
142 self.pad_header = pad_header
David Brown23f91ad2017-05-16 11:38:17 -0600143 self.pad = pad
Henrik Brix Andersen0ce958e2020-03-11 14:04:11 +0100144 self.confirm = confirm
Fabio Utzig263d4392018-06-05 10:37:35 -0300145 self.align = align
146 self.slot_size = slot_size
147 self.max_sectors = max_sectors
Fabio Utzigdcf0c9b2018-06-11 12:27:49 -0700148 self.overwrite_only = overwrite_only
Mark Schultea66c6872018-09-26 17:24:40 -0700149 self.endian = endian
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200150 self.base_addr = None
Håkon Øye Amundsendf8c8912019-08-26 12:15:28 +0000151 self.load_addr = 0 if load_addr is None else load_addr
Dominik Ermel50820b12020-12-14 13:16:46 +0000152 self.rom_fixed = rom_fixed
Fabio Utzigcb080732020-02-07 12:01:39 -0300153 self.erased_val = 0xff if erased_val is None else int(erased_val, 0)
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200154 self.payload = []
Fabio Utzig649d80f2019-09-12 10:26:23 -0300155 self.enckey = None
Fabio Utzig9a492d52020-01-15 11:31:52 -0300156 self.save_enctlv = save_enctlv
157 self.enctlv_len = 0
David Brown23f91ad2017-05-16 11:38:17 -0600158
David Vincze1a7a6902020-02-18 15:05:16 +0100159 if security_counter == 'auto':
160 # Security counter has not been explicitly provided,
161 # generate it from the version number
162 self.security_counter = ((self.version.major << 24)
163 + (self.version.minor << 16)
164 + self.version.revision)
165 else:
166 self.security_counter = security_counter
167
David Brown23f91ad2017-05-16 11:38:17 -0600168 def __repr__(self):
David Vincze1a7a6902020-02-18 15:05:16 +0100169 return "<Image version={}, header_size={}, security_counter={}, \
170 base_addr={}, load_addr={}, align={}, slot_size={}, \
171 max_sectors={}, overwrite_only={}, endian={} format={}, \
172 payloadlen=0x{:x}>".format(
Fabio Utzig263d4392018-06-05 10:37:35 -0300173 self.version,
174 self.header_size,
David Vincze1a7a6902020-02-18 15:05:16 +0100175 self.security_counter,
Fabio Utzig263d4392018-06-05 10:37:35 -0300176 self.base_addr if self.base_addr is not None else "N/A",
Håkon Øye Amundsendf8c8912019-08-26 12:15:28 +0000177 self.load_addr,
Fabio Utzig263d4392018-06-05 10:37:35 -0300178 self.align,
179 self.slot_size,
180 self.max_sectors,
Fabio Utzigdcf0c9b2018-06-11 12:27:49 -0700181 self.overwrite_only,
Mark Schultea66c6872018-09-26 17:24:40 -0700182 self.endian,
Fabio Utzig263d4392018-06-05 10:37:35 -0300183 self.__class__.__name__,
184 len(self.payload))
David Brown23f91ad2017-05-16 11:38:17 -0600185
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200186 def load(self, path):
187 """Load an image from a given file"""
188 ext = os.path.splitext(path)[1][1:].lower()
Fabio Utzig1f508922020-01-15 11:37:51 -0300189 try:
190 if ext == INTEL_HEX_EXT:
191 ih = IntelHex(path)
192 self.payload = ih.tobinarray()
193 self.base_addr = ih.minaddr()
194 else:
195 with open(path, 'rb') as f:
196 self.payload = f.read()
197 except FileNotFoundError:
198 raise click.UsageError("Input file not found")
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200199
200 # Add the image header if needed.
