diff --git a/options.mk b/options.mk index 4ca0735a9..7184ed67c 100644 --- a/options.mk +++ b/options.mk @@ -843,3 +843,12 @@ endif ifeq ($(SIGN_ALG),ext_LMS) SIGN_ALG=LMS endif + +ifneq ($(KEYVAULT_OBJ_SIZE),) + CFLAGS+=-DKEYVAULT_OBJ_SIZE=$(KEYVAULT_OBJ_SIZE) +endif + +ifneq ($(KEYVAULT_MAX_ITEMS),) + CFLAGS+=-DKEYVAULT_MAX_ITEMS=$(KEYVAULT_MAX_ITEMS) +endif + diff --git a/src/image.c b/src/image.c index ded512658..fba364a4b 100644 --- a/src/image.c +++ b/src/image.c @@ -26,6 +26,9 @@ #ifndef IMAGE_H_ #define IMAGE_H_ +#ifdef UNIT_TEST +#include +#endif #include /* for wolfCrypt hash/sign routines */ #include diff --git a/src/libwolfboot.c b/src/libwolfboot.c index 52025da89..f69925b49 100644 --- a/src/libwolfboot.c +++ b/src/libwolfboot.c @@ -1504,13 +1504,13 @@ ChaCha chacha; int RAMFUNCTION chacha_init(void) { #if defined(MMU) || defined(UNIT_TEST) - uint8_t *key = ENCRYPT_KEY; + const uint8_t *key = ENCRYPT_KEY; #else - uint8_t *key = (uint8_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + + const uint8_t *key = (uint8_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + ENCRYPT_TMP_SECRET_OFFSET); #endif uint8_t ff[ENCRYPT_KEY_SIZE]; - uint8_t* stored_nonce; + const uint8_t* stored_nonce; #ifdef NVM_FLASH_WRITEONCE key -= WOLFBOOT_SECTOR_SIZE * nvm_select_fresh_sector(PART_BOOT); diff --git a/src/pkcs11_store.c b/src/pkcs11_store.c index 2c25f262a..6c52c4154 100644 --- a/src/pkcs11_store.c +++ b/src/pkcs11_store.c @@ -1,6 +1,6 @@ /* pkcs11_store.c * - * Copyright (C) 2023 wolfSSL Inc. + * Copyright (C) 2024 wolfSSL Inc. * * This file is part of wolfBoot. * @@ -20,7 +20,6 @@ */ - #include #include @@ -34,14 +33,13 @@ #include #include -extern uint32_t *_flash_keyvault; /* From linker script: origin of vault flash */ -extern uint32_t *_flash_keyvault_size; /* From linker script: size of vault */ - -extern unsigned int _start_heap; /* From linker script: heap memory */ -extern unsigned int _heap_size; /* From linker script: heap limit */ +#ifndef KEYVAULT_OBJ_SIZE + #define KEYVAULT_OBJ_SIZE 0x1000 /* 4KB per object */ +#endif -#define KEYVAULT_OBJ_SIZE 0x1000 /* 4KB per object */ -#define KEYVAULT_MAX_ITEMS 0x18 /* Total memory: 0x18000, 24 items */ +#ifndef KEYVAULT_MAX_ITEMS + #define KEYVAULT_MAX_ITEMS 0x17 /* Total memory: 0x18000, 22 items + 2 sector overhead */ +#endif /* Internal errors from wolfPKCS11 */ #define PIN_INVALID_E -1 @@ -55,11 +53,16 @@ extern unsigned int _heap_size; /* From linker script: heap limit */ #define LOGGED_IN_E -9 #define OBJ_COUNT_E -10 + +#ifndef UNIT_TEST +extern uint32_t *_flash_keyvault; /* From linker script: origin of vault flash */ static uint8_t *vault_base = (uint8_t *)&_flash_keyvault; -static int vault_idx = -1; +/* Back-end for malloc, used by wolfPKCS11 */ + +extern unsigned int _start_heap; /* From linker script: heap memory */ +extern unsigned int _heap_size; /* From linker script: heap limit */ -/* Back-end for malloc, used for token handling */ void * _sbrk(unsigned int incr) { static unsigned char *heap = (unsigned char *)&_start_heap; @@ -78,133 +81,452 @@ void * _sbrk(unsigned int incr) } return old_heap; } +#endif + +static int vault_idx = -1; struct obj_hdr { uint32_t token_id; uint32_t object_id; - int type; - uint32_t off; + int32_t type; + uint32_t pos; uint32_t size; + uint32_t __pad[3]; }; -#define STORE_PRIV_HDR_SIZE 16 +#define STORE_PRIV_HDR_SIZE 0x20 +#define STORE_PRIV_HDR_OFFSET 0x80 +#define PKCS11_INVALID_ID 0xFFFFFFFF -struct store_object -{ - struct obj_hdr hdr; - int vault_idx; - int read; +#define BITMAP_OFFSET (4) +#define BITMAP_SIZE (KEYVAULT_MAX_ITEMS / 8 + 1) + +#if (BITMAP_SIZE > (STORE_PRIV_HDR_OFFSET - 4)) + #error Too many keyvault items +#endif + +/* This spells "PKCS" */ +#ifndef BIG_ENDIAN_ORDER + #define VAULT_HEADER_MAGIC 0x53434B50 +#else + #define VAULT_HEADER_MAGIC 0x504B4353 +#endif + +#define MAX_OPEN_STORES 16 + +struct store_handle { + uint32_t flags; + uint32_t pos; + void *buffer; + struct obj_hdr *hdr; + uint32_t in_buffer_offset; }; -static struct store_object *vault_descriptors[KEYVAULT_MAX_ITEMS]; +#define STORE_FLAGS_OPEN (1 << 0) +#define STORE_FLAGS_READONLY (1 << 1) + +static struct store_handle openstores_handles[MAX_OPEN_STORES] = {}; + +static uint8_t cached_sector[WOLFBOOT_SECTOR_SIZE]; + +static void bitmap_put(uint32_t pos, int val) +{ + uint32_t octet = pos / 8; + uint32_t bit = pos % 8; + uint8_t *bitmap = cached_sector + sizeof(uint32_t); + + if (val != 0) { + bitmap[octet] |= (1 << bit); + } else { + bitmap[octet] &= ~(1 << bit); + } +} + +static int bitmap_get(uint32_t pos) +{ + uint32_t octet = pos / 8; + uint32_t bit = pos % 8; + uint8_t *bitmap = vault_base + sizeof(uint32_t); + return (bitmap[octet] & (1 << bit)) >> bit; +} + +static int bitmap_find_free_pos(void) +{ + int i, j; + for (i = 0; i < KEYVAULT_MAX_ITEMS; i++) { + if (bitmap_get(i) == 0) + return i; + } + return -1; +} + +/* A table with nodes is stored at the beginning of the keyvault + * - 4 B: Magic (spells "PKCS" when the vault is initialized) + * - N B: bitmap (N = KEYVAULT_MAX_ITEMS / 8 + 1) + * + * At byte 0x80: + * - Start of the obj hdr structures array + */ + +#define NODES_TABLE ( (struct obj_hdr *)(vault_base + STORE_PRIV_HDR_OFFSET) ) + +/* A backup sector immediately after the header sector */ + +#define BACKUP_SECTOR_ADDRESS (vault_base + WOLFBOOT_SECTOR_SIZE) + +static void cache_commit(uint32_t offset) +{ + hal_flash_unlock(); + + + /* Write backup sector first */ + hal_flash_erase((uintptr_t)BACKUP_SECTOR_ADDRESS, WOLFBOOT_SECTOR_SIZE); + hal_flash_write((uintptr_t)BACKUP_SECTOR_ADDRESS, cached_sector, WOLFBOOT_SECTOR_SIZE); + + /* Erase + write actual destination sector */ + hal_flash_erase((uintptr_t)vault_base + offset, WOLFBOOT_SECTOR_SIZE); + hal_flash_write((uintptr_t)vault_base + offset, cached_sector, WOLFBOOT_SECTOR_SIZE); + + hal_flash_lock(); +} + +static void restore_backup(uint32_t offset) +{ + hal_flash_unlock(); + /* Erase + copy from backup */ + hal_flash_erase((uintptr_t)vault_base + offset, WOLFBOOT_SECTOR_SIZE); + hal_flash_write((uintptr_t)vault_base + offset, BACKUP_SECTOR_ADDRESS, + WOLFBOOT_SECTOR_SIZE); + hal_flash_lock(); +} + +static void check_vault(void) +{ + uint32_t *magic = (uint32_t *)vault_base; + uint32_t total_vault_size = KEYVAULT_MAX_ITEMS * KEYVAULT_OBJ_SIZE; + + if ((total_vault_size % WOLFBOOT_SECTOR_SIZE) != 0) + total_vault_size = (total_vault_size / WOLFBOOT_SECTOR_SIZE) * WOLFBOOT_SECTOR_SIZE + WOLFBOOT_SECTOR_SIZE; + + if (*magic != VAULT_HEADER_MAGIC) { + uint32_t *magic = (uint32_t *)BACKUP_SECTOR_ADDRESS; + if (*magic == VAULT_HEADER_MAGIC) { + restore_backup(0); + return; + } + memset(cached_sector, 0xFF, WOLFBOOT_SECTOR_SIZE); + magic = (uint32_t *)cached_sector; + *magic = VAULT_HEADER_MAGIC; + memset(cached_sector + sizeof(uint32_t), 0x00, BITMAP_SIZE); + cache_commit(0); + hal_flash_unlock(); + hal_flash_erase((uintptr_t)vault_base + WOLFBOOT_SECTOR_SIZE * 2, total_vault_size); + hal_flash_lock(); + } +} + +static void delete_object(int32_t type, uint32_t tok_id, uint32_t obj_id) +{ + struct obj_hdr *hdr = (struct obj_hdr *)cached_sector; + check_vault(); + memcpy(cached_sector, vault_base, WOLFBOOT_SECTOR_SIZE); + + while ((uintptr_t)hdr < ((uintptr_t)cached_sector + WOLFBOOT_SECTOR_SIZE)) { + if ((hdr->token_id == tok_id) && (hdr->object_id == obj_id) && + (hdr->type == type)) { + hdr->token_id = PKCS11_INVALID_ID; + hdr->object_id = PKCS11_INVALID_ID; + bitmap_put(hdr->pos, 0); + cache_commit(0); + return; + } + hdr++; + } +} + +/* Returns a pointer to the selected object in flash. + * NULL is OK here as error return value, even if the keystore + * started at physical 0x0000 0000, the buffers are stored from sector + * 2 onwards. + */ +static uint8_t *find_object_buffer(int32_t type, uint32_t tok_id, uint32_t obj_id) +{ + struct obj_hdr *hdr = NODES_TABLE; + uint32_t *tok_obj_stored = NULL; + while ((uintptr_t)hdr < ((uintptr_t)NODES_TABLE + WOLFBOOT_SECTOR_SIZE)) { + if ((hdr->token_id == tok_id) && (hdr->object_id == obj_id) + && (hdr->type == type)) { + tok_obj_stored = (uint32_t *) (vault_base + (2 * WOLFBOOT_SECTOR_SIZE) + (hdr->pos * KEYVAULT_OBJ_SIZE)); + if ((tok_obj_stored[0] != tok_id) || (tok_obj_stored[1] != obj_id)) { + /* Id's don't match. Try backup sector. */ + uint32_t in_sector_off = (hdr->pos * KEYVAULT_OBJ_SIZE) % + WOLFBOOT_SECTOR_SIZE; + uint32_t sector_base = hdr->pos * KEYVAULT_OBJ_SIZE + + 2 * WOLFBOOT_SECTOR_SIZE - in_sector_off; + tok_obj_stored = (uint32_t *)((BACKUP_SECTOR_ADDRESS + in_sector_off)); + if ((tok_obj_stored[0] == tok_id) && (tok_obj_stored[1] == obj_id)) { + /* Found backup! restoring... */ + restore_backup(sector_base); + } else { + delete_object(type, tok_id, obj_id); + return NULL; /* Cannot recover object payload */ + } + } + /* Object is now OK */ + return vault_base + 2 * WOLFBOOT_SECTOR_SIZE + hdr->pos * KEYVAULT_OBJ_SIZE; + } + hdr++; + } + return NULL; /* object not found */ +} + +static struct obj_hdr *find_object_header(int32_t type, uint32_t tok_id, + uint32_t obj_id) +{ + struct obj_hdr *hdr = NODES_TABLE; + uint32_t *tok_obj_stored = NULL; + while ((uintptr_t)hdr < ((uintptr_t)NODES_TABLE + WOLFBOOT_SECTOR_SIZE)) { + if ((hdr->token_id == tok_id) && (hdr->object_id == obj_id) + && (hdr->type == type)) { + return hdr; + } + hdr++; + } + return NULL; +} + +static struct obj_hdr *create_object(int32_t type, uint32_t tok_id, uint32_t obj_id) +{ + struct obj_hdr *hdr = NULL; + uint32_t *tok_obj_id; + /* Refuse to create an object that's already in store */ + if (find_object_buffer(type, tok_id, obj_id) != NULL) { + return NULL; + } + + /* Caching sector 0 */ + memcpy(cached_sector, vault_base , WOLFBOOT_SECTOR_SIZE); + hdr = (struct obj_hdr *)(cached_sector + STORE_PRIV_HDR_OFFSET); + while ((uintptr_t)hdr < ((uintptr_t)cached_sector + WOLFBOOT_SECTOR_SIZE)) { + if (hdr->token_id == PKCS11_INVALID_ID) { + uint32_t sector_base, in_sector_off; + int pos = bitmap_find_free_pos(); + if (pos < 0) { + return NULL; + } + hdr->pos = (unsigned)pos; + in_sector_off = (hdr->pos * KEYVAULT_OBJ_SIZE) % + WOLFBOOT_SECTOR_SIZE; + sector_base = hdr->pos * KEYVAULT_OBJ_SIZE + + 2 * WOLFBOOT_SECTOR_SIZE - in_sector_off; + /* Claim the spot in the table */ + hdr->token_id = tok_id; + hdr->object_id = obj_id; + hdr->type = type; + /* Set vault initial size to eight bytes (this includes the + * tok/obj id at the beginning of the buffer, before the + * payload). When an object is opened, the initial 'in_buffer_offset' + * is set to 8 as well. + */ + hdr->size = 2 * sizeof(uint32_t); + /* Set the bit to claim the position in flash */ + bitmap_put(hdr->pos, 1); + cache_commit(0); + /* Mark the beginning of the object in the sector, + * write the tok/obj ids + */ + memcpy(cached_sector, vault_base + sector_base, + WOLFBOOT_SECTOR_SIZE); + tok_obj_id = (void*)(cached_sector + in_sector_off); + tok_obj_id[0] = tok_id; + tok_obj_id[1] = obj_id; + cache_commit(sector_base); + /* Return the address of the header in flash */ + return (struct obj_hdr *)(vault_base + ((uint8_t *)hdr - (uint8_t *)cached_sector)); + } + hdr++; + } + return NULL; /* No space left in the nodes table */ +} +static void update_store_size(struct obj_hdr *hdr, uint32_t size) +{ + uint32_t off; + struct obj_hdr *hdr_mem; + if (((uint8_t *)hdr) < vault_base || + ((uint8_t *)hdr > vault_base + WOLFBOOT_SECTOR_SIZE)) + return; + check_vault(); + off = (uintptr_t)hdr - (uintptr_t)vault_base; + memcpy(cached_sector, vault_base, WOLFBOOT_SECTOR_SIZE); + hdr_mem = (struct obj_hdr *)(cached_sector + off); + hdr_mem->size = size; + cache_commit(0); +} + +/* Find a free handle in openstores_handles[] array + * to manage the interaction with the API. + * + * A maximum of MAX_OPEN_STORES objects can be opened + * at the same time. + */ +static struct store_handle *find_free_handle(void) +{ + int i; + for (i = 0; i < MAX_OPEN_STORES; i++) { + if ((openstores_handles[i].flags & STORE_FLAGS_OPEN) == 0) + return &openstores_handles[i]; + } + return NULL; +} int wolfPKCS11_Store_Open(int type, CK_ULONG id1, CK_ULONG id2, int read, void** store) { unsigned int i; - unsigned int found = 0; - struct obj_hdr *hdr; - struct store_object *obj; - - for (i = 1; i < KEYVAULT_MAX_ITEMS; i++) { - hdr = (struct obj_hdr*)(vault_base + i * KEYVAULT_OBJ_SIZE); - if ((type == hdr->type) && (id1 == hdr->token_id) && - (id2 == hdr->object_id)) { - found = i; - break; - } + struct store_handle *handle; + uint8_t *buf; + struct obj_hdr *hdr = NULL; + + + /* Check if there is one handle available to open the slot */ + handle = find_free_handle(); + if (!handle) { + *store = NULL; + return SESSION_COUNT_E; } - if ((!found) && read) { + + /* Check if the target object exists */ + check_vault(); + buf = find_object_buffer(type, id1, id2); + if ((buf == NULL) && read) { *store = NULL; return NOT_AVAILABLE_E; - } else if (found) { - *store = vault_descriptors[found]; - obj = vault_descriptors[found]; - memcpy(&obj->hdr, vault_base + found * KEYVAULT_OBJ_SIZE, sizeof(struct obj_hdr)); - obj->vault_idx = found; - obj->read = read; - } else if ((!found) && (!read)) { - if (vault_idx++ >= KEYVAULT_MAX_ITEMS) { - vault_idx--; + } + + if ((buf == NULL) && (!read)) { + handle->hdr = create_object(type, id1, id2); + if (handle->hdr == NULL) { *store = NULL; return FIND_FULL_E; + } - obj = XMALLOC(sizeof(struct store_object), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!obj) + buf = find_object_buffer(type, id1, id2); + if (!buf) { + *store = NULL; return NOT_AVAILABLE_E; - vault_descriptors[vault_idx] = obj; - hdr = (struct obj_hdr *)obj; - obj->vault_idx = vault_idx; - obj->hdr.type = type; - obj->hdr.token_id = id1; - obj->hdr.object_id = id2; - obj->hdr.size = 0; - obj->read = 0; - hal_flash_unlock(); - hal_flash_erase((uint32_t)(vault_base + vault_idx * KEYVAULT_OBJ_SIZE), - KEYVAULT_OBJ_SIZE); - hal_flash_write((uint32_t)(vault_base + vault_idx * KEYVAULT_OBJ_SIZE), (void *)obj, - sizeof(struct obj_hdr)); - hal_flash_lock(); - *store = obj; + } + } else { /* buf != NULL, readonly */ + handle->hdr = find_object_header(type, id1, id2); + if (!handle->hdr) { + *store = NULL; + return NOT_AVAILABLE_E; + } + } + + /* Set the position of the buffer in the handle */ + handle->buffer = buf; + handle->pos = (((uintptr_t)buf) - (uintptr_t)vault_base) / KEYVAULT_OBJ_SIZE; + /* Set the 'open' flag */ + handle->flags |= STORE_FLAGS_OPEN; + + /* Set the 'readonly' flag in this handle if open with 'r' */ + if (read) + handle->flags |= STORE_FLAGS_READONLY; + else { + handle->flags &= ~STORE_FLAGS_READONLY; + /* Truncate the slot when opening in write mode */ + update_store_size(handle->hdr, 2 * sizeof(uint32_t)); } - hdr->off = 0; + + + /* Set start of the buffer after the tok/obj id fields */ + handle->in_buffer_offset = (2 * sizeof(uint32_t)); + *store = handle; return 0; } void wolfPKCS11_Store_Close(void* store) { - struct store_object *obj = store; - vault_descriptors[obj->vault_idx] = NULL; - XFREE(obj, NULL, DYNAMIC_TYPE_TMP_BUFFER); + struct store_handle *handle = store; + /* This removes all flags (including STORE_FLAGS_OPEN) */ + handle->flags = 0; + handle->hdr = NULL; } int wolfPKCS11_Store_Read(void* store, unsigned char* buffer, int len) { - struct store_object *obj = store; - if ((uint32_t)len + obj->hdr.off > obj->hdr.size) { - len = obj->hdr.size - obj->hdr.off; - } + struct store_handle *handle = store; + uint32_t *tok_obj_id; + uint32_t obj_size = 0; + if ((handle == NULL) || (handle->hdr == NULL) || (handle->buffer == NULL)) + return -1; + + tok_obj_id = (uint32_t *)handle->buffer; + obj_size = handle->hdr->size; + if (obj_size > KEYVAULT_OBJ_SIZE) + return -1; + + if (handle->in_buffer_offset >= obj_size) + return 0; /* "EOF" */ + + /* Truncate len to actual available bytes */ + if (handle->in_buffer_offset + len > obj_size) + len = (obj_size - handle->in_buffer_offset); + if (len > 0) { - memcpy(buffer, vault_base + obj->vault_idx * KEYVAULT_OBJ_SIZE + - STORE_PRIV_HDR_SIZE + obj->hdr.off, len); - obj->hdr.off += len; + memcpy(buffer, (uint8_t *)(handle->buffer) + handle->in_buffer_offset, len); + handle->in_buffer_offset += len; } return len; } int wolfPKCS11_Store_Write(void* store, unsigned char* buffer, int len) { - struct store_object *obj = store; - int pos = 0; - if (len + obj->hdr.off > (KEYVAULT_OBJ_SIZE - STORE_PRIV_HDR_SIZE)) { + struct store_handle *handle = store; + uint32_t obj_size = 0; + uint32_t in_sector_offset = 0; + uint32_t in_sector_len = 0; + uint32_t sector_base = 0; + int written = 0; + + + if ((handle == NULL) || (handle->hdr == NULL) || (handle->buffer == NULL)) + return -1; + if ((handle->flags & STORE_FLAGS_READONLY) != 0) return -1; - } - if (obj->read) + + obj_size = handle->hdr->size; + if (obj_size > KEYVAULT_OBJ_SIZE) return -1; - if (obj->vault_idx > KEYVAULT_MAX_ITEMS) + + if (len + handle->in_buffer_offset > KEYVAULT_OBJ_SIZE) + len = KEYVAULT_OBJ_SIZE - handle->in_buffer_offset; + + if (len < 0) return -1; - obj->hdr.size += len; - hal_flash_unlock(); - if (obj->hdr.off == 0) - hal_flash_erase((uint32_t)(vault_base + obj->vault_idx * KEYVAULT_OBJ_SIZE), - KEYVAULT_OBJ_SIZE); - - hal_flash_write((uint32_t)(vault_base + obj->vault_idx * KEYVAULT_OBJ_SIZE), - (void *)obj, sizeof(struct obj_hdr)); - while (pos < len) { - uint32_t base = (uint32_t)(vault_base + - obj->vault_idx * KEYVAULT_OBJ_SIZE); - uint32_t sz = len; - if (sz > WOLFBOOT_SECTOR_SIZE) { - sz = WOLFBOOT_SECTOR_SIZE; - } - hal_flash_write(base + STORE_PRIV_HDR_SIZE + pos, buffer + pos + obj->hdr.off, sz); - pos += sz; + + + while (written < len) { + in_sector_offset = ((uintptr_t)(handle->buffer) + handle->in_buffer_offset) + % WOLFBOOT_SECTOR_SIZE; + sector_base = (uintptr_t)handle->buffer + handle->in_buffer_offset - in_sector_offset; + in_sector_len = WOLFBOOT_SECTOR_SIZE - in_sector_offset; + if (in_sector_len > (uint32_t)len) + in_sector_len = len; + + /* Cache the corresponding sector */ + memcpy(cached_sector, (void *)(uintptr_t)sector_base, WOLFBOOT_SECTOR_SIZE); + /* Write content into cache */ + memcpy(cached_sector + in_sector_offset, buffer + written, in_sector_len); + /* Adjust in_buffer position for the handle accordingly */ + handle->in_buffer_offset += in_sector_len; + written += in_sector_len; + /* Write sector to flash */ + cache_commit((uintptr_t)sector_base - (uintptr_t)vault_base); } - hal_flash_lock(); - obj->hdr.off += len; + obj_size += written; + update_store_size(handle->hdr, obj_size); return len; } diff --git a/tools/config.mk b/tools/config.mk index 2be184ff4..1b91346f5 100644 --- a/tools/config.mk +++ b/tools/config.mk @@ -102,4 +102,7 @@ CONFIG_VARS:= ARCH TARGET SIGN HASH MCUXSDK MCUXPRESSO MCUXPRESSO_CPU MCUXPRESSO XMSS_PARAMS \ ELF BIG_ENDIAN \ NXP_CUSTOM_DCD NXP_CUSTOM_DCD_OBJS \ - FLASH_OTP_KEYSTORE + FLASH_OTP_KEYSTORE \ + KEYVAULT_OBJ_SIZE \ + KEYVAULT_MAX_ITEMS + diff --git a/tools/unit-tests/Makefile b/tools/unit-tests/Makefile index 896116d79..681e2f1e6 100644 --- a/tools/unit-tests/Makefile +++ b/tools/unit-tests/Makefile @@ -10,16 +10,18 @@ CFLAGS+=-g -ggdb CFLAGS+=-fprofile-arcs CFLAGS+=-ftest-coverage CFLAGS+=--coverage +CFLAGS+=-DUNIT_TEST -DWOLFSSL_USER_SETTINGS LDFLAGS+=-fprofile-arcs LDFLAGS+=-ftest-coverage WOLFCRYPT=../../lib/wolfssl/ +WOLFPKCS11=../../lib/wolfPKCS11/ TESTS:=unit-parser unit-extflash unit-aes128 unit-aes256 unit-chacha20 unit-pci \ unit-mock-state unit-sectorflags unit-image unit-nvm unit-nvm-flagshome \ unit-enc-nvm unit-enc-nvm-flagshome unit-delta unit-update-flash \ - unit-update-ram + unit-update-ram unit-pkcs11_store all: $(TESTS) @@ -57,6 +59,7 @@ unit-enc-nvm-flagshome:CFLAGS+=-DNVM_FLASH_WRITEONCE -DMOCK_PARTITIONS \ -DEXT_ENCRYPTED -DENCRYPT_WITH_CHACHA -DEXT_FLASH -DHAVE_CHACHA -DFLAGS_HOME unit-enc-nvm-flagshome:WOLFCRYPT_SRC+=$(WOLFCRYPT)/wolfcrypt/src/chacha.c unit-delta:CFLAGS+=-DNVM_FLASH_WRITEONCE -DMOCK_PARTITIONS -DDELTA_UPDATES -DDELTA_BLOCK_SIZE=512 +unit-pkcs11_store:CFLAGS+=-I$(WOLFPKCS11) -DMOCK_PARTITIONS -DMOCK_KEYVAULT -DSECURE_PKCS11 unit-update-flash:CFLAGS+=-DMOCK_PARTITIONS -DWOLFBOOT_NO_SIGN -DUNIT_TEST_AUTH \ -DWOLFBOOT_HASH_SHA256 -DPRINTF_ENABLED -DEXT_FLASH -DPART_UPDATE_EXT -DPART_SWAP_EXT unit-update-ram:CFLAGS+=-DMOCK_PARTITIONS -DWOLFBOOT_NO_SIGN -DUNIT_TEST_AUTH \ @@ -64,8 +67,7 @@ unit-update-ram:CFLAGS+=-DMOCK_PARTITIONS -DWOLFBOOT_NO_SIGN -DUNIT_TEST_AUTH \ -DPART_SWAP_EXT -DPART_BOOT_EXT -DWOLFBOOT_DUALBOOT -DNO_XIP - -WOLFCRYPT_CFLAGS+=-DWOLFSSL_USER_SETTINGS -DWOLFBOOT_SIGN_ECC256 -DWOLFBOOT_SIGN_ECC256 -DHAVE_ECC_KEY_IMPORT -D__WOLFBOOT +WOLFCRYPT_CFLAGS+=-DWOLFBOOT_SIGN_ECC256 -DWOLFBOOT_SIGN_ECC256 -DHAVE_ECC_KEY_IMPORT -D__WOLFBOOT @@ -124,6 +126,9 @@ unit-update-flash: ../../include/target.h unit-update-flash.c unit-update-ram: ../../include/target.h unit-update-ram.c gcc -o $@ unit-update-ram.c ../../src/image.c ../../lib/wolfssl/wolfcrypt/src/sha256.c $(CFLAGS) $(LDFLAGS) +unit-pkcs11_store: ../../include/target.h unit-pkcs11_store.c + gcc -o $@ $(WOLFCRYPT_SRC) unit-pkcs11_store.c $(CFLAGS) $(WOLFCRYPT_CFLAGS) $(LDFLAGS) + %.o:%.c gcc -c -o $@ $^ $(CFLAGS) diff --git a/tools/unit-tests/target.h b/tools/unit-tests/target.h index 38173e9d1..c25c9b485 100644 --- a/tools/unit-tests/target.h +++ b/tools/unit-tests/target.h @@ -43,6 +43,7 @@ #else #define WOLFBOOT_PARTITION_SIZE 0x8000 #endif + #define WOLFBOOT_KEYVAULT 0xCF000000 #else #ifdef WOLFBOOT_FIXED_PARTITIONS diff --git a/tools/unit-tests/txt_filler.h b/tools/unit-tests/txt_filler.h new file mode 100644 index 000000000..fe41da610 --- /dev/null +++ b/tools/unit-tests/txt_filler.h @@ -0,0 +1,118 @@ +/* + * txt_filler.h + * + * This file is part of wolfBoot. + * + * wolfBoot is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfBoot is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + * This file contains excerpts from "La Divina Commedia" by Dante Alighieri, + * written in the early 14th century. + * The text of "La Divina Commedia" is in the public domain worldwide. + * + * Public Domain Notice: + * This work is free of known copyright restrictions. + * + */ + +#ifndef DANTE_FILLER +#define DANTE_FILLER \ +"Nel mezzo del cammin di nostra vita " \ +"mi ritrovai per una selva oscura, " \ +"ché la diritta via era smarrita. " \ +" " \ +"Ahi quanto a dir qual era è cosa dura " \ +"esta selva selvaggia e aspra e forte " \ +"che nel pensier rinova la paura! " \ +" " \ +"Tant’ è amara che poco è più morte; " \ +"ma per trattar del ben ch’i’ vi trovai, " \ +"dirò de l’altre cose ch’i’ v’ho scorte. " \ +" " \ +"Io non so ben ridir com’ i’ v’intrai, " \ +"tant’ era pien di sonno a quel punto " \ +"che la verace via abbandonai. " \ +" " \ +"Ma poi ch’i’ fui al piè d’un colle giunto, " \ +"là dove terminava quella valle " \ +"che m’avea di paura il cor compunto, " \ +" " \ +"guardai in alto e vidi le sue spalle " \ +"vestite già de’ raggi del pianeta " \ +"che mena dritto altrui per ogne calle. " \ +" " \ +"Allor fu la paura un poco queta, " \ +"che nel lago del cor m’era durata " \ +"la notte ch’i’ passai con tanta pieta. " \ +" " \ +"E come quei che con lena affannata, " \ +"uscito fuor del pelago a la riva, " \ +"si volge a l’acqua perigliosa e guata, " \ +" " \ +"così l’animo mio, ch’ancor fuggiva, " \ +"si volse a retro a rimirar lo passo " \ +"che non lasciò già mai persona viva. " \ +" " \ +"Poi ch’èi posato un poco il corpo lasso, " \ +"ripresi via per la piaggia diserta, " \ +"sì che ’l piè fermo sempre era ’l più basso. " \ +" " \ +"Ed ecco, quasi al cominciar de l’erta, " \ +"una lonza leggera e presta molto, " \ +"che di pel macolato era coverta; " \ +" " \ +"e non mi si partia dinanzi al volto, " \ +"anzi ’mpediva tanto il mio cammino, " \ +"ch’i’ fui per ritornar più volte vòlto. " \ +" " \ +"Temp’ era dal principio del mattino, " \ +"e ’l sol montava ’n sù con quelle stelle " \ +"ch’eran con lui quando l’amor divino " \ +" " \ +"mosse di prima quelle cose belle; " \ +"sì ch’a bene sperar m’era cagione " \ +"di