Adding Encryption to Secure DFU SDK v15

RE: Adding Encryption to Secure DFU SDK v15

aetherengineer — Mon, 08 Jan 2024 18:43:50 GMT

Hi Matthew-

The porting to SDKv17 went smoothly. Only minor function repackaging and variable name changes were involved.

Do you have any references for adding CBC-MAC to this counter method so this could be a full CCM implementation?

Thanks!

-Greg

RE: Adding Encryption to Secure DFU SDK v15

aetherengineer — Thu, 16 Nov 2023 20:59:38 GMT

Thanks!

RE: Adding Encryption to Secure DFU SDK v15

Mathew — Thu, 16 Nov 2023 20:51:18 GMT

Hi Greg,

The link does appear to be broken, but I believe you've found what appears to be the correct instructions in that .pdf you've linked.

Best of luck with the port!

Cheers,
Mathew

RE: Adding Encryption to Secure DFU SDK v15

aetherengineer — Thu, 16 Nov 2023 20:45:40 GMT

Hi Matthew-

When you say " perform Step 4. as described here", the link is broken. Just wanted to verify that it refers to step 4 in section 9 of https://infocenter.nordicsemi.com/pdf/nrfutil_v1.3.pdf.. Here's to hoping you still check in after all these years! I'm "porting" this solution to v17.

Thanks!

-Greg

RE: Adding Encryption to Secure DFU SDK v15

Lurn_Z — Wed, 23 Aug 2023 02:15:27 GMT

Hi Mathew,

When I modified the DFU code, I found that your DFU seems to use softdevice, but I did not use softdevice, so some functions and structures cannot be used. Do you have a version that does not use softdevice? And I use the SDK 17.1.0

Best regards

Lurn

RE: Adding Encryption to Secure DFU SDK v15

Zivojin — Wed, 07 Dec 2022 05:25:03 GMT

Thanks a lot

RE: Adding Encryption to Secure DFU SDK v15

Mathew — Wed, 07 Dec 2022 05:20:28 GMT

ECB Key should be 16 bytes (contrary to what was posted in an earlier copy of a reply).

Please generate 16 cryptographically random bytes - doing so will remove the need for the spare '0x00's.

If this is your ECB Key:

const uint8_t ecb_key[ECB_KEY_LEN] = {0xab, 0x0a, 0xab, 0x3c, 0xdd, 0x1e, 0x5f, 0x88, 0xe7, 0x31, 0x43, 0x58, 0x20, 0x3f, 0x2b, 0x68};

Then the -K argument to the C:\OpenSSL-Win64\bin\openssl.exe enc command would be as follows:

682b3f20584331e7885f1edd3cab0aab

RE: Adding Encryption to Secure DFU SDK v15

Zivojin — Wed, 07 Dec 2022 04:39:01 GMT

Hi Mathew,

After generate ecb key - e.g. ab0aab3cdd1e5f88e7314358

Should it be written like this:

const uint8_t ecb_key[ECB_KEY_LEN] = {0x00, 0x00, 0x00, 0x00, 0xab, 0x0a, 0xab, 0x3c, 0xdd, 0x1e, 0x5f, 0x88, 0xe7, 0x31, 0x43, 0x58};

or

const uint8_t ecb_key[ECB_KEY_LEN] = {0xab, 0x0a, 0xab, 0x3c, 0xdd, 0x1e, 0x5f, 0x88, 0xe7, 0x31, 0x43, 0x58, 0x00, 0x00, 0x00, 0x00};

RE: Adding Encryption to Secure DFU SDK v15

Zivojin — Tue, 06 Dec 2022 18:21:06 GMT

Thanks

RE: Adding Encryption to Secure DFU SDK v15

Mathew — Tue, 06 Dec 2022 17:58:32 GMT

signature_check() was part of the SDK with which this Q&A was developed i.e. the call to signature_check() was not added by myself. It's likely that you're using a different version of the SDK which no longer includes this exact function.

