WIP: feat/checksum (#10)

add checksum functionality
dmitrystu · Aug 30, 2019 · 2a9cafc · 2a9cafc
1 parent be4a76e
commit 2a9cafc
Show file tree

Hide file tree

Showing 20 changed files with 510 additions and 69 deletions.
diff --git a/Makefile b/Makefile
@@ -25,7 +25,7 @@ LDPARAMS   ?= ROMLEN=64K RAMLEN=8K
 
 #sources
 CRYPT_SRC   = src/arc4.c src/chacha.c src/gost.c src/raiden.c src/rc5.c src/speck.c
-CRYPT_SRC  += src/xtea.c src/blowfish.c src/rtea.c
+CRYPT_SRC  += src/xtea.c src/blowfish.c src/rtea.c src/checksum.c
 FW_SRC      = $(CRYPT_SRC) $(FWSTARTUP) src/descriptors.c src/bootloader.c src/rc5a.S src/chacha_a.S
 SW_SRC      = $(CRYPT_SRC) src/encrypter.c
 

diff --git a/config.h b/config.h
@@ -1,4 +1,4 @@
-/* This file is the part of the STM32 secure bootloader
+/* This file is the part of the STM32 secure bootloader
  *
  * Copyright ©2016 Dmitry Filimonchuk <dmitrystu[at]gmail[dot]com>
  *
@@ -35,6 +35,13 @@
 #define DFU_CIPHER_XTEA1    19  /* XTEA-1 block cipher in CBC mode */
 #define DFU_CIPHER_BLOWFISH 20  /* Blowfish block cipher in CBC mode */
 #define DFU_CIPHER_RTEA     21  /* Ruptor's TEA or Repaired TEA in CBC mode */
+/** Checksum definitions. */
+#define CRC32FAST           1   /* Lookup table based crc32 algorithm, consumes 1Kb of RAM for the table */
+#define CRC32SMALL          2   /* Permutation based crc32 algorithm, no lookup table required but slower */
+#define FNV1A32             3   /* Fowler–Noll–Vo 32 bit Hash */
+#define FNV1A64             4   /* Fowler–Noll–Vo 64 bit Hash */
+#define CRC64FAST           5   /* Lookup table based crc64 algorithm, consumes 2Kb of RAM for the table */
+#define CRC64SMALL          6   /* Permutation based crc32 algorithm, no lookup table required but extremly slow */
 
 /* CONFIG STARTS HERE */
 /* Skip unwanted dfuDNLOAD_SYNC phase. Slightly improve speed, but don't meets DFU1.1 state diagram */
@@ -45,6 +52,8 @@
 #define DFU_CAN_UPLOAD      _ENABLE
 /** Handle DFU_DETACH request in DFU mode. System reset will be issued. */
 #define DFU_DETACH          _ENABLE
+/** Whether application image is verified by a checksum algorithm */
+#define DFU_VERIFY_CHECKSUM _DISABLE
 /** Memory Readout Protection level **/
 #define DFU_SEAL_LEVEL      0
 /* USB VID */

