eaw/esp-idf
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

app_update: Add API for getting sha256_of_partition

Browse Source 
Added bootloader_common_get_sha256_of_partition() and esp_partition_get_sha256() - get or calculate SHA-256
digest for app and data partitions.
Added bootloader_sha256_hex_to_str() - helps to print SHA-256 digest
Added esp_partition_check_identity() - compares two partitions by SHA-256 digest

Refactoring a function esp_image_load() in bootloader space to esp_image_verify() and
bootloader_load_image(). Old name function esp_image_load is deprecated
and will remove in V4.0 version.

spi_flash/sim: Fix error test_host. Add stub for bootloader_common_get_sha256_of_partition in sim/stubs
This commit is contained in:
Konstantin Kondrashov
2018-05-30 14:08:00 +05:00
parent 886bf4b88e
commit 117c79eae5
17 changed files with 354 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
components/bootloader_support/src/bootloader_common.c
View File

@@ -27,6 +27,10 @@
#include "bootloader_flash.h"
#include "bootloader_common.h"
#include "soc/gpio_periph.h"
#include "esp_image_format.h"
#include "bootloader_sha.h"
#define ESP_PARTITION_HASH_LEN 32 /* SHA-256 digest length */
static const char* TAG = "boot_comm";
@@ -145,3 +149,46 @@ bool bootloader_common_erase_part_type_data(const char *list_erase, bool ota_dat
return ret;
}
esp_err_t bootloader_common_get_sha256_of_partition (uint32_t address, uint32_t size, int type, uint8_t *out_sha_256)
{
if (out_sha_256 == NULL || size == 0) {
return ESP_ERR_INVALID_ARG;
}
if (type == PART_TYPE_APP) {
const esp_partition_pos_t partition_pos = {
.offset = address,
.size = size,
};
esp_image_metadata_t data;
// Function esp_image_verify() verifies and fills the structure data.
// here important to get: image_digest, image_len, hash_appended.
if (esp_image_verify(ESP_IMAGE_VERIFY_SILENT, &partition_pos, &data) != ESP_OK) {
return ESP_ERR_IMAGE_INVALID;
}
if (data.image.hash_appended) {
memcpy(out_sha_256, data.image_digest, ESP_PARTITION_HASH_LEN);
return ESP_OK;
}
// If image doesn't have a appended hash then hash calculates for entire image.
size = data.image_len;
}
// If image is type by data then hash is calculated for entire image.
const void *partition_bin = bootloader_mmap(address, size);
if (partition_bin == NULL) {
ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", address, size);
return ESP_FAIL;
}
bootloader_sha256_handle_t sha_handle = bootloader_sha256_start();
if (sha_handle == NULL) {
bootloader_munmap(partition_bin);
return ESP_ERR_NO_MEM;
}
bootloader_sha256_data(sha_handle, partition_bin, size);
bootloader_sha256_finish(sha_handle, out_sha_256);
bootloader_munmap(partition_bin);
return ESP_OK;
}

18
components/bootloader_support/src/bootloader_sha.c
View File

@@ -169,3 +169,21 @@ void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest
}
#endif
esp_err_t bootloader_sha256_hex_to_str(char *out_str, const uint8_t *in_array_hex, size_t len)
{
if (out_str == NULL || in_array_hex == NULL || len == 0) {
return ESP_ERR_INVALID_ARG;
}
for (int i = 0; i < len; i++) {
for (int shift = 0; shift < 2; shift++) {
uint8_t nibble = (in_array_hex[i] >> (shift ? 0 : 4)) & 0x0F;
if (nibble < 10) {
out_str[i*2+shift] = '0' + nibble;
} else {
out_str[i*2+shift] = 'a' + nibble - 10;
}
}
}
return ESP_OK;
}

3
components/bootloader_support/src/bootloader_utility.c
View File

@@ -50,6 +50,7 @@
#include "bootloader_config.h"
#include "bootloader_common.h"
#include "bootloader_utility.h"
#include "bootloader_sha.h"
static const char* TAG = "boot";
@@ -265,7 +266,7 @@ static bool try_load_partition(const esp_partition_pos_t *partition, esp_image_m
return false;
}
#ifdef BOOTLOADER_BUILD
if (esp_image_load(ESP_IMAGE_LOAD, partition, data) == ESP_OK) {
if (bootloader_load_image(partition, data) == ESP_OK) {
ESP_LOGI(TAG, "Loaded app from partition at offset 0x%x",
partition->offset);
return true;