Nevertheless, you may be able to tweak the following function to match the SDK you're using:

// Function to perform signature check if required.
static nrf_dfu_result_t signature_check(dfu_fw_type_t                          fw_type,
                                        dfu_signature_type_t                   signature_type,
                                        dfu_signed_command_signature_t const * p_signature)
{
    ret_code_t err_code;
    size_t     hash_len = NRF_CRYPTO_HASH_SIZE_SHA256;
    
    if (!signature_required(fw_type))
    {
        return NRF_DFU_RES_CODE_SUCCESS;
    }

    NRF_LOG_INFO("Signature required. Checking signature.")
    if (p_signature == NULL)
    {
        NRF_LOG_WARNING("No signature found.");
        return EXT_ERR(NRF_DFU_EXT_ERROR_SIGNATURE_MISSING);
    }

    if (signature_type != DFU_SIGNATURE_TYPE_ECDSA_P256_SHA256)
    {
        NRF_LOG_INFO("Invalid signature type");
        return EXT_ERR(NRF_DFU_EXT_ERROR_WRONG_SIGNATURE_TYPE);
    }

    NRF_LOG_INFO("Calculating init packet hash (init packet len: %d)", m_init_packet_data_len);
    err_code = nrf_crypto_hash_calculate(&m_hash_context,
                                         &g_nrf_crypto_hash_sha256_info,
                                         m_init_packet_data_ptr,
                                         m_init_packet_data_len,
                                         m_init_packet_hash,
                                         &hash_len);
    if (err_code != NRF_SUCCESS)
    {
        return NRF_DFU_RES_CODE_OPERATION_FAILED;
    }

    if (sizeof(m_signature) != p_signature->size)
    {
        return NRF_DFU_RES_CODE_OPERATION_FAILED;
    }

    // Prepare the signature received over the air.
    memcpy(m_signature, p_signature->bytes, p_signature->size);

    // Calculate the signature.
    NRF_LOG_INFO("Verify signature");

    // The signature is in little-endian format. Change it to big-endian format for nrf_crypto use.
    nrf_crypto_internal_double_swap_endian_in_place(m_signature, sizeof(m_signature) / 2);

    err_code = nrf_crypto_ecdsa_verify(&m_verify_context,
                                       &m_public_key,
                                       m_init_packet_hash,
                                       hash_len,
                                       m_signature,
                                       sizeof(m_signature));
    if (err_code != NRF_SUCCESS)
    {
        NRF_LOG_ERROR("Signature failed (err_code: 0x%x)", err_code);
        NRF_LOG_DEBUG("Signature:");
        NRF_LOG_HEXDUMP_DEBUG(m_signature, sizeof(m_signature));
        NRF_LOG_DEBUG("Hash:");
        NRF_LOG_HEXDUMP_DEBUG(m_init_packet_hash, hash_len);
        NRF_LOG_DEBUG("Public Key:");
        NRF_LOG_HEXDUMP_DEBUG(pk, sizeof(pk));
        NRF_LOG_FLUSH();

        return NRF_DFU_RES_CODE_INVALID_OBJECT;
    }

    NRF_LOG_INFO("Image verified");
    return NRF_DFU_RES_CODE_SUCCESS;
}

RE: Adding Encryption to Secure DFU SDK v15

Zivojin — Tue, 06 Dec 2022 17:33:11 GMT

Hi,

There is the step which says that in the nrf_dfu_validation_init_cmd_execute() we should add

...

// Validate signature.
ret_val = signature_check(p_command->init.type, signature_type, p_signature);

But there is no definition of signature_check() function and I am getting error because of that.

Can you help me on this, please?

Regards

RE: Adding Encryption to Secure DFU SDK v15

Zivojin — Mon, 05 Dec 2022 07:41:18 GMT

Thanks a lot for the quick reply!

Kind regards

RE: Adding Encryption to Secure DFU SDK v15

Mathew — Mon, 05 Dec 2022 07:36:43 GMT

Hi,

The same information contained in the broken links is likely to be found in Section 9 of this .pdf: https://infocenter.nordicsemi.com/pdf/nrfutil_v1.3.pdf

RE: Adding Encryption to Secure DFU SDK v15

Zivojin — Mon, 05 Dec 2022 05:41:42 GMT

Hi,

All provided links int the post are broken

infocenter.nordicsemi.com/.../nrfutil_customizing.html

http://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.tools%2Fdita%2Ftools%2Fnrfutil%2Fnrfutil_customizing.html&cp=5_5_8

Could you please update the post to include steps which were explained on those links?

Thanks

RE: Adding Encryption to Secure DFU SDK v15

Mathew — Wed, 26 Jan 2022 20:54:14 GMT

The ECB key is simply 16 cryptographically random bytes.