quella fiera a la gaetta pelle " \ +" " \ +"l’ora del tempo e la dolce stagione; " \ +"ma non sì che paura non mi desse " \ +"la vista che m’apparve d’un leone. " \ +" " \ +"Questi parea che contra me venisse " \ +"con la test’ alta e con rabbiosa fame, " \ +"sì che parea che l’aere ne tremesse. " \ +" " \ +"Ed una lupa, che di tutte brame " \ +"sembiava carca ne la sua magrezza, " \ +"e molte genti fé già viver grame, " \ +" " \ +"questa mi porse tanto di gravezza " \ +"con la paura ch’uscia di sua vista, " \ +"ch’io perdei la speranza de l’altezza. " \ +" " \ +"E qual è quei che volontieri acquista, " \ +"e giugne ’l tempo che perder lo face, " \ +"che ’n tutti suoi pensier piange e s’attrista" \ +" " \ +"tal mi fece la bestia sanza pace, " \ +"che, venendomi ’ncontro, a poco a poco " \ +"mi ripigneva là dove ’l sol tace. " \ +" " \ +"Mentre ch’i’ rovinava in basso loco, " \ +"dinanzi a li occhi mi si fu offerto " \ +"chi per lungo silenzio parea fioco. " \ +" " \ +"Quando vidi costui nel gran diserto, " \ +"«Miserere di me», gridai a lui, " \ +"«qual che tu sii, od ombra od omo certo!». " +#endif diff --git a/tools/unit-tests/unit-common.c b/tools/unit-tests/unit-common.c index c8b21e97a..0224ab551 100644 --- a/tools/unit-tests/unit-common.c +++ b/tools/unit-tests/unit-common.c @@ -94,12 +94,12 @@ int ext_flash_erase(uintptr_t address, int len) { void ext_flash_unlock(void) { - fail_unless(elocked, "Double ext unlock detected\n"); + ck_assert_msg(elocked, "Double ext unlock detected\n"); elocked--; } void ext_flash_lock(void) { - fail_if(elocked, "Double ext lock detected\n"); + ck_assert_msg(!elocked, "Double ext lock detected\n"); elocked++; } diff --git a/tools/unit-tests/unit-delta.c b/tools/unit-tests/unit-delta.c index d231c8a36..af284590c 100644 --- a/tools/unit-tests/unit-delta.c +++ b/tools/unit-tests/unit-delta.c @@ -26,6 +26,7 @@ #include #include "delta.h" +#define WC_RSA_BLINDING #include "delta.c" #define SRC_SIZE 4096 @@ -33,6 +34,8 @@ #define DST_SIZE 4096 #define DIFF_SIZE 8192 + + START_TEST(test_wb_patch_init_invalid) { WB_PATCH_CTX ctx; diff --git a/tools/unit-tests/unit-enc-nvm.c b/tools/unit-tests/unit-enc-nvm.c index 16774fb05..d5e361a6c 100644 --- a/tools/unit-tests/unit-enc-nvm.c +++ b/tools/unit-tests/unit-enc-nvm.c @@ -22,8 +22,6 @@ */ #define WOLFBOOT_HASH_SHA256 #define IMAGE_HEADER_SIZE 256 -#define UNIT_TEST -#define WC_NO_HARDEN #define MOCK_ADDRESS 0xCC000000 #define MOCK_ADDRESS_BOOT 0xCD000000 #define MOCK_ADDRESS_SWAP 0xCE000000 @@ -57,55 +55,55 @@ START_TEST (test_nvm_update_with_encryption) uint32_t base_addr = WOLFBOOT_PARTITION_UPDATE_ADDRESS; uint32_t home_off = 0; - ret = mmap_file("/tmp/wolfboot-unit-file.bin", MOCK_ADDRESS, + ret = mmap_file("/tmp/wolfboot-unit-file.bin", (void *)MOCK_ADDRESS, WOLFBOOT_PARTITION_SIZE, NULL); - fail_if(ret < 0); + ck_assert(ret >= 0); #ifdef FLAGS_HOME - ret = mmap_file("/tmp/wolfboot-unit-int-file.bin", MOCK_ADDRESS_BOOT, + ret = mmap_file("/tmp/wolfboot-unit-int-file.bin", (void *)MOCK_ADDRESS_BOOT, WOLFBOOT_PARTITION_SIZE, NULL); - fail_if(ret < 0); + ck_assert(ret >= 0); part = PART_BOOT; base_addr = WOLFBOOT_PARTITION_BOOT_ADDRESS; home_off = PART_BOOT_ENDFLAGS - PART_UPDATE_ENDFLAGS; #endif - ret = mmap_file("/tmp/wolfboot-unit-swap.bin", MOCK_ADDRESS_SWAP, + ret = mmap_file("/tmp/wolfboot-unit-swap.bin", (void *)MOCK_ADDRESS_SWAP, WOLFBOOT_SECTOR_SIZE, NULL); - fail_if(ret < 0); + ck_assert(ret >= 0); /* Sanity */ - fail_if(home_off > WOLFBOOT_SECTOR_SIZE); + ck_assert(home_off <= WOLFBOOT_SECTOR_SIZE); /* unlock the flash to allow operations */ hal_flash_unlock(); /* Check swap erase */ wolfBoot_erase_partition(PART_SWAP); - fail_if(erased_swap != 1); + ck_assert(erased_swap == 1); for (i = 0; i < WOLFBOOT_SECTOR_SIZE; i+=4) { - uint32_t *word = ((uint32_t *)(WOLFBOOT_PARTITION_SWAP_ADDRESS + i)); - fail_if(*word != 0xFFFFFFFF); + uint32_t *word = ((uint32_t *)((uintptr_t)WOLFBOOT_PARTITION_SWAP_ADDRESS + i)); + ck_assert(*word == 0xFFFFFFFF); } erased_update = 0; wolfBoot_erase_partition(part); #ifndef FLAGS_HOME - fail_if(erased_update != 1); + ck_assert(erased_update == 1); #else - fail_if(erased_boot != 1); + ck_assert(erased_boot == 1); #endif /* Erased flag sectors: select '0' by default */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select default fresh sector\n"); + ck_assert_msg(ret == 0, "Failed to select default fresh sector\n"); /* Force a good 'magic' at the end of sector 1 by setting the magic word */ wolfBoot_set_partition_state(PART_UPDATE, IMG_STATE_NEW); magic = get_partition_magic(PART_UPDATE); - fail_if(*magic != *boot_word, + ck_assert_msg(*magic == *boot_word, "Failed to read back 'BOOT' trailer at the end of the partition"); /* Current selected should now be 1 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select good fresh sector\n"); + ck_assert_msg(ret == 1, "Failed to select good fresh sector\n"); erased_nvm_bank1 = 0; erased_nvm_bank0 = 0; @@ -115,37 +113,37 @@ START_TEST (test_nvm_update_with_encryption) /* Current selected should now be 0 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank1 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 0, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank1 > 0, "Did not erase the non-selected bank"); erased_nvm_bank1 = 0; erased_nvm_bank0 = 0; /* Check state is read back correctly */ ret = wolfBoot_get_partition_state(PART_UPDATE, &st); - fail_if(ret != 0, "Failed to read back state\n"); - fail_if(st != IMG_STATE_UPDATING, "Bootloader in the wrong state\n"); + ck_assert_msg(ret == 0, "Failed to read back state\n"); + ck_assert_msg(st == IMG_STATE_UPDATING, "Bootloader in the wrong state\n"); /* Check that reading did not change the current sector */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select right sector after reading\n"); + ck_assert_msg(ret == 0, "Failed to select right sector after reading\n"); /* Update one sector flag, it should change nvm sector */ wolfBoot_set_update_sector_flag(0, SECT_FLAG_SWAPPING); /* Current selected should now be 1 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank0 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 1, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank0 != 0, "Did not erase the non-selected bank"); /* Check sector state is read back correctly */ ret = wolfBoot_get_update_sector_flag(0, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); /* Check that reading did not change the current sector (1) */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select right sector after reading sector state\n"); + ck_assert_msg(ret == 1, "Failed to select right sector after reading sector state\n"); /* Update sector flag, again. it should change nvm sector */ erased_nvm_bank1 = 0; @@ -154,17 +152,17 @@ START_TEST (test_nvm_update_with_encryption) /* Current selected should now be 0 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank1 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 0, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank1 != 0, "Did not erase the non-selected bank"); /* Check sector state is read back correctly */ ret = wolfBoot_get_update_sector_flag(0, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_UPDATED, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_UPDATED, "Wrong sector flag state\n"); /* Check that reading did not change the current sector (0) */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select right sector after reading sector state\n"); + ck_assert_msg(ret == 0, "Failed to select right sector after reading sector state\n"); /* Update sector flag, again. it should change nvm sector */ erased_nvm_bank1 = 0; @@ -173,17 +171,17 @@ START_TEST (test_nvm_update_with_encryption) /* Current selected should now be 1 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank0 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 1, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank0 > 0, "Did not erase the non-selected bank"); /* Check sector state is read back correctly */ ret = wolfBoot_get_update_sector_flag(1, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); /* Check that reading did not change the current sector (1) */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select right sector after reading sector state\n"); + ck_assert_msg(ret == 1, "Failed to select right sector after reading sector state\n"); /* Update sector flag, again. it should change nvm sector */ erased_nvm_bank1 = 0; @@ -191,20 +189,20 @@ START_TEST (test_nvm_update_with_encryption) wolfBoot_set_update_sector_flag(1, SECT_FLAG_UPDATED); /* Copy flags from 0 to 1 */ - src = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE); - dst = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (2 * WOLFBOOT_SECTOR_SIZE)); + src = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE); + dst = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (2 * WOLFBOOT_SECTOR_SIZE)); for (i = 0; i < WOLFBOOT_SECTOR_SIZE; i++) dst[i] = src[i]; /* Force-erase 4B of sector flags in 0 */ - dst = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off + + dst = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off + TRAILER_SKIP + ENCRYPT_KEY_SIZE + ENCRYPT_NONCE_SIZE)); for (i = 0; i < 4; i++) dst[i] = 0xFF; /* This should fall back to 1 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select most recent sector after deleting flags\n"); + ck_assert_msg(ret == 1, "Failed to select most recent sector after deleting flags\n"); /* Start over, update some sector flags */ wolfBoot_erase_partition(PART_UPDATE); @@ -214,47 +212,47 @@ START_TEST (test_nvm_update_with_encryption) wolfBoot_set_update_sector_flag(3, SECT_FLAG_UPDATED); wolfBoot_set_update_sector_flag(4, SECT_FLAG_SWAPPING); st = IMG_STATE_UPDATING; - wolfBoot_set_partition_state(PART_UPDATE, &st); + wolfBoot_set_partition_state(PART_UPDATE, (uintptr_t)&st); /* Current selected should now be 1 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank0 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 1, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank0 > 0, "Did not erase the non-selected bank"); /* Check sector state is read back correctly */ for (i = 0; i < 4; i++) { ret = wolfBoot_get_update_sector_flag(i, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_UPDATED, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_UPDATED, "Wrong sector flag state\n"); } ret = wolfBoot_get_update_sector_flag(4, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); /* Check that reading did not change the current sector (1) */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select right sector after reading sector state\n"); + ck_assert_msg(ret == 1, "Failed to select right sector after reading sector state\n"); /* Copy flags from 1 to 0 */ - src = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (2 * WOLFBOOT_SECTOR_SIZE)); - dst = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (WOLFBOOT_SECTOR_SIZE)); + src = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (2 * WOLFBOOT_SECTOR_SIZE)); + dst = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (WOLFBOOT_SECTOR_SIZE)); for (i = 0; i < WOLFBOOT_SECTOR_SIZE; i++) dst[i] = src[i]; /* Force to F0 last sector flag in 0, so that the sector '4' is 'updated' */ - dst = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off + + dst = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off + TRAILER_SKIP + ENCRYPT_KEY_SIZE + ENCRYPT_NONCE_SIZE)); dst[0] = 0xF0; /* Check if still there */ ret = wolfBoot_get_update_sector_flag(4, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_UPDATED, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_UPDATED, "Wrong sector flag state\n"); /* This should fall back to 0 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select most recent sector after deleting flags\n"); + ck_assert_msg(ret == 0, "Failed to select most recent sector after deleting flags\n"); /* Erase partition and start over */ @@ -262,13 +260,13 @@ START_TEST (test_nvm_update_with_encryption) erased_boot = 0; wolfBoot_erase_partition(part); #ifndef FLAGS_HOME - fail_if(erased_update != 1); + ck_assert(erased_update == 1); #else - fail_if(erased_boot != 1); + ck_assert(erased_boot == 1); #endif ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select right sector after reading sector state\n"); + ck_assert_msg(ret == 0, "Failed to select right sector after reading sector state\n"); /* re-lock the flash: update_trigger implies unlocking/locking */ hal_flash_lock(); @@ -278,15 +276,15 @@ START_TEST (test_nvm_update_with_encryption) /* Current selected should now be 0 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank1 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 0, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank1 != 0, "Did not erase the non-selected bank"); magic = get_partition_magic(PART_UPDATE); - fail_if(*magic != *boot_word, + ck_assert_msg(*magic == *boot_word, "Failed to read back 'BOOT' trailer at the end of the partition"); /* Sanity check at the end of the operations. */ - fail_unless(locked, "The FLASH was left unlocked.