[opentitanlib] Add image reading
Add the ability to read and write image files.
Signed-off-by: Jon Flatley <jflat@google.com>
diff --git a/sw/host/opentitanlib/BUILD b/sw/host/opentitanlib/BUILD
index e28755a..40b6bb0 100644
--- a/sw/host/opentitanlib/BUILD
+++ b/sw/host/opentitanlib/BUILD
@@ -135,6 +135,7 @@
data = [
"src/image/testdata/hello.txt",
"src/image/testdata/manifest.hjson",
+ "src/image/testdata/test_image.bin",
"src/image/testdata/world.txt",
"src/otp/testdata/lc_ctrl_state.hjson",
"src/otp/testdata/otp_ctrl_img_dev.hjson",
diff --git a/sw/host/opentitanlib/src/image/image.rs b/sw/host/opentitanlib/src/image/image.rs
index f20879d..5353f83 100644
--- a/sw/host/opentitanlib/src/image/image.rs
+++ b/sw/host/opentitanlib/src/image/image.rs
@@ -2,17 +2,31 @@
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
+use crate::image::manifest::Manifest;
+use crate::image::manifest_def::ManifestDef;
use crate::util::parse_int::ParseInt;
use anyhow::{ensure, Result};
+use std::convert::TryInto;
use std::fs::File;
-use std::io::Read;
+use std::io::{Read, Write};
+use std::mem::size_of;
use std::path::{Path, PathBuf};
use thiserror::Error;
+use zerocopy::LayoutVerified;
+
#[derive(Debug, Error)]
pub enum ImageError {
#[error("Incomplete read: expected to read {0} bytes but read {1} bytes")]
IncompleteRead(usize, usize),
+ #[error("Failed to parse image manifest.")]
+ Parse,
+}
+
+#[repr(C)]
+#[derive(Debug)]
+pub struct Image {
+ bytes: Vec<u8>,
}
#[derive(Debug)]
@@ -28,6 +42,56 @@
pub chunks: Vec<ImageChunk>,
}
+impl Image {
+ /// Creates an `Image` from a given input binary.
+ pub fn read_from_file(path: &Path) -> Result<Image> {
+ let file_len = path.metadata()?.len() as usize;
+ // Create a buffer with the same alignment as Manifest that's as least as long as the input
+ // file.
+ let mut aligned: Vec<Manifest> =
+ Vec::with_capacity((0..file_len).step_by(size_of::<Manifest>()).len());
+
+ // Convert the aligned buffer to a Vec<u8> with the same capacity, but length equal to the
+ // size of the input file.
+ let vec_ptr = aligned.as_mut_ptr() as *mut u8;
+ let vec_cap = aligned.capacity() * size_of::<Manifest>();
+
+ // Forget `aligned` so we don't double free.
+ std::mem::forget(aligned);
+
+ // Convert our `aligned` Vec<Manifest> to a Vec<u8> with the same capacity and len equal to
+ // the size of the input image. This should mean that the new Vec<u8> has the same
+ // alignment as Manifest so we can successfully use LayoutVerified later to reinterpret the
+ // head of the image as a Manifest.
+ let mut buf: Vec<u8> = unsafe { Vec::from_raw_parts(vec_ptr, file_len, vec_cap) };
+
+ // Read the image into our buffer.
+ let mut file = File::open(path)?;
+ file.read(&mut *buf)?;
+
+ Ok(Image { bytes: buf })
+ }
+
+ /// Write out the `Image` to a file at the given `path`.
+ pub fn write_to_file(self, path: &Path) -> Result<()> {
+ let mut file = File::create(path)?;
+ file.write(self.bytes.as_slice())?;
+ Ok(())
+ }
+
+ /// Overwrites all fields in the image's manifest that are defined in `other`.
+ pub fn overwrite_manifest(&mut self, other: ManifestDef) -> Result<()> {
+ let (manifest_slice, _) = self.bytes.split_at_mut(size_of::<Manifest>());
+ let manifest_layout: LayoutVerified<&mut [u8], Manifest> =
+ LayoutVerified::new(&mut *manifest_slice).ok_or(ImageError::Parse)?;
+ let manifest: &mut Manifest = manifest_layout.into_mut();
+ let mut manifest_def: ManifestDef = (&*manifest).try_into()?;
+ manifest_def.overwrite_fields(other);
+ *manifest = manifest_def.try_into()?;
+ Ok(())
+ }
+}
+
impl ImageAssembler {
/// Creates an `ImageAssembler` with a given `size` and mirroring parameters.
pub fn with_params(size: usize, mirrored: bool) -> Self {
@@ -157,4 +221,25 @@
);
Ok(())
}
+
+ #[test]
+ fn test_load_image() {
+ // Read and write back image.
+ let image = Image::read_from_file(&testdata!("test_image.bin")).unwrap();
+ image
+ .write_to_file(&testdata!("test_image_out.bin"))
+ .unwrap();
+
+ // Ensure the result is identical to the original.