201 if self.pad_header and self.header_size > 0:
202 if self.base_addr:
203 # Adjust base_addr for new header
204 self.base_addr -= self.header_size
Fabio Utzig9117fde2019-10-17 11:11:46 -0300205 self.payload = bytes([self.erased_val] * self.header_size) + \
206 self.payload
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200207
Fabio Utzig9a492d52020-01-15 11:31:52 -0300208 self.check_header()
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200209
Fabio Utzigedbabcf2019-10-11 13:03:37 -0300210 def save(self, path, hex_addr=None):
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200211 """Save an image from a given file"""
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200212 ext = os.path.splitext(path)[1][1:].lower()
213 if ext == INTEL_HEX_EXT:
214 # input was in binary format, but HEX needs to know the base addr
Fabio Utzigedbabcf2019-10-11 13:03:37 -0300215 if self.base_addr is None and hex_addr is None:
Fabio Utzig1f508922020-01-15 11:37:51 -0300216 raise click.UsageError("No address exists in input file "
217 "neither was it provided by user")
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200218 h = IntelHex()
Fabio Utzigedbabcf2019-10-11 13:03:37 -0300219 if hex_addr is not None:
220 self.base_addr = hex_addr
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200221 h.frombytes(bytes=self.payload, offset=self.base_addr)
Fabio Utzigedbabcf2019-10-11 13:03:37 -0300222 if self.pad:
Fabio Utzig2269f472019-10-17 11:14:33 -0300223 trailer_size = self._trailer_size(self.align, self.max_sectors,
224 self.overwrite_only,
Fabio Utzig9a492d52020-01-15 11:31:52 -0300225 self.enckey,
226 self.save_enctlv,
227 self.enctlv_len)
Fabio Utzig2269f472019-10-17 11:14:33 -0300228 trailer_addr = (self.base_addr + self.slot_size) - trailer_size
Roman Okhrimenko42b32392020-09-18 15:20:45 +0300229 padding = bytearray([self.erased_val] *
230 (trailer_size - len(boot_magic)))
231 if self.confirm and not self.overwrite_only:
232 padding[-MAX_ALIGN] = 0x01 # image_ok = 0x01
233 padding += boot_magic
234 h.puts(trailer_addr, bytes(padding))
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200235 h.tofile(path, 'hex')
236 else:
Fabio Utzigedbabcf2019-10-11 13:03:37 -0300237 if self.pad:
238 self.pad_to(self.slot_size)
Fabio Utzig7c00acd2019-01-07 09:54:20 -0200239 with open(path, 'wb') as f:
240 f.write(self.payload)
241
Fabio Utzig9a492d52020-01-15 11:31:52 -0300242 def check_header(self):
Fabio Utzigf5556c32019-10-23 11:00:27 -0300243 if self.header_size > 0 and not self.pad_header:
David Brown23f91ad2017-05-16 11:38:17 -0600244 if any(v != 0 for v in self.payload[0:self.header_size]):
Fabio Utzig9a492d52020-01-15 11:31:52 -0300245 raise click.UsageError("Header padding was not requested and "
246 "image does not start with zeros")
247
248 def check_trailer(self):
Fabio Utzig263d4392018-06-05 10:37:35 -0300249 if self.slot_size > 0:
Fabio Utzigdcf0c9b2018-06-11 12:27:49 -0700250 tsize = self._trailer_size(self.align, self.max_sectors,
Fabio Utzig9a492d52020-01-15 11:31:52 -0300251 self.overwrite_only, self.enckey,
252 self.save_enctlv, self.enctlv_len)
Fabio Utzig263d4392018-06-05 10:37:35 -0300253 padding = self.slot_size - (len(self.payload) + tsize)