\n"); + ck_assert_msg(locked, "The FLASH was left unlocked.\n"); } diff --git a/tools/unit-tests/unit-extflash.c b/tools/unit-tests/unit-extflash.c index 0db5fe6a9..d698b344c 100644 --- a/tools/unit-tests/unit-extflash.c +++ b/tools/unit-tests/unit-extflash.c @@ -39,11 +39,8 @@ #if defined(ENCRYPT_WITH_CHACHA) #define HAVE_CHACHA #endif -#define WC_NO_HARDEN -#define WOLFSSL_USER_SETTINGS #define ENCRYPT_KEY "123456789abcdef0123456789abcdef0123456789abcdef" -#define UNIT_TEST #include #include #include @@ -78,12 +75,12 @@ int hal_flash_erase(haladdr_t address, int len) } void hal_flash_unlock(void) { - fail_unless(locked, "Double unlock detected\n"); + ck_assert_msg(locked, "Double unlock detected\n"); locked--; } void hal_flash_lock(void) { - fail_if(locked, "Double lock detected\n"); + ck_assert_msg(!locked, "Double lock detected\n"); locked++; } diff --git a/tools/unit-tests/unit-image.c b/tools/unit-tests/unit-image.c index e82aa41ad..121152601 100644 --- a/tools/unit-tests/unit-image.c +++ b/tools/unit-tests/unit-image.c @@ -39,15 +39,10 @@ #if defined(ENCRYPT_WITH_CHACHA) #define HAVE_CHACHA #endif -//#define WC_NO_HARDEN #define ECC_TIMING_RESISTANT -#define WOLFSSL_USER_SETTINGS #define ENCRYPT_KEY "123456789abcdef0123456789abcdef0123456789abcdef" -#define UNIT_TEST -#define WOLFBOOT_SIGN_ECC256 #define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ECC256 -#define __WOLFBOOT #include #include @@ -80,7 +75,7 @@ static const unsigned char pubkey_digest[SHA256_DIGEST_SIZE] = { }; -static const unsigned char test_img_v200000000_signed_bin[] = { +static unsigned char test_img_v200000000_signed_bin[] = { 0x57, 0x4f, 0x4c, 0x46, 0x13, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0xc2, 0xeb, 0x0b, 0xff, 0xff, 0xff, 0xff, 0x02, 0x00, 0x08, 0x00, 0x77, 0x33, 0x29, 0x65, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, @@ -407,28 +402,28 @@ START_TEST(test_headers) img.part = PART_BOOT; find_header_fail = 1; find_header_called = 0; - ret = get_header(&img, type, &ptr); + ret = get_header(&img, type, (void *)&ptr); ck_assert_uint_eq(ret, 0xFFFF); ck_assert_int_eq(find_header_called, 1); img.part = PART_BOOT; find_header_fail = 0; find_header_called = 0; - ret = get_header(&img, type, &ptr); + ret = get_header(&img, type, (void *)&ptr); ck_assert_uint_ne(ret, 0xFFFF); ck_assert_int_eq(find_header_called, 1); img.part = PART_UPDATE; find_header_fail = 1; find_header_called = 0; - ret = get_header(&img, type, &ptr); + ret = get_header(&img, type, (void *)&ptr); ck_assert_uint_eq(ret, 0xFFFF); ck_assert_int_eq(find_header_called, 1); img.part = PART_UPDATE; find_header_fail = 0; find_header_called = 0; - ret = get_header(&img, type, &ptr); + ret = get_header(&img, type, (void *)&ptr); ck_assert_uint_ne(ret, 0xFFFF); ck_assert_int_eq(find_header_called, 1); @@ -444,7 +439,7 @@ START_TEST(test_headers) ck_assert_ptr_eq(ptr, hdr_cpy); /* Test image_size */ - sz = wolfBoot_image_size(test_img_v200000000_signed_bin); + sz = wolfBoot_image_size((void *)(uintptr_t)test_img_v200000000_signed_bin); ck_assert_uint_eq(sz, test_img_len - 256); } @@ -514,7 +509,7 @@ START_TEST(test_verify_integrity) test_img_v123_signed_bin_len); ret = wolfBoot_open_image(&test_img, PART_UPDATE); ck_assert_int_eq(ret, 0); - ck_assert_uint_eq(test_img.hdr, WOLFBOOT_PARTITION_UPDATE_ADDRESS); + ck_assert_ptr_eq(test_img.hdr, (void*)WOLFBOOT_PARTITION_UPDATE_ADDRESS); ret = wolfBoot_verify_integrity(&test_img); ck_assert_int_eq(ret, 0); } @@ -540,7 +535,7 @@ START_TEST(test_open_image) /* Swap partition */ ret = wolfBoot_open_image(&img, PART_SWAP); ck_assert_uint_eq(img.hdr_ok, 1); - ck_assert_ptr_eq(img.hdr, WOLFBOOT_PARTITION_SWAP_ADDRESS); + ck_assert_ptr_eq(img.hdr, (void *)WOLFBOOT_PARTITION_SWAP_ADDRESS); ck_assert_ptr_eq(img.hdr, img.fw_base); ck_assert_uint_eq(img.fw_size, WOLFBOOT_SECTOR_SIZE); @@ -552,7 +547,8 @@ START_TEST(test_open_image) ck_assert_int_eq(ret, 0); ck_assert_uint_eq(img.hdr_ok, 1); ck_assert_ptr_eq(img.hdr, WOLFBOOT_PARTITION_UPDATE_ADDRESS); - ck_assert_ptr_eq(img.fw_base, WOLFBOOT_PARTITION_UPDATE_ADDRESS + 256); + ck_assert_ptr_eq(img.fw_base, (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS + + 256); } END_TEST diff --git a/tools/unit-tests/unit-mock-flash.c b/tools/unit-tests/unit-mock-flash.c index 7dd11c044..6be1dba0c 100644 --- a/tools/unit-tests/unit-mock-flash.c +++ b/tools/unit-tests/unit-mock-flash.c @@ -33,6 +33,8 @@ static int erased_nvm_bank1 = 0; static int erased_vault = 0; const char *argv0; +#include + /* Mocks */ void hal_init(void) @@ -41,8 +43,8 @@ void hal_init(void) int hal_flash_write(haladdr_t address, const uint8_t *data, int len) { int i; - uint8_t *a = (uint8_t *)address; - fail_if(locked, "Attempting to write to a locked FLASH"); + uint8_t *a = (uint8_t *)(uintptr_t)address; + ck_assert_msg(!locked, "Attempting to write to a locked FLASH"); if ((address >= WOLFBOOT_PARTITION_SWAP_ADDRESS) && (address < WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_SECTOR_SIZE)) { for (i = 0; i < len; i++) { @@ -62,7 +64,7 @@ int hal_flash_write(haladdr_t address, const uint8_t *data, int len) } } #ifdef MOCK_KEYVAULT - if ((address >= vault_base) && (address < vault_base + keyvault_size)) { + if ((address >= (const uintptr_t)vault_base) && (address < (const uintptr_t)vault_base + keyvault_size)) { for (i = 0; i < len; i++) { a[i] = data[i]; } @@ -72,11 +74,11 @@ int hal_flash_write(haladdr_t address, const uint8_t *data, int len) } int hal_flash_erase(haladdr_t address, int len) { - fail_if(locked, "Attempting to erase a locked FLASH"); + ck_assert_msg(!locked, "Attempting to erase a locked FLASH"); if ((address >= WOLFBOOT_PARTITION_BOOT_ADDRESS) && (address < WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE)) { erased_boot++; - memset(address, 0xFF, len); + memset((void*)(uintptr_t)address, 0xFF, len); if (address >= WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE) { erased_nvm_bank0++; } else if (address >= WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - 2 * WOLFBOOT_SECTOR_SIZE) { @@ -85,7 +87,7 @@ int hal_flash_erase(haladdr_t address, int len) } else if ((address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS) && (address < WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE)) { erased_update++; - memset(address, 0xFF, len); + memset((void *)(uintptr_t)address, 0xFF, len); if (address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE) { erased_nvm_bank0++; } else if (address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE - 2 * WOLFBOOT_SECTOR_SIZE) { @@ -94,11 +96,12 @@ int hal_flash_erase(haladdr_t address, int len) } else if ((address >= WOLFBOOT_PARTITION_SWAP_ADDRESS) && (address < WOLFBOOT_PARTITION_SWAP_ADDRESS + WOLFBOOT_SECTOR_SIZE)) { erased_swap++; - memset(address, 0xFF, len); + memset((void *)(uintptr_t)address, 0xFF, len); #ifdef MOCK_KEYVAULT - } else if ((address >= vault_base) && (address < vault_base + keyvault_size)) { + } else if ((address >= (uintptr_t)vault_base) && (address < (uintptr_t)vault_base + keyvault_size)) { + printf("Erasing vault from %p : %p bytes\n", address, len); erased_vault++; - memset(address, 0xFF, len); + memset((void *)(uintptr_t)address, 0xFF, len); #endif } else { fail("Invalid address\n"); @@ -108,12 +111,12 @@ int hal_flash_erase(haladdr_t address, int len) } void hal_flash_unlock(void) { - fail_unless(locked, "Double unlock detected\n"); + ck_assert_msg(locked, "Double unlock detected\n"); locked--; } void hal_flash_lock(void) { - fail_if(locked, "Double lock detected\n"); + ck_assert_msg(!locked, "Double lock detected\n"); locked++; } @@ -127,7 +130,7 @@ int ext_flash_erase(uintptr_t address, int len) if ((address >= WOLFBOOT_PARTITION_BOOT_ADDRESS) && (address < WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE)) { erased_update++; - memset(address, 0xFF, len); + memset((void *)(uintptr_t)address, 0xFF, len); if (address >= WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE) { erased_nvm_bank0++; } else if (address >= WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - 2 * WOLFBOOT_SECTOR_SIZE) { @@ -138,7 +141,7 @@ int ext_flash_erase(uintptr_t address, int len) if ((address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS) && (address < WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE)) { erased_update++; - memset(address, 0xFF, len); + memset((void *)(uintptr_t)address, 0xFF, len); if (address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE) { erased_nvm_bank0++; } else if (address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE - 2 * WOLFBOOT_SECTOR_SIZE) { @@ -147,7 +150,7 @@ int ext_flash_erase(uintptr_t address, int len) } else if ((address >= WOLFBOOT_PARTITION_SWAP_ADDRESS) && (address < WOLFBOOT_PARTITION_SWAP_ADDRESS + WOLFBOOT_SECTOR_SIZE)) { erased_swap++; - memset(address, 0xFF, len); + memset((void *)(uintptr_t)address, 0xFF, len); } else { fail("Invalid address: %p\n", address); return -1; @@ -159,7 +162,7 @@ int ext_flash_write(uintptr_t address, const uint8_t *data, int len) { int i; uint8_t *a = (uint8_t *)address; - fail_if(ext_locked, "Attempting to write to a locked FLASH"); + ck_assert_msg(!ext_locked, "Attempting to write to a locked FLASH"); for (i = 0; i < len; i++) { a[i] = data[i]; } @@ -178,12 +181,12 @@ int ext_flash_read(uintptr_t address, uint8_t *data, int len) void ext_flash_unlock(void) { - fail_unless(ext_locked, "Double ext unlock detected\n"); + ck_assert_msg(ext_locked, "Double ext unlock detected\n"); ext_locked--; } void ext_flash_lock(void) { - fail_if(ext_locked, "Double ext lock detected\n"); + ck_assert_msg(!ext_locked, "Double ext lock detected\n"); ext_locked++; } diff --git a/tools/unit-tests/unit-mock-state.c b/tools/unit-tests/unit-mock-state.c index 0f9f8f4c4..4db199a5d 100644 --- a/tools/unit-tests/unit-mock-state.c +++ b/tools/unit-tests/unit-mock-state.c @@ -36,11 +36,8 @@ #if defined(ENCRYPT_WITH_CHACHA) #define HAVE_CHACHA #endif -#define WC_NO_HARDEN #define NVM_FLASH_WRITEONCE -#define WOLFSSL_USER_SETTINGS -#define UNIT_TEST #define MOCK_PARTITION_TRAILER #define MOCK_BLOB_TYPE #include @@ -50,6 +47,7 @@ #include #include "user_settings.h" #include "wolfboot/wolfboot.h" + static uint8_t* get_trailer_at(uint8_t part, uint32_t at); static void set_trailer_at(uint8_t part, uint32_t at, uint8_t val); static void set_partition_magic(uint8_t part); @@ -72,7 +70,7 @@ uint8_t image_backup(uint8_t part_id) static int locked = 0; static int hal_flash_write_mock_called = 0; static uintptr_t hal_flash_write_mock_address = 0U; -static uint8_t *hal_flash_write_mock_data = NULL; +static const uint8_t *hal_flash_write_mock_data = NULL; static int hal_flash_write_mock_len = 0; static uintptr_t hal_flash_erase_mock_address = 0; @@ -129,7 +127,7 @@ void hal_prepare_boot(void) static int ext_locked = 1; static int ext_flash_write_mock_called = 0; static uintptr_t