You can generate 16 cryptographically random bytes using Python. Open up a Python command line and type the following:

import os

import import binascii

binascii.hexlify(os.urandom(16))The output should look something like this (i.e. 16 hex values):

b'5cf1159902090a33cbbd5c03134f5fcc'

RE: Adding Encryption to Secure DFU SDK v15

RJ Fang — Wed, 26 Jan 2022 05:30:10 GMT

Hi Mathew,

Thank you for the clarification!

I have one query that how to get ECB key is not mentioned any where. Could you please update on how to get the corresponding ECB key?

Thanks!

RE: Adding Encryption to Secure DFU SDK v15

Mathew — Sat, 20 Nov 2021 01:26:31 GMT

Existing function code in SDK 15:

nrf_dfu_result_t nrf_dfu_validation_post_data_execute(uint32_t src_addr, uint32_t data_len)
{
    nrf_dfu_result_t     ret_val = NRF_DFU_RES_CODE_SUCCESS;
    dfu_init_command_t * p_init  = m_packet.has_signed_command ? &m_packet.signed_command.command.init
                                                               : &m_packet.command.init;

    if (!fw_hash_ok(p_init, src_addr, data_len))
    {
        ret_val = EXT_ERR(NRF_DFU_EXT_ERROR_VERIFICATION_FAILED);
    }
    else
    {
        if (p_init->type == DFU_FW_TYPE_APPLICATION)
        {
            postvalidate_app(p_init);
        }
        else
        {
            bool with_sd = p_init->type & DFU_FW_TYPE_SOFTDEVICE;
            bool with_bl = p_init->type & DFU_FW_TYPE_BOOTLOADER;

            if (!postvalidate_sd_bl(p_init, with_sd, with_bl, src_addr))
            {
                ret_val = NRF_DFU_RES_CODE_INVALID_OBJECT;
                if (with_sd && !DFU_REQUIRES_SOFTDEVICE &&
                    (src_addr == nrf_dfu_softdevice_start_address()))
                {
                    nrf_dfu_softdevice_invalidate();
                }
            }
        }
    }

    if (ret_val == NRF_DFU_RES_CODE_SUCCESS)
    {
        // Store CRC32 for image
        s_dfu_settings.bank_1.image_crc = s_dfu_settings.progress.firmware_image_crc;
        s_dfu_settings.bank_1.image_size = data_len;
    }
    else
    {
        nrf_dfu_bank_invalidate(&s_dfu_settings.bank_1);
    }

    // Set the progress to zero and remove the last command
    memset(&s_dfu_settings.progress, 0, sizeof(dfu_progress_t));
    memset(s_dfu_settings.init_command, 0xFF, DFU_SIGNED_COMMAND_SIZE);

    s_dfu_settings.write_offset                  = 0;
    s_dfu_settings.progress.update_start_address = src_addr;

    return ret_val;
}

Change to:

nrf_dfu_result_t nrf_dfu_validation_post_data_execute(uint32_t src_addr, uint32_t data_len)
{
    nrf_dfu_result_t     ret_val = NRF_DFU_RES_CODE_SUCCESS;
    dfu_init_command_t * p_init  = m_packet.has_signed_command ? &m_packet.signed_command.command.init
                                                               : &m_packet.command.init;

    if (!fw_hash_ok(p_init, src_addr, data_len))
    {
        ret_val = EXT_ERR(NRF_DFU_EXT_ERROR_VERIFICATION_FAILED);
    }
    else
    {
        if (p_init->type == DFU_FW_TYPE_APPLICATION || p_init->type & DFU_FW_TYPE_BOOTLOADER)
        {
            s_dfu_settings.progress.firmware_image_crc = crc32_compute((uint8_t*)src_addr, data_len, NULL);
        }
        
        if (p_init->type == DFU_FW_TYPE_APPLICATION)
        {
            postvalidate_app(p_init);
        }
        else
        {
            bool with_sd = p_init->type & DFU_FW_TYPE_SOFTDEVICE;
            bool with_bl = p_init->type & DFU_FW_TYPE_BOOTLOADER;

            if (!postvalidate_sd_bl(p_init, with_sd, with_bl, src_addr))
            {
                ret_val = NRF_DFU_RES_CODE_INVALID_OBJECT;
                if (with_sd && !DFU_REQUIRES_SOFTDEVICE &&
                    (src_addr == nrf_dfu_softdevice_start_address()))
                {
                    nrf_dfu_softdevice_invalidate();
                }
            }
        }
    }

    if (ret_val == NRF_DFU_RES_CODE_SUCCESS)
    {
        // Store CRC32 for image
        s_dfu_settings.bank_1.image_crc = s_dfu_settings.progress.firmware_image_crc;
        s_dfu_settings.bank_1.image_size = data_len;
    }
    else
    {
        nrf_dfu_bank_invalidate(&s_dfu_settings.bank_1);
    }