+ let (mut orig_bytes, mut res_bytes) = (Vec::<u8>::new(), Vec::<u8>::new());
+ File::open(&testdata!("test_image.bin"))
+ .unwrap()
+ .read_to_end(&mut orig_bytes)
+ .unwrap();
+ File::open(&testdata!("test_image_out.bin"))
+ .unwrap()
+ .read_to_end(&mut res_bytes)
+ .unwrap();
+ assert_eq!(orig_bytes, res_bytes);
+ }
}
diff --git a/sw/host/opentitanlib/src/image/manifest_def.rs b/sw/host/opentitanlib/src/image/manifest_def.rs
index 2158f35..ef56a2e 100644
--- a/sw/host/opentitanlib/src/image/manifest_def.rs
+++ b/sw/host/opentitanlib/src/image/manifest_def.rs
@@ -7,13 +7,20 @@
use crate::util::num_de::HexEncoded;
use crate::util::parse_int::ParseInt;
-use anyhow::{anyhow, Result};
+use anyhow::{bail, Result};
use serde::Deserialize;
use std::convert::{TryFrom, TryInto};
use std::iter::IntoIterator;
+use thiserror::Error;
use zerocopy::AsBytes;
+#[derive(Debug, Error)]
+pub enum ManifestError {
+ #[error("Manifest is missing field \"{0}\".")]
+ MissingField(&'static str),
+}
+
fixed_size_bigint!(ManifestRsa, at_most 3072);
#[derive(Clone, Default, Debug, Deserialize)]
@@ -77,10 +84,16 @@
}
}
+impl ManifestDef {
+ pub fn overwrite_fields(&mut self, other: ManifestDef) {
+ self.overwrite(other)
+ }
+}
+
trait ManifestPacked<T> {
/// The default error for missing fields.
fn unpack_err(&self, name: &'static str) -> Result<T> {
- Err(anyhow!("Manifest is missing field {}", name))
+ bail!(ManifestError::MissingField(name))
}
/// Unpack optional fields in the manifest, and error if the field isn't defined.
@@ -174,16 +187,22 @@
type Error = anyhow::Error;
fn try_from(rsa: ManifestRsa) -> Result<SigverifyRsaBuffer> {
- // Convert between the BigInt byte representation and the manifest word representation.
- Ok(SigverifyRsaBuffer {
- data: rsa
- .to_le_bytes()
- .chunks(4)
- .map(|v| Ok(u32::from_le_bytes(v.try_into()?)))
- .collect::<Result<Vec<u32>>>()?
- .as_slice()
- .try_into()?,
- })
+ if rsa.eq(&ManifestRsa::from_le_bytes([0])?) {
+ // In the case where the BigInt fields are defined but == 0 we should just keep it 0.
+ // Without this the conversion to [u32; 96] would fail.
+ Ok(SigverifyRsaBuffer { data: [0; 96] })
+ } else {
+ // Convert between the BigInt byte representation and the manifest word representation.
+ Ok(SigverifyRsaBuffer {
+ data: rsa
+ .to_le_bytes()
+ .chunks(4)
+ .map(|v| Ok(u32::from_le_bytes(v.try_into()?)))
+ .collect::<Result<Vec<u32>>>()?
+ .as_slice()
+ .try_into()?,
+ })
+ }
}
}
@@ -215,9 +234,7 @@
type Error = anyhow::Error;
fn try_from(o: SigverifyRsaBuffer) -> Result<ManifestBigInt> {
- let buf: [u32; 96] = o.data.try_into()?;
- let rsa = ManifestRsa::from_le_bytes(buf.as_bytes())?;
- Ok(ManifestBigInt(Some(HexEncoded(rsa))))
+ (&o).try_into()
}
}
@@ -225,13 +242,15 @@
type Error = anyhow::Error;
fn try_from(o: &SigverifyRsaBuffer) -> Result<ManifestBigInt> {
- let buf: [u32; 96] = o.data.try_into()?;
- let rsa = ManifestRsa::from_le_bytes(buf.as_bytes())?;
+ let rsa = ManifestRsa::from_le_bytes(o.data.as_bytes())?;
Ok(ManifestBigInt(Some(HexEncoded(rsa))))
}
}
-impl<T> From<&T> for ManifestSmallInt<T> where T: ParseInt + Copy {
+impl<T> From<&T> for ManifestSmallInt<T>
+where
+ T: ParseInt + Copy,
+{
fn from(o: &T) -> ManifestSmallInt<T> {
ManifestSmallInt(Some(HexEncoded(*o)))
}
diff --git a/sw/host/opentitanlib/src/image/testdata/test_image.bin b/sw/host/opentitanlib/src/image/testdata/test_image.bin
new file mode 100644
index 0000000..e0ac7eb
--- /dev/null
+++ b/sw/host/opentitanlib/src/image/testdata/test_image.bin
Binary files differ
