stm32/mboot: Verify signature of fsload packed DFU files before writing.

When verifying the DFU contents, the signature of signed/encrypted files is
also now checked in this initial, dry-run stage.

ports/stm32/mboot/fsload.c

@@ -151,13 +151,11 @@ static int fsload_program_file(bool write_to_flash) {
             if (res != l) {
                 return -MBOOT_ERRNO_DFU_READ_ERROR;
             }
-            if (write_to_flash) {
+            res = do_write(elem_addr, buf, l, !write_to_flash);
-                res = do_write(elem_addr, buf, l);
+            if (res != 0) {
-                if (res != 0) {
+                return res;
-                    return res;
-                }
-                elem_addr += l;
             }
+            elem_addr += l;
             s -= l;
         }
 

ports/stm32/mboot/main.c

@@ -715,11 +715,15 @@ void do_read(mboot_addr_t addr, size_t len, uint8_t *buf) {
     #endif
 }
 
-int do_write(uint32_t addr, const uint8_t *src8, size_t len) {
+int do_write(uint32_t addr, const uint8_t *src8, size_t len, bool dry_run) {
     #if MBOOT_ENABLE_PACKING
-    return mboot_pack_write(addr, src8, len);
+    return mboot_pack_write(addr, src8, len, dry_run);
     #else
-    return hw_write(addr, src8, len);
+    if (dry_run) {
+        return 0;
+    } else {
+        return hw_write(addr, src8, len);
+    }
     #endif
 }
 
@@ -844,7 +848,7 @@ void i2c_slave_process_rx_end(i2c_slave_t *i2c) {
             // Mark the 2 lower bits to indicate invalid app firmware
             buf[1] |= APP_VALIDITY_BITS;
         }
-        int ret = do_write(i2c_obj.cmd_wraddr, buf + 1, len);
+        int ret = do_write(i2c_obj.cmd_wraddr, buf + 1, len, false);
         if (ret < 0) {
             len = ret;
         } else {
@@ -866,7 +870,7 @@ void i2c_slave_process_rx_end(i2c_slave_t *i2c) {
             len = -1;
         } else {
             buf &= ~APP_VALIDITY_BITS;
-            int ret = do_write(APPLICATION_ADDR, (void*)&buf, 4);
+            int ret = do_write(APPLICATION_ADDR, (void*)&buf, 4, false);
             if (ret < 0) {
                 len = ret;
             } else {
@@ -940,7 +944,7 @@ static int dfu_process_dnload(void) {
     } else if (dfu_context.wBlockNum > 1) {
         // write data to memory
         uint32_t addr = (dfu_context.wBlockNum - 2) * DFU_XFER_SIZE + dfu_context.addr;
-        ret = do_write(addr, dfu_context.buf, dfu_context.wLength);
+        ret = do_write(addr, dfu_context.buf, dfu_context.wLength, false);
     }
     if (ret == 0) {
         return DFU_STATE_DNLOAD_IDLE;

ports/stm32/mboot/mboot.h

@@ -113,7 +113,7 @@ int hw_write(uint32_t addr, const uint8_t *src8, size_t len);
 
 int do_page_erase(uint32_t addr, uint32_t *next_addr);
 void do_read(mboot_addr_t addr, size_t len, uint8_t *buf);
-int do_write(uint32_t addr, const uint8_t *src8, size_t len);
+int do_write(uint32_t addr, const uint8_t *src8, size_t len, bool dry_run);
 
 const uint8_t *elem_search(const uint8_t *elem, uint8_t elem_id);
 int fsload_process(void);

ports/stm32/mboot/pack.c

@@ -206,7 +206,7 @@ static int mboot_pack_handle_firmware(void) {
     }
 }
 
-int mboot_pack_write(uint32_t addr, const uint8_t *src8, size_t len) {
+int mboot_pack_write(uint32_t addr, const uint8_t *src8, size_t len, bool dry_run) {
     if (addr == APPLICATION_ADDR) {
         // Base address of main firmware, reset any previous state
         firmware_chunk_base_addr = 0;
@@ -274,6 +274,9 @@ int mboot_pack_write(uint32_t addr, const uint8_t *src8, size_t len) {
     }
 
     // Signature passed, we have valid chunk.
+    if (dry_run) {
+        return 0;
+    }
 
     if (firmware_chunk_buf.header.format == MBOOT_PACK_CHUNK_META) {
         // Ignore META chunks.

ports/stm32/mboot/pack.h

@@ -75,7 +75,7 @@ extern const uint8_t mboot_pack_secretbox_key[hydro_secretbox_KEYBYTES];
 // Implementation
 
 void mboot_pack_init(void);
-int mboot_pack_write(uint32_t addr, const uint8_t *src8, size_t len);
+int mboot_pack_write(uint32_t addr, const uint8_t *src8, size_t len, bool dry_run);
 
 #endif // MBOOT_ENABLE_PACKING