Add secure communication

Author: Igor-Misic

Bootloader/Adapters/Inc/security_adapter.h

@@ -0,0 +1,44 @@
+/****************************************************************************
+ *
+ *   Copyright (c) 2022 IMProject Development Team. All rights reserved.
+ *   Authors: Igor Misic <igy1000mb@gmail.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name IMProject nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+#ifndef BOOTLOADER_ADAPTERS_INC_SECURITY_ADAPTER_H_
+#define BOOTLOADER_ADAPTERS_INC_SECURITY_ADAPTER_H_
+
+#include <stdint.h>
+#include <stdbool.h>
+
+void SecurityAdapter_init(void);
+bool SecurityAdapter_getRandomData(uint8_t* data, uint32_t size);
+
+#endif /* BOOTLOADER_ADAPTERS_INC_SECURITY_ADAPTER_H_ */

Bootloader/Adapters/Src/flash_adapter.c

@@ -375,7 +375,8 @@ FlashAdapter_program(uint32_t address, uint8_t* buffer, uint32_t length) {
 
     if ((length_program != 0U) && (length_program < FLASH_WORD_SIZE)) {
 
-        uint8_t data[32];
+        uint8_t data[FLASH_WORD_SIZE];
+        (void*)memset((void*)data, 0xFF, FLASH_WORD_SIZE);
         (void*)memcpy((void*)data, (void*)&buffer[memory_index], length_program);
         // cppcheck-suppress misra-c2012-11.4; function expects address of data as uint32_t
         HAL_StatusTypeDef status = HAL_FLASH_Program(type_program, address + memory_index, (uint32_t)data);

Bootloader/Adapters/Src/security_adapter.c

@@ -0,0 +1,81 @@
+/****************************************************************************
+ *
+ *   Copyright (c) 2022 IMProject Development Team. All rights reserved.
+ *   Authors: Igor Misic <igy1000mb@gmail.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name IMProject nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+#include "security_adapter.h"
+#include "main.h"
+
+#if defined(STM32H7xx)
+static RNG_HandleTypeDef hrng;
+#endif
+
+void
+SecurityAdapter_init() {
+
+#if defined(STM32H7xx)
+    hrng.Instance = RNG;
+    HAL_RNG_Init(&hrng);
+#endif
+}
+
+bool
+SecurityAdapter_getRandomData(uint8_t* data, uint32_t size) {
+
+#if defined(STM32H7xx)
+    bool success = true;
+    uint32_t random_data;
+
+    HAL_StatusTypeDef status = HAL_OK;
+
+    for (uint32_t i = 0u; i < size; ++i) {
+
+        if ((i % 4u) == 0u) {
+            status = HAL_RNG_GenerateRandomNumber(&hrng, &random_data);
+        }
+
+        if (status != HAL_OK) {
+            success = false;
+            break;
+        }
+
+        data[i] = (uint8_t)(random_data >> (8u * (i % 4u)));
+    }
+
+#else
+    if (data && size) {} //make MISRA happy
+    bool success = false;
+#endif
+
+    return success;
+
+}

Bootloader/Inc/binary_update.h

@@ -54,7 +54,7 @@ void BinaryUpdate_resetJumpAddress(void);
 bool BinaryUpdate_checkSkipLoopFlag(void);
 void BinaryUpdate_disableLoopFlag(void);
 bool BinaryUpdate_erase(uint32_t firmware_size);
-bool BinaryUpdate_write(uint8_t* write_buffer, const uint32_t data_length, uint32_t* crc);
+bool BinaryUpdate_write(uint8_t* write_buffer, const uint32_t packet_length, uint32_t* crc);
 bool BinaryUpdate_finish(void);
 
 #endif /* BOOTLOADER_INC_BINARYUPDATE_H_ */

Bootloader/Inc/board_info.h

@@ -40,16 +40,11 @@
 #include <assert.h>
 #include <string.h>
 #include <main.h>
+#include "security.h"
 
 /* 32 bytes fake board id. If enabled, board and manufacturer id communication will be skipped. */
 //#define FAKE_BOARD_ID  "NOT_SECURED_MAGIC_STRING_1234567"
 
-typedef enum secureHash_ENUM {
-    BLAKE2B = 0,
-    SHA256,
-    MD5
-} secureHash_E;
-
 #define HASH_BOARD_ID_ALGORITHM             BLAKE2B //!< Selected algorithm for calculating hashed board id from UUID
 
 #define HASHED_BOARD_ID_SIZE                32U //!< Size for hashed board id binary