ext_flash_write_mock_address = 0U; -static uint8_t *ext_flash_write_mock_data = NULL; +static const uint8_t *ext_flash_write_mock_data = NULL; static int ext_flash_write_mock_len = 0; static int ext_flash_read_mock_called = 0; @@ -188,12 +186,12 @@ int ext_flash_erase(uintptr_t address, int len) } void ext_flash_unlock(void) { - fail_unless(ext_locked, "Double unlock detected (ext)\n"); + ck_assert_msg(ext_locked, "Double unlock detected (ext)\n"); ext_locked--; } void ext_flash_lock(void) { - fail_if(ext_locked, "Double lock detected(ext)\n"); + ck_assert_msg(!ext_locked, "Double lock detected(ext)\n"); ext_locked++; } diff --git a/tools/unit-tests/unit-nvm.c b/tools/unit-tests/unit-nvm.c index 6eb185bbb..774dc6427 100644 --- a/tools/unit-tests/unit-nvm.c +++ b/tools/unit-tests/unit-nvm.c @@ -22,11 +22,11 @@ */ #define WOLFBOOT_HASH_SHA256 #define IMAGE_HEADER_SIZE 256 -#define UNIT_TEST -#define WC_NO_HARDEN #define MOCK_ADDRESS 0xCC000000 #define MOCK_ADDRESS_BOOT 0xCD000000 #define MOCK_ADDRESS_SWAP 0xCE000000 +#define WC_RSA_BLINDING +#define ECC_TIMING_RESISTANT #include #include "libwolfboot.c" #include @@ -52,55 +52,55 @@ START_TEST (test_nvm_select_fresh_sector) uint32_t base_addr = WOLFBOOT_PARTITION_UPDATE_ADDRESS; uint32_t home_off = 0; - ret = mmap_file("/tmp/wolfboot-unit-file.bin", MOCK_ADDRESS, + ret = mmap_file("/tmp/wolfboot-unit-file.bin", (void *)MOCK_ADDRESS, WOLFBOOT_PARTITION_SIZE, NULL); - fail_if(ret < 0); + ck_assert(ret >= 0); #ifdef FLAGS_HOME - ret = mmap_file("/tmp/wolfboot-unit-int-file.bin", MOCK_ADDRESS_BOOT, + ret = mmap_file("/tmp/wolfboot-unit-int-file.bin", (void *)MOCK_ADDRESS_BOOT, WOLFBOOT_PARTITION_SIZE, NULL); - fail_if(ret < 0); + ck_assert(ret >= 0); part = PART_BOOT; base_addr = WOLFBOOT_PARTITION_BOOT_ADDRESS; home_off = PART_BOOT_ENDFLAGS - PART_UPDATE_ENDFLAGS; #endif - ret = mmap_file("/tmp/wolfboot-unit-swap.bin", MOCK_ADDRESS_SWAP, + ret = mmap_file("/tmp/wolfboot-unit-swap.bin", (void *)MOCK_ADDRESS_SWAP, WOLFBOOT_SECTOR_SIZE, NULL); - fail_if(ret < 0); + ck_assert(ret >= 0); /* Sanity */ - fail_if(home_off > WOLFBOOT_SECTOR_SIZE); + ck_assert(home_off <= WOLFBOOT_SECTOR_SIZE); /* unlock the flash to allow operations */ hal_flash_unlock(); /* Check swap erase */ wolfBoot_erase_partition(PART_SWAP); - fail_if(erased_swap != 1); + ck_assert(erased_swap == 1); for (i = 0; i < WOLFBOOT_SECTOR_SIZE; i+=4) { - uint32_t *word = ((uint32_t *)(WOLFBOOT_PARTITION_SWAP_ADDRESS + i)); - fail_if(*word != 0xFFFFFFFF); + uint32_t *word = ((uint32_t *)((uintptr_t)WOLFBOOT_PARTITION_SWAP_ADDRESS + i)); + ck_assert(*word == 0xFFFFFFFF); } erased_update = 0; wolfBoot_erase_partition(part); #ifndef FLAGS_HOME - fail_if(erased_update != 1); + ck_assert(erased_update == 1); #else - fail_if(erased_boot != 1); + ck_assert(erased_boot == 1); #endif /* Erased flag sectors: select '0' by default */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select default fresh sector\n"); + ck_assert_msg(ret == 0, "Failed to select default fresh sector\n"); /* Force a good 'magic' at the end of sector 1 by setting the magic word */ wolfBoot_set_partition_state(PART_UPDATE, IMG_STATE_NEW); magic = get_partition_magic(PART_UPDATE); - fail_if(*magic != *boot_word, + ck_assert_msg(*magic == *boot_word, "Failed to read back 'BOOT' trailer at the end of the partition"); /* Current selected should now be 1 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select good fresh sector\n"); + ck_assert_msg(ret == 1, "Failed to select good fresh sector\n"); erased_nvm_bank1 = 0; erased_nvm_bank0 = 0; @@ -110,37 +110,37 @@ START_TEST (test_nvm_select_fresh_sector) /* Current selected should now be 0 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank1 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 0, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank1 > 0, "Did not erase the non-selected bank"); erased_nvm_bank1 = 0; erased_nvm_bank0 = 0; /* Check state is read back correctly */ ret = wolfBoot_get_partition_state(PART_UPDATE, &st); - fail_if(ret != 0, "Failed to read back state\n"); - fail_if(st != IMG_STATE_UPDATING, "Bootloader in the wrong state\n"); + ck_assert_msg(ret == 0, "Failed to read back state\n"); + ck_assert_msg(st == IMG_STATE_UPDATING, "Bootloader in the wrong state\n"); /* Check that reading did not change the current sector */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select right sector after reading\n"); + ck_assert_msg(ret == 0, "Failed to select right sector after reading\n"); /* Update one sector flag, it should change nvm sector */ wolfBoot_set_update_sector_flag(0, SECT_FLAG_SWAPPING); /* Current selected should now be 1 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank0 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 1, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank0 > 0, "Did not erase the non-selected bank"); /* Check sector state is read back correctly */ ret = wolfBoot_get_update_sector_flag(0, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); /* Check that reading did not change the current sector (1) */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select right sector after reading sector state\n"); + ck_assert_msg(ret == 1, "Failed to select right sector after reading sector state\n"); /* Update sector flag, again. it should change nvm sector */ erased_nvm_bank1 = 0; @@ -149,17 +149,17 @@ START_TEST (test_nvm_select_fresh_sector) /* Current selected should now be 0 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank1 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 0, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank1 > 0, "Did not erase the non-selected bank"); /* Check sector state is read back correctly */ ret = wolfBoot_get_update_sector_flag(0, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_UPDATED, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_UPDATED, "Wrong sector flag state\n"); /* Check that reading did not change the current sector (0) */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select right sector after reading sector state\n"); + ck_assert_msg(ret == 0, "Failed to select right sector after reading sector state\n"); /* Update sector flag, again. it should change nvm sector */ erased_nvm_bank1 = 0; @@ -168,17 +168,17 @@ START_TEST (test_nvm_select_fresh_sector) /* Current selected should now be 1 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank0 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 1, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank0 > 0, "Did not erase the non-selected bank"); /* Check sector state is read back correctly */ ret = wolfBoot_get_update_sector_flag(1, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); /* Check that reading did not change the current sector (1) */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select right sector after reading sector state\n"); + ck_assert_msg(ret == 1, "Failed to select right sector after reading sector state\n"); /* Update sector flag, again. it should change nvm sector */ erased_nvm_bank1 = 0; @@ -186,19 +186,19 @@ START_TEST (test_nvm_select_fresh_sector) wolfBoot_set_update_sector_flag(1, SECT_FLAG_UPDATED); /* Copy flags from 0 to 1 */ - src = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off)); - dst = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off + WOLFBOOT_SECTOR_SIZE)); + src = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off)); + dst = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off + WOLFBOOT_SECTOR_SIZE)); for (i = 0; i < 8; i++) dst[i] = src[i]; /* Force-erase 4B of sector flags in 0 */ - dst = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off)); + dst = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off)); for (i = 0; i < 4; i++) dst[i] = 0xFF; /* This should fall back to 1 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select most recent sector after deleting flags\n"); + ck_assert_msg(ret == 1, "Failed to select most recent sector after deleting flags\n"); /* Start over, update some sector flags */ wolfBoot_erase_partition(PART_UPDATE); @@ -208,46 +208,46 @@ START_TEST (test_nvm_select_fresh_sector) wolfBoot_set_update_sector_flag(3, SECT_FLAG_UPDATED); wolfBoot_set_update_sector_flag(4, SECT_FLAG_SWAPPING); st = IMG_STATE_UPDATING; - wolfBoot_set_partition_state(PART_UPDATE, &st); + wolfBoot_set_partition_state(PART_UPDATE, (uintptr_t)&st); /* Current selected should now be 1 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank0 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 1, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank0 > 0, "Did not erase the non-selected bank"); /* Check sector state is read back correctly */ for (i = 0; i < 4; i++) { ret = wolfBoot_get_update_sector_flag(i, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_UPDATED, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_UPDATED, "Wrong sector flag state\n"); } ret = wolfBoot_get_update_sector_flag(4, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_SWAPPING, "Wrong sector flag state\n"); /* Check that reading did not change the current sector (1) */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 1, "Failed to select right sector after reading sector state\n"); + ck_assert_msg(ret == 1, "Failed to select right sector after reading sector state\n"); /* Copy flags from 1 to 0 */ - src = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off + WOLFBOOT_SECTOR_SIZE)); - dst = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off)); + src = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off + WOLFBOOT_SECTOR_SIZE)); + dst = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off)); for (i = 0; i < 8; i++) dst[i] = src[i]; /* Force to F0 last sector flag in 0, so that the sector '4' is 'updated' */ - dst = (uint8_t *)(base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off)); + dst = (uint8_t *)((uintptr_t)base_addr + WOLFBOOT_PARTITION_SIZE - (8 + home_off)); dst[0] = 0xF0; /* Check if still there */ ret = wolfBoot_get_update_sector_flag(4, &st); - fail_if (ret != 0, "Failed to read sector flag state\n"); - fail_if (st != SECT_FLAG_UPDATED, "Wrong sector flag state\n"); + ck_assert_msg(ret == 0, "Failed to read sector flag state\n"); + ck_assert_msg(st == SECT_FLAG_UPDATED, "Wrong sector flag state\n"); /* This should fall back to 0 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select most recent sector after deleting flags\n"); + ck_assert_msg(ret == 0, "Failed to select most recent sector after deleting flags\n"); /* Erase partition and start over */ @@ -255,13 +255,13 @@ START_TEST (test_nvm_select_fresh_sector) erased_boot = 0; wolfBoot_erase_partition(part); #ifndef FLAGS_HOME - fail_if(erased_update != 1); + ck_assert(erased_update == 1); #else - fail_if(erased_boot != 1); + ck_assert(erased_boot == 1); #endif ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select right sector after reading sector state\n"); + ck_assert_msg(ret == 0, "Failed to select right sector after reading sector state\n"); /* re-lock the flash: update_trigger implies unlocking/locking */ hal_flash_lock(); @@ -271,15 +271,15 @@ START_TEST (test_nvm_select_fresh_sector) /* Current selected should now be 0 */ ret = nvm_select_fresh_sector(PART_UPDATE); - fail_if(ret != 0, "Failed to select updating fresh sector\n"); - fail_if(erased_nvm_bank1 == 0, "Did not erase the non-selected bank"); + ck_assert_msg(ret == 0, "Failed to select updating fresh sector\n"); + ck_assert_msg(erased_nvm_bank1 > 0, "Did not erase the non-selected bank"); magic = get_partition_magic(PART_UPDATE); - fail_if(*magic != *boot_word, + ck_assert_msg(*magic == *boot_word, "Failed to read back 'BOOT' trailer at the end of the partition"); /* Sanity check at the end of the operations. */ - fail_unless(locked, "The FLASH was left unlocked.\n"); + ck_assert_msg(locked, "The FLASH was left unlocked.