sign tool: encode header fields as little-endian

F/2584

Author: danielinux

tools/keytools/sign.c

@@ -211,14 +211,37 @@ static inline int fp_truncate(FILE *f, size_t len)
 #define ENC_MAX_KEY_SZ   ENCRYPT_KEY_SIZE_AES256    /* 32 */
 #define ENC_MAX_IV_SZ    ENCRYPT_NONCE_SIZE_AES     /* 16 */
 
+static void header_store_u16_le(uint8_t *dst, uint16_t val)
+{
+    dst[0] = (uint8_t)(val & 0xFFU);
+    dst[1] = (uint8_t)((val >> 8) & 0xFFU);
+}
+
+static void header_store_u32_le(uint8_t *dst, uint32_t val)
+{
+    dst[0] = (uint8_t)(val & 0xFFU);
+    dst[1] = (uint8_t)((val >> 8) & 0xFFU);
+    dst[2] = (uint8_t)((val >> 16) & 0xFFU);
+    dst[3] = (uint8_t)((val >> 24) & 0xFFU);
+}
+
+static void header_store_u64_le(uint8_t *dst, uint64_t val)
+{
+    uint32_t lo = (uint32_t)(val & 0xFFFFFFFFULL);
+    uint32_t hi = (uint32_t)(val >> 32);
+
+    header_store_u32_le(dst, lo);
+    header_store_u32_le(dst + 4, hi);
+}
+
 static void header_append_u32(uint8_t* header, uint32_t* idx, uint32_t tmp32)
 {
-    memcpy(&header[*idx], &tmp32, sizeof(tmp32));
+    header_store_u32_le(&header[*idx], tmp32);
     *idx += sizeof(tmp32);
 }
 static void header_append_u16(uint8_t* header, uint32_t* idx, uint16_t tmp16)
 {
-    memcpy(&header[*idx], &tmp16, sizeof(tmp16));
+    header_store_u16_le(&header[*idx], tmp16);
     *idx += sizeof(tmp16);
 }
 
@@ -244,6 +267,33 @@ static void header_append_tag(uint8_t* header, uint32_t* idx, uint16_t tag,
     *idx += len;
 }
 
+static void header_append_tag_u16(uint8_t *header, uint32_t *idx, uint16_t tag,
+    uint16_t val)
+{
+    uint8_t tmp[sizeof(val)];
+
+    header_store_u16_le(tmp, val);
+    header_append_tag(header, idx, tag, sizeof(val), tmp);
+}
+
+static void header_append_tag_u32(uint8_t *header, uint32_t *idx, uint16_t tag,
+    uint32_t val)
+{
+    uint8_t tmp[sizeof(val)];
+
+    header_store_u32_le(tmp, val);
+    header_append_tag(header, idx, tag, sizeof(val), tmp);
+}
+
+static void header_append_tag_u64(uint8_t *header, uint32_t *idx, uint16_t tag,
+    uint64_t val)
+{
+    uint8_t tmp[sizeof(val)];
+
+    header_store_u64_le(tmp, val);
+    header_append_tag(header, idx, tag, sizeof(val), tmp);
+}
+
 #include "../lms/lms_common.h"
 #include "../xmss/xmss_common.h"
 
@@ -1340,41 +1390,39 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
 
     /* Append Version field */
     fw_version32 = strtol(CMD.fw_version, NULL, 10);
-    header_append_tag(header, &header_idx, HDR_VERSION, HDR_VERSION_LEN,
-        &fw_version32);
+    header_append_tag_u32(header, &header_idx, HDR_VERSION, fw_version32);
 
     /* Append pad bytes, so timestamp val field is 8-byte aligned */
     ALIGN_8(header_idx);
 
     if (!CMD.no_ts) {
         /* Append Timestamp field */
         stat(image_file, &attrib);
-        header_append_tag(header, &header_idx, HDR_TIMESTAMP, HDR_TIMESTAMP_LEN,
-            &attrib.st_ctime);
+        header_append_tag_u64(header, &header_idx, HDR_TIMESTAMP,
+            (uint64_t)attrib.st_ctime);
     }
 
