imgtool: Add security counter to image manifest

Optionally add new security counter TLV to the protected image manifest
and also introduce a new command line option for the imgtool to specify
the value of this counter. The security counter can be used in rollback
protection to compare the new image's security counter against the
active counter value. Its value can be independent from the image
version, but if the 'auto' keyword is passed in the argument list of the
script then it will be generated from the version number (not including
the build number).

The value of the security counter is security critical data. Therefore,
it must be part of the protected TLV area.

Change-Id: I45926d22364d0528164f50fa379abf050bdf65ff
Signed-off-by: David Vincze <david.vincze@arm.com>

Author: davidvincze

NOTICE

@@ -8,4 +8,4 @@ Portions of this software were developed at
 Runtime Inc, copyright 2015.
 
 Portions of this software were developed at
-Arm Limited, copyright 2019.
+Arm Limited, copyright 2019-2020.

scripts/imgtool/image.py

@@ -1,6 +1,6 @@
 # Copyright 2018 Nordic Semiconductor ASA
 # Copyright 2017 Linaro Limited
-# Copyright 2019 Arm Limited
+# Copyright 2019-2020 Arm Limited
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -61,7 +61,8 @@
         'ENCRSA2048': 0x30,
         'ENCKW128': 0x31,
         'ENCEC256': 0x32,
-        'DEPENDENCY': 0x40
+        'DEPENDENCY': 0x40,
+        'SEC_CNT': 0x50,
 }
 
 TLV_SIZE = 4
@@ -119,7 +120,7 @@ def __init__(self, version=None, header_size=IMAGE_HEADER_SIZE,
                  pad_header=False, pad=False, align=1, slot_size=0,
                  max_sectors=DEFAULT_MAX_SECTORS, overwrite_only=False,
                  endian="little", load_addr=0, erased_val=None,
-                 save_enctlv=False):
+                 save_enctlv=False, security_counter=None):
         self.version = version or versmod.decode_version("0")
         self.header_size = header_size
         self.pad_header = pad_header
@@ -137,12 +138,23 @@ def __init__(self, version=None, header_size=IMAGE_HEADER_SIZE,
         self.save_enctlv = save_enctlv
         self.enctlv_len = 0
 
+        if security_counter == 'auto':
+            # Security counter has not been explicitly provided,
+            # generate it from the version number
+            self.security_counter = ((self.version.major << 24)
+                                     + (self.version.minor << 16)
+                                     + self.version.revision)
+        else:
+            self.security_counter = security_counter
+
     def __repr__(self):
-        return "<Image version={}, header_size={}, base_addr={}, load_addr={}, \
-                align={}, slot_size={}, max_sectors={}, overwrite_only={}, \
-                endian={} format={}, payloadlen=0x{:x}>".format(
+        return "<Image version={}, header_size={}, security_counter={}, \
+                base_addr={}, load_addr={}, align={}, slot_size={}, \
+                max_sectors={}, overwrite_only={}, endian={} format={}, \
+                payloadlen=0x{:x}>".format(
                     self.version,
                     self.header_size,
+                    self.security_counter,
                     self.base_addr if self.base_addr is not None else "N/A",
                     self.load_addr,
                     self.align,
@@ -246,14 +258,22 @@ def ecies_p256_hkdf(self, enckey, plainkey):
     def create(self, key, enckey, dependencies=None):
         self.enckey = enckey
 
-        if dependencies is None:
-            dependencies_num = 0
-            protected_tlv_size = 0
-        else:
-            # Size of a Dependency TLV = Header ('BBH') + Payload('IBBHI')
-            # = 16 Bytes
+        protected_tlv_size = 0
+
+        if self.security_counter is not None:
+            # Size of the security counter TLV: header ('HH') + payload ('I')
+            #                                   = 4 + 4 = 8 Bytes
+            protected_tlv_size += TLV_SIZE + 4
+
+        if dependencies is not None:
+            # Size of a Dependency TLV = Header ('HH') + Payload('IBBHI')
+            # = 4 + 12 = 16 Bytes
             dependencies_num = len(dependencies[DEP_IMAGES_KEY])
-            protected_tlv_size = (dependencies_num * 16) + TLV_INFO_SIZE
+            protected_tlv_size += (dependencies_num * 16)
+
+        if protected_tlv_size != 0:
+            # Add the size of the TLV info header
+            protected_tlv_size += TLV_INFO_SIZE
 