\n"); } diff --git a/tools/unit-tests/unit-parser.c b/tools/unit-tests/unit-parser.c index b275dc144..776dc0967 100644 --- a/tools/unit-tests/unit-parser.c +++ b/tools/unit-tests/unit-parser.c @@ -26,8 +26,8 @@ /* Must also define DEBUG_WOLFSSL in user_settings.h */ #define WOLFBOOT_HASH_SHA256 #define IMAGE_HEADER_SIZE 256 -#define UNIT_TEST -#define WC_NO_HARDEN +#define WC_RSA_BLINDING +#define ECC_TIMING_RESISTANT #include #include "libwolfboot.c" #include @@ -47,12 +47,12 @@ int hal_flash_erase(haladdr_t address, int len) } void hal_flash_unlock(void) { - fail_unless(locked, "Double unlock detected\n"); + ck_assert_msg(locked, "Double unlock detected\n"); locked--; } void hal_flash_lock(void) { - fail_if(locked, "Double lock detected\n"); + ck_assert_msg(!locked, "Double lock detected\n"); locked++; } @@ -181,21 +181,21 @@ START_TEST (test_parser_sunny) int i; /* Check version */ - fail_if(wolfBoot_find_header(test_buffer + 8, HDR_VERSION, &p) != 4, "Parser error: cannot locate version"); - fail_if((p[0] != 0x0d) || (p[1] != 0x0c) || (p[2] != 0x0b) || (p[3] != 0x0a), "Parser error: version doesn't match"); + ck_assert_msg(wolfBoot_find_header(test_buffer + 8, HDR_VERSION, &p) == 4, "Parser error: cannot locate version"); + ck_assert_msg((p[0] == 0x0d) && (p[1] == 0x0c) && (p[2] == 0x0b) && (p[3] == 0x0a), "Parser error: version doesn't match"); /* Check timestamp */ - fail_if(wolfBoot_find_header(test_buffer + 8, HDR_TIMESTAMP, &p) != 8, "Parser error: cannot locate timestamp"); - fail_if((p[0] != 0x07) || (p[1] != 0x06) || (p[2] != 0x05) || (p[3] != 0x04), "Parser error: timestamp doesn't match"); - fail_if((p[4] != 0x03) || (p[5] != 0x02) || (p[6] != 0x01) || (p[7] != 0x00), "Parser error: timestamp doesn't match"); + ck_assert_msg(wolfBoot_find_header(test_buffer + 8, HDR_TIMESTAMP, &p) == 8, "Parser error: cannot locate timestamp"); + ck_assert_msg((p[0] == 0x07) && (p[1] == 0x06) && (p[2] == 0x05) && (p[3] == 0x04), "Parser error: timestamp doesn't match"); + ck_assert_msg((p[4] == 0x03) && (p[5] == 0x02) && (p[6] == 0x01) && (p[7] == 0x00), "Parser error: timestamp doesn't match"); /* Check sha256 field */ - fail_if(wolfBoot_find_header(test_buffer + 8, HDR_SHA256, &p) != 32, "Parser error: cannot locate hash"); + ck_assert_msg(wolfBoot_find_header(test_buffer + 8, HDR_SHA256, &p) == 32, "Parser error: cannot locate hash"); for (i = 0; i < 32; i++) - fail_unless(p[i] == i, "Parser error: hash does not match"); + ck_assert_msg(p[i] == i, "Parser error: hash does not match"); /* Check non-existing field */ - fail_if(wolfBoot_find_header(test_buffer + 8, HDR_SHA3_384, &p) != 0, "Parser error: found a non-existing field"); + ck_assert_msg(wolfBoot_find_header(test_buffer + 8, HDR_SHA3_384, &p) == 0, "Parser error: found a non-existing field"); } END_TEST @@ -211,14 +211,14 @@ START_TEST (test_parser_borders) bad_buff[257] = 0x00; bad_buff[258] = 0x04; bad_buff[259] = 0x00; - fail_if(wolfBoot_find_header(bad_buff + 8, HDR_VERSION, &p) != 0, "Parser error: accessing version field out of bounds"); + ck_assert_msg(wolfBoot_find_header(bad_buff + 8, HDR_VERSION, &p) == 0, "Parser error: accessing version field out of bounds"); /* Single field too large */ bad_buff[8] = 0x02; bad_buff[9] = 0x00; bad_buff[10] = 0xF8; bad_buff[11] = 0x00; - fail_if(wolfBoot_find_header(bad_buff + 8, HDR_VERSION, &p) != 0, "Parser error: accessing version field out of bounds"); + ck_assert_msg(wolfBoot_find_header(bad_buff + 8, HDR_VERSION, &p) == 0, "Parser error: accessing version field out of bounds"); /* Second field too large */ bad_buff[8] = 0x01; @@ -233,11 +233,11 @@ START_TEST (test_parser_borders) bad_buff[17] = 0x00; bad_buff[18] = 0xf0; /** Timestamp field too large **/ bad_buff[19] = 0x00; - fail_if(wolfBoot_find_header(bad_buff + 8, HDR_TIMESTAMP, &p) != 0, "Parser error: accessing version field out of bounds"); + ck_assert_msg(wolfBoot_find_header(bad_buff + 8, HDR_TIMESTAMP, &p) == 0, "Parser error: accessing version field out of bounds"); /* High memory access */ - fail_if(wolfBoot_find_header(((void *)(0 - 0xF8)), HDR_VERSION, &p) != 0); - fail_if(wolfBoot_find_header(((void *)(0 - 0x10)), HDR_VERSION, &p) != 0); + ck_assert(wolfBoot_find_header(((void *)(0 - 0xF8)), HDR_VERSION, &p) == 0); + ck_assert(wolfBoot_find_header(((void *)(0 - 0x10)), HDR_VERSION, &p) == 0); } END_TEST @@ -247,15 +247,15 @@ START_TEST (test_parser_blobs) uint32_t ver; uint16_t type; ver = wolfBoot_get_blob_version(test_buffer); - fail_unless(ver == 0x0a0b0c0d, "Parser error: version does not match"); + ck_assert_msg(ver == 0x0a0b0c0d, "Parser error: version does not match"); type = wolfBoot_get_blob_type(test_buffer_with_type); - fail_unless(type == 0xDDEE, "Wrong image type"); + ck_assert_msg(type == 0xDDEE, "Wrong image type"); type = wolfBoot_get_blob_type(test_buffer); - fail_unless(type == 0, "Reading non-existing version: failed to report error"); + ck_assert_msg(type == 0, "Reading non-existing version: failed to report error"); ver = wolfBoot_get_blob_diffbase_version(test_buffer_with_diffbase); - fail_unless(ver == 0x01020304, "Wrong delta base version parsed"); + ck_assert_msg(ver == 0x01020304, "Wrong delta base version parsed"); } END_TEST diff --git a/tools/unit-tests/unit-pkcs11_store.c b/tools/unit-tests/unit-pkcs11_store.c new file mode 100644 index 000000000..0dd066867 --- /dev/null +++ b/tools/unit-tests/unit-pkcs11_store.c @@ -0,0 +1,290 @@ +/* unit-pkcs11_store.c + * + * Unit test for PKCS11 storage module + * + * + * Copyright (C) 2024 wolfSSL Inc. + * + * This file is part of wolfBoot. + * + * wolfBoot is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfBoot is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Option to enable sign tool debugging */ +/* Must also define DEBUG_WOLFSSL in user_settings.h */ +#define WOLFBOOT_HASH_SHA256 +#define EXT_FLASH +#define PART_UPDATE_EXT +#define NVM_FLASH_WRITEONCE + +#if defined(ENCRYPT_WITH_AES256) || defined(ENCRYPT_WITH_AES128) + #define WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_DIRECT +#endif +#if defined(ENCRYPT_WITH_AES256) + #define WOLFSSL_AES_256 +#endif +#if defined(ENCRYPT_WITH_CHACHA) + #define HAVE_CHACHA +#endif +#define ECC_TIMING_RESISTANT + +#define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ECC256 + + +#include +#include +#include +#include +#include +#define XMALLOC_OVERRIDE +#define XMALLOC(n,h,t) malloc(n) +#define XFREE(p,h,t) free(p) + +#include "user_settings.h" +#include "wolfssl/wolfcrypt/sha.h" +#include "wolfboot/wolfboot.h" +#include "wolfpkcs11/pkcs11.h" +#include "hal.h" +#include +#include +#include + +#define MOCK_ADDRESS 0xCF000000 +uint8_t *vault_base = (uint8_t *)MOCK_ADDRESS; +#include "unit-keystore.c" +#include "pkcs11_store.c" +const uint32_t keyvault_size = KEYVAULT_OBJ_SIZE * KEYVAULT_MAX_ITEMS + 2 * WOLFBOOT_SECTOR_SIZE; +#include "unit-mock-flash.c" + +#include "txt_filler.h" + +char dante_filler[KEYVAULT_OBJ_SIZE] = DANTE_FILLER; + +START_TEST (test_store_and_load_objs) { + CK_ULONG id_tok, id_obj; + int type; + int ret, readonly; + void *store = NULL; + char secret1[] = "Everyone gets Friday off."; + char secret2[] = "This is just a test string."; + char short_string[] = "Short string"; + char secret_rd[KEYVAULT_OBJ_SIZE]; + + type = DYNAMIC_TYPE_ECC; + id_tok = 1; + id_obj = 12; + readonly = 0; + ret = mmap_file("/tmp/wolfboot-unit-keyvault.bin", vault_base, + keyvault_size, NULL); + ck_assert(ret == 0); + memset(vault_base, 0xEE, keyvault_size); + /* Open the vault, create the object */ + fprintf(stderr, "Opening the vault\n"); + printf("Flash Keyvault: %p\n", vault_base); + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to open the vault: %d", ret); + ck_assert_msg(store != NULL, "Did not receive a store address"); + fprintf(stderr, "open successful\n"); + + /* Test two subsequent writes */ + ret = wolfPKCS11_Store_Write(store, secret1, strlen(secret1) + 1); + ck_assert_int_eq(ret, strlen(secret1) + 1); + ret = wolfPKCS11_Store_Write(store, secret2, strlen(secret2) + 1); + ck_assert_int_eq(ret, strlen(secret2) + 1); + wolfPKCS11_Store_Close(store); + printf("Closed vault. Reopening in RO mode\n"); + + /* Reopen for reading */ + readonly = 1; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to reopen the vault in read-only mode: %d", ret); + + /* Read out the content */ + ret = wolfPKCS11_Store_Read(store, secret_rd, 128); + ck_assert(ret == strlen(secret1) + strlen(secret2) + 2); + ck_assert(strcmp(secret1, secret_rd) == 0); + ck_assert(strcmp(secret2, secret_rd + 1 + strlen(secret1)) == 0); + wolfPKCS11_Store_Close(store); + + /* Create a second object with same Ids, different type*/ + type = DYNAMIC_TYPE_RSA; + readonly = 0; + fprintf(stderr, "Opening the second vault\n"); + printf("Flash Keyvault: %p\n", vault_base); + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to open the 2nd vault: %d", ret); + ck_assert_msg(store != NULL, "Did not receive a store address for 2nd vault"); + fprintf(stderr, "open 2 successful\n"); + ret = wolfPKCS11_Store_Write(store, secret2, strlen(secret2) + 1); + wolfPKCS11_Store_Close(store); + + /* Reopen for reading */ + readonly = 1; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to reopen the vault in read-only mode: %d", ret); + /* Read out the content */ + ret = wolfPKCS11_Store_Read(store, secret_rd, 128); + ck_assert(ret == strlen(secret2) + 1); + ck_assert(strcmp(secret2, secret_rd) == 0); + wolfPKCS11_Store_Close(store); + + /* Create more similar objects, different secret */ + type = DYNAMIC_TYPE_RSA; + id_tok = 2; + id_obj = 22; + readonly = 0; + fprintf(stderr, "Creating one more vault\n"); + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to create vault: %d", ret); + ck_assert_msg(store != NULL, "Did not receive a store address for vault"); + fprintf(stderr, "open 2 successful\n"); + ret = wolfPKCS11_Store_Write(store, secret1, strlen(secret1) + 1); + + id_tok = 3; + id_obj = 23; + readonly = 0; + fprintf(stderr, "Creating one more vault\n"); + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to create vault: %d", ret); + ck_assert_msg(store != NULL, "Did not receive a store address for vault"); + fprintf(stderr, "open 2 successful\n"); + ret = wolfPKCS11_Store_Write(store, secret1, strlen(secret1) + 1); + wolfPKCS11_Store_Close(store); + + /* Reopen for reading */ + id_tok = 1; + id_obj = 12; + readonly = 1; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to reopen the vault in read-only mode: %d", ret); + /* Read out the content */ + ret = wolfPKCS11_Store_Read(store, secret_rd, 128); + ck_assert(ret == strlen(secret2) + 1); + ck_assert(strcmp(secret2, secret_rd) == 0); + wolfPKCS11_Store_Close(store); + + /* Open non-existing vaults */ + id_tok = 5; + readonly = 1; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret != 0, "Returned with success with invalid id_tok %d", id_tok); + id_tok = 2; + id_obj = 0; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret != 0, "Returned with success with invalid id_obj %d", id_obj); + type = 0xFF; + id_tok = 2; + id_obj = 23; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret != 0, "Returned with success with invalid type %d", type); + + /* Test backup recovery for allocation table */ + memset(vault_base, 0xEE, WOLFBOOT_SECTOR_SIZE); + type = DYNAMIC_TYPE_RSA; + id_tok = 1; + id_obj = 12; + readonly = 1; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to reopen the vault recovering from alloc table backup: %d", ret); + /* Read out the content */ + ret = wolfPKCS11_Store_Read(store, secret_rd, 128); + ck_assert(ret == strlen(secret2) + 1); + ck_assert(strcmp(secret2, secret_rd) == 0); + wolfPKCS11_Store_Close(store); + + /* Test backup recovery for object sector */ + printf("Test recovery sector...