254 if padding < 0:
Fabio Utzig9a492d52020-01-15 11:31:52 -0300255 msg = "Image size (0x{:x}) + trailer (0x{:x}) exceeds " \
256 "requested size 0x{:x}".format(
257 len(self.payload), tsize, self.slot_size)
258 raise click.UsageError(msg)
David Brown23f91ad2017-05-16 11:38:17 -0600259
Fabio Utzig960b4c52020-04-02 13:07:12 -0300260 def ecies_hkdf(self, enckey, plainkey):
261 if isinstance(enckey, ecdsa.ECDSA256P1Public):
262 newpk = ec.generate_private_key(ec.SECP256R1(), default_backend())
263 shared = newpk.exchange(ec.ECDH(), enckey._get_public())
264 else:
265 newpk = X25519PrivateKey.generate()
266 shared = newpk.exchange(enckey._get_public())
Fabio Utzig7a3b2602019-10-22 09:56:44 -0300267 derived_key = HKDF(
268 algorithm=hashes.SHA256(), length=48, salt=None,
269 info=b'MCUBoot_ECIES_v1', backend=default_backend()).derive(shared)
270 encryptor = Cipher(algorithms.AES(derived_key[:16]),
271 modes.CTR(bytes([0] * 16)),
272 backend=default_backend()).encryptor()
273 cipherkey = encryptor.update(plainkey) + encryptor.finalize()
274 mac = hmac.HMAC(derived_key[16:], hashes.SHA256(),
275 backend=default_backend())
276 mac.update(cipherkey)
277 ciphermac = mac.finalize()
Fabio Utzig960b4c52020-04-02 13:07:12 -0300278 if isinstance(enckey, ecdsa.ECDSA256P1Public):
279 pubk = newpk.public_key().public_bytes(
280 encoding=Encoding.X962,
281 format=PublicFormat.UncompressedPoint)
282 else:
283 pubk = newpk.public_key().public_bytes(
284 encoding=Encoding.Raw,
285 format=PublicFormat.Raw)
Fabio Utzig7a3b2602019-10-22 09:56:44 -0300286 return cipherkey, ciphermac, pubk
287
David Vinczedde178d2020-03-26 20:06:01 +0100288 def create(self, key, public_key_format, enckey, dependencies=None,
Ihor Slabkyy24d93732020-03-10 15:33:57 +0200289 sw_type=None, custom_tlvs=None):
Fabio Utzig649d80f2019-09-12 10:26:23 -0300290 self.enckey = enckey
291
David Vincze71b8f982020-03-17 19:08:12 +0100292 # Calculate the hash of the public key
293 if key is not None:
294 pub = key.get_public_bytes()
295 sha = hashlib.sha256()
296 sha.update(pub)
297 pubbytes = sha.digest()
298 else:
299 pubbytes = bytes(hashlib.sha256().digest_size)
300
David Vincze1a7a6902020-02-18 15:05:16 +0100301 protected_tlv_size = 0
302
303 if self.security_counter is not None:
304 # Size of the security counter TLV: header ('HH') + payload ('I')
305 # = 4 + 4 = 8 Bytes
306 protected_tlv_size += TLV_SIZE + 4
307
David Vincze71b8f982020-03-17 19:08:12 +0100308 if sw_type is not None:
309 if len(sw_type) > MAX_SW_TYPE_LENGTH:
310 msg = "'{}' is too long ({} characters) for sw_type. Its " \
311 "maximum allowed length is 12 characters.".format(
312 sw_type, len(sw_type))
313 raise click.UsageError(msg)
314
315 image_version = (str(self.version.major) + '.'
316 + str(self.version.minor) + '.'
317 + str(self.version.revision))
318
319 # The image hash is computed over the image header, the image
320 # itself and the protected TLV area. However, the boot record TLV
321 # (which is part of the protected area) should contain this hash
322 # before it is even calculated. For this reason the script fills
323 # this field with zeros and the bootloader will insert the right
324 # value later.
