Skip to content

Commit

Permalink
Unit tests for update_flash.c (wolfSSL#487)
Browse files Browse the repository at this point in the history
* Initial draft with two test cases

* Added more unit tests. Found OOB access.

* Fix potential OOB access with too-large update img

* NO_FORK disabled by default

* Cover more corner cases
  • Loading branch information
danielinux authored Aug 13, 2024
1 parent 44e4ce9 commit 3ff7059
Show file tree
Hide file tree
Showing 6 changed files with 558 additions and 12 deletions.
11 changes: 10 additions & 1 deletion include/loader.h
Original file line number Diff line number Diff line change
Expand Up @@ -88,9 +88,18 @@ void wolfBoot_start(void);

#elif defined(ARCH_SIM)
#include <stdlib.h>
#include <stdio.h>
static inline void wolfBoot_panic(void)
{
exit(1);
fprintf(stderr, "wolfBoot: PANIC!\n");
exit('P');
}
#elif defined UNIT_TEST
static int wolfBoot_panicked = 0;
static inline void wolfBoot_panic(void)
{
fprintf(stderr, "wolfBoot: PANIC!\n");
wolfBoot_panicked++;
}
#else
static inline void wolfBoot_panic(void)
Expand Down
4 changes: 2 additions & 2 deletions include/wolfboot/wolfboot.h
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ extern "C" {
#define KEY_VERIFY_SELF_ONLY KEY_VERIFY_ONLY_ID(0)
#define KEY_VERIFY_APP_ONLY KEY_VERIFY_ONLY_ID(1)

#ifdef __WOLFBOOT
#if defined(__WOLFBOOT) || defined(UNIT_TEST_AUTH)

/* Hashing configuration */
#if defined(WOLFBOOT_HASH_SHA256)
Expand Down Expand Up @@ -177,7 +177,7 @@ extern "C" {

#endif

#if defined(__WOLFBOOT) || defined (__FLASH_OTP_PRIMER)
#if defined(__WOLFBOOT) || defined (__FLASH_OTP_PRIMER) || defined (UNIT_TEST_AUTH)

/* Authentication configuration */
#if defined(WOLFBOOT_NO_SIGN)
Expand Down
2 changes: 1 addition & 1 deletion src/image.c
Original file line number Diff line number Diff line change
Expand Up @@ -866,7 +866,7 @@ int wolfBoot_open_image_address(struct wolfBoot_image *img, uint8_t *image)
wolfBoot_printf("Image size %d > max %d\n",
(unsigned int)img->fw_size,
(WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE));
img->fw_size = 0;
img->fw_size = WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE;
return -1;
}
if (!img->hdr_ok) {
Expand Down
7 changes: 6 additions & 1 deletion tools/unit-tests/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ WOLFCRYPT=../../lib/wolfssl/

TESTS:=unit-parser unit-extflash unit-aes128 unit-aes256 unit-chacha20 unit-pci \
unit-mock-state unit-sectorflags unit-image unit-nvm unit-nvm-flagshome \
unit-enc-nvm unit-enc-nvm-flagshome unit-delta
unit-enc-nvm unit-enc-nvm-flagshome unit-delta unit-update-flash

all: $(TESTS)

Expand Down Expand Up @@ -56,6 +56,8 @@ unit-enc-nvm-flagshome:CFLAGS+=-DNVM_FLASH_WRITEONCE -DMOCK_PARTITIONS \
-DEXT_ENCRYPTED -DENCRYPT_WITH_CHACHA -DEXT_FLASH -DHAVE_CHACHA -DFLAGS_HOME
unit-enc-nvm-flagshome:WOLFCRYPT_SRC+=$(WOLFCRYPT)/wolfcrypt/src/chacha.c
unit-delta:CFLAGS+=-DNVM_FLASH_WRITEONCE -DMOCK_PARTITIONS -DDELTA_UPDATES -DDELTA_BLOCK_SIZE=512
unit-update-flash:CFLAGS+=-DMOCK_PARTITIONS -DWOLFBOOT_NO_SIGN -DUNIT_TEST_AUTH \
-DWOLFBOOT_HASH_SHA256 -DPRINTF_ENABLED -DEXT_FLASH -DPART_UPDATE_EXT -DPART_SWAP_EXT