    // Set the progress to zero and remove the last command
    memset(&s_dfu_settings.progress, 0, sizeof(dfu_progress_t));
    memset(s_dfu_settings.init_command, 0xFF, DFU_SIGNED_COMMAND_SIZE);

    s_dfu_settings.write_offset                  = 0;
    s_dfu_settings.progress.update_start_address = src_addr;

    return ret_val;
}

RE: Adding Encryption to Secure DFU SDK v15

RJ Fang — Sat, 20 Nov 2021 01:11:35 GMT

Hi Mathew,

I am confused when adding code to nrf_dfu_validation_post_data_execute. It seems like there's an incomplete code?

Any help is appreciated!

Thank you in advance,

RE: Adding Encryption to Secure DFU SDK v15

Dattatray — Fri, 06 Dec 2019 13:38:48 GMT

I am getting below error for nRF5 SDK 16.0.0

1> C:/Program Files/SEGGER/SEGGER Embedded Studio for ARM 4.18/gcc/arm-none-eabi/bin/ld: ../../../../Output/Release/Obj/nrf_dfu_validation.o: in function `nrf_dfu_validation_crypt':
1> \BootLoaderSource\components\libraries\bootloader\dfu/nrf_dfu_validation.c:188: undefined reference to `sd_ecb_block_encrypt'

RE: Adding Encryption to Secure DFU SDK v15

Dattatray — Fri, 06 Dec 2019 10:32:45 GMT

Thank you for sharing such detailed setps.

I have one query that how to get ECB key is not mentioned any where. Please update on ECB key

RE: Adding Encryption to Secure DFU SDK v15

Sergnrf — Wed, 28 Aug 2019 14:20:11 GMT

anyone had such an error?

Compiling file: nrf_dfu_req_handler.c
../../../../../components/libraries/bootloader/dfu/nrf_dfu_req_handler.c: In function 'on_data_obj_write_request':
../../../../../components/libraries/bootloader/dfu/nrf_dfu_req_handler.c:496:34: error: passing argument 1 of 'nrf_dfu_validation_crypt' discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
nrf_dfu_validation_crypt(&p_req->write.p_data[i]);
^
In file included from ../../../../../components/libraries/bootloader/dfu/nrf_dfu_req_handler.c:62:0:
../../../../../components/libraries/bootloader/dfu/nrf_dfu_validation.h:120:10: note: expected 'uint8_t * {aka unsigned char *}' but argument is of type 'const uint8_t * {aka const unsigned char *}'
uint32_t nrf_dfu_validation_crypt( uint8_t * buf);
^~~~~~~~~~~~~~~~~~~~~~~~
cc1.exe: all warnings being treated as errors

please tell me how to fix it

RE: Adding Encryption to Secure DFU SDK v15

ibeckermayer — Mon, 04 Mar 2019 21:18:43 GMT

Matthew,

Thanks for this tutorial. We are trying to implement encryption in a similar manner, however are running into an error when the bootloader checks the p_init->type. I am getting an apparent junk value of 62, when I should be getting 0 per the dfu_fw_type_t enum in dfu-cc.pb.h. I have added a detailed post here, any help with debugging would be greatly appreciated.

RE: Adding Encryption to Secure DFU SDK v15

Mathew — Sat, 26 Jan 2019 02:05:27 GMT

I've updated the post to include the changes made to the files found in the pc-nrfutil/nordicsemi/dfu folder. Don't forget to edit the dfu-cc.proto file and regenerate the dfu_cc_pb2.py file with the protocol buffer compiler.

RE: Adding Encryption to Secure DFU SDK v15

Mathew — Sat, 26 Jan 2019 02:03:57 GMT

RE: Adding Encryption to Secure DFU SDK v15

wozix — Fri, 25 Jan 2019 23:13:12 GMT

Hi Mathew,

Can you please share the required change to nrfutil to add the nonce? You attached a .exe but I'm modifying the nrfutil source to be able to use this on Linux.

Regards.