325 digest = bytes(hashlib.sha256().digest_size)
326
327 # Create CBOR encoded boot record
328 boot_record = create_sw_component_data(sw_type, image_version,
329 "SHA256", digest,
330 pubbytes)
331
332 protected_tlv_size += TLV_SIZE + len(boot_record)
333
David Vincze1a7a6902020-02-18 15:05:16 +0100334 if dependencies is not None:
335 # Size of a Dependency TLV = Header ('HH') + Payload('IBBHI')
336 # = 4 + 12 = 16 Bytes
David Vinczeda8c9192019-03-26 17:17:41 +0100337 dependencies_num = len(dependencies[DEP_IMAGES_KEY])
David Vincze1a7a6902020-02-18 15:05:16 +0100338 protected_tlv_size += (dependencies_num * 16)
339
David Vinczeb2a1a482020-09-18 11:54:30 +0200340 if custom_tlvs is not None:
Ihor Slabkyy24d93732020-03-10 15:33:57 +0200341 for value in custom_tlvs.values():
342 protected_tlv_size += TLV_SIZE + len(value)
343
David Vincze1a7a6902020-02-18 15:05:16 +0100344 if protected_tlv_size != 0:
345 # Add the size of the TLV info header
346 protected_tlv_size += TLV_INFO_SIZE
David Vinczeda8c9192019-03-26 17:17:41 +0100347
Ihor Slabkyy24d93732020-03-10 15:33:57 +0200348 # At this point the image is already on the payload
349 #
350 # This adds the padding if image is not aligned to the 16 Bytes
351 # in encrypted mode
352 if self.enckey is not None:
353 pad_len = len(self.payload) % 16
354 if pad_len > 0:
355 self.payload += bytes(16 - pad_len)
356
357 # This adds the header to the payload as well
David Vinczeda8c9192019-03-26 17:17:41 +0100358 self.add_header(enckey, protected_tlv_size)
David Brown23f91ad2017-05-16 11:38:17 -0600359
Fabio Utzig510fddb2019-09-12 12:15:36 -0300360 prot_tlv = TLV(self.endian, TLV_PROT_INFO_MAGIC)
David Brown23f91ad2017-05-16 11:38:17 -0600361
Fabio Utzig510fddb2019-09-12 12:15:36 -0300362 # Protected TLVs must be added first, because they are also included
363 # in the hash calculation
364 protected_tlv_off = None
David Vinczeda8c9192019-03-26 17:17:41 +0100365 if protected_tlv_size != 0:
David Vincze1a7a6902020-02-18 15:05:16 +0100366
367 e = STRUCT_ENDIAN_DICT[self.endian]
368
369 if self.security_counter is not None:
370 payload = struct.pack(e + 'I', self.security_counter)
371 prot_tlv.add('SEC_CNT', payload)
372
David Vincze71b8f982020-03-17 19:08:12 +0100373 if sw_type is not None:
374 prot_tlv.add('BOOT_RECORD', boot_record)
375
David Vincze1a7a6902020-02-18 15:05:16 +0100376 if dependencies is not None:
377 for i in range(dependencies_num):
378 payload = struct.pack(
379 e + 'B3x'+'BBHI',
380 int(dependencies[DEP_IMAGES_KEY][i]),
381 dependencies[DEP_VERSIONS_KEY][i].major,
382 dependencies[DEP_VERSIONS_KEY][i].minor,
383 dependencies[DEP_VERSIONS_KEY][i].revision,
384 dependencies[DEP_VERSIONS_KEY][i].build
385 )
386 prot_tlv.add('DEPENDENCY', payload)
David Vinczeda8c9192019-03-26 17:17:41 +0100387
David Vinczeb2a1a482020-09-18 11:54:30 +0200388 if custom_tlvs is not None:
389 for tag, value in custom_tlvs.items():
390 prot_tlv.add(tag, value)
Ihor Slabkyy24d93732020-03-10 15:33:57 +0200391
Fabio Utzig510fddb2019-09-12 12:15:36 -0300392 protected_tlv_off = len(self.payload)
393 self.payload += prot_tlv.get()
394
395 tlv = TLV(self.endian)
David Vinczeda8c9192019-03-26 17:17:41 +0100396
David Brown23f91ad2017-05-16 11:38:17 -0600397 # Note that ecdsa wants to do the hashing itself, which means
398 # we get to hash it twice.