Bootloader/Inc/security.h

@@ -0,0 +1,74 @@
+/****************************************************************************
+ *
+ *   Copyright (c) 2022 IMProject Development Team. All rights reserved.
+ *   Authors: Igor Misic <igy1000mb@gmail.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name IMProject nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+#ifndef BOOTLOADER_INC_SECURITY_H_
+#define BOOTLOADER_INC_SECURITY_H_
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <assert.h>
+#include <string.h>
+
+typedef enum securityAlgorithm_ENUM {
+    BLAKE2B = 0,
+    SHA256
+} securityAlgorithm_E;
+
+#define MAC_SIZE                    16U
+#define NONCE_SIZE                  24U
+#define DATA_SIZE                   256U
+#define SECURE_PACKET_SIZE          296U // PACKET_SIZE = MAC_SIZE + NONCE_SIZE + DATA_SIZE
+
+#define SERVER_SECURITY_DATA_SIZE 175U
+
+#define SIGNATURE_ALGORITHM               BLAKE2B //!< Selected algorithm for calculating public key signature
+
+#define PRESHARED_KEY_SIZE                32U //!< Size for preshared key binary
+#define PRESHARED_KEY_SIZE_BASE64_STR     45U //!< Size for preshared key string in base64 format including null-terminator
+#define PRESHARED_KEY_BASE64_STR          (const char*)("cHJlc2hhcmVkX2tleV9pbl8zMl9ieXRlc19mb3JtYXQ=")
+
+static_assert(strlen((const char*)PRESHARED_KEY_BASE64_STR) == (PRESHARED_KEY_SIZE_BASE64_STR - 1U), "PRESHARED_KEY_BASE64_STR is wrong size");
+
+bool Security_setServerSecurityDataJson(char* buffer, uint16_t buffer_size);
+bool Security_getClientSecurityDataJson(char* buffer, uint16_t buffer_size);
+bool Security_isSecured(void);
+bool Security_decrypt(
+    const uint8_t mac[MAC_SIZE],
+    const uint8_t nonce[NONCE_SIZE],
+    const uint8_t* cipher_data,
+    uint8_t* plain_data,
+    const uint16_t data_length);
+void Security_wipeKeys(void);
+
+#endif /* BOOTLOADER_INC_SECURITY_H_ */

Bootloader/STM32/Inc/stm32f7xx_hal_conf.h

@@ -56,7 +56,7 @@ extern "C" {
 /* #define HAL_LPTIM_MODULE_ENABLED   */
 /* #define HAL_LTDC_MODULE_ENABLED   */
 /* #define HAL_QSPI_MODULE_ENABLED   */
-/* #define HAL_RNG_MODULE_ENABLED   */
+/* #define HAL_RNG_MODULE_ENABLED */
 /* #define HAL_RTC_MODULE_ENABLED   */
 /* #define HAL_SAI_MODULE_ENABLED   */
 /* #define HAL_SD_MODULE_ENABLED   */

Bootloader/STM32/Inc/stm32h7xx_hal_conf.h

@@ -58,7 +58,7 @@ extern "C" {
 /* #define HAL_LPTIM_MODULE_ENABLED   */
 /* #define HAL_LTDC_MODULE_ENABLED   */
 #define HAL_QSPI_MODULE_ENABLED
-/* #define HAL_RNG_MODULE_ENABLED   */
+#define HAL_RNG_MODULE_ENABLED
 /* #define HAL_RTC_MODULE_ENABLED   */
 /* #define HAL_SAI_MODULE_ENABLED   */
 /* #define HAL_SD_MODULE_ENABLED   */

Bootloader/STM32/Inc/stm32l4xx_hal_conf.h

@@ -79,7 +79,7 @@ extern "C" {
 #define HAL_PCD_MODULE_ENABLED
 /*#define HAL_QSPI_MODULE_ENABLED   */
 /*#define HAL_QSPI_MODULE_ENABLED   */
-/*#define HAL_RNG_MODULE_ENABLED   */
+#define HAL_RNG_MODULE_ENABLED
 #define HAL_RTC_MODULE_ENABLED
 /*#define HAL_SAI_MODULE_ENABLED   */
 /*#define HAL_SD_MODULE_ENABLED   */

Bootloader/STM32/Src/stm32h7xx_hal_msp.c

@@ -170,6 +170,48 @@ HAL_QSPI_MspDeInit(QSPI_HandleTypeDef* hqspi) {
 
 }
 
+/**
+* @brief RNG MSP Initialization
+* This function configures the hardware resources used in this example
+* @param hrng: RNG handle pointer
+* @retval None
+*/
+void
+HAL_RNG_MspInit(RNG_HandleTypeDef* hrng) {
+    if (hrng->Instance == RNG) {
+        /* USER CODE BEGIN RNG_MspInit 0 */
+
+        /* USER CODE END RNG_MspInit 0 */
+        /* Peripheral clock enable */
+        __HAL_RCC_RNG_CLK_ENABLE();
+        /* USER CODE BEGIN RNG_MspInit 1 */
+
+        /* USER CODE END RNG_MspInit 1 */
+    }
+
+}
+
+/**
+* @brief RNG MSP De-Initialization
+* This function freeze the hardware resources used in this example
+* @param hrng: RNG handle pointer
+* @retval None
+*/
+void
+HAL_RNG_MspDeInit(RNG_HandleTypeDef* hrng) {
+    if (hrng->Instance == RNG) {
+        /* USER CODE BEGIN RNG_MspDeInit 0 */
+
+        /* USER CODE END RNG_MspDeInit 0 */
+        /* Peripheral clock disable */
+        __HAL_RCC_RNG_CLK_DISABLE();
+        /* USER CODE BEGIN RNG_MspDeInit 1 */
+
+        /* USER CODE END RNG_MspDeInit 1 */
+    }
+
+}
+
 /* USER CODE BEGIN 1 */
 
 /* USER CODE END 1 */