\n"); + memcpy(vault_base + WOLFBOOT_SECTOR_SIZE, vault_base + 0x1800, + WOLFBOOT_SECTOR_SIZE); + memset(vault_base + 0x1800, 0xEE, WOLFBOOT_SECTOR_SIZE); + id_tok = 1; + id_obj = 12; + readonly = 1; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to reopen the vault recovering from object sector backup: %d", ret); + /* Read out the content */ + ret = wolfPKCS11_Store_Read(store, secret_rd, 128); + ck_assert(ret == strlen(secret2) + 1); + ck_assert(strcmp(secret2, secret_rd) == 0); + wolfPKCS11_Store_Close(store); + + /* Test with very large payload */ + type = DYNAMIC_TYPE_RSA; + id_tok = 3; + id_obj = 33; + readonly = 0; + fprintf(stderr, "Creating one BIG vault\n"); + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to create vault: %d", ret); + ck_assert_msg(store != NULL, "Did not receive a store address for vault"); + fprintf(stderr, "open 3.33 successful\n"); + ret = wolfPKCS11_Store_Write(store, dante_filler, strlen(dante_filler) + 1); + wolfPKCS11_Store_Close(store); + + /* Reopen for reading */ + readonly = 1; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to reopen the vault in read-only mode: %d", ret); + /* Read out the content */ + memset(secret_rd, 0, KEYVAULT_OBJ_SIZE); + ret = wolfPKCS11_Store_Read(store, secret_rd, KEYVAULT_OBJ_SIZE); + ck_assert(ret == KEYVAULT_OBJ_SIZE - 8); + ck_assert(strncmp(dante_filler, secret_rd, KEYVAULT_OBJ_SIZE - 8) == 0); + wolfPKCS11_Store_Close(store); + + /* Reopen for writing, test truncate */ + readonly = 0; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to create vault: %d", ret); + ck_assert_msg(store != NULL, "Did not receive a store address for vault"); + fprintf(stderr, "open 3.33 successful\n"); + ret = wolfPKCS11_Store_Write(store, short_string, strlen(short_string) + 1); + wolfPKCS11_Store_Close(store); + + /* Reopen for reading */ + readonly = 1; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_msg(ret == 0, "Failed to reopen the vault in read-only mode: %d", ret); + /* Read out the content */ + memset(secret_rd, 0, KEYVAULT_OBJ_SIZE); + ret = wolfPKCS11_Store_Read(store, secret_rd, KEYVAULT_OBJ_SIZE); + ck_assert(ret == strlen(short_string) + 1); + ck_assert(strcmp(short_string, secret_rd) == 0); + wolfPKCS11_Store_Close(store); +} +END_TEST + +Suite *wolfboot_suite(void) +{ + /* Suite initialization */ + Suite *s = suite_create("wolfBoot-pkcs11-store"); + + TCase* tcase_store_and_load_objs = tcase_create("store_and_load_objs"); + tcase_add_test(tcase_store_and_load_objs, test_store_and_load_objs); + suite_add_tcase(s, tcase_store_and_load_objs); + return s; +} + +int main(void) +{ + int fails; + Suite *s = wolfboot_suite(); + SRunner *sr = srunner_create(s); + srunner_run_all(sr, CK_NORMAL); + fails = srunner_ntests_failed(sr); + srunner_free(sr); + return fails; +} diff --git a/tools/unit-tests/unit-sectorflags.c b/tools/unit-tests/unit-sectorflags.c index b3605c97a..d2570879b 100644 --- a/tools/unit-tests/unit-sectorflags.c +++ b/tools/unit-tests/unit-sectorflags.c @@ -30,13 +30,7 @@ #define EXT_FLASH 1 #define PART_UPDATE_EXT 1 #define PART_SWAP_EXT 1 - - -#define WC_NO_HARDEN - -#define WOLFSSL_USER_SETTINGS #define ENCRYPT_KEY "123456789abcdef0123456789abcdef0123456789abcdef" -#define UNIT_TEST #include #include #include @@ -65,23 +59,23 @@ int hal_flash_erase(uint32_t address, int len) } void hal_flash_unlock(void) { - fail_unless(locked, "Double unlock detected\n"); + ck_assert_msg(locked, "Double unlock detected\n"); locked--; } void hal_flash_lock(void) { - fail_if(locked, "Double lock detected\n"); + ck_assert_msg(!locked, "Double lock detected\n"); locked++; } void ext_flash_unlock(void) { - //fail_unless(ext_locked, "Double unlock detected\n"); + //ck_assert_msg(ext_locked, "Double unlock detected\n"); ext_locked--; } void ext_flash_lock(void) { - //fail_if(ext_locked, "Double lock detected\n"); + //ck_assert_msg(!ext_locked, "Double lock detected\n"); ext_locked++; } diff --git a/tools/unit-tests/unit-update-flash.c b/tools/unit-tests/unit-update-flash.c index 877c99b3c..c37fa7684 100644 --- a/tools/unit-tests/unit-update-flash.c +++ b/tools/unit-tests/unit-update-flash.c @@ -20,14 +20,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#define WOLFBOOT_HASH_SHA256 +#ifndef WOLFBOOT_HASH_SHA256 + #define WOLFBOOT_HASH_SHA256 +#endif #define IMAGE_HEADER_SIZE 256 -#define UNIT_TEST -#define WC_NO_HARDEN #define MOCK_ADDRESS_UPDATE 0xCC000000 #define MOCK_ADDRESS_BOOT 0xCD000000 #define MOCK_ADDRESS_SWAP 0xCE000000 - #define TEST_SIZE_SMALL 5300 #define TEST_SIZE_LARGE 9800 @@ -35,6 +34,7 @@ #include #include +#include "user_settings.h" #include "wolfboot/wolfboot.h" #include "libwolfboot.c" #include "update_flash.c" @@ -51,7 +51,7 @@ const char *argv0; Suite *wolfboot_suite(void); int wolfBoot_staged_ok = 0; -uint32_t *wolfBoot_stage_address = (uint32_t *) 0xFFFFFFFF; +const uint32_t *wolfBoot_stage_address = (uint32_t *) 0xFFFFFFFF; void do_boot(const uint32_t *address) { @@ -73,15 +73,15 @@ static void reset_mock_stats(void) static void prepare_flash(void) { int ret; - ret = mmap_file("/tmp/wolfboot-unit-ext-file.bin", MOCK_ADDRESS_UPDATE, + ret = mmap_file("/tmp/wolfboot-unit-ext-file.bin", (void *)MOCK_ADDRESS_UPDATE, WOLFBOOT_PARTITION_SIZE, NULL); - fail_if(ret < 0); - ret = mmap_file("/tmp/wolfboot-unit-int-file.bin", MOCK_ADDRESS_BOOT, + ck_assert(ret >= 0); + ret = mmap_file("/tmp/wolfboot-unit-int-file.bin", (void *)MOCK_ADDRESS_BOOT, WOLFBOOT_PARTITION_SIZE, NULL); - fail_if(ret < 0); - ret = mmap_file("/tmp/wolfboot-unit-swap.bin", MOCK_ADDRESS_SWAP, + ck_assert(ret >= 0); + ret = mmap_file("/tmp/wolfboot-unit-swap.bin", (void *)MOCK_ADDRESS_SWAP, WOLFBOOT_SECTOR_SIZE, NULL); - fail_if(ret < 0); + ck_assert(ret >= 0); hal_flash_unlock(); hal_flash_erase(WOLFBOOT_PARTITION_BOOT_ADDRESS, WOLFBOOT_PARTITION_SIZE); hal_flash_erase(WOLFBOOT_PARTITION_UPDATE_ADDRESS, WOLFBOOT_PARTITION_SIZE); @@ -90,9 +90,9 @@ static void prepare_flash(void) static void cleanup_flash(void) { - munmap(MOCK_ADDRESS_UPDATE, WOLFBOOT_PARTITION_SIZE); - munmap(MOCK_ADDRESS_BOOT, WOLFBOOT_PARTITION_SIZE); - munmap(MOCK_ADDRESS_SWAP, WOLFBOOT_SECTOR_SIZE); + munmap((void *)MOCK_ADDRESS_UPDATE, WOLFBOOT_PARTITION_SIZE); + munmap((void *)MOCK_ADDRESS_BOOT, WOLFBOOT_PARTITION_SIZE); + munmap((void *)MOCK_ADDRESS_SWAP, WOLFBOOT_SECTOR_SIZE); } @@ -102,7 +102,7 @@ static int add_payload(uint8_t part, uint32_t version, uint32_t size) uint32_t word; uint16_t word16; int i; - uint8_t *base = WOLFBOOT_PARTITION_BOOT_ADDRESS; + uint8_t *base = (uint8_t *)(uintptr_t)WOLFBOOT_PARTITION_BOOT_ADDRESS; int ret; wc_Sha256 sha; uint8_t digest[SHA256_DIGEST_SIZE]; @@ -113,27 +113,27 @@ static int add_payload(uint8_t part, uint32_t version, uint32_t size) if (part == PART_UPDATE) - base = WOLFBOOT_PARTITION_UPDATE_ADDRESS; + base = (uint8_t *)(uintptr_t)WOLFBOOT_PARTITION_UPDATE_ADDRESS; srandom(part); /* Ensure reproducible "random" image */ hal_flash_unlock(); - hal_flash_write(base, "WOLF", 4); + hal_flash_write((uintptr_t)base, "WOLF", 4); printf("Written magic: \"WOLF\"\n"); - hal_flash_write(base + 4, &size, 4); + hal_flash_write((uintptr_t)base + 4, (void *)&size, 4); printf("Written size: %u\n", size); /* Headers */ word = 4 << 16 | HDR_VERSION; - hal_flash_write(base + 8, &word, 4); - hal_flash_write(base + 12, &version, 4); + hal_flash_write((uintptr_t)base + 8, (void *)&word, 4); + hal_flash_write((uintptr_t)base + 12, (void *)&version, 4); printf("Written version: %u\n", version); word = 2 << 16 | HDR_IMG_TYPE; - hal_flash_write(base + 16, &word, 4); + hal_flash_write((uintptr_t)base + 16, (void *)&word, 4); word16 = HDR_IMG_TYPE_AUTH_NONE | HDR_IMG_TYPE_APP; - hal_flash_write(base + 20, &word16, 2); + hal_flash_write((uintptr_t)base + 20, (void *)&word16, 2); printf("Written img_type: %04X\n", word16); /* Add 28B header to sha calculation */ @@ -145,7 +145,7 @@ static int add_payload(uint8_t part, uint32_t version, uint32_t size) size += IMAGE_HEADER_SIZE; for (i = IMAGE_HEADER_SIZE; i < size; i+=4) { uint32_t word = (random() << 16) | random(); - hal_flash_write(base + i, &word, 4); + hal_flash_write((uintptr_t)base + i, (void *)&word, 4); } for (i = IMAGE_HEADER_SIZE; i < size; i+= WOLFBOOT_SHA_BLOCK_SIZE) { int len = WOLFBOOT_SHA_BLOCK_SIZE; @@ -163,8 +163,8 @@ static int add_payload(uint8_t part, uint32_t version, uint32_t size) wc_Sha256Free(&sha); word = SHA256_DIGEST_SIZE << 16 | HDR_SHA256; - hal_flash_write(base + DIGEST_TLV_OFF_IN_HDR, &word, 4); - hal_flash_write(base + DIGEST_TLV_OFF_IN_HDR + 4, digest, + hal_flash_write((uintptr_t)base + DIGEST_TLV_OFF_IN_HDR, (void *)&word, 4); + hal_flash_write((uintptr_t)base + DIGEST_TLV_OFF_IN_HDR + 4, digest, SHA256_DIGEST_SIZE); printf("SHA digest written\n"); for (i = 0; i < 32; i++) { @@ -180,8 +180,8 @@ START_TEST (test_empty_panic) reset_mock_stats(); prepare_flash(); wolfBoot_start(); - fail_if(wolfBoot_staged_ok); - fail_unless(wolfBoot_panicked); + ck_assert(!wolfBoot_staged_ok); + ck_assert(wolfBoot_panicked); cleanup_flash(); } @@ -194,9 +194,9 @@ START_TEST (test_sunnyday_noupdate) prepare_flash(); add_payload(PART_BOOT, 1, TEST_SIZE_SMALL); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 1); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 1); cleanup_flash(); } @@ -208,9 +208,9 @@ START_TEST (test_forward_update_samesize_notrigger) { add_payload(PART_BOOT, 1, TEST_SIZE_SMALL); add_payload(PART_UPDATE, 2, TEST_SIZE_SMALL); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 1); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 1); cleanup_flash(); } END_TEST @@ -222,9 +222,9 @@ START_TEST (test_forward_update_samesize) { add_payload(PART_UPDATE, 2, TEST_SIZE_SMALL); wolfBoot_update_trigger(); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 2); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 2); cleanup_flash(); } END_TEST @@ -236,9 +236,9 @@ START_TEST (test_forward_update_tolarger) { add_payload(PART_UPDATE, 2, TEST_SIZE_LARGE); wolfBoot_update_trigger(); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 2); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 2); cleanup_flash(); } END_TEST @@ -250,9 +250,9 @@ START_TEST (test_forward_update_tosmaller) { add_payload(PART_UPDATE, 2, TEST_SIZE_SMALL); wolfBoot_update_trigger(); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 2); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 2); cleanup_flash(); } END_TEST @@ -264,10 +264,10 @@ START_TEST (test_forward_update_sameversion_denied) { add_payload(PART_UPDATE, 1, TEST_SIZE_LARGE); wolfBoot_update_trigger(); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 1); - fail_if(*(uint32_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + 4) != TEST_SIZE_SMALL); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 1); + ck_assert(*(uint32_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + 4) == TEST_SIZE_SMALL); cleanup_flash(); } END_TEST @@ -279,10 +279,10 @@ START_TEST (test_update_oldversion_denied) { add_payload(PART_UPDATE, 1, TEST_SIZE_LARGE); wolfBoot_update_trigger(); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 2); - fail_if(*(uint32_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + 4) != TEST_SIZE_SMALL); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 2); + ck_assert(*(uint32_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + 4) == TEST_SIZE_SMALL); cleanup_flash(); } @@ -293,13 +293,13 @@ START_TEST (test_invalid_update_type) { add_payload(PART_BOOT, 1, TEST_SIZE_SMALL); add_payload(PART_UPDATE, 2, TEST_SIZE_SMALL); ext_flash_unlock(); - ext_flash_write(WOLFBOOT_PARTITION_UPDATE_ADDRESS + 20, &word16, 2); + ext_flash_write(WOLFBOOT_PARTITION_UPDATE_ADDRESS + 20, (void *)&word16, 2); ext_flash_lock(); wolfBoot_update_trigger(); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 1); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 1); cleanup_flash(); } @@ -311,14 +311,14 @@ START_TEST (test_update_toolarge) { add_payload(PART_UPDATE, 2, TEST_SIZE_LARGE); /* Change the size in the header to be larger than the actual size */ ext_flash_unlock(); - ext_flash_write(WOLFBOOT_PARTITION_UPDATE_ADDRESS + 4, &very_large, 4); + ext_flash_write(WOLFBOOT_PARTITION_UPDATE_ADDRESS + 4, (void *)&very_large, 4); ext_flash_lock(); wolfBoot_update_trigger(); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 1); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 1); cleanup_flash(); } @@ -335,9 +335,9 @@ START_TEST (test_invalid_sha) { ext_flash_lock(); wolfBoot_update_trigger(); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 1); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 1); cleanup_flash(); } @@ -354,9 +354,9 @@ START_TEST (test_emergency_rollback) { hal_flash_lock(); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 1); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 1); cleanup_flash(); } @@ -379,9 +379,9 @@ START_TEST (test_emergency_rollback_failure_due_to_bad_update) { ext_flash_lock(); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 2); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 2); cleanup_flash(); } @@ -390,9 +390,9 @@ START_TEST (test_empty_boot_partition_update) { prepare_flash(); add_payload(PART_UPDATE, 5, TEST_SIZE_SMALL); wolfBoot_start(); - fail_if(wolfBoot_panicked); - fail_unless(wolfBoot_staged_ok); - fail_if(wolfBoot_current_firmware_version() != 5); + ck_assert(!wolfBoot_panicked); + ck_assert(wolfBoot_staged_ok); + ck_assert(wolfBoot_current_firmware_version() == 5); cleanup_flash(); } @@ -407,8 +407,8 @@ START_TEST (test_empty_boot_but_update_sha_corrupted_denied) { ext_flash_lock(); wolfBoot_start(); /* We expect to panic */ - fail_unless(wolfBoot_panicked); - fail_if(wolfBoot_staged_ok); + ck_assert(wolfBoot_panicked); + ck_assert(!wolfBoot_staged_ok); cleanup_flash(); } diff --git a/tools/unit-tests/unit-update-ram.c b/tools/unit-tests/unit-update-ram.c index a044c8e08..8706666e8 100644 --- a/tools/unit-tests/unit-update-ram.c +++ b/tools/unit-tests/unit-update-ram.c @@ -20,17 +20,17 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#define WOLFBOOT_HASH_SHA256 +#ifndef WOLFBOOT_HASH_SHA256 + #define WOLFBOOT_HASH_SHA256 +#endif #define IMAGE_HEADER_SIZE 256 -#define UNIT_TEST -#define WC_NO_HARDEN #define MOCK_ADDRESS_UPDATE 0xCC000000 #define MOCK_ADDRESS_BOOT 0xCD000000 #define MOCK_ADDRESS_SWAP 0xCE000000 #include "target.h" static __thread unsigned char wolfboot_ram[2 * WOLFBOOT_PARTITION_SIZE + IMAGE_HEADER_SIZE]; -#define WOLFBOOT_LOAD_ADDRESS ((wolfboot_ram + IMAGE_HEADER_SIZE)) +#define WOLFBOOT_LOAD_ADDRESS (((uintptr_t)wolfboot_ram + IMAGE_HEADER_SIZE)) #define TEST_SIZE_SMALL 5300 #define TEST_SIZE_LARGE 9800 @@ -39,6 +39,7 @@ static __thread unsigned char wolfboot_ram[2 * WOLFBOOT_PARTITION_SIZE + IMAGE_H #include #include +#include "user_settings.h" #include "wolfboot/wolfboot.h" #include "libwolfboot.c" #include "update_ram.c" @@ -55,7 +56,7 @@ const char *argv0; Suite *wolfboot_suite(void); int wolfBoot_staged_ok = 0; -uint32_t *wolfBoot_stage_address = (uint32_t *) 0xFFFFFFFF; +const uint32_t *wolfBoot_stage_address = (uint32_t *) 0xFFFFFFFF; void do_boot(const uint32_t *address) { @@ -65,12 +66,12 @@ void do_boot(const uint32_t *address) return; wolfBoot_staged_ok++; wolfBoot_stage_address = address; - ck_assert_uint_eq(address, WOLFBOOT_LOAD_ADDRESS); + ck_assert_uint_eq((uintptr_t)address, WOLFBOOT_LOAD_ADDRESS); memset(&boot_image, 0, sizeof(boot_image)); printf("Called do_boot with address %p\n", address); ck_assert_uint_eq(0,wolfBoot_open_image_address(&boot_image, wolfboot_ram)); boot_image.hdr = wolfboot_ram; - boot_image.fw_base = WOLFBOOT_LOAD_ADDRESS; + boot_image.fw_base = (void *)(uintptr_t)WOLFBOOT_LOAD_ADDRESS; boot_image.part = 0; boot_image.not_ext = 1; ck_assert_uint_eq(0,wolfBoot_verify_integrity(&boot_image)); @@ -92,12 +93,12 @@ uint32_t get_version_ramloaded(void) static void prepare_flash(void) { int ret; - ret = mmap_file("/tmp/wolfboot-unit-ext-file.bin", MOCK_ADDRESS_UPDATE, + ret = mmap_file("/tmp/wolfboot-unit-ext-file.bin", (void *)(uintptr_t)MOCK_ADDRESS_UPDATE, WOLFBOOT_PARTITION_SIZE + IMAGE_HEADER_SIZE, NULL); - fail_if(ret < 0); - ret = mmap_file("/tmp/wolfboot-unit-int-file.bin", MOCK_ADDRESS_BOOT, + ck_assert(ret >= 0); + ret = mmap_file("/tmp/wolfboot-unit-int-file.bin", (void *)(uintptr_t)MOCK_ADDRESS_BOOT, WOLFBOOT_PARTITION_SIZE + IMAGE_HEADER_SIZE, NULL); - fail_if(ret < 0); + ck_assert(ret >= 0); ext_flash_unlock(); ext_flash_erase(WOLFBOOT_PARTITION_BOOT_ADDRESS, WOLFBOOT_PARTITION_SIZE + IMAGE_HEADER_SIZE); ext_flash_erase(WOLFBOOT_PARTITION_UPDATE_ADDRESS, WOLFBOOT_PARTITION_SIZE + IMAGE_HEADER_SIZE); @@ -106,8 +107,8 @@ static void prepare_flash(void) static void cleanup_flash(void) { - munmap(WOLFBOOT_PARTITION_BOOT_ADDRESS, WOLFBOOT_PARTITION_SIZE + IMAGE_HEADER_SIZE); - munmap(WOLFBOOT_PARTITION_UPDATE_ADDRESS, WOLFBOOT_PARTITION_SIZE + IMAGE_HEADER_SIZE); + munmap((void *)WOLFBOOT_PARTITION_BOOT_ADDRESS, WOLFBOOT_PARTITION_SIZE + IMAGE_HEADER_SIZE); + munmap((void *)WOLFBOOT_PARTITION_UPDATE_ADDRESS, WOLFBOOT_PARTITION_SIZE + IMAGE_HEADER_SIZE); } @@ -117,7 +118,7 @@ static int add_payload(uint8_t part, uint32_t version, uint32_t size) uint32_t word; uint16_t word16; int i; - uint8_t *base = WOLFBOOT_PARTITION_BOOT_ADDRESS; + uint8_t *base = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS; int ret; wc_Sha256 sha; uint8_t digest[SHA256_DIGEST_SIZE]; @@ -128,27 +129,27 @@ static int add_payload(uint8_t part, uint32_t version, uint32_t size) if (part == PART_UPDATE) - base = WOLFBOOT_PARTITION_UPDATE_ADDRESS; + base = (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS; srandom(part); /* Ensure reproducible "random" image */ ext_flash_unlock(); - ext_flash_write(base, "WOLF", 4); + ext_flash_write((uintptr_t)base, "WOLF", 4); printf("Written magic: \"WOLF\"\n"); - ext_flash_write(base + 4, &size, 4); + ext_flash_write((uintptr_t)base + 4, (void *)&size, 4); printf("Written size: %u\n", size); /* Headers */ word = 4 << 16 | HDR_VERSION; - ext_flash_write(base + 8, &word, 4); - ext_flash_write(base + 12, &version, 4); + ext_flash_write((uintptr_t)base + 8, (void *)&word, 4); + ext_flash_write((uintptr_t)base + 12, (void *)&version, 4); printf("Written version: %u\n", version); word = 2 << 16 | HDR_IMG_TYPE; - ext_flash_write(base + 16, &word, 4); + ext_flash_write((uintptr_t)base + 16, (void *)&word, 4); word16 = HDR_IMG_TYPE_AUTH_NONE | HDR_IMG_TYPE_APP; - ext_flash_write(base + 20, &word16, 2); + ext_flash_write((uintptr_t)base + 20, (void *)&word16, 2); printf("Written img_type: %04X\n", word16); /* Add 28B header to sha calculation */ @@ -160,7 +161,7 @@ static int add_payload(uint8_t part, uint32_t version, uint32_t size) size += IMAGE_HEADER_SIZE; for (i = IMAGE_HEADER_SIZE; i < size; i+=4) { uint32_t word = (random() << 16) | random(); - ext_flash_write(base + i, &word, 4); + ext_flash_write((uintptr_t)base + i, (void *)&word, 4); } for (i = IMAGE_HEADER_SIZE; i < size; i+= WOLFBOOT_SHA_BLOCK_SIZE) { int len = WOLFBOOT_SHA_BLOCK_SIZE; @@ -178,8 +179,8 @@ static int add_payload(uint8_t part, uint32_t version, uint32_t size) wc_Sha256Free(&sha); word = SHA256_DIGEST_SIZE << 16 | HDR_SHA256; - ext_flash_write(base + DIGEST_TLV_OFF_IN_HDR, &word, 4); - ext_flash_write(base + DIGEST_TLV_OFF_IN_HDR + 4, digest, + ext_flash_write((uintptr_t)base + DIGEST_TLV_OFF_IN_HDR, (void *)&word, 4); + ext_flash_write((uintptr_t)base + DIGEST_TLV_OFF_IN_HDR + 4, digest, SHA256_DIGEST_SIZE); printf("SHA digest written\n"); for (i = 0; i < 32; i++) { @@ -195,7 +196,7 @@ START_TEST (test_empty_panic) reset_mock_stats(); prepare_flash(); wolfBoot_start(); - fail_if(wolfBoot_staged_ok); + ck_assert(!wolfBoot_staged_ok); cleanup_flash(); } @@ -210,8 +211,8 @@ START_TEST (test_sunnyday_noupdate) printf("*** MEM: %p\n", WOLFBOOT_LOAD_ADDRESS); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 1); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 1); cleanup_flash(); } @@ -223,8 +224,8 @@ START_TEST (test_forward_update_samesize_notrigger) { add_payload(PART_BOOT, 1, TEST_SIZE_SMALL); add_payload(PART_UPDATE, 2, TEST_SIZE_SMALL); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 1); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 1); cleanup_flash(); } END_TEST @@ -236,8 +237,8 @@ START_TEST (test_forward_update_samesize) { add_payload(PART_UPDATE, 2, TEST_SIZE_SMALL); wolfBoot_update_trigger(); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 2); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 2); cleanup_flash(); } END_TEST @@ -249,8 +250,8 @@ START_TEST (test_forward_update_tolarger) { add_payload(PART_UPDATE, 2, TEST_SIZE_LARGE); wolfBoot_update_trigger(); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 2); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 2); cleanup_flash(); } END_TEST @@ -262,8 +263,8 @@ START_TEST (test_forward_update_tosmaller) { add_payload(PART_UPDATE, 2, TEST_SIZE_SMALL); wolfBoot_update_trigger(); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 2); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 2); cleanup_flash(); } END_TEST @@ -275,9 +276,9 @@ START_TEST (test_forward_update_sameversion_denied) { add_payload(PART_UPDATE, 1, TEST_SIZE_LARGE); wolfBoot_update_trigger(); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 1); - fail_if(*(uint32_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + 4) != TEST_SIZE_SMALL); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 1); + ck_assert(*(uint32_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + 4) == TEST_SIZE_SMALL); cleanup_flash(); } END_TEST @@ -289,9 +290,9 @@ START_TEST (test_update_oldversion_denied) { add_payload(PART_UPDATE, 1, TEST_SIZE_LARGE); wolfBoot_update_trigger(); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 2); - fail_if(*(uint32_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + 4) != TEST_SIZE_SMALL); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 2); + ck_assert(*(uint32_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + 4) == TEST_SIZE_SMALL); cleanup_flash(); } @@ -302,12 +303,12 @@ START_TEST (test_invalid_update_type) { add_payload(PART_BOOT, 1, TEST_SIZE_SMALL); add_payload(PART_UPDATE, 2, TEST_SIZE_SMALL); ext_flash_unlock(); - ext_flash_write(WOLFBOOT_PARTITION_UPDATE_ADDRESS + 20, &word16, 2); + ext_flash_write(WOLFBOOT_PARTITION_UPDATE_ADDRESS + 20, (void *)&word16, 2); ext_flash_lock(); wolfBoot_update_trigger(); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 1); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 1); cleanup_flash(); } @@ -319,13 +320,13 @@ START_TEST (test_update_toolarge) { add_payload(PART_UPDATE, 2, TEST_SIZE_LARGE); /* Change the size in the header to be larger than the actual size */ ext_flash_unlock(); - ext_flash_write(WOLFBOOT_PARTITION_UPDATE_ADDRESS + 4, &very_large, 4); + ext_flash_write(WOLFBOOT_PARTITION_UPDATE_ADDRESS + 4, (void *)&very_large, 4); ext_flash_lock(); wolfBoot_update_trigger(); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 1); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 1); cleanup_flash(); } @@ -342,8 +343,8 @@ START_TEST (test_invalid_sha) { ext_flash_lock(); wolfBoot_update_trigger(); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 1); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 1); cleanup_flash(); } @@ -360,8 +361,8 @@ START_TEST (test_emergency_rollback) { ext_flash_lock(); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 1); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 1); cleanup_flash(); } @@ -384,8 +385,8 @@ START_TEST (test_emergency_rollback_failure_due_to_bad_update) { ext_flash_lock(); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 2); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 2); cleanup_flash(); } @@ -394,8 +395,8 @@ START_TEST (test_empty_boot_partition_update) { prepare_flash(); add_payload(PART_UPDATE, 5, TEST_SIZE_SMALL); wolfBoot_start(); - fail_unless(wolfBoot_staged_ok); - fail_if(get_version_ramloaded() != 5); + ck_assert(wolfBoot_staged_ok); + ck_assert(get_version_ramloaded() == 5); cleanup_flash(); } @@ -410,7 +411,7 @@ START_TEST (test_empty_boot_but_update_sha_corrupted_denied) { ext_flash_lock(); wolfBoot_start(); /* We expect to panic */ - fail_if(wolfBoot_staged_ok); + ck_assert(!wolfBoot_staged_ok); cleanup_flash(); }