399 sha = hashlib.sha256()
400 sha.update(self.payload)
401 digest = sha.digest()
402
403 tlv.add('SHA256', digest)
404
David Brown0f0c6a82017-06-08 09:26:24 -0600405 if key is not None:
David Vinczedde178d2020-03-26 20:06:01 +0100406 if public_key_format == 'hash':
407 tlv.add('KEYHASH', pubbytes)
408 else:
409 tlv.add('PUBKEY', pub)
David Brown43cda332017-09-01 09:53:23 -0600410
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300411 # `sign` expects the full image payload (sha256 done internally),
412 # while `sign_digest` expects only the digest of the payload
413
414 if hasattr(key, 'sign'):
415 sig = key.sign(bytes(self.payload))
416 else:
417 sig = key.sign_digest(digest)
David Brown0f0c6a82017-06-08 09:26:24 -0600418 tlv.add(key.sig_tlv(), sig)
David Brown23f91ad2017-05-16 11:38:17 -0600419
Fabio Utzig510fddb2019-09-12 12:15:36 -0300420 # At this point the image was hashed + signed, we can remove the
421 # protected TLVs from the payload (will be re-added later)
422 if protected_tlv_off is not None:
423 self.payload = self.payload[:protected_tlv_off]
424
Fabio Utzig06b77b82018-08-23 16:01:16 -0300425 if enckey is not None:
426 plainkey = os.urandom(16)
Fabio Utzig7a3b2602019-10-22 09:56:44 -0300427
428 if isinstance(enckey, rsa.RSAPublic):
429 cipherkey = enckey._get_public().encrypt(
430 plainkey, padding.OAEP(
431 mgf=padding.MGF1(algorithm=hashes.SHA256()),
432 algorithm=hashes.SHA256(),
433 label=None))
Fabio Utzig9a492d52020-01-15 11:31:52 -0300434 self.enctlv_len = len(cipherkey)
Fabio Utzig7a3b2602019-10-22 09:56:44 -0300435 tlv.add('ENCRSA2048', cipherkey)
Fabio Utzig960b4c52020-04-02 13:07:12 -0300436 elif isinstance(enckey, (ecdsa.ECDSA256P1Public,
437 x25519.X25519Public)):
438 cipherkey, mac, pubk = self.ecies_hkdf(enckey, plainkey)
Fabio Utzig9a492d52020-01-15 11:31:52 -0300439 enctlv = pubk + mac + cipherkey
440 self.enctlv_len = len(enctlv)
Fabio Utzig960b4c52020-04-02 13:07:12 -0300441 if isinstance(enckey, ecdsa.ECDSA256P1Public):
442 tlv.add('ENCEC256', enctlv)
443 else:
444 tlv.add('ENCX25519', enctlv)
Fabio Utzig06b77b82018-08-23 16:01:16 -0300445
446 nonce = bytes([0] * 16)
447 cipher = Cipher(algorithms.AES(plainkey), modes.CTR(nonce),
448 backend=default_backend())
449 encryptor = cipher.encryptor()
450 img = bytes(self.payload[self.header_size:])
Fabio Utzig510fddb2019-09-12 12:15:36 -0300451 self.payload[self.header_size:] = \
452 encryptor.update(img) + encryptor.finalize()
Fabio Utzig06b77b82018-08-23 16:01:16 -0300453
Fabio Utzig510fddb2019-09-12 12:15:36 -0300454 self.payload += prot_tlv.get()
455 self.payload += tlv.get()
David Brown23f91ad2017-05-16 11:38:17 -0600456
Fabio Utzig9a492d52020-01-15 11:31:52 -0300457 self.check_trailer()
458
David Vinczeda8c9192019-03-26 17:17:41 +0100459 def add_header(self, enckey, protected_tlv_size):
Fabio Utzigcd284062018-11-30 11:05:45 -0200460 """Install the image header."""
David Brown23f91ad2017-05-16 11:38:17 -0600461
David Brown0f0c6a82017-06-08 09:26:24 -0600462 flags = 0
Fabio Utzig06b77b82018-08-23 16:01:16 -0300463 if enckey is not None:
464 flags |= IMAGE_F['ENCRYPTED']
David Vincze1e0c5442020-04-07 14:12:33 +0200465 if self.load_addr != 0:
466 # Indicates that this image should be loaded into RAM
467 # instead of run directly from flash.
