!rofs: add AES decryption and authentication via AES-CMAC

[adamgreloch]

JIRA: NIL-693

Description

Motivation and Context

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Chore (refactoring, style fixes, git/CI config, submodule management, no code logic changes)

Breaking change: rofs header structure has been altered to support cryptographic signatures

How Has This Been Tested?

• Already covered by automatic testing.
• New test added: (add PR link here).
• Tested by hand on: nilee

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing linter checks and tests passed.
• My changes generate no new compilation warnings for any of the targets.

Special treatment

• This PR needs additional PRs to work (list the PRs, preferably in merge-order).
• I will merge this PR by myself when appropriate.

[gemini-code-assist]

Summary of Changes

Hello @adamgreloch, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces significant security enhancements to the Read-Only File System (ROFS) by integrating AES decryption and authentication via AES-CMAC. It enables the ROFS to handle encrypted images, verifying their integrity upon initialization and decrypting file contents on the fly when a key is provided.

Highlights

• AES-CMAC Image Authentication: Implemented AES-CMAC to verify the integrity and authenticity of the ROFS image during initialization, preventing tampering.
• AES-CTR Data Decryption: Added support for AES-CTR mode decryption, allowing individual file contents within the ROFS image to be decrypted transparently during read operations.
• Integration of libtinyaes: Incorporated the libtinyaes library to provide the underlying cryptographic primitives for AES and CMAC operations.
• Extended ROFS Header: Modified the ROFS header to include space for the AES-CMAC, increasing its size and ensuring compatibility with authenticated images.
• Key-based Initialization: The rofs_init function now accepts an optional encryption key, enabling the ROFS to operate in either encrypted or unencrypted modes.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds AES-CTR decryption and AES-CMAC authentication to rofs. The changes are well-structured and integrate the new cryptographic features effectively. However, I've identified a critical bug in the file read logic that could lead to incorrect data decryption. I've also included several medium-severity recommendations to improve code quality, consistency in error handling, and to address code duplication. Addressing these points will enhance the robustness and maintainability of the new functionality.

[github-actions]

Unit Test Results

9 462 tests  +2   8 873 ✅ +3   50m 20s ⏱️ - 1m 10s
  561 suites ±0     589 💤 ±0 
    1 files   ±0       0 ❌  - 1 

Results for commit c029675. ± Comparison against base commit 3840bae.

This pull request removes 1 and adds 3 tests. Note that renamed tests count towards both.

phoenix-rtos-tests/thread-local/unit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/thread-local/unit

phoenix-rtos-tests/thread-local/unit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/thread-local/unit.test_tls.test_tls_check_errno
phoenix-rtos-tests/thread-local/unit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/thread-local/unit.test_tls.test_tls_defaults
phoenix-rtos-tests/thread-local/unit ‑ aarch64a53-zynqmp-qemu:phoenix-rtos-tests/thread-local/unit.test_tls.test_tls_set_tls_variables

♻️ This comment has been updated with latest results.