         # At this point the image is already on the payload, this adds
         # the header to the payload as well
@@ -265,17 +285,24 @@ def create(self, key, enckey, dependencies=None):
         # in the hash calculation
         protected_tlv_off = None
         if protected_tlv_size != 0:
-            for i in range(dependencies_num):
-                e = STRUCT_ENDIAN_DICT[self.endian]
-                payload = struct.pack(
-                                e + 'B3x'+'BBHI',
-                                int(dependencies[DEP_IMAGES_KEY][i]),
-                                dependencies[DEP_VERSIONS_KEY][i].major,
-                                dependencies[DEP_VERSIONS_KEY][i].minor,
-                                dependencies[DEP_VERSIONS_KEY][i].revision,
-                                dependencies[DEP_VERSIONS_KEY][i].build
-                                )
-                prot_tlv.add('DEPENDENCY', payload)
+
+            e = STRUCT_ENDIAN_DICT[self.endian]
+
+            if self.security_counter is not None:
+                payload = struct.pack(e + 'I', self.security_counter)
+                prot_tlv.add('SEC_CNT', payload)
+
+            if dependencies is not None:
+                for i in range(dependencies_num):
+                    payload = struct.pack(
+                                    e + 'B3x'+'BBHI',
+                                    int(dependencies[DEP_IMAGES_KEY][i]),
+                                    dependencies[DEP_VERSIONS_KEY][i].major,
+                                    dependencies[DEP_VERSIONS_KEY][i].minor,
+                                    dependencies[DEP_VERSIONS_KEY][i].revision,
+                                    dependencies[DEP_VERSIONS_KEY][i].build
+                                    )
+                    prot_tlv.add('DEPENDENCY', payload)
 
             protected_tlv_off = len(self.payload)
             self.payload += prot_tlv.get()

scripts/imgtool/main.py

@@ -1,7 +1,7 @@
 #! /usr/bin/env python3
 #
 # Copyright 2017 Linaro Limited
-# Copyright 2019 Arm Limited
+# Copyright 2019-2020 Arm Limited
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -154,6 +154,20 @@ def validate_version(ctx, param, value):
         raise click.BadParameter("{}".format(e))
 
 
+def validate_security_counter(ctx, param, value):
+    if value is not None:
+        if value.lower() == 'auto':
+            return 'auto'
+        else:
+            try:
+                return int(value, 0)
+            except ValueError:
+                raise click.BadParameter(
+                    "{} is not a valid integer. Please use code literals "
+                    "prefixed with 0b/0B, 0o/0O, or 0x/0X as necessary."
+                    .format(value))
+
+
 def validate_header_size(ctx, param, value):
     min_hdr_size = image.IMAGE_HEADER_SIZE
     if value < min_hdr_size:
@@ -190,13 +204,11 @@ class BasedIntParamType(click.ParamType):
 
     def convert(self, value, param, ctx):
         try:
-            if value[:2].lower() == '0x':
-                return int(value[2:], 16)
-            elif value[:1] == '0':
-                return int(value, 8)
-            return int(value, 10)
+            return int(value, 0)
         except ValueError:
-            self.fail('%s is not a valid integer' % value, param, ctx)
+            self.fail('%s is not a valid integer. Please use code literals '
+                      'prefixed with 0b/0B, 0o/0O, or 0x/0X as necessary.'
+                      % value, param, ctx)
 
 
 @click.argument('outfile')
@@ -233,6 +245,9 @@ def convert(self, value, param, ctx):
 @click.option('-d', '--dependencies', callback=get_dependencies,
               required=False, help='''Add dependence on another image, format:
               "(<image_ID>,<image_version>), ... "''')
+@click.option('-s', '--security-counter', callback=validate_security_counter,
+              help='Specify the value of security counter. Use the `auto` '
+              'keyword to automatically generate it from the image version.')
 @click.option('-v', '--version', callback=validate_version,  required=True)
 @click.option('--align', type=click.Choice(['1', '2', '4', '8']),
               required=True)
@@ -242,13 +257,15 @@ def convert(self, value, param, ctx):
                .hex extension, otherwise binary format is used''')
 def sign(key, align, version, header_size, pad_header, slot_size, pad,
          max_sectors, overwrite_only, endian, encrypt, infile, outfile,
-         dependencies, load_addr, hex_addr, erased_val, save_enctlv):
+         dependencies, load_addr, hex_addr, erased_val, save_enctlv,
+         security_counter):
     img = image.Image(version=decode_version(version), header_size=header_size,
                       pad_header=pad_header, pad=pad, align=int(align),
                       slot_size=slot_size, max_sectors=max_sectors,
                       overwrite_only=overwrite_only, endian=endian,
                       load_addr=load_addr, erased_val=erased_val,
-                      save_enctlv=save_enctlv)
+                      save_enctlv=save_enctlv,
+                      security_counter=security_counter)
     img.load(infile)
     key = load_key(key) if key else None
     enckey = load_key(encrypt) if encrypt else None