     /* Append Image type field */
     image_type = (uint16_t)CMD.sign & HDR_IMG_TYPE_AUTH_MASK;
     image_type |= CMD.partition_id;
     if (is_diff)
         image_type |= HDR_IMG_TYPE_DIFF;
-    header_append_tag(header, &header_idx, HDR_IMG_TYPE, HDR_IMG_TYPE_LEN,
-        &image_type);
+    header_append_tag_u16(header, &header_idx, HDR_IMG_TYPE, image_type);
 
     if (is_diff) {
         /* Append pad bytes, so fields are 4-byte aligned */
         ALIGN_4(header_idx);
-        header_append_tag(header, &header_idx, HDR_IMG_DELTA_BASE, 4,
-                &delta_base_version);
-        header_append_tag(header, &header_idx, HDR_IMG_DELTA_SIZE, 4,
-                &patch_len);
+        header_append_tag_u32(header, &header_idx, HDR_IMG_DELTA_BASE,
+            delta_base_version);
+        header_append_tag_u32(header, &header_idx, HDR_IMG_DELTA_SIZE,
+            patch_len);
 
         /* Append pad bytes, so fields are 4-byte aligned */
         ALIGN_4(header_idx);
-        header_append_tag(header, &header_idx, HDR_IMG_DELTA_INVERSE, 4,
-                &patch_inv_off);
-        header_append_tag(header, &header_idx, HDR_IMG_DELTA_INVERSE_SIZE, 4,
-                &patch_inv_len);
+        header_append_tag_u32(header, &header_idx, HDR_IMG_DELTA_INVERSE,
+            patch_inv_off);
+        header_append_tag_u32(header, &header_idx, HDR_IMG_DELTA_INVERSE_SIZE,
+            patch_inv_len);
 
         if (!CMD.no_base_sha) {
             /* Append pad bytes, so base hash is 8-byte aligned */
@@ -1535,7 +1583,8 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                     wc_Sha256Final(&sha, second_buf);
                 wc_Sha256Free(&sha);
                 /* Add Secondary cipher to header */
-                header_append_tag(header, &header_idx, HDR_SECONDARY_CIPHER, 2, &CMD.secondary_sign);
+                header_append_tag_u16(header, &header_idx,
+                    HDR_SECONDARY_CIPHER, (uint16_t)CMD.secondary_sign);
                 ALIGN_8(header_idx);
                 /* Add Secondary Pubkey Hash to header */
                 header_append_tag(header, &header_idx, HDR_SECONDARY_PUBKEY, digest_sz, second_buf);
@@ -1612,7 +1661,8 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                 if (ret == 0) {
                     wc_Sha384Final(&sha, second_buf);
                     /* Add Secondary cipher to header */
-                    header_append_tag(header, &header_idx, HDR_SECONDARY_CIPHER, 2, &CMD.secondary_sign);
+                    header_append_tag_u16(header, &header_idx,
+                        HDR_SECONDARY_CIPHER, (uint16_t)CMD.secondary_sign);
                     /* Add Secondary Pubkey Hash to header */
                     header_append_tag(header, &header_idx, HDR_SECONDARY_PUBKEY, digest_sz, second_buf);
                     DEBUG_PRINT("Secondary pubkey hash %d\n", digest_sz);
@@ -1683,7 +1733,8 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                 if (ret == 0) {
                     ret = wc_Sha3_384_Final(&sha, second_buf);
                     /* Add Secondary cipher to header */
-                    header_append_tag(header, &header_idx, HDR_SECONDARY_CIPHER, 2, &CMD.secondary_sign);
+                    header_append_tag_u16(header, &header_idx,
+                        HDR_SECONDARY_CIPHER, (uint16_t)CMD.secondary_sign);
                     header_append_tag(header, &header_idx, HDR_SECONDARY_PUBKEY, digest_sz, second_buf);
                     DEBUG_PRINT("Secondary pubkey hash %d\n", digest_sz);
                     DEBUG_BUFFER(second_buf, digest_sz);

tools/unit-tests/unit-sign-encrypted-output.c

@@ -237,6 +237,20 @@ static void assert_header_bytes(const uint8_t *image, uint16_t tag,
         "Tag 0x%04x mismatch", tag);
 }
 