50
components/bootloader_support/src/esp_image_format.c
View File

@@ -75,7 +75,7 @@ static esp_err_t verify_checksum(bootloader_sha256_handle_t sha_handle, uint32_t
static esp_err_t __attribute__((unused)) verify_secure_boot_signature(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data);
static esp_err_t __attribute__((unused)) verify_simple_hash(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data);
esp_err_t esp_image_load(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data)
static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data)
{
#ifdef BOOTLOADER_BUILD
bool do_load = (mode == ESP_IMAGE_LOAD);
@@ -128,7 +128,7 @@ esp_err_t esp_image_load(esp_image_load_mode_t mode, const esp_partition_pos_t *
err = verify_image_header(data->start_addr, &data->image, silent);
if (err != ESP_OK) {
goto err;
goto err;
}
if (data->image.segment_count > ESP_IMAGE_MAX_SEGMENTS) {
@@ -189,6 +189,17 @@ goto err;
bootloader_sha256_finish(sha_handle, NULL);
}
}
if (data->image.hash_appended) {
const void *hash = bootloader_mmap(data->start_addr + data->image_len - HASH_LEN, HASH_LEN);
if (hash == NULL) {
err = ESP_FAIL;
goto err;
}
memcpy(data->image_digest, hash, HASH_LEN);
bootloader_munmap(hash);
}
sha_handle = NULL;
if (err != ESP_OK) {
goto err;
@@ -224,6 +235,22 @@ goto err;
return err;
}
esp_err_t bootloader_load_image(const esp_partition_pos_t *part, esp_image_metadata_t *data)
{
#ifdef BOOTLOADER_BUILD
return image_load(ESP_IMAGE_LOAD, part, data);
#else
return ESP_FAIL;
#endif
}
esp_err_t esp_image_verify(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data)
{
return image_load(mode, part, data);
}
esp_err_t esp_image_load(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data) __attribute__((alias("esp_image_verify")));
static esp_err_t verify_image_header(uint32_t src_addr, const esp_image_header_t *image, bool silent)
{
esp_err_t err = ESP_OK;
@@ -446,7 +473,7 @@ esp_err_t esp_image_verify_bootloader(uint32_t *length)
.offset = ESP_BOOTLOADER_OFFSET,
.size = ESP_PARTITION_TABLE_OFFSET - ESP_BOOTLOADER_OFFSET,
};
esp_err_t err = esp_image_load(ESP_IMAGE_VERIFY,
esp_err_t err = esp_image_verify(ESP_IMAGE_VERIFY,
&bootloader_part,
&data);
if (length != NULL) {
@@ -556,18 +583,9 @@ static esp_err_t verify_simple_hash(bootloader_sha256_handle_t sha_handle, esp_i
static void debug_log_hash(const uint8_t *image_hash, const char *label)
{
#if BOOT_LOG_LEVEL >= LOG_LEVEL_DEBUG
char hash_print[sizeof(image_hash)*2 + 1];
hash_print[sizeof(image_hash)*2] = 0;
for (int i = 0; i < sizeof(image_hash); i++) {
for (int shift = 0; shift < 2; shift++) {
uint8_t nibble = (image_hash[i] >> (shift ? 0 : 4)) & 0x0F;
if (nibble < 10) {
hash_print[i*2+shift] = '0' + nibble;
} else {
hash_print[i*2+shift] = 'a' + nibble - 10;
}
}
}
ESP_LOGD(TAG, "%s: %s", label, hash_print);
char hash_print[HASH_LEN * 2 + 1];
hash_print[HASH_LEN * 2] = 0;
bootloader_sha256_hex_to_str(hash_print, image_hash, HASH_LEN);
ESP_LOGD(TAG, "%s: %s", label, hash_print);
#endif
}

2
components/bootloader_support/src/flash_encrypt.c
View File

@@ -281,7 +281,7 @@ static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partit
if (partition->type == PART_TYPE_APP) {
/* check if the partition holds a valid unencrypted app */
esp_image_metadata_t data_ignored;
err = esp_image_load(ESP_IMAGE_VERIFY,
err = esp_image_verify(ESP_IMAGE_VERIFY,
&partition->pos,
&data_ignored);
should_encrypt = (err == ESP_OK);