diff --git a/inc/checksum.h b/inc/checksum.h
@@ -0,0 +1,35 @@
+/* This file is the part of the STM32 secure bootloader
+ *
+ * Copyright ©2016 Dmitry Filimonchuk <dmitrystu[at]gmail[dot]com>
+ * Copyright 2019 by Tsien (UK) Ltd.
+ *
+ * Author: Adrian Carpenter <tech[at]tsien[dot]com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef _CHECKSUM_H_
+#define _CHECKSUM_H_
+#if defined(__cplusplus)
+    extern "C" {
+#endif
+
+#include "config.h"
+
+const char *checksum_name;
+size_t append_checksum(void *data, uint32_t len);
+size_t validate_checksum(const void *data, uint32_t len);
+
+#if defined(__cplusplus)
+    }
+#endif
+#endif // _CHECKSUM_H_
diff --git a/inc/getopt.h b/inc/getopt.h
@@ -0,0 +1,94 @@
+/* A minimal POSIX getopt() implementation in ANSI C
+ *
+ * This is free and unencumbered software released into the public domain.
+ *
+ * This implementation supports the convention of resetting the option
+ * parser by assigning optind to 0. This resets the internal state
+ * appropriately.
+ *
+ * Ref: http://pubs.opengroup.org/onlinepubs/9699919799/functions/getopt.html
+ */
+#ifndef GETOPT_H
+#define GETOPT_H
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+
+static int optind = 1;
+static int opterr = 1;
+static int optopt;
+static char *optarg;
+
+static int
+getopt(int argc, char *const argv[], const char *optstring)
+{
+    static int optpos = 1;
+    const char *arg;
+    (void)argc;
+
+    /* Reset? */
+    if (optind == 0)
+    {
+        optind = 1;
+        optpos = 1;
+    }
+
+    arg = argv[optind];
+    if (arg && strcmp(arg, "--") == 0)
+    {
+        optind++;
+        return -1;
+    }
+    else if (!arg || arg[0] != '-' || !isalnum(arg[1]))
+    {
+        return -1;
+    }
+    else
+    {
+        const char *opt = strchr(optstring, arg[optpos]);
+        optopt = arg[optpos];
+        if (!opt)
+        {
+            if (opterr && *optstring != ':')
+                fprintf(stderr, "%s: illegal option: %c\n", argv[0], optopt);
+            return '?';
+        }
+        else if (opt[1] == ':')
+        {
+            if (arg[optpos + 1])
+            {
+                optarg = (char *)arg + optpos + 1;
+                optind++;
+                optpos = 1;
+                return optopt;
+            }
+            else if (argv[optind + 1])
+            {
+                optarg = (char *)argv[optind + 1];
+                optind += 2;
+                optpos = 1;
+                return optopt;
+            }
+            else
+            {
+                if (opterr && *optstring != ':')
+                    fprintf(stderr,
+                            "%s: option requires an argument: %c\n",
+                            argv[0], optopt);
+                return *optstring == ':' ? ':' : '?';
+            }
+        }
+        else
+        {
+            if (!arg[++optpos])
+            {
+                optind++;
+                optpos = 1;
+            }
+            return optopt;
+        }
+    }
+}
+
+#endif
diff --git a/ldscript.mk b/ldscript.mk
@@ -1,4 +1,4 @@
-# This file is the part of the STM32 secure bootloader
+# This file is the part of the STM32 secure bootloader
 #
 # Copyright ©2016 Dmitry Filimonchuk <dmitrystu[at]gmail[dot]com>
 #

diff --git a/mcu/stm32f103.S b/mcu/stm32f103.S
@@ -198,6 +198,15 @@ Reset_Handler:
     strb    r2, [r0, #RCC_APB2RSTR]
     strb    r2, [r0, #RCC_APB2ENR]
     cbz     r4, .L_start_boot
+
+#if (DFU_VERIFY_CHECKSUM != _DISABLE)
+    ldr     r0, =#_APP_START
+    ldr     r1, =__romend
+    sub     r1, r0
+    bl      validate_checksum
+    cbz     r0, .L_start_boot
+#endif
+
 /* jump to user section */
     ldr     r0, =#_APP_START
     ldr     r1, =#SCB

diff --git a/mcu/stm32f105.S b/mcu/stm32f105.S
@@ -1,4 +1,4 @@
-#include "../config.h"
+#include "config.h"
 #define FLASH_R_BASE    0x40022000
 #define FLASH_ACR       0x00
 #define FLASH_KEYR      0x04
@@ -183,7 +183,15 @@ Reset_Handler:
     strb    r2, [r0, #RCC_APB2RSTR]
     strb    r2, [r0, #RCC_APB2ENR]
     cbz     r4, .L_start_boot
-.L_jump_to_app:
+
+#if (DFU_VERIFY_CHECKSUM != _DISABLE)
+    ldr     r0, =#_APP_START
+    ldr     r1, =__romend
+    sub     r1, r0
+    bl      validate_checksum
+    cbz     r0, .L_start_boot
+#endif
+
 /* jump to user section */
     ldr     r0, =#_APP_START
     ldr     r1, =#SCB

diff --git a/mcu/stm32f303.S b/mcu/stm32f303.S
@@ -1,4 +1,4 @@
-#include "../config.h"
+#include "config.h"
 #define FLASH_R_BASE    0x40022000
 #define FLASH_ACR       0x00
 #define FLASH_KEYR      0x04
@@ -205,6 +205,15 @@ Reset_Handler:
     strb    r2, [r0, #RCC_AHBRSTR + 0x02]
     strb    r2, [r0, #RCC_AHBENR + 0x02]
     cbz     r4, .L_start_boot
+
+#if (DFU_VERIFY_CHECKSUM != _DISABLE)
+    ldr     r0, =#_APP_START
+    ldr     r1, =__romend
+    sub     r1, r0
+    bl      validate_checksum
+    cbz     r0, .L_start_boot
+#endif
+
 /* jump to user section */
     ldr     r0, =#_APP_START
     ldr     r1, =#SCB

diff --git a/mcu/stm32f4xx.S b/mcu/stm32f4xx.S
@@ -111,7 +111,6 @@ __isr_vector:
 /* Peripheral interrupts are not used */
     .size    __isr_vector, . - __isr_vector
 