+static void store_u16_le(uint8_t *dst, uint16_t val)
+{
+    dst[0] = (uint8_t)(val & 0xFFU);
+    dst[1] = (uint8_t)((val >> 8) & 0xFFU);
+}
+
+static void store_u32_le(uint8_t *dst, uint32_t val)
+{
+    dst[0] = (uint8_t)(val & 0xFFU);
+    dst[1] = (uint8_t)((val >> 8) & 0xFFU);
+    dst[2] = (uint8_t)((val >> 16) & 0xFFU);
+    dst[3] = (uint8_t)((val >> 24) & 0xFFU);
+}
+
 static uint16_t find_exact_fill_custom_len(void)
 {
     uint16_t len;
@@ -413,6 +427,39 @@ START_TEST(test_make_header_ex_grows_header_for_cert_chain_and_digest_tlvs)
 }
 END_TEST
 
+START_TEST(test_header_append_helpers_emit_little_endian_bytes)
+{
+    uint8_t header[32];
+    uint8_t value[] = { 0xAA, 0x55, 0x77 };
+    uint32_t idx = 0;
+
+    reset_cmd_defaults();
+    CMD.header_sz = sizeof(header);
+    memset(header, 0x00, sizeof(header));
+
+    header_append_u32(header, &idx, 0x11223344U);
+    ck_assert_uint_eq(idx, 4);
+    ck_assert_uint_eq(header[0], 0x44);
+    ck_assert_uint_eq(header[1], 0x33);
+    ck_assert_uint_eq(header[2], 0x22);
+    ck_assert_uint_eq(header[3], 0x11);
+
+    header_append_u16(header, &idx, 0x5566U);
+    ck_assert_uint_eq(idx, 6);
+    ck_assert_uint_eq(header[4], 0x66);
+    ck_assert_uint_eq(header[5], 0x55);
+
+    header_append_tag(header, &idx, 0xABCDU, (uint16_t)sizeof(value), value);
+    ck_assert_uint_eq(idx, 13);
+    ck_assert_uint_eq(header[6], 0xCD);
+    ck_assert_uint_eq(header[7], 0xAB);
+    ck_assert_uint_eq(header[8], (uint8_t)sizeof(value));
+    ck_assert_uint_eq(header[9], 0x00);
+    ck_assert_msg(memcmp(&header[10], value, sizeof(value)) == 0,
+        "header_append_tag payload mismatch");
+}
+END_TEST
+
 START_TEST(test_make_header_ex_roundtrip_custom_tlvs_via_wolfboot_parser)
 {
     char tempdir[] = "/tmp/wolfboot-sign-XXXXXX";
@@ -427,6 +474,8 @@ START_TEST(test_make_header_ex_roundtrip_custom_tlvs_via_wolfboot_parser)
     uint8_t tlv_three[] = { 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28 };
     uint16_t image_type;
     uint32_t version = 7;
+    uint8_t version_le[4];
+    uint8_t image_type_le[2];
     size_t output_len;
     int ret;
 
@@ -460,10 +509,11 @@ START_TEST(test_make_header_ex_roundtrip_custom_tlvs_via_wolfboot_parser)
     ck_assert_int_eq(ret, 0);
     ck_assert_int_eq(read_file(output_path, &output_buf, &output_len), 0);
     ck_assert_uint_eq(output_len, CMD.header_sz + sizeof(image_buf));
-    assert_header_bytes(output_buf, HDR_VERSION, (uint8_t *)&version,
-        sizeof(version));
-    assert_header_bytes(output_buf, HDR_IMG_TYPE, (uint8_t *)&image_type,
-        sizeof(image_type));
+    store_u32_le(version_le, version);
+    store_u16_le(image_type_le, image_type);
+    assert_header_bytes(output_buf, HDR_VERSION, version_le, sizeof(version_le));
+    assert_header_bytes(output_buf, HDR_IMG_TYPE, image_type_le,
+        sizeof(image_type_le));
     assert_header_bytes(output_buf, 0x30, tlv_one, sizeof(tlv_one));
     assert_header_bytes(output_buf, 0x31, tlv_two, sizeof(tlv_two));
     assert_header_bytes(output_buf, 0x32, tlv_three, sizeof(tlv_three));
@@ -658,6 +708,7 @@ Suite *wolfboot_suite(void)
     tcase_add_test(tcase, test_make_header_ex_fails_when_image_reopen_fails);
     tcase_add_test(tcase,
         test_make_header_ex_grows_header_for_cert_chain_and_digest_tlvs);
+    tcase_add_test(tcase, test_header_append_helpers_emit_little_endian_bytes);
     tcase_add_test(tcase,
         test_make_header_ex_roundtrip_custom_tlvs_via_wolfboot_parser);
     tcase_add_test(tcase,