Expand Down Expand Up @@ -112,6 +114,9 @@ unit-enc-nvm-flagshome: ../../include/target.h unit-enc-nvm.c
unit-delta: ../../include/target.h unit-delta.c
gcc -o $@ unit-delta.c $(CFLAGS) $(LDFLAGS)

unit-update-flash: ../../include/target.h unit-update-flash.c
gcc -o $@ unit-update-flash.c ../../src/image.c ../../lib/wolfssl/wolfcrypt/src/sha256.c $(CFLAGS) $(LDFLAGS)

%.o:%.c
gcc -c -o $@ $^ $(CFLAGS)

Expand Down
50 changes: 43 additions & 7 deletions tools/unit-tests/unit-mock-flash.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,30 @@
/* unit-mock-flash.c
*
* Mock flash access for unit tests
* usage: #include "unit-mock-flash.c"
*
*
* Copyright (C) 2024 wolfSSL Inc.
*
* This file is part of wolfBoot.
*
* wolfBoot is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfBoot is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/

static int locked = 1;
static int ext_locked = 1;
static int erased_boot = 0;
static int erased_update = 0;
static int erased_swap = 0;
Expand All @@ -18,20 +43,24 @@ int hal_flash_write(haladdr_t address, const uint8_t *data, int len)
int i;
uint8_t *a = (uint8_t *)address;
fail_if(locked, "Attempting to write to a locked FLASH");
if ((address >= WOLFBOOT_PARTITION_SWAP_ADDRESS) &&
(address < WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_SECTOR_SIZE)) {
for (i = 0; i < len; i++) {
a[i] = data[i];
}
}
if ((address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS) &&
(address < WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE)) {
for (i = 0; i < len; i++) {
a[i] = data[i];
}
}
#ifdef FLAGS_HOME
if ((address >= WOLFBOOT_PARTITION_BOOT_ADDRESS) &&
(address < WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE)) {
for (i = 0; i < len; i++) {
a[i] = data[i];
}
}
#endif
#ifdef MOCK_KEYVAULT
if ((address >= vault_base) && (address < vault_base + keyvault_size)) {
for (i = 0; i < len; i++) {
Expand All @@ -47,14 +76,12 @@ int hal_flash_erase(haladdr_t address, int len)
if ((address >= WOLFBOOT_PARTITION_BOOT_ADDRESS) &&
(address < WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE)) {
erased_boot++;
#ifdef FLAGS_HOME
memset(address, 0xFF, len);
if (address >= WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE) {
erased_nvm_bank0++;
} else if (address >= WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - 2 * WOLFBOOT_SECTOR_SIZE) {
erased_nvm_bank1++;
}
#endif
} else if ((address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS) &&
(address < WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE)) {
erased_update++;
Expand Down Expand Up @@ -96,7 +123,6 @@ void hal_prepare_boot(void)

int ext_flash_erase(uintptr_t address, int len)
{
printf("%s", __FUNCTION__);
if ((address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS) &&
(address < WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE)) {
erased_update++;
Expand All @@ -121,8 +147,7 @@ int ext_flash_write(uintptr_t address, const uint8_t *data, int len)
{
int i;
uint8_t *a = (uint8_t *)address;
fail_if(locked, "Attempting to write to a locked FLASH");
printf("%s", __FUNCTION__);
fail_if(ext_locked, "Attempting to write to a locked FLASH");
for (i = 0; i < len; i++) {
a[i] = data[i];
}
Expand All @@ -139,6 +164,17 @@ int ext_flash_read(uintptr_t address, uint8_t *data, int len)
return 0;
}

void ext_flash_unlock(void)
{
fail_unless(ext_locked, "Double ext unlock detected\n");
ext_locked--;
}
void ext_flash_lock(void)
{
fail_if(ext_locked, "Double ext lock detected\n");
ext_locked++;
}

/* A simple mock memory */
static int mmap_file(const char *path, uint8_t *address, uint32_t len,
uint8_t** ret_address)
Expand Down
Loading

0 comments on commit 3ff7059

Please sign in to comment.