-
     .section    .text
     .thumb_func
     .globl  Reset_Handler
@@ -188,6 +187,14 @@ Reset_Handler:
     cbz     r4, .L_start_boot
 #endif
 
+#if (DFU_VERIFY_CHECKSUM != _DISABLE)
+    ldr     r0, =#_APP_START
+    ldr     r1, =__romend
+    sub     r1, r0
+    bl      validate_checksum
+    cbz     r0, .L_start_boot
+#endif
+
 /* jump to user section */
     ldr     r0, =#_APP_START
     ldr     r1, =#SCB

diff --git a/mcu/stm32l0xx.S b/mcu/stm32l0xx.S
@@ -1,4 +1,4 @@
-#include "../config.h"
+#include "config.h"
 #define FLASH_R_BASE    0x40022000
 #define FLASH_ACR       0x00
 #define FLASH_PECR      0x04
@@ -192,6 +192,15 @@ Reset_Handler:
     beq     .L_start_boot
 #endif
 
+#if (DFU_VERIFY_CHECKSUM != _DISABLE)
+    ldr     r0, =#_APP_START
+    ldr     r1, =#__romend
+    subs    r1, r0
+    bl      validate_checksum
+    tst     r0, r0
+    beq     .L_start_boot
+#endif
+
 /* jump to user section */
     ldr     r0, =#_APP_START
     ldr     r1, =#SCB

diff --git a/mcu/stm32l1xx.S b/mcu/stm32l1xx.S
@@ -1,4 +1,4 @@
-#include "../config.h"
+#include "config.h"
 #define FLASH_R_BASE    0x40023C00
 #define FLASH_ACR       0x00
 #define FLASH_PECR      0x04
@@ -186,6 +186,14 @@ Reset_Handler:
     cbz     r4, .L_start_boot
 #endif
 
+#if (DFU_VERIFY_CHECKSUM != _DISABLE)
+    ldr     r0, =#_APP_START
+    ldr     r1, =__romend
+    sub     r1, r0
+    bl      validate_checksum
+    cbz     r0, .L_start_boot
+#endif
+
 /* jump to user section */
     ldr     r0, =#_APP_START
     ldr     r1, =#SCB

diff --git a/mcu/stm32l4xx.S b/mcu/stm32l4xx.S
@@ -106,7 +106,6 @@ __isr_vector:
 /* Peripheral interrupts are not used */
     .size    __isr_vector, . - __isr_vector
 
-
     .section    .text
     .thumb_func
     .globl  Reset_Handler
@@ -183,6 +182,14 @@ Reset_Handler:
     cbz     r4, .L_start_boot
 #endif
 
+#if (DFU_VERIFY_CHECKSUM != _DISABLE)
+    ldr     r0, =#_APP_START
+    ldr     r1, =__romend
+    sub     r1, r0
+    bl      validate_checksum
+    cbz     r0, .L_start_boot
+#endif
+
 /* jump to user section */
     ldr     r0, =#_APP_START
     ldr     r1, =#SCB
@@ -280,8 +287,6 @@ _default_handler:
     def_irq_handler    PendSV_Handler
     def_irq_handler    SysTick_Handler
 
-
-
 /* using RAM for this functions */
     .section .data
     .align 2
@@ -392,7 +397,6 @@ wait_flash_ready:
     bx      lr
     .size wait_flash_ready, . - wait_flash_ready
 
-
 #if (DFU_SEAL_LEVEL != 0)
     .thumb_func
     .globl seal_flash

diff --git a/src/chacha.c b/src/chacha.c
@@ -18,6 +18,7 @@
  */
 
 #include <stdint.h>
+#include <string.h>
 #include "misc.h"
 #include "config.h"
 #include "chacha.h"
@@ -58,7 +59,7 @@ static void Qround (uint32_t *s, uint32_t abcd) {
 }
 
 static void chacha_block() {
-    __memcpy(state, inits, sizeof(state));
+    memcpy(state, inits, sizeof(state));
     for (int i = 0; i < 10; i++) {
         QR(state, 0, 4,  8, 12);
         QR(state, 1, 5,  9, 13);
@@ -72,7 +73,7 @@ static void chacha_block() {
 }
 
 void chacha_init(void) {
-    __memcpy(inits, _key, sizeof(inits));
+    memcpy(inits, _key, sizeof(inits));
 }
 
 void chacha_crypt(uint32_t *out, const uint32_t *in, int32_t bytes) {