468 flags |= IMAGE_F['RAM_LOAD']
Dominik Ermel50820b12020-12-14 13:16:46 +0000469 if self.rom_fixed:
470 flags |= IMAGE_F['ROM_FIXED']
David Brown23f91ad2017-05-16 11:38:17 -0600471
Mark Schultea66c6872018-09-26 17:24:40 -0700472 e = STRUCT_ENDIAN_DICT[self.endian]
473 fmt = (e +
David Vinczeda8c9192019-03-26 17:17:41 +0100474 # type ImageHdr struct {
475 'I' + # Magic uint32
476 'I' + # LoadAddr uint32
477 'H' + # HdrSz uint16
478 'H' + # PTLVSz uint16
479 'I' + # ImgSz uint32
480 'I' + # Flags uint32
481 'BBHI' + # Vers ImageVersion
482 'I' # Pad1 uint32
483 ) # }
David Brown23f91ad2017-05-16 11:38:17 -0600484 assert struct.calcsize(fmt) == IMAGE_HEADER_SIZE
485 header = struct.pack(fmt,
486 IMAGE_MAGIC,
Dominik Ermel50820b12020-12-14 13:16:46 +0000487 self.rom_fixed or self.load_addr,
David Brown23f91ad2017-05-16 11:38:17 -0600488 self.header_size,
Fabio Utzig510fddb2019-09-12 12:15:36 -0300489 protected_tlv_size, # TLV Info header + Protected TLVs
490 len(self.payload) - self.header_size, # ImageSz
491 flags,
David Brown23f91ad2017-05-16 11:38:17 -0600492 self.version.major,
493 self.version.minor or 0,
494 self.version.revision or 0,
495 self.version.build or 0,
David Vinczeda8c9192019-03-26 17:17:41 +0100496 0) # Pad1
David Brown23f91ad2017-05-16 11:38:17 -0600497 self.payload = bytearray(self.payload)
498 self.payload[:len(header)] = header
499
Fabio Utzig9a492d52020-01-15 11:31:52 -0300500 def _trailer_size(self, write_size, max_sectors, overwrite_only, enckey,
501 save_enctlv, enctlv_len):
Fabio Utzig519285f2018-06-04 11:11:53 -0300502 # NOTE: should already be checked by the argument parser
Fabio Utzig649d80f2019-09-12 10:26:23 -0300503 magic_size = 16
Fabio Utzigdcf0c9b2018-06-11 12:27:49 -0700504 if overwrite_only:
Fabio Utzig649d80f2019-09-12 10:26:23 -0300505 return MAX_ALIGN * 2 + magic_size
Fabio Utzigdcf0c9b2018-06-11 12:27:49 -0700506 else:
507 if write_size not in set([1, 2, 4, 8]):
Fabio Utzig1f508922020-01-15 11:37:51 -0300508 raise click.BadParameter("Invalid alignment: {}".format(
509 write_size))
Fabio Utzigdcf0c9b2018-06-11 12:27:49 -0700510 m = DEFAULT_MAX_SECTORS if max_sectors is None else max_sectors
Fabio Utzig649d80f2019-09-12 10:26:23 -0300511 trailer = m * 3 * write_size # status area
512 if enckey is not None:
Fabio Utzig9a492d52020-01-15 11:31:52 -0300513 if save_enctlv:
514 # TLV saved by the bootloader is aligned
515 keylen = (int((enctlv_len - 1) / MAX_ALIGN) + 1) * MAX_ALIGN
516 else:
517 keylen = 16
518 trailer += keylen * 2 # encryption keys
Fabio Utzig88282802019-10-17 11:17:18 -0300519 trailer += MAX_ALIGN * 4 # image_ok/copy_done/swap_info/swap_size
Fabio Utzig649d80f2019-09-12 10:26:23 -0300520 trailer += magic_size
521 return trailer
Fabio Utzig519285f2018-06-04 11:11:53 -0300522
Fabio Utzig263d4392018-06-05 10:37:35 -0300523 def pad_to(self, size):
David Brown23f91ad2017-05-16 11:38:17 -0600524 """Pad the image to the given size, with the given flash alignment."""
Fabio Utzigdcf0c9b2018-06-11 12:27:49 -0700525 tsize = self._trailer_size(self.align, self.max_sectors,
Fabio Utzig9a492d52020-01-15 11:31:52 -0300526 self.overwrite_only, self.enckey,
527 self.save_enctlv, self.enctlv_len)
David Brown23f91ad2017-05-16 11:38:17 -0600528 padding = size - (len(self.payload) + tsize)
Henrik Brix Andersen0ce958e2020-03-11 14:04:11 +0100529 pbytes = bytearray([self.erased_val] * padding)
530 pbytes += bytearray([self.erased_val] * (tsize - len(boot_magic)))
531 if self.confirm and not self.overwrite_only:
532 pbytes[-MAX_ALIGN] = 0x01 # image_ok = 0x01
Fabio Utzige08f0872017-06-28 18:12:16 -0300533 pbytes += boot_magic
David Brown23f91ad2017-05-16 11:38:17 -0600534 self.payload += pbytes
Fabio Utzig4a5477a2019-05-27 15:45:08 -0300535
536 @staticmethod
537 def verify(imgfile, key):
538 with open(imgfile, "rb") as f:
539 b = f.read()
540
541 magic, _, header_size, _, img_size = struct.unpack('IIHHI', b[:16])
Marek Pietae9555102019-08-08 16:08:16 +0200542 version = struct.unpack('BBHI', b[20:28])
543
Fabio Utzig4a5477a2019-05-27 15:45:08 -0300544 if magic != IMAGE_MAGIC:
Casper Meijn2a01f3f2020-08-22 13:51:40 +0200545 return VerifyResult.INVALID_MAGIC, None, None
Fabio Utzig4a5477a2019-05-27 15:45:08 -0300546
547 tlv_info = b[header_size+img_size:header_size+img_size+TLV_INFO_SIZE]
548 magic, tlv_tot = struct.unpack('HH', tlv_info)
549 if magic != TLV_INFO_MAGIC:
Casper Meijn2a01f3f2020-08-22 13:51:40 +0200550 return VerifyResult.INVALID_TLV_INFO_MAGIC, None, None
Fabio Utzig4a5477a2019-05-27 15:45:08 -0300551
552 sha = hashlib.sha256()
553 sha.update(b[:header_size+img_size])
554 digest = sha.digest()
555
556 tlv_off = header_size + img_size
557 tlv_end = tlv_off + tlv_tot
558 tlv_off += TLV_INFO_SIZE # skip tlv info
559 while tlv_off < tlv_end:
560 tlv = b[tlv_off:tlv_off+TLV_SIZE]
561 tlv_type, _, tlv_len = struct.unpack('BBH', tlv)
562 if tlv_type == TLV_VALUES["SHA256"]:
563 off = tlv_off + TLV_SIZE
564 if digest == b[off:off+tlv_len]:
565 if key is None:
Casper Meijn2a01f3f2020-08-22 13:51:40 +0200566 return VerifyResult.OK, version, digest
Fabio Utzig4a5477a2019-05-27 15:45:08 -0300567 else:
Casper Meijn2a01f3f2020-08-22 13:51:40 +0200568 return VerifyResult.INVALID_HASH, None, None
Fabio Utzig4a5477a2019-05-27 15:45:08 -0300569 elif key is not None and tlv_type == TLV_VALUES[key.sig_tlv()]:
570 off = tlv_off + TLV_SIZE
571 tlv_sig = b[off:off+tlv_len]
572 payload = b[:header_size+img_size]
573 try:
Fabio Utzig8101d1f2019-05-09 15:03:22 -0300574 if hasattr(key, 'verify'):
575 key.verify(tlv_sig, payload)
576 else:
577 key.verify_digest(tlv_sig, digest)
Casper Meijn2a01f3f2020-08-22 13:51:40 +0200578 return VerifyResult.OK, version, digest
Fabio Utzig4a5477a2019-05-27 15:45:08 -0300579 except InvalidSignature:
580 # continue to next TLV
581 pass
582 tlv_off += TLV_SIZE + tlv_len
Casper Meijn2a01f3f2020-08-22 13:51:40 +0200583 return VerifyResult.INVALID_SIGNATURE, None, None